From 162fad1e3aff08252ac4df1b028682fc11c2053a Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sun, 29 Aug 2021 20:27:57 +0100
Subject: [PATCH 01/21] define a set with an iterable list

---
 roles/jupyterhub/templates/jupyterhub_config.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/jupyterhub/templates/jupyterhub_config.py b/roles/jupyterhub/templates/jupyterhub_config.py
index ee9a6a3f6..5a9819fc7 100644
--- a/roles/jupyterhub/templates/jupyterhub_config.py
+++ b/roles/jupyterhub/templates/jupyterhub_config.py
@@ -1057,7 +1057,7 @@ c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner'
 #  
 #  Defaults to an empty set, in which case no user has admin access.
 #  Default: set()
-c.Authenticator.admin_users = set('Admin')
+c.Authenticator.admin_users = set(['Admin'])
 
 ## Set of usernames that are allowed to log in.
 #  

From dce0b075d35fa29f9eff0a73ba116a71b3c10895 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sun, 29 Aug 2021 22:33:48 +0100
Subject: [PATCH 02/21] add a script to fix firseuseauthenticator
 change-password function

---
 roles/jupyterhub/tasks/install.yml        | 10 ++++++++++
 roles/jupyterhub/templates/patch_await.sh | 11 +++++++++++
 2 files changed, 21 insertions(+)
 create mode 100755 roles/jupyterhub/templates/patch_await.sh

diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml
index 1f71ba454..cf9c21672 100644
--- a/roles/jupyterhub/tasks/install.yml
+++ b/roles/jupyterhub/tasks/install.yml
@@ -60,6 +60,16 @@
     src: jupyterhub.service
     dest: /etc/systemd/system/
 
+- name: Fix the async bug in firseuseauthenticator
+  template:
+      src: patch_await.sh
+      dest: "{{ jupyterhub_venv }}/bin/patch_await.sh"
+      mode: 0755
+
+- name: Now run the installed script
+  ansible.builtin.shell:
+      cmd: "{{ jupyterhub_venv }}/bin/patch_await.sh"
+      
 
 # RECORD JupyterHub AS INSTALLED
 
diff --git a/roles/jupyterhub/templates/patch_await.sh b/roles/jupyterhub/templates/patch_await.sh
new file mode 100755
index 000000000..df6d438ed
--- /dev/null
+++ b/roles/jupyterhub/templates/patch_await.sh
@@ -0,0 +1,11 @@
+#!/bin/bash -x
+# add await to asyncio change password function
+
+cat /opt/iiab/jupyterhub/lib/python3.7/site-packages/firstuseauthenticator/firstuseauthenticator.py |grep 'await self.render'
+if [ $? -ne 0 ];then
+   echo Updating file
+   sed -i -e's/self.render/await self.render/' /opt/iiab/jupyterhub/lib/python3.7/site-packages/firstuseauthenticator/firstuseauthenticator.py 
+else
+   echo Patch already applied. Skipping. . .
+fi
+   

From 6f8f457d66990f09cd2002cf550cb7ac3a3b9638 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sun, 29 Aug 2021 23:55:57 +0100
Subject: [PATCH 03/21] change location of passwords.dbm.db

---
 roles/jupyterhub/templates/jupyterhub_config.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/roles/jupyterhub/templates/jupyterhub_config.py b/roles/jupyterhub/templates/jupyterhub_config.py
index 5a9819fc7..37f3e6e67 100644
--- a/roles/jupyterhub/templates/jupyterhub_config.py
+++ b/roles/jupyterhub/templates/jupyterhub_config.py
@@ -1058,6 +1058,9 @@ c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner'
 #  Defaults to an empty set, in which case no user has admin access.
 #  Default: set()
 c.Authenticator.admin_users = set(['Admin'])
+c.Authenticator.dbm_path = "{{ jupyterhub_venv }}/etc/passwords.dbm"
+jupyterhub_installed: True
+jupyterhub_installed: True
 
 ## Set of usernames that are allowed to log in.
 #  

From 5f252a9e935f65358070a213436eb20fbe00b32d Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Mon, 30 Aug 2021 05:11:14 +0100
Subject: [PATCH 04/21] readme pngs

---
 roles/jupyterhub/README.md                 |  29 +++++++++++++++++----
 roles/jupyterhub/admin-access-button1.png  | Bin 0 -> 6488 bytes
 roles/jupyterhub/control-panel-button1.png | Bin 0 -> 3730 bytes
 roles/jupyterhub/delete-user.png           | Bin 0 -> 5646 bytes
 4 files changed, 24 insertions(+), 5 deletions(-)
 create mode 100644 roles/jupyterhub/admin-access-button1.png
 create mode 100644 roles/jupyterhub/control-panel-button1.png
 create mode 100644 roles/jupyterhub/delete-user.png

diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md
index 047f9ef0a..f881a6924 100644
--- a/roles/jupyterhub/README.md
+++ b/roles/jupyterhub/README.md
@@ -30,9 +30,28 @@ While PAWS is a little bit off topic, if you have an interest in Wikipedia, plea
 
 He explains PAWS as a "powerful Python execution environment http://paws.wmcloud.org [allowing] ordinary folks to write interactive scripts to work with Wikimedia content."
 
-### Known Issues
+### Users changing their own password
+Users can change their password by first logging into their account and then visiting the url <your_server_ip>/hub/auth/change-password.
+
+### Resetting user password
+The admin can reset user passwords by deleting the user from the JupyterHub admin page. This logs the user out, but does not remove any of their data or home directories. The user can then set a new password by logging in again with their new password.
+
+1. As an admin user, open the Control Panel by clicking the control panel button on the top right of your JupyterHub.
+
+![Control panel button in notebook, top right](control-panel-button1.png)
+2. In the control panel, open the Admin link in the top left.
+
+![Admin button in control panel, top left](admin-access-button1.png)
+This opens up the JupyterHub admin page, where you can add / delete users, start / stop peoples’ servers and see who is online.
+
+3. Delete the user whose password needs resetting. Remember this does not delete their data or home directory.
+
+![Delete user button for each user](delete_user.png)
+If there is a confirmation dialog, confirm the deletion. This will also log the user out if they were currently running.
+
+4. Re-create the user whose password needs resetting within that same dialog.
+
+5. Ask the user to log in again with their new password as usual. This will be their new password going forward.Users changing their own password
+Users can change their password by first logging into their account and then visiting the url <your_server_ip>/hub/auth/change-password.
+
 
