search

cylc / cylc-uiserver

A Jupyter Server extension that serves the cylc-ui web application for monitoring and controlling Cylc workflows.
https://cylc.org
GNU General Public License v3.0
15 stars 18 forks source link

JupyterHub 5 support #598

Closed MetRonnie closed 4 months ago

MetRonnie commented 5 months ago

JupyterHub 5.0.0 has been released - https://jupyterhub.readthedocs.io/en/stable/reference/changelog.html

It looks like Cylc Hub pretty much works with jupyterhub 5. However when I started cylc hub I got this warning

[W 2024-05-29T16:27:54.815 JupyterHub auth:166] No allow config found, it's possible that nobody can login to your Hub!
    You can set `c.Authenticator.allow_all = True` to allow any user who can login to access the Hub,
    or e.g. `allowed_users` to a set of users who should have access.
    You may suppress this warning by setting c.Authenticator.any_allow_config = True.

So I added to my ~/.cylc/uiserver/jupyter_config.py:

c.Authenticator.allowed_users = {'<my-username>'}

But I'm guessing we should set it by default that the owner is allowed to access their own hub?

See also: https://jupyterhub.readthedocs.io/en/stable/howto/upgrading-v5.html#authenticator-allow-all-and-allow-existing-users

oliver-sanders commented 5 months ago

But I'm guessing we should set it by default that the owner is allowed to access their own hub?

That feels like a sensible default for Jupyter Hub itself.

Cylc configures Jupyter Hub for Cylc use (e.g. changing the logo so users know what they are logging into, changing the spawner command to run the UIS), but we don't attempt to provide a base configuration for Jupyter Hub itself.

If they haven't configured this as a default, they presumably have a reason not to do so? Or otherwise cover it in their setup instructions which we can link to?

oliver-sanders commented 5 months ago

From the Jupyter Hub v5 migration guide:

Prior to JupyterHub 5, JupyterHub Authenticators had the implicit default behavior to allow any user who successfully authenticates to login ... This behavior was considered a too-permissive default ... having the effect that some allow configuration is required for anyone to be able to login. If you want to preserve the pre-5.0 behavior with no explicit allow configuration, set:

--- https://jupyterhub.readthedocs.io/en/stable/howto/upgrading-v5.html#authenticator-allow-all-and-allow-existing-users

In other words, this isn't a Cylc compatibility issue, this is the intentional Jupyter Hub default.

Cylc should not be changing Jupyter Hub defaults without good reason, so I would suggest this is a documentation issue. We should add a link to the relevant Jupyter Hub section in our own setup docs.

MetRonnie commented 4 months ago

Closing as nothing to do