-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathtodo.txt
118 lines (106 loc) · 4.75 KB
/
todo.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
Important
- Open to all world (MM)
- Security
- Security: do we log everything sufficiently?
Add some sort of persistent logs of at least hub (MM)
X Check zero to jupyterhub security and see what applies to us (MM): (should be fine, still wondering about network policies tho)
https://zero-to-jupyterhub.readthedocs.io/en/latest/security.html
- Check SSL: https://www.ssllabs.com/
- Adjust QoS of hub and proxy pods: are the at best and have
sufficient resources? (MM)
- Check actual CPU/mem usage and adjust limits. (??)
- How do we monitor memory and processor usage of the pods and nodes? (MM)
- Total pods running
- total memory usage (notify if running low)
- total CPU usage
- failure of hub
X script ot test inability to spawn new server (RD)
python3 scripts/spawn_test.py
- high failure rate of hubs.
- approaching full capicity.
- Backup connection to blade server (JK)
X Decide support and issue tracking addresses and publish them on
jupyter pages.
X Suggestions: guru@cs.aalto.fi, or the Github repositiories for
single user/hub images. (RD)
- Automatic monitoring and notification when things go down. (MM)
- Make the JH docs live and do final revisions (RD)
- Write the privacy policy (RD)
- Create a development install (different namespace). Currently, once
the main system goes into use, it is very hard to do development or
debugging anymore. Can we use kubernetes namespaces to solve this? (MM)
Minor
X Make the hub docker image buildable again. (RD/MM)
X I (RD) split the secrets/ dir into another git repository and
added that to version.aalto.fi. Main repos are now on github.
But secrets/ dir repo won't push somehow... why? We have to clone
the new secrets/ to the hub VM node to be able to build again...
- Add git default username/email so that it is more usable (how to
get them?) (RD)
- Warn on quotas when logging in (xx)
- (started) Copy krb5.keytab.new instead of krb5.keytab. This is
already joined to AD and thus we don't need the re-joining script.
We have to be able to rebuild the hub first, though. (RD/MM)
- Note to instructors: have sofware pre-installed (RD)
- Test quotas (RD)
Old (pre-2018-08-30)
====================
X run notebook as right UID
X mount notebook home based on user $HOME
* done based on user UID
X pin versions of jupyterhub/notebook
X mount a shared directory per course (done, /course)
X copy nbgrader_config.py to user
X create profilespawner for courses
X Request Aalto SSL cert
X Install Aalto SSL cert from secrets/ directory
X how to we restart
X Split the proxy from the hub
- Option 1: Use kubernetes proxy instead of jupyterhub hub proxy
(probably worse since this doesn't currently do activity tracking
so we can't cull)
X Option 2: run configurable-http-proxy in another pod
X Use image /jupyterhub/configurable-http-proxy:3.1.1
X See z2jh example: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/blob/master/jupyterhub/templates/proxy/deployment.yaml
X set uid
X set default exchange to /srv/nbgrader/exchange
X course management
X script to create course
X limit ssh key to only run the init function
- set up kubernetes pod logging.
- logs: how to get logs of a container that fails immediately?, or
old container? Needed for eventually debugging
- "kubectl exec -it ... bash" does not work on user pods, because the
user home directory has been moved, and docker tries to
unconditionally cd before running your command.
- /srv/jupyterhub is mounted from jhnas:/vol/jupyter/admin/hubdata/.
But the hub has root_squash, so these are currently owned by
nobody/nogroup. Fix the security.
- change QoS of the hub pod to best. Does ingress controller have
enough CPU and memory?
- Check actual CPU/mem usage and adjust limits
- How do we monitor memory and processor usage of the pods and nodes?
X Quotas of the NFS user spaces
- Warn on quotas when logging in
X optional shared coursedata directoryu
X Set announcement on page text
- Check zero to jupyterhub security and see what applies to us:
https://zero-to-jupyterhub.readthedocs.io/en/latest/security.html
X Separate the teststudent/testinstructor from the Dockerfile so that
we can publish this git repository publically
X Run "fix-permissions $CONDA_DIR /home/jovyan" in the image creation
X Investigate NFS uid/gids and figure out why it does not work.
- Security of autograding
X check kernel swapping when executing
X remote mount the assignment files
X run in isolated environment
- Security: do we log everything sufficiently?
X Solve mysteriously disappearing server problem
Epics:
X create single user imeage
X configure JH with all the user and spawn hooks
Delayed:
X config JH code version
X config notebook version
MVP stories:
X for student, mount /user and /exchange based on course