-* 2021-08-07: The page that allows you to reset/change your own password is not accessible.  Likewise Admin users cannot reset/change the password of any _individual_ user at this time.  <sub><sub>[#2918](https://github.com/iiab/iiab/pull/2918)</sub></sub>
-  * If necessary, a Linux administrator can delete the `/passwords.dbm.db` file at the very top of your Linux filesystem, allowing all JupyterHub users to (re)create new passwords.  This does work, but is very heavy-handed.  <sub><sub>[PR #2892](https://github.com/iiab/iiab/pull/2892#issuecomment-890551682)</sub></sub>
-* 2021-08-07: Teachers (i.e. Admin users) cannot currently access the very helpful "administrator's page" discussed at [JupyterHub FAQ >> "How do I manage users?"](https://jupyterhub.readthedocs.io/en/stable/getting-started/institutional-faq.html#how-do-i-manage-users) and [roles/jupyterhub/templates/jupyterhub_config.py#L1049-L1054 >> "Admin users have extra privileges"](https://github.com/iiab/iiab/blob/d0e8e048347bf46c02a2cdb0da9c5cd0c489fe40/roles/jupyterhub/templates/jupyterhub_config.py#L1049-L1054).  <sub><sub>[#2919](https://github.com/iiab/iiab/pull/2919)</sub></sub>
-* 2021-08-08: Password [dbm file](https://github.com/jupyterhub/firstuseauthenticator#firstuseauthenticatordbm_path) `/passwords.dbm.db` should be moved from the top of the filesystem to a better place — e.g. to `/opt/iiab/jupyterhub/etc/` ?  <sub><sub>[PR #2892](https://github.com/iiab/iiab/pull/2892#issuecomment-890579789)</sub></sub>
diff --git a/roles/jupyterhub/admin-access-button1.png b/roles/jupyterhub/admin-access-button1.png
new file mode 100644
index 0000000000000000000000000000000000000000..505496819347e33d636196fed66c6f6f7287c30c
GIT binary patch
literal 6488
zcmaJ`WmJ@1v>p@{5or*SFc6Rykd9C3a6r0Cx_f9)KMCpXmS(7-2L_QChIFJP2N=4B
zt|9L0_v5a0|J*-kowe6_&wI{3`#jIy&xue6D?B8oCkBB)50w;UH9#POBB1}C=oZjM
z{Ms%6fgUp}$-dR{ncm6vSAR0u@<T~H-CL|lNpf_iULgH4(=9_tNjvHpWOHWzV!mZk
zbE|=KpO_cbrb^^(!L9g*MVqhoQ)wt2!@z5AMP&`jOOPW;Omy_^PP2jgWCXVcp2o%9
zp}ZwYd%seA`u3Jw$d6dUnhp$Kl+N^|e!VopV;C}gmkwA96WJ|A5GVwBdyf$WS`Y^;
ze><QvQlJUA2Q-M=K!YIwfhq$rq6{$}Yr~8ZJ~fSv6C0jCa|u8p<6GivU%M9d)&=ez
zV_EFt^C!nL`<$Ur=;Oy4pA|>?;u`DgpWgn-d>a(fK!p)a^-dXeevv&aU^Cor2`|#n
zw_eTJ+_eAu(~3z5ZDi5)@1mIDVSTjddIrbT_;$H=Yf{;+QNFl;g?QK&M|k$-Bs`IO
z9E=4SIH;HS<JwQZYfSm$cAhXW1h7<djg1m4Q0yCTu;r3(Y=~n5G^GV)Ck>5<l1JtC
zA>McV_&-Z*Jdq&8vPt&6c-RVqRBXxe)XncKnkOrJ;ZJrH&X!`LqN1XsJ5xzO6OFij
zDZJ`Ca$p`0#gfBb{<}M4XhuaR=jYwoOiL+*Etu(rAkJTSn8TM$B5#{Ev16S)1$sg5
z8`HH(n%EO7MkXd5cIx=}_&0CfuqaLMc%PLM{K$Zg#6%mn9C+C%ghBF4yg2+TfW`d%
zl5!n2yB_bH<;VGp`@Xl$WmqOrdIF)Zc3KNMkz(2JFjmv$4p>E~xty3mD-|g@PQIo~
znGKWZV<ipi0@s=e6x_(1G2Cf)c5zudJiqlRuei8(!*kkENZKYmX4h3DMW47{DgZ*T
zaPMHw`0f~_?q+0*|2|DOO?OMjthDcbqLMaanRCXN(F=GrxY3lgqbjYE$DKJ*6$K3J
zK6;olXr`<EtfkE)1{Zt&`LMdt>i6hq7k1y3p}L~t@FVJ6!BoTY7Z(vox*nHB8g^>k
zkXC%+CJFyy-12U+r7Q6Z{cj;ecS>Q`a&)!POL(zWriA}zRB_@utI0vQH~dPdr@Nc*
z@CtBOettgC_6WVEkH%uLQkm<XVz4PycwtG&8hsDcuqi+y+?!uQ!m(EGGAj*jEBoF{
zr()bzu(7eRZpx9Q3!Eb%Dkdfd3=pJG_bxOgBPDHYY6`~hG|kP;Nv$b87`EhpOmeq%
zAuuqIBiX+5`EAgiWH%(~mC?;$>kE8hMSd28P4f?PwjCiHE?rh)6KT%I*eL41uHB;I
zJsW=&AvkLUCYnH_YqJXwh@8g^D=RB6Sy}s6+%t!Sf)kUHlD>au84H)6f#&5sefDf|
zZ?TI-N$AZRlqJ7VCO0|JS-`bJb$d!?rZ^wpKe%p3p^n30@tG!<k^cUJ58MWeM;oKB
zUcEx0P?&(jhe`?K<Ks$7N*1+g?<r_#l7ZRd;>ekqF&NB96xw;NwMd=4prF8&f$ZT!
zE7%leME9CjeD>(*XktQwfuUhG*yioqx3aQ?u}BA7Tc0@TwpCfux75Nz9?fO>X;0n3
zwoEI$?X6sqdP$XaLeiO=o79B)j&%~ssfF5zuRRt{31bGSMh!ZYgVS}@$MdmhD0SWE
z#0pi1W~rG9cV^|Bu~YOjjQh{}scvlgdau_>+*agin?6^hOJupvWR-CjdwF?zoI{*5
z3#F2+?fS{iOgcg))2Jhe@s2*=He0IY`0efOy}iA*wzh#(-a>;CMV9H>k74TU%bF}K
zEJw%3X#DxY7cy6dHCK`M@83&lo5AODa&ma6iLpyds;oHE!$@Alf_qDVRPK<q%Uo-6
z*P?5S5mPL3#T_k$Ud06Ap^7Y&#9x7c@;}|3>j)0Euy`J7F2Ph?U!PPak%(fUjCdy_
z!)x5CrKLqpPv4K-=Ocl8Zcv`>Uh|b@(p#5l_1}M2RrwubtC7jXiP7H@5Qcpgz61L_
znlgb7#5<SnpCJNioF*E!;Ha2tR4qC^WLJtldEFX5?2^TLm9U?!T=Whh?y*WDfJg+o
z`L4(q#zU;QUm|bEWrAH?Tbl#}5(slQ1~paHHusfpCe^~3L-f(C($cvK&*Bv;bvUQL
z!{JZ5_!y869z58%%EL%XO1{e{@2ZKFx*%%z1z>A_ejachY|2q8_h!l_*REmOgqWI1
zEF0Wz!b=<Znq&qJsgBuPIAL9%MHm|yMGgL$o>rcj03z@DV(ZqYr)+Ft11qd-Y`WUo
zZ-j-Pklfvy`|`25^eK^CwsU%gv^zpzTv@2Lv2WnSO}`UGBZEoBP51?RJNKNt6+VSi
zdCpX5aacZI78gSd^!1Sw5!%_={oNteUyJ|E)oF_nPgqw(bac^HnxK0NgPi3f9;3W=
z)<hH^Nn}JsKGj_`nv;XWM<VB+r?xIGHlac7?d^_2Pmuf7hzolJJTfve-d;hW{e}-P
zikX*;rl+KYVtv41QsaM?#i`kL|I}j5t+;q*AXKd>RLWl^ROI_C4`!F@?nZz0JseQh
z7Sr}M2h+aot8-V`6im5qtn%0(g;V)S{U9qy#?VU19Go(U*LQaF9nB)sjm4#~^LIg5
zwe?Bkwe^Gz<9Z&5ctA;<lKYKBk6Q}9gWH$p1+`yl-i0;3YOY);<%f=}O-~0}R0*HW
z)XQ;I?^Icw#grE)+ru4JJ{Sts>UCx|+x6=tHo!TkxLs(K``1Ha^mDVP)D5c@SDi_V
zCsZ|sGA2TBOv<K<8sfg|2s~2yy0b_m@IvtS!_7oFf50P1H-;|079%jOytp_NiFFgn
zI$RqOXb+76lXnB4IV~zyJ3I{5O0Fs^a}!~pqM|xNhlPd7J*SAlvZ>`{`9IDo72_f&
zdj8@CU`FGuVWMx|B+Iy6U3hu^B$K*yPDcm`zJd{@7gWA2nkb#g08<a#PcHzAZ+(0B
zxevw7<D~vXl{Wiyp3R*&GEyZ|koAE<3XO^2FK6~-s=C>PR@w%Gxe0ZXG&xHeVLF{`
z+$C-L2K>I0v3UwtQ{_-y)U9Eoig#94nZuT~bkkt!ej?v=KdWeIEml%%HyS4aT8sP1
zbA#nox}PhDEabF5I(!UFmr(ATbDxAvV?S_B&{pYbOq4S6drew9o7XnVM)V|nn|MZL
zKpG=fm5qa^KP*h3Ii8bYO>7J@)#7vTurBl($M4=-#P2c2BB_YK0yuw|_)a~MAqG3s
z=u{}K8ZBQ4fC3RAuI-R?M?6}d3b^-chad1y84G<4yT|RRG1=mfm}?@Z@!8p^u_-j#
