diff --git a/.circleci/config.yml b/.circleci/config.yml index 622622e..d344bc3 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -113,7 +113,7 @@ jobs: - run: name: Check upgrade testing command: | - if [ "$CIRCLE_BRANCH" == "master" ]; then + if [ "$CIRCLE_BRANCH" == "main" ]; then echo "On master, no upgrade to test..." circleci-agent step halt else diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml new file mode 100644 index 0000000..19d8f46 --- /dev/null +++ b/.github/dependabot.yaml @@ -0,0 +1,17 @@ +# dependabot.yaml reference: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file +# +# Notes: +# - Status and logs from dependabot are provided at +# https://github.com/jupyterhub/the-littlest-jupyterhub/network/updates. +# - YAML anchors are not supported here or in GitHub Workflows. +# +version: 2 +updates: + # Maintain dependencies in our GitHub Workflows + - package-ecosystem: github-actions + directory: / + labels: [ci] + schedule: + interval: monthly + time: "05:00" + timezone: Etc/UTC diff --git a/.github/integration-test.py b/.github/integration-test.py index 6d05ecb..fcb8768 100755 --- a/.github/integration-test.py +++ b/.github/integration-test.py @@ -1,136 +1,199 @@ #!/usr/bin/env python3 import argparse -import subprocess +import functools import os +import subprocess +import time +from shutil import which + +GIT_REPO_PATH = os.path.abspath(os.path.dirname(os.path.dirname(__file__))) +TEST_IMAGE_NAME = "test-systemd" -def build_systemd_image(image_name, source_path, build_args=None): +@functools.lru_cache() +def _get_container_runtime_cli(): + runtimes = ["docker", "podman"] + for runtime in runtimes: + if which(runtime): + return runtime + raise RuntimeError(f"No container runtime CLI found, tried: {' '.join(runtimes)}") + + +def _cli(args, log_failure=True): + cmd = [_get_container_runtime_cli(), *args] + try: + return subprocess.check_output(cmd, text=True, stderr=subprocess.STDOUT) + except subprocess.CalledProcessError: + if log_failure: + print(f"{cmd} failed!", flush=True) + raise + + +def _await_container_startup(container_name, timeout=60): """ - Build docker image with systemd at source_path. - - Built image is tagged with image_name + Await container to become ready, as checked by attempting to run a basic + command (id) inside it. """ - cmd = ["docker", "build", f"-t={image_name}", source_path] - if build_args: - cmd.extend([f"--build-arg={ba}" for ba in build_args]) - subprocess.check_call(cmd) + start = time.time() + while True: + try: + _cli(["exec", "-t", container_name, "id"], log_failure=False) + return + except subprocess.CalledProcessError: + if time.time() - start > timeout: + inspect = "" + logs = "" + try: + inspect = _cli(["inspect", container_name], log_failure=False) + except subprocess.CalledProcessError as e: + inspect = e.output + try: + logs = _cli(["logs", container_name], log_failure=False) + except subprocess.CalledProcessError as e: + logs = e.output + raise RuntimeError( + f"Container {container_name} failed to start! Debugging info follows...\n\n" + f"> docker inspect {container_name}\n" + "----------------------------------------\n" + f"{inspect}\n" + f"> docker logs {container_name}\n" + "----------------------------------------\n" + f"{logs}\n" + ) + time.sleep(1) -def run_systemd_image(image_name, container_name, bootstrap_pip_spec): +def build_image(build_args=None): """ - Run docker image with systemd - - Image named image_name should be built with build_systemd_image. - - Container named container_name will be started. + Build Dockerfile with systemd in the integration-tests folder to run tests + from. + """ + cmd = [ + _get_container_runtime_cli(), + "build", + f"--tag={TEST_IMAGE_NAME}", + "integration-tests", + ] + if build_args: + cmd.extend([f"--build-arg={ba}" for ba in build_args]) + + subprocess.run(cmd, check=True, text=True) + + +def start_container(container_name, bootstrap_pip_spec): + """ + Starts a container based on an image expected to start systemd. """ cmd = [ - "docker", "run", - "--privileged", - "--mount=type=bind,source=/sys/fs/cgroup,target=/sys/fs/cgroup", + "--rm", "--detach", + "--privileged", f"--name={container_name}", # A bit less than 1GB to ensure TLJH runs on 1GB VMs. # If this is changed all docs references to the required memory must be changed too. "--memory=900m", ] - if bootstrap_pip_spec: - cmd.append("-e") - cmd.append(f"TLJH_BOOTSTRAP_PIP_SPEC={bootstrap_pip_spec}") + cmd.append(f"--env=TLJH_BOOTSTRAP_PIP_SPEC={bootstrap_pip_spec}") + else: + cmd.append("--env=TLJH_BOOTSTRAP_DEV=yes") + cmd.append("--env=TLJH_BOOTSTRAP_PIP_SPEC=/srv/src") + cmd.append(TEST_IMAGE_NAME) - cmd.append(image_name) - - subprocess.check_call(cmd) + return _cli(cmd) def stop_container(container_name): """ - Stop & remove docker container if it exists. + Stop and remove docker container if it exists. """ try: - subprocess.check_output( - ["docker", "inspect", container_name], stderr=subprocess.STDOUT - ) + return _cli(["rm", "--force", container_name], log_failure=False) except subprocess.CalledProcessError: - # No such container exists, nothing to do - return - subprocess.check_call(["docker", "rm", "-f", container_name]) + pass -def run_container_command(container_name, cmd): +def run_command(container_name, command): """ - Run cmd in a running container with a bash shell + Run a bash command in a running container and error if it fails """ - proc = subprocess.run( - ["docker", "exec", "-t", container_name, "/bin/bash", "-c", cmd], check=True - ) + cmd = [ + _get_container_runtime_cli(), + "exec", + "-t", + container_name, + "/bin/bash", + "-c", + command, + ] + print(f"\nRunning: {cmd}\n----------------------------------------", flush=True) + subprocess.run(cmd, check=True, text=True) def copy_to_container(container_name, src_path, dest_path): """ - Copy files from src_path to dest_path inside container_name + Copy files from a path on the local file system to a destination in a + running container """ - subprocess.check_call(["docker", "cp", src_path, f"{container_name}:{dest_path}"]) + _cli(["cp", src_path, f"{container_name}:{dest_path}"]) def run_test( - image_name, test_name, bootstrap_pip_spec, test_files, upgrade, installer_args + container_name, + bootstrap_pip_spec, + test_files, + upgrade_from, + installer_args, ): """ - Wrapper that sets up tljh with installer_args & runs test_name + (Re-)starts a named container with given (Systemd based) image, then runs + the bootstrap script inside it to setup tljh with installer_args. + + Thereafter, source files are copied to the container and """ - stop_container(test_name) - run_systemd_image(image_name, test_name, bootstrap_pip_spec) + stop_container(container_name) + start_container(container_name, bootstrap_pip_spec) + _await_container_startup(container_name) + copy_to_container(container_name, GIT_REPO_PATH, "/srv/src") - source_path = os.path.abspath(os.path.join(os.path.dirname(__file__), os.pardir)) + # To test upgrades, we run a bootstrap.py script two times instead of one, + # where the initial run first installs some older version. + # + # We want to support testing a PR by upgrading from "main", "latest" (latest + # released version), and from a previous major-like version. + # + if upgrade_from: + command = f"python3 /srv/src/bootstrap/bootstrap.py --version={upgrade_from}" + run_command(container_name, command) - copy_to_container(test_name, os.path.join(source_path, "bootstrap/."), "/srv/src") - copy_to_container( - test_name, os.path.join(source_path, "integration-tests/"), "/srv/src" - ) - - # These logs can be very relevant to debug a container startup failure - print(f"--- Start of logs from the container: {test_name}") - print(subprocess.check_output(["docker", "logs", test_name]).decode()) - print(f"--- End of logs from the container: {test_name}") - - # Install TLJH from the default branch first to test upgrades - if upgrade: - run_container_command( - test_name, "curl -L https://tljh.jupyter.org/bootstrap.py | python3 -" - ) - - run_container_command(test_name, f"python3 /srv/src/bootstrap.py {installer_args}") + command = f"python3 /srv/src/bootstrap/bootstrap.py {' '.join(installer_args)}" + run_command(container_name, command) # Install pkgs from requirements in hub's pip, where # the bootstrap script installed the others - run_container_command( - test_name, - "/opt/tljh/hub/bin/python3 -m pip install -r /srv/src/integration-tests/requirements.txt", - ) - run_container_command( - test_name, - # We abort pytest after two failures as a compromise between wanting to - # avoid a flood of logs while still understanding if multiple tests - # would fail. - "/opt/tljh/hub/bin/python3 -m pytest --verbose --maxfail=2 --color=yes --durations=10 --capture=no {}".format( - " ".join( - [os.path.join("/srv/src/integration-tests/", f) for f in test_files] - ) - ), - ) + command = "/opt/tljh/hub/bin/python3 -m pip install -r /srv/src/integration-tests/requirements.txt" + run_command(container_name, command) + + # show environment + command = "/opt/tljh/hub/bin/python3 -m pip freeze" + run_command(container_name, command) + + # run tests + test_files = " ".join([f"/srv/src/integration-tests/{f}" for f in test_files]) + command = f"/opt/tljh/hub/bin/python3 -m pytest {test_files}" + run_command(container_name, command) def show_logs(container_name): """ - Print logs from inside container to stdout + Print jupyterhub and traefik status and logs from both. + + tljh logs ref: https://tljh.jupyter.org/en/latest/troubleshooting/logs.html """ - run_container_command(container_name, "journalctl --no-pager") - run_container_command( - container_name, "systemctl --no-pager status jupyterhub traefik" - ) + run_command(container_name, "systemctl --no-pager status jupyterhub traefik") + run_command(container_name, "journalctl --no-pager -u jupyterhub") + run_command(container_name, "journalctl --no-pager -u traefik") def main(): @@ -138,15 +201,13 @@ def main(): subparsers = argparser.add_subparsers(dest="action") build_image_parser = subparsers.add_parser("build-image") - build_image_parser.add_argument( - "--build-arg", - action="append", - dest="build_args", - ) + build_image_parser.add_argument("--build-arg", action="append", dest="build_args") - subparsers.add_parser("stop-container").add_argument("container_name") + start_container_parser = subparsers.add_parser("start-container") + start_container_parser.add_argument("container_name") - subparsers.add_parser("start-container").add_argument("container_name") + stop_container_parser = subparsers.add_parser("stop-container") + stop_container_parser.add_argument("container_name") run_parser = subparsers.add_parser("run") run_parser.add_argument("container_name") @@ -158,12 +219,10 @@ def main(): copy_parser.add_argument("dest") run_test_parser = subparsers.add_parser("run-test") - run_test_parser.add_argument("--installer-args", default="") - run_test_parser.add_argument("--upgrade", action="store_true") - run_test_parser.add_argument( - "--bootstrap-pip-spec", nargs="?", default="", type=str - ) - run_test_parser.add_argument("test_name") + run_test_parser.add_argument("--installer-args", action="append") + run_test_parser.add_argument("--upgrade-from", default="") + run_test_parser.add_argument("--bootstrap-pip-spec", default="/srv/src") + run_test_parser.add_argument("container_name") run_test_parser.add_argument("test_files", nargs="+") show_logs_parser = subparsers.add_parser("show-logs") @@ -171,29 +230,26 @@ def main(): args = argparser.parse_args() - image_name = "tljh-systemd" - - if args.action == "run-test": + if args.action == "build-image": + build_image(args.build_args) + elif args.action == "start-container": + start_container(args.container_name, args.bootstrap_pip_spec) + elif args.action == "stop-container": + stop_container(args.container_name) + elif args.action == "run": + run_command(args.container_name, args.command) + elif args.action == "copy": + copy_to_container(args.container_name, args.src, args.dest) + elif args.action == "run-test": run_test( - image_name, - args.test_name, + args.container_name, args.bootstrap_pip_spec, args.test_files, - args.upgrade, + args.upgrade_from, args.installer_args, ) elif args.action == "show-logs": show_logs(args.container_name) - elif args.action == "run": - run_container_command(args.container_name, args.command) - elif args.action == "copy": - copy_to_container(args.container_name, args.src, args.dest) - elif args.action == "start-container": - run_systemd_image(image_name, args.container_name, args.bootstrap_pip_spec) - elif args.action == "stop-container": - stop_container(args.container_name) - elif args.action == "build-image": - build_systemd_image(image_name, "integration-tests", args.build_args) if __name__ == "__main__": diff --git a/.github/workflows/integration-test.yaml b/.github/workflows/integration-test.yaml index 50d2fd3..feba78d 100644 --- a/.github/workflows/integration-test.yaml +++ b/.github/workflows/integration-test.yaml @@ -8,14 +8,12 @@ on: paths-ignore: - "docs/**" - "**.md" - - "**.rst" - ".github/workflows/*" - "!.github/workflows/integration-test.yaml" push: paths-ignore: - "docs/**" - "**.md" - - "**.rst" - ".github/workflows/*" - "!.github/workflows/integration-test.yaml" branches-ignore: @@ -24,159 +22,123 @@ on: workflow_dispatch: jobs: - # This job is used as a workaround to a limitation when using a matrix of - # variations that a job should be executed against. The limitation is that a - # matrix once defined can't include any conditions. - # - # What this job does before our real test job with a matrix of variations run, - # is to decide on that matrix of variations a conditional logic of our choice. - # - # For more details, see this excellent stack overflow answer: - # https://stackoverflow.com/a/65434401/2220152 - # - decide-on-test-jobs-to-run: - name: Decide on test jobs to run - runs-on: ubuntu-latest - - outputs: - matrix: ${{ steps.set-matrix.outputs.matrix }} - - steps: - # Currently, this logic filters out a matrix entry equaling a specific git - # reference identified by "dont_run_on_ref". - - name: Decide on test jobs to run - id: set-matrix - run: | - matrix_post_filter=$( - echo "$matrix_include_pre_filter" \ - | yq e --output-format=json '.' - \ - | jq '{"include": map( . | select(.dont_run_on_ref != "${{ github.ref }}" ))}' - ) - echo ::set-output name=matrix::$(echo "$matrix_post_filter") - - echo "The subsequent job's matrix are:" - echo $matrix_post_filter | jq '.' - env: - matrix_include_pre_filter: | - - name: "Int. tests: Ubuntu 18.04, Py 3.6" - ubuntu_version: "18.04" - python_version: "3.6" - extra_flags: "" - - name: "Int. tests: Ubuntu 20.04, Py 3.9" - ubuntu_version: "20.04" - python_version: "3.9" - extra_flags: "" - - name: "Int. tests: Ubuntu 21.10, Py 3.9" - runs_on: "20.04" - ubuntu_version: "21.10" - python_version: "3.9" - extra_flags: "" - - name: "Int. tests: Ubuntu 20.04, Py 3.9, --upgrade" - ubuntu_version: "20.04" - python_version: "3.9" - extra_flags: --upgrade - dont_run_on_ref: refs/heads/master - integration-tests: - needs: decide-on-test-jobs-to-run - - # runs-on can only be configured to the LTS releases of ubuntu (18.04, - # 20.04, ...), so if we want to test against the latest non-LTS release, we - # must compromise when configuring runs-on and configure runs-on to be the - # latest LTS release instead. - # - # This can have consequences because actions like actions/setup-python will - # mount cached installations associated with the chosen runs-on environment. - # - runs-on: ${{ format('ubuntu-{0}', matrix.runs_on || matrix.ubuntu_version) }} + # integration tests run in a container, + # not in the worker, so this version is not relevant to the tests + # and can be the same for all tested versions + runs-on: ubuntu-22.04 name: ${{ matrix.name }} strategy: fail-fast: false - matrix: ${{ fromJson(needs.decide-on-test-jobs-to-run.outputs.matrix) }} + matrix: + include: + - name: "Debian 11, Py 3.9" + distro_image: "debian:11" + extra_flags: "" + - name: "Ubuntu 20.04, Py 3.8" + distro_image: "ubuntu:20.04" + extra_flags: "" + - name: "Ubuntu 22.04 Py 3.10" + distro_image: "ubuntu:22.04" + extra_flags: "" + - name: "Ubuntu 22.04, Py 3.10, from main" + distro_image: "ubuntu:22.04" + extra_flags: --upgrade-from=main + - name: "Ubuntu 22.04, Py 3.10, from latest" + distro_image: "ubuntu:22.04" + extra_flags: --upgrade-from=latest + - name: "Ubuntu 22.04, Py 3.10, from 0.2.0" + distro_image: "ubuntu:22.04" + extra_flags: --upgrade-from=0.2.0 steps: - - uses: actions/checkout@v2 - - uses: actions/setup-python@v2 + - uses: actions/checkout@v3 + - uses: actions/setup-python@v4 with: - python-version: ${{ matrix.python_version }} + python-version: "3.10" - - name: Install pytest - run: python3 -m pip install pytest - - # We abort pytest after two failures as a compromise between wanting to - # avoid a flood of logs while still understanding if multiple tests would - # fail. - - name: Run bootstrap tests (Runs in/Builds ubuntu:${{ matrix.ubuntu_version }} derived image) - run: | - pytest --verbose --maxfail=2 --color=yes --durations=10 --capture=no \ - integration-tests/test_bootstrap.py - timeout-minutes: 15 - env: - # integration-tests/test_bootstrap.py will build and start containers - # based on this environment variable. This is similar to how - # .github/integration-test.py build-image can take a --build-arg - # setting the ubuntu_version. - UBUNTU_VERSION: ${{ matrix.ubuntu_version }} - - # We build a docker image from wherein we will work - - name: Build systemd image (Builds ubuntu:${{ matrix.ubuntu_version }} derived image) + - name: Build systemd image, derived from ${{ matrix.distro_image }} run: | .github/integration-test.py build-image \ - --build-arg "ubuntu_version=${{ matrix.ubuntu_version }}" + --build-arg "BASE_IMAGE=${{ matrix.distro_image }}" - # FIXME: Make the logic below easier to follow. - # - In short, setting BOOTSTRAP_PIP_SPEC here, specifies from what - # location the tljh python package should be installed from. In this - # GitHub Workflow's test job, we provide a remote reference to itself as - # found on GitHub - this could be the HEAD of a PR branch or the default - # branch on merge. - # # Overview of how this logic influences the end result. # - integration-test.yaml: - # Runs integration-test.py by passing --bootstrap-pip-spec flag with a - # reference to the pull request on GitHub. - # - integration-test.py: - # Starts a pre-build systemd container, setting the - # TLJH_BOOTSTRAP_PIP_SPEC based on its passed --bootstrap-pip-spec value. - # - systemd container: - # Runs bootstrap.py - # - bootstrap.py - # Makes use of TLJH_BOOTSTRAP_PIP_SPEC environment variable to install - # the tljh package from a given location, which could be a local git - # clone of this repo where setup.py resides, or a reference to some - # GitHub branch for example. - - name: Set BOOTSTRAP_PIP_SPEC value + # + # - Runs integration-test.py build-image, to build a systemd based image + # to use later. + # + # - Runs integration-test.py run-tests, to start a systemd based + # container, run the bootstrap.py script inside it, and then run + # pytest from the hub python environment setup by the bootstrap + # script. + # + # About passed --installer-args: + # + # - --admin admin:admin + # Required for test_admin_installer.py + # + # - --plugin /srv/src/integration-tests/plugins/simplest + # Required for test_simplest_plugin.py + # + - name: pytest integration-tests/ + id: integration-tests run: | - BOOTSTRAP_PIP_SPEC="git+https://github.com/$GITHUB_REPOSITORY.git@$GITHUB_REF" - echo "BOOTSTRAP_PIP_SPEC=$BOOTSTRAP_PIP_SPEC" >> $GITHUB_ENV - echo $BOOTSTRAP_PIP_SPEC - - - name: Run basic tests (Runs in ubuntu:${{ matrix.ubuntu_version }} derived image) - run: | - .github/integration-test.py run-test basic-tests \ - --bootstrap-pip-spec "$BOOTSTRAP_PIP_SPEC" \ + .github/integration-test.py run-test integration-tests \ + --installer-args "--admin test-admin-username:test-admin-password" \ + --installer-args "--plugin /srv/src/integration-tests/plugins/simplest" \ ${{ matrix.extra_flags }} \ test_hub.py \ test_proxy.py \ test_install.py \ - test_extensions.py - timeout-minutes: 15 - - - name: Run admin tests (Runs in ubuntu:${{ matrix.ubuntu_version }} derived image) - run: | - .github/integration-test.py run-test admin-tests \ - --installer-args "--admin admin:admin" \ - --bootstrap-pip-spec "$BOOTSTRAP_PIP_SPEC" \ - ${{ matrix.extra_flags }} \ - test_admin_installer.py - timeout-minutes: 15 - - - name: Run plugin tests (Runs in ubuntu:${{ matrix.ubuntu_version }} derived image) - run: | - .github/integration-test.py run-test plugin-tests \ - --bootstrap-pip-spec "$BOOTSTRAP_PIP_SPEC" \ - --installer-args "--plugin /srv/src/integration-tests/plugins/simplest" \ - ${{ matrix.extra_flags }} \ + test_extensions.py \ + test_admin_installer.py \ test_simplest_plugin.py timeout-minutes: 15 + - name: show logs + if: always() && steps.integration-tests.outcome != 'skipped' + run: | + .github/integration-test.py show-logs integration-tests + + integration-tests-bootstrap: + # integration tests run in a container, + # not in the worker, so this version is not relevant to the tests + # and can be the same for all tested versions + runs-on: ubuntu-22.04 + + name: ${{ matrix.name }} + strategy: + fail-fast: false + matrix: + include: + - name: "Ubuntu 22.04 Py 3.10 (test_bootstrap.py)" + distro_image: "ubuntu:22.04" + + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-python@v4 + with: + python-version: "3.10" + + # FIXME: The test_bootstrap.py script has duplicated logic to run build + # and start images and run things in them. This makes tests slower, + # and adds code to maintain. Let's try to remove it. + # + # - bootstrap.py's failure detections, put in unit tests? + # - bootstrap.py's --show-progress-page test, include as a normal + # integration test? + # + - name: Install integration-tests/requirements.txt for test_bootstrap.py + run: pip install -r integration-tests/requirements.txt + + - name: Run bootstrap tests (Runs in/Builds ${{ matrix.distro_image }} derived image) + run: | + pytest integration-tests/test_bootstrap.py + timeout-minutes: 10 + env: + # integration-tests/test_bootstrap.py will build and start containers + # based on this environment variable. This is similar to how + # .github/integration-test.py build-image can take a --build-arg + # setting the base image via a Dockerfile ARG. + BASE_IMAGE: ${{ matrix.distro_image }} diff --git a/.github/workflows/unit-test.yaml b/.github/workflows/unit-test.yaml index 5de90ce..ea7e1e2 100644 --- a/.github/workflows/unit-test.yaml +++ b/.github/workflows/unit-test.yaml @@ -8,14 +8,12 @@ on: paths-ignore: - "docs/**" - "**.md" - - "**.rst" - ".github/workflows/*" - "!.github/workflows/unit-test.yaml" push: paths-ignore: - "docs/**" - "**.md" - - "**.rst" - ".github/workflows/*" - "!.github/workflows/unit-test.yaml" branches-ignore: @@ -42,25 +40,18 @@ jobs: fail-fast: false matrix: include: - - name: "Unit tests: Ubuntu 18.04, Py 3.6" - ubuntu_version: "18.04" - python_version: "3.6" - - name: "Unit tests: Ubuntu 20.04, Py 3.9" + - name: "Ubuntu 20.04, Py 3.9" ubuntu_version: "20.04" python_version: "3.9" - # Test against Ubuntu 21.10 fails as of 2021-10-18 fail with the error - # described in: https://github.com/jupyterhub/the-littlest-jupyterhub/issues/714#issuecomment-945154101 - # - # - name: "Unit tests: Ubuntu 21.10, Py 3.9" - # runs_on: "20.04" - # ubuntu_version: "21.10" - # python_version: "3.9" + - name: "Ubuntu 22.04, Py 3.10" + ubuntu_version: "22.04" + python_version: "3.10" steps: - - uses: actions/checkout@v2 - - uses: actions/setup-python@v2 + - uses: actions/checkout@v3 + - uses: actions/setup-python@v4 with: - python-version: ${{ matrix.python_version }} + python-version: "${{ matrix.python_version }}" - name: Install venv, git and setup venv run: | @@ -68,6 +59,7 @@ jobs: apt-get update apt-get install --yes \ python3-venv \ + bzip2 \ git python3 -m venv /srv/venv @@ -78,7 +70,7 @@ jobs: # completion. Make sure to update the key to bust the cache # properly if you make a change that should influence it. - name: Load cached Python dependencies - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: /srv/venv/ key: >- @@ -89,20 +81,16 @@ jobs: ${{ hashFiles('setup.py', 'dev-requirements.txt', '.github/workflows/unit-test.yaml') }} - name: Install Python dependencies - # Keep pip version pinning in sync with the one in bootstrap.py! - # See changelog at https://pip.pypa.io/en/latest/news/#changelog run: | - python3 -m pip install -U "pip==21.3.*" - python3 -m pip install -r dev-requirements.txt - python3 -m pip install -e . + pip install -r dev-requirements.txt + pip install -e . + + - name: List Python dependencies + run: | pip freeze - # We abort pytest after two failures as a compromise between wanting to - # avoid a flood of logs while still understanding if multiple tests would - # fail. - name: Run unit tests - run: pytest --verbose --maxfail=2 --color=yes --durations=10 --cov=tljh tests/ + run: pytest tests timeout-minutes: 15 - - name: Upload code coverage stats - run: codecov + - uses: codecov/codecov-action@v3 diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index a075ff9..ec7d213 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -11,7 +11,7 @@ repos: # Autoformat: Python code, syntax patterns are modernized - repo: https://github.com/asottile/pyupgrade - rev: v2.29.0 + rev: v3.10.1 hooks: - id: pyupgrade args: @@ -20,21 +20,36 @@ repos: # exclude it from the pyupgrade hook that will apply f-strings etc. exclude: bootstrap/bootstrap.py + # Autoformat: Python code + - repo: https://github.com/PyCQA/autoflake + rev: v2.2.1 + hooks: + - id: autoflake + # args ref: https://github.com/PyCQA/autoflake#advanced-usage + args: + - --in-place + + # Autoformat: Python code + - repo: https://github.com/pycqa/isort + rev: 5.12.0 + hooks: + - id: isort + # Autoformat: Python code - repo: https://github.com/psf/black - rev: 21.9b0 + rev: 23.7.0 hooks: - id: black # Autoformat: markdown, yaml - repo: https://github.com/pre-commit/mirrors-prettier - rev: v2.4.1 + rev: v3.0.3 hooks: - id: prettier # Misc... - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.0.1 + rev: v4.4.0 # ref: https://github.com/pre-commit/pre-commit-hooks#hooks-available hooks: # Autoformat: Makes sure files end in a newline and only a newline. @@ -49,6 +64,10 @@ repos: # Lint: Python code - repo: https://github.com/pycqa/flake8 - rev: "4.0.1" + rev: "6.1.0" hooks: - id: flake8 + +# pre-commit.ci config reference: https://pre-commit.ci/#configuration +ci: + autoupdate_schedule: monthly diff --git a/.readthedocs.yaml b/.readthedocs.yaml index 3cdde0f..7440511 100644 --- a/.readthedocs.yaml +++ b/.readthedocs.yaml @@ -1,29 +1,17 @@ # Configuration on how ReadTheDocs (RTD) builds our documentation # ref: https://readthedocs.org/projects/the-littlest-jupyterhub/ # ref: https://docs.readthedocs.io/en/stable/config-file/v2.html - -# Required (RTD configuration version) +# version: 2 -# Set the version of Python and other tools you might need -build: - os: ubuntu-20.04 - tools: - python: "3.9" - -# Build documentation in the docs/ directory with Sphinx sphinx: configuration: docs/conf.py -# Optionally build your docs in additional formats such as PDF and ePub -formats: [] +build: + os: ubuntu-22.04 + tools: + python: "3.11" python: install: - # WARNING: This requirements file will be installed without the pip - # --upgrade flag in an existing environment. This means that if a - # package is specified without a lower boundary, we may end up - # accepting the existing version. - # - # ref: https://github.com/readthedocs/readthedocs.org/blob/0e3df509e7810e46603be47d268273c596e68455/readthedocs/doc_builder/python_environments.py#L335-L344 - requirements: docs/requirements.txt diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..c49abc5 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1 @@ +The changelog now lives in [TLJH's documentation](https://tljh.jupyter.org/en/stable/reference/changelog.html). diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst deleted file mode 100644 index e68b151..0000000 --- a/CONTRIBUTING.rst +++ /dev/null @@ -1,8 +0,0 @@ -Contributing to The Littlest JupyterHub development ---------------------------------------------------- - -This is an open source project that is developed and maintained by volunteers. -Your contribution is integral to the future of the project. Thank you! - -See the `contributing guide `_ -for information on the different ways of contributing to The Littlest JupyterHub. diff --git a/MANIFEST.in b/MANIFEST.in index 4b590a3..50c1cf7 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -1,3 +1,3 @@ include tljh/systemd-units/* include tljh/*.tpl -include tljh/requirements-base.txt +include tljh/requirements-*.txt diff --git a/README.md b/README.md index 361e8be..47c8a0f 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ # The Littlest JupyterHub [![Documentation build status](https://img.shields.io/readthedocs/the-littlest-jupyterhub?logo=read-the-docs)](https://tljh.jupyter.org/en/latest/?badge=latest) -[![GitHub Workflow Status - Test](https://img.shields.io/github/workflow/status/jupyterhub/the-littlest-jupyterhub/Unit%20tests?logo=github&label=tests)](https://github.com/jupyterhub/the-littlest-jupyterhub/actions) -[![Test coverage of code](https://codecov.io/gh/jupyterhub/the-littlest-jupyterhub/branch/master/graph/badge.svg)](https://codecov.io/gh/jupyterhub/the-littlest-jupyterhub) +[![GitHub Workflow Status - Test](https://img.shields.io/github/actions/workflow/status/jupyterhub/the-littlest-jupyterhub/integration-test.yaml?logo=github&label=tests)](https://github.com/jupyterhub/the-littlest-jupyterhub/actions) +[![Test coverage of code](https://codecov.io/gh/jupyterhub/the-littlest-jupyterhub/branch/main/graph/badge.svg)](https://codecov.io/gh/jupyterhub/the-littlest-jupyterhub) [![GitHub](https://img.shields.io/badge/issue_tracking-github-blue?logo=github)](https://github.com/jupyterhub/the-littlest-jupyterhub/issues) [![Discourse](https://img.shields.io/badge/help_forum-discourse-blue?logo=discourse)](https://discourse.jupyter.org/c/jupyterhub/tljh) [![Gitter](https://img.shields.io/badge/social_chat-gitter-blue?logo=gitter)](https://gitter.im/jupyterhub/jupyterhub) @@ -36,7 +36,7 @@ might still make breaking changes that have no clear upgrade pathway. ## Installation The Littlest JupyterHub (TLJH) can run on any server that is running at least -**Ubuntu 18.04**. Earlier versions of Ubuntu are not supported. +**Ubuntu 20.04**. Earlier versions of Ubuntu are not supported. We have several tutorials to get you started. - Tutorials to create a new server from scratch on a cloud provider & run TLJH diff --git a/bootstrap/bootstrap.py b/bootstrap/bootstrap.py index 07cd01c..ac52039 100644 --- a/bootstrap/bootstrap.py +++ b/bootstrap/bootstrap.py @@ -9,11 +9,10 @@ This script is run as: Constraints: - - The entire script should be compatible with Python 3.6, which is the on - Ubuntu 18.04+. - - The script should parse in Python 3.5 as we print error messages for using - Ubuntu 16.04+ which comes with Python 3.5 by default. This means no - f-strings can be used. + - The entire script should be compatible with Python 3.8, which is the default on + Ubuntu 20.04. + - The script should parse in Python 3.6 as we print error messages for using + Ubuntu 18.04 which comes with Python 3.6 by default. - The script must depend only on stdlib modules, as no previous installation of dependencies can be assumed. @@ -27,7 +26,7 @@ Environment variables: installing the tljh installer. Pass the values yes or no. -Command line flags: +Command line flags, from "bootstrap.py --help": The bootstrap.py script accept the following command line flags. All other flags are passed through to the tljh installer without interception by this @@ -37,15 +36,22 @@ Command line flags: logs can be accessed during installation. If this is passed, it will pass --progress-page-server-pid= to the tljh installer for later termination. + --version VERSION TLJH version or Git reference. Default 'latest' is + the most recent release. Partial versions can be + specified, for example '1', '1.0' or '1.0.0'. You + can also pass a branch name such as 'main' or a + commit hash. """ -import os -from http.server import SimpleHTTPRequestHandler, HTTPServer +import logging import multiprocessing +import os +import re +import shutil import subprocess import sys -import logging -import shutil import urllib.request +from argparse import ArgumentParser +from http.server import HTTPServer, SimpleHTTPRequestHandler progress_page_favicon_url = "https://raw.githubusercontent.com/jupyterhub/jupyterhub/main/share/jupyterhub/static/favicon.ico" progress_page_html = """ @@ -57,7 +63,7 @@ progress_page_html = """ - +
Please wait while your TLJH is setting up...
Click the button below to see the logs
@@ -131,6 +137,11 @@ progress_page_html = """ logger = logging.getLogger(__name__) +def _parse_version(vs): + """Parse a simple version into a tuple of ints""" + return tuple(int(part) for part in vs.split(".")) + + # This function is needed both by the process starting this script, and by the # TLJH installer that this script execs in the end. Make sure its replica at # tljh/utils.py stays in sync with this version! @@ -165,9 +176,32 @@ def run_subprocess(cmd, *args, **kwargs): command=printable_command, code=proc.returncode ) ) + output = proc.stdout.decode() # This produces multi line log output, unfortunately. Not sure how to fix. # For now, prioritizing human readability over machine readability. - logger.debug(proc.stdout.decode()) + logger.debug(output) + return output + + +def get_os_release_variable(key): + """ + Return value for key from /etc/os-release + + /etc/os-release is a bash file, so should use bash to parse it. + + Returns empty string if key is not found. + """ + return ( + subprocess.check_output( + [ + "/bin/bash", + "-c", + "source /etc/os-release && echo ${{{key}}}".format(key=key), + ] + ) + .decode() + .strip() + ) def ensure_host_system_can_install_tljh(): @@ -175,40 +209,22 @@ def ensure_host_system_can_install_tljh(): Check if TLJH is installable in current host system and exit with a clear error message otherwise. """ - - def get_os_release_variable(key): - """ - Return value for key from /etc/os-release - - /etc/os-release is a bash file, so should use bash to parse it. - - Returns empty string if key is not found. - """ - return ( - subprocess.check_output( - [ - "/bin/bash", - "-c", - "source /etc/os-release && echo ${{{key}}}".format(key=key), - ] - ) - .decode() - .strip() - ) - - # Require Ubuntu 18.04+ + # Require Ubuntu 20.04+ or Debian 11+ distro = get_os_release_variable("ID") - version = float(get_os_release_variable("VERSION_ID")) - if distro != "ubuntu": - print("The Littlest JupyterHub currently supports Ubuntu Linux only") + version = get_os_release_variable("VERSION_ID") + if distro not in ["ubuntu", "debian"]: + print("The Littlest JupyterHub currently supports Ubuntu or Debian Linux only") sys.exit(1) - elif float(version) < 18.04: - print("The Littlest JupyterHub requires Ubuntu 18.04 or higher") + elif distro == "ubuntu" and _parse_version(version) < (20, 4): + print("The Littlest JupyterHub requires Ubuntu 20.04 or higher") + sys.exit(1) + elif distro == "debian" and _parse_version(version) < (11,): + print("The Littlest JupyterHub requires Debian 11 or higher") sys.exit(1) - # Require Python 3.6+ - if sys.version_info < (3, 6): - print("bootstrap.py must be run with at least Python 3.6") + # Require Python 3.8+ + if sys.version_info < (3, 8): + print(f"bootstrap.py must be run with at least Python 3.8, found {sys.version}") sys.exit(1) # Require systemd (systemctl is a part of systemd) @@ -224,6 +240,7 @@ def ensure_host_system_can_install_tljh(): "For local development, see http://tljh.jupyter.org/en/latest/contributing/dev-setup.html" ) sys.exit(1) + return distro, version class ProgressPageRequestHandler(SimpleHTTPRequestHandler): @@ -250,32 +267,123 @@ class ProgressPageRequestHandler(SimpleHTTPRequestHandler): SimpleHTTPRequestHandler.send_error(self, code=403) +def _find_matching_version(all_versions, requested): + """ + Find the latest version that is less than or equal to requested. + all_versions must be int-tuples. + requested must be an int-tuple or "latest" + + Returns None if no version is found. + """ + sorted_versions = sorted(all_versions, reverse=True) + if requested == "latest": + return sorted_versions[0] + components = len(requested) + for v in sorted_versions: + if v[:components] == requested: + return v + return None + + +def _resolve_git_version(version): + """ + Resolve the version argument to a git ref using git ls-remote + - If version looks like MAJOR.MINOR.PATCH or a partial tag then fetch all tags + and return the most latest tag matching MAJOR.MINOR.PATCH + (e.g. version=0.1 -> 0.1.PATCH). This should ignore dev tags + - If version='latest' then return the latest release tag + - Otherwise assume version is a branch or hash and return it without checking + """ + + if version != "latest" and not re.match(r"\d+(\.\d+)?(\.\d+)?$", version): + return version + + all_versions = set() + out = run_subprocess( + [ + "git", + "ls-remote", + "--tags", + "--refs", + "https://github.com/jupyterhub/the-littlest-jupyterhub.git", + ] + ) + + for line in out.splitlines(): + m = re.match(r"(?P[a-f0-9]+)\s+refs/tags/(?P[\S]+)$", line) + if not m: + raise Exception("Unexpected git ls-remote output: {}".format(line)) + tag = m.group("tag") + if tag == version: + return tag + if re.match(r"\d+\.\d+\.\d+$", tag): + all_versions.add(tuple(int(v) for v in tag.split("."))) + + if not all_versions: + raise Exception("No MAJOR.MINOR.PATCH git tags found") + + if version == "latest": + requested = "latest" + else: + requested = tuple(int(v) for v in version.split(".")) + found = _find_matching_version(all_versions, requested) + if not found: + raise Exception( + "No version matching {} found {}".format(version, sorted(all_versions)) + ) + return ".".join(str(f) for f in found) + + def main(): """ - This script intercepts the --show-progress-page flag, but all other flags - are passed through to the TLJH installer script. + This bootstrap script intercepts some command line flags, everything else is + passed through to the TLJH installer script. The --show-progress-page flag indicates that the bootstrap script should start a local webserver temporarily and report its installation progress via a web site served locally on port 80. """ - ensure_host_system_can_install_tljh() + distro, version = ensure_host_system_can_install_tljh() + + parser = ArgumentParser( + description=( + "The bootstrap.py script accept the following command line flags. " + "All other flags are passed through to the tljh installer without " + "interception by this script." + ) + ) + parser.add_argument( + "--show-progress-page", + action="store_true", + help=( + "Starts a local web server listening on port 80 where logs can be " + "accessed during installation. If this is passed, it will pass " + "--progress-page-server-pid= to the tljh installer for later " + "termination." + ), + ) + parser.add_argument( + "--version", + default="", + help=( + "TLJH version or Git reference. " + "Default 'latest' is the most recent release. " + "Partial versions can be specified, for example '1', '1.0' or '1.0.0'. " + "You can also pass a branch name such as 'main' or a commit hash." + ), + ) + args, tljh_installer_flags = parser.parse_known_args() # Various related constants install_prefix = os.environ.get("TLJH_INSTALL_PREFIX", "/opt/tljh") - hub_prefix = os.path.join(install_prefix, "hub") - python_bin = os.path.join(hub_prefix, "bin", "python3") - pip_bin = os.path.join(hub_prefix, "bin", "pip") - initial_setup = not os.path.exists(python_bin) + hub_env_prefix = os.path.join(install_prefix, "hub") + hub_env_python = os.path.join(hub_env_prefix, "bin", "python3") + hub_env_pip = os.path.join(hub_env_prefix, "bin", "pip") + initial_setup = not os.path.exists(hub_env_python) # Attempt to start a web server to serve a progress page reporting # installation progress. - tljh_installer_flags = sys.argv[1:] - if "--show-progress-page" in tljh_installer_flags: - # Remove the bootstrap specific flag and let all other flags pass - # through to the installer. - tljh_installer_flags.remove("--show-progress-page") - + if args.show_progress_page: # Write HTML and a favicon to be served by our webserver with open("/var/run/index.html", "w+") as f: f.write(progress_page_html) @@ -345,7 +453,9 @@ def main(): ["apt-get", "install", "--yes", "software-properties-common"], env=apt_get_adjusted_env, ) - run_subprocess(["add-apt-repository", "universe", "--yes"]) + # Section "universe" exists and is required only in ubuntu. + if distro == "ubuntu": + run_subprocess(["add-apt-repository", "universe", "--yes"]) run_subprocess(["apt-get", "update"]) run_subprocess( [ @@ -356,31 +466,38 @@ def main(): "python3-venv", "python3-pip", "git", + "sudo", # sudo is missing in default debian install ], env=apt_get_adjusted_env, ) - logger.info("Setting up virtual environment at {}".format(hub_prefix)) - os.makedirs(hub_prefix, exist_ok=True) - run_subprocess(["python3", "-m", "venv", hub_prefix]) + logger.info("Setting up virtual environment at {}".format(hub_env_prefix)) + os.makedirs(hub_env_prefix, exist_ok=True) + run_subprocess(["python3", "-m", "venv", hub_env_prefix]) - # Upgrade pip - # Keep pip version pinning in sync with the one in unit-test.yml! - # See changelog at https://pip.pypa.io/en/latest/news/#changelog logger.info("Upgrading pip...") - run_subprocess([pip_bin, "install", "--upgrade", "pip==21.3.*"]) + run_subprocess([hub_env_pip, "install", "--upgrade", "pip"]) - # Install/upgrade TLJH installer - tljh_install_cmd = [pip_bin, "install", "--upgrade"] - if os.environ.get("TLJH_BOOTSTRAP_DEV", "no") == "yes": + # pip install TLJH installer based on + # + # 1. --version, _resolve_git_version is used + # 2. TLJH_BOOTSTRAP_PIP_SPEC (then also respect TLJH_BOOTSTRAP_DEV) + # 3. latest, _resolve_git_version is used + # + tljh_install_cmd = [hub_env_pip, "install", "--upgrade"] + bootstrap_pip_spec = os.environ.get("TLJH_BOOTSTRAP_PIP_SPEC") + if args.version or not bootstrap_pip_spec: + version_to_resolve = args.version or "latest" + bootstrap_pip_spec = ( + "git+https://github.com/jupyterhub/the-littlest-jupyterhub.git@{}".format( + _resolve_git_version(version_to_resolve) + ) + ) + elif os.environ.get("TLJH_BOOTSTRAP_DEV", "no") == "yes": logger.info("Selected TLJH_BOOTSTRAP_DEV=yes...") tljh_install_cmd.append("--editable") - tljh_install_cmd.append( - os.environ.get( - "TLJH_BOOTSTRAP_PIP_SPEC", - "git+https://github.com/jupyterhub/the-littlest-jupyterhub.git", - ) - ) + tljh_install_cmd.append(bootstrap_pip_spec) + if initial_setup: logger.info("Installing TLJH installer...") else: @@ -389,7 +506,9 @@ def main(): # Run TLJH installer logger.info("Running TLJH installer...") - os.execv(python_bin, [python_bin, "-m", "tljh.installer"] + tljh_installer_flags) + os.execv( + hub_env_python, [hub_env_python, "-m", "tljh.installer"] + tljh_installer_flags + ) if __name__ == "__main__": diff --git a/dev-requirements.txt b/dev-requirements.txt index 0c50f19..672ad32 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -1,4 +1,5 @@ +packaging pytest pytest-cov +pytest-asyncio pytest-mock -codecov diff --git a/docs/PULL_REQUEST_TEMPLATE.md b/docs/PULL_REQUEST_TEMPLATE.md deleted file mode 100644 index 214518a..0000000 --- a/docs/PULL_REQUEST_TEMPLATE.md +++ /dev/null @@ -1,4 +0,0 @@ -- [ ] Add / update documentation -- [ ] Add tests - - diff --git a/docs/images/logo/favicon.ico b/docs/_static/images/logo/favicon.ico similarity index 100% rename from docs/images/logo/favicon.ico rename to docs/_static/images/logo/favicon.ico diff --git a/docs/images/logo/logo.png b/docs/_static/images/logo/logo.png similarity index 100% rename from docs/images/logo/logo.png rename to docs/_static/images/logo/logo.png diff --git a/docs/conf.py b/docs/conf.py index e8eec8d..f3e2e15 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -1,54 +1,140 @@ -import os - -source_suffix = [".rst"] +# Configuration file for Sphinx to build our documentation to HTML. +# +# Configuration reference: https://www.sphinx-doc.org/en/master/usage/configuration.html +# +import datetime +# -- Project information ----------------------------------------------------- +# ref: https://www.sphinx-doc.org/en/master/usage/configuration.html#project-information +# project = "The Littlest JupyterHub" -copyright = "2018, JupyterHub Team" -author = "JupyterHub Team" +copyright = f"{datetime.date.today().year}, Project Jupyter Contributors" +author = "Project Jupyter Contributors" -# The short X.Y version -version = "" -# The full version, including alpha/beta/rc tags -release = "v0.1" -# Enable MathJax for Math +# -- General Sphinx configuration --------------------------------------------------- +# ref: https://www.sphinx-doc.org/en/master/usage/configuration.html#general-configuration +# +# Add any Sphinx extension module names here, as strings. They can be extensions +# coming with Sphinx (named 'sphinx.ext.*') or your custom ones. +# extensions = [ - "sphinx.ext.mathjax", - "sphinx.ext.intersphinx", "sphinx_copybutton", + "sphinx.ext.intersphinx", + "sphinxext.opengraph", + "sphinxext.rediraffe", + "myst_parser", ] +root_doc = "index" +source_suffix = [".md"] -# The root toctree document. -root_doc = master_doc = "index" -# List of patterns, relative to source directory, that match files and -# directories to ignore when looking for source files. -# This pattern also affects html_static_path and html_extra_path . -exclude_patterns = [ - "_build", - "Thumbs.db", - ".DS_Store", - "install/custom.rst", -] +# -- Options for HTML output ------------------------------------------------- +# ref: https://www.sphinx-doc.org/en/master/usage/configuration.html#options-for-html-output +# +html_logo = "_static/images/logo/logo.png" +html_favicon = "_static/images/logo/favicon.ico" +html_static_path = ["_static"] -intersphinx_mapping = { - "sphinx": ("http://www.sphinx-doc.org/en/master/", None), +# pydata_sphinx_theme reference: https://pydata-sphinx-theme.readthedocs.io/en/stable/index.html +html_theme = "pydata_sphinx_theme" +html_theme_options = { + "navigation_with_keys": False, + "icon_links": [ + { + "name": "GitHub", + "url": "https://github.com/jupyterhub/the-littlest-jupyterhub", + "icon": "fab fa-github-square", + }, + { + "name": "Discourse", + "url": "https://discourse.jupyter.org/c/jupyterhub/tljh/13", + "icon": "fab fa-discourse", + }, + ], + "use_edit_page_button": True, +} +html_context = { + "github_user": "jupyterhub", + "github_repo": "the-littlest-jupyterhub", + "github_version": "main", + "doc_path": "docs", } -intersphinx_cache_limit = 90 # days +# -- MyST configuration ------------------------------------------------------ +# ref: https://myst-parser.readthedocs.io/en/latest/configuration.html +# +myst_heading_anchors = 2 -# The name of the Pygments (syntax highlighting) style to use. -pygments_style = "sphinx" +myst_enable_extensions = [ + # available extensions: https://myst-parser.readthedocs.io/en/latest/syntax/optional.html + "attrs_inline", + "colon_fence", + "deflist", + "dollarmath", + "fieldlist", +] -html_theme = "pydata_sphinx_theme" -html_logo = "images/logo/logo.png" -html_favicon = "images/logo/favicon.ico" +# -- Options for intersphinx extension --------------------------------------- +# ref: https://www.sphinx-doc.org/en/master/usage/extensions/intersphinx.html#configuration +# +# The extension makes us able to link like to other projects like below. +# +# rST - :external:py:class:`jupyterhub.spawner.Spawner` +# MyST - {external:py:class}`jupyterhub.spawner.Spawner` +# +# rST - :external:py:attribute:`jupyterhub.spawner.Spawner.default_url` +# MyST - {external:py:attribute}`jupyterhub.spawner.Spawner.default_url` +# +# To see what we can link to, do the following where "objects.inv" is appended +# to the sphinx based website: +# +# python -m sphinx.ext.intersphinx https://jupyterhub.readthedocs.io/en/stable/objects.inv +# +intersphinx_mapping = { + "jupyterhub": ("https://jupyterhub.readthedocs.io/en/stable/", None), +} -# Add any paths that contain custom static files (such as style sheets) here, -# relative to this directory. They are copied after the builtin static files, -# so a file named "default.css" will overwrite the builtin "default.css". -# Do this only if _static exists, otherwise this will error -here = os.path.dirname(os.path.abspath(__file__)) -if os.path.exists(os.path.join(here, "_static")): - html_static_path = ["_static"] +# intersphinx_disabled_reftypes set based on recommendation in +# https://docs.readthedocs.io/en/stable/guides/intersphinx.html#using-intersphinx +intersphinx_disabled_reftypes = ["*"] + + +# -- Options for linkcheck builder ------------------------------------------- +# ref: https://www.sphinx-doc.org/en/master/usage/configuration.html#options-for-the-linkcheck-builder +# +linkcheck_ignore = [ + r"(.*)github\.com(.*)#", # javascript based anchors + r"(.*)/#%21(.*)/(.*)", # /#!forum/jupyter - encoded anchor edge case + r"https://github.com/[^/]*$", # too many github usernames / searches in changelog + "https://github.com/jupyterhub/the-littlest-jupyterhub/pull/", # too many PRs in changelog + "https://github.com/jupyterhub/the-littlest-jupyterhub/compare/", # too many comparisons in changelog +] +linkcheck_anchors_ignore = [ + "/#!", + "/#%21", +] + + +# -- Options for the opengraph extension ------------------------------------- +# ref: https://github.com/wpilibsuite/sphinxext-opengraph#options +# +# ogp_site_url is set automatically by RTD +ogp_image = "_static/logo.png" +ogp_use_first_image = True + + +# -- Options for the rediraffe extension ------------------------------------- +# ref: https://github.com/wpilibsuite/sphinxext-rediraffe#readme +# +# This extensions help us relocated content without breaking links. If a +# document is moved internally, we should configure a redirect like below. +# +rediraffe_branch = "main" +rediraffe_redirects = { + # "old-file": "new-folder/new-file-name", + "howto/env/user-environment": "howto/user-env/user-environment", + "howto/env/notebook-interfaces": "howto/user-env/notebook-interfaces", + "howto/env/server-resources": "howto/user-env/server-resources", +} diff --git a/docs/contributing/code-review.rst b/docs/contributing/code-review.md similarity index 69% rename from docs/contributing/code-review.rst rename to docs/contributing/code-review.md index 76a2e8b..209cba6 100644 --- a/docs/contributing/code-review.rst +++ b/docs/contributing/code-review.md @@ -1,37 +1,32 @@ -.. _contributing/code-review: +(contributing-code-review)= -====================== -Code Review guidelines -====================== +# Code Review guidelines This document outlines general guidelines to follow when you are making or reviewing a Pull Request. -Have empathy -============ +## Have empathy -We recommend reading `On Empathy & Pull Requests `_ -and `How about code reviews `_ +We recommend reading [On Empathy & Pull Requests](https://slack.engineering/on-empathy-pull-requests-979e4257d158) +and [How about code reviews](https://slack.engineering/how-about-code-reviews-2695fb10d034) to learn more about being empathetic in code reviews. -Write documentation -=================== +## Write documentation If your pull request touches any code, you must write or update documentation for it. For this project, documentation is a lot more important than the code. -If a feature is not documented, it does not exist. If a behavior is not documented, -it is a bug. +If a feature is not documented, it does not exist. If a behavior is not documented, +it is a bug. Do not worry about having perfect documentation! Documentation improves over time. The requirement is to have documentation before merging a pull request, -not to have *perfect* documentation before merging a pull request. If you +not to have _perfect_ documentation before merging a pull request. If you are new and not sure how to add documentation, other contributors will be happy to guide you. -See :ref:`contributing/docs` for guidelines on writing documentation. +See [](/contributing/docs) for guidelines on writing documentation. -Write tests -=========== +## Write tests If your pull request touches any code, you must write unit or integration tests to exercise it. This helps validate & communicate that your pull request works @@ -48,4 +43,4 @@ add more tests. If you are unsure what kind of tests to add for your pull request, other contributors to the repo will be happy to help guide you! -See :ref:`contributing/tests` for guidelines on writing tests. +See [](/contributing/tests) for guidelines on writing tests. diff --git a/docs/contributing/dev-setup.md b/docs/contributing/dev-setup.md new file mode 100644 index 0000000..fc2d9ab --- /dev/null +++ b/docs/contributing/dev-setup.md @@ -0,0 +1,72 @@ +(contributing-dev-setup)= + +# Setting up Development Environment + +The easiest & safest way to develop & test TLJH is with [Docker](https://www.docker.com/). + +1. Install Docker Community Edition by following the instructions on + [their website](https://www.docker.com/community-edition). + +2. Clone the [git repo](https://github.com/jupyterhub/the-littlest-jupyterhub) (or your fork of it). + +3. Build a docker image that has a functional systemd in it. + + ```bash + docker build -t tljh-systemd . -f integration-tests/Dockerfile + ``` + +4. Run a docker container with the image in the background, while bind mounting + your TLJH repository under `/srv/src`. + + ```bash + docker run \ + --privileged \ + --detach \ + --name=tljh-dev \ + --publish 12000:80 \ + --mount type=bind,source="$(pwd)",target=/srv/src \ + tljh-systemd + ``` + +5. Get a shell inside the running docker container. + + ```bash + docker exec -it tljh-dev /bin/bash + ``` + +6. Run the bootstrapper from inside the container (see step above): + The container image is already set up to default to a `dev` install, so + it'll install from your local repo rather than from github. + + ```console + python3 /srv/src/bootstrap/bootstrap.py --admin admin + ``` + + Or, if you would like to setup the admin's password during install, + you can use this command (replace "admin" with the desired admin username + and "password" with the desired admin password): + + ```console + python3 /srv/src/bootstrap/bootstrap.py --admin admin:password + ``` + + The primary hub environment will also be in your PATH already for convenience. + +7. You should be able to access the JupyterHub from your browser now at + [http://localhost:12000](http://localhost:12000). Congratulations, you are + set up to develop TLJH! + +8. Make some changes to the repository. You can test easily depending on what + you changed. + + - If you changed the `bootstrap/bootstrap.py` script or any of its dependencies, + you can test it by running `python3 /srv/src/bootstrap/bootstrap.py`. + - If you changed the `tljh/installer.py` code (or any of its dependencies), + you can test it by running `python3 -m tljh.installer`. + - If you changed `tljh/jupyterhub_config.py`, `tljh/configurer.py`, + `/opt/tljh/config/` or any of their dependencies, you only need to + restart jupyterhub for them to take effect. `tljh-config reload hub` + should do that. + +[](/troubleshooting/logs) has information on looking at various logs in the container +to debug issues you might have. diff --git a/docs/contributing/dev-setup.rst b/docs/contributing/dev-setup.rst deleted file mode 100644 index 40997a7..0000000 --- a/docs/contributing/dev-setup.rst +++ /dev/null @@ -1,75 +0,0 @@ -.. _contributing/dev-setup: - -================================== -Setting up Development Environment -================================== - -The easiest & safest way to develop & test TLJH is with `Docker `_. - -#. Install Docker Community Edition by following the instructions on - `their website `_. - -#. Clone the `git repo `_ (or your fork of it). -#. Build a docker image that has a functional systemd in it. - - .. code-block:: bash - - docker build -t tljh-systemd . -f integration-tests/Dockerfile - -#. Run a docker container with the image in the background, while bind mounting - your TLJH repository under ``/srv/src``. - - .. code-block:: bash - - docker run \ - --privileged \ - --detach \ - --name=tljh-dev \ - --publish 12000:80 \ - --mount type=bind,source=$(pwd),target=/srv/src \ - tljh-systemd - -#. Get a shell inside the running docker container. - - .. code-block:: bash - - docker exec -it tljh-dev /bin/bash - -#. Run the bootstrapper from inside the container (see step above): - The container image is already set up to default to a ``dev`` install, so - it'll install from your local repo rather than from github. - - .. code-block:: console - - python3 /srv/src/bootstrap/bootstrap.py --admin admin - - Or, if you would like to setup the admin's password during install, - you can use this command (replace "admin" with the desired admin username - and "password" with the desired admin password): - - .. code-block:: console - - python3 /srv/src/bootstrap/bootstrap.py --admin admin:password - - The primary hub environment will also be in your PATH already for convenience. - -#. You should be able to access the JupyterHub from your browser now at - `http://localhost:12000 `_. Congratulations, you are - set up to develop TLJH! - -#. Make some changes to the repository. You can test easily depending on what - you changed. - - * If you changed the ``bootstrap/bootstrap.py`` script or any of its dependencies, - you can test it by running ``python3 /srv/src/bootstrap/bootstrap.py``. - - * If you changed the ``tljh/installer.py`` code (or any of its dependencies), - you can test it by running ``python3 -m tljh.installer``. - - * If you changed ``tljh/jupyterhub_config.py``, ``tljh/configurer.py``, - ``/opt/tljh/config/`` or any of their dependencies, you only need to - restart jupyterhub for them to take effect. ``tljh-config reload hub`` - should do that. - -:ref:`troubleshooting/logs` has information on looking at various logs in the container -to debug issues you might have. diff --git a/docs/contributing/docs.rst b/docs/contributing/docs.md similarity index 57% rename from docs/contributing/docs.rst rename to docs/contributing/docs.md index be6d6ae..aba56ae 100644 --- a/docs/contributing/docs.rst +++ b/docs/contributing/docs.md @@ -1,13 +1,11 @@ -.. _contributing/docs: +(contributing-docs)= -===================== -Writing documentation -===================== +# Writing documentation -.. note:: - - Heavily inspired by the - `django project's guidelines `_ +:::{note} +Heavily inspired by the +[django project's guidelines](https://docs.djangoproject.com/en/dev/internals/contributing/writing-documentation/) +::: We place a high importance on consistency, readability and completeness of documentation. If a feature is not documented, it does not exist. If a behavior is not documented, @@ -17,70 +15,62 @@ possible. Documentation changes generally come in two forms: -* General improvements: typo corrections, error fixes and better +- General improvements: typo corrections, error fixes and better explanations through clearer writing and more examples. - -* New features: documentation of features that have been added to the +- New features: documentation of features that have been added to the framework since the last release. This section explains how writers can craft their documentation changes in the most useful and least error-prone ways. -Getting the raw documentation -============================= +## Getting the raw documentation Though TLJH's documentation is intended to be read as HTML at -https://the-littlest-jupyterhub.readthedocs.io/, we edit it as a collection of text files for -maximum flexibility. These files live in the top-level ``docs/`` directory of +, we edit it as a collection of text files for +maximum flexibility. These files live in the top-level `docs/` directory of TLJH's repository. If you'd like to start contributing to our docs, get the development version of TLJH from the source code repository. The development version has the latest-and-greatest documentation, just as it has latest-and-greatest code. -Getting started with Sphinx -=========================== +## Getting started with Sphinx -TLJH's documentation uses the Sphinx__ documentation system, which in turn -is based on docutils__. The basic idea is that lightly-formatted plain-text +TLJH's documentation uses the [Sphinx](http://sphinx-doc.org/) documentation system, which in turn +is based on [docutils](http://docutils.sourceforge.net/). The basic idea is that lightly-formatted plain-text documentation is transformed into HTML, PDF, and any other output format. -__ http://sphinx-doc.org/ -__ http://docutils.sourceforge.net/ - To build the documentation locally, install the Sphinx dependencies: -.. code-block:: console +```console +$ cd docs/ +$ pip install -r requirements.txt +``` - $ cd docs/ - $ pip install -r requirements.txt +Then from the `docs` directory, build the HTML: -Then from the ``docs`` directory, build the HTML: - -.. code-block:: console - - $ make html +```console +$ make html +``` If you encounter this error, it's likely that you are running inside a virtual environment. -.. code-block:: console +```console +Error in "currentmodule" directive: +``` - Error in "currentmodule" directive: - -To get started contributing, you'll want to read the :ref:`reStructuredText -reference ` +To get started contributing, you'll want to get familiar with [markdown](https://commonmark.org/help/) and [MyST](https://myst-parser.readthedocs.io). Your locally-built documentation will be themed differently than the -documentation at `the-littlest-jupyterhub.readthedocs.io `_. +documentation at [the-littlest-jupyterhub.readthedocs.io](https://the-littlest-jupyterhub.readthedocs.io). This is OK! If your changes look good on your local machine, they'll look good on the website. -How the documentation is organized -================================== +## How the documentation is organized The documentation is organized into several categories: -* **Tutorials** take the reader by the hand through a series +- **Tutorials** take the reader by the hand through a series of steps to create something. The important thing in a tutorial is to help the reader achieve something @@ -97,7 +87,7 @@ The documentation is organized into several categories: systems. These should cross-link a lot to other parts of the documentation, avoid forcing the user to learn to SSH if possible & have lots of screenshots. -* **Topic guides** aim to explain a concept or subject at a +- **Topic guides** aim to explain a concept or subject at a fairly high level. Link to reference material rather than repeat it. Use examples and don't be @@ -107,7 +97,7 @@ The documentation is organized into several categories: Providing background context helps a newcomer connect the topic to things that they already know. -* **Reference guides** contain technical reference for APIs. +- **Reference guides** contain technical reference for APIs. They describe the functioning of TLJH's internal machinery and instruct in its use. @@ -119,7 +109,7 @@ The documentation is organized into several categories: yourself explaining basic concepts, you may want to move that material to a topic guide. -* **How-to guides** are recipes that take the reader through +- **How-to guides** are recipes that take the reader through steps in key subjects. What matters most in a how-to guide is what a user wants to achieve. @@ -131,83 +121,56 @@ The documentation is organized into several categories: hesitate to refer the reader back to the appropriate tutorial rather than repeat the same material. -* **Troubleshooting guides** help reader answer the question "Why is my JupyterHub +- **Troubleshooting guides** help reader answer the question "Why is my JupyterHub not working?". These guides help readers try find causes for their symptoms, and hopefully fix the issues. Some of these need to be specific to cloud providers, and that is acceptable. -Writing style -============= +## Writing style -Typically, documentation is written in second person, referring to the reader as “you”. +Typically, documentation is written in second person, referring to the reader as “you”. When using pronouns in reference to a hypothetical person, such as "a user with a running notebook", gender neutral pronouns (they/their/them) should be used. Instead of: -* he or she... use they. -* him or her... use them. -* his or her... use their. -* his or hers... use theirs. -* himself or herself... use themselves. +- he or she... use they. +- him or her... use them. +- his or her... use their. +- his or hers... use theirs. +- himself or herself... use themselves. -Commonly used terms -=================== +## Commonly used terms Here are some style guidelines on commonly used terms throughout the documentation: -* **TLJH** -- common abbreviation of The Littlest JupyterHub. Fully +- **TLJH** -- common abbreviation of The Littlest JupyterHub. Fully capitalized except when used in code / the commandline. +- **Python** -- when referring to the language, capitalize Python. +- **Notebook Interface** -- generic term for referring to JupyterLab, + classic notebook & other user interfaces for accessing. -* **Python** -- when referring to the language, capitalize Python. +## Guidelines for markdown files -* **Notebook Interface** -- generic term for referring to JupyterLab, - nteract, classic notebook & other user interfaces for accessing - - -Guidelines for reStructuredText files -===================================== - -These guidelines regulate the format of our reST (reStructuredText) +These guidelines regulate the format of our markdown documentation: -* In section titles, capitalize only initial words and proper nouns. +- In section titles, capitalize only initial words and proper nouns. -* Wrap the documentation at 120 characters wide, unless a code example +- Wrap the documentation at sentence breaks or around 120 characters wide, unless a code example is significantly less readable when split over two lines, or for another good reason. - -* Use these heading styles:: - - === - One - === - - Two - === - - Three - ----- - - Four - ~~~~ - - Five - ^^^^ - -Documenting new features -======================== +## Documenting new features Our policy for new features is: - All new features must have appropriate documentation before they - can be merged. +> All new features must have appropriate documentation before they +> can be merged. -Choosing image size -=================== +## Choosing image size When adding images to the documentation, try to keep them as small as possible. Larger images make the site load more slowly on browsers, and may make the site @@ -217,37 +180,34 @@ If you're adding screenshots, make the size of your shot as small as possible. If you're uploading large images, consider using an image optimizer in order to reduce its size. -For example, for PNG files, use OptiPNG and AdvanceCOMP's ``advpng``: +For example, for PNG files, use OptiPNG and AdvanceCOMP's `advpng`: -.. code-block:: console - - $ cd docs - $ optipng -o7 -zm1-9 -i0 -strip all `find . -type f -not -path "./_build/*" -name "*.png"` - $ advpng -z4 `find . -type f -not -path "./_build/*" -name "*.png"` +```console +$ cd docs +$ optipng -o7 -zm1-9 -i0 -strip all `find . -type f -not -path "./_build/*" -name "*.png"` +$ advpng -z4 `find . -type f -not -path "./_build/*" -name "*.png"` +``` This is based on OptiPNG version 0.7.5. Older versions may complain about the -``--strip all`` option being lossy. +`--strip all` option being lossy. -Spelling check -============== +## Spelling check Before you commit your docs, it's a good idea to run the spelling checker. You'll need to install a couple packages first: -* `pyenchant `_ (which requires - `enchant `_) +- [pyenchant](https://pypi.org/project/pyenchant/) (which requires + [enchant](https://www.abisource.com/projects/enchant/)) +- [sphinxcontrib-spelling](https://pypi.org/project/sphinxcontrib-spelling/) -* `sphinxcontrib-spelling - `_ - -Then from the ``docs`` directory, run ``make spelling``. Wrong words (if any) +Then from the `docs` directory, run `make spelling`. Wrong words (if any) along with the file and line number where they occur will be saved to -``_build/spelling/output.txt``. +`_build/spelling/output.txt`. If you encounter false-positives (error output that actually is correct), do one of the following: -* Surround inline code or brand/technology names with grave accents (`). -* Find synonyms that the spell checker recognizes. -* If, and only if, you are sure the word you are using is correct - add it - to ``docs/spelling_wordlist`` (please keep the list in alphabetical order). +- Surround inline code or brand/technology names with grave accents (\`). +- Find synonyms that the spell checker recognizes. +- If, and only if, you are sure the word you are using is correct - add it + to `docs/spelling_wordlist` (please keep the list in alphabetical order). diff --git a/docs/contributing/index.rst b/docs/contributing/index.md similarity index 55% rename from docs/contributing/index.rst rename to docs/contributing/index.md index d8e294b..97d2c1c 100644 --- a/docs/contributing/index.rst +++ b/docs/contributing/index.md @@ -1,6 +1,4 @@ -============ -Contributing -============ +# Contributing ✨ Thank you for thinking about contributing to the littlest JupyterHub! ✨ @@ -9,14 +7,15 @@ Your contribution is integral to the future of the project. Thank you! This section contains documentation for people who want to contribute. -You can find the `source code on GitHub `_ +You can find the [source code on GitHub](https://github.com/jupyterhub/the-littlest-jupyterhub/tree/HEAD/tljh) -.. toctree:: - :titlesonly: +```{toctree} +:titlesonly: true - docs - dev-setup - tests - plugins - code-review - packages +docs +dev-setup +tests +plugins +code-review +packages +``` diff --git a/docs/contributing/packages.rst b/docs/contributing/packages.md similarity index 57% rename from docs/contributing/packages.rst rename to docs/contributing/packages.md index 72d329c..448ab10 100644 --- a/docs/contributing/packages.rst +++ b/docs/contributing/packages.md @@ -1,46 +1,40 @@ -.. _contributing/packages: +(contributing-packages)= -======================= -Environments & Packages -======================= +# Environments & Packages TLJH installs packages from different sources during installation. This document describes the various sources and how to upgrade versions of packages installed. -Python Environments -=================== +## Python Environments TLJH sets up two python environments during installation. 1. **Hub Environment**. JupyterHub, authenticators, spawners, TLJH plugins and the TLJH configuration management code is installed into this - environment. A `venv `_ is used, + environment. A [venv](https://docs.python.org/3/library/venv.html) is used, primarily since conda does not support ARM CPUs and we'd like to support the RaspberryPI someday. Admins generally do not install custom packages in this environment. - -2. **User Environment**. Jupyter Notebook, JupyterLab, nteract, kernels, +2. **User Environment**. Jupyter Notebook, JupyterLab, kernels, and packages the users wanna use (such as numpy, scipy, etc) are installed - here. A `conda `_ environment is used here, since - a lot of scientific packages are available from Conda. ``pip`` is still + here. A [conda](https://conda.io) environment is used here, since + a lot of scientific packages are available from Conda. `pip` is still used to install Jupyter specific packages, primarily because most notebook - extensions are still available only on `PyPI `_. + extensions are still available only on [PyPI](https://pypi.org). Admins can install packages here for use by all users. -Python package versions -======================= +## Python package versions -In ``installer.py``, most Python packages have a version specified. This +In `installer.py`, most Python packages have a version specified. This can be upgraded freely whenever needed. Some of them have version checks -in ``integration-tests/test_extensions.py``, so those might need +in `integration-tests/test_extensions.py`, so those might need updating too. -Apt packages -============ +## Apt packages Base operating system packages, including Python itself, are installed -via ``apt`` from the base Ubuntu repositories. +via `apt` from the base Ubuntu repositories. We generally do not pin versions of packages provided by apt, instead just using the latest versions provided by Ubuntu. diff --git a/docs/contributing/plugins.md b/docs/contributing/plugins.md new file mode 100644 index 0000000..6151b8d --- /dev/null +++ b/docs/contributing/plugins.md @@ -0,0 +1,132 @@ +(contributing-plugins)= + +# TLJH Plugins + +TLJH plugins are the official way to make customized 'spins' or 'stacks' +with TLJH as the base. For example, the earth sciences community can make +a plugin that installs commonly used packages, set up authentication +and pre-download useful datasets. The mybinder.org community can +make a plugin that gives you a single-node, single-repository mybinder.org. +Plugins are very powerful, so the possibilities are endless. + +## Design + +[pluggy](https://github.com/pytest-dev/pluggy) is used to implement +plugin functionality. TLJH exposes specific **hooks** that your plugin +can provide implementations for. This allows us to have specific hook +points in the application that can be explicitly extended by plugins, +balancing the need to change TLJH internals in the future with the +stability required for a good plugin ecosystem. + +## Installing Plugins + +Include `--plugin ` in the Installer script. See [](/topic/customizing-installer) for more info. + +## Writing a simple plugins + +We shall try to write a simple plugin that installs a few libraries, +and use it to explain how the plugin mechanism works. We shall call +this plugin `tljh-simple`. + +### Plugin directory layout + +We recommend creating a new git repo for your plugin. Plugins are +normal python packages - however, since they are usually simpler, +we recommend they live in one file. + +For `tljh-simple`, the repository's structure should look like: + +```none +tljh_simple: + - tljh_simple.py + - setup.py + - README.md + - LICENSE +``` + +The `README.md` (or `README.rst` file) contains human readable +information about what your plugin does for your users. `LICENSE` +specifies the license used by your plugin - we recommend the +3-Clause BSD License, since that is what is used by TLJH itself. + +### `setup.py` - metadata & registration + +`setup.py` marks this as a python package, and contains metadata +about the package itself. It should look something like: + +```python +from setuptools import setup + +setup( + name="tljh-simple", + author="YuviPanda", + version="0.1", + license="3-clause BSD", + url='https://github.com/yuvipanda/tljh-simple', + entry_points={"tljh": ["simple = tljh_simple"]}, + py_modules=["tljh_simple"], +) +``` + +This is a mostly standard `setup.py` file. `entry_points={"tljh": ["simple = tljh_simple]}` +'registers' the module `tljh_simple` (in file `tljh_simple.py`) with TLJH as a plugin. + +### `tljh_simple.py` - implementation + +In `tljh_simple.py`, you provide implementations for whichever hooks +you want to extend. + +A hook implementation is a function that has the following characteristics: + +1. Has same name as the hook +2. Accepts some or all of the parameters defined for the hook +3. Is decorated with the `hookimpl` decorator function, imported from + `tljh.hooks`. + +The current list of available hooks and when they are called can be +seen in [tljh/hooks.py](https://github.com/jupyterhub/the-littlest-jupyterhub/blob/main/tljh/hooks.py) +in the source repository. Example implementations of each hook can be referenced from +[integration-tests/plugins/simplest/tljh_simplest.py](https://github.com/jupyterhub/the-littlest-jupyterhub/blob/main/integration-tests/plugins/simplest/tljh_simplest.py). + +This example provides an implementation for the `tljh_extra_user_conda_packages` +hook, which can return a list of conda packages that'll be installed in users' +environment from conda-forge. + +```python +from tljh.hooks import hookimpl + +@hookimpl +def tljh_extra_user_conda_packages(): + return [ + 'xarray', + 'iris', + 'dask', + ] +``` + +## Publishing plugins + +Plugins are python packages and should be published on PyPI. Users +can also install them directly from GitHub - although this is +not good long term practice. + +The python package should be named `tljh-`. + +## List of known plugins + +If you are looking for a way to extend or customize your TLJH deployment, you might want to look for existing plugins. + +Here is a non-exhaustive list of known TLJH plugins: + +- [tljh-pangeo](https://github.com/yuvipanda/tljh-pangeo): TLJH plugin for setting up the Pangeo Stack. +- [tljh-voila-gallery](https://github.com/voila-dashboards/tljh-voila-gallery): TLJH plugin that installs a gallery of Voilà dashboards. +- [tljh-repo2docker](https://github.com/plasmabio/tljh-repo2docker): TLJH plugin to build multiple user environments with + [repo2docker](https://repo2docker.readthedocs.io). +- [tljh-shared-directory](https://github.com/kafonek/tljh-shared-directory): TLJH plugin which sets up a _shared directory_ + for the Hub users in `/srv/scratch`. +- [tljh-db](https://github.com/sinzlab/tljh-db): TLJH plugin for working with mysql databases. + +If you have authored a plugin, please open a PR to add it to this list! + +We also recommend adding the `tljh-plugin` topic to the GitHub repository to make it more discoverable: +[https://github.com/topics/tljh-plugin](https://github.com/topics/tljh-plugin) diff --git a/docs/contributing/plugins.rst b/docs/contributing/plugins.rst deleted file mode 100644 index d718b60..0000000 --- a/docs/contributing/plugins.rst +++ /dev/null @@ -1,163 +0,0 @@ -.. _contributing/plugins: - -============ -TLJH Plugins -============ - -TLJH plugins are the official way to make customized 'spins' or 'stacks' -with TLJH as the base. For example, the earth sciences community can make -a plugin that installs commonly used packages, set up authentication -and pre-download useful datasets. The mybinder.org community can -make a plugin that gives you a single-node, single-repository mybinder.org. -Plugins are very powerful, so the possibilities are endless. - -Design -====== - -`pluggy `_ is used to implement -plugin functionality. TLJH exposes specific **hooks** that your plugin -can provide implementations for. This allows us to have specific hook -points in the application that can be explicitly extended by plugins, -balancing the need to change TLJH internals in the future with the -stability required for a good plugin ecosystem. - -Installing Plugins -================== - -Include ``--plugin `` in the Installer script. See :ref:`topic/customizing-installer` for more info. - -Writing a simple plugins -======================== - -We shall try to write a simple plugin that installs a few libraries, -and use it to explain how the plugin mechanism works. We shall call -this plugin ``tljh-simple``. - -Plugin directory layout ------------------------ - -We recommend creating a new git repo for your plugin. Plugins are -normal python packages - however, since they are usually simpler, -we recommend they live in one file. - -For ``tljh-simple``, the repository's structure should look like: - -.. code-block:: none - - tljh_simple: - - tljh_simple.py - - setup.py - - README.md - - LICENSE - -The ``README.md`` (or ``README.rst`` file) contains human readable -information about what your plugin does for your users. ``LICENSE`` -specifies the license used by your plugin - we recommend the -3-Clause BSD License, since that is what is used by TLJH itself. - -``setup.py`` - metadata & registration --------------------------------------- - -``setup.py`` marks this as a python package, and contains metadata -about the package itself. It should look something like: - -.. code-block:: python - - from setuptools import setup - - setup( - name="tljh-simple", - author="YuviPanda", - version="0.1", - license="3-clause BSD", - url='https://github.com/yuvipanda/tljh-simple', - entry_points={"tljh": ["simple = tljh_simple"]}, - py_modules=["tljh_simple"], - ) - - -This is a mostly standard ``setup.py`` file. ``entry_points={"tljh": ["simple = tljh_simple]}`` -'registers' the module ``tljh_simple`` (in file ``tljh_simple.py``) with TLJH as a plugin. - -``tljh_simple.py`` - implementation ------------------------------------ - -In ``tljh_simple.py``, you provide implementations for whichever hooks -you want to extend. - -A hook implementation is a function that has the following characteristics: - -#. Has same name as the hook -#. Accepts some or all of the parameters defined for the hook -#. Is decorated with the ``hookimpl`` decorator function, imported from - ``tljh.hooks``. - -The current list of available hooks and when they are called can be -seen in `tljh/hooks.py `_ -in the source repository. Example implementations of each hook can be referenced from -`integration-tests/plugins/simplest/tljh_simplest.py -`_. - - -This example provides an implementation for the ``tljh_extra_user_conda_packages`` -hook, which can return a list of conda packages that'll be installed in users' -environment from conda-forge. - -.. code-block:: python - - from tljh.hooks import hookimpl - - @hookimpl - def tljh_extra_user_conda_packages(): - return [ - 'xarray', - 'iris', - 'dask', - ] - -By default packages are only installed from the ``conda-forge`` channel. -If you need other channels, like ``bioconda`` or self-made channels, -they can be added by using the ``tljh_extra_user_conda_channels`` hook. - -.. code-block:: python - - from tljh.hooks import hookimpl - - @hookimpl - def tljh_extra_user_conda_channels(): - return [ - 'conda-forge', - 'bioconda', - 'fastai', - ] - - -Publishing plugins -================== - -Plugins are python packages and should be published on PyPI. Users -can also install them directly from GitHub - although this is -not good long term practice. - -The python package should be named ``tljh-``. - - -List of known plugins -===================== - -If you are looking for a way to extend or customize your TLJH deployment, you might want to look for existing plugins. - -Here is a non-exhaustive list of known TLJH plugins: - -- `tljh-pangeo `_: TLJH plugin for setting up the Pangeo Stack. -- `tljh-voila-gallery `_: TLJH plugin that installs a gallery of Voilà dashboards. -- `tljh-repo2docker `_: TLJH plugin to build multiple user environments with - `repo2docker `_. -- `tljh-shared-directory `_: TLJH plugin which sets up a *shared directory* - for the Hub users in ``/srv/scratch``. -- `tljh-db `_: TLJH plugin for working with mysql databases. - -If you have authored a plugin, please open a PR to add it to this list! - -We also recommend adding the ``tljh-plugin`` topic to the GitHub repository to make it more discoverable: -`https://github.com/topics/tljh-plugin `_ diff --git a/docs/contributing/tests.md b/docs/contributing/tests.md new file mode 100644 index 0000000..3e8c1a7 --- /dev/null +++ b/docs/contributing/tests.md @@ -0,0 +1,62 @@ +(contributing-tests)= + +# Testing TLJH + +Unit and integration tests are a core part of TLJH, as important as +the code & documentation. They help validate that the code works as +we think it does, and continues to do so when changes occur. They +also help communicate in precise terms what we expect our code +to do. + +## Integration tests + +TLJH is a _distribution_ where the primary value is the many +opinionated choices we have made on components to use and how +they fit together. Integration tests are perfect for testing +that the various components fit together and work as they should. +So we write a lot of integration tests, and put in more effort +towards them than unit tests. + +All integration tests are run in [GitHub Actions](https://github.com/jupyterhub/the-littlest-jupyterhub/actions) +for each PR and merge, making sure we don't have broken tests +for too long. + +The integration tests are in the `integration-tests` directory +in the git repository. `py.test` is used to write the integration +tests. Each file should contain tests that can be run in any order +against the same installation of TLJH. + +### Running integration tests locally + +You need `docker` installed and callable by the user running +the integration tests without needing sudo. + +You can then run the tests with: + +```bash +.github/integration-test.py run-test +``` + +- `` is an identifier for the tests - you can choose anything you want +- `>` is list of test files (under `integration-tests`) that should be run in one go. + +For example, to run all the basic tests, you would write: + +```bash +.github/integration-test.py run-test basic-tests \ + test_hub.py \ + test_proxy.py \ + test_install.py \ + test_extensions.py +``` + +This will run the tests in the three files against the same installation +of TLJH and report errors. + +If you would like to run the tests with a custom pip spec for the bootstrap script, you can use the `--bootstrap-pip-spec` +parameter: + +```bash +.github/integration-test.py run-test \ + --bootstrap-pip-spec="git+https://github.com/your-username/the-littlest-jupyterhub.git@branch-name" +``` diff --git a/docs/contributing/tests.rst b/docs/contributing/tests.rst deleted file mode 100644 index f093ef4..0000000 --- a/docs/contributing/tests.rst +++ /dev/null @@ -1,66 +0,0 @@ -.. _contributing/tests: - -============ -Testing TLJH -============ - -Unit and integration tests are a core part of TLJH, as important as -the code & documentation. They help validate that the code works as -we think it does, and continues to do so when changes occur. They -also help communicate in precise terms what we expect our code -to do. - -Integration tests -================= - -TLJH is a *distribution* where the primary value is the many -opinionated choices we have made on components to use and how -they fit together. Integration tests are perfect for testing -that the various components fit together and work as they should. -So we write a lot of integration tests, and put in more effort -towards them than unit tests. - -All integration tests are run in `GitHub Actions `_ -for each PR and merge, making sure we don't have broken tests -for too long. - -The integration tests are in the ``integration-tests`` directory -in the git repository. ``py.test`` is used to write the integration -tests. Each file should contain tests that can be run in any order -against the same installation of TLJH. - -Running integration tests locally ---------------------------------- - -You need ``docker`` installed and callable by the user running -the integration tests without needing sudo. - -You can then run the tests with: - -.. code-block:: bash - - .github/integration-test.py run-test - -- ```` is an identifier for the tests - you can choose anything you want -- ``>`` is list of test files (under ``integration-tests``) that should be run in one go. - -For example, to run all the basic tests, you would write: - -.. code-block:: bash - - .github/integration-test.py run-test basic-tests \ - test_hub.py \ - test_proxy.py \ - test_install.py \ - test_extensions.py - -This will run the tests in the three files against the same installation -of TLJH and report errors. - -If you would like to run the tests with a custom pip spec for the bootstrap script, you can use the ``--bootstrap-pip-spec`` -parameter: - -.. code-block:: bash - - .github/integration-test.py run-test \ - --bootstrap-pip-spec="git+https://github.com/your-username/the-littlest-jupyterhub.git@branch-name" diff --git a/docs/howto/admin/admin-users.md b/docs/howto/admin/admin-users.md new file mode 100644 index 0000000..95bd5e6 --- /dev/null +++ b/docs/howto/admin/admin-users.md @@ -0,0 +1,100 @@ +(howto-admin-admin-users)= + +# Add / Remove admin users + +Admin users in TLJH have the following powers: + +1. Full root access to the server with passwordless `sudo`. + This lets them do literally whatever they want in the server +2. Access servers / home directories of all other users +3. Install new packages for everyone with `conda`, `pip` or `apt` +4. Change configuration of TLJH + +This is a lot of power, so make sure you know who you are giving it +to. Admin users should have decent passwords / secure login mechanisms, +so attackers can not easily gain control of the system. + +:::{important} +You should make sure an admin user is present when you **install** TLJH +the very first time. It is recommended that you also set a password +for the admin at this step. The [`--admin`](#howto-admin-admin-users) +flag passed to the installer does this. If you had forgotten to do so, the +easiest way to fix this is to run the installer again. +::: + +## Adding admin users from the JupyterHub interface + +There are two primary user interfaces for doing work on your JupyterHub. By +default, this is the Notebook Interface, and will be used in this section. +If you are using JupyterLab, you can access the Notebook Interface by replacing +`/lab` with `/tree` in your URL. + +1. First, navigate to the Jupyter Notebook interface home page. You can do this + by going to the URL `/user//tree`. + +2. Open the **Control Panel** by clicking the control panel button on the top + right of your JupyterHub. + + ```{image} ../../images/control-panel-button.png + :alt: Control panel button in notebook, top right + ``` + +3. In the control panel, open the **Admin** link in the top left. + + ```{image} ../../images/admin/admin-access-button.png + :alt: Admin button in control panel, top left + ``` + + This opens up the JupyterHub admin page, where you can add / delete users, + start / stop peoples' servers and see who is online. + +4. Click the **Add Users** button. + + ```{image} ../../images/admin/add-users-button.png + :alt: Add Users button in the admin page + ``` + + A **Add Users** dialog box opens up. + +5. Type the names of users you want to add to this JupyterHub in the dialog box, + one per line. **Make sure to tick the Admin checkbox**. + + ```{image} ../../images/admin/add-users-dialog.png + :alt: Adding users with add users dialog + ``` + +6. Click the **Add Users** button in the dialog box. Your users are now added + to the JupyterHub with administrator privileges! + +## Adding admin users from the command line + +Sometimes it is easier to add or remove admin users from the command line (for +example, if you forgot to add an admin user when first setting up your JupyterHub). + +### Adding new admin users + +New admin users can be added by executing the following commands on an +admin terminal: + +```bash +sudo tljh-config add-item users.admin +sudo tljh-config reload +``` + +If the user is already using the JupyterHub, they might have to stop and +start their server from the control panel to gain new powers. + +### Removing admin users + +You can remove an existing admin user by executing the following commands in +an admin terminal: + +```bash +sudo tljh-config remove-item users.admin +sudo tljh-config reload +``` + +If the user is already using the JupyterHub, they will continue to have +some of their admin powers until their server is stopped. Another admin +can force their server to stop by clicking 'Stop Server' in the admin +panel. diff --git a/docs/howto/admin/admin-users.rst b/docs/howto/admin/admin-users.rst deleted file mode 100644 index f1dcf5a..0000000 --- a/docs/howto/admin/admin-users.rst +++ /dev/null @@ -1,102 +0,0 @@ -.. _howto/admin/admin-users: - -======================== -Add / Remove admin users -======================== - -Admin users in TLJH have the following powers: - -#. Full root access to the server with passwordless ``sudo``. - This lets them do literally whatever they want in the server -#. Access servers / home directories of all other users -#. Install new packages for everyone with ``conda``, ``pip`` or ``apt`` -#. Change configuration of TLJH - -This is a lot of power, so make sure you know who you are giving it -to. Admin users should have decent passwords / secure login mechanisms, -so attackers can not easily gain control of the system. - -.. important:: - - You should make sure an admin user is present when you **install** TLJH - the very first time. It is recommended that you also set a password - for the admin at this step. The :ref:`--admin ` - flag passed to the installer does this. If you had forgotten to do so, the - easiest way to fix this is to run the installer again. - -Adding admin users from the JupyterHub interface -================================================ - -There are two primary user interfaces for doing work on your JupyterHub. By -default, this is the Notebook Interface, and will be used in this section. -If you are using JupyterLab, you can access the Notebook Interface by replacing -``/lab`` with ``/tree`` in your URL. - -#. First, navigate to the Jupyter Notebook interface home page. You can do this - by going to the URL ``/user//tree``. - -#. Open the **Control Panel** by clicking the control panel button on the top - right of your JupyterHub. - - .. image:: ../../images/control-panel-button.png - :alt: Control panel button in notebook, top right - -#. In the control panel, open the **Admin** link in the top left. - - .. image:: ../../images/admin/admin-access-button.png - :alt: Admin button in control panel, top left - - This opens up the JupyterHub admin page, where you can add / delete users, - start / stop peoples' servers and see who is online. - -#. Click the **Add Users** button. - - .. image:: ../../images/admin/add-users-button.png - :alt: Add Users button in the admin page - - A **Add Users** dialog box opens up. - -#. Type the names of users you want to add to this JupyterHub in the dialog box, - one per line. **Make sure to tick the Admin checkbox**. - - .. image:: ../../images/admin/add-users-dialog.png - :alt: Adding users with add users dialog - -#. Click the **Add Users** button in the dialog box. Your users are now added - to the JupyterHub with administrator privileges! - -Adding admin users from the command line -======================================== - -Sometimes it is easier to add or remove admin users from the command line (for -example, if you forgot to add an admin user when first setting up your JupyterHub). - -Adding new admin users ----------------------- - -New admin users can be added by executing the following commands on an -admin terminal: - -.. code-block:: bash - - sudo tljh-config add-item users.admin - sudo tljh-config reload - -If the user is already using the JupyterHub, they might have to stop and -start their server from the control panel to gain new powers. - -Removing admin users --------------------- - -You can remove an existing admin user by executing the following commands in -an admin terminal: - -.. code-block:: bash - - sudo tljh-config remove-item users.admin - sudo tljh-config reload - -If the user is already using the JupyterHub, they will continue to have -some of their admin powers until their server is stopped. Another admin -can force their server to stop by clicking 'Stop Server' in the admin -panel. diff --git a/docs/howto/admin/enable-extensions.md b/docs/howto/admin/enable-extensions.md new file mode 100644 index 0000000..6966018 --- /dev/null +++ b/docs/howto/admin/enable-extensions.md @@ -0,0 +1,56 @@ +(howto-admin-extensions)= + +# Enabling Jupyter Notebook extensions + +Jupyter contributed notebook +[extensions](https://jupyter-contrib-nbextensions.readthedocs.io/en/latest/index.html) are +community-contributed and maintained plug-ins to the Jupyter notebook. These extensions +serve many purposes, from [pedagogical tools](https://jupyter-contrib-nbextensions.readthedocs.io/en/latest/nbextensions/codefolding/readme.html) +to tools for [converting](https://jupyter-contrib-nbextensions.readthedocs.io/en/latest/nbextensions/latex_envs/README.html) +and [editing](https://jupyter-contrib-nbextensions.readthedocs.io/en/latest/nbextensions/spellchecker/README.html) +notebooks. + +Extensions are often added and enabled through the graphical user interface of the notebook. +However, this interface only makes the extension available to the user, not all users on a +hub. Instead, to make contributed extensions available to your users, you will use the command +line. This can be completed using the terminal in the JupyterHub (or via SSH-ing into your +VM and using this terminal). + +(tljh-extension-cli)= + +## Enabling extensions via the command line + +1. There are [multiple ways](https://jupyter-contrib-nbextensions.readthedocs.io/en/latest/install.html) + to install contributed extensions. For this example, we will use `pip`. + + ```bash + sudo -E pip install jupyter_contrib_nbextensions + ``` + +2. Next, add the notebook extension style files to the Jupyter configuration files. + + ```bash + sudo -E jupyter contrib nbextension install --sys-prefix + ``` + +3. Then, you will enable the extensions you would like to use. The syntax for this is + `jupyter nbextension enable` followed by the path to the desired extension's main file. + For example, to enable [scratchpad](https://jupyter-contrib-nbextensions.readthedocs.io/en/latest/nbextensions/scratchpad/README.html), + you would type the following: + + ```bash + sudo -E jupyter nbextension enable scratchpad/main --sys-prefix + ``` + +4. When this is completed, the enabled extension should be visible in the extension list: + + ```bash + jupyter nbextension list + ``` + +5. You can also verify the availability of the extension via its user interface in the notebook. + For example, spellchecker adds an ABC checkmark icon to the interface. + + ```{image} ../../images/admin/enable-spellcheck.png + :alt: spellcheck-interface-changes + ``` diff --git a/docs/howto/admin/enable-extensions.rst b/docs/howto/admin/enable-extensions.rst deleted file mode 100644 index 5029193..0000000 --- a/docs/howto/admin/enable-extensions.rst +++ /dev/null @@ -1,58 +0,0 @@ -.. _howto/admin/extensions: - -==================================== -Enabling Jupyter Notebook extensions -==================================== - -Jupyter contributed notebook -`extensions `_ are -community-contributed and maintained plug-ins to the Jupyter notebook. These extensions -serve many purposes, from `pedagogical tools `_ -to tools for `converting `_ -and `editing `_ -notebooks. - -Extensions are often added and enabled through the graphical user interface of the notebook. -However, this interface only makes the extension available to the user, not all users on a -hub. Instead, to make contributed extensions available to your users, you will use the command -line. This can be completed using the terminal in the JupyterHub (or via SSH-ing into your -VM and using this terminal). - -.. _tljh_extension_cli: - -Enabling extensions via the command line -======================================== - -#. There are `multiple ways `_ - to install contributed extensions. For this example, we will use ``pip``. - - .. code-block:: bash - - sudo -E pip install jupyter_contrib_nbextensions - -#. Next, add the notebook extension style files to the Jupyter configuration files. - - .. code-block:: bash - - sudo -E jupyter contrib nbextension install --sys-prefix - -#. Then, you will enable the extensions you would like to use. The syntax for this is - ``jupyter nbextension enable`` followed by the path to the desired extension's main file. - For example, to enable `scratchpad `_, - you would type the following: - - .. code-block:: bash - - sudo -E jupyter nbextension enable scratchpad/main --sys-prefix - -#. When this is completed, the enabled extension should be visible in the extension list: - - .. code-block:: bash - - jupyter nbextension list - -#. You can also verify the availability of the extension via its user interface in the notebook. - For example, spellchecker adds an ABC checkmark icon to the interface. - - .. image:: ../../images/admin/enable-spellcheck.png - :alt: spellcheck-interface-changes diff --git a/docs/howto/admin/https.md b/docs/howto/admin/https.md new file mode 100644 index 0000000..1cdb459 --- /dev/null +++ b/docs/howto/admin/https.md @@ -0,0 +1,118 @@ +(howto-admin-https)= + +# Enable HTTPS + +Every JupyterHub deployment should enable HTTPS! + +HTTPS encrypts traffic so that usernames, passwords and your data are +communicated securely. sensitive bits of information are communicated +securely. The Littlest JupyterHub supports automatically configuring HTTPS +via [Let's Encrypt](https://letsencrypt.org), or setting it up +[manually](#howto-admin-https-manual) with your own TLS key and +certificate. Unless you have a strong reason to use the manual method, +you should use the [Let's Encrypt](#howto-admin-https-letsencrypt) +method. + +:::{note} +You _must_ have a domain name set up to point to the IP address on +which TLJH is accessible before you can set up HTTPS. + +To do that, you would have to log in to the website of your registrar +and go to the DNS records section. The interface will look like something +similar to this: + +```{image} ../../images/dns.png +:alt: Adding an entry to the DNS records +``` + +::: + +(howto-admin-https-letsencrypt)= + +## Automatic HTTPS with Let's Encrypt + +:::{note} +If the machine you are running on is not reachable from the internet - +for example, if it is a machine internal to your organization that +is cut off from the internet - you can not use this method. Please +set up a DNS entry and HTTPS [manually](#howto-admin-https-manual). +::: + +To enable HTTPS via letsencrypt: + +``` +sudo tljh-config set https.enabled true +sudo tljh-config set https.letsencrypt.email you@example.com +sudo tljh-config add-item https.letsencrypt.domains yourhub.yourdomain.edu +``` + +where `you@example.com` is your email address and `yourhub.yourdomain.edu` +is the domain where your hub will be running. + +Once you have loaded this, your config should look like: + +``` +sudo tljh-config show +``` + +```yaml +https: + enabled: true + letsencrypt: + email: you@example.com + domains: + - yourhub.yourdomain.edu +``` + +Finally, you can reload the proxy to load the new configuration: + +``` +sudo tljh-config reload proxy +``` + +At this point, the proxy should negotiate with Let's Encrypt to set up a +trusted HTTPS certificate for you. It may take a moment for the proxy to +negotiate with Let's Encrypt to get your certificates, after which you can +access your Hub securely at . + +These certificates are valid for 3 months. The proxy will automatically +renew them for you before they expire. + +(howto-admin-https-manual)= + +## Manual HTTPS with existing key and certificate + +You may already have an SSL key and certificate. +If so, you can tell your deployment to use these files: + +``` +sudo tljh-config set https.enabled true +sudo tljh-config set https.tls.key /etc/mycerts/mydomain.key +sudo tljh-config set https.tls.cert /etc/mycerts/mydomain.cert +``` + +Once you have loaded this, your config should look like: + +``` +sudo tljh-config show +``` + +```yaml +https: + enabled: true + tls: + key: /etc/mycerts/mydomain.key + cert: /etc/mycerts/mydomain.cert +``` + +Finally, you can reload the proxy to load the new configuration: + +``` +sudo tljh-config reload proxy +``` + +and now access your Hub securely at . + +## Troubleshooting + +If you're having trouble with HTTPS, looking at the [traefik proxy logs](troubleshooting-logs-traefik) might help. diff --git a/docs/howto/admin/https.rst b/docs/howto/admin/https.rst deleted file mode 100644 index 768b45c..0000000 --- a/docs/howto/admin/https.rst +++ /dev/null @@ -1,112 +0,0 @@ -.. _howto/admin/https: - -============ -Enable HTTPS -============ - -Every JupyterHub deployment should enable HTTPS! - -HTTPS encrypts traffic so that usernames, passwords and your data are -communicated securely. sensitive bits of information are communicated -securely. The Littlest JupyterHub supports automatically configuring HTTPS -via `Let's Encrypt `_, or setting it up -:ref:`manually ` with your own TLS key and -certificate. Unless you have a strong reason to use the manual method, -you should use the :ref:`Let's Encrypt ` -method. - -.. note:: - - You *must* have a domain name set up to point to the IP address on - which TLJH is accessible before you can set up HTTPS. - - To do that, you would have to log in to the website of your registrar - and go to the DNS records section. The interface will look like something - similar to this: - - .. image:: ../../images/dns.png - :alt: Adding an entry to the DNS records - -.. _howto/admin/https/letsencrypt: - -Automatic HTTPS with Let's Encrypt -================================== - -.. note:: - - If the machine you are running on is not reachable from the internet - - for example, if it is a machine internal to your organization that - is cut off from the internet - you can not use this method. Please - set up a DNS entry and HTTPS :ref:`manually `. - -To enable HTTPS via letsencrypt:: - - sudo tljh-config set https.enabled true - sudo tljh-config set https.letsencrypt.email you@example.com - sudo tljh-config add-item https.letsencrypt.domains yourhub.yourdomain.edu - -where ``you@example.com`` is your email address and ``yourhub.yourdomain.edu`` -is the domain where your hub will be running. - -Once you have loaded this, your config should look like:: - - sudo tljh-config show - -.. sourcecode:: yaml - - https: - enabled: true - letsencrypt: - email: you@example.com - domains: - - yourhub.yourdomain.edu - -Finally, you can reload the proxy to load the new configuration:: - - sudo tljh-config reload proxy - -At this point, the proxy should negotiate with Let's Encrypt to set up a -trusted HTTPS certificate for you. It may take a moment for the proxy to -negotiate with Let's Encrypt to get your certificates, after which you can -access your Hub securely at https://yourhub.yourdomain.edu. - -These certificates are valid for 3 months. The proxy will automatically -renew them for you before they expire. - -.. _howto/admin/https/manual: - -Manual HTTPS with existing key and certificate -============================================== - -You may already have an SSL key and certificate. -If so, you can tell your deployment to use these files:: - - sudo tljh-config set https.enabled true - sudo tljh-config set https.tls.key /etc/mycerts/mydomain.key - sudo tljh-config set https.tls.cert /etc/mycerts/mydomain.cert - - -Once you have loaded this, your config should look like:: - - sudo tljh-config show - - -.. sourcecode:: yaml - - https: - enabled: true - tls: - key: /etc/mycerts/mydomain.key - cert: /etc/mycerts/mydomain.cert - -Finally, you can reload the proxy to load the new configuration:: - - sudo tljh-config reload proxy - -and now access your Hub securely at https://yourhub.yourdomain.edu. - -Troubleshooting -=============== - -If you're having trouble with HTTPS, looking at the :ref:`traefik -proxy logs ` might help. diff --git a/docs/howto/admin/nbresuse.rst b/docs/howto/admin/nbresuse.md similarity index 53% rename from docs/howto/admin/nbresuse.rst rename to docs/howto/admin/nbresuse.md index 9991406..982933c 100644 --- a/docs/howto/admin/nbresuse.rst +++ b/docs/howto/admin/nbresuse.md @@ -1,15 +1,14 @@ -.. _howto/admin/nbresuse: +(howto-admin-nbresuse)= -======================= -Check your memory usage -======================= +# Check your memory usage -The `jupyter-resource-usage `_ extension is part of +The [jupyter-resource-usage](https://github.com/jupyter-server/jupyter-resource-usage) extension is part of the default installation, and tells you how much memory your user is using right now, and what the memory limit for your user is. It is shown in the top right corner of the notebook interface. Note that this is memory usage for everything your user is running through the Jupyter notebook interface, not just the specific notebook it is shown on. -.. image:: ../../images/nbresuse.png - :alt: Memory limit / usage shown with jupyter-resource-usage +```{image} ../../images/nbresuse.png +:alt: Memory limit / usage shown with jupyter-resource-usage +``` diff --git a/docs/howto/admin/resize.rst b/docs/howto/admin/resize.md similarity index 51% rename from docs/howto/admin/resize.rst rename to docs/howto/admin/resize.md index 99e99c7..44d7ba2 100644 --- a/docs/howto/admin/resize.rst +++ b/docs/howto/admin/resize.md @@ -1,60 +1,58 @@ -.. _howto/admin/resize: +(howto-admin-resize)= -================================================= -Resize the resources available to your JupyterHub -================================================= +# Resize the resources available to your JupyterHub As you are using your JupyterHub, you may need to increase or decrease the amount of resources allocated to your TLJH install. The kinds of resources that can be allocated, as well as the process to do so, will depend on the provider / interface for your VM. We recommend consulting the installation page for your provider for more information. This -page covers the steps your should take on your JupyterHub *after* you've reallocated resources on +page covers the steps your should take on your JupyterHub _after_ you've reallocated resources on the cloud provider of your choice. Currently there are instructions to resize your resources on the following providers: -* :ref:`Digital Ocean `. +- [Digital Ocean](howto-providers-digitalocean-resize) Once resources have been reallocated, you must tell TLJH to make use of these resources, and verify that the resources have become available. -Verifying a Resize -================== +## Verifying a Resize -#. Once you have resized your server, tell the JupyterHub to make use of +1. Once you have resized your server, tell the JupyterHub to make use of these new resources. To accomplish this, follow the instructions in - :ref:`topic/tljh-config` to set new memory or CPU limits and reload the hub. This can be completed + [](/topic/tljh-config) to set new memory or CPU limits and reload the hub. This can be completed using the terminal in the JupyterHub (or via SSH-ing into your VM and using this terminal). -#. TLJH configuration options can be verified by viewing the tljh-config output. +2. TLJH configuration options can be verified by viewing the tljh-config output. - .. code-block:: bash - - sudo tljh-config show + ```bash + sudo tljh-config show + ``` Double-check that your changes are reflected in the output. -#. **To verify changes to memory**, confirm that it worked by starting +3. **To verify changes to memory**, confirm that it worked by starting a new server (if you had one previously running, click "Control Panel -> Stop My Server" to shut down your active server first), opening a notebook, and checking the value of the - `jupyter-resource-usage `_ extension in the upper-right. + [jupyter-resource-usage](https://github.com/jupyter-server/jupyter-resource-usage) extension in the upper-right. - .. image:: ../../images/nbresuse.png - :alt: jupyter-resource-usage demonstration + ```{image} ../../images/nbresuse.png + :alt: jupyter-resource-usage demonstration + ``` -#. **To verify changes to CPU**, use the ``nproc`` from a terminal. +4. **To verify changes to CPU**, use the `nproc` from a terminal. This command displays the number of available cores, and should be equal to the number of cores you selected in your provider's interface. - .. code-block:: bash + ```bash + nproc --all + ``` - nproc --all - -#. **To verify currently-available disk space**, use the ``df`` command in a terminal. This shows - how much disk space is available. The ``-hT`` argument allows us to have this printed in a human readable +5. **To verify currently-available disk space**, use the `df` command in a terminal. This shows + how much disk space is available. The `-hT` argument allows us to have this printed in a human readable format, and condenses the output to show one storage volume. Note that currently you cannot change the disk space on a per-user basis. - .. code-block:: bash - - df -hT /home + ```bash + df -hT /home + ``` diff --git a/docs/howto/admin/resource-estimation.rst b/docs/howto/admin/resource-estimation.md similarity index 67% rename from docs/howto/admin/resource-estimation.rst rename to docs/howto/admin/resource-estimation.md index c818b3d..6e7f263 100644 --- a/docs/howto/admin/resource-estimation.rst +++ b/docs/howto/admin/resource-estimation.md @@ -1,86 +1,78 @@ -.. _howto/admin/resource-estimation: +(howto-admin-resource-estimation)= -=================================== -Estimate Memory / CPU / Disk needed -=================================== +# Estimate Memory / CPU / Disk needed This page helps you estimate how much Memory / CPU / Disk the server you install The Littlest JupyterHub on should have. These are just guidelines to help with estimation - your actual needs will vary. -Memory -====== +## Memory Memory is usually the biggest determinant of server size in most JupyterHub installations. At minimum, your server must have at least **1GB** of RAM for TLJH to install. -.. math:: +$$ +Recommended\, Memory = +(Max\, concurrent\, users \times Max\, mem\, per\, user) + 128MB +$$ - Recommended\, Memory = - (Max\, concurrent\, users \times Max\, mem\, per\, user) + 128MB - - -The ``128MB`` is overhead for TLJH and related services. **Server Memory Recommended** +The `128MB` is overhead for TLJH and related services. **Server Memory Recommended** is the amount of Memory (RAM) the server you acquire should have - we recommend erring on the side of 'more Memory'. The other terms are explained below. -Maximum concurrent users ------------------------- +### Maximum concurrent users Even if your class has 100 students, most of them will not be using the JupyterHub actively at a single given moment. At 2am on a normal night, maybe you'll have 10 students using it. At 2am before a final, maybe you'll have 60 students using it. Maybe you'll have a lab session with all 100 of your students using it at the same time. -The *maximum* number of users actively using the JupyterHub at any given time determines +The _maximum_ number of users actively using the JupyterHub at any given time determines how much memory your server will need. You'll get better at estimating this number over time. We generally recommend between 40-60% of your total class size to start with. -Maximum memory allowed per user -------------------------------- +### Maximum memory allowed per user Depending on what kind of work your users are doing, they will use different amounts of memory. The easiest way to determine this is to run through a typical user -workflow yourself, and measure how much memory is used. You can use :ref:`howto/admin/nbresuse` +workflow yourself, and measure how much memory is used. You can use [](/howto/admin/nbresuse) to determine how much memory your user is using. A good rule of thumb is to take the maximum amount of memory you used during your session, and add 20-40% headroom for users to 'play around'. This is the maximum amount of memory that should be given to each user. -If users use *more* than this alloted amount of memory, their notebook kernel will *restart*. +If users use _more_ than this alloted amount of memory, their notebook kernel will _restart_. -CPU -=== +## CPU CPU estimation is more forgiving than Memory estimation. If there isn't enough CPU for your users, their computation becomes very slow - but does not stop, unlike with RAM. -.. math:: +$$ +Recommended\, CPU = (Max\, concurrent\, users \times Max\, CPU\, usage\, per\, user) + 20\% +$$ - Recommended\, CPU = (Max\, concurrent\, users \times Max\, CPU\, usage\, per\, user) + 20\% - -The ``20%`` is overhead for TLJH and related services. This is around 20% of a +The `20%` is overhead for TLJH and related services. This is around 20% of a single modern CPU. This, of course, is just an estimate. We recommend using the same process used to estimate Memory required for estimating CPU required. You cannot use jupyter-resource-usage for this, but you should carry out normal workflow and investigate the CPU usage on the machine. -Disk space -========== +## Disk space Unlike Memory & CPU, disk space is predicated on **total** number of users, rather than **maximum concurrent** users. -.. math:: +$$ +Recommended\, Disk\, Size = (Total\, users \times Max\, disk\, usage\, per\, user) + 2GB +$$ - Recommended\, Disk\, Size = (Total\, users \times Max\, disk\, usage\, per\, user) + 2GB +## Resizing your server -Resizing your server -==================== - -Lots of cloud providers let your dynamically resize your server if you need it +Many cloud providers let your dynamically resize your server if you need it to be larger or smaller. Usually this requires a restart of the whole server - active users will be logged out, but otherwise usually nothing bad happens. +See [](#howto-admin-resize) for provider-specific instructions on resizing. diff --git a/docs/howto/admin/systemd.md b/docs/howto/admin/systemd.md new file mode 100644 index 0000000..468cea7 --- /dev/null +++ b/docs/howto/admin/systemd.md @@ -0,0 +1,82 @@ +(howto-admin-systemd)= + +# Customizing `systemd` services + +By default, TLJH configures two `systemd` services to run JupyterHub and Traefik. + +These services come with a default set of settings, which are specified in +[jupyterhub.service](https://github.com/jupyterhub/the-littlest-jupyterhub/blob/HEAD/tljh/systemd-units/jupyterhub.service) and +[traefik.service](https://github.com/jupyterhub/the-littlest-jupyterhub/blob/HEAD/tljh/systemd-units/traefik.service). +They look like the following: + +```bash +[Unit] +Requires=traefik.service +After=traefik.service + +[Service] +User=root +Restart=always +WorkingDirectory=/opt/tljh/state +PrivateTmp=yes +PrivateDevices=yes +ProtectKernelTunables=yes +ProtectKernelModules=yes +Environment=TLJH_INSTALL_PREFIX=/opt/tljh +ExecStart=/opt/tljh/hub/bin/python3 -m jupyterhub.app -f jupyterhub_config.py --upgrade-db + +[Install] +WantedBy=multi-user.target +``` + +However in some cases, admins might want to have better control on these settings. + +For example when mounting shared volumes over the network using [Samba](), +these namespacing settings might be a bit too strict and prevent users from accessing the shared volumes. + +## Overriding settings with `override.conf` + +To override the `jupyterhub` settings, it is possible to provide a custom `/etc/systemd/system/jupyterhub.service.d/override.conf` file. + +Here is an example for the content of the file: + +```bash +[Service] +PrivateTmp=no +PrivateDevices=no +ProtectKernelTunables=no +ProtectKernelModules=no +``` + +This example should be useful in the case of mounting volumes using Samba and sharing them with the JupyterHub users. +You might also want to provide your own options, which are listed in the +[systemd documentation](https://www.freedesktop.org/software/systemd/man/systemd.exec.html). + +Then make sure to reload the daemon and the `jupyterhub` service: + +```bash +sudo systemctl daemon-reload +sudo systemctl restart jupyterhub +``` + +Then check the status with: + +```bash +sudo systemctl status jupyterhub +``` + +The output should look like the following: + +```{image} ../../images/admin/jupyterhub-systemd-status.png +:alt: Checking the status of the JupyterHub systemd service +``` + +To override the `traefik` settings, create a new file under `/etc/systemd/system/traefik.service.d/override.conf` +and follow the same steps. + +## References + +If you would like to learn more about the `systemd` security features, check out these references: + +- [List of systemd settings](https://www.freedesktop.org/software/systemd/man/systemd.exec.html) +- [Mastering systemd: Securing and sandboxing applications and services](https://www.redhat.com/sysadmin/mastering-systemd) diff --git a/docs/howto/admin/systemd.rst b/docs/howto/admin/systemd.rst deleted file mode 100644 index d2a5058..0000000 --- a/docs/howto/admin/systemd.rst +++ /dev/null @@ -1,88 +0,0 @@ -.. _howto/admin/systemd: - -================================ -Customizing ``systemd`` services -================================ - -By default, TLJH configures two ``systemd`` services to run JupyterHub and Traefik. - -These services come with a default set of settings, which are specified in -`jupyterhub.service `_ and -`traefik.service `_. -They look like the following: - -.. code-block:: bash - - [Unit] - Requires=traefik.service - After=traefik.service - - [Service] - User=root - Restart=always - WorkingDirectory=/opt/tljh/state - PrivateTmp=yes - PrivateDevices=yes - ProtectKernelTunables=yes - ProtectKernelModules=yes - Environment=TLJH_INSTALL_PREFIX=/opt/tljh - ExecStart=/opt/tljh/hub/bin/python3 -m jupyterhub.app -f jupyterhub_config.py --upgrade-db - - [Install] - WantedBy=multi-user.target - - -However in some cases, admins might want to have better control on these settings. - -For example when mounting shared volumes over the network using `Samba `_, -these namespacing settings might be a bit too strict and prevent users from accessing the shared volumes. - - -Overriding settings with ``override.conf`` -========================================== - -To override the ``jupyterhub`` settings, it is possible to provide a custom ``/etc/systemd/system/jupyterhub.service.d/override.conf`` file. - -Here is an example for the content of the file: - -.. code-block:: bash - - [Service] - PrivateTmp=no - PrivateDevices=no - ProtectKernelTunables=no - ProtectKernelModules=no - -This example should be useful in the case of mounting volumes using Samba and sharing them with the JupyterHub users. -You might also want to provide your own options, which are listed in the -`systemd documentation `_. - -Then make sure to reload the daemon and the ``jupyterhub`` service: - -.. code-block:: bash - - sudo systemctl daemon-reload - sudo systemctl restart jupyterhub - -Then check the status with: - -.. code-block:: bash - - sudo systemctl status jupyterhub - -The output should look like the following: - -.. image:: ../../images/admin/jupyterhub-systemd-status.png - :alt: Checking the status of the JupyterHub systemd service - -To override the ``traefik`` settings, create a new file under ``/etc/systemd/system/traefik.service.d/override.conf`` -and follow the same steps. - - -References -========== - -If you would like to learn more about the ``systemd`` security features, check out these references: - -- `List of systemd settings `_ -- `Mastering systemd: Securing and sandboxing applications and services `_ diff --git a/docs/howto/admin/upgrade-tljh.md b/docs/howto/admin/upgrade-tljh.md new file mode 100644 index 0000000..1cb417a --- /dev/null +++ b/docs/howto/admin/upgrade-tljh.md @@ -0,0 +1,64 @@ +(howto-admin-upgrade-tljh)= + +# Upgrade TLJH + +A TLJH installation is supposed to be upgradable to get updates to JupyterHub +itself and its dependencies in the [hub environment](hub-environment). For +details on what is done during an upgrade, see +[](topic-installer-upgrade-actions). + +## Step 1: Read the changelog + +Before making an upgrade, please read the [](changelog) to become aware about +breaking changes. If there are breaking changes, you may need to update your +configuration files or take other actions as well as part of the upgrade. + +Adjusting to the breaking changes isn't part of this documentation, please rely +on the TLJH changelog and the changelogs of related projects linked to from the +TLJH changelog. + +## Step 2: Consider making a backup + +Before making an upgrade, consider if you want to first make a backup in some +way. While upgrades between TLJH versions are tested with automation, there are +no guarantees. + +This project does't yet provide documentation on how to make backups, but if +TLJH is installed on a virtual machine in a cloud, a good option is to try +create a snapshot of the associated disk. If this isn't an option, you could +consider making a backup of the files in `/opt/tljh` that contain most but not +all things during an upgrade, or perhaps only the JupyterHub database with +information about its users in `/opt/tljh/state` together with some other +details. + +## Step 3: Make the upgrade + +To initialize the upgrade, do the following from a terminal on the machine where +TLJH is installed. + +```shell +# IMPORTANT: This should NOT be run from a JupyterHub started user server, but +# should only run from a standalone terminal session in the machine +# where TLJH has been installed. +# +curl -L https://tljh.jupyter.org/bootstrap.py \ + | sudo python3 - \ + --version=latest +``` + +You can also upgrade to specific version by changing `--version=latest` to +`--version=1.0.0` or similar. There is no need to specify admin users etc again. + +## Step 4: Verify function + +After having made an upgrade its always good to verify that the JupyterHub +installation still works as expected. You may want to try logging out, logging +in, and starting a new server for example. + +If you have issues consider the [](troubleshooting) documentation. If you need +help you can ask questions in [Jupyter forum], and if you think there is a bug +or documentation improvement that should be made you can open an issue or pull +request in the [TLJH GitHub project]. + +[jupyter forum]: https://discourse.jupyter.org/c/jupyterhub/tljh +[tljh github project]: https://github.com/jupyterhub/the-littlest-jupyterhub diff --git a/docs/howto/auth/awscognito.md b/docs/howto/auth/awscognito.md new file mode 100644 index 0000000..3827189 --- /dev/null +++ b/docs/howto/auth/awscognito.md @@ -0,0 +1,157 @@ +(howto-auth-awscognito)= + +# Authenticate using AWS Cognito + +```{warning} +This documentation has not been updated recently, and a major version of +OAuthenticator has been released since it was. Due to that, please only use this +_as a complement_ to the official [OAuthenticator documentation]. + +[OAuthenticator documentation]: https://oauthenticator.readthedocs.io/en/latest/tutorials/provider-specific-setup/providers/generic.html#setup-for-aws-cognito + +Going onwards, the goal is to ensure we have good documentation in the +OAuthenticator project and reference that instead of maintaining similar +documentation in this project also. +``` + +The **AWS Cognito Authenticator** lets users log into your JupyterHub using +cognito user pools. To do so, you'll first need to register and configure a +cognito user pool and app, and then provide information about this +application to your `tljh` configuration. + +## Create an AWS Cognito application + +1. Create a user pool [Getting Started with User Pool](https://docs.aws.amazon.com/cognito/latest/developerguide/getting-started-with-cognito-user-pools.html). + + When you have completed creating a user pool, app, and domain you should have the following settings available to you: + + - **App client id**: From the App client page + + - **App client secret** From the App client page + + - **Callback URL** This should be the domain you are hosting you server on: + + ``` + http(s):///hub/oauth_callback + ``` + + - **Signout URL**: This is the landing page for a user when they are not logged on: + + ``` + http(s):// + ``` + + - **Auth Domain** Create an auth domain e.g. \: + + ``` + https://<.auth.eu-west-1.amazoncognito.com + ``` + +## Install and configure an AWS EC2 Instance with userdata + +By adding following script to the ec2 instance user data you should be +able to configure the instance automatically, replace relevant placeholders: + +```bash +#!