Skip to content

slapos
slapos
Commit ab616eab authored by Iliya Manolov's avatar Iliya Manolov
1 Browse files
Options

WIP: Added monitoring for the passwords of Jupyter instances.

parent b4e440ed
Hide whitespace changes
Inline Side-by-side
Showing with 47 additions and 9 deletions
software/ipython_notebook/instance.cfg.in
View file @ ab616eab
[buildout] [buildout]
parts = parts =
instance instance
create-knowledge0
read-knowledge0
publish-connection-parameter publish-connection-parameter
erp5-kernel erp5-kernel
kernel-json kernel-json
custom-js custom-js
monitor-base
extends =
{{ monitor_template_rendered }}/template-monitor.cfg
eggs-directory = {{ eggs_directory }} eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }} develop-eggs-directory = {{ develop_eggs_directory }}
...@@ -94,8 +98,25 @@ ipython_dir = ${:home}/ipython ...@@ -94,8 +98,25 @@ ipython_dir = ${:home}/ipython
ipython_kernel_dir = ${:ipython_dir}/kernels ipython_kernel_dir = ${:ipython_dir}/kernels
erp5_kernel_dir = ${:ipython_kernel_dir}/ERP5 erp5_kernel_dir = ${:ipython_kernel_dir}/ERP5
[create-knowledge0]
recipe = slapos.cookbook:zero-knowledge.write
filename = knowledge0.cfg
[read-knowledge0]
recipe = slapos.cookbook:zero-knowledge.read
filename = knowledge0.cfg
[monitor-instance-parameter]
monitor-base-url = ${monitor-httpd-conf-parameter:url}
# In case you're using a developer instance you should specify these:
# cors-domains = softinstXXXXX.host.vifib.net (or equivalent)
# interface-url = https://softinstXXXXX.host.vifib.net/erp5/web_site_module/monitoring_rjs_unsafe
instance-configuration =
raw jupyter-password ${read-knowledge0:password}
[publish-connection-parameter] [publish-connection-parameter]
recipe = slapos.cookbook:publish.serialised recipe = slapos.cookbook:publish.serialised
<= monitor-publish
url = https://[${instance-parameter:host}]:${instance-parameter:port} url = https://[${instance-parameter:host}]:${instance-parameter:port}
[erp5-kernel] [erp5-kernel]
...@@ -123,4 +144,3 @@ context = ...@@ -123,4 +144,3 @@ context =
template = {{ custom_js_location }}/{{ custom_js_filename }} template = {{ custom_js_location }}/{{ custom_js_filename }}
rendered = ${directory:ipython_dir}/profile_default/static/custom/custom.js rendered = ${directory:ipython_dir}/profile_default/static/custom/custom.js
mode = 0744 mode = 0744
software/ipython_notebook/software.cfg
View file @ ab616eab
...@@ -8,6 +8,7 @@ extends = ...@@ -8,6 +8,7 @@ extends =
../../component/pandas/buildout.cfg ../../component/pandas/buildout.cfg
../../component/openssl/buildout.cfg ../../component/openssl/buildout.cfg
../../component/seaborn/buildout.cfg ../../component/seaborn/buildout.cfg
../../stack/monitor/buildout.cfg
parts = parts =
slapos-cookbook slapos-cookbook
ipython-notebook ipython-notebook
...@@ -36,7 +37,7 @@ mode = 0644 ...@@ -36,7 +37,7 @@ mode = 0644
[ipython-notebook-config] [ipython-notebook-config]
<= download-file-base <= download-file-base
filename = ipython_notebook_config.py.jinja filename = ipython_notebook_config.py.jinja
md5sum = a5bc4ee8539109d1de7ab33b4c2c97ea md5sum = f6d3d43b2e40e43310dff1647aa55a78
[ipython-notebook-set-password] [ipython-notebook-set-password]
<= download-file-base <= download-file-base
...@@ -63,7 +64,7 @@ recipe = slapos.recipe.template:jinja2 ...@@ -63,7 +64,7 @@ recipe = slapos.recipe.template:jinja2
template = ${:_profile_base_location_}/instance.cfg.in template = ${:_profile_base_location_}/instance.cfg.in
rendered = ${buildout:directory}/template.cfg rendered = ${buildout:directory}/template.cfg
mode = 0644 mode = 0644