zyuo0|`jGDHlw+d-)XU3@E)?)HHD3aYsE|-fMg{;HOIYmH^8Q>Zj(DpcK~_0BM#CSl
zW*nK%l>p$3C53*G6V;I<7pGl%a&aSn>eISao&jY8)?FTI;k4CVWs@osE5xDcG8`dL
zrtA^UWkuCqaC57`L3>s<*wId-KYUhsN14{dKWkA$S*9;=Fhx?HtxH|bozI~PM;9HG
z#2`FmObV{3<JpFr?a%eYP;k@L_)f@mKp3`}8ROP6dyeShQ{|!sNaEZxv><SGb(NU#
zb6Of*{jF)k4<9H(%_%4-gk6R`*;7+f56>@aYWP;k7hVSH8XHGrMZ{jWa()RK0>XxY
zG<QTH@P%!uyMY0H?g+qGe&M>w2XhvK7sKibsF25B^fPvQgU2K*n=9_xr{@!E$~=2J
zNN08ei-4zPB%S{DJn1@fj(9$DHZ1$q`<wC*;fCRv9C3IR4Xnngh!cu;uFn4#_Kc4B
zgbwPV)vcglYa7kZjG3FG=N8Z@(V<O!$h{30jkj#Kq;i0@Q3N#A<J7rQQc`*c$BchN
z0;Eh?C^wET?!<cSExctw78VwMu({<2Yj0=tYSYp3x!3hxRdsv5-H@Gn7t;|O)G!u{
zL!2!=&@zpQh@jx^79tiy!1TDv%F5_M+wr?_vKh#?1KMP=_f{>Cz>-&~RQy&0Sz@WD
zLdnUE=u^HI1+N7Mjf*#X1qLF|y^3y2m}0m;SoTARi<&fbiydEcW10I@2?DEWlp2$v
zH8_J)r+vSYAwiW>H@BKeaRHhE9Z{P3*X8LG(}KAd+m$1216CfXVg21f0Z6@gmMwu!
z$iPvy76%OxVRgrK>$v^#{n5)Y8vxB4ot_Y5R+%}arJ0fY&CMb}a>P04+@w;Z!GL^8
zdA~o0iil8x33sqEFz801iZQ1X!a$Ofli3%YgFH80yq|`+wC&%G!D7DPQtUhY{~$Ok
zwH#Ip#_72nh9QK{c)4`?h<wZXmq-7pu_e&W##KhAXX-zwRnmyv{oZ?ysJMjzc5{7w
z+EKVnnUwn$j@s}P5*98D(qqOjinxX#v2wDqN2jOwC?*fFYygZXBM6cEz=gWVlCiRS
zsr>5+9i0e3hoR>8@87r0y6thvC4l%i{3s+ySWs~9Jb*Opa1Mewe=MMaBR=27N8nNp
z<}Q`#><Ty_rBfRw0Zl)ubnYB(!mcBumf&J@gm$*<DHI2kV!eh1Ar(Uq9Tz6$8a;hX
z-}h^u1J;S+dIKusxopkcqG|jOi1fcW=h@~@2F=4ck^@JK<ylK2^Ai)HcYlvcLanT<
z=t66!9GNk%sENl+Lhm;HzJhtS(?mDqX>P6y0LdsCjiw9D7W3lZ<>eI=JnD;o@qqN_
z&hD=KzOlA8ka*;gEi$@F@R2hzMq|%9zuemx*6~Bwwi-zx4Aaj@8#)D^;NElh!{@%8
zE{Tt&=bJT-JTU+#O*TB%N&QPYu;7Vb>RCPOwR@&Nv{%Iwg*6P#6nj*e<-SJv?Px!L
z@k-5Kg5%8XWKL$C)2P>y;2H~u*^Ic0FfhgHYH2Nh%qlHq7s?!3aaYR{sm;StQc(rg
zc|&y^<mK;D+Cm_wmp`C2HRQ<sotY+NZ?6Siu}(!`)ot!KK(e%UNX97EJu59{^Yz^)
zb3Hx1KkmK%LQ8Rqnko^(jD_3Jm50+%wZFI-U}wjS%9Bsslf1Z{?7a+CjFqaQ`d*oC
zP}iTIvj;^=2;amg8|Qm~FKJ!9&Yeqt&S<3SyBOzXY(aaTKhZCXx6bUwbJ%ZfRU}d7
ztM>&4Y{9-r4nQV;ij)$@%!sX(qA>=rXg8^SM*hf7v+$UhRreN=7-mVoBi5c&)1b!`
z6rbp?@7y9dU}QAU51{_^&yPjdZj1f%!?k<&?j8FDIygA^`H5{ZU7cZL18)f*U0fV*
z8S$h7*zMDHbad2HEbuyW$TmRF$H&LX$tgHESXcK^dmXrhDnd3uN*XxRb#x(pbg!)-
zJxOS1XJ>ISYmo-3GSiTYR&c@zH{UMZhHFDLakv~nNmhPwsPVbm;)WnBqMeG!q5fA~
zPzS^P{iMj{C%guhn0*>n4t*D$upr{*@_;b@g=J_Y<l~^$N9dfk`#voPCXI7mcV;Jf
z(fa)31{{UkWaE5*%h<}XkVICpwpO)*mqn5CsSMI8c+!UOXZWWtvcw^zUxNaqn4w?p
z)|ZcO0v9SYEG+l{#U^z{BN9{c{d>Um`I-^WqX@E<@CA|K754|k#Om!n*Qlu2SSrHK
zD8V&Ovh10)+~62<Ix%LcTxP(Tq4IfZ;^N|(8XCX&fH-(WOS^ithFU3rs5288j9S#P
zu(F1J{kk*Xo=FHYyA!bHnc$rXe>!o6ell;Dmv%gwp8kRE3Ir~J$b)dyuSnjg>KQ*$
zp8Nei5i_0`q@bTSbG<oUaTw-{=H)R(aK$THSXcnXN<v~{<hO6X7})NSGQ=qt9mN^u
zUh7BpxMO>xCH+srWedW?iE8z-($gbWP4_>VBxSSFMxt%`q)V<gN^+es2uYy26A}^<
z5J=4Fyq_I9<;cU!i)nC3Rb(M1BU2D4>$9voIB-v5|DppkfS#Y9Yn1&x*S)|yA<27;
z<?F`~u!^wX{B<?zfZ@P;hM%($9Elp=JJ)&}wYEb(*-?io3Qc;ZmMtC3B&V%gZE{>@
z_j?!awWZ_Y!VAs6vv%+uE&|Z~#-(_>31)IqSenrV;oV^1WNFC~YMvW(vEgpOH)QPr
zjNT;5=@7nHH-PGtjGjMY2Z1;zgTkB_dK2eS--_O9%7(+A_8K29E=NCDhLWy@&x^iZ
z^%PUY6N(DG+r%p#3n%LK8|PZK!melVs=1Zqx^9%B&L=KPt*~PNdjPg$r#?A38HS{f
zJZJ3B2dm|pk$XMLqo!>&Oqn0~ETg%>Gq$}A6vRtQOKH#2g5@q=O<x8i-BB~^d_w>_
zBM20p(R}TjKbA<bom~{Do2Sr-mT^q$zl8bYbS8s7;jf4wCZ%}E9DMeT8;<w@jL%^b
zJYHpP590cED*cd}s@)_vE-nOnR%HwiV4ch2jeIFEtsa<?Ue~0W&miVWG+w5bE!Hr&
zYbQ2fDY|sKkl@GWarUWvgJz+Q;jmw>MLdP9<TtKvJOlp`iTsg_<DS%<g>GCX(Y}5B
zA3kl4m)ylGW0ukK*q+EonwpwuPj~i@y974(L|qp^F<5{*2D07_Z+O}ZX0-dC7F5ju
zb!1P@_H9tCM5(f%goFe?|7X@~U&kf!Rc$`oIV*k0$>r3GhX;zca8eO&si$R8V={JS
zC2v-VQLCGxZ<cx<GcwXd_LNR046GCoF5J7+%wM#4m(K?zc<CpLHh~QW(bhDp`#%0B
z+i%J0Li9*{B&;A?6Hr~#z+)6!?j=es=wPzrTDxQvotQ7Vgn;`Vu6}*+sLG_>o-y;i
zV(XNUZ}A^v_Kbw962m$)p2$GymzH0j7Af*-L^5&GJ|!rR>~`i5D{Z73!^rTkyjqwK
zds1pD6=8g4W~8;5X#zk#z_s}FkLz+Dg-?*sp2$bol!m6}-+23ojCqyZpL=~&0uXy>
zr<oon8Bu#M#!ira#e4-F8xwT7kEEfY!D4k1VjQ!<za6u-aV+o*r6I51dD(?6{wOsj
zdinzB5&2En>{b>1lP4Q?c~9$ZGtDeGJ34al@c}-Vkm<Cj{o~juU${S7ejR>RRbIZS
zhk6an9~LIXC2H{5bHQoYP}OFhs||m{Rzsh0KTn0gXE0D$OswCcmXeY(4rk)KlH75%
z<6__7*QpR8rGXIF3|!Si)pjv6UGM!0Ln_DEH5g$2+$(zQ&#br_5U0{c&qMY73kY;D
z$9%naZyLhee)M|+Y6##JKwlHG$et^FRY%7SFhxS)OJpo#byc}Fn3n|f1G@mnT<t=(
zCaYrsF)t#*&cOiyf(i-P=BEqJyIx<Q+)!cXSv}4M2%vu!;DT=Om}<kO-IY|+>miq*
z!$E<OQmt~$5^%Pt$10#$knQVpR`dX4C590*&2Asn)MAm?$Mp0U`?0~7-BfCX>XoJ)
zh}zl@72_F0tJ*K6{)(9cKb@O0RauL11%-u@Fp1My4~yDnV71c?4nWYzEcx%YtSPIg
zC@3iCD*Yq|<kpa)7jQt>05WgVFqre4*ffMWV2@x2UQ<&8(9n_Cn>X65iQ{8qW^}aV
z<RLjFZS+a^0BzRn{#0~qY{$`Wl@TfYHsGG%6Id=90e4-zwF7U$1kG5~{$kqR+<aGU
z>c7+Q$TZ*sR3|n%8tT(S3&^`6(hQ_w%0<LPL?Xf0ZAh$sN08)>_?OOq@ViSrkw;st
zt*sjyc1L1>iuLu8NwXWacYU4x?_#y1=bWVj&i1I(B!JpTl4)dsw?h>lgBly7zRF-x
zx_EN{$R4)<*|=sJNT~n-24o4jYhn@-S;Xkpu`R9Jm^7e%EqKF$PZt&ze*6GIJH}VU
z0j>GR5(x<j%gdLNH<yQfriP7<@ro?YO*7UoUx^%*R34xLL!p#nksd4kH0>s_Iu6dx
z#et`nha;1dlZCIkbsM<|m;gPy$F0Q(5YejJ4!(`x<>cgW9XCM=3Smg>D|Yt2krCY1
zR%TAl@W{x>z(8T<2@sz__!*41rza5N;*i}+NBtkbd7piBch_K{{QB>|s&kL__xJzG
z;}cQ1pIu!y2dN!Vm`84IZvWZtvM2#GdFRfZInzXaMMXtdSH8baYM{XEU^;F9bdc~r
zal}Y!=;)jjGGE!Q4QCr08+*eUffM*qZf$R`T!?Pl`}u%?fIv<1c&s}3YRe|acU8CJ
zV!T8168M#o!hWRb<&xdEk{rLyHR+r4jt_){gl%U_ktJ%myEvQ;>&hn_2&5N1+v0&-
zboKP|qM@c{VPgaCiM)aWQoUQFyQe3DF8o#F2cZ1HS5zZ5x3}vJpo9Nf{wKUA0f$^N
zD$37aFuHMZaUu8sJpj_ScA0OR!eCqk>79gT?Bf{!?r25c7mya6oBR_#v!GB#fYJu^
z?d|P*GI#zuOu{<^SjK;^1^;#a+W!AXh5vnB_`l;rl2>jBu71((eW{6S1?B)L$$@37
I-kE*=AIHb=IRF3v

