Puppet Class: profile::analytics::jupyterhub

Defined in:
modules/profile/manifests/analytics/jupyterhub.pp

Overview

Parameters:

  • port (Integer) (defaults to: lookup( 'profile::analytics::jupyterhub::port', default_value => 8880, ))
  • allowed_ldap_groups (Array[String]) (defaults to: lookup( 'profile::analytics::jupyterhub::allowed_ldap_groups', default_value => [ 'cn=nda,ou=groups,dc=wikimedia,dc=org', 'cn=wmf,ou=groups,dc=wikimedia,dc=org', ] ))
  • ldap_config (Hash) (defaults to: lookup('ldap'))
  • admin_posix_groups (Array[String]) (defaults to: lookup('profile::analytics::jupyterhub::admin_posix_groups', default_value => ['ops']))
  • http_proxy_host (Optional[String]) (defaults to: lookup('http_proxy_host', default_value => undef))
  • http_proxy_port (Optional[Integer]) (defaults to: lookup('http_proxy_port', default_value => undef))


25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
# File 'modules/profile/manifests/analytics/jupyterhub.pp', line 25

class profile::analytics::jupyterhub(
    Integer $port                       = lookup(
        'profile::analytics::jupyterhub::port', default_value => 8880,
    ),
    Array[String] $allowed_ldap_groups  = lookup(
        'profile::analytics::jupyterhub::allowed_ldap_groups', default_value => [
            'cn=nda,ou=groups,dc=wikimedia,dc=org',
            'cn=wmf,ou=groups,dc=wikimedia,dc=org',
        ]
    ),
    Hash $ldap_config                   = lookup('ldap'),
    Array[String] $admin_posix_groups   = lookup('profile::analytics::jupyterhub::admin_posix_groups', default_value => ['ops']),
    Optional[String] $http_proxy_host   = lookup('http_proxy_host', default_value => undef),
    Optional[Integer] $http_proxy_port  = lookup('http_proxy_port', default_value => undef),
) {
    include profile::admin
    $allowed_posix_groups = $profile::admin::groups.empty ? {
        true    => ['wikidev'],
        default => $profile::admin::groups
    }


    class { 'jupyterhub::server':
        config => {
            'authenticator'            => 'ldap',
            'ldap_server'              => $ldap_config['ro-server'],
            'ldap_bind_dn_template'    => 'uid={username},ou=people,dc=wikimedia,dc=org',
            # LDAP authenticate anyone in these groups.
            'allowed_ldap_groups'      => $allowed_ldap_groups,
            # But only allow those in these posix groups to log in to jupyterhub.
            'allowed_posix_groups'     => $allowed_posix_groups,
            'external_http_proxy_host' => $http_proxy_host,
            'external_http_proxy_port' => $http_proxy_port,
        },
    }

    # Files deleted via the notebook interface are moved to a special
    # Trash directory and never removed.
    systemd::timer::job { 'clean_jupyter_user_local_trash':
        ensure      => present,
        description => 'Regular jobs to clear the trash directory',
        user        => 'root',
        command     => '/bin/bash -c \'for user in $(ls /srv/home); do rm -rf /srv/home/$user/.local/share/Trash/*; done\'',
        interval    => {'start' => 'OnCalendar', 'interval' => '*-*-* 00:00:00'},
    }
}