From f4ad170b490946218da09e6453de4fb63c153e9e Mon Sep 17 00:00:00 2001 From: Debellis Date: Wed, 17 Feb 2021 16:51:56 -0800 Subject: [PATCH 01/11] remove password file, replace with iam roles --- show_ssh_info/show_ssh_info/handlers.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/show_ssh_info/show_ssh_info/handlers.py b/show_ssh_info/show_ssh_info/handlers.py index 5752607a..9f1c7837 100644 --- a/show_ssh_info/show_ssh_info/handlers.py +++ b/show_ssh_info/show_ssh_info/handlers.py @@ -226,7 +226,7 @@ def get(self): logging.debug('chmod tmp {}'.format(chtmp_output)) # mount whole bucket first - mount_output = subprocess.check_output('s3fs -o passwd_file="/.passwd-s3fs" -o use_cache=/tmp/cache {} {}'.format(bucket,user_workspace), shell=True).decode('utf-8') + mount_output = subprocess.check_output('s3fs -o iam_role=auto -o use_cache=/tmp/cache {} {}'.format(bucket,user_workspace), shell=True).decode('utf-8') message = mount_output logging.debug('mount log {}'.format(mount_output)) @@ -252,7 +252,7 @@ def get(self): message = umount_output logging.debug('umount output {}'.format(umount_output)) - mountdir_output = subprocess.check_output('s3fs -o passwd_file="/.passwd-s3fs" -o use_cache=/tmp/cache {} {}'.format(user_bucket_dir,user_workspace), shell=True).decode('utf-8') + mountdir_output = subprocess.check_output('s3fs -o iam_role=auto -o use_cache=/tmp/cache {} {}'.format(user_bucket_dir,user_workspace), shell=True).decode('utf-8') message = mountdir_output logging.debug('mountdir output {}'.format(mountdir_output)) @@ -313,7 +313,7 @@ def get(self): else: # mount whole bucket first mount_output = subprocess.check_output( - 's3fs -o passwd_file="/.passwd-s3fs" {} /projects/{}'.format( + 's3fs -o iam_role=auto {} /projects/{}'.format( bucket, org), shell=True).decode('utf-8') message = mount_output @@ -341,7 +341,7 @@ def get(self): # org folders are read-only (-o ro) readonly_opt = '-o ro ' if org == 'maap-users' else '' mountdir_output = subprocess.check_output( - 's3fs -o passwd_file="/.passwd-s3fs" {} {} {}'.format( + 's3fs -o iam_role=auto {} {} {}'.format( readonly_opt, org_bucket_dir, org_workspace), shell=True).decode('utf-8') message = mountdir_output From 04f21aef21f4a18b745a97e71e5397def4c24e4a Mon Sep 17 00:00:00 2001 From: bsatoriu Date: Wed, 17 Feb 2021 22:48:00 -0800 Subject: [PATCH 02/11] Update workspace bucket --- show_ssh_info/show_ssh_info/handlers.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/show_ssh_info/show_ssh_info/handlers.py b/show_ssh_info/show_ssh_info/handlers.py index 5752607a..a37606f1 100644 --- a/show_ssh_info/show_ssh_info/handlers.py +++ b/show_ssh_info/show_ssh_info/handlers.py @@ -29,7 +29,7 @@ def maap_api_url(host): return 'https://{}'.format(get_maap_config(host)['api_server']) def dps_bucket_name(host): - return 'maap-{}-dataset'.format(get_maap_config(host)['environment']) + return 'maap-{}-workspace'.format(get_maap_config(host)['environment']) class InjectKeyHandler(IPythonHandler): def get(self): From aabf6d50dc94b5c42221ba30cea9534490eba1ad Mon Sep 17 00:00:00 2001 From: bsatoriu Date: Thu, 18 Feb 2021 08:03:57 -0800 Subject: [PATCH 03/11] Remove s3fs password file reference --- show_ssh_info/show_ssh_info/handlers.