/bin/bash +############################################## +# Ensure tljh is up to date +############################################## +curl -L https://tljh.jupyter.org/bootstrap.py \ + | sudo python3 - \ + --admin insightadmin + +############################################## +# Setup AWS Cognito OAuthenticator +############################################## +echo > /opt/tljh/config/jupyterhub_config.d/awscognito.py <`_. - - When you have completed creating a user pool, app, and domain you should have the following settings available to you: - - * **App client id**: From the App client page - * **App client secret** From the App client page - * **Callback URL** This should be the domain you are hosting you server on:: - - http(s):///hub/oauth_callback - - * **Signout URL**: This is the landing page for a user when they are not logged on:: - - http(s):// - - * **Auth Domain** Create an auth domain e.g. :: - - https://<.auth.eu-west-1.amazoncognito.com - - -Install and configure an AWS EC2 Instance with userdata -======================================================= - -By adding following script to the ec2 instance user data you should be -able to configure the instance automatically, replace relevant placeholders:: - - #!/bin/bash - ############################################## - # Ensure tljh is up to date - ############################################## - curl -L https://tljh.jupyter.org/bootstrap.py \ - | sudo python3 - \ - --admin insightadmin - - ############################################## - # Setup AWS Cognito OAuthenticator - ############################################## - echo > /opt/tljh/config/jupyterhub_config.d/awscognito.py < + ``` + + Remember to replace `` with the password you choose. + +2. Enable the authenticator and reload config to apply configuration: + + ```bash + sudo tljh-config set auth.type dummy + ``` + + ```bash + sudo tljh-config reload + ``` + +Users who are currently logged in will continue to be logged in. When they +log out and try to log back in, they will be asked to provide a username and +password. + +## Changing the password + +The password used by DummyAuthenticator can be changed with the following +commands: + +```bash +tljh-config set auth.DummyAuthenticator.password +``` + +```bash +tljh-config reload +``` diff --git a/docs/howto/auth/dummy.rst b/docs/howto/auth/dummy.rst deleted file mode 100644 index 5a92d89..0000000 --- a/docs/howto/auth/dummy.rst +++ /dev/null @@ -1,51 +0,0 @@ -.. _howto/auth/dummy: - -===================================================== -Authenticate *any* user with a single shared password -===================================================== - -The **Dummy Authenticator** lets *any* user log in with the given password. -This authenticator is **extremely insecure**, so do not use it if you can -avoid it. - -Enabling the authenticator -========================== - -1. Always use DummyAuthenticator with a password. You can communicate this - password to all your users via an out of band mechanism (like writing on - a whiteboard). Once you have selected a password, configure TLJH to use - the password by executing the following from an admin console. - - .. code-block:: bash - - sudo tljh-config set auth.DummyAuthenticator.password - - Remember to replace ```` with the password you choose. - -2. Enable the authenticator and reload config to apply configuration: - - .. code-block:: bash - - sudo tljh-config set auth.type dummy - - .. code-block:: bash - - sudo tljh-config reload - -Users who are currently logged in will continue to be logged in. When they -log out and try to log back in, they will be asked to provide a username and -password. - -Changing the password -===================== - -The password used by DummyAuthenticator can be changed with the following -commands: - -.. code-block:: bash - - tljh-config set auth.DummyAuthenticator.password - -.. code-block:: bash - - tljh-config reload diff --git a/docs/howto/auth/firstuse.md b/docs/howto/auth/firstuse.md new file mode 100644 index 0000000..3bd05d4 --- /dev/null +++ b/docs/howto/auth/firstuse.md @@ -0,0 +1,91 @@ +(howto-auth-firstuse)= + +# Let users choose a password when they first log in + +```{warning} +This documentation is not being updated regularly and may be out of date. Due to +that, please only use this _as a complement_ to the official +[FirstUseAuthenticator documentation]. + +[FirstUseAuthenticator documentation]: https://github.com/jupyterhub/firstuseauthenticator#readme + +Going onwards, the goal is to ensure we have good documentation in the +FirstUseAuthenticator project and reference that instead of maintaining similar +documentation in this project also. +``` + +The **First Use Authenticator** lets users choose their own password. +Upon their first log-in attempt, whatever password they use will be stored +as their password for subsequent log in attempts. This is +the default authenticator that ships with TLJH. + +## Enabling the authenticator + +:::{note} +the FirstUseAuthenticator is enabled by default in TLJH. +::: + +Enable the authenticator and reload config to apply the configuration: + +```bash +sudo tljh-config set auth.type firstuseauthenticator.FirstUseAuthenticator +sudo tljh-config reload +``` + +Users who are currently logged in will continue to be logged in. When they +log out and try to log back in, they will be asked to provide a username and +password. + +## Users changing their own password + +Users can change their password by first logging into their account and then visiting +the url `/hub/auth/change-password`. + +## Allowing anyone to log in to your JupyterHub + +By default, you need to manually create user accounts before they will be able +to log in to your JupyterHub. If you wish to allow **any** user to access +the JupyterHub, run the following command. + +```bash +tljh-config set auth.FirstUseAuthenticator.create_users true +tljh-config reload +``` + +## Resetting user password + +The admin can reset user passwords by _deleting_ the user from the JupyterHub admin +page. This logs the user out, but does **not** remove any of their data or +home directories. The user can then set a new password by logging in again with +their new password. + +1. As an admin user, open the **Control Panel** by clicking the control panel + button on the top right of your JupyterHub. + + ```{image} ../../images/control-panel-button.png + :alt: Control panel button in notebook, top right + ``` + +2. In the control panel, open the **Admin** link in the top left. + + ```{image} ../../images/admin/admin-access-button.png + :alt: Admin button in control panel, top left + ``` + + This opens up the JupyterHub admin page, where you can add / delete users, + start / stop peoples' servers and see who is online. + +3. **Delete** the user whose password needs resetting. Remember this **does not** + delete their data or home directory. + + ```{image} ../../images/auth/firstuse/delete-user.png + :alt: Delete user button for each user + ``` + + If there is a confirmation dialog, confirm the deletion. This will also log the + user out if they were currently running. + +4. Re-create the user whose password needs resetting within that same dialog. + +5. Ask the user to log in again with their new password as usual. This will be their + new password going forward. diff --git a/docs/howto/auth/firstuse.rst b/docs/howto/auth/firstuse.rst deleted file mode 100644 index b81f6f4..0000000 --- a/docs/howto/auth/firstuse.rst +++ /dev/null @@ -1,81 +0,0 @@ -.. _howto/auth/firstuse: - -================================================== -Let users choose a password when they first log in -================================================== - -The **First Use Authenticator** lets users choose their own password. -Upon their first log-in attempt, whatever password they use will be stored -as their password for subsequent log in attempts. This is -the default authenticator that ships with TLJH. - -Enabling the authenticator -========================== - -.. note:: the FirstUseAuthenticator is enabled by default in TLJH. - -#. Enable the authenticator and reload config to apply the configuration: - -.. code-block:: bash - - sudo tljh-config set auth.type firstuseauthenticator.FirstUseAuthenticator - sudo tljh-config reload - -Users who are currently logged in will continue to be logged in. When they -log out and try to log back in, they will be asked to provide a username and -password. - -Users changing their own password -================================= - -Users can change their password by first logging into their account and then visiting -the url ``/hub/auth/change-password``. - -Allowing anyone to log in to your JupyterHub -============================================ - -By default, you need to manually create user accounts before they will be able -to log in to your JupyterHub. If you wish to allow **any** user to access -the JupyterHub, run the following command. - -.. code-block:: bash - - tljh-config set auth.FirstUseAuthenticator.create_users true - tljh-config reload - - -Resetting user password -======================= - -The admin can reset user passwords by *deleting* the user from the JupyterHub admin -page. This logs the user out, but does **not** remove any of their data or -home directories. The user can then set a new password by logging in again with -their new password. - -#. As an admin user, open the **Control Panel** by clicking the control panel - button on the top right of your JupyterHub. - - .. image:: ../../images/control-panel-button.png - :alt: Control panel button in notebook, top right - -#. In the control panel, open the **Admin** link in the top left. - - .. image:: ../../images/admin/admin-access-button.png - :alt: Admin button in control panel, top left - - This opens up the JupyterHub admin page, where you can add / delete users, - start / stop peoples' servers and see who is online. - -#. **Delete** the user whose password needs resetting. Remember this **does not** - delete their data or home directory. - - .. image:: ../../images/auth/firstuse/delete-user.png - :alt: Delete user button for each user - - If there is a confirmation dialog, confirm the deletion. This will also log the - user out if they were currently running. - -#. Re-create the user whose password needs resetting within that same dialog. - -#. Ask the user to log in again with their new password as usual. This will be their - new password going forward. diff --git a/docs/howto/auth/github.md b/docs/howto/auth/github.md new file mode 100644 index 0000000..47fed0a --- /dev/null +++ b/docs/howto/auth/github.md @@ -0,0 +1,120 @@ +(howto-auth-github)= + +# Authenticate using GitHub Usernames + +```{warning} +This documentation has not been updated recently, and a major version of +OAuthenticator has been released since it was. Due to that, please only use this +_as a complement_ to the official [OAuthenticator documentation]. + +[OAuthenticator documentation]: https://oauthenticator.readthedocs.io/en/latest/tutorials/provider-specific-setup/providers/github.html + +Going onwards, the goal is to ensure we have good documentation in the +OAuthenticator project and reference that instead of maintaining similar +documentation in this project also. +``` + +The **GitHub Authenticator** lets users log into your JupyterHub using their +GitHub user ID / password. To do so, you'll first need to register an +application with GitHub, and then provide information about this +application to your `tljh` configuration. + +:::{note} +You'll need a GitHub account in order to complete these steps. +::: + +## Step 1: Create a GitHub application + +1. Go to the [GitHub OAuth app creation page](https://github.com/settings/applications/new). + + - **Application name**: Choose a descriptive application name (e.g. `tljh`) + + - **Homepage URL**: Use the IP address or URL of your JupyterHub. e.g. `` http(s)://` ``. + + - **Application description**: Use any description that you like. + + - **Authorization callback URL**: Insert text with the following form: + + ``` + http(s):///hub/oauth_callback + ``` + + - When you're done filling in the page, it should look something like this: + + ```{image} ../../images/auth/github/create_application.png + :alt: Create a GitHub OAuth application + ``` + +2. Click "Register application". You'll be taken to a page with the registered application details. + +3. Copy the **Client ID** and **Client Secret** from the application details + page. You will use these later to configure your JupyterHub authenticator. + + ```{image} ../../images/auth/github/client_id_secret.png + :alt: Your client ID and secret + ``` + +:::{important} +If you are using a virtual machine from a cloud provider and +**stop the VM**, then when you re-start the VM, the provider will likely assign a **new public +IP address** to it. In this case, **you must update your GitHub application information** +with the new IP address. +::: + +## Configure your JupyterHub to use the GitHub Oauthenticator + +We'll use the `tljh-config` tool to configure your JupyterHub's authentication. +For more information on `tljh-config`, see [](/topic/tljh-config). + +1. Log in as an administrator account to your JupyterHub. + +2. Open a terminal window. + + ```{image} ../../images/notebook/new-terminal-button.png + :alt: New terminal button. + ``` + +3. Configure the GitHub OAuthenticator to use your client ID, client secret and callback URL with the following commands: + + ``` + sudo tljh-config set auth.GitHubOAuthenticator.client_id '' + ``` + + ``` + sudo tljh-config set auth.GitHubOAuthenticator.client_secret '' + ``` + + ``` + sudo tljh-config set auth.GitHubOAuthenticator.oauth_callback_url 'http(s):///hub/oauth_callback' + ``` + +4. Tell your JupyterHub to _use_ the GitHub OAuthenticator for authentication: + + ``` + sudo tljh-config set auth.type oauthenticator.github.GitHubOAuthenticator + ``` + +5. Restart your JupyterHub so that new users see these changes: + + ``` + sudo tljh-config reload + ``` + +## Confirm that the new authenticator works + +1. **Open an incognito window** in your browser (do not log out until you confirm + that the new authentication method works!) + +2. Go to your JupyterHub URL. + +3. You should see a GitHub login button like below: + + ```{image} ../../images/auth/github/login_button.png + :alt: The GitHub authenticator login button. + ``` + +4. After you log in with your GitHub credentials, you should be directed to the + Jupyter interface used in this JupyterHub. + +5. **If this does not work** you can revert back to the default + JupyterHub authenticator by following the steps in [](/howto/auth/firstuse). diff --git a/docs/howto/auth/github.rst b/docs/howto/auth/github.rst deleted file mode 100644 index 9516150..0000000 --- a/docs/howto/auth/github.rst +++ /dev/null @@ -1,93 +0,0 @@ -.. _howto/auth/github: - -=================================== -Authenticate using GitHub Usernames -=================================== - -The **GitHub Authenticator** lets users log into your JupyterHub using their -GitHub user ID / password. To do so, you'll first need to register an -application with GitHub, and then provide information about this -application to your ``tljh`` configuration. - -.. note:: - - You'll need a GitHub account in order to complete these steps. - -Step 1: Create a GitHub application -=================================== - -#. Go to the `GitHub OAuth app creation page `_. - - * **Application name**: Choose a descriptive application name (e.g. ``tljh``) - * **Homepage URL**: Use the IP address or URL of your JupyterHub. e.g. ``http(s)://```. - * **Application description**: Use any description that you like. - * **Authorization callback URL**: Insert text with the following form:: - - http(s):///hub/oauth_callback - - * When you're done filling in the page, it should look something like this: - - .. image:: ../../images/auth/github/create_application.png - :alt: Create a GitHub OAuth application -#. Click "Register application". You'll be taken to a page with the registered application details. -#. Copy the **Client ID** and **Client Secret** from the application details - page. You will use these later to configure your JupyterHub authenticator. - - .. image:: ../../images/auth/github/client_id_secret.png - :alt: Your client ID and secret - -.. important:: - - If you are using a virtual machine from a cloud provider and - **stop the VM**, then when you re-start the VM, the provider will likely assign a **new public - IP address** to it. In this case, **you must update your GitHub application information** - with the new IP address. - -Configure your JupyterHub to use the GitHub Oauthenticator -========================================================== - -We'll use the ``tljh-config`` tool to configure your JupyterHub's authentication. -For more information on ``tljh-config``, see :ref:`topic/tljh-config`. - -#. Log in as an administrator account to your JupyterHub. -#. Open a terminal window. - - .. image:: ../../images/notebook/new-terminal-button.png - :alt: New terminal button. - -#. Configure the GitHub OAuthenticator to use your client ID, client secret and callback URL with the following commands:: - - sudo tljh-config set auth.GitHubOAuthenticator.client_id '' - - :: - - sudo tljh-config set auth.GitHubOAuthenticator.client_secret '' - - :: - - sudo tljh-config set auth.GitHubOAuthenticator.oauth_callback_url 'http(s):///hub/oauth_callback' - -#. Tell your JupyterHub to *use* the GitHub OAuthenticator for authentication:: - - sudo tljh-config set auth.type oauthenticator.github.GitHubOAuthenticator - -#. Restart your JupyterHub so that new users see these changes:: - - sudo tljh-config reload - -Confirm that the new authenticator works -======================================== - -#. **Open an incognito window** in your browser (do not log out until you confirm - that the new authentication method works!) -#. Go to your JupyterHub URL. -#. You should see a GitHub login button like below: - - .. image:: ../../images/auth/github/login_button.png - :alt: The GitHub authenticator login button. - -#. After you log in with your GitHub credentials, you should be directed to the - Jupyter interface used in this JupyterHub. - -#. **If this does not work** you can revert back to the default - JupyterHub authenticator by following the steps in :ref:`howto/auth/firstuse`. diff --git a/docs/howto/auth/google.md b/docs/howto/auth/google.md new file mode 100644 index 0000000..2d74893 --- /dev/null +++ b/docs/howto/auth/google.md @@ -0,0 +1,221 @@ +(howto-auth-google)= + +# Authenticate using Google + +```{warning} +This documentation has not been updated recently, and a major version of +OAuthenticator has been released since it was. Due to that, please only use this +_as a complement_ to the official [OAuthenticator documentation]. + +[OAuthenticator documentation]: https://oauthenticator.readthedocs.io/en/latest/tutorials/provider-specific-setup/providers/google.html + +Going onwards, the goal is to ensure we have good documentation in the +OAuthenticator project and reference that instead of maintaining similar +documentation in this project also. +``` + +The **Google OAuthenticator** lets users log into your JupyterHub using their +Google user ID / password. To do so, you'll first need to register an +application with Google, and then provide information about this +application to your `tljh` configuration. +See [Google's documentation](https://developers.google.com/identity/protocols/OAuth2) +on how to create OAUth 2.0 client credentials. + +:::{note} +You'll need a Google account in order to complete these steps. +::: + +## Step 1: Create a Google project + +Go to [Google Developers Console](https://console.developers.google.com) +and create a new project: + +```{image} ../../images/auth/google/create_new_project.png +:alt: Create a Google project +``` + +## Step 2: Set up a Google OAuth client ID and secret + +1. After creating and selecting the project: + +- Go to the credentials menu: + + ```{image} ../../images/auth/google/credentials_button.png + :alt: Credentials menu + ``` + +- Click "Create credentials" and from the dropdown menu select **"OAuth client ID"**: + + ```{image} ../../images/auth/google/create_credentials.png + :alt: Generate credentials + ``` + +- You will have to fill a form with: + + - **Application type**: Choose _Web application_ + + - **Name**: A descriptive name for your OAuth client ID (e.g. `tljh-client`) + + - **Authorized JavaScript origins**: Use the IP address or URL of your JupyterHub. e.g. `http(s)://`. + + - **Authorized redirect URIs**: Insert text with the following form: + + ``` + http(s):///hub/oauth_callback + ``` + + - When you're done filling in the page, it should look something like this (ideally without the red warnings): + + ```{image} ../../images/auth/google/create_oauth_client_id.png + :alt: Create a Google OAuth client ID + ``` + +2. Click "Create". You'll be taken to a page with the registered application details. + +3. Copy the **Client ID** and **Client Secret** from the application details + page. You will use these later to configure your JupyterHub authenticator. + + ```{image} ../../images/auth/google/client_id_secret.png + :alt: Your client ID and secret + ``` + +:::{important} +If you are using a virtual machine from a cloud provider and +**stop the VM**, then when you re-start the VM, the provider will likely assign a **new public +IP address** to it. In this case, **you must update your Google application information** +with the new IP address. +::: + +## Step 3: Configure your JupyterHub to use the Google OAuthenticator + +### Configuration with `tljh-config` + +In this section we'll use the `tljh-config` tool to configure your JupyterHub's authentication. +For more information on `tljh-config`, see [](/topic/tljh-config). + +:::{important} +By default, the following allows _anyone_ with a Google account to login. +You can set specific allowed users and admins using [](#tljh-set-user-lists). +::: + +1. Log in as an administrator account to your JupyterHub. + +2. Open a terminal window. + + ```{image} ../../images/notebook/new-terminal-button.png + :alt: New terminal button. + ``` + +3. Configure the Google OAuthenticator to use your client ID, client secret and callback URL with the following commands: + + ``` + sudo tljh-config set auth.GoogleOAuthenticator.client_id '' + ``` + + ``` + sudo tljh-config set auth.GoogleOAuthenticator.client_secret '' + ``` + + ``` + sudo tljh-config set auth.GoogleOAuthenticator.oauth_callback_url 'http(s):///hub/oauth_callback' + ``` + +4. Tell your JupyterHub to _use_ the Google OAuthenticator for authentication: + + ``` + sudo tljh-config set auth.type oauthenticator.google.GoogleOAuthenticator + ``` + +5. Restart your JupyterHub so that new users see these changes: + + ``` + sudo tljh-config reload + ``` + +### Advanced Configuration with Google Groups + +Administrative and regular users of your TLJH can also be easily managed with Google Groups. +This requires a service account and a Workspace admin account that can be impersonated by the +service account to read groups in your domain. You may need to contact your Google Workspace +administrator for help performing these steps. + +1. [Create a service account](https://cloud.google.com/iam/docs/service-accounts-create). + +1. [Create a service account key](https://developers.google.com/workspace/guides/create-credentials#create_credentials_for_a_service_account). Keep this key in a safe space, you will need to add it to your instance later. + +1. Setup [domain-wide delegation](https://developers.google.com/workspace/guides/create-credentials#optional_set_up_domain-wide_delegation_for_a_service_account) for the service account that includes the following scopes: + ``` + https://www.googleapis.com/auth/admin.directory.user.readonly + https://www.googleapis.com/auth/admin.directory.group.readonly + ``` +1. Add the service account key to your instance and ensure it is _not_ readable by non-admin users of the hub. + :::{important} + The service account key is a secret. Anyone for whom you configure admin privileges on your TLJH instance will be able to access it. + ::: + +1. Log in as an administrator account to your JupyterHub. + +1. Open a terminal window. + + ```{image} ../../images/notebook/new-terminal-button.png + :alt: New terminal button. + ``` + +1. Install the extra requirements within the hub environment. + + ``` + source /opt/tljh/hub/bin/activate + pip3 install oauthenticator[googlegroups] + deactivate + ``` + +1. Create a configuration directory `jupyterhub_config.d` within `/opt/tljh/config/`. + Any `.py` files within this directory will be sourced for configuration. + + ``` + sudo mkdir /opt/tljh/config/jupyterhub_config.d + ``` + +1. Configure your hub for Google Groups-based authentication by adding the following to a `.py` file within `/opt/tljh/config/jupyterhub_config.d`. + + ```python + from oauthenticator.google import GoogleOAuthenticator + c.JupyterHub.authenticator_class = GoogleOAuthenticator + + c.GoogleOAuthenticator.google_service_account_keys = {'': ''} + c.GoogleOAuthenticator.gsuite_administrator = {'': ''} + c.GoogleOAuthenticator.allowed_google_groups = {'': ['example-group', 'another-example-group']} + c.GoogleOAuthenticator.admin_google_groups = {'': ['example-admin-group', 'another-example-admin-group']} + c.GoogleOAuthenticator.client_id = '' + c.GoogleOAuthenticator.client_secret = '' + c.GoogleOAuthenticator.hosted_domain = '' + c.GoogleOAuthenticator.login_service = '' + c.GoogleOAuthenticator.oauth_callback_url = 'http(s):///hub/oauth_callback' + ``` + + See the [Google OAuthenticator documentation](https://oauthenticator.readthedocs.io/en/latest/reference/api/gen/oauthenticator.google.html) + for more information on these and other configuration options. + +1. Reload your configuration for the changes to take effect: + ``` + sudo tljh-config reload + ``` + +## Step 4: Confirm that the new authenticator works + +1. **Open an incognito window** in your browser (do not log out until you confirm + that the new authentication method works!) + +2. Go to your JupyterHub URL. + +3. You should see a Google login button like below: + + ```{image} ../../images/auth/google/login_button.png + :alt: The Google authenticator login button. + ``` + +4. After you log in with your Google credentials, you should be directed to the + Jupyter interface used in this JupyterHub. + +5. **If this does not work** you can revert back to the default + JupyterHub authenticator by following the steps in [](/howto/auth/firstuse). diff --git a/docs/howto/auth/google.rst b/docs/howto/auth/google.rst deleted file mode 100644 index d3e9e60..0000000 --- a/docs/howto/auth/google.rst +++ /dev/null @@ -1,119 +0,0 @@ -.. _howto/auth/google: - -========================= -Authenticate using Google -========================= - -The **Google Authenticator** lets users log into your JupyterHub using their -Google user ID / password. To do so, you'll first need to register an -application with Google, and then provide information about this -application to your ``tljh`` configuration. -See `Google's documentation `_ -on how to create OAUth 2.0 client credentials. - - -.. note:: - - You'll need a Google account in order to complete these steps. - -Step 1: Create a Google project -=============================== - -Go to `Google Developers Console `_ -and create a new project: - - .. image:: ../../images/auth/google/create_new_project.png - :alt: Create a Google project - - -Step 2: Set up a Google OAuth client ID and secret -================================================== - -1. After creating and selecting the project: - - * Go to the credentials menu: - - .. image:: ../../images/auth/google/credentials_button.png - :alt: Credentials menu - - * Click "Create credentials" and from the dropdown menu select **"OAuth client ID"**: - - .. image:: ../../images/auth/google/create_credentials.png - :alt: Generate credentials - - * You will have to fill a form with: - * **Application type**: Choose *Web application* - * **Name**: A descriptive name for your OAuth client ID (e.g. ``tljh-client``) - * **Authorized JavaScript origins**: Use the IP address or URL of your JupyterHub. e.g. ``http(s)://``. - * **Authorized redirect URIs**: Insert text with the following form:: - - http(s):///hub/oauth_callback - - * When you're done filling in the page, it should look something like this (ideally without the red warnings): - - .. image:: ../../images/auth/google/create_oauth_client_id.png - :alt: Create a Google OAuth client ID - - -2. Click "Create". You'll be taken to a page with the registered application details. -3. Copy the **Client ID** and **Client Secret** from the application details - page. You will use these later to configure your JupyterHub authenticator. - - .. image:: ../../images/auth/google/client_id_secret.png - :alt: Your client ID and secret - -.. important:: - - If you are using a virtual machine from a cloud provider and - **stop the VM**, then when you re-start the VM, the provider will likely assign a **new public - IP address** to it. In this case, **you must update your Google application information** - with the new IP address. - -Configure your JupyterHub to use the Google Oauthenticator -========================================================== - -We'll use the ``tljh-config`` tool to configure your JupyterHub's authentication. -For more information on ``tljh-config``, see :ref:`topic/tljh-config`. - -#. Log in as an administrator account to your JupyterHub. -#. Open a terminal window. - - .. image:: ../../images/notebook/new-terminal-button.png - :alt: New terminal button. - -#. Configure the Google OAuthenticator to use your client ID, client secret and callback URL with the following commands:: - - sudo tljh-config set auth.GoogleOAuthenticator.client_id '' - - :: - - sudo tljh-config set auth.GoogleOAuthenticator.client_secret '' - - :: - - sudo tljh-config set auth.GoogleOAuthenticator.oauth_callback_url 'http(s):///hub/oauth_callback' - -#. Tell your JupyterHub to *use* the Google OAuthenticator for authentication:: - - sudo tljh-config set auth.type oauthenticator.google.GoogleOAuthenticator - -#. Restart your JupyterHub so that new users see these changes:: - - sudo tljh-config reload - -Confirm that the new authenticator works -======================================== - -#. **Open an incognito window** in your browser (do not log out until you confirm - that the new authentication method works!) -#. Go to your JupyterHub URL. -#. You should see a Google login button like below: - - .. image:: ../../images/auth/google/login_button.png - :alt: The Google authenticator login button. - -#. After you log in with your Google credentials, you should be directed to the - Jupyter interface used in this JupyterHub. - -#. **If this does not work** you can revert back to the default - JupyterHub authenticator by following the steps in :ref:`howto/auth/firstuse`. diff --git a/docs/howto/auth/nativeauth.md b/docs/howto/auth/nativeauth.md new file mode 100644 index 0000000..370e2e2 --- /dev/null +++ b/docs/howto/auth/nativeauth.md @@ -0,0 +1,45 @@ +(howto-auth-nativeauth)= + +# Let users sign up with a username and password + +```{warning} +This documentation is not being updated regularly and may be out of date. Due to +that, please only use this _as a complement_ to the official +[NativeAuthenticator documentation]. + +[NativeAuthenticator documentation]: https://native-authenticator.readthedocs.io/en/latest/ + +Going onwards, the goal is to ensure we have good documentation in the +NativeAuthenticator project and reference that instead of maintaining similar +documentation in this project also. +``` + +The **Native Authenticator** lets users signup for creating a new username +and password. +When they signup, they won't be able to login until they are authorized by an +admin. Users that are characterized as admin have to signup as well, but they +will be authorized automatically. + +## Enabling the authenticator + +Enable the authenticator and reload config to apply the configuration: + +```bash +sudo tljh-config set auth.type nativeauthenticator.NativeAuthenticator +sudo tljh-config reload +``` + +## Allowing all users to be authorized after signup + +By default, all users created on signup don't have authorization to login. +If you wish to allow **any** user to access +the JupyterHub just after the signup, run the following command: + +```bash +tljh-config set auth.NativeAuthenticator.open_signup true +tljh-config reload +``` + +## Optional features + +More optional features are available on the `authenticator documentation ` diff --git a/docs/howto/auth/nativeauth.rst b/docs/howto/auth/nativeauth.rst deleted file mode 100644 index a2701b1..0000000 --- a/docs/howto/auth/nativeauth.rst +++ /dev/null @@ -1,40 +0,0 @@ -.. _howto/auth/nativeauth: - -============================================== -Let users sign up with a username and password -============================================== - -The **Native Authenticator** lets users signup for creating a new username -and password. -When they signup, they won't be able to login until they are authorized by an -admin. Users that are characterized as admin have to signup as well, but they -will be authorized automatically. - - -Enabling the authenticator -========================== - -Enable the authenticator and reload config to apply the configuration: - -.. code-block:: bash - - sudo tljh-config set auth.type nativeauthenticator.NativeAuthenticator - sudo tljh-config reload - - -Allowing all users to be authorized after signup -================================================ - -By default, all users created on signup don't have authorization to login. -If you wish to allow **any** user to access -the JupyterHub just after the signup, run the following command: - -.. code-block:: bash - - tljh-config set auth.NativeAuthenticator.open_signup true - tljh-config reload - -Optional features -================= - -More optional features are available on the `authenticator documentation ` diff --git a/docs/howto/content/add-data.md b/docs/howto/content/add-data.md new file mode 100644 index 0000000..9115877 --- /dev/null +++ b/docs/howto/content/add-data.md @@ -0,0 +1,100 @@ +(howto-content-add-data)= + +# Adding data to the JupyterHub + +This section covers how to add data to your JupyterHub either from the internet +or from your own machine. To learn how to **share data** that is already +on your JupyterHub, see [](/howto/content/share-data). + +:::{note} +When you add data using the methods on this page, you will **only add it +to your user directory**. This is not a place that is accessible to others. +For information on sharing this data with users on the JupyterHub, see +[](/howto/content/share-data). +::: + +## Adding data from your local machine + +The easiest way to add data to your JupyterHub is to use the "Upload" user +interface. To do so, follow these steps: + +1. First, navigate to the Jupyter Notebook interface home page. You can do this + by going to the URL `/user//tree`. + +2. Click the "Upload" button to open the file chooser window. + + ```{image} ../../images/content/upload-button.png + :alt: The upload button in Jupyter. + ``` + +3. Choose the file you wish to upload. You may select multiple files if you + wish. + +4. Click "Upload" for each file that you wish to upload. + + ```{image} ../../images/content/file-upload-buttons.png + :alt: Multiple file upload buttons. + ``` + +5. Wait for the progress bar to finish for each file. These files will now + be on your JupyterHub, your home user's home directory. + +To learn how to **share** this data with new users on the JupyterHub, +see [](/howto/content/share-data). + +## Downloading data from the command line + +If the data of interest is on the internet, you may also use code in order +to download it to your JupyterHub. There are several ways of doing this, so +we'll cover the simplest approach using the unix tool `wget`. + +1. Log in to your JupyterHub and open a terminal window. + + ```{image} ../../images/notebook/new-terminal-button.png + :alt: New terminal button. + ``` + +2. Use `wget` to download the file to your current directory in the terminal. + + ```bash + wget + ``` + +### Example: Downloading the [gapminder](https://www.gapminder.org/) dataset. + +In this example we'll download the [gapminder](https://www.gapminder.org/) +dataset, which contains information about country GDP and live expectancy over +time. You can download it from your browser [at this link](https://swcarpentry.github.io/python-novice-gapminder/files/python-novice-gapminder-data.zip). + +1. Log in to your JupyterHub and open a terminal window. + + ```{image} ../../images/notebook/new-terminal-button.png + :alt: New terminal button. + ``` + +2. Use `wget` to download the gapminder dataset to your current directory in + the terminal. + + ```bash + wget https://swcarpentry.github.io/python-novice-gapminder/files/python-novice-gapminder-data.zip + ``` + +3. This is a **zip** file, so we'll need to download a unix tool called "unzip" + in order to unzip it. + + ```bash + sudo apt install unzip + ``` + +4. Finally, unzip the file: + + ```bash + unzip python-novice-gapminder-data.zip + ``` + +5. Confirm that your data was unzipped. It could be in a folder called `data/`. + +To learn how to **share** this data with new users on the JupyterHub, +see [](/howto/content/share-data). + +% TODO: Downloading data with the "download" module in Python? https://github.com/choldgraf/download diff --git a/docs/howto/content/add-data.rst b/docs/howto/content/add-data.rst deleted file mode 100644 index c9ba8f0..0000000 --- a/docs/howto/content/add-data.rst +++ /dev/null @@ -1,97 +0,0 @@ -.. _howto/content/add-data: - -============================= -Adding data to the JupyterHub -============================= - -This section covers how to add data to your JupyterHub either from the internet -or from your own machine. To learn how to **share data** that is already -on your JupyterHub, see :ref:`howto/content/share-data`. - -.. note:: - - When you add data using the methods on this page, you will **only add it - to your user directory**. This is not a place that is accessible to others. - For information on sharing this data with users on the JupyterHub, see - :ref:`howto/content/share-data`. - -Adding data from your local machine -=================================== - -The easiest way to add data to your JupyterHub is to use the "Upload" user -interface. To do so, follow these steps: - -#. First, navigate to the Jupyter Notebook interface home page. You can do this - by going to the URL ``/user//tree``. -#. Click the "Upload" button to open the file chooser window. - - .. image:: ../../images/content/upload-button.png - :alt: The upload button in Jupyter. -#. Choose the file you wish to upload. You may select multiple files if you - wish. -#. Click "Upload" for each file that you wish to upload. - - .. image:: ../../images/content/file-upload-buttons.png - :alt: Multiple file upload buttons. -#. Wait for the progress bar to finish for each file. These files will now - be on your JupyterHub, your home user's home directory. - -To learn how to **share** this data with new users on the JupyterHub, -see :ref:`howto/content/share-data`. - -Downloading data from the command line -====================================== - -If the data of interest is on the internet, you may also use code in order -to download it to your JupyterHub. There are several ways of doing this, so -we'll cover the simplest approach using the unix tool ``wget``. - -#. Log in to your JupyterHub and open a terminal window. - - .. image:: ../../images/notebook/new-terminal-button.png - :alt: New terminal button. - -#. Use ``wget`` to download the file to your current directory in the terminal. - - .. code-block:: bash - - wget - -Example: Downloading the `gapminder `_ dataset. ---------------------------------------------------------------------------- - -In this example we'll download the `gapminder `_ -dataset, which contains information about country GDP and live expectancy over -time. You can download it from your browser `at this link `_. - -#. Log in to your JupyterHub and open a terminal window. - - .. image:: ../../images/notebook/new-terminal-button.png - :alt: New terminal button. - -#. Use ``wget`` to download the gapminder dataset to your current directory in - the terminal. - - .. code-block:: bash - - wget https://swcarpentry.github.io/python-novice-gapminder/files/python-novice-gapminder-data.zip - -#. This is a **zip** file, so we'll need to download a unix tool called "unzip" - in order to unzip it. - - .. code-block:: bash - - sudo apt install unzip - -#. Finally, unzip the file: - - .. code-block:: bash - - unzip python-novice-gapminder-data.zip - -#. Confirm that your data was unzipped. It could be in a folder called ``data/``. - -To learn how to **share** this data with new users on the JupyterHub, -see :ref:`howto/content/share-data`. - -.. TODO: Downloading data with the "download" module in Python? https://github.com/choldgraf/download diff --git a/docs/howto/content/nbgitpuller.md b/docs/howto/content/nbgitpuller.md new file mode 100644 index 0000000..e190bb2 --- /dev/null +++ b/docs/howto/content/nbgitpuller.md @@ -0,0 +1,59 @@ +(howto-content-nbgitpuller)= + +# Distributing materials to users with nbgitpuller + +## Goal + +A very common need when using JupyterHub is to easily +distribute study materials / lab notebooks to students. + +Students should be able to: + +1. Easily get the latest version of materials, including any updates the instructor + has made to materials the student already has a copy of. +2. Be confident they won't lose any of their work. If an instructor has modified + something the student has also modified, the student's modification should + never be overwritten. +3. Not have to deal with manual merge conflicts or other complex operations. + +Instructors should be able to: + +1. Use modern collaborative version control tools to author & store their + materials. This currently means using Git. + +**nbgitpuller** is a Jupyter server extension that helps achieve these goals. +This tutorial will walk you through the process of creating a magic +nbgitpuller link that users of your JupyterHub can click to fetch the latest +version of materials from a git repo. + +## Pre-requisites + +1. A JupyterHub set up with The Littlest JupyterHub +2. A git repository containing materials to distribute + +## Step 1: Generate nbgitpuller link + +The quickest way to generate a link is to use [nbgitpuller.link](https://jupyterhub.github.io/nbgitpuller/link.html), but other options exist as described in the +[nbgitpuller project's documentation](https://jupyterhub.github.io/nbgitpuller/use.html). + +## Step 2: Users click on the nbgitpuller link + +1. Send the link to your users in some way - email, slack, post a + shortened version (with [bit.ly](https://bit.ly) maybe) on the wall, or + put it on your syllabus page (like [UC Berkeley's data8 does](http://data8.org/sp18/)). + Whatever works for you :) + +2. When users click the link, they will be asked to log in to the hub + if they have not already. + +3. Users will see a progress bar as the git repository is fetched & any + automatic merging required is performed. + + ```{image} ../../images/nbgitpuller/pull-progress.png + :alt: Progress bar with git repository being pulled + ``` + +4. Users will now be redirected to the notebook specified in the URL! + +This workflow lets users land directly in the notebook you specified +without having to understand much about git or the JupyterHub interface. diff --git a/docs/howto/content/nbgitpuller.rst b/docs/howto/content/nbgitpuller.rst deleted file mode 100644 index 152fd55..0000000 --- a/docs/howto/content/nbgitpuller.rst +++ /dev/null @@ -1,138 +0,0 @@ -.. _howto/content/nbgitpuller: - -================================================ -Distributing materials to users with nbgitpuller -================================================ - -Goal -==== - -A very common need when using JupyterHub is to easily -distribute study materials / lab notebooks to students. - -Students should be able to: - -1. Easily get the latest version of materials, including any updates the instructor - has made to materials the student already has a copy of. -2. Be confident they won't lose any of their work. If an instructor has modified - something the student has also modified, the student's modification should - never be overwritten. -3. Not have to deal with manual merge conflicts or other complex operations. - -Instructors should be able to: - -1. Use modern collaborative version control tools to author & store their - materials. This currently means using Git. - -**nbgitpuller** is a Jupyter Notebook extension that helps achieve these goals. -This tutorial will walk you through the process of creating a magic -nbgitpuller link that users of your JupyterHub can click to fetch the latest -version of materials from a git repo. - -Pre-requisites -============== - -1. A JupyterHub set up with The Littlest JupyterHub -2. A git repository containing materials to distribute - -Step 1: Generate nbgitpuller link -================================= - -**Generate the link with a Binder app**. - -#. The easiest way to generate an nbgitpuller link is to use the - `mybinder.org based application `_. - Open it, and wait for it to load. - - .. image:: ../../images/nbgitpuller/binder-progress.png - :alt: Progress bar as the binder application loads - -#. A blank form with some help text will open up. - - .. image:: ../../images/nbgitpuller/blank-application.png - :alt: Blank application to make nbgitpuller links - -#. Enter the IP address or URL to your JupyterHub under ``hub_url``. - Include ``http://`` or ``https://`` as appropriate. - - .. image:: ../../images/nbgitpuller/hub-url-application.png - :alt: Application with hub_url filled out - -#. Enter the URL to your Git repository. This could be from GitHub, - GitLab or any other git provider - including the disk of the - server The Littlest JupyterHub is installed on. As you start - typing the URL here, you'll notice that the link is already - being printed below! - - .. image:: ../../images/nbgitpuller/git-url-application.png - :alt: Application with git_url filled out - -#. If your git repository is using a non-default branch name, - you can specify that under ``branch``. Most people do not - need to customize this. - -#. If you want to open a specific notebook when the user clicks - on the link, specify the path to the notebook under ``filepath``. - Make sure this file exists, otherwise users will get a 'File not found' - error. - - .. image:: ../../images/nbgitpuller/filepath-application.png - :alt: Application with filepath filled out - - If you do not specify a file path, the user will be shown the - directory listing for the repository. - -#. By default, notebooks will be opened in the classic Jupyter Notebook - interface. You can select ``lab`` under ``application`` to open it in the - `JupyterLab `_ instead. - -The link printed at the bottom of the form can be distributed to students -now! You can also click it to test that it is working as intended, -and adjust the form values until you get something you are happy with. - -**Hand-craft your nbgitpuller link** - -If you'd prefer to hand-craft your ``nbgitpuller`` link (e.g. if the Binder -link above doesn't work), you can use the following pattern:: - - http:///hub/user-redirect/git-pull?repo=&branch=&subPath=&app= - -- **repo** is the URL of the git repository you want to clone. This parameter is required. -- **branch** is the branch name to use when cloning from the repository. - This parameter is optional and defaults to ``master``. -- **subPath** is the path of the directory / notebook inside the repo to launch after cloning. - This parameter is optional, and defaults to opening the base directory of the linked Git repository. -- **app** This parameter is optional and defaults to either the environment variable - `NBGITPULLER_APP`'s value or `notebook` if it is undefined. The allowed values - are `lab` and `notebook`, the value will determine in what application view - you end up in. -- **urlPath** will, if specified, override `app` and `subPath` and redirect - blindly to the specified path. - -Step 2: Users click on the nbgitpuller link -=========================================== - -#. Send the link to your users in some way - email, slack, post a - shortened version (with `bit.ly `_ maybe) on the wall, or - put it on your syllabus page (like `UC Berkeley's data8 does `_). - Whatever works for you :) - -#. When users click the link, they will be asked to log in to the hub - if they have not already. - -#. Users will see a progress bar as the git repository is fetched & any - automatic merging required is performed. - - .. image:: ../../images/nbgitpuller/pull-progress.png - :alt: Progress bar with git repository being pulled - -#. Users will now be redirected to the notebook specified in the URL! - -This workflow lets users land directly in the notebook you specified -without having to understand much about git or the JupyterHub interface. - -Advanced: hand-crafting an nbgitpuller link -=========================================== - -For information on hand-crafting an ``nbgitpuller`` link, see -`the nbgitpuller README `_. diff --git a/docs/howto/content/share-data.md b/docs/howto/content/share-data.md new file mode 100644 index 0000000..27ffd1b --- /dev/null +++ b/docs/howto/content/share-data.md @@ -0,0 +1,137 @@ +(howto-content-share-data)= + +# Share data with your users + +There are a few options for sharing data with your users, this page covers +a few useful patterns. + +## Option 1: Distributing data with `nbgitpuller` + +For small datasets, the simplest way to share data with your users is via +`nbgitpuller` links. In this case, users click on your link and the dataset +contained in the link's target repository is downloaded to the user's home +directory. Note that a copy of the dataset will be made for each user. + +For information on creating and sharing `nbgitpuller` links, see +[](/howto/content/nbgitpuller). + +## Option 2: Create a read-only shared folder for data + +If your data is large or you don't want copies of it to exist, you can create +a read-only shared folder that users have access to. To do this, follow these +steps: + +1. **Log** in to your JupyterHub as an **administrator user**. + +2. **Create a terminal session** with your JupyterHub interface. + + ```{image} ../../images/notebook/new-terminal-button.png + :alt: New terminal button. + ``` + +3. **Create a folder** where your data will live. We recommend placing shared + data in `/srv`. The following command creates two folders (`/srv/data` and + `/srv/data/my_shared_data_folder`). + + ```bash + sudo mkdir -p /srv/data/my_shared_data_folder + ``` + +4. **Download the data** into this folder. See [](/howto/content/add-data) for + details on how to do this. + +5. All users now have read access to the data in this folder. + +### Add a link to the shared folder in the user home directory + +Optionally, you may also **create a symbolic link to the shared data folder** +that you created above in each **new user's** home directory. + +To do this, you can use the server's **user skeleton directory** (`/etc/skel`). +Anything that is placed in this directory will also +show up in a new user's home directory. + +To create a link to the shared folder in the user skeleton directory, +follow these steps: + +1. `cd` into the skeleton directory: + + ```bash + cd /etc/skel + ``` + +2. **Create a symbolic link** to the data folder + + ```bash + sudo ln -s /srv/data/my_shared_data_folder my_shared_data_folder + ``` + +3. **Confirm that this worked** by logging in as a new user. You can do this + by opening a new "incognito" browser window and accessing your JupyterHub. + After you log in as a **new user**, the folder should appear in your new + user home directory. + +From now on, when a new user account is created, their home directory will +have this symbolic link (and any other files in `/etc/skel`) in their home +directory. This will have **no effect on the directories of existing +users**. + +## Option 3: Create a directory for users to share Notebooks and other files + +You may want a place for users to share files with each other rather than +only having administrators share files with users (Option 2). In this +configuration, any user can put files into `/srv/scratch` that other users +can read. However, only the user that created the file can edit the file. + +One way for users to share or "publish" Notebooks in a JupyterHub environment +is to create a shared directory. Any user can create files in the directory, +but only the creator may edit that file afterwards. + +For instance, in a Hub with three users, User A develops a Notebook in their +`/home` directory. When it is ready to share, User A copies it to the +`shared` directory. At that time, User B and User C can see User A's +Notebook and run it themselves (or view it in a Dashboard layout +such as `voila` or `panel` if that is running in the Hub), but User B +and User C cannot edit the Notebook. Only User A can make changes. + +1. **Log** in to your JupyterHub as an **administrator user**. + +2. **Create a terminal session** with your JupyterHub interface. + + ```{image} ../../images/notebook/new-terminal-button.png + :alt: New terminal button. + ``` + +3. **Create a folder** where your data will live. We recommend placing shared + data in `/srv`. The following command creates a directory `/srv/scratch` + + ```bash + sudo mkdir -p /srv/scratch + ``` + +4. **Change group ownership** of the new folder + + ```bash + sudo chown root:jupyterhub-users /srv/scratch + ``` + +5. **Change default permissions to use group**. The default permissions for new + sub-directories uses the global umask (`drwxr-sr-x`), the `chmod g+s` tells + new files to use the default permissions for the group `jupyterhub-users` + (`rw-r--r--`) + + ```bash + sudo chmod 777 /srv/scratch + sudo chmod g+s /srv/scratch + ``` + +6. **Create a symbolic link** to the scratch folder in users home directories + + ```bash + sudo ln -s /srv/scratch /etc/skel/scratch + ``` + +:::{note} +The TLJH Plugin at installs `voila` and sets up the directories as specified above. +Include `--plugin git+https://github.com/kafonek/tljh-shared-directory` in your deployment startup script to install it. +::: diff --git a/docs/howto/content/share-data.rst b/docs/howto/content/share-data.rst deleted file mode 100644 index 16d1b55..0000000 --- a/docs/howto/content/share-data.rst +++ /dev/null @@ -1,139 +0,0 @@ -.. _howto/content/share-data: - -========================== -Share data with your users -========================== - -There are a few options for sharing data with your users, this page covers -a few useful patterns. - -Option 1: Distributing data with `nbgitpuller` -============================================== - -For small datasets, the simplest way to share data with your users is via -``nbgitpuller`` links. In this case, users click on your link and the dataset -contained in the link's target repository is downloaded to the user's home -directory. Note that a copy of the dataset will be made for each user. - -For information on creating and sharing ``nbgitpuller`` links, see -:ref:`howto/content/nbgitpuller`. - -Option 2: Create a read-only shared folder for data -=================================================== - -If your data is large or you don't want copies of it to exist, you can create -a read-only shared folder that users have access to. To do this, follow these -steps: - -#. **Log** in to your JupyterHub as an **administrator user**. - -#. **Create a terminal session** with your JupyterHub interface. - - .. image:: ../../images/notebook/new-terminal-button.png - :alt: New terminal button. -#. **Create a folder** where your data will live. We recommend placing shared - data in ``/srv``. The following command creates two folders (``/srv/data`` and - ``/srv/data/my_shared_data_folder``). - - .. code-block:: bash - - sudo mkdir -p /srv/data/my_shared_data_folder - -#. **Download the data** into this folder. See :ref:`howto/content/add-data` for - details on how to do this. - -#. All users now have read access to the data in this folder. - -Add a link to the shared folder in the user home directory ----------------------------------------------------------- - -Optionally, you may also **create a symbolic link to the shared data folder** -that you created above in each **new user's** home directory. - -To do this, you can use the server's **user skeleton directory** (``/etc/skel``). -Anything that is placed in this directory will also -show up in a new user's home directory. - -To create a link to the shared folder in the user skeleton directory, -follow these steps: - -#. ``cd`` into the skeleton directory: - - .. code-block:: bash - - cd /etc/skel - -#. **Create a symbolic link** to the data folder - - .. code-block:: bash - - sudo ln -s /srv/data/my_shared_data_folder my_shared_data_folder - -#. **Confirm that this worked** by logging in as a new user. You can do this - by opening a new "incognito" browser window and accessing your JupyterHub. - After you log in as a **new user**, the folder should appear in your new - user home directory. - -From now on, when a new user account is created, their home directory will -have this symbolic link (and any other files in ``/etc/skel``) in their home -directory. This will have **no effect on the directories of existing -users**. - -Option 3: Create a directory for users to share Notebooks and other files -========================================================================= - -You may want a place for users to share files with each other rather than -only having administrators share files with users (Option 2). In this -configuration, any user can put files into ``/srv/scratch`` that other users -can read. However, only the user that created the file can edit the file. - -One way for users to share or "publish" Notebooks in a JupyterHub environment -is to create a shared directory. Any user can create files in the directory, -but only the creator may edit that file afterwards. - -For instance, in a Hub with three users, User A develops a Notebook in their -``/home`` directory. When it is ready to share, User A copies it to the -`shared` directory. At that time, User B and User C can see User A's -Notebook and run it themselves (or view it in a Dashboard layout -such as ``voila`` or ``panel`` if that is running in the Hub), but User B -and User C cannot edit the Notebook. Only User A can make changes. - -#. **Log** in to your JupyterHub as an **administrator user**. - -#. **Create a terminal session** with your JupyterHub interface. - - .. image:: ../../images/notebook/new-terminal-button.png - :alt: New terminal button. - -#. **Create a folder** where your data will live. We recommend placing shared - data in ``/srv``. The following command creates a directory ``/srv/scratch`` - - .. code-block:: bash - - sudo mkdir -p /srv/scratch - -#. **Change group ownership** of the new folder - - .. code-block:: bash - - sudo chown root:jupyterhub-users /srv/scratch - -#. **Change default permissions to use group**. The default permissions for new - sub-directories uses the global umask (``drwxr-sr-x``), the ``chmod g+s`` tells - new files to use the default permissions for the group ``jupyterhub-users`` - (``rw-r--r--``) - - .. code-block:: bash - - sudo chmod 777 /srv/scratch - sudo chmod g+s /srv/scratch - -#. **Create a symbolic link** to the scratch folder in users home directories - - .. code-block:: bash - - sudo ln -s /srv/scratch /etc/skel/scratch - -.. note:: - The TLJH Plugin at https://github.com/kafonek/tljh-shared-directory installs ``voila`` and sets up the directories as specified above. - Include ``--plugin git+https://github.com/kafonek/tljh-shared-directory`` in your deployment startup script to install it. diff --git a/docs/howto/env/notebook-interfaces.rst b/docs/howto/env/notebook-interfaces.rst deleted file mode 100644 index a5a780a..0000000 --- a/docs/howto/env/notebook-interfaces.rst +++ /dev/null @@ -1,56 +0,0 @@ -.. _howto/env/notebook_interfaces: - -======================================= -Change default User Interface for users -======================================= - -By default, logging into TLJH puts you in the classic Jupyter Notebook interface -we all know and love. However, there are at least two other popular notebook -interfaces you can use: - -1. `JupyterLab `_ -2. `nteract `_ - -Both these interfaces are also shipped with tljh by default. You can try them -temporarily, or set them to be the default interface whenever you login. - -Trying an alternate interface temporarily -========================================= - -When you log in & start your server, by default the URL in your browser -will be something like ``/user//tree``. The ``/tree`` is what tells -the notebook server to give you the classic notebook interface. - -* **For the JupyterLab interface**: change ``/tree`` to ``/lab``. -* **For the nteract interface**: change ``/tree`` to ``/nteract`` - -You can play around with them and see what fits your use cases best. - -Changing the default user interface -=================================== - -You can change the default interface users get when they log in by modifying -``config.yaml`` as an admin user. - -#. To launch **JupyterLab** when users log in, run the following in an admin console: - - .. code-block:: yaml - - sudo tljh-config set user_environment.default_app jupyterlab - -#. Alternatively, to launch **nteract** when users log in, run the following in the admin console: - - .. code-block:: yaml - - sudo tljh-config set user_environment.default_app nteract - -#. Apply the changes by restarting JupyterHub. This should not disrupt current users. - - .. code-block:: yaml - - sudo tljh-config reload hub - - If this causes problems, check the :ref:`troubleshoot_logs_jupyterhub` for clues - on what went wrong. - -Users might have to restart their servers from control panel to get the new interface. diff --git a/docs/howto/env/server-resources.rst b/docs/howto/env/server-resources.rst deleted file mode 100644 index 1295672..0000000 --- a/docs/howto/env/server-resources.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. _howto/env/server-resources: - -====================================== -Configure resources available to users -====================================== - -To configure the resources that are available to your users (such as RAM, CPU -and Disk Space), see the section :ref:`tljh-set-user-limits`. For information -on **resizing** the environment available to users *after* you've created your -JupyterHub, see :ref:`howto/admin/resize`. diff --git a/docs/howto/env/user-environment.rst b/docs/howto/env/user-environment.rst deleted file mode 100644 index 5ea9fcb..0000000 --- a/docs/howto/env/user-environment.rst +++ /dev/null @@ -1,209 +0,0 @@ -.. _howto/env/user_environment: - -================================== -Install conda, pip or apt packages -================================== - -:abbr:`TLJH (The Littlest JupyterHub)` starts all users in the same `conda `_ -environment. Packages / libraries installed in this environment are available -to all users on the JupyterHub. Users with :ref:`admin rights ` can install packages -easily. - -.. _howto/env/user_environment_pip: - -Installing pip packages -======================= - -`pip `_ is the recommended tool for installing packages -in Python from the `Python Packaging Index (PyPI) `_. PyPI has -almost 145,000 packages in it right now, so a lot of what you need is going to be there! - -1. Log in as an admin user and open a Terminal in your Jupyter Notebook. - - .. image:: ../../images/notebook/new-terminal-button.png - :alt: New Terminal button under New menu - - If you already have a terminal open as an admin user, that should work too! - -2. Install a package! - - .. code-block:: bash - - sudo -E pip install numpy - - This installs the ``numpy`` library from PyPI and makes it available - to all users. - - .. note:: - - If you get an error message like ``sudo: pip: command not found``, - make sure you are not missing the ``-E`` parameter after ``sudo``. - -.. _howto/env/user_environment_conda: - -Installing conda packages -========================= - -Conda lets you install new languages (such as new versions of python, node, R, etc) -as well as packages in those languages. For lots of scientific software, installing -with conda is often simpler & easier than installing with pip - especially if it -links to C / Fortran code. - -We recommend installing packages from `conda-forge `_, -a community maintained repository of conda packages. - -1. Log in as an admin user and open a Terminal in your Jupyter Notebook. - - .. image:: ../../images/notebook/new-terminal-button.png - :alt: New Terminal button under New menu - - If you already have a terminal open as an admin user, that should work too! - -2. Install a package! - - .. code-block:: bash - - sudo -E conda install -c conda-forge gdal - - This installs the ``gdal`` library from ``conda-forge`` and makes it available - to all users. ``gdal`` is much harder to install with pip. - - .. note:: - - If you get an error message like ``sudo: conda: command not found``, - make sure you are not missing the ``-E`` parameter after ``sudo``. - -.. _howto/env/user_environment_apt: - -Installing apt packages -======================= - -`apt `_ is the official package -manager for the `Ubuntu Linux distribution `_. You can install -utilities (such as ``vim``, ``sl``, ``htop``, etc), servers (``postgres``, ``mysql``, ``nginx``, etc) -and a lot more languages than present in ``conda`` (``haskell``, ``prolog``, ``INTERCAL``). -Some third party software (such as `RStudio `_) -is distributed as ``.deb`` files, which are the files ``apt`` uses to install software. - -You can search for packages with `Ubuntu Package search `_ - -make sure to look in the version of Ubuntu you are using! - -1. Log in as an admin user and open a Terminal in your Jupyter Notebook. - - .. image:: ../../images/notebook/new-terminal-button.png - :alt: New Terminal button under New menu - - If you already have a terminal open as an admin user, that should work too! - -2. Update list of packages available. This makes sure you get the latest version of - the packages possible from the repositories. - - .. code-block:: bash - - sudo apt update - -3. Install the packages you want. - - .. code-block:: bash - - sudo apt install mysql-server git - - This installs (and starts) a ``MySQL `` database server - and ``git``. - - -User environment location -========================= - -The user environment is a conda environment set up in ``/opt/tljh/user``, with -a Python3 kernel as the default. It is readable by all users, but writeable only -by users who have root access. This makes it possible for JupyterHub admins (who have -root access with ``sudo``) to install software in the user environment easily. - -Accessing user environment outside JupyterHub -============================================= - -We add ``/opt/tljh/user/bin`` to the ``$PATH`` environment variable for all JupyterHub -users, so everything installed in the user environment is available to them automatically. -If you are using ``ssh`` to access your server instead, you can get access to the same -environment with: - -.. code-block:: bash - - export PATH=/opt/tljh/user/bin:${PATH} - -Whenever you run any command now, the user environment will be searched first before -your system environment is. So if you run ``python3 ``, it'll use the ``python3`` -installed in the user environment (``/opt/tljh/user/bin/python3``) rather than the ``python3`` -installed in your system environment (``/usr/bin/python3``). This is usually what you want! - -To make this change 'stick', you can add the line to the end of the ``.bashrc`` file in -your home directory. - -When using ``sudo``, the ``PATH`` environment variable is usually reset, for security -reasons. This leads to error messages like: - -.. code-block:: console - - $ sudo conda install -c conda-forge gdal - sudo: conda: command not found - -The most common & portable way to fix this when using ``ssh`` is: - -.. code-block:: bash - - sudo PATH=${PATH} conda install -c conda-forge gdal - - -Upgrade to a newer Python version -================================= - -All new TLJH installs use miniconda 4.7.10, which comes with a Python 3.7 -environment for the users. The previously TLJH installs came with miniconda 4.5.4, -which meant a Python 3.6 environment. - -To upgrade the Python version of the user environment, one can: - -* **Start fresh on a machine that doesn't have TLJH already installed.** - - See the :ref:`installation guide ` section about how to install TLJH. - -* **Upgrade Python manually.** - - Because upgrading Python for existing installs can break packages alaredy installed - under the old Python, upgrading your current TLJH installation, will NOT upgrade - the Python version of the user environment, but you may do so manually. - - **Steps:** - - 1. Activate the user environment, if using ssh. - If the terminal was started with JupyterHub, this step can be skipped: - - .. code-block:: bash - - source /opt/tljh/user/bin/activate - - 2. Get the list of currently installed pip packages (so you can later install them under the - new Python): - - .. code-block:: bash - - pip freeze > pip_pkgs.txt - - 3. Update all conda installed packages in the environment: - - .. code-block:: bash - - sudo PATH=${PATH} conda update --all - - 4. Update Python version: - - .. code-block:: bash - - sudo PATH=${PATH} conda install python=3.7 - - 5. Install the pip packages previously saved: - - .. code-block:: bash - - pip install -r pip_pkgs.txt diff --git a/docs/howto/index.md b/docs/howto/index.md new file mode 100644 index 0000000..7b28885 --- /dev/null +++ b/docs/howto/index.md @@ -0,0 +1,71 @@ +# How-To Guides + +How-To guides answer the question 'How do I...?' for a lot of topics. + +## Content and data + +```{toctree} +:caption: Content and data +:titlesonly: true + +content/nbgitpuller +content/add-data +content/share-data +``` + +## The user environment + +```{toctree} +:caption: The user environment +:titlesonly: true + +user-env/user-environment +user-env/notebook-interfaces +user-env/server-resources +user-env/override-lab-settings +``` + +## Authentication + +We have a special set of How-To Guides on using various forms of authentication +with your JupyterHub. For more information on Authentication, see +[](/topic/authenticator-configuration) + +```{toctree} +:caption: Authentication +:titlesonly: true + +auth/dummy +auth/github +auth/google +auth/awscognito +auth/firstuse +auth/nativeauth +``` + +## Administration and security + +```{toctree} +:caption: Administration and security +:titlesonly: true + +admin/admin-users +admin/resource-estimation +admin/resize +admin/nbresuse +admin/https +admin/enable-extensions +admin/systemd +admin/upgrade-tljh +``` + +## Cloud provider configuration + +```{toctree} +:caption: Cloud provider configuration +:titlesonly: true + +providers/digitalocean +providers/azure +providers/google +``` diff --git a/docs/howto/index.rst b/docs/howto/index.rst deleted file mode 100644 index 610d582..0000000 --- a/docs/howto/index.rst +++ /dev/null @@ -1,68 +0,0 @@ -How-To Guides -============= - -How-To guides answer the question 'How do I...?' for a lot of topics. - -Content and data ----------------- - -.. toctree:: - :titlesonly: - :caption: Content and data - - content/nbgitpuller - content/add-data - content/share-data - -The user environment --------------------- - -.. toctree:: - :titlesonly: - :caption: The user environment - - env/user-environment - env/notebook-interfaces - env/server-resources - -Authentication --------------- - -We have a special set of How-To Guides on using various forms of authentication -with your JupyterHub. For more information on Authentication, see -:ref:`topic/authenticator-configuration` - -.. toctree:: - :titlesonly: - - auth/dummy - auth/github - auth/google - auth/awscognito - auth/firstuse - auth/nativeauth - -Administration and security ---------------------------- - -.. toctree:: - :titlesonly: - :caption: Administration and security - - admin/admin-users - admin/resource-estimation - admin/resize - admin/nbresuse - admin/https - admin/enable-extensions - admin/systemd - -Cloud provider configuration ----------------------------- - -.. toctree:: - :titlesonly: - :caption: Cloud provider configuration - - providers/digitalocean - providers/azure diff --git a/docs/howto/providers/azure.md b/docs/howto/providers/azure.md new file mode 100644 index 0000000..fd43015 --- /dev/null +++ b/docs/howto/providers/azure.md @@ -0,0 +1,38 @@ +(howto-providers-azure)= + +# Perform common Microsoft Azure configuration tasks + +This page lists various common tasks you can perform on your +[Microsoft Azure virtual machine](https://azure.microsoft.com/services/virtual-machines/?WT.mc_id=TLJH-github-taallard). + +(howto-providers-azure-resize)= + +## Deleting or stopping your virtual machine + +After you have finished using your TLJH you might wanto to either Stop or completely delete the Virtual Machine to avoid incurring in subsequent costs. + +The difference between these two approaches is that **Stop** will keep the VM resources (e.g. storage and network) but will effectively stop any compute / runtime activities. + +If you choose to delete the VM then all the resources associated with it will be wiped out. + +To do either of this: + +- Go to "Virtual Machines" on the left hand panel + +- Click on your machine name + +- Click on "Stop" to stop the machine temporarily, or "Delete" to delete it permanently. + + ```{image} ../../images/providers/azure/delete-vm.png + :alt: Delete vm + ``` + +:::{note} +It is important to mention that even if you stop the machine you will still be charged for the use of the data disk. +::: + +If you no longer need any of your resources you can delete the entire resource group. + +- Go to "Reosurce groups" on the left hand panel +- Click on your resource group +- Click on "Delete resource group" you will then be asked to confirm the operation. This operation will take between 5 and 10 minutes. diff --git a/docs/howto/providers/azure.rst b/docs/howto/providers/azure.rst deleted file mode 100644 index fab16a8..0000000 --- a/docs/howto/providers/azure.rst +++ /dev/null @@ -1,36 +0,0 @@ -.. _howto/providers/azure: - -================================================== -Perform common Microsoft Azure configuration tasks -================================================== - -This page lists various common tasks you can perform on your -`Microsoft Azure virtual machine `_. - -.. _howto/providers/azure/resize: - -Deleting or stopping your virtual machine -=========================================== - -After you have finished using your TLJH you might wanto to either Stop or completely delete the Virtual Machine to avoid incurring in subsequent costs. - -The difference between these two approaches is that **Stop** will keep the VM resources (e.g. storage and network) but will effectively stop any compute / runtime activities. - -If you choose to delete the VM then all the resources associated with it will be wiped out. - -To do either of this: - -* Go to "Virtual Machines" on the left hand panel -* Click on your machine name -* Click on "Stop" to stop the machine temporarily, or "Delete" to delete it permanently. - - .. image:: ../../images/providers/azure/delete-vm.png - :alt: Delete vm - -.. note:: It is important to mention that even if you stop the machine you will still be charged for the use of the data disk. - -If you no longer need any of your resources you can delete the entire resource group. - -* Go to "Reosurce groups" on the left hand panel -* Click on your resource group -* Click on "Delete resource group" you will then be asked to confirm the operation. This operation will take between 5 and 10 minutes. diff --git a/docs/howto/providers/digitalocean.md b/docs/howto/providers/digitalocean.md new file mode 100644 index 0000000..1630096 --- /dev/null +++ b/docs/howto/providers/digitalocean.md @@ -0,0 +1,42 @@ +(howto-providers-digitalocean)= + +# Perform common Digital Ocean configuration tasks + +This page lists various common tasks you can perform on your +Digital Ocean virtual machine. + +(howto-providers-digitalocean-resize)= + +## Resizing your droplet + +As you use your JupyterHub, you may find that you need more memory, +disk space, or CPUs. Digital Ocean servers can be resized in the +"Resize Droplet" panel. These instructions take you through the process. + +1. First, click on the name of your newly-created + Droplet to enter its configuration page. + +2. Next, **turn off your Droplet**. This allows DigitalOcean to make + modifications to your VM. This will shut down your JupyterHub (temporarily). + + ```{image} ../../images/providers/digitalocean/power-off.png + :alt: Power off your Droplet + :width: 200px + ``` + +3. Once your Droplet has been turned off, click "Resize", + which will take you to a menu with options to resize your VM. + + ```{image} ../../images/providers/digitalocean/resize-droplet.png + :alt: Resize panel of digital ocean + ``` + +4. Decide what kinds of resources you'd like to resize, then click on a new VM + type in the list below. Finally, click "Resize". This may take a few moments! + +5. Once your Droplet is resized, **turn your Droplet back on**. This makes your JupyterHub + available to the world once again. This will take a few moments to complete. + +Now that you've resized your Droplet, you may want to change the resources available +to your users. Further information on making more resources available to +users and verifying resource availability can be found in [](/howto/admin/resize). diff --git a/docs/howto/providers/digitalocean.rst b/docs/howto/providers/digitalocean.rst deleted file mode 100644 index f3fcf30..0000000 --- a/docs/howto/providers/digitalocean.rst +++ /dev/null @@ -1,43 +0,0 @@ -.. _howto/providers/digitalocean: - -================================================ -Perform common Digital Ocean configuration tasks -================================================ - -This page lists various common tasks you can perform on your -Digital Ocean virtual machine. - -.. _howto/providers/digitalocean/resize: - -Resizing your droplet -===================== - -As you use your JupyterHub, you may find that you need more memory, -disk space, or CPUs. Digital Ocean servers can be resized in the -"Resize Droplet" panel. These instructions take you through the process. - -#. First, click on the name of your newly-created - Droplet to enter its configuration page. - -#. Next, **turn off your Droplet**. This allows DigitalOcean to make - modifications to your VM. This will shut down your JupyterHub (temporarily). - - .. image:: ../../images/providers/digitalocean/power-off.png - :alt: Power off your Droplet - :width: 200px - -#. Once your Droplet has been turned off, click "Resize", - which will take you to a menu with options to resize your VM. - - .. image:: ../../images/providers/digitalocean/resize-droplet.png - :alt: Resize panel of digital ocean - -#. Decide what kinds of resources you'd like to resize, then click on a new VM - type in the list below. Finally, click "Resize". This may take a few moments! - -#. Once your Droplet is resized, **turn your Droplet back on**. This makes your JupyterHub - available to the world once again. This will take a few moments to complete. - -Now that you've resized your Droplet, you may want to change the resources available -to your users. Further information on making more resources available to -users and verifying resource availability can be found in :ref:`howto/admin/resize`. diff --git a/docs/howto/providers/google.md b/docs/howto/providers/google.md new file mode 100644 index 0000000..0d81e95 --- /dev/null +++ b/docs/howto/providers/google.md @@ -0,0 +1,63 @@ +(howto-providers-google)= + +# Perform common Google Cloud configuration tasks + +This page lists various common tasks you can perform on your +Google Cloud virtual machine. + +(howto-providers-google-resize-disk)= + +## Increasing your boot disk size + +Boot disks contain the operating system and boot loader for your TLJH instance. If you followed +the [Google Cloud TLJH installation instructions](#install-google) then you created a virtual machine +with one disk: a boot disk that will _also_ be used to hold user data in your hub. For various reasons +you may need to change your boot disk size. + +Google Cloud Compute Engine supports _increasing_ (but not _decreasing_) the size of existing disks. +If you selected a boot disk with a supported version of **Ubuntu** or **Debian** as the operating +system, then your boot disk can be resized easily from the console with these steps. + +:::{note} +Google Cloud resizes the root partition and file system for _boot_ disks with _public_ images +(such as the TLJH supported **Ubuntu** and **Debian** images) automatically after your increase +the size of your disk. If you have any other _non-boot_ disks attached to your instance, you +will need to perform extra steps yourself after resizing your disk. For more information on +this and other aspects of resizing persistent disks, see +[Google's documentation](https://cloud.google.com/compute/docs/disks/resize-persistent-disk). +::: + +1. Go to [Google Cloud Console -> Compute Engine -> VM instances](https://console.cloud.google.com/compute/instances) and select your TLJH instance. + +1. Scroll down until you find your boot disk and select it. + + ```{image} ../../images/providers/google/boot-disk-resize.png + :alt: Boot disk with Ubuntu jammy image + ``` + +1. Select **Edit** in the top menu. This may require selecting the kebab menu (the 3 vertical dots). + + ```{image} ../../images/providers/google/boot-disk-edit-button.png + :alt: Disk edit button + ``` + +1. Update the **Size** property and save the changes at the bottom of the page. + + ```{image} ../../images/providers/google/boot-disk-resize-properties.png + :alt: Boot disk size property + ``` + +1. Reboot the VM instance by logging into your TLJH, opening the terminal, and running `sudo reboot`. + You will lose your connection to the instance while it restarts. Once it comes back up, your disk + will reflect your changes. You can verify that the automatic resize of your root partition and + file system took place by running `df -h` in the terminal, which will show the size of the disk + mounted on `/`: + ```bash + $ df -h + Filesystem Size Used Avail Use% Mounted on + /dev/root 25G 6.9G 18G 28% / + tmpfs 2.0G 0 2.0G 0% /dev/shm + tmpfs 785M 956K 784M 1% /run + tmpfs 5.0M 0 5.0M 0% /run/lock + /dev/sda15 105M 6.1M 99M 6% /boot/efi + ``` diff --git a/docs/howto/user-env/notebook-interfaces.md b/docs/howto/user-env/notebook-interfaces.md new file mode 100644 index 0000000..8560b17 --- /dev/null +++ b/docs/howto/user-env/notebook-interfaces.md @@ -0,0 +1,55 @@ +(howto/user-env/notebook-interfaces)= + +# Change default user interface + +By default a user starting a server will see the JupyterLab interface. This can +be changed with TLJH config `user_environment.default_app` or with the +JupyterHub config +{external:py:attr}`jupyterhub.spawner.Spawner.default_url` directly. + +The TLJH config supports the options `jupyterlab` and `classic`, which +translates to a `Spawner.default_url` config of `/lab` and `/tree`. + +Both these interfaces are also shipped with TLJH by default. You can try them +temporarily, or set them to be the default interface whenever you login. + +## Trying an alternate interface temporarily + +When you log in and start your server, by default the URL in your browser will +be something like `/user//lab`. The `/lab` is what tells the jupyter +server to give you the JupyterLab user interface. + +As an example, you can update the URL to not end with `/lab`, but instead end +with `/tree` to temporarily switch to the classic interface. + +## Changing the default user interface using TLJH config + +You can change the default url, and therefore the interface users get when they +log in by modifying TLJH config as an admin user. + +1. To launch the classic notebook interface when users log in, run the + following in the admin console: + + ```bash + sudo tljh-config set user_environment.default_app classic + ``` + +1. To launch JupyterLab when users log in, run the following in an admin + console: + + ```bash + sudo tljh-config set user_environment.default_app jupyterlab + ``` + +1. Apply the changes by restarting JupyterHub. This should not disrupt + current users. + + ```bash + sudo tljh-config reload hub + ``` + + If this causes problems, check the [logs](#troubleshoot-logs-jupyterhub) for + clues on what went wrong. + +Users might have to restart their servers from control panel to get the +new interface. diff --git a/docs/howto/user-env/override-lab-settings.md b/docs/howto/user-env/override-lab-settings.md new file mode 100644 index 0000000..cba3703 --- /dev/null +++ b/docs/howto/user-env/override-lab-settings.md @@ -0,0 +1,121 @@ +(topic-override-lab-settings)= + +# Setting New Default JupyterLab Settings + +If you or other users of your hub tend to use JupyterLab as your default notebook app, +then you may want to override some of the default settings for the users of your hub. +You can do this by creating a file `/opt/tljh/user/share/jupyter/lab/settings/overrides.json` +with the necessary settings. + +This how-to guide will go through the necessary steps to set new defaults +for all users of your `TLJH` by example: setting the default theme to **JupyterLab Dark**. + +## Step 1: Change your Personal Settings + +The easiest way to set new default settings for all users starts with +configuring your own settings preferences to what you would like everyone else to have. + +1. Make sure you are in the [JupyterLab notebook interface](#howto/user-env/notebook-interfaces), + which will look something like `http(s):///user/ JupyterLab Dark**. + +## Step 2: Determine your Personal Settings Configuration + +To set **JupyterLab Dark** as the default theme for all users, we will need to create +a `json` formatted file with the setting override. Now that you have changed your +personal setting, you can use the **JSON Settings Editor** to get the relevant +setting snippet to add to the `overrides.json` file later. + +1. Go to **Settings -> Advanced Settings Editor** then select **JSON Settings Editor** on the right. + +1. Scroll down and select **Theme**. You should see the `json` formatted configuration: + + ```json + { + // Theme + // @jupyterlab/apputils-extension:themes + // Theme manager settings. + // ************************************* + + // Theme CSS Overrides + // Override theme CSS variables by setting key-value pairs here + "overrides": { + "code-font-family": null, + "code-font-size": null, + "content-font-family": null, + "content-font-size1": null, + "ui-font-family": null, + "ui-font-size1": null + }, + + // Selected Theme + // Application-level visual styling theme + "theme": "JupyterLab Dark", + + // Scrollbar Theming + // Enable/disable styling of the application scrollbars + "theme-scrollbars": false + } + ``` + +1. Determine the setting that you want to change. In this example it's the `theme` + setting of `@jupyterlab/apputils-extension:theme` as can be seen above. + +1. Build your `json` snippet. In this case, our snippet should look like this: + + ```json + { + "@jupyterlab/apputils-extension:themes": { + "theme": "JupyterLab Dark" + } + } + ``` + + We only want to change the **Selected Theme**, so we don't need to include + the other theme-related settings for CSS and the scrollbar. + + :::{note} + To apply overrides for more than one setting, separate each setting by commas. For example, + if you _also_ wanted to change the interval at which the notebook autosaves your content, you can use + + ```json + { + "@jupyterlab/apputils-extension:themes": { + "theme": "JupyterLab Dark" + }, + + "@jupyterlab/docmanager-extension:plugin": { + "autosaveInterval": 30 + } + } + ``` + + ::: + +## Step 3: Apply the Overrides to the Hub + +Once you have your setting snippet created, you can add it to the `overrides.json` file +so that it gets applied to all users. + +1. First, create the settings directory if it doesn't already exist: + + ```bash + sudo mkdir -p /opt/tljh/user/share/jupyter/lab/settings + ``` + +1. Use `nano` to create and add content to the `overrides.json` file: + + ```bash + sudo nano /opt/tljh/user/share/jupyter/lab/settings/overrides.json + ``` + +1. Copy and paste your snippet into the file and save. + +1. Reload your configuration: + ```bash + sudo tljh-config reload + ``` + +The new default settings should now be set for all users in your `TLJH` using the +JupyterLab notebook interface. diff --git a/docs/howto/user-env/server-resources.md b/docs/howto/user-env/server-resources.md new file mode 100644 index 0000000..906d49c --- /dev/null +++ b/docs/howto/user-env/server-resources.md @@ -0,0 +1,8 @@ +(howto/user-env/server-resources)= + +# Configure resources available to users + +To configure the resources that are available to your users (such as +RAM, CPU and Disk Space), see the section [](#tljh-set-user-limits). +For information on **resizing** the environment available to users _after_ you\'ve created +your JupyterHub, see [](#howto-admin-resize). diff --git a/docs/howto/user-env/user-environment.md b/docs/howto/user-env/user-environment.md new file mode 100644 index 0000000..74b7285 --- /dev/null +++ b/docs/howto/user-env/user-environment.md @@ -0,0 +1,214 @@ +(howto/user-env/user-environment)= + +# Install conda, pip or apt packages + +`TLJH (The Littlest JupyterHub)`{.interpreted-text role="abbr"} starts +all users in the same [conda](https://conda.io/docs/) environment. +Packages / libraries installed in this environment are available to all +users on the JupyterHub. Users with [admin rights](#howto-admin-admin-users) +can install packages easily. + +(howto/user-env/user-environment-pip)= + +## Installing pip packages + +[pip](https://pypi.org/project/pip/) is the recommended tool for +installing packages in Python from the [Python Packaging Index +(PyPI)](https://pypi.org/). PyPI has almost 145,000 packages in it right +now, so a lot of what you need is going to be there! + +1. Log in as an admin user and open a Terminal in your Jupyter + Notebook. + + ![New Terminal button under New menu](../../images/notebook/new-terminal-button.png) + + If you already have a terminal open as an admin user, that should + work too! + +2. Install a package! + + ```bash + sudo -E pip install numpy + ``` + + This installs the `numpy` library from PyPI and makes it available + to all users. + + :::{note} + If you get an error message like `sudo: pip: command not found`, + make sure you are not missing the `-E` parameter after `sudo`. + ::: + +(howto/user-env/user-environment-conda)= + +## Installing conda packages + +Conda lets you install new languages (such as new versions of python, +node, R, etc) as well as packages in those languages. For lots of +scientific software, installing with conda is often simpler & easier +than installing with pip - especially if it links to C / Fortran code. + +We recommend installing packages from +[conda-forge](https://conda-forge.org/), a community maintained +repository of conda packages. + +1. Log in as an admin user and open a Terminal in your Jupyter + Notebook. + + ![New Terminal button under New menu](../../images/notebook/new-terminal-button.png) + + If you already have a terminal open as an admin user, that should + work too! + +2. Install a package! + + ```bash + sudo -E conda install -c conda-forge gdal + ``` + + This installs the `gdal` library from `conda-forge` and makes it + available to all users. `gdal` is much harder to install with pip. + + :::{note} + If you get an error message like `sudo: conda: command not found`, + make sure you are not missing the `-E` parameter after `sudo`. + ::: + +(howto/user-env/user-environment-apt)= + +## Installing apt packages + +[apt](https://help.ubuntu.com/lts/serverguide/apt.html.en) is the +official package manager for the [Ubuntu Linux +distribution](https://www.ubuntu.com/). You can install utilities (such +as `vim`, `sl`, `htop`, etc), servers (`postgres`, `mysql`, `nginx`, +etc) and a lot more languages than present in `conda` (`haskell`, +`prolog`, `INTERCAL`). Some third party software (such as +[RStudio](https://www.rstudio.com/products/rstudio/download/)) is +distributed as `.deb` files, which are the files `apt` uses to install +software. + +You can search for packages with [Ubuntu Package +search](https://packages.ubuntu.com/) - make sure to look in the version +of Ubuntu you are using! + +1. Log in as an admin user and open a Terminal in your Jupyter + Notebook. + + ![New Terminal button under New menu](../../images/notebook/new-terminal-button.png) + + If you already have a terminal open as an admin user, that should + work too! + +2. Update list of packages available. This makes sure you get the + latest version of the packages possible from the repositories. + + ```bash + sudo apt update + ``` + +3. Install the packages you want. + + ```bash + sudo apt install mysql-server git + ``` + + This installs (and starts) a [MySQL](https://www.mysql.com/) + database server and `git`. + +## User environment location + +The user environment is a conda environment set up in `/opt/tljh/user`, +with a `python3` kernel as the default. It is readable by all users, but +writeable only by users who have root access. This makes it possible for +JupyterHub admins (who have root access with `sudo`) to install software +in the user environment easily. + +## Accessing user environment outside JupyterHub + +We add `/opt/tljh/user/bin` to the `$PATH` environment variable for all +JupyterHub users, so everything installed in the user environment is +available to them automatically. If you are using `ssh` to access your +server instead, you can get access to the same environment with: + +```bash +export PATH=/opt/tljh/user/bin:${PATH} +``` + +Whenever you run any command now, the user environment will be searched +first before your system environment is. So if you run +`python3 `, it\'ll use the `python3` installed in the user +environment (`/opt/tljh/user/bin/python3`) rather than the `python3` +installed in your system environment (`/usr/bin/python3`). This is +usually what you want! + +To make this change \'stick\', you can add the line to the end of the +`.bashrc` file in your home directory. + +When using `sudo`, the `$PATH` environment variable is usually reset, for +security reasons. This leads to error messages like: + +```bash +sudo conda install -c conda-forge gdal +sudo: conda: command not found +``` + +The most common & portable way to fix this when using `ssh` is: + +```bash +sudo PATH=${PATH} conda install -c conda-forge gdal +``` + +## Upgrade to a newer Python version + +All new TLJH installs use miniconda 4.7.10, which comes with a Python +3.7 environment for the users. The previously TLJH installs came with +miniconda 4.5.4, which meant a Python 3.6 environment. + +To upgrade the Python version of the user environment, one can: + +- **Start fresh on a machine that doesn\'t have TLJH already + installed.** + + See the [](#install-installing) section about how to install TLJH. + +- **Upgrade Python manually.