From 98cbb964c4c8ffb9e1907ed538863a2239497c95 Mon Sep 17 00:00:00 2001 From: Riccardo Castellotti Date: Wed, 23 Feb 2022 09:06:18 +0100 Subject: [PATCH] customization for binder/swan interoperability --- swan-cern/files/swan_config_cern.py | 24 +++++++++++++++++------- swan-cern/files/swan_spark_config.py | 5 +++++ swan/files/swan_config.py | 5 +++++ 3 files changed, 27 insertions(+), 7 deletions(-) diff --git a/swan-cern/files/swan_config_cern.py b/swan-cern/files/swan_config_cern.py index c91b7a65..d381dac6 100644 --- a/swan-cern/files/swan_config_cern.py +++ b/swan-cern/files/swan_config_cern.py @@ -1,4 +1,4 @@ -import os, subprocess + from kubernetes import client from kubernetes.client.rest import ApiException @@ -190,6 +190,19 @@ def _init_eos_containers(self, eos_secret_name): ) ) + #the notebook container needs to run as root as it needs to + #add an user and switch to that user + #it also need to set command and args to none in order to + #run the systemuser.sh script as defined in the image + #(we set jupyterhub-singleuser in the values as that is what + #is needed for authenticated binder) + + run_as_root=client.V1SecurityContext(run_as_user=0) + + notebook_container.security_context=run_as_root + notebook_container.command=None + notebook_container.args=None + # add the base containers after side container (to start after side container) existing_containers = self.pod.spec.containers pod_spec_containers.extend(existing_containers) @@ -200,11 +213,11 @@ def _init_eos_containers(self, eos_secret_name): # https://jupyterhub-kubespawner.readthedocs.io/en/latest/spawner.html # This is defined in the configuration to allow overring iindependently # of which config file is loaded first -# c.SwanKubeSpawner.modify_pod_hook = swan_pod_hook +# c.SwanSpawner.modify_pod_hook = swan_pod_hook def swan_pod_hook_prod(spawner, pod): """ :param spawner: Swan Kubernetes Spawner - :type spawner: swanspawner.SwanKubeSpawner + :type spawner: swanspawner.SwanSpawner :param pod: default pod definition set by jupyterhub :type pod: client.V1Pod @@ -219,7 +232,4 @@ def swan_pod_hook_prod(spawner, pod): # Get configuration parameters from environment variables swan_container_namespace = os.environ.get('POD_NAMESPACE', 'default') -c.SwanKubeSpawner.modify_pod_hook = swan_pod_hook_prod - -# Required for swan systemuser.sh -c.SwanKubeSpawner.cmd = None \ No newline at end of file +c.SwanSpawner.modify_pod_hook = swan_pod_hook_prod diff --git a/swan-cern/files/swan_spark_config.py b/swan-cern/files/swan_spark_config.py index 69eba26e..1f8c4116 100644 --- a/swan-cern/files/swan_spark_config.py +++ b/swan-cern/files/swan_spark_config.py @@ -14,6 +14,11 @@ class SwanSparkPodHookHandler(SwanPodHookHandlerProd): def get_swan_user_pod(self): + + if 'binder_ref_url' in self.spawner.user_options.keys(): + # we don't need any customization if running within binder + return self.pod + super().get_swan_user_pod() # get hadoop token diff --git a/swan/files/swan_config.py b/swan/files/swan_config.py index efdf9a1f..72d9a40f 100644 --- a/swan/files/swan_config.py +++ b/swan/files/swan_config.py @@ -18,6 +18,11 @@ def __init__(self, spawner, pod): def get_swan_user_pod(self): + if 'binder_ref_url' in self.spawner.user_options.keys(): + # we don't need any customization if running within binder + return self.pod + + # pod labels pod_labels = dict( lcg_release = self.spawner.user_options[self.spawner.lcg_rel_field].split('/')[0],