Merge pull request #886 from yuvipanda/spawner-docs

2025-10-16 22:43:00 +00:00 · 2016-11-30 13:48:05 +01:00
parent ba3a8f2e76 2152a94156
commit d5a6e2b2ac
2 changed files with 502 additions and 288 deletions
--- a/jupyterhub/auth.py
+++ b/jupyterhub/auth.py
@@ -21,56 +21,85 @@ from .handlers.login import LoginHandler
 from .utils import url_path_join
 from .traitlets import Command
 class Authenticator(LoggingConfigurable):
    """A class for authentication.
-    The primary API is one method, `authenticate`, a tornado coroutine
+class Authenticator(LoggingConfigurable):
-    for authenticating users.
+    """Base class for implementing an authentication provider for JupyterHub"""
    """
    db = Any()
    admin_users = Set(
-        help="""set of usernames of admin users
+        help="""
        Set of users that will have admin rights on this JupyterHub.
-        If unspecified, only the user that launches the server will be admin.
+        Admin users have extra privilages:
         - Use the admin panel to see list of users logged in
         - Add / remove users in some authenticators
         - Restart / halt the hub
         - Start / stop users' single-user servers
         - Can access each individual users' single-user server (if configured)
        Admin access should be treated the same way root access is.
        Defaults to an empty set, in which case no user has admin access.
        """
    ).tag(config=True)
    whitelist = Set(
-        help="""Username whitelist.
+        help="""
        Whitelist of usernames that are allowed to log in.
-        Use this to restrict which users can login.
+        Use this with supported authenticators to restrict which users can log in. This is an
-        If empty, allow any user to attempt login.
+        additional whitelist that further restricts users, beyond whatever restrictions the
        authenticator has in place.
        If empty, does not perform any additional restriction.
        """
    ).tag(config=True)
-    custom_html = Unicode('',
+
-        help="""HTML login form for custom handlers.
+    custom_html = Unicode(
-        Override in form-based custom authenticators
+        help="""
-        that don't use username+password,
+        HTML form to be overridden by authenticators if they want a custom authentication form.
-        or need custom branding.
+
        Defaults to an empty string, which shows the default username/password form.
        """
    )
-    login_service = Unicode('',
+
-        help="""Name of the login service for external
+    login_service = Unicode(
-        login services (e.g. 'GitHub').
+        help="""
        Name of the login service that this authenticator is providing using to authenticate users.
        Example: GitHub, MediaWiki, Google, etc.
        Setting this value replaces the login form with a "Login with <login_service>" button.
        Any authenticator that redirects to an external service (e.g. using OAuth) should set this.
        """
    )
    username_pattern = Unicode(
-        help="""Regular expression pattern for validating usernames.
+        help="""
        Regular expression pattern that all valid usernames must match.
-        If not defined: allow any username.
+        If a username does not match the pattern specified here, authentication will not be attempted.
        If not set, allow any username.
        """
    ).tag(config=True)
    @observe('username_pattern')
    def _username_pattern_changed(self, change):
        if not change['new']:
            self.username_regex = None
        self.username_regex = re.compile(change['new'])
-    username_regex = Any()
+    username_regex = Any(
        help="""
        Compiled regex kept in sync with `username_pattern`
        """
    )
    def validate_username(self, username):
-        """Validate a (normalized) username.
+        """Validate a normalized username
        Return True if username is valid, False otherwise.
        """
@@ -81,27 +110,27 @@ class Authenticator(LoggingConfigurable):
    username_map = Dict(
        help="""Dictionary mapping authenticator usernames to JupyterHub users.
-        Can be used to map OAuth service names to local users, for instance.
+        Primarily used to normalize OAuth user names to local users.
        Used in normalize_username.
        """
    ).tag(config=True)
    def normalize_username(self, username):
-        """Normalize a username.
+        """Normalize the given username and return it
-        Override in subclasses if usernames should have some normalization.
+        Override in subclasses if usernames need different normalization rules.
-        Default: cast to lowercase, lookup in username_map.
+
        The default attempts to lowercase the username and apply `username_map` if it is
        set.
        """
        username = username.lower()
        username = self.username_map.get(username, username)
        return username
    def check_whitelist(self, username):
-        """Check a username against our whitelist.
+        """Check if a username is allowed to authenticate based on whitelist configuration
        Return True if username is allowed, False otherwise.
-        No whitelist means any username should be allowed.
+        No whitelist means any username is allowed.
        Names are normalized *before* being checked against the whitelist.
