Compare commits
1388 Commits
Author | SHA1 | Date | |
---|---|---|---|
![]() |
d7d8459edb | ||
![]() |
39a7116d16 | ||
![]() |
d27c970cc4 | ||
![]() |
cf56dbb97b | ||
![]() |
a4ccfe4e11 | ||
![]() |
f1871bbe24 | ||
![]() |
1cc9153a91 | ||
![]() |
4258254c39 | ||
![]() |
f3aee9bd16 | ||
![]() |
5cb8ccf8b2 | ||
![]() |
1d63e417ca | ||
![]() |
ee0020e8fa | ||
![]() |
2d83575a24 | ||
![]() |
33c168530e | ||
![]() |
5d4d34b24d | ||
![]() |
49cc794937 | ||
![]() |
7f9e77ce5b | ||
![]() |
6fa3b429db | ||
![]() |
e89836c035 | ||
![]() |
784b5cb6f0 | ||
![]() |
daaa763c3b | ||
![]() |
2b18c64081 | ||
![]() |
785addc245 | ||
![]() |
b4758db017 | ||
![]() |
10fbfee157 | ||
![]() |
c58a251dbd | ||
![]() |
27be5e4847 | ||
![]() |
be97a0c95b | ||
![]() |
689a312756 | ||
![]() |
1484869ee3 | ||
![]() |
a090632a48 | ||
![]() |
451a16c57e | ||
![]() |
6e14e86a1a | ||
![]() |
a142f543ba | ||
![]() |
0bb3996c30 | ||
![]() |
2a23e8afea | ||
![]() |
071e375d5f | ||
![]() |
ca2d0a58b9 | ||
![]() |
1cfeee8808 | ||
![]() |
6ff421061d | ||
![]() |
2d049c39fc | ||
![]() |
5535804acb | ||
![]() |
0901fa255f | ||
![]() |
3e5b272b80 | ||
![]() |
693446dba9 | ||
![]() |
12d6a744df | ||
![]() |
45dcb3bd17 | ||
![]() |
6de9414c2f | ||
![]() |
b1f8c31c80 | ||
![]() |
8032f874af | ||
![]() |
c869bc34af | ||
![]() |
d1c06ab603 | ||
![]() |
7653f75310 | ||
![]() |
de4ea150c0 | ||
![]() |
0fdb0df176 | ||
![]() |
6cefdba515 | ||
![]() |
b3bd236e15 | ||
![]() |
79a06fd9ac | ||
![]() |
3249574744 | ||
![]() |
7e04d1d756 | ||
![]() |
d63083bc17 | ||
![]() |
b93ec84822 | ||
![]() |
b1606f21e6 | ||
![]() |
437eb18dd2 | ||
![]() |
82c889861d | ||
![]() |
6ba45ee389 | ||
![]() |
af0082a16b | ||
![]() |
4bdca83c94 | ||
![]() |
4183d45ab3 | ||
![]() |
674ae9b4fc | ||
![]() |
ff283ae636 | ||
![]() |
76eabb2de8 | ||
![]() |
2fbcb16190 | ||
![]() |
5d5ebb2583 | ||
![]() |
49b9a9f017 | ||
![]() |
aa60d948bb | ||
![]() |
37d4d0e140 | ||
![]() |
e86622b921 | ||
![]() |
0d86c4ecf5 | ||
![]() |
249f39cf46 | ||
![]() |
8f3532e191 | ||
![]() |
27d0f62cd2 | ||
![]() |
a31dadacb2 | ||
![]() |
59fa95acf4 | ||
![]() |
32c3fb01d4 | ||
![]() |
ddc852d658 | ||
![]() |
01bc8584a2 | ||
![]() |
6524f38125 | ||
![]() |
50c16239d2 | ||
![]() |
bfdec8f22e | ||
![]() |
25aa892f86 | ||
![]() |
5dedfe2629 | ||
![]() |
699b317d54 | ||
![]() |
b1622ec745 | ||
![]() |
3cbcddad83 | ||
![]() |
35d888e91e | ||
![]() |
20be7f98f7 | ||
![]() |
a39d8aca30 | ||
![]() |
453ae6e97b | ||
![]() |
89c85aca37 | ||
![]() |
87c276f425 | ||
![]() |
4ec92f9f14 | ||
![]() |
8d01b0356b | ||
![]() |
81a43a588b | ||
![]() |
8ea5a957a6 | ||
![]() |
fee81c7d33 | ||
![]() |
0dd291ae5c | ||
![]() |
db3f62b79a | ||
![]() |
f8add6ae6d | ||
![]() |
d1f115d951 | ||
![]() |
fab5c33796 | ||
![]() |
4ab525ab5f | ||
![]() |
1185619bf6 | ||
![]() |
4b1d80203e | ||
![]() |
d8cabdb90f | ||
![]() |
947b9b1a9e | ||
![]() |
6f63ac7831 | ||
![]() |
0c028c7186 | ||
![]() |
1498707ac9 | ||
![]() |
de20c3f3a7 | ||
![]() |
0df552e2a1 | ||
![]() |
b4c53a29a9 | ||
![]() |
ca67757269 | ||
![]() |
aaa4deeed0 | ||
![]() |
bda8671807 | ||
![]() |
4d75c16335 | ||
![]() |
b5f6547e64 | ||
![]() |
17aee17c5f | ||
![]() |
2f99104f57 | ||
![]() |
80519f4fd0 | ||
![]() |
1531e94cc7 | ||
![]() |
43c3ac78fc | ||
![]() |
9cc6aa9b6d | ||
![]() |
031cb6076a | ||
![]() |
5e60582ef3 | ||
![]() |
ca198e0363 | ||
![]() |
d14a4bbe2c | ||
![]() |
ada8582768 | ||
![]() |
856923b35f | ||
![]() |
39902a7140 | ||
![]() |
8524556b33 | ||
![]() |
7c36ac93ba | ||
![]() |
fec3d959f2 | ||
![]() |
52d8f74eb1 | ||
![]() |
701b93d226 | ||
![]() |
bb83bb47d8 | ||
![]() |
1ba47d4a3d | ||
![]() |
8c76f2b30c | ||
![]() |
a7c3ea0906 | ||
![]() |
fa2cb33b27 | ||
![]() |
32706963ae | ||
![]() |
fb4c920996 | ||
![]() |
370ec4f5c7 | ||
![]() |
5e77e448bd | ||
![]() |
7c46fe74a5 | ||
![]() |
dcdb8d8a89 | ||
![]() |
087dd0fcd2 | ||
![]() |
33a139861b | ||
![]() |
d8d1b6c149 | ||
![]() |
a2f5a0bea9 | ||
![]() |
0063752a7f | ||
![]() |
297f6988bd | ||
![]() |
a6d217d113 | ||
![]() |
e51ea3f2be | ||
![]() |
bf36f9fc9a | ||
![]() |
b196dd2bea | ||
![]() |
10191f43fe | ||
![]() |
342f40c8d7 | ||
![]() |
895bc378df | ||
![]() |
00cafc8392 | ||
![]() |
a6d0c36594 | ||
![]() |
71a8573fdb | ||
![]() |
2715607361 | ||
![]() |
f2bfe6cd96 | ||
![]() |
9008d5eea4 | ||
![]() |
d340fc056e | ||
![]() |
f3e1b95147 | ||
![]() |
b5aa53fe7b | ||
![]() |
96c16bfb85 | ||
![]() |
d33226f3c2 | ||
![]() |
78fe52bfb8 | ||
![]() |
383cd6e73d | ||
![]() |
25fa0f739f | ||
![]() |
919b6a8d6c | ||
![]() |
92223b1dde | ||
![]() |
9a0f7286bc | ||
![]() |
71f2b73c36 | ||
![]() |
b34bdd2846 | ||
![]() |
392e432071 | ||
![]() |
09e48546ab | ||
![]() |
77ecdbe12a | ||
![]() |
1431c5a21a | ||
![]() |
8c63f669a9 | ||
![]() |
c009b39795 | ||
![]() |
dfd808b90e | ||
![]() |
75e46fc111 | ||
![]() |
337a0118c0 | ||
![]() |
2ee355d6a4 | ||
![]() |
4fa0876d91 | ||
![]() |
46d4e2898d | ||
![]() |
4e410473cb | ||
![]() |
fdddd7d58c | ||
![]() |
563106c0d2 | ||
![]() |
b6d8db5259 | ||
![]() |
5e67bd773f | ||
![]() |
aaab44090d | ||
![]() |
7b154fcc45 | ||
![]() |
d2779061b0 | ||
![]() |
3e20642b31 | ||
![]() |
a46032b549 | ||
![]() |
8ca8225cef | ||
![]() |
0e6cf6a485 | ||
![]() |
37cdba370f | ||
![]() |
d5f87fe09f | ||
![]() |
2930fa9cc9 | ||
![]() |
53c3201c17 | ||
![]() |
4229d68d23 | ||
![]() |
8b0bdc71bc | ||
![]() |
47e66580db | ||
![]() |
c360777ee0 | ||
![]() |
05874e9f81 | ||
![]() |
c3e1d5313d | ||
![]() |
4b36dce29f | ||
![]() |
d84ad44b74 | ||
![]() |
b60468d2b6 | ||
![]() |
35d041a701 | ||
![]() |
045ba0671b | ||
![]() |
bbc2847530 | ||
![]() |
887f2a2c24 | ||
![]() |
2b265b2529 | ||
![]() |
f0da8a75b0 | ||
![]() |
9aa2110409 | ||
![]() |
047bd4e7cc | ||
![]() |
10d781c570 | ||
![]() |
c2aa7f1748 | ||
![]() |
4ace113965 | ||
![]() |
69933e240f | ||
![]() |
9ac6ed344c | ||
![]() |
c9c0d3723b | ||
![]() |
c09876cbe2 | ||
![]() |
6bb4d27a3f | ||
![]() |
48c3a3a834 | ||
![]() |
24dcb4b783 | ||
![]() |
22d6f48bb8 | ||
![]() |
df98fb012e | ||
![]() |
ea44ab0c85 | ||
![]() |
b1759c8882 | ||
![]() |
c633d87f1e | ||
![]() |
680e829824 | ||
![]() |
891a352f42 | ||
![]() |
df829e8927 | ||
![]() |
f2ae3af90e | ||
![]() |
62b991649b | ||
![]() |
767dce29f4 | ||
![]() |
7f1c91d8f4 | ||
![]() |
3a0bacde3a | ||
![]() |
7f12418e4c | ||
![]() |
40013f7292 | ||
![]() |
2070c8c102 | ||
![]() |
eb19a73044 | ||
![]() |
87ce499840 | ||
![]() |
9a3dbedc52 | ||
![]() |
0cebb4c9d7 | ||
![]() |
fc25b0e10d | ||
![]() |
006b89746a | ||
![]() |
1f7838ba5f | ||
![]() |
e5e6876cef | ||
![]() |
2686615304 | ||
![]() |
e512847652 | ||
![]() |
4fb158933e | ||
![]() |
575af23e23 | ||
![]() |
52c468d89c | ||
![]() |
80e241c86f | ||
![]() |
c8199c6303 | ||
![]() |
090f68bb21 | ||
![]() |
5b4f0d4304 | ||
![]() |
1efb8c765b | ||
![]() |
1c0d0daef8 | ||
![]() |
302573e860 | ||
![]() |
5e58fc60d4 | ||
![]() |
1322926d9b | ||
![]() |
a64fa15fee | ||
![]() |
71c620f38f | ||
![]() |
65d9ac3c61 | ||
![]() |
f752e6df1e | ||
![]() |
19bcb9cea0 | ||
![]() |
7b22330583 | ||
![]() |
1be2b3721a | ||
![]() |
e53488cd64 | ||
![]() |
fe5ca1a67e | ||
![]() |
0670423a3d | ||
![]() |
e9620df5b5 | ||
![]() |
2a425f4344 | ||
![]() |
ee63002f21 | ||
![]() |
2d94b2999f | ||
![]() |
7a055e65db | ||
![]() |
e385214121 | ||
![]() |
b0116ee539 | ||
![]() |
301fed30b2 | ||
![]() |
e449b9c193 | ||
![]() |
bafcf6bd23 | ||
![]() |
15788bec67 | ||
![]() |
e921354544 | ||
![]() |
eb7648abc2 | ||
![]() |
9a45f4a8c9 | ||
![]() |
1f3165859f | ||
![]() |
2d6e7186aa | ||
![]() |
efde40cbbd | ||
![]() |
f3c2a15e53 | ||
![]() |
d64853a6f5 | ||
![]() |
b72d887dd7 | ||
![]() |
49ebf969c1 | ||
![]() |
1a6b16d493 | ||
![]() |
6fd7e27e95 | ||
![]() |
28c6377db7 | ||
![]() |
67f21bb518 | ||
![]() |
7c0e113fbc | ||
![]() |
bc3ace60dc | ||
![]() |
ce2310b1ae | ||
![]() |
6979a11bfa | ||
![]() |
10a4ac4809 | ||
![]() |
34341e7aac | ||
![]() |
ac7ff491e1 | ||
![]() |
abd3bc13d2 | ||
![]() |
ebed5c2f4b | ||
![]() |
bcebf0ee7b | ||
![]() |
95ee2cb709 | ||
![]() |
9faecccc9c | ||
![]() |
49babdcae9 | ||
![]() |
ef3b29bc5d | ||
![]() |
a2da7a5080 | ||
![]() |
f37e44a6f7 | ||
![]() |
d45b2a7c70 | ||
![]() |
b0b7e8d25d | ||
![]() |
7eba029d1f | ||
![]() |
82d12b3eeb | ||
![]() |
dd07495624 | ||
![]() |
8783df8d8d | ||
![]() |
d4cce8cdff | ||
![]() |
8a17afb6e3 | ||
![]() |
2bbfde40f0 | ||
![]() |
7cf230ec1f | ||
![]() |
c5e2789324 | ||
![]() |
5d96076587 | ||
![]() |
2e872069fb | ||
![]() |
ae51870db5 | ||
![]() |
7409ccad66 | ||
![]() |
cff066a7be | ||
![]() |
a198124894 | ||
![]() |
58f6659e40 | ||
![]() |
bd16299ffb | ||
![]() |
7656adc8b0 | ||
![]() |
4b3f9e5f42 | ||
![]() |
febb7c32c1 | ||
![]() |
94bb9ed00d | ||
![]() |
5fbd4f2d4e | ||
![]() |
50f1decee7 | ||
![]() |
c3176b0ca3 | ||
![]() |
f29354e0f4 | ||
![]() |
67b774faca | ||
![]() |
a08a839385 | ||
![]() |
425078652e | ||
![]() |
76a6959cf0 | ||
![]() |
b7b5cf2f2d | ||
![]() |
2ff067be6d | ||
![]() |
2cd6a9e720 | ||
![]() |
ca33692459 | ||
![]() |
32bd8aa105 | ||
![]() |
080ff7043e | ||
![]() |
c5102452e4 | ||
![]() |
99f2905cab | ||
![]() |
34d59f66d9 | ||
![]() |
88b2954c90 | ||
![]() |
d1aeff7bbf | ||
![]() |
371ef6cad8 | ||
![]() |
053b038e74 | ||
![]() |
acdd9bb674 | ||
![]() |
bc4844df3f | ||
![]() |
372af86250 | ||
![]() |
a13f4197d4 | ||
![]() |
356e71709a | ||
![]() |
c48988afcb | ||
![]() |
48b0658a52 | ||
![]() |
9fa4106c04 | ||
![]() |
8a7ab7bc78 | ||
![]() |
d3ae59eea6 | ||
![]() |
6a7cb3dcc8 | ||
![]() |
7f2050b522 | ||
![]() |
3c35aeb9a8 | ||
![]() |
c02ab23b3d | ||
![]() |
3a06310d37 | ||
![]() |
22b9a5e5dc | ||
![]() |
75fd4b2525 | ||
![]() |
a78655c5a7 | ||
![]() |
fa79e233b7 | ||
![]() |
1e174e1abc | ||
![]() |
a87b2e680c | ||
![]() |
ec6123d39d | ||
![]() |
f381c2e649 | ||
![]() |
5c3530cc7f | ||
![]() |
6ca5b3aa70 | ||
![]() |
e6a5dd1273 | ||
![]() |
358b830747 | ||
![]() |
a91e94dd16 | ||
![]() |
26f31a11f7 | ||
![]() |
3dc0a8388b | ||
![]() |
acc1fe9274 | ||
![]() |
7c273296c2 | ||
![]() |
815034f0f1 | ||
![]() |
c8c39aa40d | ||
![]() |
b34119c908 | ||
![]() |
b9331dbd57 | ||
![]() |
c928d10316 | ||
![]() |
b43125e9e8 | ||
![]() |
451dccfbf4 | ||
![]() |
eb8b9c4d98 | ||
![]() |
e79b43e906 | ||
![]() |
a1dc73882a | ||
![]() |
0fb78f19ec | ||
![]() |
81a410db91 | ||
![]() |
924aeb4abb | ||
![]() |
b966258849 | ||
![]() |
9031b9aa57 | ||
![]() |
cbe4095533 | ||
![]() |
1be278779d | ||
![]() |
8c9d2f0c4f | ||
![]() |
76fc077e3b | ||
![]() |
8e6d9de536 | ||
![]() |
93045957a0 | ||
![]() |
e71d181a23 | ||
![]() |
fcbc6e06c8 | ||
![]() |
33c6e68b5e | ||
![]() |
a4d241524c | ||
![]() |
af1c71f7ff | ||
![]() |
78c57805d5 | ||
![]() |
cc324a6d4b | ||
![]() |
8437f47f36 | ||
![]() |
89bde5db17 | ||
![]() |
f43ebe8d51 | ||
![]() |
341bc42d95 | ||
![]() |
493f9ab331 | ||
![]() |
e9753fd65d | ||
![]() |
3b136339af | ||
![]() |
1821c21243 | ||
![]() |
e675ab85c7 | ||
![]() |
58f005eea2 | ||
![]() |
d34e84ae9d | ||
![]() |
981ef2ca3b | ||
![]() |
c87fcd9b71 | ||
![]() |
c69adfb506 | ||
![]() |
ac82f0f437 | ||
![]() |
c975f7eb4a | ||
![]() |
07b590e2c3 | ||
![]() |
0b98be05fd | ||
![]() |
0a54b1aa99 | ||
![]() |
e114f79e44 | ||
![]() |
3ff046affa | ||
![]() |
e26229c0b4 | ||
![]() |
6c000968c9 | ||
![]() |
8d79be7cfb | ||
![]() |
25264a43cf | ||
![]() |
4cd4fd1dff | ||
![]() |
e2a899327f | ||
![]() |
56601d93c3 | ||
![]() |
f2fa067025 | ||
![]() |
02cb5ec076 | ||
![]() |
571ca2dec6 | ||
![]() |
35a95b5f0c | ||
![]() |
ce9d9fd26d | ||
![]() |
d79a99323e | ||
![]() |
a81972067a | ||
![]() |
67f19a65b7 | ||
![]() |
a21b496d48 | ||
![]() |
7ff49705bc | ||
![]() |
6dc43dd70b | ||
![]() |
42c78a8ba7 | ||
![]() |
54449562bd | ||
![]() |
e29fad06ed | ||
![]() |
f1a5c7da55 | ||
![]() |
0239ff8646 | ||
![]() |
e4a64bd129 | ||
![]() |
a0354de3c1 | ||
![]() |
2e4e1ce82f | ||
![]() |
1f0ea679e5 | ||
![]() |
06f646099f | ||
![]() |
3360817cb6 | ||
![]() |
b84e929e8c | ||
![]() |
df74ff68ab | ||
![]() |
e042ad0b4a | ||
![]() |
246f9f9044 | ||
![]() |
03aa48a88c | ||
![]() |
de54056005 | ||
![]() |
5e2c133669 | ||
![]() |
4fc4cfe2cc | ||
![]() |
bc08f4de34 | ||
![]() |
12904ecc32 | ||
![]() |
601d371796 | ||
![]() |
30d9e09390 | ||
![]() |
ca33ccd66d | ||
![]() |
84deb1fa7a | ||
![]() |
2a0e5d90e6 | ||
![]() |
3c05033481 | ||
![]() |
7850a5d478 | ||
![]() |
f84c73eb15 | ||
![]() |
f5a3b1bc5a | ||
![]() |
b2fe8e5691 | ||
![]() |
9d4c410996 | ||
![]() |
dcae92ce4a | ||
![]() |
29957b8cd8 | ||
![]() |
6299e0368c | ||
![]() |
c862b6062d | ||
![]() |
146587ffff | ||
![]() |
077d8dec9a | ||
![]() |
af8d6086fc | ||
![]() |
18f8661d73 | ||
![]() |
bd70f66c70 | ||
![]() |
ac213fc4b5 | ||
![]() |
db33549173 | ||
![]() |
e985e2b84c | ||
![]() |
1d9abf7528 | ||
![]() |
935baa8bc6 | ||
![]() |
9b77732319 | ||
![]() |
85aac0fa2d | ||
![]() |
abd6f35638 | ||
![]() |
ba4700b3f3 | ||
![]() |
05b11bd47a | ||
![]() |
71cb628563 | ||
![]() |
0d664355f0 | ||
![]() |
dd6261d031 | ||
![]() |
f3f5b69e49 | ||
![]() |
9ea4ca3646 | ||
![]() |
8ee9869ca0 | ||
![]() |
6cedd73d2a | ||
![]() |
59145ca0f7 | ||
![]() |
9607edcc23 | ||
![]() |
e082b923e0 | ||
![]() |
dd4df873b4 | ||
![]() |
ab02f9c568 | ||
![]() |
3adbfe315e | ||
![]() |
6000a84ffc | ||
![]() |
a2f003ed31 | ||
![]() |
7b6dd9f5cf | ||
![]() |
0fa5c20f89 | ||
![]() |
204399ee2c | ||
![]() |
5e68dce02f | ||
![]() |
952bbea039 | ||
![]() |
630e85bfec | ||
![]() |
26f7bb51bd | ||
![]() |
d429433bb2 | ||
![]() |
5de870be41 | ||
![]() |
1fc75086aa | ||
![]() |
fa3437c09a | ||
![]() |
01b27645fb | ||
![]() |
373c3f82dd | ||
![]() |
a1c2a50810 | ||
![]() |
5c39325104 | ||
![]() |
0304dd0040 | ||
![]() |
a549edfd75 | ||
![]() |
25e6b31a5f | ||
![]() |
3c21e7d45b | ||
![]() |
7c6972df7e | ||
![]() |
753bd0701f | ||
![]() |
c5faf2c5ea | ||
![]() |
c50cd1ba7f | ||
![]() |
a69e906c6e | ||
![]() |
f7f4759bde | ||
![]() |
906abcc2f3 | ||
![]() |
5269370e4a | ||
![]() |
897f5f62d5 | ||
![]() |
727356870a | ||
![]() |
39aed3a5a0 | ||
![]() |
ed26578717 | ||
![]() |
22863f765f | ||
![]() |
b500bd002b | ||
![]() |
aca40b24c3 | ||
![]() |
b5fe5a80c6 | ||
![]() |
ad073dd5dd | ||
![]() |
7b815558c6 | ||
![]() |
55f58b3ba7 | ||
![]() |
e1f93a4721 | ||
![]() |
2e95f3c039 | ||
![]() |
b0ba51f209 | ||
![]() |
89e6c2110e | ||
![]() |
7dfdc23b4e | ||
![]() |
4c7df53a8a | ||
![]() |
678afd3783 | ||
![]() |
0185a08f32 | ||
![]() |
f3787dd2c8 | ||
![]() |
30f19cfc8c | ||
![]() |
a84fa38c6b | ||
![]() |
867ce4c213 | ||
![]() |
005118e09d | ||
![]() |
04ce67ee71 | ||
![]() |
31807929cb | ||
![]() |
cb4105b53e | ||
![]() |
151887dd56 | ||
![]() |
5f97487184 | ||
![]() |
4d2d677777 | ||
![]() |
6a3b3807c9 | ||
![]() |
02a52a0289 | ||
![]() |
7bd1e387df | ||
![]() |
edc0d7901f | ||
![]() |
8e561f1c12 | ||
![]() |
24d87c882f | ||
![]() |
1e333e2f29 | ||
![]() |
a507fa1c8a | ||
![]() |
90cc03b3ec | ||
![]() |
6f15113e2a | ||
![]() |
f3f08c9caa | ||
![]() |
c495c4731a | ||
![]() |
e08a50ef66 | ||
![]() |
fbcd792062 | ||
![]() |
bb81ce0160 | ||
![]() |
315087d67c | ||
![]() |
31e6a15a85 | ||
![]() |
aed99d8d19 | ||
![]() |
ec83708892 | ||
![]() |
bedac5f148 | ||
![]() |
376aa13981 | ||
![]() |
4bc8b48763 | ||
![]() |
21496890f6 | ||
![]() |
70dcd50e44 | ||
![]() |
24094567e5 | ||
![]() |
6bd0febbe1 | ||
![]() |
57075aba52 | ||
![]() |
f0260aae52 | ||
![]() |
edd8e21f71 | ||
![]() |
681d3ce2d8 | ||
![]() |
97e792ccde | ||
![]() |
a5a0543b2a | ||
![]() |
5a810ccba3 | ||
![]() |
0a6b2cdadc | ||
![]() |
08903e7af8 | ||
![]() |
78439329c0 | ||
![]() |
4dfd6bc4b9 | ||
![]() |
574cc39b5f | ||
![]() |
6fb43a8241 | ||
![]() |
84c82fe382 | ||
![]() |
5e45e76f5b | ||
![]() |
92fd819cd6 | ||
![]() |
cb5ef0c302 | ||
![]() |
34fab033fe | ||
![]() |
37f4c4429e | ||
![]() |
293410ec94 | ||
![]() |
ed6ee27dcd | ||
![]() |
ca16ddb7ad | ||
![]() |
2102c1fd1c | ||
![]() |
aa9676ec5e | ||
![]() |
5e93c7de4c | ||
![]() |
d22626906b | ||
![]() |
5f91ed044e | ||
![]() |
5c3c7493c1 | ||
![]() |
1b7965092e | ||
![]() |
ef60be5a99 | ||
![]() |
f78d652cd6 | ||
![]() |
3650575797 | ||
![]() |
0f000f6d41 | ||
![]() |
643729ac0c | ||
![]() |
91a67bf580 | ||
![]() |
c75eddb730 | ||
![]() |
0f5888ad6c | ||
![]() |
8c48f3b856 | ||
![]() |
6e7e18bc3c | ||
![]() |
3dfd7e5a84 | ||
![]() |
19ecbf3734 | ||
![]() |
eac3e8ba90 | ||
![]() |
a7a6829b69 | ||
![]() |
61299113c8 | ||
![]() |
21a57dfa0b | ||
![]() |
a7226a8231 | ||
![]() |
6e3dd21f60 | ||
![]() |
cf049730d4 | ||
![]() |
cb9ce4d3af | ||
![]() |
925ee1dfb2 | ||
![]() |
5d9122b26c | ||
![]() |
6821ad0c59 | ||
![]() |
ff7851ee2e | ||
![]() |
6940ed85b1 | ||
![]() |
3d497a7f43 | ||
![]() |
cc6968e225 | ||
![]() |
a6c517c344 | ||
![]() |
a3e08b7f52 | ||
![]() |
14c8d7dc46 | ||
![]() |
ac2590c679 | ||
![]() |
ead13c6a11 | ||
![]() |
5002ab2990 | ||
![]() |
ab3e7293a4 | ||
![]() |
062af5e5cb | ||
![]() |
92088570ea | ||
![]() |
604ccf515d | ||
![]() |
ec9b244990 | ||
![]() |
09acdc23b5 | ||
![]() |
e7808b50af | ||
![]() |
9c27095744 | ||
![]() |
690b07982e | ||
![]() |
784e5aa4ee | ||
![]() |
29187cab3a | ||
![]() |
43a72807c6 | ||
![]() |
1d1f6f1870 | ||
![]() |
505a6eb4e3 | ||
![]() |
cc49df8147 | ||
![]() |
98d60402b5 | ||
![]() |
319e8a1062 | ||
![]() |
0c5d564830 | ||
![]() |
c0404cf9d9 | ||
![]() |
f364661363 | ||
![]() |
f92d77b06d | ||
![]() |
2cf00e6aae | ||
![]() |
dfdb0cff2b | ||
![]() |
d0dad84ffa | ||
![]() |
1745937f1a | ||
![]() |
e7eb674a89 | ||
![]() |
b232633100 | ||
![]() |
6abd19c149 | ||
![]() |
0aa0ff8db7 | ||
![]() |
a907429fd4 | ||
![]() |
598b550a67 | ||
![]() |
92bb442494 | ||
![]() |
2d41f6223e | ||
![]() |
791dd5fb9f | ||
![]() |
9a0ccf4c98 | ||
![]() |
ad2abc5771 | ||
![]() |
2d99b3943f | ||
![]() |
a358132f95 | ||
![]() |
09cd37feee | ||
![]() |
0f3610e81d | ||
![]() |
3f97c438e2 | ||
![]() |
42351201d2 | ||
![]() |
907bbb8e9d | ||
![]() |
63f3d8b621 | ||
![]() |
47d6e841fd | ||
![]() |
e3bb09fabe | ||
![]() |
d4e0c01189 | ||
![]() |
50370d42b0 | ||
![]() |
aa190a80b7 | ||
![]() |
e48bae77aa | ||
![]() |
96cf0f99ed | ||
![]() |
f380968049 | ||
![]() |
02468f4625 | ||
![]() |
24611f94cf | ||
![]() |
dc75a9a4b7 | ||
![]() |
33f459a23a | ||
![]() |
bdcc251002 | ||
![]() |
86052ba7b4 | ||
![]() |
62ebcf55c9 | ||
![]() |
80ac2475a0 | ||
![]() |
5179d922f5 | ||
![]() |
26f085a8ed | ||
![]() |
b7d302cc72 | ||
![]() |
f2941e3631 | ||
![]() |
26a6401af4 | ||
![]() |
5c8ce338a1 | ||
![]() |
5addc7bbaf | ||
![]() |
da095170bf | ||
![]() |
1aab0a69bd | ||
![]() |
fc8e04b62f | ||
![]() |
c6c53b4e10 | ||
![]() |
9b0219a2d8 | ||
![]() |
6e212fa476 | ||
![]() |
58f9237b12 | ||
![]() |
74fd925219 | ||
![]() |
2696bb97d2 | ||
![]() |
9cefb27704 | ||
![]() |
5e75357b06 | ||
![]() |
79bebb4bc9 | ||
![]() |
0ed88f212b | ||
![]() |
a8c1cab5fe | ||
![]() |
e1a6b1a70f | ||
![]() |
c95ed16786 | ||
![]() |
ec784803b4 | ||
![]() |
302d7a22d3 | ||
![]() |
eccd5a460b | ||
![]() |
80437229a1 | ||
![]() |
237ffba641 | ||
![]() |
2695c5e49f | ||
![]() |
b7a608fdfd | ||
![]() |
c3413bad78 | ||
![]() |
dceb244e5b | ||
![]() |
cb31a0b162 | ||
![]() |
7ced657d79 | ||
![]() |
8dd9168077 | ||
![]() |
7c6591aefe | ||
![]() |
58c91e3fd4 | ||
![]() |
db4cf7ae62 | ||
![]() |
a17f5e4f1b | ||
![]() |
6cf7f2b0a7 | ||
![]() |
7e21ea9a48 | ||
![]() |
3f29198bae | ||
![]() |
d4293650ff | ||
![]() |
d65dd16881 | ||
![]() |
f36e163581 | ||
![]() |
f215adcfa2 | ||
![]() |
1549af6f56 | ||
![]() |
c553f82580 | ||
![]() |
196b4ebc9f | ||
![]() |
8710ce1687 | ||
![]() |
f65e8d7369 | ||
![]() |
dc5d9f02c7 | ||
![]() |
2f3f8d7826 | ||
![]() |
297da070fc | ||
![]() |
10ea92dcea | ||
![]() |
2e5f01f232 | ||
![]() |
1a080c4261 | ||
![]() |
0e08963355 | ||
![]() |
cd9e39bf54 | ||
![]() |
580e840165 | ||
![]() |
09a8fd5254 | ||
![]() |
8898faa141 | ||
![]() |
fdbb1dad79 | ||
![]() |
c39244168b | ||
![]() |
9591fd88c5 | ||
![]() |
3558ce958e | ||
![]() |
804a9b7be8 | ||
![]() |
3cae550b13 | ||
![]() |
138bad5913 | ||
![]() |
09011815af | ||
![]() |
7b0c845c3a | ||
![]() |
6a47123ec9 | ||
![]() |
19fab6bbf8 | ||
![]() |
90e6b63e59 | ||
![]() |
bd78217cf3 | ||
![]() |
b0833985e6 | ||
![]() |
a6f73b035f | ||
![]() |
251440ec64 | ||
![]() |
22a1df6fa0 | ||
![]() |
6389751c22 | ||
![]() |
8498691763 | ||
![]() |
1750ff0324 | ||
![]() |
2ce4c46afd | ||
![]() |
a20f5e44d1 | ||
![]() |
cd746d72d4 | ||
![]() |
f7eaff0828 | ||
![]() |
849f119a47 | ||
![]() |
52b68381f6 | ||
![]() |
46d495e1e2 | ||
![]() |
acc6c22355 | ||
![]() |
8143182971 | ||
![]() |
04a22cd482 | ||
![]() |
4376224084 | ||
![]() |
a9fe88c343 | ||
![]() |
6eb95e1c66 | ||
![]() |
a46287c4a6 | ||
![]() |
bc86ee1c31 | ||
![]() |
a73e6f0bf8 | ||
![]() |
10a6c5144d | ||
![]() |
4e5f43aeae | ||
![]() |
ff56db0c8b | ||
![]() |
95a9b97649 | ||
![]() |
a5b5208823 | ||
![]() |
783295fabd | ||
![]() |
1c942ec97c | ||
![]() |
3b6d2655ab | ||
![]() |
8a18d0daab | ||
![]() |
e9f7ccbd25 | ||
![]() |
68d9f35c0b | ||
![]() |
28d78134c1 | ||
![]() |
fd92ac852d | ||
![]() |
8399f5288e | ||
![]() |
f99b7cb7eb | ||
![]() |
bb5166077f | ||
![]() |
b72e4b66ca | ||
![]() |
ed85cd25d6 | ||
![]() |
3f90697e18 | ||
![]() |
73271a3e55 | ||
![]() |
6f9ea712de | ||
![]() |
6ee244e7cb | ||
![]() |
d66a4af79b | ||
![]() |
ea7b1caa4e | ||
![]() |
9cd880fb35 | ||
![]() |
658c152707 | ||
![]() |
6f1ba77608 | ||
![]() |
2344d696ca | ||
![]() |
bd816310cb | ||
![]() |
2bcf759a9f | ||
![]() |
82a04f7032 | ||
![]() |
4281babee4 | ||
![]() |
d89f2965cf | ||
![]() |
e2a2a9903a | ||
![]() |
4401cdc16a | ||
![]() |
e8d3fb2920 | ||
![]() |
f7ccc137ea | ||
![]() |
07bbb4ea02 | ||
![]() |
b189e70c9b | ||
![]() |
de4c9c1463 | ||
![]() |
8bdb73ced4 | ||
![]() |
dee9050939 | ||
![]() |
ae3c214708 | ||
![]() |
d6e81867bf | ||
![]() |
d30a5ee0a5 | ||
![]() |
88bb80be0f | ||
![]() |
bba1ba1678 | ||
![]() |
b50daf20d0 | ||
![]() |
5c6c7cdff5 | ||
![]() |
3f9b2a0c28 | ||
![]() |
453e119808 | ||
![]() |
a021f910c8 | ||
![]() |
e6c2afc4db | ||
![]() |
e6c7b28057 | ||
![]() |
b1840e8be7 | ||
![]() |
15e4b1ad8b | ||
![]() |
2517afcee0 | ||
![]() |
15c7ba3078 | ||
![]() |
f2cb24781a | ||
![]() |
e1d346b8c3 | ||
![]() |
97bdf4811c | ||
![]() |
45c871d779 | ||
![]() |
976fa9c907 | ||
![]() |
771c60ca37 | ||
![]() |
e15eeccd35 | ||
![]() |
ce535b55bc | ||
![]() |
33cb62c2ee | ||
![]() |
32fe3cf61d | ||
![]() |
73a05498ce | ||
![]() |
034147f604 | ||
![]() |
b629e520a9 | ||
![]() |
30280cc6a4 | ||
![]() |
f7f0b72776 | ||
![]() |
251289fc05 | ||
![]() |
6437093a67 | ||
![]() |
be5a878da5 | ||
![]() |
8dc73a852d | ||
![]() |
e37d82951e | ||
![]() |
acc311830e | ||
![]() |
6b1046697a | ||
![]() |
c5befc5b2a | ||
![]() |
e743a5733b | ||
![]() |
5f98801c99 | ||
![]() |
9858a3db9d | ||
![]() |
65c1a525b9 | ||
![]() |
8bd055d4bd | ||
![]() |
5ee14db1f9 | ||
![]() |
58069d015b | ||
![]() |
f2684b59ec | ||
![]() |
e0c0d03c5f | ||
![]() |
1ac47d2bb0 | ||
![]() |
bc75c71ca3 | ||
![]() |
c49fc14528 | ||
![]() |
078bd8c627 | ||
![]() |
33ba9fb5cf | ||
![]() |
4e7e586cb9 | ||
![]() |
62fa795052 | ||
![]() |
b6d9f89518 | ||
![]() |
afbf867169 | ||
![]() |
dace6ac156 | ||
![]() |
cbf2b8cb78 | ||
![]() |
96c5de63d8 | ||
![]() |
b8b57843a6 | ||
![]() |
e3fd4ad77d | ||
![]() |
c08148266a | ||
![]() |
a6a2d04c46 | ||
![]() |
8f7061fb9b | ||
![]() |
7b5235138f | ||
![]() |
7e3fa8c38d | ||
![]() |
151acd5bec | ||
![]() |
23ca2039f6 | ||
![]() |
b291103592 | ||
![]() |
e962c9993b | ||
![]() |
955b769d3f | ||
![]() |
9b914e8f01 | ||
![]() |
307ad636dc | ||
![]() |
2952f62726 | ||
![]() |
6d6e48f434 | ||
![]() |
a189196855 | ||
![]() |
d30e62a205 | ||
![]() |
e56d416210 | ||
![]() |
c0f37c48a1 | ||
![]() |
a3ed387455 | ||
![]() |
beedc94179 | ||
![]() |
5229604782 | ||
![]() |
cf665517dd | ||
![]() |
4663edd8a7 | ||
![]() |
312e7974d9 | ||
![]() |
ca8aa53b32 | ||
![]() |
7122ca1c24 | ||
![]() |
97cdb1a5d8 | ||
![]() |
31d3f7a20b | ||
![]() |
6f8a34127b | ||
![]() |
ee1a86d192 | ||
![]() |
707b300bd6 | ||
![]() |
c9e12182a2 | ||
![]() |
9b7186e9b8 | ||
![]() |
4eb07f9d48 | ||
![]() |
4f78cbbd1b | ||
![]() |
d962e8bcbc | ||
![]() |
ba695a0230 | ||
![]() |
dfed2437a8 | ||
![]() |
ecfcb4ec64 | ||
![]() |
b9335311de | ||
![]() |
354468db0a | ||
![]() |
340a736722 | ||
![]() |
7bf93cb7e6 | ||
![]() |
4fa9535fd4 | ||
![]() |
1abd3217aa | ||
![]() |
d0360d5c98 | ||
![]() |
74365ad05e | ||
![]() |
9dc24c0995 | ||
![]() |
fd40e27be4 | ||
![]() |
05b2bf4c96 | ||
![]() |
a0fcbcbc7d | ||
![]() |
3117ea9d34 | ||
![]() |
8973dea33e | ||
![]() |
3e7d0dbd23 | ||
![]() |
b26b1bc038 | ||
![]() |
74b1102dea | ||
![]() |
a89226279f | ||
![]() |
8b490c8ef0 | ||
![]() |
77a98e7875 | ||
![]() |
c02592d5ba | ||
![]() |
52d7dacbaa | ||
![]() |
9a8457deff | ||
![]() |
5039b3ac6f | ||
![]() |
00705223b6 | ||
![]() |
9f6ab4c419 | ||
![]() |
9012c7310d | ||
![]() |
a3edebcad9 | ||
![]() |
f2abb6a73f | ||
![]() |
e96e5b740a | ||
![]() |
ee067ad97a | ||
![]() |
d01b3a88b6 | ||
![]() |
5a22c978cf | ||
![]() |
f8a0e7d1be | ||
![]() |
25a65564b1 | ||
![]() |
c858023c88 | ||
![]() |
c3e470db26 | ||
![]() |
5908c4da7a | ||
![]() |
b08dbbd106 | ||
![]() |
3b320c75e9 | ||
![]() |
1aa6dc6686 | ||
![]() |
fdc4385e62 | ||
![]() |
5094448762 | ||
![]() |
98c7fa919f | ||
![]() |
5b9f51417f | ||
![]() |
7a91f89474 | ||
![]() |
bf7afa16e5 | ||
![]() |
0d57baae82 | ||
![]() |
446d197cf7 | ||
![]() |
2582f0bbe6 | ||
![]() |
1ee993c664 | ||
![]() |
542c20065f | ||
![]() |
39f663d03c | ||
![]() |
6474a55302 | ||
![]() |
8566d4c5ab | ||
![]() |
e374e93cfb | ||
![]() |
7bd4f6490c | ||
![]() |
25373f510d | ||
![]() |
82cab39e1c | ||
![]() |
22507cc1cd | ||
![]() |
2bded65c7e | ||
![]() |
a3a0c60804 | ||
![]() |
704b172887 | ||
![]() |
135717f8cb | ||
![]() |
1d87ba8534 | ||
![]() |
97cd27775b | ||
![]() |
fe2e9c282e | ||
![]() |
fab125975b | ||
![]() |
cefd7e3b1b | ||
![]() |
344a3e7b24 | ||
![]() |
a0ee237ada | ||
![]() |
e81eb9a5f8 | ||
![]() |
98d3b538af | ||
![]() |
3614a0e368 | ||
![]() |
0421497b1e | ||
![]() |
8b3c2fa12f | ||
![]() |
a58bea6d93 | ||
![]() |
c7c41cd761 | ||
![]() |
b282ec73c7 | ||
![]() |
dad26be2c6 | ||
![]() |
58d602e549 | ||
![]() |
5e14904205 | ||
![]() |
97293ab7ce | ||
![]() |
b6f634368c | ||
![]() |
7b4de150cc | ||
![]() |
7a268c94b0 | ||
![]() |
7a1fa78632 | ||
![]() |
19f02da64d | ||
![]() |
5bf1aac9cb | ||
![]() |
0ae034083c | ||
![]() |
5010af941b | ||
![]() |
015df7e060 | ||
![]() |
e025d58f6e | ||
![]() |
b151d333d3 | ||
![]() |
304c005a85 | ||
![]() |
e2591e8e36 | ||
![]() |
f3c22cb6d0 | ||
![]() |
b2527984bc | ||
![]() |
b8d2271191 | ||
![]() |
b8978b0235 | ||
![]() |
63ef6419cd | ||
![]() |
25dc429455 | ||
![]() |
7550e63fd0 | ||
![]() |
0561968fac | ||
![]() |
7811bf518b | ||
![]() |
bc7116ad94 | ||
![]() |
70eec33d06 | ||
![]() |
773973825f | ||
![]() |
a184d372f4 | ||
![]() |
ca1606a021 | ||
![]() |
5c6d7eb309 | ||
![]() |
4de6b39788 | ||
![]() |
f0494cc7d6 | ||
![]() |
9d98d1ee63 | ||
![]() |
f1238e17b1 | ||
![]() |
4201c8a6f3 | ||
![]() |
53396ed454 | ||
![]() |
8695823165 | ||
![]() |
ec8d008678 | ||
![]() |
a949ad14f8 | ||
![]() |
48e7bd4f10 | ||
![]() |
4b11f8f26b | ||
![]() |
b056444863 | ||
![]() |
872f021ddc | ||
![]() |
079b0c1b91 | ||
![]() |
2664b50a18 | ||
![]() |
6970df4dda | ||
![]() |
22c3064ec4 | ||
![]() |
d6ab65a2e7 | ||
![]() |
aa23b01a57 | ||
![]() |
d82de98001 | ||
![]() |
7df8597484 | ||
![]() |
1b99b1275c | ||
![]() |
d16461052b | ||
![]() |
9640364713 | ||
![]() |
18e0600727 | ||
![]() |
17fffda74e | ||
![]() |
3ac4f48f82 | ||
![]() |
6f8ae98ed0 | ||
![]() |
47b2ce6180 | ||
![]() |
d18d84e187 | ||
![]() |
c1dcdf49e5 | ||
![]() |
079005eab1 | ||
![]() |
dc8cea3a3e | ||
![]() |
efca88cf8b | ||
![]() |
c05a6b96b7 | ||
![]() |
a831ff3b61 | ||
![]() |
b814a09fe6 | ||
![]() |
fb48c8626a | ||
![]() |
fbdeb4c386 | ||
![]() |
4cf9ecc819 | ||
![]() |
e9573b6e24 | ||
![]() |
d5f0137052 | ||
![]() |
d9f5adb1fb | ||
![]() |
0c6aa064ac | ||
![]() |
646c853cf4 | ||
![]() |
fb3bc95623 | ||
![]() |
c8b4cab022 | ||
![]() |
06fb94b4ea | ||
![]() |
9f6cef4fb4 | ||
![]() |
0315dd5612 | ||
![]() |
e4e5bebc1a | ||
![]() |
c688e9ebad | ||
![]() |
6d6041a3c1 | ||
![]() |
dde7b5ea68 | ||
![]() |
9bf533b340 | ||
![]() |
f1a105abec | ||
![]() |
e6587b5dc8 | ||
![]() |
b2ad045a2d | ||
![]() |
89734d8c5f | ||
![]() |
53736099ba | ||
![]() |
2fcfa136c1 | ||
![]() |
9f85209a1b | ||
![]() |
cea1b2fd4d | ||
![]() |
312252b670 | ||
![]() |
4d6b30c17b | ||
![]() |
0beb9c2670 | ||
![]() |
a0289af59f | ||
![]() |
40363834c8 | ||
![]() |
0c9e5fd10b | ||
![]() |
3d90e5cdf6 | ||
![]() |
8e3f1f0955 | ||
![]() |
7c64415096 | ||
![]() |
e3fd1dba0e | ||
![]() |
9866a0fadc | ||
![]() |
f87f24d9e5 | ||
![]() |
4729ae4769 | ||
![]() |
691c4c158f | ||
![]() |
3c597339ba | ||
![]() |
e5fe174e03 | ||
![]() |
1c25a9d026 | ||
![]() |
2db378e9c1 | ||
![]() |
a4067ee681 | ||
![]() |
edb0831028 | ||
![]() |
dac3b0a6f5 | ||
![]() |
9a180cc8ad | ||
![]() |
e81764610e | ||
![]() |
e4e2b627fe | ||
![]() |
ec55f56725 | ||
![]() |
1e4f871bcc | ||
![]() |
69f72919bd | ||
![]() |
dc0336fa45 | ||
![]() |
8c341d262e | ||
![]() |
2b15464e12 | ||
![]() |
a686235ffb | ||
![]() |
29171a4d05 | ||
![]() |
e9123f55e0 | ||
![]() |
ee004486bd | ||
![]() |
498e234c37 | ||
![]() |
b29f19e206 | ||
![]() |
1e00343262 | ||
![]() |
3cd526c019 | ||
![]() |
ea99c58da5 | ||
![]() |
c64f23a64a | ||
![]() |
2099cd37fa | ||
![]() |
2559632079 | ||
![]() |
352df39454 | ||
![]() |
ce3a940b11 | ||
![]() |
6594e88390 | ||
![]() |
339758ec42 | ||
![]() |
0b4c7defd4 | ||
![]() |
6d71e9065b | ||
![]() |
631ab4d4eb | ||
![]() |
589ff47ae6 | ||
![]() |
877034d012 | ||
![]() |
3d440bf8f5 | ||
![]() |
138b2be010 | ||
![]() |
b729944480 | ||
![]() |
870afd9fac | ||
![]() |
e808814725 | ||
![]() |
122cf2250d | ||
![]() |
fa1d962507 | ||
![]() |
6504692c5c | ||
![]() |
bd36962643 | ||
![]() |
f5ccfc3f8a | ||
![]() |
c1a7e0513b | ||
![]() |
af71e79371 | ||
![]() |
bf911cf3a5 | ||
![]() |
6059a1c444 | ||
![]() |
c4966a4bf2 | ||
![]() |
cb9f356a69 | ||
![]() |
9d02f6a408 | ||
![]() |
ee76772e1b | ||
![]() |
f0a030a86d | ||
![]() |
1a31e56f33 | ||
![]() |
04e9e0e687 | ||
![]() |
cec917c2a2 | ||
![]() |
08989a8797 | ||
![]() |
b734c331e4 | ||
![]() |
fe477a6809 | ||
![]() |
6391a4a7f7 | ||
![]() |
e68220d4b3 | ||
![]() |
b873149f9b | ||
![]() |
86aebbcaea | ||
![]() |
fd260cf32f | ||
![]() |
69101a5b14 | ||
![]() |
151d6cbc48 | ||
![]() |
04675e5fcb | ||
![]() |
b38c6fe06a | ||
![]() |
089a12bdc9 | ||
![]() |
d9a0a2003f | ||
![]() |
ad704d9925 | ||
![]() |
0cca79eeee | ||
![]() |
457bea7c34 | ||
![]() |
2479679eeb | ||
![]() |
937405d2d8 | ||
![]() |
d1bed1b9cc | ||
![]() |
acc60bce57 | ||
![]() |
43807ff06b | ||
![]() |
b8a63bcc0c | ||
![]() |
66c1815a78 | ||
![]() |
4e5cfa2077 | ||
![]() |
ebaf5d31b7 | ||
![]() |
760a640c6a | ||
![]() |
4fc06e9504 | ||
![]() |
c283ccb122 | ||
![]() |
80df842b2b | ||
![]() |
f1a8a72a9f | ||
![]() |
0296e16232 | ||
![]() |
f6f7081483 | ||
![]() |
7f7cd0a314 | ||
![]() |
5ffb5763a5 | ||
![]() |
4382037110 | ||
![]() |
963cd88440 | ||
![]() |
885f99ac08 | ||
![]() |
7c3919980a | ||
![]() |
d8860d6f24 | ||
![]() |
6b992e37e3 | ||
![]() |
a3424355fa | ||
![]() |
569a91296d | ||
![]() |
8b583cb445 | ||
![]() |
038a85af43 | ||
![]() |
9165beb41c | ||
![]() |
b285de4412 | ||
![]() |
5826035fe9 | ||
![]() |
b953ac295b | ||
![]() |
8a95066b2e | ||
![]() |
00a4aef607 | ||
![]() |
9e2663491e | ||
![]() |
e01ce7b665 | ||
![]() |
a57df48f28 | ||
![]() |
5d7e008055 | ||
![]() |
ba31b3ecb7 | ||
![]() |
3c5eb934bf | ||
![]() |
82e15df6e9 | ||
![]() |
e3c83c0c29 | ||
![]() |
94542334c4 | ||
![]() |
95494b3ace | ||
![]() |
a131cfb79e | ||
![]() |
f002c67343 | ||
![]() |
b9caf95c72 | ||
![]() |
5356954240 | ||
![]() |
126c73002e | ||
![]() |
65b4502a78 | ||
![]() |
3406161d75 | ||
![]() |
e45f00f0f7 | ||
![]() |
71f4a30562 | ||
![]() |
20ba414b41 | ||
![]() |
f5250f04c5 | ||
![]() |
c2ea20a87a | ||
![]() |
b14989d4a5 | ||
![]() |
04578e329c | ||
![]() |
be05e438ca | ||
![]() |
24d9215029 | ||
![]() |
8892270c24 | ||
![]() |
b928df6cba | ||
![]() |
3fc74bd79e | ||
![]() |
b34be77fec | ||
![]() |
54dcca7ba9 | ||
![]() |
d991c06098 | ||
![]() |
01a67ba156 | ||
![]() |
8831573b6c | ||
![]() |
c5bc5411fb | ||
![]() |
a13ccd7530 | ||
![]() |
e9a744e8b7 | ||
![]() |
582d43c153 | ||
![]() |
7b5550928f | ||
![]() |
83920a3258 | ||
![]() |
d1670aa443 | ||
![]() |
c6f589124e | ||
![]() |
35991e5194 | ||
![]() |
b956190393 | ||
![]() |
122c989b7a | ||
![]() |
5602575099 | ||
![]() |
4534499aad | ||
![]() |
f733a91d7c | ||
![]() |
bf3fa30a01 | ||
![]() |
2625229847 | ||
![]() |
2c3eb6d0d6 | ||
![]() |
5ff98fd1a5 | ||
![]() |
056a7351a3 | ||
![]() |
f79b71727b | ||
![]() |
d3a3b8ca19 | ||
![]() |
df9e002b9a | ||
![]() |
a4a2c9d068 | ||
![]() |
c453e5ad20 | ||
![]() |
617b879c2a | ||
![]() |
a0042e9302 | ||
![]() |
6bbfcdfe4f | ||
![]() |
25662285af | ||
![]() |
84d12e8d72 | ||
![]() |
c317cbce36 | ||
![]() |
d279604fac | ||
![]() |
70fc4ef886 | ||
![]() |
24ff91eef5 | ||
![]() |
afc6789c74 | ||
![]() |
819e5e222a | ||
![]() |
e1a4f37bbc | ||
![]() |
a73477feed | ||
![]() |
89722ee2f3 | ||
![]() |
30d4b2cef4 | ||
![]() |
ca4fce7ffb | ||
![]() |
018b2daace | ||
![]() |
fd01165cf6 | ||
![]() |
34e4719893 | ||
![]() |
c6ac9e1d15 | ||
![]() |
70b8876239 | ||
![]() |
5e34f4481a | ||
![]() |
eae5594698 | ||
![]() |
f02022a00c | ||
![]() |
f964013516 | ||
![]() |
5f7ffaf1f6 | ||
![]() |
0e7ccb7520 | ||
![]() |
c9db504a49 | ||
![]() |
716677393e | ||
![]() |
ba8484f161 | ||
![]() |
ceec84dbb4 | ||
![]() |
f2a83ec846 | ||
![]() |
7deea6083a | ||
![]() |
a169ff3548 | ||
![]() |
f84a88da21 | ||
![]() |
eecec7183e | ||
![]() |
f11705ee26 | ||
![]() |
78ac5abf23 | ||
![]() |
2beeaa0932 | ||
![]() |
90cb8423bc | ||
![]() |
3b07bd286b | ||
![]() |
73564b97ea | ||
![]() |
65cad5efad | ||
![]() |
52eb627cd6 | ||
![]() |
506e568a9a |
21
.circleci/config.yml
Normal file
@@ -0,0 +1,21 @@
|
|||||||
|
# Python CircleCI 2.0 configuration file
|
||||||
|
# Updating CircleCI configuration from v1 to v2
|
||||||
|
# Check https://circleci.com/docs/2.0/language-python/ for more details
|
||||||
|
#
|
||||||
|
version: 2
|
||||||
|
jobs:
|
||||||
|
build:
|
||||||
|
machine: true
|
||||||
|
steps:
|
||||||
|
- checkout
|
||||||
|
- run:
|
||||||
|
name: build images
|
||||||
|
command: |
|
||||||
|
docker build -t jupyterhub/jupyterhub .
