===== jupyterhub =====
==== references ====
* https://www.pugetsystems.com/labs/hpc/Note-How-To-Install-JupyterHub-on-a-Local-Server-1673/
* https://github.com/jupyterhub/jupyterhub-the-hard-way/blob/HEAD/docs/installation-guide-hard.md
* https://programming.vip/docs/running-jupyter-jupyterhub-jupyterlab-as-a-system-service.html
* https://www.anaconda.com/blog/rpm-and-debian-repositories-for-miniconda
* https://jupyterhub.readthedocs.io/en/stable/reference/config-sudo.html
authenticator
* https://jupyterhub.readthedocs.io/en/stable/reference/authenticators.html#authenticators
* https://github.com/HewlettPackard/jupyterhub-samlauthenticator
==== VirtualEnv ====
First we create a virtual environment under '/opt/jupyterhub'. Both jupyterlab and jupyterhub will be installed into this virtualenv
[root@jhub ~]# python3 -m venv /opt/jupyterhub/
now we have a virtual env for python3 in /opt/jupyterhub
[root@jhub ~]# ls /opt/jupyterhub/bin/
activate activate.csh activate.fish easy_install easy_install-3.6 pip pip3 pip3.6 python python3
==== wheel package ====
this wheel package is hence installed in /opt
[root@jhub ~]# ls -ltr /opt/jupyterhub/lib/python3.6/site-packages
total 36
-rw-r--r-- 1 root root 126 10 juil. 19:28 easy_install.py
drwxr-xr-x 6 root root 4096 10 juil. 19:28 setuptools
drwxr-xr-x 2 root root 4096 10 juil. 19:28 __pycache__
drwxr-xr-x 5 root root 4096 10 juil. 19:28 pkg_resources
drwxr-xr-x 2 root root 4096 10 juil. 19:28 setuptools-39.2.0.dist-info
drwxr-xr-x 11 root root 4096 10 juil. 19:28 pip
drwxr-xr-x 2 root root 4096 10 juil. 19:28 pip-9.0.3.dist-info
drwxr-xr-x 5 root root 4096 10 juil. 19:34 wheel
drwxr-xr-x 2 root root 4096 10 juil. 19:34 wheel-0.36.2.dist-info
==== upgrade pip ====
because of this warning
You are using pip version 9.0.3, however version 21.1.3 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
[root@jhub ~]# /opt/jupyterhub/bin/python3 -m pip install --upgrade pip
Collecting pip
Downloading https://files.pythonhosted.org/packages/47/ca/f0d790b6e18b3a6f3bd5e80c2ee4edbb5807286c21cdd0862ca933f751dd/pip-21.1.3-py3-none-any.whl (1.5MB)
100% |████████████████████████████████| 1.6MB 755kB/s
Installing collected packages: pip
Found existing installation: pip 9.0.3
Uninstalling pip-9.0.3:
Successfully uninstalled pip-9.0.3
Successfully installed pip-21.1.3
==== jupyterhub & lab packages ====
[root@jhub ~]# /opt/jupyterhub/bin/python3 -m pip install jupyterhub jupyterlab
Successfully installed Mako-1.1.4 SQLAlchemy-1.4.20 alembic-1.6.5 anyio-3.2.1 babel-2.9.1 certifi-2021.5.30 certipy-0.1.3 chardet-4.0.0 contextvars-2.4 cryptography-3.4.7 dataclasses-0.8 greenlet-1.1.0 idna-2.10 immutables-0.15 json5-0.9.6 jupyter-server-1.9.0 jupyter-telemetry-0.1.0 jupyterhub-1.4.1 jupyterlab-3.0.16 jupyterlab-server-2.6.1 nbclassic-0.3.1 oauthlib-3.1.1 pamela-1.0.0 pyopenssl-20.0.1 python-editor-1.0.4 python-json-logger-2.0.1 pytz-2021.1 requests-2.25.1 requests-unixsocket-0.2.0 ruamel.yaml-0.17.10 ruamel.yaml.clib-0.2.6 sniffio-1.2.0 urllib3-1.26.6 websocket-client-1.1.0
==== ipywidgets ====
then also ipywidgets is installed in /opt because this is needed to allow connection between interactive tools running in the kernel and the user interface.
