Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add user in script #16

Closed
wants to merge 4 commits into from
Closed

Add user in script #16

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
4bc40af
Expand $CONDA_DIR prior to writing /etc/profile.d/conda.sh
costerwi Aug 26, 2015
7ca70ef
Move useradd, enable_sudo.sh, and server launch into start-notebook.sh
costerwi Aug 26, 2015
b27bbc7
Added NB_UID to docs
costerwi Aug 26, 2015
222e948
Revert to using supervisord to launch notebook
costerwi Aug 28, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 7 additions & 21 deletions minimal-notebook/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,27 +28,18 @@ ENV CONDA_DIR /opt/conda
ENV NB_USER jovyan

# Install conda
RUN echo 'export PATH=$CONDA_DIR/bin:$PATH' > /etc/profile.d/conda.sh && \
RUN echo export PATH=$CONDA_DIR/bin:'$PATH' > /etc/profile.d/conda.sh && \
wget --quiet https://repo.continuum.io/miniconda/Miniconda3-3.9.1-Linux-x86_64.sh && \
/bin/bash /Miniconda3-3.9.1-Linux-x86_64.sh -b -p $CONDA_DIR && \
rm Miniconda3-3.9.1-Linux-x86_64.sh && \
$CONDA_DIR/bin/conda install --yes conda==3.14.1

# Create non-root user
RUN useradd -m -s /bin/bash $NB_USER
RUN chown -R $NB_USER:$NB_USER $CONDA_DIR
RUN chown $NB_USER:$NB_USER /home/$NB_USER -R

# Configure user environment
USER $NB_USER
ENV HOME /home/$NB_USER
ENV SHELL /bin/bash
ENV USER $NB_USER
# Configure docker environment
ENV PATH $CONDA_DIR/bin:$PATH

# Setup a work directory rooted in home for ease of volume mounting
ENV WORK $HOME/work
RUN mkdir -p $WORK
ENV WORK /notebooks
RUN mkdir -p $WORK && chown root.users $WORK && chmod g+w $WORK
WORKDIR $WORK

# Install Jupyter notebook
Expand All @@ -57,16 +48,11 @@ RUN conda install --yes \
terminado \
&& conda clean -yt

# Configure Jupyter
RUN jupyter notebook --generate-config

# Configure container startup
EXPOSE 8888
USER root
CMD ["supervisord", "-n", "-c", "/etc/supervisor/supervisord.conf"]
CMD [ "start-notebook.sh" ]

# Add local files as late as possible to avoid cache busting
COPY jupyter_notebook_config.py $HOME/.jupyter/
COPY start-notebook.sh /usr/local/bin/
COPY notebook.conf /etc/supervisor/conf.d/
COPY enable_sudo.sh /usr/local/bin/
RUN chown $NB_USER:$NB_USER $HOME/.jupyter/jupyter_notebook_config.py
COPY jupyter_notebook_config.py /etc/skel/.jupyter/
1 change: 1 addition & 0 deletions minimal-notebook/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ You may customize the execution of the Docker container and the Notebook server

* `-e PASSWORD="YOURPASS"` - Configures Jupyter Notebook to require the given password. Should be conbined with `USE_HTTPS` on untrusted networks.
* `-e USE_HTTPS=yes` - Configures Jupyter Notebook to accept encrypted HTTPS connections. If a `pem` file containing a SSL certificate and key is not provided (see below), the container will generate a self-signed certificate for you.
* `-e NB_UID=1000` - Specify the uid of the `jovyan` user. Useful to mount host volumes with specific file ownership.
* `-e GRANT_SUDO=yes` - Gives the `jovyan` user passwordless `sudo` capability. Useful for installing OS packages. **You should only enable `sudo` if you trust the user or if the container is running on an isolated host.**
* `-v /some/host/folder/for/work:/home/jovyan/work` - Host mounts the default working directory on the host to preserve work even when the container is destroyed and recreated (e.g., during an upgrade).
* **(v3.2.x)** `-v /some/host/folder/for/server.pem:/home/jovyan/.ipython/profile_default/security/notebook.pem` - Mounts a SSL certificate plus key for `USE_HTTPS`. Useful if you have a real certificate for the domain under which you are running the Notebook server.
Expand Down
4 changes: 0 additions & 4 deletions minimal-notebook/enable_sudo.sh
View file
Open in desktop

This file was deleted.

12 changes: 2 additions & 10 deletions minimal-notebook/notebook.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,10 @@
[program:notebook]
user=jovyan
umask=0002
directory=/home/jovyan/work
directory=%(ENV_WORK)s
command=ipython notebook
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/%(program_name)s.log
redirect_stderr=true

[program:sudoers]
command=enable_sudo.sh
autostart=true
autorestart=false
stdout_logfile=/var/log/supervisor/%(program_name)s.log
redirect_stderr=true
startretries=0
startsecs=0
environment=HOME="/home/%(ENV_NB_USER)s",USER="%(ENV_NB_USER)s"
16 changes: 16 additions & 0 deletions minimal-notebook/start-notebook.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#!/bin/bash

# Create non-root NB_USER, member of group "users"
useradd -m -s /bin/bash -u ${NB_UID:-1000} -G users $NB_USER

# Allow "users" group to update conda root env
chown -R root.users $CONDA_DIR
chmod -R g+w $CONDA_DIR

# Enable sudo if requested
if [ ! -z "$GRANT_SUDO" ]; then
echo "$NB_USER ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/notebook
fi

# Start supervisord in foreground, PID1
exec supervisord -n -c /etc/supervisor/supervisord.conf