** + + Because upgrading Python for existing installs can break packages + already installed under the old Python, upgrading your current TLJH + installation, will NOT upgrade the Python version of the user + environment, but you may do so manually. + + **Steps:** + + 1. Activate the user environment, if using ssh. If the terminal was + started with JupyterHub, this step can be skipped: + + ```bash + source /opt/tljh/user/bin/activate + ``` + + 2. Get the list of currently installed pip packages (so you can + later install them under the new Python): + + ```bash + pip freeze > pip_pkgs.txt + ``` + + 3. Update all conda installed packages in the environment: + + ```bash + sudo PATH=${PATH} conda update --all + ``` + + 4. Update Python version: + + ```bash + sudo PATH=${PATH} conda install python=3.7 + ``` + + 5. Install the pip packages previously saved: + + ```bash + pip install -r pip_pkgs.txt + ``` diff --git a/docs/images/control-panel-menu.png b/docs/images/control-panel-menu.png new file mode 100644 index 0000000..893702c Binary files /dev/null and b/docs/images/control-panel-menu.png differ diff --git a/docs/images/nbgitpuller/binder-progress.png b/docs/images/nbgitpuller/binder-progress.png deleted file mode 100644 index bc5045b..0000000 Binary files a/docs/images/nbgitpuller/binder-progress.png and /dev/null differ diff --git a/docs/images/nbgitpuller/blank-application.png b/docs/images/nbgitpuller/blank-application.png deleted file mode 100644 index a02f87c..0000000 Binary files a/docs/images/nbgitpuller/blank-application.png and /dev/null differ diff --git a/docs/images/nbgitpuller/filepath-application.png b/docs/images/nbgitpuller/filepath-application.png deleted file mode 100644 index 2871ce5..0000000 Binary files a/docs/images/nbgitpuller/filepath-application.png and /dev/null differ diff --git a/docs/images/nbgitpuller/git-url-application.png b/docs/images/nbgitpuller/git-url-application.png deleted file mode 100644 index d1bc1f3..0000000 Binary files a/docs/images/nbgitpuller/git-url-application.png and /dev/null differ diff --git a/docs/images/nbgitpuller/hub-url-application.png b/docs/images/nbgitpuller/hub-url-application.png deleted file mode 100644 index f3d5930..0000000 Binary files a/docs/images/nbgitpuller/hub-url-application.png and /dev/null differ diff --git a/docs/images/providers/digitalocean/additional-options.png b/docs/images/providers/digitalocean/additional-options.png index 70660a2..a0610f7 100644 Binary files a/docs/images/providers/digitalocean/additional-options.png and b/docs/images/providers/digitalocean/additional-options.png differ diff --git a/docs/images/providers/google/boot-disk-edit-button.png b/docs/images/providers/google/boot-disk-edit-button.png new file mode 100644 index 0000000..65319c5 Binary files /dev/null and b/docs/images/providers/google/boot-disk-edit-button.png differ diff --git a/docs/images/providers/google/boot-disk-resize-properties.png b/docs/images/providers/google/boot-disk-resize-properties.png new file mode 100644 index 0000000..862115a Binary files /dev/null and b/docs/images/providers/google/boot-disk-resize-properties.png differ diff --git a/docs/images/providers/google/boot-disk-resize.png b/docs/images/providers/google/boot-disk-resize.png new file mode 100644 index 0000000..638fc4d Binary files /dev/null and b/docs/images/providers/google/boot-disk-resize.png differ diff --git a/docs/images/providers/google/serial-port-console.png b/docs/images/providers/google/serial-port-console.png new file mode 100644 index 0000000..61384dc Binary files /dev/null and b/docs/images/providers/google/serial-port-console.png differ diff --git a/docs/index.md b/docs/index.md new file mode 100644 index 0000000..fe8dcf7 --- /dev/null +++ b/docs/index.md @@ -0,0 +1,91 @@ +# The Littlest JupyterHub + +A simple [JupyterHub](https://github.com/jupyterhub/jupyterhub) distribution for +a small (0-100) number of users on a single server. We recommend reading +[](/topic/whentouse) to determine if this is the right tool for you. + +## Development Status + +This project is currently in **beta** state. Folks have been using installations +of TLJH for more than a year now to great success. While we try hard not to, we +might still make breaking changes that have no clear upgrade pathway. + +## Installation + +The Littlest JupyterHub (TLJH) can run on any server that is running **Debian 11** or **Ubuntu 20.04** or **22.04** on an amd64 or arm64 CPU architecture. +We aim to support 'stable' and Long-Term Support (LTS) versions. +Newer versions are likely to work with little or no adjustment, but these are not officially supported or tested. +Earlier versions of Ubuntu and Debian are not supported, nor are other Linux distributions. +We have a bunch of tutorials to get you started. + +- Tutorials to create a new server from scratch on a cloud provider & run TLJH + on it. These are **recommended** if you do not have much experience setting up + servers. + + ```{toctree} + :maxdepth: 2 + :titlesonly: true + + install/index + ``` + +Once you are ready to run your server for real, +it's a good idea to proceed directly to {doc}`howto/admin/https`. + +## How-To Guides + +How-To guides answer the question 'How do I...?' for a lot of topics. + +```{toctree} +:maxdepth: 2 + +howto/index +``` + +## Topic Guides + +Topic guides provide in-depth explanations of specific topics. + +```{toctree} +:maxdepth: 2 +:titlesonly: true + +topic/index +``` + +## Reference + +The reference documentation is meant to provide narrowly scoped technical +descriptions that other documentation can link to for details. + +```{toctree} +:maxdepth: 2 +:titlesonly: true + +reference/index +``` + +## Troubleshooting + +In time, all systems have issues that need to be debugged. Troubleshooting +guides help you find what is broken & hopefully fix it. + +```{toctree} +:maxdepth: 2 +:titlesonly: true + +troubleshooting/index +``` + +## Contributing + +We want you to contribute to TLJH in the ways that are most useful +and exciting to you. This section contains documentation helpful +to people contributing in various ways. + +```{toctree} +:maxdepth: 2 +:titlesonly: true + +contributing/index +``` diff --git a/docs/index.rst b/docs/index.rst deleted file mode 100644 index 074a4d2..0000000 --- a/docs/index.rst +++ /dev/null @@ -1,81 +0,0 @@ -======================= -The Littlest JupyterHub -======================= - -A simple `JupyterHub `_ distribution for -a small (0-100) number of users on a single server. We recommend reading -:ref:`topic/whentouse` to determine if this is the right tool for you. - - -Development Status -================== - -This project is currently in **beta** state. Folks have been using installations -of TLJH for more than a year now to great success. While we try hard not to, we -might still make breaking changes that have no clear upgrade pathway. - -Installation -============ - -The Littlest JupyterHub (TLJH) can run on any server that is running **Ubuntu 18.04** or **Ubuntu 20.04** on a amd64 or arm64 CPU architecture. Earlier versions of Ubuntu are not supported. -We have a bunch of tutorials to get you started. - -- Tutorials to create a new server from scratch on a cloud provider & run TLJH - on it. These are **recommended** if you do not have much experience setting up - servers. - - .. toctree:: - :titlesonly: - :maxdepth: 2 - - install/index - -Once you are ready to run your server for real, -it's a good idea to proceed directly to :doc:`howto/admin/https`. - -How-To Guides -============= - -How-To guides answer the question 'How do I...?' for a lot of topics. - -.. toctree:: - :maxdepth: 2 - - howto/index - -Topic Guides -============ - -Topic guides provide in-depth explanations of specific topics. - -.. toctree:: - :titlesonly: - :maxdepth: 2 - - topic/index - - -Troubleshooting -=============== - -In time, all systems have issues that need to be debugged. Troubleshooting -guides help you find what is broken & hopefully fix it. - -.. toctree:: - :titlesonly: - :maxdepth: 2 - - troubleshooting/index - -Contributing -============ - -We want you to contribute to TLJH in the ways that are most useful -and exciting to you. This section contains documentation helpful -to people contributing in various ways. - -.. toctree:: - :titlesonly: - :maxdepth: 2 - - contributing/index diff --git a/docs/install/add-packages.md b/docs/install/add-packages.md new file mode 100644 index 0000000..826f65b --- /dev/null +++ b/docs/install/add-packages.md @@ -0,0 +1,30 @@ +The **User Environment** is a conda environment that is shared by all users +in the JupyterHub. Libraries installed in this environment are immediately +available to all users. Admin users can install packages in this environment +with `sudo -E`. + +1. Log in as an admin user and open a Terminal in your Jupyter Notebook. + + ```{image} ../images/notebook/new-terminal-button.png + :alt: New Terminal button under New menu + ``` + +2. Install [gdal](https://anaconda.org/conda-forge/gdal) from [conda-forge](https://conda-forge.org/). + + ```bash + sudo -E conda install -c conda-forge gdal + ``` + + The `sudo -E` is very important! + +3. Install [there](https://pypi.org/project/there) with `pip` + + ```bash + sudo -E pip install there + ``` + +The packages `gdal` and `there` are now available to all users in JupyterHub. +If a user already had a python notebook running, they have to restart their notebook's +kernel to make the new libraries available. + +See [](#howto/user-env/user-environment) for more information. diff --git a/docs/install/add-users.md b/docs/install/add-users.md new file mode 100644 index 0000000..bbbbdb4 --- /dev/null +++ b/docs/install/add-users.md @@ -0,0 +1,42 @@ +Most administration & configuration of the JupyterHub can be done from the +web UI directly. Let's add a few users who can log in! + +1. In the File menu select the entry for the **Hub Control Panel**. + + ```{image} ../images/control-panel-menu.png + :alt: Hub Control panel entry in lab File menu + ``` + +2. In the control panel, open the **Admin** link in the top left. + + ```{image} ../images/admin/admin-access-button.png + :alt: Admin button in control panel, top left + ``` + + This opens up the JupyterHub admin page, where you can add / delete users, + start / stop peoples' servers and see who is online. + +3. Click the **Add Users** button. + + ```{image} ../images/admin/add-users-button.png + :alt: Add Users button in the admin page + ``` + + A **Add Users** dialog box opens up. + +4. Type the names of users you want to add to this JupyterHub in the dialog box, + one per line. + + ```{image} ../images/admin/add-users-dialog.png + :alt: Adding users with add users dialog + ``` + + You can tick the **Admin** checkbox if you want to give admin rights to all + these users too. + +5. Click the **Add Users** button in the dialog box. Your users are now added + to the JupyterHub! When they log in for the first time, they can set their + password - and use it to log in again in the future. + +Congratulations, you now have a multi user JupyterHub that you can add arbitrary +users to! diff --git a/docs/install/add_packages.txt b/docs/install/add_packages.txt deleted file mode 100644 index f21072f..0000000 --- a/docs/install/add_packages.txt +++ /dev/null @@ -1,30 +0,0 @@ -The **User Environment** is a conda environment that is shared by all users -in the JupyterHub. Libraries installed in this environment are immediately -available to all users. Admin users can install packages in this environment -with ``sudo -E``. - -#. Log in as an admin user and open a Terminal in your Jupyter Notebook. - - .. image:: ../images/notebook/new-terminal-button.png - :alt: New Terminal button under New menu - -#. Install `gdal `_ from `conda-forge `_. - - .. code-block:: bash - - sudo -E conda install -c conda-forge gdal - - The ``sudo -E`` is very important! - -#. Install `there `_ with ``pip`` - - - .. code-block:: bash - - sudo -E pip install there - -The packages ``gdal`` and ``there`` are now available to all users in JupyterHub. -If a user already had a python notebook running, they have to restart their notebook's -kernel to make the new libraries available. - -See :ref:`howto/env/user_environment` for more information. diff --git a/docs/install/add_users.txt b/docs/install/add_users.txt deleted file mode 100644 index 8d4066f..0000000 --- a/docs/install/add_users.txt +++ /dev/null @@ -1,39 +0,0 @@ -Most administration & configuration of the JupyterHub can be done from the -web UI directly. Let's add a few users who can log in! - -#. Open the **Control Panel** by clicking the control panel button on the top - right of your JupyterHub. - - .. image:: ../images/control-panel-button.png - :alt: Control panel button in notebook, top right - -#. In the control panel, open the **Admin** link in the top left. - - .. image:: ../images/admin/admin-access-button.png - :alt: Admin button in control panel, top left - - This opens up the JupyterHub admin page, where you can add / delete users, - start / stop peoples' servers and see who is online. - -#. Click the **Add Users** button. - - .. image:: ../images/admin/add-users-button.png - :alt: Add Users button in the admin page - - A **Add Users** dialog box opens up. - -#. Type the names of users you want to add to this JupyterHub in the dialog box, - one per line. - - .. image:: ../images/admin/add-users-dialog.png - :alt: Adding users with add users dialog - - You can tick the **Admin** checkbox if you want to give admin rights to all - these users too. - -#. Click the **Add Users** button in the dialog box. Your users are now added - to the JupyterHub! When they log in for the first time, they can set their - password - and use it to log in again in the future. - -Congratulations, you now have a multi user JupyterHub that you can add arbitrary -users to! diff --git a/docs/install/amazon.md b/docs/install/amazon.md new file mode 100644 index 0000000..dd042be --- /dev/null +++ b/docs/install/amazon.md @@ -0,0 +1,279 @@ +(install-amazon)= + +# Installing on Amazon Web Services + +## Goal + +To have a JupyterHub with admin users and a user environment with conda / pip packages. + +## Prerequisites + +1. An Amazon Web Services account. + + If asked to choose a default region, choose the one closest to the majority + of your users. + +## Step 1: Installing The Littlest JupyterHub + +Let's create the server on which we can run JupyterHub. + +1. Go to [Amazon Web Services](https://aws.amazon.com/) and click the gold + button 'Sign In to the Console' in the upper right. Log in with your Amazon Web + Services account. + + If you need to adjust your region from your default, there is a drop-down + menu between your name and the **Support** menu on the far right of the dark + navigation bar across the top of the window. Adjust the region to match the + closest one to the majority of your users. + +2. On the screen listing all the available services, pick **EC2** under **Compute** + on the left side at the top of the first column. + + ```{image} ../images/providers/amazon/compute_services.png + :alt: Select EC2 + ``` + + This will take you to the **EC2 Management Console**. + +3. From the navigation menu listing on the far left side of the **EC2 Management + Console**, choose **Instances** under the light gray **INSTANCES** sub-heading. + + ```{image} ../images/providers/amazon/instances_from_console.png + :alt: Select Instances from console + ``` + +4. In the main window of the **EC2 Management Console**, towards the top left, + click on the bright blue **Launch Instance** button. + + ```{image} ../images/providers/amazon/launch_instance_button.png + :alt: Click launch instance + ``` + + This will start the 'launch instance wizard' process. This lets you customize + the kind of server you want, the resources it will have and its name. + +5. On the page **Step 1: Choose an Amazon Machine Image (AMI)** you are going + to pick the base image your remote server will have. The view will + default to the 'Quick-start' tab selected and just a few down the page, select + **Ubuntu Server 22.04 LTS (HVM), SSD Volume Type - ami-XXXXXXXXXXXXXXXXX**, + leaving `64-bit (x86)` toggled. + + ```{image} ../images/providers/amazon/select_ubuntu_18.png + :alt: Click Ubuntu server 22.04 + ``` + + The `ami` alpha-numeric at the end references the specific Amazon machine + image, ignore this as Amazon updates them routinely. The + **Ubuntu Server 22.04 LTS (HVM)** is the important part. + +6. After selecting the AMI, you'll be at **Step 2: Choose an Instance Type**. + + There will be a long listing of the types and numbers of CPUs that Amazon + offers. Select the one you want and then select the button + `Next: Configure Instance Details` in the lower right corner. + + Check out our guide on How To [](/howto/admin/resource-estimation) to help pick + how much Memory / CPU your server needs. + We recommend you use a server with at least 2GB of RAM, such as a **t3.small**. + However, if you need to minimise costs you can use a server with **1GB** RAM such as a **t2.micro**, but performance will be limited. + + You may wish to consult the listing [here](https://www.ec2instances.info/) + because it shows cost per hour. The **On Demand** price is the pertinent cost. + + `GPU graphics` and `GPU compute` products are also available around half way down the page + +7. Under **Step 3: Configure Instance Details**, scroll to the bottom of the page + and toggle the arrow next to **Advanced Details**. Scroll down to 'User data'. Copy + the text below, and paste it into the **User data** text box. Replace + `` with the name of the first **admin user** for this + JupyterHub. This admin user can log in after the JupyterHub is set up, and + configure it. **Remember to add your username**! + + ```bash + #!/bin/bash + curl -L https://tljh.jupyter.org/bootstrap.py \ + | sudo python3 - \ + --admin + ``` + + ```{image} ../images/providers/amazon/script_in_user_data.png + :alt: Install JupyterHub with the script in the User data textbox + ``` + + :::{note} + See [](/topic/installer-actions) for a detailed description and + [](/topic/customizing-installer) for other options that can be used. + ::: + +8. Under **Step 4: Add Storage**, you can change the **size** and **type of your + disk by adjusting the value in \*\*Size (GiB)** and selecting **Volume Type**. + + ```{image} ../images/providers/amazon/change_size_type.png + :alt: Selecting disk size and type + ``` + + Check out [](/howto/admin/resource-estimation) to help pick + how much Disk space your server needs. + + Hover over the encircled `i` next to **Volume Type** for an explanation of + each. Leaving the default as is is fine. `General Purpose SSD (gp2)` is + recommended for most workloads. With `Provisioned IOPS SSD (io1)` being the + highest-performance SSD volume. Magnetic (standard) is a previous generation + volume and not suited for a hub for multi-users. + + When finished, click **Next: Add Tags** in the bottom right corner. + +9. Under **Step 5: Add Tags**, click **Add Tag** and enter **Name** under the + **Key** field. In the **Value** field in the **Name** row, give your new + server a memorable name that identifies what purpose this JupyterHub will be + used for. + + ```{image} ../images/providers/amazon/name_hub.png + :alt: Use tags to name the hub. + ``` + +10. Under **Step 6: Configure Security Group**, you'll set the firewall rules + that control the traffic for your instance. Specifically you'll want to add + rules to allow both **HTTP Traffic** and **HTTPS Traffic**. For + advanced troubleshooting, it will be helpful to set rules so you can use + SSH to connect (port 22). + + If you have never used your Amazon account before, you'll have to select + **Create a new security group**. You should give it a disitnguishing name + under **Security group name** + such as `ssh_web` for future reference. If you have, one from before you can + select it and adjust it to have the rules you need, if you prefer. + + The rules will default to include `SSH`. Leave that there, and then click on + the **Add Rule** button. Under **Type** for the new rule, change the field + to **HTTP**. The other boxes will get filled in appropritely. Again, click on + the **Add Rule** button. This time under **Type** for the new rule, change + the field to **HTTPS**. + + The warning is there to remind you this opens things up to some degree but + this is necessary in order to let your users connect. However, this warning + is a good reminder that you should monitor your server to insure it is + available for users who may need it. + + ```{image} ../images/providers/amazon/set_security_groups.png + :alt: Allow HTTP & HTTPS traffic to your server + ``` + +11. When the security rules are set, click on the blue button in the bottom + right **Review and Launch**. This will give you a chance to review things + because very soon you'll be launching and start paying for any resources you + use. + + Note that you'll see two HTTP listings and two HTTPS listings under + **Security Groups** even though you only made one for each. This is normal & + necessary to match both IPv4 & IPv6 types of IP addresses. + + When you are happy, press the blue **Launch** button in the bottom right + corner to nearly conclude your journey through the instance launch wizard. + + ```{image} ../images/providers/amazon/finally_launch.png + :alt: Launch your server + ``` + +12. In the dialog box that pops up as the last step before launching is + triggered, you need to choose what to do about an identifying key pair and + acknowledge your choice in order to proceed. If you already have a key pair you + can select to associate it with this instance, otherwise you need to + **Create a new key pair**. Choosing to `Proceed without a key pair` is not + recommended as you'll have no way to access your server via SSH if anything + goes wrong with the Jupyterhub and have no way to recover files via download. + + Download and keep the key pair file unless you are associating one you already + have. + + ```{image} ../images/providers/amazon/create_key_pair.png + :alt: Associate key pair + ``` + +13. With the key pair associated, click the **Launch instances** button to + start creating the server that'll run TLJH. + + ```{image} ../images/providers/amazon/launch_now.png + :alt: Trigger actual launch + ``` + +14. Following the launch initiation, you'll be taken to a **Launch Status** + notification screen. You can see more information about the details if you + click on the alphanumeric link to the launching instance following the text, + "`The following instance launches have been initiated:`". + + ```{image} ../images/providers/amazon/launch_status_screen.png + :alt: Launch status notice + ``` + +15. That link will take you back to the **EC2 Management Console** with settings + that will limit the view in the console to just that instance. (Delete the + filter in the search bar if you want to see any other instances you may + have.) At first the server will be starting up, and then when the + **Instance state** is green the server is running. + + ```{image} ../images/providers/amazon/running_server.png + :alt: Server is running. + ``` + + If you already have instances running in your account, the screen will look + different if you disable that filter. But you want to pay attention to the + row with the name of the server you made. + +16. In a few seconds your server will be created, and you can see the + **Public IP** used to access it in the panel at the bottom of the console. + If it isn't displayed, click on the row for that instance in the console. It + will look like a pattern similar to **12.30.230.127**. + + ```{image} ../images/providers/amazon/public_ip.png + :alt: public IP + ``` + +17. The Littlest JupyterHub is now installing in the background on your new + server. It takes around 10 minutes for this installation to complete. + +18. Check if the installation is complete by copying the **Public IP** + of your server, and trying to access it from within a browser. If it has been + 10 minutes, paste the public IP into the URL bar of your browser and hit + return to try to connect. + + Accessing the JupyterHub will fail until the installation is complete, + so be patient. The next step below this one shows the login window you are + expecting to see when trying the URL and things work. + While waiting until the appropriate time to try, another way to check if + things are churning away, is to open the **System Log**. To do this, go to + the **EC2 Management Console** & highlight the instance by clicking on that + row and then right-click **Monitor and troubleshoot** > **Get system log**. + +19. When the Jupyterhub creation process finishes and the hub is ready to show + the login, the **System Log** should look similar to the image below. Scroll to + the bottom of your output from the previous step. + Note the line **Starting TLJH installer**, you may also see **Started jupyterhub.service** + + ```{image} ../images/providers/amazon/completed_system_log.png + :alt: Completed system log + ``` + +20. When the installation is complete, it should give you a JupyterHub login page. + + ```{image} ../images/first-login.png + :alt: JupyterHub log-in page + ``` + +21. Login using the **admin user name** you used in step 7, and a password. Use a + strong password & note it down somewhere, since this will be the password for + the admin user account from now on. + +22. Congratulations, you have a running working JupyterHub! + +## Step 2: Adding more users + +```{include} add-users.md + +``` + +## Step 3: Install conda / pip packages for all users + +```{include} add-packages.md + +``` diff --git a/docs/install/amazon.rst b/docs/install/amazon.rst deleted file mode 100644 index e043301..0000000 --- a/docs/install/amazon.rst +++ /dev/null @@ -1,269 +0,0 @@ -.. _install/amazon: - -================================= -Installing on Amazon Web Services -================================= - -Goal -==== - -To have a JupyterHub with admin users and a user environment with conda / pip packages. - -Prerequisites -============= - -#. An Amazon Web Services account. - - If asked to choose a default region, choose the one closest to the majority - of your users. - -Step 1: Installing The Littlest JupyterHub -========================================== - -Let's create the server on which we can run JupyterHub. - -#. Go to `Amazon Web Services `_ and click the gold - button 'Sign In to the Console' in the upper right. Log in with your Amazon Web - Services account. - - If you need to adjust your region from your default, there is a drop-down - menu between your name and the **Support** menu on the far right of the dark - navigation bar across the top of the window. Adjust the region to match the - closest one to the majority of your users. - -#. On the screen listing all the available services, pick **EC2** under **Compute** - on the left side at the top of the first column. - - .. image:: ../images/providers/amazon/compute_services.png - :alt: Select EC2 - - This will take you to the **EC2 Management Console**. - -#. From the navigation menu listing on the far left side of the **EC2 Management - Console**, choose **Instances** under the light gray **INSTANCES** sub-heading. - - .. image:: ../images/providers/amazon/instances_from_console.png - :alt: Select Instances from console - -#. In the main window of the **EC2 Management Console**, towards the top left, - click on the bright blue **Launch Instance** button. - - .. image:: ../images/providers/amazon/launch_instance_button.png - :alt: Click launch instance - - This will start the 'launch instance wizard' process. This lets you customize - the kind of server you want, the resources it will have and its name. - - -#. On the page **Step 1: Choose an Amazon Machine Image (AMI)** you are going - to pick the base image your remote server will have. The view will - default to the 'Quick-start' tab selected and just a few down the page, select - **Ubuntu Server 18.04 LTS (HVM), SSD Volume Type - ami-XXXXXXXXXXXXXXXXX**, - leaving `64-bit (x86)` toggled. - - .. image:: ../images/providers/amazon/select_ubuntu_18.png - :alt: Click Ubuntu server 18.04 - - The `ami` alpha-numeric at the end references the specific Amazon machine - image, ignore this as Amazon updates them routinely. The - **Ubuntu Server 18.04 LTS (HVM)** is the important part. - - -#. After selecting the AMI, you'll be at **Step 2: Choose an Instance Type**. - - There will be a long listing of the types and numbers of CPUs that Amazon - offers. Select the one you want and then select the button - `Next: Configure Instance Details` in the lower right corner. - - Check out our guide on How To :ref:`howto/admin/resource-estimation` to help pick - how much Memory / CPU your server needs. - We recommend you use a server with at least 2GB of RAM, such as a **t3.small**. - However, if you need to minimise costs you can use a server with **1GB** RAM such as a **t2.micro**, but performance will be limited. - - You may wish to consult the listing `here `_ - because it shows cost per hour. The **On Demand** price is the pertinent cost. - - ``GPU graphics`` and ``GPU compute`` products are also available around half way down the page - -#. Under **Step 3: Configure Instance Details**, scroll to the bottom of the page - and toggle the arrow next to **Advanced Details**. Scroll down to 'User data'. Copy - the text below, and paste it into the **User data** text box. Replace - ```` with the name of the first **admin user** for this - JupyterHub. This admin user can log in after the JupyterHub is set up, and - configure it. **Remember to add your username**! - - .. code-block:: bash - - #!/bin/bash - curl -L https://tljh.jupyter.org/bootstrap.py \ - | sudo python3 - \ - --admin - - .. image:: ../images/providers/amazon/script_in_user_data.png - :alt: Install JupyterHub with the script in the User data textbox - - .. note:: - - See :ref:`topic/installer-actions` for a detailed description and - :ref:`topic/customizing-installer` for other options that can be used. - -#. Under **Step 4: Add Storage**, you can change the **size** and **type of your - disk by adjusting the value in **Size (GiB)** and selecting **Volume Type**. - - .. image:: ../images/providers/amazon/change_size_type.png - :alt: Selecting disk size and type - - Check out :ref:`howto/admin/resource-estimation` to help pick - how much Disk space your server needs. - - Hover over the encircled `i` next to **Volume Type** for an explanation of - each. Leaving the default as is is fine. `General Purpose SSD (gp2)` is - recommended for most workloads. With `Provisioned IOPS SSD (io1)` being the - highest-performance SSD volume. Magnetic (standard) is a previous generation - volume and not suited for a hub for multi-users. - - When finished, click **Next: Add Tags** in the bottom right corner. - -#. Under **Step 5: Add Tags**, click **Add Tag** and enter **Name** under the - **Key** field. In the **Value** field in the **Name** row, give your new - server a memorable name that identifies what purpose this JupyterHub will be - used for. - - .. image:: ../images/providers/amazon/name_hub.png - :alt: Use tags to name the hub. - -#. Under **Step 6: Configure Security Group**, you'll set the firewall rules - that control the traffic for your instance. Specifically you'll want to add - rules to allow both **HTTP Traffic** and **HTTPS Traffic**. For - advanced troubleshooting, it will be helpful to set rules so you can use - SSH to connect (port 22). - - If you have never used your Amazon account before, you'll have to select - **Create a new security group**. You should give it a disitnguishing name - under **Security group name** - such as `ssh_web` for future reference. If you have, one from before you can - select it and adjust it to have the rules you need, if you prefer. - - The rules will default to include `SSH`. Leave that there, and then click on - the **Add Rule** button. Under **Type** for the new rule, change the field - to **HTTP**. The other boxes will get filled in appropritely. Again, click on - the **Add Rule** button. This time under **Type** for the new rule, change - the field to **HTTPS**. - - The warning is there to remind you this opens things up to some degree but - this is necessary in order to let your users connect. However, this warning - is a good reminder that you should monitor your server to insure it is - available for users who may need it. - - .. image:: ../images/providers/amazon/set_security_groups.png - :alt: Allow HTTP & HTTPS traffic to your server - -#. When the security rules are set, click on the blue button in the bottom - right **Review and Launch**. This will give you a chance to review things - because very soon you'll be launching and start paying for any resources you - use. - - Note that you'll see two HTTP listings and two HTTPS listings under - **Security Groups** even though you only made one for each. This is normal & - necessary to match both IPv4 & IPv6 types of IP addresses. - - When you are happy, press the blue **Launch** button in the bottom right - corner to nearly conclude your journey through the instance launch wizard. - - .. image:: ../images/providers/amazon/finally_launch.png - :alt: Launch your server - -#. In the dialog box that pops up as the last step before launching is - triggered, you need to choose what to do about an identifying key pair and - acknowledge your choice in order to proceed. If you already have a key pair you - can select to associate it with this instance, otherwise you need to - **Create a new key pair**. Choosing to `Proceed without a key pair` is not - recommended as you'll have no way to access your server via SSH if anything - goes wrong with the Jupyterhub and have no way to recover files via download. - - Download and keep the key pair file unless you are associating one you already - have. - - .. image:: ../images/providers/amazon/create_key_pair.png - :alt: Associate key pair - -#. With the key pair associated, click the **Launch instances** button to - start creating the server that'll run TLJH. - - .. image:: ../images/providers/amazon/launch_now.png - :alt: Trigger actual launch - - -#. Following the launch initiation, you'll be taken to a **Launch Status** - notification screen. You can see more information about the details if you - click on the alphanumeric link to the launching instance following the text, - "`The following instance launches have been initiated:`". - - .. image:: ../images/providers/amazon/launch_status_screen.png - :alt: Launch status notice - -#. That link will take you back to the **EC2 Management Console** with settings - that will limit the view in the console to just that instance. (Delete the - filter in the search bar if you want to see any other instances you may - have.) At first the server will be starting up, and then when the - **Instance state** is green the server is running. - - .. image:: ../images/providers/amazon/running_server.png - :alt: Server is running. - - If you already have instances running in your account, the screen will look - different if you disable that filter. But you want to pay attention to the - row with the name of the server you made. - -#. In a few seconds your server will be created, and you can see the - **Public IP** used to access it in the panel at the bottom of the console. - If it isn't displayed, click on the row for that instance in the console. It - will look like a pattern similar to **12.30.230.127**. - - .. image:: ../images/providers/amazon/public_ip.png - :alt: public IP - -#. The Littlest JupyterHub is now installing in the background on your new - server. It takes around 10 minutes for this installation to complete. - -#. Check if the installation is complete by copying the **Public IP** - of your server, and trying to access it from within a browser. If it has been - 10 minutes, paste the public IP into the URL bar of your browser and hit - return to try to connect. - - Accessing the JupyterHub will fail until the installation is complete, - so be patient. The next step below this one shows the login window you are - expecting to see when trying the URL and things work. - While waiting until the appropriate time to try, another way to check if - things are churning away, is to open the **System Log**. To do this, go to - the **EC2 Management Console** & highlight the instance by clicking on that - row and then right-click **Monitor and troubleshoot** > **Get system log**. - -#. When the Jupyterhub creation process finishes and the hub is ready to show - the login, the **System Log** should look similar to the image below. Scroll to - the bottom of your output from the previous step. - Note the line **Starting TLJH installer**, you may also see **Started jupyterhub.service** - - .. image:: ../images/providers/amazon/completed_system_log.png - :alt: Completed system log - -#. When the installation is complete, it should give you a JupyterHub login page. - - .. image:: ../images/first-login.png - :alt: JupyterHub log-in page - -#. Login using the **admin user name** you used in step 7, and a password. Use a - strong password & note it down somewhere, since this will be the password for - the admin user account from now on. - -#. Congratulations, you have a running working JupyterHub! - -Step 2: Adding more users -========================== - -.. include:: add_users.txt - -Step 3: Install conda / pip packages for all users -================================================== - -.. include:: add_packages.txt diff --git a/docs/install/azure.md b/docs/install/azure.md new file mode 100644 index 0000000..a9f862f --- /dev/null +++ b/docs/install/azure.md @@ -0,0 +1,226 @@ +(install-azure)= + +# Installing on Azure + +## Goal + +By the end of this tutorial, you should have a JupyterHub with some admin +users and a user environment with packages you want to be installed running on +[Microsoft Azure](https://azure.microsoft.com). + +This tutorial leads you step-by-step for you to manually deploy your own JupyterHub on Azure cloud. + +:::{note} +✨ The `Deploy to Azure button` project allows you to deploy your own JupyterHub with minimal manual configuration steps. The deploy to Azure button allows you to have a vanilla configuration in just one-click and by assigning some variables. + +Check it out at [https://github.com/trallard/TLJH-azure-button](https://github.com/trallard/TLJH-azure-button). +::: + +## Prerequisites + +- A Microsoft Azure account. +- To get started you can get a free account which includes 150 dollars worth of Azure credits ([get a free account here](https://azure.microsoft.com/en-us/free//?wt.mc_id=TLJH-github-taallard)) + +These instructions cover how to set up a Virtual Machine +on Microsoft Azure. For subsequent information about creating +your JupyterHub and configuring it, see [The Littlest JupyterHub guide](https://the-littlest-jupyterhub.readthedocs.io/en/latest/). + +## Step 1: Installing The Littlest JupyterHub + +We start by creating the Virtual Machine in which we can run TLJH (The Littlest JupyterHub). + +1. Go to [Azure portal](https://portal.azure.com/) and login with your Azure account. + +2. Expand the left-hand panel by clicking on the ">>" button on the top left corner of your dashboard. Find the Virtual Machines tab and click on it. + + ```{image} ../images/providers/azure/azure-vms.png + :alt: Virtual machines on Azure portal + ``` + +3. Click **+ add** to create a new Virtual Machine + + ```{image} ../images/providers/azure/add-vm.png + :alt: Add a new virtual machine + ``` + +4. Select **Create VM from Marketplace** in the next screen. + A new screen with all the options for Virtual Machines in Azure will displayed. + + ```{image} ../images/providers/azure/create-vm.png + :alt: Create VM from the marketplace + ``` + +5. **Choose an Ubuntu server for your VM**: + + - Click `Ubuntu Server 22.04 LTS.` + + - Make sure `Resource Manager` is selected in the next screen and click **Create** + + ```{image} ../images/providers/azure/ubuntu-vm.png + :alt: Ubuntu VM + ``` + +6. Customise the Virtual Machine basics: + + - **Subscription**. Choose the "Free Trial" if this is what you're using. Otherwise, choose a different plan. This is the billing account that will be charged. + - **Resource group**. Resource groups let you keep your Azure tools/resources together in an availability region (e.g. WestEurope). If you already have one you'd like to use it select that resource. + + :::{note} + If you have never created a Resource Group, click on **Create new** + ::: + + ```{image} ../images/providers/azure/new-rg.png + :alt: Create a new resource group + ``` + + - **Name**. Use a descriptive name for your virtual machine (note that you cannot use spaces or special characters). + - **Region**. Choose a location near where you expect your users to be located. + - **Availability options**. Choose "No infrastructure redundancy required". + - **Image**. Make sure "Ubuntu Server 22.04 LTS" is selected (from the previous step). + - **Authentication type**. Change authentication type to "password". + - **Username**. Choose a memorable username, this will be your "root" user, and you'll need it later on. + - **Password**. Type in a password, this will be used later for admin access so make sure it is something memorable. + + ```{image} ../images/providers/azure/password-vm.png + :alt: Add password to VM + ``` + + - **Login with Azure Active Directory**. Choose "Off" (usually the default) + - **Inbound port rules**. Leave the defaults for now, and we will update these later on in the Network configuration step. + +7. Before clicking on "Next" we need to select the RAM size for the image. + + - For this we need to make sure we have enough RAM to accommodate your users. For example, if each user needs 2GB of RAM, and you have 10 total users, you need at least 20GB of RAM on the machine. It's also good to have a few GB of "buffer" RAM beyond what you think you'll need. + + - Click on **Change size** (see image below) + + ```{image} ../images/providers/azure/size-vm.png + :alt: Choose vm size + ``` + + :::{note} + For more information about estimating memory, CPU and disk needs check [The memory section in the TLJH documentation](https://tljh.jupyter.org/en/latest/howto/admin/resource-estimation.html) + ::: + + - Select a suitable image (to check available images and prices in your region [click on this link](https://azuremarketplace.microsoft.com/en-gb/marketplace/apps/Canonical.UbuntuServer?tab=PlansAndPrice/?wt.mc_id=TLJH-github-taallard)). + +8. Disks (Storage): + + - **Disk options**: select the OS disk type there are options for SDD and HDD. **SSD persistent disk** gives you a faster but more expensive disk than HDD. + + - **Data disk**. Click on create and attach a new disk. Select an appropriate type and size and click ok. + - Click "Next". + + ```{image} ../images/providers/azure/create-disk.png + :alt: Create and attach disk + ``` + + ```{image} ../images/providers/azure/disk-vm.png + :alt: Choose a disk size + ``` + +9. Networking + + - **Virtual network**. Leave the default values selected. + - **Subnet**. Leave the default values selected. + - **Public IP address**.Leave the default values selected. This will make your server accessible from a browser. + - **Network Security Group**. Choose "Basic" + - **Public inbound ports**. Check **HTTP**, **HTTPS**, and **SSH**. + + ```{image} ../images/providers/azure/networking-vm.png + :alt: Choose networking ports + ``` + +10. Management + + - Monitoring + + - **Boot diagnostics**. Choose "On". + - **OS guest diagnostics**. Choose "Off". + - **Diagnostics storage account**. Leave as the default. + + - Auto-Shutdown + - **Enable auto-shutdown**. Choose "Off". + - Backup + - **Backup**. Choose "Off". + - System assigned managed identity. Select "Off". + + ```{image} ../images/providers/azure/backup-vm.png + :alt: Choose VM Backup + ``` + +11. Advanced settings + + - **Extensions**. Make sure there are no extensions listed + - **Cloud init**. We are going to use this section to install TLJH directly into our Virtual Machine. + + Copy the code snippet below: + + ```bash + #!/bin/bash + curl -L https://tljh.jupyter.org/bootstrap.py \ + | sudo python3 - \ + --admin + ``` + + where the `admin-user-name` is the root username you chose for your Virtual Machine. + + ```{image} ../images/providers/azure/cloudinit-vm.png + :alt: Install TLJH + ``` + + :::{note} + See [](/topic/installer-actions) if you want to understand exactly what the installer is doing. + [](/topic/customizing-installer) documents other options that can be passed to the installer. + ::: + +12. Check the summary and confirm the creation of your Virtual Machine. + +13. Check that the creation of your Virtual Machine worked. + + - Wait for the virtual machine to be created. This might take about 5-10 minutes. + + - After completion, you should see a similar screen to the one below: + + ```{image} ../images/providers/azure/deployed-vm.png + :alt: Deployed VM + ``` + +14. Note that the Littlest JupyterHub should be installing in the background on your new server. + It takes around 5-10 minutes for this installation to complete. + +15. Click on the **Go to resource button** + + ```{image} ../images/providers/azure/goto-vm.png + :alt: Go to VM + ``` + +16. Check if the installation is completed by **copying** the **Public IP address** of your virtual machine, and trying to access it with a browser. + + ```{image} ../images/providers/azure/ip-vm.png + :alt: Public IP address + ``` + + Note that accessing the JupyterHub will fail until the installation is complete, so be patient. + +17. When the installation is complete, it should give you a JupyterHub login page. + + ```{image} ../images/first-login.png + :alt: JupyterHub log-in page + ``` + +18. Login using the **admin user name** you used in step 6, and a password. Use a strong password & note it down somewhere, since this will be the password for the admin user account from now on. + +19. Congratulations, you have a running working JupyterHub! 🎉 + +## Step 2: Adding more users + +```{include} add-users.md + +``` + +## Step 3: Install conda / pip packages for all users + +```{include} add-packages.md + +``` diff --git a/docs/install/azure.rst b/docs/install/azure.rst deleted file mode 100644 index 62f7cf8..0000000 --- a/docs/install/azure.rst +++ /dev/null @@ -1,192 +0,0 @@ -.. _install/azure: - -==================== -Installing on Azure -==================== - -Goal -==== - -By the end of this tutorial, you should have a JupyterHub with some admin -users and a user environment with packages you want to be installed running on -`Microsoft Azure `_. - -This tutorial leads you step-by-step for you to manually deploy your own JupyterHub on Azure cloud. - -.. note:: ✨ The ``Deploy to Azure button`` project allows you to deploy your own JupyterHub with minimal manual configuration steps. The deploy to Azure button allows you to have a vanilla configuration in just one-click and by assigning some variables. - - Check it out at `https://github.com/trallard/TLJH-azure-button `_. - -Prerequisites -============== - -* A Microsoft Azure account. - -* To get started you can get a free account which includes 150 dollars worth of Azure credits (`get a free account here `_) - -These instructions cover how to set up a Virtual Machine -on Microsoft Azure. For subsequent information about creating -your JupyterHub and configuring it, see `The Littlest JupyterHub guide `_. - - -Step 1: Installing The Littlest JupyterHub -========================================== - -We start by creating the Virtual Machine in which we can run TLJH (The Littlest JupyterHub). - -#. Go to `Azure portal `_ and login with your Azure account. -#. Expand the left-hand panel by clicking on the ">>" button on the top left corner of your dashboard. Find the Virtual Machines tab and click on it. - -.. image:: ../images/providers/azure/azure-vms.png - :alt: Virtual machines on Azure portal - -#. Click **+ add** to create a new Virtual Machine - - .. image:: ../images/providers/azure/add-vm.png - :alt: Add a new virtual machine - -#. Select **Create VM from Marketplace** in the next screen. -A new screen with all the options for Virtual Machines in Azure will displayed. - - .. image:: ../images/providers/azure/create-vm.png - :alt: Create VM from the marketplace - -#. **Choose an Ubuntu server for your VM**: - * Click `Ubuntu Server 18.04 LTS.` - * Make sure `Resource Manager` is selected in the next screen and click **Create** - - .. image:: ../images/providers/azure/ubuntu-vm.png - :alt: Ubuntu VM - -#. Customise the Virtual Machine basics: - * **Subscription**. Choose the "Free Trial" if this is what you're using. Otherwise, choose a different plan. This is the billing account that will be charged. - * **Resource group**. Resource groups let you keep your Azure tools/resources together in an availability region (e.g. WestEurope). If you already have one you'd like to use it select that resource. - - .. note:: If you have never created a Resource Group, click on **Create new** - - .. image:: ../images/providers/azure/new-rg.png - :alt: Create a new resource group - - * **Name**. Use a descriptive name for your virtual machine (note that you cannot use spaces or special characters). - * **Region**. Choose a location near where you expect your users to be located. - * **Availability options**. Choose "No infrastructure redundancy required". - * **Image**. Make sure "Ubuntu Server 18.04 LTS" is selected (from the previous step). - * **Authentication type**. Change authentication type to "password". - * **Username**. Choose a memorable username, this will be your "root" user, and you'll need it later on. - * **Password**. Type in a password, this will be used later for admin access so make sure it is something memorable. - - .. image:: ../images/providers/azure/password-vm.png - :alt: Add password to VM - - * **Login with Azure Active Directory**. Choose "Off" (usually the default) - * **Inbound port rules**. Leave the defaults for now, and we will update these later on in the Network configuration step. - -#. Before clicking on "Next" we need to select the RAM size for the image. - * For this we need to make sure we have enough RAM to accommodate your users. For example, if each user needs 2GB of RAM, and you have 10 total users, you need at least 20GB of RAM on the machine. It's also good to have a few GB of "buffer" RAM beyond what you think you'll need. - * Click on **Change size** (see image below) - - .. image:: ../images/providers/azure/size-vm.png - :alt: Choose vm size - - .. note:: For more information about estimating memory, CPU and disk needs check `The memory section in the TLJH documentation `_ - - * Select a suitable image (to check available images and prices in your region `click on this link `_). - -#. Disks (Storage): - * **Disk options**: select the OS disk type there are options for SDD and HDD. **SSD persistent disk** gives you a faster but more expensive disk than HDD. - * **Data disk**. Click on create and attach a new disk. Select an appropriate type and size and click ok. - * Click "Next". - - .. image:: ../images/providers/azure/create-disk.png - :alt: Create and attach disk - - .. image:: ../images/providers/azure/disk-vm.png - :alt: Choose a disk size - -#. Networking - * **Virtual network**. Leave the default values selected. - * **Subnet**. Leave the default values selected. - * **Public IP address**.Leave the default values selected. This will make your server accessible from a browser. - * **Network Security Group**. Choose "Basic" - * **Public inbound ports**. Check **HTTP**, **HTTPS**, and **SSH**. - - .. image:: ../images/providers/azure/networking-vm.png - :alt: Choose networking ports - -#. Management - * Monitoring - * **Boot diagnostics**. Choose "On". - * **OS guest diagnostics**. Choose "Off". - * **Diagnostics storage account**. Leave as the default. - * Auto-Shutdown - * **Enable auto-shutdown**. Choose "Off". - * Backup - * **Backup**. Choose "Off". - * System assigned managed identity Select "Off" - - .. image:: ../images/providers/azure/backup-vm.png - :alt: Choose VM Backup - -#. Advanced settings - * **Extensions**. Make sure there are no extensions listed - * **Cloud init**. We are going to use this section to install TLJH directly into our Virtual Machine. - Copy the code snippet below: - - .. code:: bash - - #!/bin/bash - curl -L https://tljh.jupyter.org/bootstrap.py \ - | sudo python3 - \ - --admin - - where the ``username`` is the root username you chose for your Virtual Machine. - - .. image:: ../images/providers/azure/cloudinit-vm.png - :alt: Install TLJH - - .. note:: - - See :ref:`topic/installer-actions` if you want to understand exactly what the installer is doing. - :ref:`topic/customizing-installer` documents other options that can be passed to the installer. - -#. Check the summary and confirm the creation of your Virtual Machine. - -#. Check that the creation of your Virtual Machine worked. - * Wait for the virtual machine to be created. This might take about 5-10 minutes. - * After completion, you should see a similar screen to the one below: - - .. image:: ../images/providers/azure/deployed-vm.png - :alt: Deployed VM - -#. Note that the Littlest JupyterHub should be installing in the background on your new server. - It takes around 5-10 minutes for this installation to complete. - -#. Click on the **Go to resource button** - .. image:: ../images/providers/azure/goto-vm.png - :alt: Go to VM - -#. Check if the installation is completed by **copying** the **Public IP address** of your virtual machine, and trying to access it with a browser. - - .. image:: ../images/providers/azure/ip-vm.png - :alt: Public IP address - - Note that accessing the JupyterHub will fail until the installation is complete, so be patient. - -#. When the installation is complete, it should give you a JupyterHub login page. - - .. image:: ../images/first-login.png - :alt: JupyterHub log-in page - -#. Login using the **admin user name** you used in step 6, and a password. Use a strong password & note it down somewhere, since this will be the password for the admin user account from now on. - -#. Congratulations, you have a running working JupyterHub! 🎉 - -Step 2: Adding more users -========================== - -.. include:: add_users.txt - -Step 3: Install conda / pip packages for all users -================================================== - -.. include:: add_packages.txt diff --git a/docs/install/custom-server.md b/docs/install/custom-server.md new file mode 100644 index 0000000..8ef92d8 --- /dev/null +++ b/docs/install/custom-server.md @@ -0,0 +1,95 @@ +(install-custom)= + +# Installing on your own server + +Follow this guide if your cloud provider doesn't have a direct tutorial, or +you are setting this up on a bare metal server. + +:::{warning} +Do **not** install TLJH directly on your laptop or personal computer! +It will most likely open up exploitable security holes when run directly +on your personal computer. +::: + +:::{note} +Running TLJH _inside_ a docker container is not supported, since we depend +on systemd. If you want to run TLJH locally for development, see +[](/contributing/dev-setup). +::: + +## Goal + +By the end of this tutorial, you should have a JupyterHub with some admin +users and a user environment with packages you want installed running on +a server you have access to. + +## Pre-requisites + +1. Some familiarity with the command line. +2. A server running Ubuntu 20.04+ where you have root access (Ubuntu 22.04 LTS recommended). +3. At least **1GB** of RAM on your server. +4. Ability to `ssh` into the server & run commands from the prompt. +5. An **IP address** where the server can be reached from the browsers of your target audience. + +If you run into issues, look at the specific [troubleshooting guide](/troubleshooting/providers/custom) +for custom server installations. + +## Step 1: Installing The Littlest JupyterHub + +1. Using a terminal program, SSH into your server. This should give you a prompt where you can + type commands. + +2. Make sure you have `python3`, `python3-dev`, `curl` and `git` installed. + + ``` + sudo apt install python3 python3-dev git curl + ``` + +3. Copy the text below, and paste it into the terminal. Replace + `` with the name of the first **admin user** for this + JupyterHub. Choose any name you like (don't forget to remove the brackets!). + This admin user can log in after the JupyterHub is set up, and + can configure it to their needs. **Remember to add your username**! + + ```bash + curl -L https://tljh.jupyter.org/bootstrap.py | sudo -E python3 - --admin + ``` + + :::{note} + See [](/topic/installer-actions) if you want to understand exactly what the installer is doing. + [](/topic/customizing-installer) documents other options that can be passed to the installer. + ::: + +4. Press `Enter` to start the installation process. This will take 5-10 minutes, + and will say `Done!` when the installation process is complete. + +5. Copy the **Public IP** of your server, and try accessing `http://` from + your browser. If everything went well, this should give you a JupyterHub login page. + + ```{image} ../images/first-login.png + :alt: JupyterHub log-in page + ``` + +6. Login using the **admin user name** you used in step 3. You can choose any + password that you wish. Use a + strong password & note it down somewhere, since this will be the password for + the admin user account from now on. + +7. Congratulations, you have a running working JupyterHub! + +## Step 2: Adding more users + +```{include} add-users.md + +``` + +## Step 3: Install conda / pip packages for all users + +```{include} add-packages.md + +``` + +## Step 4: Setup HTTPS + +Once you are ready to run your server for real, and have a domain, it's a good +idea to proceed directly to [](/howto/admin/https). diff --git a/docs/install/custom-server.rst b/docs/install/custom-server.rst deleted file mode 100644 index bcb616d..0000000 --- a/docs/install/custom-server.rst +++ /dev/null @@ -1,99 +0,0 @@ -.. _install/custom: - -============================= -Installing on your own server -============================= - - -Follow this guide if your cloud provider doesn't have a direct tutorial, or -you are setting this up on a bare metal server. - -.. warning:: - - Do **not** install TLJH directly on your laptop or personal computer! - It will most likely open up exploitable security holes when run directly - on your personal computer. - -.. note:: - - Running TLJH *inside* a docker container is not supported, since we depend - on systemd. If you want to run TLJH locally for development, see - :ref:`contributing/dev-setup`. - -Goal -==== - -By the end of this tutorial, you should have a JupyterHub with some admin -users and a user environment with packages you want installed running on -a server you have access to. - -Pre-requisites -============== - -#. Some familiarity with the command line. -#. A server running Ubuntu 18.04 where you have root access. -#. At least **1GB** of RAM on your server. -#. Ability to ``ssh`` into the server & run commands from the prompt. -#. An **IP address** where the server can be reached from the browsers of your target audience. - -If you run into issues, look at the specific :ref:`troubleshooting guide ` -for custom server installations. - -Step 1: Installing The Littlest JupyterHub -========================================== - -#. Using a terminal program, SSH into your server. This should give you a prompt where you can - type commands. - -#. Make sure you have ``python3``, ``python3-dev``, ``curl`` and ``git`` installed. - - .. code:: - - sudo apt install python3 python3-dev git curl - -#. Copy the text below, and paste it into the terminal. Replace - ```` with the name of the first **admin user** for this - JupyterHub. Choose any name you like (don't forget to remove the brackets!). - This admin user can log in after the JupyterHub is set up, and - can configure it to their needs. **Remember to add your username**! - - .. code-block:: bash - - curl -L https://tljh.jupyter.org/bootstrap.py | sudo -E python3 - --admin - - .. note:: - - See :ref:`topic/installer-actions` if you want to understand exactly what the installer is doing. - :ref:`topic/customizing-installer` documents other options that can be passed to the installer. - -#. Press ``Enter`` to start the installation process. This will take 5-10 minutes, - and will say ``Done!`` when the installation process is complete. - -#. Copy the **Public IP** of your server, and try accessing ``http://`` from - your browser. If everything went well, this should give you a JupyterHub login page. - - .. image:: ../images/first-login.png - :alt: JupyterHub log-in page - -#. Login using the **admin user name** you used in step 3. You can choose any - password that you wish. Use a - strong password & note it down somewhere, since this will be the password for - the admin user account from now on. - -#. Congratulations, you have a running working JupyterHub! - -Step 2: Adding more users -========================== - -.. include:: add_users.txt - -Step 3: Install conda / pip packages for all users -================================================== - -.. include:: add_packages.txt - -Step 4: Setup HTTPS -=================== - -Once you are ready to run your server for real, and have a domain, it's a good -idea to proceed directly to :ref:`howto/admin/https`. diff --git a/docs/install/digitalocean.md b/docs/install/digitalocean.md new file mode 100644 index 0000000..2f367c6 --- /dev/null +++ b/docs/install/digitalocean.md @@ -0,0 +1,123 @@ +(insatll-digitalocean)= + +# Installing on Digital Ocean + +## Goal + +By the end of this tutorial, you should have a JupyterHub with some admin +users and a user environment with packages you want installed running on +[DigitalOcean](https://digitalocean.com). + +## Pre-requisites + +1. A DigitalOcean account with a payment method attached. + +## Step 1: Installing The Littlest JupyterHub + +Let's create the server on which we can run JupyterHub. + +1. Log in to [DigitalOcean](https://digitalocean.com). You might need to + attach a credit card or other payment method to your account before you + can proceed with the tutorial. + +2. Click the **Create** button on the top right, and select **Droplets** from + the dropdown menu. DigitalOcean calls servers **droplets**. + + ```{image} ../images/providers/digitalocean/create-menu.png + :alt: Dropdown menu on clicking 'create' in top right corner + ``` + + This takes you to a page titled **Create Droplets** that lets you configure + your server. + +3. Under **Choose an image**, select **22.04 x64** under **Ubuntu**. + + ```{image} ../images/providers/digitalocean/select-image.png + :alt: Select 22.04 x64 image under Ubuntu + ``` + +4. Under **Choose a size**, select the size of the server you want. The default + (4GB RAM, 2CPUs, 24 USD / month) is not a bad start. You can resize your server + later if you need. + + Check out our guide on How To [](/howto/admin/resource-estimation) to help pick + how much Memory, CPU & disk space your server needs. + +5. Open the **Advanced Options**, and check the box for **Add Initialization scripts**. + + ```{image} ../images/providers/digitalocean/additional-options.png + :alt: Turn on User Data in advanced options + ``` + + This opens up a textbox where you can enter a script that will be run + when the server is created. We will use this to set up The Littlest JupyterHub + on this server. + +6. Copy the text below, and paste it into the user data text box. Replace + `` with the name of the first **admin user** for this + JupyterHub. This admin user can log in after the JupyterHub is set up, and + can configure it to their needs. **Remember to add your username**! + + ```bash + #!/bin/bash + curl -L https://tljh.jupyter.org/bootstrap.py \ + | sudo python3 - \ + --admin + ``` + + :::{note} + See [](/topic/installer-actions) if you want to understand exactly what the installer is doing. + [](/topic/customizing-installer) documents other options that can be passed to the installer. + ::: + +7. Under the **Finalize and create** section, enter a `hostname` that descriptively + identifies this server for you. + + ```{image} ../images/providers/digitalocean/hostname.png + :alt: Select suitable hostname for your server + ``` + +8. Click the **Create** button! You will be taken to a different screen, + where you can see progress of your server being created. + + ```{image} ../images/providers/digitalocean/server-create-wait.png + :alt: Server being created + ``` + +9. In a few seconds your server will be created, and you can see the **public IP** + used to access it. + + ```{image} ../images/providers/digitalocean/server-create-done.png + :alt: Server finished creating, public IP available + ``` + +10. The Littlest JupyterHub is now installing in the background on your new server. + It takes around 5-10 minutes for this installation to complete. + +11. Check if the installation is complete by copying the **public ip** + of your server, and trying to access it with a browser. This will fail until + the installation is complete, so be patient. + +12. When the installation is complete, it should give you a JupyterHub login page. + + ```{image} ../images/first-login.png + :alt: JupyterHub log-in page + ``` + +13. Login using the **admin user name** you used in step 6, and a password. Use a + strong password & note it down somewhere, since this will be the password for + the admin user account from now on. + +14. Congratulations, you have a running working JupyterHub! + +## Step 2: Adding more users + +```{include} add-users.md + +``` + +## Step 3: Install conda / pip packages for all users + +```{include} add-packages.md + +``` diff --git a/docs/install/digitalocean.rst b/docs/install/digitalocean.rst deleted file mode 100644 index 38d07a0..0000000 --- a/docs/install/digitalocean.rst +++ /dev/null @@ -1,119 +0,0 @@ -.. _insatll/digitalocean: - -=========================== -Installing on Digital Ocean -=========================== - -Goal -==== - -By the end of this tutorial, you should have a JupyterHub with some admin -users and a user environment with packages you want installed running on -`DigitalOcean `_. - -Pre-requisites -============== - -#. A DigitalOcean account with a payment method attached. - -Step 1: Installing The Littlest JupyterHub -========================================== - -Let's create the server on which we can run JupyterHub. - -#. Log in to `DigitalOcean `_. You might need to - attach a credit card or other payment method to your account before you - can proceed with the tutorial. - -#. Click the **Create** button on the top right, and select **Droplets** from - the dropdown menu. DigitalOcean calls servers **droplets**. - - .. image:: ../images/providers/digitalocean/create-menu.png - :alt: Dropdown menu on clicking 'create' in top right corner - - This takes you to a page titled **Create Droplets** that lets you configure - your server. - -#. Under **Choose an image**, select **18.04 x64** under **Ubuntu**. - - .. image:: ../images/providers/digitalocean/select-image.png - :alt: Select 18.04 x64 image under Ubuntu - -#. Under **Choose a size**, select the size of the server you want. The default - (4GB RAM, 2CPUs, 20 USD / month) is not a bad start. You can resize your server - later if you need. - - Check out our guide on How To :ref:`howto/admin/resource-estimation` to help pick - how much Memory, CPU & disk space your server needs. - -#. Scroll down to **Select additional options**, and select **User data**. - - .. image:: ../images/providers/digitalocean/additional-options.png - :alt: Turn on User Data in additional options - - This opens up a textbox where you can enter a script that will be run - when the server is created. We will use this to set up The Littlest JupyterHub - on this server. - -#. Copy the text below, and paste it into the user data text box. Replace - ```` with the name of the first **admin user** for this - JupyterHub. This admin user can log in after the JupyterHub is set up, and - can configure it to their needs. **Remember to add your username**! - - .. code-block:: bash - - #!/bin/bash - curl -L https://tljh.jupyter.org/bootstrap.py \ - | sudo python3 - \ - --admin - - .. note:: - - See :ref:`topic/installer-actions` if you want to understand exactly what the installer is doing. - :ref:`topic/customizing-installer` documents other options that can be passed to the installer. - -#. Under the **Finalize and create** section, enter a ``hostname`` that descriptively - identifies this server for you. - - .. image:: ../images/providers/digitalocean/hostname.png - :alt: Select suitable hostname for your server - -#. Click the **Create** button! You will be taken to a different screen, - where you can see progress of your server being created. - - .. image:: ../images/providers/digitalocean/server-create-wait.png - :alt: Server being created - -#. In a few seconds your server will be created, and you can see the **public IP** - used to access it. - - .. image:: ../images/providers/digitalocean/server-create-done.png - :alt: Server finished creating, public IP available - -#. The Littlest JupyterHub is now installing in the background on your new server. - It takes around 5-10 minutes for this installation to complete. - -#. Check if the installation is complete by copying the **public ip** - of your server, and trying to access it with a browser. This will fail until - the installation is complete, so be patient. - -#. When the installation is complete, it should give you a JupyterHub login page. - - .. image:: ../images/first-login.png - :alt: JupyterHub log-in page - -#. Login using the **admin user name** you used in step 6, and a password. Use a - strong password & note it down somewhere, since this will be the password for - the admin user account from now on. - -#. Congratulations, you have a running working JupyterHub! - -Step 2: Adding more users -========================== - -.. include:: add_users.txt - -Step 3: Install conda / pip packages for all users -================================================== - -.. include:: add_packages.txt diff --git a/docs/install/google.md b/docs/install/google.md new file mode 100644 index 0000000..e6d125e --- /dev/null +++ b/docs/install/google.md @@ -0,0 +1,219 @@ +(install-google)= + +# Installing on Google Cloud + +## Goal + +By the end of this tutorial, you should have a JupyterHub with some admin +users and a user environment with packages you want installed running on +[Google Cloud](https://cloud.google.com/). + +## Prerequisites + +1. A Google Cloud account. You might use the free credits for trying it out! + +## Step 1: Installing The Littlest JupyterHub + +Let's create the server on which we can run JupyterHub. + +1. Log in to [Google Cloud Console](https://console.cloud.google.com) with + your Google Account. + +2. Open the navigation menu by clicking the button with three lines on the top + left corner of the page. + + ```{image} ../images/providers/google/left-menu-button.png + :alt: Button to open the menu + ``` + + This opens a menu with all the cloud products Google Cloud offers. + +3. Under **Compute Engine**, select **VM Instances**. + + ```{image} ../images/providers/google/vm-instances-menu.png + :alt: Navigation Menu -> Compute Engine -> VM Instances + ``` + +4. If you are using Google Cloud for the first time, you might have to + enable billing. Google will present a screen asking you to enable billing + to proceed. Click the **Enable Billing** button and follow any prompts + that appear. + + ```{image} ../images/providers/google/enable-billing.png + :alt: Enable billing if needed. + ``` + + It might take a few minutes for your account to be set up. + +5. Once Compute Engine is ready, click the **Create** button to start + creating the server that'll run TLJH. + + ```{image} ../images/providers/google/create-vm-first.png + :alt: Create VM page when using it for the first time. + ``` + + If you already have VMs running in your project, the screen will look + different. But you can find the **Create** button still! + +6. This shows you a page titled **Create an instance**. This lets you customize + the kind of server you want, the resources it will have & what it'll be called. + +7. Under **Name**, give it a memorable name that identifies what purpose this + JupyterHub will be used for. + +8. **Region** specifies the physical location where this server will be hosted. + Generally, pick something close to where most of your users are. Note that + it might increase the cost of your server in some cases! + +9. For **Zone**, pick any of the options. Leaving the default as is is fine. + +10. Under **Machine** type, select the amount of CPU / RAM / GPU you want for your + server. You need at least **1GB** of RAM. + + You can select a preset combination in the default **basic view**. + + ```{image} ../images/providers/google/machine-type-basic.png + :alt: Select a preset VM type + ``` + + If you want to add **GPUs**, you should click the **Customize** button & + use the **Advanced View**. You need to request [a quota increase](https://cloud.google.com/compute/quotas#gpus) + before you can use GPUs. + + ```{image} ../images/providers/google/machine-type-advanced.png + :alt: Select a customized VM size + ``` + + Check out our guide on How To [](/howto/admin/resource-estimation) to help pick + how much Memory / CPU your server needs. + +11. Under **Boot Disk**, click the **Change** button. This lets us change the + operating system and the size of your disk. + + ```{image} ../images/providers/google/boot-disk-button.png + :alt: Changing Boot Disk & disk size + ``` + + This should open a **Boot disk** popup. + +12. Select **Ubuntu 22.04 LTS** from the list of operating system images. + + ```{image} ../images/providers/google/boot-disk-ubuntu.png + :alt: Selecting Ubuntu 22.04 for OS + ``` + +13. You can also change the **type** and **size** of your disk at the bottom + of this popup. + + ```{image} ../images/providers/google/boot-disk-size.png + :alt: Selecting Boot disk type & size + ``` + + **Standard persistent disk** type gives you a slower but cheaper disk, similar + to a hard drive. **SSD persistent disk** gives you a faster but more expensive + disk, similar to an SSD. + + Check out our guide on How To [](/howto/admin/resource-estimation) to help pick + how much Disk space your server needs. + +14. Click the **Select** button to dismiss the Boot disk popup and go back to the + Create an instance screen. + +15. Under **Identity and API access**, select **No service account** for the + **Service account** field. This prevents your JupyterHub users from automatically + accessing other cloud services, increasing security. + + ```{image} ../images/providers/google/no-service-account.png + :alt: Disable service accounts for the server + ``` + +16. Under **Firewall**, check both **Allow HTTP Traffic** and **Allow HTTPS Traffic** + checkboxes. + + ```{image} ../images/providers/google/firewall.png + :alt: Allow HTTP & HTTPS traffic to your server + ``` + +17. Click the **Management, disks, networking, SSH keys** link to expand more + options. + + ```{image} ../images/providers/google/management-button.png + :alt: Expand management options by clicking link. + ``` + + This displays a lot of advanced options, but we'll be only using one of them. + +18. Copy the text below, and paste it into the **Startup script** text box. Replace + `` with the name of the first **admin user** for this + JupyterHub. This admin user can log in after the JupyterHub is set up, and + can configure it to their needs. **Remember to add your username**! + + ```bash + #!/bin/bash + curl -L https://tljh.jupyter.org/bootstrap.py \ + | sudo python3 - \ + --admin + ``` + + ```{image} ../images/providers/google/startup-script.png + :alt: Install JupyterHub with the Startup script textbox + ``` + + :::{note} + See [](/topic/installer-actions) if you want to understand exactly what the installer is doing. + [](/topic/customizing-installer) documents other options that can be passed to the installer. + ::: + +19. Click the **Create** button at the bottom to start your server! + + ```{image} ../images/providers/google/create-vm-button.png + :alt: Launch an Instance / Advanced Options dialog box + ``` + +20. We'll be sent to the **VM instances** page, where we can see that our server + is being created. + + ```{image} ../images/providers/google/vm-creating.png + :alt: Spinner with vm creating + ``` + +21. In a few seconds your server will be created, and you can see the **External IP** + used to access it. + + ```{image} ../images/providers/google/vm-created.png + :alt: VM created, external IP available + ``` + +22. The Littlest JupyterHub is now installing in the background on your new server. + It takes around 5-10 minutes for this installation to complete. + +23. Check if the installation is complete by **copying** the **External IP** + of your server, and trying to access it with a browser. Do **not click** on the + IP - this will open the link with HTTPS, and will not work. + + Accessing the JupyterHub will also fail until the installation is complete, + so be patient. + +24. When the installation is complete, it should give you a JupyterHub login page. + + ```{image} ../images/first-login.png + :alt: JupyterHub log-in page + ``` + +25. Login using the **admin user name** you used in step 6, and a password. Use a + strong password & note it down somewhere, since this will be the password for + the admin user account from now on. + +26. Congratulations, you have a running working JupyterHub! + +## Step 2: Adding more users + +```{include} add-users.md + +``` + +## Step 3: Install conda / pip packages for all users + +```{include} add-packages.md + +``` diff --git a/docs/install/google.rst b/docs/install/google.rst deleted file mode 100644 index f6081d5..0000000 --- a/docs/install/google.rst +++ /dev/null @@ -1,205 +0,0 @@ -.. _install/google: - -========================== -Installing on Google Cloud -========================== - -Goal -==== - -By the end of this tutorial, you should have a JupyterHub with some admin -users and a user environment with packages you want installed running on -`Google Cloud `_. - -Prerequisites -============= - -#. A Google Cloud account. You might use the free credits for trying it out! - -Step 1: Installing The Littlest JupyterHub -========================================== - -Let's create the server on which we can run JupyterHub. - -#. Log in to `Google Cloud Console `_ with - your Google Account. - -#. Open the navigation menu by clicking the button with three lines on the top - left corner of the page. - - .. image:: ../images/providers/google/left-menu-button.png - :alt: Button to open the menu - - This opens a menu with all the cloud products Google Cloud offers. - -#. Under **Compute Engine**, select **VM Instances**. - - .. image:: ../images/providers/google/vm-instances-menu.png - :alt: Navigation Menu -> Compute Engine -> VM Instances - -#. If you are using Google Cloud for the first time, you might have to - enable billing. Google will present a screen asking you to enable billing - to proceed. Click the **Enable Billing** button and follow any prompts - that appear. - - .. image:: ../images/providers/google/enable-billing.png - :alt: Enable billing if needed. - - It might take a few minutes for your account to be set up. - -#. Once Compute Engine is ready, click the **Create** button to start - creating the server that'll run TLJH. - - .. image:: ../images/providers/google/create-vm-first.png - :alt: Create VM page when using it for the first time. - - If you already have VMs running in your project, the screen will look - different. But you can find the **Create** button still! - -#. This shows you a page titled **Create an instance**. This lets you customize - the kind of server you want, the resources it will have & what it'll be called. - -#. Under **Name**, give it a memorable name that identifies what purpose this - JupyterHub will be used for. - -#. **Region** specifies the physical location where this server will be hosted. - Generally, pick something close to where most of your users are. Note that - it might increase the cost of your server in some cases! - -#. For **Zone**, pick any of the options. Leaving the default as is is fine. - -#. Under **Machine** type, select the amount of CPU / RAM / GPU you want for your - server. You need at least **1GB** of RAM. - - You can select a preset combination in the default **basic view**. - - .. image:: ../images/providers/google/machine-type-basic.png - :alt: Select a preset VM type - - If you want to add **GPUs**, you should click the **Customize** button & - use the **Advanced View**. You need to request `a quota increase `_ - before you can use GPUs. - - .. image:: ../images/providers/google/machine-type-advanced.png - :alt: Select a customized VM size - - Check out our guide on How To :ref:`howto/admin/resource-estimation` to help pick - how much Memory / CPU your server needs. - -#. Under **Boot Disk**, click the **Change** button. This lets us change the - operating system and the size of your disk. - - .. image:: ../images/providers/google/boot-disk-button.png - :alt: Changing Boot Disk & disk size - - This should open a **Boot disk** popup. - -#. Select **Ubuntu 18.04 LTS** from the list of operating system images. - - .. image:: ../images/providers/google/boot-disk-ubuntu.png - :alt: Selecting Ubuntu 18.04 for OS - -#. You can also change the **type** and **size** of your disk at the bottom - of this popup. - - .. image:: ../images/providers/google/boot-disk-size.png - :alt: Selecting Boot disk type & size - - **Standard persistent disk** type gives you a slower but cheaper disk, similar - to a hard drive. **SSD persistent disk** gives you a faster but more expensive - disk, similar to an SSD. - - Check out our guide on How To :ref:`howto/admin/resource-estimation` to help pick - how much Disk space your server needs. - -#. Click the **Select** button to dismiss the Boot disk popup and go back to the - Create an instance screen. - -#. Under **Identity and API access**, select **No service account** for the - **Service account** field. This prevents your JupyterHub users from automatically - accessing other cloud services, increasing security. - - .. image:: ../images/providers/google/no-service-account.png - :alt: Disable service accounts for the server - -#. Under **Firewall**, check both **Allow HTTP Traffic** and **Allow HTTPS Traffic** - checkboxes. - - .. image:: ../images/providers/google/firewall.png - :alt: Allow HTTP & HTTPS traffic to your server - -#. Click the **Management, disks, networking, SSH keys** link to expand more - options. - - .. image:: ../images/providers/google/management-button.png - :alt: Expand management options by clicking link. - - This displays a lot of advanced options, but we'll be only using one of them. - -#. Copy the text below, and paste it into the **Startup script** text box. Replace - ```` with the name of the first **admin user** for this - JupyterHub. This admin user can log in after the JupyterHub is set up, and - can configure it to their needs. **Remember to add your username**! - - .. code-block:: bash - - #!/bin/bash - curl -L https://tljh.jupyter.org/bootstrap.py \ - | sudo python3 - \ - --admin - - .. image:: ../images/providers/google/startup-script.png - :alt: Install JupyterHub with the Startup script textbox - - .. note:: - - See :ref:`topic/installer-actions` if you want to understand exactly what the installer is doing. - :ref:`topic/customizing-installer` documents other options that can be passed to the installer. - -#. Click the **Create** button at the bottom to start your server! - - .. image:: ../images/providers/google/create-vm-button.png - :alt: Launch an Instance / Advanced Options dialog box - -#. We'll be sent to the **VM instances** page, where we can see that our server - is being created. - - .. image:: ../images/providers/google/vm-creating.png - :alt: Spinner with vm creating - -#. In a few seconds your server will be created, and you can see the **External IP** - used to access it. - - .. image:: ../images/providers/google/vm-created.png - :alt: VM created, external IP available - -#. The Littlest JupyterHub is now installing in the background on your new server. - It takes around 5-10 minutes for this installation to complete. - -#. Check if the installation is complete by **copying** the **External IP** - of your server, and trying to access it with a browser. Do **not click** on the - IP - this will open the link with HTTPS, and will not work. - - Accessing the JupyterHub will also fail until the installation is complete, - so be patient. - -#. When the installation is complete, it should give you a JupyterHub login page. - - .. image:: ../images/first-login.png - :alt: JupyterHub log-in page - -#. Login using the **admin user name** you used in step 6, and a password. Use a - strong password & note it down somewhere, since this will be the password for - the admin user account from now on. - -#. Congratulations, you have a running working JupyterHub! - -Step 2: Adding more users -========================== - -.. include:: add_users.txt - -Step 3: Install conda / pip packages for all users -================================================== - -.. include:: add_packages.txt diff --git a/docs/install/index.md b/docs/install/index.md new file mode 100644 index 0000000..041ccf6 --- /dev/null +++ b/docs/install/index.md @@ -0,0 +1,23 @@ +(install-installing)= + +# Installing + +The Littlest JupyterHub (TLJH) can run on any server that is running **Debian 11** or **Ubuntu 20.04** or **22.04** on a amd64 or arm64 CPU architecture. +Earlier versions of Ubuntu and Debian are not supported, nor are other Linux distributions. +We have a bunch of tutorials to get you started. + +Tutorials to create a new server from scratch on a cloud provider & run TLJH +on it. These are **recommended** if you do not have much experience setting up +servers. + +```{toctree} +:titlesonly: true + +digitalocean +ovh +jetstream +google +amazon +azure +custom-server +``` diff --git a/docs/install/index.rst b/docs/install/index.rst deleted file mode 100644 index b783486..0000000 --- a/docs/install/index.rst +++ /dev/null @@ -1,24 +0,0 @@ -.. _install/installing: - -========== -Installing -========== - -The Littlest JupyterHub (TLJH) can run on any server that is running at least -**Ubuntu 18.04**. Earlier versions of Ubuntu are not supported. -We have a bunch of tutorials to get you started. - -Tutorials to create a new server from scratch on a cloud provider & run TLJH -on it. These are **recommended** if you do not have much experience setting up -servers. - - .. toctree:: - :titlesonly: - - digitalocean - ovh - jetstream - google - amazon - azure - custom-server diff --git a/docs/install/jetstream.md b/docs/install/jetstream.md new file mode 100644 index 0000000..b068ca1 --- /dev/null +++ b/docs/install/jetstream.md @@ -0,0 +1,152 @@ +(install-jetstream)= + +# Installing on Jetstream + +## Goal + +By the end of this tutorial, you should have a JupyterHub with some admin +users and a user environment with packages you want installed running on +[Jetstream](https://jetstream-cloud.org/). + +## Prerequisites + +1. A Jetstream account with an XSEDE allocation; for more information, + see the [Jetstream Allocations help page](http://wiki.jetstream-cloud.org/Jetstream+Allocations). + +## Step 1: Installing The Littlest JupyterHub + +Let's create the server on which we can run JupyterHub. + +1. Log in to [the Jetstream portal](https://use.jetstream-cloud.org/). You need an allocation + to launch instances. + +2. Select the **Launch New Instance** option to get going. + + ```{image} ../images/providers/jetstream/launch-instance-first-button.png + :alt: Launch new instance button with description. + ``` + + This takes you to a page with a list of base images you can choose for your + server. + +3. Under **Image Search**, search for **Ubuntu 22.04**, and select the + **Ubuntu 22.04 Devel and Docker** image. + + ```{image} ../images/providers/jetstream/select-image.png + :alt: Select Ubuntu 22.04 x64 image from image list + ``` + +4. Once selected, you will see more information about this image. Click the + **Launch** button on the top right. + + ```{image} ../images/providers/jetstream/launch-instance-second-button.png + :alt: Launch selected image with Launch button on top right + ``` + +5. A dialog titled **Launch an Instance / Basic Options** pops up, with various + options for configuring your instance. + + ```{image} ../images/providers/jetstream/launch-instance-dialog.png + :alt: Launch an Instance / Basic Options dialog box + ``` + + 1. Give your server a descriptive **Instance Name**. + + 2. Select an appropriate **Instance Size**. We suggest m1.medium or larger. + Make sure your instance has at least **1GB** of RAM. + + Check out our guide on How To [](/howto/admin/resource-estimation) to help pick + how much Memory, CPU & disk space your server needs. + + 3. If you have multiple allocations, make sure you are 'charging' this server + to the correct allocation. + +6. Click the **Advanced Options** link in the bottom left of the popup. This + lets us configure what the server should do when it starts up. We will use + this to install The Littlest JupyterHub. + + A dialog titled **Launch an Instance / Advanced Options** should pop up. + + ```{image} ../images/providers/jetstream/add-deployment-script-dialog.png + :alt: Dialog box allowing you to add a new script. + ``` + +7. Click the **Create New Script** button. This will open up another dialog + box! + + ```{image} ../images/providers/jetstream/create-script-dialog.png + :alt: Launch an Instance / Advanced Options dialog box + ``` + +8. Under **Input Type**, select **Raw Text**. This should make a text box titled + **Raw Text** visible on the right side of the dialog box. + Copy the text below, and paste it into the **Raw Text** text box. Replace + `` with the name of the first **admin user** for this + JupyterHub. This admin user can log in after the JupyterHub is set up, and + can configure it to their needs. **Remember to add your username**! + + ```bash + #!/bin/bash + curl -L https://tljh.jupyter.org/bootstrap.py \ + | sudo python3 - \ + --admin + ``` + + :::{note} + See [](/topic/installer-actions) if you want to understand exactly what the installer is doing. + [](/topic/customizing-installer) documents other options that can be passed to the installer. + ::: + +9. Under **Execution Strategy Type**, select **Run script on first boot**. + +10. Under **Deployment Type**, select **Wait for script to complete**. + +11. Click the **Save and Add Script** button on the bottom right. This should hide + the dialog box. + +12. Click the **Continue to Launch** button on the bottom right. This should put you + back in the **Launch an Instance / Basic Options** dialog box again. + +13. Click the **Launch Instance** button on the bottom right. This should turn it + into a spinner, and your server is getting created! + + ```{image} ../images/providers/jetstream/launching-spinner.png + :alt: Launch button turns into a spinner + ``` + +14. You'll now be shown a dashboard with all your servers and their states. The + server you just launched will progress through various stages of set up, + and you can see the progress here. + + ```{image} ../images/providers/jetstream/deployment-in-progress.png + :alt: Instances dashboard showing deployment in progress. + ``` + +15. It will take about ten minutes for your server to come up. The status will + say **Active** and the progress bar will be a solid green. At this point, + your JupyterHub is ready for use! + +16. Copy the **IP Address** of your server, and try accessing it from a web + browser. It should give you a JupyterHub login page. + + ```{image} ../images/first-login.png + :alt: JupyterHub log-in page + ``` + +17. Login using the **admin user name** you used in step 8, and a password. Use a + strong password & note it down somewhere, since this will be the password for + the admin user account from now on. + +18. Congratulations, you have a running working JupyterHub! + +## Step 2: Adding more users + +```{include} add-users.md + +``` + +## Step 3: Install conda / pip packages for all users + +```{include} add-packages.md + +``` diff --git a/docs/install/jetstream.rst b/docs/install/jetstream.rst deleted file mode 100644 index 7f95a3b..0000000 --- a/docs/install/jetstream.rst +++ /dev/null @@ -1,145 +0,0 @@ -.. _install/jetstream: - -======================= -Installing on Jetstream -======================= - -Goal -==== - -By the end of this tutorial, you should have a JupyterHub with some admin -users and a user environment with packages you want installed running on -`Jetstream `_. - -Prerequisites -============= - -#. A Jetstream account with an XSEDE allocation; for more information, - see the `Jetstream Allocations help page `_. - -Step 1: Installing The Littlest JupyterHub -========================================== - -Let's create the server on which we can run JupyterHub. - -#. Log in to `the Jetstream portal `_. You need an allocation - to launch instances. - -#. Select the **Launch New Instance** option to get going. - - .. image:: ../images/providers/jetstream/launch-instance-first-button.png - :alt: Launch new instance button with description. - - This takes you to a page with a list of base images you can choose for your - server. - -#. Under **Image Search**, search for **Ubuntu 18.04**, and select the - **Ubuntu 18.04 Devel and Docker** image. - - .. image:: ../images/providers/jetstream/select-image.png - :alt: Select Ubuntu 18.04 x64 image from image list - -#. Once selected, you will see more information about this image. Click the - **Launch** button on the top right. - - .. image:: ../images/providers/jetstream/launch-instance-second-button.png - :alt: Launch selected image with Launch button on top right - -#. A dialog titled **Launch an Instance / Basic Options** pops up, with various - options for configuring your instance. - - .. image:: ../images/providers/jetstream/launch-instance-dialog.png - :alt: Launch an Instance / Basic Options dialog box - - #. Give your server a descriptive **Instance Name**. - #. Select an appropriate **Instance Size**. We suggest m1.medium or larger. - Make sure your instance has at least **1GB** of RAM. - - Check out our guide on How To :ref:`howto/admin/resource-estimation` to help pick - how much Memory, CPU & disk space your server needs. - - #. If you have multiple allocations, make sure you are 'charging' this server - to the correct allocation. - -#. Click the **Advanced Options** link in the bottom left of the popup. This - lets us configure what the server should do when it starts up. We will use - this to install The Littlest JupyterHub. - - A dialog titled **Launch an Instance / Advanced Options** should pop up. - - .. image:: ../images/providers/jetstream/add-deployment-script-dialog.png - :alt: Dialog box allowing you to add a new script. - -#. Click the **Create New Script** button. This will open up another dialog - box! - - .. image:: ../images/providers/jetstream/create-script-dialog.png - :alt: Launch an Instance / Advanced Options dialog box - -#. Under **Input Type**, select **Raw Text**. This should make a text box titled - **Raw Text** visible on the right side of the dialog box. - Copy the text below, and paste it into the **Raw Text** text box. Replace - ```` with the name of the first **admin user** for this - JupyterHub. This admin user can log in after the JupyterHub is set up, and - can configure it to their needs. **Remember to add your username**! - - .. code-block:: bash - - #!/bin/bash - curl -L https://tljh.jupyter.org/bootstrap.py \ - | sudo python3 - \ - --admin - - .. note:: - - See :ref:`topic/installer-actions` if you want to understand exactly what the installer is doing. - :ref:`topic/customizing-installer` documents other options that can be passed to the installer. - -#. Under **Execution Strategy Type**, select **Run script on first boot**. - -#. Under **Deployment Type**, select **Wait for script to complete**. - -#. Click the **Save and Add Script** button on the bottom right. This should hide - the dialog box. - -#. Click the **Continue to Launch** button on the bottom right. This should put you - back in the **Launch an Instance / Basic Options** dialog box again. - -#. Click the **Launch Instance** button on the bottom right. This should turn it - into a spinner, and your server is getting created! - - .. image:: ../images/providers/jetstream/launching-spinner.png - :alt: Launch button turns into a spinner - -#. You'll now be shown a dashboard with all your servers and their states. The - server you just launched will progress through various stages of set up, - and you can see the progress here. - - .. image:: ../images/providers/jetstream/deployment-in-progress.png - :alt: Instances dashboard showing deployment in progress. - -#. It will take about ten minutes for your server to come up. The status will - say **Active** and the progress bar will be a solid green. At this point, - your JupyterHub is ready for use! - -#. Copy the **IP Address** of your server, and try accessing it from a web - browser. It should give you a JupyterHub login page. - - .. image:: ../images/first-login.png - :alt: JupyterHub log-in page - -#. Login using the **admin user name** you used in step 8, and a password. Use a - strong password & note it down somewhere, since this will be the password for - the admin user account from now on. - -#. Congratulations, you have a running working JupyterHub! - -Step 2: Adding more users -========================== - -.. include:: add_users.txt - -Step 3: Install conda / pip packages for all users -================================================== - -.. include:: add_packages.txt diff --git a/docs/install/ovh.md b/docs/install/ovh.md new file mode 100644 index 0000000..eec287e --- /dev/null +++ b/docs/install/ovh.md @@ -0,0 +1,133 @@ +(install-ovh)= + +# Installing on OVH + +## Goal + +By the end of this tutorial, you should have a JupyterHub with some admin +users and a user environment with packages you want installed running on +[OVH](https://www.ovh.com). + +## Pre-requisites + +1. An OVH account. + +## Step 1: Installing The Littlest JupyterHub + +Let's create the server on which we can run JupyterHub. + +1. Log in to the [OVH Control Panel](https://www.ovh.com/auth/). + +2. Click the **Public Cloud** button in the navigation bar. + + ```{image} ../images/providers/ovh/public-cloud.png + :alt: Public Cloud entry in the navigation bar + ``` + +3. If you don't have an OVH Stack, you can create one by clicking on the following button: + + ```{image} ../images/providers/ovh/create-ovh-stack.png + :alt: Button to create an OVH stack + ``` + +4. Select a name for the project: + + ```{image} ../images/providers/ovh/project-name.png + :alt: Select a name for the project + ``` + +5. If you don't have a payment method yet, select one and click on "Create my project": + + ```{image} ../images/providers/ovh/payment.png + :alt: Select a payment method + ``` + +6. Using the **Public Cloud interface**, click on **Create an instance**: + + ```{image} ../images/providers/ovh/create-instance.png + :alt: Create a new instance + ``` + +7. **Select a model** for the instance. A good start is the **S1-4** model under **Shared resources** which comes with 4GB RAM, 1 vCores and 20GB SSD. + +8. **Select a region**. + +9. Select **Ubuntu 22.04** as the image: + + ```{image} ../images/providers/ovh/distribution.png + :alt: Select Ubuntu 22.04 as the image + ``` + +10. OVH requires setting an SSH key to be able to connect to the instance. + You can create a new SSH by following + [these instructions](https://help.github.com/en/enterprise/2.16/user/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent). + Be sure to copy the content of the `~/.ssh/id_rsa.pub` file, which corresponds to the **public part** of the SSH key. + +11. Select **Configure your instance**, and select a name for the instance. + Under **Post-installation script**, copy the text below and paste it in the text box. + Replace `` with the name of the first **admin user** for this + JupyterHub. This admin user can log in after the JupyterHub is set up, and + can configure it to their needs. **Remember to add your username**! + + ```bash + #!/bin/bash + curl -L https://tljh.jupyter.org/bootstrap.py \ + | sudo python3 - \ + --admin + ``` + + :::{note} + See [](/topic/installer-actions) if you want to understand exactly what the installer is doing. + [](/topic/customizing-installer) documents other options that can be passed to the installer. + ::: + + ```{image} ../images/providers/ovh/configuration.png + :alt: Add post-installation script + ``` + +12. Select a billing period: monthly or hourly. + +13. Click the **Create an instance** button! You will be taken to a different screen, + where you can see progress of your server being created. + + ```{image} ../images/providers/ovh/create-instance.png + :alt: Select suitable hostname for your server + ``` + +14. In a few seconds your server will be created, and you can see the **public IP** + used to access it. + + ```{image} ../images/providers/ovh/public-ip.png + :alt: Server finished creating, public IP available + ``` + +15. The Littlest JupyterHub is now installing in the background on your new server. + It takes around 5-10 minutes for this installation to complete. + +16. Check if the installation is complete by copying the **public ip** + of your server, and trying to access it with a browser. This will fail until + the installation is complete, so be patient. + +17. When the installation is complete, it should give you a JupyterHub login page. + + ```{image} ../images/first-login.png + :alt: JupyterHub log-in page + ``` + +18. Login using the **admin user name** you used in step 6, and a password. Use a + strong password & note it down somewhere, since this will be the password for + the admin user account from now on. + +19. Congratulations, you have a running working JupyterHub! + +## Step 2: Adding more users + +```{include} add-users.md + +``` + +## Step 3: Install conda / pip packages for all users + +```{include} add-packages.md + +``` diff --git a/docs/install/ovh.rst b/docs/install/ovh.rst deleted file mode 100644 index 241368c..0000000 --- a/docs/install/ovh.rst +++ /dev/null @@ -1,127 +0,0 @@ -.. _install/ovh: - -================= -Installing on OVH -================= - -Goal -==== - -By the end of this tutorial, you should have a JupyterHub with some admin -users and a user environment with packages you want installed running on -`OVH `_. - -Pre-requisites -============== - -#. An OVH account. - -Step 1: Installing The Littlest JupyterHub -========================================== - -Let's create the server on which we can run JupyterHub. - -#. Log in to the `OVH Control Panel `_. - -#. Click the **Public Cloud** button in the navigation bar. - - .. image:: ../images/providers/ovh/public-cloud.png - :alt: Public Cloud entry in the navigation bar - -#. If you don't have an OVH Stack, you can create one by clicking on the following button: - - .. image:: ../images/providers/ovh/create-ovh-stack.png - :alt: Button to create an OVH stack - -#. Select a name for the project: - - .. image:: ../images/providers/ovh/project-name.png - :alt: Select a name for the project - -#. If you don't have a payment method yet, select one and click on "Create my project": - - .. image:: ../images/providers/ovh/payment.png - :alt: Select a payment method - -#. Using the **Public Cloud interface**, click on **Create an instance**: - - .. image:: ../images/providers/ovh/create-instance.png - :alt: Create a new instance - -#. **Select a model** for the instance. A good start is the **S1-4** model under **Shared resources** which comes with 4GB RAM, 1 vCores and 20GB SSD. - -#. **Select a region**. - -#. Select **Ubuntu 18.04** as the image: - - .. image:: ../images/providers/ovh/distribution.png - :alt: Select Ubuntu 18.04 as the image - -#. OVH requires setting an SSH key to be able to connect to the instance. - You can create a new SSH by following - `these instructions `_. - Be sure to copy the content of the ``~/.ssh/id_rsa.pub`` file, which corresponds to the **public part** of the SSH key. - -#. Select **Configure your instance**, and select a name for the instance. - Under **Post-installation script**, copy the text below and paste it in the text box. - Replace ```` with the name of the first **admin user** for this - JupyterHub. This admin user can log in after the JupyterHub is set up, and - can configure it to their needs. **Remember to add your username**! - - .. code-block:: bash - - #!/bin/bash - curl -L https://tljh.jupyter.org/bootstrap.py \ - | sudo python3 - \ - --admin - - .. note:: - - See :ref:`topic/installer-actions` if you want to understand exactly what the installer is doing. - :ref:`topic/customizing-installer` documents other options that can be passed to the installer. - - - .. image:: ../images/providers/ovh/configuration.png - :alt: Add post-installation script - -#. Select a billing period: monthly or hourly. - -#. Click the **Create an instance** button! You will be taken to a different screen, - where you can see progress of your server being created. - - .. image:: ../images/providers/ovh/create-instance.png - :alt: Select suitable hostname for your server - -#. In a few seconds your server will be created, and you can see the **public IP** - used to access it. - - .. image:: ../images/providers/ovh/public-ip.png - :alt: Server finished creating, public IP available - -#. The Littlest JupyterHub is now installing in the background on your new server. - It takes around 5-10 minutes for this installation to complete. - -#. Check if the installation is complete by copying the **public ip** - of your server, and trying to access it with a browser. This will fail until - the installation is complete, so be patient. - -#. When the installation is complete, it should give you a JupyterHub login page. - - .. image:: ../images/first-login.png - :alt: JupyterHub log-in page - -#. Login using the **admin user name** you used in step 6, and a password. Use a - strong password & note it down somewhere, since this will be the password for - the admin user account from now on. - -#. Congratulations, you have a running working JupyterHub! - -Step 2: Adding more users -========================== - -.. include:: add_users.txt - -Step 3: Install conda / pip packages for all users -================================================== - -.. include:: add_packages.txt diff --git a/docs/reference/changelog.md b/docs/reference/changelog.md new file mode 100644 index 0000000..e542d2c --- /dev/null +++ b/docs/reference/changelog.md @@ -0,0 +1,470 @@ +(changelog)= + +# Changelog + +## 1.0 + +### 1.0.0 - 2023-08-11 + +This release bundles with the latest available software from the JupyterHub +ecosystem. + +The TLJH project now has tests to verify upgrades of installations between +releases and procedures with automation to make releases. Going onwards, TLJH +installations of version 0.2.0 and later are meant to be easy to upgrade. + +For instructions on how to make an upgrade, see [](howto-admin-upgrade-tljh). + +#### Breaking changes + +- JupyterHub 1.\* has been upgraded to >=4.0.2,<5 + - This upgrade requires user servers to be restarted if they were running + during the upgrade. + - Refer to the [JupyterHub changelog] for details where you pay attention to + the entries for JupyterHub version 2.0.0, 3.0.0, and 4.0.0. +- Several JupyterHub Authenticators has been upgraded a major version, inspect + the changelog for the authenticator class your installation makes use of. For + links to the changelogs, see the section below. +- The configured JupyterHub Proxy class `traefik-proxy` and the `traefik` server + controlled by JupyterHub via the proxy class has been upgraded to a new major + version, but no breaking change are expected to be noticed for users of this + distribution. +- The configured JupyterHub Spawner class `jupyterhub-systemdspawner` has been + upgraded to a new major version, but no breaking change are expected to be + noticed for users of this distribution. +- User servers now launch into `/lab` by default, to revert this a JupyterHub + admin user can do `sudo tljh-config set user_environment.default_app classic` + or set the JupyterHub config `c.Spawner.default_url` directly. + +[jupyterhub changelog]: https://jupyterhub.readthedocs.io/en/stable/changelog.html + +#### Notable dependencies updated + +A TLJH installation provides a Python environment where the software for +JupyterHub itself runs - _the hub environment_, and a Python environment where the +software of users runs - _the user environment_. + +If you are installing TLJH for the first time, the user environment will be +setup initially with Python 3.10 and some other packages described in +[tljh/requirements-user-env-extras.txt]. + +If you are upgrading to this version of TLJH, the bare minimum is changed in the +user environment. The hub environment's dependencies are on the other hand +always upgraded to the latest version within the specified version range defined +in [tljh/requirements-hub-env.txt] and seen below. + +[tljh/requirements-user-env-extras.txt]: https://github.com/jupyterhub/the-littlest-jupyterhub/blob/1.0.0/tljh/requirements-user-env-extras.txt +[tljh/requirements-hub-env.txt]: https://github.com/jupyterhub/the-littlest-jupyterhub/blob/1.0.0/tljh/requirements-hub-env.txt + +The changes in the respective environments between TLJH version 0.2.0 and 1.0.0 +are summarized below. + +| Dependency changes in the _hub environment_ | Version in 0.2.0 | Version in 1.0.0 | Changelog link | Note | +| ------------------------------------------------------------------------------ | ---------------- | ---------------- | ---------------------------------------------------------------------------------------- | ---------------------------------------------------- | +| [jupyterhub](https://github.com/jupyterhub/jupyterhub) | 1.\* | >=4.0.2,<5 | [Changelog](https://jupyterhub.readthedocs.io/en/stable/reference/changelog.html) | Running in the `jupyterhub` systemd service | +| [traefik](https://github.com/traefik/traefik) | 1.7.33 | 2.10.1 | [Changelog](https://github.com/traefik/traefik/blob/master/CHANGELOG.md) | Running in the `traefik` systemd service | +| [traefik-proxy](https://github.com/jupyterhub/traefik-proxy) | 0.3.\* | >=1.1.0,<2 | [Changelog](https://jupyterhub-traefik-proxy.readthedocs.io/en/latest/changelog.html) | Run by jupyterhub, controls `traefik` | +| [systemdspawner](https://github.com/jupyterhub/systemdspawner) | 0.16.\* | >=1.0.1,<2 | [Changelog](https://github.com/jupyterhub/systemdspawner/blob/master/CHANGELOG.md) | Run by jupyterhub, controls user servers via systemd | +| [jupyterhub-idle-culler](https://github.com/jupyterhub/jupyterhub-idle-culler) | 1.\* | >=1.2.1,<2 | [Changelog](https://github.com/jupyterhub/jupyterhub-idle-culler/blob/main/CHANGELOG.md) | Run by jupyterhub, stops inactivate servers etc. | +| [firstuseauthenticator](https://github.com/jupyterhub/firstuseauthenticator) | 1.\* | >=1.0.0,<2 | [Changelog](https://oauthenticator.readthedocs.io/en/latest/reference/changelog.html) | An optional way to authenticate users | +| [tmpauthenticator](https://github.com/jupyterhub/tmpauthenticator) | 0.6.