other python scientific package can be installed in the traditional system paths
[root@jhub ~]# /opt/jupyterhub/bin/python3 -m pip install ipywidgets
Successfully installed MarkupSafe-2.0.1 Send2Trash-1.7.1 argon2-cffi-20.1.0 async-generator-1.10 attrs-21.2.0 backcall-0.2.0 bleach-3.3.0 cffi-1.14.6 decorator-5.0.9 defusedxml-0.7.1 entrypoints-0.3 importlib-metadata-4.6.1 ipykernel-5.5.5 ipython-7.16.1 ipython-genutils-0.2.0 ipywidgets-7.6.3 jedi-0.18.0 jinja2-3.0.1 jsonschema-3.2.0 jupyter-client-6.2.0 jupyter-core-4.7.1 jupyterlab-pygments-0.1.2 jupyterlab-widgets-1.0.0 mistune-0.8.4 nbclient-0.5.3 nbconvert-6.0.7 nbformat-5.1.3 nest-asyncio-1.5.1 notebook-6.4.0 packaging-21.0 pandocfilters-1.4.3 parso-0.8.2 pexpect-4.8.0 pickleshare-0.7.5 prometheus-client-0.11.0 prompt-toolkit-3.0.19 ptyprocess-0.7.0 pycparser-2.20 pygments-2.9.0 pyparsing-2.4.7 pyrsistent-0.18.0 python-dateutil-2.8.1 pyzmq-22.1.0 six-1.16.0 terminado-0.10.1 testpath-0.5.0 tornado-6.1 traitlets-4.3.3 typing-extensions-3.10.0.0 wcwidth-0.2.5 webencodings-0.5.1 widgetsnbextension-3.5.1 zipp-3.5.0
===== nodejs npm =====
JupyterHub also currently defaults to requiring configurable-http-proxy, which needs nodejs and npm.
[root@jhub ~]# dnf install nodejs npm
Installé:
nodejs-1:10.24.0-1.module_el8.3.0+717+fa496f1d.x86_64 nodejs-full-i18n-1:10.24.0-1.module_el8.3.0+717+fa496f1d.x86_64 npm-1:6.14.11-1.10.24.0.1.module_el8.3.0+717+fa496f1d.x86_64
==== JupyterHub Configuration ====
Create directory for jupyterhub config file and cd into it,
[root@jhub ~]# mkdir -p /opt/jupyterhub/etc/jupyterhub/
[root@jhub ~]# cd /opt/jupyterhub/etc/jupyterhub/
Then generate the default configuration file
[root@jhub jupyterhub]# /opt/jupyterhub/bin/jupyterhub --generate-config
Writing default config to: jupyterhub_config.py
The generated jupyterhub_config.py file is nearly 1000 lines of commented configuration options. We will only change 1 line at this point, setting the default "spawner" to launch JupyterLab from the http-proxy URL. `grep -n c.Spawner.default jupyterhub_config.py` will show the line number that needs to be changed, 668 in my case.
Edit jupyterhub_config.py,
You will need to edit the configuration file to make the JupyterLab interface by the default. Set the following configuration option in your jupyterhub_config.py file:
# - You can set this to `/lab` to have JupyterLab start by default, rather than Jupyter Notebook.
#c.Spawner.default_url = ''
c.Spawner.default_url = '/lab'
Further configuration options may be found in the documentation.
==== systemd startup ====
Create a systemd "Unit" file for starting jupyterhub,
[root@jhub jupyterhub]# mkdir -p /opt/jupyterhub/etc/systemd
edit the Unit file /opt/jupyterhub/etc/systemd/jupyterhub.service
[root@jhub jupyterhub]# vim /opt/jupyterhub/etc/systemd/jupyterhub.service
[Unit]
Description=JupyterHub
After=syslog.target network.target
[Service]
User=root
Environment="PATH=/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/opt/jupyterhub/bin"
ExecStart=/opt/jupyterhub/bin/jupyterhub -f /opt/jupyterhub/etc/jupyterhub/jupyterhub_config.py
[Install]
WantedBy=multi-user.target
Now link that file to the directory with the system's systemd Unit files,
[root@jhub systemd]# ln -s /opt/jupyterhub/etc/systemd/jupyterhub.service /etc/systemd/system/jupyterhub.service
[root@jhub systemd]# ls -l /etc/systemd/system/jupyterhub.service
lrwxrwxrwx 1 root root 67 10 juil. 22:07 /etc/systemd/system/jupyterhub.service -> /opt/jupyterhub/etc/systemd/jupyterhub.service
Then tell systemd to reload its configuration files so that it knows about that new jupyterhub.service
[root@jpthub systemd]# systemctl daemon-reload
start it and enable it at boot
[root@jhub systemd]# systemctl start jupyterhub.service
[root@jhub systemd]# systemctl status jupyterhub.service
● jupyterhub.service - JupyterHub
Loaded: loaded (/opt/jupyterhub/etc/systemd/jupyterhub.service; linked; vendor preset: disabled)
Active: active (running) since Sat 2021-07-10 22:10:04 CEST; 8s ago
[root@jhub systemd]# systemctl enable jupyterhub.service
Created symlink /etc/systemd/system/multi-user.target.wants/jupyterhub.service → /opt/jupyterhub/etc/systemd/jupyterhub.service.
