Can't create API token

[Ozan Çağlayan]

Hi,

I'm trying to set the cull_idle_servers.py script into place but I
can't create an API token with

jupyterhub token

Should I do this when the jupyterhub is shut down?

It prints me the following:

[W 2016-04-29 19:20:35.410 JupyterHub app:759] No admin users, admin
interface will be unavailable.
[W 2016-04-29 19:20:35.411 JupyterHub app:760] Add any administrative
users to `c.Authenticator.admin_users` in config.
[I 2016-04-29 19:20:35.411 JupyterHub app:787] Not using whitelist.
Any authenticated user will be allowed.
No such user: root

I'm running the Hub as root.

Thanks!

--
Ozan Çağlayan
Research Assistant
Galatasaray University - Computer Engineering Dept.
http://www.ozancaglayan.com

[MinRK]

You need to specify the JupyterHub username that the token should correspond to. The default is whoami, but that only works if your current shell user is the user you mean to be giving API access. If you run

jupyterhub token kaylee

it will give you a token for API access as kaylee.

-MinRK

​

--
You received this message because you are subscribed to the Google Groups "Project Jupyter" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jupyter+u...@googlegroups.com.
To post to this group, send email to jup...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jupyter/CAFub%3DKTRt_PQ-ZvNybkA%3DmivRuXnS-vuvEqSTPGKDaQzjp7HYA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Ozan Çağlayan]

Hi,

Well that doesn't work as well. 

# jupyterhub token ocaglayan

[W 2016-05-02 14:04:58.881 JupyterHub app:759] No admin users, admin interface will be unavailable.

[W 2016-05-02 14:04:58.882 JupyterHub app:760] Add any administrative users to `c.Authenticator.admin_users` in config.

[I 2016-05-02 14:04:58.882 JupyterHub app:787] Not using whitelist. Any authenticated user will be allowed.

No such user: ocaglayan

I also tried gaving my own conf file with

jupyterhub -f /etc/jupyterhub/config.py token ocaglayan

but it apparently tries to relaunch the hub and fails. Normally 'ocaglayan' is available on the system, is also in the list of admin_users in the config.py. So what am I doing wrong?

Thanks!

[MinRK]

Ah, I see now. With current JupyterHub, the user has to be in the db before you can run jupyterhub token. If you are not using a whitelist, this means that you must have logged in at least once. I will fix this for the next release. In the meantime, JupyterHub 0.6 makes it so you don’t need to deal with jupyterhub token at all, because you can generate tokens however you like, e.g.

openssl rand -hex 32

And load them into JupyterHub via config:

c.JupyterHub.api_tokens = { 'username': 'token' }`

-MinRK

--

You received this message because you are subscribed to the Google Groups "Project Jupyter" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jupyter+u...@googlegroups.com.
To post to this group, send email to jup...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/jupyter/CAFub%3DKTePQ5nVMRaxPEEYv%2BBo7Aunxyv50AjZXKzGFfbr3YP-Q%40mail.gmail.com.

​

[Ozan Çağlayan]

Hi,

Okay I struggled for an hour after to find that the key->value in api_tokens is 'token' : 'username' not 'username': 'token' :)) Then the hub failed to start because it added a token as a username. I deleted some stuff from the sqlite database and now it seems OK :)

Can I run this cull_idle_servers as root? I don't really get how the hub matches the token against the username?

Thanks!

[MinRK]

On Tue, May 3, 2016 at 11:07 AM, Ozan Çağlayan <oza...@gmail.com> wrote:

Hi,

Okay I struggled for an hour after to find that the key->value in api_tokens is 'token' : 'username' not 'username': 'token' :)) Then the hub failed to start because it added a token as a username. I deleted some stuff from the sqlite database and now it seems OK :)

Sorry about having that backwards!

Can I run this cull_idle_servers as root? I don't really get how the hub matches the token against the username?

You can run the script as any user, including nobody. When an API request is made to the Hub, a token is used to identify the user making the request. This is always the user according to the Hub, which may or may not have any relationship to the unix users on the system. The token alone identifies the permissions the script has in terms of actions it can take with the Hub (listing users, shutting down servers). The only requirement is that it is an admin user in the hub.

-MinRK

Thanks!

--
You received this message because you are subscribed to the Google Groups "Project Jupyter" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jupyter+u...@googlegroups.com.
To post to this group, send email to jup...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/jupyter/CAFub%3DKSHqOCUyFzqNuXs8H1xtWta-QvW2NjrHcv%2BUPgULVorzQ%40mail.gmail.com.

​

[Carol Willing]

Hi Min and Ozan,

I’ve opened an issue in the JupyterHub repo to expand our
documentation on api_tokens:
https://github.com/jupyterhub/jupyterhub/issues/557

Ozan, I’m glad you got it working. Sorry about the inconvenience.

- Carol

Carol Willing
Research Software Engineer, Project Jupyter @ Cal Poly
Director, Python Software Foundation

On 3 May 2016, at 4:45, MinRK wrote:

> On Tue, May 3, 2016 at 11:07 AM, Ozan Çağlayan <oza...@gmail.com>
> wrote:
>
> Hi,
>>
>> Okay I struggled for an hour after to find that the key->value in
>> api_tokens is 'token' : 'username' not 'username': 'token' :)) Then
>> the hub
>> failed to start because it added a token as a username. I deleted
>> some
>> stuff from the sqlite database and now it seems OK :)
>>
> Sorry about having that backwards!
>
>
>> Can I run this cull_idle_servers as root? I don't really get how the
>> hub
>> matches the token against the username?
>>
> You can run the script as any user, including nobody. When an API
> request
> is made to the Hub, a token is used to identify the user making the

> request. This is always the user *according to the Hub*, which may or

> may
> not have any relationship to the unix users on the system. The token
> alone
> identifies the permissions the script has in terms of actions it can
> take
> with the Hub (listing users, shutting down servers). The only
> requirement
> is that it is an admin user in the hub.
>
> -MinRK
>
>
>> Thanks!
>>
>>
>> --
>> You received this message because you are subscribed to the Google
>> Groups
>> "Project Jupyter" group.
>> To unsubscribe from this group and stop receiving emails from it,
>> send an
>> email to jupyter+u...@googlegroups.com.
>> To post to this group, send email to jup...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/jupyter/CAFub%3DKSHqOCUyFzqNuXs8H1xtWta-QvW2NjrHcv%2BUPgULVorzQ%40mail.gmail.com

>> <https://groups.google.com/d/msgid/jupyter/CAFub%3DKSHqOCUyFzqNuXs8H1xtWta-QvW2NjrHcv%2BUPgULVorzQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .

>>
>> For more options, visit https://groups.google.com/d/optout.
>>
> ​
>

> --
> You received this message because you are subscribed to the Google
> Groups "Project Jupyter" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to jupyter+u...@googlegroups.com.
> To post to this group, send email to jup...@googlegroups.com.
> To view this discussion on the web visit

> https://groups.google.com/d/msgid/jupyter/CAHNn8BUBsYVkRyXWM%2BDKrD%3D-FeULM9hsKwiCeu6iKLrEB2-6Ug%40mail.gmail.com.

[Ozan Çağlayan]

Hi,

Just a quick general question about cull-idle-servers. When I launch the script with the token of a user who has also open notebooks, they get never culled and the last active time gets apparently updated by a cull idle frequency. I thought that the last active time is only affected by some actions on an open notebook through the web interface, am I wrong?