Jupyterhub

From Nuclear Physics Group Documentation Pages
Jump to navigationJump to search

JupyterHub

The JupyterHub system allows you to serve up jupyter notebooks over the web.

Installation

On [roentgen] we use anaconda in /usr/local/anaconda3 for jupyterhub. On other systems, we do not use the Anaconda install, because that does not play nice with ROOT. We would want to use the default python3 in /bin/python3 but that is a 3.4 python, and we need a >=3.5. Yuck! See: Jupyterhub quick start

Python3

First install python3.6 See: Install Python3.6

 yum install https://centos7.iuscommunity.org/ius-release.rpm
 yum install python36u
 yum install python36u-pip
 yum install python36u-devel
 pip3.6 install scipy numpy ipython pandas 
 pip3.6 install jupyter

Jupyter Hub

 yum install npm nodejs
 pip3.6 install jupyterhub 
 npm install -g configurable-http-proxy

Secure Setup With SudoSpawner

Install sudospawner:

  pip3.6 install git+https://github.com/jupyter/sudospawner

Create the "jupy" user that will run things, and setup sudo for this user.

 useradd jupy
 # edit /etc/passwd to so jupy has shell /sbin/nologin

Use visudo to add the following at the bottom:

   # 
   # For Jupyterhub use with Sudospawner
   #
   # the command(s) the Hub can run on behalf of users in jupyter group  without needing a password
   # the exact path may differ, depending on how sudospawner was installed
   Cmnd_Alias JUPYTER_CMD = /bin/sudospawner
   
   # actually give the Hub user permission to run the above command on behalf
   # of the above users without prompting for a password
   jupy ALL=(%jupyter) NOPASSWD:JUPYTER_CMD
   #

Test this with:

  sudo -u jupy sudo -n -u maurik /bin/sudospawner --help

Setup Jupyter Hub

Use sudospawner. See: https://github.com/jupyterhub/jupyterhub/wiki/Using-sudo-to-run-JupyterHub-without-root-privileges

Generate the config area and config file:

  mkdir /etc/jupyterhub
  useradd jupy
  chown jupy:root /etc/jupyterhub
  cd /etc/jupyterhub

Create new cookie:

 cd /etc/jupyterhub
 openssl rand -hex 32 > jupyterhub_cookie_secret
 chmod og-r jupyterhub_cookie_secret

Copy the certificate to /home/jupy/certs

  mkdir /home/jupy/certs
  chown jupy /home/jupy/certs
  cp /etc/letsencrypt/live/endeavour.unh.edu/*  /home/jupy/certs

Note: fix the certbot script to copy new certs!

Edit Config file:

  c.JupyterHub.hub_ip = '10.0.0.100'
  c.JupyterHub.ip = 'endeavour.unh.edu'
  c.JupyterHub.cookie_secret_file = '/etc/jupyterhub/jupyterhub_cookie_secret'
  c.JupyterHub.spawner_class = 'sudospawner.SudoSpawner'
  c.JupyterHub.ssl_key = '/home/jupy/certs/privkey.pem'
  c.JupyterHub.ssl_cert = '/home/jupy/certs/fullchain.pem'
  c.Spawner.args = ['--ip="0.0.0.0"']
  c.Spawner.notebook_dir = '~'              # Can change to ~/notebooks
  c.Authenticator.whitelist = set()
  c.LocalAuthenticator.group_whitelist =  set(['jupyter','npg'])

Setup sudo file:

 #
 # For Jupyterhub use with Sudospawner
 #
 # the command(s) the Hub can run on behalf of users in jupyter group  without needing a password 
 # the exact path may differ, depending on how sudospawner was installed
 Defaults:jupy !requiretty
 Cmnd_Alias JUPYTER_CMD = /usr/local/anaconda3/bin/sudospawner, /bin/sudospawner

 # actually give the Hub user permission to run the above command on behalf
 # of the above users without prompting for a password
 jupy ALL=(%jupyter) NOPASSWD:JUPYTER_CMD
 #

Test with:

  sudo -u jupy /usr/local/anaconda3/bin/jupyterhub -f /etc/jupyterhub/jupyterhub_conf.py

Finally:

Setup /var/log/jupyterhub/ directory owned by jupy. Setup systemd, see: https://github.com/jupyterhub/jupyterhub/wiki/Run-jupyterhub-as-a-system-service

install the startup script in /etc/jupyterhub like:

#!/bin/bash
#
cd /etc/jupyterhub
# jupyterhub -f jupyterhub_config.py &>> ${logfile} &

start() {
   # logfile="/var/log/jupyterhub-$(date +'%Y-%m-%d').log"
   mv -f /var/log/jupyterhub/jupyterhub.log /var/log/jupyterhub/jupyterhub-$(date +'%Y-%m-%d').log
   . /usr/local/anaconda3/bin/activate base
   logfile="/var/log/jupyterhub/jupyterhub.log"
   echo $PATH
   echo "Debug out going to: " ${logfile}
   touch ${logfile}
   echo "================= Starting Jupterhub ======================" >> ${logfile}
   /bin/date >> ${logfile}
   # exec sudo -u jupy /usr/local/anaconda3/bin/jupyterhub -f jupyterhub_config.py &>> ${logfile} 
   /usr/local/anaconda3/bin/jupyterhub -f jupyterhub_config.py &>> ${logfile} 
}

stop() {
  exec killall /usr/local/anaconda3/bin/python
}

status(){
  exec ps auwwx | grep jupyter
}

case $1 in
  start|stop|status) "$1" ;;
esac


Bug Notes: Currently this only works with a symlink from /bin/jupyterhub-single-user to the anaconda3 version, and the same for sudospawner.