        """
@@ -112,18 +141,21 @@ class Authenticator(LoggingConfigurable):
    @gen.coroutine
    def get_authenticated_user(self, handler, data):
-        """This is the outer API for authenticating a user.
+        """Authenticate the user who is attempting to log in
        Returns normalized username if successful, None otherwise.
        This calls `authenticate`, which should be overridden in subclasses,
        normalizes the username if any normalization should be done,
        and then validates the name in the whitelist.
        This is the outer API for authenticating a user.
        Subclasses should not need to override this method.
        The various stages can be overridden separately:
-        - authenticate turns formdata into a username
+        The various stages can be overridden separately:
-        - normalize_username normalizes the username
+         - `authenticate` turns formdata into a username
-        - check_whitelist checks against the user whitelist
+         - `normalize_username` normalizes the username
         - `check_whitelist` checks against the user whitelist
        """
        username = yield self.authenticate(handler, data)
        if username is None:
@@ -142,7 +174,7 @@ class Authenticator(LoggingConfigurable):
    @gen.coroutine
    def authenticate(self, handler, data):
-        """Authenticate a user with login form data.
+        """Authenticate a user with login form data
        This must be a tornado gen.coroutine.
        It must return the username on successful authentication,
@@ -154,32 +186,38 @@ class Authenticator(LoggingConfigurable):
            handler (tornado.web.RequestHandler): the current request handler
            data (dict): The formdata of the login form.
                         The default form has 'username' and 'password' fields.
-        Return:
+        Returns:
-            str: the username of the authenticated user
+            username (str or None): The username of the authenticated user,
-            None: Authentication failed
+            or None if Authentication failed
        """
    def pre_spawn_start(self, user, spawner):
-        """Hook called before spawning a user's server.
+        """Hook called before spawning a user's server
        Can be used to do auth-related startup, e.g. opening PAM sessions.
        """
    def post_spawn_stop(self, user, spawner):
-        """Hook called after stopping a user container.
+        """Hook called after stopping a user container
        Can be used to do auth-related cleanup, e.g. closing PAM sessions.
        """
    def add_user(self, user):
-        """Add a new user
+        """Hook called when a user is added to JupyterHub
        This is called:
         - When a user first authenticates
         - When the hub restarts, for all users.
        By default, this just adds the user to the whitelist.
-        Subclasses may do more extensive things,
+        Subclasses may do more extensive things, such as adding actual unix users,
        such as adding actual unix users,
        but they should call super to ensure the whitelist is updated.
        Note that this should be idempotent, since it is called whenever the hub restarts
        for all users.
        Args:
            user (User): The User wrapper object
        """
@@ -189,7 +227,7 @@ class Authenticator(LoggingConfigurable):
            self.whitelist.add(user.name)
    def delete_user(self, user):
-        """Triggered when a user is deleted.
+        """Hook called when a user is deleted
        Removes the user from the whitelist.
        Subclasses should call super to ensure the whitelist is updated.
@@ -200,23 +238,28 @@ class Authenticator(LoggingConfigurable):
        self.whitelist.discard(user.name)
    def login_url(self, base_url):
-        """Override to register a custom login handler
+        """Override this when registering a custom login handler
-        Generally used in combination with get_handlers.
+        Generally used by authenticators that do not use simple form based authentication.
        The subclass overriding this is responsible for making sure there is a handler
        available to handle the URL returned from this method, using the `get_handlers`
        method.
        Args:
            base_url (str): the base URL of the Hub (e.g. /hub/)
        Returns:
            str: The login URL, e.g. '/hub/login'
        """
        return url_path_join(base_url, 'login')
    def logout_url(self, base_url):
-        """Override to register a custom logout handler.
+        """Override when registering a custom logout handler
-        Generally used in combination with get_handlers.
+        The subclass overriding this is responsible for making sure there is a handler
        available to handle the URL returned from this method, using the `get_handlers`
        method.
        Args:
            base_url (str): the base URL of the Hub (e.g. /hub/)
@@ -229,20 +272,21 @@ class Authenticator(LoggingConfigurable):
    def get_handlers(self, app):
        """Return any custom handlers the authenticator needs to register
-        (e.g. for OAuth).
+        Used in conjugation with `login_url` and `logout_url`.
        Args:
            app (JupyterHub Application):
                the application object, in case it needs to be accessed for info.
        Returns:
-            list: list of ``('/url', Handler)`` tuples passed to tornado.
+            handlers (list):
                list of ``('/url', Handler)`` tuples passed to tornado.
                The Hub prefix is added to any URLs.
