Differences

This shows you the differences between two versions of the page.

--- docpublic:systemes:systemes:jupyter:jupyterhub [2021/07/10 17:51]
adminjp [jupyterhub & lab packages]
+++ docpublic:systemes:systemes:jupyter:jupyterhub [2021/07/12 20:58] (current)
adminjp [REMOTE_USER auth]
@@ Line 82: / Line 82: @@
 [root@jhub ~]# /opt/jupyterhub/bin/python3 -m pip install ipywidgets
 Successfully installed MarkupSafe-2.0.1 Send2Trash-1.7.1 argon2-cffi-20.1.0 async-generator-1.10 attrs-21.2.0 backcall-0.2.0 bleach-3.3.0 cffi-1.14.6 decorator-5.0.9 defusedxml-0.7.1 entrypoints-0.3 importlib-metadata-4.6.1 ipykernel-5.5.5 ipython-7.16.1 ipython-genutils-0.2.0 ipywidgets-7.6.3 jedi-0.18.0 jinja2-3.0.1 jsonschema-3.2.0 jupyter-client-6.2.0 jupyter-core-4.7.1 jupyterlab-pygments-0.1.2 jupyterlab-widgets-1.0.0 mistune-0.8.4 nbclient-0.5.3 nbconvert-6.0.7 nbformat-5.1.3 nest-asyncio-1.5.1 notebook-6.4.0 packaging-21.0 pandocfilters-1.4.3 parso-0.8.2 pexpect-4.8.0 pickleshare-0.7.5 prometheus-client-0.11.0 prompt-toolkit-3.0.19 ptyprocess-0.7.0 pycparser-2.20 pygments-2.9.0 pyparsing-2.4.7 pyrsistent-0.18.0 python-dateutil-2.8.1 pyzmq-22.1.0 six-1.16.0 terminado-0.10.1 testpath-0.5.0 tornado-6.1 traitlets-4.3.3 typing-extensions-3.10.0.0 wcwidth-0.2.5 webencodings-0.5.1 widgetsnbextension-3.5.1 zipp-3.5.0
+</code>
+===== nodejs npm =====
+JupyterHub also currently defaults to requiring configurable-http-proxy, which needs nodejs and npm.
+<code>
+[root@jhub ~]# dnf install nodejs npm
+Installé:
+  nodejs-1:10.24.0-1.module_el8.3.0+717+fa496f1d.x86_64      nodejs-full-i18n-1:10.24.0-1.module_el8.3.0+717+fa496f1d.x86_64      npm-1:6.14.11-1.10.24.0.1.module_el8.3.0+717+fa496f1d.x86_64
+</code>
+==== JupyterHub Configuration ====
+Create directory for jupyterhub config file and cd into it,
+<code>
+[root@jhub ~]#  mkdir -p /opt/jupyterhub/etc/jupyterhub/
+[root@jhub ~]# cd /opt/jupyterhub/etc/jupyterhub/
+</code>
+Then generate the default configuration file
+<code>
+[root@jhub jupyterhub]# /opt/jupyterhub/bin/jupyterhub --generate-config
+Writing default config to: jupyterhub_config.py
+</code>
+The generated jupyterhub_config.py file is nearly 1000 lines of commented configuration options. We will only change 1 line at this point, setting the default "spawner" to launch JupyterLab from the http-proxy URL. `grep -n c.Spawner.default jupyterhub_config.py` will show the line number that needs to be changed, 668 in my case.
+Edit jupyterhub_config.py,
+You will need to edit the configuration file to make the JupyterLab interface by the default. Set the following configuration option in your jupyterhub_config.py file:
+<code>
+#  - You can set this to `/lab` to have JupyterLab start by default, rather than Jupyter Notebook.
+#c.Spawner.default_url = ''
+c.Spawner.default_url = '/lab'
+</code>
+Further configuration options may be found in the documentation.
+==== systemd startup ====
+Create a systemd "Unit" file for starting jupyterhub,
+<code>
+[root@jhub jupyterhub]# mkdir -p /opt/jupyterhub/etc/systemd
+</code>
+edit the Unit file /opt/jupyterhub/etc/systemd/jupyterhub.service
+<code>
+[root@jhub jupyterhub]# vim /opt/jupyterhub/etc/systemd/jupyterhub.service
