jupyterhub-deploy-docker

jupyterhub-deploy-docker copied to clipboard

I would like to use Google instead of GitHub for authentication.

Therefore, I changed the jupyterhub_config.py as follows:

# Authenticate users with Google OAuth
c.JupyterHub.authenticator_class = 'oauthenticator.GoogleOAuthenticator'
c.GoogleOAuthenticator.oauth_callback_url = os.environ['OAUTH_CALLBACK_URL']
c.GoogleOAuthenticator.client_id = os.environ['GOOGLE_CLIENT_ID']
c.GoogleOAuthenticator.client_secret = os.environ['GOOGLE_CLIENT_SECRET']
c.GoogleOAuthenticator.hosted_domain = "my.domain"
c.GoogleOAuthenticator.login_service = "My Domain"

The secrets/oauth.env contains the respective environment variables.

When I fire up the service, it still wants to send me to GitHub. Where can I tell it to use Google instead?

Thank you! Philip

Did you rebuild the Jupyter Hub image? make build

@dalg24 great, thank you, that helped.

Now I am having the problem that the OAuth callback times out:

Creating network "jupyterhub-deploy-docker_internet" with driver "bridge"
Removing jupyterhub
jupyterhub-db is up-to-date
Recreating 445c75dbeef1_jupyterhub ... done
Attaching to jupyterhub-db, jupyterhub
jupyterhub-db | LOG:  could not create IPv6 socket: Address family not supported by protocol
jupyterhub-db | LOG:  database system was shut down at 2019-02-18 11:16:39 UTC
jupyterhub-db | LOG:  MultiXact member wraparound protections are now enabled
jupyterhub-db | LOG:  database system is ready to accept connections
jupyterhub-db | LOG:  autovacuum launcher started
jupyterhub-db | LOG:  received smart shutdown request
jupyterhub-db | LOG:  autovacuum launcher shutting down
jupyterhub-db | LOG:  shutting down
jupyterhub-db | LOG:  database system is shut down
jupyterhub-db | LOG:  could not create IPv6 socket: Address family not supported by protocol
jupyterhub-db | LOG:  database system was shut down at 2019-02-18 11:20:49 UTC
jupyterhub-db | LOG:  MultiXact member wraparound protections are now enabled
jupyterhub-db | LOG:  database system is ready to accept connections
jupyterhub-db | LOG:  autovacuum launcher started
jupyterhub | [I 2019-02-18 14:03:54.246 JupyterHub app:1667] Using Authenticator: oauthenticator.google.GoogleOAuthenticator-0.8.0
jupyterhub | [I 2019-02-18 14:03:54.246 JupyterHub app:1667] Using Spawner: dockerspawner.dockerspawner.DockerSpawner-0.9.1
jupyterhub | [I 2019-02-18 14:03:54.249 JupyterHub app:1014] Loading cookie_secret from /data/jupyterhub_cookie_secret
jupyterhub | [I 2019-02-18 14:03:54.286 JupyterHub proxy:431] Generating new CONFIGPROXY_AUTH_TOKEN
jupyterhub | [I 2019-02-18 14:03:54.339 JupyterHub app:1849] Hub API listening on http://jupyterhub:8080/hub/
jupyterhub | [I 2019-02-18 14:03:54.341 JupyterHub proxy:562] Starting proxy @ http://:443/
jupyterhub | 14:03:54.711 - info: [ConfigProxy] Proxying https://*:443 to (no default)
jupyterhub | 14:03:54.712 - info: [ConfigProxy] Proxy API at http://127.0.0.1:8001/api/routes
jupyterhub | 14:03:54.814 - info: [ConfigProxy] 200 GET /api/routes 
jupyterhub | [I 2019-02-18 14:03:54.815 JupyterHub proxy:301] Checking routes
jupyterhub | [I 2019-02-18 14:03:54.815 JupyterHub proxy:370] Adding default route for Hub: / => http://jupyterhub:8080
jupyterhub | 14:03:54.817 - info: [ConfigProxy] Adding route / -> http://jupyterhub:8080
jupyterhub | 14:03:54.817 - info: [ConfigProxy] 201 POST /api/routes/ 
jupyterhub | [I 2019-02-18 14:03:54.818 JupyterHub app:1906] JupyterHub is now running at http://:443/
jupyterhub | [I 2019-02-18 14:04:02.840 JupyterHub log:158] 302 GET / -> /hub (@myip) 4.14ms
jupyterhub | [I 2019-02-18 14:04:02.849 JupyterHub log:158] 302 GET /hub -> /hub/ (@myip) 0.89ms
jupyterhub | [I 2019-02-18 14:04:02.859 JupyterHub log:158] 302 GET /hub/ -> /hub/login (@myip) 0.72ms
jupyterhub | [I 2019-02-18 14:04:02.906 JupyterHub log:158] 200 GET /hub/login (@myip) 39.57ms
jupyterhub | [I 2019-02-18 14:04:06.955 JupyterHub oauth2:82] OAuth redirect: 'https://my.domain/hub/oauth_callback'
jupyterhub | [I 2019-02-18 14:04:06.958 JupyterHub log:158] 302 GET /hub/oauth_login?next= -> https://accounts.google.com/o/oauth2/v2/auth?redirect_uri=mydomain.com%2Fhub%2Foauth_callback&client_id=myclientid.apps.googleusercontent.com&response_type=code&state=[secret]&scope=openid+email (@myipaddress) 3.83ms
jupyterhub | [E 2019-02-18 14:04:22.567 JupyterHub web:1670] Uncaught exception GET /hub/oauth_callback?state=REDACTED&prompt=none (myip)
jupyterhub |     HTTPServerRequest(protocol='https', host='my-domain', method='GET', uri='/hub/oauth_callback?state=REDACTED&prompt=none', version='HTTP/1.1', remote_ip='myip')
jupyterhub |     Traceback (most recent call last):
jupyterhub |       File "/opt/conda/lib/python3.6/site-packages/tornado/web.py", line 1592, in _execute
jupyterhub |         result = yield result
jupyterhub |       File "/opt/conda/lib/python3.6/site-packages/oauthenticator/oauth2.py", line 182, in get
jupyterhub |         user = yield self.login_user()
jupyterhub |       File "/opt/conda/lib/python3.6/site-packages/jupyterhub/handlers/base.py", line 473, in login_user
jupyterhub |         authenticated = await self.authenticate(data)
jupyterhub |       File "/opt/conda/lib/python3.6/site-packages/jupyterhub/auth.py", line 257, in get_authenticated_user
jupyterhub |         authenticated = await maybe_future(self.authenticate(handler, data))
jupyterhub |       File "/opt/conda/lib/python3.6/site-packages/oauthenticator/google.py", line 64, in authenticate
jupyterhub |         code=code)
jupyterhub |     tornado.auth.AuthError: Google auth error: HTTP 599: Failed to connect to www.googleapis.com port 443: Connection timed out