        """
        return [
            ('/login', LoginHandler),
        ]
 class LocalAuthenticator(Authenticator):
    """Base class for Authenticators that work with local Linux/UNIX users
@@ -250,12 +294,16 @@ class LocalAuthenticator(Authenticator):
    """
    create_system_users = Bool(False,
-        help="""If a user is added that doesn't exist on the system,
+        help="""
-        should I try to create the system user?
+        If set to True, will attempt to create local system users if they do not exist already.
        Supports Linux and BSD variants only.
        """
    ).tag(config=True)
    add_user_cmd = Command(
-        help="""The command to use for creating users as a list of strings.
+        help="""
        The command to use for creating users as a list of strings
        For each element in the list, the string USERNAME will be replaced with
        the user's username. The username will also be appended as the final argument.
@@ -270,7 +318,7 @@ class LocalAuthenticator(Authenticator):
        This will run the command:
-        adduser -q --gecos "" --home /customhome/river --disabled-password river
+            adduser -q --gecos "" --home /customhome/river --disabled-password river
        when the user 'river' is created.
        """
@@ -278,6 +326,7 @@ class LocalAuthenticator(Authenticator):
    @default('add_user_cmd')
    def _add_user_cmd_default(self):
        """Guess the most likely-to-work adduser command for each platform"""
        if sys.platform == 'darwin':
            raise ValueError("I don't know how to create users on OS X")
        elif which('pw'):
@@ -288,10 +337,18 @@ class LocalAuthenticator(Authenticator):
            return ['adduser', '-q', '--gecos', '""', '--disabled-password']
    group_whitelist = Set(
-        help="Automatically whitelist anyone in this group.",
+        help="""
        Whitelist all users from this UNIX group.
        This makes the username whitelist ineffective.
        """
    ).tag(config=True)
    @observe('group_whitelist')
    def _group_whitelist_changed(self, change):
        """
        Log a warning if both group_whitelist and user whitelist are set.
        """
        if self.whitelist:
            self.log.warning(
                "Ignoring username whitelist because group whitelist supplied!"
@@ -304,6 +361,9 @@ class LocalAuthenticator(Authenticator):
            return super().check_whitelist(username)
    def check_group_whitelist(self, username):
        """
        If group_whitelist is configured, check if authenticating user is part of group.
        """
        if not self.group_whitelist:
            return False
        for grnam in self.group_whitelist:
@@ -318,9 +378,9 @@ class LocalAuthenticator(Authenticator):
    @gen.coroutine
    def add_user(self, user):
-        """Add a new user
+        """Hook called whenever a new user is added
-        If self.create_system_users, the user will attempt to be created.
+        If self.create_system_users, the user will attempt to be created if it doesn't exist.
        """
        user_exists = yield gen.maybe_future(self.system_user_exists(user))
        if not user_exists:
@@ -342,7 +402,10 @@ class LocalAuthenticator(Authenticator):
            return True
    def add_system_user(self, user):
-        """Create a new Linux/UNIX user on the system. Works on FreeBSD and Linux, at least."""
+        """Create a new local UNIX user on the system.
        Tested to work on FreeBSD and Linux, at least.
        """
        name = user.name
        cmd = [ arg.replace('USERNAME', name) for arg in self.add_user_cmd ] + [name]
        self.log.info("Creating user: %s", ' '.join(map(pipes.quote, cmd)))
@@ -354,23 +417,30 @@ class LocalAuthenticator(Authenticator):
 class PAMAuthenticator(LocalAuthenticator):
-    """Authenticate local Linux/UNIX users with PAM"""
+    """Authenticate local UNIX users with PAM"""
    encoding = Unicode('utf8',
-        help="""The encoding to use for PAM"""
+        help="""
        The text encoding to use when communicating with PAM
        """
    ).tag(config=True)
    service = Unicode('login',
-        help="""The PAM service to use for authentication."""
+        help="""
        The name of the PAM service to use for authentication
        """
    ).tag(config=True)
    open_sessions = Bool(True,
-        help="""Whether to open PAM sessions when spawners are started.
+        help="""
        Whether to open a new PAM session when spawners are started.
        This may trigger things like mounting shared filsystems,
        loading credentials, etc. depending on system configuration,
        but it does not always work.
