Difference between revisions of "Jupyterhub"
| Line 73: | Line 73: | ||
mkdir /home/jupy/certs | mkdir /home/jupy/certs | ||
chown jupy /home/jupy/certs | chown jupy /home/jupy/certs | ||
| − | cp /etc/ | + | cp /etc/letsencrypt/live/endeavour.unh.edu/* /home/jupy/certs |
| + | |||
| + | Note: fix the certbot script to copy new certs! | ||
Edit Config file: | Edit Config file: | ||
| Line 95: | Line 97: | ||
Finally: | Finally: | ||
| − | Setup / | + | Setup /var/log/jupyterhub/ directory owned by jypy. |
| − | Setup | + | Setup systemd, see: https://github.com/jupyterhub/jupyterhub/wiki/Run-jupyterhub-as-a-system-service |
| + | |||
| + | Edit sudoers to include the line: | ||
| + | Defaults:jupy !requiretty | ||
| + | Or sudo does not work. | ||
| + | |||
| + | Bug Notes: | ||
| + | Currently this only works with a symlink from /bin/jupyterhub-single-user to the anaconda3 version, and the same for sudospawner. | ||
Revision as of 19:18, 18 February 2019
JupyterHub
The JupyterHub system allows you to serve up jupyter notebooks over the web.
Installation
On [roentgen] we use anaconda in /usr/local/anaconda3 for jupyterhub. On other systems, we do not use the Anaconda install, because that does not play nice with ROOT. We would want to use the default python3 in /bin/python3 but that is a 3.4 python, and we need a >=3.5. Yuck! See: Jupyterhub quick start
Python3
First install python3.6 See: Install Python3.6
yum install https://centos7.iuscommunity.org/ius-release.rpm yum install python36u yum install python36u-pip yum install python36u-devel pip3.6 install scipy numpy ipython pandas pip3.6 install jupyter
Jupyter Hub
yum install npm nodejs pip3.6 install jupyterhub npm install -g configurable-http-proxy
Secure Setup With SudoSpawner
Install sudospawner:
pip3.6 install git+https://github.com/jupyter/sudospawner
Create the "jupy" user that will run things, and setup sudo for this user.
useradd jupy # edit /etc/passwd to so jupy has shell /sbin/nologin
Use visudo to add the following at the bottom:
# # For Jupyterhub use with Sudospawner # # the command(s) the Hub can run on behalf of users in jupyter group without needing a password # the exact path may differ, depending on how sudospawner was installed Cmnd_Alias JUPYTER_CMD = /bin/sudospawner # actually give the Hub user permission to run the above command on behalf # of the above users without prompting for a password jupy ALL=(%jupyter) NOPASSWD:JUPYTER_CMD #
Test this with:
sudo -u jupy sudo -n -u maurik /bin/sudospawner --help
Setup Jupyter Hub
Use sudospawner. See: https://github.com/jupyterhub/jupyterhub/wiki/Using-sudo-to-run-JupyterHub-without-root-privileges
Generate the config area and config file:
mkdir /etc/jupyterhub useradd jupy chown jupy:root /etc/jupyterhub cd /etc/jupyterhub
Create new cookie:
cd /etc/jupyterhub openssl rand -hex 32 > jupyterhub_cookie_secret chmod og-r jupyterhub_cookie_secret
Copy the certificate to /home/jupy/certs
mkdir /home/jupy/certs chown jupy /home/jupy/certs cp /etc/letsencrypt/live/endeavour.unh.edu/* /home/jupy/certs
Note: fix the certbot script to copy new certs!
Edit Config file:
c.JupyterHub.hub_ip = '10.0.0.100' c.JupyterHub.ip = 'endeavour.unh.edu' c.JupyterHub.cookie_secret_file = '/etc/jupyterhub/jupyterhub_cookie_secret' c.JupyterHub.spawner_class = 'sudospawner.SudoSpawner' c.JupyterHub.ssl_key = '/home/jupy/certs/privkey.pem' c.JupyterHub.ssl_cert = '/home/jupy/certs/fullchain.pem' c.Spawner.args = ['--ip="0.0.0.0"'] c.Spawner.notebook_dir = '~' # Can change to ~/notebooks c.Authenticator.whitelist = set() c.LocalAuthenticator.group_whitelist = set(['jupyter','npg'])
Test with:
sudo -u jupy /anaconda3/bin/jupyterhub --generate-config sudo -u jupy jupyterhub --generate-config
Finally:
Setup /var/log/jupyterhub/ directory owned by jypy. Setup systemd, see: https://github.com/jupyterhub/jupyterhub/wiki/Run-jupyterhub-as-a-system-service
Edit sudoers to include the line:
Defaults:jupy !requiretty
Or sudo does not work.
Bug Notes: Currently this only works with a symlink from /bin/jupyterhub-single-user to the anaconda3 version, and the same for sudospawner.