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/show_ssh_info/show_ssh_info/handlers.py b/show_ssh_info/show_ssh_info/handlers.py index a37606f1..3ddb22dd 100644 --- a/show_ssh_info/show_ssh_info/handlers.py +++ b/show_ssh_info/show_ssh_info/handlers.py @@ -226,7 +226,7 @@ def get(self): logging.debug('chmod tmp {}'.format(chtmp_output)) # mount whole bucket first - mount_output = subprocess.check_output('s3fs -o passwd_file="/.passwd-s3fs" -o use_cache=/tmp/cache {} {}'.format(bucket,user_workspace), shell=True).decode('utf-8') + mount_output = subprocess.check_output('s3fs -o use_cache=/tmp/cache {} {}'.format(bucket,user_workspace), shell=True).decode('utf-8') message = mount_output logging.debug('mount log {}'.format(mount_output)) @@ -252,7 +252,7 @@ def get(self): message = umount_output logging.debug('umount output {}'.format(umount_output)) - mountdir_output = subprocess.check_output('s3fs -o passwd_file="/.passwd-s3fs" -o use_cache=/tmp/cache {} {}'.format(user_bucket_dir,user_workspace), shell=True).decode('utf-8') + mountdir_output = subprocess.check_output('s3fs -o use_cache=/tmp/cache {} {}'.format(user_bucket_dir,user_workspace), shell=True).decode('utf-8') message = mountdir_output logging.debug('mountdir output {}'.format(mountdir_output)) From 0b90d70023a128dd9f301cc53718d376138836ae Mon Sep 17 00:00:00 2001 From: bsatoriu Date: Thu, 18 Feb 2021 08:05:25 -0800 Subject: [PATCH 04/11] repo.uat.maap-project.org --- maap_environments.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/maap_environments.json b/maap_environments.json index 19626379..cf6ecef4 100644 --- a/maap_environments.json +++ b/maap_environments.json @@ -22,7 +22,7 @@ "ade_server": "ade.uat.maap-project.org", "api_server": "api.uat.maap-project.org", "auth_server": "auth.uat.maap-project.org", - "mas_server": "mas.uat.maap-project.org", + "mas_server": "repo.uat.maap-project.org", "edsc_server": "ade.uat.maap-project.org:30052", "default_host": false }, From 3836074584872a2604831bb9de0278df5c57c1a5 Mon Sep 17 00:00:00 2001 From: bsatoriu Date: Thu, 18 Feb 2021 08:21:31 -0800 Subject: [PATCH 05/11] Update README.md --- README.md | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/README.md b/README.md index 7411f622..b342997b 100644 --- a/README.md +++ b/README.md @@ -178,18 +178,6 @@ In order for SSH-ing into the workspace to be possible, the `org.eclipse.che.exe "id": "stacktdo2q0ixhv7cge00" } ``` -#### Enabling Privileged Docker Containers -1. Cluster Privileges -- in `/var/snap/microk8s/current/args/kubelet` and `/var/snap/microk8s/current/args/kube-apiserver`, append `--allow-privileged` -- restart both services: -``` -sudo systemctl restart snap.microk8s.daemon-apiserver -sudo systemctl restart snap.microk8s.daemon-kubelet -``` - -2. Che Permissions -- in `che/dockerfiles/init/manifest/che.env`, set `CHE_DOCKER_PRIVILEGED=true` under the Privileged Mode section -- restart Che #### Creating and Sharing Stacks To create a stack, you write a raw configuration with all the che and docker settings your workspace will require, including installers, volumes, docker run tags, docker images, etc. See the example above. From 1a42b6d116813eed9831edf23be5fab3a0a53a53 Mon Sep 17 00:00:00 2001 From: bsatoriu Date: Thu, 18 Feb 2021 09:19:11 -0800 Subject: [PATCH 06/11] Update handlers.py --- show_ssh_info/show_ssh_info/handlers.