|
||||||
|
docker build -t jupyterhub/jupyterhub-onbuild onbuild
|
||||||
|
docker build -t jupyterhub/jupyterhub:alpine -f dockerfiles/Dockerfile.alpine .
|
||||||
|
docker build -t jupyterhub/singleuser singleuser
|
||||||
|
- run:
|
||||||
|
name: smoke test jupyterhub
|
||||||
|
command: |
|
||||||
|
docker run --rm -it jupyterhub/jupyterhub jupyterhub --help
|
@@ -1,4 +1,5 @@
|
|||||||
[run]
|
[run]
|
||||||
|
parallel = True
|
||||||
branch = False
|
branch = False
|
||||||
omit =
|
omit =
|
||||||
jupyterhub/tests/*
|
jupyterhub/tests/*
|
||||||
|
5
.flake8
@@ -10,13 +10,12 @@
|
|||||||
# E402: module level import not at top of file
|
# E402: module level import not at top of file
|
||||||
# I100: Import statements are in the wrong order
|
# I100: Import statements are in the wrong order
|
||||||
# I101: Imported names are in the wrong order. Should be
|
# I101: Imported names are in the wrong order. Should be
|
||||||
ignore = E, C, W, F401, F403, F811, F841, E402, I100, I101
|
ignore = E, C, W, F401, F403, F811, F841, E402, I100, I101, D400
|
||||||
|
builtins = c, get_config
|
||||||
exclude =
|
exclude =
|
||||||
.cache,
|
.cache,
|
||||||
.github,
|
.github,
|
||||||
docs,
|
docs,
|
||||||
examples,
|
|
||||||
jupyterhub/alembic*,
|
jupyterhub/alembic*,
|
||||||
onbuild,
|
onbuild,
|
||||||
scripts,
|
scripts,
|
||||||
|
37
.github/ISSUE_TEMPLATE/bug_report.md
vendored
Normal file
@@ -0,0 +1,37 @@
|
|||||||
|
---
|
||||||
|
name: Bug report
|
||||||
|
about: Create a report to help us improve
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
Hi! Thanks for using JupyterHub.
|
||||||
|
|
||||||
|
If you are reporting an issue with JupyterHub, please use the [GitHub issue](https://github.com/jupyterhub/jupyterhub/issues) search feature to check if your issue has been asked already. If it has, please add your comments to the existing issue.
|
||||||
|
|
||||||
|
**Describe the bug**
|
||||||
|
A clear and concise description of what the bug is.
|
||||||
|
|
||||||
|
**To Reproduce**
|
||||||
|
Steps to reproduce the behavior:
|
||||||
|
1. Go to '...'
|
||||||
|
2. Click on '....'
|
||||||
|
3. Scroll down to '....'
|
||||||
|
4. See error
|
||||||
|
|
||||||
|
**Expected behavior**
|
||||||
|
A clear and concise description of what you expected to happen.
|
||||||
|
|
||||||
|
**Screenshots**
|
||||||
|
If applicable, add screenshots to help explain your problem.
|
||||||
|
|
||||||
|
**Desktop (please complete the following information):**
|
||||||
|
- OS: [e.g. iOS]
|
||||||
|
- Browser [e.g. chrome, safari]
|
||||||
|
- Version [e.g. 22]
|
||||||
|
|
||||||
|
**Additional context**
|
||||||
|
Add any other context about the problem here.
|
||||||
|
|
||||||
|
- Running `jupyter troubleshoot` from the command line, if possible, and posting
|
||||||
|
its output would also be helpful.
|
||||||
|
- Running in `--debug` mode can also be helpful for troubleshooting.
|
7
.github/ISSUE_TEMPLATE/installation-and-configuration-issues.md
vendored
Normal file
@@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
name: Installation and configuration issues
|
||||||
|
about: Installation and configuration assistance
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
If you are having issues with installation or configuration, you may ask for help on the JupyterHub gitter channel or file an issue here.
|
0
.github/PULL_REQUEST_TEMPLATE/.keep
vendored
Normal file
29
.github/issue_template.md
vendored
@@ -1,29 +0,0 @@
|
|||||||
Hi! Thanks for using JupyterHub.
|
|
||||||
|
|
||||||
If you are reporting an issue with JupyterHub:
|
|
||||||
|
|
||||||
- Please use the [GitHub issue](https://github.com/jupyterhub/jupyterhub/issues)
|
|
||||||
search feature to check if your issue has been asked already. If it has,
|
|
||||||
please add your comments to the existing issue.
|
|
||||||
|
|
||||||
- Where applicable, please fill out the details below to help us troubleshoot
|
|
||||||
the issue that you are facing. Please be as thorough as you are able to
|
|
||||||
provide details on the issue.
|
|
||||||
|
|
||||||
**How to reproduce the issue**
|
|
||||||
|
|
||||||
**What you expected to happen**
|
|
||||||
|
|
||||||
**What actually happens**
|
|
||||||
|
|
||||||
**Share what version of JupyterHub you are using**
|
|
||||||
|
|
||||||
Running `jupyter troubleshoot` from the command line, if possible, and posting
|
|
||||||
its output would also be helpful.
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
Insert jupyter troubleshoot output here
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
13
.gitignore
vendored
@@ -6,6 +6,7 @@ node_modules
|
|||||||
/build
|
/build
|
||||||
dist
|
dist
|
||||||
docs/_build
|
docs/_build
|
||||||
|
docs/build
|
||||||
docs/source/_static/rest-api
|
docs/source/_static/rest-api
|
||||||
.ipynb_checkpoints
|
.ipynb_checkpoints
|
||||||
# ignore config file at the top-level of the repo
|
# ignore config file at the top-level of the repo
|
||||||
@@ -13,11 +14,15 @@ docs/source/_static/rest-api
|
|||||||
/jupyterhub_config.py
|
/jupyterhub_config.py
|
||||||
jupyterhub_cookie_secret
|
jupyterhub_cookie_secret
|
||||||
jupyterhub.sqlite
|
jupyterhub.sqlite
|
||||||
share/jupyter/hub/static/components
|
package-lock.json
|
||||||
share/jupyter/hub/static/css/style.min.css
|
share/jupyterhub/static/components
|
||||||
share/jupyter/hub/static/css/style.min.css.map
|
share/jupyterhub/static/css/style.min.css
|
||||||
|
share/jupyterhub/static/css/style.min.css.map
|
||||||
*.egg-info
|
*.egg-info
|
||||||
MANIFEST
|
MANIFEST
|
||||||
.coverage
|
.coverage
|
||||||
|
.coverage.*
|
||||||
htmlcov
|
htmlcov
|
||||||
|
.idea/
|
||||||
|
.pytest_cache
|
||||||
|
pip-wheel-metadata
|
||||||
|
20
.pre-commit-config.yaml
Normal file
@@ -0,0 +1,20 @@
|
|||||||
|
repos:
|
||||||
|
- repo: https://github.com/asottile/reorder_python_imports
|
||||||
|
rev: v1.3.5
|
||||||
|
hooks:
|
||||||
|
- id: reorder-python-imports
|
||||||
|
language_version: python3.6
|
||||||
|
- repo: https://github.com/ambv/black
|
||||||
|
rev: 18.9b0
|
||||||
|
hooks:
|
||||||
|
- id: black
|
||||||
|
- repo: https://github.com/pre-commit/pre-commit-hooks
|
||||||
|
rev: v2.1.0
|
||||||
|
hooks:
|
||||||
|
- id: end-of-file-fixer
|
||||||
|
- id: check-json
|
||||||
|
- id: check-yaml
|
||||||
|
- id: check-case-conflict
|
||||||
|
- id: check-executables-have-shebangs
|
||||||
|
- id: requirements-txt-fixer
|
||||||
|
- id: flake8
|
71
.travis.yml
@@ -1,49 +1,94 @@
|
|||||||
language: python
|
language: python
|
||||||
sudo: false
|
sudo: false
|
||||||
|
cache:
|
||||||
|
- pip
|
||||||
python:
|
python:
|
||||||
- nightly
|
|
||||||
- 3.6
|
- 3.6
|
||||||
- 3.5
|
- 3.5
|
||||||
- 3.4
|
- nightly
|
||||||
env:
|
env:
|
||||||
global:
|
global:
|
||||||
- ASYNC_TEST_TIMEOUT=15
|
- ASYNC_TEST_TIMEOUT=15
|
||||||
|
- MYSQL_HOST=127.0.0.1
|
||||||
|
- MYSQL_TCP_PORT=13306
|
||||||
services:
|
services:
|
||||||
- mysql
|
- postgres
|
||||||
- postgresql
|
- docker
|
||||||
|
|
||||||
# installing dependencies
|
# installing dependencies
|
||||||
before_install:
|
before_install:
|
||||||
|
- set -e
|
||||||
- nvm install 6; nvm use 6
|
- nvm install 6; nvm use 6
|
||||||
- npm install
|
- npm install
|
||||||
- npm install -g configurable-http-proxy
|
- npm install -g configurable-http-proxy
|
||||||
- |
|
- |
|
||||||
|
# setup database
|
||||||
if [[ $JUPYTERHUB_TEST_DB_URL == mysql* ]]; then
|
if [[ $JUPYTERHUB_TEST_DB_URL == mysql* ]]; then
|
||||||
mysql -e 'CREATE DATABASE jupyterhub CHARACTER SET utf8 COLLATE utf8_general_ci;'
|
unset MYSQL_UNIX_PORT
|
||||||
pip install 'mysql-connector<2.2'
|
DB=mysql bash ci/docker-db.sh
|
||||||
|
DB=mysql bash ci/init-db.sh
|
||||||
|
pip install 'mysql-connector-python'
|
||||||
elif [[ $JUPYTERHUB_TEST_DB_URL == postgresql* ]]; then
|
elif [[ $JUPYTERHUB_TEST_DB_URL == postgresql* ]]; then
|
||||||
psql -c 'create database jupyterhub;' -U postgres
|
DB=postgres bash ci/init-db.sh
|
||||||
pip install psycopg2
|
pip install psycopg2-binary
|
||||||
fi
|
fi
|
||||||
install:
|
install:
|
||||||
- pip install -U pip
|
- pip install --upgrade pip
|
||||||
- pip install --pre -r dev-requirements.txt .
|
- pip install --upgrade --pre -r dev-requirements.txt .
|
||||||
- pip freeze
|
- pip freeze
|
||||||
|
|
||||||
# running tests
|
# running tests
|
||||||
script:
|
script:
|
||||||
- pytest -v --maxfail=2 --cov=jupyterhub jupyterhub/tests
|
- |
|
||||||
|
# run tests
|
||||||
|
if [[ -z "$TEST" ]]; then
|
||||||
|
pytest -v --maxfail=2 --cov=jupyterhub jupyterhub/tests
|
||||||
|
fi
|
||||||
|
- |
|
||||||
|
# run autoformat
|
||||||
|
if [[ "$TEST" == "lint" ]]; then
|
||||||
|
pre-commit run --all-files
|
||||||
|
fi
|
||||||
|
- |
|
||||||
|
# build docs
|
||||||
|
if [[ "$TEST" == "docs" ]]; then
|
||||||
|
pushd docs
|
||||||
|
pip install --upgrade -r requirements.txt
|
||||||
|
pip install --upgrade alabaster_jupyterhub
|
||||||
|
make html
|
||||||
|
popd
|
||||||
|
fi
|
||||||
after_success:
|
after_success:
|
||||||
- codecov
|
- codecov
|
||||||
|
after_failure:
|
||||||
|
- |
|
||||||
|
# point to auto-lint-fix
|
||||||
|
if [[ "$TEST" == "lint" ]]; then
|
||||||
|
echo "You can install pre-commit hooks to automatically run formatting"
|
||||||
|
echo "on each commit with:"
|
||||||
|
echo " pre-commit install"
|
||||||
|
echo "or you can run by hand on staged files with"
|
||||||
|
echo " pre-commit run"
|
||||||
|
echo "or after-the-fact on already committed files with"
|
||||||
|
echo " pre-commit run --all-files"
|
||||||
|
fi
|
||||||
|
|
||||||
matrix:
|
matrix:
|
||||||
fast_finish: true
|
fast_finish: true
|
||||||
include:
|
include:
|
||||||
|
- python: 3.6
|
||||||
|
env: TEST=lint
|
||||||
|
- python: 3.6
|
||||||
|
env: TEST=docs
|
||||||
- python: 3.6
|
- python: 3.6
|
||||||
env: JUPYTERHUB_TEST_SUBDOMAIN_HOST=http://localhost.jovyan.org:8000
|
env: JUPYTERHUB_TEST_SUBDOMAIN_HOST=http://localhost.jovyan.org:8000
|
||||||
- python: 3.6
|
- python: 3.6
|
||||||
env: JUPYTERHUB_TEST_DB_URL=mysql+mysqlconnector://root@127.0.0.1/jupyterhub
|
env:
|
||||||
|
- JUPYTERHUB_TEST_DB_URL=mysql+mysqlconnector://root@127.0.0.1:$MYSQL_TCP_PORT/jupyterhub
|
||||||
- python: 3.6
|
- python: 3.6
|
||||||
env: JUPYTERHUB_TEST_DB_URL=postgresql://postgres@127.0.0.1/jupyterhub
|
env:
|
||||||
|
- JUPYTERHUB_TEST_DB_URL=postgresql://postgres@127.0.0.1/jupyterhub
|
||||||
|
- python: 3.7
|
||||||
|
dist: xenial
|
||||||
allow_failures:
|
allow_failures:
|
||||||
- python: nightly
|
- python: nightly
|
||||||
|
1
CODE_OF_CONDUCT.md
Normal file
@@ -0,0 +1 @@
|
|||||||
|
Please refer to [Project Jupyter's Code of Conduct](https://github.com/jupyter/governance/blob/master/conduct/code_of_conduct.md).
|
103
CONTRIBUTING.md
@@ -1,3 +1,102 @@
|
|||||||
# Contributing
|
# Contributing to JupyterHub
|
||||||
|
|
||||||
Welcome! As a [Jupyter](https://jupyter.org) project, we follow the [Jupyter contributor guide](https://jupyter.readthedocs.io/en/latest/contributor/content-contributor.html).
|
Welcome! As a [Jupyter](https://jupyter.org) project,
|
||||||
|
you can follow the [Jupyter contributor guide](https://jupyter.readthedocs.io/en/latest/contributor/content-contributor.html).
|
||||||
|
|
||||||
|
Make sure to also follow [Project Jupyter's Code of Conduct](https://github.com/jupyter/governance/blob/master/conduct/code_of_conduct.md)
|
||||||
|
for a friendly and welcoming collaborative environment.
|
||||||
|
|
||||||
|
## Setting up a development environment
|
||||||
|
|
||||||
|
JupyterHub requires Python >= 3.5 and nodejs.
|
||||||
|
|
||||||
|
As a Python project, a development install of JupyterHub follows standard practices for the basics (steps 1-2).
|
||||||
|
|
||||||
|
|
||||||
|
1. clone the repo
|
||||||
|
```bash
|
||||||
|
git clone https://github.com/jupyterhub/jupyterhub
|
||||||
|
```
|
||||||
|
2. do a development install with pip
|
||||||
|
|
||||||
|
```bash
|
||||||
|
cd jupyterhub
|
||||||
|
python3 -m pip install --editable .
|
||||||
|
```
|
||||||
|
3. install the development requirements,
|
||||||
|
which include things like testing tools
|
||||||
|
|
||||||
|
```bash
|
||||||
|
python3 -m pip install -r dev-requirements.txt
|
||||||
|
```
|
||||||
|
4. install configurable-http-proxy with npm:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
npm install -g configurable-http-proxy
|
||||||
|
```
|
||||||
|
5. set up pre-commit hooks for automatic code formatting, etc.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
pre-commit install
|
||||||
|
```
|
||||||
|
|
||||||
|
You can also invoke the pre-commit hook manually at any time with
|
||||||
|
|
||||||
|
```bash
|
||||||
|
pre-commit run
|
||||||
|
```
|
||||||
|
|
||||||
|
## Contributing
|
||||||
|
|
||||||
|
JupyterHub has adopted automatic code formatting so you shouldn't
|
||||||
|
need to worry too much about your code style.
|
||||||
|
As long as your code is valid,
|
||||||
|
the pre-commit hook should take care of how it should look.
|
||||||
|
You can invoke the pre-commit hook by hand at any time with:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
pre-commit run
|
||||||
|
```
|
||||||
|
|
||||||
|
which should run any autoformatting on your code
|
||||||
|
and tell you about any errors it couldn't fix automatically.
|
||||||
|
You may also install [black integration](https://github.com/ambv/black#editor-integration)
|
||||||
|
into your text editor to format code automatically.
|
||||||
|
|
||||||
|
If you have already committed files before setting up the pre-commit
|
||||||
|
hook with `pre-commit install`, you can fix everything up using
|
||||||
|
`pre-commit run --all-files`. You need to make the fixing commit
|
||||||
|
yourself after that.
|
||||||
|
|
||||||
|
## Testing
|
||||||
|
|
||||||
|
It's a good idea to write tests to exercise any new features,
|
||||||
|
or that trigger any bugs that you have fixed to catch regressions.
|
||||||
|
|
||||||
|
You can run the tests with:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
pytest -v
|
||||||
|
```
|
||||||
|
|
||||||
|
in the repo directory. If you want to just run certain tests,
|
||||||
|
check out the [pytest docs](https://pytest.readthedocs.io/en/latest/usage.html)
|
||||||
|
for how pytest can be called.
|
||||||
|
For instance, to test only spawner-related things in the REST API:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
pytest -v -k spawn jupyterhub/tests/test_api.py
|
||||||
|
```
|
||||||
|
|
||||||
|
The tests live in `jupyterhub/tests` and are organized roughly into:
|
||||||
|
|
||||||
|
1. `test_api.py` tests the REST API
|
||||||
|
2. `test_pages.py` tests loading the HTML pages
|
||||||
|
|
||||||
|
and other collections of tests for different components.
|
||||||
|
When writing a new test, there should usually be a test of
|
||||||
|
similar functionality already written and related tests should
|
||||||
|
be added nearby.
|
||||||
|
When in doubt, feel free to ask.
|
||||||
|
|
||||||
|
TODO: describe some details about fixtures, etc.
|
||||||
|
22
Dockerfile
@@ -21,29 +21,25 @@
|
|||||||
# your jupyterhub_config.py will be added automatically
|
# your jupyterhub_config.py will be added automatically
|
||||||
# from your docker directory.
|
# from your docker directory.
|
||||||
|
|
||||||
FROM debian:jessie
|
FROM ubuntu:18.04
|
||||||
MAINTAINER Jupyter Project <jupyter@googlegroups.com>
|
LABEL maintainer="Jupyter Project <jupyter@googlegroups.com>"
|
||||||
|
|
||||||
# install nodejs, utf8 locale, set CDN because default httpredir is unreliable
|
# install nodejs, utf8 locale, set CDN because default httpredir is unreliable
|
||||||
ENV DEBIAN_FRONTEND noninteractive
|
ENV DEBIAN_FRONTEND noninteractive
|
||||||
RUN REPO=http://cdn-fastly.deb.debian.org && \
|
RUN apt-get -y update && \
|
||||||
echo "deb $REPO/debian jessie main\ndeb $REPO/debian-security jessie/updates main" > /etc/apt/sources.list && \
|
|
||||||
apt-get -y update && \
|
|
||||||
apt-get -y upgrade && \
|
apt-get -y upgrade && \
|
||||||
apt-get -y install wget locales git bzip2 &&\
|
apt-get -y install wget git bzip2 && \
|
||||||
/usr/sbin/update-locale LANG=C.UTF-8 && \
|
apt-get purge && \
|
||||||
locale-gen C.UTF-8 && \
|
|
||||||
apt-get remove -y locales && \
|
|
||||||
apt-get clean && \
|
apt-get clean && \
|
||||||
rm -rf /var/lib/apt/lists/*
|
rm -rf /var/lib/apt/lists/*
|
||||||
ENV LANG C.UTF-8
|
ENV LANG C.UTF-8
|
||||||
|
|
||||||
# install Python + NodeJS with conda
|
# install Python + NodeJS with conda
|
||||||
RUN wget -q https://repo.continuum.io/miniconda/Miniconda3-4.2.12-Linux-x86_64.sh -O /tmp/miniconda.sh && \
|
RUN wget -q https://repo.continuum.io/miniconda/Miniconda3-4.5.11-Linux-x86_64.sh -O /tmp/miniconda.sh && \
|
||||||
echo 'd0c7c71cc5659e54ab51f2005a8d96f3 */tmp/miniconda.sh' | md5sum -c - && \
|
echo 'e1045ee415162f944b6aebfe560b8fee */tmp/miniconda.sh' | md5sum -c - && \
|
||||||
bash /tmp/miniconda.sh -f -b -p /opt/conda && \
|
bash /tmp/miniconda.sh -f -b -p /opt/conda && \
|
||||||
/opt/conda/bin/conda install --yes -c conda-forge \
|
/opt/conda/bin/conda install --yes -c conda-forge \
|
||||||
python=3.5 sqlalchemy tornado jinja2 traitlets requests pip pycurl \
|
python=3.6 sqlalchemy tornado jinja2 traitlets requests pip pycurl \
|
||||||
nodejs configurable-http-proxy && \
|
nodejs configurable-http-proxy && \
|
||||||
/opt/conda/bin/pip install --upgrade pip && \
|
/opt/conda/bin/pip install --upgrade pip && \
|
||||||
rm /tmp/miniconda.sh
|
rm /tmp/miniconda.sh
|
||||||
@@ -52,7 +48,7 @@ ENV PATH=/opt/conda/bin:$PATH
|
|||||||
ADD . /src/jupyterhub
|
ADD . /src/jupyterhub
|
||||||
WORKDIR /src/jupyterhub
|
WORKDIR /src/jupyterhub
|
||||||
|
|
||||||
RUN python setup.py js && pip install . && \
|
RUN pip install . && \
|
||||||
rm -rf $PWD ~/.cache ~/.npm
|
rm -rf $PWD ~/.cache ~/.npm
|
||||||
|
|
||||||
RUN mkdir -p /srv/jupyterhub/
|
RUN mkdir -p /srv/jupyterhub/
|
||||||
|
21
MANIFEST.in
@@ -1,8 +1,9 @@
|
|||||||
include README.md
|
include README.md
|
||||||
include COPYING.md
|
include COPYING.md
|
||||||
include setupegg.py
|
include setupegg.py
|
||||||
include bower.json
|
include bower-lite
|
||||||
include package.json
|
include package.json
|
||||||
|
include package-lock.json
|
||||||
include *requirements.txt
|
include *requirements.txt
|
||||||
include Dockerfile
|
include Dockerfile
|
||||||
|
|
||||||
@@ -11,20 +12,22 @@ graft jupyterhub
|
|||||||
graft scripts
|
graft scripts
|
||||||
graft share
|
graft share
|
||||||
graft singleuser
|
graft singleuser
|
||||||
|
graft ci
|
||||||
|
|
||||||
# Documentation
|
# Documentation
|
||||||
graft docs
|
graft docs
|
||||||
prune docs/node_modules
|
prune docs/node_modules
|
||||||
|
|
||||||
# prune some large unused files from components
|
# prune some large unused files from components
|
||||||
prune share/jupyter/hub/static/components/bootstrap/css
|
prune share/jupyterhub/static/components/bootstrap/dist/css
|
||||||
exclude share/jupyter/hub/static/components/components/fonts/*.svg
|
exclude share/jupyterhub/static/components/bootstrap/dist/fonts/*.svg
|
||||||
exclude share/jupyter/hub/static/components/bootstrap/less/*.js
|
prune share/jupyterhub/static/components/font-awesome/css
|
||||||
exclude share/jupyter/hub/static/components/font-awesome/css
|
prune share/jupyterhub/static/components/font-awesome/scss
|
||||||
exclude share/jupyter/hub/static/components/font-awesome/fonts/*.svg
|
exclude share/jupyterhub/static/components/font-awesome/fonts/*.svg
|
||||||
exclude share/jupyter/hub/static/components/jquery/*migrate*.js
|
prune share/jupyterhub/static/components/jquery/external
|
||||||
prune share/jupyter/hub/static/components/moment/lang
|
prune share/jupyterhub/static/components/jquery/src
|
||||||
prune share/jupyter/hub/static/components/moment/min
|
prune share/jupyterhub/static/components/moment/lang
|
||||||
|
prune share/jupyterhub/static/components/moment/min
|
||||||
|
|
||||||
# Patterns to exclude from any directory
|
# Patterns to exclude from any directory
|
||||||
global-exclude *~
|
global-exclude *~
|
||||||
|
0
PULL_REQUEST_TEMPLATE.md
Normal file
104
README.md
@@ -11,16 +11,17 @@
|
|||||||
|
|
||||||
|
|
||||||
[](https://pypi.python.org/pypi/jupyterhub)
|
[](https://pypi.python.org/pypi/jupyterhub)
|
||||||
[](http://jupyterhub.readthedocs.org/en/latest/?badge=latest)
|
[](https://jupyterhub.readthedocs.org/en/latest/?badge=latest)
|
||||||
[](http://jupyterhub.readthedocs.io/en/0.7.2/?badge=0.7.2)
|
|
||||||
[](https://travis-ci.org/jupyterhub/jupyterhub)
|
[](https://travis-ci.org/jupyterhub/jupyterhub)
|
||||||
[](https://circleci.com/gh/jupyterhub/jupyterhub)
|
[](https://circleci.com/gh/jupyterhub/jupyterhub)
|
||||||
[](https://codecov.io/github/jupyterhub/jupyterhub?branch=master)
|
[](https://codecov.io/github/jupyterhub/jupyterhub?branch=master)
|
||||||
[](https://groups.google.com/forum/#!forum/jupyter)
|
[](https://github.com/jupyterhub/jupyterhub/issues)
|
||||||
|
[](https://discourse.jupyter.org/c/jupyterhub)
|
||||||
|
[](https://gitter.im/jupyterhub/jupyterhub)
|
||||||
|
|
||||||
With [JupyterHub](https://jupyterhub.readthedocs.io) you can create a
|
With [JupyterHub](https://jupyterhub.readthedocs.io) you can create a
|
||||||
**multi-user Hub** which spawns, manages, and proxies multiple instances of the
|
**multi-user Hub** which spawns, manages, and proxies multiple instances of the
|
||||||
single-user [Jupyter notebook (IPython notebook)](https://jupyter-notebook.readthedocs.io)
|
single-user [Jupyter notebook](https://jupyter-notebook.readthedocs.io)
|
||||||
server.
|
server.
|
||||||
|
|
||||||
[Project Jupyter](https://jupyter.org) created JupyterHub to support many
|
[Project Jupyter](https://jupyter.org) created JupyterHub to support many
|
||||||
@@ -34,11 +35,11 @@ Three main actors make up JupyterHub:
|
|||||||
|
|
||||||
- multi-user **Hub** (tornado process)
|
- multi-user **Hub** (tornado process)
|
||||||
- configurable http **proxy** (node-http-proxy)
|
- configurable http **proxy** (node-http-proxy)
|
||||||
- multiple **single-user Jupyter notebook servers** (Python/IPython/tornado)
|
- multiple **single-user Jupyter notebook servers** (Python/Jupyter/tornado)
|
||||||
|
|
||||||
Basic principles for operation are:
|
Basic principles for operation are:
|
||||||
|
|
||||||
- Hub spawns a proxy.
|
- Hub launches a proxy.
|
||||||
- Proxy forwards all requests to Hub by default.
|
- Proxy forwards all requests to Hub by default.
|
||||||
- Hub handles login, and spawns single-user servers on demand.
|
- Hub handles login, and spawns single-user servers on demand.
|
||||||
- Hub configures proxy to forward url prefixes to the single-user notebook
|
- Hub configures proxy to forward url prefixes to the single-user notebook
|
||||||
@@ -50,37 +51,62 @@ for administration of the Hub and its users.
|
|||||||
|
|
||||||
## Installation
|
## Installation
|
||||||
|
|
||||||
|
|
||||||
### Check prerequisites
|
### Check prerequisites
|
||||||
|
|
||||||
A Linux/Unix based system with the following:
|
- A Linux/Unix based system
|
||||||
|
- [Python](https://www.python.org/downloads/) 3.5 or greater
|
||||||
|
- [nodejs/npm](https://www.npmjs.com/)
|
||||||
|
|
||||||
- [Python](https://www.python.org/downloads/) 3.4 or greater
|
* If you are using **`conda`**, the nodejs and npm dependencies will be installed for
|
||||||
- [nodejs/npm](https://www.npmjs.com/) Install a recent version of
|
you by conda.
|
||||||
[nodejs/npm](https://docs.npmjs.com/getting-started/installing-node)
|
|
||||||
For example, install it on Linux (Debian/Ubuntu) using:
|
|
||||||
|
|
||||||
sudo apt-get install npm nodejs-legacy
|
* If you are using **`pip`**, install a recent version of
|
||||||
|
[nodejs/npm](https://docs.npmjs.com/getting-started/installing-node).
|
||||||
|
For example, install it on Linux (Debian/Ubuntu) using:
|
||||||
|
|
||||||
The `nodejs-legacy` package installs the `node` executable and is currently
|
```
|
||||||
required for npm to work on Debian/Ubuntu.
|
sudo apt-get install npm nodejs-legacy
|
||||||
|
```
|
||||||
|
|
||||||
|
The `nodejs-legacy` package installs the `node` executable and is currently
|
||||||
|
required for npm to work on Debian/Ubuntu.
|
||||||
|
|
||||||
- TLS certificate and key for HTTPS communication
|
- TLS certificate and key for HTTPS communication
|
||||||
- Domain name
|
- Domain name
|
||||||
|
|
||||||
### Install packages
|
### Install packages
|
||||||
|
|
||||||
|
#### Using `conda`
|
||||||
|
|
||||||
|
To install JupyterHub along with its dependencies including nodejs/npm:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
conda install -c conda-forge jupyterhub
|
||||||
|
```
|
||||||
|
|
||||||
|
If you plan to run notebook servers locally, install the Jupyter notebook
|
||||||
|
or JupyterLab:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
conda install notebook
|
||||||
|
conda install jupyterlab
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Using `pip`
|
||||||
|
|
||||||
JupyterHub can be installed with `pip`, and the proxy with `npm`:
|
JupyterHub can be installed with `pip`, and the proxy with `npm`:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
npm install -g configurable-http-proxy
|
npm install -g configurable-http-proxy
|
||||||
pip3 install jupyterhub
|
python3 -m pip install jupyterhub
|
||||||
```
|
```
|
||||||
|
|
||||||
If you plan to run notebook servers locally, you will need to install the
|
If you plan to run notebook servers locally, you will need to install the
|
||||||
[Jupyter notebook](https://jupyter.readthedocs.io/en/latest/install.html)
|
[Jupyter notebook](https://jupyter.readthedocs.io/en/latest/install.html)
|
||||||
package:
|
package:
|
||||||
|
|
||||||
pip3 install --upgrade notebook
|
python3 -m pip install --upgrade notebook
|
||||||
|
|
||||||
### Run the Hub server
|
### Run the Hub server
|
||||||
|
|
||||||
@@ -99,7 +125,7 @@ more configuration of the system.
|
|||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
|
|
||||||
The [Getting Started](http://jupyterhub.readthedocs.io/en/latest/getting-started/index.html) section of the
|
The [Getting Started](https://jupyterhub.readthedocs.io/en/latest/getting-started/index.html) section of the
|
||||||
documentation explains the common steps in setting up JupyterHub.
|
documentation explains the common steps in setting up JupyterHub.
|
||||||
|
|
||||||
The [**JupyterHub tutorial**](https://github.com/jupyterhub/jupyterhub-tutorial)
|
The [**JupyterHub tutorial**](https://github.com/jupyterhub/jupyterhub-tutorial)
|
||||||
@@ -151,7 +177,7 @@ not, Jupyter Notebook version 4 or greater must be installed.
|
|||||||
|
|
||||||
The JupyterHub docker image can be started with the following command:
|
The JupyterHub docker image can be started with the following command:
|
||||||
|
|
||||||
docker run -d --name jupyterhub jupyterhub/jupyterhub jupyterhub
|
docker run -p 8000:8000 -d --name jupyterhub jupyterhub/jupyterhub jupyterhub
|
||||||
|
|
||||||
This command will create a container named `jupyterhub` that you can
|
This command will create a container named `jupyterhub` that you can
|
||||||
**stop and resume** with `docker stop/start`.
|
**stop and resume** with `docker stop/start`.
|
||||||
@@ -163,7 +189,7 @@ If you want to run docker on a computer that has a public IP then you should
|
|||||||
(as in MUST) **secure it with ssl** by adding ssl options to your docker
|
(as in MUST) **secure it with ssl** by adding ssl options to your docker
|
||||||
configuration or by using a ssl enabled proxy.
|
configuration or by using a ssl enabled proxy.
|
||||||
|
|
||||||
[Mounting volumes](https://docs.docker.com/engine/userguide/containers/dockervolumes/) will
|
[Mounting volumes](https://docs.docker.com/engine/admin/volumes/volumes/) will
|
||||||
allow you to **store data outside the docker image (host system) so it will be persistent**, even when you start
|
allow you to **store data outside the docker image (host system) so it will be persistent**, even when you start
|
||||||
a new image.
|
a new image.
|
||||||
|
|
||||||
@@ -175,38 +201,12 @@ These accounts will be used for authentication in JupyterHub's default configura
|
|||||||
|
|
||||||
If you would like to contribute to the project, please read our
|
If you would like to contribute to the project, please read our
|
||||||
[contributor documentation](http://jupyter.readthedocs.io/en/latest/contributor/content-contributor.html)
|
[contributor documentation](http://jupyter.readthedocs.io/en/latest/contributor/content-contributor.html)
|
||||||
and the [`CONTRIBUTING.md`](CONTRIBUTING.md).
|
and the [`CONTRIBUTING.md`](CONTRIBUTING.md). The `CONTRIBUTING.md` file
|
||||||
|
explains how to set up a development installation, how to run the test suite,
|
||||||
|
and how to contribute to documentation.
|
||||||
|
|
||||||
For a **development install**, clone the [repository](https://github.com/jupyterhub/jupyterhub)
|
For a high-level view of the vision and next directions of the project, see the
|
||||||
and then install from source:
|
[JupyterHub community roadmap](docs/source/contributing/roadmap.md).
|
||||||
|
|
||||||
```bash
|
|
||||||
git clone https://github.com/jupyterhub/jupyterhub
|
|
||||||
cd jupyterhub
|
|
||||||
pip3 install -r dev-requirements.txt -e .
|
|
||||||
```
|
|
||||||
|
|
||||||
If the `pip3 install` command fails and complains about `lessc` being
|
|
||||||
unavailable, you may need to explicitly install some additional JavaScript
|
|
||||||
dependencies:
|
|
||||||
|
|
||||||
npm install
|
|
||||||
|
|
||||||
This will fetch client-side JavaScript dependencies necessary to compile CSS.
|
|
||||||
|
|
||||||
You may also need to manually update JavaScript and CSS after some development
|
|
||||||
updates, with:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
python3 setup.py js # fetch updated client-side js
|
|
||||||
python3 setup.py css # recompile CSS from LESS sources
|
|
||||||
```
|
|
||||||
|
|
||||||
We use [pytest](http://doc.pytest.org/en/latest/) for **running tests**:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
pytest jupyterhub/tests
|
|
||||||
```
|
|
||||||
|
|
||||||
### A note about platform support
|
### A note about platform support
|
||||||
|
|
||||||
@@ -237,11 +237,13 @@ our JupyterHub [Gitter](https://gitter.im/jupyterhub/jupyterhub) channel.
|
|||||||
|
|
||||||
- [Reporting Issues](https://github.com/jupyterhub/jupyterhub/issues)
|
- [Reporting Issues](https://github.com/jupyterhub/jupyterhub/issues)
|
||||||
- [JupyterHub tutorial](https://github.com/jupyterhub/jupyterhub-tutorial)
|
- [JupyterHub tutorial](https://github.com/jupyterhub/jupyterhub-tutorial)
|
||||||
- [Documentation for JupyterHub](http://jupyterhub.readthedocs.io/en/latest/) | [PDF (latest)](https://media.readthedocs.org/pdf/jupyterhub/latest/jupyterhub.pdf) | [PDF (stable)](https://media.readthedocs.org/pdf/jupyterhub/stable/jupyterhub.pdf)
|
- [Documentation for JupyterHub](https://jupyterhub.readthedocs.io/en/latest/) | [PDF (latest)](https://media.readthedocs.org/pdf/jupyterhub/latest/jupyterhub.pdf) | [PDF (stable)](https://media.readthedocs.org/pdf/jupyterhub/stable/jupyterhub.pdf)
|
||||||
- [Documentation for JupyterHub's REST API](http://petstore.swagger.io/?url=https://raw.githubusercontent.com/jupyter/jupyterhub/master/docs/rest-api.yml#/default)
|
- [Documentation for JupyterHub's REST API](http://petstore.swagger.io/?url=https://raw.githubusercontent.com/jupyter/jupyterhub/master/docs/rest-api.yml#/default)
|
||||||
- [Documentation for Project Jupyter](http://jupyter.readthedocs.io/en/latest/index.html) | [PDF](https://media.readthedocs.org/pdf/jupyter/latest/jupyter.pdf)
|
- [Documentation for Project Jupyter](http://jupyter.readthedocs.io/en/latest/index.html) | [PDF](https://media.readthedocs.org/pdf/jupyter/latest/jupyter.pdf)
|
||||||
- [Project Jupyter website](https://jupyter.org)
|
- [Project Jupyter website](https://jupyter.org)
|
||||||
|
|
||||||
|
JupyterHub follows the Jupyter [Community Guides](https://jupyter.readthedocs.io/en/latest/community/content-community.html).
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
**[Technical Overview](#technical-overview)** |
|
**[Technical Overview](#technical-overview)** |
|
||||||
|
33
bower-lite
Executable file
@@ -0,0 +1,33 @@
|
|||||||
|
#!/usr/bin/env python
|
||||||
|
# Copyright (c) Jupyter Development Team.
|
||||||
|
# Distributed under the terms of the Modified BSD License.
|
||||||
|
"""
|
||||||
|
bower-lite
|
||||||
|
|
||||||
|
Since Bower's on its way out,
|
||||||
|
stage frontend dependencies from node_modules into components
|
||||||
|
"""
|
||||||
|
import json
|
||||||
|
import os
|
||||||
|
import shutil
|
||||||
|
from os.path import join
|
||||||
|
|
||||||
|
HERE = os.path.abspath(os.path.dirname(__file__))
|
||||||
|
|
||||||
|
|
||||||
|
components = join(HERE, "share", "jupyterhub", "static", "components")
|
||||||
|
node_modules = join(HERE, "node_modules")
|
||||||
|
|
||||||
|
if os.path.exists(components):
|
||||||
|
shutil.rmtree(components)
|
||||||
|
os.mkdir(components)
|
||||||
|
|
||||||
|
with open(join(HERE, 'package.json')) as f:
|
||||||
|
package_json = json.load(f)
|
||||||
|
|
||||||
|
dependencies = package_json['dependencies']
|
||||||
|
for dep in dependencies:
|
||||||
|
src = join(node_modules, dep)
|
||||||
|
dest = join(components, dep)
|
||||||
|
print("%s -> %s" % (src, dest))
|
||||||
|
shutil.copytree(src, dest)
|
11
bower.json
@@ -1,11 +0,0 @@
|
|||||||
{
|
|
||||||
"name": "jupyterhub-deps",
|
|
||||||
"version": "0.0.0",
|
|
||||||
"dependencies": {
|
|
||||||
"bootstrap": "components/bootstrap#~3.3",
|
|
||||||
"font-awesome": "components/font-awesome#~4.7",
|
|
||||||
"jquery": "components/jquery#~3.2",
|
|
||||||
"moment": "~2.18",
|
|
||||||
"requirejs": "~2.3"
|
|
||||||
}
|
|
||||||
}
|
|
50
ci/docker-db.sh
Executable file
@@ -0,0 +1,50 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
# source this file to setup postgres and mysql
|
||||||
|
# for local testing (as similar as possible to docker)
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
export MYSQL_HOST=127.0.0.1
|
||||||
|
export MYSQL_TCP_PORT=${MYSQL_TCP_PORT:-13306}
|
||||||
|
export PGHOST=127.0.0.1
|
||||||
|
NAME="hub-test-$DB"
|
||||||
|
DOCKER_RUN="docker run -d --name $NAME"
|
||||||
|
|
||||||
|
docker rm -f "$NAME" 2>/dev/null || true
|
||||||
|
|
||||||
|
case "$DB" in
|
||||||
|
"mysql")
|
||||||
|
RUN_ARGS="-e MYSQL_ALLOW_EMPTY_PASSWORD=1 -p $MYSQL_TCP_PORT:3306 mysql:5.7"
|
||||||
|
CHECK="mysql --host $MYSQL_HOST --port $MYSQL_TCP_PORT --user root -e \q"
|
||||||
|
;;
|
||||||
|
"postgres")
|
||||||
|
RUN_ARGS="-p 5432:5432 postgres:9.5"
|
||||||
|
CHECK="psql --user postgres -c \q"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo '$DB must be mysql or postgres'
|
||||||
|
exit 1
|
||||||
|
esac
|
||||||
|
|
||||||
|
$DOCKER_RUN $RUN_ARGS
|
||||||
|
|
||||||
|
echo -n "waiting for $DB "
|
||||||
|
for i in {1..60}; do
|
||||||
|
if $CHECK; then
|
||||||
|
echo 'done'
|
||||||
|
break
|
||||||
|
else
|
||||||
|
echo -n '.'
|
||||||
|
sleep 1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
$CHECK
|
||||||
|
|
||||||
|
|
||||||
|
echo -e "
|
||||||
|
Set these environment variables:
|
||||||
|
|
||||||
|
export MYSQL_HOST=127.0.0.1
|
||||||
|
export MYSQL_TCP_PORT=$MYSQL_TCP_PORT
|
||||||
|
export PGHOST=127.0.0.1
|
||||||
|
"
|
27
ci/init-db.sh
Executable file
@@ -0,0 +1,27 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
# initialize jupyterhub databases for testing
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
MYSQL="mysql --user root --host $MYSQL_HOST --port $MYSQL_TCP_PORT -e "
|
||||||
|
PSQL="psql --user postgres -c "
|
||||||
|
|
||||||
|
case "$DB" in
|
||||||
|
"mysql")
|
||||||
|
EXTRA_CREATE='CHARACTER SET utf8 COLLATE utf8_general_ci'
|
||||||
|
SQL="$MYSQL"
|
||||||
|
;;
|
||||||
|
"postgres")
|
||||||
|
SQL="$PSQL"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo '$DB must be mysql or postgres'
|
||||||
|
exit 1
|
||||||
|
esac
|
||||||
|
|
||||||
|
set -x
|
||||||
|
|
||||||
|
for SUFFIX in '' _upgrade_072 _upgrade_081 _upgrade_094; do
|
||||||
|
$SQL "DROP DATABASE jupyterhub${SUFFIX};" 2>/dev/null || true
|
||||||
|
$SQL "CREATE DATABASE jupyterhub${SUFFIX} ${EXTRA_CREATE};"
|
||||||
|
done
|
24
circle.yml
@@ -1,24 +0,0 @@
|
|||||||
machine:
|
|
||||||
services:
|
|
||||||
- docker
|
|
||||||
|
|
||||||
dependencies:
|
|
||||||
override:
|
|
||||||
- ls
|
|
||||||
|
|
||||||
test:
|
|
||||||
override:
|
|
||||||
- docker build -t jupyterhub/jupyterhub .
|
|
||||||
- docker build -t jupyterhub/jupyterhub-onbuild:${CIRCLE_TAG:-latest} onbuild
|
|
||||||
|
|
||||||
deployment:
|
|
||||||
hub:
|
|
||||||
branch: master
|
|
||||||
commands:
|
|
||||||
- docker login -u $DOCKER_USER -p $DOCKER_PASS -e unused@example.com
|
|
||||||
- docker push jupyterhub/jupyterhub-onbuild
|
|
||||||
release:
|
|
||||||
tag: /.*/
|
|
||||||
commands:
|
|
||||||
- docker login -u $DOCKER_USER -p $DOCKER_PASS -e unused@example.com
|
|
||||||
- docker push jupyterhub/jupyterhub-onbuild:$CIRCLE_TAG
|
|
@@ -1,9 +1,17 @@
|
|||||||
-r requirements.txt
|
-r requirements.txt
|
||||||
mock
|
# temporary pin of attrs for jsonschema 0.3.0a1
|
||||||
|
# seems to be a pip bug
|
||||||
|
attrs>=17.4.0
|
||||||
|
beautifulsoup4
|
||||||
codecov
|
codecov
|
||||||
|
coverage
|
||||||
cryptography
|
cryptography
|
||||||
pytest-cov
|
html5lib # needed for beautifulsoup
|
||||||
pytest-tornado
|
mock
|
||||||
pytest>=2.8
|
|
||||||
notebook
|
notebook
|
||||||
|
pre-commit
|
||||||
|
pytest-asyncio
|
||||||
|
pytest-cov
|
||||||
|
pytest>=3.3
|
||||||
requests-mock
|
requests-mock
|
||||||
|
virtualenv
|
||||||
|
9
dockerfiles/Dockerfile.alpine
Normal file
@@ -0,0 +1,9 @@
|
|||||||
|
FROM python:3.6.3-alpine3.6
|
||||||
|
|
||||||
|
ARG JUPYTERHUB_VERSION=0.8.1
|
||||||
|
|
||||||
|
RUN pip3 install --no-cache jupyterhub==${JUPYTERHUB_VERSION}
|
||||||
|
ENV LANG=en_US.UTF-8
|
||||||
|
|
||||||
|
USER nobody
|
||||||
|
CMD ["jupyterhub"]
|
20
dockerfiles/README.md
Normal file
@@ -0,0 +1,20 @@
|
|||||||
|
## What is Dockerfile.alpine
|
||||||
|
Dockerfile.alpine contains base image for jupyterhub. It does not work independently, but only as part of a full jupyterhub cluster
|
||||||
|
|
||||||
|
## How to use it?
|
||||||
|
|
||||||
|
1. A running configurable-http-proxy, whose API is accessible.
|
||||||
|
2. A jupyterhub_config file.
|
||||||
|
3. Authentication and other libraries required by the specific jupyterhub_config file.
|
||||||
|
|
||||||
|
|
||||||
|
## Steps to test it outside a cluster
|
||||||
|
|
||||||
|
* start configurable-http-proxy in another container
|
||||||
|
* specify CONFIGPROXY_AUTH_TOKEN env in both containers
|
||||||
|
* put both containers on the same network (e.g. docker create network jupyterhub; docker run ... --net jupyterhub)
|
||||||
|
* tell jupyterhub where CHP is (e.g. c.ConfigurableHTTPProxy.api_url = 'http://chp:8001')
|
||||||
|
* tell jupyterhub not to start the proxy itself (c.ConfigurableHTTPProxy.should_start = False)
|
||||||
|
* Use dummy authenticator for ease of testing. Update following in jupyterhub_config file
|
||||||
|
- c.JupyterHub.authenticator_class = 'dummyauthenticator.DummyAuthenticator'
|
||||||
|
- c.DummyAuthenticator.password = "your strong password"
|
@@ -2,7 +2,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
# You can set these variables from the command line.
|
# You can set these variables from the command line.
|
||||||
SPHINXOPTS =
|
SPHINXOPTS = "-W"
|
||||||
SPHINXBUILD = sphinx-build
|
SPHINXBUILD = sphinx-build
|
||||||
PAPER =
|
PAPER =
|
||||||
BUILDDIR = build
|
BUILDDIR = build
|
||||||
|
@@ -1,19 +1,25 @@
|
|||||||
|
# ReadTheDocs uses the `environment.yaml` so make sure to update that as well
|
||||||
|
# if you change the dependencies of JupyterHub in the various `requirements.txt`
|
||||||
name: jhub_docs
|
name: jhub_docs
|
||||||
channels:
|
channels:
|
||||||
- conda-forge
|
- conda-forge
|
||||||
dependencies:
|
dependencies:
|
||||||
- nodejs
|
- nodejs
|
||||||
- python=3.5
|
- python=3.6
|
||||||
- alembic
|
- alembic
|
||||||
- jinja2
|
- jinja2
|
||||||
- pamela
|
- pamela
|
||||||
- requests
|
- requests
|
||||||
- sqlalchemy>=1
|
- sqlalchemy>=1
|
||||||
- tornado>=4.1
|
- tornado>=5.0
|
||||||
- traitlets>=4.1
|
- traitlets>=4.1
|
||||||
- sphinx>=1.4, !=1.5.4
|
- sphinx>=1.7
|
||||||
- sphinx_rtd_theme
|
|
||||||
- pip:
|
- pip:
|
||||||
- jupyter_alabaster_theme
|
- entrypoints
|
||||||
- python-oauth2
|
- oauthlib>=2.0
|
||||||
- recommonmark==0.4.0
|
- recommonmark==0.5.0
|
||||||
|
- async_generator
|
||||||
|
- prometheus_client
|
||||||
|
- attrs>=17.4.0
|
||||||
|
- sphinx-copybutton
|
||||||
|
- alabaster_jupyterhub
|
||||||
|
@@ -1,3 +1,7 @@
|
|||||||
|
# ReadTheDocs uses the `environment.yaml` so make sure to update that as well
|
||||||
|
# if you change this file
|
||||||
-r ../requirements.txt
|
-r ../requirements.txt
|
||||||
sphinx>=1.4
|
alabaster_jupyterhub
|
||||||
recommonmark==0.4.0
|
recommonmark==0.5.0
|
||||||
|
sphinx-copybutton
|
||||||
|
sphinx>=1.7
|
||||||
|
@@ -3,7 +3,7 @@ swagger: '2.0'
|
|||||||
info:
|
info:
|
||||||
title: JupyterHub
|
title: JupyterHub
|
||||||
description: The REST API for JupyterHub
|
description: The REST API for JupyterHub
|
||||||
version: 0.8.0dev
|
version: 0.9.0dev
|
||||||
license:
|
license:
|
||||||
name: BSD-3-Clause
|
name: BSD-3-Clause
|
||||||
schemes:
|
schemes:
|
||||||
@@ -89,7 +89,7 @@ paths:
|
|||||||
post:
|
post:
|
||||||
summary: Create multiple users
|
summary: Create multiple users
|
||||||
parameters:
|
parameters:
|
||||||
- name: data
|
- name: body
|
||||||
in: body
|
in: body
|
||||||
required: true
|
required: true
|
||||||
schema:
|
schema:
|
||||||
@@ -147,7 +147,7 @@ paths:
|
|||||||
in: path
|
in: path
|
||||||
required: true
|
required: true
|
||||||
type: string
|
type: string
|
||||||
- name: data
|
- name: body
|
||||||
in: body
|
in: body
|
||||||
required: true
|
required: true
|
||||||
description: Updated user info. At least one key to be updated (name or admin) is required.
|
description: Updated user info. At least one key to be updated (name or admin) is required.
|
||||||
@@ -176,6 +176,60 @@ paths:
|
|||||||
responses:
|
responses:
|
||||||
'204':
|
'204':
|
||||||
description: The user has been deleted
|
description: The user has been deleted
|
||||||
|
/users/{name}/activity:
|
||||||
|
post:
|
||||||
|
summary:
|
||||||
|
Notify Hub of activity for a given user.
|
||||||
|
description:
|
||||||
|
Notify the Hub of activity by the user,
|
||||||
|
e.g. accessing a service or (more likely)
|
||||||
|
actively using a server.
|
||||||
|
parameters:
|
||||||
|
- name: name
|
||||||
|
description: username
|
||||||
|
in: path
|
||||||
|
required: true
|
||||||
|
type: string
|
||||||
|
- body:
|
||||||
|
in: body
|
||||||
|
schema:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
last_activity:
|
||||||
|
type: string
|
||||||
|
format: date-time
|
||||||
|
description: |
|
||||||
|
Timestamp of last-seen activity for this user.
|
||||||
|
Only needed if this is not activity associated
|
||||||
|
with using a given server.
|
||||||
|
required: false
|
||||||
|
servers:
|
||||||
|
description: |
|
||||||
|
Register activity for specific servers by name.
|
||||||
|
The keys of this dict are the names of servers.
|
||||||
|
The default server has an empty name ('').
|
||||||
|
required: false
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
'<server name>':
|
||||||
|
description: |
|
||||||
|
Activity for a single server.