\* | >=1.0.0,<2 | [Changelog](https://github.com/jupyterhub/tmpauthenticator/blob/HEAD/CHANGELOG.md) | An optional way to authenticate users | +| [nativeauthenticator](https://github.com/jupyterhub/nativeauthenticator) | 1.\* | >=1.2.0,<2 | [Changelog](https://github.com/jupyterhub/nativeauthenticator/blob/HEAD/CHANGELOG.md) | An optional way to authenticate users | +| [oauthenticator](https://github.com/jupyterhub/oauthenticator) | 14.\* | >=16.0.4,<17 | [Changelog](https://oauthenticator.readthedocs.io/en/latest/reference/changelog.html) | An optional way to authenticate users | +| [ldapauthenticator](https://github.com/jupyterhub/ldapauthenticator) | 1.\* | >=1.3.2,<2 | [Changelog](https://github.com/jupyterhub/ldapauthenticator/blob/HEAD/CHANGELOG.md) | An optional way to authenticate users | +| [pip](https://github.com/pypa/pip) | 21.3.\* | >=23.1.2 | [Changelog](https://pip.pypa.io/en/stable/news/) | - | + +| Dependency changes in the _user environment_ | Version in 0.2.0 | Version in 1.0.0 | Changelog link | Note | +| -------------------------------------------------------- | ---------------- | ---------------- | --------------------------------------------------------------------------------- | ------------------------ | +| [jupyterhub](https://github.com/jupyterhub/jupyterhub) | 1.\* | >=4.0.2,<5 | [Changelog](https://jupyterhub.readthedocs.io/en/stable/reference/changelog.html) | Always upgraded. | +| [pip](https://github.com/pypa/pip) | \* | >=23.1.2 | [Changelog](https://pip.pypa.io/en/stable/news/) | Only upgraded if needed. | +| [conda](https://docs.conda.io/projects/conda/en/stable/) | 0.16.0 | >=0.16.0 | [Changelog](https://docs.conda.io/projects/conda/en/stable/release-notes.html) | Only upgraded if needed. | +| [mamba](https://mamba.readthedocs.io/en/latest/) | 4.10.3 | >=4.10.0 | [Changelog](https://github.com/mamba-org/mamba/blob/main/CHANGELOG.md) | Only upgraded if needed. | + +#### New features added + +- Add http[s].address config to control where traefik listens [#905](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/905) ([@nsurleraux-railnova](https://github.com/nsurleraux-railnova), [@minrk](https://github.com/minrk)) +- Add support for debian >=10 to bootstrap.py [#800](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/800) ([@jochym](https://github.com/jochym), [@minrk](https://github.com/minrk), [@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics), [@yuvipanda](https://github.com/yuvipanda)) + +#### Enhancements made + +- added `remove_named_servers` setting for jupyterhub-idle-culler [#881](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/881) ([@consideRatio](https://github.com/consideRatio)) +- Traefik v2, TraefikProxy v1 [#861](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/861) ([@minrk](https://github.com/minrk), [@consideRatio](https://github.com/consideRatio), [@MridulS](https://github.com/MridulS)) + +#### Maintenance and upkeep improvements + +- Update Notebook, JupyterLab, Jupyter Resource Usage [#928](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/928) ([@jtpio](https://github.com/jtpio), [@consideRatio](https://github.com/consideRatio)) +- Launch into `/lab` by default by changing TLJH config's default value [#775](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/775) ([@raybellwaves](https://github.com/raybellwaves), [@consideRatio](https://github.com/consideRatio), [@GeorgianaElena](https://github.com/GeorgianaElena), [@minrk](https://github.com/minrk), [@manics](https://github.com/manics)) +- breaking: update oauthenticator from 15.1.0 to >=16.0.2,<17, make tljh auth docs link out [#924](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/924) ([@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics), [@minrk](https://github.com/minrk)) +- test refactor: add comment about python/conda/mamba [#921](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/921) ([@consideRatio](https://github.com/consideRatio)) +- --force-reinstall old conda to ensure it's working before we try to install conda packages [#920](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/920) ([@minrk](https://github.com/minrk), [@consideRatio](https://github.com/consideRatio)) +- test refactor: put bootstrap tests in an isolated job, save ~3 min in each of the integration test jobs [#919](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/919) ([@consideRatio](https://github.com/consideRatio), [@minrk](https://github.com/minrk)) +- maint: refactor tests, fix upgrade tests (now correctly failing) [#916](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/916) ([@consideRatio](https://github.com/consideRatio), [@minrk](https://github.com/minrk)) +- Update systemdspawner from version 0.17.\* to >=1.0.1,<2 [#915](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/915) ([@consideRatio](https://github.com/consideRatio), [@minrk](https://github.com/minrk), [@manics](https://github.com/manics)) +- Fix recently introduced failure to upper bound systemdspawner [#914](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/914) ([@consideRatio](https://github.com/consideRatio), [@minrk](https://github.com/minrk)) +- Stop bundling jupyterhub-configurator which has been disabled by default [#912](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/912) ([@consideRatio](https://github.com/consideRatio), [@GeorgianaElena](https://github.com/GeorgianaElena), [@yuvipanda](https://github.com/yuvipanda)) +- Update nativeauthenticator, tmpauthenticator, and jupyterhub-configurator [#900](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/900) ([@consideRatio](https://github.com/consideRatio), [@minrk](https://github.com/minrk)) +- ensure hub env is on $PATH in jupyterhub service [#895](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/895) ([@minrk](https://github.com/minrk), [@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics)) +- pre-commit: add isort and autoflake [#893](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/893) ([@consideRatio](https://github.com/consideRatio), [@minrk](https://github.com/minrk)) +- Upgrade pip in hub env from 21.3 to to 23.1 when bootstrap script runs [#892](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/892) ([@consideRatio](https://github.com/consideRatio), [@minrk](https://github.com/minrk)) +- pre-commit.ci configured to update pre-commit hooks on a monthly basis [#891](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/891) ([@consideRatio](https://github.com/consideRatio)) +- Only upgrade jupyterhub in user env when upgrading tljh, ensure pip>=23.1.2 in user env [#890](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/890) ([@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics), [@minrk](https://github.com/minrk)) +- add integration test for hub version [#886](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/886) ([@minrk](https://github.com/minrk), [@consideRatio](https://github.com/consideRatio)) +- update: jupyterhub 4 [#880](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/880) ([@consideRatio](https://github.com/consideRatio), [@minrk](https://github.com/minrk)) +- maint: add upgrade test from main branch, latest release, and 0.2.0 [#876](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/876) ([@consideRatio](https://github.com/consideRatio), [@minrk](https://github.com/minrk)) +- dependabot: monthly updates of github actions [#871](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/871) ([@consideRatio](https://github.com/consideRatio)) +- maint: remove deprecated nteract-on-jupyter [#869](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/869) ([@consideRatio](https://github.com/consideRatio), [@yuvipanda](https://github.com/yuvipanda)) +- avoid registering duplicate log handlers [#862](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/862) ([@minrk](https://github.com/minrk), [@consideRatio](https://github.com/consideRatio)) +- bump version to 1.0.0.dev0 [#859](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/859) ([@minrk](https://github.com/minrk), [@manics](https://github.com/manics)) +- Update base user environment to mambaforge 23.1.0-1 (Python 3.10) [#858](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/858) ([@minrk](https://github.com/minrk), [@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics)) +- require ubuntu 20.04, test on debian 11, require Python 3.8 [#856](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/856) ([@minrk](https://github.com/minrk), [@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics)) +- update: jupyterhub 3, oauthenticator 15, systemdspawner 0.17 (user env: ipywidgets 8) [#842](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/842) ([@yuvipanda](https://github.com/yuvipanda), [@manics](https://github.com/manics), [@consideRatio](https://github.com/consideRatio), [@minrk](https://github.com/minrk)) +- Release 0.2.0 (JupyterHub 1.\*) [#838](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/838) ([@manics](https://github.com/manics), [@minrk](https://github.com/minrk)) + +#### Documentation improvements + +- docs: add docs about environments and upgrades [#932](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/932) ([@consideRatio](https://github.com/consideRatio), [@minrk](https://github.com/minrk)) +- Add `JupyterLab` setting overrides docs [#922](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/922) ([@jrdnbradford](https://github.com/jrdnbradford), [@consideRatio](https://github.com/consideRatio)) +- Quote `pwd` to prevent error if dir has spaces [#917](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/917) ([@jrdnbradford](https://github.com/jrdnbradford), [@consideRatio](https://github.com/consideRatio)) +- Google Cloud troubleshooting and configuration updates [#906](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/906) ([@jrdnbradford](https://github.com/jrdnbradford), [@consideRatio](https://github.com/consideRatio)) +- Add user env doc files [#902](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/902) ([@jrdnbradford](https://github.com/jrdnbradford), [@consideRatio](https://github.com/consideRatio)) +- Update Google auth docs [#898](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/898) ([@jrdnbradford](https://github.com/jrdnbradford), [@consideRatio](https://github.com/consideRatio)) +- docs: disable navigation with arrow keys [#896](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/896) ([@MridulS](https://github.com/MridulS), [@consideRatio](https://github.com/consideRatio)) +- docs(awscognito): add custom claims example [#887](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/887) ([@consideRatio](https://github.com/consideRatio)) +- Docs: Update DigitalOcean install instructions with new screenshot for "user data" [#883](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/883) ([@audiodude](https://github.com/audiodude), [@consideRatio](https://github.com/consideRatio)) +- Typo : username -> admin-user-name [#879](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/879) ([@Rom1deTroyes](https://github.com/Rom1deTroyes), [@consideRatio](https://github.com/consideRatio)) +- docs: fix readme badge for tests [#878](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/878) ([@consideRatio](https://github.com/consideRatio)) +- docs: fix remaining issues following rst to myst transition [#870](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/870) ([@consideRatio](https://github.com/consideRatio)) +- docs: transition from rst to myst markdown using rst2myst [#863](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/863) ([@minrk](https://github.com/minrk), [@consideRatio](https://github.com/consideRatio), [@jrdnbradford](https://github.com/jrdnbradford)) +- Typo in user-environment.rst [#849](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/849) ([@jawiv](https://github.com/jawiv), [@minrk](https://github.com/minrk)) +- Recommend Ubuntu 22.04 in docs [#843](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/843) ([@adonm](https://github.com/adonm), [@consideRatio](https://github.com/consideRatio)) + +#### Contributors to this release + +The following people contributed discussions, new ideas, code and documentation contributions, and review. +See [our definition of contributors](https://github-activity.readthedocs.io/en/latest/#how-does-this-tool-define-contributions-in-the-reports). + +([GitHub contributors page for this release](https://github.com/jupyterhub/the-littlest-jupyterhub/graphs/contributors?from=2023-02-27&to=2023-08-11&type=c)) + +@adonm ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Aadonm+updated%3A2023-02-27..2023-08-11&type=Issues)) | @audiodude ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Aaudiodude+updated%3A2023-02-27..2023-08-11&type=Issues)) | @choldgraf ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Acholdgraf+updated%3A2023-02-27..2023-08-11&type=Issues)) | @consideRatio ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3AconsideRatio+updated%3A2023-02-27..2023-08-11&type=Issues)) | @eingemaischt ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Aeingemaischt+updated%3A2023-02-27..2023-08-11&type=Issues)) | @GeorgianaElena ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3AGeorgianaElena+updated%3A2023-02-27..2023-08-11&type=Issues)) | @Hannnsen ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3AHannnsen+updated%3A2023-02-27..2023-08-11&type=Issues)) | @jawiv ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Ajawiv+updated%3A2023-02-27..2023-08-11&type=Issues)) | @jochym ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Ajochym+updated%3A2023-02-27..2023-08-11&type=Issues)) | @jrdnbradford ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Ajrdnbradford+updated%3A2023-02-27..2023-08-11&type=Issues)) | @jtpio ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Ajtpio+updated%3A2023-02-27..2023-08-11&type=Issues)) | @kevmk04 ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Akevmk04+updated%3A2023-02-27..2023-08-11&type=Issues)) | @manics ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Amanics+updated%3A2023-02-27..2023-08-11&type=Issues)) | @minrk ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Aminrk+updated%3A2023-02-27..2023-08-11&type=Issues)) | @MridulS ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3AMridulS+updated%3A2023-02-27..2023-08-11&type=Issues)) | @nsurleraux-railnova ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Ansurleraux-railnova+updated%3A2023-02-27..2023-08-11&type=Issues)) | @raybellwaves ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Araybellwaves+updated%3A2023-02-27..2023-08-11&type=Issues)) | @Rom1deTroyes ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3ARom1deTroyes+updated%3A2023-02-27..2023-08-11&type=Issues)) | @wjcapehart ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Awjcapehart+updated%3A2023-02-27..2023-08-11&type=Issues)) | @yuvipanda ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Ayuvipanda+updated%3A2023-02-27..2023-08-11&type=Issues)) + +## 0.2.0 + +### 0.2.0 - 2023-02-27 + +([full changelog](https://github.com/jupyterhub/the-littlest-jupyterhub/compare/4a74ad17a1a19f6378efe12a01ba634ed90f1e03...0.2.0)) + +#### Merged PRs + +- Fix broken CI [#851](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/851) ([@pnasrat](https://github.com/pnasrat)) +- Ensure SQLAlchemy 1.x used for hub [#848](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/848) ([@pnasrat](https://github.com/pnasrat)) +- docs: update sphinx configuration, add opengraph and rediraffe, fix a warning [#840](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/840) ([@consideRatio](https://github.com/consideRatio)) +- ci: fix deprecation of set-output in github workflows [#837](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/837) ([@consideRatio](https://github.com/consideRatio)) +- Fix typo with --show-progress-page argument in example [#835](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/835) ([@luong-komorebi](https://github.com/luong-komorebi)) +- ci: add dependabot for github actions and bump them now [#831](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/831) ([@consideRatio](https://github.com/consideRatio)) +- docs: reference nbgitpullers docs to fix outdated tljh docs [#826](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/826) ([@rdmolony](https://github.com/rdmolony)) +- Update precommit [#820](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/820) ([@manics](https://github.com/manics)) +- bootstrap script accepts a version [#819](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/819) ([@manics](https://github.com/manics)) +- ci: run int. and unit tests on 22.04 LTS + py3.10 [#817](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/817) ([@MridulS](https://github.com/MridulS)) +- clarify direction of information in idle-culler [#816](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/816) ([@minrk](https://github.com/minrk)) +- Update progress_page_favicon_url link [#811](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/811) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Bump systemdspawner version [#810](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/810) ([@yuvipanda](https://github.com/yuvipanda)) +- github workflow: echo $BOOTSTRAP_PIP_SPEC [#801](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/801) ([@manics](https://github.com/manics)) +- ENH: add logging if user-requirements-txt-url found [#796](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/796) ([@raybellwaves](https://github.com/raybellwaves)) +- extra logger.info [#789](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/789) ([@raybellwaves](https://github.com/raybellwaves)) +- DOC: update sudo tljh-config --help demo [#785](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/785) ([@raybellwaves](https://github.com/raybellwaves)) +- DOC: add tljh-db plugin to list [#782](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/782) ([@raybellwaves](https://github.com/raybellwaves)) +- DOC: move link to contributing/plugin higher [#781](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/781) ([@raybellwaves](https://github.com/raybellwaves)) +- DOC: update info on AWS get system log [#772](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/772) ([@raybellwaves](https://github.com/raybellwaves)) +- DOC: hyperlink there [#768](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/768) ([@raybellwaves](https://github.com/raybellwaves)) +- updating 'plugin' documentation [#764](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/764) ([@oisinBates](https://github.com/oisinBates)) +- pre-commit: apply black formatting (and prettier on one yaml file) [#755](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/755) ([@consideRatio](https://github.com/consideRatio)) +- pre-commit: remove requirements-txt-fixer [#754](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/754) ([@consideRatio](https://github.com/consideRatio)) +- Update firstuseauthenticator to 1.0.0 [#749](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/749) ([@consideRatio](https://github.com/consideRatio)) +- Add .pre-commit-config [#748](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/748) ([@consideRatio](https://github.com/consideRatio)) +- Small fixes for flake8 and other smaller pre-commit tools [#747](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/747) ([@consideRatio](https://github.com/consideRatio)) +- remove addressed FIXMEs in update_auth [#745](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/745) ([@minrk](https://github.com/minrk)) +- Remove MockConfigurer [#744](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/744) ([@minrk](https://github.com/minrk)) +- docs: require sphinx>=2, otherwise error follows [#743](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/743) ([@consideRatio](https://github.com/consideRatio)) +- docs: fix how-to sections table of content section [#742](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/742) ([@consideRatio](https://github.com/consideRatio)) +- Modernize docs Makefile with sphinx-autobuild [#741](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/741) ([@consideRatio](https://github.com/consideRatio)) +- update awscognito docs to use GenericOAuthenticator [#729](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/729) ([@minrk](https://github.com/minrk)) +- Apply TLJH auth config with less assumptions [#721](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/721) ([@consideRatio](https://github.com/consideRatio)) +- Bump to recent versions, and make bootstrap.py update to those when run [#719](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/719) ([@consideRatio](https://github.com/consideRatio)) +- docs: fix language regarding master [#718](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/718) ([@consideRatio](https://github.com/consideRatio)) +- Don't open file twice when downloading conda [#717](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/717) ([@yuvipanda](https://github.com/yuvipanda)) +- Try setting min. req to 1GB of RAM [#716](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/716) ([@yuvipanda](https://github.com/yuvipanda)) +- Refactor bootstrap.py script for readability [#715](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/715) ([@consideRatio](https://github.com/consideRatio)) +- Remove template in root folder - a mistakenly committed file [#713](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/713) ([@consideRatio](https://github.com/consideRatio)) +- ci: add .readthedocs.yaml [#712](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/712) ([@consideRatio](https://github.com/consideRatio)) +- Revision of our GitHub Workflows and README.rst to README.md [#710](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/710) ([@consideRatio](https://github.com/consideRatio)) +- Bump nbgitpuller version [#704](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/704) ([@yuvipanda](https://github.com/yuvipanda)) +- Bump notebook from 6.3.0 to 6.4.1 in /tljh [#703](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/703) ([@dependabot](https://github.com/dependabot)) +- Switch to Mamba [#697](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/697) ([@manics](https://github.com/manics)) +- Reflect the fact that AWS free tier is not enough [#696](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/696) ([@Guillaume-Garrigos](https://github.com/Guillaume-Garrigos)) +- Bump hub and notebook versions [#688](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/688) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- bump nativeauthenticator version to avoid critical bug [#683](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/683) ([@ibayer](https://github.com/ibayer)) +- Add "Users Lists" example [#682](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/682) ([@jeanmarcalkazzi](https://github.com/jeanmarcalkazzi)) +- Add missing configurator config [#680](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/680) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Add support for installing TLJH on Arm64 systems and bump traefik (1.7.18 -> 1.7.33) [#679](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/679) ([@cdibble](https://github.com/cdibble)) +- Revert "Revert "Switch integration and upgrade tests from CircleCI to GitHub actions"" [#678](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/678) ([@yuvipanda](https://github.com/yuvipanda)) +- Revert "Switch integration and upgrade tests from CircleCI to GitHub actions" [#677](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/677) ([@yuvipanda](https://github.com/yuvipanda)) +- Add the jupyterhub-configurator service [#676](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/676) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Switch integration and upgrade tests from CircleCI to GitHub actions [#673](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/673) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Switch unit tests from CircleCI to GitHub actions [#672](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/672) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Note smallest AWS instance TLJH can run on [#671](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/671) ([@yuvipanda](https://github.com/yuvipanda)) +- Pin chardet again and pin it for tests also. [#668](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/668) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Bump traefik-proxy version and remove pin. [#667](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/667) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Added instructions for restarting JupyterHub to docs (re: #455) [#666](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/666) ([@DataCascadia](https://github.com/DataCascadia)) +- Add docs to override systemd settings [#663](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/663) ([@jtpio](https://github.com/jtpio)) +- Docs: add missing gif for the TLJH is building page [#662](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/662) ([@jtpio](https://github.com/jtpio)) +- Upgrade to Jupyterlab 3.0 and Jupyter Resource Usage [#658](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/658) ([@jtpio](https://github.com/jtpio)) +- Fix code formatting in the docs [#657](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/657) ([@jtpio](https://github.com/jtpio)) +- setup.py: Update repo URL [#656](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/656) ([@jayvdb](https://github.com/jayvdb)) +- Own server install sets admin password in step 3 [#652](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/652) ([@leouieda](https://github.com/leouieda)) +- Fix link to resource estimation in server requirements docs [#651](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/651) ([@jtpio](https://github.com/jtpio)) +- Revert and pin notebook version [#648](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/648) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Upgrade to JupyterLab 3.0 [#647](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/647) ([@yuvipanda](https://github.com/yuvipanda)) +- Pin chardet [#643](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/643) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- bump systemdspawner to 0.15 [#639](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/639) ([@minrk](https://github.com/minrk)) +- Doc of how users can change password [#637](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/637) ([@mauro3](https://github.com/mauro3)) +- Add a necessary step to reset password [#636](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/636) ([@mauro3](https://github.com/mauro3)) +- Bump a few of the dependencies [#634](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/634) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- proposed changes for issue #619 [#633](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/633) ([@ewidl](https://github.com/ewidl)) +- how to call sudo with changed path [#632](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/632) ([@namin](https://github.com/namin)) +- Bump memory again for integration tests [#630](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/630) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Fix html_sidebars [#625](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/625) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Fix doc build [#624](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/624) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Add base_url capability to tljh-config [#623](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/623) ([@jeanmarcalkazzi](https://github.com/jeanmarcalkazzi)) +- Fix HTML of bootstrap [#621](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/621) ([@richardbrinkman](https://github.com/richardbrinkman)) +- Add link to jupyterhub-idle-culler [#607](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/607) ([@1kastner](https://github.com/1kastner)) +- Temporary page while tljh is building [#605](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/605) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Bump systemdspawner [#602](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/602) ([@yuvipanda](https://github.com/yuvipanda)) +- Remove CircleCi docs build [#600](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/600) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- ensure_server is now ensure_server_simulate [#599](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/599) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Use http port from config while checking hub [#598](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/598) ([@dongmok](https://github.com/dongmok)) +- add -L option to curl to follow redirect [#593](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/593) ([@LTangaF](https://github.com/LTangaF)) +- Upgrade JupyterLab version [#591](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/591) ([@yuvipanda](https://github.com/yuvipanda)) +- Use tljh.jupyter.org/bootstrap.py to get installer [#590](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/590) ([@yuvipanda](https://github.com/yuvipanda)) +- Use /hub/api endpoint to check for hub ready [#587](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/587) ([@jtpio](https://github.com/jtpio)) +- Allow extending traefik dynamic config [#586](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/586) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Allow extending traefik config [#582](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/582) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Provide more memory for integration tests [#580](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/580) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Fixed git repo link from markdown to rst [#579](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/579) ([@danlester](https://github.com/danlester)) +- Use sha256 sums for verifying miniconda download [#570](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/570) ([@yuvipanda](https://github.com/yuvipanda)) +- Add a useful link to the git repo, fix a typo, in docs [#568](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/568) ([@danlester](https://github.com/danlester)) +- Add tljh-repo2docker to the list of plugins [#567](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/567) ([@jtpio](https://github.com/jtpio)) +- Rename to --bootstrap-pip-spec in the integration tests [#566](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/566) ([@jtpio](https://github.com/jtpio)) +- Make bootstrap_pip_spec test argument optional [#563](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/563) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Add documentation to install multiple plugins [#561](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/561) ([@jtpio](https://github.com/jtpio)) +- Remove unused plugins argument from run_plugin_actions [#560](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/560) ([@jtpio](https://github.com/jtpio)) +- Use idle culler from jupyterhub-idle-culler package [#559](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/559) ([@yuvipanda](https://github.com/yuvipanda)) +- Add bootstrap pip spec to the integration test docs [#558](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/558) ([@jtpio](https://github.com/jtpio)) +- Fix failing unit test [#553](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/553) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Fixes 'availabe' > 'available' spelling in docs [#552](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/552) ([@sethwoodworth](https://github.com/sethwoodworth)) +- Add a section about known TLJH plugins to the documentation [#551](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/551) ([@jtpio](https://github.com/jtpio)) +- Provide instructions on how to revert each action of the installer [#545](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/545) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Fix code block formatting in the docs [#541](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/541) ([@jtpio](https://github.com/jtpio)) +- Update the docs theme to pydata-sphinx-theme [#538](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/538) ([@jtpio](https://github.com/jtpio)) +- Update hub packages to the latest stable versions [#537](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/537) ([@jtpio](https://github.com/jtpio)) +- Add a quick note about DNS records [#532](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/532) ([@jtpio](https://github.com/jtpio)) +- Use PR username when no CircleCI project [#531](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/531) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Fix typo in --user-requirements-txt-url help [#527](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/527) ([@jtpio](https://github.com/jtpio)) +- Fix installer [#519](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/519) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Use the same 1-100 numbers as in the docs and repo description [#516](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/516) ([@jtpio](https://github.com/jtpio)) +- Remove configurable-http-proxy references from docs #494 [#514](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/514) ([@shireenrao](https://github.com/shireenrao)) +- Update tests [#511](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/511) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Fix missing reference to requirements-base.txt [#504](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/504) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Upgrade jupyterlab to 1.2.6 [#499](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/499) ([@letianw91](https://github.com/letianw91)) +- Set tls 1.2 to be the min version [#498](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/498) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Fix integration test for new pip [#491](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/491) ([@betatim](https://github.com/betatim)) +- Link contributing guide [#489](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/489) ([@betatim](https://github.com/betatim)) +- Fix broken link to resource estimation page [#485](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/485) ([@leouieda](https://github.com/leouieda)) +- Fix failing integration tests [#479](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/479) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Upgrade authenticators [#476](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/476) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Added AWS Cognito docs [#472](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/472) ([@budgester](https://github.com/budgester)) +- Switch to pandas theme [#468](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/468) ([@yuvipanda](https://github.com/yuvipanda)) +- installation failed due to no python3-dev packages [#460](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/460) ([@afonit](https://github.com/afonit)) +- Azure docs - add details on the new Azure deploy button [#458](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/458) ([@trallard](https://github.com/trallard)) +- switch base environment to requirements file [#457](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/457) ([@minrk](https://github.com/minrk)) +- Add hook for new users [#453](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/453) ([@jkfm](https://github.com/jkfm)) +- Write out deb line only if it already doesn't exist [#449](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/449) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Update Azure docs [#448](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/448) ([@trallard](https://github.com/trallard)) +- Update Amazon AMI selection step [#443](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/443) ([@fomightez](https://github.com/fomightez)) +- Upgrade traefik version [#442](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/442) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Disable ProtectHome=tmpfs [#435](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/435) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Make Python3.7 the default [#433](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/433) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Fix failing conda tests [#423](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/423) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- fixed typo in key pair section [#421](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/421) ([@ptcane](https://github.com/ptcane)) +- HowTo Google authenticate [#404](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/404) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Docs update: reload proxy after modifying the ports [#403](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/403) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Allow adding multiple admins during install [#399](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/399) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Set admin password during install [#395](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/395) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- fixing typo (remove "can add rules") in amazon.rst [#393](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/393) ([@cornhundred](https://github.com/cornhundred)) +- Import containers from collections.abc rather than collections [#392](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/392) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Fix link to the hooks in plugins docs [#390](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/390) ([@jtpio](https://github.com/jtpio)) +- Add tljh_post_install hook [#389](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/389) ([@jtpio](https://github.com/jtpio)) +- Run idle culler as a python module [#386](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/386) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Replace pre-alpha by beta state in documentation [#385](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/385) ([@lumbric](https://github.com/lumbric)) +- Allow adding users to specific groups [#382](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/382) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Tell apt-get to never ask questions [#380](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/380) ([@yuvipanda](https://github.com/yuvipanda)) +- Typo fix: `s` -> `is` [#376](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/376) ([@jtpio](https://github.com/jtpio)) +- Fix typo: missing "c" for instance [#374](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/374) ([@jtpio](https://github.com/jtpio)) +- Minor typo fix: praticular -> particular [#372](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/372) ([@jtpio](https://github.com/jtpio)) +- Add Tutorial for OVH [#371](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/371) ([@jtpio](https://github.com/jtpio)) +- Clarify the steps to build the docs locally [#370](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/370) ([@jtpio](https://github.com/jtpio)) +- Fix typo in README link [#367](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/367) ([@pbugnion](https://github.com/pbugnion)) +- Add idle culler [#366](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/366) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Add tmpauthenticator by default to TLJH [#365](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/365) ([@yuvipanda](https://github.com/yuvipanda)) +- Docs addition [#364](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/364) ([@kafonek](https://github.com/kafonek)) +- Fix typo: cohnfig -> config [#363](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/363) ([@staeiou](https://github.com/staeiou)) +- Add port configuration to docs [#362](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/362) ([@staeiou](https://github.com/staeiou)) +- Add custom hub package & config hooks [#360](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/360) ([@yuvipanda](https://github.com/yuvipanda)) +- Install & use pycurl for requests [#359](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/359) ([@yuvipanda](https://github.com/yuvipanda)) +- Minor azure doc cleanup [#358](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/358) ([@yuvipanda](https://github.com/yuvipanda)) +- Suppress insecure HTTPS warning when upgrading TLJH [#357](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/357) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Fixed out of date config directory listed in docs for tljh-config [#355](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/355) ([@JuanCab](https://github.com/JuanCab)) +- Add "tljh-config unset" option [#352](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/352) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Upgrade while https enabled [#347](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/347) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Remove stray .DS_Store files [#343](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/343) ([@yuvipanda](https://github.com/yuvipanda)) +- Add instructions to deploy on Azure [#342](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/342) ([@trallard](https://github.com/trallard)) +- Add more validation to bootstrap.py [#340](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/340) ([@yuvipanda](https://github.com/yuvipanda)) +- Retry downloading traefik if it fails [#339](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/339) ([@yuvipanda](https://github.com/yuvipanda)) +- Provide much better error messages [#337](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/337) ([@yuvipanda](https://github.com/yuvipanda)) +- Limit memory available in integration tests [#335](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/335) ([@yuvipanda](https://github.com/yuvipanda)) +- Remove stray = in authenticator configuration example [#331](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/331) ([@yuvipanda](https://github.com/yuvipanda)) +- Minor cleanup of custom server install documents [#329](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/329) ([@yuvipanda](https://github.com/yuvipanda)) +- Cleanup HTTPS documentation [#328](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/328) ([@yuvipanda](https://github.com/yuvipanda)) +- Add note about not running on your own laptop or in Docker [#327](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/327) ([@yuvipanda](https://github.com/yuvipanda)) +- Use c.Spawner to set mem_limit & cpu_limit [#326](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/326) ([@yuvipanda](https://github.com/yuvipanda)) +- Few updates from reading through the docs [#325](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/325) ([@znicholls](https://github.com/znicholls)) +- Remove repeated sentence from README.rst [#324](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/324) ([@MayeulC](https://github.com/MayeulC)) +- Remove ominous warning with outdated release date [#320](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/320) ([@yuvipanda](https://github.com/yuvipanda)) +- Move digital ocean 'resize' docs out of 'install' step [#319](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/319) ([@yuvipanda](https://github.com/yuvipanda)) +- Update Readme for the AWS docs link [#317](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/317) ([@shireenrao](https://github.com/shireenrao)) +- Upgrade to JupyterHub 1.0 [#313](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/313) ([@minrk](https://github.com/minrk)) +- Bump JupyterHub and systemdspawner versions [#311](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/311) ([@yuvipanda](https://github.com/yuvipanda)) +- adding sidebar links [#309](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/309) ([@choldgraf](https://github.com/choldgraf)) +- Change style to match Jhub main doc [#304](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/304) ([@leportella](https://github.com/leportella)) +- Fix the version tag of the notebook package [#303](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/303) ([@betatim](https://github.com/betatim)) +- Bump jupyterhub version [#297](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/297) ([@yuvipanda](https://github.com/yuvipanda)) +- Update / clarify / shorten docs, add missing image from AWS install [#296](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/296) ([@laxdog](https://github.com/laxdog)) +- DOC: moved nativeauthentic config instructions to code block [#294](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/294) ([@story645](https://github.com/story645)) +- Pin tornado to <6 [#292](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/292) ([@willirath](https://github.com/willirath)) +- typo fix in installer actions [#287](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/287) ([@junctionapps](https://github.com/junctionapps)) +- Add NativeAuth as an optional authenticator [#284](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/284) ([@leportella](https://github.com/leportella)) +- update dev-setup commands [#276](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/276) ([@minrk](https://github.com/minrk)) +- single yaml implementation [#275](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/275) ([@minrk](https://github.com/minrk)) +- updating the image size text [#271](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/271) ([@choldgraf](https://github.com/choldgraf)) +- Run fix-permissions on each install command [#268](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/268) ([@minrk](https://github.com/minrk)) +- Replace chp with traefik-proxy [#266](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/266) ([@GeorgianaElena](https://github.com/GeorgianaElena)) +- Use --sys-prefix for installing nbextensions [#265](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/265) ([@yuvipanda](https://github.com/yuvipanda)) +- Mark flaky test as flaky [#262](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/262) ([@yuvipanda](https://github.com/yuvipanda)) +- fix GitHub login config missing callback URL [#261](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/261) ([@huhuhang](https://github.com/huhuhang)) +- Use newer firstuseauthenticator [#260](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/260) ([@willirath](https://github.com/willirath)) +- Install git explicitly during bootstrap [#254](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/254) ([@yuvipanda](https://github.com/yuvipanda)) +- Move custom server troubleshooting code to its own page [#253](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/253) ([@yuvipanda](https://github.com/yuvipanda)) +- Add ipywidgets to base installation [#249](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/249) ([@yuvipanda](https://github.com/yuvipanda)) +- Use tljh logger in installer [#248](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/248) ([@fm75](https://github.com/fm75)) +- Fixing RTD badge [#244](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/244) ([@choldgraf](https://github.com/choldgraf)) +- Adds the universe repository to the used sources [#242](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/242) ([@owah](https://github.com/owah)) +- Update nodejs to 10.x LTS [#238](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/238) ([@yuvipanda](https://github.com/yuvipanda)) +- Exit when tljh-config is called as non-root [#232](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/232) ([@yuvipanda](https://github.com/yuvipanda)) +- Documentation behind proxy [#230](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/230) ([@fm75](https://github.com/fm75)) +- Removed duplicate 'the' in docs [#227](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/227) ([@altmas5](https://github.com/altmas5)) +- consolidate yaml configuration [#224](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/224) ([@minrk](https://github.com/minrk)) +- Provide better error message when running on unsupported distro [#221](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/221) ([@yuvipanda](https://github.com/yuvipanda)) +- Upgrade package versions [#215](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/215) ([@yuvipanda](https://github.com/yuvipanda)) +- Document tljh-config commands by referencing the --help sections [#213](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/213) ([@gillybops](https://github.com/gillybops)) +- add warning if tljh-config is called as non-root user [#209](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/209) ([@anyushevai](https://github.com/anyushevai)) +- updating theme and storing docs artifacts [#205](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/205) ([@choldgraf](https://github.com/choldgraf)) +- No memory limit (continued) [#202](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/202) ([@betatim](https://github.com/betatim)) +- enabling jupyter contributed extensions [#201](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/201) ([@wrightaprilm](https://github.com/wrightaprilm)) +- Update docs.rst [#196](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/196) ([@jzf2101](https://github.com/jzf2101)) +- Fix minor typo: pypy -> pypi [#194](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/194) ([@jtpio](https://github.com/jtpio)) +- Issue#182: add amazon installation tutorial [#189](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/189) ([@fomightez](https://github.com/fomightez)) +- small typo in docs [#184](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/184) ([@choldgraf](https://github.com/choldgraf)) +- adding update on resizing droplet [#181](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/181) ([@wrightaprilm](https://github.com/wrightaprilm)) +- Normalize systemuser [#179](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/179) ([@yuvipanda](https://github.com/yuvipanda)) +- Remove extra space after opening paren [#178](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/178) ([@yuvipanda](https://github.com/yuvipanda)) +- Bump firstuseauthenticator version [#175](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/175) ([@yuvipanda](https://github.com/yuvipanda)) +- typo questoins -> questions. [#174](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/174) ([@Carreau](https://github.com/Carreau)) +- Remind to use https on custom-servers. [#170](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/170) ([@Carreau](https://github.com/Carreau)) +- Don't create home publicly readable [#169](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/169) ([@Carreau](https://github.com/Carreau)) +- installer.py: remove unused f"..." [#167](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/167) ([@gyg-github](https://github.com/gyg-github)) +- put config in `$tljh/config` directory [#163](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/163) ([@minrk](https://github.com/minrk)) +- missing arguments in integration test commands [#162](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/162) ([@minrk](https://github.com/minrk)) +- test manual https setup [#161](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/161) ([@minrk](https://github.com/minrk)) +- jupyterhub 0.9.2 [#160](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/160) ([@minrk](https://github.com/minrk)) +- Fix some typos [#159](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/159) ([@Carreau](https://github.com/Carreau)) +- Upgrade to latest version of JupyterLab [#152](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/152) ([@yuvipanda](https://github.com/yuvipanda)) +- polish local server install [#151](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/151) ([@Carreau](https://github.com/Carreau)) +- Don't capture stderr when calling conda [#149](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/149) ([@yuvipanda](https://github.com/yuvipanda)) +- Fix link to custom server install [#143](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/143) ([@jprorama](https://github.com/jprorama)) +- Copybutton fix [#140](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/140) ([@choldgraf](https://github.com/choldgraf)) +- Install jupyterhub extension for jupyterlab [#139](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/139) ([@yuvipanda](https://github.com/yuvipanda)) +- Use node 8, not 10 [#138](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/138) ([@yuvipanda](https://github.com/yuvipanda)) +- Added existing property-path for tljh-config set method [#137](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/137) ([@ynnelson](https://github.com/ynnelson)) +- Move tljh-config symlink to /usr/bin [#135](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/135) ([@yuvipanda](https://github.com/yuvipanda)) +- Remove readthedocs.yml file [#131](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/131) ([@yuvipanda](https://github.com/yuvipanda)) +- Switch back to a venv for docs + fix .circle config [#130](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/130) ([@yuvipanda](https://github.com/yuvipanda)) +- Make it easier to run multiple independent integration tests [#129](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/129) ([@yuvipanda](https://github.com/yuvipanda)) +- Add plugin support to the installer [#127](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/127) ([@yuvipanda](https://github.com/yuvipanda)) +- removing extra copybutton files [#126](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/126) ([@choldgraf](https://github.com/choldgraf)) +- adding copy button to code blocks and fixing the integration bug [#124](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/124) ([@choldgraf](https://github.com/choldgraf)) +- updating content from zexuan's user test [#123](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/123) ([@choldgraf](https://github.com/choldgraf)) +- Remove extreneous = [#119](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/119) ([@yuvipanda](https://github.com/yuvipanda)) +- adding when to use tljh page [#118](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/118) ([@choldgraf](https://github.com/choldgraf)) +- adding documentation for GitHub OAuth [#117](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/117) ([@choldgraf](https://github.com/choldgraf)) +- Fix quick links in README [#113](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/113) ([@willirath](https://github.com/willirath)) +- Install nbresuse by default [#111](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/111) ([@yuvipanda](https://github.com/yuvipanda)) +- Re-organize installation documentation [#110](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/110) ([@yuvipanda](https://github.com/yuvipanda)) +- Adding CI for documentation and fixing docs warnings [#107](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/107) ([@betatim](https://github.com/betatim)) +- shared data and username emphasis [#103](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/103) ([@choldgraf](https://github.com/choldgraf)) +- unittests for traefik [#96](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/96) ([@minrk](https://github.com/minrk)) +- fix coverage uploads [#95](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/95) ([@minrk](https://github.com/minrk)) +- Symlink tljh-config to /usr/local/bin [#94](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/94) ([@yuvipanda](https://github.com/yuvipanda)) +- Document code-review practices [#93](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/93) ([@yuvipanda](https://github.com/yuvipanda)) +- small updates to the docs [#91](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/91) ([@choldgraf](https://github.com/choldgraf)) +- tests and fixes in tljh-config [#89](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/89) ([@minrk](https://github.com/minrk)) +- Fix traefik config reload [#88](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/88) ([@yuvipanda](https://github.com/yuvipanda)) +- Load arbitrary .py config files from a conf.d dir [#87](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/87) ([@yuvipanda](https://github.com/yuvipanda)) +- Fix notebook user interface switching docs [#86](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/86) ([@yuvipanda](https://github.com/yuvipanda)) +- Remove README note about HTTPS not being supported [#85](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/85) ([@yuvipanda](https://github.com/yuvipanda)) +- Log bootstrap / installer messages to file as well [#82](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/82) ([@yuvipanda](https://github.com/yuvipanda)) +- Add docs on using arbitrary authenticators [#80](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/80) ([@yuvipanda](https://github.com/yuvipanda)) +- Customize theme to have better links in sidebar [#79](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/79) ([@yuvipanda](https://github.com/yuvipanda)) +- Add tljh-config command [#77](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/77) ([@yuvipanda](https://github.com/yuvipanda)) +- Clarify development status warnings [#76](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/76) ([@yuvipanda](https://github.com/yuvipanda)) +- Use a venv to run unit tests [#74](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/74) ([@yuvipanda](https://github.com/yuvipanda)) +- Add tutorial on how to use nbgitpuller [#73](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/73) ([@yuvipanda](https://github.com/yuvipanda)) +- Use a venv to run unit tests [#72](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/72) ([@yuvipanda](https://github.com/yuvipanda)) +- Update server requirements documentation [#69](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/69) ([@yuvipanda](https://github.com/yuvipanda)) +- Add a how-to guide on selecting VM Memory / CPU / Disk size [#68](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/68) ([@yuvipanda](https://github.com/yuvipanda)) +- Add HTTPS support with traefik [#67](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/67) ([@minrk](https://github.com/minrk)) +- Replace pointers to yuvipanda/ on github with jupyterhub/ [#66](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/66) ([@yuvipanda](https://github.com/yuvipanda)) +- Add doc on customizing installer [#65](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/65) ([@yuvipanda](https://github.com/yuvipanda)) +- Use venv for base hub environment [#64](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/64) ([@yuvipanda](https://github.com/yuvipanda)) +- fix typo in installer [#63](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/63) ([@gedankenstuecke](https://github.com/gedankenstuecke)) +- jupyterhub 0.9.1, notebook 5.6.0 [#60](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/60) ([@minrk](https://github.com/minrk)) +- move state outside envs [#59](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/59) ([@minrk](https://github.com/minrk)) +- bootstrap: allow conda to be upgraded [#58](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/58) ([@minrk](https://github.com/minrk)) +- Install nbgitpuller by default [#55](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/55) ([@yuvipanda](https://github.com/yuvipanda)) +- Add option to install requirements.txt file on install [#53](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/53) ([@yuvipanda](https://github.com/yuvipanda)) +- Fix link to custom tutorial [#52](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/52) ([@parente](https://github.com/parente)) +- run integration tests with pytest [#43](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/43) ([@minrk](https://github.com/minrk)) +- Minor typo [#40](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/40) ([@rprimet](https://github.com/rprimet)) +- Install all python packages in hub environment with pip [#39](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/39) ([@yuvipanda](https://github.com/yuvipanda)) +- Support using arbitrary set of installed authenticators [#37](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/37) ([@yuvipanda](https://github.com/yuvipanda)) +- remove —no-cache-dir arg [#34](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/34) ([@minrk](https://github.com/minrk)) +- Handle transient errors [#32](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/32) ([@rprimet](https://github.com/rprimet)) +- Small text improvements + adding copy buttons to text blocks [#24](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/24) ([@choldgraf](https://github.com/choldgraf)) +- update jetstream tutorial with links, minor fixes [#19](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/19) ([@ctb](https://github.com/ctb)) +- Pour some tea 🍵 [#7](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/7) ([@rgbkrk](https://github.com/rgbkrk)) +- minor fixes to dev-instructions [#6](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/6) ([@gedankenstuecke](https://github.com/gedankenstuecke)) +- allow upgrade of miniconda during install [#3](https://github.com/jupyterhub/the-littlest-jupyterhub/pull/3) ([@gedankenstuecke](https://github.com/gedankenstuecke)) + +## Contributors to this release + +([GitHub contributors page for this release](https://github.com/jupyterhub/the-littlest-jupyterhub/graphs/contributors?from=2018-06-15&to=2022-11-27&type=c)) + +[@1kastner](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3A1kastner+updated%3A2018-06-15..2022-11-27&type=Issues) | [@6palace](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3A6palace+updated%3A2018-06-15..2022-11-27&type=Issues) | [@AashitaK](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3AAashitaK+updated%3A2018-06-15..2022-11-27&type=Issues) | [@aboutaaron](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Aaboutaaron+updated%3A2018-06-15..2022-11-27&type=Issues) | [@Adrianhein](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3AAdrianhein+updated%3A2018-06-15..2022-11-27&type=Issues) | [@afonit](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Aafonit+updated%3A2018-06-15..2022-11-27&type=Issues) | [@ajhenley](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Aajhenley+updated%3A2018-06-15..2022-11-27&type=Issues) | [@altmas5](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Aaltmas5+updated%3A2018-06-15..2022-11-27&type=Issues) | [@alvinhuff](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Aalvinhuff+updated%3A2018-06-15..2022-11-27&type=Issues) | [@Amran2k16](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3AAmran2k16+updated%3A2018-06-15..2022-11-27&type=Issues) | [@anyushevai](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Aanyushevai+updated%3A2018-06-15..2022-11-27&type=Issues) | [@aolney](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Aaolney+updated%3A2018-06-15..2022-11-27&type=Issues) | [@astrojuanlu](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Aastrojuanlu+updated%3A2018-06-15..2022-11-27&type=Issues) | [@benbovy](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Abenbovy+updated%3A2018-06-15..2022-11-27&type=Issues) | [@betatim](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Abetatim+updated%3A2018-06-15..2022-11-27&type=Issues) | [@bjornarfjelldal](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Abjornarfjelldal+updated%3A2018-06-15..2022-11-27&type=Issues) | [@budgester](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Abudgester+updated%3A2018-06-15..2022-11-27&type=Issues) | [@CagtayFabry](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3ACagtayFabry+updated%3A2018-06-15..2022-11-27&type=Issues) | [@Carreau](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3ACarreau+updated%3A2018-06-15..2022-11-27&type=Issues) | [@cdibble](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Acdibble+updated%3A2018-06-15..2022-11-27&type=Issues) | [@cgawron](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Acgawron+updated%3A2018-06-15..2022-11-27&type=Issues) | [@cgodkin](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Acgodkin+updated%3A2018-06-15..2022-11-27&type=Issues) | [@choldgraf](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Acholdgraf+updated%3A2018-06-15..2022-11-27&type=Issues) | [@codecov](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Acodecov+updated%3A2018-06-15..2022-11-27&type=Issues) | [@consideRatio](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3AconsideRatio+updated%3A2018-06-15..2023-02-10&type=Issues) | [@cornhundred](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Acornhundred+updated%3A2018-06-15..2022-11-27&type=Issues) | [@ctb](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Actb+updated%3A2018-06-15..2022-11-27&type=Issues) | [@CyborgDroid](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3ACyborgDroid+updated%3A2018-06-15..2022-11-27&type=Issues) | [@danlester](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Adanlester+updated%3A2018-06-15..2022-11-27&type=Issues) | [@DataCascadia](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3ADataCascadia+updated%3A2018-06-15..2022-11-27&type=Issues) | [@davide84](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Adavide84+updated%3A2018-06-15..2022-11-27&type=Issues) | [@davidedelvento](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Adavidedelvento+updated%3A2018-06-15..2022-11-27&type=Issues) | [@deeplook](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Adeeplook+updated%3A2018-06-15..2022-11-27&type=Issues) | [@dependabot](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Adependabot+updated%3A2018-06-15..2022-11-27&type=Issues) | [@dongmok](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Adongmok+updated%3A2018-06-15..2022-11-27&type=Issues) | [@dschofield](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Adschofield+updated%3A2018-06-15..2022-11-27&type=Issues) | [@efedorov-dart](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Aefedorov-dart+updated%3A2018-06-15..2022-11-27&type=Issues) | [@EvilMav](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3AEvilMav+updated%3A2018-06-15..2022-11-27&type=Issues) | [@ewidl](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Aewidl+updated%3A2018-06-15..2022-11-27&type=Issues) | [@fermasia](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Afermasia+updated%3A2018-06-15..2022-11-27&type=Issues) | [@filippo82](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Afilippo82+updated%3A2018-06-15..2022-11-27&type=Issues) | [@fm75](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Afm75+updated%3A2018-06-15..2022-11-27&type=Issues) | [@fomightez](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Afomightez+updated%3A2018-06-15..2022-11-27&type=Issues) | [@fperez](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Afperez+updated%3A2018-06-15..2022-11-27&type=Issues) | [@Fregf](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3AFregf+updated%3A2018-06-15..2022-11-27&type=Issues) | [@frier-sam](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Afrier-sam+updated%3A2018-06-15..2022-11-27&type=Issues) | [@gabefair](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Agabefair+updated%3A2018-06-15..2022-11-27&type=Issues) | [@gantheaume](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Agantheaume+updated%3A2018-06-15..2022-11-27&type=Issues) | [@gedankenstuecke](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Agedankenstuecke+updated%3A2018-06-15..2022-11-27&type=Issues) | [@geoffbacon](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Ageoffbacon+updated%3A2018-06-15..2022-11-27&type=Issues) | [@GeorgianaElena](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3AGeorgianaElena+updated%3A2018-06-15..2022-11-27&type=Issues) | [@gillybops](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Agillybops+updated%3A2018-06-15..2022-11-27&type=Issues) | [@greg-dusek](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Agreg-dusek+updated%3A2018-06-15..2022-11-27&type=Issues) | [@gsemet](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Agsemet+updated%3A2018-06-15..2022-11-27&type=Issues) | [@Guillaume-Garrigos](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3AGuillaume-Garrigos+updated%3A2018-06-15..2022-11-27&type=Issues) | [@gutow](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Agutow+updated%3A2018-06-15..2022-11-27&type=Issues) | [@gvdr](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Agvdr+updated%3A2018-06-15..2022-11-27&type=Issues) | [@gyg-github](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Agyg-github+updated%3A2018-06-15..2022-11-27&type=Issues) | [@Hannnsen](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3AHannnsen+updated%3A2018-06-15..2022-11-27&type=Issues) | [@henfee](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Ahenfee+updated%3A2018-06-15..2022-11-27&type=Issues) | [@hoenie-ams](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Ahoenie-ams+updated%3A2018-06-15..2022-11-27&type=Issues) | [@huhuhang](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Ahuhuhang+updated%3A2018-06-15..2022-11-27&type=Issues) | [@iampatterson](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Aiampatterson+updated%3A2018-06-15..2022-11-27&type=Issues) | [@ian-r-rose](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Aian-r-rose+updated%3A2018-06-15..2022-11-27&type=Issues) | [@ibayer](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Aibayer+updated%3A2018-06-15..2022-11-27&type=Issues) | [@ikhoury](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Aikhoury+updated%3A2018-06-15..2022-11-27&type=Issues) | [@JavierHernandezMontes](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3AJavierHernandezMontes+updated%3A2018-06-15..2022-11-27&type=Issues) | [@jayvdb](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Ajayvdb+updated%3A2018-06-15..2022-11-27&type=Issues) | [@jdelamare](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Ajdelamare+updated%3A2018-06-15..2022-11-27&type=Issues) | [@jdkruzr](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Ajdkruzr+updated%3A2018-06-15..2022-11-27&type=Issues) | [@jeanmarcalkazzi](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Ajeanmarcalkazzi+updated%3A2018-06-15..2022-11-27&type=Issues) | [@jerpson](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Ajerpson+updated%3A2018-06-15..2022-11-27&type=Issues) | [@jhadjar](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Ajhadjar+updated%3A2018-06-15..2022-11-27&type=Issues) | [@jihobak](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Ajihobak+updated%3A2018-06-15..2022-11-27&type=Issues) | [@jkfm](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Ajkfm+updated%3A2018-06-15..2022-11-27&type=Issues) | [@JobinJohan](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3AJobinJohan+updated%3A2018-06-15..2022-11-27&type=Issues) | [@josiahls](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Ajosiahls+updated%3A2018-06-15..2022-11-27&type=Issues) | [@jprorama](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Ajprorama+updated%3A2018-06-15..2022-11-27&type=Issues) | [@jtpio](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Ajtpio+updated%3A2018-06-15..2022-11-27&type=Issues) | [@JuanCab](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3AJuanCab+updated%3A2018-06-15..2022-11-27&type=Issues) | [@junctionapps](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Ajunctionapps+updated%3A2018-06-15..2022-11-27&type=Issues) | [@jzf2101](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Ajzf2101+updated%3A2018-06-15..2022-11-27&type=Issues) | [@kafonek](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Akafonek+updated%3A2018-06-15..2022-11-27&type=Issues) | [@kannes](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Akannes+updated%3A2018-06-15..2022-11-27&type=Issues) | [@kevmk04](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Akevmk04+updated%3A2018-06-15..2022-11-27&type=Issues) | [@lachlancampbell](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Alachlancampbell+updated%3A2018-06-15..2022-11-27&type=Issues) | [@lambdaTotoro](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3AlambdaTotoro+updated%3A2018-06-15..2022-11-27&type=Issues) | [@laxdog](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Alaxdog+updated%3A2018-06-15..2022-11-27&type=Issues) | [@lee-hodg](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Alee-hodg+updated%3A2018-06-15..2022-11-27&type=Issues) | [@leouieda](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Aleouieda+updated%3A2018-06-15..2022-11-27&type=Issues) | [@leportella](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Aleportella+updated%3A2018-06-15..2022-11-27&type=Issues) | [@letianw91](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Aletianw91+updated%3A2018-06-15..2022-11-27&type=Issues) | [@Louren](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3ALouren+updated%3A2018-06-15..2022-11-27&type=Issues) | [@LTangaF](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3ALTangaF+updated%3A2018-06-15..2022-11-27&type=Issues) | [@lumbric](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Alumbric+updated%3A2018-06-15..2022-11-27&type=Issues) | [@luong-komorebi](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Aluong-komorebi+updated%3A2018-06-15..2022-11-27&type=Issues) | [@mangecoeur](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Amangecoeur+updated%3A2018-06-15..2022-11-27&type=Issues) | [@manics](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Amanics+updated%3A2018-06-15..2022-11-27&type=Issues) | [@MartijnZ](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3AMartijnZ+updated%3A2018-06-15..2022-11-27&type=Issues) | [@mauro3](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Amauro3+updated%3A2018-06-15..2022-11-27&type=Issues) | [@MayeulC](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3AMayeulC+updated%3A2018-06-15..2022-11-27&type=Issues) | [@mbenguig](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Ambenguig+updated%3A2018-06-15..2022-11-27&type=Issues) | [@mdpiper](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Amdpiper+updated%3A2018-06-15..2022-11-27&type=Issues) | [@meeseeksmachine](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Ameeseeksmachine+updated%3A2018-06-15..2022-11-27&type=Issues) | [@mgd722](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Amgd722+updated%3A2018-06-15..2022-11-27&type=Issues) | [@mhwasil](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Amhwasil+updated%3A2018-06-15..2022-11-27&type=Issues) | [@minrk](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Aminrk+updated%3A2018-06-15..2022-11-27&type=Issues) | [@mpkirby](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Ampkirby+updated%3A2018-06-15..2022-11-27&type=Issues) | [@mpound](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Ampound+updated%3A2018-06-15..2022-11-27&type=Issues) | [@MridulS](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3AMridulS+updated%3A2018-06-15..2022-11-27&type=Issues) | [@mskblackbelt](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Amskblackbelt+updated%3A2018-06-15..2022-11-27&type=Issues) | [@mtav](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Amtav+updated%3A2018-06-15..2022-11-27&type=Issues) | [@mukhendra](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Amukhendra+updated%3A2018-06-15..2022-11-27&type=Issues) | [@namin](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Anamin+updated%3A2018-06-15..2022-11-27&type=Issues) | [@nguyenvulong](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Anguyenvulong+updated%3A2018-06-15..2022-11-27&type=Issues) | [@norcalbiostat](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Anorcalbiostat+updated%3A2018-06-15..2022-11-27&type=Issues) | [@oisinBates](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3AoisinBates+updated%3A2018-06-15..2022-11-27&type=Issues) | [@olivierverdier](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Aolivierverdier+updated%3A2018-06-15..2022-11-27&type=Issues) | [@owah](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Aowah+updated%3A2018-06-15..2022-11-27&type=Issues) | [@parente](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Aparente+updated%3A2018-06-15..2022-11-27&type=Issues) | [@parmentelat](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Aparmentelat+updated%3A2018-06-15..2022-11-27&type=Issues) | [@paulnakroshis](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Apaulnakroshis+updated%3A2018-06-15..2022-11-27&type=Issues) | [@pbugnion](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Apbugnion+updated%3A2018-06-15..2022-11-27&type=Issues) | [@pnasrat](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Apbugnion+updated%3A2018-06-15..2023-10-02&type=Issues) | [@psychemedia](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Apsychemedia+updated%3A2018-06-15..2022-11-27&type=Issues) | [@ptcane](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Aptcane+updated%3A2018-06-15..2022-11-27&type=Issues) | [@pulponair](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Apulponair+updated%3A2018-06-15..2022-11-27&type=Issues) | [@raybellwaves](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Araybellwaves+updated%3A2018-06-15..2022-11-27&type=Issues) | [@rdmolony](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Ardmolony+updated%3A2018-06-15..2022-11-27&type=Issues) | [@rgbkrk](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Argbkrk+updated%3A2018-06-15..2022-11-27&type=Issues) | [@richardbrinkman](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Arichardbrinkman+updated%3A2018-06-15..2022-11-27&type=Issues) | [@RobinTTY](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3ARobinTTY+updated%3A2018-06-15..2022-11-27&type=Issues) | [@robnagler](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Arobnagler+updated%3A2018-06-15..2022-11-27&type=Issues) | [@rprimet](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Arprimet+updated%3A2018-06-15..2022-11-27&type=Issues) | [@rraghav13](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Arraghav13+updated%3A2018-06-15..2022-11-27&type=Issues) | [@scottkleinman](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Ascottkleinman+updated%3A2018-06-15..2022-11-27&type=Issues) | [@sethwoodworth](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Asethwoodworth+updated%3A2018-06-15..2022-11-27&type=Issues) | [@shireenrao](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Ashireenrao+updated%3A2018-06-15..2022-11-27&type=Issues) | [@silhouetted](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Asilhouetted+updated%3A2018-06-15..2022-11-27&type=Issues) | [@staeiou](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Astaeiou+updated%3A2018-06-15..2022-11-27&type=Issues) | [@stephen-a2z](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Astephen-a2z+updated%3A2018-06-15..2022-11-27&type=Issues) | [@story645](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Astory645+updated%3A2018-06-15..2022-11-27&type=Issues) | [@subgero](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Asubgero+updated%3A2018-06-15..2022-11-27&type=Issues) | [@sukhjitsehra](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Asukhjitsehra+updated%3A2018-06-15..2022-11-27&type=Issues) | [@support](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Asupport+updated%3A2018-06-15..2022-11-27&type=Issues) | [@t3chbg](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3At3chbg+updated%3A2018-06-15..2022-11-27&type=Issues) | [@tkang007](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Atkang007+updated%3A2018-06-15..2022-11-27&type=Issues) | [@TobiGiese](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3ATobiGiese+updated%3A2018-06-15..2022-11-27&type=Issues) | [@toccalenuvole73](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Atoccalenuvole73+updated%3A2018-06-15..2022-11-27&type=Issues) | [@tomliptrot](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Atomliptrot+updated%3A2018-06-15..2022-11-27&type=Issues) | [@trallard](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Atrallard+updated%3A2018-06-15..2022-11-27&type=Issues) | [@twrobinson](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Atwrobinson+updated%3A2018-06-15..2022-11-27&type=Issues) | [@VincePlantItAi](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3AVincePlantItAi+updated%3A2018-06-15..2022-11-27&type=Issues) | [@vsisl](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Avsisl+updated%3A2018-06-15..2022-11-27&type=Issues) | [@waltermateriais](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Awaltermateriais+updated%3A2018-06-15..2022-11-27&type=Issues) | [@welcome](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Awelcome+updated%3A2018-06-15..2022-11-27&type=Issues) | [@willingc](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Awillingc+updated%3A2018-06-15..2022-11-27&type=Issues) | [@willirath](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Awillirath+updated%3A2018-06-15..2022-11-27&type=Issues) | [@wjcapehart](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Awjcapehart+updated%3A2018-06-15..2022-11-27&type=Issues) | [@wqh17101](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Awqh17101+updated%3A2018-06-15..2022-11-27&type=Issues) | [@wrightaprilm](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Awrightaprilm+updated%3A2018-06-15..2022-11-27&type=Issues) | [@xavierliang](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Axavierliang+updated%3A2018-06-15..2022-11-27&type=Issues) | [@ynnelson](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Aynnelson+updated%3A2018-06-15..2022-11-27&type=Issues) | [@yuvipanda](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Ayuvipanda+updated%3A2018-06-15..2022-11-27&type=Issues) | [@znicholls](https://github.com/search?q=repo%3Ajupyterhub%2Fthe-littlest-jupyterhub+involves%3Aznicholls+updated%3A2018-06-15..2022-11-27&type=Issues) diff --git a/docs/reference/index.md b/docs/reference/index.md new file mode 100644 index 0000000..f5dba5d --- /dev/null +++ b/docs/reference/index.md @@ -0,0 +1,10 @@ +# Reference + +The reference documentation is meant to provide narrowly scoped technical +descriptions that other documentation can link to for details. + +```{toctree} +:titlesonly: true + +changelog +``` diff --git a/docs/requirements.txt b/docs/requirements.txt index b55f0e3..2cd397c 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -1,4 +1,9 @@ -sphinx>=2 -sphinx-autobuild -sphinx_copybutton +myst-parser>=0.19 pydata-sphinx-theme +# Sphix 6.0.0 breaks pydata-sphinx-theme +# See pydata/pydata-sphinx-theme#1094 +sphinx<6 +sphinx_copybutton +sphinx-autobuild +sphinxext-opengraph +sphinxext-rediraffe diff --git a/docs/topic/authenticator-configuration.md b/docs/topic/authenticator-configuration.md new file mode 100644 index 0000000..2b9f2b9 --- /dev/null +++ b/docs/topic/authenticator-configuration.md @@ -0,0 +1,89 @@ +(topic-authenticator-configuration)= + +# Configuring JupyterHub authenticators + +Any [JupyterHub authenticator](https://github.com/jupyterhub/jupyterhub/wiki/Authenticators) +can be used with TLJH. A number of them ship by default with TLJH: + +1. [OAuthenticator](https://github.com/jupyterhub/oauthenticator) - Google, GitHub, CILogon, + GitLab, Globus, Mediawiki, auth0, generic OpenID connect (for KeyCloak, etc) and other + OAuth based authentication methods. +2. [LDAPAuthenticator](https://github.com/jupyterhub/ldapauthenticator) - LDAP & Active Directory. +3. [DummyAuthenticator](https://github.com/yuvipanda/jupyterhub-dummy-authenticator) - Any username, + one shared password. A [how-to guide on using DummyAuthenticator](howto-auth-dummy) is also + available. +4. [FirstUseAuthenticator](https://github.com/yuvipanda/jupyterhub-firstuseauthenticator) - Users set + their password when they log in for the first time. Default authenticator used in TLJH. +5. [TmpAuthenticator](https://github.com/jupyterhub/tmpauthenticator) - Opens the JupyterHub to the + world, makes a new user every time someone logs in. +6. [NativeAuthenticator](https://native-authenticator.readthedocs.io/en/latest/) - Allow users to signup, add password security verification and block users after failed attempts oflogin. + +We try to have specific how-to guides & tutorials for common authenticators. Since we can not cover +everything, this guide shows you how to use any authenticator you want with JupyterHub by following +the authenticator's documentation. + +## Setting authenticator properties + +JupyterHub authenticators are customized by setting _traitlet properties_. In the authenticator's +documentation, you will find these are usually represented as: + +```python +c.. = +``` + +You can set these with `tljh-config` with: + +```bash +sudo tljh-config set auth.. +``` + +### Example + +[LDAPAuthenticator's documentation](https://github.com/jupyterhub/ldapauthenticator#required-configuration) +lists the various configuration options you can set for LDAPAuthenticator. +When the documentation asks you to set `LDAPAuthenticator.server_address` +to some value, you can do that with the following command: + +```bash +sudo tljh-config set auth.LDAPAuthenticator.server_address 'my-ldap-server' +``` + +Most authenticators require you set multiple configuration options before you can +enable them. Read the authenticator's documentation carefully for more information. + +## Enabling the authenticator + +Once you have configured the authenticator as you want, you should then +enable it. Usually, the documentation for the authenticator would ask you to add +something like the following to your `jupyterhub_config.py` to enable it: + +```python +c.JupyterHub.authenticator_class = 'fully-qualified-authenticator-name' +``` + +You can accomplish the same with `tljh-config`: + +```bash +sudo tljh-config set auth.type +``` + +Once enabled, you need to reload JupyterHub for the config to take effect. + +```bash +sudo tljh-config reload +``` + +Try logging in a separate incognito window to check if your configuration works. This +lets you preserve your terminal in case there were errors. If there are +errors, [](/troubleshooting/logs) should help you debug them. + +### Example + +From the [documentation](https://github.com/jupyterhub/ldapauthenticator#usage) for +LDAPAuthenticator, we see that the fully qualified name is `ldapauthenticator.LDAPAuthenticator`. +Assuming you have already configured it, the following commands enable LDAPAuthenticator. + +```bash +sudo tljh-config set auth.type ldapauthenticator.LDAPAuthenticator +sudo tljh-config reload +``` diff --git a/docs/topic/authenticator-configuration.rst b/docs/topic/authenticator-configuration.rst deleted file mode 100644 index d9182c7..0000000 --- a/docs/topic/authenticator-configuration.rst +++ /dev/null @@ -1,95 +0,0 @@ -.. _topic/authenticator-configuration: - -===================================== -Configuring JupyterHub authenticators -===================================== - -Any `JupyterHub authenticator `_ -can be used with TLJH. A number of them ship by default with TLJH: - -#. `OAuthenticator `_ - Google, GitHub, CILogon, - GitLab, Globus, Mediawiki, auth0, generic OpenID connect (for KeyCloak, etc) and other - OAuth based authentication methods. -#. `LDAPAuthenticator `_ - LDAP & Active Directory. -#. `DummyAuthenticator `_ - Any username, - one shared password. A :ref:`how-to guide on using DummyAuthenticator ` is also - available. -#. `FirstUseAuthenticator `_ - Users set - their password when they log in for the first time. Default authenticator used in TLJH. -#. `TmpAuthenticator `_ - Opens the JupyterHub to the - world, makes a new user every time someone logs in. -#. `NativeAuthenticator `_ - Allow users to signup, add password security verification and block users after failed attempts oflogin. - -We try to have specific how-to guides & tutorials for common authenticators. Since we can not cover -everything, this guide shows you how to use any authenticator you want with JupyterHub by following -the authenticator's documentation. - -Setting authenticator properties -================================ - -JupyterHub authenticators are customized by setting *traitlet properties*. In the authenticator's -documentation, you will find these are usually represented as: - -.. code-block:: python - - c.. = - -You can set these with ``tljh-config`` with: - -.. code-block:: bash - - sudo tljh-config set auth.. - -Example -------- - -`LDAPAuthenticator's documentation `_ -lists the various configuration options you can set for LDAPAuthenticator. -When the documentation asks you to set ``LDAPAuthenticator.server_address`` -to some value, you can do that with the following command: - -.. code-block:: bash - - sudo tljh-config set auth.LDAPAuthenticator.server_address 'my-ldap-server' - -Most authenticators require you set multiple configuration options before you can -enable them. Read the authenticator's documentation carefully for more information. - -Enabling the authenticator -========================== - -Once you have configured the authenticator as you want, you should then -enable it. Usually, the documentation for the authenticator would ask you to add -something like the following to your ``jupyterhub_config.py`` to enable it: - -.. code-block:: python - - c.JupyterHub.authenticator_class = 'fully-qualified-authenticator-name' - -You can accomplish the same with ``tljh-config``: - -.. code-block:: bash - - sudo tljh-config set auth.type - -Once enabled, you need to reload JupyterHub for the config to take effect. - -.. code-block:: bash - - sudo tljh-config reload - -Try logging in a separate incognito window to check if your configuration works. This -lets you preserve your terminal in case there were errors. If there are -errors, :ref:`troubleshooting/logs` should help you debug them. - -Example -------- - -From the `documentation `_ for -LDAPAuthenticator, we see that the fully qualified name is ``ldapauthenticator.LDAPAuthenticator``. -Assuming you have already configured it, the following commands enable LDAPAuthenticator. - -.. code-block:: bash - - sudo tljh-config set auth.type ldapauthenticator.LDAPAuthenticator - sudo tljh-config reload diff --git a/docs/topic/customizing-installer.md b/docs/topic/customizing-installer.md new file mode 100644 index 0000000..151fe7f --- /dev/null +++ b/docs/topic/customizing-installer.md @@ -0,0 +1,135 @@ +(topic-customizing-installer)= + +# Customizing the Installer + +The installer can be customized with commandline parameters. The default installer +is executed as: + +```bash +curl -L https://tljh.jupyter.org/bootstrap.py \ + | sudo python3 - \ + +``` + +This page documents the various options you can pass as commandline parameters to the installer. + +(topic-customizing-installer-admin)= + +## Serving a temporary "TLJH is building" page + +`--show-progress-page` serves a temporary "TLJH is building" progress page while TLJH is building. + +```{image} ../images/tljh-is-building-page.gif +:alt: Temporary progress page while TLJH is building +``` + +- The page will be accessible at `http:///index.html` in your browser. + When TLJH installation is complete, the progress page page will stop and you will be able + to access TLJH as usually at `http://`. +- From the progress page, you will also be able to access the installation logs, by clicking the + **Logs** button or by going directly to `http:///logs` in your browser. + To update the logs, refresh the page. + +:::{note} +The `http:///index.html` page refreshes itself automatically every 30s. +When JupyterHub starts, a JupyterHub 404 HTTP error message (_Jupyter has lots of moons, but this is not one..._) +will be shown instead of the progress page. This means JupyterHub was started succesfully and you can access it +either by clicking the `Control Panel` button or by going to `http:///` directly. +::: + +For example, to enable the progress page and add the first _admin_ user, you would run: + +```bash +curl -L https://tljh.jupyter.org/bootstrap.py \ +| sudo python3 - \ + --admin admin --show-progress-page +``` + +## Adding admin users + +`--admin :` adds user `` to JupyterHub as an admin user +and sets its password to be ``. +Although it is not recommended, it is possible to only set the admin username at this point +and set the admin password after the installation. + +Also, the `--admin` flag can be repeated multiple times. For example, to add `admin-user1` +and `admin-user2` as admins when installing, depending if you would like to set their passwords +during install you would: + +- set `admin-user1` with password `password-user1` and `admin-user2` with `password-user2` using: + +```bash +curl -L https://tljh.jupyter.org/bootstrap.py \ + | sudo python3 - \ + --admin admin-user1:password-user1 --admin admin-user2:password-user2 +``` + +- set `admin-user1` and `admin-user2` to be admins, without any passwords at this stage, using: + +```bash +curl -L https://tljh.jupyter.org/bootstrap.py \ + | sudo python3 - \ + --admin admin-user1 --admin admin-user2 +``` + +- set `admin-user1` with password `password-user1` and `admin-user2` with no password at this stage using: + +```bash +curl -L https://tljh.jupyter.org/bootstrap.py \ + | sudo python3 - \ + --admin admin-user1:password-user1 --admin admin-user2 +``` + +## Installing python packages in the user environment + +`--user-requirements-txt-url ` installs packages specified +in the `requirements.txt` located at the given URL into the user environment at install +time. This is very useful when you want to set up a hub with a particular user environment +in one go. + +For example, to install the latest requirements to run UC Berkeley's data8 course +in your new hub, you would run: + +```bash +curl -L https://tljh.jupyter.org/bootstrap.py \ + | sudo python3 - \ + --user-requirements-txt-url https://raw.githubusercontent.com/data-8/materials-sp18/HEAD/requirements.txt +``` + +The URL **must** point to a working requirements.txt. If there are any errors, the installation +will fail. + +:::{note} +When pointing to a file on GitHub, make sure to use the 'Raw' version. It should point to +`raw.githubusercontent.com`, not `github.com`. +::: + +## Installing TLJH plugins + +The Littlest JupyterHub can install additional _plugins_ that provide additional +features. They are most commonly used to install a particular _stack_ - such as +the [PANGEO Stack](https://github.com/yuvipanda/tljh-pangeo) for earth sciences +research, a stack for a particular class, etc. You can find more information about +writing plugins and a list of existing plugins at [](/contributing/plugins). + +`--plugin ` installs and activates a plugin. You can pass it +however many times you want. Since plugins are distributed as python packages, +`` can be anything that can be passed to `pip install` - +`plugin-name-on-pypi==` and `git+https://github.com/user/repo@tag` +are the most popular ones. Specifying a version or tag is highly recommended. + +For example, to install the PANGEO Plugin version 0.1 (if version 0.1 existed) +in your new TLJH install, you would use: + +```bash +curl -L https://tljh.jupyter.org/bootstrap.py \ + | sudo python3 - \ + --plugin git+https://github.com/yuvipanda/tljh-pangeo@v0.1 +``` + +Multiple plugins can be installed at once with: `--plugin `. + +:::{note} +Plugins are extremely powerful and can do a large number of arbitrary things. +Only install plugins you trust. +::: diff --git a/docs/topic/customizing-installer.rst b/docs/topic/customizing-installer.rst deleted file mode 100644 index 3699ded..0000000 --- a/docs/topic/customizing-installer.rst +++ /dev/null @@ -1,140 +0,0 @@ -.. _topic/customizing-installer: - -========================= -Customizing the Installer -========================= - -The installer can be customized with commandline parameters. The default installer -is executed as: - -.. code-block:: bash - - curl -L https://tljh.jupyter.org/bootstrap.py \ - | sudo python3 - \ - - -This page documents the various options you can pass as commandline parameters to the installer. - -.. _topic/customizing-installer/admin: - -Serving a temporary "TLJH is building" page -=========================================== -``--show-progress-page`` serves a temporary "TLJH is building" progress page while TLJH is building. - -.. image:: ../images/tljh-is-building-page.gif - :alt: Temporary progress page while TLJH is building - -* The page will be accessible at ``http:///index.html`` in your browser. - When TLJH installation is complete, the progress page page will stop and you will be able - to access TLJH as usually at ``http://``. -* From the progress page, you will also be able to access the installation logs, by clicking the - **Logs** button or by going directly to ``http:///logs`` in your browser. - To update the logs, refresh the page. - -.. note:: - - The ``http:///index.html`` page refreshes itself automatically every 30s. - When JupyterHub starts, a JupyterHub 404 HTTP error message (*Jupyter has lots of moons, but this is not one...