Merge pull request #483 from iiab/master

Sync from iiab/iiab:master

.gitignore

@@ -5,3 +5,4 @@ deprecated
 *.patches
 *.log 
 *.retry
+*~

README.md

@@ -45,10 +45,10 @@ To learn more about our open community architecture for "offline" education, sta
 
 ## Versions
 
-Pre-releases of Internet-in-a-Box (IIAB) undergo continuous QA / continuous deployment and are strongly recommended.
+Pre-releases of Internet-in-a-Box (IIAB) undergo continuous QA / continuous integration / continuous deployment and are **strongly recommended!**
 
 Install our latest pre-release using the 1-line installer at: [download.iiab.io](http://download.iiab.io/)
 
-You can also consider the <!--latest Internet-in-a-Box (IIAB)--> official releases at: [github.com/iiab/iiab/releases](https://github.com/iiab/iiab/releases)
+You can also consider <!--latest Internet-in-a-Box (IIAB)--> earlier official releases at: [github.com/iiab/iiab/releases](https://github.com/iiab/iiab/releases)
 
-For older versions, see: [github.com/xsce](http://github.com/xsce), [schoolserver.org](http://schoolserver.org)
+For much older versions, see: [github.com/xsce](http://github.com/xsce), [schoolserver.org](http://schoolserver.org)

roles/0-init/tasks/validate_vars.yml

@@ -63,7 +63,7 @@
 #
 # 2020-11-04: Fix validation of 5 core dependencies, for ./runrole etc
 
-- name: Set vars_checklist for 40 + 40 + up-to-40 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked
+- name: Set vars_checklist for 46 + 46 + 41 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked
   set_fact:
     vars_checklist:
       - hostapd
@@ -92,6 +92,7 @@
       #- ejabberd           # Unmaintained
       - elgg
       - gitea
+      - jupyterhub
       - lokole
       - mediawiki
       - mosquitto

roles/6-generic-apps/tasks/main.yml

@@ -31,6 +31,11 @@
     name: gitea
   when: gitea_install
 
+- name: JUPYTERHUB
+  include_role:
+    name: jupyterhub
+  when: jupyterhub_install
+
 - name: LOKOLE
   include_role:
     name: lokole

roles/elgg/defaults/main.yml

@@ -8,7 +8,7 @@
 # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
 
 elgg_xx: elgg
-elgg_version: 2.3.16
+elgg_version: 2.3.17
 
 # elgg_mysql_password: defined in default_vars
 elgg_url: /elgg

roles/jupyterhub/README.md

@@ -0,0 +1,10 @@
+## JupyterHub programming environment with student Notebooks
+
+#### High Schools may want to consider JupyterHub to integrate coding with dynamic interactive graphing — A New Way to Think About Programming — allowing students to integrate science experiment results and program output within their notebook/document/blog:
+
+* Jupyter Notebooks are widely used in the scientific community.
+* This IIAB package permits individual users to start using their own notebook on the server (http://box.lan/jupyterhub) without needing an individual server account.
+* Once a user signs in with a username and password, these credentials are stored, and are used thereafter to gain access to the user's files.
+* Individual folders are created for all student work in the path `/var/lib/protected/` — individual students will only be able to see their own work in that directory.
+* Students will not have any privileges outside of their own folder.
+* They may upload Jupyter Notebooks from a local machine, and download the current state of their work via a normal browser download.

roles/jupyterhub/defaults/main.yml

@@ -0,0 +1,8 @@
+# jupyterhub_install: False
+# jupyterhub_enabled: False
+
+# jupyterhub_venv: /opt/iiab/jupyterhub
+# jupyterhub_port: 8000
+
+# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
+# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!

roles/jupyterhub/tasks/enable-or-disable.yml

@@ -0,0 +1,36 @@
+- name: systemd daemon-reload
+  systemd:
+    daemon_reload: yes
+
+
+- name: Enable & Restart jupyterhub.service
+  systemd:
+    name: jupyterhub
+    enabled: yes
+    state: restarted
+  when: jupyterhub_enabled
+
+- name: Disable jupyterhub.service
+  systemd:
+    name: jupyterhub
+    enabled: no
+    state: stopped
+  when: not jupyterhub_enabled
+
+
+- name: 'Install from template: {{ nginx_conf_dir }}/jupyterhub-nginx.conf'
+  template:
+    src: jupyterhub-nginx.conf
+    dest: "{{ nginx_conf_dir }}/"
+  when: jupyterhub_enabled
+
+- name: Disable {{ nginx_conf_dir }}/jupyterhub-nginx.conf
+  file:
+    path: "{{ nginx_conf_dir }}/jupyterhub-nginx.conf"
+    state: absent
+  when: not jupyterhub_enabled
+
+- name: Restart 'nginx' systemd service
+  systemd:
+    name: nginx
+    state: restarted