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
last_activity:
|
||||||
|
required: true
|
||||||
|
type: string
|
||||||
|
format: date-time
|
||||||
|
description: |
|
||||||
|
Timestamp of last-seen activity on this server.
|
||||||
|
example:
|
||||||
|
last_activity: '2019-02-06T12:54:14Z'
|
||||||
|
servers:
|
||||||
|
'':
|
||||||
|
last_activity: '2019-02-06T12:54:14Z'
|
||||||
|
gpu:
|
||||||
|
last_activity: '2019-02-06T12:54:14Z'
|
||||||
|
|
||||||
/users/{name}/server:
|
/users/{name}/server:
|
||||||
post:
|
post:
|
||||||
summary: Start a user's single-user notebook server
|
summary: Start a user's single-user notebook server
|
||||||
@@ -185,6 +239,15 @@ paths:
|
|||||||
in: path
|
in: path
|
||||||
required: true
|
required: true
|
||||||
type: string
|
type: string
|
||||||
|
- options:
|
||||||
|
description: |
|
||||||
|
Spawn options can be passed as a JSON body
|
||||||
|
when spawning via the API instead of spawn form.
|
||||||
|
The structure of the options
|
||||||
|
will depend on the Spawner's configuration.
|
||||||
|
in: body
|
||||||
|
required: false
|
||||||
|
type: object
|
||||||
responses:
|
responses:
|
||||||
'201':
|
'201':
|
||||||
description: The user's notebook server has started
|
description: The user's notebook server has started
|
||||||
@@ -203,18 +266,100 @@ paths:
|
|||||||
description: The user's notebook server has stopped
|
description: The user's notebook server has stopped
|
||||||
'202':
|
'202':
|
||||||
description: The user's notebook server has not yet stopped as it is taking a while to stop
|
description: The user's notebook server has not yet stopped as it is taking a while to stop
|
||||||
/users/{name}/admin-access:
|
/users/{name}/servers/{server_name}:
|
||||||
post:
|
post:
|
||||||
summary: Grant admin access to this user's notebook server
|
summary: Start a user's single-user named-server notebook server
|
||||||
parameters:
|
parameters:
|
||||||
- name: name
|
- name: name
|
||||||
description: username
|
description: username
|
||||||
in: path
|
in: path
|
||||||
required: true
|
required: true
|
||||||
type: string
|
type: string
|
||||||
|
- name: server_name
|
||||||
|
description: name given to a named-server
|
||||||
|
in: path
|
||||||
|
required: true
|
||||||
|
type: string
|
||||||
|
- options:
|
||||||
|
description: |
|
||||||
|
Spawn options can be passed as a JSON body
|
||||||
|
when spawning via the API instead of spawn form.
|
||||||
|
The structure of the options
|
||||||
|
will depend on the Spawner's configuration.
|
||||||
|
in: body
|
||||||
|
required: false
|
||||||
|
type: object
|
||||||
|
responses:
|
||||||
|
'201':
|
||||||
|
description: The user's notebook named-server has started
|
||||||
|
'202':
|
||||||
|
description: The user's notebook named-server has not yet started, but has been requested
|
||||||
|
delete:
|
||||||
|
summary: Stop a user's named-server
|
||||||
|
parameters:
|
||||||
|
- name: name
|
||||||
|
description: username
|
||||||
|
in: path
|
||||||
|
required: true
|
||||||
|
type: string
|
||||||
|
- name: server_name
|
||||||
|
description: name given to a named-server
|
||||||
|
in: path
|
||||||
|
required: true
|
||||||
|
type: string
|
||||||
|
- name: remove
|
||||||
|
description: |
|
||||||
|
Whether to fully remove the server, rather than just stop it.
|
||||||
|
Removing a server deletes things like the state of the stopped server.
|
||||||
|
in: body
|
||||||
|
required: false
|
||||||
|
type: boolean
|
||||||
|
responses:
|
||||||
|
'204':
|
||||||
|
description: The user's notebook named-server has stopped
|
||||||
|
'202':
|
||||||
|
description: The user's notebook named-server has not yet stopped as it is taking a while to stop
|
||||||
|
/users/{name}/tokens:
|
||||||
|
get:
|
||||||
|
summary: List tokens for the user
|
||||||
responses:
|
responses:
|
||||||
'200':
|
'200':
|
||||||
description: Sets a cookie granting the requesting administrator access to the user's notebook server
|
description: The list of tokens
|
||||||
|
schema:
|
||||||
|
type: array
|
||||||
|
items:
|
||||||
|
$ref: '#/definitions/Token'
|
||||||
|
post:
|
||||||
|
summary: Create a new token for the user
|
||||||
|
parameters:
|
||||||
|
- name: expires_in
|
||||||
|
type: number
|
||||||
|
required: false
|
||||||
|
in: body
|
||||||
|
description: lifetime (in seconds) after which the requested token will expire.
|
||||||
|
- name: note
|
||||||
|
type: string
|
||||||
|
required: false
|
||||||
|
in: body
|
||||||
|
description: A note attached to the token for future bookkeeping
|
||||||
|
responses:
|
||||||
|
'201':
|
||||||
|
description: The newly created token
|
||||||
|
schema:
|
||||||
|
$ref: '#/definitions/Token'
|
||||||
|
/users/{name}/tokens/{token_id}:
|
||||||
|
get:
|
||||||
|
summary: Get the model for a token by id
|
||||||
|
responses:
|
||||||
|
'200':
|
||||||
|
description: The info for the new token
|
||||||
|
schema:
|
||||||
|
$ref: '#/definitions/Token'
|
||||||
|
delete:
|
||||||
|
summary: Delete (revoke) a token by id
|
||||||
|
responses:
|
||||||
|
'204':
|
||||||
|
description: The token has been deleted
|
||||||
/user:
|
/user:
|
||||||
summary: Return authenticated user's model
|
summary: Return authenticated user's model
|
||||||
description:
|
description:
|
||||||
@@ -279,7 +424,7 @@ paths:
|
|||||||
in: path
|
in: path
|
||||||
required: true
|
required: true
|
||||||
type: string
|
type: string
|
||||||
- name: data
|
- name: body
|
||||||
in: body
|
in: body
|
||||||
required: true
|
required: true
|
||||||
description: The users to add to the group
|
description: The users to add to the group
|
||||||
@@ -304,7 +449,7 @@ paths:
|
|||||||
in: path
|
in: path
|
||||||
required: true
|
required: true
|
||||||
type: string
|
type: string
|
||||||
- name: data
|
- name: body
|
||||||
in: body
|
in: body
|
||||||
required: true
|
required: true
|
||||||
description: The users to remove from the group
|
description: The users to remove from the group
|
||||||
@@ -362,7 +507,7 @@ paths:
|
|||||||
summary: Notify the Hub about a new proxy
|
summary: Notify the Hub about a new proxy
|
||||||
description: Notifies the Hub of a new proxy to use.
|
description: Notifies the Hub of a new proxy to use.
|
||||||
parameters:
|
parameters:
|
||||||
- name: data
|
- name: body
|
||||||
in: body
|
in: body
|
||||||
required: true
|
required: true
|
||||||
description: Any values that have changed for the new proxy. All keys are optional.
|
description: Any values that have changed for the new proxy. All keys are optional.
|
||||||
@@ -551,12 +696,55 @@ definitions:
|
|||||||
description: The user's notebook server's base URL, if running; null if not.
|
description: The user's notebook server's base URL, if running; null if not.
|
||||||
pending:
|
pending:
|
||||||
type: string
|
type: string
|
||||||
enum: ["spawn", "stop"]
|
enum: ["spawn", "stop", null]
|
||||||
description: The currently pending action, if any
|
description: The currently pending action, if any
|
||||||
last_activity:
|
last_activity:
|
||||||
type: string
|
type: string
|
||||||
format: date-time
|
format: date-time
|
||||||
description: Timestamp of last-seen activity from the user
|
description: Timestamp of last-seen activity from the user
|
||||||
|
servers:
|
||||||
|
type: object
|
||||||
|
description: The active servers for this user.
|
||||||
|
items:
|
||||||
|
schema:
|
||||||
|
$ref: '#/definitions/Server'
|
||||||
|
Server:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
name:
|
||||||
|
type: string
|
||||||
|
description: The server's name. The user's default server has an empty name ('')
|
||||||
|
ready:
|
||||||
|
type: boolean
|
||||||
|
description: |
|
||||||
|
Whether the server is ready for traffic.
|
||||||
|
Will always be false when any transition is pending.
|
||||||
|
pending:
|
||||||
|
type: string
|
||||||
|
enum: ["spawn", "stop", null]
|
||||||
|
description: |
|
||||||
|
The currently pending action, if any.
|
||||||
|
A server is not ready if an action is pending.
|
||||||
|
url:
|
||||||
|
type: string
|
||||||
|
description: |
|
||||||
|
The URL where the server can be accessed
|
||||||
|
(typically /user/:name/:server.name/).
|
||||||
|
progress_url:
|
||||||
|
type: string
|
||||||
|
description: |
|
||||||
|
The URL for an event-stream to retrieve events during a spawn.
|
||||||
|
started:
|
||||||
|
type: string
|
||||||
|
format: date-time
|
||||||
|
description: UTC timestamp when the server was last started.
|
||||||
|
last_activity:
|
||||||
|
type: string
|
||||||
|
format: date-time
|
||||||
|
description: UTC timestamp last-seen activity on this server.
|
||||||
|
state:
|
||||||
|
type: object
|
||||||
|
description: Arbitrary internal state from this server's spawner. Only available on the hub's users list or get-user-by-name method, and only if a hub admin. None otherwise.
|
||||||
Group:
|
Group:
|
||||||
type: object
|
type: object
|
||||||
properties:
|
properties:
|
||||||
@@ -591,3 +779,40 @@ definitions:
|
|||||||
description: The command used to start the service (if managed)
|
description: The command used to start the service (if managed)
|
||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
|
info:
|
||||||
|
type: object
|
||||||
|
description: |
|
||||||
|
Additional information a deployment can attach to a service.
|
||||||
|
JupyterHub does not use this field.
|
||||||
|
Token:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
token:
|
||||||
|
type: string
|
||||||
|
description: The token itself. Only present in responses to requests for a new token.
|
||||||
|
id:
|
||||||
|
type: string
|
||||||
|
description: The id of the API token. Used for modifying or deleting the token.
|
||||||
|
user:
|
||||||
|
type: string
|
||||||
|
description: The user that owns a token (undefined if owned by a service)
|
||||||
|
service:
|
||||||
|
type: string
|
||||||
|
description: The service that owns the token (undefined of owned by a user)
|
||||||
|
note:
|
||||||
|
type: string
|
||||||
|
description: A note about the token, typically describing what it was created for.
|
||||||
|
created:
|
||||||
|
type: string
|
||||||
|
format: date-time
|
||||||
|
description: Timestamp when this token was created
|
||||||
|
expires_at:
|
||||||
|
type: string
|
||||||
|
format: date-time
|
||||||
|
description: Timestamp when this token expires. Null if there is no expiry.
|
||||||
|
last_activity:
|
||||||
|
type: string
|
||||||
|
format: date-time
|
||||||
|
description: |
|
||||||
|
Timestamp of last-seen activity using this token.
|
||||||
|
Can be null if token has never been used.
|
||||||
|
106
docs/source/_static/custom.css
Normal file
@@ -0,0 +1,106 @@
|
|||||||
|
div#helm-chart-schema h2,
|
||||||
|
div#helm-chart-schema h3,
|
||||||
|
div#helm-chart-schema h4,
|
||||||
|
div#helm-chart-schema h5,
|
||||||
|
div#helm-chart-schema h6 {
|
||||||
|
font-family: courier new;
|
||||||
|
}
|
||||||
|
|
||||||
|
h3, h3 ~ * {
|
||||||
|
margin-left: 3% !important;
|
||||||
|
}
|
||||||
|
|
||||||
|
h4, h4 ~ * {
|
||||||
|
margin-left: 6% !important;
|
||||||
|
}
|
||||||
|
|
||||||
|
h5, h5 ~ * {
|
||||||
|
margin-left: 9% !important;
|
||||||
|
}
|
||||||
|
|
||||||
|
h6, h6 ~ * {
|
||||||
|
margin-left: 12% !important;
|
||||||
|
}
|
||||||
|
|
||||||
|
h7, h7 ~ * {
|
||||||
|
margin-left: 15% !important;
|
||||||
|
}
|
||||||
|
|
||||||
|
img.logo {
|
||||||
|
width:100%
|
||||||
|
}
|
||||||
|
|
||||||
|
.right-next {
|
||||||
|
float: right;
|
||||||
|
max-width: 45%;
|
||||||
|
overflow: auto;
|
||||||
|
text-overflow: ellipsis;
|
||||||
|
white-space: nowrap;
|
||||||
|
}
|
||||||
|
|
||||||
|
.right-next::after{
|
||||||
|
content: ' »';
|
||||||
|
}
|
||||||
|
|
||||||
|
.left-prev {
|
||||||
|
float: left;
|
||||||
|
max-width: 45%;
|
||||||
|
overflow: auto;
|
||||||
|
text-overflow: ellipsis;
|
||||||
|
white-space: nowrap;
|
||||||
|
}
|
||||||
|
|
||||||
|
.left-prev::before{
|
||||||
|
content: '« ';
|
||||||
|
}
|
||||||
|
|
||||||
|
.prev-next-bottom {
|
||||||
|
margin-top: 3em;
|
||||||
|
}
|
||||||
|
|
||||||
|
.prev-next-top {
|
||||||
|
margin-bottom: 1em;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Sidebar TOC and headers */
|
||||||
|
|
||||||
|
div.sphinxsidebarwrapper div {
|
||||||
|
margin-bottom: .8em;
|
||||||
|
}
|
||||||
|
div.sphinxsidebar h3 {
|
||||||
|
font-size: 1.3em;
|
||||||
|
padding-top: 0px;
|
||||||
|
font-weight: 800;
|
||||||
|
margin-left: 0px !important;
|
||||||
|
}
|
||||||
|
|
||||||
|
div.sphinxsidebar p.caption {
|
||||||
|
font-size: 1.2em;
|
||||||
|
margin-bottom: 0px;
|
||||||
|
margin-left: 0px !important;
|
||||||
|
font-weight: 900;
|
||||||
|
color: #767676;
|
||||||
|
}
|
||||||
|
|
||||||
|
div.sphinxsidebar ul {
|
||||||
|
font-size: .8em;
|
||||||
|
margin-top: 0px;
|
||||||
|
padding-left: 3%;
|
||||||
|
margin-left: 0px !important;
|
||||||
|
}
|
||||||
|
|
||||||
|
div.relations ul {
|
||||||
|
font-size: 1em;
|
||||||
|
margin-left: 0px !important;
|
||||||
|
}
|
||||||
|
|
||||||
|
div#searchbox form {
|
||||||
|
margin-left: 0px !important;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* body elements */
|
||||||
|
.toctree-wrapper span.caption-text {
|
||||||
|
color: #767676;
|
||||||
|
font-style: italic;
|
||||||
|
font-weight: 300;
|
||||||
|
}
|
BIN
docs/source/_static/images/logo/favicon.ico
Normal file
After Width: | Height: | Size: 4.4 KiB |
BIN
docs/source/_static/images/logo/logo.png
Normal file
After Width: | Height: | Size: 38 KiB |
16
docs/source/_templates/navigation.html
Normal file
@@ -0,0 +1,16 @@
|
|||||||
|
{# Custom template for navigation.html
|
||||||
|
|
||||||
|
alabaster theme does not provide blocks for titles to
|
||||||
|
be overridden so this custom theme handles title and
|
||||||
|
toctree for sidebar
|
||||||
|
#}
|
||||||
|
<h3>{{ _('Table of Contents') }}</h3>
|
||||||
|
{{ toctree(includehidden=theme_sidebar_includehidden, collapse=theme_sidebar_collapse) }}
|
||||||
|
{% if theme_extra_nav_links %}
|
||||||
|
<hr />
|
||||||
|
<ul>
|
||||||
|
{% for text, uri in theme_extra_nav_links.items() %}
|
||||||
|
<li class="toctree-l1"><a href="{{ uri }}">{{ text }}</a></li>
|
||||||
|
{% endfor %}
|
||||||
|
</ul>
|
||||||
|
{% endif %}
|
30
docs/source/_templates/page.html
Normal file
@@ -0,0 +1,30 @@
|
|||||||
|
{% extends '!page.html' %}
|
||||||
|
|
||||||
|
{# Custom template for page.html
|
||||||
|
|
||||||
|
Alabaster theme does not provide blocks for prev/next at bottom of each page.
|
||||||
|
This is _in addition_ to the prev/next in the sidebar. The "Prev/Next" text
|
||||||
|
or symbols are handled by CSS classes in _static/custom.css
|
||||||
|
#}
|
||||||
|
|
||||||
|
{% macro prev_next(prev, next, prev_title='', next_title='') %}
|
||||||
|
{%- if prev %}
|
||||||
|
<a class='left-prev' href="{{ prev.link|e }}" title="{{ _('previous chapter')}}">{{ prev_title or prev.title }}</a>
|
||||||
|
{%- endif %}
|
||||||
|
{%- if next %}
|
||||||
|
<a class='right-next' href="{{ next.link|e }}" title="{{ _('next chapter')}}">{{ next_title or next.title }}</a>
|
||||||
|
{%- endif %}
|
||||||
|
<div style='clear:both;'></div>
|
||||||
|
{% endmacro %}
|
||||||
|
|
||||||
|
|
||||||
|
{% block body %}
|
||||||
|
<div class='prev-next-top'>
|
||||||
|
{{ prev_next(prev, next, 'Previous', 'Next') }}
|
||||||
|
</div>
|
||||||
|
|
||||||
|
{{super()}}
|
||||||
|
<div class='prev-next-bottom'>
|
||||||
|
{{ prev_next(prev, next) }}
|
||||||
|
</div>
|
||||||
|
{% endblock %}
|
17
docs/source/_templates/relations.html
Normal file
@@ -0,0 +1,17 @@
|
|||||||
|
{# Custom template for relations.html
|
||||||
|
|
||||||
|
alabaster theme does not provide previous/next page by default
|
||||||
|
#}
|
||||||
|
<div class="relations">
|
||||||
|
<h3>Navigation</h3>
|
||||||
|
<ul>
|
||||||
|
<li><a href="{{ pathto(master_doc) }}">Documentation Home</a><ul>
|
||||||
|
{%- if prev %}
|
||||||
|
<li><a href="{{ prev.link|e }}" title="Previous">Previous topic</a></li>
|
||||||
|
{%- endif %}
|
||||||
|
{%- if next %}
|
||||||
|
<li><a href="{{ next.link|e }}" title="Next">Next topic</a></li>
|
||||||
|
{%- endif %}
|
||||||
|
</ul>
|
||||||
|
</ul>
|
||||||
|
</div>
|
159
docs/source/admin/upgrading.rst
Normal file
@@ -0,0 +1,159 @@
|
|||||||
|
.. _admin/upgrading:
|
||||||
|
|
||||||
|
====================
|
||||||
|
Upgrading JupyterHub
|
||||||
|
====================
|
||||||
|
|
||||||
|
JupyterHub offers easy upgrade pathways between minor versions. This
|
||||||
|
document describes how to do these upgrades.
|
||||||
|
|
||||||
|
If you are using :ref:`a JupyterHub distribution <index/distributions>`, you
|
||||||
|
should consult the distribution's documentation on how to upgrade. This
|
||||||
|
document is if you have set up your own JupyterHub without using a
|
||||||
|
distribution.
|
||||||
|
|
||||||
|
It is long because is pretty detailed! Most likely, upgrading
|
||||||
|
JupyterHub is painless, quick and with minimal user interruption.
|
||||||
|
|
||||||
|
Read the Changelog
|
||||||
|
==================
|
||||||
|
|
||||||
|
The `changelog <changelog.html>`_ contains information on what has
|
||||||
|
changed with the new JupyterHub release, and any deprecation warnings.
|
||||||
|
Read these notes to familiarize yourself with the coming changes. There
|
||||||
|
might be new releases of authenticators & spawners you are using, so
|
||||||
|
read the changelogs for those too!
|
||||||
|
|
||||||
|
Notify your users
|
||||||
|
=================
|
||||||
|
|
||||||
|
If you are using the default configuration where ``configurable-http-proxy``
|
||||||
|
is managed by JupyterHub, your users will see service disruption during
|
||||||
|
the upgrade process. You should notify them, and pick a time to do the
|
||||||
|
upgrade where they will be least disrupted.
|
||||||
|
|
||||||
|
If you are using a different proxy, or running ``configurable-http-proxy``
|
||||||
|
independent of JupyterHub, your users will be able to continue using notebook
|
||||||
|
servers they had already launched, but will not be able to launch new servers
|
||||||
|
nor sign in.
|
||||||
|
|
||||||
|
|
||||||
|
Backup database & config
|
||||||
|
========================
|
||||||
|
|
||||||
|
Before doing an upgrade, it is critical to back up:
|
||||||
|
|
||||||
|
#. Your JupyterHub database (sqlite by default, or MySQL / Postgres
|
||||||
|
if you used those). If you are using sqlite (the default), you
|
||||||
|
should backup the ``jupyterhub.sqlite`` file.
|
||||||
|
#. Your ``jupyterhub_config.py`` file.
|
||||||
|
#. Your user's home directories. This is unlikely to be affected directly by
|
||||||
|
a JupyterHub upgrade, but we recommend a backup since user data is very
|
||||||
|
critical.
|
||||||
|
|
||||||
|
|
||||||
|
Shutdown JupyterHub
|
||||||
|
===================
|
||||||
|
|
||||||
|
Shutdown the JupyterHub process. This would vary depending on how you
|
||||||
|
have set up JupyterHub to run. Most likely, it is using a process
|
||||||
|
supervisor of some sort (``systemd`` or ``supervisord`` or even ``docker``).
|
||||||
|
Use the supervisor specific command to stop the JupyterHub process.
|
||||||
|
|
||||||
|
Upgrade JupyterHub packages
|
||||||
|
===========================
|
||||||
|
|
||||||
|
There are two environments where the ``jupyterhub`` package is installed:
|
||||||
|
|
||||||
|
#. The *hub environment*, which is where the JupyterHub server process
|
||||||
|
runs. This is started with the ``jupyterhub`` command, and is what
|
||||||
|
people generally think of as JupyterHub.
|
||||||
|
|
||||||
|
#. The *notebook user environments*. This is where the user notebook
|
||||||
|
servers are launched from, and is probably custom to your own
|
||||||
|
installation. This could be just one environment (different from the
|
||||||
|
hub environment) that is shared by all users, one environment
|
||||||
|
per user, or same environment as the hub environment. The hub
|
||||||
|
launched the ``jupyterhub-singleuser`` command in this environment,
|
||||||
|
which in turn starts the notebook server.
|
||||||
|
|
||||||
|
You need to make sure the version of the ``jupyterhub`` package matches
|
||||||
|
in both these environments. If you installed ``jupyterhub`` with pip,
|
||||||
|
you can upgrade it with:
|
||||||
|
|
||||||
|
.. code-block:: bash
|
||||||
|
|
||||||
|
python3 -m pip install --upgrade jupyterhub==<version>
|
||||||
|
|
||||||
|
Where ``<version>`` is the version of JupyterHub you are upgrading to.
|
||||||
|
|
||||||
|
If you used ``conda`` to install ``jupyterhub``, you should upgrade it
|
||||||
|
with:
|
||||||
|
|
||||||
|
.. code-block:: bash
|
||||||
|
|
||||||
|
conda install -c conda-forge jupyterhub==<version>
|
||||||
|
|
||||||
|
Where ``<version>`` is the version of JupyterHub you are upgrading to.
|
||||||
|
|
||||||
|
You should also check for new releases of the authenticator & spawner you
|
||||||
|
are using. You might wish to upgrade those packages too along with JupyterHub,
|
||||||
|
or upgrade them separately.
|
||||||
|
|
||||||
|
Upgrade JupyterHub database
|
||||||
|
===========================
|
||||||
|
|
||||||
|
Once new packages are installed, you need to upgrade the JupyterHub
|
||||||
|
database. From the hub environment, in the same directory as your
|
||||||
|
``jupyterhub_config.py`` file, you should run:
|
||||||
|
|
||||||
|
.. code-block:: bash
|
||||||
|
|
||||||
|
jupyterhub upgrade-db
|
||||||
|
|
||||||
|
This should find the location of your database, and run necessary upgrades
|
||||||
|
for it.
|
||||||
|
|
||||||
|
SQLite database disadvantages
|
||||||
|
-----------------------------
|
||||||
|
|
||||||
|
SQLite has some disadvantages when it comes to upgrading JupyterHub. These
|
||||||
|
are:
|
||||||
|
|
||||||
|
- ``upgrade-db`` may not work, and you may need delete your database
|
||||||
|
and start with a fresh one.
|
||||||
|
- ``downgrade-db`` **will not** work if you want to rollback to an
|
||||||
|
earlier version, so backup the ``jupyterhub.sqlite`` file before
|
||||||
|
upgrading
|
||||||
|
|
||||||
|
What happens if I delete my database?
|
||||||
|
-------------------------------------
|
||||||
|
|
||||||
|
Losing the Hub database is often not a big deal. Information that
|
||||||
|
resides only in the Hub database includes:
|
||||||
|
|
||||||
|
- active login tokens (user cookies, service tokens)
|
||||||
|
- users added via JupyterHub UI, instead of config files
|
||||||
|
- info about running servers
|
||||||
|
|
||||||
|
If the following conditions are true, you should be fine clearing the
|
||||||
|
Hub database and starting over:
|
||||||
|
|
||||||
|
- users specified in config file, or login using an external
|
||||||
|
authentication provider (Google, GitHub, LDAP, etc)
|
||||||
|
- user servers are stopped during upgrade
|
||||||
|
- don't mind causing users to login again after upgrade
|
||||||
|
|
||||||
|
Start JupyterHub
|
||||||
|
================
|
||||||
|
|
||||||
|
Once the database upgrade is completed, start the ``jupyterhub``
|
||||||
|
process again.
|
||||||
|
|
||||||
|
#. Log-in and start the server to make sure things work as
|
||||||
|
expected.
|
||||||
|
#. Check the logs for any errors or deprecation warnings. You
|
||||||
|
might have to update your ``jupyterhub_config.py`` file to
|
||||||
|
deal with any deprecated options.
|
||||||
|
|
||||||
|
Congratulations, your JupyterHub has been upgraded!
|
@@ -13,4 +13,3 @@ Module: :mod:`jupyterhub.app`
|
|||||||
-------------------
|
-------------------
|
||||||
|
|
||||||
.. autoconfigurable:: JupyterHub
|
.. autoconfigurable:: JupyterHub
|
||||||
|
|
||||||
|
@@ -26,3 +26,7 @@ Module: :mod:`jupyterhub.auth`
|
|||||||
|
|
||||||
.. autoconfigurable:: PAMAuthenticator
|
.. autoconfigurable:: PAMAuthenticator
|
||||||
|
|
||||||
|
:class:`DummyAuthenticator`
|
||||||
|
---------------------------
|
||||||
|
|
||||||
|
.. autoconfigurable:: DummyAuthenticator
|
||||||
|
@@ -20,4 +20,3 @@ Module: :mod:`jupyterhub.proxy`
|
|||||||
|
|
||||||
.. autoconfigurable:: ConfigurableHTTPProxy
|
.. autoconfigurable:: ConfigurableHTTPProxy
|
||||||
:members: debug, auth_token, check_running_interval, api_url, command
|
:members: debug, auth_token, check_running_interval, api_url, command
|
||||||
|
|
||||||
|
@@ -14,4 +14,3 @@ Module: :mod:`jupyterhub.services.service`
|
|||||||
|
|
||||||
.. autoconfigurable:: Service
|
.. autoconfigurable:: Service
|
||||||
:members: name, admin, url, api_token, managed, kind, command, cwd, environment, user, oauth_client_id, server, prefix, proxy_spec
|
:members: name, admin, url, api_token, managed, kind, command, cwd, environment, user, oauth_client_id, server, prefix, proxy_spec
|
||||||
|
|
||||||
|
@@ -17,7 +17,7 @@ Module: :mod:`jupyterhub.services.auth`
|
|||||||
:members:
|
:members:
|
||||||
|
|
||||||
:class:`HubOAuth`
|
:class:`HubOAuth`
|
||||||
----------------
|
-----------------
|
||||||
|
|
||||||
.. autoconfigurable:: HubOAuth
|
.. autoconfigurable:: HubOAuth
|
||||||
:members:
|
:members:
|
||||||
@@ -30,7 +30,7 @@ Module: :mod:`jupyterhub.services.auth`
|
|||||||
:members:
|
:members:
|
||||||
|
|
||||||
:class:`HubOAuthenticated`
|
:class:`HubOAuthenticated`
|
||||||
-------------------------
|
--------------------------
|
||||||
|
|
||||||
.. autoclass:: HubOAuthenticated
|
.. autoclass:: HubOAuthenticated
|
||||||
|
|
||||||
@@ -38,4 +38,3 @@ Module: :mod:`jupyterhub.services.auth`
|
|||||||
--------------------------------
|
--------------------------------
|
||||||
|
|
||||||
.. autoclass:: HubOAuthCallbackHandler
|
.. autoclass:: HubOAuthCallbackHandler
|
||||||
|
|
||||||
|
@@ -13,10 +13,9 @@ Module: :mod:`jupyterhub.spawner`
|
|||||||
----------------
|
----------------
|
||||||
|
|
||||||
.. autoconfigurable:: Spawner
|
.. autoconfigurable:: Spawner
|
||||||
:members: options_from_form, poll, start, stop, get_args, get_env, get_state, template_namespace, format_string
|
:members: options_from_form, poll, start, stop, get_args, get_env, get_state, template_namespace, format_string, create_certs, move_certs
|
||||||
|
|
||||||
:class:`LocalProcessSpawner`
|
:class:`LocalProcessSpawner`
|
||||||
----------------------------
|
----------------------------
|
||||||
|
|
||||||
.. autoconfigurable:: LocalProcessSpawner
|
.. autoconfigurable:: LocalProcessSpawner
|
||||||
|
|
||||||
|
@@ -34,4 +34,3 @@ Module: :mod:`jupyterhub.user`
|
|||||||
.. attribute:: spawner
|
.. attribute:: spawner
|
||||||
|
|
||||||
The user's :class:`~.Spawner` instance.
|
The user's :class:`~.Spawner` instance.
|
||||||
|
|
||||||
|
@@ -5,7 +5,350 @@ its link will bring up a GitHub listing of changes. Use `git log` on the
|
|||||||
command line for details.
|
command line for details.
|
||||||
|
|
||||||
|
|
||||||
## [Unreleased] 0.8
|
## [Unreleased]
|
||||||
|
|
||||||
|
## 1.0
|
||||||
|
|
||||||
|
### [1.0.0] 2019-04-XX
|
||||||
|
|
||||||
|
JupyterHub 1.0 is a major milestone for JupyterHub.
|
||||||
|
Huge thanks to the many people who have contributed to this release,
|
||||||
|
whether it was through discussion, testing, documentation, or development.
|
||||||
|
|
||||||
|
#### Major new features
|
||||||
|
|
||||||
|
- Support TLS encryption and authentication of all internal communication.
|
||||||
|
Spawners must implement `.move_certs` method to make certificates available
|
||||||
|
to the notebook server if it is not local to the Hub.
|
||||||
|
- There is now full UI support for managing named servers.
|
||||||
|
With named servers, each jupyterhub user may have access to more than one named server. For example, a professor may access a server named `research` and another named `teaching`.
|
||||||
|
|
||||||
|

|
||||||
|
- Authenticators can now expire and refresh authentication data by implementing
|
||||||
|
`Authenticator.refresh_user(user)`.
|
||||||
|
This allows things like OAuth data and access tokens to be refreshed.
|
||||||
|
When used together with `Authenticator.refresh_pre_spawn = True`,
|
||||||
|
auth refresh can be forced prior to Spawn,
|
||||||
|
allowing the Authenticator to *require* that authentication data is fresh
|
||||||
|
immediately before the user's server is launched.
|
||||||
|
|
||||||
|
```eval_rst
|
||||||
|
.. seealso::
|
||||||
|
|
||||||
|
- :meth:`.Authenticator.refresh_user`
|
||||||
|
- :meth:`.Spawner.create_certs`
|
||||||
|
- :meth:`.Spawner.move_certs`
|
||||||
|
```
|
||||||
|
|
||||||
|
#### New features
|
||||||
|
|
||||||
|
- allow custom spawners, authenticators, and proxies to register themselves via 'entry points', enabling more convenient configuration such as:
|
||||||
|
|
||||||
|
```python
|
||||||
|
c.JupyterHub.authenticator_class = 'github'
|
||||||
|
c.JupyterHub.spawner_class = 'docker'
|
||||||
|
c.JupyterHub.proxy_class = 'traefik_etcd'
|
||||||
|
```
|
||||||
|
- Spawners are passed the tornado Handler object that requested their spawn (as `self.handler`),
|
||||||
|
so they can do things like make decisions based on query arguments in the request.
|
||||||
|
- SimpleSpawner and DummyAuthenticator, which are useful for testing, have been merged into JupyterHub itself:
|
||||||
|
|
||||||
|
```python
|
||||||
|
# For testing purposes only. Should not be used in production.
|
||||||
|
c.JupyterHub.authenticator_class = 'dummy'
|
||||||
|
c.JupyterHub.spawner_class = 'simple'
|
||||||
|
```
|
||||||
|
|
||||||
|
These classes are **not** appropriate for production use. Only testing.
|
||||||
|
- Add health check endpoint at `/hub/health`
|
||||||
|
- Several prometheus metrics have been added (thanks to [Outreachy](https://www.outreachy.org/) applicants!)
|
||||||
|
- A new API for registering user activity.
|
||||||
|
To prepare for the addition of [alternate proxy implementations](https://github.com/jupyterhub/traefik-proxy),
|
||||||
|
responsibility for tracking activity is taken away from the proxy
|
||||||
|
and moved to the notebook server (which already has activity tracking features).
|
||||||
|
Activity is now tracked by pushing it to the Hub from user servers instead of polling the
|
||||||
|
proxy API.
|
||||||
|
- Dynamic `options_form` callables may now return an empty string
|
||||||
|
which will result in no options form being rendered.
|
||||||
|
- `Spawner.user_options` is persisted to the database to be re-used,
|
||||||
|
so that a server spawned once via the form can be re-spawned via the API
|
||||||
|
with the same options.
|
||||||
|
- Added `c.PAMAuthenticator.pam_normalize_username` option for round-tripping
|
||||||
|
usernames through PAM to retrieve the normalized form.
|
||||||
|
- Added `c.JupyterHub.named_server_limit_per_user` configuration to limit
|
||||||
|
the number of named servers each user can have.
|
||||||
|
The default is 0, for no limit.
|
||||||
|
- API requests to HubAuthenticated services (e.g. single-user servers)
|
||||||
|
may pass a token in the `Authorization` header,
|
||||||
|
matching authentication with the Hub API itself.
|
||||||
|
- Added `Authenticator.is_admin(handler, authentication)` method
|
||||||
|
and `Authenticator.admin_groups` configuration for automatically
|
||||||
|
determining that a member of a group should be considered an admin.
|
||||||
|
- New `c.Authenticator.post_auth_hook` configuration
|
||||||
|
that can be any callable of the form `async def hook(authenticator, handler, authentication=None):`.
|
||||||
|
This hook may transform the return value of `Authenticator.authenticate()`
|
||||||
|
and return a new authentication dictionary,
|
||||||
|
e.g. specifying admin privileges, group membership,
|
||||||
|
or custom white/blacklisting logic.
|
||||||
|
This hook is called *after* existing normalization and whitelist checking.
|
||||||
|
- `Spawner.options_from_form` may now be async
|
||||||
|
- Added `JupyterHub.shutdown_on_logout` option to trigger shutdown of a user's
|
||||||
|
servers when they log out.
|
||||||
|
- When `Spawner.start` raises an Exception,
|
||||||
|
a message can be passed on to the user if the exception has a `.jupyterhub_message` attribute.
|
||||||
|
|
||||||
|
|
||||||
|
#### Changes
|
||||||
|
|
||||||
|
- Authentication methods such as `check_whitelist` should now take an additional
|
||||||
|
`authentication` argument
|
||||||
|
that will be a dictionary (default: None) of authentication data,
|
||||||
|
as returned by `Authenticator.authenticate()`:
|
||||||
|
|
||||||
|
```python
|
||||||
|
def check_whitelist(self, username, authentication=None):
|
||||||
|
...
|
||||||
|
```
|
||||||
|
|
||||||
|
`authentication` should have a default value of None
|
||||||
|
for backward-compatibility with jupyterhub < 1.0.
|
||||||
|
- Prometheus metrics page is now authenticated.
|
||||||
|
Any authenticated user may see the prometheus metrics.
|
||||||
|
To disable prometheus authentication,
|
||||||
|
set `JupyterHub.authenticate_prometheus = False`.
|
||||||
|
- Visits to `/user/:name` no longer trigger an implicit launch of the user's server.
|
||||||
|
Instead, a page is shown indicating that the server is not running
|
||||||
|
with a link to request the spawn.
|
||||||
|
- API requests to `/user/:name` for a not-running server will have status 503 instead of 404.
|
||||||
|
- OAuth includes a confirmation page when attempting to visit another user's server,
|
||||||
|
so that users can choose to cancel authentication with the single-user server.
|
||||||
|
Confirmation is still skipped when accessing your own server.
|
||||||
|
|
||||||
|
|
||||||
|
#### Fixed
|
||||||
|
|
||||||
|
- Various fixes to improve Windows compatibility
|
||||||
|
(default Authenticator and Spawner still do not support Windows, but other Spawners may)
|
||||||
|
- Fixed compatibility with Oracle db
|
||||||
|
- Fewer redirects following a visit to the default `/` url
|
||||||
|
- Error when progress is requested before progress is ready
|
||||||
|
- Error when API requests are made to a not-running server without authentication
|
||||||
|
- Avoid logging database password on connect if password is specified in `JupyterHub.db_url`.
|
||||||
|
|
||||||
|
#### Development changes
|
||||||
|
|
||||||
|
There have been several changes to the development process that shouldn't
|
||||||
|
generally affect users of JupyterHub, but may affect contributors.
|
||||||
|
In general, see `CONTRIBUTING.md` for contribution info or ask if you have questions.
|
||||||
|
|
||||||
|
- JupyterHub has adopted `black` as a code autoformatter and `pre-commit`
|
||||||
|
as a tool for automatically running code formatting on commit.
|
||||||
|
This is meant to make it *easier* to contribute to JupyterHub,
|
||||||
|
so let us know if it's having the opposite effect.
|
||||||
|
- JupyterHub has switched its test suite to using `pytest-asyncio` from `pytest-tornado`.
|
||||||
|
- OAuth is now implemented internally using `oauthlib` instead of `python-oauth2`. This should have no effect on behavior.
|
||||||
|
|
||||||
|
|
||||||
|
## 0.9
|
||||||
|
|
||||||
|
### [0.9.6] 2019-04-01
|
||||||
|
|
||||||
|
JupyterHub 0.9.6 is a security release.
|
||||||
|
|
||||||
|
- Fixes an Open Redirect vulnerability (CVE-2019-10255).
|
||||||
|
|
||||||
|
JupyterHub 0.9.5 included a partial fix for this issue.
|
||||||
|
|
||||||
|
### [0.9.4] 2018-09-24
|
||||||
|
|
||||||
|
JupyterHub 0.9.4 is a small bugfix release.
|
||||||
|
|
||||||
|
- Fixes an issue that required all running user servers to be restarted
|
||||||
|
when performing an upgrade from 0.8 to 0.9.
|
||||||
|
- Fixes content-type for API endpoints back to `application/json`.
|
||||||
|
It was `text/html` in 0.9.0-0.9.3.
|
||||||
|
|
||||||
|
### [0.9.3] 2018-09-12
|
||||||
|
|
||||||
|
JupyterHub 0.9.3 contains small bugfixes and improvements
|
||||||
|
|
||||||
|
- Fix token page and model handling of `expires_at`.
|
||||||
|
This field was missing from the REST API model for tokens
|
||||||
|
and could cause the token page to not render
|
||||||
|
- Add keep-alive to progress event stream to avoid proxies dropping
|
||||||
|
the connection due to inactivity
|
||||||
|
- Documentation and example improvements
|
||||||
|
- Disable quit button when using notebook 5.6
|
||||||
|
- Prototype new feature (may change prior to 1.0):
|
||||||
|
pass requesting Handler to Spawners during start,
|
||||||
|
accessible as `self.handler`
|
||||||
|
|
||||||
|
### [0.9.2] 2018-08-10
|
||||||
|
|
||||||
|
JupyterHub 0.9.2 contains small bugfixes and improvements.
|
||||||
|
|
||||||
|
- Documentation and example improvements
|
||||||
|
- Add `Spawner.consecutive_failure_limit` config for aborting the Hub if too many spawns fail in a row.
|
||||||
|
- Fix for handling SIGTERM when run with asyncio (tornado 5)
|
||||||
|
- Windows compatibility fixes
|
||||||
|
|
||||||
|
|
||||||
|
### [0.9.1] 2018-07-04
|
||||||
|
|
||||||
|
JupyterHub 0.9.1 contains a number of small bugfixes on top of 0.9.
|
||||||
|
|
||||||
|
- Use a PID file for the proxy to decrease the likelihood that a leftover proxy process will prevent JupyterHub from restarting
|
||||||
|
- `c.LocalProcessSpawner.shell_cmd` is now configurable
|
||||||
|
- API requests to stopped servers (requests to the hub for `/user/:name/api/...`) fail with 404 rather than triggering a restart of the server
|
||||||
|
- Compatibility fix for notebook 5.6.0 which will introduce further
|
||||||
|
security checks for local connections
|
||||||
|
- Managed services always use localhost to talk to the Hub if the Hub listening on all interfaces
|
||||||
|
- When using a URL prefix, the Hub route will be `JupyterHub.base_url` instead of unconditionally `/`
|
||||||
|
- additional fixes and improvements
|
||||||
|
|
||||||
|
### [0.9.0] 2018-06-15
|
||||||
|
|
||||||
|
JupyterHub 0.9 is a major upgrade of JupyterHub.
|
||||||
|
There are several changes to the database schema,
|
||||||
|
so make sure to backup your database and run:
|
||||||
|
|
||||||
|
jupyterhub upgrade-db
|
||||||
|
|
||||||
|
after upgrading jupyterhub.
|
||||||
|
|
||||||
|
The biggest change for 0.9 is the switch to asyncio coroutines everywhere
|
||||||
|
instead of tornado coroutines. Custom Spawners and Authenticators are still
|
||||||
|
free to use tornado coroutines for async methods, as they will continue to
|
||||||
|
work. As part of this upgrade, JupyterHub 0.9 drops support for Python < 3.5
|
||||||
|
and tornado < 5.0.
|
||||||
|
|
||||||
|
|
||||||
|
#### Changed
|
||||||
|
|
||||||
|
- Require Python >= 3.5
|
||||||
|
- Require tornado >= 5.0
|
||||||
|
- Use asyncio coroutines throughout
|
||||||
|
- Set status 409 for conflicting actions instead of 400,
|
||||||
|
e.g. creating users or groups that already exist.
|
||||||
|
- timestamps in REST API continue to be UTC, but now include 'Z' suffix
|
||||||
|
to identify them as such.
|
||||||
|
- REST API User model always includes `servers` dict,
|
||||||
|
not just when named servers are enabled.
|
||||||
|
- `server` info is no longer available to oauth identification endpoints,
|
||||||
|
only user info and group membership.
|
||||||
|
- `User.last_activity` may be None if a user has not been seen,
|
||||||
|
rather than starting with the user creation time
|
||||||
|
which is now separately stored as `User.created`.
|
||||||
|
- static resources are now found in `$PREFIX/share/jupyterhub` instead of `share/jupyter/hub` for improved consistency.
|
||||||
|
- Deprecate `.extra_log_file` config. Use pipe redirection instead:
|
||||||
|
|
||||||
|
jupyterhub &>> /var/log/jupyterhub.log
|
||||||
|
|
||||||
|
- Add `JupyterHub.bind_url` config for setting the full bind URL of the proxy.
|
||||||
|
Sets ip, port, base_url all at once.
|
||||||
|
- Add `JupyterHub.hub_bind_url` for setting the full host+port of the Hub.
|
||||||
|
`hub_bind_url` supports unix domain sockets, e.g.
|
||||||
|
`unix+http://%2Fsrv%2Fjupyterhub.sock`
|
||||||
|
- Deprecate `JupyterHub.hub_connect_port` config in favor of `JupyterHub.hub_connect_url`. `hub_connect_ip` is not deprecated
|
||||||
|
and can still be used in the common case where only the ip address of the hub differs from the bind ip.
|
||||||
|
|
||||||
|
#### Added
|
||||||
|
|
||||||
|
- Spawners can define a `.progress` method which should be an async generator.
|
||||||
|
The generator should yield events of the form:
|
||||||
|
```python
|
||||||
|
{
|
||||||
|
"message": "some-state-message",
|
||||||
|
"progress": 50,
|
||||||
|
}
|
||||||
|
```
|
||||||
|
These messages will be shown with a progress bar on the spawn-pending page.
|
||||||
|
The `async_generator` package can be used to make async generators
|
||||||
|
compatible with Python 3.5.
|
||||||
|
- track activity of individual API tokens
|
||||||
|
- new REST API for managing API tokens at `/hub/api/user/tokens[/token-id]`
|
||||||
|
- allow viewing/revoking tokens via token page
|
||||||
|
- User creation time is available in the REST API as `User.created`
|
||||||
|
- Server start time is stored as `Server.started`
|
||||||
|
- `Spawner.start` may return a URL for connecting to a notebook instead of `(ip, port)`. This enables Spawners to launch servers that setup their own HTTPS.
|
||||||
|
- Optimize database performance by disabling sqlalchemy expire_on_commit by default.
