JupyterHub and BinderHub Team Meeting#
Date: Thursday 17th February 2022
Time: 9AM Europe/London
This HackMD: https://hackmd.io/@sgibson91/hubs-team-meeting
GitHub issue: jupyterhub/team-compass#486
Calendar for future meetings: https://jupyterhub-team-compass.readthedocs.io/en/latest/meetings.html
Welcome to the Team Meeting#
Hello!
If you are joining the team video meeting, sign in below so we know who was here. Roll call:
name / institution / GitHub handle
Min / Simula / @minrk
Samuel Gaist / Idiap / @sgaist
Hassan Alzahrani/ KAUST / @Hassan-Alzahrani
Simon Li / University of Dundee / @manics
Tim / Binder / @betatim
Erik Sundell / sundell open source / @consideratio
Luke Hare / Alan Turing Institute / @lukehare
David R. Pugh / KAUST / @davidrpugh
Mridul Seth/ GESIS / @MridulS
Quick updates#
60 second updates on things you have been up to, questions you have, or developments you think people should know about. Please add yourself, and if you do not have an update to share, you can pass.
add item here
Reports and celebrations#
This is a place to make announcements (without a need for discussion). This is also a great place to give shout-outs to contributors! We’ll read through these at the beginning of the meeting.
Min: Authorization landed in Jupyter Server, Identity API under review
Agenda items#
Let’s collect all potential agenda items here before the start of the meeting. We will then attempt to create a coherent agenda that fits in the 60m meeting slot. If there are similar items try and group them together.
manics (5m): BinderHub auto-formatting
pre-commit with some default plugins is in use across
PR has been open for a long time, no strong objections
while disruptive for existing PRs, most open PRs have been open for a long time
question: can we roll out pre-commit now?
sounds like yes and we have a plan for helping PR authors that end up conflicts
manics (10m): New mybinder member
KAUST (King Adbulla University of Science and Technology) has an internal JupyterHub and BinderHub as well as being a heavy user of mybinder.org
Have spare hardware that they’d like to donate
looking for help and guidance on how we could move forward
two options regarding “joining the federation”: (1) hand over access control to the cluster to mybinder.org-deploy (automatic deployment/Binder team takes care of it) and (2) GESIS style (federation member manages everything)
Option (1) should work for everyone
Binder team takes care of BinderHub deployments and updates, KAUST can take care of node level updates and k8s updates
Think about where to store docker images, OVH for example run Harbour as a local container registry
docker hub is getting less and less good as a registry
Q: What kubernetes distribution is used? A: RKE2
What do to next?? -> next steps will be documented and discussed in the linked GitHub issue
Min (10m): custom scopes and tokens revealing issues with assigning roles to tokens: jupyterhub/jupyterhub#3713
sample app: grader service wants to get different permissions for different users
jupyterhub currently requires tokens to have a subset of their owner’s permissions when created
tokens are assigned permissions via roles not scopes directly, so can change permission relative to owner over time. This also means scope-level partial permission can’t be done in a way that sticks.
Samuel (10m): BinderHub/JupyterHub auth state debugging
Where to look for ?
auth_state and oauth_state are different beasts
Are there any known catch that could be documented ?
LDAP login and OAuth login do not follow the same flow hence the auth_state setup might be more tricky in the second case.
Ensure that the URLs used do match because there are callbacks for both JupyterHub and BinderHub which are different and will get the data to be rejected
If doing local tests localhost and 127.0.0.1 are going to be seen as different hosts even if pointing to the same service