-        It can be disabled with::
+        If any errors are encountered when opening/closing PAM sessions,
-        
+        this is automatically set to False.
            c.PAMAuthenticator.open_sessions = False
        """
    ).tag(config=True)
@@ -392,7 +462,7 @@ class PAMAuthenticator(LocalAuthenticator):
            return username
    def pre_spawn_start(self, user, spawner):
-        """Open PAM session for user"""
+        """Open PAM session for user if so configured"""
        if not self.open_sessions:
            return
        try:
@@ -403,7 +473,7 @@ class PAMAuthenticator(LocalAuthenticator):
            self.open_sessions = False
    def post_spawn_stop(self, user, spawner):
-        """Close PAM session for user"""
+        """Close PAM session for user if we were configured to opened one"""
        if not self.open_sessions:
            return
        try:
@@ -412,4 +482,3 @@ class PAMAuthenticator(LocalAuthenticator):
            self.log.warning("Failed to close PAM session for %s: %s", user.name, e)
            self.log.warning("Disabling PAM sessions from now on.")
            self.open_sessions = False
--- a/jupyterhub/spawner.py
+++ b/jupyterhub/spawner.py
@@ -1,4 +1,6 @@
-"""Class for spawning single-user notebook servers."""
+"""
 Contains base Spawner class & default implementation
 """
 # Copyright (c) Jupyter Development Team.
 # Distributed under the terms of the Modified BSD License.
@@ -27,6 +29,7 @@ from traitlets import (
 from .traitlets import Command, ByteSpecification
 from .utils import random_port
 class Spawner(LoggingConfigurable):
    """Base class for spawning single-user notebook servers.
@@ -37,6 +40,10 @@ class Spawner(LoggingConfigurable):
    - start
    - stop
    - poll
    As JupyterHub supports multiple users, an instance of the Spawner subclass
    is created for each user. If there are 20 JupyterHub users, there will be 20
    instances of the subclass.
    """
    db = Any()
@@ -44,14 +51,28 @@ class Spawner(LoggingConfigurable):
    hub = Any()
    authenticator = Any()
    api_token = Unicode()
    ip = Unicode('127.0.0.1',
-        help="The IP address (or hostname) the single-user server should listen on"
+        help="""
        The IP address (or hostname) the single-user server should listen on.
        The JupyterHub proxy implementation should be able to send packets to this interface.
        """
    ).tag(config=True)
    port = Integer(0,
-        help="The port for single-user servers to listen on. New in version 0.7."
+        help="""
        The port for single-user servers to listen on.
        Defaults to `0`, which uses a randomly allocated port number each time.
        New in version 0.7.
        """
    )
    start_timeout = Integer(60,
-        help="""Timeout (in seconds) before giving up on the spawner.
+        help="""
        Timeout (in seconds) before giving up on starting of single-user server.
        This is the timeout for start to return, not the timeout for the server to respond.
        Callers of spawner.start will assume that startup has failed if it takes longer than this.
@@ -60,7 +81,8 @@ class Spawner(LoggingConfigurable):
    ).tag(config=True)
    http_timeout = Integer(30,
-        help="""Timeout (in seconds) before giving up on a spawned HTTP server
+        help="""
        Timeout (in seconds) before giving up on a spawned HTTP server
        Once a server has successfully been spawned, this is the amount of time
        we wait before assuming that the server is unable to accept
@@ -69,8 +91,15 @@ class Spawner(LoggingConfigurable):
    ).tag(config=True)
    poll_interval = Integer(30,
-        help="""Interval (in seconds) on which to poll the spawner."""
+        help="""
        Interval (in seconds) on which to poll the spawner for single-user server's status.
        At every poll interval, each spawner's `.poll` method is called, which checks
        if the single-user server is still running. If it isn't running, then JupyterHub modifies
        its own state accordingly and removes appropriate routes from the configurable proxy.
        """
    ).tag(config=True)
    _callbacks = List()
    _poll_callback = Any()
@@ -78,8 +107,10 @@ class Spawner(LoggingConfigurable):
        help="Enable debug-logging of the single-user server"
    ).tag(config=True)
-    options_form = Unicode("", help="""
+    options_form = Unicode(
        help="""
        An HTML form for options a user can specify on launching their server.
        The surrounding `<form>` element and the submit button are already provided.
        For example:
@@ -92,6 +123,8 @@ class Spawner(LoggingConfigurable):
              <option value="A">The letter A</option>
              <option value="B">The letter B</option>
            </select>
        The data from this form submission will be passed on to your spawner in `self.user_options`
    """).tag(config=True)
    def options_from_form(self, form_data):
@@ -108,7 +141,13 @@ class Spawner(LoggingConfigurable):
        """
        return form_data
-    user_options = Dict(help="This is where form-specified options ultimately end up.")