|
||||||
|
- Add `python -m jupyterhub.dbutil shell` entrypoint for quickly
|
||||||
|
launching an IPython session connected to your JupyterHub database.
|
||||||
|
- Include `User.auth_state` in user model on single-user REST endpoints for admins only.
|
||||||
|
- Include `Server.state` in server model on REST endpoints for admins only.
|
||||||
|
- Add `Authenticator.blacklist` for blacklisting users instead of whitelisting.
|
||||||
|
- Pass `c.JupyterHub.tornado_settings['cookie_options']` down to Spawners
|
||||||
|
so that cookie options (e.g. `expires_days`) can be set globally for the whole application.
|
||||||
|
- SIGINFO (`ctrl-t`) handler showing the current status of all running threads,
|
||||||
|
coroutines, and CPU/memory/FD consumption.
|
||||||
|
- Add async `Spawner.get_options_form` alternative to `.options_form`, so it can be a coroutine.
|
||||||
|
- Add `JupyterHub.redirect_to_server` config to govern whether
|
||||||
|
users should be sent to their server on login or the JuptyerHub home page.
|
||||||
|
- html page templates can be more easily customized and extended.
|
||||||
|
- Allow registering external OAuth clients for using the Hub as an OAuth provider.
|
||||||
|
- Add basic prometheus metrics at `/hub/metrics` endpoint.
|
||||||
|
- Add session-id cookie, enabling immediate revocation of login tokens.
|
||||||
|
- Authenticators may specify that users are admins by specifying the `admin` key when return the user model as a dict.
|
||||||
|
- Added "Start All" button to admin page for launching all user servers at once.
|
||||||
|
- Services have an `info` field which is a dictionary.
|
||||||
|
This is accessible via the REST API.
|
||||||
|
- `JupyterHub.extra_handlers` allows defining additional tornado RequestHandlers attached to the Hub.
|
||||||
|
- API tokens may now expire.
|
||||||
|
Expiry is available in the REST model as `expires_at`,
|
||||||
|
and settable when creating API tokens by specifying `expires_in`.
|
||||||
|
|
||||||
|
|
||||||
|
#### Fixed
|
||||||
|
|
||||||
|
- Remove green from theme to improve accessibility
|
||||||
|
- Fix error when proxy deletion fails due to route already being deleted
|
||||||
|
- clear `?redirects` from URL on successful launch
|
||||||
|
- disable send2trash by default, which is rarely desirable for jupyterhub
|
||||||
|
- Put PAM calls in a thread so they don't block the main application
|
||||||
|
in cases where PAM is slow (e.g. LDAP).
|
||||||
|
- Remove implicit spawn from login handler,
|
||||||
|
instead relying on subsequent request for `/user/:name` to trigger spawn.
|
||||||
|
- Fixed several inconsistencies for initial redirects,
|
||||||
|
depending on whether server is running or not and whether the user is logged in or not.
|
||||||
|
- Admin requests for `/user/:name` (when admin-access is enabled) launch the right server if it's not running instead of redirecting to their own.
|
||||||
|
- Major performance improvement starting up JupyterHub with many users,
|
||||||
|
especially when most are inactive.
|
||||||
|
- Various fixes in race conditions and performance improvements with the default proxy.
|
||||||
|
- Fixes for CORS headers
|
||||||
|
- Stop setting `.form-control` on spawner form inputs unconditionally.
|
||||||
|
- Better recovery from database errors and database connection issues
|
||||||
|
without having to restart the Hub.
|
||||||
|
- Fix handling of `~` character in usernames.
|
||||||
|
- Fix jupyterhub startup when `getpass.getuser()` would fail,
|
||||||
|
e.g. due to missing entry in passwd file in containers.
|
||||||
|
|
||||||
|
|
||||||
|
## 0.8
|
||||||
|
|
||||||
|
### [0.8.1] 2017-11-07
|
||||||
|
|
||||||
|
JupyterHub 0.8.1 is a collection of bugfixes and small improvements on 0.8.
|
||||||
|
|
||||||
|
#### Added
|
||||||
|
|
||||||
|
- Run tornado with AsyncIO by default
|
||||||
|
- Add `jupyterhub --upgrade-db` flag for automatically upgrading the database as part of startup.
|
||||||
|
This is useful for cases where manually running `jupyterhub upgrade-db`
|
||||||
|
as a separate step is unwieldy.
|
||||||
|
- Avoid creating backups of the database when no changes are to be made by
|
||||||
|
`jupyterhub upgrade-db`.
|
||||||
|
|
||||||
|
#### Fixed
|
||||||
|
|
||||||
|
- Add some further validation to usernames - `/` is not allowed in usernames.
|
||||||
|
- Fix empty logout page when using auto_login
|
||||||
|
- Fix autofill of username field in default login form.
|
||||||
|
- Fix listing of users on the admin page who have not yet started their server.
|
||||||
|
- Fix ever-growing traceback when re-raising Exceptions from spawn failures.
|
||||||
|
- Remove use of deprecated `bower` for javascript client dependencies.
|
||||||
|
|
||||||
|
|
||||||
|
### [0.8.0] 2017-10-03
|
||||||
|
|
||||||
JupyterHub 0.8 is a big release!
|
JupyterHub 0.8 is a big release!
|
||||||
|
|
||||||
@@ -23,7 +366,7 @@ in your Dockerfile is sufficient.
|
|||||||
|
|
||||||
#### Added
|
#### Added
|
||||||
|
|
||||||
- JupyterHub now defined a `.Proxy` API for custom
|
- JupyterHub now defined a `Proxy` API for custom
|
||||||
proxy implementations other than the default.
|
proxy implementations other than the default.
|
||||||
The defaults are unchanged,
|
The defaults are unchanged,
|
||||||
but configuration of the proxy is now done on the `ConfigurableHTTPProxy` class instead of the top-level JupyterHub.
|
but configuration of the proxy is now done on the `ConfigurableHTTPProxy` class instead of the top-level JupyterHub.
|
||||||
@@ -32,11 +375,11 @@ in your Dockerfile is sufficient.
|
|||||||
(anything that uses HubAuth)
|
(anything that uses HubAuth)
|
||||||
can now accept token-authenticated requests via the Authentication header.
|
can now accept token-authenticated requests via the Authentication header.
|
||||||
- Authenticators can now store state in the Hub's database.
|
- Authenticators can now store state in the Hub's database.
|
||||||
To do so, the `.authenticate` method should return a dict of the form
|
To do so, the `authenticate` method should return a dict of the form
|
||||||
|
|
||||||
```python
|
```python
|
||||||
{
|
{
|
||||||
'username': 'name'
|
'username': 'name',
|
||||||
'state': {}
|
'state': {}
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
@@ -233,7 +576,16 @@ Fix removal of `/login` page in 0.4.0, breaking some OAuth providers.
|
|||||||
First preview release
|
First preview release
|
||||||
|
|
||||||
|
|
||||||
[Unreleased]: https://github.com/jupyterhub/jupyterhub/compare/0.7.2...HEAD
|
[Unreleased]: https://github.com/jupyterhub/jupyterhub/compare/1.0.0...HEAD
|
||||||
|
[1.0.0]: https://github.com/jupyterhub/jupyterhub/compare/0.9.5...HEAD
|
||||||
|
[0.9.6]: https://github.com/jupyterhub/jupyterhub/compare/0.9.4...0.9.6
|
||||||
|
[0.9.4]: https://github.com/jupyterhub/jupyterhub/compare/0.9.3...0.9.4
|
||||||
|
[0.9.3]: https://github.com/jupyterhub/jupyterhub/compare/0.9.2...0.9.3
|
||||||
|
[0.9.2]: https://github.com/jupyterhub/jupyterhub/compare/0.9.1...0.9.2
|
||||||
|
[0.9.1]: https://github.com/jupyterhub/jupyterhub/compare/0.9.0...0.9.1
|
||||||
|
[0.9.0]: https://github.com/jupyterhub/jupyterhub/compare/0.8.1...0.9.0
|
||||||
|
[0.8.1]: https://github.com/jupyterhub/jupyterhub/compare/0.8.0...0.8.1
|
||||||
|
[0.8.0]: https://github.com/jupyterhub/jupyterhub/compare/0.7.2...0.8.0
|
||||||
[0.7.2]: https://github.com/jupyterhub/jupyterhub/compare/0.7.1...0.7.2
|
[0.7.2]: https://github.com/jupyterhub/jupyterhub/compare/0.7.1...0.7.2
|
||||||
[0.7.1]: https://github.com/jupyterhub/jupyterhub/compare/0.7.0...0.7.1
|
[0.7.1]: https://github.com/jupyterhub/jupyterhub/compare/0.7.0...0.7.1
|
||||||
[0.7.0]: https://github.com/jupyterhub/jupyterhub/compare/0.6.1...0.7.0
|
[0.7.0]: https://github.com/jupyterhub/jupyterhub/compare/0.6.1...0.7.0
|
||||||
|
@@ -1,11 +1,8 @@
|
|||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
#
|
#
|
||||||
import sys
|
|
||||||
import os
|
import os
|
||||||
import shlex
|
import shlex
|
||||||
|
import sys
|
||||||
# For conversion from markdown to html
|
|
||||||
import recommonmark.parser
|
|
||||||
|
|
||||||
# Set paths
|
# Set paths
|
||||||
sys.path.insert(0, os.path.abspath('.'))
|
sys.path.insert(0, os.path.abspath('.'))
|
||||||
@@ -21,7 +18,7 @@ extensions = [
|
|||||||
'sphinx.ext.intersphinx',
|
'sphinx.ext.intersphinx',
|
||||||
'sphinx.ext.napoleon',
|
'sphinx.ext.napoleon',
|
||||||
'autodoc_traits',
|
'autodoc_traits',
|
||||||
'jupyter_alabaster_theme',
|
'sphinx_copybutton',
|
||||||
]
|
]
|
||||||
|
|
||||||
templates_path = ['_templates']
|
templates_path = ['_templates']
|
||||||
@@ -36,12 +33,14 @@ author = u'Project Jupyter team'
|
|||||||
|
|
||||||
# Autopopulate version
|
# Autopopulate version
|
||||||
from os.path import dirname
|
from os.path import dirname
|
||||||
|
|
||||||
docs = dirname(dirname(__file__))
|
docs = dirname(dirname(__file__))
|
||||||
root = dirname(docs)
|
root = dirname(docs)
|
||||||
sys.path.insert(0, root)
|
sys.path.insert(0, root)
|
||||||
sys.path.insert(0, os.path.join(docs, 'sphinxext'))
|
sys.path.insert(0, os.path.join(docs, 'sphinxext'))
|
||||||
|
|
||||||
import jupyterhub
|
import jupyterhub
|
||||||
|
|
||||||
# The short X.Y version.
|
# The short X.Y version.
|
||||||
version = '%i.%i' % jupyterhub.version_info[:2]
|
version = '%i.%i' % jupyterhub.version_info[:2]
|
||||||
# The full version, including alpha/beta/rc tags.
|
# The full version, including alpha/beta/rc tags.
|
||||||
@@ -57,81 +56,99 @@ default_role = 'literal'
|
|||||||
|
|
||||||
# -- Source -------------------------------------------------------------
|
# -- Source -------------------------------------------------------------
|
||||||
|
|
||||||
source_parsers = {
|
import recommonmark
|
||||||
'.md': 'recommonmark.parser.CommonMarkParser',
|
from recommonmark.transform import AutoStructify
|
||||||
}
|
|
||||||
|
|
||||||
|
def setup(app):
|
||||||
|
app.add_config_value('recommonmark_config', {'enable_eval_rst': True}, True)
|
||||||
|
app.add_stylesheet('custom.css')
|
||||||
|
app.add_transform(AutoStructify)
|
||||||
|
|
||||||
|
|
||||||
|
source_parsers = {'.md': 'recommonmark.parser.CommonMarkParser'}
|
||||||
|
|
||||||
source_suffix = ['.rst', '.md']
|
source_suffix = ['.rst', '.md']
|
||||||
#source_encoding = 'utf-8-sig'
|
# source_encoding = 'utf-8-sig'
|
||||||
|
|
||||||
# -- Options for HTML output ----------------------------------------------
|
# -- Options for HTML output ----------------------------------------------
|
||||||
|
|
||||||
# The theme to use for HTML and HTML Help pages.
|
# The theme to use for HTML and HTML Help pages.
|
||||||
html_theme = 'jupyter_alabaster_theme'
|
import alabaster_jupyterhub
|
||||||
|
|
||||||
#html_theme_options = {}
|
html_theme = 'alabaster_jupyterhub'
|
||||||
#html_theme_path = []
|
html_theme_path = [alabaster_jupyterhub.get_html_theme_path()]
|
||||||
#html_title = None
|
|
||||||
#html_short_title = None
|
html_logo = '_static/images/logo/logo.png'
|
||||||
#html_logo = None
|
html_favicon = '_static/images/logo/favicon.ico'
|
||||||
#html_favicon = None
|
|
||||||
|
|
||||||
# Paths that contain custom static files (such as style sheets)
|
# Paths that contain custom static files (such as style sheets)
|
||||||
html_static_path = ['_static']
|
html_static_path = ['_static']
|
||||||
|
|
||||||
#html_extra_path = []
|
html_theme_options = {
|
||||||
#html_last_updated_fmt = '%b %d, %Y'
|
'show_related': True,
|
||||||
#html_use_smartypants = True
|
'description': 'Documentation for JupyterHub',
|
||||||
#html_sidebars = {}
|
'github_user': 'jupyterhub',
|
||||||
#html_additional_pages = {}
|
'github_repo': 'jupyterhub',
|
||||||
#html_domain_indices = True
|
'github_banner': False,
|
||||||
#html_use_index = True
|
'github_button': True,
|
||||||
#html_split_index = False
|
'github_type': 'star',
|
||||||
#html_show_sourcelink = True
|
'show_powered_by': False,
|
||||||
#html_show_sphinx = True
|
'extra_nav_links': {
|
||||||
#html_show_copyright = True
|
'GitHub Repo': 'http://github.com/jupyterhub/jupyterhub',
|
||||||
#html_use_opensearch = ''
|
'Issue Tracker': 'http://github.com/jupyterhub/jupyterhub/issues',
|
||||||
#html_file_suffix = None
|
},
|
||||||
#html_search_language = 'en'
|
}
|
||||||
#html_search_options = {'type': 'default'}
|
|
||||||
#html_search_scorer = 'scorer.js'
|
html_sidebars = {
|
||||||
|
'**': [
|
||||||
|
'about.html',
|
||||||
|
'searchbox.html',
|
||||||
|
'navigation.html',
|
||||||
|
'relations.html',
|
||||||
|
'sourcelink.html',
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
htmlhelp_basename = 'JupyterHubdoc'
|
htmlhelp_basename = 'JupyterHubdoc'
|
||||||
|
|
||||||
# -- Options for LaTeX output ---------------------------------------------
|
# -- Options for LaTeX output ---------------------------------------------
|
||||||
|
|
||||||
latex_elements = {
|
latex_elements = {
|
||||||
#'papersize': 'letterpaper',
|
# 'papersize': 'letterpaper',
|
||||||
#'pointsize': '10pt',
|
# 'pointsize': '10pt',
|
||||||
#'preamble': '',
|
# 'preamble': '',
|
||||||
#'figure_align': 'htbp',
|
# 'figure_align': 'htbp',
|
||||||
}
|
}
|
||||||
|
|
||||||
# Grouping the document tree into LaTeX files. List of tuples
|
# Grouping the document tree into LaTeX files. List of tuples
|
||||||
# (source start file, target name, title,
|
# (source start file, target name, title,
|
||||||
# author, documentclass [howto, manual, or own class]).
|
# author, documentclass [howto, manual, or own class]).
|
||||||
latex_documents = [
|
latex_documents = [
|
||||||
(master_doc, 'JupyterHub.tex', u'JupyterHub Documentation',
|
(
|
||||||
u'Project Jupyter team', 'manual'),
|
master_doc,
|
||||||
|
'JupyterHub.tex',
|
||||||
|
u'JupyterHub Documentation',
|
||||||
|
u'Project Jupyter team',
|
||||||
|
'manual',
|
||||||
|
)
|
||||||
]
|
]
|
||||||
|
|
||||||
#latex_logo = None
|
# latex_logo = None
|
||||||
#latex_use_parts = False
|
# latex_use_parts = False
|
||||||
#latex_show_pagerefs = False
|
# latex_show_pagerefs = False
|
||||||
#latex_show_urls = False
|
# latex_show_urls = False
|
||||||
#latex_appendices = []
|
# latex_appendices = []
|
||||||
#latex_domain_indices = True
|
# latex_domain_indices = True
|
||||||
|
|
||||||
|
|
||||||
# -- manual page output -------------------------------------------------
|
# -- manual page output -------------------------------------------------
|
||||||
|
|
||||||
# One entry per manual page. List of tuples
|
# One entry per manual page. List of tuples
|
||||||
# (source start file, name, description, authors, manual section).
|
# (source start file, name, description, authors, manual section).
|
||||||
man_pages = [
|
man_pages = [(master_doc, 'jupyterhub', u'JupyterHub Documentation', [author], 1)]
|
||||||
(master_doc, 'jupyterhub', u'JupyterHub Documentation',
|
|
||||||
[author], 1)
|
|
||||||
]
|
|
||||||
|
|
||||||
#man_show_urls = False
|
# man_show_urls = False
|
||||||
|
|
||||||
|
|
||||||
# -- Texinfo output -----------------------------------------------------
|
# -- Texinfo output -----------------------------------------------------
|
||||||
@@ -140,15 +157,21 @@ man_pages = [
|
|||||||
# (source start file, target name, title, author,
|
# (source start file, target name, title, author,
|
||||||
# dir menu entry, description, category)
|
# dir menu entry, description, category)
|
||||||
texinfo_documents = [
|
texinfo_documents = [
|
||||||
(master_doc, 'JupyterHub', u'JupyterHub Documentation',
|
(
|
||||||
author, 'JupyterHub', 'One line description of project.',
|
master_doc,
|
||||||
'Miscellaneous'),
|
'JupyterHub',
|
||||||
|
u'JupyterHub Documentation',
|
||||||
|
author,
|
||||||
|
'JupyterHub',
|
||||||
|
'One line description of project.',
|
||||||
|
'Miscellaneous',
|
||||||
|
)
|
||||||
]
|
]
|
||||||
|
|
||||||
#texinfo_appendices = []
|
# texinfo_appendices = []
|
||||||
#texinfo_domain_indices = True
|
# texinfo_domain_indices = True
|
||||||
#texinfo_show_urls = 'footnote'
|
# texinfo_show_urls = 'footnote'
|
||||||
#texinfo_no_detailmenu = False
|
# texinfo_no_detailmenu = False
|
||||||
|
|
||||||
|
|
||||||
# -- Epub output --------------------------------------------------------
|
# -- Epub output --------------------------------------------------------
|
||||||
@@ -170,13 +193,12 @@ intersphinx_mapping = {'https://docs.python.org/3/': None}
|
|||||||
|
|
||||||
on_rtd = os.environ.get('READTHEDOCS', None) == 'True'
|
on_rtd = os.environ.get('READTHEDOCS', None) == 'True'
|
||||||
if not on_rtd:
|
if not on_rtd:
|
||||||
import jupyter_alabaster_theme
|
html_theme = 'alabaster'
|
||||||
html_theme = 'jupyter_alabaster_theme'
|
|
||||||
html_theme_path = [jupyter_alabaster_theme.get_path()]
|
|
||||||
else:
|
else:
|
||||||
# readthedocs.org uses their theme by default, so no need to specify it
|
# readthedocs.org uses their theme by default, so no need to specify it
|
||||||
# build rest-api, since RTD doesn't run make
|
# build rest-api, since RTD doesn't run make
|
||||||
from subprocess import check_call as sh
|
from subprocess import check_call as sh
|
||||||
|
|
||||||
sh(['make', 'rest-api'], cwd=docs)
|
sh(['make', 'rest-api'], cwd=docs)
|
||||||
|
|
||||||
# -- Spell checking -------------------------------------------------------
|
# -- Spell checking -------------------------------------------------------
|
||||||
@@ -188,4 +210,4 @@ except ImportError:
|
|||||||
else:
|
else:
|
||||||
extensions.append("sphinxcontrib.spelling")
|
extensions.append("sphinxcontrib.spelling")
|
||||||
|
|
||||||
spelling_word_list_filename='spelling_wordlist.txt'
|
spelling_word_list_filename = 'spelling_wordlist.txt'
|
||||||
|
30
docs/source/contributing/community.rst
Normal file
@@ -0,0 +1,30 @@
|
|||||||
|
.. _contributing/community:
|
||||||
|
|
||||||
|
================================
|
||||||
|
Community communication channels
|
||||||
|
================================
|
||||||
|
|
||||||
|
We use `Discourse <https://discourse.jupyter.org>` for online discussion.
|
||||||
|
Everyone in the Jupyter community is welcome to bring ideas and questions there.
|
||||||
|
In addition, we use `Gitter <https://gitter.im>`_ for online, real-time text chat,
|
||||||
|
a place for more ephemeral discussions.
|
||||||
|
The primary Gitter channel for JupyterHub is `jupyterhub/jupyterhub <https://gitter.im/jupyterhub/jupyterhub>`_.
|
||||||
|
Gitter isn't archived or searchable, so we recommend going to discourse first
|
||||||
|
to make sure that discussions are most useful and accessible to the community.
|
||||||
|
Remember that our community is distributed across the world in various
|
||||||
|
timezones, so be patient if you do not get an answer immediately!
|
||||||
|
|
||||||
|
GitHub issues are used for most long-form project discussions, bug reports
|
||||||
|
and feature requests. Issues related to a specific authenticator or
|
||||||
|
spawner should be directed to the appropriate repository for the
|
||||||
|
authenticator or spawner. If you are using a specific JupyterHub
|
||||||
|
distribution (such as `Zero to JupyterHub on Kubernetes <http://github.com/jupyterhub/zero-to-jupyterhub-k8s>`_
|
||||||
|
or `The Littlest JupyterHub <http://github.com/jupyterhub/the-littlest-jupyterhub/>`_),
|
||||||
|
you should open issues directly in their repository. If you can not
|
||||||
|
find a repository to open your issue in, do not worry! Create it in the `main
|
||||||
|
JupyterHub repository <https://github.com/jupyterhub/jupyterhub/>`_ and our
|
||||||
|
community will help you figure it out.
|
||||||
|
|
||||||
|
A `mailing list <https://groups.google.com/forum/#!forum/jupyter>`_ for all
|
||||||
|
of Project Jupyter exists, along with one for `teaching with Jupyter
|
||||||
|
<https://groups.google.com/forum/#!forum/jupyter-education>`_.
|
78
docs/source/contributing/docs.rst
Normal file
@@ -0,0 +1,78 @@
|
|||||||
|
.. _contributing/docs:
|
||||||
|
|
||||||
|
==========================
|
||||||
|
Contributing Documentation
|
||||||
|
==========================
|
||||||
|
|
||||||
|
Documentation is often more important than code. This page helps
|
||||||
|
you get set up on how to contribute documentation to JupyterHub.
|
||||||
|
|
||||||
|
Building documentation locally
|
||||||
|
==============================
|
||||||
|
|
||||||
|
We use `sphinx <http://sphinx-doc.org>`_ to build our documentation. It takes
|
||||||
|
our documentation source files (written in `markdown
|
||||||
|
<https://daringfireball.net/projects/markdown/>`_ or `reStructuredText
|
||||||
|
<http://www.sphinx-doc.org/en/master/usage/restructuredtext/basics.html>`_ &
|
||||||
|
stored under the ``docs/source`` directory) and converts it into various
|
||||||
|
formats for people to read. To make sure the documentation you write or
|
||||||
|
change renders correctly, it is good practice to test it locally.
|
||||||
|
|
||||||
|
#. Make sure you have successfuly completed :ref:`contributing/setup`.
|
||||||
|
|
||||||
|
#. Install the packages required to build the docs.
|
||||||
|
|
||||||
|
.. code-block:: bash
|
||||||
|
|
||||||
|
python3 -m pip install -r docs/requirements.txt
|
||||||
|
|
||||||
|
#. Build the html version of the docs. This is the most commonly used
|
||||||
|
output format, so verifying it renders as you should is usually good
|
||||||
|
enough.
|
||||||
|
|
||||||
|
.. code-block:: bash
|
||||||
|
|
||||||
|
cd docs
|
||||||
|
make html
|
||||||
|
|
||||||
|
This step will display any syntax or formatting errors in the documentation,
|
||||||
|
along with the filename / line number in which they occurred. Fix them,
|
||||||
|
and re-run the ``make html`` command to re-render the documentation.
|
||||||
|
|
||||||
|
#. View the rendered documentation by opening ``build/html/index.html`` in
|
||||||
|
a web browser.
|
||||||
|
|
||||||
|
.. tip::
|
||||||
|
|
||||||
|
On macOS, you can open a file from the terminal with ``open <path-to-file>``.
|
||||||
|
On Linux, you can do the same with ``xdg-open <path-to-file>``.
|
||||||
|
|
||||||
|
|
||||||
|
.. _contributing/docs/conventions:
|
||||||
|
|
||||||
|
Documentation conventions
|
||||||
|
=========================
|
||||||
|
|
||||||
|
This section lists various conventions we use in our documentation. This is a
|
||||||
|
living document that grows over time, so feel free to add to it / change it!
|
||||||
|
|
||||||
|
Our entire documentation does not yet fully conform to these conventions yet,
|
||||||
|
so help in making it so would be appreciated!
|
||||||
|
|
||||||
|
``pip`` invocation
|
||||||
|
------------------
|
||||||
|
|
||||||
|
There are many ways to invoke a ``pip`` command, we recommend the following
|
||||||
|
approach:
|
||||||
|
|
||||||
|
.. code-block:: bash
|
||||||
|
|
||||||
|
python3 -m pip
|
||||||
|
|
||||||
|
This invokes pip explicitly using the python3 binary that you are
|
||||||
|
currently using. This is the **recommended way** to invoke pip
|
||||||
|
in our documentation, since it is least likely to cause problems
|
||||||
|
with python3 and pip being from different environments.
|
||||||
|
|
||||||
|
For more information on how to invoke ``pip`` commands, see
|
||||||
|
`the pip documentation <https://pip.pypa.io/en/stable/>`_.
|
98
docs/source/contributing/roadmap.md
Normal file
@@ -0,0 +1,98 @@
|
|||||||
|
# The JupyterHub roadmap
|
||||||
|
|
||||||
|
This roadmap collects "next steps" for JupyterHub. It is about creating a
|
||||||
|
shared understanding of the project's vision and direction amongst
|
||||||
|
the community of users, contributors, and maintainers.
|
||||||
|
The goal is to communicate priorities and upcoming release plans.
|
||||||
|
It is not a aimed at limiting contributions to what is listed here.
|
||||||
|
|
||||||
|
|
||||||
|
## Using the roadmap
|
||||||
|
### Sharing Feedback on the Roadmap
|
||||||
|
|
||||||
|
All of the community is encouraged to provide feedback as well as share new
|
||||||
|
ideas with the community. Please do so by submitting an issue. If you want to
|
||||||
|
have an informal conversation first use one of the other communication channels.
|
||||||
|
After submitting the issue, others from the community will probably
|
||||||
|
respond with questions or comments they have to clarify the issue. The
|
||||||
|
maintainers will help identify what a good next step is for the issue.
|
||||||
|
|
||||||
|
### What do we mean by "next step"?
|
||||||
|
|
||||||
|
When submitting an issue, think about what "next step" category best describes
|
||||||
|
your issue:
|
||||||
|
|
||||||
|
* **now**, concrete/actionable step that is ready for someone to start work on.
|
||||||
|
These might be items that have a link to an issue or more abstract like
|
||||||
|
"decrease typos and dead links in the documentation"
|
||||||
|
* **soon**, less concrete/actionable step that is going to happen soon,
|
||||||
|
discussions around the topic are coming close to an end at which point it can
|
||||||
|
move into the "now" category
|
||||||
|
* **later**, abstract ideas or tasks, need a lot of discussion or
|
||||||
|
experimentation to shape the idea so that it can be executed. Can also
|
||||||
|
contain concrete/actionable steps that have been postponed on purpose
|
||||||
|
(these are steps that could be in "now" but the decision was taken to work on
|
||||||
|
them later)
|
||||||
|
|
||||||
|
### Reviewing and Updating the Roadmap
|
||||||
|
|
||||||
|
The roadmap will get updated as time passes (next review by 1st December) based
|
||||||
|
on discussions and ideas captured as issues.
|
||||||
|
This means this list should not be exhaustive, it should only represent
|
||||||
|
the "top of the stack" of ideas. It should
|
||||||
|
not function as a wish list, collection of feature requests or todo list.
|
||||||
|
For those please create a
|
||||||
|
[new issue](https://github.com/jupyterhub/jupyterhub/issues/new).
|
||||||
|
|
||||||
|
The roadmap should give the reader an idea of what is happening next, what needs
|
||||||
|
input and discussion before it can happen and what has been postponed.
|
||||||
|
|
||||||
|
|
||||||
|
## The roadmap proper
|
||||||
|
### Project vision
|
||||||
|
|
||||||
|
JupyterHub is a dependable tool used by humans that reduces the complexity of
|
||||||
|
creating the environment in which a piece of software can be executed.
|
||||||
|
|
||||||
|
### Now
|
||||||
|
|
||||||
|
These "Now" items are considered active areas of focus for the project:
|
||||||
|
|
||||||
|
* HubShare - a sharing service for use with JupyterHub.
|
||||||
|
* Users should be able to:
|
||||||
|
- Push a project to other users.
|
||||||
|
- Get a checkout of a project from other users.
|
||||||
|
- Push updates to a published project.
|
||||||
|
- Pull updates from a published project.
|
||||||
|
- Manage conflicts/merges by simply picking a version (our/theirs)
|
||||||
|
- Get a checkout of a project from the internet. These steps are completely different from saving notebooks/files.
|
||||||
|
- Have directories that are managed by git completely separately from our stuff.
|
||||||
|
- Look at pushed content that they have access to without an explicit pull.
|
||||||
|
- Define and manage teams of users.
|
||||||
|
- Adding/removing a user to/from a team gives/removes them access to all projects that team has access to.
|
||||||
|
- Build other services, such as static HTML publishing and dashboarding on top of these things.
|
||||||
|
|
||||||
|
|
||||||
|
### Soon
|
||||||
|
|
||||||
|
These "Soon" items are under discussion. Once an item reaches the point of an
|
||||||
|
actionable plan, the item will be moved to the "Now" section. Typically,
|
||||||
|
these will be moved at a future review of the roadmap.
|
||||||
|
|
||||||
|
* resource monitoring and management:
|
||||||
|
- (prometheus?) API for resource monitoring
|
||||||
|
- tracking activity on single-user servers instead of the proxy
|
||||||
|
- notes and activity tracking per API token
|
||||||
|
- UI for managing named servers
|
||||||
|
|
||||||
|
|
||||||
|
### Later
|
||||||
|
|
||||||
|
The "Later" items are things that are at the back of the project's mind. At this
|
||||||
|
time there is no active plan for an item. The project would like to find the
|
||||||
|
resources and time to discuss these ideas.
|
||||||
|
|
||||||
|
- real-time collaboration
|
||||||
|
- Enter into real-time collaboration mode for a project that starts a shared execution context.
|
||||||
|
- Once the single-user notebook package supports realtime collaboration,
|
||||||
|
implement sharing mechanism integrated into the Hub.
|
10
docs/source/contributing/security.rst
Normal file
@@ -0,0 +1,10 @@
|
|||||||
|
Reporting security issues in Jupyter or JupyterHub
|
||||||
|
==================================================
|
||||||
|
|
||||||
|
If you find a security vulnerability in Jupyter or JupyterHub,
|
||||||
|
whether it is a failure of the security model described in :doc:`../reference/websecurity`
|
||||||
|
or a failure in implementation,
|
||||||
|
please report it to security@ipython.org.
|
||||||
|
|
||||||
|
If you prefer to encrypt your security reports,
|
||||||
|
you can use :download:`this PGP public key </ipython_security.asc>`.
|
177
docs/source/contributing/setup.rst
Normal file
@@ -0,0 +1,177 @@
|
|||||||
|
.. _contributing/setup:
|
||||||
|
|
||||||
|
================================
|
||||||
|
Setting up a development install
|
||||||
|
================================
|
||||||
|
|
||||||
|
System requirements
|
||||||
|
===================
|
||||||
|
|
||||||
|
JupyterHub can only run on MacOS or Linux operating systems. If you are
|
||||||
|
using Windows, we recommend using `VirtualBox <https://virtualbox.org>`_
|
||||||
|
or a similar system to run `Ubuntu Linux <https://ubuntu.com>`_ for
|
||||||
|
development.
|
||||||
|
|
||||||
|
Install Python
|
||||||
|
--------------
|
||||||
|
|
||||||
|
JupyterHub is written in the `Python <https://python.org>`_ programming language, and
|
||||||
|
requires you have at least version 3.5 installed locally. If you haven’t
|
||||||
|
installed Python before, the recommended way to install it is to use
|
||||||
|
`miniconda <https://conda.io/miniconda.html>`_. Remember to get the ‘Python 3’ version,
|
||||||
|
and **not** the ‘Python 2’ version!
|
||||||
|
|
||||||
|
Install nodejs
|
||||||
|
--------------
|
||||||
|
|
||||||
|
``configurable-http-proxy``, the default proxy implementation for
|
||||||
|
JupyterHub, is written in Javascript to run on `NodeJS
|
||||||
|
<https://nodejs.org/en/>`_. If you have not installed nodejs before, we
|
||||||
|
recommend installing it in the ``miniconda`` environment you set up for
|
||||||
|
Python. You can do so with ``conda install nodejs``.
|
||||||
|
|
||||||
|
Install git
|
||||||
|
-----------
|
||||||
|
|
||||||
|
JupyterHub uses `git <https://git-scm.com>`_ & `GitHub <https://github.com>`_
|
||||||
|
for development & collaboration. You need to `install git
|
||||||
|
<https://git-scm.com/book/en/v2/Getting-Started-Installing-Git>`_ to work on
|
||||||
|
JupyterHub. We also recommend getting a free account on GitHub.com.
|
||||||
|
|
||||||
|
Setting up a development install
|
||||||
|
================================
|
||||||
|
|
||||||
|
When developing JupyterHub, you need to make changes to the code & see
|
||||||
|
their effects quickly. You need to do a developer install to make that
|
||||||
|
happen.
|
||||||
|
|
||||||
|
1. Clone the `JupyterHub git repository <https://github.com/jupyterhub/jupyterhub>`_
|
||||||
|
to your computer.
|
||||||
|
|
||||||
|
.. code:: bash
|
||||||
|
|
||||||
|
git clone https://github.com/jupyterhub/jupyterhub
|
||||||
|
cd jupyterhub
|
||||||
|
|
||||||
|
2. Make sure the ``python`` you installed and the ``npm`` you installed
|
||||||
|
are available to you on the command line.
|
||||||
|
|
||||||
|
.. code:: bash
|
||||||
|
|
||||||
|
python -V
|
||||||
|
|
||||||
|
This should return a version number greater than or equal to 3.5.
|
||||||
|
|
||||||
|
.. code:: bash
|
||||||
|
|
||||||
|
npm -v
|
||||||
|
|
||||||
|
This should return a version number greater than or equal to 5.0.
|
||||||
|
|
||||||
|
3. Install ``configurable-http-proxy``. This is required to run
|
||||||
|
JupyterHub.
|
||||||
|
|
||||||
|
.. code:: bash
|
||||||
|
|
||||||
|
npm install -g configurable-http-proxy
|
||||||
|
|
||||||
|
If you get an error that says ``Error: EACCES: permission denied``,
|
||||||
|
you might need to prefix the command with ``sudo``. If you do not
|
||||||
|
have access to sudo, you may instead run the following commands:
|
||||||
|
|
||||||
|
.. code:: bash
|
||||||
|
|
||||||
|
npm install configurable-http-proxy
|
||||||
|
export PATH=$PATH:$(pwd)/node_modules/.bin
|
||||||
|
|
||||||
|
The second line needs to be run every time you open a new terminal.
|
||||||
|
|
||||||
|
4. Install the python packages required for JupyterHub development.
|
||||||
|
|
||||||
|
.. code:: bash
|
||||||
|
|
||||||
|
python3 -m pip install -r dev-requirements.txt
|
||||||
|
python3 -m pip install -r requirements.txt
|
||||||
|
|
||||||
|
5. Install the development version of JupyterHub. This lets you edit
|
||||||
|
JupyterHub code in a text editor & restart the JupyterHub process to
|
||||||
|
see your code changes immediately.
|
||||||
|
|
||||||
|
.. code:: bash
|
||||||
|
|
||||||
|
python3 -m pip install --editable .
|
||||||
|
|
||||||
|
6. You are now ready to start JupyterHub!
|
||||||
|
|
||||||
|
.. code:: bash
|
||||||
|
|
||||||
|
jupyterhub
|
||||||
|
|
||||||
|
7. You can access JupyterHub from your browser at
|
||||||
|
``http://localhost:8000`` now.
|
||||||
|
|
||||||
|
Happy developing!
|
||||||
|
|
||||||
|
Using DummyAuthenticator & SimpleSpawner
|
||||||
|
========================================
|
||||||
|
|
||||||
|
To simplify testing of JupyterHub, it’s helpful to use
|
||||||
|
:class:`~jupyterhub.auth.DummyAuthenticator` instead of the default JupyterHub
|
||||||
|
authenticator and `SimpleSpawner <https://github.com/jupyterhub/simplespawner>`_
|
||||||
|
instead of the default spawner.
|
||||||
|
|
||||||
|
There is a sample configuration file that does this in
|
||||||
|
``testing/jupyterhub_config.py``. To launch jupyterhub with this
|
||||||
|
configuration:
|
||||||
|
|
||||||
|
.. code:: bash
|
||||||
|
|
||||||
|
pip install jupyterhub-simplespawner
|
||||||
|
jupyterhub -f testing/jupyterhub_config.py
|
||||||
|
|
||||||
|
The default JupyterHub `authenticator
|
||||||
|
<https://jupyterhub.readthedocs.io/en/stable/reference/authenticators.html#the-default-pam-authenticator>`_
|
||||||
|
& `spawner
|
||||||
|
<https://jupyterhub.readthedocs.io/en/stable/api/spawner.html#localprocessspawner>`_
|
||||||
|
require your system to have user accounts for each user you want to log in to
|
||||||
|
JupyterHub as.
|
||||||
|
|
||||||
|
DummyAuthenticator allows you to log in with any username & password,
|
||||||
|
while SimpleSpawner allows you to start servers without having to
|
||||||
|
create a unix user for each JupyterHub user. Together, these make it
|
||||||
|
much easier to test JupyterHub.
|
||||||
|
|
||||||
|
Tip: If you are working on parts of JupyterHub that are common to all
|
||||||
|
authenticators & spawners, we recommend using both DummyAuthenticator &
|
||||||
|
SimpleSpawner. If you are working on just authenticator related parts,
|
||||||
|
use only SimpleSpawner. Similarly, if you are working on just spawner
|
||||||
|
related parts, use only DummyAuthenticator.
|
||||||
|
|
||||||
|
Troubleshooting
|
||||||
|
===============
|
||||||
|
|
||||||
|
This section lists common ways setting up your development environment may
|
||||||
|
fail, and how to fix them. Please add to the list if you encounter yet
|
||||||
|
another way it can fail!
|
||||||
|
|
||||||
|
``lessc`` not found
|
||||||
|
-------------------
|
||||||
|
|
||||||
|
If the ``python3 -m pip install --editable .`` command fails and complains about
|
||||||
|
``lessc`` being unavailable, you may need to explicitly install some
|
||||||
|
additional JavaScript dependencies:
|
||||||
|
|
||||||
|
.. code:: bash
|
||||||
|
|
||||||
|
npm install
|
||||||
|
|
||||||
|
This will fetch client-side JavaScript dependencies necessary to compile
|
||||||
|
CSS.
|
||||||
|
|
||||||
|
You may also need to manually update JavaScript and CSS after some
|
||||||
|
development updates, with:
|
||||||
|
|
||||||
|
.. code:: bash
|
||||||
|
|
||||||
|
python3 setup.py js # fetch updated client-side js
|
||||||
|
python3 setup.py css # recompile CSS from LESS sources
|
78
docs/source/contributing/tests.rst
Normal file
@@ -0,0 +1,78 @@
|
|||||||
|
.. _contributing/tests:
|
||||||
|
|
||||||
|
==================
|
||||||
|
Testing JupyterHub
|
||||||
|
==================
|
||||||
|
|
||||||
|
Unit test help validate that JupyterHub works the way we think it does,
|
||||||
|
and continues to do so when changes occur. They also help communicate
|
||||||
|
precisely what we expect our code to do.
|
||||||
|
|
||||||
|
JupyterHub uses `pytest <https://pytest.org>`_ for all our tests. You
|
||||||
|
can find them under ``jupyterhub/tests`` directory in the git repository.
|
||||||
|
|
||||||
|
Running the tests
|
||||||
|
==================
|
||||||
|
|
||||||
|
#. Make sure you have completed :ref:`contributing/setup`. You should be able
|
||||||
|
to start ``jupyterhub`` from the commandline & access it from your
|
||||||
|
web browser. This ensures that the dev environment is properly set
|
||||||
|
up for tests to run.
|
||||||
|
|
||||||
|
#. You can run all tests in JupyterHub
|
||||||
|
|
||||||
|
.. code-block:: bash
|
||||||
|
|
||||||
|
pytest --async-test-timeout 15 -v jupyterhub/tests
|
||||||
|
|
||||||
|
This should display progress as it runs all the tests, printing
|
||||||
|
information about any test failures as they occur.
|
||||||
|
|
||||||
|
The ``--async-test-timeout`` parameter is used by `pytest-tornado
|
||||||
|
<https://github.com/eugeniy/pytest-tornado#markers>`_ to set the
|
||||||
|
asynchronous test timeout to 15 seconds rather than the default 5,
|
||||||
|
since some of our tests take longer than 5s to execute.
|
||||||
|
|
||||||
|
#. You can also run tests in just a specific file:
|
||||||
|
|
||||||
|
.. code-block:: bash
|
||||||
|
|
||||||
|
pytest --async-test-timeout 15 -v jupyterhub/tests/<test-file-name>
|
||||||
|
|
||||||
|
#. To run a specific test only, you can do:
|
||||||
|
|
||||||
|
.. code-block:: bash
|
||||||
|
|
||||||
|
pytest --async-test-timeout 15 -v jupyterhub/tests/<test-file-name>::<test-name>
|
||||||
|
|
||||||
|
This runs the test with function name ``<test-name>`` defined in
|
||||||
|
``<test-file-name>``. This is very useful when you are iteratively
|
||||||
|
developing a single test.
|
||||||
|
|
||||||
|
For example, to run the test ``test_shutdown`` in the file ``test_api.py``,
|
||||||
|
you would run:
|
||||||
|
|
||||||
|
.. code-block:: bash
|
||||||
|
|
||||||
|
pytest -v jupyterhub/tests/test_api.py::test_shutdown
|
||||||
|
|
||||||
|
|
||||||
|
Troubleshooting Test Failures
|
||||||
|
=============================
|
||||||
|
|
||||||
|
All the tests are failing
|
||||||
|
-------------------------
|
||||||
|
|
||||||
|
Make sure you have completed all the steps in :ref:`contributing/setup` sucessfully, and
|
||||||
|
can launch ``jupyterhub`` from the terminal.
|
||||||
|
|
||||||
|
Tests are timing out
|
||||||
|
--------------------
|
||||||
|
|
||||||
|
The ``--async-test-timeout`` parameter to ``pytest`` is used by
|
||||||
|
`pytest-tornado <https://github.com/eugeniy/pytest-tornado#markers>`_ to set
|
||||||
|
the asynchronous test timeout to a higher value than the default of 5s,
|
||||||
|
since some of our tests take longer than 5s to execute. If the tests
|
||||||
|
are still timing out, try increasing that value even more. You can
|
||||||
|
also set an environment variable ``ASYNC_TEST_TIMEOUT`` instead of
|
||||||
|
passing ``--async-test-timeout`` to each invocation of pytest.
|
@@ -3,37 +3,65 @@
|
|||||||
Project Jupyter thanks the following people for their help and
|
Project Jupyter thanks the following people for their help and
|
||||||
contribution on JupyterHub:
|
contribution on JupyterHub:
|
||||||
|
|
||||||
|
- adelcast
|
||||||
|
- Analect
|
||||||
- anderbubble
|
- anderbubble
|
||||||
|
- anikitml
|
||||||
|
- ankitksharma
|
||||||
- apetresc
|
- apetresc
|
||||||
|
- athornton
|
||||||
- barrachri
|
- barrachri
|
||||||
|
- BerserkerTroll
|
||||||
- betatim
|
- betatim
|
||||||
- Carreau
|
- Carreau
|
||||||
|
- cfournie
|
||||||
- charnpreetsingh
|
- charnpreetsingh
|
||||||
|
- chicovenancio
|
||||||
|
- cikao
|
||||||
- ckald
|
- ckald
|
||||||
|
- cmoscardi
|
||||||
|
- consideRatio
|
||||||
|
- cqzlxl
|
||||||
- CRegenschein
|
- CRegenschein
|
||||||
- cwaldbieser
|
- cwaldbieser
|
||||||
- danielballen
|
- danielballen
|
||||||
- danoventa
|
- danoventa
|
||||||
- daradib
|
- daradib
|
||||||
|
- darky2004
|
||||||
- datapolitan
|
- datapolitan
|
||||||
- dblockow-d2dcrc
|
- dblockow-d2dcrc
|
||||||
- DeepHorizons
|
- DeepHorizons
|
||||||
|
- DerekHeldtWerle
|
||||||
- dhirschfeld
|
- dhirschfeld
|
||||||
- dietmarw
|
- dietmarw
|
||||||
|
- dingc3
|
||||||
- dmartzol
|
- dmartzol
|
||||||
- DominicFollettSmith
|
- DominicFollettSmith
|
||||||
- dsblank
|
- dsblank
|
||||||
|
- dtaniwaki
|
||||||
|
- echarles
|
||||||
- ellisonbg
|
- ellisonbg
|
||||||
|
- emmanuel
|
||||||
- evanlinde
|
- evanlinde
|
||||||
- Fokko
|
- Fokko
|
||||||
- fperez
|
- fperez
|
||||||
|
- franga2000
|
||||||
|
- GladysNalvarte
|
||||||
|
- glenak1911
|
||||||
|
- gweis
|
||||||
- iamed18
|
- iamed18
|
||||||
|
- jamescurtin
|
||||||
- JamiesHQ
|
- JamiesHQ
|
||||||
|
- JasonJWilliamsNY
|
||||||
- jbweston
|
- jbweston
|
||||||
- jdavidheiser
|
- jdavidheiser
|
||||||
- jencabral
|
- jencabral
|
||||||
- jhamrick
|
- jhamrick
|
||||||
|
- jkinkead
|
||||||
|
- johnkpark
|
||||||
- josephtate
|
- josephtate
|
||||||
|
- jzf2101
|
||||||
|
- karfai
|
||||||
- kinuax
|
- kinuax
|
||||||
- KrishnaPG
|
- KrishnaPG
|
||||||
- kroq-gar78
|
- kroq-gar78
|
||||||
@@ -43,27 +71,44 @@ contribution on JupyterHub:
|
|||||||
- minrk
|
- minrk
|
||||||
- mistercrunch
|
- mistercrunch
|
||||||
- Mistobaan
|
- Mistobaan
|
||||||
|
- mpacer
|
||||||
- mwmarkland
|
- mwmarkland
|
||||||
|
- ndly
|
||||||
- nthiery
|
- nthiery
|
||||||
|
- nxg
|
||||||
- ObiWahn
|
- ObiWahn
|
||||||
- ozancaglayan
|
- ozancaglayan
|
||||||
|
- paccorsi
|
||||||
- parente
|
- parente
|
||||||
- PeterDaveHello
|
- PeterDaveHello
|
||||||
- peterruppel
|
- peterruppel
|
||||||
|
- phill84
|
||||||
- pjamason
|
- pjamason
|
||||||
- prasadkatti
|
- prasadkatti
|
||||||
- rafael-ladislau
|
- rafael-ladislau
|
||||||
|
- rcthomas
|
||||||
- rgbkrk
|
- rgbkrk
|
||||||
|
- rkdarst
|
||||||
- robnagler
|
- robnagler
|
||||||
|
- rschroll
|
||||||
- ryanlovett
|
- ryanlovett
|
||||||
|
- sangramga
|
||||||
- Scrypy
|
- Scrypy
|
||||||
|
- schon
|
||||||
- shreddd
|
- shreddd
|
||||||
|
- Siecje
|
||||||
|
- smiller5678
|
||||||
- spoorthyv
|
- spoorthyv
|
||||||
- ssanderson
|
- ssanderson
|
||||||
|
- summerswallow
|
||||||
|
- syutbai
|
||||||
- takluyver
|
- takluyver
|
||||||
- temogen
|
- temogen
|
||||||
- ThomasMChen
|
- ThomasMChen
|
||||||
|
- Thoralf Gutierrez
|
||||||
|
- timfreund
|
||||||
- TimShawver
|
- TimShawver
|
||||||
|
- tklever
|
||||||
- Todd-Z-Li
|
- Todd-Z-Li
|
||||||
- toobaz
|
- toobaz
|
||||||
- tsaeger
|
- tsaeger
|
||||||
|
@@ -85,8 +85,13 @@ easy to do with RStudio too.
|
|||||||
|
|
||||||
- https://datascience.business.illinois.edu
|
- https://datascience.business.illinois.edu
|
||||||
|
|
||||||
|
### IllustrisTNG Simulation Project
|
||||||
|
|
||||||
|
- [JupyterHub/Lab-based analysis platform, part of the TNG public data release](http://www.tng-project.org/data/)
|
||||||
|
|
||||||
### MIT and Lincoln Labs
|
### MIT and Lincoln Labs
|
||||||
|
|
||||||
|
- https://supercloud.mit.edu/
|
||||||
|
|
||||||
### Michigan State University
|
### Michigan State University
|
||||||
|
|
||||||
@@ -100,6 +105,11 @@ easy to do with RStudio too.
|
|||||||
|
|
||||||
- https://dsa.missouri.edu/faq/
|
- https://dsa.missouri.edu/faq/
|
||||||
|
|
||||||
|
### Paderborn University
|
||||||
|
|
||||||
|
- [Data Science (DICE) group](https://dice.cs.uni-paderborn.de/)
|
||||||
|
- [nbgraderutils](https://github.com/dice-group/nbgraderutils): Use JupyterHub + nbgrader + iJava kernel for online Java exercises. Used in lecture Statistical Natural Language Processing.
|
||||||
|
|
||||||
### University of Rochester CIRC
|
### University of Rochester CIRC
|
||||||
|
|
||||||
- [JupyterHub Userguide](https://info.circ.rochester.edu/Web_Applications/JupyterHub.html) - Slurm, beehive
|
- [JupyterHub Userguide](https://info.circ.rochester.edu/Web_Applications/JupyterHub.html) - Slurm, beehive
|
||||||
@@ -141,7 +151,6 @@ easy to do with RStudio too.
