From de5aba0a0deb36e974f93fa5401efd9dba35a2bd Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 31 Jul 2021 13:35:17 -0400 Subject: [PATCH 01/11] Refine roles/jupyterhub/README.md --- roles/jupyterhub/README.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md index 357d4a156..343fd5c4c 100644 --- a/roles/jupyterhub/README.md +++ b/roles/jupyterhub/README.md @@ -3,8 +3,11 @@ #### High Schools may want to consider JupyterHub to integrate coding with dynamic interactive graphing — A New Way to Think About Programming — allowing students to integrate science experiment results and program output within their notebook/document/blog: * Jupyter Notebooks are widely used in the scientific community. + * Intitutional FAQ: https://jupyterhub.readthedocs.io/en/stable/getting-started/institutional-faq.html + * Getting Started: https://jupyterhub.readthedocs.io/en/stable/getting-started/ * This IIAB package permits individual users to start using their own notebook on the server (http://box.lan/jupyterhub) without needing an individual server account. -* Once a user signs in with a username and password, these credentials are stored, and are used thereafter to gain access to the user's files. + * Admin password: http://FAQ.IIAB.IO#What_are_the_default_passwords.3F + * Once a user signs in with a username and password, these credentials are stored, and are used thereafter to gain access to the user's files. * Individual folders are created for all student work in the path `/var/lib/protected/` — individual students will only be able to see their own work in that directory. -* Students will not have any privileges outside of their own folder. -* They may upload Jupyter Notebooks from a local machine, and download the current state of their work via a normal browser download. + * Students will not have any privileges outside of their own folder. + * They may upload Jupyter Notebooks from a local machine, and download the current state of their work via a normal browser download. From bcde8cd82457599508d9d8485594366c8a1bd4b8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 31 Jul 2021 13:38:17 -0400 Subject: [PATCH 02/11] roles/jupyterhub/README.md: Punctuation tweaks --- roles/jupyterhub/README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md index 343fd5c4c..104fc766f 100644 --- a/roles/jupyterhub/README.md +++ b/roles/jupyterhub/README.md @@ -1,13 +1,13 @@ ## JupyterHub programming environment with student Notebooks -#### High Schools may want to consider JupyterHub to integrate coding with dynamic interactive graphing — A New Way to Think About Programming — allowing students to integrate science experiment results and program output within their notebook/document/blog: +#### High Schools may want to consider JupyterHub to integrate coding with dynamic interactive graphing — A New Way to Think About Programming — allowing students to integrate science experiment results and program output within their notebook/document/blog. -* Jupyter Notebooks are widely used in the scientific community. +* Jupyter Notebooks are widely used in the scientific community: * Intitutional FAQ: https://jupyterhub.readthedocs.io/en/stable/getting-started/institutional-faq.html * Getting Started: https://jupyterhub.readthedocs.io/en/stable/getting-started/ -* This IIAB package permits individual users to start using their own notebook on the server (http://box.lan/jupyterhub) without needing an individual server account. +* This IIAB package permits individual users to start using their own notebook on the server (http://box.lan/jupyterhub) without needing an individual server account: * Admin password: http://FAQ.IIAB.IO#What_are_the_default_passwords.3F * Once a user signs in with a username and password, these credentials are stored, and are used thereafter to gain access to the user's files. -* Individual folders are created for all student work in the path `/var/lib/protected/` — individual students will only be able to see their own work in that directory. +* Individual folders are created for all student work in the path `/var/lib/protected/` — individual students will only be able to see their own work in that directory: * Students will not have any privileges outside of their own folder. * They may upload Jupyter Notebooks from a local machine, and download the current state of their work via a normal browser download. From c47892a236c6621ab76a302bdaaf829de80b28b2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 31 Jul 2021 20:30:28 -0400 Subject: [PATCH 03/11] Smoothier roles/jupyterhub/README.md --- roles/jupyterhub/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md index 104fc766f..9e1820794 100644 --- a/roles/jupyterhub/README.md +++ b/roles/jupyterhub/README.md @@ -5,9 +5,9 @@ * Jupyter Notebooks are widely used in the scientific community: * Intitutional FAQ: https://jupyterhub.readthedocs.io/en/stable/getting-started/institutional-faq.html * Getting Started: https://jupyterhub.readthedocs.io/en/stable/getting-started/ -* This IIAB package permits individual users to start using their own notebook on the server (http://box.lan/jupyterhub) without needing an individual server account: - * Admin password: http://FAQ.IIAB.IO#What_are_the_default_passwords.3F +* This IIAB package (Ansible role) permits individual users to start using their own Notebook on the IIAB server (http://box.lan/jupyterhub) without needing an individual server account: * Once a user signs in with a username and password, these credentials are stored, and are used thereafter to gain access to the user's files. + * If necessary, use Admin password: http://FAQ.IIAB.IO#What_are_the_default_passwords.3F * Individual folders are created for all student work in the path `/var/lib/protected/` — individual students will only be able to see their own work in that directory: * Students will not have any privileges outside of their own folder. * They may upload Jupyter Notebooks from a local machine, and download the current state of their work via a normal browser download. From 08591e411e4db1657b391c6821ce46da780b6ce7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 1 Aug 2021 06:54:16 -0400 Subject: [PATCH 04/11] Making roles/jupyterhub/README.md more understandable --- roles/jupyterhub/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md index 9e1820794..933faace3 100644 --- a/roles/jupyterhub/README.md +++ b/roles/jupyterhub/README.md @@ -1,6 +1,6 @@ ## JupyterHub programming environment with student Notebooks -#### High Schools may want to consider JupyterHub to integrate coding with dynamic interactive graphing — A New Way to Think About Programming — allowing students to integrate science experiment results and program output within their notebook/document/blog. +#### High Schools may want to consider JupyterHub to integrate coding with dynamic interactive graphing — A New Way to Think About Programming — allowing students to integrate science experiment results and program output within their own blog-like "Jupyter Notebooks." * Jupyter Notebooks are widely used in the scientific community: * Intitutional FAQ: https://jupyterhub.readthedocs.io/en/stable/getting-started/institutional-faq.html @@ -8,6 +8,6 @@ * This IIAB package (Ansible role) permits individual users to start using their own Notebook on the IIAB server (http://box.lan/jupyterhub) without needing an individual server account: * Once a user signs in with a username and password, these credentials are stored, and are used thereafter to gain access to the user's files. * If necessary, use Admin password: http://FAQ.IIAB.IO#What_are_the_default_passwords.3F -* Individual folders are created for all student work in the path `/var/lib/protected/` — individual students will only be able to see their own work in that directory: +* Individual folders are created for all student work in path `/var/lib/protected/` — individual students will only be able to see their own work in that directory: * Students will not have any privileges outside of their own folder. * They may upload Jupyter Notebooks from a local machine, and download the current state of their work via a normal browser download. From 6f99c3ed24d24a4e6ca7b745419bb74148650dc4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 1 Aug 2021 11:31:53 -0400 Subject: [PATCH 05/11] A new draft of jupyterhub/README.md thx to GH tips --- roles/jupyterhub/README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md index 933faace3..cc2884716 100644 --- a/roles/jupyterhub/README.md +++ b/roles/jupyterhub/README.md @@ -5,9 +5,9 @@ * Jupyter Notebooks are widely used in the scientific community: * Intitutional FAQ: https://jupyterhub.readthedocs.io/en/stable/getting-started/institutional-faq.html * Getting Started: https://jupyterhub.readthedocs.io/en/stable/getting-started/ -* This IIAB package (Ansible role) permits individual users to start using their own Notebook on the IIAB server (http://box.lan/jupyterhub) without needing an individual server account: - * Once a user signs in with a username and password, these credentials are stored, and are used thereafter to gain access to the user's files. - * If necessary, use Admin password: http://FAQ.IIAB.IO#What_are_the_default_passwords.3F -* Individual folders are created for all student work in path `/var/lib/protected/` — individual students will only be able to see their own work in that directory: - * Students will not have any privileges outside of their own