*) - will be shown instead of the progress page. This means JupyterHub was started succesfully and you can access it - either by clicking the `Control Panel` button or by going to ``http:///`` directly. - -For example, to enable the progress page and add the first *admin* user, you would run: - -.. code-block:: bash - - curl -L https://tljh.jupyter.org/bootstrap.py \ - | sudo python3 - \ - --admin admin --showprogress-page - -Adding admin users -=================== - -``--admin :`` adds user ```` to JupyterHub as an admin user -and sets its password to be ````. -Although it is not recommended, it is possible to only set the admin username at this point -and set the admin password after the installation. - -Also, the ``--admin`` flag can be repeated multiple times. For example, to add ``admin-user1`` -and ``admin-user2`` as admins when installing, depending if you would like to set their passwords -during install you would: - -* set ``admin-user1`` with password ``password-user1`` and ``admin-user2`` with ``password-user2`` using: - -.. code-block:: bash - - curl -L https://tljh.jupyter.org/bootstrap.py \ - | sudo python3 - \ - --admin admin-user1:password-user1 --admin admin-user2:password-user2 - -* set ``admin-user1`` and ``admin-user2`` to be admins, without any passwords at this stage, using: - -.. code-block:: bash - - curl -L https://tljh.jupyter.org/bootstrap.py \ - | sudo python3 - \ - --admin admin-user1 --admin admin-user2 - -* set ``admin-user1`` with password ``password-user1`` and ``admin-user2`` with no password at this stage using: - -.. code-block:: bash - - curl -L https://tljh.jupyter.org/bootstrap.py \ - | sudo python3 - \ - --admin admin-user1:password-user1 --admin admin-user2 - -Installing python packages in the user environment -================================================== - -``--user-requirements-txt-url `` installs packages specified -in the ``requirements.txt`` located at the given URL into the user environment at install -time. This is very useful when you want to set up a hub with a particular user environment -in one go. - -For example, to install the latest requirements to run UC Berkeley's data8 course -in your new hub, you would run: - -.. code-block:: bash - - curl -L https://tljh.jupyter.org/bootstrap.py \ - | sudo python3 - \ - --user-requirements-txt-url https://raw.githubusercontent.com/data-8/materials-sp18/HEAD/requirements.txt - -The URL **must** point to a working requirements.txt. If there are any errors, the installation -will fail. - -.. note:: - - When pointing to a file on GitHub, make sure to use the 'Raw' version. It should point to - ``raw.githubusercontent.com``, not ``github.com``. - -Installing TLJH plugins -======================= - -The Littlest JupyterHub can install additional *plugins* that provide additional -features. They are most commonly used to install a particular *stack* - such as -the `PANGEO Stack `_ for earth sciences -research, a stack for a particular class, etc. You can find more information about -writing plugins and a list of existing plugins at :ref:`contributing/plugins`. - -``--plugin `` installs and activates a plugin. You can pass it -however many times you want. Since plugins are distributed as python packages, -```` can be anything that can be passed to ``pip install`` - -``plugin-name-on-pypi==`` and ``git+https://github.com/user/repo@tag`` -are the most popular ones. Specifying a version or tag is highly recommended. - -For example, to install the PANGEO Plugin version 0.1 (if version 0.1 existed) -in your new TLJH install, you would use: - -.. code-block:: bash - - curl -L https://tljh.jupyter.org/bootstrap.py \ - | sudo python3 - \ - --plugin git+https://github.com/yuvipanda/tljh-pangeo@v0.1 - - -Multiple plugins can be installed at once with: ``--plugin ``. - -.. note:: - - Plugins are extremely powerful and can do a large number of arbitrary things. - Only install plugins you trust. diff --git a/docs/topic/escape-hatch.md b/docs/topic/escape-hatch.md new file mode 100644 index 0000000..c55d513 --- /dev/null +++ b/docs/topic/escape-hatch.md @@ -0,0 +1,91 @@ +(topic-escape-hatch)= + +# Custom configuration snippets + +The two main TLJH components are **JupyterHub** and **Traefik**. + +- JupyterHub takes its configuration from the `jupyterhub_config.py` file. +- Traefik loads its: + - [static configuration](https://docs.traefik.io/v1.7/basics/#static-traefik-configuration) + from the `traefik.toml` file. + - [dynamic configuration](https://docs.traefik.io/v1.7/basics/#dynamic-traefik-configuration) + from the `rules` directory. + +The `jupyterhub_config.py` and `traefik.toml` files are created by TLJH during installation +and can be edited by the user only through `tljh-config`. The `rules` directory is also created +during install along with a `rules/rules.toml` file, to be used by JupyterHub to store the routing +table from users to their notebooks. + +:::{note} +Any direct modification to these files is unsupported, and will cause hard to debug issues. +::: + +But because sometimes TLJH needs to be customized in ways that are not officially +supported, an escape hatch has been introduced to allow easily extending the +configuration. Please follow the sections below for how to extend JupyterHub's +and Traefik's configuration outside of `tljh-config` scope. + +## Extending `jupyterhub_config.py` + +The `jupyterhub_config.d` directory lets you load multiple `jupyterhub_config.py` +snippets for your configuration. + +- Any files in `/opt/tljh/config/jupyterhub_config.d` that end in `.py` will + be loaded in alphabetical order as python files to provide configuration for + JupyterHub. +- The configuration files can have any name, but they need to have the `.py` + extension and to respect this format. +- Any config that can go in a regular `jupyterhub_config.py` file is valid in + these files. +- They will be loaded _after_ any of the config options specified with `tljh-config` + are loaded. + +Once you have created and defined your custom JupyterHub config file/s, just reload the +hub for the new configuration to take effect: + +```bash +sudo tljh-config reload hub +``` + +## Extending `traefik.toml` + +The `traefik_config.d` directory lets you load multiple `traefik.toml` +snippets for your configuration. + +- Any files in `/opt/tljh/config/traefik_config.d` that end in `.toml` will be + loaded in alphabetical order to provide configuration for Traefik. +- The configuration files can have any name, but they need to have the `.toml` + extension and to respect this format. +- Any config that can go in a regular `traefik.toml` file is valid in these files. +- They will be loaded _after_ any of the config options specified with `tljh-config` + are loaded. + +Once you have created and defined your custom Traefik config file/s, just reload the +proxy for the new configuration to take effect: + +```bash +sudo tljh-config reload proxy +``` + +:::{warning} +This instructions might change when TLJH will switch to Traefik > 2.0 +::: + +## Extending `rules.toml` + +`Traefik` is configured to load its routing table from the `/opt/tljh/state/rules` +directory. The existing `rules.toml` file inside this directory is used by +`jupyterhub-traefik-proxy` to add the JupyterHub routes from users to their notebook servers +and shouldn't be modified. + +However, the routing table can be extended outside JupyterHub's scope using the `rules` +directory, by adding other dynamic configuration files with the desired routing rules. + +:::{note} +Any files in `/opt/tljh/state/rules` that end in `.toml` will be hot reload by Traefik. +This means that there is no need to reload the proxy service for the rules to take effect. +::: + +Checkout Traefik' docs about [dynamic configuration](https://docs.traefik.io/v1.7/basics/#dynamic-traefik-configuration) +and how to provide dynamic configuration through +[multiple separated files](https://docs.traefik.io/v1.7/configuration/backends/file/#multiple-separated-files). diff --git a/docs/topic/escape-hatch.rst b/docs/topic/escape-hatch.rst deleted file mode 100644 index d2fd869..0000000 --- a/docs/topic/escape-hatch.rst +++ /dev/null @@ -1,94 +0,0 @@ -.. _topic/escape-hatch: - - -============================= -Custom configuration snippets -============================= - -The two main TLJH components are **JupyterHub** and **Traefik**. - -* JupyterHub takes its configuration from the ``jupyterhub_config.py`` file. -* Traefik loads its: - * `static configuration `_ - from the ``traefik.toml`` file. - * `dynamic configuration `_ - from the ``rules`` directory. - -The ``jupyterhub_config.py`` and ``traefik.toml`` files are created by TLJH during installation -and can be edited by the user only through ``tljh-config``. The ``rules`` directory is also created -during install along with a ``rules/rules.toml`` file, to be used by JupyterHub to store the routing -table from users to their notebooks. - -.. note:: - Any direct modification to these files is unsupported, and will cause hard to debug issues. - -But because sometimes TLJH needs to be customized in ways that are not officially -supported, an escape hatch has been introduced to allow easily extending the -configuration. Please follow the sections below for how to extend JupyterHub's -and Traefik's configuration outside of ``tljh-config`` scope. - -Extending ``jupyterhub_config.py`` -================================== - -The ``jupyterhub_config.d`` directory lets you load multiple ``jupyterhub_config.py`` -snippets for your configuration. - -* Any files in ``/opt/tljh/config/jupyterhub_config.d`` that end in ``.py`` will - be loaded in alphabetical order as python files to provide configuration for - JupyterHub. -* The configuration files can have any name, but they need to have the `.py` - extension and to respect this format. -* Any config that can go in a regular ``jupyterhub_config.py`` file is valid in - these files. -* They will be loaded *after* any of the config options specified with ``tljh-config`` - are loaded. - -Once you have created and defined your custom JupyterHub config file/s, just reload the -hub for the new configuration to take effect: - -.. code-block:: bash - - sudo tljh-config reload hub - - -Extending ``traefik.toml`` -========================== - -The ``traefik_config.d`` directory lets you load multiple ``traefik.toml`` -snippets for your configuration. - -* Any files in ``/opt/tljh/config/traefik_config.d`` that end in ``.toml`` will be - loaded in alphabetical order to provide configuration for Traefik. -* The configuration files can have any name, but they need to have the `.toml` - extension and to respect this format. -* Any config that can go in a regular ``traefik.toml`` file is valid in these files. -* They will be loaded *after* any of the config options specified with ``tljh-config`` - are loaded. - -Once you have created and defined your custom Traefik config file/s, just reload the -proxy for the new configuration to take effect: - -.. code-block:: bash - - sudo tljh-config reload proxy - -.. warning:: This instructions might change when TLJH will switch to Traefik > 2.0 - -Extending ``rules.toml`` -======================== - -``Traefik`` is configured to load its routing table from the ``/opt/tljh/state/rules`` -directory. The existing ``rules.toml`` file inside this directory is used by -``jupyterhub-traefik-proxy`` to add the JupyterHub routes from users to their notebook servers -and shouldn't be modified. - -However, the routing table can be extended outside JupyterHub's scope using the ``rules`` -directory, by adding other dynamic configuration files with the desired routing rules. - -.. note:: - * Any files in ``/opt/tljh/state/rules`` that end in ``.toml`` will be hot reload by Traefik. - This means that there is no need to reload the proxy service for the rules to take effect. - -Checkout Traefik' docs about `dynamic configuration `_ -and how to provide dynamic configuration through -`multiple separated files `_. diff --git a/docs/topic/idle-culler.rst b/docs/topic/idle-culler.md similarity index 57% rename from docs/topic/idle-culler.rst rename to docs/topic/idle-culler.md index 21e3889..89e400a 100644 --- a/docs/topic/idle-culler.rst +++ b/docs/topic/idle-culler.md @@ -1,8 +1,6 @@ -.. _topic/idle-culler: +(topic-idle-culler)= -============================= -Culling idle notebook servers -============================= +# Culling idle notebook servers The idle culler automatically shuts down user notebook servers when they have not been used for a certain time period, in order to reduce the total resource @@ -11,109 +9,119 @@ usage on your JupyterHub. The notebook server monitors activity internally and notifies JupyterHub of recent activity at certain time intervals (the activity interval). If JupyterHub has not been notified of any activity after a certain period (the idle timeout), -the server is considered to be *inactive (idle)* and will be culled (shutdown). +the server is considered to be _inactive (idle)_ and will be culled (shutdown). -The `idle culler `_ is a JupyterHub service that is installed and enabled by default in TLJH. +The [idle culler](https://github.com/jupyterhub/jupyterhub-idle-culler) is a JupyterHub service that is installed and enabled by default in TLJH. It can be configured using tljh-config. For advanced use-cases, like purging old user data, the idle culler configuration can be extended beyond tljh-config options, using custom -`jupyterhub_config.py snippets `__. +[jupyterhub_config.py snippets](https://tljh.jupyter.org/en/latest/topic/escape-hatch.html?highlight=escape-hatch#extending-jupyterhub-config-py). - -Default settings -================ +## Default settings By default, JupyterHub will ping the user notebook servers every 60s to check their status. Every server found to be idle for more than 10 minutes will be culled. -.. code-block:: python - - services.cull.every = 60 - services.cull.timeout = 600 +```python +services.cull.every = 60 +services.cull.timeout = 600 +``` Because the servers don't have a maximum age set, an active server will not be shut down regardless of how long it has been up and running. -.. code-block:: python - - services.cull.max_age = 0 +```python +services.cull.max_age = 0 +``` If after the culling process, there are users with no active notebook servers, by default, the users will not be culled alongside their notebooks and will continue to exist. -.. code-block:: python +```python +services.cull.users = False +``` - services.cull.users = False +If named servers are in use, they are not removed after being culled. +```python +services.cull.remove_named_servers = False +``` -Configuring the idle culler -=========================== +## Configuring the idle culler The available configuration options are: -Idle timeout ------------- +### Idle timeout + The idle timeout is the maximum time (in seconds) a server can be inactive before it will be culled. The timeout can be configured using: -.. code-block:: bash +```bash +sudo tljh-config set services.cull.timeout +sudo tljh-config reload +``` - sudo tljh-config set services.cull.timeout - sudo tljh-config reload +### Idle check interval -Idle check interval -------------------- The idle check interval represents how frequent (in seconds) the Hub will check if there are any idle servers to cull. It can be configured using: -.. code-block:: bash +```bash +sudo tljh-config set services.cull.every +sudo tljh-config reload +``` - sudo tljh-config set services.cull.every - sudo tljh-config reload +### Maximum age -Maximum age ------------ The maximum age sets the time (in seconds) a server should be running. The servers that exceed the maximum age, will be culled even if they are active. A maximum age of 0, will deactivate this option. The maximum age can be configured using: -.. code-block:: bash +```bash +sudo tljh-config set services.cull.max_age +sudo tljh-config reload +``` - sudo tljh-config set services.cull.max_age - sudo tljh-config reload +### Remove Named Servers + +Remove named servers after they are shutdown. Only applies if named servers are +enabled on the hub installation: + +```bash +sudo tljh-config set services.cull.remove_named_servers True +sudo tljh-config reload +``` + +### User culling -User culling ------------- In addition to servers, it is also possible to cull the users. This is usually -suited for temporary-user cases such as *tmpnb*. +suited for temporary-user cases such as _tmpnb_. User culling can be activated using the following command: -.. code-block:: bash +```bash +sudo tljh-config set services.cull.users True +sudo tljh-config reload +``` - sudo tljh-config set services.cull.users True - sudo tljh-config reload +### Concurrency -Concurrency ------------ Deleting a lot of users at the same time can slow down the Hub. The number of concurrent requests made to the Hub can be configured using: -.. code-block:: bash - - sudo tljh-config set services.cull.concurrency - sudo tljh-config reload +```bash +sudo tljh-config set services.cull.concurrency +sudo tljh-config reload +``` Because TLJH it's used for a small number of users, the cases that may require to modify the concurrency limit should be rare. - -Disabling the idle culler -========================= +## Disabling the idle culler The idle culling service is enabled by default. To disable it, use the following command: -.. code-block:: bash - - sudo tljh-config set services.cull.enabled False - sudo tljh-config reload +```bash +sudo tljh-config set services.cull.enabled False +sudo tljh-config reload +``` diff --git a/docs/topic/index.md b/docs/topic/index.md new file mode 100644 index 0000000..dc38061 --- /dev/null +++ b/docs/topic/index.md @@ -0,0 +1,20 @@ +# Topic Guides + +Topic guides provide in-depth explanations of specific topics. + +```{toctree} +:caption: Topic guides +:titlesonly: true + +whentouse +requirements +three-environments +security +customizing-installer +installer-actions +installer-upgrade-actions +tljh-config +authenticator-configuration +escape-hatch +idle-culler +``` diff --git a/docs/topic/index.rst b/docs/topic/index.rst deleted file mode 100644 index d4366a7..0000000 --- a/docs/topic/index.rst +++ /dev/null @@ -1,20 +0,0 @@ -============ -Topic Guides -============ - -Topic guides provide in-depth explanations of specific topics. - -.. toctree:: - :titlesonly: - :caption: Topic guides - - whentouse - requirements - security - customizing-installer - installer-actions - tljh-config - authenticator-configuration - escape-hatch - idle-culler - jupyterhub-configurator diff --git a/docs/topic/installer-actions.md b/docs/topic/installer-actions.md new file mode 100644 index 0000000..7dc26ab --- /dev/null +++ b/docs/topic/installer-actions.md @@ -0,0 +1,218 @@ +(topic-installer-actions)= + +# What does the installer do? + +This document details what exactly the installer does to the machine it is +run on. + +## `apt` Packages installed + +The packages `python3` and `python3-venv` are installed from the apt repositories. + +## Hub environment + +JupyterHub is run from a python3 virtual environment located in `/opt/tljh/hub`. It +uses the system's installed python and is owned by root. It also contains a binary install +of [traefik](http://traefik.io/). This virtual environment is completely managed by TLJH. + +:::{note} +If you try to remove TLJH, revert this action using: + +```bash +sudo rm -rf /opt/tljh/hub +``` + +::: + +## User environment + +By default, a `mambaforge` conda environment is installed in `/opt/tljh/user`. This contains +the notebook interface used to launch all users, and the various packages available to all +users. The environment is owned by the `root` user. JupyterHub admins may use +to `sudo -E conda install` or `sudo -E pip install` packages into this environment. + +This conda environment is added to `$PATH` for all users started with JupyterHub. If you +are using `ssh` instead, you can activate this environment by running the following: + +```bash +source /opt/tljh/user/bin/activate +``` + +This should let you run various `conda` and `pip` commands. If you run into errors like +`Command 'conda' not found`, try prefixing your command with: + +```bash +sudo env PATH=${PATH} +``` + +By default, `sudo` does not respect any custom environments you have activated. The `env PATH=${PATH}` +'fixes' that. + +:::{note} +If you try to remove TLJH, revert this action using: + +```bash +sudo rm -rf /opt/tljh/user +``` + +::: + +## `tljh-config` symlink + +We create a symlink from `/usr/bin/tljh-config` to `/opt/tljh/hub/bin/tljh-config`, so users +can run `sudo tljh-config ` from their terminal. While the user environment is added +to users' `$PATH` when they launch through JupyterHub, the hub environment is not. This makes it +hard to access the `tljh-config` command used to change most config parameters. Hence we symlink the +`tljh-config` command to `/usr/bin`, so it is directly accessible with `sudo tljh-config `. + +:::{note} +If you try to remove TLJH, revert this action using: + +```bash +sudo unlink /usr/bin/tljh-config +``` + +::: + +## `jupyterhub_config.d` directory for custom configuration snippets + +Any files in /opt/tljh/config/jupyterhub_config.d that end in .py and are a valid +JupyterHub configuration will be loaded after any of the config options specified +with tljh-config are loaded. + +:::{note} +If you try to remove TLJH, revert this action using: + +```bash +sudo rm -rf /opt/tljh/config +``` + +::: + +## Systemd Units + +TLJH places 2 systemd units on your computer. They all start on system startup. + +1. `jupyterhub.service` - starts the JupyterHub service. +2. `traefik.service` - starts traefik proxy that manages HTTPS + +In addition, each running Jupyter user gets their own systemd unit of the name `jupyter-`. + +:::{note} +If you try to remove TLJH, revert this action using: + +```bash +# stop the services +systemctl stop jupyterhub.service +systemctl stop traefik.service +systemctl stop jupyter- + +# disable the services +systemctl disable jupyterhub.service +systemctl disable traefik.service +# run this command for all the Jupyter users +systemctl disable jupyter- + +# remove the systemd unit +rm /etc/systemd/system/jupyterhub.service +rm /etc/systemd/system/traefik.service + +# reset the state of all units +systemctl daemon-reload +systemctl reset-failed +``` + +::: + +## State files + +TLJH places 3 `jupyterhub.service` and 4 `traefik.service` state files in `/opt/tljh/state`. +These files save the state of JupyterHub and Traefik services and are meant +to be used and modified solely by these services. + +:::{note} +If you try to remove TLJH, revert this action using: + +```bash +sudo rm -rf /opt/tljh/state +``` + +::: + +## Progress page files + +If you ran the TLJH installer with the `--show-progress-page` flag, then two files have been +added to your system to help serving the progress page: + +- `/var/run/index.html` - the main progress page +- `/var/run/favicon.ico` - the JupyterHub icon + +:::{note} +If you try to remove TLJH, revert this action using: + +```bash +sudo rm /var/run/index.html +sudo rm /var/run/favicon.ico +``` + +::: + +## User groups + +TLJH creates two user groups when installed: + +1. `jupyterhub-users` contains all users managed by this JupyterHub +2. `jupyterhub-admins` contains all users with admin rights managed by this JupyterHub. + +When a new JupyterHub user logs in, a unix user is created for them. The unix user is always added +to the `jupyterhub-users` group. If the user is an admin, they are added to the `jupyterhub-admins` +group whenever they start / stop their notebook server. + +If you uninstall TLJH, you should probably remove all user accounts associated with both these +user groups, and then remove the groups themselves. You might have to archive or delete the home +directories of these users under `/home/`. + +:::{note} +If you try to remove TLJH, in order to remove a user and its home directory, use: + +```bash +sudo userdel -r +``` + +::: + +Keep in mind that the files located in other parts of the file system +will have to be searched for and deleted manually. + +:::{note} +To remove the user groups units: + +```bash +sudo delgroup jupyterhub-users +sudo delgroup jupyterhub-admins +# remove jupyterhub-admins from the sudoers group +sudo rm /etc/sudoers.d/jupyterhub-admins +``` + +::: + +## Passwordless `sudo` for JupyterHub admins + +`/etc/sudoers.d/jupyterhub-admins` is created to provide passwordless sudo for all JupyterHub +admins. We also set it up to inherit `$PATH` with `sudo -E`, to more easily call `conda`, +`pip`, etc. + +## Removing TLJH + +If trying to wipe out a fresh TLJH installation, follow the instructions on how to revert +each specific modification the TLJH installer does to the system. + +:::{note} +If using a VM, the recommended way to remove TLJH is destroying the VM and start fresh. +::: + +:::{warning} +Completely uninstalling TLJH after it has been used is a difficult task because it's +highly coupled to how the system changed after it has been used and modified by the users. +Thus, we cannot provide instructions on how to proceed in this case. +::: diff --git a/docs/topic/installer-actions.rst b/docs/topic/installer-actions.rst deleted file mode 100644 index 56e0302..0000000 --- a/docs/topic/installer-actions.rst +++ /dev/null @@ -1,214 +0,0 @@ -.. _topic/installer-actions: - -=========================== -What does the installer do? -=========================== - -This document details what exactly the installer does to the machine it is -run on. - -``apt`` Packages installed -========================== - -The packages ``python3`` and ``python3-venv`` are installed from the apt repositories. - -Hub environment -=============== - -JupyterHub is run from a python3 virtual environment located in ``/opt/tljh/hub``. It -uses the system's installed python and is owned by root. It also contains a binary install -of `traefik `_. This virtual environment is completely managed by TLJH. - -.. note:: - If you try to remove TLJH, revert this action using: - - .. code-block:: bash - - sudo rm -rf /opt/tljh/hub - - -User environment -================ - -By default, a ``mambaforge`` conda environment is installed in ``/opt/tljh/user``. This contains -the notebook interface used to launch all users, and the various packages available to all -users. The environment is owned by the ``root`` user. JupyterHub admins may use -to ``sudo -E conda install`` or ``sudo -E pip install`` packages into this environment. - -This conda environment is added to ``$PATH`` for all users started with JupyterHub. If you -are using ``ssh`` instead, you can activate this environment by running the following: - -.. code-block:: bash - - source /opt/tljh/user/bin/activate - -This should let you run various ``conda`` and ``pip`` commands. If you run into errors like -``Command 'conda' not found``, try prefixing your command with: - -.. code-block:: bash - - sudo env PATH=${PATH} - -By default, ``sudo`` does not respect any custom environments you have activated. The ``env PATH=${PATH}`` -'fixes' that. - -.. note:: - If you try to remove TLJH, revert this action using: - - .. code-block:: bash - - sudo rm -rf /opt/tljh/user - -``tljh-config`` symlink -======================== - -We create a symlink from ``/usr/bin/tljh-config`` to ``/opt/tljh/hub/bin/tljh-config``, so users -can run ``sudo tljh-config `` from their terminal. While the user environment is added -to users' ``$PATH`` when they launch through JupyterHub, the hub environment is not. This makes it -hard to access the ``tljh-config`` command used to change most config parameters. Hence we symlink the -``tljh-config`` command to ``/usr/bin``, so it is directly accessible with ``sudo tljh-config ``. - -.. note:: - If you try to remove TLJH, revert this action using: - - .. code-block:: bash - - sudo unlink /usr/bin/tljh-config - -``jupyterhub_config.d`` directory for custom configuration snippets -=================================================================== - -Any files in /opt/tljh/config/jupyterhub_config.d that end in .py and are a valid -JupyterHub configuration will be loaded after any of the config options specified -with tljh-config are loaded. - -.. note:: - If you try to remove TLJH, revert this action using: - - .. code-block:: bash - - sudo rm -rf /opt/tljh/config - -Systemd Units -============= - -TLJH places 2 systemd units on your computer. They all start on system startup. - -#. ``jupyterhub.service`` - starts the JupyterHub service. -#. ``traefik.service`` - starts traefik proxy that manages HTTPS - -In addition, each running Jupyter user gets their own systemd unit of the name ``jupyter-``. - -.. note:: - If you try to remove TLJH, revert this action using: - - .. code-block:: bash - - # stop the services - systemctl stop jupyterhub.service - systemctl stop traefik.service - systemctl stop jupyter- - - # disable the services - systemctl disable jupyterhub.service - systemctl disable traefik.service - # run this command for all the Jupyter users - systemctl disable jupyter- - - # remove the systemd unit - rm /etc/systemd/system/jupyterhub.service - rm /etc/systemd/system/traefik.service - - # reset the state of all units - systemctl daemon-reload - systemctl reset-failed - -State files -=========== - -TLJH places 3 `jupyterhub.service` and 4 `traefik.service` state files in `/opt/tljh/state`. -These files save the state of JupyterHub and Traefik services and are meant -to be used and modified solely by these services. - -.. note:: - If you try to remove TLJH, revert this action using: - - .. code-block:: bash - - sudo rm -rf /opt/tljh/state - -Progress page files -=================== - -If you ran the TLJH installer with the `--show-progress-page` flag, then two files have been -added to your system to help serving the progress page: - -* ``/var/run/index.html`` - the main progress page -* ``/var/run/favicon.ico`` - the JupyterHub icon - -.. note:: - If you try to remove TLJH, revert this action using: - - .. code-block:: bash - - sudo rm /var/run/index.html - sudo rm /var/run/favicon.ico - - -User groups -=========== - -TLJH creates two user groups when installed: - -#. ``jupyterhub-users`` contains all users managed by this JupyterHub -#. ``jupyterhub-admins`` contains all users with admin rights managed by this JupyterHub. - -When a new JupyterHub user logs in, a unix user is created for them. The unix user is always added -to the ``jupyterhub-users`` group. If the user is an admin, they are added to the ``jupyterhub-admins`` -group whenever they start / stop their notebook server. - -If you uninstall TLJH, you should probably remove all user accounts associated with both these -user groups, and then remove the groups themselves. You might have to archive or delete the home -directories of these users under ``/home/``. - -.. note:: - If you try to remove TLJH, in order to remove a user and its home directory, use: - - .. code-block:: bash - - sudo userdel -r - -Keep in mind that the files located in other parts of the file system -will have to be searched for and deleted manually. - -.. note:: - To remove the user groups units: - - .. code-block:: bash - - sudo delgroup jupyterhub-users - sudo delgroup jupyterhub-admins - # remove jupyterhub-admins from the sudoers group - sudo rm /etc/sudoers.d/jupyterhub-admins - -Passwordless ``sudo`` for JupyterHub admins -============================================ - -``/etc/sudoers.d/jupyterhub-admins`` is created to provide passwordless sudo for all JupyterHub -admins. We also set it up to inherit ``$PATH`` with ``sudo -E``, to more easily call ``conda``, -``pip``, etc. - - -Removing TLJH -============= - -If trying to wipe out a fresh TLJH installation, follow the instructions on how to revert -each specific modification the TLJH installer does to the system. - -.. note:: - If using a VM, the recommended way to remove TLJH is destroying the VM and start fresh. - -.. warning:: - Completely uninstalling TLJH after it has been used is a difficult task because it's - highly coupled to how the system changed after it has been used and modified by the users. - Thus, we cannot provide instructions on how to proceed in this case. diff --git a/docs/topic/installer-upgrade-actions.md b/docs/topic/installer-upgrade-actions.md new file mode 100644 index 0000000..f367434 --- /dev/null +++ b/docs/topic/installer-upgrade-actions.md @@ -0,0 +1,30 @@ +(topic-installer-upgrade-actions)= + +# What is done during an upgrade of TLJH? + +Once TLJH has been installed, it should be possible to upgrade the installation. +This documentation is meant to capture the changes made during an upgrade. + +```{versionchanged} 1.0.0 +Ensuring upgrades work has only been done since 1.0.0 upgrading from version +0.2.0. +``` + +## Changes to the system environment + +The [system environment](system-environment) is not meant to be influenced +unless explicitly mentioned in the changelog, typically only during major +version upgrades. + +## Changes to the hub environment + +The [hub environment](hub-environment) gets several packages upgraded based on +version ranges specified in [tljh/requirements-hub-env.txt]. + +## Changes to the user environment + +The [user environment](user-environment) gets is `jupyterhub` package upgraded, +but no other packages gets upgraded unless explicitly mentioned in the +changelog, typically only during major version upgrades. + +[tljh/requirements-hub-env.txt]: https://github.com/jupyterhub/the-littlest-jupyterhub/blob/HEAD/tljh/requirements-hub-env.txt diff --git a/docs/topic/jupyterhub-configurator.rst b/docs/topic/jupyterhub-configurator.rst deleted file mode 100644 index 6fdce76..0000000 --- a/docs/topic/jupyterhub-configurator.rst +++ /dev/null @@ -1,28 +0,0 @@ -.. _topic/jupyterhub-configurator: - -======================= -JupyterHub Configurator -======================= - -The `JupyterHub configurator `_ allows admins to change a subset of hub settings via a GUI. - -.. image:: ../images/jupyterhub-configurator.png - :alt: Changing the default JupyterHub interface - -Enabling the configurator -========================= - -Because the configurator is under continue development and it might change over time, it is disabled by default in TLJH. -If you want to experiment with it, it can be enabled using ``tljh-config``: - -.. code-block:: bash - - sudo tljh-config set services.configurator.enabled True - sudo tljh-config reload - -Accessing the Configurator -========================== - -After enabling the configurator using ``tljh-config``, the service will only be available to hub admins, from within the control panel. -The configurator can be accessed from under ``Services`` in the top navigation bar. It will ask to authenticate, so it knows the user is an admin. -Once done, the configurator interface will be available. diff --git a/docs/topic/requirements.md b/docs/topic/requirements.md new file mode 100644 index 0000000..3d2df1e --- /dev/null +++ b/docs/topic/requirements.md @@ -0,0 +1,23 @@ +(requirements)= + +# Server Requirements + +## Operating System + +We require using Ubuntu >=20.04 as the base operating system for your server. + +## Root access + +Full `root` access to this server is required. This might be via `sudo` +(recommended) or by direct access to `root` (not recommended!) + +## External IP + +An external IP allows users on the internet to reach your JupyterHub. Most +VPS / Cloud providers give you a public IP address along with your server. If +you are hosting on a physical machine somewhere, talk to your system administrators +about how to get HTTP traffic from the world into your server. + +## CPU / Memory / Disk Space + +See how to [](/howto/admin/resource-estimation) diff --git a/docs/topic/requirements.rst b/docs/topic/requirements.rst deleted file mode 100644 index 7b5f1a4..0000000 --- a/docs/topic/requirements.rst +++ /dev/null @@ -1,29 +0,0 @@ -.. _requirements: - -=================== -Server Requirements -=================== - -Operating System -================ - -We require using Ubuntu 18.04 as the base operating system for your server. - -Root access -=========== - -Full ``root`` access to this server is required. This might be via ``sudo`` -(recommended) or by direct access to ``root`` (not recommended!) - -External IP -=========== - -An external IP allows users on the internet to reach your JupyterHub. Most -VPS / Cloud providers give you a public IP address along with your server. If -you are hosting on a physical machine somewhere, talk to your system administrators -about how to get HTTP traffic from the world into your server. - -CPU / Memory / Disk Space -========================= - -See how to :ref:`howto/admin/resource-estimation` diff --git a/docs/topic/security.rst b/docs/topic/security.md similarity index 61% rename from docs/topic/security.rst rename to docs/topic/security.md index bb941ef..23d94bc 100644 --- a/docs/topic/security.rst +++ b/docs/topic/security.md @@ -1,80 +1,69 @@ -======================= -Security Considerations -======================= +# Security Considerations The Littlest JupyterHub is in beta state & should not be used in security critical situations. We will try to keep things as secure as possible, but sometimes trade security for massive gains in convenience. This page contains information about the security model of The Littlest JupyterHub. -System user accounts -==================== +## System user accounts Each JupyterHub user gets their own Unix user account created when they first start their server. This protects users from each other, gives them a home directory at a well known location, and allows sharing based on file system permissions. -#. The unix user account created for a JupyterHub user named ```` is - ``jupyter-``. This prefix helps prevent clashes with users that - already exist - otherwise a user named ``root`` can trivially gain full root - access to your server. If the username (including the ``jupyter-`` prefix) +1. The unix user account created for a JupyterHub user named `` is + `jupyter-`. This prefix helps prevent clashes with users that + already exist - otherwise a user named `root` can trivially gain full root + access to your server. If the username (including the `jupyter-` prefix) is longer than 26 characters, it is truncated at 26 characters & a 5 charcter hash is appeneded to it. This keeps usernames under the linux username limit of 32 characters while also reducing chances of collision. - -#. A home directory is created for the user under ``/home/jupyter-``. - -#. The default permission of the home directory is change with ``o-rwx`` (remove +2. A home directory is created for the user under `/home/jupyter-`. +3. The default permission of the home directory is change with `o-rwx` (remove non-group members the ability to read, write or list files and folders in the Home directory). - -#. No password is set for this unix system user by default. The password used +4. No password is set for this unix system user by default. The password used to log in to JupyterHub (if using an authenticator that requires a password) is not related to the unix user's password in any form. +5. All users created by The Littlest JupyterHub are added to the user group + `jupyterhub-users`. -#. All users created by The Littlest JupyterHub are added to the user group - ``jupyterhub-users``. +## `sudo` access for admins -``sudo`` access for admins -========================== - -JupyterHub admin users are added to the user group ``jupyterhub-admins``, -which is granted complete root access to the whole server with the ``sudo`` +JupyterHub admin users are added to the user group `jupyterhub-admins`, +which is granted complete root access to the whole server with the `sudo` command on the terminal. No password required. This is a **lot** of power, and they can do pretty much anything they want to the server - look at other people's work, modify it, break the server in cool & -funky ways, etc. This also means **if an admin's credentials are compromised +funky ways, etc. This also means **if an admin's credentials are compromised (easy to guess password, password re-use, etc) the entire JupyterHub is compromised.** -Off-boarding users securely -=========================== +## Off-boarding users securely When you delete users from the JupyterHub admin console, their unix user accounts are **not** removed. This means they might continue to have access to the server even after you remove them from JupyterHub. Admins should manually remove the user from the server & archive their home directories as needed. For example, the -following command deletes the unix user associated with the JupyterHub user ``yuvipanda``. +following command deletes the unix user associated with the JupyterHub user `yuvipanda`. -.. code-block:: bash - - sudo userdel jupyter-yuvipanda +```bash +sudo userdel jupyter-yuvipanda +``` If the user removed from the server is an admin, extra care must be taken since they could have modified the system earlier to continue giving them access. -Per-user ``/tmp`` -================= +## Per-user `/tmp` -``/tmp`` is shared by all users in most computing systems, and this has been +`/tmp` is shared by all users in most computing systems, and this has been a consistent source of security issues. The Littlest JupyterHub gives each -user their own ephemeral ``/tmp`` using the `PrivateTmp `_ +user their own ephemeral `/tmp` using the [PrivateTmp](https://www.freedesktop.org/software/systemd/man/systemd.exec.html#PrivateTmp) feature of systemd. -HTTPS -===== +## HTTPS Any internet-facing JupyterHub should use HTTPS to secure its traffic. For -information on how to use HTTPS with your JupyterHub, see :ref:`howto/admin/https`. +information on how to use HTTPS with your JupyterHub, see [](/howto/admin/https). diff --git a/docs/topic/three-environments.md b/docs/topic/three-environments.md new file mode 100644 index 0000000..46718b7 --- /dev/null +++ b/docs/topic/three-environments.md @@ -0,0 +1,76 @@ +(topic-three-environments)= + +# The system, hub, and user environments + +TLJH's documentation mentions the _system environment_, the _hub environment_, +and the _user environment_. This section will introduce what is meant with that +and clarify the distinctions between the environments. + +(system-environment)= + +## The system environment + +When this documentation mentions the _system environment_, it refers to the +Linux environment with its installed `apt` packages, users in `/etc/passwd`, +etc. + +A part of the system environment is a Python environment setup via the `apt` +package `python` installed by default in Linux distributions supported by TLJH. +To be specific, we can refer to this as the _system's Python environment_. + +If you would do `sudo python3 -m pip install ` you would end up +installing something in the system's Python environment, and that would not be +available in the hub environment or the user environment. + +The system's Python environment is only used by TLJH to run the `bootstrap.py` +script downloaded as part of installing or upgrading TLJH. This script is also +responsible for setting up the hub environment. + +(hub-environment)= + +## The hub environment + +The _hub environment_ is a [virtual Python environment] setup in `/opt/tljh/hub` +by the `bootstrap.py` script using the system's Python environment during TLJH +installation. + +The hub environment has Python packages installed in it related to running +JupyterHub itself such as an JupyterHub authenticator package, but it doesn't +include packages to start user servers like JupyterLab. + +When TLJH is installed/upgraded, the packages listed in +[tljh/requirements-hub-env.txt] are installed/upgraded in this environment. + +If you would do `sudo /opt/tljh/hub/bin/python3 -m pip install ` you +would end up installing something in the hub environment, and that would not be +available in the system's Python environment or the user environment. + +[virtual Python environment]: https://docs.python.org/3/library/venv.html + +[tljh/requirements-hub-env.txt]: https://github.com/jupyterhub/the-littlest-jupyterhub/blob/HEAD/tljh/requirements-hub-env.txt + +(user-environment)= + +## The user environment + +The _user environment_ is a Python environment setup in `/opt/tljh/user` by the +TLJH installer during TLJH installation. The user environment is not a virtual +environment because an entirely separate installation of Python has been made +for it. + +The user environment has packages installed in it related to running individual +jupyter servers, such as `jupyterlab`. + +When TLJH is _installed_, the packages listed in +[tljh/requirements-user-env.txt] are installed in this environment. When TLJH is +_upgraded_ though, as little as possible is done to this environment. Typically +only `jupyterhub` is upgraded to match the version in the hub environment. If +upgrading to a new major version of TLJH, then something small may be done +besides this, and then it should be described the changelog. + +If you would do `sudo /opt/tljh/user/bin/python3 -m pip install `, or +from a user server's terminal do `sudo -E pip install ` you would end +up installing something in the user environment, and that would not be available +in the system's Python environment or the hub environment. + +[tljh/requirements-user-env-extras.txt]: https://github.com/jupyterhub/the-littlest-jupyterhub/blob/HEAD/tljh/requirements-user-env-extras.txt diff --git a/docs/topic/tljh-config.md b/docs/topic/tljh-config.md new file mode 100644 index 0000000..2df93ee --- /dev/null +++ b/docs/topic/tljh-config.md @@ -0,0 +1,258 @@ +(topic-tljh-config)= + +# Configuring TLJH with `tljh-config` + +`tljh-config` is the commandline program used to make configuration +changes to TLJH. + +## Running `tljh-config` + +You can run `tljh-config` in two ways: + +1. From inside a terminal in JupyterHub while logged in as an admin user. + This method is recommended. +2. By directly calling `/opt/tljh/hub/bin/tljh-config` as root when + logged in to the server via other means (such as SSH). This is an + advanced use case, and not covered much in this guide. + +(tljh-set)= + +## Set / Unset a configuration property + +TLJH's configuration is organized in a nested tree structure. You can +set a particular property with the following command: + +```bash +sudo tljh-config set +``` + +where: + +1. `` is a dot-separated path to the property you want + to set. +2. `` is the value you want to set the property to. + +For example, to set the password for the DummyAuthenticator, you +need to set the `auth.DummyAuthenticator.password` property. You would +do so with the following: + +```bash +sudo tljh-config set auth.DummyAuthenticator.password mypassword +``` + +This can only set string and numerical properties, not lists. + +To unset a configuration property you can use the following command: + +```bash +sudo tljh-config unset +``` + +Unsetting a configuration property removes the property from the configuration +file. If what you want is only to change the property's value, you should use +`set` and overwrite it with the desired value. + +Some of the existing `` are listed below by categories: + +(tljh-base-url)= + +### Base URL + +Use `base_url` to determine the base URL used by JupyterHub. This parameter will +be passed straight to `c.JupyterHub.base_url`. + +(tljh-set-auth)= + +### Authentication + +Use `auth.type` to determine authenticator to use. All parameters +in the config under `auth.{auth.type}` will be passed straight to the +authenticators themselves. + +(tljh-set-ports)= + +### Ports + +Use `http.port` and `https.port` to set the ports that TLJH will listen on, +which are 80 and 443 by default. However, if you change these, note that +TLJH does a lot of other things to the system (with user accounts and sudo +rules primarily) that might break security assumptions your other +applications have, so use with extreme caution. + +```bash +sudo tljh-config set http.port 8080 +sudo tljh-config set https.port 8443 +sudo tljh-config reload proxy +``` + +(tljh-set-listen-address) + +### Listen address + +Use `http.address` and `https.address` to set the addresses that TLJH will listen on, +which is an empty address by default (it means it listens on all interfaces by default). + +```bash +sudo tljh-config set http.address 127.0.0.1 +sudo tljh-config set https.address 127.0.0.1 +sudo tljh-config reload proxy +``` + +(tljh-set-user-lists)= + +### User Lists + +- `users.allowed` takes in usernames to allow + +- `users.banned` takes in usernames to ban + +- `users.admin` takes in usernames to designate as admins + + ```bash + sudo tljh-config add-item users.allowed good-user_1 + sudo tljh-config add-item users.allowed good-user_2 + sudo tljh-config add-item users.banned bad-user_6 + sudo tljh-config add-item users.admin admin-user_0 + sudo tljh-config remove-item users.allowed good-user_2 + ``` + +(tljh-set-user-limits)= + +### User Server Limits + +- `limits.memory` Specifies the maximum memory that can be used by each + individual user. By default there is no memory limit. The limit can be + specified as an absolute byte value. You can use + the suffixes K, M, G or T to mean Kilobyte, Megabyte, Gigabyte or Terabyte + respectively. Setting it to `None` disables memory limits. + + ```bash + sudo tljh-config set limits.memory 4G + ``` + + Even if you want individual users to use as much memory as possible, + it is still good practice to set a memory limit of 80-90% of total + physical memory. This prevents one user from being able to single + handedly take down the machine accidentally by OOMing it. + +- `limits.cpu` A float representing the total CPU-cores each user can use. + By default there is no CPU limit. + 1 represents one full CPU, 4 represents 4 full CPUs, 0.5 represents + half of one CPU, etc. This value is ultimately converted to a percentage and + rounded down to the nearest integer percentage, + i.e. 1.5 is converted to 150%, 0.125 is converted to 12%, etc. + Setting it to `None` disables CPU limits. + + ```bash + sudo tljh-config set limits.cpu 2 + ``` + +(tljh-set-user-env)= + +### User Environment + +`user_environment.default_app` Set default application users are launched into. +Currently this can only be set to: `classic` and `jupyterlab`. + +```bash +sudo tljh-config set user_environment.default_app jupyterlab +``` + +(tljh-set-extra-user-groups)= + +## Extra User Groups + +`users.extra_user_groups` is a configuration option that can be used +to automatically add a user to a specific group. By default, there are +no extra groups defined. + +Users can be "paired" with the desired, **existing** groups using: + +- `tljh-config set`, if only one user is to be added to the + desired group: + +```bash +tljh-config set users.extra_user_groups.group1 user1 +``` + +- `tljh-config add-item`, if multiple users are to be added to + the group: + +```bash +tljh-config add-item users.extra_user_groups.group1 user1 +tljh-config add-item users.extra_user_groups.group1 user2 +``` + +(tljh-view-conf)= + +## View current configuration + +To see the current configuration, you can run the following command: + +```bash +sudo tljh-config show +``` + +This will print the current configuration of your TLJH. This is very +useful when asking for support! + +(tljh-reload-hub)= + +## Reloading JupyterHub to apply configuration + +After modifying the configuration, you need to reload JupyterHub for +it to take effect. You can do so with: + +```bash +sudo tljh-config reload +``` + +This should not affect any running users. The JupyterHub will be +restarted and loaded with the new configuration. + +(tljh-edit-yaml)= + +## Advanced: `config.yaml` + +`tljh-config` is a simple program that modifies the contents of the +`config.yaml` file located at `/opt/tljh/config/config.yaml`. `tljh-config` +is the recommended method of editing / viewing configuration since editing +YAML by hand in a terminal text editor is a large source of errors. + +To learn more about the `tljh-config` usage, you can use the `--help` flag. +The `--help` flag can be used either directly, to get information about the +general usage of the command or after a positional argument. For example, using +it after an argument like `remove-item` gives information about this specific command. + +```bash +sudo tljh-config --help + +usage: tljh-config [-h] [--config-path CONFIG_PATH] {show,unset,set,add-item,remove-item,reload} ... + +positional arguments: + {show,unset,set,add-item,remove-item,reload} + show Show current configuration + unset Unset a configuration property + set Set a configuration property + add-item Add a value to a list for a configuration property + remove-item Remove a value from a list for a configuration property + reload Reload a component to apply configuration change + +optional arguments: + -h, --help show this help message and exit + --config-path CONFIG_PATH + Path to TLJH config.yaml file +``` + +```bash +sudo tljh-config remove-item --help + +usage: tljh-config remove-item [-h] key_path value + +positional arguments: + key_path Dot separated path to configuration key to remove value from + value Value to remove from key_path + +optional arguments: + -h, --help show this help message and exit +``` diff --git a/docs/topic/tljh-config.rst b/docs/topic/tljh-config.rst deleted file mode 100644 index 9b3b04c..0000000 --- a/docs/topic/tljh-config.rst +++ /dev/null @@ -1,271 +0,0 @@ -.. _topic/tljh-config: - -===================================== -Configuring TLJH with ``tljh-config`` -===================================== - -``tljh-config`` is the commandline program used to make configuration -changes to TLJH. - -Running ``tljh-config`` -======================= - -You can run ``tljh-config`` in two ways: - -#. From inside a terminal in JupyterHub while logged in as an admin user. - This method is recommended. - -#. By directly calling ``/opt/tljh/hub/bin/tljh-config`` as root when - logged in to the server via other means (such as SSH). This is an - advanced use case, and not covered much in this guide. - -.. _tljh-set: - - -Set / Unset a configuration property -==================================== - -TLJH's configuration is organized in a nested tree structure. You can -set a particular property with the following command: - -.. code-block:: bash - - sudo tljh-config set - - -where: - -#. ```` is a dot-separated path to the property you want - to set. -#. ```` is the value you want to set the property to. - -For example, to set the password for the DummyAuthenticator, you -need to set the ``auth.DummyAuthenticator.password`` property. You would -do so with the following: - -.. code-block:: bash - - sudo tljh-config set auth.DummyAuthenticator.password mypassword - - -This can only set string and numerical properties, not lists. - -To unset a configuration property you can use the following command: - -.. code-block:: bash - - sudo tljh-config unset - -Unsetting a configuration property removes the property from the configuration -file. If what you want is only to change the property's value, you should use -``set`` and overwrite it with the desired value. - - -Some of the existing ```` are listed below by categories: - -.. _tljh-base_url: - -Base URL --------- - - Use ``base_url`` to determine the base URL used by JupyterHub. This parameter will - be passed straight to ``c.JupyterHub.base_url``. - -.. _tljh-set-auth: - -Authentication --------------- - - Use ``auth.type`` to determine authenticator to use. All parameters - in the config under ``auth.{auth.type}`` will be passed straight to the - authenticators themselves. - -.. _tljh-set-ports: - -Ports ------ - - Use ``http.port`` and ``https.port`` to set the ports that TLJH will listen on, - which are 80 and 443 by default. However, if you change these, note that - TLJH does a lot of other things to the system (with user accounts and sudo - rules primarily) that might break security assumptions your other - applications have, so use with extreme caution. - - .. code-block:: bash - - sudo tljh-config set http.port 8080 - sudo tljh-config set https.port 8443 - sudo tljh-config reload proxy - -.. _tljh-set-user-lists: - -User Lists ----------- - - -* ``users.allowed`` takes in usernames to whitelist - -* ``users.banned`` takes in usernames to blacklist - -* ``users.admin`` takes in usernames to designate as admins - - .. code-block:: bash - - sudo tljh-config add-item users.allowed good-user_1 - sudo tljh-config add-item users.allowed good-user_2 - sudo tljh-config add-item users.banned bad-user_6 - sudo tljh-config add-item users.admin admin-user_0 - sudo tljh-config remove-item users.allowed good-user_2 - -.. _tljh-set-user-limits: - -User Server Limits ------------------- - - -* ``limits.memory`` Specifies the maximum memory that can be used by each - individual user. By default there is no memory limit. The limit can be - specified as an absolute byte value. You can use - the suffixes K, M, G or T to mean Kilobyte, Megabyte, Gigabyte or Terabyte - respectively. Setting it to ``None`` disables memory limits. - - .. code-block:: bash - - sudo tljh-config set limits.memory 4G - - Even if you want individual users to use as much memory as possible, - it is still good practice to set a memory limit of 80-90% of total - physical memory. This prevents one user from being able to single - handedly take down the machine accidentally by OOMing it. - -* ``limits.cpu`` A float representing the total CPU-cores each user can use. - By default there is no CPU limit. - 1 represents one full CPU, 4 represents 4 full CPUs, 0.5 represents - half of one CPU, etc. This value is ultimately converted to a percentage and - rounded down to the nearest integer percentage, - i.e. 1.5 is converted to 150%, 0.125 is converted to 12%, etc. - Setting it to ``None`` disables CPU limits. - - .. code-block:: bash - - sudo tljh-config set limits.cpu 2 - -.. _tljh-set-user-env: - -User Environment ----------------- - - - ``user_environment.default_app`` Set default application users are - launched into. Currently can be set to the following values - ``jupyterlab`` or ``nteract`` - - .. code-block:: bash - - sudo tljh-config set user_environment.default_app jupyterlab - -.. _tljh-set-extra-user-groups: - -Extra User Groups -================= - - -``users.extra_user_groups`` is a configuration option that can be used -to automatically add a user to a specific group. By default, there are -no extra groups defined. - -Users can be "paired" with the desired, **existing** groups using: - -* ``tljh-config set``, if only one user is to be added to the - desired group: - -.. code-block:: bash - - tljh-config set users.extra_user_groups.group1 user1 - -* ``tljh-config add-item``, if multiple users are to be added to - the group: - -.. code-block:: bash - - tljh-config add-item users.extra_user_groups.group1 user1 - tljh-config add-item users.extra_user_groups.group1 user2 - - -.. _tljh-view-conf: - -View current configuration -========================== - -To see the current configuration, you can run the following command: - -.. code-block:: bash - - sudo tljh-config show - -This will print the current configuration of your TLJH. This is very -useful when asking for support! - -.. _tljh-reload-hub: - - -Reloading JupyterHub to apply configuration -=========================================== - -After modifying the configuration, you need to reload JupyterHub for -it to take effect. You can do so with: - -.. code-block:: bash - - sudo tljh-config reload - -This should not affect any running users. The JupyterHub will be -restarted and loaded with the new configuration. - -.. _tljh-edit-yaml: - -Advanced: ``config.yaml`` -========================= - -``tljh-config`` is a simple program that modifies the contents of the -``config.yaml`` file located at ``/opt/tljh/config/config.yaml``. ``tljh-config`` -is the recommended method of editing / viewing configuration since editing -YAML by hand in a terminal text editor is a large source of errors. - -To learn more about the ``tljh-config`` usage, you can use the ``--help`` flag. -The ``--help`` flag can be used either directly, to get information about the -general usage of the command or after a positional argument. For example, using -it after an argument like ``remove-item`` gives information about this specific command. - -.. code-block:: bash - - sudo tljh-config --help - - usage: tljh-config [-h] [--config-path CONFIG_PATH] {show,unset,set,add-item,remove-item,reload} ... - - positional arguments: - {show,unset,set,add-item,remove-item,reload} - show Show current configuration - unset Unset a configuration property - set Set a configuration property - add-item Add a value to a list for a configuration property - remove-item Remove a value from a list for a configuration property - reload Reload a component to apply configuration change - - optional arguments: - -h, --help show this help message and exit - --config-path CONFIG_PATH - Path to TLJH config.yaml file - -.. code-block:: bash - - sudo tljh-config remove-item --help - - usage: tljh-config remove-item [-h] key_path value - - positional arguments: - key_path Dot separated path to configuration key to remove value from - value Value to remove from key_path - - optional arguments: - -h, --help show this help message and exit diff --git a/docs/topic/whentouse.rst b/docs/topic/whentouse.md similarity index 51% rename from docs/topic/whentouse.rst rename to docs/topic/whentouse.md index fb4a17f..d404da3 100644 --- a/docs/topic/whentouse.rst +++ b/docs/topic/whentouse.md @@ -1,34 +1,32 @@ -.. _topic/whentouse: +(topic-whentouse)= -=================================== -When to use The Littlest JupyterHub -=================================== +# When to use The Littlest JupyterHub This page is a brief guide to determining whether to use The Littlest JupyterHub -(TLJH) or `Zero to JupyterHub for Kubernetes `_ (Z2JH). +(TLJH) or [Zero to JupyterHub for Kubernetes](https://zero-to-jupyterhub.readthedocs.io/en/latest/) (Z2JH). Many of these ideas were first laid out in a -`blog post announcing TLJH `_. +[blog post announcing TLJH](http://words.yuvi.in/post/the-littlest-jupyterhub/). -`**The Littlest JupyterHub (TLJH)** `_ is an opinionated and pre-configured distribution +[\*\*The Littlest JupyterHub (TLJH)\*\*](https://the-littlest-jupyterhub.readthedocs.io/en/latest/) is an opinionated and pre-configured distribution to deploy a JupyterHub on a **single machine** (in the cloud or on your own hardware). It is designed to be a more lightweight and maintainable solution for use-cases where size, scalability, and cost-savings are not a huge concern. -`**Zero to JupyterHub on Kubernetes** `_ allows you +[\*\*Zero to JupyterHub on Kubernetes\*\*](https://zero-to-jupyterhub.readthedocs.io/en/latest/) allows you to deploy JupyterHub on **Kubernetes**. This allows JupyterHub to scale to many thousands of users, to flexibly grow/shrink the size of resources it needs, and to use container technology in administering user sessions. -When to use TLJH vs. Z2JH -========================= +## When to use TLJH vs. Z2JH The choice between TLJH and Z2JH ultimately comes down to only a few questions: 1. Do you want your hub and all users to live on a **single, larger machine** vs. spreading users on a **cluster of smaller machines** that are scaled up or down? - * If you can use a single machine, we recommend **The Littlest JupyterHub**. - * If you wish to use multiple machines, we recommend **Zero to JupyterHub for Kubernetes**. + - If you can use a single machine, we recommend **The Littlest JupyterHub**. + - If you wish to use multiple machines, we recommend **Zero to JupyterHub for Kubernetes**. + 2. Do you **need to use container technology**? - * If no, we recommend **The Littlest JupyterHub**. - * If yes, we recommend **Zero to JupyterHub for Kubernetes**. + - If no, we recommend **The Littlest JupyterHub**. + - If yes, we recommend **Zero to JupyterHub for Kubernetes**. diff --git a/docs/troubleshooting/index.rst b/docs/troubleshooting/index.md similarity index 66% rename from docs/troubleshooting/index.rst rename to docs/troubleshooting/index.md index 12361a0..9c899fd 100644 --- a/docs/troubleshooting/index.rst +++ b/docs/troubleshooting/index.md @@ -1,25 +1,27 @@ -=============== -Troubleshooting -=============== +(troubleshooting)= + +# Troubleshooting In time, all systems have issues that need to be debugged. Troubleshooting guides help you find what is broken & hopefully fix it. -.. toctree:: - :titlesonly: - :caption: Troubleshooting +```{toctree} +:caption: Troubleshooting +:titlesonly: true - logs - restart +logs +restart +``` Often, your issues are not related to TLJH itself but to the cloud provider your server is running on. We have some documentation on common issues you might run into with various providers and how to fix them. We welcome contributions here to better support your favorite provider! -.. toctree:: - :titlesonly: +```{toctree} +:titlesonly: true - providers/google - providers/amazon - providers/custom +providers/google +providers/amazon +providers/custom +``` diff --git a/docs/troubleshooting/logs.md b/docs/troubleshooting/logs.md new file mode 100644 index 0000000..b488494 --- /dev/null +++ b/docs/troubleshooting/logs.md @@ -0,0 +1,105 @@ +(troubleshooting-logs)= + +# Looking at Logs + +**Logs** are extremely useful in piecing together what went wrong when things go wrong. +They contain a forensic record of what individual pieces of software were doing +before things went bad, and can help us understand the problem so we can fix it. + +TLJH collects logs from JupyterHub, Traefik Proxy, & from each individual +user's notebook server. All the logs are accessible via [journalctl](https://www.freedesktop.org/software/systemd/man/journalctl.html). +The installer also writes logs to disk, to help with cases where the +installer did not succeed. + +:::{warning} +If you are providing a snippet from the logs to someone else to help debug +a problem you might have, be careful to redact any private information (such +as usernames) from the snippet first! +::: + +(troubleshooting-logs-installer)= + +## Installer Logs + +The JupyterHub installer writes log messages to `/opt/tljh/installer.log`. +This is very useful if the installation fails for any reason. + +(troubleshoot-logs-jupyterhub)= + +## JupyterHub Logs + +JupyterHub is responsible for user authentication, & starting / stopping user +notebook servers. When there is a general systemic issue with JupyterHub (rather +than a specific issue with a particular user's notebook), looking at the JupyterHub +logs is a great first step. + +```bash +sudo journalctl -u jupyterhub +``` + +This command displays logs from JupyterHub itself. See [](#journalctl-tips) +for tips on navigating the logs. + +(troubleshooting-logs-traefik)= + +## Traefik Proxy Logs + +[traefik](https://traefik.io/) redirects traffic to JupyterHub / user notebook servers +as necessary & handles HTTPS. Look at this if all you can see in your browser +is one line cryptic error messages, or if you are having trouble with HTTPS. + +```bash +sudo journalctl -u traefik +``` + +This command displays logs from Traefik. See [](#journalctl-tips) +for tips on navigating the logs. + +## User Server Logs + +Each user gets their own notebook server, and this server also produces logs. +Looking at these can be useful when a user can launch their server but run into +problems after that. + +```bash +sudo journalctl -u jupyter- +``` + +This command displays logs from the given user's notebook server. You can get a +list of all users from the "users" button at the top-right of the Admin page. +See [](#journalctl-tips) for tips on navigating the logs. + +(journalctl-tips)= + +## journalctl tips + +`journalctl` has a lot of options to make your life as an administrator +easier. Here are some very basic tips on effective `journalctl` usage. + +1. When looking at full logs (via `sudo journalctl -u `), the output + usually does not fit into one screen. Hence, it is _paginated_ with + [less](). This allows you to + scroll up / down, search for specific words, etc. Some common keyboard shortcuts + are: + + - Arrow keys to move up / down / left / right + - `G` to navigate to the end of the logs + - `g` to navigate to the start of the logs + - `/` followed by a string to search for & `enter` key to search the logs + from current position on screen to the end of the logs. If there are multiple + results, you can use `n` key to jump to the next search result. Use `?` + instead of `/` to search backwards from current position + - `q` or `Ctrl + C` to exit + + There are plenty of [other commands & options](https://linux.die.net/man/1/less) + to explore if you wish. + +2. Add `-f` to any `journalctl` command to view live logging output + that updates as new log lines are written. This is extremely useful when + actively debugging an issue. + + For example, to watch live logs of JupyterHub, you can run: + + ```bash + sudo journalctl -u jupyterhub -f + ``` diff --git a/docs/troubleshooting/logs.rst b/docs/troubleshooting/logs.rst deleted file mode 100644 index 315289f..0000000 --- a/docs/troubleshooting/logs.rst +++ /dev/null @@ -1,112 +0,0 @@ -.. _troubleshooting/logs: - -=============== -Looking at Logs -=============== - -**Logs** are extremely useful in piecing together what went wrong when things go wrong. -They contain a forensic record of what individual pieces of software were doing -before things went bad, and can help us understand the problem so we can fix it. - -TLJH collects logs from JupyterHub, Traefik Proxy, & from each individual -user's notebook server. All the logs are accessible via `journalctl `_. -The installer also writes logs to disk, to help with cases where the -installer did not succeed. - -.. warning:: - - If you are providing a snippet from the logs to someone else to help debug - a problem you might have, be careful to redact any private information (such - as usernames) from the snippet first! - -.. _troubleshooting/logs#installer: - -Installer Logs -============== - -The JupyterHub installer writes log messages to ``/opt/tljh/installer.log``. -This is very useful if the installation fails for any reason. - -.. _troubleshoot_logs_jupyterhub: - -JupyterHub Logs -=============== - -JupyterHub is responsible for user authentication, & starting / stopping user -notebook servers. When there is a general systemic issue with JupyterHub (rather -than a specific issue with a particular user's notebook), looking at the JupyterHub -logs is a great first step. - -.. code-block:: bash - - sudo journalctl -u jupyterhub - -This command displays logs from JupyterHub itself. See :ref:`journalctl_tips` -for tips on navigating the logs. - -.. _troubleshooting/logs/traefik: - -Traefik Proxy Logs -================== - -`traefik `_ redirects traffic to JupyterHub / user notebook servers -as necessary & handles HTTPS. Look at this if all you can see in your browser -is one line cryptic error messages, or if you are having trouble with HTTPS. - -.. code-block:: bash - - sudo journalctl -u traefik - -This command displays logs from Traefik. See :ref:`journalctl_tips` -for tips on navigating the logs. - -User Server Logs -================ - -Each user gets their own notebook server, and this server also produces logs. -Looking at these can be useful when a user can launch their server but run into -problems after that. - -.. code-block:: bash - - sudo journalctl -u jupyter- - -This command displays logs from the given user's notebook server. You can get a -list of all users from the "users" button at the top-right of the Admin page. -See :ref:`journalctl_tips` for tips on navigating the logs. - -.. _journalctl_tips: - -journalctl tips -=============== - -``journalctl`` has a lot of options to make your life as an administrator -easier. Here are some very basic tips on effective ``journalctl`` usage. - -1. When looking at full logs (via ``sudo journalctl -u ``), the output - usually does not fit into one screen. Hence, it is *paginated* with - `less `_. This allows you to - scroll up / down, search for specific words, etc. Some common keyboard shortcuts - are: - - * Arrow keys to move up / down / left / right - * ``G`` to navigate to the end of the logs - * ``g`` to navigate to the start of the logs - * ``/`` followed by a string to search for & ``enter`` key to search the logs - from current position on screen to the end of the logs. If there are multiple - results, you can use ``n`` key to jump to the next search result. Use ``?`` - instead of ``/`` to search backwards from current position - * ``q`` or ``Ctrl + C`` to exit - - There are plenty of `other commands & options `_ - to explore if you wish. - -2. Add ``-f`` to any ``journalctl`` command to view live logging output - that updates as new log lines are written. This is extremely useful when - actively debugging an issue. - - For example, to watch live logs of JupyterHub, you can run: - - .. code-block:: bash - - sudo journalctl -u jupyterhub -f diff --git a/docs/troubleshooting/providers/amazon.md b/docs/troubleshooting/providers/amazon.md new file mode 100644 index 0000000..492f416 --- /dev/null +++ b/docs/troubleshooting/providers/amazon.md @@ -0,0 +1,26 @@ +# Troubleshooting issues on Amazon Web Services + +This is an incomplete list of issues people have run into when running +TLJH on Amazon Web Services (AWS), and how they have fixed them! + +## 'Connection Refused' error after restarting server + +If you restarted your server from the EC2 Management Console & then try to access +your JupyterHub from a browser, you might get a **Connection Refused** error. +This is most likely because the **External IP** of your server has changed. + +Check the **IPv4 Public IP** dislayed in the bottom of the `EC2 Management Console` +screen for that instance matches the IP you are trying to access. If you have a +domain name pointing to the IP address, you might have to change it to point to +the new correct IP. + +You can prevent public IP changes by [associating a static IP](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html) +with your server. In the Amazon Web Services ecosystem, the public static IP +addresses are handled under `Elastic IP addresses` category of AWS; these +addresses are tied to the overall AWS account. [This guide](https://dzone.com/articles/assign-fixed-ip-aws-ec2) might be helpful. Notice +there can be a cost to this. Although [the guide](https://dzone.com/articles/assign-fixed-ip-aws-ec2) is outdated (generally +half that [price now](https://aws.amazon.com/ec2/pricing/on-demand/#Elastic_IP_Addresses)), +Amazon describes [here](https://aws.amazon.com/premiumsupport/knowledge-center/elastic-ip-charges/) +how the Elastic IP address feature is free when associated with a running +instance, but that you'll be charged by the hour for maintaining that specific +IP address when it isn't associated with a running instance. diff --git a/docs/troubleshooting/providers/amazon.rst b/docs/troubleshooting/providers/amazon.rst deleted file mode 100644 index a39f1f9..0000000 --- a/docs/troubleshooting/providers/amazon.rst +++ /dev/null @@ -1,32 +0,0 @@ -============================================= -Troubleshooting issues on Amazon Web Services -============================================= - -This is an incomplete list of issues people have run into when running -TLJH on Amazon Web Services (AWS), and how they have fixed them! - -'Connection Refused' error after restarting server -================================================== - -If you restarted your server from the EC2 Management Console & then try to access -your JupyterHub from a browser, you might get a **Connection Refused** error. -This is most likely because the **External IP** of your server has changed. - -Check the **IPv4 Public IP** dislayed in the bottom of the `EC2 Management Console` -screen for that instance matches the IP you are trying to access. If you have a -domain name pointing to the IP address, you might have to change it to point to -the new correct IP. - -You can prevent public IP changes by `associating a static IP -`_ -with your server. In the Amazon Web Services ecosystem, the public static IP -addresses are handled under `Elastic IP addresses` category of AWS; these -addresses are tied to the overall AWS account. `This guide -`_ might be helpful. Notice -there can be a cost to this. Although `the guide -`_ is outdated (generally -half that `price now `_), -Amazon describes `here `_ -how the Elastic IP address feature is free when associated with a running -instance, but that you'll be charged by the hour for maintaining that specific -IP address when it isn't associated with a running instance. diff --git a/docs/troubleshooting/providers/custom.rst b/docs/troubleshooting/providers/custom.md similarity index 55% rename from docs/troubleshooting/providers/custom.rst rename to docs/troubleshooting/providers/custom.md index 8caf112..10d4280 100644 --- a/docs/troubleshooting/providers/custom.rst +++ b/docs/troubleshooting/providers/custom.md @@ -1,8 +1,6 @@ -.. _troubleshooting/providers/custom: +(troubleshooting-providers-custom)= -========================================= -Troubleshooting issues on your own server -========================================= +# Troubleshooting issues on your own server This is an incomplete list of issues people have run into when installing TLJH on their own servers, and ways they @@ -11,23 +9,22 @@ Before trying any of them, also consider whether turning your machine on and off and/or deleting the VM and starting over could solve the problem; it has done so on a surprisingly high number of occasions! -Outgoing HTTP proxy required -============================ +## Outgoing HTTP proxy required + If your server is behind a firewall that requires a HTTP proxy to reach the internet, run these commands before running the installer -.. code-block:: bash +```bash +export http_proxy= +``` - export http_proxy= - -HTTPS certificate interception -============================== +## HTTPS certificate interception If your server is behind a firewall that intercepts HTTPS requests and re-signs them, you might have to explicitly tell TLJH which certificates to use. -.. code:: - - export REQUESTS_CA_BUNDLE= - sudo npm config set cafile= +``` +export REQUESTS_CA_BUNDLE= +sudo npm config set cafile= +``` diff --git a/docs/troubleshooting/providers/google.md b/docs/troubleshooting/providers/google.md new file mode 100644 index 0000000..74c4417 --- /dev/null +++ b/docs/troubleshooting/providers/google.md @@ -0,0 +1,47 @@ +# Troubleshooting issues on Google Cloud + +This is an incomplete list of issues people have run into when running +TLJH on Google Cloud, and how they have fixed them! + +## Viewing VM instance logs + +In addition to [installer, JupyterHub, traefik, and other logs](#troubleshooting-logs) +you can view VM instance logs on Google Cloud to help diagnose issues. These logs will contain +detailed information and error stack traces and can be viewed from +[Google Cloud Console -> Compute Engine -> VM instances](https://console.cloud.google.com/compute/instances). +Once you select your TLJH instance, select **Serial port 1 (console)**: + +```{image} ../../images/providers/google/serial-port-console.png +:alt: Serial port 1 (console) under Logs heading +``` + +:::{tip} +The console will show the logs of any startup scripts you configured for your instance, +making it easy to see if it has completed and/or encountered any errors. +::: + +## 'Connection Refused' error after restarting server + +If you restarted your server from the Google Cloud console & then try to access +your JupyterHub from a browser, you might get a **Connection Refused** error. +This is most likely because the **External IP** of your server has changed. + +Check the **External IP** in the [Google Cloud Console -> Compute Engine -> VM instances](https://console.cloud.google.com/compute/instances) screen +matches the IP you are trying to access. If you have a domain name pointing to the +IP address, you might have to change it to point to the new correct IP. + +You can prevent External IP changes by [reserving the static IP](https://cloud.google.com/compute/docs/ip-addresses/reserve-static-external-ip-address#promote_ephemeral_ip) +your server is using. + +## Issues caused by lack of disk space + +If your boot disk becomes full, this can cause your instance to become unavailable, +among other problems. If your instance appears up and running in the console but +you cannot access it at your configured external IP/domain name, this could be caused +by a lack of disk space. + +You can explore your [VM logs in the console](#viewing-vm-instance-logs) to determine +if any issues you are experiencing indicate disk space issues. + +To resolve these types of issues, you can +[increase your boot disk size](#howto-providers-google-resize-disk). diff --git a/docs/troubleshooting/providers/google.rst b/docs/troubleshooting/providers/google.rst deleted file mode 100644 index 626f120..0000000 --- a/docs/troubleshooting/providers/google.rst +++ /dev/null @@ -1,22 +0,0 @@ -====================================== -Troubleshooting issues on Google Cloud -====================================== - -This is an incomplete list of issues people have run into when running -TLJH on Google Cloud, and how they have fixed them! - -'Connection Refused' error after restarting server -================================================== - -If you restarted your server from the Google Cloud console & then try to access -your JupyterHub from a browser, you might get a **Connection Refused** error. -This is most likely because the **External IP** of your server has changed. - -Check the **External IP** in the `Google Cloud Console -> Compute Engine -> VM instances -`_ screen -matches the IP you are trying to access. If you have a domain name pointing to the -IP address, you might have to change it to point to the new correct IP. - -You can prevent External IP changes by `reserving the static IP -`_ -your server is using. diff --git a/docs/troubleshooting/restart.md b/docs/troubleshooting/restart.md new file mode 100644 index 0000000..3d4fd23 --- /dev/null +++ b/docs/troubleshooting/restart.md @@ -0,0 +1,27 @@ +# Stopping and Restarting the JupyterHub Server + +The user can **stop** the JupyterHub server using: + +```console +$ systemctl stop jupyterhub.service +``` + +:::{warning} +Keep in mind that other services that may also require stopping: + +- The user's Jupyter server: jupyter-username.service +- traefik.service + +::: + +The user may **restart** JupyterHub and Traefik services by running: + +```console +$ sudo tljh-config reload proxy +``` + +This calls systemctl and restarts Traefik. The user may call systemctl and restart only the JupyterHub using the command: + +```console +$ sudo tljh-config reload hub +``` diff --git a/docs/troubleshooting/restart.rst b/docs/troubleshooting/restart.rst deleted file mode 100644 index 7220f9c..0000000 --- a/docs/troubleshooting/restart.rst +++ /dev/null @@ -1,29 +0,0 @@ - -============================================= -Stopping and Restarting the JupyterHub Server -============================================= - -The user can **stop** the JupyterHub server using: - -.. code-block:: console - - $ systemctl stop jupyterhub.service - -.. warning:: - - Keep in mind that other services that may also require stopping: - - * The user's Jupyter server: jupyter-username.service - * Traefik.service - -The user may **restart** JupyterHub and Traefik services by running: - -.. code-block:: console - - $ sudo tljh-config reload proxy - -This calls systemctl and restarts Traefik. The user may call systemctl and restart only the JupyterHub using the command: - -.. code-block:: console - - $ sudo tljh-config reload hub diff --git a/integration-tests/Dockerfile b/integration-tests/Dockerfile index 64d5d0b..c1c73d8 100644 --- a/integration-tests/Dockerfile +++ b/integration-tests/Dockerfile @@ -1,6 +1,6 @@ # Systemd inside a Docker container, for CI only -ARG ubuntu_version=20.04 -FROM ubuntu:${ubuntu_version} +ARG BASE_IMAGE=ubuntu:20.04 +FROM $BASE_IMAGE # DEBIAN_FRONTEND is set to avoid being asked for input and hang during build: # https://anonoz.github.io/tech/2020/04/24/docker-build-stuck-tzdata.html @@ -8,9 +8,11 @@ RUN export DEBIAN_FRONTEND=noninteractive \ && apt-get update \ && apt-get install --yes \ systemd \ + bzip2 \ curl \ git \ sudo \ + python3 \ && rm -rf /var/lib/apt/lists/* # Kill all the things we don't need @@ -22,8 +24,6 @@ RUN find /etc/systemd/system \ -not -name '*systemd-user-sessions*' \ -exec rm \{} \; -RUN mkdir -p /etc/sudoers.d - RUN systemctl set-default multi-user.target STOPSIGNAL SIGRTMIN+3 diff --git a/integration-tests/conftest.py b/integration-tests/conftest.py index 123be8d..b48e032 100644 --- a/integration-tests/conftest.py +++ b/integration-tests/conftest.py @@ -25,5 +25,5 @@ def preserve_config(request): f.write(save_config) elif os.path.exists(CONFIG_FILE): os.remove(CONFIG_FILE) - reload_component("hub") reload_component("proxy") + reload_component("hub") diff --git a/integration-tests/plugins/simplest/tljh_simplest.py b/integration-tests/plugins/simplest/tljh_simplest.py index 12a64b4..d122acd 100644 --- a/integration-tests/plugins/simplest/tljh_simplest.py +++ b/integration-tests/plugins/simplest/tljh_simplest.py @@ -1,5 +1,5 @@ """ -Simplest plugin that exercises all the hooks +Simplest plugin that exercises all the hooks defined in tljh/hooks.py. """ from tljh.hooks import hookimpl @@ -8,7 +8,8 @@ from tljh.hooks import hookimpl def tljh_extra_user_conda_packages(): return [ "hypothesis", - "csvtk" + "csvtk", + "tqdm" ] @hookimpl @@ -21,43 +22,37 @@ def tljh_extra_user_conda_channels(): @hookimpl def tljh_extra_user_pip_packages(): - return [ - "django", - ] + return ["django"] @hookimpl def tljh_extra_hub_pip_packages(): - return [ - "there", - ] + return ["there"] @hookimpl def tljh_extra_apt_packages(): - return [ - "sl", - ] - - -@hookimpl -def tljh_config_post_install(config): - # Put an arbitrary marker we can test for - config["simplest_plugin"] = {"present": True} + return ["sl"] @hookimpl def tljh_custom_jupyterhub_config(c): - c.JupyterHub.authenticator_class = "tmpauthenticator.TmpAuthenticator" + c.Test.jupyterhub_config_set_by_simplest_plugin = True + + +@hookimpl +def tljh_config_post_install(config): + config["Test"] = {"tljh_config_set_by_simplest_plugin": True} @hookimpl def tljh_post_install(): - with open("test_post_install", "w") as f: - f.write("123456789") + with open("test_tljh_post_install", "w") as f: + f.write("file_written_by_simplest_plugin") @hookimpl def tljh_new_user_create(username): with open("test_new_user_create", "w") as f: + f.write("file_written_by_simplest_plugin") f.write(username) diff --git a/integration-tests/requirements.txt b/integration-tests/requirements.txt index a6f3d17..c086c7f 100644 --- a/integration-tests/requirements.txt +++ b/integration-tests/requirements.txt @@ -1,3 +1,4 @@ pytest +pytest-cov pytest-asyncio git+https://github.com/yuvipanda/hubtraf.git diff --git a/integration-tests/test_admin_installer.py b/integration-tests/test_admin_installer.py index f039bfc..7eb2533 100644 --- a/integration-tests/test_admin_installer.py +++ b/integration-tests/test_admin_installer.py @@ -1,41 +1,56 @@ -from hubtraf.user import User -from hubtraf.auth.dummy import login_dummy -import pytest +import asyncio from functools import partial +import pytest +from hubtraf.auth.dummy import login_dummy +from hubtraf.user import User -@pytest.mark.asyncio -async def test_admin_login(): - """ - Test if the admin that was added during install can login with - the password provided. - """ - hub_url = "http://localhost" - username = "admin" - password = "admin" +# Use sudo to invoke it, since this is how users invoke it. +# This catches issues with PATH +TLJH_CONFIG_PATH = ["sudo", "tljh-config"] - async with User(username, hub_url, partial(login_dummy, password=password)) as u: - await u.login() - # If user is not logged in, this will raise an exception - await u.ensure_server_simulate() +# This *must* be localhost, not an IP +# aiohttp throws away cookies if we are connecting to an IP! +HUB_URL = "http://localhost" + + +# FIXME: Other tests may have set the auth.type to dummy, so we reset it here to +# get the default of firstuseauthenticator. Tests should cleanup after +# themselves to a better degree, but its a bit trouble to reload the +# jupyterhub between each test as well if thats needed... +async def test_restore_relevant_tljh_state(): + assert ( + 0 + == await ( + await asyncio.create_subprocess_exec( + *TLJH_CONFIG_PATH, + "set", + "auth.type", + "firstuseauthenticator.FirstUseAuthenticator", + ) + ).wait() + ) + assert ( + 0 + == await ( + await asyncio.create_subprocess_exec(*TLJH_CONFIG_PATH, "reload") + ).wait() + ) -@pytest.mark.asyncio @pytest.mark.parametrize( - "username, password", + "username, password, expect_successful_login", [ - ("admin", ""), - ("admin", "wrong_passw"), - ("user", "password"), + ("test-admin-username", "test-admin-password", True), + ("user", "", False), ], ) -async def test_unsuccessful_login(username, password): +async def test_pre_configured_admin_login(username, password, expect_successful_login): """ - Ensure nobody but the admin that was added during install can login + Verify that the "--admin :" flag allows that user/pass + combination and no other user can login. """ - hub_url = "http://localhost" - - async with User(username, hub_url, partial(login_dummy, password="")) as u: + async with User(username, HUB_URL, partial(login_dummy, password=password)) as u: user_logged_in = await u.login() - assert user_logged_in == False + assert user_logged_in == expect_successful_login diff --git a/integration-tests/test_bootstrap.py b/integration-tests/test_bootstrap.py index b0cdab6..09ae140 100644 --- a/integration-tests/test_bootstrap.py +++ b/integration-tests/test_bootstrap.py @@ -1,119 +1,82 @@ """ -Test running bootstrap script in different circumstances +This test file tests bootstrap.py ability to + +- error verbosely for old ubuntu +- error verbosely for no systemd +- start and provide a progress page web server + +FIXME: The last test stands out and could be part of the other tests, and the + first two could be more like unit tests. Ideally, this file is + significantly reduced. """ import concurrent.futures import os import subprocess import time +GIT_REPO_PATH = os.path.abspath(os.path.dirname(os.path.dirname(__file__))) +BASE_IMAGE = os.getenv("BASE_IMAGE", "ubuntu:20.04") -def install_pkgs(container_name, show_progress_page): - # Install python3 inside the ubuntu container - # There is no trusted Ubuntu+Python3 container we can use - pkgs = ["python3"] - if show_progress_page: - pkgs += ["systemd", "git", "curl"] - # Create the sudoers dir, so that the installer succesfully gets to the - # point of starting jupyterhub and stopping the progress page server. - subprocess.check_output( - ["docker", "exec", container_name, "mkdir", "-p", "etc/sudoers.d"] - ) - subprocess.check_output(["docker", "exec", container_name, "apt-get", "update"]) - subprocess.check_output( - ["docker", "exec", container_name, "apt-get", "install", "--yes"] + pkgs +def _stop_container(): + """ + Stops a container if its already running. + """ + subprocess.run( + ["docker", "rm", "--force", "test-bootstrap"], + stdout=subprocess.DEVNULL, + stderr=subprocess.DEVNULL, ) -def get_bootstrap_script_location(container_name, show_progress_page): - # Copy only the bootstrap script to container when progress page not enabled, to be faster - source_path = "bootstrap/" - bootstrap_script = "/srv/src/bootstrap.py" - if show_progress_page: - source_path = os.path.abspath( - os.path.join(os.path.dirname(__file__), os.pardir) - ) - bootstrap_script = "/srv/src/bootstrap/bootstrap.py" - - subprocess.check_call(["docker", "cp", source_path, f"{container_name}:/srv/src"]) - return bootstrap_script - - -# FIXME: Refactor this function to easier to understand using the following -# parameters -# -# - param: container_apt_packages -# - param: bootstrap_tljh_source -# - local: copies local tljh repo to container and configures bootstrap to -# install tljh from copied repo -# - github: configures bootstrap to install tljh from the official github repo -# - : configures bootstrap to install tljh from any given remote location -# - param: bootstrap_flags -# -# FIXME: Consider stripping logic in this file to only testing if the bootstrap -# script successfully detects the too old Ubuntu version and the lack of -# systemd. The remaining test named test_progress_page could rely on -# running against the systemd container that cab be built by -# integration-test.py. -# -def run_bootstrap_after_preparing_container( - container_name, image, show_progress_page=False -): +def _run_bootstrap_in_container(image, complete_setup=True): """ - 1. Stops old container - 2. Starts --detached container - 3. Installs apt packages in container - 4. Two situations - - A) limited test (--show-progress-page=false) - - Copies ./bootstrap/ folder content to container /srv/src - - Runs copied bootstrap/bootstrap.py without flags - - B) full test (--show-progress-page=true) - - Copies ./ folder content to the container /srv/src - - Runs copied bootstrap/bootstrap.py with environment variables - - TLJH_BOOTSTRAP_DEV=yes - This makes --editable be used when installing the tljh package - - TLJH_BOOTSTRAP_PIP_SPEC=/srv/src - This makes us install tljh from the given location instead of from - github.com/jupyterhub/the-littlest-jupyterhub + 1. (Re-)starts a container named test-bootstrap based on image, mounting + local git repo and exposing port 8080 to the containers port 80. + 2. Installs python3, systemd, git, and curl in container + 3. Runs bootstrap/bootstrap.py in container to install the mounted git + repo's tljh package in --editable mode. """ - # stop container if it is already running - subprocess.run(["docker", "rm", "-f", container_name]) + _stop_container() # Start a detached container - subprocess.check_call( + subprocess.check_output( [ "docker", "run", "--env=DEBIAN_FRONTEND=noninteractive", + "--env=TLJH_BOOTSTRAP_DEV=yes", + "--env=TLJH_BOOTSTRAP_PIP_SPEC=/srv/src", + f"--volume={GIT_REPO_PATH}:/srv/src", + "--publish=8080:80", "--detach", - f"--name={container_name}", + "--name=test-bootstrap", image, - "/bin/bash", + "bash", "-c", - "sleep 1000s", + "sleep 300s", ] ) - install_pkgs(container_name, show_progress_page) - - bootstrap_script = get_bootstrap_script_location(container_name, show_progress_page) - - exec_flags = ["-i", container_name, "python3", bootstrap_script] - if show_progress_page: - exec_flags = ( - ["-e", "TLJH_BOOTSTRAP_DEV=yes", "-e", "TLJH_BOOTSTRAP_PIP_SPEC=/srv/src"] - + exec_flags - + ["--show-progress-page"] + run = ["docker", "exec", "-i", "test-bootstrap"] + subprocess.check_output(run + ["apt-get", "update"]) + subprocess.check_output(run + ["apt-get", "install", "--yes", "python3"]) + if complete_setup: + subprocess.check_output( + run + ["apt-get", "install", "--yes", "systemd", "git", "curl"] ) - # Run bootstrap script, return the output + run_bootstrap = run + [ + "python3", + "/srv/src/bootstrap/bootstrap.py", + "--show-progress-page", + ] + + # Run bootstrap script inside detached container, return the output return subprocess.run( - ["docker", "exec"] + exec_flags, - check=False, - stdout=subprocess.PIPE, - encoding="utf-8", + run_bootstrap, + text=True, + capture_output=True, ) @@ -121,61 +84,72 @@ def test_ubuntu_too_old(): """ Error with a useful message when running in older Ubuntu """ - output = run_bootstrap_after_preparing_container("old-distro-test", "ubuntu:16.04") - assert output.stdout == "The Littlest JupyterHub requires Ubuntu 18.04 or higher\n" + output = _run_bootstrap_in_container("ubuntu:18.04", False) + _stop_container() + assert output.stdout == "The Littlest JupyterHub requires Ubuntu 20.04 or higher\n" assert output.returncode == 1 -def test_inside_no_systemd_docker(): - output = run_bootstrap_after_preparing_container( - "plain-docker-test", - f"ubuntu:{os.getenv('UBUNTU_VERSION', '20.04')}", - ) +def test_no_systemd(): + output = _run_bootstrap_in_container("ubuntu:22.04", False) assert "Systemd is required to run TLJH" in output.stdout assert output.returncode == 1 -def verify_progress_page(expected_status_code, timeout): - progress_page_status = False +def _wait_for_progress_page_response(expected_status_code, timeout): start = time.time() - while not progress_page_status and (time.time() - start < timeout): + while time.time() - start < timeout: try: resp = subprocess.check_output( [ - "docker", - "exec", - "progress-page", "curl", - "-i", - "http://localhost/index.html", - ] + "--include", + "http://localhost:8080/index.html", + ], + text=True, + stderr=subprocess.DEVNULL, ) - if b"HTTP/1.0 200 OK" in resp: - progress_page_status = True - break - except Exception as e: - time.sleep(2) - continue + if "HTTP/1.0 200 OK" in resp: + return True + except Exception: + pass + time.sleep(1) - return progress_page_status + return False -def test_progress_page(): +def test_show_progress_page(): with concurrent.futures.ThreadPoolExecutor() as executor: - installer = executor.submit( - run_bootstrap_after_preparing_container, - "progress-page", - f"ubuntu:{os.getenv('UBUNTU_VERSION', '20.04')}", - True, + run_bootstrap_job = executor.submit(_run_bootstrap_in_container, BASE_IMAGE) + + # Check that the bootstrap script started the web server reporting + # progress successfully responded. + success = _wait_for_progress_page_response( + expected_status_code=200, timeout=180 ) + if success: + # Let's terminate the test here and save a minute or so in test + # executation time, because we can know that the will be stopped + # successfully in other tests as otherwise traefik won't be able to + # start and use the same port for example. + return - # Check if progress page started - started = verify_progress_page(expected_status_code=200, timeout=120) - assert started + # Now await an expected failure to startup JupyterHub by tljh.installer, + # which should have taken over the work started by the bootstrap script. + # + # This failure is expected to occur in + # tljh.installer.ensure_jupyterhub_service calling systemd.reload_daemon + # like this: + # + # > System has not been booted with systemd as init system (PID 1). + # > Can't operate. + # + output = run_bootstrap_job.result() + print(output.stdout) + print(output.stderr) - # This will fail start tljh but should successfully get to the point - # Where it stops the progress page server. - output = installer.result() - - # Check if progress page stopped + # At this point we should be able to see that tljh.installer + # intentionally stopped the web server reporting progress as the port + # were about to become needed by Traefik. assert "Progress page server stopped successfully." in output.stdout + assert success diff --git a/integration-tests/test_extensions.py b/integration-tests/test_extensions.py index 96c5ca8..661432b 100644 --- a/integration-tests/test_extensions.py +++ b/integration-tests/test_extensions.py @@ -1,3 +1,4 @@ +import re import subprocess @@ -7,14 +8,13 @@ def test_serverextensions(): """ # jupyter-serverextension writes to stdout and stderr weirdly proc = subprocess.run( - ["/opt/tljh/user/bin/jupyter-serverextension", "list", "--sys-prefix"], + ["/opt/tljh/user/bin/jupyter-server", "extension", "list", "--sys-prefix"], stderr=subprocess.PIPE, ) extensions = [ - "jupyterlab 3.", - "nbgitpuller 1.", - "nteract_on_jupyter 2.1.", + "jupyterlab", + "nbgitpuller", "jupyter_resource_usage", ] @@ -22,27 +22,26 @@ def test_serverextensions(): assert e in proc.stderr.decode() -def test_nbextensions(): +def test_labextensions(): """ - Validate nbextensions we want are installed & enabled + Validate JupyterLab extensions we want are installed & enabled """ - # jupyter-nbextension writes to stdout and stderr weirdly + # jupyter-labextension writes to stdout and stderr weirdly proc = subprocess.run( - ["/opt/tljh/user/bin/jupyter-nbextension", "list", "--sys-prefix"], + ["/opt/tljh/user/bin/jupyter-labextension", "list"], stderr=subprocess.PIPE, stdout=subprocess.PIPE, ) extensions = [ - "jupyter_resource_usage/main", - # This is what ipywidgets nbextension is called - "jupyter-js-widgets/extension", + "@jupyter-server/resource-usage", + # This is what ipywidgets lab extension is called + "@jupyter-widgets/jupyterlab-manager", ] for e in extensions: - assert f"{e} \x1b[32m enabled \x1b[0m" in proc.stdout.decode() - - # Ensure we have 'OK' messages in our stdout, to make sure everything is importable - assert proc.stderr.decode() == " - Validating: \x1b[32mOK\x1b[0m\n" * len( - extensions - ) + # jupyter labextension lists outputs to stderr + out = proc.stderr.decode() + enabled_ok_pattern = re.compile(rf"{e}.*enabled.*OK") + matches = enabled_ok_pattern.search(out) + assert matches is not None diff --git a/integration-tests/test_hub.py b/integration-tests/test_hub.py index a056f62..55a35cd 100644 --- a/integration-tests/test_hub.py +++ b/integration-tests/test_hub.py @@ -1,36 +1,45 @@ -import requests -from hubtraf.user import User -from hubtraf.auth.dummy import login_dummy -from jupyterhub.utils import exponential_backoff -import secrets -import pytest -from functools import partial import asyncio -import pwd import grp +import pwd +import secrets import subprocess +from functools import partial from os import system -from tljh.normalize import generate_system_username +import pytest +import requests +from hubtraf.auth.dummy import login_dummy +from hubtraf.user import User +from jupyterhub.utils import exponential_backoff +from packaging.version import Version as V + +from tljh.normalize import generate_system_username # Use sudo to invoke it, since this is how users invoke it. # This catches issues with PATH TLJH_CONFIG_PATH = ["sudo", "tljh-config"] +# This *must* be localhost, not an IP +# aiohttp throws away cookies if we are connecting to an IP! +HUB_URL = "http://localhost" + def test_hub_up(): - r = requests.get("http://127.0.0.1") + r = requests.get(HUB_URL) r.raise_for_status() -@pytest.mark.asyncio +def test_hub_version(): + r = requests.get(HUB_URL + "/hub/api") + r.raise_for_status() + info = r.json() + assert V("4") <= V(info["version"]) <= V("5") + + async def test_user_code_execute(): """ User logs in, starts a server & executes code """ - # This *must* be localhost, not an IP - # aiohttp throws away cookies if we are connecting to an IP! - hub_url = "http://localhost" username = secrets.token_hex(8) assert ( @@ -48,17 +57,13 @@ async def test_user_code_execute(): ).wait() ) - async with User(username, hub_url, partial(login_dummy, password="")) as u: - await u.login() - await u.ensure_server_simulate() + async with User(username, HUB_URL, partial(login_dummy, password="")) as u: + assert await u.login() + await u.ensure_server_simulate(timeout=60, spawn_refresh_time=5) await u.start_kernel() await u.assert_code_output("5 * 4", "20", 5, 5) - # Assert that the user exists - assert pwd.getpwnam(f"jupyter-{username}") is not None - -@pytest.mark.asyncio async def test_user_server_started_with_custom_base_url(): """ User logs in, starts a server with a custom base_url & executes code @@ -66,7 +71,7 @@ async def test_user_server_started_with_custom_base_url(): # This *must* be localhost, not an IP # aiohttp throws away cookies if we are connecting to an IP! base_url = "/custom-base" - hub_url = f"http://localhost{base_url}" + custom_hub_url = f"{HUB_URL}{base_url}" username = secrets.token_hex(8) assert ( @@ -92,9 +97,9 @@ async def test_user_server_started_with_custom_base_url(): ).wait() ) - async with User(username, hub_url, partial(login_dummy, password="")) as u: - await u.login() - await u.ensure_server_simulate() + async with User(username, custom_hub_url, partial(login_dummy, password="")) as u: + assert await u.login() + await u.ensure_server_simulate(timeout=60, spawn_refresh_time=5) # unset base_url to avoid problems with other tests assert ( @@ -113,14 +118,12 @@ async def test_user_server_started_with_custom_base_url(): ) -@pytest.mark.asyncio async def test_user_admin_add(): """ User is made an admin, logs in and we check if they are in admin group """ # This *must* be localhost, not an IP # aiohttp throws away cookies if we are connecting to an IP! - hub_url = "http://localhost" username = secrets.token_hex(8) assert ( @@ -146,9 +149,9 @@ async def test_user_admin_add(): ).wait() ) - async with User(username, hub_url, partial(login_dummy, password="")) as u: - await u.login() - await u.ensure_server_simulate() + async with User(username, HUB_URL, partial(login_dummy, password="")) as u: + assert await u.login() + await u.ensure_server_simulate(timeout=60, spawn_refresh_time=5) # Assert that the user exists assert pwd.getpwnam(f"jupyter-{username}") is not None @@ -157,83 +160,10 @@ async def test_user_admin_add(): assert f"jupyter-{username}" in grp.getgrnam("jupyterhub-admins").gr_mem -# FIXME: Make this test pass -@pytest.mark.asyncio -@pytest.mark.xfail(reason="Unclear why this is failing") -async def test_user_admin_remove(): - """ - User is made an admin, logs in and we check if they are in admin group. - - Then we remove them from admin group, and check they *aren't* in admin group :D - """ - # This *must* be localhost, not an IP - # aiohttp throws away cookies if we are connecting to an IP! - hub_url = "http://localhost" - username = secrets.token_hex(8) - - assert ( - 0 - == await ( - await asyncio.create_subprocess_exec( - *TLJH_CONFIG_PATH, "set", "auth.type", "dummy" - ) - ).wait() - ) - assert ( - 0 - == await ( - await asyncio.create_subprocess_exec( - *TLJH_CONFIG_PATH, "add-item", "users.admin", username - ) - ).wait() - ) - assert ( - 0 - == await ( - await asyncio.create_subprocess_exec(*TLJH_CONFIG_PATH, "reload") - ).wait() - ) - - async with User(username, hub_url, partial(login_dummy, password="")) as u: - await u.login() - await u.ensure_server_simulate() - - # Assert that the user exists - assert pwd.getpwnam(f"jupyter-{username}") is not None - - # Assert that the user has admin rights - assert f"jupyter-{username}" in grp.getgrnam("jupyterhub-admins").gr_mem - - assert ( - 0 - == await ( - await asyncio.create_subprocess_exec( - *TLJH_CONFIG_PATH, "remove-item", "users.admin", username - ) - ).wait() - ) - assert ( - 0 - == await ( - await asyncio.create_subprocess_exec(*TLJH_CONFIG_PATH, "reload") - ).wait() - ) - - await u.stop_server() - await u.ensure_server_simulate() - - # Assert that the user does *not* have admin rights - assert f"jupyter-{username}" not in grp.getgrnam("jupyterhub-admins").gr_mem - - -@pytest.mark.asyncio async def test_long_username(): """ User with a long name logs in, and we check if their name is properly truncated. """ - # This *must* be localhost, not an IP - # aiohttp throws away cookies if we are connecting to an IP! - hub_url = "http://localhost" username = secrets.token_hex(32) assert ( @@ -252,9 +182,9 @@ async def test_long_username(): ) try: - async with User(username, hub_url, partial(login_dummy, password="")) as u: - await u.login() - await u.ensure_server_simulate() + async with User(username, HUB_URL, partial(login_dummy, password="")) as u: + assert await u.login() + await u.ensure_server_simulate(timeout=60, spawn_refresh_time=5) # Assert that the user exists system_username = generate_system_username(f"jupyter-{username}") @@ -267,14 +197,12 @@ async def test_long_username(): raise -@pytest.mark.asyncio async def test_user_group_adding(): """ User logs in, and we check if they are added to the specified group. """ # This *must* be localhost, not an IP # aiohttp throws away cookies if we are connecting to an IP! - hub_url = "http://localhost" username = secrets.token_hex(8) groups = {"somegroup": [username]} # Create the group we want to add the user to @@ -307,9 +235,9 @@ async def test_user_group_adding(): ) try: - async with User(username, hub_url, partial(login_dummy, password="")) as u: - await u.login() - await u.ensure_server_simulate() + async with User(username, HUB_URL, partial(login_dummy, password="")) as u: + assert await u.login() + await u.ensure_server_simulate(timeout=60, spawn_refresh_time=5) # Assert that the user exists system_username = generate_system_username(f"jupyter-{username}") @@ -327,15 +255,11 @@ async def test_user_group_adding(): raise -@pytest.mark.asyncio async def test_idle_server_culled(): """ - User logs in, starts a server & stays idle for 1 min. + User logs in, starts a server & stays idle for a while. (the user's server should be culled during this period) """ - # This *must* be localhost, not an IP - # aiohttp throws away cookies if we are connecting to an IP! - hub_url = "http://localhost" username = secrets.token_hex(8) assert ( @@ -346,12 +270,12 @@ async def test_idle_server_culled(): ) ).wait() ) - # Check every 10s for idle servers to cull + # Check every 5s for idle servers to cull assert ( 0 == await ( await asyncio.create_subprocess_exec( - *TLJH_CONFIG_PATH, "set", "services.cull.every", "10" + *TLJH_CONFIG_PATH, "set", "services.cull.every", "5" ) ).wait() ) @@ -364,12 +288,12 @@ async def test_idle_server_culled(): ) ).wait() ) - # Cull servers and users after 60s of activity + # Cull servers and users after a while, regardless of activity assert ( 0 == await ( await asyncio.create_subprocess_exec( - *TLJH_CONFIG_PATH, "set", "services.cull.max_age", "60" + *TLJH_CONFIG_PATH, "set", "services.cull.max_age", "15" ) ).wait() ) @@ -380,45 +304,83 @@ async def test_idle_server_culled(): ).wait() ) - async with User(username, hub_url, partial(login_dummy, password="")) as u: - await u.login() + async with User(username, HUB_URL, partial(login_dummy, password="")) as u: + # Login the user + assert await u.login() + # Start user's server - await u.ensure_server_simulate() + await u.ensure_server_simulate(timeout=60, spawn_refresh_time=5) # Assert that the user exists assert pwd.getpwnam(f"jupyter-{username}") is not None # Check that we can get to the user's server - r = await u.session.get( - u.hub_url / "hub/api/users" / username, - headers={"Referer": str(u.hub_url / "hub/")}, - ) + user_url = u.notebook_url / "api/status" + r = await u.session.get(user_url, allow_redirects=False) assert r.status == 200 - async def _check_culling_done(): - # Check that after 60s, the user and server have been culled and are not reacheable anymore + # Extract the xsrf token from the _xsrf cookie set after visiting + # /hub/login with the u.session + hub_cookie = u.session.cookie_jar.filter_cookies( + str(u.hub_url / "hub/api/user") + ) + assert "_xsrf" in hub_cookie + hub_xsrf_token = hub_cookie["_xsrf"].value + + # Check that we can talk to JupyterHub itself + # use this as a proxy for whether the user still exists + async def hub_api_request(): r = await u.session.get( - u.hub_url / "hub/api/users" / username, - headers={"Referer": str(u.hub_url / "hub/")}, + u.hub_url / "hub/api/user", + headers={ + # Referer is needed for JupyterHub <=3 + "Referer": str(u.hub_url / "hub/"), + # X-XSRFToken is needed for JupyterHub >=4 + "X-XSRFToken": hub_xsrf_token, + }, + allow_redirects=False, ) - print(r.status) + return r + + r = await hub_api_request() + assert r.status == 200 + + # Wait for culling + # step 1: check if the server is still running + timeout = 30 + + async def server_stopped(): + """Has the server been stopped?""" + r = await u.session.get(user_url, allow_redirects=False) + print(f"{r.status} {r.url}") + return r.status != 200 + + await exponential_backoff( + server_stopped, + "Server still running!", + timeout=timeout, + ) + + # step 2. wait for user to be deleted + async def user_removed(): + # Check that after a while, the user has been culled + r = await hub_api_request() + print(f"{r.status} {r.url}") return r.status == 403 await exponential_backoff( - _check_culling_done, - "Server culling failed!", - timeout=100, + user_removed, + "User still exists!", + timeout=timeout, ) -@pytest.mark.asyncio async def test_active_server_not_culled(): """ - User logs in, starts a server & stays idle for 30s + User logs in, starts a server & stays idle for a while (the user's server should not be culled during this period). """ # This *must* be localhost, not an IP # aiohttp throws away cookies if we are connecting to an IP! - hub_url = "http://localhost" username = secrets.token_hex(8) assert ( @@ -429,12 +391,12 @@ async def test_active_server_not_culled(): ) ).wait() ) - # Check every 10s for idle servers to cull + # Check every 5s for idle servers to cull assert ( 0 == await ( await asyncio.create_subprocess_exec( - *TLJH_CONFIG_PATH, "set", "services.cull.every", "10" + *TLJH_CONFIG_PATH, "set", "services.cull.every", "5" ) ).wait() ) @@ -447,12 +409,12 @@ async def test_active_server_not_culled(): ) ).wait() ) - # Cull servers and users after 60s of activity + # Cull servers and users after a while, regardless of activity assert ( 0 == await ( await asyncio.create_subprocess_exec( - *TLJH_CONFIG_PATH, "set", "services.cull.max_age", "60" + *TLJH_CONFIG_PATH, "set", "services.cull.max_age", "30" ) ).wait() ) @@ -463,35 +425,32 @@ async def test_active_server_not_culled(): ).wait() ) - async with User(username, hub_url, partial(login_dummy, password="")) as u: - await u.login() + async with User(username, HUB_URL, partial(login_dummy, password="")) as u: + assert await u.login() # Start user's server - await u.ensure_server_simulate() + await u.ensure_server_simulate(timeout=60, spawn_refresh_time=5) # Assert that the user exists assert pwd.getpwnam(f"jupyter-{username}") is not None # Check that we can get to the user's server - r = await u.session.get( - u.hub_url / "hub/api/users" / username, - headers={"Referer": str(u.hub_url / "hub/")}, - ) + user_url = u.notebook_url / "api/status" + r = await u.session.get(user_url, allow_redirects=False) assert r.status == 200 - async def _check_culling_done(): - # Check that after 30s, we can still reach the user's server - r = await u.session.get( - u.hub_url / "hub/api/users" / username, - headers={"Referer": str(u.hub_url / "hub/")}, - ) - print(r.status) + async def server_has_stopped(): + # Check that after a while, we can still reach the user's server + r = await u.session.get(user_url, allow_redirects=False) + print(f"{r.status} {r.url}") return r.status != 200 try: await exponential_backoff( - _check_culling_done, - "User's server is still reacheable!", - timeout=30, + server_has_stopped, + "User's server is still reachable (good!)", + timeout=15, ) - except TimeoutError: - # During the 30s timeout the user's server wasn't culled, which is what we intended. + except asyncio.TimeoutError: + # timeout error means the test passed - the server didn't go away while we were waiting pass + else: + pytest.fail(f"Server at {user_url} got culled prematurely!") diff --git a/integration-tests/test_install.py b/integration-tests/test_install.py index 4411e10..06840f6 100644 --- a/integration-tests/test_install.py +++ b/integration-tests/test_install.py @@ -1,15 +1,14 @@ -from contextlib import contextmanager -from concurrent.futures import ProcessPoolExecutor -from functools import partial import grp import os import pwd import subprocess import sys +from concurrent.futures import ProcessPoolExecutor +from contextlib import contextmanager +from functools import partial import pytest - ADMIN_GROUP = "jupyterhub-admins" USER_GROUP = "jupyterhub-users" INSTALL_PREFIX = os.environ.get("TLJH_INSTALL_PREFIX", "/opt/tljh") @@ -35,6 +34,7 @@ def setgroup(group): gid = grp.getgrnam(group).gr_gid uid = pwd.getpwnam("nobody").pw_uid os.setgid(gid) + os.setgroups([]) os.setuid(uid) os.environ["HOME"] = "/tmp/test-home-%i-%i" % (uid, gid) @@ -45,6 +45,10 @@ def test_groups_exist(group): grp.getgrnam(group) +def debug_uid_gid(): + return subprocess.check_output("id").decode() + + def permissions_test(group, path, *, readable=None, writable=None, dirs_only=False): """Run a permissions test on all files in a path path""" # start a subprocess and become nobody:group in the process @@ -88,18 +92,20 @@ def permissions_test(group, path, *, readable=None, writable=None, dirs_only=Fal # check if the path should be writable if writable is not None: if access(path, os.W_OK) != writable: + info = pool.submit(debug_uid_gid).result() failures.append( - "{} {} should {}be writable by {}".format( - stat_str, path, "" if writable else "not ", group + "{} {} should {}be writable by {} [{}]".format( + stat_str, path, "" if writable else "not ", group, info ) ) # check if the path should be readable if readable is not None: if access(path, os.R_OK) != readable: + info = pool.submit(debug_uid_gid).result() failures.append( - "{} {} should {}be readable by {}".format( - stat_str, path, "" if readable else "not ", group + "{} {} should {}be readable by {} [{}]".format( + stat_str, path, "" if readable else "not ", group, info ) ) # verify that we actually tested some files diff --git a/integration-tests/test_proxy.py b/integration-tests/test_proxy.py index 2cb78f7..cc9d766 100644 --- a/integration-tests/test_proxy.py +++ b/integration-tests/test_proxy.py @@ -2,26 +2,24 @@ import os import shutil import ssl -from subprocess import check_call import time +from subprocess import check_call -import toml -from tornado.httpclient import HTTPClient, HTTPRequest, HTTPClientError import pytest +import toml +from tornado.httpclient import HTTPClient, HTTPClientError, HTTPRequest from tljh.config import ( + CONFIG_DIR, + CONFIG_FILE, + STATE_DIR, reload_component, set_config_value, - CONFIG_FILE, - CONFIG_DIR, - STATE_DIR, ) def send_request(url, max_sleep, validate_cert=True, username=None, password=None): - resp = None for i in range(max_sleep): - time.sleep(i) try: req = HTTPRequest( url, @@ -32,13 +30,12 @@ def send_request(url, max_sleep, validate_cert=True, username=None, password=Non follow_redirects=True, max_redirects=15, ) - resp = HTTPClient().fetch(req) - break + return HTTPClient().fetch(req) except Exception as e: + if i + 1 == max_sleep: + raise print(e) - pass - - return resp + time.sleep(i) def test_manual_https(preserve_config): @@ -105,37 +102,51 @@ def test_extra_traefik_config(): os.makedirs(dynamic_config_dir, exist_ok=True) extra_static_config = { - "entryPoints": {"no_auth_api": {"address": "127.0.0.1:9999"}}, - "api": {"dashboard": True, "entrypoint": "no_auth_api"}, + "entryPoints": {"alsoHub": {"address": "127.0.0.1:9999"}}, } extra_dynamic_config = { - "frontends": { - "test": { - "backend": "test", - "routes": { - "rule1": {"rule": "PathPrefixStrip: /the/hub/runs/here/too"} + "http": { + "middlewares": { + "testHubStripPrefix": { + "stripPrefix": {"prefixes": ["/the/hub/runs/here/too"]} + } + }, + "routers": { + "test1": { + "rule": "PathPrefix(`/hub`)", + "entryPoints": ["alsoHub"], + "service": "test", }, - } - }, - "backends": { - # redirect to hub - "test": {"servers": {"server1": {"url": "http://127.0.0.1:15001"}}} + "test2": { + "rule": "PathPrefix(`/the/hub/runs/here/too`)", + "middlewares": ["testHubStripPrefix"], + "entryPoints": ["http"], + "service": "test", + }, + }, + "services": { + "test": { + "loadBalancer": { + # forward requests to the hub + "servers": [{"url": "http://127.0.0.1:15001"}] + } + } + }, }, } success = False for i in range(5): - time.sleep(i) try: with pytest.raises(HTTPClientError, match="HTTP 401: Unauthorized"): - # The default dashboard entrypoint requires authentication, so it should fail - req = HTTPRequest("http://127.0.0.1:8099/dashboard/", method="GET") - HTTPClient().fetch(req) + # The default api entrypoint requires authentication, so it should fail + HTTPClient().fetch("http://localhost:8099/api") success = True break except Exception as e: - pass + print(e) + time.sleep(i) assert success == True @@ -154,8 +165,9 @@ def test_extra_traefik_config(): # load the extra config reload_component("proxy") + # check hub page # the new dashboard entrypoint shouldn't require authentication anymore - resp = send_request(url="http://127.0.0.1:9999/dashboard/", max_sleep=5) + resp = send_request(url="http://127.0.0.1:9999/hub/login", max_sleep=5) assert resp.code == 200 # test extra dynamic config diff --git a/integration-tests/test_simplest_plugin.py b/integration-tests/test_simplest_plugin.py index e5a3b04..68bd859 100644 --- a/integration-tests/test_simplest_plugin.py +++ b/integration-tests/test_simplest_plugin.py @@ -1,30 +1,28 @@ """ -Test simplest plugin +Test the plugin in integration-tests/plugins/simplest that makes use of all tljh +recognized plugin hooks that are defined in tljh/hooks.py. """ -from ruamel.yaml import YAML -import requests import os import subprocess -from tljh.config import CONFIG_FILE, USER_ENV_PREFIX, HUB_ENV_PREFIX -from tljh import user +from ruamel.yaml import YAML +from tljh import user +from tljh.config import CONFIG_FILE, HUB_ENV_PREFIX, USER_ENV_PREFIX + +GIT_REPO_PATH = os.path.abspath(os.path.dirname(os.path.dirname(__file__))) yaml = YAML(typ="rt") -def test_apt_packages(): - """ - Test extra apt packages are installed - """ - assert os.path.exists("/usr/games/sl") +def test_tljh_extra_user_conda_packages(): + subprocess.check_call([f"{USER_ENV_PREFIX}/bin/python3", "-c", "import tqdm"]) -def test_pip_packages(): - """ - Test extra user & hub pip packages are installed - """ +def test_tljh_extra_user_pip_packages(): subprocess.check_call([f"{USER_ENV_PREFIX}/bin/python3", "-c", "import django"]) + +def test_tljh_extra_hub_pip_packages(): subprocess.check_call([f"{HUB_ENV_PREFIX}/bin/python3", "-c", "import there"]) @@ -35,45 +33,60 @@ def test_conda_packages(): subprocess.check_call([f"{USER_ENV_PREFIX}/bin/python3", "-c", "import hypothesis"]) subprocess.check_call([f"{USER_ENV_PREFIX}/bin/csvtk", "cat", "--help"]) +def test_tljh_extra_apt_packages(): + assert os.path.exists("/usr/games/sl") -def test_config_hook(): + +def test_tljh_custom_jupyterhub_config(): """ - Check config changes are present + Test that the provided tljh_custom_jupyterhub_config hook has made the tljh + jupyterhub load additional jupyterhub config. + """ + tljh_jupyterhub_config = os.path.join(GIT_REPO_PATH, "tljh", "jupyterhub_config.py") + output = subprocess.check_output( + [ + f"{HUB_ENV_PREFIX}/bin/python3", + "-m", + "jupyterhub", + "--show-config", + "--config", + tljh_jupyterhub_config, + ], + text=True, + ) + assert "jupyterhub_config_set_by_simplest_plugin" in output + + +def test_tljh_config_post_install(): + """ + Test that the provided tljh_config_post_install hook has made tljh recognize + additional tljh config. """ with open(CONFIG_FILE) as f: - data = yaml.load(f) - - assert data["simplest_plugin"]["present"] + tljh_config = yaml.load(f) + assert tljh_config["Test"]["tljh_config_set_by_simplest_plugin"] -def test_jupyterhub_config_hook(): +def test_tljh_post_install(): """ - Test that tmpauthenticator is enabled by our custom config plugin + Test that the provided tljh_post_install hook has been executed by looking + for a specific file written. """ - resp = requests.get("http://localhost/hub/tmplogin", allow_redirects=False) - assert resp.status_code == 302 - assert resp.headers["Location"] == "/hub/spawn" - - -def test_post_install_hook(): - """ - Test that the test_post_install file has the correct content - """ - with open("test_post_install") as f: + with open("test_tljh_post_install") as f: content = f.read() - - assert content == "123456789" + assert "file_written_by_simplest_plugin" in content -def test_new_user_create(): +def test_tljh_new_user_create(): """ - Test that plugin receives username as arg + Test that the provided tljh_new_user_create hook has been executed by + looking for a specific file written. """ + # Trigger the hook by letting tljh's code create a user username = "user1" - # Call ensure_user to make sure the user plugin gets called user.ensure_user(username) with open("test_new_user_create") as f: content = f.read() - - assert content == username + assert "file_written_by_simplest_plugin" in content + assert username in content diff --git a/pyproject.toml b/pyproject.toml new file mode 100644 index 0000000..d90078d --- /dev/null +++ b/pyproject.toml @@ -0,0 +1,87 @@ +# autoflake is used for autoformatting Python code +# +# ref: https://github.com/PyCQA/autoflake#readme +# +[tool.autoflake] +ignore-init-module-imports = true +remove-all-unused-imports = true +remove-duplicate-keys = true +remove-unused-variables = true + + +# isort is used for autoformatting Python code +# +# ref: https://pycqa.github.io/isort/ +# +[tool.isort] +profile = "black" + + +# black is used for autoformatting Python code +# +# ref: https://black.readthedocs.io/en/stable/ +# +[tool.black] +# target-version should be all supported versions, see +# https://github.com/psf/black/issues/751#issuecomment-473066811 +target_version = [ + "py36", + "py37", + "py38", + "py39", + "py310", + "py311", +] + + +# pytest is used for running Python based tests +# +# ref: https://docs.pytest.org/en/stable/ +# +[tool.pytest.ini_options] +addopts = "--verbose --color=yes --durations=10 --maxfail=1 --cov=tljh" +asyncio_mode = "auto" +filterwarnings = [ + 'ignore:.*Module bootstrap was never imported.*:coverage.exceptions.CoverageWarning', +] + + +# pytest-cov / coverage is used to measure code coverage of tests +# +# ref: https://coverage.readthedocs.io/en/stable/config.html +# +[tool.coverage.run] +parallel = true +omit = [ + "tests/**", + "integration-tests/**", +] + + +# tbump is used to simplify and standardize the release process when updating +# the version, making a git commit and tag, and pushing changes. +# +# ref: https://github.com/your-tools/tbump#readme +# +[tool.tbump] +github_url = "https://github.com/jupyterhub/the-littlest-jupyterhub" + +[tool.tbump.version] +current = "1.0.1.dev" +regex = ''' + (?P\d+) + \. + (?P\d+) + \. + (?P\d+) + (?P
((a|b|rc)\d+)|)
+    \.?
+    (?P(?<=\.)dev\d*|)
+'''
+
+[tool.tbump.git]
+message_template = "Bump to {new_version}"
+tag_template = "{new_version}"
+
+[[tool.tbump.file]]
+src = "setup.py"
diff --git a/setup.py b/setup.py
index ca1987f..4c22da6 100644
--- a/setup.py
+++ b/setup.py
@@ -1,8 +1,8 @@
-from setuptools import setup, find_packages
+from setuptools import find_packages, setup
 