|
|||||||
|
|
||||||
[Everware](https://github.com/everware) Reproducible and reusable science powered by jupyterhub and docker. Like nbviewer, but executable. CERN, Geneva [website](http://everware.xyz/)
|
[Everware](https://github.com/everware) Reproducible and reusable science powered by jupyterhub and docker. Like nbviewer, but executable. CERN, Geneva [website](http://everware.xyz/)
|
||||||
|
|
||||||
|
|
||||||
### Microsoft Azure
|
### Microsoft Azure
|
||||||
|
|
||||||
- https://docs.microsoft.com/en-us/azure/machine-learning/machine-learning-data-science-linux-dsvm-intro
|
- https://docs.microsoft.com/en-us/azure/machine-learning/machine-learning-data-science-linux-dsvm-intro
|
||||||
@@ -151,8 +160,6 @@ easy to do with RStudio too.
|
|||||||
- https://getcarina.com/blog/learning-how-to-whale/
|
- https://getcarina.com/blog/learning-how-to-whale/
|
||||||
- http://carolynvanslyck.com/talk/carina/jupyterhub/#/
|
- http://carolynvanslyck.com/talk/carina/jupyterhub/#/
|
||||||
|
|
||||||
### Red Hat
|
|
||||||
|
|
||||||
|
|
||||||
## Miscellaneous
|
## Miscellaneous
|
||||||
|
|
||||||
|
@@ -31,6 +31,15 @@ c.Authenticator.admin_users = {'mal', 'zoe'}
|
|||||||
Users in the admin list are automatically added to the user `whitelist`,
|
Users in the admin list are automatically added to the user `whitelist`,
|
||||||
if they are not already present.
|
if they are not already present.
|
||||||
|
|
||||||
|
Each authenticator may have different ways of determining whether a user is an
|
||||||
|
administrator. By default JupyterHub use the PAMAuthenticator which provide the
|
||||||
|
`admin_groups` option and can determine administrator status base on a user
|
||||||
|
groups. For example we can let any users in the `wheel` group be admin:
|
||||||
|
|
||||||
|
```python
|
||||||
|
c.PAMAuthenticator.admin_groups = {'wheel'}
|
||||||
|
```
|
||||||
|
|
||||||
## Give admin access to other users' notebook servers (`admin_access`)
|
## Give admin access to other users' notebook servers (`admin_access`)
|
||||||
|
|
||||||
Since the default `JupyterHub.admin_access` setting is False, the admins
|
Since the default `JupyterHub.admin_access` setting is False, the admins
|
||||||
@@ -95,5 +104,16 @@ popular services:
|
|||||||
A generic implementation, which you can use for OAuth authentication
|
A generic implementation, which you can use for OAuth authentication
|
||||||
with any provider, is also available.
|
with any provider, is also available.
|
||||||
|
|
||||||
|
## Use DummyAuthenticator for testing
|
||||||
|
|
||||||
|
The :class:`~jupyterhub.auth.DummyAuthenticator` is a simple authenticator that
|
||||||
|
allows for any username/password unless if a global password has been set. If
|
||||||
|
set, it will allow for any username as long as the correct password is provided.
|
||||||
|
To set a global password, add this to the config file:
|
||||||
|
|
||||||
|
```python
|
||||||
|
c.DummyAuthenticator.password = "some_password"
|
||||||
|
```
|
||||||
|
|
||||||
[PAM]: https://en.wikipedia.org/wiki/Pluggable_authentication_module
|
[PAM]: https://en.wikipedia.org/wiki/Pluggable_authentication_module
|
||||||
[OAuthenticator]: https://github.com/jupyterhub/oauthenticator
|
[OAuthenticator]: https://github.com/jupyterhub/oauthenticator
|
||||||
|
@@ -1,7 +1,7 @@
|
|||||||
# Configuration Basics
|
# Configuration Basics
|
||||||
|
|
||||||
The section contains basic information about configuring settings for a JupyterHub
|
The section contains basic information about configuring settings for a JupyterHub
|
||||||
deployment. The [Technical Reference](../reference/index.html)
|
deployment. The [Technical Reference](../reference/index)
|
||||||
documentation provides additional details.
|
documentation provides additional details.
|
||||||
|
|
||||||
This section will help you learn how to:
|
This section will help you learn how to:
|
||||||
@@ -44,7 +44,7 @@ jupyterhub -f /etc/jupyterhub/jupyterhub_config.py
|
|||||||
```
|
```
|
||||||
|
|
||||||
The IPython documentation provides additional information on the
|
The IPython documentation provides additional information on the
|
||||||
[config system](http://ipython.readthedocs.io/en/stable/development/config.html)
|
[config system](http://ipython.readthedocs.io/en/stable/development/config)
|
||||||
that Jupyter uses.
|
that Jupyter uses.
|
||||||
|
|
||||||
## Configure using command line options
|
## Configure using command line options
|
||||||
@@ -61,7 +61,7 @@ would enter:
|
|||||||
|
|
||||||
```bash
|
```bash
|
||||||
jupyterhub --ip 10.0.1.2 --port 443 --ssl-key my_ssl.key --ssl-cert my_ssl.cert
|
jupyterhub --ip 10.0.1.2 --port 443 --ssl-key my_ssl.key --ssl-cert my_ssl.cert
|
||||||
```
|
```
|
||||||
|
|
||||||
All configurable options may technically be set on the command-line,
|
All configurable options may technically be set on the command-line,
|
||||||
though some are inconvenient to type. To set a particular configuration
|
though some are inconvenient to type. To set a particular configuration
|
||||||
@@ -77,11 +77,24 @@ jupyterhub --Spawner.notebook_dir='~/assignments'
|
|||||||
## Configure for various deployment environments
|
## Configure for various deployment environments
|
||||||
|
|
||||||
The default authentication and process spawning mechanisms can be replaced, and
|
The default authentication and process spawning mechanisms can be replaced, and
|
||||||
specific [authenticators](./authenticators-users-basics.html) and
|
specific [authenticators](./authenticators-users-basics) and
|
||||||
[spawners](./spawners-basics.html) can be set in the configuration file.
|
[spawners](./spawners-basics) can be set in the configuration file.
|
||||||
This enables JupyterHub to be used with a variety of authentication methods or
|
This enables JupyterHub to be used with a variety of authentication methods or
|
||||||
process control and deployment environments. [Some examples](../reference/config-examples.html),
|
process control and deployment environments. [Some examples](../reference/config-examples),
|
||||||
meant as illustration, are:
|
meant as illustration, are:
|
||||||
|
|
||||||
- Using GitHub OAuth instead of PAM with [OAuthenticator](https://github.com/jupyterhub/oauthenticator)
|
- Using GitHub OAuth instead of PAM with [OAuthenticator](https://github.com/jupyterhub/oauthenticator)
|
||||||
- Spawning single-user servers with Docker, using the [DockerSpawner](https://github.com/jupyterhub/dockerspawner)
|
- Spawning single-user servers with Docker, using the [DockerSpawner](https://github.com/jupyterhub/dockerspawner)
|
||||||
|
|
||||||
|
## Run the proxy separately
|
||||||
|
|
||||||
|
This is *not* strictly necessary, but useful in many cases. If you
|
||||||
|
use a custom proxy (e.g. Traefik), this also not needed.
|
||||||
|
|
||||||
|
Connections to user servers go through the proxy, and *not* the hub
|
||||||
|
itself. If the proxy stays running when the hub restarts (for
|
||||||
|
maintenance, re-configuration, etc.), then use connections are not
|
||||||
|
interrupted. For simplicity, by default the hub starts the proxy
|
||||||
|
automatically, so if the hub restarts, the proxy restarts, and user
|
||||||
|
connections are interrupted. It is easy to run the proxy separately,
|
||||||
|
for information see [the separate proxy page](../reference/separate-proxy).
|
||||||
|
@@ -35,6 +35,10 @@ Configuring only the main IP and port of JupyterHub should be sufficient for
|
|||||||
most deployments of JupyterHub. However, more customized scenarios may need
|
most deployments of JupyterHub. However, more customized scenarios may need
|
||||||
additional networking details to be configured.
|
additional networking details to be configured.
|
||||||
|
|
||||||
|
Note that `c.JupyterHub.ip` and `c.JupyterHub.port` are single values,
|
||||||
|
not tuples or lists – JupyterHub listens to only a single IP address and
|
||||||
|
port.
|
||||||
|
|
||||||
## Set the Proxy's REST API communication URL (optional)
|
## Set the Proxy's REST API communication URL (optional)
|
||||||
|
|
||||||
By default, this REST API listens on port 8081 of `localhost` only.
|
By default, this REST API listens on port 8081 of `localhost` only.
|
||||||
@@ -86,3 +90,12 @@ configuration for, e.g. docker, is:
|
|||||||
c.JupyterHub.hub_ip = '0.0.0.0' # listen on all interfaces
|
c.JupyterHub.hub_ip = '0.0.0.0' # listen on all interfaces
|
||||||
c.JupyterHub.hub_connect_ip = '10.0.1.4' # ip as seen on the docker network. Can also be a hostname.
|
c.JupyterHub.hub_connect_ip = '10.0.1.4' # ip as seen on the docker network. Can also be a hostname.
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Adjusting the hub's URL
|
||||||
|
|
||||||
|
The hub will most commonly be running on a hostname of its own. If it
|
||||||
|
is not – for example, if the hub is being reverse-proxied and being
|
||||||
|
exposed at a URL such as `https://proxy.example.org/jupyter/` – then
|
||||||
|
you will need to tell JupyterHub the base URL of the service. In such
|
||||||
|
a case, it is both necessary and sufficient to set
|
||||||
|
`c.JupyterHub.base_url = '/jupyter/'` in the configuration.
|
||||||
|
@@ -45,7 +45,7 @@ is important that these files be put in a secure location on your server, where
|
|||||||
they are not readable by regular users.
|
they are not readable by regular users.
|
||||||
|
|
||||||
If you are using a **chain certificate**, see also chained certificate for SSL
|
If you are using a **chain certificate**, see also chained certificate for SSL
|
||||||
in the JupyterHub `troubleshooting FAQ <troubleshooting>`_.
|
in the JupyterHub `Troubleshooting FAQ <../troubleshooting.html>`_.
|
||||||
|
|
||||||
Using letsencrypt
|
Using letsencrypt
|
||||||
~~~~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~~~~
|
||||||
@@ -72,8 +72,13 @@ would be the needed configuration:
|
|||||||
If SSL termination happens outside of the Hub
|
If SSL termination happens outside of the Hub
|
||||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
In certain cases, e.g. behind `SSL termination in NGINX <https://www.nginx.com/resources/admin-guide/nginx-ssl-termination/>`_,
|
In certain cases, for example if the hub is running behind a reverse proxy, and
|
||||||
allowing no SSL running on the hub may be the desired configuration option.
|
`SSL termination is being provided by NGINX <https://www.nginx.com/resources/admin-guide/nginx-ssl-termination/>`_,
|
||||||
|
it is reasonable to run the hub without SSL.
|
||||||
|
|
||||||
|
To achieve this, simply omit the configuration settings
|
||||||
|
``c.JupyterHub.ssl_key`` and ``c.JupyterHub.ssl_cert``
|
||||||
|
(setting them to ``None`` does not have the same effect, and is an error).
|
||||||
|
|
||||||
.. _cookie-secret:
|
.. _cookie-secret:
|
||||||
|
|
||||||
@@ -119,7 +124,7 @@ hex-encoded string. You can set it this way:
|
|||||||
|
|
||||||
.. code-block:: bash
|
.. code-block:: bash
|
||||||
|
|
||||||
export JPY_COOKIE_SECRET=`openssl rand -hex 32`
|
export JPY_COOKIE_SECRET=$(openssl rand -hex 32)
|
||||||
|
|
||||||
For security reasons, this environment variable should only be visible to the
|
For security reasons, this environment variable should only be visible to the
|
||||||
Hub. If you set it dynamically as above, all users will be logged out each time
|
Hub. If you set it dynamically as above, all users will be logged out each time
|
||||||
@@ -168,7 +173,7 @@ using the ``CONFIGPROXY_AUTH_TOKEN`` environment variable:
|
|||||||
|
|
||||||
.. code-block:: bash
|
.. code-block:: bash
|
||||||
|
|
||||||
export CONFIGPROXY_AUTH_TOKEN='openssl rand -hex 32'
|
export CONFIGPROXY_AUTH_TOKEN=$(openssl rand -hex 32)
|
||||||
|
|
||||||
This environment variable needs to be visible to the Hub and Proxy.
|
This environment variable needs to be visible to the Hub and Proxy.
|
||||||
|
|
||||||
|
@@ -14,7 +14,7 @@ document will:
|
|||||||
|
|
||||||
- explain some basic information about API tokens
|
- explain some basic information about API tokens
|
||||||
- clarify that API tokens can be used to authenticate to
|
- clarify that API tokens can be used to authenticate to
|
||||||
single-user servers as of [version 0.8.0](../changelog.html)
|
single-user servers as of [version 0.8.0](../changelog)
|
||||||
- show how the [cull_idle_servers][] script can be:
|
- show how the [cull_idle_servers][] script can be:
|
||||||
- used in a Hub-managed service
|
- used in a Hub-managed service
|
||||||
- run as a standalone script
|
- run as a standalone script
|
||||||
@@ -29,14 +29,14 @@ Hub via the REST API.
|
|||||||
To run such an external service, an API token must be created and
|
To run such an external service, an API token must be created and
|
||||||
provided to the service.
|
provided to the service.
|
||||||
|
|
||||||
As of [version 0.6.0](../changelog.html), the preferred way of doing
|
As of [version 0.6.0](../changelog), the preferred way of doing
|
||||||
this is to first generate an API token:
|
this is to first generate an API token:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
openssl rand -hex 32
|
openssl rand -hex 32
|
||||||
```
|
```
|
||||||
|
|
||||||
In [version 0.8.0](../changelog.html), a TOKEN request page for
|
In [version 0.8.0](../changelog), a TOKEN request page for
|
||||||
generating an API token is available from the JupyterHub user interface:
|
generating an API token is available from the JupyterHub user interface:
|
||||||
|
|
||||||

|

|
||||||
@@ -88,7 +88,7 @@ c.JupyterHub.services = [
|
|||||||
{
|
{
|
||||||
'name': 'cull-idle',
|
'name': 'cull-idle',
|
||||||
'admin': True,
|
'admin': True,
|
||||||
'command': 'python cull_idle_servers.py --timeout=3600'.split(),
|
'command': [sys.executable, 'cull_idle_servers.py', '--timeout=3600'],
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
```
|
```
|
||||||
@@ -115,7 +115,7 @@ variable. Run `cull_idle_servers.py` manually.
|
|||||||
|
|
||||||
```bash
|
```bash
|
||||||
export JUPYTERHUB_API_TOKEN='token'
|
export JUPYTERHUB_API_TOKEN='token'
|
||||||
python cull_idle_servers.py [--timeout=900] [--url=http://127.0.0.1:8081/hub/api]
|
python3 cull_idle_servers.py [--timeout=900] [--url=http://127.0.0.1:8081/hub/api]
|
||||||
```
|
```
|
||||||
|
|
||||||
[cull_idle_servers]: https://github.com/jupyterhub/jupyterhub/blob/master/examples/cull-idle/cull_idle_servers.py
|
[cull_idle_servers]: https://github.com/jupyterhub/jupyterhub/blob/master/examples/cull-idle/cull_idle_servers.py
|
||||||
|
BIN
docs/source/images/login-button.png
Normal file
After Width: | Height: | Size: 30 KiB |
BIN
docs/source/images/login-form.png
Normal file
After Width: | Height: | Size: 43 KiB |
BIN
docs/source/images/named-servers-admin.png
Normal file
After Width: | Height: | Size: 104 KiB |
BIN
docs/source/images/named-servers-home.png
Normal file
After Width: | Height: | Size: 103 KiB |
BIN
docs/source/images/not-running.png
Normal file
After Width: | Height: | Size: 43 KiB |
BIN
docs/source/images/spawn-pending.png
Normal file
After Width: | Height: | Size: 75 KiB |
BIN
docs/source/images/token-page.png
Normal file
After Width: | Height: | Size: 103 KiB |
@@ -1,3 +1,4 @@
|
|||||||
|
==========
|
||||||
JupyterHub
|
JupyterHub
|
||||||
==========
|
==========
|
||||||
|
|
||||||
@@ -19,7 +20,7 @@ Three subsystems make up JupyterHub:
|
|||||||
|
|
||||||
JupyterHub performs the following functions:
|
JupyterHub performs the following functions:
|
||||||
|
|
||||||
- The Hub spawns a proxy
|
- The Hub launches a proxy
|
||||||
- The proxy forwards all requests to the Hub by default
|
- The proxy forwards all requests to the Hub by default
|
||||||
- The Hub handles user login and spawns single-user servers on demand
|
- The Hub handles user login and spawns single-user servers on demand
|
||||||
- The Hub configures the proxy to forward URL prefixes to the single-user
|
- The Hub configures the proxy to forward URL prefixes to the single-user
|
||||||
@@ -28,70 +29,141 @@ JupyterHub performs the following functions:
|
|||||||
For convenient administration of the Hub, its users, and services,
|
For convenient administration of the Hub, its users, and services,
|
||||||
JupyterHub also provides a `REST API`_.
|
JupyterHub also provides a `REST API`_.
|
||||||
|
|
||||||
|
The JupyterHub team and Project Jupyter value our community, and JupyterHub
|
||||||
|
follows the Jupyter `Community Guides <https://jupyter.readthedocs.io/en/latest/community/content-community.html>`_.
|
||||||
|
|
||||||
Contents
|
Contents
|
||||||
--------
|
========
|
||||||
|
|
||||||
**Installation Guide**
|
.. _index/distributions:
|
||||||
|
|
||||||
* :doc:`installation-guide`
|
Distributions
|
||||||
* :doc:`quickstart`
|
-------------
|
||||||
* :doc:`quickstart-docker`
|
|
||||||
* :doc:`installation-basics`
|
|
||||||
|
|
||||||
**Getting Started**
|
A JupyterHub **distribution** is tailored towards a particular set of
|
||||||
|
use cases. These are generally easier to set up than setting up
|
||||||
|
JupyterHub from scratch, assuming they fit your use case.
|
||||||
|
|
||||||
* :doc:`getting-started/index`
|
The two popular ones are:
|
||||||
* :doc:`getting-started/config-basics`
|
|
||||||
* :doc:`getting-started/networking-basics`
|
|
||||||
* :doc:`getting-started/security-basics`
|
|
||||||
* :doc:`getting-started/authenticators-users-basics`
|
|
||||||
* :doc:`getting-started/spawners-basics`
|
|
||||||
* :doc:`getting-started/services-basics`
|
|
||||||
|
|
||||||
**Technical Reference**
|
* `Zero to JupyterHub on Kubernetes <http://z2jh.jupyter.org>`_, for
|
||||||
|
running JupyterHub on top of `Kubernetes <https://k8s.io>`_. This
|
||||||
|
can scale to large number of machines & users.
|
||||||
|
* `The Littlest JupyterHub <http://tljh.jupyter.org>`_, for an easy
|
||||||
|
to set up & run JupyterHub supporting 1-100 users on a single machine.
|
||||||
|
|
||||||
* :doc:`reference/index`
|
Installation Guide
|
||||||
* :doc:`reference/technical-overview`
|
------------------
|
||||||
* :doc:`reference/websecurity`
|
|
||||||
* :doc:`reference/authenticators`
|
|
||||||
* :doc:`reference/spawners`
|
|
||||||
* :doc:`reference/services`
|
|
||||||
* :doc:`reference/rest`
|
|
||||||
* :doc:`reference/upgrading`
|
|
||||||
* :doc:`reference/config-examples`
|
|
||||||
|
|
||||||
**API Reference**
|
.. toctree::
|
||||||
|
:maxdepth: 1
|
||||||
|
|
||||||
* :doc:`api/index`
|
installation-guide
|
||||||
|
quickstart
|
||||||
|
quickstart-docker
|
||||||
|
installation-basics
|
||||||
|
|
||||||
**Tutorials**
|
Getting Started
|
||||||
|
---------------
|
||||||
|
|
||||||
* :doc:`tutorials/index`
|
.. toctree::
|
||||||
* :doc:`tutorials/upgrade-dot-eight`
|
:maxdepth: 1
|
||||||
* `Zero to JupyterHub with Kubernetes <https://zero-to-jupyterhub.readthedocs.io/en/latest/>`_
|
|
||||||
|
|
||||||
**Troubleshooting**
|
getting-started/index
|
||||||
|
getting-started/config-basics
|
||||||
|
getting-started/networking-basics
|
||||||
|
getting-started/security-basics
|
||||||
|
getting-started/authenticators-users-basics
|
||||||
|
getting-started/spawners-basics
|
||||||
|
getting-started/services-basics
|
||||||
|
|
||||||
* :doc:`troubleshooting`
|
Technical Reference
|
||||||
|
-------------------
|
||||||
|
|
||||||
**About JupyterHub**
|
.. toctree::
|
||||||
|
:maxdepth: 1
|
||||||
|
|
||||||
* :doc:`contributor-list`
|
reference/index
|
||||||
* :doc:`gallery-jhub-deployments`
|
reference/technical-overview
|
||||||
|
reference/websecurity
|
||||||
|
reference/authenticators
|
||||||
|
reference/spawners
|
||||||
|
reference/services
|
||||||
|
reference/rest
|
||||||
|
reference/templates
|
||||||
|
reference/config-user-env
|
||||||
|
reference/config-examples
|
||||||
|
reference/config-ghoauth
|
||||||
|
reference/config-proxy
|
||||||
|
reference/config-sudo
|
||||||
|
|
||||||
**Changelog**
|
Contributing
|
||||||
|
------------
|
||||||
|
|
||||||
* :doc:`changelog`
|
We want you to contribute to JupyterHub in ways that are most exciting
|
||||||
|
& useful to you. We value documentation, testing, bug reporting & code equally,
|
||||||
|
and are glad to have your contributions in whatever form you wish :)
|
||||||
|
|
||||||
|
Our `Code of Conduct <https://github.com/jupyter/governance/blob/master/conduct/code_of_conduct.md>`_
|
||||||
|
(`reporting guidelines <https://github.com/jupyter/governance/blob/master/conduct/reporting_online.md>`_)
|
||||||
|
helps keep our community welcoming to as many people as possible.
|
||||||
|
|
||||||
|
.. toctree::
|
||||||
|
:maxdepth: 1
|
||||||
|
|
||||||
|
contributing/community
|
||||||
|
contributing/setup
|
||||||
|
contributing/docs
|
||||||
|
contributing/tests
|
||||||
|
contributing/roadmap
|
||||||
|
contributing/security
|
||||||
|
|
||||||
|
Upgrading JupyterHub
|
||||||
|
--------------------
|
||||||
|
|
||||||
|
We try to make upgrades between minor versions as painless as possible.
|
||||||
|
|
||||||
|
.. toctree::
|
||||||
|
:maxdepth: 1
|
||||||
|
|
||||||
|
admin/upgrading
|
||||||
|
changelog
|
||||||
|
|
||||||
|
API Reference
|
||||||
|
-------------
|
||||||
|
|
||||||
|
.. toctree::
|
||||||
|
:maxdepth: 1
|
||||||
|
|
||||||
|
api/index
|
||||||
|
|
||||||
|
Troubleshooting
|
||||||
|
---------------
|
||||||
|
|
||||||
|
.. toctree::
|
||||||
|
:maxdepth: 1
|
||||||
|
|
||||||
|
troubleshooting
|
||||||
|
|
||||||
|
About JupyterHub
|
||||||
|
----------------
|
||||||
|
|
||||||
|
.. toctree::
|
||||||
|
:maxdepth: 1
|
||||||
|
|
||||||
|
contributor-list
|
||||||
|
changelog
|
||||||
|
gallery-jhub-deployments
|
||||||
|
|
||||||
Indices and tables
|
Indices and tables
|
||||||
------------------
|
==================
|
||||||
|
|
||||||
* :ref:`genindex`
|
* :ref:`genindex`
|
||||||
* :ref:`modindex`
|
* :ref:`modindex`
|
||||||
|
|
||||||
|
|
||||||
Questions? Suggestions?
|
Questions? Suggestions?
|
||||||
-----------------------
|
=======================
|
||||||
|
|
||||||
- `Jupyter mailing list <https://groups.google.com/forum/#!forum/jupyter>`_
|
- `Jupyter mailing list <https://groups.google.com/forum/#!forum/jupyter>`_
|
||||||
- `Jupyter website <https://jupyter.org>`_
|
- `Jupyter website <https://jupyter.org>`_
|
||||||
@@ -99,7 +171,7 @@ Questions? Suggestions?
|
|||||||
.. _contents:
|
.. _contents:
|
||||||
|
|
||||||
Full Table of Contents
|
Full Table of Contents
|
||||||
----------------------
|
======================
|
||||||
|
|
||||||
.. toctree::
|
.. toctree::
|
||||||
:maxdepth: 2
|
:maxdepth: 2
|
||||||
@@ -108,7 +180,6 @@ Full Table of Contents
|
|||||||
getting-started/index
|
getting-started/index
|
||||||
reference/index
|
reference/index
|
||||||
api/index
|
api/index
|
||||||
tutorials/index
|
|
||||||
troubleshooting
|
troubleshooting
|
||||||
contributor-list
|
contributor-list
|
||||||
gallery-jhub-deployments
|
gallery-jhub-deployments
|
||||||
|
@@ -6,7 +6,7 @@ JupyterHub is supported on Linux/Unix based systems. To use JupyterHub, you need
|
|||||||
a Unix server (typically Linux) running somewhere that is accessible to your
|
a Unix server (typically Linux) running somewhere that is accessible to your
|
||||||
team on the network. The JupyterHub server can be on an internal network at your
|
team on the network. The JupyterHub server can be on an internal network at your
|
||||||
organization, or it can run on the public internet (in which case, take care
|
organization, or it can run on the public internet (in which case, take care
|
||||||
with the Hub's [security](./security-basics.html)).
|
with the Hub's [security](./getting-started/security-basics)).
|
||||||
|
|
||||||
JupyterHub officially **does not** support Windows. You may be able to use
|
JupyterHub officially **does not** support Windows. You may be able to use
|
||||||
JupyterHub on Windows if you use a Spawner and Authenticator that work on
|
JupyterHub on Windows if you use a Spawner and Authenticator that work on
|
||||||
@@ -28,7 +28,7 @@ Prior to beginning installation, it's helpful to consider some of the following:
|
|||||||
- Spawner of singleuser notebook servers (Docker, Batch, etc.)
|
- Spawner of singleuser notebook servers (Docker, Batch, etc.)
|
||||||
- Services (nbgrader, etc.)
|
- Services (nbgrader, etc.)
|
||||||
- JupyterHub database (default SQLite; traditional RDBMS such as PostgreSQL,)
|
- JupyterHub database (default SQLite; traditional RDBMS such as PostgreSQL,)
|
||||||
MySQL, or other databases supported by [SQLAlchemy](http://www.sqlalchemy.org))
|
MySQL, or other databases supported by [SQLAlchemy](http://www.sqlalchemy.org))
|
||||||
|
|
||||||
## Folders and File Locations
|
## Folders and File Locations
|
||||||
|
|
||||||
|
52
docs/source/ipython_security.asc
Normal file
@@ -0,0 +1,52 @@
|
|||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
Version: GnuPG v2.0.22 (GNU/Linux)
|
||||||
|
|
||||||
|
mQINBFMx2LoBEAC9xU8JiKI1VlCJ4PT9zqhU5nChQZ06/bj1BBftiMJG07fdGVO0
|
||||||
|
ibOn4TrCoRYaeRlet0UpHzxT4zDa5h3/usJaJNTSRwtWePw2o7Lik8J+F3LionRf
|
||||||
|
8Jz81WpJ+81Klg4UWKErXjBHsu/50aoQm6ZNYG4S2nwOmMVEC4nc44IAA0bb+6kW
|
||||||
|
saFKKzEDsASGyuvyutdyUHiCfvvh5GOC2h9mXYvl4FaMW7K+d2UgCYERcXDNy7C1
|
||||||
|
Bw+uepQ9ELKdG4ZpvonO6BNr1BWLln3wk93AQfD5qhfsYRJIyj0hJlaRLtBU3i6c
|
||||||
|
xs+gQNF4mPmybpPSGuOyUr4FYC7NfoG7IUMLj+DYa6d8LcMJO+9px4IbdhQvzGtC
|
||||||
|
qz5av1TX7/+gnS4L8C9i1g8xgI+MtvogngPmPY4repOlK6y3l/WtxUPkGkyYkn3s
|
||||||
|
RzYyE/GJgTwuxFXzMQs91s+/iELFQq/QwmEJf+g/QYfSAuM+lVGajEDNBYVAQkxf
|
||||||
|
gau4s8Gm0GzTZmINilk+7TxpXtKbFc/Yr4A/fMIHmaQ7KmJB84zKwONsQdVv7Jjj
|
||||||
|
0dpwu8EIQdHxX3k7/Q+KKubEivgoSkVwuoQTG15X9xrOsDZNwfOVQh+JKazPvJtd
|
||||||
|
SNfep96r9t/8gnXv9JI95CGCQ8lNhXBUSBM3BDPTbudc4b6lFUyMXN0mKQARAQAB
|
||||||
|
tCxJUHl0aG9uIFNlY3VyaXR5IFRlYW0gPHNlY3VyaXR5QGlweXRob24ub3JnPokC
|
||||||
|
OAQTAQIAIgUCUzHYugIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQEwJc
|
||||||
|
LcmZYkjuXg//R/t6nMNQmf9W1h52IVfUbRAVmvZ5d063hQHKV2dssxtnA2dRm/x5
|
||||||
|
JZu8Wz7ZrEZpyqwRJO14sxN1/lC3v+zs9XzYXr2lBTZuKCPIBypYVGIynCuWJBQJ
|
||||||
|
rWnfG4+u1RHahnjqlTWTY1C/le6v7SjAvCb6GbdA6k4ZL2EJjQlRaHDmzw3rV/+l
|
||||||
|
LLx6/tYzIsotuflm/bFumyOMmpQQpJjnCkWIVjnRICZvuAn97jLgtTI0+0Rzf4Zb
|
||||||
|
k2BwmHwDRqWCTTcRI9QvTl8AzjW+dNImN22TpGOBPfYj8BCZ9twrpKUbf+jNqJ1K
|
||||||
|
THQzFtpdJ6SzqiFVm74xW4TKqCLkbCQ/HtVjTGMGGz/y7KTtaLpGutQ6XE8SSy6P
|
||||||
|
EffSb5u+kKlQOWaH7Mc3B0yAojz6T3j5RSI8ts6pFi6pZhDg9hBfPK2dT0v/7Mkv
|
||||||
|
E1Z7q2IdjZnhhtGWjDAMtDDn2NbY2wuGoa5jAWAR0WvIbEZ3kOxuLE5/ZOG1FyYm
|
||||||
|
noJRliBz7038nT92EoD5g1pdzuxgXtGCpYyyjRZwaLmmi4CvA+oThKmnqWNY5lyY
|
||||||
|
ricdNHDiyEXK0YafJL1oZgM86MSb0jKJMp5U11nUkUGzkroFfpGDmzBwAzEPgeiF
|
||||||
|
40+qgsKB9lqwb3G7PxvfSi3XwxfXgpm1cTyEaPSzsVzve3d1xeqb7Yq5Ag0EUzHY
|
||||||
|
ugEQALQ5FtLdNoxTxMsgvrRr1ejLiUeRNUfXtN1TYttOfvAhfBVnszjtkpIW8DCB
|
||||||
|
JF/bA7ETiH8OYYn/Fm6MPI5H64IHEncpzxjf57jgpXd9CA9U2OMk/P1nve5zYchP
|
||||||
|
QmP2fJxeAWr0aRH0Mse5JS5nCkh8Xv4nAjsBYeLTJEVOb1gPQFXOiFcVp3gaKAzX
|
||||||
|
GWOZ/mtG/uaNsabH/3TkcQQEgJefd11DWgMB7575GU+eME7c6hn3FPITA5TC5HUX
|
||||||
|
azvjv/PsWGTTVAJluJ3fUDvhpbGwYOh1uV0rB68lPpqVIro18IIJhNDnccM/xqko
|
||||||
|
4fpJdokdg4L1wih+B04OEXnwgjWG8OIphR/oL/+M37VV2U7Om/GE6LGefaYccC9c
|
||||||
|
tIaacRQJmZpG/8RsimFIY2wJ07z8xYBITmhMmOt0bLBv0mU0ym5KH9Dnru1m9QDO
|
||||||
|
AHwcKrDgL85f9MCn+YYw0d1lYxjOXjf+moaeW3izXCJ5brM+MqVtixY6aos3YO29
|
||||||
|
J7SzQ4aEDv3h/oKdDfZny21jcVPQxGDui8sqaZCi8usCcyqWsKvFHcr6vkwaufcm
|
||||||
|
3Knr2HKVotOUF5CDZybopIz1sJvY/5Dx9yfRmtivJtglrxoDKsLi1rQTlEQcFhCS
|
||||||
|
ACjf7txLtv03vWHxmp4YKQFkkOlbyhIcvfPVLTvqGerdT2FHABEBAAGJAh8EGAEC
|
||||||
|
AAkFAlMx2LoCGwwACgkQEwJcLcmZYkgK0BAAny0YUugpZldiHzYNf8I6p2OpiDWv
|
||||||
|
ZHaguTTPg2LJSKaTd+5UHZwRFIWjcSiFu+qTGLNtZAdcr0D5f991CPvyDSLYgOwb
|
||||||
|
Jm2p3GM2KxfECWzFbB/n/PjbZ5iky3+5sPlOdBR4TkfG4fcu5GwUgCkVe5u3USAk
|
||||||
|
C6W5lpeaspDz39HAPRSIOFEX70+xV+6FZ17B7nixFGN+giTpGYOEdGFxtUNmHmf+
|
||||||
|
waJoPECyImDwJvmlMTeP9jfahlB6Pzaxt6TBZYHetI/JR9FU69EmA+XfCSGt5S+0
|
||||||
|
Eoc330gpsSzo2VlxwRCVNrcuKmG7PsFFANok05ssFq1/Djv5rJ++3lYb88b8HSP2
|
||||||
|
3pQJPrM7cQNU8iPku9yLXkY5qsoZOH+3yAia554Dgc8WBhp6fWh58R0dIONQxbbo
|
||||||
|
apNdwvlI8hKFB7TiUL6PNShE1yL+XD201iNkGAJXbLMIC1ImGLirUfU267A3Cop5
|
||||||
|
hoGs179HGBcyj/sKA3uUIFdNtP+NndaP3v4iYhCitdVCvBJMm6K3tW88qkyRGzOk
|
||||||
|
4PW422oyWKwbAPeMk5PubvEFuFAIoBAFn1zecrcOg85RzRnEeXaiemmmH8GOe1Xu
|
||||||
|
Kh+7h8XXyG6RPFy8tCcLOTk+miTqX+4VWy+kVqoS2cQ5IV8WsJ3S7aeIy0H89Z8n
|
||||||
|
5vmLc+Ibz+eT+rM=
|
||||||
|
=XVDe
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
@@ -25,7 +25,7 @@ Starting JupyterHub with docker
|
|||||||
|
|
||||||
The JupyterHub docker image can be started with the following command::
|
The JupyterHub docker image can be started with the following command::
|
||||||
|
|
||||||
docker run -d --name jupyterhub jupyterhub/jupyterhub jupyterhub
|
docker run -d -p 8000:8000 --name jupyterhub jupyterhub/jupyterhub jupyterhub
|
||||||
|
|
||||||
This command will create a container named ``jupyterhub`` that you can
|
This command will create a container named ``jupyterhub`` that you can
|
||||||
**stop and resume** with ``docker stop/start``.
|
**stop and resume** with ``docker stop/start``.
|
||||||
@@ -37,7 +37,7 @@ If you want to run docker on a computer that has a public IP then you should
|
|||||||
(as in MUST) **secure it with ssl** by adding ssl options to your docker
|
(as in MUST) **secure it with ssl** by adding ssl options to your docker
|
||||||
configuration or using a ssl enabled proxy.
|
configuration or using a ssl enabled proxy.
|
||||||
|
|
||||||
`Mounting volumes <https://docs.docker.com/engine/userguide/containers/dockervolumes/>`_
|
`Mounting volumes <https://docs.docker.com/engine/admin/volumes/volumes/>`_
|
||||||
will allow you to store data outside the docker image (host system) so it will
|
will allow you to store data outside the docker image (host system) so it will
|
||||||
be persistent, even when you start a new image.
|
be persistent, even when you start a new image.
|
||||||
|
|
||||||
|
@@ -5,20 +5,27 @@
|
|||||||
Before installing JupyterHub, you will need:
|
Before installing JupyterHub, you will need:
|
||||||
|
|
||||||
- a Linux/Unix based system
|
- a Linux/Unix based system
|
||||||
- [Python](https://www.python.org/downloads/) 3.4 or greater. An understanding
|
- [Python](https://www.python.org/downloads/) 3.5 or greater. An understanding
|
||||||
of using [`pip`](https://pip.pypa.io/en/stable/) or
|
of using [`pip`](https://pip.pypa.io/en/stable/) or
|
||||||
[`conda`](https://conda.io/docs/get-started.html) for
|
[`conda`](https://conda.io/docs/get-started.html) for
|
||||||
installing Python packages is helpful.
|
installing Python packages is helpful.
|
||||||
- [nodejs/npm](https://www.npmjs.com/). [Install nodejs/npm](https://docs.npmjs.com/getting-started/installing-node),
|
- [nodejs/npm](https://www.npmjs.com/). [Install nodejs/npm](https://docs.npmjs.com/getting-started/installing-node),
|
||||||
using your operating system's package manager. For example, install on Linux
|
using your operating system's package manager.
|
||||||
Debian/Ubuntu using:
|
|
||||||
|
|
||||||
```bash
|
* If you are using **`conda`**, the nodejs and npm dependencies will be installed for
|
||||||
sudo apt-get install npm nodejs-legacy
|
you by conda.
|
||||||
```
|
|
||||||
|
* If you are using **`pip`**, install a recent version of
|
||||||
|
[nodejs/npm](https://docs.npmjs.com/getting-started/installing-node).
|
||||||
|
For example, install it on Linux (Debian/Ubuntu) using:
|
||||||
|
|
||||||
|
```
|
||||||
|
sudo apt-get install npm nodejs-legacy
|
||||||
|
```
|
||||||
|
|
||||||
|
The `nodejs-legacy` package installs the `node` executable and is currently
|
||||||
|
required for npm to work on Debian/Ubuntu.
|
||||||
|
|
||||||
The `nodejs-legacy` package installs the `node` executable and is currently
|
|
||||||
required for `npm` to work on Debian/Ubuntu.
|
|
||||||
- TLS certificate and key for HTTPS communication
|
- TLS certificate and key for HTTPS communication
|
||||||
- Domain name
|
- Domain name
|
||||||
|
|
||||||
|
@@ -5,8 +5,8 @@ Hub and single user notebook servers.
|
|||||||
|
|
||||||
## The default PAM Authenticator
|
## The default PAM Authenticator
|
||||||
|
|
||||||
JupyterHub ships only with the default [PAM][]-based Authenticator,
|
JupyterHub ships with the default [PAM][]-based Authenticator, for
|
||||||
for logging in with local user accounts via a username and password.
|
logging in with local user accounts via a username and password.
|
||||||
|
|
||||||
## The OAuthenticator
|
## The OAuthenticator
|
||||||
|
|
||||||
@@ -34,10 +34,17 @@ popular services:
|
|||||||
A generic implementation, which you can use for OAuth authentication
|
A generic implementation, which you can use for OAuth authentication
|
||||||
with any provider, is also available.
|
with any provider, is also available.
|
||||||
|
|
||||||
|
## The Dummy Authenticator
|
||||||
|
|
||||||
|
When testing, it may be helpful to use the
|
||||||
|
:class:`~jupyterhub.auth.DummyAuthenticator`. This allows for any username and
|
||||||
|
password unless if a global password has been set. Once set, any username will
|
||||||
|
still be accepted but the correct password will need to be provided.
|
||||||
|
|
||||||
## Additional Authenticators
|
## Additional Authenticators
|
||||||
|
|
||||||
- ldapauthenticator for LDAP
|
A partial list of other authenticators is available on the
|
||||||
- tmpauthenticator for temporary accounts
|
[JupyterHub wiki](https://github.com/jupyterhub/jupyterhub/wiki/Authenticators).
|
||||||
|
|
||||||
## Technical Overview of Authentication
|
## Technical Overview of Authentication
|
||||||
|
|
||||||
@@ -68,7 +75,6 @@ Writing an Authenticator that looks up passwords in a dictionary
|
|||||||
requires only overriding this one method:
|
requires only overriding this one method:
|
||||||
|
|
||||||
```python
|
```python
|
||||||
from tornado import gen
|
|
||||||
from IPython.utils.traitlets import Dict
|
from IPython.utils.traitlets import Dict
|
||||||
from jupyterhub.auth import Authenticator
|
from jupyterhub.auth import Authenticator
|
||||||
|
|
||||||
@@ -78,12 +84,12 @@ class DictionaryAuthenticator(Authenticator):
|
|||||||
help="""dict of username:password for authentication"""
|
help="""dict of username:password for authentication"""
|
||||||
)
|
)
|
||||||
|
|
||||||
@gen.coroutine
|
async def authenticate(self, handler, data):
|
||||||
def authenticate(self, handler, data):
|
|
||||||
if self.passwords.get(data['username']) == data['password']:
|
if self.passwords.get(data['username']) == data['password']:
|
||||||
return data['username']
|
return data['username']
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
#### Normalize usernames
|
#### Normalize usernames
|
||||||
|
|
||||||
Since the Authenticator and Spawner both use the same username,
|
Since the Authenticator and Spawner both use the same username,
|
||||||
@@ -100,6 +106,16 @@ c.Authenticator.username_map = {
|
|||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
When using `PAMAuthenticator`, you can set
|
||||||
|
`c.PAMAuthenticator.pam_normalize_username = True`, which will
|
||||||
|
normalize usernames using PAM (basically round-tripping them: username
|
||||||
|
to uid to username), which is useful in case you use some external
|
||||||
|
service that allows multiple usernames mapping to the same user (such
|
||||||
|
as ActiveDirectory, yes, this really happens). When
|
||||||
|
`pam_normalize_username` is on, usernames are *not* normalized to
|
||||||
|
lowercase.
|
||||||
|
|
||||||
|
|
||||||
#### Validate usernames
|
#### Validate usernames
|
||||||
|
|
||||||
In most cases, there is a very limited set of acceptable usernames.
|
In most cases, there is a very limited set of acceptable usernames.
|
||||||
@@ -116,6 +132,7 @@ To only allow usernames that start with 'w':
|
|||||||
c.Authenticator.username_pattern = r'w.*'
|
c.Authenticator.username_pattern = r'w.*'
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
### How to write a custom authenticator
|
### How to write a custom authenticator
|
||||||
|
|
||||||
You can use custom Authenticator subclasses to enable authentication
|
You can use custom Authenticator subclasses to enable authentication
|
||||||
@@ -123,12 +140,129 @@ via other mechanisms. One such example is using [GitHub OAuth][].
|
|||||||
|
|
||||||
Because the username is passed from the Authenticator to the Spawner,
|
Because the username is passed from the Authenticator to the Spawner,
|
||||||
a custom Authenticator and Spawner are often used together.
|
a custom Authenticator and Spawner are often used together.
|
||||||
|
For example, the Authenticator methods, [pre_spawn_start(user, spawner)][]
|
||||||
|
and [post_spawn_stop(user, spawner)][], are hooks that can be used to do
|
||||||
|
auth-related startup (e.g. opening PAM sessions) and cleanup
|
||||||
|
(e.g. closing PAM sessions).
|
||||||
|
|
||||||
|
|
||||||
See a list of custom Authenticators [on the wiki](https://github.com/jupyterhub/jupyterhub/wiki/Authenticators).
|
See a list of custom Authenticators [on the wiki](https://github.com/jupyterhub/jupyterhub/wiki/Authenticators).
|
||||||
|
|
||||||
If you are interested in writing a custom authenticator, you can read
|
If you are interested in writing a custom authenticator, you can read
|
||||||
[this tutorial](http://jupyterhub-tutorial.readthedocs.io/en/latest/authenticators.html).
|
[this tutorial](http://jupyterhub-tutorial.readthedocs.io/en/latest/authenticators.html).
|
||||||
|
|
||||||
|
### Registering custom Authenticators via entry points
|
||||||
|
|
||||||
|
As of JupyterHub 1.0, custom authenticators can register themselves via
|
||||||
|
the `jupyterhub.authenticators` entry point metadata.
|
||||||
|
To do this, in your `setup.py` add:
|
||||||
|
|
||||||
|
```python
|
||||||
|
setup(
|
||||||
|
...
|
||||||
|
entry_points={
|
||||||
|
'jupyterhub.authenticators': [
|
||||||
|
'myservice = mypackage:MyAuthenticator',
|
||||||
|
],
|
||||||
|
},
|
||||||
|
)
|
||||||
|
```
|
||||||
|
|
||||||
|
If you have added this metadata to your package,
|
||||||
|
users can select your authenticator with the configuration:
|
||||||
|
|
||||||
|
```python
|
||||||
|
c.JupyterHub.authenticator_class = 'myservice'
|
||||||
|
```
|
||||||
|
|
||||||
|
instead of the full
|
||||||
|
|
||||||
|
```python
|
||||||
|
c.JupyterHub.authenticator_class = 'mypackage:MyAuthenticator'
|
||||||
|
```
|
||||||
|
|
||||||
|
previously required.
|
||||||
|
Additionally, configurable attributes for your authenticator will
|
||||||
|
appear in jupyterhub help output and auto-generated configuration files
|
||||||
|
via `jupyterhub --generate-config`.
|
||||||
|
|
||||||
|
|
||||||
|
### Authentication state
|
||||||
|
|
||||||
|
JupyterHub 0.8 adds the ability to persist state related to authentication,
|
||||||
|
such as auth-related tokens.
|
||||||
|
If such state should be persisted, `.authenticate()` should return a dictionary of the form:
|
||||||
|
|
||||||
|
```python
|
||||||
|
{
|
||||||
|
'name': username,
|
||||||
|
'auth_state': {
|
||||||
|
'key': 'value',
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
where `username` is the username that has been authenticated,
|
||||||
|
and `auth_state` is any JSON-serializable dictionary.
|
||||||
|
|
||||||
|
Because `auth_state` may contain sensitive information,
|
||||||
|
it is encrypted before being stored in the database.
|
||||||
|
To store auth_state, two conditions must be met:
|
||||||
|
|
||||||
|
1. persisting auth state must be enabled explicitly via configuration
|
||||||
|
```python
|
||||||
|
c.Authenticator.enable_auth_state = True
|
||||||
|
```
|
||||||
|
2. encryption must be enabled by the presence of `JUPYTERHUB_CRYPT_KEY` environment variable,
|
||||||
|
which should be a hex-encoded 32-byte key.
|
||||||
|
For example:
|
||||||
|
```bash
|
||||||
|
export JUPYTERHUB_CRYPT_KEY=$(openssl rand -hex 32)
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
JupyterHub uses [Fernet](https://cryptography.io/en/latest/fernet/) to encrypt auth_state.
|
||||||
|
To facilitate key-rotation, `JUPYTERHUB_CRYPT_KEY` may be a semicolon-separated list of encryption keys.
|
||||||
|
If there are multiple keys present, the **first** key is always used to persist any new auth_state.
|
||||||
|
|
||||||
|
|
||||||
|
#### Using auth_state
|
||||||
|
|
||||||
|
Typically, if `auth_state` is persisted it is desirable to affect the Spawner environment in some way.
|
||||||
|
This may mean defining environment variables, placing certificate in the user's home directory, etc.
|
||||||
|
The `Authenticator.pre_spawn_start` method can be used to pass information from authenticator state
|
||||||
|
to Spawner environment:
|
||||||
|
|
||||||
|
```python
|
||||||
|
class MyAuthenticator(Authenticator):
|
||||||
|
@gen.coroutine
|
||||||
|
def authenticate(self, handler, data=None):
|
||||||
|
username = yield identify_user(handler, data)
|
||||||
|
upstream_token = yield token_for_user(username)
|
||||||
|
return {
|
||||||
|
'name': username,
|
||||||
|
'auth_state': {
|
||||||
|
'upstream_token': upstream_token,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
@gen.coroutine
|
||||||
|
def pre_spawn_start(self, user, spawner):
|
||||||
|
"""Pass upstream_token to spawner via environment variable"""
|
||||||
|
auth_state = yield user.get_auth_state()
|
||||||
|
if not auth_state:
|
||||||
|
# auth_state not enabled
|
||||||
|
return
|
||||||
|
spawner.environment['UPSTREAM_TOKEN'] = auth_state['upstream_token']
|
||||||
|
```
|
||||||
|
|
||||||
|
## pre_spawn_start and post_spawn_stop hooks
|
||||||
|
|
||||||
|
Authenticators uses two hooks, [pre_spawn_start(user, spawner)][] and
|
||||||
|
[post_spawn_stop(user, spawner)][] to add pass additional state information
|
||||||
|
between the authenticator and a spawner. These hooks are typically used auth-related
|
||||||
|
startup, i.e. opening a PAM session, and auth-related cleanup, i.e. closing a
|
||||||
|
PAM session.
|
||||||
|
|
||||||
## JupyterHub as an OAuth provider
|
## JupyterHub as an OAuth provider
|
||||||
|
|
||||||
@@ -140,3 +274,5 @@ Beginning with version 0.8, JupyterHub is an OAuth provider.
|
|||||||
[OAuth]: https://en.wikipedia.org/wiki/OAuth
|
[OAuth]: https://en.wikipedia.org/wiki/OAuth
|
||||||
[GitHub OAuth]: https://developer.github.com/v3/oauth/
|
[GitHub OAuth]: https://developer.github.com/v3/oauth/
|
||||||
[OAuthenticator]: https://github.com/jupyterhub/oauthenticator
|
[OAuthenticator]: https://github.com/jupyterhub/oauthenticator
|
||||||
|
[pre_spawn_start(user, spawner)]: https://jupyterhub.readthedocs.io/en/latest/api/auth.html#jupyterhub.auth.Authenticator.pre_spawn_start
|
||||||
|
[post_spawn_stop(user, spawner)]: https://jupyterhub.readthedocs.io/en/latest/api/auth.html#jupyterhub.auth.Authenticator.post_spawn_stop
|
||||||
|
@@ -1,209 +1,8 @@
|
|||||||
# Configuration examples
|
# Configuration examples
|
||||||
|
|
||||||
This section provides examples, including configuration files and tips, for the
|
The following sections provide examples, including configuration files and tips, for the
|
||||||
following configurations:
|
following:
|
||||||
|
|
||||||
- Using GitHub OAuth
|
- Configuring GitHub OAuth
|
||||||
- Using nginx reverse proxy
|
- Using reverse proxy (nginx and Apache)
|
||||||
|
- Run JupyterHub without root privileges using `sudo`
|
||||||
## Using GitHub OAuth
|
|
||||||
|
|
||||||
In this example, we show a configuration file for a fairly standard JupyterHub
|
|
||||||
deployment with the following assumptions:
|
|
||||||
|
|
||||||
* Running JupyterHub on a single cloud server
|
|
||||||
* Using SSL on the standard HTTPS port 443
|
|
||||||
* Using GitHub OAuth (using oauthenticator) for login
|
|
||||||
* Users exist locally on the server
|
|
||||||
* Users' notebooks to be served from `~/assignments` to allow users to browse
|
|
||||||
for notebooks within other users' home directories
|
|
||||||
* You want the landing page for each user to be a `Welcome.ipynb` notebook in
|
|
||||||
their assignments directory.