+[Unit]
+Description=JupyterHub
+After=syslog.target network.target
+[Service]
+User=root
+Environment="PATH=/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/opt/jupyterhub/bin"
+ExecStart=/opt/jupyterhub/bin/jupyterhub -f /opt/jupyterhub/etc/jupyterhub/jupyterhub_config.py
+[Install]
+WantedBy=multi-user.target
+</code>
+Now link that file to the directory with the system's systemd Unit files,
+<code>
+[root@jhub systemd]# ln -s /opt/jupyterhub/etc/systemd/jupyterhub.service /etc/systemd/system/jupyterhub.service
+[root@jhub systemd]# ls -l /etc/systemd/system/jupyterhub.service
+lrwxrwxrwx 1 root root 67 10 juil. 22:07 /etc/systemd/system/jupyterhub.service -> /opt/jupyterhub/etc/systemd/jupyterhub.service
+</code>
+Then tell systemd to reload its configuration files so that it knows about that new jupyterhub.service
+<code>
+[root@jpthub systemd]# systemctl daemon-reload
+</code>
+start it and enable it at boot
+<code>
+[root@jhub systemd]# systemctl start jupyterhub.service
+[root@jhub systemd]# systemctl status jupyterhub.service
+● jupyterhub.service - JupyterHub
+   Loaded: loaded (/opt/jupyterhub/etc/systemd/jupyterhub.service; linked; vendor preset: disabled)
+   Active: active (running) since Sat 2021-07-10 22:10:04 CEST; 8s ago
+[root@jhub systemd]# systemctl enable jupyterhub.service
+Created symlink /etc/systemd/system/multi-user.target.wants/jupyterhub.service → /opt/jupyterhub/etc/systemd/jupyterhub.service.
+</code>
+==== firewall ====
+open jupyterhub webservice to our local ip network
+<code>
+[root@jhub systemd]# firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" source address="172.168.0.0/16" port port=8000 protocol=tcp  accept'
+success
+[root@jhub systemd]# firewall-cmd --reload
+success
+</code>
+==== jupyterhub webservice ====
+now the jupyterhub webservice is available at http://jhub.domain.fr:8000
+===== https and reverse proxy with apache =====
+  * https://jupyterhub.readthedocs.io/en/stable/reference/config-proxy.html#apache
+change the // c.JupyterHub.bind_url//  on jupyterhub config file
+<code>
+[root@jhub jupyterhub]# grep c.JupyterHub.bind_url  /opt/jupyterhub/etc/jupyterhub/jupyterhub_config.py
+#c.JupyterHub.bind_url = 'http://:8000'
+c.JupyterHub.bind_url = 'http://127.0.0.1:8000'
+</code>
+==== apache ====
+install httpd and mod_ssl package
+<code>
+[root@jhub certs]# yum install httpd mod_ssl
+</code>
+jupyterhub vhost configuration
+<code>
+[root@jhub certs]# cat /etc/httpd/conf.d/jupyterhub.conf
+# redirect HTTP to HTTPS
+Listen 80
+<VirtualHost jhub.domain.fr:80>
+  ServerName jhub.domain.fr
+  Redirect / https://jhub.domain.fr/
+</VirtualHost>
+Listen 443
+<VirtualHost jhub.domain.fr:443>
+  ServerName jhub.domain.fr
+  # configure SSL
+  SSLEngine on
+  SSLCertificateFile /etc/pki/tls/certs/domain.fr_eu_cert.cer
+  SSLCertificateKeyFile /etc/pki/tls/private/domain.fr.key
+  SSLProtocol All -SSLv2 -SSLv3
+#  SSLOpenSSLConfCmd DHParameters /etc/ssl/certs/dhparam.pem
+  SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
+  # Use RewriteEngine to handle websocket connection upgrades
+  RewriteEngine On
+  RewriteCond %{HTTP:Connection} Upgrade [NC]
+  RewriteCond %{HTTP:Upgrade} websocket [NC]