 setup(
     name="the-littlest-jupyterhub",
-    version="0.1",
+    version="1.0.1.dev",
     description="A small JupyterHub distribution",
     url="https://github.com/jupyterhub/the-littlest-jupyterhub",
     author="Jupyter Development Team",
@@ -14,11 +14,10 @@ setup(
         "ruamel.yaml==0.17.*",
         "jinja2",
         "pluggy==1.*",
-        "passlib",
         "backoff",
         "requests",
         "bcrypt",
-        "jupyterhub-traefik-proxy==0.3.*",
+        "jupyterhub-traefik-proxy==1.*",
     ],
     entry_points={
         "console_scripts": [
diff --git a/tests/conftest.py b/tests/conftest.py
index e92884a..cf765b9 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -1,7 +1,7 @@
 """pytest fixtures"""
-from importlib import reload
 import os
 import types
+from importlib import reload
 from unittest import mock
 
 import pytest
diff --git a/tests/test_bootstrap_functions.py b/tests/test_bootstrap_functions.py
new file mode 100644
index 0000000..b3625b8
--- /dev/null
+++ b/tests/test_bootstrap_functions.py
@@ -0,0 +1,129 @@
+# Unit test some functions from bootstrap.py
+import os
+import sys
+
+import pytest
+
+# Since bootstrap.py isn't part of the package, it's not automatically importable
+GIT_REPO_PATH = os.path.abspath(os.path.dirname(os.path.dirname(__file__)))
+sys.path.insert(0, GIT_REPO_PATH)
+from bootstrap import bootstrap
+
+
+@pytest.mark.parametrize(
+    "requested,expected",
+    [
+        ((1,), (1, 1, 0)),
+        ((1, 0), (1, 0, 1)),
+        ((1, 2), None),
+        ((2, 0, 0), (2, 0, 0)),
+        ("latest", (2, 0, 1)),
+    ],
+)
+def test_find_matching_version(requested, expected):
+    all_versions = [
+        (0, 0, 1),
+        (1, 0, 0),
+        (1, 0, 1),
+        (1, 1, 0),
+        (2, 0, 0),
+        (2, 0, 1),
+    ]
+    r = bootstrap._find_matching_version(all_versions, requested)
+    assert r == expected
+
+
+# git ls-remote --tags --refs https://github.com/jupyterhub/jupyterhub.git
+mock_git_ls_remote = """\
+c345aa658eb482b8102b51f6ec3f0fc667b60520	refs/tags/0.1.0
+e2cbc2fb41c04cfe416b19e83f36ea67b1a4e693	refs/tags/0.2.0
+7fd56fe943bf0038cb14e7aa2af5a3e5ad929d47	refs/tags/0.3.0
+89cf4c60a905b4093ba7584c4561073a9faa0d3d	refs/tags/0.4.0
+bd08efc4a5485a9ecd17882e9bfcab9486d9956a	refs/tags/0.4.1
+19c77d0c7016c08a4a0e883446114a430a551882	refs/tags/0.5.0
+b4621d354b6bbc865373b7c033f29c6872237780	refs/tags/0.6.0
+ed38f08daf4d5cf84f04b2d96327681221c579dd	refs/tags/0.6.1
+d5cf9657f2ca16df080e2be21da792288e9f4f99	refs/tags/0.7.0
+2cdb4be46a0eb291850fc706cfe044873889a9bc	refs/tags/0.7.1
+e4dd65d2611e3c85fe486c561fc0efe9ca720042	refs/tags/0.7.2
+4179668e49ceedb805cb1a38dc5a70e6a21fa685	refs/tags/0.8.0
+9bab206eb96c6726ac936cf5da3f61eb9c9aa519	refs/tags/0.8.0b1
+5f2c6d25fefcbe91d86945f530e6533822449c46	refs/tags/0.8.0b2
+0d720103c5207d008947580b7b453e1eb0e7594a	refs/tags/0.8.0b3
+a2458ffa402fa2d2905c558100c673e98789a8a8	refs/tags/0.8.0b4
+b9e2838a4d9b35a9ad7c3353e62ab006b4ec10a4	refs/tags/0.8.0b5
+a62fc1bc1c9b2408713511cb56e7751403ed5503	refs/tags/0.8.0rc1
+a77ca08e3e25c14552e246e8ad3ca65a354ba192	refs/tags/0.8.0rc2
+6eef64842a7d7939b3f1986558849d1977a0e121	refs/tags/0.8.1
+de46a16029b7ae217293e7e64e14a9c2e06e5e60	refs/tags/0.9.0
+9f612b52187db878f529458e304bd519fda82e42	refs/tags/0.9.0b1
+ec4b038b93495eb769007a0d3d56e6d6a5ff000c	refs/tags/0.9.0b2
+ea8a30b1a5b189b2f2f0dbfdb22f83427d1c9163	refs/tags/0.9.0b3
+99c155a61a1d95a3a8ca41ebb684cdedc1fb170f	refs/tags/0.9.0rc1
+1aeebd4e4937ea5185ce02f693f94272c30f4ebd	refs/tags/0.9.1
+01b3601a12b52259b541b48eaa7a7afb3f7d988c	refs/tags/0.9.2
+70ddc22e071bb7797528831d25c567f6f4920c67	refs/tags/0.9.3
+7ecb093163a453ae2edfa6bc8bf1f7cfc2320627	refs/tags/0.9.4
+3e83bc440b8d5abdc0a4336978bd542435402f77	refs/tags/0.9.5
+cc07c706931c78f46367db9c0c20e6ed9f0f6f85	refs/tags/0.9.6
+4e24276d40ad83fd113c7c2f1f8619a9ba3af0d8	refs/tags/1.0.0
+582162c760e81995f4f5405e9c8908d2a76f4abf	refs/tags/1.0.0b1
+1193f6a74c38b36594f6f57c786fa923a2747150	refs/tags/1.0.0b2
+512dae6cd8a846dd490d77d21fd4e13f59c38961	refs/tags/1.1.0
+a420c55391273852332ef5f454a0a3b9e0e5b71f	refs/tags/1.1.0b1
+317f0efaf25eb7cb2de4503817cf20937ce110bd	refs/tags/1.2.0
+f66e5d35b5f89a28f6328c91801a8f99e0855a8e	refs/tags/1.2.0b1
+27e1196471729cf6f25fd3786286797e32de973a	refs/tags/1.2.1
+af0c1ed932d00fa26ac91f066a5a9eafb49b7cb1	refs/tags/1.2.2
+3794abfbdda0a92237f4c31985420691da70da36	refs/tags/1.3.0
+e22ab5dc93dd8e724b828a0880032f6b5dc00231	refs/tags/1.4.0
+0656586b75b30091583c0573b3d272cb3add24d2	refs/tags/1.4.1
+5744ce73bcf0014cc3de6c946f12027448b136da	refs/tags/1.4.2
+c6fb64d8f30686c2c2667b69b53402d506a3bac5	refs/tags/1.5.0
+4ceb906435dbd4cf800b0480d413303f056e4900	refs/tags/2.0.0
+61233698dfb353c703ea2e085312b9066ea2e92e	refs/tags/2.0.0b1
+fe61c932409550dc352abf68bd6aaaa8871ac81f	refs/tags/2.0.0b2
+a79c5c5a6bfe553af277f2835419d65b98ae0cb9	refs/tags/2.0.0b3
+fa1098a998561321de29c6147235032fd6b0c3f5	refs/tags/2.0.0rc1
+75b115c356983c138c2d8d92cb45f068ad3d9c9d	refs/tags/2.0.0rc2
+ed8e25ef3f471d60b671f2a1cf2db17581c778a2	refs/tags/2.0.0rc3
+4083307b3f37039075862034963ed42a459b1bdb	refs/tags/2.0.0rc4
+baf1f36dbfe8d8264b3914650b4db6daed843389	refs/tags/2.0.0rc5
+12961be3b13a10617d8f95f333da2bb67390a2c7	refs/tags/2.0.1
+e40df3f1a5e284926f5c9ce66a1e57a814bb98f8	refs/tags/2.0.2
+11d40c13860bd02816ad724979ad2e08b8bd103a	refs/tags/2.1.0
+bde6b66287e3d157f2577bcaf2e986af020139f4	refs/tags/2.1.1
+29f51794db562ecc4c7653525193d6e210151fdb	refs/tags/2.2.0
+8cbafd25425b7eaf2fdc46e183cee437c09b53c1	refs/tags/2.2.1
+1eada986101f2385ee7498395a799f28bcd167e8	refs/tags/2.2.2
+1bb0ec38ae4c5e4e5c8b6cc3b89b7b20ea8bd400	refs/tags/2.3.0
+69f926706be03505f9b9e30a5ad2d4f8c9f9d48d	refs/tags/2.3.1
+"""
+
+
+@pytest.mark.parametrize(
+    "requested,expected",
+    [
+        ("1", "1.5.0"),
+        ("1.0", "1.0.0"),
+        ("1.2", "1.2.2"),
+        ("1.100", None),
+        ("2.0.0", "2.0.0"),
+        ("random-branch", "random-branch"),
+        ("1234567890abcdef", "1234567890abcdef"),
+        ("2.0.0rc4", "2.0.0rc4"),
+        ("latest", "2.3.1"),
+    ],
+)
+def test_resolve_git_version(monkeypatch, requested, expected):
+    def mock_run_subprocess(*args, **kwargs):
+        return mock_git_ls_remote
+
+    monkeypatch.setattr(bootstrap, "run_subprocess", mock_run_subprocess)
+
+    if expected is None:
+        with pytest.raises(Exception) as exc:
+            bootstrap._resolve_git_version(requested)
+        assert exc.value.args[0].startswith("No version matching 1.100 found")
+    else:
+        assert bootstrap._resolve_git_version(requested) == expected
diff --git a/tests/test_conda.py b/tests/test_conda.py
index c49f126..575b831 100644
--- a/tests/test_conda.py
+++ b/tests/test_conda.py
@@ -1,37 +1,26 @@
 """
 Test conda commandline wrappers
 """
-from tljh import conda
 import os
-import pytest
 import subprocess
 import tempfile
 