|
|
||||||
* All runtime files are put into `/srv/jupyterhub` and log files in `/var/log`.
|
|
||||||
|
|
||||||
The `jupyterhub_config.py` file would have these settings:
|
|
||||||
|
|
||||||
```python
|
|
||||||
# jupyterhub_config.py file
|
|
||||||
c = get_config()
|
|
||||||
|
|
||||||
import os
|
|
||||||
pjoin = os.path.join
|
|
||||||
|
|
||||||
runtime_dir = os.path.join('/srv/jupyterhub')
|
|
||||||
ssl_dir = pjoin(runtime_dir, 'ssl')
|
|
||||||
if not os.path.exists(ssl_dir):
|
|
||||||
os.makedirs(ssl_dir)
|
|
||||||
|
|
||||||
# Allows multiple single-server per user
|
|
||||||
c.JupyterHub.allow_named_servers = True
|
|
||||||
|
|
||||||
# https on :443
|
|
||||||
c.JupyterHub.port = 443
|
|
||||||
c.JupyterHub.ssl_key = pjoin(ssl_dir, 'ssl.key')
|
|
||||||
c.JupyterHub.ssl_cert = pjoin(ssl_dir, 'ssl.cert')
|
|
||||||
|
|
||||||
# put the JupyterHub cookie secret and state db
|
|
||||||
# in /var/run/jupyterhub
|
|
||||||
c.JupyterHub.cookie_secret_file = pjoin(runtime_dir, 'cookie_secret')
|
|
||||||
c.JupyterHub.db_url = pjoin(runtime_dir, 'jupyterhub.sqlite')
|
|
||||||
# or `--db=/path/to/jupyterhub.sqlite` on the command-line
|
|
||||||
|
|
||||||
# use GitHub OAuthenticator for local users
|
|
||||||
c.JupyterHub.authenticator_class = 'oauthenticator.LocalGitHubOAuthenticator'
|
|
||||||
c.GitHubOAuthenticator.oauth_callback_url = os.environ['OAUTH_CALLBACK_URL']
|
|
||||||
|
|
||||||
# create system users that don't exist yet
|
|
||||||
c.LocalAuthenticator.create_system_users = True
|
|
||||||
|
|
||||||
# specify users and admin
|
|
||||||
c.Authenticator.whitelist = {'rgbkrk', 'minrk', 'jhamrick'}
|
|
||||||
c.Authenticator.admin_users = {'jhamrick', 'rgbkrk'}
|
|
||||||
|
|
||||||
# start single-user notebook servers in ~/assignments,
|
|
||||||
# with ~/assignments/Welcome.ipynb as the default landing page
|
|
||||||
# this config could also be put in
|
|
||||||
# /etc/jupyter/jupyter_notebook_config.py
|
|
||||||
c.Spawner.notebook_dir = '~/assignments'
|
|
||||||
c.Spawner.args = ['--NotebookApp.default_url=/notebooks/Welcome.ipynb']
|
|
||||||
```
|
|
||||||
|
|
||||||
Using the GitHub Authenticator requires a few additional
|
|
||||||
environment variable to be set prior to launching JupyterHub:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
export GITHUB_CLIENT_ID=github_id
|
|
||||||
export GITHUB_CLIENT_SECRET=github_secret
|
|
||||||
export OAUTH_CALLBACK_URL=https://example.com/hub/oauth_callback
|
|
||||||
export CONFIGPROXY_AUTH_TOKEN=super-secret
|
|
||||||
# append log output to log file /var/log/jupyterhub.log
|
|
||||||
jupyterhub -f /etc/jupyterhub/jupyterhub_config.py &>> /var/log/jupyterhub.log
|
|
||||||
```
|
|
||||||
|
|
||||||
## Using nginx reverse proxy
|
|
||||||
|
|
||||||
In the following example, we show configuration files for a JupyterHub server
|
|
||||||
running locally on port `8000` but accessible from the outside on the standard
|
|
||||||
SSL port `443`. This could be useful if the JupyterHub server machine is also
|
|
||||||
hosting other domains or content on `443`. The goal in this example is to
|
|
||||||
satisfy the following:
|
|
||||||
|
|
||||||
* JupyterHub is running on a server, accessed *only* via `HUB.DOMAIN.TLD:443`
|
|
||||||
* On the same machine, `NO_HUB.DOMAIN.TLD` strictly serves different content,
|
|
||||||
also on port `443`
|
|
||||||
* `nginx` is used to manage the web servers / reverse proxy (which means that
|
|
||||||
only nginx will be able to bind two servers to `443`)
|
|
||||||
* After testing, the server in question should be able to score an A+ on the
|
|
||||||
Qualys SSL Labs [SSL Server Test](https://www.ssllabs.com/ssltest/)
|
|
||||||
|
|
||||||
Let's start out with needed JupyterHub configuration in `jupyterhub_config.py`:
|
|
||||||
|
|
||||||
```python
|
|
||||||
# Force the proxy to only listen to connections to 127.0.0.1
|
|
||||||
c.JupyterHub.ip = '127.0.0.1'
|
|
||||||
```
|
|
||||||
|
|
||||||
The **`nginx` server config file** is fairly standard fare except for the two
|
|
||||||
`location` blocks within the `HUB.DOMAIN.TLD` config file:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
# HTTP server to redirect all 80 traffic to SSL/HTTPS
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
server_name HUB.DOMAIN.TLD;
|
|
||||||
|
|
||||||
# Tell all requests to port 80 to be 302 redirected to HTTPS
|
|
||||||
return 302 https://$host$request_uri;
|
|
||||||
}
|
|
||||||
|
|
||||||
# HTTPS server to handle JupyterHub
|
|
||||||
server {
|
|
||||||
listen 443;
|
|
||||||
ssl on;
|
|
||||||
|
|
||||||
server_name HUB.DOMAIN.TLD;
|
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/HUB.DOMAIN.TLD/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/letsencrypt/live/HUB.DOMAIN.TLD/privkey.pem;
|
|
||||||
|
|
||||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
||||||
ssl_prefer_server_ciphers on;
|
|
||||||
ssl_dhparam /etc/ssl/certs/dhparam.pem;
|
|
||||||
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
|
|
||||||
ssl_session_timeout 1d;
|
|
||||||
ssl_session_cache shared:SSL:50m;
|
|
||||||
ssl_stapling on;
|
|
||||||
ssl_stapling_verify on;
|
|
||||||
add_header Strict-Transport-Security max-age=15768000;
|
|
||||||
|
|
||||||
# Managing literal requests to the JupyterHub front end
|
|
||||||
location / {
|
|
||||||
proxy_pass https://127.0.0.1:8000;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Managing WebHook/Socket requests between hub user servers and external proxy
|
|
||||||
location ~* /(api/kernels/[^/]+/(channels|iopub|shell|stdin)|terminals/websocket)/? {
|
|
||||||
proxy_pass https://127.0.0.1:8000;
|
|
||||||
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
# WebSocket support
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection $connection_upgrade;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
# Managing requests to verify letsencrypt host
|
|
||||||
location ~ /.well-known {
|
|
||||||
allow all;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
`nginx` will now be the front facing element of JupyterHub on `443` which means
|
|
||||||
it is also free to bind other servers, like `NO_HUB.DOMAIN.TLD` to the same port
|
|
||||||
on the same machine and network interface. In fact, one can simply use the same
|
|
||||||
server blocks as above for `NO_HUB` and simply add line for the root directory
|
|
||||||
of the site as well as the applicable location call:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
server_name NO_HUB.DOMAIN.TLD;
|
|
||||||
|
|
||||||
# Tell all requests to port 80 to be 302 redirected to HTTPS
|
|
||||||
return 302 https://$host$request_uri;
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443;
|
|
||||||
ssl on;
|
|
||||||
|
|
||||||
# INSERT OTHER SSL PARAMETERS HERE AS ABOVE
|
|
||||||
|
|
||||||
# Set the appropriate root directory
|
|
||||||
root /var/www/html
|
|
||||||
|
|
||||||
# Set URI handling
|
|
||||||
location / {
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Managing requests to verify letsencrypt host
|
|
||||||
location ~ /.well-known {
|
|
||||||
allow all;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
Now just restart `nginx`, restart the JupyterHub, and enjoy accessing
|
|
||||||
`https://HUB.DOMAIN.TLD` while serving other content securely on
|
|
||||||
`https://NO_HUB.DOMAIN.TLD`.
|
|
||||||
|
82
docs/source/reference/config-ghoauth.md
Normal file
@@ -0,0 +1,82 @@
|
|||||||
|
# Configure GitHub OAuth
|
||||||
|
|
||||||
|
In this example, we show a configuration file for a fairly standard JupyterHub
|
||||||
|
deployment with the following assumptions:
|
||||||
|
|
||||||
|
* Running JupyterHub on a single cloud server
|
||||||
|
* Using SSL on the standard HTTPS port 443
|
||||||
|
* Using GitHub OAuth (using oauthenticator) for login
|
||||||
|
* Using the default spawner (to configure other spawners, uncomment and edit
|
||||||
|
`spawner_class` as well as follow the instructions for your desired spawner)
|
||||||
|
* Users exist locally on the server
|
||||||
|
* Users' notebooks to be served from `~/assignments` to allow users to browse
|
||||||
|
for notebooks within other users' home directories
|
||||||
|
* You want the landing page for each user to be a `Welcome.ipynb` notebook in
|
||||||
|
their assignments directory.
|
||||||
|
* All runtime files are put into `/srv/jupyterhub` and log files in `/var/log`.
|
||||||
|
|
||||||
|
|
||||||
|
The `jupyterhub_config.py` file would have these settings:
|
||||||
|
|
||||||
|
```python
|
||||||
|
# jupyterhub_config.py file
|
||||||
|
c = get_config()
|
||||||
|
|
||||||
|
import os
|
||||||
|
pjoin = os.path.join
|
||||||
|
|
||||||
|
runtime_dir = os.path.join('/srv/jupyterhub')
|
||||||
|
ssl_dir = pjoin(runtime_dir, 'ssl')
|
||||||
|
if not os.path.exists(ssl_dir):
|
||||||
|
os.makedirs(ssl_dir)
|
||||||
|
|
||||||
|
# Allows multiple single-server per user
|
||||||
|
c.JupyterHub.allow_named_servers = True
|
||||||
|
|
||||||
|
# https on :443
|
||||||
|
c.JupyterHub.port = 443
|
||||||
|
c.JupyterHub.ssl_key = pjoin(ssl_dir, 'ssl.key')
|
||||||
|
c.JupyterHub.ssl_cert = pjoin(ssl_dir, 'ssl.cert')
|
||||||
|
|
||||||
|
# put the JupyterHub cookie secret and state db
|
||||||
|
# in /var/run/jupyterhub
|
||||||
|
c.JupyterHub.cookie_secret_file = pjoin(runtime_dir, 'cookie_secret')
|
||||||
|
c.JupyterHub.db_url = pjoin(runtime_dir, 'jupyterhub.sqlite')
|
||||||
|
# or `--db=/path/to/jupyterhub.sqlite` on the command-line
|
||||||
|
|
||||||
|
# use GitHub OAuthenticator for local users
|
||||||
|
c.JupyterHub.authenticator_class = 'oauthenticator.LocalGitHubOAuthenticator'
|
||||||
|
c.GitHubOAuthenticator.oauth_callback_url = os.environ['OAUTH_CALLBACK_URL']
|
||||||
|
|
||||||
|
# create system users that don't exist yet
|
||||||
|
c.LocalAuthenticator.create_system_users = True
|
||||||
|
|
||||||
|
# specify users and admin
|
||||||
|
c.Authenticator.whitelist = {'rgbkrk', 'minrk', 'jhamrick'}
|
||||||
|
c.Authenticator.admin_users = {'jhamrick', 'rgbkrk'}
|
||||||
|
|
||||||
|
# uses the default spawner
|
||||||
|
# To use a different spawner, uncomment `spawner_class` and set to desired
|
||||||
|
# spawner (e.g. SudoSpawner). Follow instructions for desired spawner
|
||||||
|
# configuration.
|
||||||
|
# c.JupyterHub.spawner_class = 'sudospawner.SudoSpawner'
|
||||||
|
|
||||||
|
# start single-user notebook servers in ~/assignments,
|
||||||
|
# with ~/assignments/Welcome.ipynb as the default landing page
|
||||||
|
# this config could also be put in
|
||||||
|
# /etc/jupyter/jupyter_notebook_config.py
|
||||||
|
c.Spawner.notebook_dir = '~/assignments'
|
||||||
|
c.Spawner.args = ['--NotebookApp.default_url=/notebooks/Welcome.ipynb']
|
||||||
|
```
|
||||||
|
|
||||||
|
Using the GitHub Authenticator requires a few additional
|
||||||
|
environment variable to be set prior to launching JupyterHub:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
export GITHUB_CLIENT_ID=github_id
|
||||||
|
export GITHUB_CLIENT_SECRET=github_secret
|
||||||
|
export OAUTH_CALLBACK_URL=https://example.com/hub/oauth_callback
|
||||||
|
export CONFIGPROXY_AUTH_TOKEN=super-secret
|
||||||
|
# append log output to log file /var/log/jupyterhub.log
|
||||||
|
jupyterhub -f /etc/jupyterhub/jupyterhub_config.py &>> /var/log/jupyterhub.log
|
||||||
|
```
|
212
docs/source/reference/config-proxy.md
Normal file
@@ -0,0 +1,212 @@
|
|||||||
|
# Using a reverse proxy
|
||||||
|
|
||||||
|
In the following example, we show configuration files for a JupyterHub server
|
||||||
|
running locally on port `8000` but accessible from the outside on the standard
|
||||||
|
SSL port `443`. This could be useful if the JupyterHub server machine is also
|
||||||
|
hosting other domains or content on `443`. The goal in this example is to
|
||||||
|
satisfy the following:
|
||||||
|
|
||||||
|
* JupyterHub is running on a server, accessed *only* via `HUB.DOMAIN.TLD:443`
|
||||||
|
* On the same machine, `NO_HUB.DOMAIN.TLD` strictly serves different content,
|
||||||
|
also on port `443`
|
||||||
|
* `nginx` or `apache` is used as the public access point (which means that
|
||||||
|
only nginx/apache will bind to `443`)
|
||||||
|
* After testing, the server in question should be able to score at least an A on the
|
||||||
|
Qualys SSL Labs [SSL Server Test](https://www.ssllabs.com/ssltest/)
|
||||||
|
|
||||||
|
Let's start out with needed JupyterHub configuration in `jupyterhub_config.py`:
|
||||||
|
|
||||||
|
```python
|
||||||
|
# Force the proxy to only listen to connections to 127.0.0.1
|
||||||
|
c.JupyterHub.ip = '127.0.0.1'
|
||||||
|
```
|
||||||
|
|
||||||
|
For high-quality SSL configuration, we also generate Diffie-Helman parameters.
|
||||||
|
This can take a few minutes:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
|
||||||
|
```
|
||||||
|
|
||||||
|
## nginx
|
||||||
|
|
||||||
|
This **`nginx` config file** is fairly standard fare except for the two
|
||||||
|
`location` blocks within the main section for HUB.DOMAIN.tld.
|
||||||
|
To create a new site for jupyterhub in your nginx config, make a new file
|
||||||
|
in `sites.enabled`, e.g. `/etc/nginx/sites.enabled/jupyterhub.conf`:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# top-level http config for websocket headers
|
||||||
|
# If Upgrade is defined, Connection = upgrade
|
||||||
|
# If Upgrade is empty, Connection = close
|
||||||
|
map $http_upgrade $connection_upgrade {
|
||||||
|
default upgrade;
|
||||||
|
'' close;
|
||||||
|
}
|
||||||
|
|
||||||
|
# HTTP server to redirect all 80 traffic to SSL/HTTPS
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name HUB.DOMAIN.TLD;
|
||||||
|
|
||||||
|
# Tell all requests to port 80 to be 302 redirected to HTTPS
|
||||||
|
return 302 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
# HTTPS server to handle JupyterHub
|
||||||
|
server {
|
||||||
|
listen 443;
|
||||||
|
ssl on;
|
||||||
|
|
||||||
|
server_name HUB.DOMAIN.TLD;
|
||||||
|
|
||||||
|
ssl_certificate /etc/letsencrypt/live/HUB.DOMAIN.TLD/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/HUB.DOMAIN.TLD/privkey.pem;
|
||||||
|
|
||||||
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
ssl_dhparam /etc/ssl/certs/dhparam.pem;
|
||||||
|
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
|
||||||
|
ssl_session_timeout 1d;
|
||||||
|
ssl_session_cache shared:SSL:50m;
|
||||||
|
ssl_stapling on;
|
||||||
|
ssl_stapling_verify on;
|
||||||
|
add_header Strict-Transport-Security max-age=15768000;
|
||||||
|
|
||||||
|
# Managing literal requests to the JupyterHub front end
|
||||||
|
location / {
|
||||||
|
proxy_pass http://127.0.0.1:8000;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
|
||||||
|
# websocket headers
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection $connection_upgrade;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Managing requests to verify letsencrypt host
|
||||||
|
location ~ /.well-known {
|
||||||
|
allow all;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
If `nginx` is not running on port 443, substitute `$http_host` for `$host` on
|
||||||
|
the lines setting the `Host` header.
|
||||||
|
|
||||||
|
`nginx` will now be the front facing element of JupyterHub on `443` which means
|
||||||
|
it is also free to bind other servers, like `NO_HUB.DOMAIN.TLD` to the same port
|
||||||
|
on the same machine and network interface. In fact, one can simply use the same
|
||||||
|
server blocks as above for `NO_HUB` and simply add line for the root directory
|
||||||
|
of the site as well as the applicable location call:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name NO_HUB.DOMAIN.TLD;
|
||||||
|
|
||||||
|
# Tell all requests to port 80 to be 302 redirected to HTTPS
|
||||||
|
return 302 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443;
|
||||||
|
ssl on;
|
||||||
|
|
||||||
|
# INSERT OTHER SSL PARAMETERS HERE AS ABOVE
|
||||||
|
# SSL cert may differ
|
||||||
|
|
||||||
|
# Set the appropriate root directory
|
||||||
|
root /var/www/html
|
||||||
|
|
||||||
|
# Set URI handling
|
||||||
|
location / {
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Managing requests to verify letsencrypt host
|
||||||
|
location ~ /.well-known {
|
||||||
|
allow all;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
Now restart `nginx`, restart the JupyterHub, and enjoy accessing
|
||||||
|
`https://HUB.DOMAIN.TLD` while serving other content securely on
|
||||||
|
`https://NO_HUB.DOMAIN.TLD`.
|
||||||
|
|
||||||
|
|
||||||
|
## Apache
|
||||||
|
|
||||||
|
As with nginx above, you can use [Apache](https://httpd.apache.org) as the reverse proxy.
|
||||||
|
First, we will need to enable the apache modules that we are going to need:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
a2enmod ssl rewrite proxy proxy_http proxy_wstunnel
|
||||||
|
```
|
||||||
|
|
||||||
|
Our Apache configuration is equivalent to the nginx configuration above:
|
||||||
|
|
||||||
|
- Redirect HTTP to HTTPS
|
||||||
|
- Good SSL Configuration
|
||||||
|
- Support for websockets on any proxied URL
|
||||||
|
- JupyterHub is running locally at http://127.0.0.1:8000
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# redirect HTTP to HTTPS
|
||||||
|
Listen 80
|
||||||
|
<VirtualHost HUB.DOMAIN.TLD:80>
|
||||||
|
ServerName HUB.DOMAIN.TLD
|
||||||
|
Redirect / https://HUB.DOMAIN.TLD/
|
||||||
|
</VirtualHost>
|
||||||
|
|
||||||
|
Listen 443
|
||||||
|
<VirtualHost HUB.DOMAIN.TLD:443>
|
||||||
|
|
||||||
|
ServerName HUB.DOMAIN.TLD
|
||||||
|
|
||||||
|
# configure SSL
|
||||||
|
SSLEngine on
|
||||||
|
SSLCertificateFile /etc/letsencrypt/live/HUB.DOMAIN.TLD/fullchain.pem
|
||||||
|
SSLCertificateKeyFile /etc/letsencrypt/live/HUB.DOMAIN.TLD/privkey.pem
|
||||||
|
SSLProtocol All -SSLv2 -SSLv3
|
||||||
|
SSLOpenSSLConfCmd DHParameters /etc/ssl/certs/dhparam.pem
|
||||||
|
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
|
||||||
|
|
||||||
|
# Use RewriteEngine to handle websocket connection upgrades
|
||||||
|
RewriteEngine On
|
||||||
|
RewriteCond %{HTTP:Connection} Upgrade [NC]
|
||||||
|
RewriteCond %{HTTP:Upgrade} websocket [NC]
|
||||||
|
RewriteRule /(.*) ws://127.0.0.1:8000/$1 [P,L]
|
||||||
|
|
||||||
|
<Location "/">
|
||||||
|
# preserve Host header to avoid cross-origin problems
|
||||||
|
ProxyPreserveHost on
|
||||||
|
# proxy to JupyterHub
|
||||||
|
ProxyPass http://127.0.0.1:8000/
|
||||||
|
ProxyPassReverse http://127.0.0.1:8000/
|
||||||
|
</Location>
|
||||||
|
</VirtualHost>
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
In case of the need to run the jupyterhub under /jhub/ or other location please use the below configurations:
|
||||||
|
- JupyterHub running locally at http://127.0.0.1:8000/jhub/ or other location
|
||||||
|
|
||||||
|
httpd.conf amendments:
|
||||||
|
```bash
|
||||||
|
RewriteRule /jhub/(.*) ws://127.0.0.1:8000/jhub/$1 [P,L]
|
||||||
|
RewriteRule /jhub/(.*) http://127.0.0.1:8000/jhub/$1 [P,L]
|
||||||
|
|
||||||
|
ProxyPass /jhub/ http://127.0.0.1:8000/jhub/
|
||||||
|
ProxyPassReverse /jhub/ http://127.0.0.1:8000/jhub/
|
||||||
|
```
|
||||||
|
|
||||||
|
jupyterhub_config.py amendments:
|
||||||
|
```bash
|
||||||
|
--The public facing URL of the whole JupyterHub application.
|
||||||
|
--This is the address on which the proxy will bind. Sets protocol, ip, base_url
|
||||||
|
c.JupyterHub.bind_url = 'http://127.0.0.1:8000/jhub/'
|
||||||
|
```
|
254
docs/source/reference/config-sudo.md
Normal file
@@ -0,0 +1,254 @@
|
|||||||
|
# Run JupyterHub without root privileges using `sudo`
|
||||||
|
|
||||||
|
**Note:** Setting up `sudo` permissions involves many pieces of system
|
||||||
|
configuration. It is quite easy to get wrong and very difficult to debug.
|
||||||
|
Only do this if you are very sure you must.
|
||||||
|
|
||||||
|
## Overview
|
||||||
|
|
||||||
|
There are many Authenticators and Spawners available for JupyterHub. Some, such
|
||||||
|
as DockerSpawner or OAuthenticator, do not need any elevated permissions. This
|
||||||
|
document describes how to get the full default behavior of JupyterHub while
|
||||||
|
running notebook servers as real system users on a shared system without
|
||||||
|
running the Hub itself as root.
|
||||||
|
|
||||||
|
Since JupyterHub needs to spawn processes as other users, the simplest way
|
||||||
|
is to run it as root, spawning user servers with [setuid](http://linux.die.net/man/2/setuid).
|
||||||
|
But this isn't especially safe, because you have a process running on the
|
||||||
|
public web as root.
|
||||||
|
|
||||||
|
A **more prudent way** to run the server while preserving functionality is to
|
||||||
|
create a dedicated user with `sudo` access restricted to launching and
|
||||||
|
monitoring single-user servers.
|
||||||
|
|
||||||
|
## Create a user
|
||||||
|
|
||||||
|
To do this, first create a user that will run the Hub:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo useradd rhea
|
||||||
|
```
|
||||||
|
|
||||||
|
This user shouldn't have a login shell or password (possible with -r).
|
||||||
|
|
||||||
|
## Set up sudospawner
|
||||||
|
|
||||||
|
Next, you will need [sudospawner](https://github.com/jupyter/sudospawner)
|
||||||
|
to enable monitoring the single-user servers with sudo:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo python3 -m pip install sudospawner
|
||||||
|
```
|
||||||
|
|
||||||
|
Now we have to configure sudo to allow the Hub user (`rhea`) to launch
|
||||||
|
the sudospawner script on behalf of our hub users (here `zoe` and `wash`).
|
||||||
|
We want to confine these permissions to only what we really need.
|
||||||
|
|
||||||
|
## Edit `/etc/sudoers`
|
||||||
|
|
||||||
|
To do this we add to `/etc/sudoers` (use `visudo` for safe editing of sudoers):
|
||||||
|
|
||||||
|
- specify the list of users `JUPYTER_USERS` for whom `rhea` can spawn servers
|
||||||
|
- set the command `JUPYTER_CMD` that `rhea` can execute on behalf of users
|
||||||
|
- give `rhea` permission to run `JUPYTER_CMD` on behalf of `JUPYTER_USERS`
|
||||||
|
without entering a password
|
||||||
|
|
||||||
|
|
||||||
|
For example:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# comma-separated whitelist of users that can spawn single-user servers
|
||||||
|
# this should include all of your Hub users
|
||||||
|
Runas_Alias JUPYTER_USERS = rhea, zoe, wash
|
||||||
|
|
||||||
|
# the command(s) the Hub can run on behalf of the above users without needing a password
|
||||||
|
# the exact path may differ, depending on how sudospawner was installed
|
||||||
|
Cmnd_Alias JUPYTER_CMD = /usr/local/bin/sudospawner
|
||||||
|
|
||||||
|
# actually give the Hub user permission to run the above command on behalf
|
||||||
|
# of the above users without prompting for a password
|
||||||
|
rhea ALL=(JUPYTER_USERS) NOPASSWD:JUPYTER_CMD
|
||||||
|
```
|
||||||
|
|
||||||
|
It might be useful to modify `secure_path` to add commands in path.
|
||||||
|
|
||||||
|
As an alternative to adding every user to the `/etc/sudoers` file, you can
|
||||||
|
use a group in the last line above, instead of `JUPYTER_USERS`:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
rhea ALL=(%jupyterhub) NOPASSWD:JUPYTER_CMD
|
||||||
|
```
|
||||||
|
|
||||||
|
If the `jupyterhub` group exists, there will be no need to edit `/etc/sudoers`
|
||||||
|
again. A new user will gain access to the application when added to the group:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
$ adduser -G jupyterhub newuser
|
||||||
|
```
|
||||||
|
|
||||||
|
## Test `sudo` setup
|
||||||
|
|
||||||
|
Test that the new user doesn't need to enter a password to run the sudospawner
|
||||||
|
command.
|
||||||
|
|
||||||
|
This should prompt for your password to switch to rhea, but *not* prompt for
|
||||||
|
any password for the second switch. It should show some help output about
|
||||||
|
logging options:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
$ sudo -u rhea sudo -n -u $USER /usr/local/bin/sudospawner --help
|
||||||
|
Usage: /usr/local/bin/sudospawner [OPTIONS]
|
||||||
|
|
||||||
|
Options:
|
||||||
|
|
||||||
|
--help show this help information
|
||||||
|
...
|
||||||
|
```
|
||||||
|
|
||||||
|
And this should fail:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
$ sudo -u rhea sudo -n -u $USER echo 'fail'
|
||||||
|
sudo: a password is required
|
||||||
|
```
|
||||||
|
|
||||||
|
## Enable PAM for non-root
|
||||||
|
|
||||||
|
By default, [PAM authentication](http://en.wikipedia.org/wiki/Pluggable_authentication_module)
|
||||||
|
is used by JupyterHub. To use PAM, the process may need to be able to read
|
||||||
|
the shadow password database.
|
||||||
|
|
||||||
|
### Shadow group (Linux)
|
||||||
|
|
||||||
|
```bash
|
||||||
|
$ ls -l /etc/shadow
|
||||||
|
-rw-r----- 1 root shadow 2197 Jul 21 13:41 shadow
|
||||||
|
```
|
||||||
|
|
||||||
|
If there's already a shadow group, you are set. If its permissions are more like:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
$ ls -l /etc/shadow
|
||||||
|
-rw------- 1 root wheel 2197 Jul 21 13:41 shadow
|
||||||
|
```
|
||||||
|
|
||||||
|
Then you may want to add a shadow group, and make the shadow file group-readable:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
$ sudo groupadd shadow
|
||||||
|
$ sudo chgrp shadow /etc/shadow
|
||||||
|
$ sudo chmod g+r /etc/shadow
|
||||||
|
```
|
||||||
|
|
||||||
|
We want our new user to be able to read the shadow passwords, so add it to the shadow group:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
$ sudo usermod -a -G shadow rhea
|
||||||
|
```
|
||||||
|
|
||||||
|
If you want jupyterhub to serve pages on a restricted port (such as port 80 for http),
|
||||||
|
then you will need to give `node` permission to do so:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo setcap 'cap_net_bind_service=+ep' /usr/bin/node
|
||||||
|
```
|
||||||
|
However, you may want to further understand the consequences of this.
|
||||||
|
|
||||||
|
You may also be interested in limiting the amount of CPU any process can use
|
||||||
|
on your server. `cpulimit` is a useful tool that is available for many Linux
|
||||||
|
distributions' packaging system. This can be used to keep any user's process
|
||||||
|
from using too much CPU cycles. You can configure it accoring to [these
|
||||||
|
instructions](http://ubuntuforums.org/showthread.php?t=992706).
|
||||||
|
|
||||||
|
|
||||||
|
### Shadow group (FreeBSD)
|
||||||
|
|
||||||
|
**NOTE:** This has not been tested and may not work as expected.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
$ ls -l /etc/spwd.db /etc/master.passwd
|
||||||
|
-rw------- 1 root wheel 2516 Aug 22 13:35 /etc/master.passwd
|
||||||
|
-rw------- 1 root wheel 40960 Aug 22 13:35 /etc/spwd.db
|
||||||
|
```
|
||||||
|
|
||||||
|
Add a shadow group if there isn't one, and make the shadow file group-readable:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
$ sudo pw group add shadow
|
||||||
|
$ sudo chgrp shadow /etc/spwd.db
|
||||||
|
$ sudo chmod g+r /etc/spwd.db
|
||||||
|
$ sudo chgrp shadow /etc/master.passwd
|
||||||
|
$ sudo chmod g+r /etc/master.passwd
|
||||||
|
```
|
||||||
|
|
||||||
|
We want our new user to be able to read the shadow passwords, so add it to the
|
||||||
|
shadow group:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
$ sudo pw user mod rhea -G shadow
|
||||||
|
```
|
||||||
|
|
||||||
|
## Test that PAM works
|
||||||
|
|
||||||
|
We can verify that PAM is working, with:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
$ sudo -u rhea python3 -c "import pamela, getpass; print(pamela.authenticate('$USER', getpass.getpass()))"
|
||||||
|
Password: [enter your unix password]
|
||||||
|
```
|
||||||
|
|
||||||
|
## Make a directory for JupyterHub
|
||||||
|
|
||||||
|
JupyterHub stores its state in a database, so it needs write access to a directory.
|
||||||
|
The simplest way to deal with this is to make a directory owned by your Hub user,
|
||||||
|
and use that as the CWD when launching the server.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
$ sudo mkdir /etc/jupyterhub
|
||||||
|
$ sudo chown rhea /etc/jupyterhub
|
||||||
|
```
|
||||||
|
|
||||||
|
## Start jupyterhub
|
||||||
|
|
||||||
|
Finally, start the server as our newly configured user, `rhea`:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
$ cd /etc/jupyterhub
|
||||||
|
$ sudo -u rhea jupyterhub --JupyterHub.spawner_class=sudospawner.SudoSpawner
|
||||||
|
```
|
||||||
|
|
||||||
|
And try logging in.
|
||||||
|
|
||||||
|
## Troubleshooting: SELinux
|
||||||
|
|
||||||
|
If you still get a generic `Permission denied` `PermissionError`, it's possible SELinux is blocking you.
|
||||||
|
Here's how you can make a module to allow this.
|
||||||
|
First, put this in a file named `sudo_exec_selinux.te`:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
module sudo_exec_selinux 1.1;
|
||||||
|
|
||||||
|
require {
|
||||||
|
type unconfined_t;
|
||||||
|
type sudo_exec_t;
|
||||||
|
class file { read entrypoint };
|
||||||
|
}
|
||||||
|
|
||||||
|
#============= unconfined_t ==============
|
||||||
|
allow unconfined_t sudo_exec_t:file entrypoint;
|
||||||
|
```
|
||||||
|
|
||||||
|
Then run all of these commands as root:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
$ checkmodule -M -m -o sudo_exec_selinux.mod sudo_exec_selinux.te
|
||||||
|
$ semodule_package -o sudo_exec_selinux.pp -m sudo_exec_selinux.mod
|
||||||
|
$ semodule -i sudo_exec_selinux.pp
|
||||||
|
```
|
||||||
|
|
||||||
|
## Troubleshooting: PAM session errors
|
||||||
|
|
||||||
|
If the PAM authentication doesn't work and you see errors for
|
||||||
|
`login:session-auth`, or similar, considering updating to a more recent version
|
||||||
|
of jupyterhub and disabling the opening of PAM sessions with
|
||||||
|
`c.PAMAuthenticator.open_sessions=False`.
|
181
docs/source/reference/config-user-env.md
Normal file
@@ -0,0 +1,181 @@
|
|||||||
|
# Configuring user environments
|
||||||
|
|
||||||
|
Deploying JupyterHub means you are providing Jupyter notebook environments for
|
||||||
|
multiple users. Often, this includes a desire to configure the user
|
||||||
|
environment in some way.
|
||||||
|
|
||||||
|
Since the `jupyterhub-singleuser` server extends the standard Jupyter notebook
|
||||||
|
server, most configuration and documentation that applies to Jupyter Notebook
|
||||||
|
applies to the single-user environments. Configuration of user environments
|
||||||
|
typically does not occur through JupyterHub itself, but rather through system-
|
||||||
|
wide configuration of Jupyter, which is inherited by `jupyterhub-singleuser`.
|
||||||
|
|
||||||
|
**Tip:** When searching for configuration tips for JupyterHub user
|
||||||
|
environments, try removing JupyterHub from your search because there are a lot
|
||||||
|
more people out there configuring Jupyter than JupyterHub and the
|
||||||
|
configuration is the same.
|
||||||
|
|
||||||
|
This section will focus on user environments, including:
|
||||||
|
|
||||||
|
- Installing packages
|
||||||
|
- Configuring Jupyter and IPython
|
||||||
|
- Installing kernelspecs
|
||||||
|
- Using containers vs. multi-user hosts
|
||||||
|
|
||||||
|
|
||||||
|
## Installing packages
|
||||||
|
|
||||||
|
To make packages available to users, you generally will install packages
|
||||||
|
system-wide or in a shared environment.
|
||||||
|
|
||||||
|
This installation location should always be in the same environment that
|
||||||
|
`jupyterhub-singleuser` itself is installed in, and must be *readable and
|
||||||
|
executable* by your users. If you want users to be able to install additional
|
||||||
|
packages, it must also be *writable* by your users.
|
||||||
|
|
||||||
|
If you are using a standard system Python install, you would use:
|
||||||
|
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo python3 -m pip install numpy
|
||||||
|
```
|
||||||
|
|
||||||
|
to install the numpy package in the default system Python 3 environment
|
||||||
|
(typically `/usr/local`).
|
||||||
|
|
||||||
|
You may also use conda to install packages. If you do, you should make sure
|
||||||
|
that the conda environment has appropriate permissions for users to be able to
|
||||||
|
run Python code in the env.
|
||||||
|
|
||||||
|
|
||||||
|
## Configuring Jupyter and IPython
|
||||||
|
|
||||||
|
[Jupyter](https://jupyter-notebook.readthedocs.io/en/stable/config_overview.html)
|
||||||
|
and [IPython](https://ipython.readthedocs.io/en/stable/development/config.html)
|
||||||
|
have their own configuration systems.
|
||||||
|
|
||||||
|
As a JupyterHub administrator, you will typically want to install and configure
|
||||||
|
environments for all JupyterHub users. For example, you wish for each student in
|
||||||
|
a class to have the same user environment configuration.
|
||||||
|
|
||||||
|
Jupyter and IPython support **"system-wide"** locations for configuration, which
|
||||||
|
is the logical place to put global configuration that you want to affect all
|
||||||
|
users. It's generally more efficient to configure user environments "system-wide",
|
||||||
|
and it's a good idea to avoid creating files in users' home directories.
|
||||||
|
|
||||||
|
The typical locations for these config files are:
|
||||||
|
- **system-wide** in `/etc/{jupyter|ipython}`
|
||||||
|
- **env-wide** (environment wide) in `{sys.prefix}/etc/{jupyter|ipython}`.
|
||||||
|
|
||||||
|
### Example: Enable an extension system-wide
|
||||||
|
|
||||||
|
For example, to enable the `cython` IPython extension for all of your users,
|
||||||
|
create the file `/etc/ipython/ipython_config.py`:
|
||||||
|
|
||||||
|
```python
|
||||||
|
c.InteractiveShellApp.extensions.append("cython")
|
||||||
|
```
|
||||||
|
|
||||||
|
### Example: Enable a Jupyter notebook configuration setting for all users
|
||||||
|
|
||||||
|
To enable Jupyter notebook's internal idle-shutdown behavior (requires
|
||||||
|
notebook ≥ 5.4), set the following in the `/etc/jupyter/jupyter_notebook_config.py`
|
||||||
|
file:
|
||||||
|
|
||||||
|
```python
|
||||||
|
# shutdown the server after no activity for an hour
|
||||||
|
c.NotebookApp.shutdown_no_activity_timeout = 60 * 60
|
||||||
|
# shutdown kernels after no activity for 20 minutes
|
||||||
|
c.MappingKernelManager.cull_idle_timeout = 20 * 60
|
||||||
|
# check for idle kernels every two minutes
|
||||||
|
c.MappingKernelManager.cull_interval = 2 * 60
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
## Installing kernelspecs
|
||||||
|
|
||||||
|
You may have multiple Jupyter kernels installed and want to make sure that
|
||||||
|
they are available to all of your users. This means installing kernelspecs
|
||||||
|
either system-wide (e.g. in /usr/local/) or in the `sys.prefix` of JupyterHub
|
||||||
|
itself.
|
||||||
|
|
||||||
|
Jupyter kernelspec installation is system wide by default, but some kernels
|
||||||
|
may default to installing kernelspecs in your home directory. These will need
|
||||||
|
to be moved system-wide to ensure that they are accessible.
|
||||||
|
|
||||||
|
You can see where your kernelspecs are with:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
jupyter kernelspec list
|
||||||
|
```
|
||||||
|
|
||||||
|
### Example: Installing kernels system-wide
|
||||||
|
|
||||||
|
Assuming I have a Python 2 and Python 3 environment that I want to make
|
||||||
|
sure are available, I can install their specs system-wide (in /usr/local) with:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
/path/to/python3 -m IPython kernel install --prefix=/usr/local
|
||||||
|
/path/to/python2 -m IPython kernel install --prefix=/usr/local
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
## Multi-user hosts vs. Containers
|
||||||
|
|
||||||
|
There are two broad categories of user environments that depend on what
|
||||||
|
Spawner you choose:
|
||||||
|
|
||||||
|
- Multi-user hosts (shared system)
|
||||||
|
- Container-based
|
||||||
|
|
||||||
|
How you configure user environments for each category can differ a bit
|
||||||
|
depending on what Spawner you are using.
|
||||||
|
|
||||||
|
The first category is a **shared system (multi-user host)** where
|
||||||
|
each user has a JupyterHub account and a home directory as well as being
|
||||||
|
a real system user. In this example, shared configuration and installation
|
||||||
|
must be in a 'system-wide' location, such as `/etc/` or `/usr/local`
|
||||||
|
or a custom prefix such as `/opt/conda`.
|
||||||
|
|
||||||
|
When JupyterHub uses **container-based** Spawners (e.g. KubeSpawner or
|
||||||
|
DockerSpawner), the 'system-wide' environment is really the container image
|
||||||
|
which you are using for users.
|
||||||
|
|
||||||
|
In both cases, you want to *avoid putting configuration in user home
|
||||||
|
directories* because users can change those configuration settings. Also,
|
||||||
|
home directories typically persist once they are created, so they are
|
||||||
|
difficult for admins to update later.
|
||||||
|
|
||||||
|
## Named servers
|
||||||
|
|
||||||
|
By default, in a JupyterHub deployment each user has exactly one server.
|
||||||
|
|
||||||
|
JupyterHub can, however, have multiple servers per user.
|
||||||
|
This is most useful in deployments where users can configure the environment
|
||||||
|
in which their server will start (e.g. resource requests on an HPC cluster),
|
||||||
|
so that a given user can have multiple configurations running at the same time,
|
||||||
|
without having to stop and restart their one server.
|
||||||
|
|
||||||
|
To allow named servers:
|
||||||
|
|
||||||
|
```python
|
||||||
|
c.JupyterHub.allow_named_servers = True
|
||||||
|
```
|
||||||
|
|
||||||
|
Named servers were implemented in the REST API in JupyterHub 0.8,
|
||||||
|
and JupyterHub 1.0 introduces UI for managing named servers via the user home page:
|
||||||
|
|
||||||
|

|
||||||
|
|
||||||
|
as well as the admin page:
|
||||||
|
|
||||||
|

|
||||||
|
|
||||||
|
Named servers can be accessed, created, started, stopped, and deleted
|
||||||
|
from these pages. Activity tracking is now per-server as well.
|
||||||
|
|
||||||
|
The number of named servers per user can be limited by setting
|
||||||
|
|
||||||
|
```python
|
||||||
|
c.JupyterHub.named_server_limit_per_user = 5
|
||||||
|
```
|
62
docs/source/reference/database.md
Normal file
@@ -0,0 +1,62 @@
|
|||||||
|
# The Hub's Database
|
||||||
|
|
||||||
|
JupyterHub uses a database to store information about users, services, and other
|
||||||
|
data needed for operating the Hub.
|
||||||
|
|
||||||
|
## Default SQLite database
|
||||||
|
|
||||||
|
The default database for JupyterHub is a [SQLite](https://sqlite.org) database.
|
||||||
|
We have chosen SQLite as JupyterHub's default for its lightweight simplicity
|
||||||
|
in certain uses such as testing, small deployments and workshops.
|
||||||
|
|
||||||
|
For production systems, SQLite has some disadvantages when used with JupyterHub:
|
||||||
|
|
||||||
|
- `upgrade-db` may not work, and you may need to start with a fresh database
|
||||||
|
- `downgrade-db` **will not** work if you want to rollback to an earlier
|
||||||
|
version, so backup the `jupyterhub.sqlite` file before upgrading
|
||||||
|
|
||||||
|
The sqlite documentation provides a helpful page about [when to use SQLite and
|
||||||
|
where traditional RDBMS may be a better choice](https://sqlite.org/whentouse.html).
|
||||||
|
|
||||||
|
## Using an RDBMS (PostgreSQL, MySQL)
|
||||||
|
|
||||||
|
When running a long term deployment or a production system, we recommend using
|
||||||
|
a traditional RDBMS database, such as [PostgreSQL](https://www.postgresql.org)
|
||||||
|
or [MySQL](https://www.mysql.com), that supports the SQL `ALTER TABLE`
|
||||||
|
statement.
|
||||||
|
|
||||||
|
## Notes and Tips
|
||||||
|
|
||||||
|
### SQLite
|
||||||
|
|
||||||
|
The SQLite database should not be used on NFS. SQLite uses reader/writer locks
|
||||||
|
to control access to the database. This locking mechanism might not work
|
||||||
|
correctly if the database file is kept on an NFS filesystem. This is because
|
||||||
|
`fcntl()` file locking is broken on many NFS implementations. Therefore, you
|
||||||
|
should avoid putting SQLite database files on NFS since it will not handle well
|
||||||
|
multiple processes which might try to access the file at the same time.
|
||||||
|
|
||||||
|
### PostgreSQL
|
||||||
|
|
||||||
|
We recommend using PostgreSQL for production if you are unsure whether to use
|
||||||
|
MySQL or PostgreSQL or if you do not have a strong preference. There is
|
||||||
|
additional configuration required for MySQL that is not needed for PostgreSQL.
|
||||||
|
|
||||||
|
### MySQL / MariaDB
|
||||||
|
|
||||||
|
- You should use the `pymysql` sqlalchemy provider (the other one, MySQLdb,
|
||||||
|
isn't available for py3).
|
||||||
|
- You also need to set `pool_recycle` to some value (typically 60 - 300)
|
||||||
|
which depends on your MySQL setup. This is necessary since MySQL kills
|
||||||
|
connections serverside if they've been idle for a while, and the connection
|
||||||
|
from the hub will be idle for longer than most connections. This behavior
|
||||||
|
will lead to frustrating 'the connection has gone away' errors from
|
||||||
|
sqlalchemy if `pool_recycle` is not set.
|
||||||
|
- If you use `utf8mb4` collation with MySQL earlier than 5.7.7 or MariaDB
|
||||||
|
earlier than 10.2.1 you may get an `1709, Index column size too large` error.
|
||||||
|
To fix this you need to set `innodb_large_prefix` to enabled and
|
||||||
|
`innodb_file_format` to `Barracuda` to allow for the index sizes jupyterhub
|
||||||
|
uses. `row_format` will be set to `DYNAMIC` as long as those options are set
|
||||||
|
correctly. Later versions of MariaDB and MySQL should set these values by
|
||||||
|
default, as well as have a default `DYNAMIC` `row_format` and pose no trouble
|
||||||
|
to users.
|
@@ -5,10 +5,18 @@ Technical Reference
|
|||||||
:maxdepth: 2
|
:maxdepth: 2
|
||||||
|
|
||||||
technical-overview
|
technical-overview
|
||||||
|
urls
|
||||||
websecurity
|
websecurity
|
||||||
authenticators
|
authenticators
|
||||||
spawners
|
spawners
|
||||||
services
|
services
|
||||||
|
proxy
|
||||||
|
separate-proxy
|
||||||
rest
|
rest
|
||||||
upgrading
|
database
|
||||||
|
templates
|
||||||
|
config-user-env
|
||||||
config-examples
|
config-examples
|
||||||
|
config-ghoauth
|
||||||
|
config-proxy
|
||||||
|
config-sudo
|
||||||
|
222
docs/source/reference/proxy.md
Normal file
@@ -0,0 +1,222 @@
|
|||||||
|
# Writing a custom Proxy implementation
|
||||||
|
|
||||||
|
JupyterHub 0.8 introduced the ability to write a custom implementation of the
|
||||||
|
proxy. This enables deployments with different needs than the default proxy,
|
||||||
|
configurable-http-proxy (CHP). CHP is a single-process nodejs proxy that the
|
||||||
|
Hub manages by default as a subprocess (it can be run externally, as well, and
|
||||||
|
typically is in production deployments).
|
||||||
|
|
||||||
|
The upside to CHP, and why we use it by default, is that it's easy to install
|
||||||
|
and run (if you have nodejs, you are set!). The downsides are that it's a
|
||||||
|
single process and does not support any persistence of the routing table. So
|
||||||
|
if the proxy process dies, your whole JupyterHub instance is inaccessible
|
||||||
|
until the Hub notices, restarts the proxy, and restores the routing table. For
|
||||||
|
deployments that want to avoid such a single point of failure, or leverage
|
||||||
|
existing proxy infrastructure in their chosen deployment (such as Kubernetes
|
||||||
|
ingress objects), the Proxy API provides a way to do that.
|
||||||
|
|
||||||
|
In general, for a proxy to be usable by JupyterHub, it must:
|
||||||
|
|
||||||
|
1. support websockets without prior knowledge of the URL where websockets may
|
||||||
|
occur
|
||||||
|
2. support trie-based routing (i.e. allow different routes on `/foo` and
|
||||||
|
`/foo/bar` and route based on specificity)
|
||||||
|
3. adding or removing a route should not cause existing connections to drop
|
||||||
|
|
||||||
|
Optionally, if the JupyterHub deployment is to use host-based routing,
|
||||||
|
the Proxy must additionally support routing based on the Host of the request.
|
||||||
|
|
||||||
|
## Subclassing Proxy
|
||||||
|
|
||||||
|
To start, any Proxy implementation should subclass the base Proxy class,
|
||||||
|
as is done with custom Spawners and Authenticators.
|
||||||
|
|
||||||
|
```python
|
||||||
|
from jupyterhub.proxy import Proxy
|
||||||
|
|
||||||
|
class MyProxy(Proxy):
|
||||||
|
"""My Proxy implementation"""
|
||||||
|
...
|
||||||
|
```
|
||||||
|
|
||||||
|
## Starting and stopping the proxy
|
||||||
|
|
||||||
|
If your proxy should be launched when the Hub starts, you must define how
|
||||||
|
to start and stop your proxy:
|
||||||
|
|
||||||
|
```python
|
||||||
|
class MyProxy(Proxy):
|
||||||
|
...
|
||||||
|
async def start(self):
|
||||||
|
"""Start the proxy"""
|
||||||
|
|
||||||
|
async def stop(self):
|
||||||
|
"""Stop the proxy"""
|
||||||
|
```
|
||||||
|
|
||||||
|
These methods **may** be coroutines.
|
||||||
|
|
||||||
|
`c.Proxy.should_start` is a configurable flag that determines whether the
|
||||||
|
Hub should call these methods when the Hub itself starts and stops.
|
||||||
|
|
||||||
|
## Encryption
|
||||||
|
|
||||||
|
When using `internal_ssl` to encrypt traffic behind the proxy, at minimum,
|
||||||
|
your `Proxy` will need client ssl certificates which the `Hub` must be made
|
||||||
|
aware of. These can be generated with the command `jupyterhub --generate-certs`
|
||||||
|
which will write them to the `internal_certs_location` in folders named
|
||||||
|
`proxy_api` and `proxy_client`. Alternatively, these can be provided to the
|
||||||
|
hub via the `jupyterhub_config.py` file by providing a `dict` of named paths
|
||||||
|
to the `external_authorities` option. The hub will include all certificates
|
||||||
|
provided in that `dict` in the trust bundle utilized by all internal
|
||||||
|
components.
|
||||||
|
|
||||||
|
### Purely external proxies
|
||||||
|
|
||||||
|
Probably most custom proxies will be externally managed,
|
||||||
|
such as Kubernetes ingress-based implementations.
|
||||||
|
In this case, you do not need to define `start` and `stop`.
|
||||||
|
To disable the methods, you can define `should_start = False` at the class level:
|
||||||
|
|
||||||
|
```python
|
||||||
|
class MyProxy(Proxy):
|
||||||
|
should_start = False
|
||||||
|
```
|
||||||
|
|
||||||
|
## Routes
|
||||||
|
|
||||||
|
At its most basic, a Proxy implementation defines a mechanism to add, remove,
|
||||||
|
and retrieve routes. A proxy that implements these three methods is complete.
|
||||||
|
Each of these methods **may** be a coroutine.
