You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Next »

In the following the necessary steps are described how to setup a Jupyter Server on a Compute Cloud Instance that can be used for a course.

  • All accounts are temporary and only have access to this special instance.
  • The course instructor can set the password for the duration of the course and later on deactivate the accounts again.
  • The server is accessible from every client on the internet and the course instructor therefore should monitor the server for suspicious activity or change the password for access in case an account got compromized. However, the server is isolated from all other resources at LRZ like Linux Cluster or SuperMUC so that the amount of damage is small that can be performed by an attacker.

The course instructor should have some experience in setting up a linux OS on an empty machine and some basic understanding how linux works.

Basic Steps

Getting the Hardware

Setting up the Server

  • Start a new instance on the LRZ Compute Cloud where the number of cores should be the number of participants of the course. In general 20 cores should be fine.
  • Choose Ubuntu for the OS.
  • You need a private/public key for login from your terminal/desktop
  • Add the Port 8000 in a Security Group of the VM
  • Generate a floating IP for the respective provider network your VM is connected to  (either MWN or internet) and attach it to the VM.
  • You have to use this floating IP when you later on connect to the jupyter server. http://<floating-ip>:8000
  • Be aware that the system is accessible from the whole internet and can be an aim for hackers. Monitor the machine periodically and shelve it when it is not in use!
  • Also see: Security Basics from the jupyterhub documentation

Installation of the software

  • Do not change the root password. By doing that root cannot be attacked from the outside
  • Use sudo for installation of the software
  • Download miniconda from conda as root and install it

bash history
$ sudo su

# make an installation folder for the jupyter installation
$ mkdir /opt/miniconda3
$ cd /opt/miniconda3

# get minicoda from the anaconda web site and extract it
$ wget
$ chmod +x ./
$ ./

# activate your installation and install jupyterhub
$ source /root/miniconda3/bin/activate
$ conda install jupyterhub

# start jupyterhub server
$ jupyterhub

Additional Information for the Installation

User administration

Provide user accounts as many as are needed for the course. Do not give them a login shell. By doing that, users can only use the jupyter hub interface to login.

bash history
# add participants of the course

$ useradd -m participant1
$ passwd participant1

add as many users you want. They can access jupyterhub with the username: participant1 and password. Change the names as you wish.

Tipps and tricks

These commands come in handy for setting user passwords and cleaning up user directories after the course:

bash history
$ python
>>> import os
# create 20 users (user0, user1, .., user19)
>>> [os.system(f"useradd -m user{i}") for i in range(20)]
>>> [os.system(f"echo user{i}:NEW_SECRET_PASSWORD | chpasswd") for i in range(20)]
# create an admin0 user
>>> os.system(f"useradd -m admin0")
>>> os.system(f"echo admin0:NEW_SECRET_PASSWORD | chpasswd")
# create a folder for course material for each user which is owned by admin0
>>> os.system("mkdir /home/admin0/course_material")
>>> [os.system(f"ln -s /home/admin0/course_material /home/user{i}/course_material1") for i in range(101)]

Authentication via OAuth on GitLab

You can use the LRZ GitLab server for the authentication on the JupyterHub server. The user has to configure the application in his profile:

(, "Adding an application through the profile"

This only works for applications without root access. Then follow the JupyterHub/GitLab documentation to install the JupyterHub plugin:

Finally go back to the GitLab server and activate the Service.

  • No labels