Try   HackMD

JupyterHub - MaxFordham

Documentation and configuration files in the following repository:

https://github.com/QuantStack/jupyterhub-maxfordham

Questions

  • What authenticator?

  • Need to have a shared directory between users?

    • share tutorials, work on shared notebooks, etc.
    • hardlink?
    • TBD, this could be an extra volume mounted on all containers

  • Use TLS? Who is handling certs/keys generation? Provided by MaxFordham?

    • yes, either their wildcard certificate, or built-in TLJH Let's Encrypt

  • List admins

  • O/S of the server?

    • Need to adapt some installation scripts (https://github.com/plasmabio/tljh-repo2docker) to work with different O/S than Ubuntu bionic
    • It will be Ubuntu 20.04 as a requirements for TLJH
      • OK so we need to adapt slightly to use focal

  • Is there a corporate proxy that requires tooling (Ansible, wget, curl, docker, etc.) to be configured ?

    • we could use cntlm, even with kerberos for installation step
    • we have to configure docker to be able to pull images from public repos (dockerhub, quay.io?)
      • They will be using tljh-repo2docker, which uses repo2docker under the hood. So we need access to DockerHub from the machine where TLJH will be running to be able to pull the image. Then the image will stay local to the machine, and not be pushed to another Docker registry
    • are they planning to build docker images from public repos (GitHub, through a proxy?) or internal ones?
      • There will be Internet access. However we indeed to check if there will be a proxy in the middle

  • tljh-repo2docker shows CPU and RAM limits

Troubleshooting

A couple of items that we might have to look at for troubleshooting issues:

  • iptables: to make sure iptables allow connections to localhost on IPv4.
  • Docker and iptables: https://docs.docker.com/network/iptables/
  • DNS: this might require creating the /etc/docker/daemon.json file with the following content:
{
  "dns": ["1.2.3.4"]
}
  • TLS verification with the custom TLS certificate
  • Accessing private git repositories: this might require building a local jupyter/repo2docker Docker image (tljh-repo2docker uses the Docker image for repo2docker), which includes extra git settings such as:
FROM jupyter/repo2docker:0.11.0-98.g8bbced7

RUN git config --global http.sslVerify "false"

And then build the local repo2docker image with:

docker build -t jupyter/repo2docker:master .

Emails from MaxFordham

2021-01-26

I'm in process of building our new JupyterHub virtual machine and wanted to advise you on the proposed configuration and if you had any other suggestions/requirements.

Server (named: StBarts) to be configured with:

  • 6x vCPUs @2HGz
  • 32GB vRAM
  • 100GB vDisk (working data to be saved onto our network file server: J:\ drive)
  • Ubuntu Server 20.04.1
  • We will grant you VPN access
  • Will create an admin account on StBarts for you to login and set up the server
  • We'll liaise later on when it comes to SSL cert and SSO with our internal Active Directory server.

2021-01-21

  • we will provide you with: VPN access with u/n and p/w to get onto a server running Ubuntu 20.04 LTS. we'll send it the week before the week of the 8th Feb.
  • given that the server is on our network it should have access to our internal Git server.
  • i had a chat with Mike re security - for now we'll stick to our maxfordham.com security certificate wildcard solution, not LetsEncrypt
  • the server will be configured to look at data drives (J:\ , Y:\ , Z:\ , G:\ ). you said you'd do this using Samba share
  • we will have a look at making a binder-able repo of stuff we already have.
    - we note that on the server if we import modules from stuff we've made on our pythonpath this would need to be handled using a post-build script

Snippets for a LDAP Authenticator

class SomeLDAPAuthenticator(LDAPAuthenticator):

    @gen.coroutine
    def get_connection(self, userdn, password):
        server = ldap3.Server(
            self.server_address,
            port=self.server_port,
            use_ssl=self.use_ssl,
            connect_timeout=5, 
        )
        auto_bind = (
            self.use_ssl
            and ldap3.AUTO_BIND_TLS_BEFORE_BIND
            or ldap3.AUTO_BIND_NO_TLS
        )
        
c.LDAPAuthenticator.server_address = '...'
c.LDAPAuthenticator.use_ssl = True
c.LDAPAuthenticator.bind_dn_template = "{username}@*server_address*"
c.LDAPAuthenticator.user_search_base = 'dc='
c.LDAPAuthenticator.user_attribute = 'sAMAccountName'
c.LDAPAuthenticator.lookup_dn_user_dn_attribute = 'cn'
c.LDAPAuthenticator.escape_userdn = False

c.JupyterHub.authenticator_class = SomeLDAPAuthenticator
tags: projects
Last changed by 
QuantStack
1
94

Read more

Python Sagemaker SDK

Sep 19, 2023
Model DB PR

Create a notebook Memory change: -11.6 kB Leak detected: No Leaking objects: Object # added Retained size increase Awareness

Sep 6, 2022
Guidelines for our git and GitHub workflow

This document contains some guidelines on how we use git and GitHub at QuantStack. Overview of git TODO Configuring git TODO Basic usage: contributing to an existing project You will need to do the following every time you start working on an existing project, this needs to be done only once.

Mar 30, 2022
Learning sessions

Day Subject Presenter Content Testing with Galata or Rich Frederic 6 may 2021 Pyodide & Matplotlib Internals

Jul 15, 2021
Read more from QuantStack
Published on HackMD