I have setup JupyterHub with DockerSpawner and Auth0, this is working well with stock JupyterLab images.
Now I am trying to use my own custom JupyterLab image which is based off of base-notebaook. However as I want to be able to access the hardware on the host machine I have enabled UDEV in the image. This means that I need to run the JupterLab container in privileged mode.
I have tried to use variations of the following to get this to work:
# Attempt to use extra_create_kwargs
c.DockerSpawner.extra_create_kwargs = {
"privilege": True
}
# Attempt use extra_host_config
c.DockerSpawner.extra_host_config = {
"privilege": True
}
I am pretty sure that I have got the name of the configuration item wrong and where it is set but I cannot work it out and I have not been able to find it in the documentation anywhere online.
Hello,
I tried several cases for "privileged": True with DockerSpawner (version 12) but without any success.
I always got error rmessage âunexpected keyword argument â whatever I tried to set it
via .extra_container_spec or .extra_host_config or .extra_create_kwargs
Do I miss something ?
I also have the same problem with another keyword, I talk about "cap-add": "SYS_PTRACE" (to be allowed to run strace inside a container)
But this is ok if I run the container via docker run, I mean docker run --cap-add=SYS_PTRACE ...
Any feedback on this would also be appreciated
Hello, Is it possible to have privileged mode when using the swarmspawner ? (not dockerspawner)
This question because with swarmspawner, JupyterLab container are launched as docker services and as far I know docker service create doesnât allow nor privileged nor security_opt options.
So I would tend to think that by usingswarmspawner in a cluster/swarm wontâ allow to have the required permissions for running apptainer commands in a Jupterlab terminal (my objective) Am I right?
To move forward, I tried with cap-add option docker service ... --cap-add=SYS_ADMIN option (options possible with docker service create) , but on worker node side, when testing via docker exec -it abcdefgh apptainer run docker://alpine echo "Hello world" I get error like âfailed to attach loop deviceâ
My last attempt was to start dockerd, on a worker node, with user namespaces allowed, but consequently the worker disappears from the swarm cluster.
Any tips for another solution ? Or is it definitely impossible to run apptainer commands from jupyterLabâs terminal, launch in a docker/swarm cluster ?