nersc / jupyterhub-deploy Goto Github PK

We need to add cull idle servers service to config.
Also need the duplicate killer script and cron configuration just in case, though the above may take care of most things.

In Spin when we upgrade a container we forget the certs in /tmp. Then when the new container starts up it can't poll on the remote server. We should configure so that there is a persistent storage associated with the web container and change configuration so the GSI prefix maps to it.

Rather than "MFA:", the prompt should be changed to "OTP:" since we're requesting the user's one-time password.

The Dockerfile currently references nersc/jupyterhub but it isn't clear to me where this comes from, or that we want to use the Dockerfile that's in our fork of JupyterHub (which branch is the right one...). We could do that but is that what we've decided we will always do? Not 100% sure why we would need to do that unless we want to run multiple hubs.

I think we would like to move to a model where there is one hub, from which all others are spawned. Let me know if this sounds like a bad idea anyway.

Huh

In the startup scripts we have these old JPY_ variables and they are probably all deprecated. Verify that this is the case by removing them and making sure things start up.

Users that just use the default kernels are getting a PATH that we make up for them. We consider any other behavior they want to be a customization and tell them to make their own kernel-spec's, even if those just set env vars and then run say, 3.6-anaconda-5.2's Python kernel.

We should try a little harder for our users and not set PATH like this if we don't have to.

Specifically stdout/stderr reporting.

Need to add to the README or another file some tips on how to do a regular deploy.

For now the defaults seem to be strange. A Python 2 kernel will have Python 3 in its PATH. If a user does !pip which maybe is not advisable (?) they get the wrong thing going on.

Also right now PYTHONUSERBASE is not being set, and it probably should be. We could make it match what users get from Python modules on Cori, but for the non-Cori Jupyter we have to think up a thing that makes sense (nothing might be a good answer).

A thought on the above is that perhaps our site-wide kernels should call a shell script that just falls back to doing module load python with the appropriate Python --- that sets PYTHONUSERBASE under the NERSC scheme right now and it mirrors our intent to give users the same exact software experience on jupyter-dev as they get at Cori login.

Make sure we have texlive-xetex and all that stuff needed for nbconvert to make PDFs

We should tag the docker containers in a way that we can tie back to the git tag of the components. For instance for the base image that probably needs to come from the tag used for our fork of jupyterhub when we do the build. What about other things?

For jupyter-dev we add in our spawner and authenticator. These should be tagged too. But then it gets more complicated.

Create a hub-managed service that periodically polls the server API and sends the results off to MODS.

If Iris is unavailable, the home page 500's. Let's have the template still work with minimal allowed operations that don't depend on Iris-based role definitions.

When we restart or upgrade in Spin, the sqlite database is being destroyed and recreated. This means that servers running before the upgrade don't get polled when we restart again later and we lose track of them. This is one way we get duplicate servers probably, if we had to do a reboot.

We could set up another container with the PostgreSQL backend as part of the stack. There is an example here and it looks pretty easy to set up.

https://github.com/jupyterhub/jupyterhub/blob/master/examples/postgres/db/initdb.sh

Instead of generating a generic 500 error, check myquota and deliver a more insightful error message if failure is imminent due to lack of space.

The home icon in the file explorer currently takes you to the root directory, and as some folders have restricted permissions, if you don't have an open file it is impossible to navigate the finder up to you user folder. Only solution: exit the service and log in again.

Is it possible to make the 'home' icon in the file browser to take you to $HOME instead of the root?

The default is

c.NotebookApp.iopub_data_rate_limit = 1000000

We should make sure our on-Cori deployment and the self-contained Jupyter container have this set to something more appropriate.

• kill duplicates - add if needed: scripts/hub/kill_servers_from_hub.sh

• timeout for cull_idle:

c.JupyterHub.services = [
    {
        'name': 'cull-idle',
        'admin': True,
        'command': 'cull_idle_servers.py --timeout=86400'.split(),
    }
]

• do we keep env vars from jupyter hub

#c.Spawner.env_keep

• Handle external IP lookup failure here

c.SSHSpawner.hub_api_url = 'http://{}:8081/hub/api'.format(requests.get('https://ifconfig.co/json').json()['ip'])

We can use ARG to set the JupyterHub tag to include into base.