literal 0
HcmV?d00001

diff --git a/roles/jupyterhub/control-panel-button1.png b/roles/jupyterhub/control-panel-button1.png
new file mode 100644
index 0000000000000000000000000000000000000000..5fd54ecbd797927b7ecf1bfe067ed66f819801a0
GIT binary patch
literal 3730
zcma)<c|4SD+sDW4PIn$;%|(e)cE+U0w2);ajb+G^rOa5eR+h3Wg<%FMnlz?vgp3-E
zeTIl;MoA&#9vKrFV;{0*3-9#wzI~qOec$KvJm(+R=Qxh*Jdf)<kLz=OKffc*-quQ7
zR8bTJ0*PCnwm^VDLVpNs${)W8p6-!`9Uzc|o3+I$r>K5D0er9gw0!Eafu~dXwdd!D
z?U{<QqAby5^SN#IM`cA*TMHx`2A)%F_|6X6Ph+;F6Se1^dk!2>IQ?d%^T73ltaiU0
z6QOIv`7;B<-)n_Hja(x!A&{gn2rUGnfj~&m*DH|EpFgLobNT!bxc{RUJeO~EMB;A)
zNwb5^7qnpxvYjQf?P@2y-&IV{f_sWw^2{WKk)~p3A&80y?FIl6*dT#<1Nf)#4+jfY
zhq+sjiVe;j&ae-KCLkjHO=R3@SjE-KxAz+38-e1^G{Uv4W<%xiSxel)O4#oKoWYl6
zv*4*=`yiQ0hfohr#K>6lvLpSHbgGmm&62Z(hYvctT{I|+rRQZXd$Pn?<!NVUaxYk6
zvlf?=@J^HZtpp7hT#=?s=MyG&@|e+5J`iipsk6L@P^+Ag-&NGPP1QNBudrz`vT%Fv
z(OO!1-E~4MimCf8=A&AYBfQ9?&c&ml4c#r5tzUmzysnndueJ5OXTXSbv`DLP%qBn+
znz+i-v;FTr$?K`M?TWCxD+_NPaEjJ_roZDh%3WkE1^;#`x{o>hKt&qL^}4#|G)B9_
z@7QBzN&4bG4&+<c^NQb(THH&SeU4-?Q^9|Qm;^m?!nUHqtI8$Bkz)MgstmuXx7*@N
z(A~unzL`|hcqO--*yP4>c(4@d%S9IvwSyL(eRQrobhBWS^fJHFt_MfrpU1f>LXr@a
zd;K}<ysM54wEeWN3p0yldQz|7^D=sUnYIr@UKC|QgUhTv)qpDQKBMXKt|u^8lOlk4
zYc^|28vm5k_z<YH>R`t=*(vpAb1?iyfbI(245z)>c93mq7)$oUYpHJlLv2^DRwlr(
zWm}k1s!DEHxSY>g)8KnW3|1z-z&c({13!w-_nQ<3%RyRQut23}j6QEa#U}Lucu*PK
zzv7)Ms-v`JjC4Aw?l+(_He3bg;P1@uX}JsZKrp3H@`{?fMo&m$!@jOuvOhj0$uYzZ
zo2OQjRveH6w<jKID3vLC_j`ODqtEFkq?vI?cm*L<WYgAF>g5z`^&W=h%wd$8%Ym1T
z4hpAwl}QjYBONNQ#7mFyrOdem(Ib7%4{`N`uDva0pDIJP?ophJR;@-i=Sgtt=Owt5
zasHLd9WdXIkkQ9@Lz%O&;FNrW=&b|DU}}eVhc#O>_M1(OpFW!8b<Ot@JP4c2#r^mP
zUN5wBcfcMf`9+o+?r`k<^Q`Y22JR_~3Y;7koQP_VZF$O9;oY>ZnH#NQ9-uIWkRFBC
zeKiK2Bp@IouY7Kz^ohS6><Izum7W?ef749~JzvXDA(!q9B5gd1$SapIqu@+D#P~P(
z;!WDB6uVYq6qR?7tt_;rbuEIT>FXMrABED2oLu>onfSDs^*wW6Yn+kyD4wdp@N&$e
zxk7uBk-=++DpLt3Uq`eSp4kKA^~X@G4=qcN*6;Q^>fIgs$Qi5oH>sTT=^_)g6HufF
zOBx4R-W*K2&}0%I%5f6Q8xEti{k4&fd=v4&n4MusX1m@7BvJJ9jbb6TJ9uC8sz$?A
zVfgK}A2d*5?g#6qAD=PBR_HRq7e%+wl0QHp;Di7;|G<p@?Zlme*ei3R*Va2tw*IW9
z!&jCE6D#C|K_Cc702l#ZR73;`Zp32dltDvEXaJ;=`<sAV|NQzF(0+w~^6i)V_ay&!
zmLU8e<ob_i3CMaygRv9T1pNDbzG{n#jn($LT~}x10Y=ZMq!&hYmz<=0v{D=-)&$K+
zNOEm3b0fOVjzO&a?f+Om?i9M)*-bWzBuSFDaO)*rUnkuHB)ORMZdO`X+BMLyZGI`q
z_E~*0(5VKSLF})*RX1s`J~~kIFf^WQ+3}Q8YhBz~_QpgDHW3czdUe}fK0>yhu8xI5
z9@0t>+XB)0Z|9HOn6Z40nRnFR6l6|8+J7jU!EJ<Nx{EWJNtocov+hfJv?xo+h=sw%
zoA6-vp$N|W!Z%ke34OceAQm6$5uzU8emk=z@3y;F|1=_<c|-w4^@e(DkYsPg1_aNR
zk-;z*I;m`@Zcm8GZbkdmd<q3xKTm<>&kd;^ny|`%vic3l=n{U@^{S0lO|qHRQXsOL
zTpYlTX89&Ls84;P-!U>DeHt*x%C>A{mUMc;_)iorXJ9i8UZm-^ay*)5@H9U~3Ibbs
z85vZ{IFJ&oQ^k$BbXM*m^N*ltt*oof2*P3Uo{^cZ0X=eAZuN3H0QY2tBvy}Knxfui
zM)oYZ#x>^y7CVXjnvOlKjYvD}gi@sGq~r{ao4Ck+$2qvmVF9uCRb$xolcy?nnSX*U
znG(q|=8qmy8nPnOo}cd;OA?3Gk&D;eg2i7>8Kmy@PqDr`Ju^Po6z>T3V8!=23(=yW
z5aPuKhp_7V8XiQ%WB&S?{Fp5tR4DVm@dr=48WA@Ei4lev;-QDiq?|Tvv4-Ts8I?P<
zP@f*mvaMOg64w`+B*YB@*IH4;czm=`4p8O%>{5sV5Z9qek;>Wb=ByR*floOoLR;~H
zOq!}QS~!RgO2k7*<LovjcPOD*5<+D<OPTv3w6Yzn%G1<$_GJMQ`;4Se<*;3RORVQK
zw0$K+?PCYeJj^AAN*K9$GMR2{)D*v7>qAff%kRUrBQ2IO`d!IwN8s)&q3AgZQY`I{
znpQJEYCKCe`#rjGJ=5{LDiwE~eZoqsa`R$FwlUT?;Mj9WN^qjS&%o)Bg;!7dpW-~i
zLs>wik0ak1DTWbgH)gw|rboS9Qd;4YoJt&C&1E0C^LHa%)aL@i?&ht{b-5s{wV2;(
zz!4ooDiz&3t2lk7LKJyC0|?tvn+v|>SQv17;{I+NXS4R1@@lQ7(Swy~l9R$)j(VQX
z_<bDqR3TW^JptJlr$wZBJLx4COOW+}+^x19D7#XtfPpr8Uof#trN3JH9HVtl-8(UL
zo&L8f=ATQZ0^XsOz5`)X^g7vFY|`tjgu&fs(};V6u>NwWyxkjKR~O<R`S0ypX4m){
zx_)B0jh~+vvC!y&x7oEzU@oKQeCe-9vI5~GxZLQuAo!7Ad=#MRr=*hPerTKtFaEl+
z2QBn!+yCJ2|0Ne#?+0qc;62~JuZHIWTf#%y-G{|#prHrKCJ8@R8p(2Hw#0Z@CY$w7
zZ4x(E{e_$z&-GfqUSAmNlwZS?_k3SsU0|ipr5!_BI(S6zyvD(&AK$b|U9Q=LEx(RW
z{i*AIN<4v}llufk4Tya(*;M)=@KhQ0;STP4e!@R?9)%Ssy36)AsRDIJI6*1Npl4ot
z6L#UDp`7TkcTSP9v-`%*`9RL(5f00rT#YMBS&pXxupvn|*cI03lrlRZb$hc(7QluU
z&eF%%T_nw&-_EzMTEFpG9Xb&}Wo92ySjs|^CmL*X`*Mq0I>@3+Gw;V_QP-mCLYi8t
zo1U%jlzzS6S#rI#R_sGW_Wfv$J?xK^(5&KzqeOzT!ea__A5n*00EEmaSUBds*b8Qu
z6|AT&JTEW_(;QJd*Bl_zQdZ*dX=07@mhyFa<8EU}Fr+QAPlI8Wx0W2X$UPh=ZRKxq
zU%AKf;|xw7ugpJ3=PPS5JZMKv&iRQXLd|iaCwr3!XYkLD@;zxPeoy;xu0AfGUwmD;
zW2)nH%!K;Mw%FjEHTL-OBH6G%F1d9*o$RF1bVb3Dkdyr7gu2Galt))Fy5;3@nP7RL
zsjiEm_bF$v#fO$`c;lr3ObZe6z0h#iJ7EdcEV;TZABgkW+|`yu<?xZVJP1?%LS+9s
zn!H|!tT3z=TXY`KJ9o_FPi<k8yV4y5bhIERb5@E&sCX2;>=a0{|85`XF7H4Jj0-i^
zgnh#8RrZhLO;yGP7SLR^9GhJ;H=h8Q8lK=YiG7OZ-&P1fc}e^9kTRy*FX{4BFX<RR
zp4L}Ww%AA75po<&cIAKX%Rq*4uMimW&+40jh2$@(cT>{9It1x<T|3JK1LT{B91$5e
zb=8S0j~srS2*Vq<OD7-h*T%3DLuszYg8FTlVmB_59ilsk3M&^O_sa<tSGhTI%ezoz
z_TM-6!KEHJ@lKD?`VNz=2}h;QinHQqeYs^9bgU8$ksTS|+P{2ztj*Zw$h-7)nFidV
zd!3IQ4p2VGNDCYr8#s!hzoffr$qpXKoG5ueZZnC++sr%9j&4)}^S9?yj?CD}v5zp~
z^492Ki(@PxyyzvVenaLN<in2w50*vB>M;Hm{Z=e4A5bR}9*1!o<&5OG8;0v)1uLYx
z8xG!iyZ0mH3L3oqGs3_Zq)|O%Ne<bO_;|?ub|yHt$V8X%<x+)K=+<fj!oO5d#w`Ck
z+4icjZZfP5WcZv|++T^(`)~QUF*%WQ63ua3-0X!Z+-$6u@h=+u3+1$uOOGlTJF~H|
zJQ#JJ88b<3x)inE)D~W>2KjmkdP7~x?C*Wq&sOghfo{60`L)+om9Zt1wyjFC^=|tL
PNHDA|Z7oP<7nA-AU=Zzk

