hosted jupyter notebooks for VDSG's data science café
Our setup is based on deployment of jupyterhub-deploy-docker.
This deployment uses Docker, via Docker Compose, for all the things. Docker Engine 1.12.0 or higher is required.
-
Use Docker's installation instructions to set up Docker for your environment.
-
To verify your docker installation, whether running docker as a local installation or using docker-machine, enter these commands:
docker version docker ps
This deployment configures JupyterHub to use HTTPS. You must provide a certificate and key file in the JupyterHub configuration. To configure:
-
Obtain the domain name that you wish to use for JupyterHub, for example,
myfavoritesite.comorjupiterplanet.org. -
If you do not have an existing certificate and key, you can:
- obtain one from Let's Encrypt using the certbot client,
- use the helper script in this repo's letsencrypt example, or
- create a self-signed certificate.
-
A certificate renewal requires rebuild of the containers. Additionally, cert files need to be copied from the letsencrypt folder:
To renew a certificate
# get the new certificate via certbot
cp -RLr /etc/letsencrypt/live/vdsg.at/. /home/foo/projects/jupyterhub/certificates/
docker-compose stop
cd /home/foo/projects/jupyterhub
make build
docker-compose up -d
This deployment uses GitHub OAuth to authenticate users.
It requires that you create and register a GitHub OAuth application by filling out a form on the GitHub site:
In this form, you will specify the OAuth application's callback URL in
this format: https://<myhost.mydomain>/hub/oauth_callback.
After you submit the GitHub form, GitHub registers your OAuth application and assigns a unique Client ID and Client Secret. The Client Secret should be kept private.
At JupyterHub's runtime, you must pass the GitHub OAuth Client ID, Client Secret and OAuth callback url. You can do this by either:
-
setting the
GITHUB_CLIENT_ID,GITHUB_CLIENT_SECRET, andOAUTH_CALLBACK_URLenvironment variables when you run the JupyterHub container, or -
add them to an
oauth.envfile in thesecretsdirectory of this repository. You may need to create both thesecretsdirectory and theoauth.envfile. For example, add the following lines in theoauth.envfile:oauth.envfileGITHUB_CLIENT_ID=<github_client_id> GITHUB_CLIENT_SECRET=<github_client_secret> OAUTH_CALLBACK_URL=https://<myhost.mydomain>/hub/oauth_callbackNote: The
oauth.envfile is a special file that Docker Compose uses to lookup environment variables. If you choose to place the GitHub OAuth application settings in this file, you should make sure that the file remains private (be careful to not commit theoauth.envfile with these secrets to source control).
Finish configuring JupyterHub and then build the hub's Docker image. (We'll build the Jupyter Notebook image in the next section.)
-
Configure
userlist: Create auserlistfile of authorized JupyterHub users. The list should contain GitHub usernames, and this file should designate at least oneadminuser. For instance, the example file below contains three users,jtyberg,jenny, andguido, and one designated administrator,jtyberg:userlistfilegeoheil admin maksmitk adminThe admin user will have the ability to add more users through JupyterHub's admin console.
-
Use docker-compose to build the JupyterHub Docker image on the active Docker machine host by running the
make buildcommand:make build
You can configure JupyterHub to spawn Notebook servers from any Docker image, as
long as the image's ENTRYPOINT and/or CMD starts a single-user instance of
Jupyter Notebook server that is compatible with JupyterHub.
To specify which Notebook image to spawn for users, you set the value of the
DOCKER_NOTEBOOK_IMAGE environment variable to the desired container image.
You can set this variable in the .env file, or alternatively, you can
override the value in this file by setting DOCKER_NOTEBOOK_IMAGE in the
environment where you launch JupyterHub.
Whether you build a custom Notebook image or pull an image from a public or private Docker registry, the image must reside on the host.
If the Notebook image does not exist on host, Docker will attempt to pull the image the first time a user attempts to start his or her server. In such cases, JupyterHub may timeout if the image being pulled is large, so it is better to pull the image to the host before running JupyterHub.
This deployment defaults to the
jupyter/scipy-notebook
Notebook image, which is built from the scipy-notebook
Docker stacks. (Note that the Docker
stacks *-notebook images tagged 2d878db5cbff include the
start-singleuser.sh script required to start a single-user instance of the
Notebook server that is compatible with JupyterHub).
You can pull the image using the following command:
make notebook_imageRun the JupyterHub container on the host.
To run the JupyterHub container in detached mode:
docker-compose up -dOnce the container is running, you should be able to access the JupyterHub console at
file
https://myhost.mydomain
To bring down the JupyterHub container and delete all of a user's notebooks:
docker-compose downThere are multiple ways to backup and restore data in Docker containers.
Suppose you have the following running containers:
docker ps --format "table {{.ID}}\t{{.Image}}\t{{.Names}}"
CONTAINER ID IMAGE NAMES
bc02dd6bb91b jupyter/minimal-notebook jupyter-jtyberg
7b48a0b33389 jupyterhub jupyterhubIn this deployment, the user's notebook directories (/home/jovyan/work) are backed by Docker volumes.
docker inspect -f '{{ .Mounts }}' jupyter-jtyberg
[{jtyberg /var/lib/docker/volumes/jtyberg/_data /home/jovyan/work local rw true rprivate}]We can backup the user's notebook directory by running a separate container that mounts the user's volume and creates a tarball of the directory.
docker run --rm \
-u root \
-v /tmp:/backups \
-v jtyberg:/notebooks \
jupyter/minimal-notebook \
tar cvf /backups/jtyberg-backup.tar /notebooksThe above command creates a tarball in the /tmp directory on the host.