Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

try auth0 on staging.hub #604

Merged
merged 1 commit into from
May 12, 2020
Merged

try auth0 on staging.hub #604

merged 1 commit into from
May 12, 2020

Conversation

rabernat
Copy link
Member

At the cloud ops meeting today, we discussed our scattered approach to auth. After doing some research today, I believe we may be able to get by with the free version of auth0. I have set up an account and configured an app with the github connector.

This PR is my attempt to plug it in to staging.hub.pangeo.io.

secrets/staging.yaml looks like this:

pangeo:
  jupyterhub:
    auth:
      type: auth0
      auth0:
        clientId: "XXX"
        clientSecret: XXX
        callbackUrl: "https://staging.hub.pangeo.io/hub/oauth_callback"

If it works, we will immediately hit jupyterhub/oauthenticator#266 (comment): the auth0 authenticator only allows the username to be email. Instead, we want to use nickname, which contains the github username. I think that should probably be fixed upstream in oauthenticator.

@rabernat rabernat requested a review from consideRatio May 12, 2020 02:40
rabernat
rabernat commented May 12, 2020
View reviewed changes
deployments/dev/config/common.yaml
scope:
- openid
- profile
- email
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@consideRatio - Does this look correct? It's my attempt to translate https://github.com/jupyterhub/oauthenticator/blob/master/oauthenticator/auth0.py to yaml.

@rabernat
Copy link
Member Author

Gonna merge and see what happens.

@rabernat rabernat merged commit 405acac into pangeo-data:staging May 12, 2020
@rabernat
Copy link
Member Author

rabernat commented May 12, 2020
edited
Loading

Deployment of dev.pangeo.io failed with the following error message

#!/bin/bash -eo pipefail
hubploy deploy dev pangeo-deploy ${CIRCLE_BRANCH} --cleanup-on-fail
Activated service account credentials for: [hubploy-circleci@*************.iam.gserviceaccount.com]
WARNING: Accessing a Kubernetes Engine cluster requires the kubernetes commandline
client [kubectl]. To install, run
  $ gcloud components install kubectl

Fetching cluster endpoint and auth data.
kubeconfig entry generated for *********************.
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "pangeo" chart repository
...Successfully got an update from the "dask-gateway" chart repository
...Successfully got an update from the "jupyterhub" chart repository
Update Complete. ⎈Happy Helming!⎈
Saving 1 charts
Downloading pangeo from repo https://pangeo-data.github.io/helm-chart/
Deleting outdated charts
Error: UPGRADE FAILED: timed out waiting for the condition
Traceback (most recent call last):
  File "/home/circleci/repo/venv/bin/hubploy", line 11, in <module>
    load_entry_point('hubploy==0.1.0', 'console_scripts', 'hubploy')()
  File "/home/circleci/repo/venv/lib/python3.7/site-packages/hubploy/__main__.py", line 102, in main
    helm.deploy(args.deployment, args.chart, args.environment, args.namespace, args.set, args.version, args.timeout, args.force, args.atomic, args.cleanup_on_fail)
  File "/home/circleci/repo/venv/lib/python3.7/site-packages/hubploy/helm.py", line 161, in deploy
    cleanup_on_fail
  File "/home/circleci/repo/venv/lib/python3.7/site-packages/hubploy/helm.py", line 93, in helm_upgrade
    subprocess.check_call(cmd)
  File "/usr/local/lib/python3.7/subprocess.py", line 347, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['helm', 'upgrade', '--wait', '--install', '--namespace', 'dev-staging', 'dev-staging', 'pangeo-deploy', '--cleanup-on-fail', '-f', 'deployments/dev/config/common.yaml', '-f', 'deployments/dev/config/staging.yaml', '-f', 'deployments/dev/secrets/staging.yaml', '--set', 'pangeo.jupyterhub.singleuser.image.tag=5005363d', '--set', 'pangeo.jupyterhub.singleuser.image.name=gcr.io/*************/dev-pangeo-io-notebook']' returned non-zero exit status 1.

Exited with code exit status 1

I guess this is related to my change, but the error message doesn't tell me much.

https://circleci.com/gh/pangeo-data/pangeo-cloud-federation/1238

@TomAugspurger
Copy link
Member

I can take a look now.

@TomAugspurger
Copy link
Member

@rabernat some issue starting up the hub:

$ kubectl -n dev-staging get pod  
hub-7f84b6b846-f4fs7                                   0/1     CrashLoopBackOff   6          10m

kubectl -n dev-staging log hub-7f84b6b846-f4fs7                                                                                                                                                                                                                                                
Loading /etc/jupyterhub/config/values.yaml
Loading /etc/jupyterhub/secret/values.yaml
[E 2020-05-12 14:20:00.552 JupyterHub app:2718]
    Traceback (most recent call last):
      File "/usr/local/lib/python3.6/dist-packages/jupyterhub/app.py", line 2715, in launch_instance_async
        await self.initialize(argv)
      File "/usr/local/lib/python3.6/dist-packages/jupyterhub/app.py", line 2238, in initialize
        self.load_config_file(self.config_file)
      File "</usr/local/lib/python3.6/dist-packages/decorator.py:decorator-gen-5>", line 2, in load_config_file
      File "/usr/local/lib/python3.6/dist-packages/traitlets/config/application.py", line 87, in catch_config_error
        return method(app, *args, **kwargs)
      File "/usr/local/lib/python3.6/dist-packages/traitlets/config/application.py", line 602, in load_config_file
        raise_config_file_errors=self.raise_config_file_errors,
      File "/usr/local/lib/python3.6/dist-packages/traitlets/config/application.py", line 563, in _load_config_files
        config = loader.load_config()
      File "/usr/local/lib/python3.6/dist-packages/traitlets/config/loader.py", line 457, in load_config
        self._read_file_as_dict()
      File "/usr/local/lib/python3.6/dist-packages/traitlets/config/loader.py", line 489, in _read_file_as_dict
        py3compat.execfile(conf_filename, namespace)
      File "/usr/local/lib/python3.6/dist-packages/ipython_genutils/py3compat.py", line 198, in execfile
        exec(compiler(f.read(), fname, 'exec'), glob, loc)
      File "/etc/jupyterhub/jupyterhub_config.py", line 362, in <module>
        raise ValueError("Unhandled auth type: %r" % auth_type)
    ValueError: Unhandled auth type: 'auth0'

@rabernat
Copy link
Member Author

Looks like I jumped the gun. I thought auth0 was a supported type of auth because it appears here: https://oauthenticator.readthedocs.io/en/latest/api/gen/oauthenticator.auth0.html

But perhaps we have a version mismatch. These are things that @consideRatio will know immediately. Probably better to wait for his advice than to stumble around blindly.

@rabernat
Copy link
Member Author

Ah yes it appears that auth0 is not supported: jupyterhub/zero-to-jupyterhub-k8s#1435

@rabernat rabernat mentioned this pull request May 12, 2020
Merged
@jhamman jhamman mentioned this pull request Jun 10, 2020
Merged
jhamman pushed a commit that referenced this pull request Jun 11, 2020
Merge pull request #617 from pangeo-data/staging
cda73b5 
staging -> prod [#604, #605, #606, #607, #608, #612, #613, #614]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@consideRatio consideRatio Awaiting requested review from consideRatio

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rabernat @TomAugspurger