+    user_options = Dict(
        help="""
        Dict of user specified options for the user's spawned instance of a single-user server.
        These user options are usually provided by the `options_form` displayed to the user when they start
        their server.
        """)
    env_keep = List([
        'PATH',
@@ -119,8 +158,14 @@ class Spawner(LoggingConfigurable):
        'LANG',
        'LC_ALL',
    ],
-        help="Whitelist of environment variables for the subprocess to inherit"
+        help="""
        Whitelist of environment variables for the single-user server to inherit from the JupyterHub process.
        This whitelist is used to ensure that sensitive information in the JupyterHub process's environment
        (such as `CONFIGPROXY_AUTH_TOKEN`) is not passed to the single-user server's process.
        """
    ).tag(config=True)
    env = Dict(help="""Deprecated: use Spawner.get_env or Spawner.environment
    - extend Spawner.get_env for adding required env in Spawner subclasses
@@ -128,38 +173,75 @@ class Spawner(LoggingConfigurable):
    """)
    environment = Dict(
-        help="""Environment variables to load for the Spawner.
+        help="""
        Extra environment variables to set for the single-user server's process.
-        Value could be a string or a callable. If it is a callable, it will
+        Environment variables that end up in the single-user server's process come from 3 sources:
-        be called with one parameter, which will be the instance of the spawner
+          - This `environment` configurable
-        in use. It should quickly (without doing much blocking operations) return
+          - The JupyterHub process' environment variables that are whitelisted in `env_keep`
-        a string that will be used as the value for the environment variable.
+          - Variables to establish contact between the single-user notebook and the hub (such as JPY_API_TOKEN)
        The `enviornment` configurable should be set by JupyterHub administrators to add
        installation specific environment variables. It is a dict where the key is the name of the environment
        variable, and the value can be a string or a callable. If it is a callable, it will be called
        with one parameter (the spawner instance), and should return a string fairly quickly (no blocking
        operations please!).
        Note that the spawner class' interface is not guaranteed to be exactly same across upgrades,
        so if you are using the callable take care to verify it continues to work after upgrades!
        """
    ).tag(config=True)
    cmd = Command(['jupyterhub-singleuser'],
-        help="""The command used for starting notebooks."""
+        help="""
-    ).tag(config=True)
+        The command used for starting the single-user server.
    args = List(Unicode(),
        help="""Extra arguments to be passed to the single-user server"""
    ).tag(config=True)
-    notebook_dir = Unicode('',
+        Provide either a string or a list containing the path to the startup script command. Extra arguments,
-        help="""The notebook directory for the single-user server
+        other than this path, should be provided via `args`.
-        `~` will be expanded to the user's home directory
+        This is usually set if you want to start the single-user server in a different python
-        `{username}` will be expanded to the user's username
+        environment (with virtualenv/conda) than JupyterHub itself.
        Some spawners allow shell-style expansion here, allowing you to use environment variables.
        Most, including the default, do not. Consult the documentation for your spawner to verify!
        """
    ).tag(config=True)
-    default_url = Unicode('',
+    args = List(Unicode(),
-        help="""The default URL for the single-user server. 
+        help="""
        Extra arguments to be passed to the single-user server.
-        Can be used in conjunction with --notebook-dir=/ to enable 
+        Some spawners allow shell-style expansion here, allowing you to use environment variables here.
-        full filesystem traversal, while preserving user's homedir as
+        Most, including the default, do not. Consult the documentation for your spawner to verify!
-        landing page for notebook
+        """
    ).tag(config=True)
    notebook_dir = Unicode(
        help="""
        Path to the notebook directory for the single-user server.
        The user sees a file listing of this directory when the notebook interface is started. The
        current interface does not easily allow browsing beyond the subdirectories in this directory's
        tree.
        `~` will be expanded to the home directory of the user, and {username} will be replaced
        with the name of the user.
        Note that this does *not* prevent users from accessing files outside of this path! They
        can do so with many other means.
        """
    ).tag(config=True)
    default_url = Unicode(
        help="""
        The URL the single-user server should start in.
        `{username}` will be expanded to the user's username
        Example uses:
        - You can set `notebook_dir` to `/` and `default_url` to `/home/{username}` to allow people to
          navigate the whole filesystem from their notebook, but still start in their home directory.
        - You can set this to `/lab` to have JupyterLab start by default, rather than Jupyter Notebook.
        """
    ).tag(config=True)
@@ -176,15 +258,18 @@ class Spawner(LoggingConfigurable):
        return v
    disable_user_config = Bool(False,
-        help="""Disable per-user configuration of single-user servers.