+import pytest
+
+from tljh import conda, installer
+
 
 @pytest.fixture(scope="module")
 def prefix():
     """
     Provide a temporary directory with a mambaforge conda environment
     """
-    # see https://github.com/conda-forge/miniforge/releases
-    mambaforge_version = "4.10.3-7"
-    if os.uname().machine == "aarch64":
-        installer_sha256 = (
-            "ac95f137b287b3408e4f67f07a284357b1119ee157373b788b34e770ef2392b2"
-        )
-    elif os.uname().machine == "x86_64":
-        installer_sha256 = (
-            "fc872522ec427fcab10167a93e802efaf251024b58cc27b084b915a9a73c4474"
-        )
-    installer_url = "https://github.com/conda-forge/miniforge/releases/download/{v}/Mambaforge-{v}-Linux-{arch}.sh".format(
-        v=mambaforge_version, arch=os.uname().machine
-    )
+    installer_url, checksum = installer._mambaforge_url()
     with tempfile.TemporaryDirectory() as tmpdir:
         with conda.download_miniconda_installer(
-            installer_url, installer_sha256
+            installer_url, checksum
         ) as installer_path:
             conda.install_miniconda(installer_path, tmpdir)
-        conda.ensure_conda_packages(tmpdir, ["conda==4.10.3"])
         yield tmpdir
 
 
diff --git a/tests/test_config.py b/tests/test_config.py
index 5d227da..c091060 100644
--- a/tests/test_config.py
+++ b/tests/test_config.py
@@ -56,7 +56,7 @@ def test_set_overwrite():
 def test_unset_no_mutate():
     conf = {"a": "b"}
 
-    new_conf = config.unset_item_from_config(conf, "a")
+    config.unset_item_from_config(conf, "a")
     assert conf == {"a": "b"}
 
 
diff --git a/tests/test_configurer.py b/tests/test_configurer.py
index 342fc8b..3c1db3d 100644
--- a/tests/test_configurer.py
+++ b/tests/test_configurer.py
@@ -2,10 +2,11 @@
 Test configurer
 """
 