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/show_ssh_info/show_ssh_info/handlers.py b/show_ssh_info/show_ssh_info/handlers.py index 9f1c7837..c4bc0118 100644 --- a/show_ssh_info/show_ssh_info/handlers.py +++ b/show_ssh_info/show_ssh_info/handlers.py @@ -226,7 +226,7 @@ def get(self): logging.debug('chmod tmp {}'.format(chtmp_output)) # mount whole bucket first - mount_output = subprocess.check_output('s3fs -o iam_role=auto -o use_cache=/tmp/cache {} {}'.format(bucket,user_workspace), shell=True).decode('utf-8') + mount_output = subprocess.check_output('s3fs -o iam_role=auto -o imdsv1only -o use_cache=/tmp/cache {} {}'.format(bucket,user_workspace), shell=True).decode('utf-8') message = mount_output logging.debug('mount log {}'.format(mount_output)) @@ -252,7 +252,7 @@ def get(self): message = umount_output logging.debug('umount output {}'.format(umount_output)) - mountdir_output = subprocess.check_output('s3fs -o iam_role=auto -o use_cache=/tmp/cache {} {}'.format(user_bucket_dir,user_workspace), shell=True).decode('utf-8') + mountdir_output = subprocess.check_output('s3fs -o iam_role=auto -o imdsv1only -o use_cache=/tmp/cache {} {}'.format(user_bucket_dir,user_workspace), shell=True).decode('utf-8') message = mountdir_output logging.debug('mountdir output {}'.format(mountdir_output)) @@ -341,7 +341,7 @@ def get(self): # org folders are read-only (-o ro) readonly_opt = '-o ro ' if org == 'maap-users' else '' mountdir_output = subprocess.check_output( - 's3fs -o iam_role=auto {} {} {}'.format( + 's3fs -o iam_role=auto -o imdsv1only {} {} {}'.format( readonly_opt, org_bucket_dir, org_workspace), shell=True).decode('utf-8') message = mountdir_output From d3eae94e633bc1e14cabdad9241b9bad1feab45b Mon Sep 17 00:00:00 2001 From: bsatoriu Date: Thu, 18 Feb 2021 09:20:01 -0800 Subject: [PATCH 07/11] Missed one --- show_ssh_info/show_ssh_info/handlers.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/show_ssh_info/show_ssh_info/handlers.py b/show_ssh_info/show_ssh_info/handlers.py index c4bc0118..c85fcd76 100644 --- a/show_ssh_info/show_ssh_info/handlers.py +++ b/show_ssh_info/show_ssh_info/handlers.py @@ -313,7 +313,7 @@ def get(self): else: # mount whole bucket first mount_output = subprocess.check_output( - 's3fs -o iam_role=auto {} /projects/{}'.format( + 's3fs -o iam_role=auto -o imdsv1only {} /projects/{}'.format( bucket, org), shell=True).decode('utf-8') message = mount_output From 166a7f904f68bf9ea67039425cd86fd6999e8e69 Mon Sep 17 00:00:00 2001 From: bsatoriu Date: Thu, 18 Feb 2021 09:46:42 -0800 Subject: [PATCH 08/11] Update supported MAS domains --- submit_jobs/submit_jobs/handlers.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/submit_jobs/submit_jobs/handlers.py b/submit_jobs/submit_jobs/handlers.py index 04f52ce1..5bf796a8 100644 --- a/submit_jobs/submit_jobs/handlers.py +++ b/submit_jobs/submit_jobs/handlers.py @@ -177,7 +177,7 @@ def get(self, **params): logging.debug('repo url is {}'.format(config['repository_url'])) # check if repo is hosted on a MAAP GitLab instance - if (not ('repo.nasa.maap') in config['repository_url']) and (not ('mas.maap-project') in config['repository_url']): + if (not ('repo.nasa.maap') in config['repository_url']) and (not ('maap-project.org') in config['repository_url']): self.finish({"status_code": 412, "result": "Error: Your git repo is not from a supported host (e.g. mas.maap-project.org)"}) return From 6d51075324405fecfb3c484e6c46761894963850 Mon Sep 17 00:00:00 2001 From: Maya DeBellis Date: Fri, 19 Feb 2021 16:30:10 -0800 Subject: [PATCH 09/11] remove references to che installers (#84) --- show_ssh_info/show_ssh_info/__init__.py | 4 +- show_ssh_info/show_ssh_info/handlers.py | 70 ------------------------- show_ssh_info/src/funcs.ts | 57 +++----------------- show_ssh_info/src/widgets.ts | 14 ----- 4 files changed, 9 insertions(+), 136 deletions(-) diff --git a/show_ssh_info/show_ssh_info/__init__.py b/show_ssh_info/show_ssh_info/__init__.py index 58c99cd4..cf2417a2 100644 --- a/show_ssh_info/show_ssh_info/__init__.py +++ b/show_ssh_info/show_ssh_info/__init__.py @@ -2,7 +2,7 @@ import os import os.path from notebook.utils import url_path_join -from .handlers import GetHandler, CheckInstallersHandler, InstallHandler, InjectKeyHandler, MountBucketHandler, Presigneds3UrlHandler, MountOrgBucketsHandler +from .handlers import GetHandler, InjectKeyHandler, MountBucketHandler, Presigneds3UrlHandler, MountOrgBucketsHandler def _jupyter_server_extension_paths(): return [{ @@ -24,8 +24,6 @@ def load_jupyter_server_extension(nb_server_app): print('base_url is '+base_url) web_app.add_handlers(host_pattern, [(url_path_join(base_url, 'show_ssh_info/get'), GetHandler)]) - web_app.add_handlers(host_pattern, [(url_path_join(base_url, 'show_ssh_info/checkInstallers'), CheckInstallersHandler)]) - web_app.add_handlers(host_pattern, [(url_path_join(base_url, 'show_ssh_info/install'), InstallHandler)]) web_app.add_handlers(host_pattern, [(url_path_join(base_url, 'show_ssh_info/inject_public_key'), InjectKeyHandler)]) web_app.add_handlers(host_pattern, [(url_path_join(base_url, 'show_ssh_info/mountBucket'), MountBucketHandler)]) web_app.add_handlers(host_pattern, [(url_path_join(base_url, 'show_ssh_info/getOrgs'), MountOrgBucketsHandler)]) diff --git a/show_ssh_info/show_ssh_info/handlers.py b/show_ssh_info/show_ssh_info/handlers.py index f5ab8654..5bd686d2 100644 --- a/show_ssh_info/show_ssh_info/handlers.py +++ b/show_ssh_info/show_ssh_info/handlers.py @@ -109,76 +109,6 @@ def get(self): self.finish({'ip': ip, 'port': port}) return -class CheckInstallersHandler(IPythonHandler): - """ - Check if SSH and exec Che Installers are enabled. If they are not, a user would not be able to ssh in becuase there - would be no SSH agent. - """ - def get(self): - # - # TODO: DELTE THIS LINE!!!!! IT MAKES THE CHECK NOT HAPPEN!!! - # - # self.finish({'status': True}) - - che_machine_token = os.environ['CHE_MACHINE_TOKEN'] - url = '{}/api/workspace/{}'.format(maap_ade_url(self.request.host), os.environ.get('CHE_WORKSPACE_ID')) - # -------------------------------------------------- - # TODO: FIGURE OUT AUTH KEY & verify - # -------------------------------------------------- - headers = { - 'Accept': 'application/json', - 'Authorization': 'Bearer {token}'.format(token=che_machine_token) - } - r = requests.get( - url, - headers=headers, - verify=False - ) - - resp = json.loads(r.text) # JSON response to dict - installers = resp['config']['environments']["default"]["machines"]["ws/jupyter"]['installers'] - # Check installers - if 'org.eclipse.che.ssh' in installers and 'org.eclipse.che.exec' in installers: - self.finish({'status': True}) - else: - self.finish({'status': False}) - -class InstallHandler(IPythonHandler): - """ - Update workspace config to enable SSH and exec installers. Not sure if the workspace has to be maunually restarted - at this point or if I can restart it. - """ - def get(self): - - che_machine_token = os.environ['CHE_MACHINE_TOKEN'] - url = '{}/api/workspace/{}'.format(maap_ade_url(self.request.host), os.environ.get('CHE_WORKSPACE_ID')) - # -------------------------------------------------- - # TODO: FIGURE OUT AUTH KEY & verify - # -------------------------------------------------- - headers = { - 'Accept': 'application/json', - 'Authorization': 'Bearer {token}'.format(token=che_machine_token) - } - r = requests.get( - url, - headers=headers, - verify=False - ) - - installers = ['org.eclipse.che.ssh', 'org.eclipse.che.exec'] - workspace_config = json.loads(r.text) # JSON response to dict - - # Update workspace config with new installers - workspace_config['config']['environments']["default"]["machines"]["ws/jupyter"]['installers'] = installers - - r = requests.put( - url, - headers=headers, - verify=False - ) - - self.finish(r.status_code) - class MountBucketHandler(IPythonHandler): def get(self): message = '' diff --git a/show_ssh_info/src/funcs.ts b/show_ssh_info/src/funcs.ts index 8138d7aa..cd497284 100644 --- a/show_ssh_info/src/funcs.ts +++ b/show_ssh_info/src/funcs.ts @@ -6,7 +6,7 @@ import { IStateDB } from '@jupyterlab/statedb'; // import { Widget } from "@lumino/widgets"; import { INotification } from "jupyterlab_toastify"; import { getToken, getUserInfo, getUserInfoAsyncWrapper } from "./getKeycloak"; -import { SshWidget, InstallSshWidget, UserInfoWidget } from './widgets'; +import { SshWidget, UserInfoWidget } from './widgets'; import { DropdownSelector } from './selector'; import { popupResult } from './dialogs'; import { request, RequestResult } from './request'; @@ -14,57 +14,16 @@ import { request, RequestResult } from './request'; const profileId = 'maapsec-extension:IMaapProfile'; export async function checkSSH() { - // - // Check if SSH and Exec Installers have been activated - // - request('get', PageConfig.getBaseUrl() + "show_ssh_info/checkInstallers") - .then((res: RequestResult) => { - if(res.ok){ - let json_results:any = res.json(); - let status = json_results['status']; - - // - // If installers have been activated, show ssh info - // - if (status) { - showDialog({ - title: 'SSH Info:', - body: new SshWidget(), - focusNodeSelector: 'input', - buttons: [Dialog.okButton({ label: 'Ok' })] - }); - } - - // - // Otherwise, ask the user if they want to enable the installers - // - else { - showDialog({ - title: 'SSH Info:', - body: new InstallSshWidget(), - focusNodeSelector: 'input', - buttons: [Dialog.okButton({ label: 'Ok' }),] - // buttons: [Dialog.okButton({ label: 'Activate SSH' }), Dialog.cancelButton()] - }).then(result => { - if (result.button.label === 'Activate SSH') { - // Make Call To Activate - request('get', PageConfig.getBaseUrl() + "show_ssh_info/install") - // Restart workspace??? - } - // User does not want to activate installers - else { - return; - } - }); - } - - } - }); + showDialog({ + title: 'SSH Info:', + body: new SshWidget(), + focusNodeSelector: 'input', + buttons: [Dialog.okButton({label: 'Ok'})] + }); } export function checkUserInfo(): void { getUserInfo(function(profile: any) { - // console.log(profile); if (profile['cas:username'] === undefined) { INotification.error("Get user profile failed."); return; @@ -93,7 +52,7 @@ export async function mountUserFolder(state: IStateDB) { } // send username to backend to create local mount point and mount s3 bucket let username = profile['cas:username'] - var getUrl = new URL(PageConfig.getBaseUrl() + 'show_ssh_info/mountBucket'); + let getUrl = new URL(PageConfig.getBaseUrl() + 'show_ssh_info/mountBucket'); getUrl.searchParams.append('username',username); request('get', getUrl.href).then((res: RequestResult) => { diff --git a/show_ssh_info/src/widgets.ts b/show_ssh_info/src/widgets.ts index c62c18ef..1c5f1dbf 100644 --- a/show_ssh_info/src/widgets.ts +++ b/show_ssh_info/src/widgets.ts @@ -26,20 +26,6 @@ class SshWidget extends Widget { } } -export -class InstallSshWidget extends Widget { - constructor() { - let body = document.createElement('div'); - body.style.display = 'flex'; - body.style.flexDirection = 'column'; - - let message = "SSH has not been enabled in your workspace. In order to enable SSH navigate to your workspace admin page. Under the tab Installers, turn on SSH and EXEC and click apply. NOTE: This will restart your workspace and take a few minutes."; - let contents = document.createTextNode(message); - body.appendChild(contents); - super({ node: body }); - } -} - export class UserInfoWidget extends Widget { constructor(username:string,email:string,org:string) { From 8995e85c636514ca67c629a827a29631b78d5322 Mon Sep 17 00:00:00 2001 From: bsatoriu Date: Mon, 22 Feb 2021 12:18:54 -0800 Subject: [PATCH 10/11] replace org mount with shared workspace mount --- maap_environments.json | 4 ++ show_ssh_info/show_ssh_info/__init__.py | 4 +- show_ssh_info/show_ssh_info/handlers.py | 53 ++++++++++++++++++++++++- show_ssh_info/src/funcs.ts | 11 ++--- 4 files changed, 62 insertions(+), 10 deletions(-) diff --git a/maap_environments.json b/maap_environments.json index cf6ecef4..6c2b369d 100644 --- a/maap_environments.json +++ b/maap_environments.json @@ -6,6 +6,7 @@ "auth_server": "auth.nasa.maap.xyz", "mas_server": "repo.nasa.maap.xyz", "edsc_server": "ade.che7test.xyz:30052", + "workspace_bucket": "maap-dev-dataset", "default_host": false }, { @@ -15,6 +16,7 @@ "auth_server": "auth.nasa.maap.xyz", "mas_server": "repo.nasa.maap.xyz", "edsc_server": "che-k8s.maap.xyz:3052", + "workspace_bucket": "maap-dev-dataset", "default_host": false }, { @@ -24,6 +26,7 @@ "auth_server": "auth.uat.maap-project.org", "mas_server": "repo.uat.maap-project.org", "edsc_server": "ade.uat.maap-project.org:30052", + "workspace_bucket": "maap-uat-workspace", "default_host": false }, { @@ -33,6 +36,7 @@ "auth_server": "auth.maap-project.org", "mas_server": "mas.maap-project.org", "edsc_server": "ade.maap-project.org:30052", + "workspace_bucket": "maap-ops-dataset", "default_host": true } ] diff --git a/show_ssh_info/show_ssh_info/__init__.py b/show_ssh_info/show_ssh_info/__init__.py index cf2417a2..1c7ac3b0 100644 --- a/show_ssh_info/show_ssh_info/__init__.py +++ b/show_ssh_info/show_ssh_info/__init__.py @@ -2,7 +2,7 @@ import os import os.path from notebook.utils import url_path_join -from .handlers import GetHandler, InjectKeyHandler, MountBucketHandler, Presigneds3UrlHandler, MountOrgBucketsHandler +from .handlers import GetHandler, InjectKeyHandler, MountBucketHandler, Presigneds3UrlHandler, MountSharedBucketsHandler def _jupyter_server_extension_paths(): return [{ @@ -26,6 +26,6 @@ def load_jupyter_server_extension(nb_server_app): web_app.add_handlers(host_pattern, [(url_path_join(base_url, 'show_ssh_info/get'), GetHandler)]) web_app.add_handlers(host_pattern, [(url_path_join(base_url, 'show_ssh_info/inject_public_key'), InjectKeyHandler)]) web_app.add_handlers(host_pattern, [(url_path_join(base_url, 'show_ssh_info/mountBucket'), MountBucketHandler)]) - web_app.add_handlers(host_pattern, [(url_path_join(base_url, 'show_ssh_info/getOrgs'), MountOrgBucketsHandler)]) + web_app.add_handlers(host_pattern, [(url_path_join(base_url, 'show_ssh_info/mountSharedBucket'), MountSharedBucketsHandler)]) web_app.add_handlers(host_pattern, [(url_path_join(base_url, 'show_ssh_info/getSigneds3Url'), Presigneds3UrlHandler)]) diff --git a/show_ssh_info/show_ssh_info/handlers.py b/show_ssh_info/show_ssh_info/handlers.py index 5bd686d2..0ba7175a 100644 --- a/show_ssh_info/show_ssh_info/handlers.py +++ b/show_ssh_info/show_ssh_info/handlers.py @@ -29,7 +29,7 @@ def maap_api_url(host): return 'https://{}'.format(get_maap_config(host)['api_server']) def