Hi. I’ve tried adding the following lines to my config.yaml file:
singleuser:
extraEnv:
GRANT_SUDO: "yes"
uid: 0
Running on an Oracle Cluster on the Oracle Cloud Services
From what I’ve heard this should give me passwordless SUDO access on my terminal?
It depends on the rest of your configuration, and also how your Kubernetes cluster is configured. For example, if you’ve built your own Docker image you may not have the scripts from
In addition your cluster may block containers from running as root.
Can you:
Thanks!
Hi, sorry have just logged in and saw your response. Running on an Oracle Kubernetes Cluster created using OKE (Oracle Kubernetes Engine)
config.yaml
hub:
config:
Authenticator:
admin_users:
- $user1
- $user2
- $user3
GitHubOAuthenticator:
client_id: **snip**
client_secret: **snip**
oauth_callback_url: **snip**
JupyterHub:
authenticator_class: github
## Try instantiating a SingleUser server
singleuser:
image:
name: jupyter/tensorflow-notebook
tag: latest
extraEnv:
GRANT_SUDO: "yes"
uid: 0
helm update command
helm upgrade --cleanup-on-fail \
--install neuro-jupyterhub-1 jupyterhub/jupyterhub \
--namespace neuro-k1 \
--create-namespace \
--version=1.2.0 \
--values config.yaml
We were able to get it working using basically the same configuration:
singleuser:
extraEnv:
GRANT_SUDO: "yes"
NOTEBOOK_ARGS: "--allow-root"
uid: 0
cmd: start-singleuser.sh
But we’re not using OKE
The default Z2JH cmd vs the container’s default cmd is a known point of confusion. In the forthcoming Z2JH 2.0 it’ll default to the container’s cmd which should be more intuitive! https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2449
Also see https://github.com/jupyter/docker-stacks/issues/1528 for more background
Note you shouldn’t need --allow-root since you’re not running the notebook as root, only the container which should drop to the unprivileged user after enabling sudo.
Thanks @manics for the response. How do I use this?
I’m afraid I don’t understand what you’re asking… how do you use what?
I just ran into a similar issue, except I am using a custom notebook image. In the Jupyter docker-stacks Dockerfiles, they seem to deny access to the the root user via this command.
We created a new image on top of it and removed this from the /etc/pam.d/su file by adding:
RUN sed -i "s/auth requisite pam_deny.so//g" /etc/pam.d/su
to the end of our Dockerfile and then creating the new image. Now we can login as root. I am not sure if this is necessary or if there are other ways to enable root access.
@manics how do I use the scripts that you’ve mentioned to grant passwordless sudo access?
There was a configuration snippet in the earlier post:
Hello,
If you are seeing this on the future note that for some configurations jupyter hub uses allowPrivilegeEscalation to block on Kubernetes escalating users as sudo. It worked to me when I set allowPrivilegeEscalation: true. Right now I’m facing the problem with jovyan password. If any news I will be back!
ex:
singleuser:
extraEnv:
GRANT_SUDO: "yes"
NOTEBOOK_ARGS: "--allow-root"
cmd: start-singleuser.sh
allowPrivilegeEscalation: true
Hi @leomaiaao,
What is the correct way on current helm 3.2.1 to allow notebooks to run apt install? I have added these to config.yaml, but still does not work.