|
||||||
|
|
||||||
|
**Definition:** routespec
|
||||||
|
|
||||||
|
A routespec, which will appear in these methods, is a string describing a
|
||||||
|
route to be proxied, such as `/user/name/`. A routespec will:
|
||||||
|
|
||||||
|
1. always end with `/`
|
||||||
|
2. always start with `/` if it is a path-based route `/proxy/path/`
|
||||||
|
3. precede the leading `/` with a host for host-based routing, e.g.
|
||||||
|
`host.tld/proxy/path/`
|
||||||
|
|
||||||
|
### Adding a route
|
||||||
|
|
||||||
|
When adding a route, JupyterHub may pass a JSON-serializable dict as a `data`
|
||||||
|
argument that should be attacked to the proxy route. When that route is
|
||||||
|
retrieved, the `data` argument should be returned as well. If your proxy
|
||||||
|
implementation doesn't support storing data attached to routes, then your
|
||||||
|
Python wrapper may have to handle storing the `data` piece itself, e.g in a
|
||||||
|
simple file or database.
|
||||||
|
|
||||||
|
```python
|
||||||
|
async def add_route(self, routespec, target, data):
|
||||||
|
"""Proxy `routespec` to `target`.
|
||||||
|
|
||||||
|
Store `data` associated with the routespec
|
||||||
|
for retrieval later.
|
||||||
|
"""
|
||||||
|
```
|
||||||
|
|
||||||
|
Adding a route for a user looks like this:
|
||||||
|
|
||||||
|
```python
|
||||||
|
await proxy.add_route('/user/pgeorgiou/', 'http://127.0.0.1:1227',
|
||||||
|
{'user': 'pgeorgiou'})
|
||||||
|
```
|
||||||
|
|
||||||
|
### Removing routes
|
||||||
|
|
||||||
|
`delete_route()` is given a routespec to delete. If there is no such route,
|
||||||
|
`delete_route` should still succeed, but a warning may be issued.
|
||||||
|
|
||||||
|
```python
|
||||||
|
async def delete_route(self, routespec):
|
||||||
|
"""Delete the route"""
|
||||||
|
```
|
||||||
|
|
||||||
|
### Retrieving routes
|
||||||
|
|
||||||
|
For retrieval, you only *need* to implement a single method that retrieves all
|
||||||
|
routes. The return value for this function should be a dictionary, keyed by
|
||||||
|
`routespect`, of dicts whose keys are the same three arguments passed to
|
||||||
|
`add_route` (`routespec`, `target`, `data`)
|
||||||
|
|
||||||
|
```python
|
||||||
|
async def get_all_routes(self):
|
||||||
|
"""Return all routes, keyed by routespec"""
|
||||||
|
```
|
||||||
|
|
||||||
|
```python
|
||||||
|
{
|
||||||
|
'/proxy/path/': {
|
||||||
|
'routespec': '/proxy/path/',
|
||||||
|
'target': 'http://...',
|
||||||
|
'data': {},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
## Note on activity tracking
|
||||||
|
|
||||||
|
JupyterHub can track activity of users, for use in services such as culling
|
||||||
|
idle servers. As of JupyterHub 0.8, this activity tracking is the
|
||||||
|
responsibility of the proxy. If your proxy implementation can track activity
|
||||||
|
to endpoints, it may add a `last_activity` key to the `data` of routes
|
||||||
|
retrieved in `.get_all_routes()`. If present, the value of `last_activity`
|
||||||
|
should be an [ISO8601](https://en.wikipedia.org/wiki/ISO_8601) UTC date
|
||||||
|
string:
|
||||||
|
|
||||||
|
```python
|
||||||
|
{
|
||||||
|
'/user/pgeorgiou/': {
|
||||||
|
'routespec': '/user/pgeorgiou/',
|
||||||
|
'target': 'http://127.0.0.1:1227',
|
||||||
|
'data': {
|
||||||
|
'user': 'pgeourgiou',
|
||||||
|
'last_activity': '2017-10-03T10:33:49.570Z',
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
If the proxy does not track activity, then only activity to the Hub itself is
|
||||||
|
tracked, and services such as cull-idle will not work.
|
||||||
|
|
||||||
|
Now that `notebook-5.0` tracks activity internally, we can retrieve activity
|
||||||
|
information from the single-user servers instead, removing the need to track
|
||||||
|
activity in the proxy. But this is not yet implemented in JupyterHub 0.8.0.
|
||||||
|
|
||||||
|
### Registering custom Proxies via entry points
|
||||||
|
|
||||||
|
As of JupyterHub 1.0, custom proxy implementations can register themselves via
|
||||||
|
the `jupyterhub.proxies` entry point metadata.
|
||||||
|
To do this, in your `setup.py` add:
|
||||||
|
|
||||||
|
```python
|
||||||
|
setup(
|
||||||
|
...
|
||||||
|
entry_points={
|
||||||
|
'jupyterhub.proxies': [
|
||||||
|
'mything = mypackage:MyProxy',
|
||||||
|
],
|
||||||
|
},
|
||||||
|
)
|
||||||
|
```
|
||||||
|
|
||||||
|
If you have added this metadata to your package,
|
||||||
|
users can select your authenticator with the configuration:
|
||||||
|
|
||||||
|
```python
|
||||||
|
c.JupyterHub.proxy_class = 'mything'
|
||||||
|
```
|
||||||
|
|
||||||
|
instead of the full
|
||||||
|
|
||||||
|
```python
|
||||||
|
c.JupyterHub.proxy_class = 'mypackage:MyProxy'
|
||||||
|
```
|
||||||
|
|
||||||
|
previously required.
|
||||||
|
Additionally, configurable attributes for your proxy will
|
||||||
|
appear in jupyterhub help output and auto-generated configuration files
|
||||||
|
via `jupyterhub --generate-config`.
|
14
docs/source/reference/rest-api.rst
Normal file
@@ -0,0 +1,14 @@
|
|||||||
|
:orphan:
|
||||||
|
|
||||||
|
===================
|
||||||
|
JupyterHub REST API
|
||||||
|
===================
|
||||||
|
|
||||||
|
.. this doc exists as a resolvable link target
|
||||||
|
.. which _static files are not
|
||||||
|
|
||||||
|
.. meta::
|
||||||
|
:http-equiv=refresh: 0;url=../_static/rest-api/index.html
|
||||||
|
|
||||||
|
The rest API docs are `here <../_static/rest-api/index.html>`_
|
||||||
|
if you are not redirected automatically.
|
@@ -27,7 +27,7 @@ Hub.
|
|||||||
To send requests using JupyterHub API, you must pass an API token with
|
To send requests using JupyterHub API, you must pass an API token with
|
||||||
the request.
|
the request.
|
||||||
|
|
||||||
As of [version 0.6.0](../changelog.html), the preferred way of
|
As of [version 0.6.0](../changelog.md), the preferred way of
|
||||||
generating an API token is:
|
generating an API token is:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
@@ -48,7 +48,7 @@ jupyterhub token <username>
|
|||||||
This command generates a random string to use as a token and registers
|
This command generates a random string to use as a token and registers
|
||||||
it for the given user with the Hub's database.
|
it for the given user with the Hub's database.
|
||||||
|
|
||||||
In [version 0.8.0](../changelog.html), a TOKEN request page for
|
In [version 0.8.0](../changelog.md), a TOKEN request page for
|
||||||
generating an API token is available from the JupyterHub user interface:
|
generating an API token is available from the JupyterHub user interface:
|
||||||
|
|
||||||

|

|
||||||
@@ -114,10 +114,55 @@ r.raise_for_status()
|
|||||||
r.json()
|
r.json()
|
||||||
```
|
```
|
||||||
|
|
||||||
Note that the API token authorizes **JupyterHub** REST API requests. The same
|
The same API token can also authorize access to the [Jupyter Notebook REST API][]
|
||||||
token does **not** authorize access to the [Jupyter Notebook REST API][]
|
provided by notebook servers managed by JupyterHub if one of the following is true:
|
||||||
provided by notebook servers managed by JupyterHub. A different token is used
|
|
||||||
to access the **Jupyter Notebook** API.
|
1. The token is for the same user as the owner of the notebook
|
||||||
|
2. The token is tied to an admin user or service **and** `c.JupyterHub.admin_access` is set to `True`
|
||||||
|
|
||||||
|
## Enabling users to spawn multiple named-servers via the API
|
||||||
|
|
||||||
|
With JupyterHub version 0.8, support for multiple servers per user has landed.
|
||||||
|
Prior to that, each user could only launch a single default server via the API
|
||||||
|
like this:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
curl -X POST -H "Authorization: token <token>" "http://127.0.0.1:8081/hub/api/users/<user>/server"
|
||||||
|
```
|
||||||
|
|
||||||
|
With the named-server functionality, it's now possible to launch more than one
|
||||||
|
specifically named servers against a given user. This could be used, for instance,
|
||||||
|
to launch each server based on a different image.
|
||||||
|
|
||||||
|
First you must enable named-servers by including the following setting in the `jupyterhub_config.py` file.
|
||||||
|
|
||||||
|
`c.JupyterHub.allow_named_servers = True`
|
||||||
|
|
||||||
|
If using the [zero-to-jupyterhub-k8s](https://github.com/jupyterhub/zero-to-jupyterhub-k8s) set-up to run JupyterHub,
|
||||||
|
then instead of editing the `jupyterhub_config.py` file directly, you could pass
|
||||||
|
the following as part of the `config.yaml` file, as per the [tutorial](https://zero-to-jupyterhub.readthedocs.io/en/latest/):
|
||||||
|
|
||||||
|
```bash
|
||||||
|
hub:
|
||||||
|
extraConfig: |
|
||||||
|
c.JupyterHub.allow_named_servers = True
|
||||||
|
```
|
||||||
|
|
||||||
|
With that setting in place, a new named-server is activated like this:
|
||||||
|
```bash
|
||||||
|
curl -X POST -H "Authorization: token <token>" "http://127.0.0.1:8081/hub/api/users/<user>/servers/<serverA>"
|
||||||
|
curl -X POST -H "Authorization: token <token>" "http://127.0.0.1:8081/hub/api/users/<user>/servers/<serverB>"
|
||||||
|
```
|
||||||
|
|
||||||
|
The same servers can be stopped by substituting `DELETE` for `POST` above.
|
||||||
|
|
||||||
|
### Some caveats for using named-servers
|
||||||
|
|
||||||
|
For named-servers via the API to work, the spawner used to spawn these servers
|
||||||
|
will need to be able to handle the case of multiple servers per user and ensure
|
||||||
|
uniqueness of names, particularly if servers are spawned via docker containers
|
||||||
|
or kubernetes pods.
|
||||||
|
|
||||||
|
|
||||||
## Learn more about the API
|
## Learn more about the API
|
||||||
|
|
||||||
@@ -128,5 +173,5 @@ Note: The Swagger specification is being renamed the [OpenAPI Initiative][].
|
|||||||
|
|
||||||
[interactive style on swagger's petstore]: http://petstore.swagger.io/?url=https://raw.githubusercontent.com/jupyterhub/jupyterhub/master/docs/rest-api.yml#!/default
|
[interactive style on swagger's petstore]: http://petstore.swagger.io/?url=https://raw.githubusercontent.com/jupyterhub/jupyterhub/master/docs/rest-api.yml#!/default
|
||||||
[OpenAPI Initiative]: https://www.openapis.org/
|
[OpenAPI Initiative]: https://www.openapis.org/
|
||||||
[JupyterHub REST API]: ../_static/rest-api/index.html
|
[JupyterHub REST API]: ./rest-api
|
||||||
[Jupyter Notebook REST API]: http://petstore.swagger.io/?url=https://raw.githubusercontent.com/jupyter/notebook/master/notebook/services/api/api.yaml
|
[Jupyter Notebook REST API]: http://petstore.swagger.io/?url=https://raw.githubusercontent.com/jupyter/notebook/master/notebook/services/api/api.yaml
|
||||||
|
80
docs/source/reference/separate-proxy.md
Normal file
@@ -0,0 +1,80 @@
|
|||||||
|
# Running proxy separately from the hub
|
||||||
|
|
||||||
|
|
||||||
|
## Background
|
||||||
|
|
||||||
|
The thing which users directly connect to is the proxy, by default
|
||||||
|
`configurable-http-proxy`. The proxy either redirects users to the
|
||||||
|
hub (for login and managing servers), or to their own single-user
|
||||||
|
servers. Thus, as long as the proxy stays running, access to existing
|
||||||
|
servers continues, even if the hub itself restarts or goes down.
|
||||||
|
|
||||||
|
When you first configure the hub, you may not even realize this
|
||||||
|
because the proxy is automatically managed by the hub. This is great
|
||||||
|
for getting started and even most use, but everytime you restart the
|
||||||
|
hub, all user connections also get restarted. But it's also simple to
|
||||||
|
run the proxy as a service separate from the hub, so that you are free
|
||||||
|
to reconfigure the hub while only interrupting users who are currently
|
||||||
|
actively starting the hub.
|
||||||
|
|
||||||
|
The default JupyterHub proxy is
|
||||||
|
[configurable-http-proxy](https://github.com/jupyterhub/configurable-http-proxy),
|
||||||
|
and that page has some docs. If you are using a different proxy, such
|
||||||
|
as Traefik, these instructions are probably not relevant to you.
|
||||||
|
|
||||||
|
|
||||||
|
## Configuration options
|
||||||
|
|
||||||
|
`c.JupyterHub.cleanup_servers = False` should be set, which tells the
|
||||||
|
hub to not stop servers when the hub restarts (this is useful even if
|
||||||
|
you don't run the proxy separately).
|
||||||
|
|
||||||
|
`c.ConfigurableHTTPProxy.should_start = False` should be set, which
|
||||||
|
tells the hub that the proxy should not be started (because you start
|
||||||
|
it yourself).
|
||||||
|
|
||||||
|
`c.ConfigurableHTTPProxy.auth_token = "CONFIGPROXY_AUTH_TOKEN"` should be set to a
|
||||||
|
token for authenticating communication with the proxy.
|
||||||
|
|
||||||
|
`c.ConfigurableHTTPProxy.api_url = 'http://localhost:8001'` should be
|
||||||
|
set to the URL which the hub uses to connect *to the proxy's API*.
|
||||||
|
|
||||||
|
|
||||||
|
## Proxy configuration
|
||||||
|
|
||||||
|
You need to configure a service to start the proxy. An example
|
||||||
|
command line for this is `configurable-http-proxy --ip=127.0.0.1
|
||||||
|
--port=8000 --api-ip=127.0.0.1 --api-port=8001
|
||||||
|
--default-target=http://localhost:8081
|
||||||
|
--error-target=http://localhost:8081/hub/error`. (Details for how to
|
||||||
|
do this is out of scope for this tutorial - for example it might be a
|
||||||
|
systemd service on within another docker cotainer). The proxy has no
|
||||||
|
configuration files, all configuration is via the command line and
|
||||||
|
environment variables.
|
||||||
|
|
||||||
|
`--api-ip` and `--api-port` (which tells the proxy where to listen) should match the hub's `ConfigurableHTTPProxy.api_url`.
|
||||||
|
|
||||||
|
`--ip`, `-port`, and other options configure the *user* connections to the proxy.
|
||||||
|
|
||||||
|
`--default-target` and `--error-target` should point to the hub, and used when users navigate to the proxy originally.
|
||||||
|
|
||||||
|
You must define the environment variable `CONFIGPROXY_AUTH_TOKEN` to
|
||||||
|
match the token given to `c.ConfigurableHTTPProxy.auth_token`.
|
||||||
|
|
||||||
|
You should check the [configurable-http-proxy
|
||||||
|
options](https://github.com/jupyterhub/configurable-http-proxy) to see
|
||||||
|
what other options are needed, for example SSL options. Note that
|
||||||
|
these are configured in the hub if the hub is starting the proxy - you
|
||||||
|
need to move the options to here.
|
||||||
|
|
||||||
|
|
||||||
|
## Docker image
|
||||||
|
|
||||||
|
You can use [jupyterhub configurable-http-proxy docker
|
||||||
|
image](https://hub.docker.com/r/jupyterhub/configurable-http-proxy/)
|
||||||
|
to run the proxy.
|
||||||
|
|
||||||
|
|
||||||
|
## See also
|
||||||
|
|
||||||
|
* [jupyterhub configurable-http-proxy](https://github.com/jupyterhub/configurable-http-proxy)
|
@@ -15,7 +15,7 @@ This section provides the following information about Services:
|
|||||||
## Definition of a Service
|
## Definition of a Service
|
||||||
|
|
||||||
When working with JupyterHub, a **Service** is defined as a process that interacts
|
When working with JupyterHub, a **Service** is defined as a process that interacts
|
||||||
with the Hub's REST API. A Service may perform a specific or
|
with the Hub's REST API. A Service may perform a specific
|
||||||
action or task. For example, the following tasks can each be a unique Service:
|
action or task. For example, the following tasks can each be a unique Service:
|
||||||
|
|
||||||
- shutting down individuals' single user notebook servers that have been idle
|
- shutting down individuals' single user notebook servers that have been idle
|
||||||
@@ -93,7 +93,7 @@ c.JupyterHub.services = [
|
|||||||
{
|
{
|
||||||
'name': 'cull-idle',
|
'name': 'cull-idle',
|
||||||
'admin': True,
|
'admin': True,
|
||||||
'command': ['python', '/path/to/cull-idle.py', '--timeout']
|
'command': [sys.executable, '/path/to/cull-idle.py', '--timeout']
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
```
|
```
|
||||||
@@ -178,7 +178,13 @@ When you run a service that has a url, it will be accessible under a
|
|||||||
your service to route proxied requests properly, it must take
|
your service to route proxied requests properly, it must take
|
||||||
`JUPYTERHUB_SERVICE_PREFIX` into account when routing requests. For example, a
|
`JUPYTERHUB_SERVICE_PREFIX` into account when routing requests. For example, a
|
||||||
web service would normally service its root handler at `'/'`, but the proxied
|
web service would normally service its root handler at `'/'`, but the proxied
|
||||||
service would need to serve `JUPYTERHUB_SERVICE_PREFIX + '/'`.
|
service would need to serve `JUPYTERHUB_SERVICE_PREFIX`.
|
||||||
|
|
||||||
|
Note that `JUPYTERHUB_SERVICE_PREFIX` will contain a trailing slash. This must
|
||||||
|
be taken into consideration when creating the service routes. If you include an
|
||||||
|
extra slash you might get unexpected behavior. For example if your service has a
|
||||||
|
`/foo` endpoint, the route would be `JUPYTERHUB_SERVICE_PREFIX + foo`, and
|
||||||
|
`/foo/bar` would be `JUPYTERHUB_SERVICE_PREFIX + foo/bar`.
|
||||||
|
|
||||||
## Hub Authentication and Services
|
## Hub Authentication and Services
|
||||||
|
|
||||||
@@ -198,9 +204,11 @@ which implements the requests to the Hub.
|
|||||||
To use HubAuth, you must set the `.api_token`, either programmatically when constructing the class,
|
To use HubAuth, you must set the `.api_token`, either programmatically when constructing the class,
|
||||||
or via the `JUPYTERHUB_API_TOKEN` environment variable.
|
or via the `JUPYTERHUB_API_TOKEN` environment variable.
|
||||||
|
|
||||||
Most of the logic for authentication implementation is found in the
|
Most of the logic for authentication implementation is found in the
|
||||||
[`HubAuth.user_for_cookie`](services.auth.html#jupyterhub.services.auth.HubAuth.user_for_cookie)
|
[`HubAuth.user_for_cookie`][HubAuth.user_for_cookie]
|
||||||
method, which makes a request of the Hub, and returns:
|
and in the
|
||||||
|
[`HubAuth.user_for_token`][HubAuth.user_for_token]
|
||||||
|
methods, which makes a request of the Hub, and returns:
|
||||||
|
|
||||||
- None, if no user could be identified, or
|
- None, if no user could be identified, or
|
||||||
- a dict of the following form:
|
- a dict of the following form:
|
||||||
@@ -252,8 +260,11 @@ def authenticated(f):
|
|||||||
@wraps(f)
|
@wraps(f)
|
||||||
def decorated(*args, **kwargs):
|
def decorated(*args, **kwargs):
|
||||||
cookie = request.cookies.get(auth.cookie_name)
|
cookie = request.cookies.get(auth.cookie_name)
|
||||||
|
token = request.headers.get(auth.auth_header_name)
|
||||||
if cookie:
|
if cookie:
|
||||||
user = auth.user_for_cookie(cookie)
|
user = auth.user_for_cookie(cookie)
|
||||||
|
elif token:
|
||||||
|
user = auth.user_for_token(token)
|
||||||
else:
|
else:
|
||||||
user = None
|
user = None
|
||||||
if user:
|
if user:
|
||||||
@@ -264,7 +275,7 @@ def authenticated(f):
|
|||||||
return decorated
|
return decorated
|
||||||
|
|
||||||
|
|
||||||
@app.route(prefix + '/')
|
@app.route(prefix)
|
||||||
@authenticated
|
@authenticated
|
||||||
def whoami(user):
|
def whoami(user):
|
||||||
return Response(
|
return Response(
|
||||||
@@ -348,14 +359,16 @@ and taking note of the following process:
|
|||||||
```
|
```
|
||||||
|
|
||||||
An example of using an Externally-Managed Service and authentication is
|
An example of using an Externally-Managed Service and authentication is
|
||||||
in [nbviewer README]_ section on securing the notebook viewer,
|
in [nbviewer README][nbviewer example] section on securing the notebook viewer,
|
||||||
and an example of its configuration is found [here](https://github.com/jupyter/nbviewer/blob/master/nbviewer/providers/base.py#L94).
|
and an example of its configuration is found [here](https://github.com/jupyter/nbviewer/blob/master/nbviewer/providers/base.py#L94).
|
||||||
nbviewer can also be run as a Hub-Managed Service as described [nbviewer README]_
|
nbviewer can also be run as a Hub-Managed Service as described [nbviewer README][nbviewer example]
|
||||||
section on securing the notebook viewer.
|
section on securing the notebook viewer.
|
||||||
|
|
||||||
|
|
||||||
[requests]: http://docs.python-requests.org/en/master/
|
[requests]: http://docs.python-requests.org/en/master/
|
||||||
[services_auth]: ../api/services.auth.html
|
[services_auth]: ../api/services.auth.html
|
||||||
[HubAuth]: ../api/services.auth.html#jupyterhub.services.auth.HubAuth
|
[HubAuth]: ../api/services.auth.html#jupyterhub.services.auth.HubAuth
|
||||||
|
[HubAuth.user_for_cookie]: ../api/services.auth.html#jupyterhub.services.auth.HubAuth.user_for_cookie
|
||||||
|
[HubAuth.user_for_token]: ../api/services.auth.html#jupyterhub.services.auth.HubAuth.user_for_token
|
||||||
[HubAuthenticated]: ../api/services.auth.html#jupyterhub.services.auth.HubAuthenticated
|
[HubAuthenticated]: ../api/services.auth.html#jupyterhub.services.auth.HubAuthenticated
|
||||||
[nbviewer example]: https://github.com/jupyter/nbviewer#securing-the-notebook-viewer
|
[nbviewer example]: https://github.com/jupyter/nbviewer#securing-the-notebook-viewer
|
||||||
|
@@ -10,6 +10,7 @@ and a custom Spawner needs to be able to take three actions:
|
|||||||
|
|
||||||
|
|
||||||
## Examples
|
## Examples
|
||||||
|
|
||||||
Custom Spawners for JupyterHub can be found on the [JupyterHub wiki](https://github.com/jupyterhub/jupyterhub/wiki/Spawners).
|
Custom Spawners for JupyterHub can be found on the [JupyterHub wiki](https://github.com/jupyterhub/jupyterhub/wiki/Spawners).
|
||||||
Some examples include:
|
Some examples include:
|
||||||
|
|
||||||
@@ -46,7 +47,16 @@ Most `Spawner.start` functions will look similar to this example:
|
|||||||
def start(self):
|
def start(self):
|
||||||
self.ip = '127.0.0.1'
|
self.ip = '127.0.0.1'
|
||||||
self.port = random_port()
|
self.port = random_port()
|
||||||
yield self._actually_start_server_somehow()
|
# get environment variables,
|
||||||
|
# several of which are required for configuring the single-user server
|
||||||
|
env = self.get_env()
|
||||||
|
cmd = []
|
||||||
|
# get jupyterhub command to run,
|
||||||
|
# typically ['jupyterhub-singleuser']
|
||||||
|
cmd.extend(self.cmd)
|
||||||
|
cmd.extend(self.get_args())
|
||||||
|
|
||||||
|
yield self._actually_start_server_somehow(cmd, env)
|
||||||
return (self.ip, self.port)
|
return (self.ip, self.port)
|
||||||
```
|
```
|
||||||
|
|
||||||
@@ -165,14 +175,53 @@ When `Spawner.start` is called, this dictionary is accessible as `self.user_opti
|
|||||||
|
|
||||||
If you are interested in building a custom spawner, you can read [this tutorial](http://jupyterhub-tutorial.readthedocs.io/en/latest/spawners.html).
|
If you are interested in building a custom spawner, you can read [this tutorial](http://jupyterhub-tutorial.readthedocs.io/en/latest/spawners.html).
|
||||||
|
|
||||||
|
### Registering custom Spawners via entry points
|
||||||
|
|
||||||
|
As of JupyterHub 1.0, custom Spawners can register themselves via
|
||||||
|
the `jupyterhub.spawners` entry point metadata.
|
||||||
|
To do this, in your `setup.py` add:
|
||||||
|
|
||||||
|
```python
|
||||||
|
setup(
|
||||||
|
...
|
||||||
|
entry_points={
|
||||||
|
'jupyterhub.spawners': [
|
||||||
|
'myservice = mypackage:MySpawner',
|
||||||
|
],
|
||||||
|
},
|
||||||
|
)
|
||||||
|
```
|
||||||
|
|
||||||
|
If you have added this metadata to your package,
|
||||||
|
users can select your authenticator with the configuration:
|
||||||
|
|
||||||
|
```python
|
||||||
|
c.JupyterHub.spawner_class = 'myservice'
|
||||||
|
```
|
||||||
|
|
||||||
|
instead of the full
|
||||||
|
|
||||||
|
```python
|
||||||
|
c.JupyterHub.spawner_class = 'mypackage:MySpawner'
|
||||||
|
```
|
||||||
|
|
||||||
|
previously required.
|
||||||
|
Additionally, configurable attributes for your spawner will
|
||||||
|
appear in jupyterhub help output and auto-generated configuration files
|
||||||
|
via `jupyterhub --generate-config`.
|
||||||
|
|
||||||
|
|
||||||
## Spawners, resource limits, and guarantees (Optional)
|
## Spawners, resource limits, and guarantees (Optional)
|
||||||
|
|
||||||
Some spawners of the single-user notebook servers allow setting limits or
|
Some spawners of the single-user notebook servers allow setting limits or
|
||||||
guarantees on resources, such as CPU and memory. To provide a consistent
|
guarantees on resources, such as CPU and memory. To provide a consistent
|
||||||
experience for sysadmins and users, we provide a standard way to set and
|
experience for sysadmins and users, we provide a standard way to set and
|
||||||
discover these resource limits and guarantees, such as for memory and CPU. For
|
discover these resource limits and guarantees, such as for memory and CPU.
|
||||||
the limits and guarantees to be useful, the spawner must implement support for
|
For the limits and guarantees to be useful, **the spawner must implement
|
||||||
them.
|
support for them**. For example, LocalProcessSpawner, the default
|
||||||
|
spawner, does not support limits and guarantees. One of the spawners
|
||||||
|
that supports limits and guarantees is the `systemdspawner`.
|
||||||
|
|
||||||
|
|
||||||
### Memory Limits & Guarantees
|
### Memory Limits & Guarantees
|
||||||
|
|
||||||
@@ -184,14 +233,14 @@ allocate. Attempting to use more memory than this limit will cause errors. The
|
|||||||
single-user notebook server can discover its own memory limit by looking at
|
single-user notebook server can discover its own memory limit by looking at
|
||||||
the environment variable `MEM_LIMIT`, which is specified in absolute bytes.
|
the environment variable `MEM_LIMIT`, which is specified in absolute bytes.
|
||||||
|
|
||||||
`c.Spawner.mem_guarantee`: Sometimes, a **guarantee** of a *minumum amount of
|
`c.Spawner.mem_guarantee`: Sometimes, a **guarantee** of a *minimum amount of
|
||||||
memory* is desirable. In this case, you can set `c.Spawner.mem_guarantee` to
|
memory* is desirable. In this case, you can set `c.Spawner.mem_guarantee` to
|
||||||
to provide a guarantee that at minimum this much memory will always be
|
to provide a guarantee that at minimum this much memory will always be
|
||||||
available for the single-user notebook server to use. The environment variable
|
available for the single-user notebook server to use. The environment variable
|
||||||
`MEM_GUARANTEE` will also be set in the single-user notebook server.
|
`MEM_GUARANTEE` will also be set in the single-user notebook server.
|
||||||
|
|
||||||
The spawner's underlying system or cluster is responsible for enforcing these
|
**The spawner's underlying system or cluster is responsible for enforcing these
|
||||||
limits and providing these guarantees. If these values are set to `None`, no
|
limits and providing these guarantees.** If these values are set to `None`, no
|
||||||
limits or guarantees are provided, and no environment values are set.
|
limits or guarantees are provided, and no environment values are set.
|
||||||
|
|
||||||
### CPU Limits & Guarantees
|
### CPU Limits & Guarantees
|
||||||
@@ -208,6 +257,33 @@ higher priority applications might be taking up CPU.
|
|||||||
guarantee for CPU usage. The environment variable `CPU_GUARANTEE` will be set
|
guarantee for CPU usage. The environment variable `CPU_GUARANTEE` will be set
|
||||||
in the single-user notebook server when a guarantee is being provided.
|
in the single-user notebook server when a guarantee is being provided.
|
||||||
|
|
||||||
The spawner's underlying system or cluster is responsible for enforcing these
|
**The spawner's underlying system or cluster is responsible for enforcing these
|
||||||
limits and providing these guarantees. If these values are set to `None`, no
|
limits and providing these guarantees.** If these values are set to `None`, no
|
||||||
limits or guarantees are provided, and no environment values are set.
|
limits or guarantees are provided, and no environment values are set.
|
||||||
|
|
||||||
|
### Encryption
|
||||||
|
|
||||||
|
Communication between the `Proxy`, `Hub`, and `Notebook` can be secured by
|
||||||
|
turning on `internal_ssl` in `jupyterhub_config.py`. For a custom spawner to
|
||||||
|
utilize these certs, there are two methods of interest on the base `Spawner`
|
||||||
|
class: `.create_certs` and `.move_certs`.
|
||||||
|
|
||||||
|
The first method, `.create_certs` will sign a key-cert pair using an internally
|
||||||
|
trusted authority for notebooks. During this process, `.create_certs` can
|
||||||
|
apply `ip` and `dns` name information to the cert via an `alt_names` `kwarg`.
|
||||||
|
This is used for certificate authentication (verification). Without proper
|
||||||
|
verification, the `Notebook` will be unable to communicate with the `Hub` and
|
||||||
|
vice versa when `internal_ssl` is enabled. For example, given a deployment
|
||||||
|
using the `DockerSpawner` which will start containers with `ips` from the
|
||||||
|
`docker` subnet pool, the `DockerSpawner` would need to instead choose a
|
||||||
|
container `ip` prior to starting and pass that to `.create_certs` (TODO: edit).
|
||||||
|
|
||||||
|
In general though, this method will not need to be changed and the default
|
||||||
|
`ip`/`dns` (localhost) info will suffice.
|
||||||
|
|
||||||
|
When `.create_certs` is run, it will `.create_certs` in a default, central
|
||||||
|
location specified by `c.JupyterHub.internal_certs_location`. For `Spawners`
|
||||||
|
that need access to these certs elsewhere (i.e. on another host altogether),
|
||||||
|
the `.move_certs` method can be overridden to move the certs appropriately.
|
||||||
|
Again, using `DockerSpawner` as an example, this would entail moving certs
|
||||||
|
to a directory that will get mounted into the container this spawner starts.
|
||||||
|
@@ -28,7 +28,7 @@ by the `jupyterhub` command line program:
|
|||||||
- **Single-User Notebook Server** (Python/Tornado): a dedicated,
|
- **Single-User Notebook Server** (Python/Tornado): a dedicated,
|
||||||
single-user, Jupyter Notebook server is started for each user on the system
|
single-user, Jupyter Notebook server is started for each user on the system
|
||||||
when the user logs in. The object that starts the single-user notebook
|
when the user logs in. The object that starts the single-user notebook
|
||||||
servers is called a **Spawner**.
|
servers is called a **Spawner**.
|
||||||
|
|
||||||

|

|
||||||
|
|
||||||
@@ -49,14 +49,14 @@ The proxy is the only process that listens on a public interface. The Hub sits
|
|||||||
behind the proxy at `/hub`. Single-user servers sit behind the proxy at
|
behind the proxy at `/hub`. Single-user servers sit behind the proxy at
|
||||||
`/user/[username]`.
|
`/user/[username]`.
|
||||||
|
|
||||||
Different **[authenticators](./authenticators.html)** control access
|
Different **[authenticators](./authenticators.md)** control access
|
||||||
to JupyterHub. The default one (PAM) uses the user accounts on the server where
|
to JupyterHub. The default one (PAM) uses the user accounts on the server where
|
||||||
JupyterHub is running. If you use this, you will need to create a user account
|
JupyterHub is running. If you use this, you will need to create a user account
|
||||||
on the system for each user on your team. Using other authenticators, you can
|
on the system for each user on your team. Using other authenticators, you can
|
||||||
allow users to sign in with e.g. a GitHub account, or with any single-sign-on
|
allow users to sign in with e.g. a GitHub account, or with any single-sign-on
|
||||||
system your organization has.
|
system your organization has.
|
||||||
|
|
||||||
Next, **[spawners](./spawners.html)** control how JupyterHub starts
|
Next, **[spawners](./spawners.md)** control how JupyterHub starts
|
||||||
the individual notebook server for each user. The default spawner will
|
the individual notebook server for each user. The default spawner will
|
||||||
start a notebook server on the same machine running under their system username.
|
start a notebook server on the same machine running under their system username.
|
||||||
The other main option is to start each server in a separate container, often
|
The other main option is to start each server in a separate container, often
|
||||||
@@ -66,10 +66,10 @@ using Docker.
|
|||||||
|
|
||||||
When a user accesses JupyterHub, the following events take place:
|
When a user accesses JupyterHub, the following events take place:
|
||||||
|
|
||||||
- Login data is handed to the [Authenticator](./authenticators.html) instance for
|
- Login data is handed to the [Authenticator](./authenticators.md) instance for
|
||||||
validation
|
validation
|
||||||
- The Authenticator returns the username if the login information is valid
|
- The Authenticator returns the username if the login information is valid
|
||||||
- A single-user notebook server instance is [spawned](./spawners.html) for the
|
- A single-user notebook server instance is [spawned](./spawners.md) for the
|
||||||
logged-in user
|
logged-in user
|
||||||
- When the single-user notebook server starts, the proxy is notified to forward
|
- When the single-user notebook server starts, the proxy is notified to forward
|
||||||
requests to `/user/[username]/*` to the single-user notebook server.
|
requests to `/user/[username]/*` to the single-user notebook server.
|
||||||
@@ -111,7 +111,7 @@ working directory:
|
|||||||
This file needs to persist so that a **Hub** server restart will avoid
|
This file needs to persist so that a **Hub** server restart will avoid
|
||||||
invalidating cookies. Conversely, deleting this file and restarting the server
|
invalidating cookies. Conversely, deleting this file and restarting the server
|
||||||
effectively invalidates all login cookies. The cookie secret file is discussed
|
effectively invalidates all login cookies. The cookie secret file is discussed
|
||||||
in the [Cookie Secret section of the Security Settings document](../getting-started/security-basics.html).
|
in the [Cookie Secret section of the Security Settings document](../getting-started/security-basics.md).
|
||||||
|
|
||||||
The location of these files can be specified via configuration settings. It is
|
The location of these files can be specified via configuration settings. It is
|
||||||
recommended that these files be stored in standard UNIX filesystem locations,
|
recommended that these files be stored in standard UNIX filesystem locations,
|
||||||
@@ -122,9 +122,9 @@ all security and runtime files.
|
|||||||
|
|
||||||
There are two basic extension points for JupyterHub:
|
There are two basic extension points for JupyterHub:
|
||||||
|
|
||||||
- How users are authenticated by [Authenticators](./authenticators.html)
|
- How users are authenticated by [Authenticators](./authenticators.md)
|
||||||
- How user's single-user notebook server processes are started by
|
- How user's single-user notebook server processes are started by
|
||||||
[Spawners](./spawners.html)
|
[Spawners](./spawners.md)
|
||||||
|
|
||||||
Each is governed by a customizable class, and JupyterHub ships with basic
|
Each is governed by a customizable class, and JupyterHub ships with basic
|
||||||
defaults for each.
|
defaults for each.
|
||||||
|
93
docs/source/reference/templates.md
Normal file
@@ -0,0 +1,93 @@
|
|||||||
|
# Working with templates and UI
|
||||||
|
|
||||||
|
The pages of the JupyterHub application are generated from
|
||||||
|
[Jinja](http://jinja.pocoo.org/) templates. These allow the header, for
|
||||||
|
example, to be defined once and incorporated into all pages. By providing
|
||||||
|
your own templates, you can have complete control over JupyterHub's
|
||||||
|
appearance.
|
||||||
|
|
||||||
|
## Custom Templates
|
||||||
|
|
||||||
|
JupyterHub will look for custom templates in all of the paths in the
|
||||||
|
`JupyterHub.template_paths` configuration option, falling back on the
|
||||||
|
[default templates](https://github.com/jupyterhub/jupyterhub/tree/master/share/jupyterhub/templates)
|
||||||
|
if no custom template with that name is found. This fallback
|
||||||
|
behavior is new in version 0.9; previous versions searched only those paths
|
||||||
|
explicitly included in `template_paths`. You may override as many
|
||||||
|
or as few templates as you desire.
|
||||||
|
|
||||||
|
## Extending Templates
|
||||||
|
|
||||||
|
Jinja provides a mechanism to [extend templates](http://jinja.pocoo.org/docs/2.10/templates/#template-inheritance).
|
||||||
|
A base template can define a `block`, and child templates can replace or
|
||||||
|
supplement the material in the block. The
|
||||||
|
[JupyterHub templates](https://github.com/jupyterhub/jupyterhub/tree/master/share/jupyterhub/templates)
|
||||||
|
make extensive use of blocks, which allows you to customize parts of the
|
||||||
|
interface easily.
|
||||||
|
|
||||||
|
In general, a child template can extend a base template, `page.html`, by beginning with:
|
||||||
|
|
||||||
|
```html
|
||||||
|
{% extends "page.html" %}
|
||||||
|
```
|
||||||
|
|
||||||
|
This works, unless you are trying to extend the default template for the same
|
||||||
|
file name. Starting in version 0.9, you may refer to the base file with a
|
||||||
|
`templates/` prefix. Thus, if you are writing a custom `page.html`, start the
|
||||||
|
file with this block:
|
||||||
|
|
||||||
|
```html
|
||||||
|
{% extends "templates/page.html" %}
|
||||||
|
```
|
||||||
|
|
||||||
|
By defining `block`s with same name as in the base template, child templates
|
||||||
|
can replace those sections with custom content. The content from the base
|
||||||
|
template can be included with the `{{ super() }}` directive.
|
||||||
|
|
||||||
|
### Example
|
||||||
|
|
||||||
|
To add an additional message to the spawn-pending page, below the existing
|
||||||
|
text about the server starting up, place this content in a file named
|
||||||
|
`spawn_pending.html` in a directory included in the
|
||||||
|
`JupyterHub.template_paths` configuration option.
|
||||||
|
|
||||||
|
```html
|
||||||
|
{% extends "templates/spawn_pending.html" %}
|
||||||
|
|
||||||
|
{% block message %}
|
||||||
|
{{ super() }}
|
||||||
|
<p>Patience is a virtue.</p>
|
||||||
|
{% endblock %}
|
||||||
|
```
|
||||||
|
|
||||||
|
## Page Announcements
|
||||||
|
|
||||||
|
To add announcements to be displayed on a page, you have two options:
|
||||||
|
|
||||||
|
- Extend the page templates as described above
|
||||||
|
- Use configuration variables
|
||||||
|
|
||||||
|
### Announcement Configuration Variables
|
||||||
|
|
||||||
|
If you set the configuration variable `JupyterHub.template_vars =
|
||||||
|
{'announcement': 'some_text}`, the given `some_text` will be placed on
|
||||||
|
the top of all pages. The more specific variables
|
||||||
|
`announcement_login`, `announcement_spawn`, `announcement_home`, and
|
||||||
|
`announcement_logout` are more specific and only show on their
|
||||||
|
respective pages (overriding the global `announcement` variable).
|
||||||
|
Note that changing these variables require a restart, unlike direct
|
||||||
|
template extension.
|
||||||
|
|
||||||
|
You can get the same effect by extending templates, which allows you
|
||||||
|
to update the messages without restarting. Set
|
||||||
|
`c.JupyterHub.template_paths` as mentioned above, and then create a
|
||||||
|
template (for example, `login.html`) with:
|
||||||
|
|
||||||
|
```html
|
||||||
|
{% extends "templates/login.html" %}
|
||||||
|
{% set announcement = 'some message' %}
|
||||||
|
```
|
||||||
|
|
||||||
|
Extending `page.html` puts the message on all pages, but note that
|
||||||
|
extending `page.html` take precedence over an extension of a specific
|
||||||
|
page (unlike the variable-based approach above).
|
@@ -1,106 +0,0 @@
|
|||||||
# Upgrading JupyterHub and its database
|
|
||||||
|
|
||||||
From time to time, you may wish to upgrade JupyterHub to take advantage
|
|
||||||
of new releases. Much of this process is automated using scripts,
|
|
||||||
such as those generated by alembic for database upgrades. Before upgrading a
|
|
||||||
JupyterHub deployment, it's critical to backup your data and configurations
|
|
||||||
before shutting down the JupyterHub process and server.
|
|
||||||
|
|
||||||
## Databases: SQLite (default) or RDBMS (PostgreSQL, MySQL)
|
|
||||||
|
|
||||||
The default database for JupyterHub is a [SQLite](https://sqlite.org) database.
|
|
||||||
We have chosen SQLite as JupyterHub's default for its lightweight simplicity
|
|
||||||
in certain uses such as testing, small deployments and workshops.
|
|
||||||
|
|
||||||
When running a long term deployment or a production system, we recommend using
|
|
||||||
a traditional RDBMS database, such as [PostgreSQL](https://www.postgresql.org)
|
|
||||||
or [MySQL](https://www.mysql.com), that supports the SQL `ALTER TABLE`
|
|
||||||
statement.
|
|
||||||
|
|
||||||
For production systems, SQLite has some disadvantages when used with JupyterHub:
|
|
||||||
|
|
||||||
- `upgrade-db` may not work, and you may need to start with a fresh database
|
|
||||||
- `downgrade-db` **will not** work if you want to rollback to an earlier
|
|
||||||
version, so backup the `jupyterhub.sqlite` file before upgrading
|
|
||||||
|
|
||||||
The sqlite documentation provides a helpful page about [when to use sqlite and
|
|
||||||
where traditional RDBMS may be a better choice](https://sqlite.org/whentouse.html).
|
|
||||||
|
|
||||||
## The upgrade process
|
|
||||||
|
|
||||||
Five fundamental process steps are needed when upgrading JupyterHub and its
|
|
||||||
database:
|
|
||||||
|
|
||||||
1. Backup JupyterHub database
|
|
||||||
2. Backup JupyterHub configuration file
|
|
||||||
3. Shutdown the Hub
|
|
||||||
4. Upgrade JupyterHub
|
|
||||||
5. Upgrade the database using run `jupyterhub upgrade-db`
|
|
||||||
|
|
||||||
Let's take a closer look at each step in the upgrade process as well as some
|
|
||||||
additional information about JupyterHub databases.
|
|
||||||
|
|
||||||
### Backup JupyterHub database
|
|
||||||
|
|
||||||
To prevent unintended loss of data or configuration information, you should
|
|
||||||
back up the JupyterHub database (the default SQLite database or a RDBMS
|
|
||||||
database using PostgreSQL, MySQL, or others supported by SQLAlchemy):
|
|
||||||
|
|
||||||
- If using the default SQLite database, back up the `jupyterhub.sqlite`
|
|
||||||
database.
|
|
||||||
- If using an RDBMS database such as PostgreSQL, MySQL, or other supported by
|
|
||||||
SQLAlchemy, back up the JupyterHub database.
|
|
||||||
|
|
||||||
Losing the Hub database is often not a big deal. Information that resides only
|
|
||||||
in the Hub database includes:
|
|
||||||
|
|
||||||
- active login tokens (user cookies, service tokens)
|
|
||||||
- users added via GitHub UI, instead of config files
|
|
||||||
- info about running servers
|
|
||||||
|
|
||||||
If the following conditions are true, you should be fine clearing the Hub
|
|
||||||
database and starting over:
|
|
||||||
|
|
||||||
- users specified in config file
|
|
||||||
- user servers are stopped during upgrade
|
|
||||||
- don't mind causing users to login again after upgrade
|
|
||||||
|
|
||||||
### Backup JupyterHub configuration file
|
|
||||||
|
|
||||||
Additionally, backing up your configuration file, `jupyterhub_config.py`, to
|
|
||||||
a secure location.
|
|
||||||
|
|
||||||
### Shutdown JupyterHub
|
|
||||||
|
|
||||||
Prior to shutting down JupyterHub, you should notify the Hub users of the
|
|
||||||
scheduled downtime. This gives users the opportunity to finish any outstanding
|
|
||||||
work in process.
|
|
||||||
|
|
||||||
Next, shutdown the JupyterHub service.
|
|
||||||
|
|
||||||
### Upgrade JupyterHub
|
|
||||||
|
|
||||||
Follow directions that correspond to your package manager, `pip` or `conda`,
|
|
||||||
for the new JupyterHub release. These directions will guide you to the
|
|
||||||
specific command. In general, `pip install -U jupyterhub` or
|
|
||||||
`conda upgrade jupyterhub`
|
|
||||||
|
|
||||||
### Upgrade JupyterHub databases
|
|
||||||
|
|
||||||
To run the upgrade process for JupyterHub databases, enter:
|
|
||||||
|
|
||||||
```
|
|
||||||
jupyterhub upgrade-db
|
|
||||||
```
|
|
||||||
|
|
||||||
## Upgrade checklist
|
|
||||||
|
|
||||||
1. Backup JupyterHub database:
|
|
||||||
- `jupyterhub.sqlite` when using the default sqlite database
|
|
||||||
- Your JupyterHub database when using an RDBMS
|
|
||||||
2. Backup JupyterHub configuration file: `jupyterhub_config.py`
|
|
||||||
3. Shutdown the Hub
|
|
||||||
4. Upgrade JupyterHub
|
|
||||||
- `pip install -U jupyterhub` when using `pip`
|
|
||||||
- `conda upgrade jupyterhub` when using `conda`
|
|
||||||
5. Upgrade the database using run `jupyterhub upgrade-db`
|
|
255
docs/source/reference/urls.md
Normal file
@@ -0,0 +1,255 @@
|
|||||||
|
# JupyterHub URL scheme
|
||||||
|
|
||||||
|
This document describes how JupyterHub routes requests.
|
||||||
|
|
||||||
|
This does not include the [REST API](./rest.md) urls.
|
||||||
|
|
||||||
|
In general, all URLs can be prefixed with `c.JupyterHub.base_url` to
|
||||||
|
run the whole JupyterHub application on a prefix.
|
||||||
|
|
||||||
|
All authenticated handlers redirect to `/hub/login` to login users
|
||||||
|
prior to being redirected back to the originating page.
|
||||||
|
The returned request should preserve all query parameters.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## `/`
|
||||||
|
|
||||||
|
The top-level request is always a simple redirect to `/hub/`,
|
||||||
|
to be handled by the default JupyterHub handler.
|
||||||
|
|
||||||
|
In general, all requests to `/anything` that do not start with `/hub/`
|
||||||
|
but are routed to the Hub, will be redirected to `/hub/anything` before being handled by the Hub.
|
||||||
|
|
||||||
|
## `/hub/`
|
||||||
|
|
||||||
|
This is an authenticated URL.
|
||||||
|
|
||||||
|
This handler redirects users to the default URL of the application,
|
||||||
|
which defaults to the user's default server.
|
||||||
|
That is, it redirects to `/hub/spawn` if the user's server is not running,
|
||||||
|
or the server itself (`/user/:name`) if the server is running.
|
||||||
|
|
||||||
|
This default url behavior can be customized in two ways:
|
||||||
|
|
||||||
|
To redirect users to the JupyterHub home page (`/hub/home`)
|
||||||
|
instead of spawning their server,
|
||||||
|
set `redirect_to_server` to False:
|
||||||
|
|
||||||
|
```python
|
||||||
|
c.JupyterHub.redirect_to_server = False
|
||||||
|
```
|
||||||
|
|
||||||
|
This might be useful if you have a Hub where you expect
|
||||||
|
users to be managing multiple server configurations
|
||||||
|
and automatic spawning is not desirable.
|
||||||
|
|
||||||
|
Second, you can customise the landing page to any page you like,
|
||||||
|
such as a custom service you have deployed e.g. with course information:
|
||||||
|
|
||||||
|
```python
|
||||||
|
c.JupyterHub.default_url = '/services/my-landing-service'
|
||||||
|
```
|
||||||
|
|
||||||
|
## `/hub/home`
|
||||||
|
|
||||||
|

|
||||||
|
|
||||||
|
By default, the Hub home page has just one or two buttons
|
||||||
|
for starting and stopping the user's server.
|
||||||
|
|
||||||
|
If named servers are enabled, there will be some additional
|
||||||
|
tools for management of named servers.
|
||||||
|
|
||||||
|
*Version added: 1.0* named server UI is new in 1.0.
|
||||||
|
|
||||||
|
## `/hub/login`
|
||||||
|
|
||||||
|
This is the JupyterHub login page.
|
||||||
|
If you have a form-based username+password login,
|
||||||
|
such as the default PAMAuthenticator,
|
||||||
|
this page will render the login form.
|
||||||
|
|
||||||
|

|
||||||
|
|
||||||
|
If login is handled by an external service,
|
||||||
|
e.g. with OAuth, this page will have a button,
|
||||||
|
declaring "Login with ..." which users can click
|
||||||
|
to login with the chosen service.
|
||||||
|
|
||||||
|

|
||||||
|
|
||||||
|
If you want to skip the user-interaction to initiate logging in
|
||||||
|
via the button, you can set
|
||||||
|
|
||||||
|
```python
|
||||||
|
c.Authenticator.auto_login = True
|
||||||
|
```
|
||||||
|
|
||||||
|
This can be useful when the user is "already logged in" via some mechanism,
|
||||||
|
but a handshake via redirects is necessary to complete the authentication with JupyterHub.
|
||||||
|
|
||||||
|
## `/hub/logout`
|
||||||
|
|
||||||
|
Visiting `/hub/logout` clears cookies from the current browser.
|
||||||
|
Note that **logging out does not stop a user's server(s)** by default.