dps_bucket_name(host): - return 'maap-{}-workspace'.format(get_maap_config(host)['environment']) + return get_maap_config(host)['workspace_bucket'] class InjectKeyHandler(IPythonHandler): def get(self): @@ -192,6 +192,57 @@ def get(self): except: self.finish({"status_code":500, "message":message, "user_workspace":user_workspace,"user_bucket_dir":user_bucket_dir}) +class MountSharedBucketsHandler(IPythonHandler): + def get(self): + message = '' + maap_workspaces_dir = 'maap-workspaces' + try: + # get bucket name + bucket = dps_bucket_name(self.request.host) + logging.debug('shared bucket is '+bucket) + + # local mount points + shared_workspaces = '/projects/{}'.format(maap_workspaces_dir) + logging.debug('shared_workspaces {}'.format(shared_workspaces)) + + # create local mount points if they don't exist + if not os.path.exists(shared_workspaces): + os.mkdir(shared_workspaces) + + logging.debug('shared_workspaces created') + + # cache + if not os.path.exists('/tmp/cache'): + os.mkdir('/tmp/cache') + + logging.debug('cache created') + + # check if already mounted + check_status = subprocess.call('df -h | grep s3fs | grep {}'.format(shared_workspaces),shell=True) + logging.debug('check mounted is '+str(check_status)) + + #if status == 0, user workspace already mounted + if check_status == 0: + message = 'shared workspaces already mounted' + self.finish({'status_code':200,'message':message, 'shared_workspaces':shared_workspaces}) + + # if status !- 0, user workspace not already mounted + else: + # create tmp directory for caching + chtmp_output = subprocess.check_output('chmod 777 /tmp/cache', shell=True).decode('utf-8') + message = chtmp_output + logging.debug('chmod tmp {}'.format(chtmp_output)) + + # mount whole bucket in read-only mode + mount_output = subprocess.check_output('s3fs -o iam_role=auto -o imdsv1only -o ro -o use_cache=/tmp/cache {} {}'.format(bucket,shared_workspaces), shell=True).decode('utf-8') + + message = mount_output + logging.debug('mount log {}'.format(mount_output)) + + self.finish({"status_code":200, "message":message, "shared_workspaces":shared_workspaces}) + except: + self.finish({"status_code":500, "message":message, "shared_workspaces":shared_workspaces}) + class MountOrgBucketsHandler(IPythonHandler): def get(self): # Send request to Che API for list of user's orgs diff --git a/show_ssh_info/src/funcs.ts b/show_ssh_info/src/funcs.ts index cd497284..b4a5469e 100644 --- a/show_ssh_info/src/funcs.ts +++ b/show_ssh_info/src/funcs.ts @@ -73,21 +73,18 @@ export async function mountUserFolder(state: IStateDB) { } export async function mountOrgFolders(state: IStateDB) { - // do something - let token = getToken(); - var getUrl = new URL(PageConfig.getBaseUrl() + 'show_ssh_info/getOrgs'); - getUrl.searchParams.append('token',token); + var getUrl = new URL(PageConfig.getBaseUrl() + 'show_ssh_info/mountSharedBucket'); request('get', getUrl.href).then((res: RequestResult) => { if (res.ok) { let data:any = JSON.parse(res.data); if (data.status_code == 200) { console.log(data); - INotification.success('Successfully mounted organization and sub-organization folders') + INotification.success('Successfully mounted shared workspaces folders') } else { - INotification.error('Failed to get user\'s Che orgs'); + INotification.error('Failed to get user\'s shared workspaces '); } } else { - INotification.error('Failed to get user\'s Che orgs'); + INotification.error('Failed to get user\'s shared workspaces '); } }); } From 8ae4d231e26cf990c28ef29a7abb09bbcb78e100 