==== firewall ====
open jupyterhub webservice to our local ip network
[root@jhub systemd]# firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" source address="172.168.0.0/16" port port=8000 protocol=tcp accept'
success
[root@jhub systemd]# firewall-cmd --reload
success
==== jupyterhub webservice ====
now the jupyterhub webservice is available at http://jhub.domain.fr:8000
===== https and reverse proxy with apache =====
* https://jupyterhub.readthedocs.io/en/stable/reference/config-proxy.html#apache
change the // c.JupyterHub.bind_url// on jupyterhub config file
[root@jhub jupyterhub]# grep c.JupyterHub.bind_url /opt/jupyterhub/etc/jupyterhub/jupyterhub_config.py
#c.JupyterHub.bind_url = 'http://:8000'
c.JupyterHub.bind_url = 'http://127.0.0.1:8000'
==== apache ====
install httpd and mod_ssl package
[root@jhub certs]# yum install httpd mod_ssl
jupyterhub vhost configuration
[root@jhub certs]# cat /etc/httpd/conf.d/jupyterhub.conf
# redirect HTTP to HTTPS
Listen 80
ServerName jhub.domain.fr
Redirect / https://jhub.domain.fr/
Listen 443
ServerName jhub.domain.fr
# configure SSL
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/domain.fr_eu_cert.cer
SSLCertificateKeyFile /etc/pki/tls/private/domain.fr.key
SSLProtocol All -SSLv2 -SSLv3
# SSLOpenSSLConfCmd DHParameters /etc/ssl/certs/dhparam.pem
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
# Use RewriteEngine to handle websocket connection upgrades
RewriteEngine On
RewriteCond %{HTTP:Connection} Upgrade [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) ws://127.0.0.1:8000/$1 [P,L]
# preserve Host header to avoid cross-origin problems
ProxyPreserveHost on
# proxy to JupyterHub
ProxyPass http://127.0.0.1:8000/
ProxyPassReverse http://127.0.0.1:8000/
==== firewall ====
open https service in the firewall to our IP subnet
[root@jpthub certs]# firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" source address="172.168.0/16" service name="https" log prefix="https" accept'
success
[root@jpthub certs]# firewall-cmd --reload
success
===== SAML authenticator =====
* https://jupyterhub.readthedocs.io/en/stable/reference/authenticators.html
* https://github.com/HewlettPackard/jupyterhub-samlauthenticator
[root@jhub jupyterhub]# /opt/jupyterhub/bin/python3 -m pip install jupyterhub-samlauthenticator
Collecting jupyterhub-samlauthenticator
Downloading jupyterhub_samlauthenticator-0.0.9-py3-none-any.whl (17 kB)
Requirement already satisfied: jupyterhub>=0.9.0 in ./lib/python3.6/site-packages (from jupyterhub-samlauthenticator) (1.4.1)
...
Installing collected packages: pyopenssl, future, lxml, eight, signxml, jupyterhub-samlauthenticator
Attempting uninstall: pyopenssl
Found existing installation: pyOpenSSL 20.0.1
Uninstalling pyOpenSSL-20.0.1:
Successfully uninstalled pyOpenSSL-20.0.1
Successfully installed eight-1.0.1 future-0.18.2 jupyterhub-samlauthenticator-0.0.9 lxml-4.6.3 pyopenssl-19.1.0 signxml-2.8.2
it installed those directories/files
[root@jhub jupyterhub]# ls -ltr /opt/jupyterhub/lib/python3.6/site-packages/samlauthenticator/
total 44
-rw-r--r-- 1 root root 36101 12 juil. 16:33 samlauthenticator.py
-rw-r--r-- 1 root root 1144 12 juil. 16:33 __init__.py
drwxr-xr-x 2 root root 4096 12 juil. 16:33 __pycache__
[root@jhub jupyterhub]# ls -ltr /opt/jupyterhub/lib/python3.6/site-packages/jupyterhub_samlauthenticator-0.0.9.dist-info
total 40
-rw-r--r-- 1 root root 1085 12 juil. 16:33 LICENSE.txt
-rw-r--r-- 1 root root 92 12 juil. 16:33 WHEEL
-rw-r--r-- 1 root root 18 12 juil. 16:33 top_level.txt
-rw-r--r-- 1 root root 17256 12 juil. 16:33 METADATA
-rw-r--r-- 1 root root 0 12 juil. 16:33 REQUESTED
-rw-r--r-- 1 root root 4 12 juil. 16:33 INSTALLER
-rw-r--r-- 1 root root 1026 12 juil. 16:33 RECORD
===== REMOTE_USER auth =====
we'll try to authenticate through a shibboleth SP proxy to benefit from federated access , then redirect that REMOTE_USER to jupyterhub
* https://github.com/cwaldbieser/jhub_remote_user_authenticator
[root@jhub jupyterhub]# /opt/jupyterhub/bin/python3 -m pip install jhub_remote_user_authenticator
Collecting jhub_remote_user_authenticator
Downloading jhub_remote_user_authenticator-0.1.0-py3-none-any.whl (3.6 kB)
...
Installing collected packages: jhub-remote-user-authenticator
Successfully installed jhub-remote-user-authenticator-0.1.0