|
||||||
|
|
||||||
|
If you would like to shutdown user servers on logout,
|
||||||
|
you can enable this behavior with:
|
||||||
|
|
||||||
|
```python
|
||||||
|
c.JupyterHub.shutdown_on_logout = True
|
||||||
|
```
|
||||||
|
|
||||||
|
Be careful with this setting because logging out one browser
|
||||||
|
does not mean the user is no longer actively using their server from another machine.
|
||||||
|
|
||||||
|
## `/user/:username[/:servername]`
|
||||||
|
|
||||||
|
If a user's server is running, this URL is handled by the user's given server,
|
||||||
|
not the Hub.
|
||||||
|
The username is the first part and, if using named servers,
|
||||||
|
the server name is the second part.
|
||||||
|
|
||||||
|
If the user's server is *not* running, this will be redirected to `/hub/user/:username/...`
|
||||||
|
|
||||||
|
## `/hub/user/:username[/:servername]`
|
||||||
|
|
||||||
|
This URL indicates a request for a user server that is not running
|
||||||
|
(because `/user/...` would have been handled by the notebook server
|
||||||
|
if the specified server were running).
|
||||||
|
|
||||||
|
Handling this URL is the most complicated condition in JupyterHub,
|
||||||
|
because there can be many states:
|
||||||
|
|
||||||
|
1. server is not active
|
||||||
|
a. user matches
|
||||||
|
b. user doesn't match
|
||||||
|
2. server is ready
|
||||||
|
3. server is pending, but not ready
|
||||||
|
|
||||||
|
If the server is pending spawn,
|
||||||
|
the browser will be redirected to `/hub/spawn-pending/:username/:servername`
|
||||||
|
to see a progress page while waiting for the server to be ready.
|
||||||
|
|
||||||
|
If the server is not active at all,
|
||||||
|
a page will be served with a link to `/hub/spawn/:username/:servername`.
|
||||||
|
Following that link will launch the requested server.
|
||||||
|
The HTTP status will be 503 in this case because a request has been made for a server that is not running.
|
||||||
|
|
||||||
|
If the server is ready, it is assumed that the proxy has not yet registered the route.
|
||||||
|
Some checks are performed and a delay is added before redirecting back to `/user/:username/:servername/...`.
|
||||||
|
If something is really wrong, this can result in a redirect loop.
|
||||||
|
|
||||||
|
Visiting this page will never result in triggering the spawn of servers
|
||||||
|
without additional user action (i.e. clicking the link on the page)
|
||||||
|
|
||||||
|

|
||||||
|
|
||||||
|
*Version changed: 1.0*
|
||||||
|
|
||||||
|
Prior to 1.0, this URL itself was responsible for spawning servers,
|
||||||
|
and served the progress page if it was pending,
|
||||||
|
redirected to running servers, and
|
||||||
|
This was useful because it made sure that requested servers were restarted after they stopped,
|
||||||
|
but could also be harmful because unused servers would continuously be restarted if e.g.
|
||||||
|
an idle JupyterLab frontend were open pointed at it,
|
||||||
|
which constantly makes polling requests.
|
||||||
|
|
||||||
|
### Special handling of API requests
|
||||||
|
|
||||||
|
Requests to `/user/:username[/:servername]/api/...` are assumed to be
|
||||||
|
from applications connected to stopped servers.
|
||||||
|
These are failed with 503 and an informative JSON error message
|
||||||
|
indicating how to spawn the server.
|
||||||
|
This is meant to help applications such as JupyterLab
|
||||||
|
that are connected to a server that has stopped.
|
||||||
|
|
||||||
|
*Version changed: 1.0*
|
||||||
|
|
||||||
|
JupyterHub 0.9 failed these API requests with status 404,
|
||||||
|
but 1.0 uses 503.
|
||||||
|
|
||||||
|
## `/user-redirect/...`
|
||||||
|
|
||||||
|
This URL is for sharing a URL that will redirect a user
|
||||||
|
to a path on their own default server.
|
||||||
|
This is useful when users have the same file at the same URL on their servers,
|
||||||
|
and you want a single link to give to any user that will open that file on their server.
|
||||||
|
|
||||||
|
e.g. a link to `/user-redirect/notebooks/Index.ipynb`
|
||||||
|
will send user `hortense` to `/user/hortense/notebooks/Index.ipynb`
|
||||||
|
|
||||||
|
**DO NOT** share links to your own server with other users.
|
||||||
|
This will not work in general,
|
||||||
|
unless you grant those users access to your server.
|
||||||
|
|
||||||
|
**Contributions welcome:** The JupyterLab "shareable link" should share this link
|
||||||
|
when run with JupyterHub, but it does not.
|
||||||
|
See [jupyterlab-hub](https://github.com/jupyterhub/jupyterlab-hub)
|
||||||
|
where this should probably be done and
|
||||||
|
[this issue in JupyterLab](https://github.com/jupyterlab/jupyterlab/issues/5388)
|
||||||
|
that is intended to make it possible.
|
||||||
|
|
||||||
|
## Spawning
|
||||||
|
|
||||||
|
### `/hub/spawn[/:username[/:servername]]`
|
||||||
|
|
||||||
|
Requesting `/hub/spawn` will spawn the default server for the current user.
|
||||||
|
If `username` and optionally `servername` are specified,
|
||||||
|
then the specified server for the specified user will be spawned.
|
||||||
|
Once spawn has been requested,
|
||||||
|
the browser is redirected to `/hub/spawn-pending/...`.
|
||||||
|
|
||||||
|
If `Spawner.options_form` is used,
|
||||||
|
this will render a form,
|
||||||
|
and a POST request will trigger the actual spawn and redirect.
|
||||||
|
|
||||||
|

|
||||||
|
|
||||||
|
*Version added: 1.0*
|
||||||
|
|
||||||
|
1.0 adds the ability to specify username and servername.
|
||||||
|
Prior to 1.0, only `/hub/spawn` was recognized for the default server.
|
||||||
|
|
||||||
|
*Version changed: 1.0*
|
||||||
|
|
||||||
|
Prior to 1.0, this page redirected back to `/hub/user/:username`,
|
||||||
|
which was responsible for triggering spawn and rendering progress, etc.
|
||||||
|
|
||||||
|
### `/hub/spawn-pending[/:username[/:servername]]`
|
||||||
|
|
||||||
|

|
||||||
|
|
||||||
|
*Version added: 1.0* this URL is new in JupyterHub 1.0.
|
||||||
|
|
||||||
|
This page renders the progress view for the given spawn request.
|
||||||
|
Once the server is ready,
|
||||||
|
the browser is redirected to the running server at `/user/:username/:servername/...`.
|
||||||
|
|
||||||
|
If this page is requested at any time after the specified server is ready,
|
||||||
|
the browser will be redirected to the running server.
|
||||||
|
|
||||||
|
Requesting this page will never trigger any side effects.
|
||||||
|
If the server is not running (e.g. because the spawn has failed),
|
||||||
|
the spawn failure message (if applicable) will be displayed,
|
||||||
|
and the page will show a link back to `/hub/spawn/...`.
|
||||||
|
|
||||||
|
## `/hub/token`
|
||||||
|
|
||||||
|

|
||||||
|
|
||||||
|
On this page, users can manage their JupyterHub API tokens.
|
||||||
|
They can revoke access and request new tokens for writing scripts
|
||||||
|
against the [JupyterHub REST API](./rest.md).
|
||||||
|
|
||||||
|
## `/hub/admin`
|
||||||
|
|
||||||
|

|
||||||
|
|
||||||
|
Administrators can take various administrative actions from this page:
|
||||||
|
|
||||||
|
1. add/remove users
|
||||||
|
2. grant admin privileges
|
||||||
|
3. start/stop user servers
|
||||||
|
4. shutdown JupyterHub itself
|
@@ -99,6 +99,23 @@ single-user server, and not the environment(s) in which the user's kernel(s)
|
|||||||
may run. Installing additional packages in the kernel environment does not
|
may run. Installing additional packages in the kernel environment does not
|
||||||
pose additional risk to the web application's security.
|
pose additional risk to the web application's security.
|
||||||
|
|
||||||
|
### Encrypt internal connections with SSL/TLS
|
||||||
|
|
||||||
|
By default, all communication on the server, between the proxy, hub, and single
|
||||||
|
-user notebooks is performed unencrypted. Setting the `internal_ssl` flag in
|
||||||
|
`jupyterhub_config.py` secures the aforementioned routes. Turning this
|
||||||
|
feature on does require that the enabled `Spawner` can use the certificates
|
||||||
|
generated by the `Hub` (the default `LocalProcessSpawner` can, for instance).
|
||||||
|
|
||||||
|
It is also important to note that this encryption **does not** (yet) cover the
|
||||||
|
`zmq tcp` sockets between the Notebook client and kernel. While users cannot
|
||||||
|
submit arbitrary commands to another user's kernel, they can bind to these
|
||||||
|
sockets and listen. When serving untrusted users, this eavesdropping can be
|
||||||
|
mitigated by setting `KernelManager.transport` to `ipc`. This applies standard
|
||||||
|
Unix permissions to the communication sockets thereby restricting
|
||||||
|
communication to the socket owner. The `internal_ssl` option will eventually
|
||||||
|
extend to securing the `tcp` sockets as well.
|
||||||
|
|
||||||
## Security audits
|
## Security audits
|
||||||
|
|
||||||
We recommend that you do periodic reviews of your deployment's security. It's
|
We recommend that you do periodic reviews of your deployment's security. It's
|
||||||
|
@@ -166,7 +166,7 @@ startup
|
|||||||
statsd
|
statsd
|
||||||
stdin
|
stdin
|
||||||
stdout
|
stdout
|
||||||
stoppped
|
stopped
|
||||||
subclasses
|
subclasses
|
||||||
subcommand
|
subcommand
|
||||||
subdomain
|
subdomain
|
||||||
@@ -210,4 +210,4 @@ Wildcards
|
|||||||
willingc
|
willingc
|
||||||
wordlist
|
wordlist
|
||||||
Workflow
|
Workflow
|
||||||
workflow
|
workflow
|
||||||
|
@@ -9,6 +9,7 @@ problem and how to resolve it.
|
|||||||
- sudospawner fails to run
|
- sudospawner fails to run
|
||||||
- What is the default behavior when none of the lists (admin, whitelist,
|
- What is the default behavior when none of the lists (admin, whitelist,
|
||||||
group whitelist) are set?
|
group whitelist) are set?
|
||||||
|
- JupyterHub Docker container not accessible at localhost
|
||||||
|
|
||||||
[*Errors*](#errors)
|
[*Errors*](#errors)
|
||||||
- 500 error after spawning my single-user server
|
- 500 error after spawning my single-user server
|
||||||
@@ -63,6 +64,17 @@ this to a particular set of users, and the admin_users lets you specify who
|
|||||||
among them may use the admin interface (not necessary, unless you need to do
|
among them may use the admin interface (not necessary, unless you need to do
|
||||||
things like inspect other users' servers, or modify the userlist at runtime).
|
things like inspect other users' servers, or modify the userlist at runtime).
|
||||||
|
|
||||||
|
### JupyterHub Docker container not accessible at localhost
|
||||||
|
|
||||||
|
Even though the command to start your Docker container exposes port 8000
|
||||||
|
(`docker run -p 8000:8000 -d --name jupyterhub jupyterhub/jupyterhub jupyterhub`),
|
||||||
|
it is possible that the IP address itself is not accessible/visible. As a result
|
||||||
|
when you try http://localhost:8000 in your browser, you are unable to connect
|
||||||
|
even though the container is running properly. One workaround is to explicitly
|
||||||
|
tell Jupyterhub to start at `0.0.0.0` which is visible to everyone. Try this
|
||||||
|
command:
|
||||||
|
`docker run -p 8000:8000 -d --name jupyterhub jupyterhub/jupyterhub jupyterhub --ip 0.0.0.0 --port 8000`
|
||||||
|
|
||||||
|
|
||||||
## Errors
|
## Errors
|
||||||
|
|
||||||
@@ -89,7 +101,7 @@ check if the cookie corresponds to the right user. This request is logged.
|
|||||||
If everything is working, the response logged will be similar to this:
|
If everything is working, the response logged will be similar to this:
|
||||||
|
|
||||||
```
|
```
|
||||||
200 GET /hub/api/authorizations/cookie/jupyter-hub-token-name/[secret] (@10.0.1.4) 6.10ms
|
200 GET /hub/api/authorizations/cookie/jupyterhub-token-name/[secret] (@10.0.1.4) 6.10ms
|
||||||
```
|
```
|
||||||
|
|
||||||
You should see a similar 200 message, as above, in the Hub log when you first
|
You should see a similar 200 message, as above, in the Hub log when you first
|
||||||
@@ -99,7 +111,7 @@ may mean that your single-user notebook server isn't connecting to your Hub.
|
|||||||
If you see 403 (forbidden) like this, it's a token problem:
|
If you see 403 (forbidden) like this, it's a token problem:
|
||||||
|
|
||||||
```
|
```
|
||||||
403 GET /hub/api/authorizations/cookie/jupyter-hub-token-name/[secret] (@10.0.1.4) 4.14ms
|
403 GET /hub/api/authorizations/cookie/jupyterhub-token-name/[secret] (@10.0.1.4) 4.14ms
|
||||||
```
|
```
|
||||||
|
|
||||||
Check the logs of the single-user notebook server, which may have more detailed
|
Check the logs of the single-user notebook server, which may have more detailed
|
||||||
@@ -192,7 +204,7 @@ from there instead of the internet.
|
|||||||
For instance, you can install JupyterHub with pip and configurable-http-proxy
|
For instance, you can install JupyterHub with pip and configurable-http-proxy
|
||||||
with npmbox:
|
with npmbox:
|
||||||
|
|
||||||
pip wheel jupyterhub
|
python3 -m pip wheel jupyterhub
|
||||||
npmbox configurable-http-proxy
|
npmbox configurable-http-proxy
|
||||||
|
|
||||||
### I want access to the whole filesystem, but still default users to their home directory
|
### I want access to the whole filesystem, but still default users to their home directory
|
||||||
@@ -224,7 +236,7 @@ then you can change the default URL to `/lab`.
|
|||||||
|
|
||||||
For instance:
|
For instance:
|
||||||
|
|
||||||
pip install jupyterlab
|
python3 -m pip install jupyterlab
|
||||||
jupyter serverextension enable --py jupyterlab --sys-prefix
|
jupyter serverextension enable --py jupyterlab --sys-prefix
|
||||||
|
|
||||||
The important thing is that jupyterlab is installed and enabled in the
|
The important thing is that jupyterlab is installed and enabled in the
|
||||||
|
@@ -1,14 +0,0 @@
|
|||||||
Tutorials
|
|
||||||
=========
|
|
||||||
|
|
||||||
This section provides links to documentation that helps a user do a specific
|
|
||||||
task.
|
|
||||||
|
|
||||||
* :doc:`upgrade-dot-eight`
|
|
||||||
* `Zero to JupyterHub with Kubernetes <https://zero-to-jupyterhub.readthedocs.io/en/latest/>`_
|
|
||||||
|
|
||||||
.. toctree::
|
|
||||||
:maxdepth: 1
|
|
||||||
:hidden:
|
|
||||||
|
|
||||||
upgrade-dot-eight
|
|
@@ -1,93 +0,0 @@
|
|||||||
.. upgrade-dot-eight:
|
|
||||||
|
|
||||||
Upgrading to JupyterHub version 0.8
|
|
||||||
===================================
|
|
||||||
|
|
||||||
This document will assist you in upgrading an existing JupyterHub deployment
|
|
||||||
from version 0.7 to version 0.8.
|
|
||||||
|
|
||||||
Upgrade checklist
|
|
||||||
-----------------
|
|
||||||
|
|
||||||
0. Review the release notes. Review any deprecated features and pay attention
|
|
||||||
to any backwards incompatible changes
|
|
||||||
1. Backup JupyterHub database:
|
|
||||||
- ``jupyterhub.sqlite`` when using the default sqlite database
|
|
||||||
- Your JupyterHub database when using an RDBMS
|
|
||||||
2. Backup the existing JupyterHub configuration file: ``jupyterhub_config.py``
|
|
||||||
3. Shutdown the Hub
|
|
||||||
4. Upgrade JupyterHub
|
|
||||||
- ``pip install -U jupyterhub`` when using ``pip``
|
|
||||||
- ``conda upgrade jupyterhub`` when using ``conda``
|
|
||||||
5. Upgrade the database using run ```jupyterhub upgrade-db``
|
|
||||||
6. Update the JupyterHub configuration file ``jupyterhub_config.py``
|
|
||||||
|
|
||||||
Backup JupyterHub database
|
|
||||||
--------------------------
|
|
||||||
|
|
||||||
To prevent unintended loss of data or configuration information, you should
|
|
||||||
back up the JupyterHub database (the default SQLite database or a RDBMS
|
|
||||||
database using PostgreSQL, MySQL, or others supported by SQLAlchemy):
|
|
||||||
|
|
||||||
- If using the default SQLite database, back up the ``jupyterhub.sqlite``
|
|
||||||
database.
|
|
||||||
- If using an RDBMS database such as PostgreSQL, MySQL, or other supported by
|
|
||||||
SQLAlchemy, back up the JupyterHub database.
|
|
||||||
|
|
||||||
.. note::
|
|
||||||
|
|
||||||
Losing the Hub database is often not a big deal. Information that resides only
|
|
||||||
in the Hub database includes:
|
|
||||||
|
|
||||||
- active login tokens (user cookies, service tokens)
|
|
||||||
- users added via GitHub UI, instead of config files
|
|
||||||
- info about running servers
|
|
||||||
|
|
||||||
If the following conditions are true, you should be fine clearing the Hub
|
|
||||||
database and starting over:
|
|
||||||
|
|
||||||
- users specified in config file
|
|
||||||
- user servers are stopped during upgrade
|
|
||||||
- don't mind causing users to login again after upgrade
|
|
||||||
|
|
||||||
Backup JupyterHub configuration file
|
|
||||||
------------------------------------
|
|
||||||
|
|
||||||
Backup up your configuration file, ``jupyterhub_config.py``, to a secure
|
|
||||||
location.
|
|
||||||
|
|
||||||
Shutdown JupyterHub
|
|
||||||
-------------------
|
|
||||||
|
|
||||||
- Prior to shutting down JupyterHub, you should notify the Hub users of the
|
|
||||||
scheduled downtime.
|
|
||||||
- Shutdown the JupyterHub service.
|
|
||||||
|
|
||||||
Upgrade JupyterHub
|
|
||||||
------------------
|
|
||||||
|
|
||||||
Follow directions that correspond to your package manager, ``pip`` or ``conda``,
|
|
||||||
for the new JupyterHub release:
|
|
||||||
|
|
||||||
- ``pip install -U jupyterhub`` for ``pip``
|
|
||||||
- ``conda upgrade jupyterhub`` for ``conda``
|
|
||||||
|
|
||||||
Upgrade the proxy, authenticator, or spawner if needed.
|
|
||||||
|
|
||||||
Upgrade JupyterHub database
|
|
||||||
---------------------------
|
|
||||||
|
|
||||||
To run the upgrade process for JupyterHub databases, enter::
|
|
||||||
|
|
||||||
jupyterhub upgrade-db
|
|
||||||
|
|
||||||
Update the JupyterHub configuration file
|
|
||||||
----------------------------------------
|
|
||||||
|
|
||||||
Create a new JupyterHub configuration file or edit a copy of the existing
|
|
||||||
file ``jupyterhub_config.py``.
|
|
||||||
|
|
||||||
Start JupyterHub
|
|
||||||
----------------
|
|
||||||
|
|
||||||
Start JupyterHub with the same command that you used before the upgrade.
|
|
@@ -1,20 +1,25 @@
|
|||||||
"""autodoc extension for configurable traits"""
|
"""autodoc extension for configurable traits"""
|
||||||
|
|
||||||
from traitlets import TraitType, Undefined
|
|
||||||
from sphinx.domains.python import PyClassmember
|
from sphinx.domains.python import PyClassmember
|
||||||
from sphinx.ext.autodoc import ClassDocumenter, AttributeDocumenter
|
from sphinx.ext.autodoc import AttributeDocumenter
|
||||||
|
from sphinx.ext.autodoc import ClassDocumenter
|
||||||
|
from traitlets import TraitType
|
||||||
|
from traitlets import Undefined
|
||||||
|
|
||||||
|
|
||||||
class ConfigurableDocumenter(ClassDocumenter):
|
class ConfigurableDocumenter(ClassDocumenter):
|
||||||
"""Specialized Documenter subclass for traits with config=True"""
|
"""Specialized Documenter subclass for traits with config=True"""
|
||||||
|
|
||||||
objtype = 'configurable'
|
objtype = 'configurable'
|
||||||
directivetype = 'class'
|
directivetype = 'class'
|
||||||
|
|
||||||
def get_object_members(self, want_all):
|
def get_object_members(self, want_all):
|
||||||
"""Add traits with .tag(config=True) to members list"""
|
"""Add traits with .tag(config=True) to members list"""
|
||||||
check, members = super().get_object_members(want_all)
|
check, members = super().get_object_members(want_all)
|
||||||
get_traits = self.object.class_own_traits if self.options.inherited_members \
|
get_traits = (
|
||||||
else self.object.class_traits
|
self.object.class_own_traits
|
||||||
|
if self.options.inherited_members
|
||||||
|
else self.object.class_traits
|
||||||
|
)
|
||||||
trait_members = []
|
trait_members = []
|
||||||
for name, trait in sorted(get_traits(config=True).items()):
|
for name, trait in sorted(get_traits(config=True).items()):
|
||||||
# put help in __doc__ where autodoc will look for it
|
# put help in __doc__ where autodoc will look for it
|
||||||
@@ -42,10 +47,7 @@ class TraitDocumenter(AttributeDocumenter):
|
|||||||
default_s = ''
|
default_s = ''
|
||||||
else:
|
else:
|
||||||
default_s = repr(default)
|
default_s = repr(default)
|
||||||
sig = ' = {}({})'.format(
|
sig = ' = {}({})'.format(self.object.__class__.__name__, default_s)
|
||||||
self.object.__class__.__name__,
|
|
||||||
default_s,
|
|
||||||
)
|
|
||||||
return super().add_directive_header(sig)
|
return super().add_directive_header(sig)
|
||||||
|
|
||||||
|
|
||||||
|
@@ -25,8 +25,11 @@ Another use would be to copy initial content, such as tutorial files or referenc
|
|||||||
You can define your own bootstrap process by implementing a `pre_spawn_hook` on any spawner.
|
You can define your own bootstrap process by implementing a `pre_spawn_hook` on any spawner.
|
||||||
The Spawner itself is passed as parameter to your hook and you can easily get the contextual information out of the spawning process.
|
The Spawner itself is passed as parameter to your hook and you can easily get the contextual information out of the spawning process.
|
||||||
|
|
||||||
If you implement a hook, make sure that it is *idempotent*. It will be executed every time
|
Similarly, there may be cases where you would like to clean up after a spawner stops.
|
||||||
a notebook server is spawned to the user. That means you should somehow
|
You may implement a `post_stop_hook` that is always executed after the spawner stops.
|
||||||
|
|
||||||
|
If you implement a hook, make sure that it is *idempotent*. It will be executed every time
|
||||||
|
a notebook server is spawned to the user. That means you should somehow
|
||||||
ensure that things which should run only once are not running again and again.
|
ensure that things which should run only once are not running again and again.
|
||||||
For example, before you create a directory, check if it exists.
|
For example, before you create a directory, check if it exists.
|
||||||
|
|
||||||
@@ -56,7 +59,31 @@ def create_dir_hook(spawner):
|
|||||||
c.Spawner.pre_spawn_hook = create_dir_hook
|
c.Spawner.pre_spawn_hook = create_dir_hook
|
||||||
```
|
```
|
||||||
|
|
||||||
### Example #2 - Run a shell script
|
### Example #2 - Run `mkhomedir_helper`
|
||||||
|
|
||||||
|
Many Linux distributions provide a script that is responsible for user homedir bootstrapping: `/sbin/mkhomedir_helper`. To make use of it, you can use
|
||||||
|
|
||||||
|
```python
|
||||||
|
def create_dir_hook(spawner):
|
||||||
|
username = spawner.user.name
|
||||||
|
if not os.path.exists(os.path.join('/volumes/jupyterhub', username)):
|
||||||
|
subprocess.call(["sudo", "/sbin/mkhomedir_helper", spawner.user.name])
|
||||||
|
|
||||||
|
# attach the hook function to the spawner
|
||||||
|
c.Spawner.pre_spawn_hook = create_dir_hook
|
||||||
|
```
|
||||||
|
|
||||||
|
and make sure to add
|
||||||
|
|
||||||
|
```
|
||||||
|
jupyterhub ALL = (root) NOPASSWD: /sbin/mkhomedir_helper
|
||||||
|
```
|
||||||
|
|
||||||
|
in a new file in `/etc/sudoers.d`, or simply in `/etc/sudoers`.
|
||||||
|
|
||||||
|
All new home directories will be created from `/etc/skel`, so make sure to place any custom homedir-contents in there.
|
||||||
|
|
||||||
|
### Example #3 - Run a shell script
|
||||||
|
|
||||||
You can specify a plain ole' shell script (or any other executable) to be run
|
You can specify a plain ole' shell script (or any other executable) to be run
|
||||||
by the bootstrap process.
|
by the bootstrap process.
|
||||||
@@ -91,7 +118,7 @@ Here's an example on what you could do in your shell script. See also
|
|||||||
|
|
||||||
# - The first parameter for the Bootstrap Script is the USER.
|
# - The first parameter for the Bootstrap Script is the USER.
|
||||||
USER=$1
|
USER=$1
|
||||||
if ["$USER" == ""]; then
|
if [ "$USER" == "" ]; then
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
# ----------------------------------------------------------------------------
|
# ----------------------------------------------------------------------------
|
||||||
@@ -127,4 +154,4 @@ else
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
exit 0
|
exit 0
|
||||||
```
|
```
|
||||||
|
@@ -6,7 +6,7 @@
|
|||||||
|
|
||||||
# - The first parameter for the Bootstrap Script is the USER.
|
# - The first parameter for the Bootstrap Script is the USER.
|
||||||
USER=$1
|
USER=$1
|
||||||
if ["$USER" == ""]; then
|
if [ "$USER" == "" ]; then
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
# ----------------------------------------------------------------------------
|
# ----------------------------------------------------------------------------
|
||||||
|
@@ -1,26 +1,44 @@
|
|||||||
# Example for a Spawner.pre_spawn_hook
|
"""
|
||||||
# create a directory for the user before the spawner starts
|
Example for a Spawner.pre_spawn_hook
|
||||||
|
create a directory for the user before the spawner starts
|
||||||
|
"""
|
||||||
|
# pylint: disable=import-error
|
||||||
import os
|
import os
|
||||||
|
import shutil
|
||||||
|
|
||||||
|
from jupyter_client.localinterfaces import public_ips
|
||||||
|
|
||||||
|
|
||||||
def create_dir_hook(spawner):
|
def create_dir_hook(spawner):
|
||||||
username = spawner.user.name # get the username
|
""" Create directory """
|
||||||
|
username = spawner.user.name # get the username
|
||||||
volume_path = os.path.join('/volumes/jupyterhub', username)
|
volume_path = os.path.join('/volumes/jupyterhub', username)
|
||||||
if not os.path.exists(volume_path):
|
if not os.path.exists(volume_path):
|
||||||
os.mkdir(volume_path, 0o755)
|
os.mkdir(volume_path, 0o755)
|
||||||
# now do whatever you think your user needs
|
# now do whatever you think your user needs
|
||||||
# ...
|
# ...
|
||||||
|
|
||||||
# attach the hook function to the spawner
|
|
||||||
|
def clean_dir_hook(spawner):
|
||||||
|
""" Delete directory """
|
||||||
|
username = spawner.user.name # get the username
|
||||||
|
temp_path = os.path.join('/volumes/jupyterhub', username, 'temp')
|
||||||
|
if os.path.exists(temp_path) and os.path.isdir(temp_path):
|
||||||
|
shutil.rmtree(temp_path)
|
||||||
|
|
||||||
|
|
||||||
|
# attach the hook functions to the spawner
|
||||||
|
# pylint: disable=undefined-variable
|
||||||
c.Spawner.pre_spawn_hook = create_dir_hook
|
c.Spawner.pre_spawn_hook = create_dir_hook
|
||||||
|
c.Spawner.post_stop_hook = clean_dir_hook
|
||||||
|
|
||||||
# Use the DockerSpawner to serve your users' notebooks
|
# Use the DockerSpawner to serve your users' notebooks
|
||||||
c.JupyterHub.spawner_class = 'dockerspawner.DockerSpawner'
|
c.JupyterHub.spawner_class = 'dockerspawner.DockerSpawner'
|
||||||
from jupyter_client.localinterfaces import public_ips
|
|
||||||
c.JupyterHub.hub_ip = public_ips()[0]
|
c.JupyterHub.hub_ip = public_ips()[0]
|
||||||
c.DockerSpawner.hub_ip_connect = public_ips()[0]
|
c.DockerSpawner.hub_ip_connect = public_ips()[0]
|
||||||
c.DockerSpawner.container_ip = "0.0.0.0"
|
c.DockerSpawner.container_ip = "0.0.0.0"
|
||||||
|
|
||||||
# You can now mount the volume to the docker container as we've
|
# You can now mount the volume to the docker container as we've
|
||||||
# made sure the directory exists
|
# made sure the directory exists
|
||||||
c.DockerSpawner.volumes = { '/volumes/jupyterhub/{username}/': '/home/jovyan/work' }
|
# pylint: disable=bad-whitespace
|
||||||
|
c.DockerSpawner.volumes = {'/volumes/jupyterhub/{username}/': '/home/jovyan/work'}
|
||||||
|
@@ -15,7 +15,7 @@ c.JupyterHub.services = [
|
|||||||
{
|
{
|
||||||
'name': 'cull-idle',
|
'name': 'cull-idle',
|
||||||
'admin': True,
|
'admin': True,
|
||||||
'command': 'python cull_idle_servers.py --timeout=3600'.split(),
|
'command': [sys.executable, 'cull_idle_servers.py', '--timeout=3600'],
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
```
|
```
|
||||||
@@ -36,6 +36,6 @@ Generate an API token and store it in the `JUPYTERHUB_API_TOKEN` environment
|
|||||||
variable. Run `cull_idle_servers.py` manually.
|
variable. Run `cull_idle_servers.py` manually.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
export JUPYTERHUB_API_TOKEN=`jupyterhub token`
|
export JUPYTERHUB_API_TOKEN=$(jupyterhub token)
|
||||||
python cull_idle_servers.py [--timeout=900] [--url=http://127.0.0.1:8081/hub/api]
|
python3 cull_idle_servers.py [--timeout=900] [--url=http://127.0.0.1:8081/hub/api]
|
||||||
```
|
```
|
||||||
|
371
examples/cull-idle/cull_idle_servers.py
Normal file → Executable file
@@ -1,4 +1,4 @@
|
|||||||
#!/usr/bin/env python
|
#!/usr/bin/env python3
|
||||||
"""script to monitor and cull idle single-user servers
|
"""script to monitor and cull idle single-user servers
|
||||||
|
|
||||||
Caveats:
|
Caveats:
|
||||||
@@ -16,102 +16,366 @@ You can run this as a service managed by JupyterHub with this in your config::
|
|||||||
{
|
{
|
||||||
'name': 'cull-idle',
|
'name': 'cull-idle',
|
||||||
'admin': True,
|
'admin': True,
|
||||||
'command': 'python cull_idle_servers.py --timeout=3600'.split(),
|
'command': [sys.executable, 'cull_idle_servers.py', '--timeout=3600'],
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|
||||||
Or run it manually by generating an API token and storing it in `JUPYTERHUB_API_TOKEN`:
|
Or run it manually by generating an API token and storing it in `JUPYTERHUB_API_TOKEN`:
|
||||||
|
|
||||||
export JUPYTERHUB_API_TOKEN=`jupyterhub token`
|
export JUPYTERHUB_API_TOKEN=$(jupyterhub token)
|
||||||
python cull_idle_servers.py [--timeout=900] [--url=http://127.0.0.1:8081/hub/api]
|
python3 cull_idle_servers.py [--timeout=900] [--url=http://127.0.0.1:8081/hub/api]
|
||||||
"""
|
|
||||||
|
|
||||||
import datetime
|
This script uses the same ``--timeout`` and ``--max-age`` values for
|
||||||
|
culling users and users' servers. If you want a different value for
|
||||||
|
users and servers, you should add this script to the services list
|
||||||
|
twice, just with different ``name``s, different values, and one with
|
||||||
|
the ``--cull-users`` option.
|
||||||
|
"""
|
||||||
import json
|
import json
|
||||||
import os
|
import os
|
||||||
|
from datetime import datetime
|
||||||
|
from datetime import timezone
|
||||||
|
from functools import partial
|
||||||
|
|
||||||
from dateutil.parser import parse as parse_date
|
try:
|
||||||
|
from urllib.parse import quote
|
||||||
|
except ImportError:
|
||||||
|
from urllib import quote
|
||||||
|
|
||||||
from tornado.gen import coroutine
|
import dateutil.parser
|
||||||
|
|
||||||
|
from tornado.gen import coroutine, multi
|
||||||
|
from tornado.locks import Semaphore
|
||||||
from tornado.log import app_log
|
from tornado.log import app_log
|
||||||
from tornado.httpclient import AsyncHTTPClient, HTTPRequest
|
from tornado.httpclient import AsyncHTTPClient, HTTPRequest
|
||||||
from tornado.ioloop import IOLoop, PeriodicCallback
|
from tornado.ioloop import IOLoop, PeriodicCallback
|
||||||
from tornado.options import define, options, parse_command_line
|
from tornado.options import define, options, parse_command_line
|
||||||
|
|
||||||
|
|
||||||
|
def parse_date(date_string):
|
||||||
|
"""Parse a timestamp
|
||||||
|
|
||||||
|
If it doesn't have a timezone, assume utc
|
||||||
|
|
||||||
|
Returned datetime object will always be timezone-aware
|
||||||
|
"""
|
||||||
|
dt = dateutil.parser.parse(date_string)
|
||||||
|
if not dt.tzinfo:
|
||||||
|
# assume naïve timestamps are UTC
|
||||||
|
dt = dt.replace(tzinfo=timezone.utc)
|
||||||
|
return dt
|
||||||
|
|
||||||
|
|
||||||
|
def format_td(td):
|
||||||
|
"""
|
||||||
|
Nicely format a timedelta object
|
||||||
|
|
||||||
|
as HH:MM:SS
|
||||||
|
"""
|
||||||
|
if td is None:
|
||||||
|
return "unknown"
|
||||||
|
if isinstance(td, str):
|
||||||
|
return td
|
||||||
|
seconds = int(td.total_seconds())
|
||||||
|
h = seconds // 3600
|
||||||
|
seconds = seconds % 3600
|
||||||
|
m = seconds // 60
|
||||||
|
seconds = seconds % 60
|
||||||
|
return "{h:02}:{m:02}:{seconds:02}".format(h=h, m=m, seconds=seconds)
|
||||||
|
|
||||||
|
|
||||||
@coroutine
|
@coroutine
|
||||||
def cull_idle(url, api_token, timeout, cull_users=False):
|
def cull_idle(
|
||||||
|
url, api_token, inactive_limit, cull_users=False, max_age=0, concurrency=10
|
||||||
|
):
|
||||||
"""Shutdown idle single-user servers
|
"""Shutdown idle single-user servers
|
||||||
|
|
||||||
If cull_users, inactive *users* will be deleted as well.
|
If cull_users, inactive *users* will be deleted as well.
|
||||||
"""
|
"""
|
||||||
auth_header = {
|
auth_header = {'Authorization': 'token %s' % api_token}
|
||||||
'Authorization': 'token %s' % api_token
|
req = HTTPRequest(url=url + '/users', headers=auth_header)
|
||||||
}
|
now = datetime.now(timezone.utc)
|
||||||
req = HTTPRequest(url=url + '/users',
|
|
||||||
headers=auth_header,
|
|
||||||
)
|
|
||||||
now = datetime.datetime.utcnow()
|
|
||||||
cull_limit = now - datetime.timedelta(seconds=timeout)
|
|
||||||
client = AsyncHTTPClient()
|
client = AsyncHTTPClient()
|
||||||
resp = yield client.fetch(req)
|
|
||||||
|
if concurrency:
|
||||||
|
semaphore = Semaphore(concurrency)
|
||||||
|
|
||||||
|
@coroutine
|
||||||
|
def fetch(req):
|
||||||
|
"""client.fetch wrapped in a semaphore to limit concurrency"""
|
||||||
|
yield semaphore.acquire()
|
||||||
|
try:
|
||||||
|
return (yield client.fetch(req))
|
||||||
|
finally:
|
||||||
|
yield semaphore.release()
|
||||||
|
|
||||||
|
else:
|
||||||
|
fetch = client.fetch
|
||||||
|
|
||||||
|
resp = yield fetch(req)
|
||||||
users = json.loads(resp.body.decode('utf8', 'replace'))
|
users = json.loads(resp.body.decode('utf8', 'replace'))
|
||||||
futures = []
|
futures = []
|
||||||
|
|
||||||
@coroutine
|
@coroutine
|
||||||
def cull_one(user, last_activity):
|
def handle_server(user, server_name, server):
|
||||||
"""cull one user"""
|
"""Handle (maybe) culling a single server
|
||||||
|
|
||||||
# shutdown server first. Hub doesn't allow deleting users with running servers.
|
Returns True if server is now stopped (user removable),
|
||||||
if user['server']:
|
False otherwise.
|
||||||
app_log.info("Culling server for %s (inactive since %s)", user['name'], last_activity)
|
"""
|
||||||
req = HTTPRequest(url=url + '/users/%s/server' % user['name'],
|
log_name = user['name']
|
||||||
method='DELETE',
|
if server_name:
|
||||||
headers=auth_header,
|
log_name = '%s/%s' % (user['name'], server_name)
|
||||||
|
if server.get('pending'):
|
||||||
|
app_log.warning(
|
||||||
|
"Not culling server %s with pending %s", log_name, server['pending']
|
||||||
)
|
)
|
||||||
yield client.fetch(req)
|
return False
|
||||||
if cull_users:
|
|
||||||
app_log.info("Culling user %s (inactive since %s)", user['name'], last_activity)
|
# jupyterhub < 0.9 defined 'server.url' once the server was ready
|
||||||
req = HTTPRequest(url=url + '/users/%s' % user['name'],
|
# as an *implicit* signal that the server was ready.
|
||||||
method='DELETE',
|
# 0.9 adds a dedicated, explicit 'ready' field.
|
||||||
headers=auth_header,
|
# By current (0.9) definitions, servers that have no pending
|
||||||
|
# events and are not ready shouldn't be in the model,
|
||||||
|
# but let's check just to be safe.
|
||||||
|
|
||||||
|
if not server.get('ready', bool(server['url'])):
|
||||||
|
app_log.warning(
|
||||||
|
"Not culling not-ready not-pending server %s: %s", log_name, server
|
||||||
)
|
)
|
||||||
yield client.fetch(req)
|
return False
|
||||||
|
|
||||||
|
if server.get('started'):
|
||||||
|
age = now - parse_date(server['started'])
|
||||||
|
else:
|
||||||
|
# started may be undefined on jupyterhub < 0.9
|
||||||
|
age = None
|
||||||
|
|
||||||
|
# check last activity
|
||||||
|
# last_activity can be None in 0.9
|
||||||
|
if server['last_activity']:
|
||||||
|
inactive = now - parse_date(server['last_activity'])
|
||||||
|
else:
|
||||||
|
# no activity yet, use start date
|
||||||
|
# last_activity may be None with jupyterhub 0.9,
|
||||||
|
# which introduces the 'started' field which is never None
|
||||||
|
# for running servers
|
||||||
|
inactive = age
|
||||||
|
|
||||||
|
should_cull = (
|
||||||
|
inactive is not None and inactive.total_seconds() >= inactive_limit
|
||||||
|
)
|
||||||
|
if should_cull:
|
||||||
|
app_log.info(
|
||||||
|
"Culling server %s (inactive for %s)", log_name, format_td(inactive)
|
||||||
|
)
|
||||||
|
|
||||||
|
if max_age and not should_cull:
|
||||||
|
# only check started if max_age is specified
|
||||||
|
# so that we can still be compatible with jupyterhub 0.8
|
||||||
|
# which doesn't define the 'started' field
|
||||||
|
if age is not None and age.total_seconds() >= max_age:
|
||||||
|
app_log.info(
|
||||||
|
"Culling server %s (age: %s, inactive for %s)",
|
||||||
|
log_name,
|
||||||
|
format_td(age),
|
||||||
|
format_td(inactive),
|
||||||
|
)
|
||||||
|
should_cull = True
|
||||||
|
|
||||||
|
if not should_cull:
|
||||||
|
app_log.debug(
|
||||||
|
"Not culling server %s (age: %s, inactive for %s)",
|
||||||
|
log_name,
|
||||||
|
format_td(age),
|
||||||
|
format_td(inactive),
|
||||||
|
)
|
||||||
|
return False
|
||||||
|
|
||||||
|
if server_name:
|
||||||
|
# culling a named server
|
||||||
|
delete_url = url + "/users/%s/servers/%s" % (
|
||||||
|
quote(user['name']),
|
||||||
|
quote(server['name']),
|
||||||
|
)
|
||||||
|
else:
|
||||||
|
delete_url = url + '/users/%s/server' % quote(user['name'])
|
||||||
|
|
||||||
|
req = HTTPRequest(url=delete_url, method='DELETE', headers=auth_header)
|
||||||
|
resp = yield fetch(req)
|
||||||
|
if resp.code == 202:
|
||||||
|
app_log.warning("Server %s is slow to stop", log_name)
|
||||||
|
# return False to prevent culling user with pending shutdowns
|
||||||
|
return False
|
||||||
|
return True
|
||||||
|
|
||||||
|
@coroutine
|
||||||
|
def handle_user(user):
|
||||||
|
"""Handle one user.
|
||||||
|
|
||||||
|
Create a list of their servers, and async exec them. Wait for
|
||||||
|
that to be done, and if all servers are stopped, possibly cull
|
||||||
|
the user.
|
||||||
|
"""
|
||||||
|
# shutdown servers first.
|
||||||
|
# Hub doesn't allow deleting users with running servers.
|
||||||
|
# jupyterhub 0.9 always provides a 'servers' model.
|
||||||
|
# 0.8 only does this when named servers are enabled.
|
||||||
|
if 'servers' in user:
|
||||||
|
servers = user['servers']
|
||||||
|
else:
|
||||||
|
# jupyterhub < 0.9 without named servers enabled.
|
||||||
|
# create servers dict with one entry for the default server
|
||||||
|
# from the user model.
|
||||||
|
# only if the server is running.
|
||||||
|
servers = {}
|
||||||
|
if user['server']:
|
||||||
|
servers[''] = {
|
||||||
|
'last_activity': user['last_activity'],
|
||||||
|
'pending': user['pending'],
|
||||||
|
'url': user['server'],
|
||||||
|
}
|
||||||
|
server_futures = [
|
||||||
|
handle_server(user, server_name, server)
|
||||||
|
for server_name, server in servers.items()
|
||||||
|
]
|
||||||
|
results = yield multi(server_futures)
|
||||||
|
if not cull_users:
|
||||||
|
return
|
||||||
|
# some servers are still running, cannot cull users
|
||||||
|
still_alive = len(results) - sum(results)
|
||||||
|
if still_alive:
|
||||||
|
app_log.debug(
|
||||||
|
"Not culling user %s with %i servers still alive",
|
||||||
|
user['name'],
|
||||||
|
still_alive,
|
||||||
|
)
|
||||||
|
return False
|
||||||
|
|
||||||
|
should_cull = False
|
||||||
|
if user.get('created'):
|
||||||
|
age = now - parse_date(user['created'])
|
||||||
|
else:
|
||||||
|
# created may be undefined on jupyterhub < 0.9
|
||||||
|
age = None
|
||||||
|
|
||||||
|
# check last activity
|
||||||
|
# last_activity can be None in 0.9
|
||||||
|
if user['last_activity']:
|
||||||
|
inactive = now - parse_date(user['last_activity'])
|
||||||
|
else:
|
||||||
|
# no activity yet, use start date
|
||||||
|
# last_activity may be None with jupyterhub 0.9,
|
||||||
|
# which introduces the 'created' field which is never None
|
||||||
|
inactive = age
|
||||||
|
|
||||||
|
should_cull = (
|
||||||
|
inactive is not None and inactive.total_seconds() >= inactive_limit
|
||||||
|
)
|
||||||
|
if should_cull:
|
||||||
|
app_log.info("Culling user %s (inactive for %s)", user['name'], inactive)
|
||||||
|
|
||||||
|
if max_age and not should_cull:
|
||||||
|
# only check created if max_age is specified
|
||||||
|
# so that we can still be compatible with jupyterhub 0.8
|
||||||
|
# which doesn't define the 'started' field
|
||||||
|
if age is not None and age.total_seconds() >= max_age:
|
||||||
|
app_log.info(
|
||||||
|
"Culling user %s (age: %s, inactive for %s)",
|
||||||
|
user['name'],
|
||||||
|
format_td(age),
|
||||||
|
format_td(inactive),
|
||||||
|
)
|
||||||
|
should_cull = True
|
||||||
|
|
||||||
|
if not should_cull:
|
||||||
|
app_log.debug(
|
||||||
|
"Not culling user %s (created: %s, last active: %s)",
|
||||||
|
user['name'],
|
||||||
|
format_td(age),
|
||||||
|
format_td(inactive),
|
||||||
|
)
|
||||||
|
return False
|
||||||
|
|
||||||
|
req = HTTPRequest(
|
||||||
|
url=url + '/users/%s' % user['name'], method='DELETE', headers=auth_header
|
||||||
|
)
|
||||||
|
yield fetch(req)
|
||||||
|
return True
|
||||||
|
|
||||||
for user in users:
|
for user in users:
|
||||||
if not user['server'] and not cull_users:
|
futures.append((user['name'], handle_user(user)))
|
||||||
# server not running and not culling users, nothing to do
|
|
||||||
continue
|
|
||||||
last_activity = parse_date(user['last_activity'])
|
|
||||||
if last_activity < cull_limit:
|
|
||||||
futures.append((user['name'], cull_one(user, last_activity)))
|
|
||||||
else:
|
|
||||||
app_log.debug("Not culling %s (active since %s)", user['name'], last_activity)
|
|
||||||
|
|
||||||
for (name, f) in futures:
|
for (name, f) in futures:
|
||||||
yield f
|
try:
|
||||||
app_log.debug("Finished culling %s", name)
|
result = yield f
|
||||||
|
except Exception:
|
||||||
|
app_log.exception("Error processing %s", name)
|
||||||
|
else:
|
||||||
|
if result:
|
||||||
|
app_log.debug("Finished culling %s", name)
|
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
define('url', default=os.environ.get('JUPYTERHUB_API_URL'), help="The JupyterHub API URL")
|
define(
|
||||||
|
'url',
|
||||||
|
default=os.environ.get('JUPYTERHUB_API_URL'),
|
||||||
|
help="The JupyterHub API URL",
|
||||||
|
)
|
||||||
define('timeout', default=600, help="The idle timeout (in seconds)")
|
define('timeout', default=600, help="The idle timeout (in seconds)")
|
||||||
define('cull_every', default=0, help="The interval (in seconds) for checking for idle servers to cull")
|
define(
|
||||||
define('cull_users', default=False,
|
'cull_every',
|
||||||
|
default=0,
|
||||||
|
help="The interval (in seconds) for checking for idle servers to cull",
|
||||||
|
)
|
||||||
|
define(
|
||||||
|
'max_age',
|
||||||
|
default=0,
|
||||||
|
help="The maximum age (in seconds) of servers that should be culled even if they are active",
|
||||||
|
)
|
||||||
|
define(
|
||||||
|
'cull_users',
|
||||||
|
default=False,
|
||||||
help="""Cull users in addition to servers.
|
help="""Cull users in addition to servers.
|
||||||
This is for use in temporary-user cases such as tmpnb.""",
|
This is for use in temporary-user cases such as tmpnb.""",
|
||||||
)
|
)
|
||||||
|
define(
|
||||||
|
'concurrency',
|
||||||
|
default=10,
|
||||||
|
help="""Limit the number of concurrent requests made to the Hub.
|
||||||
|
|
||||||
|
Deleting a lot of users at the same time can slow down the Hub,
|
||||||
|
so limit the number of API requests we have outstanding at any given time.
|
||||||
|
""",
|
||||||
|
)
|
||||||
|
|
||||||
parse_command_line()
|
parse_command_line()
|
||||||
if not options.cull_every:
|
if not options.cull_every:
|
||||||
options.cull_every = options.timeout // 2
|
options.cull_every = options.timeout // 2
|
||||||
|
|
||||||
api_token = os.environ['JUPYTERHUB_API_TOKEN']
|
api_token = os.environ['JUPYTERHUB_API_TOKEN']
|
||||||
|
|
||||||
|
try:
|
||||||
|
AsyncHTTPClient.configure("tornado.curl_httpclient.CurlAsyncHTTPClient")
|
||||||
|
except ImportError as e:
|
||||||
|
app_log.warning(
|
||||||
|
"Could not load pycurl: %s\n"
|
||||||
|
"pycurl is recommended if you have a large number of users.",
|
||||||
|
e,
|
||||||
|
)
|
||||||
|
|
||||||
loop = IOLoop.current()
|
loop = IOLoop.current()
|
||||||
cull = lambda : cull_idle(options.url, api_token, options.timeout, options.cull_users)
|
cull = partial(
|
||||||
# run once before scheduling periodic call
|
cull_idle,
|
||||||
loop.run_sync(cull)
|
url=options.url,
|
||||||
|
api_token=api_token,
|
||||||
|
inactive_limit=options.timeout,
|
||||||
|
cull_users=options.cull_users,
|
||||||
|
max_age=options.max_age,
|
||||||
|
concurrency=options.concurrency,
|
||||||
|
)
|
||||||
|
# schedule first cull immediately
|
||||||
|
# because PeriodicCallback doesn't start until the end of the first interval
|
||||||
|
loop.add_callback(cull)
|
||||||
# schedule periodic cull
|
# schedule periodic cull
|
||||||
pc = PeriodicCallback(cull, 1e3 * options.cull_every)
|
pc = PeriodicCallback(cull, 1e3 * options.cull_every)
|
||||||
pc.start()
|
pc.start()
|
||||||
@@ -119,4 +383,3 @@ if __name__ == '__main__':
|
|||||||
loop.start()
|
loop.start()
|
||||||
except KeyboardInterrupt:
|
except KeyboardInterrupt:
|
||||||
pass
|
pass
|
||||||
|
|
@@ -1,8 +1,11 @@
|
|||||||
|
import sys
|
||||||
|
|
||||||
# run cull-idle as a service
|
# run cull-idle as a service
|
||||||
|
|
||||||
c.JupyterHub.services = [
|
c.JupyterHub.services = [
|
||||||
{
|
{
|
||||||
'name': 'cull-idle',
|
'name': 'cull-idle',
|
||||||
'admin': True,
|
'admin': True,
|
||||||
'command': 'python cull_idle_servers.py --timeout=3600'.split(),
|
'command': [sys.executable, 'cull_idle_servers.py', '--timeout=3600'],
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|