Mon Sep 17 00:00:00 2001 From: bsatoriu Date: Mon, 22 Feb 2021 13:45:31 -0800 Subject: [PATCH 11/11] Revert shared ws mount and remove read-only --- show_ssh_info/show_ssh_info/__init__.py | 3 ++- show_ssh_info/show_ssh_info/handlers.py | 5 +---- show_ssh_info/src/funcs.ts | 11 +++++++---- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/show_ssh_info/show_ssh_info/__init__.py b/show_ssh_info/show_ssh_info/__init__.py index 1c7ac3b0..958021dd 100644 --- a/show_ssh_info/show_ssh_info/__init__.py +++ b/show_ssh_info/show_ssh_info/__init__.py @@ -2,7 +2,7 @@ import os import os.path from notebook.utils import url_path_join -from .handlers import GetHandler, InjectKeyHandler, MountBucketHandler, Presigneds3UrlHandler, MountSharedBucketsHandler +from .handlers import GetHandler, InjectKeyHandler, MountBucketHandler, Presigneds3UrlHandler, MountOrgBucketsHandler, MountSharedBucketsHandler def _jupyter_server_extension_paths(): return [{ @@ -27,5 +27,6 @@ def load_jupyter_server_extension(nb_server_app): web_app.add_handlers(host_pattern, [(url_path_join(base_url, 'show_ssh_info/inject_public_key'), InjectKeyHandler)]) web_app.add_handlers(host_pattern, [(url_path_join(base_url, 'show_ssh_info/mountBucket'), MountBucketHandler)]) web_app.add_handlers(host_pattern, [(url_path_join(base_url, 'show_ssh_info/mountSharedBucket'), MountSharedBucketsHandler)]) + web_app.add_handlers(host_pattern, [(url_path_join(base_url, 'show_ssh_info/getOrgs'), MountOrgBucketsHandler)]) web_app.add_handlers(host_pattern, [(url_path_join(base_url, 'show_ssh_info/getSigneds3Url'), Presigneds3UrlHandler)]) diff --git a/show_ssh_info/show_ssh_info/handlers.py b/show_ssh_info/show_ssh_info/handlers.py index 0ba7175a..3c521612 100644 --- a/show_ssh_info/show_ssh_info/handlers.py +++ b/show_ssh_info/show_ssh_info/handlers.py @@ -321,11 +321,8 @@ def get(self): message = umount_output logging.debug('umount output {}'.format(umount_output)) - # org folders are read-only (-o ro) - readonly_opt = '-o ro ' if org == 'maap-users' else '' mountdir_output = subprocess.check_output( - 's3fs -o iam_role=auto -o imdsv1only {} {} {}'.format( - readonly_opt, org_bucket_dir, org_workspace), + 's3fs -o iam_role=auto -o imdsv1only {} {}'.format(org_bucket_dir, org_workspace), shell=True).decode('utf-8') message = mountdir_output logging.debug('mountdir output {}'.format(mountdir_output)) diff --git a/show_ssh_info/src/funcs.ts b/show_ssh_info/src/funcs.ts index b4a5469e..cd497284 100644 --- a/show_ssh_info/src/funcs.ts +++ b/show_ssh_info/src/funcs.ts @@ -73,18 +73,21 @@ export async function mountUserFolder(state: IStateDB) { } export async function mountOrgFolders(state: IStateDB) { - var getUrl = new URL(PageConfig.getBaseUrl() + 'show_ssh_info/mountSharedBucket'); + // do something + let token = getToken(); + var getUrl = new URL(PageConfig.getBaseUrl() + 'show_ssh_info/getOrgs'); + getUrl.searchParams.append('token',token); request('get', getUrl.href).then((res: RequestResult) => { if (res.ok) { let data:any = JSON.parse(res.data); if (data.status_code == 200) { console.log(data); - INotification.success('Successfully mounted shared workspaces folders') + INotification.success('Successfully mounted organization and sub-organization folders') } else { - INotification.error('Failed to get user\'s shared workspaces '); + INotification.error('Failed to get user\'s Che orgs'); } } else { - INotification.error('Failed to get user\'s shared workspaces '); + INotification.error('Failed to get user\'s Che orgs'); } }); }