我试图将Keycloak身份验证集成到Jupyterhub(作为docker运行)中,并且我已经配置了jupyterhub_config.py文件,以便提供所需的所有变量和url,并且在运行容器时,我被重定向到Keycloak登录页面,问题是我使用用户credencials登录后出现错误:
tornado.curl_httpclient.CurlError: HTTP 599: Failed to connect to localhost port 8080: Connection refused
下面我发布了我的配置和Dockerfile,其中隐藏了一些参数。错误日志。
jupyterhub_config.py
import sys
c.JupyterHub.spawner_class = 'dockerspawner.DockerSpawner'
## Generic
c.JupyterHub.admin_access = True
c.Spawner.default_url = '/lab'
## Authenticator
from oauthenticator.oauth2 import OAuthLoginHandler
from oauthenticator.generic import GenericOAuthenticator
from tornado.auth import OAuth2Mixin
class KeycloakMixin(OAuth2Mixin):
_OAUTH_AUTHORIZE_URL = '{keycloakserver}/auth/realms/{realmname}/protocol/openid-connect/auth'
_OAUTH_USERDATA_URL = '{keycloakserver}/auth/realms/{realmname}/protocol/openid-connect/userinfo'
_OAUTH_TOKEN_URL = '{keycloakserver}/realms/{realmname}/protocol/openid-connect/token'
_OAUTH_CALLBACK_URL = '{jupyterhubserver}/hub/oauth_callback'
class KeycloakLoginHandler(OAuthLoginHandler, KeycloakMixin):
pass
class UVSQAuthenticator(GenericOAuthenticator):
login_service = 'Keycloak'
login_handler = KeycloakLoginHandler
client_id = '{client_id}'
client_secret = '{client_secret}'
token_url = '{keycloakserver}/realms/{realmname}/protocol/openid-connect/token'
userdata_url = '{keycloakserver}/realms/{realmname}/protocol/openid-connect/userinfo'
userdata_method ='GET'
userdata_params = {"state": "state"}
username_key = "username"
c.JupyterHub.authenticator_class = UVSQAuthenticator
## Docker spawner
#c.DockerSpawner.image = 'jupyterlab_img'
#c.DockerSpawner.network_name = 'nginx_proxy'
from jupyter_client.localinterfaces import public_ips
c.JupyterHub.hub_ip = public_ips()[0]
c.JupyterHub.services = [
{
'name': 'cull-idle',
'admin': True,
'command': [sys.executable, 'cull_idle_servers.py', '--timeout=3600'],
}
]
Dockerfile
# Do not forget to pin down the version
FROM jupyterhub/jupyterhub:latest
# Copy the JupyterHub configuration in the container
COPY jupyterhub_config.py .
# Download script to automatically stop idle single-user servers
RUN wget https://raw.githubusercontent.com/jupyterhub/jupyterhub/0.9.3/examples/cull-idle/cull_idle_servers.py
# Install dependencies (for advanced authentication and spawning)
RUN pip install \
--upgrade jupyter \
dockerspawner \
oauthenticator
错误日志
Traceback (most recent call last):
File "/opt/conda/lib/python3.6/site-packages/tornado/web.py", line 1699, in _execute
result = await result
File "/opt/conda/lib/python3.6/site-packages/oauthenticator/oauth2.py", line 209, in get
user = yield self.login_user()
File "/opt/conda/lib/python3.6/site-packages/jupyterhub/handlers/base.py", line 655, in login_user
authenticated = await self.authenticate(data)
File "/opt/conda/lib/python3.6/site-packages/jupyterhub/auth.py", line 383, in get_authenticated_user
authenticated = await maybe_future(self.authenticate(handler, data))
File "/opt/conda/lib/python3.6/site-packages/oauthenticator/generic.py", line 114, in authenticate
resp = yield http_client.fetch(req)
tornado.curl_httpclient.CurlError: HTTP 599: Failed to connect to localhost port 8080: Connection refused