literal 0
HcmV?d00001

diff --git a/roles/jupyterhub/delete-user.png b/roles/jupyterhub/delete-user.png
new file mode 100644
index 0000000000000000000000000000000000000000..db26478e743596415328b8bd1e2961be69ed2f5c
GIT binary patch
literal 5646
zcmY+IbyQT_ALzMWQ9$a_se%a7O2+_#fOn{&WN2v|N*afdOAAAH4j?fM-6<u_0188Q
z3>^alNC~`A-&^bb_8(_|&t7|f^Xz^0`h;t0ye1=IA|W6kAOrrZs7*ldHw|8vAi9Hp
z?%HzG5fIQ$02SqRKg{lDkvTA1r}yzv8nRI;6nzhUT>tsgzaqL{1*n2vE-rK#1Ux9+
zwp-s<(HlQ@gw3!VjP|q)Un*E@u9gKCJka(i^~jgi+ckzU*E>CTQIWC=G7{HI7iNos
zu=c4JItp!eQ?E+&PGoL${W#|ZvZ-fcZqY?{0Icta4c7K{=%Vf7Ovf*$2>w&5`77*~
zKtO=I`@4hw9)D&8Z6^KwKE}rfa{DbkCc_Z_7XD}Ee}KP!4Zei`nFIRW{jakBe+td!
z%LmAtnv&v!XNBO~J)zlleO22Z>xBs@&l6LKR8!__Y{``A*{#lS+I^luC{FJ7IAH0T
z_m|~Kn$TORnziM=IdXV$`TM@w{beNL=KRRW{%baQZS35VRDGtc=Uk`GoWH*VG<p%-
zzTk5+T3jIxCf5V#j-aP9c>QAZ$bOcS{|dl9EV~_j&uvinKl;UME3(X)lnf1l+q4DG
z!*P^4SIWv<78jh~-)-<*2P^!oj2miE<oukWaB4KPGd)zf?vA+nn*}W*okiU@UNpA#
zLothZclAOfiP89eG7&(?$J1oInGd$<^5#mHtW3P?$kb$PPqFqdK|eJH!ad?(3Cikf
zK+l_+V9TpcSt~utl%Y)CH{yA9qMa8gz*WZRY)W7(qGz$_J}{-P<&Gmh_b=fcc8(Sc
z!83lx{8bt6_G0DXdP#r*SteN33nMol55LV^$_$1b`jMQWd7wxs9duUeXQ#MBzK0dc
zw?|?4ZIzBAxSp@F9`*)A?ic_ldmPI}0KHRE6P{FOoW}5I(W8dHs;OOCcE+6nSF5rP
zl=2W&ieKnk*agAiZIjZX*S(W(I6yQI(X>+dymG+NoH{2=SmJe@Si-<YQYz7Y-GlWD
zgNp}arWpfPE`*yKUmunXSe*&aBg|8JtUT|fK8FZ1x*L{_m{mgqBi#jmYLpD*tZi&Z
z(MdCojF3w4bHaFsG)-G(9@A7d-x-r3k>FQujea|}jra-0b>Efo6c*23ays~IHvH<o
zu~?1#H!w?(f#Lpny2BaTy~BEaH*CbL-UkU?ANZ&6Cpk=?j9;U@R=}D!UE{sToJ{B5
z(0^zLA?cv8i6%bIgjbD#Kn-E9VNKHvErhVd9i;|2f6>C9KSewIlnz!`1Y~Qhl+sYD
zef+y8Iz{x>-@C;;u^uOn>>jY37a>ApL?|a~PH!M$Ql3RU4JBHn+}!DY_h;{f&0g+C
zyBAuj9;82MGqexeJDj<!Z(Fz>ZJqLP49s%!aDGJR^r;eFCOuNosZ1p~s5I#+{oOxD
z3D=ZX>bQ-BY)zkP-R8Dm*7Dn;ec08qS`2+#C|Y{_q{obw=p@{~h+hLc+eFL3P#$lG
z-MJFxW;@n^SB`!@8PfT<{C7Y09S<-R*r#s+9=QlFY}`B{3J4c)^4}h0_HVrGg@6BX
z2U@Hhxi{y3T6Ue+u1A^_k6^cklU`q5ry*y~@B6S9pM>@3y)lhL{P%`GrKD^u+hNvP
zv!7O(LI?9P!*#2B)%VkD%LFmvL>*9n5@-CtFm%;V+5UOagm=w^O$~!6Nt1D|S42sH
zv2uZN`FMJ%Sj&Rl7?NmUNV39!8@#2iT-W>9V0xK~iGtG%P3fxOSUJr~o?%cix#clf
z3b3}F+w;um$<gX3uIu@>4EFO&O_(a>#E?YA$z9vDrpHnn`e<q=h;k<Am5CZSh?N*r
zu;VI%0njmqD5koR?l-Rz^te-~rCv+4K8002Em>HpG>TGCQeE=+5E*Q2&i=Gy%}zAe
z>xg#LUVAX<UX46*eCwpw0w;nmeXC89ajJbyx(83vVi9<dIPY~TtEa0!(%mK_s70|6
zrJC0Ir6WS5N)gp>CM5bocKd-kxe!wE#IUu_FU1}}V>@HTuBcvL-&nFMz55d#ZpBWM
z>le4JFGMRfRkBQnm7r1S300oWLox_otZ=3HjdGw0IeRT-aSl$KSw0OuLdj~;%J1Gj
z6Jr9Y2MZj~DGqyXD*$Mj5iMa`lnD`9T|Us!xEW>TgevOI#sbcJVbZI6TTOdX*7dx3
z4y$(?-dkOFsIg1BnZNrY{q=g&otc|=T72%GGpR&`c3*vS)mirko=&x^&|bkvkk=Xd
zV!@NFwM>`2v%2b?gR_~Lt-&DrdkOZNMiugXTjtGARJZue^k!TnfUNcMqpzJ_riY&x
z?YXLzPaA+%u*MoB;(UD%RmlE!_~Wc|(@F7Q>70PW6qRdIkDv#aLb-@fS`%~~_+0=g
zqeafj20nVQ(NBHrukoQs%?kB78TH1d-OTu2lD6ZKO(dsTT=~>{y}@<Y@T2dUx&Pd2
zTUil}`7X^J-o}kFfZ~iqRSK-c_Q$9L=>qF0UZqc{B#pjOE%q*)9oEvw%Je!{+h2a#
z9xQVN4m7rA-yRxNSHYjWIYM5KEr#hga0&_K-4FVy!Cl04X?%>-Sq)5KtcD8Z&#l^?
zuCE*@jo~<q*%$}bP`l?L{{)ycan|R3e3nE+NMj-LxdmcYeJx>Nf?eDNRi-&f@4ggI
z*m9yi{$y{Q5RSq4g!S~yU{1ngq?8bnvT!q)$DHU%ecz0{IQI=?|9y<Hz0{cLf^)s-
zpa$v5#HSaPi=N7f95ZooTFGvuCYhE;SJbRXS{>(V|H<0Xa4Wuj<pYz00mXP(U5BN~
zEI^WMeM>(?On~L-L4G?uuqs3n6n0;r5-D_0?{jI0-HYnDVq=Ru8Nb=))=Nb2w?`^Z
zV`V4aQmHsCQMZh6#@ygO>%vu17=4S`Mn)nQJdbI3YcjcjU!EPKO6%`#Y|zDW9XSCk
zL0_c9AJ7fzIIVRy=%lZ5bC3$Y=d4hKyQ<*$lfK&>?MF}l2mI0IK0@7IIvMa0c1lc-
z`KQ$=mMbLAih~v;i2R_00eZvOQd6Cu9tt0q!Ya}&)HB|~&zVelR_n|}H!A49K5l)q
zyh(!V{t!985TfcWd6?oHUO}8(5bp7a;os^}`><*m7b<D)xML1`Mn-E}L&t+1Z?9`g
zR5S&4WQd0w<ooJjv%Zf6;>E^S)z#we{YiL+d0tlwvm$gyc2O(eDhPYGE7ZIBqSut&
zKa>5gFVGzM)6eKVPWN)!Q&dS`&-FWvqr1h#06O^^U9;!lrp~zuIYD#F!v)&xK-F<u
zC29EuWlvr|ali<68CBy%K#WMhFt~J{suyxVFXksWc;9nOS)?66y#KnH&;Nd=7V-{s
zP`!RQ{I4M`)B7n2xf4Ybc6BNR9318A^y!RJ?d!{WT#Eq-l3v>znVDQtTUBXM-et=A
z4e>BlHmuje%L@}<coyblvp->ws=wxk@xVY5LK}PsqD@28qS-|_XBZ6NKm7D++m6qP
zE7t#vtv|tCP>5#Er1HxVvHe^7;N6@RDVNJIikW6BB@D7=QgnkE)E&=<Dx{ikr-G7@
zJ)=uRTzV>@Dr10E4m@JA(98J_(-LVDxOz7=wVJm|wF7SUFD-a*w4{8yw_)CP&iHFf
z>VeeZSyPiG%SZU5OsGX7L9KG{@r+61`&|vV%0r`roSu8$*2i*=;0;_iH@Woj<XV$q
z7Yfa6BCh|Vcl;DvjzAbBXL-b^tRvmiSfJ?${TUg@z7N8oUqf=MwQdM8Kq4{Xuidw5
zwlKPW9Sz@qzg&s>K(|-DXA`ArhPQFCEP9T)fEP;Z1ITX_kYONoZ%-zDUFVK7^xQ)_
zil-ml{DQ0PZ`EAUnK8stIT$mjqtUT>h0-zq@Y=A8o(<F_3RueADCzC_Y&!pA43|Fu
z=4HD{_L2#-PUd2hESv#jA3AOF@r?R?;RV5I`YL*+6&tP`q9g_L*@#rkUf?)Rs19mR
zMNf^7lyn??tC3A68;!|k2#|!g=c72aVdGFCLC{zS@TwdRX)7tuE0;_AM0(h&wNURO
z_7DE+<gg`cVS??=H76kA`}ATFvIZIhZ+Ji;x;TX20rQ@?&Xp;X9<Xq;$rxJ-ND@eR
z0>W>|u3QocwiVZ~XNc%n3?;1?WBf=&lY7b|ThRPwFy?;KOSr2Jsz&Z2B%D)ZDZ82h
zY5@pUyVPm^3&TXN1wVgm$k_m3P6-5*Jvc8;-;W+~x8QFDTs(MHBFPvKg5%hk{EUIz
z*zqNaY}3<Yfcj$MVj1LWY)9`2Go~}Ee1%%gw4sA2ak~na(eR8EuFqOy!tV~GS#9qF
ztD7&hKdHk#tsV_0h&J}fhmv5B%@<>4u7!04Sa-m>J+)Ap6gg?W{!V<p&nUm@rc#+3
zl*iAZsb)x7VA85IF|w>J6T$Co6QTa`P+RJHYoJ7?#$p70jOCi<wpm)63B%Ppw5Fcb
znrsV6O8!bkp9{RP)<wa#ZifgWz`foNyF9MuaCAN2bB&6sg-Be)1G2INLE1Gcw}o!)
zON3tg@&W;VE;tUG&#Bi<FKTN6wDX?md|-%E%c(-Zn5M?xQ;vwYu23prSZ2IF`BHe6
zCzI@iij?oYc6(S7g0Q%1DbvgTtK47l8VrI%6Bg&K^2-py41EFUGg{mk$rBn~@k_%#
z9qQ{=AvU>C#u8z~D_LN3`0hKmsaoTmLL1I*J$!W<8I;S9K9OBGKa+I3Y&>K!mUh96
z5ef(+YntJ{g7GSmG2=%~nnLzV;qO%9pTiq?$`7B>!g~64hap^7TZ4BqwmdzKW6)mX
z&D*J|B&`SQ$djstZ8#=S+m}aXltqG-Kl%A0!(o+ibbF~9b#HdQY_>&33(~fMT+gBP
zONECg4?l=DVz;$MyshdjG$Q7qOi6ac&<0mzihywAHH9#r^i_0VO8!{Splhs}JPhYF
z5%SiipmPQBE}i5<sdt%_pr)b^DM^z`S-k9_j)=K&?&MsnxlMHL-@X+=jchjv)7+XX
z?$F$z{DquR#>UZmV`LLwa2$N<?}p$6N;>8hT}3O$^1-1hA0DeX;({Te<X0v(WxZzK
z4~>-D`ewt<ycH~uTt#{JJW^{7gG`g4u5QHZkZ59k(Rm^QU&8FXu6%VwY;?r(_>qso
zy(YsQFNQj%)76%Jy5ioSc_k!S6VyauL8b^`-e^(ykS1XwDhE?e368bdVBlF6K@xB4
z1erZe*B7AWPPa%v>I2fubn<dnnw4FMg0y72!cmW;=DjR3LEs23t|H$1rM8Z`5$c@H
zbN#;ZkUi;PXSvgGU;FJMkC+(Ou16e}E>1J@{<j*P)8uD3Ab6XVp;>oMpB={m*y^jU
zx{)2|f5qBjGNpju@1WjzhrsYGN?J0UE^b;+{6vIo*qKplKsPYgv79$=uU5uC*rl4g
zdxAi0q#!40MU#*|d*RVlsH%MP3+XG9itC-xis{|5e~wmKWJVWv#iwV+$H&P$#V#(c
zo)EsGP2>^Q&uyF(?(sX~W+N=tt*T}*&jc|G{wq-MFDx0Qv94JZH9`R9Inzjnv97Cv
z<1)E2`g&vXyX1>bew+{msdWfk&u<hk$W76NBU_JA)Z%v#z=Rq3sF}4oNDVP-Vjo``
z#PwcUCAuS|&<VHAS;<2z6=hdtGmvBm;~KiVFV!aN++`w=3n0!LwkduAo+0%dpiEcm
zFz+9CDHz!~bt|E^)OxT1;Ma{x%R%RBQLPeM9o@ZnsqdYMkmOtzfh294tSS4t5{_Co
z;M5&jGbGdw>^SXRm-^U+y(UF$vM03l2eQJ1D@?hsamk_4>0Jej-^X$*J+alE+$2nv
z29{GJfvk;bKz%m^>66GQ!5`CuOaoby8WxKw`_ITzd|#<TBcHd4o|mrTbYkA}$p&wr
zQ?kLv#j{e_=NU>U2Qt~D<Iv=u(qcYLc)YAliWgQjB*=WnXQ@Pms+UoUg)|IOxJBnG
zYrB<k9)Q@KlQ*{+DTatV+$9Vpr_a1G^7;YcVG+=4hhYbX%e`;xhMq?%-f=_c1eb;R
zcPNoM0jXj1f3FQCuZ$Y~gax3?4I$9g<7XUe`T|dt;PrnK@QtpoKi_drc93J~iGe|!
zI};v*V!8U!5d-L3r*ak<T=u58j6`LVtK%RwHU2VGs5xJpB8F!ujUH8^HxtjdQyLCa
zgmUW$DUCw_^6<wXUM|p$Iz=_#+}!l|^~)aqQv_`SS9<MMtzqlvPLp*wrF@utiRhXi
zCBZyXV+!*zcAm~uMU5RnjJpfP{~t;Lr#Ku9$-UbnEZJ>i(oHQ+@)xN2<COM*j)#Yb
z)rVBT;bcmNQ<9wgFP4K}_%+Q$8t48^=4@}e%F^8`-{&@?p+Ecaua$VED?{b1(B|V2
zX>9xLP4>+RVydsV`Nq29j1Cj?>VGs`?Kdp>U|T6<PQJqg+az30chY2TeVvfkc<=Ba
zCW3y^anAFQCYW2;QToG9h}Ya?N19*3HWuY?)4&QiRY5QP!ZH3EO%?u?OGLO@^RCdA
zgJyelp?Zw$<yOVV(~{ekkJoO)PD_RN+wph6OK-RJ3tM;)o=kPjt}MxNJn}#GUk0Vs
z-yVq@QPjrTFAp*8zXcp!S)!o7Ep%gJu8-PV@K(t7{PtO}PgU7LUh^(}erF43hg}r!
z=jt85!DSMtsk17Iz6plN`L#CT_BI9srcA?r*+{pz4YU1dE@^;gL1;lft|epY4UWU)
zYZy2^89UTA=I#m|0xp*<9UR}PK{o;-urhV;=Q;Y(p=8VlZC3{o5fOb4ebhJ;T5m3Q
z@kY3GrRT(*cAEW<DQ1FiZNK@ycMJRt*>b+*K%}04<Ss{J#GK|Etx?Hb@DG8HiSkAn
zU_F<Ym+#UwIH-8*!th)N-x8641<yIhvw1g=wYBw|HxtpU(jRdN**~{I{!~A?nWD-Q
z|5Tblv+#FLrLkXXK7VGXApx#i+1PM0kbcA$?vJjQ@M_%2+M`?jim6|fRL(p48uDOx
zc-a4HZV9jU#{gIM`Sp!H-@QNd5Ccp^ynYDfpbA&h(9qM<ll^(vwYIi~(8y}`y};f5
zhQVO=_W1tL#8@s3_(Pw)DtxQ27i(X-#eY!qUQ2#aQBm{)#tckM5q)dCE&ng3EPzR?
z_vu=UoRhu%E*2Z3oJS#hZiWwTd|Vd{28%F-{K1h{>)c5ySr|rU<~+zHZXNZ${rX35
z6tmp*3HqDtm4myxJ7FL9A1;~mB{egXg^B5M6(;yBB7Hqvk$v=CBF8{@IC0B@teDvU
tjY(e=4?=(Cl^}<*pZd4(CxGS2!`sgP>hoq)>ZyJW1C=xs%N5K5{}0l&9Wnp_

literal 0
HcmV?d00001


From 96d41bb44ad49d0832db0ddd52a215ed3505a922 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Mon, 30 Aug 2021 05:15:42 +0100
Subject: [PATCH 05/21] underbar->hyphtn

---
 roles/jupyterhub/README.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md
index f881a6924..b477ef1a9 100644
--- a/roles/jupyterhub/README.md
+++ b/roles/jupyterhub/README.md
@@ -39,14 +39,16 @@ The admin can reset user passwords by deleting the user from the JupyterHub admi
 1. As an admin user, open the Control Panel by clicking the control panel button on the top right of your JupyterHub.
 
