Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

setup jupyterhub config #78

Merged
merged 5 commits into from
Sep 5, 2024
Merged

setup jupyterhub config #78

merged 5 commits into from
Sep 5, 2024

Conversation

Tianhao-Gu
Copy link
Collaborator

No description provided.

Tianhao-Gu
Tianhao-Gu commented Sep 5, 2024
View reviewed changes
scripts/spawn_notebook.sh
@@ -0,0 +1,9 @@
#!/bin/bash

USERNAME=${JUPYTERHUB_USER}
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

JUPYTERHUB_USER will be set in custom_spawner.py in later PRs.

@codecov Codecov
Copy link

codecov bot commented Sep 5, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 75.00000% with 1 line in your changes missing coverage. Please review.

Project coverage is 49.60%. Comparing base (a208fa7) to head (7e7cf1f).
Report is 6 commits behind head on main.

Files with missing lines Patch % Lines
src/jupyterhub_config/custom_spawner.py 75.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main      #78      +/-   ##
==========================================
+ Coverage   48.76%   49.60%   +0.83%     
==========================================
  Files           4        5       +1     
  Lines         121      125       +4     
==========================================
+ Hits           59       62       +3     
- Misses         62       63       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Tianhao-Gu
Tianhao-Gu commented Sep 5, 2024
View reviewed changes
scripts/spawn_notebook.sh
USERNAME=${JUPYTERHUB_USER}

echo "Starting Jupyter Notebook for user: $USERNAME"
cd $JUPYTERHUB_USER_HOME/$USERNAME
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

User home dir will also be created in custom_spawner.py in future PRs.

Tianhao-Gu
Tianhao-Gu commented Sep 5, 2024
View reviewed changes
Dockerfile
@@ -82,6 +98,10 @@ ENV CDM_SHARED_DIR=/cdm_shared_workspace
RUN mkdir -p ${CDM_SHARED_DIR} && chmod -R 777 ${CDM_SHARED_DIR}
RUN chown -R spark_user:spark $CDM_SHARED_DIR

# Allow spark_user to use sudo without a password
Copy link
Collaborator Author

@Tianhao-Gu Tianhao-Gu Sep 5, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

JupyterHub requires the presence of system users for its operations. Configuring JupyterHub with a non-root user is a lot challenging, as this user must manage other system users (home dir, virtual env, etc). As a tmp solution, I want to provide sudo access for the spark_user. I am actually consider switching to root if it becomes too cumbersome.

Tianhao-Gu
Tianhao-Gu commented Sep 5, 2024
View reviewed changes
config/jupyterhub_config.py
# Set the authenticator class
# TODO: Change the authenticator class to a secure one (e.g. GitHubOAuthenticator)
c.JupyterHub.authenticator_class = 'jupyterhub.auth.DummyAuthenticator'
c.Authenticator.allowed_users = {'spark_user', 'test_user1', 'test_user2'}
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non-existent system users (test_user1, test_user2) will be automatically created later in custom_spawner.py.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Eventually I want to switch to OAuth and phase out user/password auth completely. Maybe only allow admin users to use password.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Presumably long term we'd swap out all the auth systems for KBase auth

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yea. That's the plan to use KBase auth eventually.

MrCreosote
MrCreosote reviewed Sep 5, 2024
View reviewed changes
Copy link
Member

@MrCreosote MrCreosote left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't really understand enough about how jupyterhub works to properly review this. What prevents user A from reading from or writing to user B's environment?

Dockerfile Show resolved Hide resolved
Dockerfile Show resolved Hide resolved
config/jupyterhub_config.py Show resolved Hide resolved
config/jupyterhub_config.py Show resolved Hide resolved
scripts/spawn_notebook.sh Outdated Show resolved Hide resolved
@Tianhao-Gu
Copy link
Collaborator Author

I don't really understand enough about how jupyterhub works to properly review this. What prevents user A from reading from or writing to user B's environment?

Upon logging in, we need to ensure user's home directory is properly created and permissioned which will be done by VirtualEnvSpawner class.

@Tianhao-Gu Tianhao-Gu merged commit a703965 into main Sep 5, 2024
6 of 7 checks passed
@Tianhao-Gu Tianhao-Gu deleted the dev_jupyterhub branch September 5, 2024 19:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MrCreosote MrCreosote MrCreosote approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Tianhao-Gu @MrCreosote