+  RewriteRule /(.*) ws://127.0.0.1:8000/$1 [P,L]
+  <Location "/">
+    # preserve Host header to avoid cross-origin problems
+    ProxyPreserveHost on
+    # proxy to JupyterHub
+    ProxyPass         http://127.0.0.1:8000/
+    ProxyPassReverse  http://127.0.0.1:8000/
+  </Location>
+</VirtualHost>
+</code>
+==== firewall ====
+open https service in the firewall to our IP subnet
+<code>
+[root@jpthub certs]# firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" source address="172.168.0/16" service name="https" log prefix="https" accept'
+success
+[root@jpthub certs]# firewall-cmd --reload
+success
+</code>
+===== SAML authenticator =====
+  * https://jupyterhub.readthedocs.io/en/stable/reference/authenticators.html
+  * https://github.com/HewlettPackard/jupyterhub-samlauthenticator
+<code>
+[root@jhub jupyterhub]#  /opt/jupyterhub/bin/python3 -m pip install jupyterhub-samlauthenticator
+Collecting jupyterhub-samlauthenticator
+  Downloading jupyterhub_samlauthenticator-0.0.9-py3-none-any.whl (17 kB)
+Requirement already satisfied: jupyterhub>=0.9.0 in ./lib/python3.6/site-packages (from jupyterhub-samlauthenticator) (1.4.1)
+...
+Installing collected packages: pyopenssl, future, lxml, eight, signxml, jupyterhub-samlauthenticator
+  Attempting uninstall: pyopenssl
+    Found existing installation: pyOpenSSL 20.0.1
+    Uninstalling pyOpenSSL-20.0.1:
+      Successfully uninstalled pyOpenSSL-20.0.1
+Successfully installed eight-1.0.1 future-0.18.2 jupyterhub-samlauthenticator-0.0.9 lxml-4.6.3 pyopenssl-19.1.0 signxml-2.8.2
+</code>
+it installed those directories/files
+<code>
+[root@jhub jupyterhub]# ls -ltr /opt/jupyterhub/lib/python3.6/site-packages/samlauthenticator/
+total 44
+-rw-r--r-- 1 root root 36101 12 juil. 16:33 samlauthenticator.py
+-rw-r--r-- 1 root root  1144 12 juil. 16:33 __init__.py
+drwxr-xr-x 2 root root  4096 12 juil. 16:33 __pycache__
+[root@jhub jupyterhub]# ls -ltr /opt/jupyterhub/lib/python3.6/site-packages/jupyterhub_samlauthenticator-0.0.9.dist-info
+total 40
+-rw-r--r-- 1 root root  1085 12 juil. 16:33 LICENSE.txt
+-rw-r--r-- 1 root root    92 12 juil. 16:33 WHEEL
+-rw-r--r-- 1 root root    18 12 juil. 16:33 top_level.txt
+-rw-r--r-- 1 root root 17256 12 juil. 16:33 METADATA
+-rw-r--r-- 1 root root     0 12 juil. 16:33 REQUESTED
+-rw-r--r-- 1 root root     4 12 juil. 16:33 INSTALLER
+-rw-r--r-- 1 root root  1026 12 juil. 16:33 RECORD
+</code>
+===== REMOTE_USER auth =====
+we'll try to authenticate through a shibboleth SP proxy to benefit from federated access , then redirect that REMOTE_USER to jupyterhub
+  * https://github.com/cwaldbieser/jhub_remote_user_authenticator
+<code>
+[root@jhub jupyterhub]#  /opt/jupyterhub/bin/python3 -m pip  install jhub_remote_user_authenticator
+Collecting jhub_remote_user_authenticator
+  Downloading jhub_remote_user_authenticator-0.1.0-py3-none-any.whl (3.6 kB)
+  ...
+  Installing collected packages: jhub-remote-user-authenticator
+Successfully installed jhub-remote-user-authenticator-0.1.0
 </code>

docpublic/systemes/systemes/jupyter/jupyterhub.1625939505.txt.gz · Last modified: 2021/07/10 17:51 by adminjp

Show page Old revisions

[unknown link type]Back to top