 ![Control panel button in notebook, top right](control-panel-button1.png)
-2. In the control panel, open the Admin link in the top left.
 
+2. In the control panel, open the Admin link in the top left.
 ![Admin button in control panel, top left](admin-access-button1.png)
+
 This opens up the JupyterHub admin page, where you can add / delete users, start / stop peoples’ servers and see who is online.
 
 3. Delete the user whose password needs resetting. Remember this does not delete their data or home directory.
 
-![Delete user button for each user](delete_user.png)
+![Delete user button for each user](delete-user.png)
+
 If there is a confirmation dialog, confirm the deletion. This will also log the user out if they were currently running.
 
 4. Re-create the user whose password needs resetting within that same dialog.

From c5b1182e7aae77253c13c1184a2c7f6c8c86221e Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Mon, 30 Aug 2021 05:28:16 +0100
Subject: [PATCH 06/21] password change requires restart of jupyterhub

---
 roles/jupyterhub/README.md | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md
index b477ef1a9..200a183e5 100644
--- a/roles/jupyterhub/README.md
+++ b/roles/jupyterhub/README.md
@@ -31,9 +31,13 @@ While PAWS is a little bit off topic, if you have an interest in Wikipedia, plea
 He explains PAWS as a "powerful Python execution environment http://paws.wmcloud.org [allowing] ordinary folks to write interactive scripts to work with Wikimedia content."
 
 ### Users changing their own password
-Users can change their password by first logging into their account and then visiting the url <your_server_ip>/hub/auth/change-password.
+Users can change their password by first logging into their account and then visiting the url http://box.lan/jupyterhub/auth/change-password.
 
-### Resetting user password
+This is the only way to change the admin password, because the Admin screen does not permit deletion of the admin account. It will be necessary to restart jupyterhub before the changed password becomes effective:
+```
+sudo systemctl restart jupyterhub
+```
+### Starting the Admin Panel, and changing user passwords
 The admin can reset user passwords by deleting the user from the JupyterHub admin page. This logs the user out, but does not remove any of their data or home directories. The user can then set a new password by logging in again with their new password.
 
 1. As an admin user, open the Control Panel by clicking the control panel button on the top right of your JupyterHub.
@@ -41,6 +45,7 @@ The admin can reset user passwords by deleting the user from the JupyterHub admi
 ![Control panel button in notebook, top right](control-panel-button1.png)
 
 2. In the control panel, open the Admin link in the top left.
+
 ![Admin button in control panel, top left](admin-access-button1.png)
 
 This opens up the JupyterHub admin page, where you can add / delete users, start / stop peoples’ servers and see who is online.

From ae68d688c1aaa1334bb2cf5633286921903a6cad Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Mon, 30 Aug 2021 05:32:18 +0100
Subject: [PATCH 07/21] remove duplicate sentance

---
 roles/jupyterhub/README.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md
index 200a183e5..5485308c3 100644
--- a/roles/jupyterhub/README.md
+++ b/roles/jupyterhub/README.md
@@ -58,7 +58,6 @@ If there is a confirmation dialog, confirm the deletion. This will also log the
 
 4. Re-create the user whose password needs resetting within that same dialog.
 
-5. Ask the user to log in again with their new password as usual. This will be their new password going forward.Users changing their own password
-Users can change their password by first logging into their account and then visiting the url <your_server_ip>/hub/auth/change-password.
+5. Ask the user to log in again with their new password as usual. This will be their new password going forward.Users changing their own password.
 
 

From 29d592f87f0980f049d490383392b277df1fa5a2 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Mon, 30 Aug 2021 05:36:34 +0100
Subject: [PATCH 08/21] remove junk

---
 roles/jupyterhub/templates/jupyterhub_config.py | 2 --
 1 file changed, 2 deletions(-)

diff --git a/roles/jupyterhub/templates/jupyterhub_config.py b/roles/jupyterhub/templates/jupyterhub_config.py
index 37f3e6e67..98b3427de 100644
--- a/roles/jupyterhub/templates/jupyterhub_config.py
+++ b/roles/jupyterhub/templates/jupyterhub_config.py
@@ -1059,8 +1059,6 @@ c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner'
 #  Default: set()
 c.Authenticator.admin_users = set(['Admin'])
 c.Authenticator.dbm_path = "{{ jupyterhub_venv }}/etc/passwords.dbm"
-jupyterhub_installed: True
-jupyterhub_installed: True
 
 ## Set of usernames that are allowed to log in.
 #  

From f96024b334f4c745d3f5de4a3cf03326656bfe62 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Tue, 31 Aug 2021 20:40:42 +0000
Subject: [PATCH 09/21] remove http insecurity warning

---
 roles/jupyterhub/tasks/install.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml
index cf9c21672..895c24501 100644
--- a/roles/jupyterhub/tasks/install.yml
+++ b/roles/jupyterhub/tasks/install.yml
@@ -70,6 +70,15 @@
   ansible.builtin.shell:
       cmd: "{{ jupyterhub_venv }}/bin/patch_await.sh"
       
+- name: Turn off the warning about http insecurity
+  template:
+      src: patch-http-warning.sh
+      dest: "{{ jupyterhub_venv }}/bin/patch_http-warning.sh"
+      mode: 0755
+
+- name: Now run the installed script
+  ansible.builtin.shell:
+      cmd: "{{ jupyterhub_venv }}/bin/patch_http-warning.sh"
 
 # RECORD JupyterHub AS INSTALLED
 

From 86c751525273af316503c73fe7e1ab18d7049827 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Tue, 31 Aug 2021 23:28:13 +0000
Subject: [PATCH 10/21] add missing patch-http-warning.sh

---
 roles/jupyterhub/templates/patch-http-warning.sh | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100755 roles/jupyterhub/templates/patch-http-warning.sh

diff --git a/roles/jupyterhub/templates/patch-http-warning.sh b/roles/jupyterhub/templates/patch-http-warning.sh
new file mode 100755
index 000000000..b014af707
--- /dev/null
+++ b/roles/jupyterhub/templates/patch-http-warning.sh
@@ -0,0 +1,4 @@
+#!/bin/bash -x
+# Do not enable the  warning about the insecurity of http protocol
+
+   sed -i -e's/if (window\.location.*/if (false) {/' /opt/iiab/jupyterhub/share/jupyterhub/templates/login.html

From a4ffe5556b268577871cfe9a53358d054aa03846 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 1 Sep 2021 00:49:49 +0000
Subject: [PATCH 11/21] softcode jupyterhub location

---
 roles/jupyterhub/templates/patch-http-warning.sh | 2 +-
 roles/jupyterhub/templates/patch_await.sh        | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/roles/jupyterhub/templates/patch-http-warning.sh b/roles/jupyterhub/templates/patch-http-warning.sh
index b014af707..239775189 100755
--- a/roles/jupyterhub/templates/patch-http-warning.sh
+++ b/roles/jupyterhub/templates/patch-http-warning.sh
@@ -1,4 +1,4 @@
 #!/bin/bash -x
 # Do not enable the  warning about the insecurity of http protocol
 
-   sed -i -e's/if (window\.location.*/if (false) {/' /opt/iiab/jupyterhub/share/jupyterhub/templates/login.html
+   sed -i -e's/if (window\.location.*/if (false) {/' {{ jupyterhub_venv }}/share/jupyterhub/templates/login.html
diff --git a/roles/jupyterhub/templates/patch_await.sh b/roles/jupyterhub/templates/patch_await.sh
index df6d438ed..653e452cc 100755
--- a/roles/jupyterhub/templates/patch_await.sh
+++ b/roles/jupyterhub/templates/patch_await.sh
@@ -1,10 +1,10 @@
 #!/bin/bash -x
 # add await to asyncio change password function
 
-cat /opt/iiab/jupyterhub/lib/python3.7/site-packages/firstuseauthenticator/firstuseauthenticator.py |grep 'await self.render'
+cat {{ jupyterhub_venv }}/lib/python3.7/site-packages/firstuseauthenticator/firstuseauthenticator.py |grep 'await self.render'
 if [ $? -ne 0 ];then
    echo Updating file
-   sed -i -e's/self.render/await self.render/' /opt/iiab/jupyterhub/lib/python3.7/site-packages/firstuseauthenticator/firstuseauthenticator.py 
+   sed -i -e's/self.render/await self.render/' {{ jupyterhub_venv }}/lib/python3.7/site-packages/firstuseauthenticator/firstuseauthenticator.py 
 else
    echo Patch already applied. Skipping. . .
 fi

From ecf6a9ec7d6e33dee7f26b01b7872a7bcbae5d72 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 1 Sep 2021 01:57:31 +0100
Subject: [PATCH 12/21] use wild card to match any python

---
 roles/jupyterhub/templates/patch_await.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/jupyterhub/templates/patch_await.sh b/roles/jupyterhub/templates/patch_await.sh
index 653e452cc..6a3794dfb 100755
--- a/roles/jupyterhub/templates/patch_await.sh
+++ b/roles/jupyterhub/templates/patch_await.sh
@@ -1,10 +1,10 @@
 #!/bin/bash -x
 # add await to asyncio change password function
 
-cat {{ jupyterhub_venv }}/lib/python3.7/site-packages/firstuseauthenticator/firstuseauthenticator.py |grep 'await self.render'
+cat {{ jupyterhub_venv }}/lib/*/site-packages/firstuseauthenticator/firstuseauthenticator.py |grep 'await self.render'
 if [ $? -ne 0 ];then
    echo Updating file
-   sed -i -e's/self.render/await self.render/' {{ jupyterhub_venv }}/lib/python3.7/site-packages/firstuseauthenticator/firstuseauthenticator.py 
+   sed -i -e's/self.render/await self.render/' {{ jupyterhub_venv }}/lib/*/site-packages/firstuseauthenticator/firstuseauthenticator.py 
 else
    echo Patch already applied. Skipping. . .
 fi

From e840a5875b865ca1c8673e8f227ca0df86d0f16a Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 1 Sep 2021 03:30:39 +0100
Subject: [PATCH 13/21] use python to report the location of site_packages

---
 roles/jupyterhub/templates/patch_await.sh | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/roles/jupyterhub/templates/patch_await.sh b/roles/jupyterhub/templates/patch_await.sh
index 6a3794dfb..a4a33b865 100755
--- a/roles/jupyterhub/templates/patch_await.sh
+++ b/roles/jupyterhub/templates/patch_await.sh
@@ -1,10 +1,12 @@
 #!/bin/bash -x
 # add await to asyncio change password function
 
-cat {{ jupyterhub_venv }}/lib/*/site-packages/firstuseauthenticator/firstuseauthenticator.py |grep 'await self.render'
+SITE_PACKAGES=$({{ jupyterhub_venv }}/bin/python -m site|grep -v exist|grep site)
+SITE_PACKAGES=${SITE_PACKAGES:5:-2}
+cat $SITE_PACKAGES/firstuseauthenticator/firstuseauthenticator.py |grep 'await self.render'
 if [ $? -ne 0 ];then
    echo Updating file
-   sed -i -e's/self.render/await self.render/' {{ jupyterhub_venv }}/lib/*/site-packages/firstuseauthenticator/firstuseauthenticator.py 
+   sed -i -e's/self.render/await self.render/' $SITE_PACKAGES/firstuseauthenticator/firstuseauthenticator.py 
 else
    echo Patch already applied. Skipping. . .
 fi

From ed163de935ce05703503d95b2276a3b7a6cc64a2 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 1 Sep 2021 03:52:43 +0000
Subject: [PATCH 14/21] the cmd form of shell errors out

