Skip to content

Jupyterhub

Jupyterhub is an open source Data Science multi-user notebook that supports Python, R , and even GNU Octave.

Install

 $ sudo apt update 
 $ sudo su -c "curl -fsSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -"
 $ curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash - 
 $ sudo apt-get install -y nodejs 
 $ sudo npm install -g configurable-http-proxy
 $ sudo apt install -y python3-pip  
 $ sudo -H python3 -m pip install importlib-metadata zipp -U
 $ sudo -H python3 -m pip install jupyterhub jupyterlab notebook PyJWT oauthenticator 
 $ sudo mkdir /etc/jupyterhub/
 $ cd /etc/jupyterhub/
 $ sudo jupyterhub --generate-config
 $ sudo su -c "curl 'https://raw.githubusercontent.com/decyphertek-io/ansible/main/roles/Jupyterhub/files/jupyterhub_config.py' >> /etc/jupyterhub/jupyterhub_config.py"
 $ sudo chmod 700 /etc/ssl/private
 $ sudo openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout /etc/ssl/private/private-ssl.key -out /etc/ssl/certs/private-ssl.crt -subj "/C=US/ST=Any/L=Anytown/O=decyphertek-io/OU=adminotaur/CN=decyphertek"

New User/Hostname

 # The -m option after useradd, will make a home directory.
 $ sudo useradd -m username
 $ sudo passwd username
 # Optional: Add to sudo group
 $ sudo usermod -aG sudo username
 # Optional: No sudo password for username, add the following line under %sudo. 
 $ sudo visudo
 username ALL=(ALL) NOPASSWD:ALL
 # Optional: Fix bash shell not showing username and hostname
 $ sudo chsh -s /bin/bash username
 # Optional: Change hostname - Logout/login to see changes.
 $ sudo hostnamectl set-hostname "hostname-here"
 $ sudo su -c "echo '127.0.1.1 hostname-here' >> /etc/hosts"

Systemd Managed Jupyterhub

 $ sudo su -c "curl 'https://raw.githubusercontent.com/decyphertek-io/ansible/main/roles/Jupyterhub/files/jupyterhub.service' >> /etc/systemd/system/jupyterhub.service"

Config - Azure MFA Setup

 # Azure AD > Tenant Properties > Tenant ID 
 # Azure AD > Enterprise Apps > Create new App > APP ID 
 # Azure AD > App Registration > Certs & Secrets > Create a new secret ID
 # Azure AD > AppRegistration > Authetntication > Add https://ip-or-domain/hub/oauth_callback

 $ sudo vim /etc/jupyterhub/jupyterhub_config.py   
 ###Azure AD MFA ### 
 from oauthenticator.azuread import AzureAdOAuthenticator 
 c.JupyterHub.authenticator_class = AzureAdOAuthenticator 
 c.Application.log_level = 'DEBUG' 
 c.AzureAdOAuthenticator.tenant_id = 'AAD_TENANT_ID'
 c.AzureAdOAuthenticator.oauth_callback_url = 'https://domain_or_ip/hub/oauth_callback' 
 c.AzureAdOAuthenticator.client_id = 'AAD_APP_CLIENT_ID'
 c.AzureAdOAuthenticator.client_secret = 'AAD_APP_CLIENT_SECRET'
 c.AzureAdOAuthenticator.scope = ['openid','profile']
 c.AzureAdOAuthenticator.username_claim = ‘upn' OR 'given_name’

 ###Server Config### 
 #0.0.0.0 if using PAM, if using AzureAD , need to set server IP. Can set any port, avoid port conflicts.
 c.JupyterHub.ssl_key = '/etc/ssl/private/private-ssl.key' 
 c.JupyterHub.ssl_cert = '/etc/ssl/certs/private-ssl.crt'
 c.JupyterHub.ip = '0.0.0.0' 
 c.JupyterHub.port = 443

 ###Admin Spawner### 
 c.JupyterHub.admin_access = True

 ###Notebook Idle Shutdown### 
 c.ServerApp.shutdown_no_activity_timeout = 60 * 60
 c.MappingKernelManager.cull_idle_timeout = 20 * 60
 c.MappingKernelManager.cull_interval = 2 * 60

 ###Custom Logo###
 c.JupyterHub.logo_file = '/usr/local/share/jupyterhub/static/images/logo.png'

 ###Allowed Multiple named Servers###
 c.JupyterHub.allow_named_servers = True
 c.JupyterHub.named_server_limit_per_user = 5

 #Any port can be set, avoid port conflicts
 #AWS Security group - allow tcp inbound on port

SSSD Install

 $ sudo apt install sssd sssd-tools libnss-sss libpam-sss samba-common-bin packagekit python3-sss realmd
 $ sudo su -c "curl 'https://raw.githubusercontent.com/decyphertek-io/ansible/main/roles/sssd/files/sssd.conf' >> /etc/sssd/sssd.conf"
 # Use realmd to add to AD, if issues with sssd on certain OS versions. 
 $ sudo systemctl restart sssd 
 # SSH into server - yourusername@ip-of-server

Optional:How to setup and install R on JupyterHub

 !!! Caution - This is Experimental and may not work correctly !!!
 $ sudo apt install r-base
 $ jupyter kernelspec list
 $ sudo mkdir /usr/local/share/jupyter/kernels/R/
 $ sudo su -c "curl 'https://raw.githubusercontent.com/decyphertek-io/ansible/main/roles/Jupyterhub/files/kernel.json' >> /usr/local/share/jupyter/kernels/R/kernel.json"
 # Login as your user in Jupyterhub and openup a terminal
 $ which R
 $ /usr/bin/R
 > install.packages('IRkernel')
 # Yes to all ( Have to select your own user env choice ) 
 # Log out and back in .

Managing Server

 # Start the server
 $ sudo systemctl start jupyterhub
 # Stop the server
 $ sudo systemctl stop jupyterhub
 # restart server
 $ sudo systemctl restart jupyterhub
 # check status
 $ sudo systemctl status jupyterhub
 # enable on startup
 $ sudo systemctl enable jupyterhub

TroubleShooting

 $ sudo jupyterhub -f /etc/jupyterhub/jupyterhub_config.py | logger -t jupyterhub
 $ sudo jupyter troubleshooting --help
 $ sudo jupyterhub --debug
 $ ps aux | grep jupyterhub
 $ sudo kill -9 pid

Upgrade

 $ sudo -H python3 -m pip install --upgrade jupyterhub== <version> 
 $ sudo jupyterhub upgrade-db

Optional: Python3 packages

 $ sudo -H python3 -m pip install numpy scipy matplotlib pandas

Optional: CIS Can break permisisons

 $ sudo chmod 644 /usr/share/keyrings/nodesource.gpg

References

 https://jupyterhub.readthedocs.io/en/stable/quickstart.html#prerequisites
 https://jupyterhub.readthedocs.io/en/stable/getting-started/authenticators-users-basics.html
 https://jupyterhub.readthedocs.io/en/stable/troubleshooting.html
 https://aws.amazon.com/premiumsupport/knowledge-center/ec2-static-dns-ubuntu-debian
 https://hpc.llnl.gov/services/jupyterhub-and-jupyter-notebooks/jupyterhub-r-kernel
 https://github.com/nodesource/distributions/issues/1181