+        help="""
        Disable per-user configuration of single-user servers.
-        This prevents any config in users' $HOME directories
+        When starting the user's single-user server, any config file found in the user's $HOME directory
-        from having an effect on their server.
+        will be ignored.
        Note: a user could circumvent this if the user modifies their Python environment, such as when
        they have their own conda environments / virtualenvs / containers.
        """
    ).tag(config=True)
-    mem_limit = ByteSpecification(
+    mem_limit = ByteSpecification(None,
        None,
        help="""
        Maximum number of bytes a single-user notebook server is allowed to use.
@@ -203,8 +288,7 @@ class Spawner(LoggingConfigurable):
        """
    ).tag(config=True)
-    cpu_limit = Float(
+    cpu_limit = Float(None,
        None,
        allow_none=True,
        help="""
        Maximum number of cpu-cores a single-user notebook server is allowed to use.
@@ -220,8 +304,7 @@ class Spawner(LoggingConfigurable):
        """
    ).tag(config=True)
-    mem_guarantee = ByteSpecification(
+    mem_guarantee = ByteSpecification(None,
        None,
        help="""
        Minimum number of bytes a single-user notebook server is guaranteed to have available.
@@ -235,8 +318,7 @@ class Spawner(LoggingConfigurable):
        """
    ).tag(config=True)
-    cpu_guarantee = Float(
+    cpu_guarantee = Float(None,
        None,
        allow_none=True,
        help="""
        Minimum number of cpu-cores a single-user notebook server is guaranteed to have available.
@@ -254,29 +336,29 @@ class Spawner(LoggingConfigurable):
            self.load_state(self.user.state)
    def load_state(self, state):
-        """load state from the database
+        """Restore state of spawner from database.
-        This is the extensible part of state.
+        Called for each user's spawner after the hub process restarts.
-        Override in a subclass if there is state to load.
+        `state` is a dict that'll contain the value returned by `get_state` of
-        Should call `super`.
+        the spawner, or {} if the spawner hasn't persisted any state yet.
-        See Also
+        Override in subclasses to restore any extra state that is needed to track
-        --------
+        the single-user server for that user. Subclasses should call super().
        get_state, clear_state
        """
        pass
    def get_state(self):
-        """store the state necessary for load_state
+        """Save state of spawner into database.
-        A black box of extra state for custom spawners.
+        A black box of extra state for custom spawners. The returned value of this is
-        Subclasses should call `super`.
+        passed to `load_state`.
        Subclasses should call `super().get_state()`, augment the state returned from
        there, and return that state.
        Returns
        -------
        state: dict
             a JSONable dict of state
        """
@@ -284,9 +366,9 @@ class Spawner(LoggingConfigurable):
        return state
    def clear_state(self):
-        """clear any state that should be cleared when the process stops
+        """Clear any state that should be cleared when the single-user server stops.
-        State that should be preserved across server instances should not be cleared.
+        State that should be preserved across single-user server instances should not be cleared.
        Subclasses should call super, to ensure that state is properly cleared.
        """
@@ -298,6 +380,9 @@ class Spawner(LoggingConfigurable):
        This applies things like `env_keep`, anything defined in `Spawner.environment`,
        and adds the API token to the env.
        When overriding in subclasses, subclasses must call `super().get_env()`, extend the
        returned dict and return it.
        Use this to access the env in Spawner.start to allow extension in subclasses.
        """
        env = {}
@@ -375,7 +460,10 @@ class Spawner(LoggingConfigurable):
        return s.format(**self.template_namespace())
    def get_args(self):
-        """Return the arguments to be passed after self.cmd"""
+        """Return the arguments to be passed after self.cmd
        Doesn't expect shell expansion to happen.
        """
        args = [
            '--user="%s"' % self.user.name,
            '--cookie-name="%s"' % self.user.server.cookie_name,
@@ -412,8 +500,7 @@ class Spawner(LoggingConfigurable):
        """Start the single-user server
        Returns:
-        
+          (str, int): the (ip, port) where the Hub can connect to the server.
        (ip, port): the ip, port where the Hub can connect to the server.
        .. versionchanged:: 0.7
            Return ip, port instead of setting on self.user.server directly.
@@ -422,17 +509,22 @@ class Spawner(LoggingConfigurable):
    @gen.coroutine
    def stop(self, now=False):
-        """Stop the single-user process"""
+        """Stop the single-user server
        If `now` is set to `False`, do not wait for the server to stop. Otherwise, wait for
        the server to stop before returning.
