-
Notifications
You must be signed in to change notification settings - Fork 3
Dockerfiles
For the Jupyterhub Dockerimage I use the jupyterhub-deploy-docker repo as the source for my Dockerfile and the whole build concept. EXPLAINED SOMEWHERE ELSE
This Dockerfile is based on the jupyterhub/jupyterhub-onbuild:0.7.2 image. Furthermore, the LDAPAuthenticator and the DockerSwarmSpawner are inserted and installed in the first part of the Dockerfile. Then Docker is installed inside the Jupyterhub image. When starting the service and binding the /var/docker/socket/ folder inside the jupyterhub service, the service is able to spawn new services from within the service (note dont use the word service again). In addition the certs are getting injected and the config files added.
Here comes the strange part. I had do run RUN pip uninstall --yes docker docker-py ; pip install docker at this point, which uninstalls docker and docker-py and reinstalls docker. I had a weird problem with an get_auth_header error caused by docker-py. I personally think that these to packages disturb each other. I will try to add a link to the issue, where I found the solution.
In my project I use two types of notebook servers. A version for teachers, who are able to create assignments and use the formgrader and a students version, which can only attempt assignments and submit them into the exchange directory. More information about nbgrader can be found here.
I am using jupyter/scipy-notebook as my base-image for all my Notebook Docker-Images. Although, many libraries are preinstalled in the scipy-notebook image, I needed to install the list of dependencies beneath to install the IHasekell kernel.
RUN apt-get update && apt-get install -y curl \
libtinfo-dev \
libzmq3-dev \
libcairo2-dev \
libpango1.0-dev \
libmagic-dev \
libblas-dev \
liblapack-dev && \
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 575159689BEFB442 && \
echo 'deb http://download.fpcomplete.com/ubuntu trusty main' > /etc/apt/sources.list.d/fpco.list && \
curl -sSL https://get.haskellstack.org/ | sh && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
I always end the Notebook Dockerfiles by switching to USER root. One would say 'Hey, that's not cool!', but I can tell you this is indented. Every notebook server aka Dockerimage will be run with the arg start-singleuser.sh, which takes a punch of environment variables and executes the scirpt start.sh with them. All these scripts are added in the jupyter/base-notebook image. Well, the start.sh script checks the user, which is executing the script and if the user is root, the magic kicks in. After it is approved that root wants to start the server, the ENV Variable UID gets checked. If it is present the UID of $NB_USER aka jovyan gets changed usermod -u $NB_UID $NB_USER. If the ENV GID is present the group of $NB_USER gets modified groupmod -g $NB_GID -o $(id -g -n $NB_USER). At the end root executes the notebook as the $NB_USER, which provides the long awaited security. Happy End!
The Teachernotebook is based on jupyter/scipy-notebook and is used by the walki12/studentnotebook. My instructor told me he would love to use Haskell in Jupyter Notebooks, so I installed it from this repo. Although I used the installation guide provided, I had to modify it a bit and preinstall the list of libraries displayed above:
#Haskell Installation
RUN git clone https://github.com/gibiansky/IHaskell && cd IHaskell && \
umask 0002 && pip3 install -r requirements.txt && stack setup && \
stack install gtk2hs-buildtools && \
stack install --fast && \
stack exec ihaskell -- install --stack
Furthermore I could install the JavaScript kernel from here.
#JavaScript Installation
RUN git clone https://github.com/notablemind/jupyter-nodejs.git && cd jupyter-nodejs && \
umask 0002 && mkdir -p ~/.ipython/kernels/nodejs/ && \
npm install && node install.js && \
npm run build && npm run build-ext
It is very important to install all kernels as $NB_USER so there are no permission problems when starting the notebook server. I also use the umask 0002 command in every installation. This will be explained here->WIKI.
All files and folders, which are created during the installation, will get full-rights (rwx/folders-rw/files) for the owner and the group. In this case the user jovyan and the group users. It is very important for this project, because while starting a notebook server, the start.sh script will change the UID and username of $NB_USER. Furthermore, the GID of the group users will also be changed. If this happens the changed $NB_USER will have no rights to work with the kernels. If one would not create the files with full-right group permissions, permissions for all installed kernels need to be changed chown newuser:GID -R /opt/conda. Well, I can tell that this can take a while when you have up to 6GB of files.
The 'trick' is to change the UID and username of $NB_USER so the user is still in the same group. The change of the GID has no changes on the group itself groupmod -g $NB_GID -o $(id -g -n $NB_USER). This just changes the id but not the assignment. -> move to own page 👯♂️
This notebook server can use all kernels, which are installed in the walki12/teachernotebook and use the nbgrader. The only difference is, that the Formgrader and Create Assignment extensions are disabled for the student.
FROM walki12/teachernotebook
USER $NB_USER
RUN jupyter nbextension disable --user create_assignment/main
RUN jupyter nbextension disable --user formgrader/main --section=tree
RUN jupyter serverextension disable --user nbgrader.server_extensions.formgrader
USER root
I was not able to install nbgrader after I installed the Haskell and JavaScriptKernel, because I always could not start the notebook because of a Permission denied Error for the folder /home/jovyan/.local/jupyter/runtime. After I installed the nbgrader before the kernels everything worked out fine.