Z2JH Hot to change NB_UID/NB_GID using authenticator_class?

JupyterHub Zero to JupyterHub on Kubernetes
14

Hello, @manics. Thank you for your reply.

It worked as I expected when I set belows:

  • singieluser.cmd: (empty)
  • don’t set NB_UID explicitly
  • Remove: c.Spawner.args = ['--allow-root']

singleuser.cmd worked as I expected if I set below.

singleuser.cmd Result NG/OK
no entry UID never changed NG
cmd: (empty) UID changed OK
cmd: start-singleuser.sh UID changed OK

Removing NB_UID

I expect /home/bob links to /home/jovyan, but It create the new directory /home/bob. NFS mount point is /home/jovyan. so I can’t access via NFS.
After removing NB_UID setting, It worked as I expected.

Configuration (Only LDAP part)

hub:
  extraConfig:
    SpawnerCustomConfig: |
      from ldapauthenticator import LDAPAuthenticator
      from hashlib import md5

      class LDAPAuthenticatorInfo(LDAPAuthenticator):
          async def pre_spawn_start(self, user, spawner):
              auth_state = await user.get_auth_state()

              if not auth_state:
                  return

              self.log.debug(f"pre_spawn_start hogehogehoge")
              # https://github.com/jupyter/docker-stacks/blob/fde8f1eec3e70edf67560b5430545a22382334bf/base-notebook/start.sh#L41-L102
              spawner.environment["NB_UID"]  = str(auth_state["uidNumber"][0])
              #spawner.environment["NB_USER"] = auth_state["uid"][0]
              spawner.environment["NB_GID"]  = str(auth_state["gidNumber"][0])
              spawner.environment["CHOWN_HOME"]  = "yes"
              #spawner.environment["GRANT_SUDO"]  = "yes"
              self.log.info(f"environment: {spawner.environment}")

Configuration

hub:
  db:
    pvc:
      storageClassName: nfs-client
  config:
    Authenticator:
      enable_auth_state: true
    JupyterHub:
      authenticator_class: ldapauthenticator.LDAPAuthenticator
    # https://github.com/manics/zero-to-jupyterhub-k8s-examples/blob/5212ad2440e9ccf3831b5957b80775e58581b232/ldap-singleuser/jupyterhub.yml
    LDAPAuthenticator:
      server_address: nfs.example.com
      lookup_dn: True
      bind_dn_template:
        - uid={username},ou=users,dc=example,dc=com
      user_search_base: "dc=example,dc=com"
      user_attribute: uid
      lookup_dn_user_dn_attribute: uid
      escape_userdn: True
      use_ssl: true
        #server_port: 689
      auth_state_attributes: ["uid", "uidNumber", "gidNumber", "homeDirectory"]
      use_lookup_dn_username: False
  extraConfig:
    SpawnerCustomConfig: |
      from ldapauthenticator import LDAPAuthenticator
      from hashlib import md5

      class LDAPAuthenticatorInfo(LDAPAuthenticator):
          async def pre_spawn_start(self, user, spawner):
              auth_state = await user.get_auth_state()

              if not auth_state:
                  return

              # https://github.com/jupyter/docker-stacks/blob/fde8f1eec3e70edf67560b5430545a22382334bf/base-notebook/start.sh#L41-L102
              spawner.environment["NB_UID"]  = str(auth_state["uidNumber"][0])
              #spawner.environment["NB_USER"] = auth_state["uid"][0]
              spawner.environment["NB_GID"]  = str(auth_state["gidNumber"][0])
              spawner.environment["CHOWN_HOME"]  = "yes"
              #spawner.environment["GRANT_SUDO"]  = "yes"
              self.log.info(f"environment: {spawner.environment}")


      c.JupyterHub.authenticator_class = LDAPAuthenticatorInfo

    CustomHubConfig: |
      c.JupyterHub.cleanup_servers = True
      #c.Spawner.args = ['--allow-root']


debug:
  enabled: true
singleuser:
  cmd:
  uid: 0
  memory:
    limit: 2G
    guarantee: 2G
  storage:
    type: static
    static:
      pvcName: static-pvc
      subPath: "{username}"
  image:
    name: 'jupyter/scipy-notebook'
    tag: 'latest'