        Must be a Tornado coroutine.
        """
        raise NotImplementedError("Override in subclass. Must be a Tornado gen.coroutine.")
    @gen.coroutine
    def poll(self):
        """Check if the single-user process is running
-        returns:
+        Returns:
-        
+          None if single-user process is running.
-        None, if single-user process is running.
+          Integer exit status (0 if unknown), if it is not running.
        Exit status (0 if unknown), if it is not running.
        State transitions, behavior, and return response:
@@ -454,27 +546,22 @@ class Spawner(LoggingConfigurable):
        raise NotImplementedError("Override in subclass. Must be a Tornado gen.coroutine.")
    def add_poll_callback(self, callback, *args, **kwargs):
-        """add a callback to fire when the subprocess stops
+        """Add a callback to fire when the single-user server stops"""
        as noticed by periodic poll_and_notify()
        """
        if args or kwargs:
            cb = callback
            callback = lambda : cb(*args, **kwargs)
        self._callbacks.append(callback)
    def stop_polling(self):
-        """stop the periodic poll"""
+        """Stop polling for single-user server's running state"""
        if self._poll_callback:
            self._poll_callback.stop()
            self._poll_callback = None
    def start_polling(self):
-        """Start polling periodically
+        """Start polling periodically for single-user server's running state.
        callbacks registered via `add_poll_callback` will fire
        if/when the process stops.
        Callbacks registered via `add_poll_callback` will fire if/when the server stops.
        Explicit termination via the stop method will not trigger the callbacks.
        """
        if self.poll_interval <= 0:
@@ -493,9 +580,7 @@ class Spawner(LoggingConfigurable):
    @gen.coroutine
    def poll_and_notify(self):
-        """Used as a callback to periodically poll the process,
+        """Used as a callback to periodically poll the process and notify any watchers"""
        and notify any watchers
        """
        status = yield self.poll()
        if status is None:
            # still running, nothing to do here
@@ -513,7 +598,7 @@ class Spawner(LoggingConfigurable):
    death_interval = Float(0.1)
    @gen.coroutine
    def wait_for_death(self, timeout=10):
-        """wait for the process to die, up to timeout seconds"""
+        """Wait for the single-user server to die, up to timeout seconds"""
        for i in range(int(timeout / self.death_interval)):
            status = yield self.poll()
            if status is not None:
@@ -521,8 +606,12 @@ class Spawner(LoggingConfigurable):
            else:
                yield gen.sleep(self.death_interval)
 def _try_setcwd(path):
-    """Try to set CWD, walking up and ultimately falling back to a temp dir"""
+    """Try to set CWD to path, walking up until a valid directory is found.
    If no valid directory is found, a temp directory is created and cwd is set to that.
    """
    while path != '/':
        try:
            os.chdir(path)
@@ -538,7 +627,11 @@ def _try_setcwd(path):
 def set_user_setuid(username):
-    """return a preexec_fn for setting the user (via setuid) of a spawned process"""
+    """Return a preexec_fn for spawning a single-user server as a particular user.
    Returned preexec_fn will set uid/gid, and attempt to chdir to the target user's
    home directory.
    """
    user = pwd.getpwnam(username)
    uid = user.pw_uid
    gid = user.pw_gid
@@ -546,7 +639,12 @@ def set_user_setuid(username):
    gids = [ g.gr_gid for g in grp.getgrall() if username in g.gr_mem ]
    def preexec():
-        # set the user and group
+        """Set uid/gid of current process
        Executed after fork but before exec by python.
        Also try to chdir to the user's home directory.
        """
        os.setgid(gid)
        try:
            os.setgroups(gids)
@@ -561,48 +659,87 @@ def set_user_setuid(username):
 class LocalProcessSpawner(Spawner):
-    """A Spawner that just uses Popen to start local processes as users.
+    """
    A Spawner that uses `subprocess.Popen` to start single-user servers as local processes.
-    Requires users to exist on the local system.
+    Requires local UNIX users matching the authenticated users to exist.
    Does not work on Windows.
    This is the default spawner for JupyterHub.
    """
    INTERRUPT_TIMEOUT = Integer(10,
-        help="Seconds to wait for process to halt after SIGINT before proceeding to SIGTERM"
+        help="""
-    ).tag(config=True)
+        Seconds to wait for single-user server process to halt after SIGINT.
-    TERM_TIMEOUT = Integer(5,
+
-        help="Seconds to wait for process to halt after SIGTERM before proceeding to SIGKILL"
+        If the process has not exited cleanly after this many seconds, a SIGTERM is sent.
