Jupyterhub_setup

Published by

Posted on August 25, 2018




juypterhub_setup







JupyterHub setup

Created by OpenKB.org

Reference links
https://jupyterhub.readthedocs.io/en/latest/quickstart.html#prerequisites

https://jupyter-notebook.readthedocs.io/en/stable/public_server.html
Lab setup based on the manual using Centos 7.5

1. Installation . Step 1 and 2 can be placed in a bash script.

yum -y update && yum -y install epel-release.noarch npm gcc
gcc-c++ python36 python34 python34-devel python34-pip python36-setuptools
python36-libs vim git pandoc texlive texlive-*.noarch

pip3 install –upgrade pip

2. Juypter related

python3 -m pip install pandoc
python3 -m pip install jupyterhub
npm install -g configurable-http-proxy
python3 -m pip install notebook

3. Validation

jupyterhub -h
configurable-http-proxy -h

4. Generate a config file

Path : /etc/jupyterhub
mkdir /etc/jupterhub ; cd /etc/jupterhub ; jupyterhub –generate-config

5. Generate a SSL certificate

using the script https://github.com/loganstellway/self-signed-ssl
Add the pem crt and key filenames to the config file

6. Start the process

jupyterhub

Bugs :
The documentation states we need to add any admin users to the below variable.
c.JupyterHub.admin_users
and set this to true
c.JupyterHub.admin_access

Upon doing so, the user we specified to be the admin was a regular user.
We had to manually update the db and set the boolean to true.
I will test this setup again and confirm if this is a true bug

SElinux & Systemd

In [ ]:
1. Example Systemd config file 
save this as /lib/systemd/system/jupyterhub.service:

[Unit]
Description=Jupyterhub

[Service] 
User=jupyterhub   << change this to your user 
ExecStart=/usr/bin/jupyterhub
WorkingDirectory=/etc/jupyterhub

[Install]
WantedBy=multi-user.target
In [ ]:
2. After creating and starting the SystemD script. If 
   you have Selinux enabled. You will receive a 500 error due to policy issues. 

Additional Information:
Source Context                system_u:system_r:unconfined_service_t:s0
Target Context                unconfined_u:unconfined_r:unconfined_t:s0
Target Objects                /usr/bin/jupyterhub-singleuser [ process ]
Source                        jupyterhub
Source Path                   /usr/bin/python3.4

Error: Raw Audit Messages
type=AVC msg=audit(1535304575.875:90241): avc:  denied  { transition } for  pid=31239
comm="jupyterhub" path="/usr/bin/jupyterhub-singleuser" dev="xvda1" ino=13572171 
scontext=system_u:system_r:unconfined_service_t:s0 
tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process

================
Troublshooting steps and fix

A) setenforce 0
Use the application as you would normally and then take a look at the SELinux 
related messages in /var/log/audit/audit.log*

B) grep denied /var/log/audit/audit.log*
You can pass the results to various utilities to get some sense of what is required

C)grep denied /var/log/audit/audit.log* | audit2why
Analysing that can be helpful. It may suggest you configure various booleans. You may also 
want to run the results through audit2allow

D)grep denied /var/log/audit/audit.log* | audit2allow
This will also tell you what you need to do. You can create a local module

E)grep denied /var/log/audit/audit.log* | audit2allow -M local-module
and then use it

F) semodule -i local-module.pp

Categories: Lab