roles/jupyterhub/tasks/install.yml

@@ -0,0 +1,69 @@
+- name: "Set 'nodejs_install: True' and 'nodejs_enabled: True'"
+  set_fact:
+    nodejs_install: True
+    nodejs_enabled: True
+
+- name: NODEJS - run 'nodejs' role (attempt to install & enable Node.js)
+  include_role:
+    name: nodejs
+
+- name: FAIL (STOP THE INSTALL) IF 'nodejs_installed is undefined'
+  fail:
+    msg: "JupyterHub install cannot proceed, as Node.js is not installed."
+  when: nodejs_installed is undefined
+
+
+- name: Make the directories to hold JupyterHub config
+  file:
+    state: directory
+    path: '{{ item }}'
+  with_items:
+    - '{{ jupyterhub_venv }}/etc/jupyter'
+    - '{{ jupyterhub_venv }}/etc/jupyterhub'
+    - '{{ jupyterhub_venv }}/etc/systemd'
+
+- name: Use npm to install configurable-http-proxy
+  npm:
+    name: configurable-http-proxy
+    global: yes
+    state: latest
+
+- name: 'Use pip to install into a virtual environment: {{ jupyterhub_venv }}'
+  pip:
+    name:
+      - pip
+      - wheel
+      - ipywidgets
+      - jupyterhub
+      - jupyterlab
+      - jupyterhub_firstuseauthenticator
+      - jupyterhub-systemdspawner
+    virtualenv: "{{ jupyterhub_venv }}"    # /opt/iiab/jupyter
+    virtualenv_site_packages: no
+    virtualenv_command: /usr/bin/virtualenv
+    virtualenv_python: python3
+    extra_args: "--no-cache-dir"
+  when: internet_available
+
+- name: 'Install from template: {{ jupyterhub_venv }}/etc/jupyterhub/jupyterhub_config.py'
+  template:
+    src: jupyterhub_config.py
+    dest: '{{ jupyterhub_venv }}/etc/jupyterhub/'
+
+- name: 'Install from template: /etc/systemd/system/jupyterhub.service'
+  template:
+    src: jupyterhub.service
+    dest: /etc/systemd/system/
+
+
+# RECORD JupyterHub AS INSTALLED
+
+- name: "Set 'jupyterhub_installed: True'"
+  set_fact:
+    jupyterhub_installed: True
+
+- name: "Add 'jupyterhub_installed: True' to {{ iiab_state_file }}"
+  lineinfile:
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    regexp: '^jupyterhub_installed'
+    line: 'jupyterhub_installed: True'

roles/jupyterhub/tasks/main.yml

@@ -0,0 +1,44 @@
+# "How do i fail a task in Ansible if the variable contains a boolean value?
+# I want to perform input validation for Ansible playbooks"
+# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
+
+# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
+# to re-check whether vars are defined here.  As Ansible vars cannot be unset:
+# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
+
+- name: Assert that "jupyterhub_install is sameas true" (boolean not string etc)
+  assert:
+    that: jupyterhub_install is sameas true
+    fail_msg: "PLEASE SET 'jupyterhub_install: True' e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
+
+- name: Assert that "jupyterhub_enabled | type_debug == 'bool'" (boolean not string etc)
+  assert:
+    that: jupyterhub_enabled | type_debug == 'bool'
+    fail_msg: "PLEASE GIVE VARIABLE 'jupyterhub_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
+
+
+- name: Install Jupyter if jupyterhub_installed not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
+  include_tasks: install.yml
+  when: jupyterhub_installed is undefined
+
+
+- include_tasks: enable-or-disable.yml
+
+
+- name: Add 'jupyterhub' variable values to {{ iiab_ini_file }}
+  ini_file:
+    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
+    section: jupyterhub
+    option: "{{ item.option }}"
+    value: "{{ item.value | string }}"
+  with_items:
+    - option: name
+      value: JupyterHub
+    - option: description
+      value: '"High Schools may want to consider JupyterHub to integrate coding with dynamic interactive graphing — A New Way to Think About Programming — allowing students to integrate science experiment results and program output within their notebook/document/blog."'
+    - option: jupyterhub_install
+      value: "{{ jupyterhub_install }}"
+    - option: jupyterhub_enabled
+      value: "{{ jupyterhub_enabled }}"