-    ).tag(config=True)
+        """
    KILL_TIMEOUT = Integer(5,
        help="Seconds to wait for process to halt after SIGKILL before giving up"
    ).tag(config=True)
-    proc = Instance(Popen, allow_none=True)
+    TERM_TIMEOUT = Integer(5,
-    pid = Integer(0)
+        help="""
        Seconds to wait for single-user server process to halt after SIGTERM.
        If the process does not exit cleanly after this many seconds of SIGTERM, a SIGKILL is sent.
        """
    ).tag(config=True)
    KILL_TIMEOUT = Integer(5,
        help="""
        Seconds to wait for process to halt after SIGKILL before giving up.
        If the process does not exit cleanly after this many seconds of SIGKILL, it becomes a zombie
        process. The hub process will log a warning and then give up.
        """
    ).tag(config=True)
    proc = Instance(Popen,
        allow_none=True,
        help="""
        The process representing the single-user server process spawned for current user.
        Is None if no process has been spawned yet.
        """)
    pid = Integer(0,
        help="""
        The process id (pid) of the single-user server process spawned for current user.
        """
    )
    def make_preexec_fn(self, name):
        """
        Return a function that can be used to set the user id of the spawned process to user with name `name`
        This function can be safely passed to `preexec_fn` of `Popen`
        """
        return set_user_setuid(name)
    def load_state(self, state):
-        """load pid from state"""
+        """Restore state about spawned single-user server after a hub restart.
        Local processes only need the process id.
        """
        super(LocalProcessSpawner, self).load_state(state)
        if 'pid' in state:
            self.pid = state['pid']
    def get_state(self):
-        """add pid to state"""
+        """Save state that is needed to restore this spawner instance after a hub restore.
        Local processes only need the process id.
        """
        state = super(LocalProcessSpawner, self).get_state()
        if self.pid:
            state['pid'] = self.pid
        return state
    def clear_state(self):
-        """clear pid state"""
+        """Clear stored state about this spawner (pid)"""
        super(LocalProcessSpawner, self).clear_state()
        self.pid = 0
    def user_env(self, env):
        """Augment environment of spawned process with user specific env variables."""
        env['USER'] = self.user.name
        home = pwd.getpwnam(self.user.name).pw_dir
        shell = pwd.getpwnam(self.user.name).pw_shell
@@ -615,14 +752,14 @@ class LocalProcessSpawner(Spawner):
        return env
    def get_env(self):
-        """Add user environment variables"""
+        """Get the complete set of environment variables to be set in the spawned process."""
        env = super().get_env()
        env = self.user_env(env)
        return env
    @gen.coroutine
    def start(self):
-        """Start the process"""
+        """Start the single-user server."""
        self.port = random_port()
        cmd = []
        env = self.get_env()
@@ -659,7 +796,11 @@ class LocalProcessSpawner(Spawner):
    @gen.coroutine
    def poll(self):
-        """Poll the process"""
+        """Poll the spawned process to see if it is still running.
        If the process is still running, we return None. If it is not running,
        we return the exit code of the process if we have access to it, or 0 otherwise.
        """
        # if we started the process, poll with Popen
        if self.proc is not None:
            status = self.proc.poll()
@@ -670,7 +811,6 @@ class LocalProcessSpawner(Spawner):
        # if we resumed from stored state,
        # we don't have the Popen handle anymore, so rely on self.pid
        if not self.pid:
            # no pid, not running
            self.clear_state()
@@ -687,7 +827,12 @@ class LocalProcessSpawner(Spawner):
    @gen.coroutine
    def _signal(self, sig):
-        """simple implementation of signal, which we can use when we are using setuid (we are root)"""
+        """Send given signal to a single-user server's process.
        Returns True if the process still exists, False otherwise.
        The hub process is assumed to have enough privileges to do this (e.g. root).
        """
        try:
            os.kill(self.pid, sig)
        except OSError as e:
@@ -699,9 +844,10 @@ class LocalProcessSpawner(Spawner):
    @gen.coroutine
    def stop(self, now=False):
-        """stop the subprocess
+        """Stop the single-user server process for the current user.
-        if `now`, skip waiting for clean shutdown
+        If `now` is set to True, do not wait for the process to die.
        Otherwise, it'll wait.
        """
        if not now:
            status = yield self.poll()
@@ -731,4 +877,3 @@ class LocalProcessSpawner(Spawner):
        if status is None:
            # it all failed, zombie process
            self.log.warning("Process %i never died", self.pid)