-from traitlets.config import Config
 import os
 import sys
 
+from traitlets.config import Config
+
 from tljh import configurer
 
 
@@ -57,24 +58,15 @@ def test_app_default():
     Test default application with no config overrides.
     """
     c = apply_mock_config({})
-    # default_url is not set, so JupyterHub will pick default.
-    assert "default_url" not in c.Spawner
-
-
-def test_app_jupyterlab():
-    """
-    Test setting JupyterLab as default application
-    """
-    c = apply_mock_config({"user_environment": {"default_app": "jupyterlab"}})
     assert c.Spawner.default_url == "/lab"
 
 
-def test_app_nteract():
+def test_app_classic():
     """
-    Test setting nteract as default application
+    Test setting classic as default application
     """
-    c = apply_mock_config({"user_environment": {"default_app": "nteract"}})
-    assert c.Spawner.default_url == "/nteract"
+    c = apply_mock_config({"user_environment": {"default_app": "classic"}})
+    assert c.Spawner.default_url == "/tree"
 
 
 def test_auth_default():
@@ -163,8 +155,8 @@ def test_traefik_api_default():
     """
     c = apply_mock_config({})
 
-    assert c.TraefikTomlProxy.traefik_api_username == "api_admin"
-    assert len(c.TraefikTomlProxy.traefik_api_password) == 0
+    assert c.TraefikProxy.traefik_api_username == "api_admin"
+    assert len(c.TraefikProxy.traefik_api_password) == 0
 
 
 def test_set_traefik_api():
@@ -174,8 +166,8 @@ def test_set_traefik_api():
     c = apply_mock_config(
         {"traefik_api": {"username": "some_user", "password": "1234"}}
     )
-    assert c.TraefikTomlProxy.traefik_api_username == "some_user"
-    assert c.TraefikTomlProxy.traefik_api_password == "1234"
+    assert c.TraefikProxy.traefik_api_username == "some_user"
+    assert c.TraefikProxy.traefik_api_password == "1234"
 
 
 def test_cull_service_default():
@@ -228,6 +220,43 @@ def test_set_cull_service():
     ]
 
 
+def test_cull_service_named():
+    """
+    Test default cull service settings with named server removal
+    """
+    c = apply_mock_config(
+        {
+            "services": {
+                "cull": {
+                    "every": 10,
+                    "cull_users": True,
+                    "remove_named_servers": True,
+                    "max_age": 60,
+                }
+            }
+        }
+    )
+
+    cull_cmd = [
+        sys.executable,
+        "-m",
+        "jupyterhub_idle_culler",
+        "--timeout=600",
+        "--cull-every=10",
+        "--concurrency=5",
+        "--max-age=60",
+        "--cull-users",
+        "--remove-named-servers",
+    ]
+    assert c.JupyterHub.services == [
+        {
+            "name": "cull-idle",
+            "admin": True,
+            "command": cull_cmd,
+        }
+    ]
+
+
 def test_load_secrets(tljh_dir):
     """
     Test loading secret files
@@ -238,7 +267,7 @@ def test_load_secrets(tljh_dir):
     tljh_config = configurer.load_config()
     assert tljh_config["traefik_api"]["password"] == "traefik-password"
     c = apply_mock_config(tljh_config)
-    assert c.TraefikTomlProxy.traefik_api_password == "traefik-password"
+    assert c.TraefikProxy.traefik_api_password == "traefik-password"
 
 
 def test_auth_native():
diff --git a/tests/test_installer.py b/tests/test_installer.py
index 9b42d70..07081e4 100644
--- a/tests/test_installer.py
+++ b/tests/test_installer.py
@@ -1,10 +1,16 @@
 """
 Unit test  functions in installer.py
 """
+import json
 import os
-import pytest
+from subprocess import PIPE, run
+from unittest import mock
 
-from tljh import installer
+import pytest
+from packaging.specifiers import SpecifierSet
+from packaging.version import parse as V
+
+from tljh import conda, installer
 from tljh.yaml import yaml
 
 
@@ -36,3 +42,202 @@ def test_ensure_admins(tljh_dir, admins, expected_config):
 
     # verify the list was flattened
     assert config["users"]["admin"] == expected_config
+
+
+def setup_conda(distro, version, prefix):
+    """Install mambaforge or miniconda in a prefix"""
+    if distro == "mambaforge":
+        installer_url, _ = installer._mambaforge_url(version)
+    elif distro == "miniforge":
+        installer_url, _ = installer._mambaforge_url(version)
+        installer_url = installer_url.replace("Mambaforge", "Miniforge3")
+    elif distro == "miniconda":
+        arch = os.uname().machine
+        installer_url = (
+            f"https://repo.anaconda.com/miniconda/Miniconda3-{version}-Linux-{arch}.sh"
+        )
+    else:
+        raise ValueError(
+            f"{distro=} must be 'miniconda' or 'mambaforge' or 'miniforge'"
+        )
+    with conda.download_miniconda_installer(installer_url, None) as installer_path:
+        conda.install_miniconda(installer_path, str(prefix))
+    # avoid auto-updating conda when we install other packages
+    run(
+        [
+            str(prefix / "bin/conda"),
+            "config",
+            "--system",
+            "--set",
+            "auto_update_conda",
+            "false",
+        ],
+        input="",
+        check=True,
+    )
+
+
+@pytest.fixture
+def user_env_prefix(tmp_path):
+    user_env_prefix = tmp_path / "user_env"
+    with mock.patch.object(installer, "USER_ENV_PREFIX", str(user_env_prefix)):
+        yield user_env_prefix
+
+
+def _specifier(version):
+    """Convert version string to SpecifierSet
+
+    If just a version number, add == to make it a specifier
+
+    Any missing fields are replaced with .*
+
+    If it's already a specifier string, pass it directly to SpecifierSet
+
+    e.g.
+
+    - 3.7 -> ==3.7.*
+    - 1.2.3 -> ==1.2.3
+    """
+    if version[0].isdigit():
+        # it's a version number, not a specifier
+        if version.count(".") < 2:
+            # pad missing fields
+            version += ".*"
+        version = f"=={version}"
+    return SpecifierSet(version)
+
+
+@pytest.mark.parametrize(
+    # - distro: None, mambaforge, or miniforge
+    # - distro_version: https://github.com/conda-forge/miniforge/releases
+    # - expected_versions: versions of python, conda, and mamba in user env
+    #
+    # TLJH of a specific version comes with a specific distro_version as
+    # declared in installer.py's MAMBAFORGE_VERSION variable, and it comes with
+    # python, conda, and mamba of certain versions.
+    #
+    "distro, distro_version, expected_versions",
+    [
+        # No previous install, start fresh
+        (
+            None,
+            None,
+            {
+                "python": "3.10.*",
+                "conda": "23.1.0",
+                "mamba": "1.4.1",
+            },
+        ),
+        # previous install, 1.0
+        (
+            "mambaforge",
+            "23.1.0-1",
+            {
+                "python": "3.10.*",
+                "conda": "23.1.0",
+                "mamba": "1.4.1",
+            },
+        ),
+        # 0.2 install, no upgrade needed
+        (
+            "mambaforge",
+            "4.10.3-7",
+            {
+                "python": "3.9.*",
+                "conda": "4.10.3",
+                "mamba": "0.16.0",
+            },
+        ),
+        # simulate missing mamba
+        # will be installed but not pinned
+        # to avoid conflicts
+        (
+            "miniforge",
+            "4.10.3-7",
+            {
+                "python": "3.9.*",
+                "conda": "4.10.3",
+                "mamba": ">=1.1.0",
+            },
+        ),
+        # too-old Python (3.7), abort
+        (
+            "miniconda",
+            "4.7.10",
+            ValueError,
+        ),
+    ],
+)
+def test_ensure_user_environment(
+    user_env_prefix,
+    distro,
+    distro_version,
+    expected_versions,
+):
+    if (
+        distro_version
+        and V(distro_version) < V("4.10.1")
+        and os.uname().machine == "aarch64"
+    ):
+        pytest.skip(f"{distro} {distro_version} not available for aarch64")
+    canary_file = user_env_prefix / "test-file.txt"
+    canary_package = "types-backports_abc"
+    if distro:
+        setup_conda(distro, distro_version, user_env_prefix)
+        # install a noarch: python package that won't be used otherwise
+        # should depend on Python, so it will interact with possible upgrades
+        pkgs = [canary_package]
+        run(
+            [
+                str(user_env_prefix / "bin/conda"),
+                "install",
+                "-S",
+                "-y",
+                "-c",
+                "conda-forge",
+            ]
+            + pkgs,
+            input="",
+            check=True,
+        )
+
+        # make a file not managed by conda, to check for wipeouts
+        with canary_file.open("w") as f:
+            f.write("I'm here\n")
+
+    if isinstance(expected_versions, type) and issubclass(expected_versions, Exception):
+        exc_class = expected_versions
+        with pytest.raises(exc_class):
+            installer.ensure_user_environment("")
+        return
+    else:
+        installer.ensure_user_environment("")
+
+    p = run(
+        [str(user_env_prefix / "bin/conda"), "list", "--json"],
+        stdout=PIPE,
+        text=True,
+        check=True,
+    )
+    package_list = json.loads(p.stdout)
+    packages = {package["name"]: package for package in package_list}
+
+    if distro:
+        # make sure we didn't wipe out files
+        assert canary_file.exists()
+        # make sure we didn't delete the installed package
+        assert canary_package in packages
+
+    for pkg, version in expected_versions.items():
+        assert pkg in packages
+        assert V(packages[pkg]["version"]) in _specifier(version)
+
+
+def test_ensure_user_environment_no_clobber(user_env_prefix):
+    # don't clobber existing user-env dir if it's non-empty and not a conda install
+    user_env_prefix.mkdir()
+    canary_file = user_env_prefix / "test-file.txt"
+    with canary_file.open("w") as f:
+        pass
+    with pytest.raises(OSError):
+        installer.ensure_user_environment("")
diff --git a/tests/test_migrator.py b/tests/test_migrator.py
index 24e67a8..87275f6 100644
--- a/tests/test_migrator.py
+++ b/tests/test_migrator.py
@@ -4,7 +4,7 @@ Unit test  functions in installer.py
 import os
 from datetime import date
 
-from tljh import migrator, config
+from tljh import config, migrator
 
 
 def test_migrate_config(tljh_dir):
diff --git a/tests/test_traefik.py b/tests/test_traefik.py
index ecda0ce..f950266 100644
--- a/tests/test_traefik.py
+++ b/tests/test_traefik.py
@@ -1,11 +1,10 @@
 """Test traefik configuration"""
 import os
 
-import toml
 import pytest
+import toml
 
-from tljh import config
-from tljh import traefik
+from tljh import config, traefik
 
 
 def test_download_traefik(tmpdir):
@@ -16,30 +15,51 @@ def test_download_traefik(tmpdir):
     assert (traefik_bin.stat().mode & 0o777) == 0o755
 
 
+def _read_toml(path):
+    """Read a toml file
+
+    print config for debugging on failure
+    """
+    print(path)
+    with open(path) as f:
+        toml_cfg = f.read()
+        print(toml_cfg)
+        return toml.loads(toml_cfg)
+
+
+def _read_static_config(state_dir):
+    return _read_toml(os.path.join(state_dir, "traefik.toml"))
+
+
+def _read_dynamic_config(state_dir):
+    return _read_toml(os.path.join(state_dir, "rules", "dynamic.toml"))
+
+
 def test_default_config(tmpdir, tljh_dir):
     state_dir = tmpdir.mkdir("state")
     traefik.ensure_traefik_config(str(state_dir))
     assert state_dir.join("traefik.toml").exists()
-    traefik_toml = os.path.join(state_dir, "traefik.toml")
-    with open(traefik_toml) as f:
-        toml_cfg = f.read()
-        # print config for debugging on failure
-        print(config.CONFIG_FILE)
-        print(toml_cfg)
-        cfg = toml.loads(toml_cfg)
-    assert cfg["defaultEntryPoints"] == ["http"]
-    assert len(cfg["entryPoints"]["auth_api"]["auth"]["basic"]["users"]) == 1
-    # runtime generated entry, value not testable
-    cfg["entryPoints"]["auth_api"]["auth"]["basic"]["users"] = [""]
+    os.path.join(state_dir, "traefik.toml")
+    rules_dir = os.path.join(state_dir, "rules")
 
+    cfg = _read_static_config(state_dir)
+    assert cfg["api"] == {}
     assert cfg["entryPoints"] == {
-        "http": {"address": ":80"},
+        "http": {
+            "address": ":80",
+            "transport": {"respondingTimeouts": {"idleTimeout": "10m"}},
+        },
         "auth_api": {
-            "address": "127.0.0.1:8099",
-            "auth": {"basic": {"users": [""]}},
-            "whiteList": {"sourceRange": ["127.0.0.1"]},
+            "address": "localhost:8099",
         },
     }
+    assert cfg["providers"] == {
+        "providersThrottleDuration": "0s",
+        "file": {"directory": rules_dir, "watch": True},
+    }
+
+    dynamic_config = _read_dynamic_config(state_dir)
+    assert dynamic_config == {}
 
 
 def test_letsencrypt_config(tljh_dir):
@@ -52,34 +72,67 @@ def test_letsencrypt_config(tljh_dir):
         config.CONFIG_FILE, "https.letsencrypt.domains", ["testing.jovyan.org"]
     )
     traefik.ensure_traefik_config(str(state_dir))
-    traefik_toml = os.path.join(state_dir, "traefik.toml")
-    with open(traefik_toml) as f:
-        toml_cfg = f.read()
-        # print config for debugging on failure
-        print(config.CONFIG_FILE)
-        print(toml_cfg)
-        cfg = toml.loads(toml_cfg)
-    assert cfg["defaultEntryPoints"] == ["http", "https"]
-    assert "acme" in cfg
-    assert len(cfg["entryPoints"]["auth_api"]["auth"]["basic"]["users"]) == 1
-    # runtime generated entry, value not testable
-    cfg["entryPoints"]["auth_api"]["auth"]["basic"]["users"] = [""]
 
+    cfg = _read_static_config(state_dir)
     assert cfg["entryPoints"] == {
-        "http": {"address": ":80", "redirect": {"entryPoint": "https"}},
-        "https": {"address": ":443", "tls": {"minVersion": "VersionTLS12"}},
+        "http": {
+            "address": ":80",
+            "http": {
+                "redirections": {
+                    "entryPoint": {
+                        "scheme": "https",
+                        "to": "https",
+                    },
+                },
+            },
+            "transport": {"respondingTimeouts": {"idleTimeout": "10m"}},
+        },
+        "https": {
+            "address": ":443",
+            "http": {"tls": {"options": "default"}},
+            "transport": {"respondingTimeouts": {"idleTimeout": "10m"}},
+        },
         "auth_api": {
-            "address": "127.0.0.1:8099",
-            "auth": {"basic": {"users": [""]}},
-            "whiteList": {"sourceRange": ["127.0.0.1"]},
+            "address": "localhost:8099",
         },
     }
-    assert cfg["acme"] == {
+    assert "tls" not in cfg
+
+    dynamic_config = _read_dynamic_config(state_dir)
+
+    assert dynamic_config["tls"] == {
+        "options": {
+            "default": {
+                "minVersion": "VersionTLS12",
+                "cipherSuites": [
+                    "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+                    "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+                    "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+                    "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+                    "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
+                    "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
+                ],
+            }
+        },
+        "stores": {
+            "default": {
+                "defaultGeneratedCert": {
+                    "resolver": "letsencrypt",
+                    "domain": {
+                        "main": "testing.jovyan.org",
+                        "sans": [],
+                    },
+                }
+            }
+        },
+    }
+    assert "certificatesResolvers" in cfg
+    assert "letsencrypt" in cfg["certificatesResolvers"]
+
+    assert cfg["certificatesResolvers"]["letsencrypt"]["acme"] == {
         "email": "fake@jupyter.org",
         "storage": "acme.json",
-        "entryPoint": "https",
-        "httpChallenge": {"entryPoint": "http"},
-        "domains": [{"main": "testing.jovyan.org"}],
+        "tlsChallenge": {},
     }
 
 
@@ -89,33 +142,62 @@ def test_manual_ssl_config(tljh_dir):
     config.set_config_value(config.CONFIG_FILE, "https.tls.key", "/path/to/ssl.key")
     config.set_config_value(config.CONFIG_FILE, "https.tls.cert", "/path/to/ssl.cert")
     traefik.ensure_traefik_config(str(state_dir))
-    traefik_toml = os.path.join(state_dir, "traefik.toml")
-    with open(traefik_toml) as f:
-        toml_cfg = f.read()
-        # print config for debugging on failure
-        print(config.CONFIG_FILE)
-        print(toml_cfg)
-        cfg = toml.loads(toml_cfg)
-    assert cfg["defaultEntryPoints"] == ["http", "https"]
-    assert "acme" not in cfg
-    assert len(cfg["entryPoints"]["auth_api"]["auth"]["basic"]["users"]) == 1
-    # runtime generated entry, value not testable
-    cfg["entryPoints"]["auth_api"]["auth"]["basic"]["users"] = [""]
+
+    cfg = _read_static_config(state_dir)
+
     assert cfg["entryPoints"] == {
-        "http": {"address": ":80", "redirect": {"entryPoint": "https"}},
+        "http": {
+            "address": ":80",
+            "http": {
+                "redirections": {
+                    "entryPoint": {
+                        "scheme": "https",
+                        "to": "https",
+                    },
+                },
+            },
+            "transport": {
+                "respondingTimeouts": {
+                    "idleTimeout": "10m",
+                }
+            },
+        },
         "https": {
             "address": ":443",
-            "tls": {
+            "http": {"tls": {"options": "default"}},
+            "transport": {"respondingTimeouts": {"idleTimeout": "10m"}},
+        },
+        "auth_api": {
+            "address": "localhost:8099",
+        },
+    }
+    assert "tls" not in cfg
+
+    dynamic_config = _read_dynamic_config(state_dir)
+
+    assert "tls" in dynamic_config
+
+    assert dynamic_config["tls"] == {
+        "options": {
+            "default": {
                 "minVersion": "VersionTLS12",
-                "certificates": [
-                    {"certFile": "/path/to/ssl.cert", "keyFile": "/path/to/ssl.key"}
+                "cipherSuites": [
+                    "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+                    "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+                    "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+                    "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+                    "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
+                    "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
                 ],
             },
         },
-        "auth_api": {
-            "address": "127.0.0.1:8099",
-            "auth": {"basic": {"users": [""]}},
-            "whiteList": {"sourceRange": ["127.0.0.1"]},
+        "stores": {
+            "default": {
+                "defaultCertificate": {
+                    "certFile": "/path/to/ssl.cert",
+                    "keyFile": "/path/to/ssl.key",
+                }
+            }
         },
     }
 
@@ -132,18 +214,18 @@ def test_extra_config(tmpdir, tljh_dir):
     toml_cfg = toml.load(traefik_toml)
 
     # Make sure the defaults are what we expect
-    assert toml_cfg["logLevel"] == "INFO"
+    assert toml_cfg["log"]["level"] == "INFO"
     with pytest.raises(KeyError):
-        toml_cfg["checkNewVersion"]
-    assert toml_cfg["entryPoints"]["auth_api"]["address"] == "127.0.0.1:8099"
+        toml_cfg["api"]["dashboard"]
+    assert toml_cfg["entryPoints"]["auth_api"]["address"] == "localhost:8099"
 
     extra_config = {
         # modify existing value
-        "logLevel": "ERROR",
-        # modify existing value with multiple levels
-        "entryPoints": {"auth_api": {"address": "127.0.0.1:9999"}},
+        "log": {
+            "level": "ERROR",
+        },
         # add new setting
-        "checkNewVersion": False,
+        "api": {"dashboard": True},
     }
 
     with open(os.path.join(extra_config_dir, "extra.toml"), "w+") as extra_config_file:
@@ -156,6 +238,21 @@ def test_extra_config(tmpdir, tljh_dir):
     toml_cfg = toml.load(traefik_toml)
 
     # Check that the defaults were updated by the extra config
-    assert toml_cfg["logLevel"] == "ERROR"
-    assert toml_cfg["checkNewVersion"] == False
-    assert toml_cfg["entryPoints"]["auth_api"]["address"] == "127.0.0.1:9999"
+    assert toml_cfg["log"]["level"] == "ERROR"
+    assert toml_cfg["api"]["dashboard"] == True
+
+
+def test_listen_address(tmpdir, tljh_dir):
+    state_dir = config.STATE_DIR
+    config.set_config_value(config.CONFIG_FILE, "https.enabled", True)
+    config.set_config_value(config.CONFIG_FILE, "https.tls.key", "/path/to/ssl.key")
+    config.set_config_value(config.CONFIG_FILE, "https.tls.cert", "/path/to/ssl.cert")
+
+    config.set_config_value(config.CONFIG_FILE, "http.address", "127.0.0.1")
+    config.set_config_value(config.CONFIG_FILE, "https.address", "127.0.0.1")
+
+    traefik.ensure_traefik_config(str(state_dir))
+
+    cfg = _read_static_config(state_dir)
+    assert cfg["entryPoints"]["http"]["address"] == "127.0.0.1:80"
+    assert cfg["entryPoints"]["https"]["address"] == "127.0.0.1:443"
diff --git a/tests/test_user.py b/tests/test_user.py
index aa5accd..5bda68d 100644
--- a/tests/test_user.py
+++ b/tests/test_user.py
@@ -1,15 +1,17 @@
 """
 Test wrappers in tljw.user module
 """
-from tljh import user
+import grp
 import os
 import os.path
+import pwd
 import stat
 import uuid
-import pwd
-import grp
+
 import pytest
 
+from tljh import user
+
 
 def test_ensure_user():
     """
diff --git a/tests/test_utils.py b/tests/test_utils.py
index 449ecbe..e54047a 100644
--- a/tests/test_utils.py
+++ b/tests/test_utils.py
@@ -1,7 +1,9 @@
-import pytest
-from tljh import utils
-import subprocess
 import logging
+import subprocess
+
+import pytest
+
+from tljh import utils
 
 
 def test_run_subprocess_exception(mocker):
diff --git a/tljh/apt.py b/tljh/apt.py
index bf20e67..b5b0845 100644
--- a/tljh/apt.py
+++ b/tljh/apt.py
@@ -3,6 +3,7 @@ Utilities for working with the apt package manager
 """
 import os
 import subprocess
+
 from tljh import utils
 
 
diff --git a/tljh/conda.py b/tljh/conda.py
index 12ffe3e..aa4b051 100644
--- a/tljh/conda.py
+++ b/tljh/conda.py
@@ -1,14 +1,17 @@
 """
 Wrap conda commandline program
 """
+import contextlib
+import hashlib
+import json
+import logging
 import os
 import subprocess
-import json
-import hashlib
-import contextlib
 import tempfile
+import time
+
 import requests
-from distutils.version import LooseVersion as V
+
 from tljh import utils
 
 
@@ -25,23 +28,21 @@ def sha256_file(fname):
     return hash_sha256.hexdigest()
 
 
-def check_miniconda_version(prefix, version):
-    """
-    Return true if a miniconda install with version exists at prefix
-    """
+def get_conda_package_versions(prefix):
+    """Get conda package versions, via `conda list --json`"""
+    versions = {}
     try:
-        installed_version = (
-            subprocess.check_output(
-                [os.path.join(prefix, "bin", "conda"), "-V"], stderr=subprocess.STDOUT
-            )
-            .decode()
-            .strip()
-            .split()[1]
+        out = subprocess.check_output(
+            [os.path.join(prefix, "bin", "conda"), "list", "--json"],
+            text=True,
         )
-        return V(installed_version) >= V(version)
     except (subprocess.CalledProcessError, FileNotFoundError):
-        # Conda doesn't exist
-        return False
+        return versions
+
+    packages = json.loads(out)
+    for package in packages:
+        versions[package["name"]] = package["version"]
+    return versions
 
 
 @contextlib.contextmanager
@@ -53,14 +54,21 @@ def download_miniconda_installer(installer_url, sha256sum):
     of given version, verifies the sha256sum & provides path to it to the `with`
     block to run.
     """
-    with tempfile.NamedTemporaryFile("wb") as f:
-        f.write(requests.get(installer_url).content)
+    logger = logging.getLogger("tljh")
+    logger.info(f"Downloading conda installer {installer_url}")
+    with tempfile.NamedTemporaryFile("wb", suffix=".sh") as f:
+        tic = time.perf_counter()
+        r = requests.get(installer_url)
+        r.raise_for_status()
+        f.write(r.content)
         # Remain in the NamedTemporaryFile context, but flush changes, see:
         # https://docs.python.org/3/library/os.html#os.fsync
         f.flush()
         os.fsync(f.fileno())
+        t = time.perf_counter() - tic
+        logger.info(f"Downloaded conda installer {installer_url} in {t:.1f}s")
 
-        if sha256_file(f.name) != sha256sum:
+        if sha256sum and sha256_file(f.name) != sha256sum:
             raise Exception("sha256sum hash mismatch! Downloaded file corrupted")
 
         yield f.name
@@ -90,48 +98,38 @@ def install_miniconda(installer_path, prefix):
     fix_permissions(prefix)
 
 
-def ensure_conda_packages(prefix, packages, channels=('conda-forge',)):
+def ensure_conda_packages(prefix, packages, channels=('conda-forge',), force_reinstall=False):
     """
     Ensure packages (from channels) are installed in the conda prefix.
 
     Note that conda seem to update dependencies by default, so there is probably
     no need to have a update parameter exposed for this function.
     """
-    conda_executable = [os.path.join(prefix, "bin", "mamba")]
+    conda_executable = os.path.join(prefix, "bin", "mamba")
+    if not os.path.isfile(conda_executable):
+        # fallback on conda if mamba is not present (e.g. for mamba to install itself)
+        conda_executable = os.path.join(prefix, "bin", "conda")
+
+    cmd = [conda_executable, "install", "--yes"]
+
+    if force_reinstall:
+        # use force-reinstall, e.g. for conda/mamba to ensure everything is okay
+        # avoids problems with RemoveError upgrading conda from old versions
+        cmd += ["--force-reinstall"]
+
+    cmd += ["-c", channel for channel in channels]
+
     abspath = os.path.abspath(prefix)
-    # Let subprocess errors propagate
-    # Explicitly do *not* capture stderr, since that's not always JSON!
-    # Scripting conda is a PITA!
-    # FIXME: raise different exception when using
-    
-    channel_cmd = '-c ' + ' -c '.join(channels)
-    
-    raw_output = subprocess.check_output(
-        conda_executable
+
+    utils.run_subprocess(
+        cmd
         + [
-            "install",
-            "--json",
             "--prefix",
             abspath,
         ]
-        + channel_cmd.split()
-        + packages
-    ).decode()
-    # `conda install` outputs JSON lines for fetch updates,
-    # and a undelimited output at the end. There is no reasonable way to
-    # parse this outside of this kludge.
-    filtered_output = "\n".join(
-        [
-            l
-            for l in raw_output.split("\n")
-            # Sometimes the JSON messages start with a \x00. The lstrip removes these.
-            # conda messages seem to randomly throw \x00 in places for no reason
-            if not l.lstrip("\x00").startswith('{"fetch"')
-        ]
+        + packages,
+        input="",
     )
-    output = json.loads(filtered_output.lstrip("\x00"))
-    if "success" in output and output["success"] == True:
-        return
     fix_permissions(prefix)
 
 
diff --git a/tljh/config.py b/tljh/config.py
index e705c10..d308e9e 100644
--- a/tljh/config.py
+++ b/tljh/config.py
@@ -13,18 +13,17 @@ tljh-config show firstlevel.second_level
 """
 
 import argparse
-from collections.abc import Sequence, Mapping
-from copy import deepcopy
 import os
 import re
 import sys
 import time
+from collections.abc import Mapping, Sequence
+from copy import deepcopy
 
 import requests
 
 from .yaml import yaml
 
-
 INSTALL_PREFIX = os.environ.get("TLJH_INSTALL_PREFIX", "/opt/tljh")
 HUB_ENV_PREFIX = os.path.join(INSTALL_PREFIX, "hub")
 USER_ENV_PREFIX = os.path.join(INSTALL_PREFIX, "user")
@@ -245,13 +244,21 @@ def check_hub_ready():
 
     base_url = load_config()["base_url"]
     base_url = base_url[:-1] if base_url[-1] == "/" else base_url
+    http_address = load_config()["http"]["address"]
     http_port = load_config()["http"]["port"]
+    # The default config is an empty address, so it binds on all interfaces.
+    # Test the connectivity on the local address.
+    if http_address == "":
+        http_address = "127.0.0.1"
     try:
         r = requests.get(
-            "http://127.0.0.1:%d%s/hub/api" % (http_port, base_url), verify=False
+            "http://%s:%d%s/hub/api" % (http_address, http_port, base_url), verify=False
         )
+        if r.status_code != 200:
+            print(f"Hub not ready: (HTTP status {r.status_code})")
         return r.status_code == 200
-    except:
+    except Exception as e:
+        print(f"Hub not ready: {e}")
         return False
 
 
diff --git a/tljh/configurer.py b/tljh/configurer.py
index eb32121..962cdde 100644
--- a/tljh/configurer.py
+++ b/tljh/configurer.py
@@ -28,10 +28,12 @@ default = {
         "cpu": None,
     },
     "http": {
+        "address": "",
         "port": 80,
     },
     "https": {
         "enabled": False,
+        "address": "",
         "port": 443,
         "tls": {
             "cert": "",
@@ -40,6 +42,7 @@ default = {
         "letsencrypt": {
             "email": "",
             "domains": [],
+            "staging": False,
         },
     },
     "traefik_api": {
@@ -49,7 +52,7 @@ default = {
         "password": "",
     },
     "user_environment": {
-        "default_app": "classic",
+        "default_app": "jupyterlab",
     },
     "services": {
         "cull": {
@@ -59,8 +62,8 @@ default = {
             "concurrency": 5,
             "users": False,
             "max_age": 0,
+            "remove_named_servers": False,
         },
-        "configurator": {"enabled": False},
     },
 }
 
@@ -228,8 +231,8 @@ def update_user_environment(c, config):
     # Set default application users are launched into
     if user_env["default_app"] == "jupyterlab":
         c.Spawner.default_url = "/lab"
-    elif user_env["default_app"] == "nteract":
-        c.Spawner.default_url = "/nteract"
+    elif user_env["default_app"] == "classic":
+        c.Spawner.default_url = "/tree"
 
 
 def update_user_account_config(c, config):
@@ -240,8 +243,13 @@ def update_traefik_api(c, config):
     """
     Set traefik api endpoint credentials
     """
-    c.TraefikTomlProxy.traefik_api_username = config["traefik_api"]["username"]
-    c.TraefikTomlProxy.traefik_api_password = config["traefik_api"]["password"]
+    c.TraefikProxy.traefik_api_username = config["traefik_api"]["username"]
+    c.TraefikProxy.traefik_api_password = config["traefik_api"]["password"]
+    https = config["https"]
+    if https["enabled"]:
+        c.TraefikProxy.traefik_entrypoint = "https"
+    else:
+        c.TraefikProxy.traefik_entrypoint = "http"
 
 
 def set_cull_idle_service(config):
@@ -258,6 +266,8 @@ def set_cull_idle_service(config):
     cull_cmd += ["--max-age=%d" % cull_config["max_age"]]
     if cull_config["users"]:
         cull_cmd += ["--cull-users"]
+    if cull_config["remove_named_servers"]:
+        cull_cmd += ["--remove-named-servers"]
 
     cull_service = {
         "name": "cull-idle",
@@ -268,33 +278,11 @@ def set_cull_idle_service(config):
     return cull_service
 
 
-def set_configurator(config):
-    """
-    Set the JupyterHub Configurator service
-    """
-    HERE = os.path.abspath(os.path.dirname(__file__))
-    configurator_cmd = [
-        sys.executable,
-        "-m",
-        "jupyterhub_configurator.app",
-        f"--Configurator.config_file={HERE}/jupyterhub_configurator_config.py",
-    ]
-    configurator_service = {
-        "name": "configurator",
-        "url": "http://127.0.0.1:10101",
-        "command": configurator_cmd,
-    }
-
-    return configurator_service
-
-
 def update_services(c, config):
     c.JupyterHub.services = []
 
     if config["services"]["cull"]["enabled"]:
         c.JupyterHub.services.append(set_cull_idle_service(config))
-    if config["services"]["configurator"]["enabled"]:
-        c.JupyterHub.services.append(set_configurator(config))
 
 
 def _merge_dictionaries(a, b, path=None, update=True):
diff --git a/tljh/hooks.py b/tljh/hooks.py
index 0a94a62..ce341fd 100644
--- a/tljh/hooks.py
+++ b/tljh/hooks.py
@@ -12,7 +12,6 @@ def tljh_extra_user_conda_packages():
     """
     Return list of extra conda packages to install in user environment.
     """
-    pass
 
 
 @hookspec
@@ -28,7 +27,6 @@ def tljh_extra_user_pip_packages():
     """
     Return list of extra pip packages to install in user environment.
     """
-    pass
 
 
 @hookspec
@@ -36,7 +34,6 @@ def tljh_extra_hub_pip_packages():
     """
     Return list of extra pip packages to install in the hub environment.
     """
-    pass
 
 
 @hookspec
@@ -46,7 +43,6 @@ def tljh_extra_apt_packages():
 
     These will be installed before additional pip or conda packages.
     """
-    pass
 
 
 @hookspec
@@ -57,7 +53,6 @@ def tljh_custom_jupyterhub_config(c):
     Anything you can put in `jupyterhub_config.py` can
     be here.
     """
-    pass
 
 
 @hookspec
@@ -70,7 +65,6 @@ def tljh_config_post_install(config):
     be the serialized contents of config, so try to not
     overwrite anything the user might have explicitly set.
     """
-    pass
 
 
 @hookspec
@@ -81,7 +75,6 @@ def tljh_post_install():
 
     This can be arbitrary Python code.
     """
-    pass
 
 
 @hookspec
@@ -90,4 +83,3 @@ def tljh_new_user_create(username):
     Script to be executed after a new user has been added.
     This can be arbitrary Python code.
     """
-    pass
diff --git a/tljh/installer.py b/tljh/installer.py
index baef3ef..f2b68c7 100644
--- a/tljh/installer.py
+++ b/tljh/installer.py
@@ -17,15 +17,8 @@ import pluggy
 import requests
 from requests.packages.urllib3.exceptions import InsecureRequestWarning
 
-from tljh import (
-    apt,
-    conda,
-    hooks,
-    migrator,
-    systemd,
-    traefik,
-    user,
-)
+from tljh import apt, conda, hooks, migrator, systemd, traefik, user
+
 from .config import (
     CONFIG_DIR,
     CONFIG_FILE,
@@ -34,6 +27,7 @@ from .config import (
     STATE_DIR,
     USER_ENV_PREFIX,
 )
+from .utils import parse_version as V
 from .yaml import yaml
 
 HERE = os.path.abspath(os.path.dirname(__file__))
@@ -112,25 +106,13 @@ def ensure_jupyterhub_package(prefix):
     hub environment be installed with pip prevents accidental mixing of python
     and conda packages!
     """
-    # Install pycurl. JupyterHub prefers pycurl over SimpleHTTPClient automatically
-    # pycurl is generally more bugfree - see https://github.com/jupyterhub/the-littlest-jupyterhub/issues/289
-    # build-essential is also generally useful to everyone involved, and required for pycurl
+    # Install dependencies for installing pycurl via pip, where build-essential
+    # is generally useful for installing other packages as well.
     apt.install_packages(["libssl-dev", "libcurl4-openssl-dev", "build-essential"])
-    conda.ensure_pip_packages(prefix, ["pycurl==7.*"], upgrade=True)
 
-    conda.ensure_pip_packages(
+    conda.ensure_pip_requirements(
         prefix,
-        [
-            "jupyterhub==1.*",
-            "jupyterhub-systemdspawner==0.16.*",
-            "jupyterhub-firstuseauthenticator==1.*",
-            "jupyterhub-nativeauthenticator==1.*",
-            "jupyterhub-ldapauthenticator==1.*",
-            "jupyterhub-tmpauthenticator==0.6.*",
-            "oauthenticator==14.*",
-            "jupyterhub-idle-culler==1.*",
-            "git+https://github.com/yuvipanda/jupyterhub-configurator@317759e17c8e48de1b1352b836dac2a230536dba",
-        ],
+        os.path.join(HERE, "requirements-hub-env.txt"),
         upgrade=True,
     )
     traefik.ensure_traefik_binary(prefix)
@@ -144,6 +126,7 @@ def ensure_usergroups():
     user.ensure_group("jupyterhub-users")
 
     logger.info("Granting passwordless sudo to JupyterHub admins...")
+    os.makedirs("/etc/sudoers.d/", exist_ok=True)
     with open("/etc/sudoers.d/jupyterhub-admins", "w") as f:
         # JupyterHub admins should have full passwordless sudo access
         f.write("%jupyterhub-admins ALL = (ALL) NOPASSWD: ALL\n")
@@ -153,66 +136,163 @@ def ensure_usergroups():
         f.write("Defaults exempt_group = jupyterhub-admins\n")
 
 
+# Install mambaforge using an installer from
+# https://github.com/conda-forge/miniforge/releases
+MAMBAFORGE_VERSION = "23.1.0-1"
+# sha256 checksums
+MAMBAFORGE_CHECKSUMS = {
+    "aarch64": "d9d89c9e349369702171008d9ee7c5ce80ed420e5af60bd150a3db4bf674443a",
+    "x86_64": "cfb16c47dc2d115c8b114280aa605e322173f029fdb847a45348bf4bd23c62ab",
+}
+
+# minimum versions of packages
+MINIMUM_VERSIONS = {
+    # if conda/mamba/pip are lower than this, upgrade them before installing the user packages
+    "mamba": "0.16.0",
+    "conda": "4.10",
+    "pip": "23.1.2",
+    # minimum Python version (if not matched, abort to avoid big disruptive updates)
+    "python": "3.9",
+}
+
+
+def _mambaforge_url(version=MAMBAFORGE_VERSION, arch=None):
+    """Return (URL, checksum) for mambaforge download for a given version and arch
+
+    Default values provided for both version and arch
+    """
+    if arch is None:
+        arch = os.uname().machine
+    installer_url = "https://github.com/conda-forge/miniforge/releases/download/{v}/Mambaforge-{v}-Linux-{arch}.sh".format(
+        v=version,
+        arch=arch,
+    )
+    # Check system architecture, set appropriate installer checksum
+    checksum = MAMBAFORGE_CHECKSUMS.get(arch)
+    if not checksum:
+        raise ValueError(
+            f"Unsupported architecture: {arch}. TLJH only supports {','.join(MAMBAFORGE_CHECKSUMS.keys())}"
+        )
+    return installer_url, checksum
+
+
 def ensure_user_environment(user_requirements_txt_file):
     """
     Set up user conda environment with required packages
     """
     logger.info("Setting up user environment...")
-
-    miniconda_old_version = "4.5.4"
-    miniconda_new_version = "4.7.10"
-    # Install mambaforge using an installer from
-    # https://github.com/conda-forge/miniforge/releases
-    mambaforge_new_version = "4.10.3-7"
-    # Check system architecture, set appropriate installer checksum
-    if os.uname().machine == "aarch64":
-        installer_sha256 = (
-            "ac95f137b287b3408e4f67f07a284357b1119ee157373b788b34e770ef2392b2"
-        )
-    elif os.uname().machine == "x86_64":
-        installer_sha256 = (
-            "fc872522ec427fcab10167a93e802efaf251024b58cc27b084b915a9a73c4474"
-        )
     # Check OS, set appropriate string for conda installer path
     if os.uname().sysname != "Linux":
         raise OSError("TLJH is only supported on Linux platforms.")
-    # Then run `mamba --version` to get the conda and mamba versions
-    # Keep these in sync with tests/test_conda.py::prefix
-    mambaforge_conda_new_version = "4.10.3"
-    mambaforge_mamba_version = "0.16.0"
 
-    if conda.check_miniconda_version(USER_ENV_PREFIX, mambaforge_conda_new_version):
-        conda_version = "4.10.3"
-    elif conda.check_miniconda_version(USER_ENV_PREFIX, miniconda_new_version):
-        conda_version = "4.8.1"
-    elif conda.check_miniconda_version(USER_ENV_PREFIX, miniconda_old_version):
-        conda_version = "4.5.8"
-    # If no prior miniconda installation is found, we can install a newer version
-    else:
+    # Check the existing environment for what to do
+    package_versions = conda.get_conda_package_versions(USER_ENV_PREFIX)
+    is_fresh_install = not package_versions
+
+    if is_fresh_install:
+        # If no Python environment is detected but a folder exists we abort to
+        # avoid clobbering something we don't recognize.
+        if os.path.exists(USER_ENV_PREFIX) and os.listdir(USER_ENV_PREFIX):
+            msg = f"Found non-empty directory that is not a conda install in {USER_ENV_PREFIX}. Please remove it (or rename it to preserve files) and run tljh again."
+            logger.error(msg)
+            raise OSError(msg)
+
         logger.info("Downloading & setting up user environment...")
-        installer_url = "https://github.com/conda-forge/miniforge/releases/download/{v}/Mambaforge-{v}-Linux-{arch}.sh".format(
-            v=mambaforge_new_version, arch=os.uname().machine
-        )
+        installer_url, installer_sha256 = _mambaforge_url()
         with conda.download_miniconda_installer(
             installer_url, installer_sha256
         ) as installer_path:
             conda.install_miniconda(installer_path, USER_ENV_PREFIX)
-        conda_version = "4.10.3"
+        package_versions = conda.get_conda_package_versions(USER_ENV_PREFIX)
 
-    conda.ensure_conda_packages(
-        USER_ENV_PREFIX,
-        [
-            # Conda's latest version is on conda much more so than on PyPI.
-            "conda==" + conda_version,
-            "mamba==" + mambaforge_mamba_version,
-        ],
-    )
+        # quick sanity check: we should have conda and mamba!
+        assert "conda" in package_versions
+        assert "mamba" in package_versions
 
-    conda.ensure_pip_requirements(
-        USER_ENV_PREFIX,
-        os.path.join(HERE, "requirements-base.txt"),
-        upgrade=True,
-    )
+    # Check Python version
+    python_version = package_versions["python"]
+    logger.debug(f"Found python={python_version} in {USER_ENV_PREFIX}")
+    if V(python_version) < V(MINIMUM_VERSIONS["python"]):
+        msg = (
+            f"TLJH requires Python >={MINIMUM_VERSIONS['python']}, found python={python_version} in {USER_ENV_PREFIX}."
+            f"\nPlease upgrade Python (may be highly disruptive!), or remove/rename {USER_ENV_PREFIX} to allow TLJH to make a fresh install."
+            f"\nYou can use `{USER_ENV_PREFIX}/bin/conda list` to save your current list of packages."
+        )
+        logger.error(msg)
+        raise ValueError(msg)
+
+    # Ensure minimum versions of the following packages by upgrading to the
+    # latest if below that version.
+    #
+    # - conda/mamba, via conda-forge
+    # - pip,         via PyPI
+    #
+    to_upgrade = []
+    for pkg in ("conda", "mamba", "pip"):
+        version = package_versions.get(pkg)
+        min_version = MINIMUM_VERSIONS[pkg]
+        if not version:
+            logger.warning(f"{USER_ENV_PREFIX} is missing {pkg}, installing it...")
+            to_upgrade.append(pkg)
+        else:
+            logger.debug(f"Found {pkg}=={version} in {USER_ENV_PREFIX}")
+            if V(version) < V(min_version):
+                logger.info(
+                    f"{USER_ENV_PREFIX} has {pkg}=={version}, it will be upgraded to {pkg}>={min_version}"
+                )
+                to_upgrade.append(pkg)
+
+    # force reinstall conda/mamba to ensure a basically consistent env
+    # avoids issues with RemoveError: 'requests' is a dependency of conda
+    # only do this for 'old' conda versions known to have a problem
+    # we don't know how old, but we know 4.10 is affected and 23.1 is not
+    if not is_fresh_install and V(package_versions.get("conda", "0")) < V("23.1"):
+        # force-reinstall doesn't upgrade packages
+        # it reinstalls them in-place
+        # only reinstall packages already present
+        to_reinstall = []
+        for pkg in ["conda", "mamba"]:
+            if pkg in package_versions:
+                # add version pin to avoid upgrades
+                to_reinstall.append(f"{pkg}=={package_versions[pkg]}")
+        logger.info(
+            f"Reinstalling {', '.join(to_reinstall)} to ensure a consistent environment"
+        )
+        conda.ensure_conda_packages(
+            USER_ENV_PREFIX, list(to_reinstall), force_reinstall=True
+        )
+
+    cf_pkgs_to_upgrade = list(set(to_upgrade) & {"conda", "mamba"})
+    if cf_pkgs_to_upgrade:
+        conda.ensure_conda_packages(
+            USER_ENV_PREFIX,
+            # we _could_ explicitly pin Python here,
+            # but conda already does this by default
+            cf_pkgs_to_upgrade,
+        )
+
+    pypi_pkgs_to_upgrade = list(set(to_upgrade) & {"pip"})
+    if pypi_pkgs_to_upgrade:
+        conda.ensure_pip_packages(
+            USER_ENV_PREFIX,
+            pypi_pkgs_to_upgrade,
+            upgrade=True,
+        )
+
+    # Install/upgrade the jupyterhub version in the user env based on the
+    # version specification used for the hub env.
+    #
+    with open(os.path.join(HERE, "requirements-hub-env.txt")) as f:
+        jh_version_spec = [l for l in f if l.startswith("jupyterhub>=")][0]
+    conda.ensure_pip_packages(USER_ENV_PREFIX, [jh_version_spec], upgrade=True)
+
+    # Install user environment extras for initial installations
+    #
+    if is_fresh_install:
+        conda.ensure_pip_requirements(
+            USER_ENV_PREFIX,
+            os.path.join(HERE, "requirements-user-env-extras.txt"),
+        )
 
     if user_requirements_txt_file:
         # FIXME: This currently fails hard, should fail soft and not abort installer
@@ -225,7 +305,7 @@ def ensure_user_environment(user_requirements_txt_file):
 
 def ensure_admins(admin_password_list):
     """
-    Setup given list of users as admins.
+    Setup given list of user[:password] strings as admins.
     """
     os.makedirs(STATE_DIR, mode=0o700, exist_ok=True)
 
@@ -450,7 +530,7 @@ def main():
     ensure_admins(args.admin)
     ensure_usergroups()
     if args.user_requirements_txt_url:
-         logger.info("installing packages from user_requirements_txt_url")
+        logger.info("installing packages from user_requirements_txt_url")
     ensure_user_environment(args.user_requirements_txt_url)
 
     logger.info("Setting up JupyterHub...")
@@ -464,7 +544,6 @@ def main():
             print("Progress page server stopped successfully.")
         except Exception as e:
             logger.error(f"Couldn't stop the progress page server. Exception was {e}.")
-            pass
 
     ensure_jupyterhub_service(HUB_ENV_PREFIX)
     ensure_jupyterhub_running()
diff --git a/tljh/jupyterhub_config.py b/tljh/jupyterhub_config.py
index a553f2c..7abb617 100644
--- a/tljh/jupyterhub_config.py
+++ b/tljh/jupyterhub_config.py
@@ -2,15 +2,15 @@
 JupyterHub config for the littlest jupyterhub.
 """
 
-from glob import glob
 import os
+from glob import glob
 
 from tljh import configurer
-from tljh.config import INSTALL_PREFIX, USER_ENV_PREFIX, CONFIG_DIR
-from tljh.utils import get_plugin_manager
+from tljh.config import CONFIG_DIR, INSTALL_PREFIX, USER_ENV_PREFIX
 from tljh.user_creating_spawner import UserCreatingSpawner
-from jupyterhub_traefik_proxy import TraefikTomlProxy
+from tljh.utils import get_plugin_manager
 
+c = get_config()  # noqa
 c.JupyterHub.spawner_class = UserCreatingSpawner
 
 # leave users running when the Hub restarts
@@ -19,11 +19,11 @@ c.JupyterHub.cleanup_servers = False
 # Use a high port so users can try this on machines with a JupyterHub already present
 c.JupyterHub.hub_port = 15001
 
-c.TraefikTomlProxy.should_start = False
+c.TraefikProxy.should_start = False
 
 dynamic_conf_file_path = os.path.join(INSTALL_PREFIX, "state", "rules", "rules.toml")
-c.TraefikTomlProxy.toml_dynamic_config_file = dynamic_conf_file_path
-c.JupyterHub.proxy_class = TraefikTomlProxy
+c.TraefikFileProviderProxy.dynamic_config_file = dynamic_conf_file_path
+c.JupyterHub.proxy_class = "traefik_file"
 
 c.SystemdSpawner.extra_paths = [os.path.join(USER_ENV_PREFIX, "bin")]
 c.SystemdSpawner.default_shell = "/bin/bash"
diff --git a/tljh/jupyterhub_configurator_config.py b/tljh/jupyterhub_configurator_config.py
deleted file mode 100644
index a6aace4..0000000
--- a/tljh/jupyterhub_configurator_config.py
+++ /dev/null
@@ -1 +0,0 @@
-c.Configurator.selected_fields = ["tljh.default_interface"]
diff --git a/tljh/log.py b/tljh/log.py
index f626c96..ed7eca4 100644
--- a/tljh/log.py
+++ b/tljh/log.py
@@ -1,6 +1,6 @@
 """Setup tljh logging"""
-import os
 import logging
+import os
 
 from .config import INSTALL_PREFIX
 
@@ -9,6 +9,13 @@ def init_logging():
     """Setup default tljh logger"""
     logger = logging.getLogger("tljh")
     os.makedirs(INSTALL_PREFIX, exist_ok=True)
+
+    # check if any log handlers are already registered
+    # don't reconfigure logs if handlers are already configured
+    # e.g. happens in pytest, which hooks up log handlers for reporting
+    # or if this function is called twice
+    if logger.hasHandlers():
+        return
     file_logger = logging.FileHandler(os.path.join(INSTALL_PREFIX, "installer.log"))
     file_logger.setFormatter(logging.Formatter("%(asctime)s %(message)s"))
     logger.addHandler(file_logger)
diff --git a/tljh/migrator.py b/tljh/migrator.py
index 75336ad..9f00d83 100644
--- a/tljh/migrator.py
+++ b/tljh/migrator.py
@@ -1,16 +1,11 @@
 """Migration utilities for upgrading tljh"""
 
-import os
-from datetime import date
 import logging
+import os
 import shutil
+from datetime import date
 
-from tljh.config import (
-    CONFIG_DIR,
-    CONFIG_FILE,
-    INSTALL_PREFIX,
-)
-
+from tljh.config import CONFIG_DIR, CONFIG_FILE, INSTALL_PREFIX
 
 logger = logging.getLogger("tljh")
 
diff --git a/tljh/requirements-hub-env.txt b/tljh/requirements-hub-env.txt
new file mode 100644
index 0000000..2a9324d
--- /dev/null
+++ b/tljh/requirements-hub-env.txt
@@ -0,0 +1,28 @@
+# When tljh.installer runs, the hub' environment as typically found in
+# /opt/tljh/hub, is upgraded to use these packages.
+#
+# When a new release is made, the lower bounds should be incremented to the
+# latest release to help us narrow the versions based on knowing what tljh
+# version is installed from inspecting this file.
+#
+# If a dependency is bumped to a new major version, we should make a major
+# version release of tljh.
+#
+jupyterhub>=4.0.2,<5
+jupyterhub-systemdspawner>=1.0.1,<2
+jupyterhub-firstuseauthenticator>=1.0.0,<2
+jupyterhub-nativeauthenticator>=1.2.0,<2
+jupyterhub-ldapauthenticator>=1.3.2,<2
+jupyterhub-tmpauthenticator>=1.0.0,<2
+oauthenticator>=16.0.4,<17
+jupyterhub-idle-culler>=1.2.1,<2
+
+# pycurl is installed to improve reliability and performance for when JupyterHub
+# makes web requests. JupyterHub will use tornado's CurlAsyncHTTPClient when
+# making requests over tornado's SimpleHTTPClient automatically if pycurl is
+# installed.
+#
+# ref: https://www.tornadoweb.org/en/stable/httpclient.html#module-tornado.simple_httpclient
+# ref: https://github.com/jupyterhub/the-littlest-jupyterhub/issues/289
+#
+pycurl>=7.45.2,<8
diff --git a/tljh/requirements-base.txt b/tljh/requirements-user-env-extras.txt
similarity index 58%
rename from tljh/requirements-base.txt
rename to tljh/requirements-user-env-extras.txt
index 02df904..020779b 100644
--- a/tljh/requirements-base.txt
+++ b/tljh/requirements-user-env-extras.txt
@@ -1,22 +1,18 @@
 # When tljh.installer runs, the users' environment as typically found in
-# /opt/tljh/user, is setup with these packages.
+# /opt/tljh/user, is installed with these packages.
+#
+# Whats listed here represents additional packages that the distributions
+# installs initially, but doesn't upgrade as tljh is upgraded.
 #
 # WARNING: The order of these dependencies matters, this was observed when using
 #          the requirements-txt-fixer pre-commit hook that sorted them and made
 #          our integration tests fail.
 #
-# JupyterHub + notebook package are base requirements for user environment
-jupyterhub==1.*
-notebook==6.*
-# Install additional notebook frontends!
-jupyterlab==3.*
-nteract-on-jupyter==2.*
-# Install jupyterlab extensions from PyPI
+notebook==7.*
+jupyterlab==4.*
 # nbgitpuller for easily pulling in Git repositories
 nbgitpuller==1.*
 # jupyter-resource-usage to show people how much RAM they are using
-jupyter-resource-usage==0.6.*
+jupyter-resource-usage==1.*
 # Most people consider ipywidgets to be part of the core notebook experience
-ipywidgets==7.*
-# Pin tornado
-tornado>=6.1
+ipywidgets==8.*
diff --git a/tljh/systemd-units/jupyterhub.service b/tljh/systemd-units/jupyterhub.service
index 63527c4..0648830 100644
--- a/tljh/systemd-units/jupyterhub.service
+++ b/tljh/systemd-units/jupyterhub.service
@@ -15,6 +15,7 @@ PrivateDevices=yes
 ProtectKernelTunables=yes
 ProtectKernelModules=yes
 Environment=TLJH_INSTALL_PREFIX={install_prefix}
+Environment=PATH={install_prefix}/hub/bin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 # Run upgrade-db before starting, in case Hub version has changed
 # This is a no-op when no db exists or no upgrades are needed
 ExecStart={python_interpreter_path} -m jupyterhub.app -f {jupyterhub_config_path} --upgrade-db
diff --git a/tljh/systemd.py b/tljh/systemd.py
index d4fcf6c..f274fab 100644
--- a/tljh/systemd.py
+++ b/tljh/systemd.py
@@ -3,8 +3,8 @@ Wraps systemctl to install, uninstall, start & stop systemd services.
 
 If we use a debian package instead, we can get rid of all this code.
 """
-import subprocess
 import os
+import subprocess
 
 
 def reload_daemon():
diff --git a/tljh/traefik-dynamic.toml.tpl b/tljh/traefik-dynamic.toml.tpl
new file mode 100644
index 0000000..f1144d6
--- /dev/null
+++ b/tljh/traefik-dynamic.toml.tpl
@@ -0,0 +1,32 @@
+# traefik.toml dynamic config (mostly TLS)
+# dynamic config in the static config file will be ignored
+{%- if https['enabled'] %}
+[tls]
+  [tls.options.default]
+  minVersion = "VersionTLS12"
+  cipherSuites = [
+    "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+    "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+    "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+    "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+    "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
+    "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
+  ]
+  {%- if https['tls']['cert'] %}
+  [tls.stores.default.defaultCertificate]
+    certFile = "{{ https['tls']['cert'] }}"
+    keyFile = "{{ https['tls']['key'] }}"
+  {%- endif %}
+
+  {%- if https['letsencrypt']['email'] and https['letsencrypt']['domains'] %}
+  [tls.stores.default.defaultGeneratedCert]
+  resolver = "letsencrypt"
+    [tls.stores.default.defaultGeneratedCert.domain]
+    main = "{{ https['letsencrypt']['domains'][0] }}"
+    sans = [
+      {% for domain in https['letsencrypt']['domains'][1:] -%}
+      "{{ domain }}",
+      {%- endfor %}
+    ]
+  {%- endif %}
+{%- endif %}
diff --git a/tljh/traefik.py b/tljh/traefik.py
index e815efb..4ea0d49 100644
--- a/tljh/traefik.py
+++ b/tljh/traefik.py
@@ -1,39 +1,53 @@
 """Traefik installation and setup"""
 import hashlib
+import io
+import logging
 import os
+import tarfile
 from glob import glob
+from pathlib import Path
+from subprocess import run
 
-from jinja2 import Template
-from passlib.apache import HtpasswdFile
 import backoff
 import requests
 import toml
+from jinja2 import Template
+
+from tljh.configurer import _merge_dictionaries, load_config
 
 from .config import CONFIG_DIR
-from tljh.configurer import load_config, _merge_dictionaries
 
-# traefik 2.7.x is not supported yet, use v1.7.x for now
-# see: https://github.com/jupyterhub/traefik-proxy/issues/97
+logger = logging.getLogger("tljh")
+
 machine = os.uname().machine
 if machine == "aarch64":
-    plat = "linux-arm64"
+    plat = "linux_arm64"
 elif machine == "x86_64":
-    plat = "linux-amd64"
+    plat = "linux_amd64"
 else:
-    raise OSError(f"Error. Platform: {os.uname().sysname} / {machine} Not supported.")
-traefik_version = "1.7.33"
+    plat = None
+
+# Traefik releases: https://github.com/traefik/traefik/releases
+traefik_version = "2.10.1"
 
 # record sha256 hashes for supported platforms here
+# checksums are published in the checksums.txt of each release
 checksums = {
-    "linux-amd64": "314ffeaa4cd8ed6ab7b779e9b6773987819f79b23c28d7ab60ace4d3683c5935",
-    "linux-arm64": "0640fa665125efa6b598fc08c100178e24de66c5c6035ce5d75668d3dc3706e1",
+    "linux_amd64": "8d9bce0e6a5bf40b5399dbb1d5e3e5c57b9f9f04dd56a2dd57cb0713130bc824",
+    "linux_arm64": "260a574105e44901f8c9c562055936d81fbd9c96a21daaa575502dc69bfe390a",
 }
 
+_tljh_path = Path(__file__).parent.resolve()
 
-def checksum_file(path):
+
+def checksum_file(path_or_file):
     """Compute the sha256 checksum of a path"""
     hasher = hashlib.sha256()
-    with open(path, "rb") as f:
+    if hasattr(path_or_file, "read"):
+        f = path_or_file
+    else:
+        f = open(path_or_file, "rb")
+    with f:
         for chunk in iter(lambda: f.read(4096), b""):
             hasher.update(chunk)
     return hasher.hexdigest()
@@ -44,48 +58,71 @@ def fatal_error(e):
     return str(e) != "ContentTooShort" and not isinstance(e, ConnectionResetError)
 
 
+def check_traefik_version(traefik_bin):
+    """Check the traefik version from `traefik version` output"""
+
+    try:
+        version_out = run(
+            [traefik_bin, "version"],
+            capture_output=True,
+            text=True,
+        ).stdout
+    except (FileNotFoundError, OSError) as e:
+        logger.debug(f"Failed to get traefik version: {e}")
+        return False
+    for line in version_out.splitlines():
+        before, _, after = line.partition(":")
+        key = before.strip()
+        if key.lower() == "version":
+            version = after.strip()
+            if version == traefik_version:
+                logger.debug(f"Found {traefik_bin} {version}")
+                return True
+            else:
+                logger.info(
+                    f"Found {traefik_bin} version {version} != {traefik_version}"
+                )
+                return False
+
+    logger.debug(f"Failed to extract traefik version from: {version_out}")
+    return False
+
+
 @backoff.on_exception(backoff.expo, Exception, max_tries=2, giveup=fatal_error)
 def ensure_traefik_binary(prefix):
     """Download and install the traefik binary to a location identified by a prefix path such as '/opt/tljh/hub/'"""
+    if plat is None:
+        raise OSError(
+            f"Error. Platform: {os.uname().sysname} / {machine} Not supported."
+        )
+    traefik_bin_dir = os.path.join(prefix, "bin")
     traefik_bin = os.path.join(prefix, "bin", "traefik")
     if os.path.exists(traefik_bin):
-        checksum = checksum_file(traefik_bin)
-        if checksum == checksums[plat]:
-            # already have the right binary
-            # ensure permissions and we're done
-            os.chmod(traefik_bin, 0o755)
+        if check_traefik_version(traefik_bin):
             return
         else:
-            print(f"checksum mismatch on {traefik_bin}")
             os.remove(traefik_bin)
 
     traefik_url = (
-        "https://github.com/containous/traefik/releases"
-        f"/download/v{traefik_version}/traefik_{plat}"
+        "https://github.com/traefik/traefik/releases"
+        f"/download/v{traefik_version}/traefik_v{traefik_version}_{plat}.tar.gz"
     )
 
-    print(f"Downloading traefik {traefik_version}...")
+    logger.info(f"Downloading traefik {traefik_version} from {traefik_url}...")
     # download the file
     response = requests.get(traefik_url)
+    response.raise_for_status()
     if response.status_code == 206:
         raise Exception("ContentTooShort")
-    with open(traefik_bin, "wb") as f:
-        f.write(response.content)
-    os.chmod(traefik_bin, 0o755)
 
     # verify that we got what we expected
-    checksum = checksum_file(traefik_bin)
+    checksum = checksum_file(io.BytesIO(response.content))
     if checksum != checksums[plat]:
-        raise OSError(f"Checksum failed {traefik_bin}: {checksum} != {checksums[plat]}")
+        raise OSError(f"Checksum failed {traefik_url}: {checksum} != {checksums[plat]}")
 
-
-def compute_basic_auth(username, password):
-    """Generate hashed HTTP basic auth from traefik_api username+password"""
-    ht = HtpasswdFile()
-    # generate htpassword
-    ht.set_password(username, password)
-    hashed_password = str(ht.to_string()).split(":")[1][:-3]
-    return username + ":" + hashed_password
+    with tarfile.open(fileobj=io.BytesIO(response.content)) as tf:
+        tf.extract("traefik", path=traefik_bin_dir)
+    os.chmod(traefik_bin, 0o755)
 
 
 def load_extra_config(extra_config_dir):
@@ -100,16 +137,13 @@ def ensure_traefik_config(state_dir):
     traefik_std_config_file = os.path.join(state_dir, "traefik.toml")
     traefik_extra_config_dir = os.path.join(CONFIG_DIR, "traefik_config.d")
     traefik_dynamic_config_dir = os.path.join(state_dir, "rules")
-
-    config = load_config()
-    config["traefik_api"]["basic_auth"] = compute_basic_auth(
-        config["traefik_api"]["username"],
-        config["traefik_api"]["password"],
+    traefik_dynamic_config_file = os.path.join(
+        traefik_dynamic_config_dir, "dynamic.toml"
     )
 
-    with open(os.path.join(os.path.dirname(__file__), "traefik.toml.tpl")) as f:
-        template = Template(f.read())
-    std_config = template.render(config)
+    config = load_config()
+    config["traefik_dynamic_config_dir"] = traefik_dynamic_config_dir
+
     https = config["https"]
     letsencrypt = https["letsencrypt"]
     tls = https["tls"]
@@ -124,6 +158,14 @@ def ensure_traefik_config(state_dir):
         ):
             raise ValueError("Both email and domains must be set for letsencrypt")
 
+    with (_tljh_path / "traefik.toml.tpl").open() as f:
+        template = Template(f.read())
+    std_config = template.render(config)
+
+    with (_tljh_path / "traefik-dynamic.toml.tpl").open() as f:
+        dynamic_template = Template(f.read())
+    dynamic_config = dynamic_template.render(config)
+
     # Ensure traefik extra static config dir exists and is private
     os.makedirs(traefik_extra_config_dir, mode=0o700, exist_ok=True)
 
@@ -142,6 +184,12 @@ def ensure_traefik_config(state_dir):
         os.fchmod(f.fileno(), 0o600)
         toml.dump(new_toml, f)
 
+    with open(os.path.join(traefik_dynamic_config_dir, "dynamic.toml"), "w") as f:
+        os.fchmod(f.fileno(), 0o600)
+        # validate toml syntax before writing
+        toml.loads(dynamic_config)
+        f.write(dynamic_config)
+
     with open(os.path.join(traefik_dynamic_config_dir, "rules.toml"), "w") as f:
         os.fchmod(f.fileno(), 0o600)
 
diff --git a/tljh/traefik.toml.tpl b/tljh/traefik.toml.tpl
index 4364c16..5fc0034 100644
--- a/tljh/traefik.toml.tpl
+++ b/tljh/traefik.toml.tpl
@@ -1,74 +1,63 @@
-# traefik.toml file template
-{% if https['enabled'] %}
-defaultEntryPoints = ["http", "https"]
-{% else %}
-defaultEntryPoints = ["http"]
-{% endif %}
+# traefik.toml static config file template
+# dynamic config (e.g. TLS) goes in traefik-dynamic.toml.tpl
+
+# enable API
+[api]
+
+[log]
+level = "INFO"
 
-logLevel = "INFO"
 # log errors, which could be proxy errors
 [accessLog]
 format = "json"
+
 [accessLog.filters]
 statusCodes = ["500-999"]
 
-[accessLog.fields.headers]
 [accessLog.fields.headers.names]
 Authorization = "redact"
 Cookie = "redact"
 Set-Cookie = "redact"
 X-Xsrftoken = "redact"
 
-[respondingTimeouts]
-idleTimeout = "10m0s"
-
 [entryPoints]
   [entryPoints.http]
-  address = ":{{http['port']}}"
-  {% if https['enabled'] %}
-    [entryPoints.http.redirect]
-    entryPoint = "https"
-  {% endif %}
+  address = "{{ http['address'] }}:{{ http['port'] }}"
+
+  [entryPoints.http.transport.respondingTimeouts]
+  idleTimeout = "10m"
+
+  {%- if https['enabled'] %}
+  [entryPoints.http.http.redirections.entryPoint]
+  to = "https"
+  scheme = "https"
 
-  {% if https['enabled'] %}
   [entryPoints.https]
-  address = ":{{https['port']}}"
-  [entryPoints.https.tls]
-  minVersion = "VersionTLS12"
-  {% if https['tls']['cert'] %}
-    [[entryPoints.https.tls.certificates]]
-      certFile = "{{https['tls']['cert']}}"
-      keyFile = "{{https['tls']['key']}}"
-  {% endif %}
-  {% endif %}
+  address = "{{ https['address'] }}:{{ https['port'] }}"
+
+  [entryPoints.https.http.tls]
+  options = "default"
+
+  [entryPoints.https.transport.respondingTimeouts]
+  idleTimeout = "10m"
+  {%- endif %}
+
   [entryPoints.auth_api]
-  address = "127.0.0.1:{{traefik_api['port']}}"
-  [entryPoints.auth_api.whiteList]
-  sourceRange = ['{{traefik_api['ip']}}']
-  [entryPoints.auth_api.auth.basic]
-  users = ['{{ traefik_api['basic_auth'] }}']
+  address = "localhost:{{ traefik_api['port'] }}"
 
-[wss]
-protocol = "http"
-
-[api]
-dashboard = true
-entrypoint = "auth_api"
-
-{% if https['enabled'] and https['letsencrypt']['email'] %}
-[acme]
-email = "{{https['letsencrypt']['email']}}"
+{%- if https['enabled'] and https['letsencrypt']['email'] and https['letsencrypt']['domains'] %}
+[certificatesResolvers.letsencrypt.acme]
+email = "{{ https['letsencrypt']['email'] }}"
 storage = "acme.json"
-entryPoint = "https"
-  [acme.httpChallenge]
-  entryPoint = "http"
+{%- if https['letsencrypt']['staging'] %}
+caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
+{%- endif %}
+[certificatesResolvers.letsencrypt.acme.tlsChallenge]
+{%- endif %}
 
-{% for domain in https['letsencrypt']['domains'] %}
-[[acme.domains]]
-  main = "{{domain}}"
-{% endfor %}
-{% endif %}
+[providers]
+providersThrottleDuration = "0s"
 
-[file]
-directory = "rules"
+[providers.file]
+directory = "{{ traefik_dynamic_config_dir }}"
 watch = true
diff --git a/tljh/user_creating_spawner.py b/tljh/user_creating_spawner.py
index c6f07f3..eda9642 100644
--- a/tljh/user_creating_spawner.py
+++ b/tljh/user_creating_spawner.py
@@ -1,12 +1,11 @@
-from tljh.normalize import generate_system_username
-from tljh import user
-from tljh import configurer
 from systemdspawner import SystemdSpawner
-from traitlets import Dict, Unicode, List
-from jupyterhub_configurator.mixins import ConfiguratorSpawnerMixin
+from traitlets import Dict, List, Unicode
+
+from tljh import user
+from tljh.normalize import generate_system_username
 
 
-class CustomSpawner(SystemdSpawner):
+class UserCreatingSpawner(SystemdSpawner):
     """
     SystemdSpawner with user creation on spawn.
 
@@ -27,24 +26,13 @@ class CustomSpawner(SystemdSpawner):
         user.ensure_user(system_username)
         user.ensure_user_group(system_username, "jupyterhub-users")
         if self.user.admin:
+            self.disable_user_sudo = False
             user.ensure_user_group(system_username, "jupyterhub-admins")
         else:
+            self.disable_user_sudo = True
             user.remove_user_group(system_username, "jupyterhub-admins")
         if self.user_groups:
             for group, users in self.user_groups.items():
                 if self.user.name in users:
                     user.ensure_user_group(system_username, group)
         return super().start()
-
-
-cfg = configurer.load_config()
-# Use the jupyterhub-configurator mixin only if configurator is enabled
-# otherwise, any bugs in the configurator backend will stop new user spawns!
-if cfg["services"]["configurator"]["enabled"]:
-    # Dynamically create the Spawner class using `type`(https://docs.python.org/3/library/functions.html?#type),
-    # based on whether or not it should inherit from ConfiguratorSpawnerMixin
-    UserCreatingSpawner = type(
-        "UserCreatingSpawner", (ConfiguratorSpawnerMixin, CustomSpawner), {}
-    )
-else:
-    UserCreatingSpawner = type("UserCreatingSpawner", (CustomSpawner,), {})
diff --git a/tljh/utils.py b/tljh/utils.py
index 0b61da6..8ab1ca8 100644
--- a/tljh/utils.py
+++ b/tljh/utils.py
@@ -2,6 +2,7 @@
 Miscellaneous functions useful in at least two places unrelated to each other
 """
 import logging
+import re
 import subprocess
 
 # Copied into bootstrap/bootstrap.py. Make sure these two copies are exactly the same!
@@ -24,10 +25,11 @@ def run_subprocess(cmd, *args, **kwargs):
     and failed output directly to the user's screen
     """
     logger = logging.getLogger("tljh")
+    printable_command = " ".join(cmd)
+    logger.debug("Running %s", printable_command)
     proc = subprocess.run(
         cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, *args, **kwargs
     )
-    printable_command = " ".join(cmd)
     if proc.returncode != 0:
         # Our process failed! Show output to the user
         logger.error(
@@ -59,3 +61,14 @@ def get_plugin_manager():
     pm.load_setuptools_entrypoints("tljh")
 
     return pm
+
+
+def parse_version(version_string):
+    """Parse version string to tuple
+
+    Finds all numbers and returns a tuple of ints
+    _very_ loose version parsing, like the old distutils.version.LooseVersion
+    """
+    # return a tuple of all the numbers in the version string
+    # always succeeds, even if passed nonsense
+    return tuple(int(part) for part in re.findall(r"\d+", version_string))
diff --git a/tljh/yaml.py b/tljh/yaml.py
index 3ff8a8d..e51381e 100644
--- a/tljh/yaml.py
+++ b/tljh/yaml.py
@@ -3,8 +3,8 @@
 ensures the same yaml settings for reading/writing
 throughout tljh
 """
-from ruamel.yaml.composer import Composer
 from ruamel.yaml import YAML
+from ruamel.yaml.composer import Composer
 
 
 class _NoEmptyFlowComposer(Composer):