roles/jupyterhub/templates/jupyterhub-nginx.conf

@@ -0,0 +1,20 @@
+location /jupyterhub {
+    proxy_pass http://127.0.0.1:8000;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-NginX-Proxy true;
+
+    # websocket headers
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    #proxy_set_header Connection $connection_upgrade;
+    proxy_set_header X-Scheme $scheme;
+
+    proxy_buffering off;
+}
+
+# Managing requests to verify letsencrypt host
+location ~ /.well-known {
+    allow all;
+}

roles/jupyterhub/templates/jupyterhub.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=JupyterHub
+After=syslog.target network.target
+
+[Service]
+User=root
+Environment="PATH=/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:{{ jupyterhub_venv }}/bin"
+ExecStart={{ jupyterhub_venv }}/bin/python3 -m jupyterhub -f {{ jupyterhub_venv }}/etc/jupyterhub/jupyterhub_config.py
+
+[Install]
+WantedBy=multi-user.target

roles/network/templates/gateway/iiab-gen-iptables

@@ -72,6 +72,7 @@ pbx_data_ports={{ pbx_data_ports }}
 sugarizer_port={{ sugarizer_port }}
 transmission_http_port={{ transmission_http_port }}
 transmission_peer_port={{ transmission_peer_port }}
+jupyterhub_port={{ jupyterhub_port }}
 
 samba_udp_ports={{ samba_udp_ports }}
 samba_tcp_mports={{ samba_tcp_mports }}
@@ -159,6 +160,7 @@ if [ "$wan" != "none" ]; then
         $IPTABLES -A INPUT -p tcp --dport $sugarizer_port -m state --state NEW -i $wan -j ACCEPT
         $IPTABLES -A INPUT -p tcp --dport $transmission_http_port -m state --state NEW -i $wan -j ACCEPT
         $IPTABLES -A INPUT -p tcp --dport $transmission_peer_port -m state --state NEW -i $wan -j ACCEPT
+        $IPTABLES -A INPUT -p tcp --dport $jupyterhub_port -m state --state NEW -i $wan -j ACCEPT
     fi
 
     # 4 = ssh + http-or-https + common IIAB services + Samba

roles/nginx/README.md

@@ -10,12 +10,13 @@
 
 2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX.
 
-3. Current state of IIAB App/Service migrations as of 2020-09-24:
+3. Current state of IIAB App/Service migrations as of 2021-04-15:
 
    1. These support "Native" NGINX but ***NOT*** Apache
       * Admin Console
       * captiveportal
       * IIAB documentation (http://box/info)
+      * JupyterHub
       * osm-vector-maps
       * OER2Go/RACHEL modules
       * usb_lib
@@ -54,4 +55,4 @@
       * transmission
       * vnstat
 
-[*] The 4 above starred roles could use improvement, as of 2020-09-24.
+[*] The 4 above starred roles could use improvement, as of 2021-04-15.

vars/default_vars.yml

@@ -380,6 +380,12 @@ gitea_enabled: False
 gitea_url: /gitea
 gitea_port: 61734
 
+# JupyterHub programming environment with student Notebooks
+jupyterhub_install: False
+jupyterhub_enabled: False
+jupyterhub_venv: /opt/iiab/jupyterhub
+jupyterhub_port: 8000
+
 # Lokole (email for rural communities) from https://ascoderu.ca
 lokole_install: False
 lokole_enabled: False

vars/local_vars_big.yml

@@ -253,6 +253,10 @@ elgg_enabled: True
 gitea_install: True
 gitea_enabled: True
 
+# JupyterHub programming environment with student Notebooks
+jupyterhub_install: True
+jupyterhub_enabled: True
+
 # Lokole (email for rural communities) from https://ascoderu.ca
 lokole_install: True
 lokole_enabled: True

vars/local_vars_medium.yml

@@ -253,6 +253,10 @@ elgg_enabled: False
 gitea_install: False
 gitea_enabled: False
 
+# JupyterHub programming environment with student Notebooks
+jupyterhub_install: False
+jupyterhub_enabled: False
+
 # Lokole (email for rural communities) from https://ascoderu.ca
 lokole_install: False
 lokole_enabled: False

vars/local_vars_min.yml

@@ -253,6 +253,10 @@ elgg_enabled: False
 gitea_install: False
 gitea_enabled: False
 
+# JupyterHub programming environment with student Notebooks
+jupyterhub_install: False
+jupyterhub_enabled: False
+
 # Lokole (email for rural communities) from https://ascoderu.ca
 lokole_install: False
 lokole_enabled: False