folder. - * They may upload Jupyter Notebooks from a local machine, and download the current state of their work via a normal browser download. +* Students create their own accounts on first use, e.g. at http://box.lan/jupyterhub — the teacher does not need to be involved! + * A student can then sign in with their username and password, to gain access to their files (Jupyter Notebooks). + * The teacher should modify and protect JupyterHub's overall ``Admin`` password, just in case: http://FAQ.IIAB.IO#What_are_the_default_passwords.3F +* Individual student folders are created in ``/var/lib/protected/`` on the Internet-in-a-Box (IIAB) server: + * A student will only be able to see their own work — they do not have privileges outside of their own folder. + * Students may upload Jupyter Notebooks to the IIAB server, and download the current state of their work via a normal browser. From 7e4937443a7feb077db387ef102bc1356ca8339a Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 1 Aug 2021 12:40:58 -0400 Subject: [PATCH 06/11] jupyterhub/README.md: High Schools -> Secondary schools --- roles/jupyterhub/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md index cc2884716..2207bc3a8 100644 --- a/roles/jupyterhub/README.md +++ b/roles/jupyterhub/README.md @@ -1,6 +1,6 @@ ## JupyterHub programming environment with student Notebooks -#### High Schools may want to consider JupyterHub to integrate coding with dynamic interactive graphing — A New Way to Think About Programming — allowing students to integrate science experiment results and program output within their own blog-like "Jupyter Notebooks." +#### Secondary schools may want to consider JupyterHub to integrate coding with dynamic interactive graphing — A New Way to Think About Programming — allowing students to integrate science experiment results and program output within their own blog-like "Jupyter Notebooks." * Jupyter Notebooks are widely used in the scientific community: * Intitutional FAQ: https://jupyterhub.readthedocs.io/en/stable/getting-started/institutional-faq.html From c3af51a592e48c348dc8ff1d58e297c69331baab Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 1 Aug 2021 16:23:45 -0400 Subject: [PATCH 07/11] Another draft of roles/jupyterhub/README.md --- roles/jupyterhub/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md index 2207bc3a8..db55a2f06 100644 --- a/roles/jupyterhub/README.md +++ b/roles/jupyterhub/README.md @@ -5,9 +5,9 @@ * Jupyter Notebooks are widely used in the scientific community: * Intitutional FAQ: https://jupyterhub.readthedocs.io/en/stable/getting-started/institutional-faq.html * Getting Started: https://jupyterhub.readthedocs.io/en/stable/getting-started/ -* Students create their own accounts on first use, e.g. at http://box.lan/jupyterhub — the teacher does not need to be involved! +* Students create their own accounts on first use — e.g. at http://box.lan/jupyterhub — just as if they're logging in regularly (the login screen doesn't make that clear, but the teacher does not need to be involved!) * A student can then sign in with their username and password, to gain access to their files (Jupyter Notebooks). * The teacher should modify and protect JupyterHub's overall ``Admin`` password, just in case: http://FAQ.IIAB.IO#What_are_the_default_passwords.3F -* Individual student folders are created in ``/var/lib/protected/`` on the Internet-in-a-Box (IIAB) server: +* Individual student folders are created in ``/var/lib/private/`` on the Internet-in-a-Box (IIAB) server: * A student will only be able to see their own work — they do not have privileges outside of their own folder. * Students may upload Jupyter Notebooks to the IIAB server, and download the current state of their work via a normal browser. From 226deeb9e581d3a5b2d8b36a6df6d634d299df93 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 1 Aug 2021 16:31:48 -0400 Subject: [PATCH 08/11] jupyterhub/README.md: Clarify confusing login UX (also used for acnt creation!) --- roles/jupyterhub/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md index db55a2f06..cb98e8776 100644 --- a/roles/jupyterhub/README.md +++ b/roles/jupyterhub/README.md @@ -5,7 +5,7 @@ * Jupyter Notebooks are widely used in the scientific community: * Intitutional FAQ: https://jupyterhub.readthedocs.io/en/stable/getting-started/institutional-faq.html * Getting Started: https://jupyterhub.readthedocs.io/en/stable/getting-started/ -* Students create their own accounts on first use — e.g. at http://box.lan/jupyterhub — just as if they're logging in regularly (the login screen doesn't make that clear, but the teacher does not need to be involved!) +* Students create their own accounts on first use — e.g. at http://box.lan/jupyterhub — just