WIP: Added monitoring for the passwords of Jupyter instances.

software/ipython_notebook/instance.cfg.in

 [buildout]
 parts =
   instance
+  create-knowledge0
+  read-knowledge0
   publish-connection-parameter
   erp5-kernel
   kernel-json
   custom-js
-
+  monitor-base
+extends =
+  {{ monitor_template_rendered }}/template-monitor.cfg
 
 eggs-directory = {{ eggs_directory }}
 develop-eggs-directory = {{ develop_eggs_directory }}
@@ -94,8 +98,25 @@ ipython_dir = ${:home}/ipython
 ipython_kernel_dir = ${:ipython_dir}/kernels
 erp5_kernel_dir = ${:ipython_kernel_dir}/ERP5
 
+[create-knowledge0]
+recipe = slapos.cookbook:zero-knowledge.write
+filename = knowledge0.cfg
+
+[read-knowledge0]
+recipe = slapos.cookbook:zero-knowledge.read
+filename = knowledge0.cfg
+
+[monitor-instance-parameter]
+monitor-base-url = ${monitor-httpd-conf-parameter:url}
+# In case you're using a developer instance you should specify these:
+# cors-domains = softinstXXXXX.host.vifib.net (or equivalent)
+# interface-url = https://softinstXXXXX.host.vifib.net/erp5/web_site_module/monitoring_rjs_unsafe
+instance-configuration =
+  raw jupyter-password ${read-knowledge0:password}
+
 [publish-connection-parameter]
 recipe = slapos.cookbook:publish.serialised
+<= monitor-publish
 url = https://[${instance-parameter:host}]:${instance-parameter:port}
 
 [erp5-kernel]
@@ -123,4 +144,3 @@ context =
 template = {{ custom_js_location }}/{{ custom_js_filename }}
 rendered = ${directory:ipython_dir}/profile_default/static/custom/custom.js
 mode = 0744
-

software/ipython_notebook/software.cfg

@@ -8,6 +8,7 @@ extends =
   ../../component/pandas/buildout.cfg
   ../../component/openssl/buildout.cfg
   ../../component/seaborn/buildout.cfg
+  ../../stack/monitor/buildout.cfg
 parts =
   slapos-cookbook
   ipython-notebook
@@ -36,7 +37,7 @@ mode = 0644
 [ipython-notebook-config]
 <= download-file-base
 filename = ipython_notebook_config.py.jinja
-md5sum = a5bc4ee8539109d1de7ab33b4c2c97ea
+md5sum = f6d3d43b2e40e43310dff1647aa55a78
 
 [ipython-notebook-set-password]
 <= download-file-base
@@ -63,7 +64,7 @@ recipe = slapos.recipe.template:jinja2
 template = ${:_profile_base_location_}/instance.cfg.in
 rendered = ${buildout:directory}/template.cfg
 mode = 0644
-md5sum = 26a28b74c8b18c92108c751b87abe80c
+md5sum = 2227922fd34d6e57703f7d04702be677
 context =
   key bin_directory buildout:bin-directory
   key develop_eggs_directory buildout:develop-eggs-directory
@@ -80,6 +81,7 @@ context =
   key kernel_json_filename kernel-json:filename
   key custom_js_location custom-js:location
   key custom_js_filename custom-js:filename
+  key monitor_template_rendered buildout:directory
 
 [versions]
 Pygments = 2.2.0

software/ipython_notebook/template/ipython_notebook_config.py.jinja

-
+```
+  This script initializes Jupyter's configuration such as passwords and other
+  things. It is run by IPython hence why it can use functions like get_config().
+```
 import ConfigParser
+import os
 
 knowledge_0 = '{{ config_cfg }}'
 
+if not os.path.exists(knowledge_0):
+  print "Your software does <b>not</b> embed 0-knowledge. \
+  This interface is useless in this case</body></html>"
+  exit(0)
+
 c = get_config()
 
 parser = ConfigParser.ConfigParser()
 parser.read(knowledge_0)
 
-if parser.has_option("ipython_notebook", "password"):
-  c.NotebookApp.password = parser.get("ipython_notebook", "password")
+if not parser.has_section("ipython_notebook"):
+  parser.add_section("ipython_notebook")
+
+if not parser.has_option("ipython_notebook", "password"):
+  parser.set("ipython_notebook", "password", "abcdefgh")
+
+c.NotebookApp.password = parser.get("ipython_notebook", "password")
 
+with open(knowledge_0, 'w') as file:
+  parser.write(file)
\ No newline at end of file

stack/monitor/buildout.cfg

@@ -102,7 +102,7 @@ recipe = slapos.recipe.template:jinja2
 filename = template-monitor.cfg
 template = ${:_profile_base_location_}/instance-monitor.cfg.jinja2.in
 rendered = ${buildout:directory}/template-monitor.cfg
-md5sum = bf0adf565d7cde55abc94bd223ec3162
+md5sum = e597da22ec053351745bde1d3096604f
 context =
     key apache_location apache:location
     key gzip_location gzip:location

stack/monitor/instance-monitor.cfg.jinja2.in

@@ -388,7 +388,7 @@ depends =
 
 [monitor-publish]
 monitor-base-url = ${publish:monitor-base-url}
-monitor-setup-url = ${monitor-instance-parameter:interface-url}/#page=settings_configurator&url=${publish:monitor-url}&username=$${publish:monitor-user}&password=${publish:monitor-password}
+monitor-setup-url = ${monitor-instance-parameter:interface-url}/#page=settings_configurator&url=${publish:monitor-url}&username=${publish:monitor-user}&password=${publish:monitor-password}
 
 
 [buildout]

[Iliya Manolov]

Right now the password is hardcoded as 'nexedi' in knowledge0.cfg, thus it is insecure. To fix this randomly-generated passwords and password editing need to be added.