---
 roles/jupyterhub/tasks/install.yml | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml
index 895c24501..7182b5e92 100644
--- a/roles/jupyterhub/tasks/install.yml
+++ b/roles/jupyterhub/tasks/install.yml
@@ -67,8 +67,7 @@
       mode: 0755
 
 - name: Now run the installed script
-  ansible.builtin.shell:
-      cmd: "{{ jupyterhub_venv }}/bin/patch_await.sh"
+  ansible.builtin.shell: "{{ jupyterhub_venv }}/bin/patch_await.sh"
       
 - name: Turn off the warning about http insecurity
   template:
@@ -77,8 +76,7 @@
       mode: 0755
 
 - name: Now run the installed script
-  ansible.builtin.shell:
-      cmd: "{{ jupyterhub_venv }}/bin/patch_http-warning.sh"
+  ansible.builtin.shell: "{{ jupyterhub_venv }}/bin/patch_http-warning.sh"
 
 # RECORD JupyterHub AS INSTALLED
 

From d26a8a8901b5d9a7a8e64bd8bd89d025a5dcf85f Mon Sep 17 00:00:00 2001
From: root <holta@users.noreply.github.com>
Date: Wed, 1 Sep 2021 01:13:55 -0400
Subject: [PATCH 15/21] JupyterHub: lint, refine, document

---
 roles/jupyterhub/README.md                    | 66 ++++++++++---------
 roles/jupyterhub/tasks/install.yml            | 35 +++++-----
 ...pyterhub.service => jupyterhub.service.j2} |  0
 ...rhub_config.py => jupyterhub_config.py.j2} |  0
 .../templates/patch-http-warning.sh           |  4 --
 .../templates/patch-http-warning.sh.j2        |  4 ++
 roles/jupyterhub/templates/patch_await.sh     | 13 ----
 roles/jupyterhub/templates/patch_await.sh.j2  | 18 +++++
 8 files changed, 74 insertions(+), 66 deletions(-)
 rename roles/jupyterhub/templates/{jupyterhub.service => jupyterhub.service.j2} (100%)
 rename roles/jupyterhub/templates/{jupyterhub_config.py => jupyterhub_config.py.j2} (100%)
 delete mode 100755 roles/jupyterhub/templates/patch-http-warning.sh
 create mode 100644 roles/jupyterhub/templates/patch-http-warning.sh.j2
 delete mode 100755 roles/jupyterhub/templates/patch_await.sh
 create mode 100644 roles/jupyterhub/templates/patch_await.sh.j2

diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md
index 5485308c3..c4c3a7e33 100644
--- a/roles/jupyterhub/README.md
+++ b/roles/jupyterhub/README.md
@@ -24,40 +24,42 @@ Note that `/opt/iiab/jupyterhub` is a Python 3 virtual environment, that can be
 source /opt/iiab/jupyterhub/bin/activate
 ```
 
+### Users changing their own password
+
+Users can change their password by first logging into their account and then visiting URL: http://box.lan/jupyterhub/auth/change-password
+
+This is the only way to change the Admin user's password, because the Control Panel > Admin (below) does not permit deletion of the Admin account.  It will be necessary to restart JupyterHub before the changed password becomes effective:
+
+```
+sudo systemctl restart jupyterhub
+```
+
+### Control Panel > Admin page, to change user passwords
+
+Admin users can reset user passwords by deleting the user from the JupyterHub Admin page.  This logs the user out, but does not remove any of their data or home directories.  The user can then set a new password by logging in again with a new password.
+
+1. As an Admin user, click **Control Panel** in the top right of your JupyterHub.
+
+   ![Control panel button in notebook, top right](control-panel-button1.png)
+
+2. In the Control Panel, open the **Admin** link in the top left.
+
+   ![Admin button in control panel, top left](admin-access-button1.png)
+
+   This opens up the JupyterHub Admin page, where you can add / delete users, start / stop peoples’ servers and see who is online.
+
+3. Delete the user whose password needs resetting.  Remember this does not delete their data or home directory.
+
+   ![Delete user button for each user](delete-user.png)
+
+   If there is a confirmation dialog, confirm the deletion.  This will also log the user out if they were currently running.
+
+4. Re-create the user whose password needs resetting within that same dialog.
+
+5. Ask the user to log in, but with a new password of their choosing.  This will be their password going forward.
+
 ### PAWS/Jupyter Notebooks for Python Beginners
 
 While PAWS is a little bit off topic, if you have an interest in Wikipedia, please do see this 23m 42s video ["Intro to PAWS/Jupyter notebooks for Python beginners"](https://www.youtube.com/watch?v=AUZkioRI-aA&list=PLeoTcBlDanyNQXBqI1rVXUqUTSSiuSIXN&index=8) by Chico Venancio, from 2021-06-01.
 
 He explains PAWS as a "powerful Python execution environment http://paws.wmcloud.org [allowing] ordinary folks to write interactive scripts to work with Wikimedia content."
-
-### Users changing their own password
-Users can change their password by first logging into their account and then visiting the url http://box.lan/jupyterhub/auth/change-password.
-
-This is the only way to change the admin password, because the Admin screen does not permit deletion of the admin account. It will be necessary to restart jupyterhub before the changed password becomes effective:
-```
-sudo systemctl restart jupyterhub
-```
-### Starting the Admin Panel, and changing user passwords
-The admin can reset user passwords by deleting the user from the JupyterHub admin page. This logs the user out, but does not remove any of their data or home directories. The user can then set a new password by logging in again with their new password.
-
-1. As an admin user, open the Control Panel by clicking the control panel button on the top right of your JupyterHub.
-
-![Control panel button in notebook, top right](control-panel-button1.png)
-
-2. In the control panel, open the Admin link in the top left.
-
-![Admin button in control panel, top left](admin-access-button1.png)
-
-This opens up the JupyterHub admin page, where you can add / delete users, start / stop peoples’ servers and see who is online.
-
-3. Delete the user whose password needs resetting. Remember this does not delete their data or home directory.
-
-![Delete user button for each user](delete-user.png)
-
-If there is a confirmation dialog, confirm the deletion. This will also log the user out if they were currently running.
-
-4. Re-create the user whose password needs resetting within that same dialog.
-
-5. Ask the user to log in again with their new password as usual. This will be their new password going forward.Users changing their own password.
-
-
diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml
index 2bc6fc9f1..a4c2a2276 100644
--- a/roles/jupyterhub/tasks/install.yml
+++ b/roles/jupyterhub/tasks/install.yml
@@ -51,31 +51,32 @@
 
 - name: "Install from template: {{ jupyterhub_venv }}/etc/jupyterhub/jupyterhub_config.py"
   template:
-    src: jupyterhub_config.py
-    dest: "{{ jupyterhub_venv }}/etc/jupyterhub/"
+    src: jupyterhub_config.py.j2
+    dest: "{{ jupyterhub_venv }}/etc/jupyterhub/jupyterhub_config.py"
 
 - name: "Install from template: /etc/systemd/system/jupyterhub.service"
   template:
-    src: jupyterhub.service
-    dest: /etc/systemd/system/
+    src: jupyterhub.service.j2
+    dest: /etc/systemd/system/jupyterhub.service
 
-- name: Fix the async bug in firseuseauthenticator
+- name: Install script from template to fix the async bug in firseuseauthenticator
   template:
-      src: patch_await.sh
-      dest: "{{ jupyterhub_venv }}/bin/patch_await.sh"
-      mode: 0755
+    src: patch_await.sh.j2
+    dest: "{{ jupyterhub_venv }}/bin/patch_await.sh"
+    mode: 0755
 
-- name: Now run the installed script
-  ansible.builtin.shell: "{{ jupyterhub_venv }}/bin/patch_await.sh"
-      
-- name: Turn off the warning about http insecurity
+- name: "Now run it: {{ jupyterhub_venv }}/bin/patch_await.sh"
+  command: "{{ jupyterhub_venv }}/bin/patch_await.sh"
+
+- name: Install script from template to turn off the warning about http insecurity
   template:
-      src: patch-http-warning.sh
-      dest: "{{ jupyterhub_venv }}/bin/patch_http-warning.sh"
-      mode: 0755
+    src: patch-http-warning.sh.j2
+    dest: "{{ jupyterhub_venv }}/bin/patch_http-warning.sh"
+    mode: 0755
+
+- name: "Now run it: {{ jupyterhub_venv }}/bin/patch_http-warning.sh"
+  command: "{{ jupyterhub_venv }}/bin/patch_http-warning.sh"
 
-- name: Now run the installed script
-  ansible.builtin.shell: "{{ jupyterhub_venv }}/bin/patch_http-warning.sh"
 
 # RECORD JupyterHub AS INSTALLED
 
diff --git a/roles/jupyterhub/templates/jupyterhub.service b/roles/jupyterhub/templates/jupyterhub.service.j2
similarity index 100%
rename from roles/jupyterhub/templates/jupyterhub.service
rename to roles/jupyterhub/templates/jupyterhub.service.j2
diff --git a/roles/jupyterhub/templates/jupyterhub_config.py b/roles/jupyterhub/templates/jupyterhub_config.py.j2
similarity index 100%
rename from roles/jupyterhub/templates/jupyterhub_config.py
rename to roles/jupyterhub/templates/jupyterhub_config.py.j2
diff --git a/roles/jupyterhub/templates/patch-http-warning.sh b/roles/jupyterhub/templates/patch-http-warning.sh
deleted file mode 100755
index 239775189..000000000
--- a/roles/jupyterhub/templates/patch-http-warning.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/bash -x
-# Do not enable the  warning about the insecurity of http protocol
-
-   sed -i -e's/if (window\.location.*/if (false) {/' {{ jupyterhub_venv }}/share/jupyterhub/templates/login.html
diff --git a/roles/jupyterhub/templates/patch-http-warning.sh.j2 b/roles/jupyterhub/templates/patch-http-warning.sh.j2
new file mode 100644
index 000000000..9e341aa6a
--- /dev/null
+++ b/roles/jupyterhub/templates/patch-http-warning.sh.j2
@@ -0,0 +1,4 @@
+#!/bin/bash -x
+# Do not enable the warning about the insecurity of http protocol
+
+sed -i 's/if (window\.location.*/if (false) {/' {{ jupyterhub_venv }}/share/jupyterhub/templates/login.html
diff --git a/roles/jupyterhub/templates/patch_await.sh b/roles/jupyterhub/templates/patch_await.sh
deleted file mode 100755
index a4a33b865..000000000
--- a/roles/jupyterhub/templates/patch_await.sh
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/bash -x
-# add await to asyncio change password function
-
-SITE_PACKAGES=$({{ jupyterhub_venv }}/bin/python -m site|grep -v exist|grep site)
-SITE_PACKAGES=${SITE_PACKAGES:5:-2}
-cat $SITE_PACKAGES/firstuseauthenticator/firstuseauthenticator.py |grep 'await self.render'
-if [ $? -ne 0 ];then
-   echo Updating file
-   sed -i -e's/self.render/await self.render/' $SITE_PACKAGES/firstuseauthenticator/firstuseauthenticator.py 
-else
-   echo Patch already applied. Skipping. . .
-fi
-   
diff --git a/roles/jupyterhub/templates/patch_await.sh.j2 b/roles/jupyterhub/templates/patch_await.sh.j2
new file mode 100644
index 000000000..39932815b
--- /dev/null
+++ b/roles/jupyterhub/templates/patch_await.sh.j2
@@ -0,0 +1,18 @@
+#!/bin/bash -x
+# add await to asyncio change password function
+
+# SITE_PACKAGES=$({{ jupyterhub_venv }}/bin/python -m site | grep -v exist | grep site)
+# SITE_PACKAGES=${SITE_PACKAGES:5:-2}
+
+SITE_PACKAGES=$({{ jupyterhub_venv }}/bin/python -m site | grep {{ jupyterhub_venv }} | grep /site-packages | cut -d\' -f2)
+file=$SITE_PACKAGES/firstuseauthenticator/firstuseauthenticator.py
+
+# file={{ jupyterhub_venv }}/lib/python{{ python_ver }}/site-packages/firstuseauthenticator/firstuseauthenticator.py
+# e.g. /opt/iiab/jupyterhub/lib/python3.9/site-packages/firstuseauthenticator/firstuseauthenticator.py
+
+if grep -q 'await self.render' $file; then
+    echo Patch already applied. Skipping. . .
+else
+    echo Updating $file
+    sed -i 's/self.render/await self.render/' $file
+fi

From c8a670c713d657b27eaf036ff0b8c4f7d6f635cb Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Wed, 1 Sep 2021 12:31:56 -0400
Subject: [PATCH 16/21] roles/jupyterhub/README.md: Clarify Blowfish (bcrypt's
 $2b$ algorithm) in /opt/iiab/jupyterhub/etc/passwords.dbm.db

---
 roles/jupyterhub/README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md
index c4c3a7e33..556fb3013 100644
--- a/roles/jupyterhub/README.md
+++ b/roles/jupyterhub/README.md
@@ -24,6 +24,12 @@ Note that `/opt/iiab/jupyterhub` is a Python 3 virtual environment, that can be
 source /opt/iiab/jupyterhub/bin/activate
 ```
 