md5sum = 26a28b74c8b18c92108c751b87abe80c md5sum = 2227922fd34d6e57703f7d04702be677
context = context =
key bin_directory buildout:bin-directory key bin_directory buildout:bin-directory
key develop_eggs_directory buildout:develop-eggs-directory key develop_eggs_directory buildout:develop-eggs-directory
...@@ -80,6 +81,7 @@ context = ...@@ -80,6 +81,7 @@ context =
key kernel_json_filename kernel-json:filename key kernel_json_filename kernel-json:filename
key custom_js_location custom-js:location key custom_js_location custom-js:location
key custom_js_filename custom-js:filename key custom_js_filename custom-js:filename
key monitor_template_rendered buildout:directory
[versions] [versions]
Pygments = 2.2.0 Pygments = 2.2.0
......
software/ipython_notebook/template/ipython_notebook_config.py.jinja
View file @ ab616eab
```
This script initializes Jupyter's configuration such as passwords and other
things. It is run by IPython hence why it can use functions like get_config().
```
import ConfigParser import ConfigParser
import os
knowledge_0 = '{{ config_cfg }}' knowledge_0 = '{{ config_cfg }}'
if not os.path.exists(knowledge_0):
print "Your software does <b>not</b> embed 0-knowledge. \
This interface is useless in this case</body></html>"
exit(0)
c = get_config() c = get_config()
parser = ConfigParser.ConfigParser() parser = ConfigParser.ConfigParser()
parser.read(knowledge_0) parser.read(knowledge_0)
if parser.has_option("ipython_notebook", "password"): if not parser.has_section("ipython_notebook"):
c.NotebookApp.password = parser.get("ipython_notebook", "password") parser.add_section("ipython_notebook")
if not parser.has_option("ipython_notebook", "password"):
parser.set("ipython_notebook", "password", "abcdefgh")
c.NotebookApp.password = parser.get("ipython_notebook", "password")
with open(knowledge_0, 'w') as file:
parser.write(file)
\ No newline at end of file
stack/monitor/buildout.cfg
View file @ ab616eab
...@@ -102,7 +102,7 @@ recipe = slapos.recipe.template:jinja2 ...@@ -102,7 +102,7 @@ recipe = slapos.recipe.template:jinja2
filename = template-monitor.cfg filename = template-monitor.cfg
template = ${:_profile_base_location_}/instance-monitor.cfg.jinja2.in template = ${:_profile_base_location_}/instance-monitor.cfg.jinja2.in
rendered = ${buildout:directory}/template-monitor.cfg rendered = ${buildout:directory}/template-monitor.cfg
md5sum = bf0adf565d7cde55abc94bd223ec3162 md5sum = e597da22ec053351745bde1d3096604f
context = context =
key apache_location apache:location key apache_location apache:location
key gzip_location gzip:location key gzip_location gzip:location
......
stack/monitor/instance-monitor.cfg.jinja2.in
View file @ ab616eab
...@@ -388,7 +388,7 @@ depends = ...@@ -388,7 +388,7 @@ depends =
[monitor-publish] [monitor-publish]
monitor-base-url = ${publish:monitor-base-url} monitor-base-url = ${publish:monitor-base-url}
monitor-setup-url = ${monitor-instance-parameter:interface-url}/#page=settings_configurator&url=${publish:monitor-url}&username=$${publish:monitor-user}&password=${publish:monitor-password} monitor-setup-url = ${monitor-instance-parameter:interface-url}/#page=settings_configurator&url=${publish:monitor-url}&username=${publish:monitor-user}&password=${publish:monitor-password}
[buildout] [buildout]
......
  • Iliya Manolov @Thetechguy ·
    Maintainer

    Right now the password is hardcoded as 'nexedi' in knowledge0.cfg, thus it is insecure. To fix this randomly-generated passwords and password editing need to be added.

Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7