as if they're logging in regularly (unfortunately the login screen doesn't make that clear, but the teacher _does not_ need to be involved!) * A student can then sign in with their username and password, to gain access to their files (Jupyter Notebooks). * The teacher should modify and protect JupyterHub's overall ``Admin`` password, just in case: http://FAQ.IIAB.IO#What_are_the_default_passwords.3F * Individual student folders are created in ``/var/lib/private/`` on the Internet-in-a-Box (IIAB) server: From 02bb6389a8852fedfa9e82587a96e17d98958f5e Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 7 Aug 2021 13:56:21 -0400 Subject: [PATCH 09/11] roles/jupyterhub/README.md: Explain Known Issues (1) Password changing (2) Administrators' page --- roles/jupyterhub/README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md index cb98e8776..b8121677a 100644 --- a/roles/jupyterhub/README.md +++ b/roles/jupyterhub/README.md @@ -11,3 +11,9 @@ * Individual student folders are created in ``/var/lib/private/`` on the Internet-in-a-Box (IIAB) server: * A student will only be able to see their own work — they do not have privileges outside of their own folder. * Students may upload Jupyter Notebooks to the IIAB server, and download the current state of their work via a normal browser. + +### Known Issues: + +* 2021-08-07: The page that allows you to reset/change your own password is not accessible. Likewise Admin users cannot reset/change the password of any _individual_ user at this time. + * If necessary, a Linux administrator can delete the `/passwords.dbm.db` file at the very top of your Linux filesystem, allowing all JupyterHub users to (re)create new passwords. This does work, but is very heavy-handed ([#2016](https://github.com/iiab/iiab/pull/2892#issuecomment-890551682)). +* 2021-08-07: Teachers (i.e. Admin users) cannot currently access the very helpful "administrator's page" discussed at [JupyterHub FAQ >> "How do I manage users?"](https://jupyterhub.readthedocs.io/en/stable/getting-started/institutional-faq.html#how-do-i-manage-users) and [roles/jupyterhub/templates/jupyterhub_config.py#L1049-L1054 >> "Admin users have extra privileges"](https://github.com/iiab/iiab/blob/d0e8e048347bf46c02a2cdb0da9c5cd0c489fe40/roles/jupyterhub/templates/jupyterhub_config.py#L1049-L1054). From c97c46693099cd74f767db6a5dbc9312d33f6e03 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 7 Aug 2021 13:59:06 -0400 Subject: [PATCH 10/11] jupyterhub/templates/jupyterhub_config.py: "c.JupyterHub.admin_access = True" & "c.Authenticator.admin_users = set('Admin')" --- roles/jupyterhub/templates/jupyterhub_config.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/jupyterhub/templates/jupyterhub_config.py b/roles/jupyterhub/templates/jupyterhub_config.py index d78f82f80..ee9a6a3f6 100644 --- a/roles/jupyterhub/templates/jupyterhub_config.py +++ b/roles/jupyterhub/templates/jupyterhub_config.py @@ -64,7 +64,7 @@ # # Users should be properly informed if this is enabled. # Default: False -# c.JupyterHub.admin_access = False +c.JupyterHub.admin_access = True ## DEPRECATED since version 0.7.2, use Authenticator.admin_users instead. # Default: set() @@ -1057,7 +1057,7 @@ c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner' # # Defaults to an empty set, in which case no user has admin access. # Default: set() -c.Authenticator.admin_users = set('iiab-admin') +c.Authenticator.admin_users = set('Admin') ## Set of usernames that are allowed to log in. # From b212437bbd506a503e0db5d70e00e21adcab8b0c Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 7 Aug 2021 14:10:20 -0400 Subject: [PATCH 11/11] roles/jupyterhub/README.md: Mention jupyterhub_config.py in venv --- roles/jupyterhub/README.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md index b8121677a..dc15b005e 100644 --- a/roles/jupyterhub/README.md +++ b/roles/jupyterhub/README.md @@ -12,6 +12,16 @@ * A student will only be able to see their own work — they do not have privileges outside of their own folder. * Students may upload Jupyter Notebooks to the IIAB server, and download the current state of their work via a normal browser. +### Settings + +Linux administrators please see `/opt/iiab/jupyterhub/etc/jupyterhub/jupyterhub_config.py` which originates from https://github.com/iiab/iiab/blob/master/roles/jupyterhub/templates/jupyterhub_config.py + +Note that `/opt/iiab/jupyterhub` is a Python 3 virtual environment, that can be activated with the usual formula: + +``` +source /opt/iiab/jupyterhub/bin/activate +``` + ### Known Issues: * 2021-08-07: The page that allows you to reset/change your own password is not accessible. Likewise Admin users cannot reset/change the password of any _individual_ user at this time.