+Passwords are hashed using 4096 rounds of the latest Blowfish (bcrypt's $2b$ algorithm) and stored in:
+
+```
+/opt/iiab/jupyterhub/etc/passwords.dbm.db
+```
+
 ### Users changing their own password
 
 Users can change their password by first logging into their account and then visiting URL: http://box.lan/jupyterhub/auth/change-password

From 1a3ebc46757e5bd16967c9b9352c23b48c849b73 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 1 Sep 2021 19:17:08 +0100
Subject: [PATCH 17/21] add python approach to getting site_pachages path

---
 roles/jupyterhub/tasks/install.yml        | 6 ++++++
 roles/jupyterhub/templates/getsite.py     | 7 +++++++
 roles/jupyterhub/templates/patch_await.sh | 3 +--
 3 files changed, 14 insertions(+), 2 deletions(-)
 create mode 100755 roles/jupyterhub/templates/getsite.py

diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml
index 7182b5e92..10e8f7a7e 100644
--- a/roles/jupyterhub/tasks/install.yml
+++ b/roles/jupyterhub/tasks/install.yml
@@ -66,6 +66,12 @@
       dest: "{{ jupyterhub_venv }}/bin/patch_await.sh"
       mode: 0755
 
+- name: Transfer a python program to fetch the site_packages path
+  template:
+      src: getsite.py
+      dest: "{{ jupyterhub_venv }}/bin/getsite.py"
+      mode: 0755
+
 - name: Now run the installed script
   ansible.builtin.shell: "{{ jupyterhub_venv }}/bin/patch_await.sh"
       
diff --git a/roles/jupyterhub/templates/getsite.py b/roles/jupyterhub/templates/getsite.py
new file mode 100755
index 000000000..81f1c611d
--- /dev/null
+++ b/roles/jupyterhub/templates/getsite.py
@@ -0,0 +1,7 @@
+#!/opt/iiab/jupyterhub/bin/python3
+
+import site
+
+for path in iter(site.getsitepackages()):
+    if path.find('site') != -1:
+        print(path)
diff --git a/roles/jupyterhub/templates/patch_await.sh b/roles/jupyterhub/templates/patch_await.sh
index a4a33b865..a9ea8c9a9 100755
--- a/roles/jupyterhub/templates/patch_await.sh
+++ b/roles/jupyterhub/templates/patch_await.sh
@@ -1,8 +1,7 @@
 #!/bin/bash -x
 # add await to asyncio change password function
 
-SITE_PACKAGES=$({{ jupyterhub_venv }}/bin/python -m site|grep -v exist|grep site)
-SITE_PACKAGES=${SITE_PACKAGES:5:-2}
+SITE_PACKAGES=$({{ jupyterhub_venv }}/bin/getsite.py)
 cat $SITE_PACKAGES/firstuseauthenticator/firstuseauthenticator.py |grep 'await self.render'
 if [ $? -ne 0 ];then
    echo Updating file

From 0a3d59f9c4a2fb44074f5f1fbf9148d4ed576462 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 1 Sep 2021 20:22:15 +0000
Subject: [PATCH 18/21] soft code jupyterhub path

---
 roles/jupyterhub/templates/getsite.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/jupyterhub/templates/getsite.py b/roles/jupyterhub/templates/getsite.py
index 81f1c611d..72e659077 100755
--- a/roles/jupyterhub/templates/getsite.py
+++ b/roles/jupyterhub/templates/getsite.py
@@ -1,4 +1,4 @@
-#!/opt/iiab/jupyterhub/bin/python3
+#!{{jupyterhub_venv }}/bin/python3
 
 import site
 

From 03c2b5d6e0eb5e391ec933cd44dbc71b4ab62828 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Thu, 2 Sep 2021 19:30:41 +0100
Subject: [PATCH 19/21] lowercase username

---
 roles/jupyterhub/templates/patch_await.sh | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/roles/jupyterhub/templates/patch_await.sh b/roles/jupyterhub/templates/patch_await.sh
index a9ea8c9a9..bf4346413 100755
--- a/roles/jupyterhub/templates/patch_await.sh
+++ b/roles/jupyterhub/templates/patch_await.sh
@@ -4,9 +4,16 @@
 SITE_PACKAGES=$({{ jupyterhub_venv }}/bin/getsite.py)
 cat $SITE_PACKAGES/firstuseauthenticator/firstuseauthenticator.py |grep 'await self.render'
 if [ $? -ne 0 ];then
-   echo Updating file
+   echo Updating to \"await self.render\"
    sed -i -e's/self.render/await self.render/' $SITE_PACKAGES/firstuseauthenticator/firstuseauthenticator.py 
 else
-   echo Patch already applied. Skipping. . .
+   echo Await patch already applied. Skipping. . .
+fi
+cat $SITE_PACKAGES/firstuseauthenticator/firstuseauthenticator.py |grep data['data'].lower()'
+if [ $? -ne 0 ];then
+	echo Updating to data['username'].lower()
+	sed -i -e's/data['username']/data['username'].lower()/' $SITE_PACKAGES/firstuseauthenticator/firstuseauthenticator.py
+else
+	echo username.lower() patch already applied. Skipping. . .
 fi
    

From 979270dcc267fb106e74a8f899a4ca6e7bb11dd1 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Thu, 2 Sep 2021 21:14:17 +0100
Subject: [PATCH 20/21] escaping sed quotes correctly

---
 roles/jupyterhub/templates/patch_await.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/roles/jupyterhub/templates/patch_await.sh b/roles/jupyterhub/templates/patch_await.sh
index bf4346413..50b292535 100755
--- a/roles/jupyterhub/templates/patch_await.sh
+++ b/roles/jupyterhub/templates/patch_await.sh
@@ -9,11 +9,11 @@ if [ $? -ne 0 ];then
 else
    echo Await patch already applied. Skipping. . .
 fi
-cat $SITE_PACKAGES/firstuseauthenticator/firstuseauthenticator.py |grep data['data'].lower()'
+cat $SITE_PACKAGES/firstuseauthenticator/firstuseauthenticator.py |grep "data\['username'\].lower\(\)"
 if [ $? -ne 0 ];then
-	echo Updating to data['username'].lower()
-	sed -i -e's/data['username']/data['username'].lower()/' $SITE_PACKAGES/firstuseauthenticator/firstuseauthenticator.py
+	echo Updating to data['username'].lower\(\)
+	sed -i -e"s/data\['username'\]/data\['username'\].lower\(\)/" $SITE_PACKAGES/firstuseauthenticator/firstuseauthenticator.py
 else
-	echo username.lower() patch already applied. Skipping. . .
+	echo username.lower\(\) patch already applied. Skipping. . .
 fi
    

From 6c14161b895a62a56b5311bb790a8d0e5d7499b0 Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Fri, 3 Sep 2021 19:30:45 -0400
Subject: [PATCH 21/21] Update roles/jupyterhub/README.md

---
 roles/jupyterhub/README.md | 28 +++++++++++++++-------------
 1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md
index 4b3986cff..7a5de8b89 100644
--- a/roles/jupyterhub/README.md
+++ b/roles/jupyterhub/README.md
@@ -14,11 +14,17 @@
 
 ### Settings
 
-Linux administrators please see `/opt/iiab/jupyterhub/etc/jupyterhub/jupyterhub_config.py` which originates from:
+Linux administrators may want to review `/opt/iiab/jupyterhub/etc/jupyterhub/jupyterhub_config.py` which originates from:
 
 https://github.com/iiab/iiab/blob/master/roles/jupyterhub/templates/jupyterhub_config.py
 
-Note that `/opt/iiab/jupyterhub` is a Python 3 virtual environment, that can be activated with the usual formula:
+In some rare circumstances, it may be necessary to restart JupyterHub's systemd service:
+
+```
+sudo systemctl restart jupyterhub
+```
+
+FYI `/opt/iiab/jupyterhub` is a Python 3 virtual environment, that can be activated with the usual formula:
 
 ```
 source /opt/iiab/jupyterhub/bin/activate
@@ -30,31 +36,27 @@ Passwords are hashed using 4096 rounds of the latest Blowfish (bcrypt's $2b$ alg
 /opt/iiab/jupyterhub/etc/passwords.dbm.db
 ```
 
-### Users changing their own password
+### Users can change their own password
 
-Users can change their password by first logging into their account and then visiting URL: http://box.lan/jupyterhub/auth/change-password
+Users can change their password by logging in, and then visiting URL: http://box.lan/jupyterhub/auth/change-password
 
 NOTE: This is the only way to change the password for user 'Admin', because Control Panel > Admin (below) does not permit deletion of this account.
 
-```
-sudo systemctl restart jupyterhub
-```
+### Control Panel > Admin page, to manage other accounts
 
-### Control Panel > Admin page, to change user passwords
+The 'Admin' user (and any users given 'Admin' privilege) can reset user passwords by deleting the user from JupyterHub's **Admin** page (below).  This logs the user out, but does not remove any of their data or home directories.  The user can then set a new password in the usual way — simply by logging in.  Example:
 
-The 'Admin' user (and any users given 'Admin' privilege) can reset user passwords by deleting the user from JupyterHub's **Admin** page (below).  This logs the user out, but does not remove any of their data or home directories.  The user can then set a new password in the usual way — simply by logging in:
-
-1. As a user with 'Admin' privilege, click **Control Panel** in the top right of your JupyterHub.
+1. As a user with 'Admin' privilege, click **Control Panel** in the top right of your JupyterHub:
 
    ![Control panel button in notebook, top right](control-panel-button1.png)
 
-2. In the Control Panel, open the **Admin** link in the top left.
+2. In the Control Panel, open the **Admin** link in the top left:
 
    ![Admin button in control panel, top left](admin-access-button1.png)
 
    This opens up the JupyterHub Admin page, where you can add / delete users, start / stop peoples’ servers and see who is online.
 
-3. Delete the user whose password needs resetting.  Remember this does not delete their data or home directory.
+3. Delete the user whose password needs resetting.  Remember this does not delete their data or home directory:
 
    ![Delete user button for each user](delete-user.png)