-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy pathinstall_jupyterhub.yml
272 lines (229 loc) · 6.33 KB
/
install_jupyterhub.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
---
- hosts: localhost
vars:
headnode_public_hostname: FILL-ME-IN
headnode_alternate_hostname: "" #Optional addition DNS entry pointing to your host
certbot_create_if_missing: yes
certbot_admin_email: FILL-ME-IN
certbot_install_method: snap
certbot_create_method: standalone
certbot_certs:
- domains:
- "{{ headnode_public_hostname }}"
certbot_create_standalone_stop_services:
- httpd
roles:
- geerlingguy.certbot
pre_tasks:
- name: disable selinux
ansible.posix.selinux:
policy: targeted
state: permissive
- name: install httpd bits
dnf:
state: latest
name:
- nodejs
- npm
- httpd
- httpd-filesystem
- httpd-tools
- python3-certbot-apache
- snapd
- snap-confine
- snapd-selinux
- name: start and enable snapd
service:
name: snapd
state: started
enabled: yes
- name: add http/s to firewalld
shell: firewall-cmd --add-service http --zone=public --permanent && \
firewall-cmd --add-service https --zone=public --permanent && \
firewall-cmd --reload
tasks:
- name: Get the headnode private IP
local_action:
module: shell ip addr | grep -Eo '10.0.0.[0-9]*' | head -1
register: headnode_private_ip
- name: Get the headnode hostname
local_action:
module: shell hostname -s
register: headnode_hostname
- name: https redirect config
template:
src: jhub_files/https_redirect.conf.j2
dest: /etc/httpd/conf.d/https_redirect.conf
owner: root
mode: 0644
- name: jupyterhub proxy config
template:
src: jhub_files/jupyterhub.conf.j2
dest: /etc/httpd/conf.d/jupyterhub.conf
owner: root
mode: 0644
- name: restart httpd
service:
name: httpd
state: restarted
enabled: yes
- name: create a shadow group
group:
name: shadow
state: present
- name: let shadow group read /etc/shadow
file:
path: /etc/shadow
mode: 0040
group: shadow
owner: root
- name: create jupyterhub user and group
user:
name: jupyterhub
state: present
groups: shadow
- name: create jupyterhub-users group
group:
name: jupyterhub-users
state: present
- name: create sudoers directory
file:
path: /etc/sudoers.d
owner: root
group: root
mode: 0750
state: directory
- name: set sudoers permissions for jupyterhub non-root
copy:
src: jhub_files/jhub_sudoers
dest: /etc/sudoers.d/
owner: root
group: root
mode: 0440
- name: create jupyterhub config dir
file:
path: /etc/jupyterhub
owner: jupyterhub
group: jupyterhub
mode: 0755
state: directory
- name: install devel deps for building Python
dnf:
state: latest
name:
- bzip2-devel
- ncurses-devel
- gdbm-devel
- libsqlite3x-devel
- sqlite-devel
- libuuid-devel
- uuid-devel
- openssl-devel
- readline-devel
- zlib-devel
- libffi-devel
- xz-devel
- tk-devel
- name: install configurable-http-proxy
npm:
name: configurable-http-proxy
global: yes
- name: create tmp builddir
file:
path: /tmp/build/
state: directory
- name: fetch python source
unarchive:
src: https://www.python.org/ftp/python/3.8.10/Python-3.8.10.tgz
dest: /tmp/build/
remote_src: yes
- name: run python configure
command:
cmd: ./configure --prefix=/opt/python3
chdir: /tmp/build/Python-3.8.10
- name: build python source
community.general.make:
target: all
chdir: /tmp/build/Python-3.8.10
- name: install python
community.general.make:
target: install
chdir: /tmp/build/Python-3.8.10
become: yes
- name: run python configure for public build
command:
cmd: ./configure --prefix=/opt/ohpc/pub/compiler/python3
chdir: /tmp/build/Python-3.8.10
- name: install python publicly
community.general.make:
target: install
chdir: /tmp/build/Python-3.8.10
become: yes
- name: install jupyterhub
pip:
executable: /opt/python3/bin/pip3
name: jupyterhub
- name: install wrapspawner
pip:
executable: /opt/python3/bin/pip3
name:
- wrapspawner
- traitlets<5
- name: install jupyterlab
pip:
executable: /opt/ohpc/pub/compiler/python3/bin/pip3
name: jupyterlab
- name: create jupyterhub service
template:
src: jhub_files/jhub_service.j2
dest: /etc/systemd/system/jupyterhub.service
mode: 0644
owner: root
group: root
#This is hard b/c of Batchspawner config
- name: install base jupyterhub config
copy:
src: jhub_files/jhub_conf.py
dest: /etc/jupyterhub/jupyterhub_config.py
owner: jupyterhub
group: jupyterhub
mode: 0644
- name: set headnode ip in jhub_config
lineinfile:
regexp: JEC_HEADNODE_IP
line: "c.JupyterHub.hub_ip = \'{{ headnode_private_ip.stdout }}\' #JEC_HEADNODE_IP"
path: /etc/jupyterhub/jupyterhub_config.py
- name: set hostname in jhub_config for batchspawner
lineinfile:
regexp: JEC_SPAWNER_HOSTNAME
line: "c.BatchSpawnerBase.req_host = \'{{ headnode_hostname.stdout }}\' #JEC_SPAWNER_HOSTNAME "
path: /etc/jupyterhub/jupyterhub_config.py
- name: set hostname in jhub_config for batchspawner
lineinfile:
regexp: JEC_PUBLIC_HOSTNAME
line: "public_hostname = \'{{ headnode_public_hostname }}\' #JEC_PUBLIC_HOSTNAME"
path: /etc/jupyterhub/jupyterhub_config.py
- name: install batchspawner to jhub python
pip:
name: batchspawner
executable: /opt/python3/bin/pip3
- name: install batchspawner to public python
pip:
name: batchspawner
executable: /opt/ohpc/pub/compiler/python3/bin/pip3
- name: create python module dir
file:
state: directory
path: /opt/ohpc/pub/modulefiles/python3.8
- name: create python module
copy:
src: jhub_files/python_mod_3.8
dest: /opt/ohpc/pub/modulefiles/python3.8/3.8.10
mode: 0777
owner: root
group: root
- name: start the jupyterhub service
service:
name: jupyterhub
enabled: yes
state: started