JupyterHub and BinderHub Team Meeting#

Welcome to the Team Meeting#


If you are joining the team video meeting, sign in below so we know who was here. Roll call:

  • name / institution / GitHub handle

  • Min / Simula / @minrk

  • Samuel Gaist / Idiap / @sgaist

  • Hassan Alzahrani/ KAUST / @Hassan-Alzahrani

  • Simon Li / University of Dundee / @manics

  • Tim / Binder / @betatim

  • Erik Sundell / sundell open source / @consideratio

  • Luke Hare / Alan Turing Institute / @lukehare

  • David R. Pugh / KAUST / @davidrpugh

  • Mridul Seth/ GESIS / @MridulS

Quick updates#

60 second updates on things you have been up to, questions you have, or developments you think people should know about. Please add yourself, and if you do not have an update to share, you can pass.

  • add item here

Reports and celebrations#

This is a place to make announcements (without a need for discussion). This is also a great place to give shout-outs to contributors! We’ll read through these at the beginning of the meeting.

Agenda items#

Let’s collect all potential agenda items here before the start of the meeting. We will then attempt to create a coherent agenda that fits in the 60m meeting slot. If there are similar items try and group them together.

  • manics (5m): BinderHub auto-formatting

    • pre-commit with some default plugins is in use across

    • PR has been open for a long time, no strong objections

    • while disruptive for existing PRs, most open PRs have been open for a long time

    • question: can we roll out pre-commit now?

      • sounds like yes and we have a plan for helping PR authors that end up conflicts

  • manics (10m): New mybinder member

    • KAUST (King Adbulla University of Science and Technology) has an internal JupyterHub and BinderHub as well as being a heavy user of mybinder.org

    • Have spare hardware that they’d like to donate

    • looking for help and guidance on how we could move forward

    • two options regarding “joining the federation”: (1) hand over access control to the cluster to mybinder.org-deploy (automatic deployment/Binder team takes care of it) and (2) GESIS style (federation member manages everything)

      • Option (1) should work for everyone

    • Binder team takes care of BinderHub deployments and updates, KAUST can take care of node level updates and k8s updates

    • Think about where to store docker images, OVH for example run Harbour as a local container registry

      • docker hub is getting less and less good as a registry

    • Q: What kubernetes distribution is used? A: RKE2

    • What do to next?? -> next steps will be documented and discussed in the linked GitHub issue

  • Min (10m): custom scopes and tokens revealing issues with assigning roles to tokens: jupyterhub/jupyterhub#3713

    • sample app: grader service wants to get different permissions for different users

    • jupyterhub currently requires tokens to have a subset of their owner’s permissions when created

    • tokens are assigned permissions via roles not scopes directly, so can change permission relative to owner over time. This also means scope-level partial permission can’t be done in a way that sticks.

  • Samuel (10m): BinderHub/JupyterHub auth state debugging

    • Where to look for ?

      • auth_state and oauth_state are different beasts

    • Are there any known catch that could be documented ?

      • LDAP login and OAuth login do not follow the same flow hence the auth_state setup might be more tricky in the second case.

      • Ensure that the URLs used do match because there are callbacks for both JupyterHub and BinderHub which are different and will get the data to be rejected

      • If doing local tests localhost and are going to be seen as different hosts even if pointing to the same service