here is my config:

# Copyright (c) Jupyter Development Team.
# Distributed under the terms of the Modified BSD License.

# JupyterHub docker-compose configuration file
version: "2.1"

services:
  hub-db:
    image: postgres:9.5
    container_name: jupyterhub-db
    restart: always
    environment:
      POSTGRES_DB: ${POSTGRES_DB}
      PGDATA: ${DB_VOLUME_CONTAINER}
    env_file:
      - secrets/postgres.env
    volumes:
      - "db:${DB_VOLUME_CONTAINER}"
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgres"]
      interval: 30s
      timeout: 30s
      retries: 3

  hub:
    depends_on:
      hub-db:
        condition: service_healthy
    build:
      context: .
      dockerfile: Dockerfile.jupyterhub
      args:
        JUPYTERHUB_VERSION: ${JUPYTERHUB_VERSION}
    restart: always
    image: jupyterhub
    container_name: jupyterhub
    volumes:
      # Bind Docker socket on the host so we can connect to the daemon from
      # within the container
      - "/var/run/docker.sock:/var/run/docker.sock:rw"
      # Bind Docker volume on host for JupyterHub database and cookie secrets
      - "data:${DATA_VOLUME_CONTAINER}"
    ports:
      - "51443:443"
    links:
      - hub-db
    environment:
      # All containers will join this network
      DOCKER_NETWORK_NAME: ${DOCKER_NETWORK_NAME}
      # JupyterHub will spawn this Notebook image for users
      DOCKER_NOTEBOOK_IMAGE: ${LOCAL_NOTEBOOK_IMAGE}
      # Notebook directory inside user image
      DOCKER_NOTEBOOK_DIR: ${DOCKER_NOTEBOOK_DIR}
      # Using this run command (optional)
      DOCKER_SPAWN_CMD: ${DOCKER_SPAWN_CMD}
      # Postgres db info
      POSTGRES_DB: ${POSTGRES_DB}
      POSTGRES_HOST: hub-db
    env_file:
      - secrets/postgres.env
      - secrets/oauth.env
    command: >
      jupyterhub -f /srv/jupyterhub/jupyterhub_config.py
    networks:
      - default
      - internet


volumes:
  data:
    external:
      name: ${DATA_VOLUME_HOST}
  db:
    external:
      name: ${DB_VOLUME_HOST}

networks:
  default:
    external:
      name: ${DOCKER_NETWORK_NAME}
  internet:
    driver: bridge

Happy about any advice!

I have never used the Google OAuthenticator but my best guess is you did not set up the callback url right when you created the OAauth credentials on the Google side.