call make/move certs at a higher level

mostly to allow them to be async
2025-10-10 11:33:01 +00:00 · 2018-09-28 13:57:41 +02:00
parent 50f1decee7
commit 5fbd4f2d4e
2 changed files with 16 additions and 12 deletions
--- a/jupyterhub/spawner.py
+++ b/jupyterhub/spawner.py
@@ -168,6 +168,7 @@ class Spawner(LoggingConfigurable):
    internal_ssl = Bool(False)
    internal_trust_bundles = Dict()
    internal_certs_location = Unicode('')
+    cert_paths = Dict()
    admin_access = Bool(False)
    api_token = Unicode()
    oauth_client_id = Unicode()
@@ -650,12 +651,10 @@ class Spawner(LoggingConfigurable):
        if self.cpu_guarantee:
            env['CPU_GUARANTEE'] = str(self.cpu_guarantee)

-        if self.internal_ssl:
-            paths = self.move_certs(self.create_certs())
-
-            env['JUPYTERHUB_NOTEBOOK_SSL_KEYFILE'] = paths['keyfile']
-            env['JUPYTERHUB_NOTEBOOK_SSL_CERTFILE'] = paths['certfile']
-            env['JUPYTERHUB_NOTEBOOK_SSL_CLIENT_CA'] = paths['cafile']
+        if self.cert_paths:
+            env['JUPYTERHUB_NOTEBOOK_SSL_KEYFILE'] = self.cert_paths['keyfile']
+            env['JUPYTERHUB_NOTEBOOK_SSL_CERTFILE'] = self.cert_paths['certfile']
+            env['JUPYTERHUB_NOTEBOOK_SSL_CLIENT_CA'] = self.cert_paths['cafile']

        return env

@@ -697,7 +696,7 @@ class Spawner(LoggingConfigurable):
        """
        return s.format(**self.template_namespace())

-    def create_certs(self, alt_names=None, override=False):
+    async def create_certs(self, alt_names=None, override=False):
        """Create and set ownership for the certs to be used for internal ssl

        Keyword Arguments:
@@ -748,7 +747,7 @@ class Spawner(LoggingConfigurable):
        }
        return paths

-    def move_certs(self, paths):
+    async def move_certs(self, paths):
        """Takes certificate paths and makes them available to the notebook server

        Arguments:
--- a/jupyterhub/user.py
+++ b/jupyterhub/user.py
@@ -440,6 +440,11 @@ class User:
        try:
            # run optional preparation work to bootstrap the notebook
            await maybe_future(spawner.run_pre_spawn_hook())
+            if self.settings.get('internal_ssl'):
+                self.log.debug("Creating internal SSL certs for %s", spawner._log_name)
+                hub_paths = await maybe_future(spawner.create_certs())
+                spawner.cert_paths = await maybe_future(spawner.move_certs(hub_paths))
+            self.log.debug("Calling Spawner.start for %s", spawner._log_name)
            f = maybe_future(spawner.start())
            # commit any changes in spawner.start (always commit db changes before yield)
            db.commit()
@@ -536,11 +541,11 @@ class User:
        spawner.orm_spawner.state = spawner.get_state()
        db.commit()
        spawner._waiting_for_response = True
+        key = self.settings.get('internal_ssl_key')
+        cert = self.settings.get('internal_ssl_cert')
+        ca = self.settings.get('internal_ssl_ca')
+        ssl_context = make_ssl_context(key, cert, cafile=ca)
        try:
-            key = self.settings.get('internal_ssl_key')
-            cert = self.settings.get('internal_ssl_cert')
-            ca = self.settings.get('internal_ssl_ca')
-            ssl_context = make_ssl_context(key, cert, cafile=ca)
            resp = await server.wait_up(
                    http=True,
                    timeout=spawner.http_timeout,