How much work would it be to use a TLJH instance to serve as a binderhub?


#1

I have a TLJH set up with Authentication via GitHub Enterprise. Would it be feasible to set up a repo with a notebook to launch in the TLJH instance? If so, is there a roadmap or set of instructions for doing so.


#2

BinderHub relies heavily on Kubernetes for launching/coordinating/shutting down user’s servers so I think the answer is unfortunately “not any time soon”.


#3

@fm75 if you just want a repo’s contents in with TLJH, you can use nbgitpuller. It doesn’t do dynamic image building, however. We explicitly chose to not use docker in TLJH, so this is unlikely to change anytime soon.


#4

@betatim - Thanks for the quick reply. I am not trying to duplicate all the goodies of binder.

I would be happy for:

  • I click on link in a README
  • I get run through a GHE OAuth
  • A server gets spawned for me in TLJH, whether I have one already or not
  • I end up in a runnable notebook

As an alternative to:

  • Spawn instance
  • Start terminal
  • git clone with a GHE token
  • return to Home
  • Load cloned notebook

If it is not too hard to implement. :v:

Why?

Because I only have to set up the “magic link” in the repo. I don’t have to teach someone, leave instructions, or walk them through the procedural stuff. They only have to click on an attractive link or icon.


#5

@fm75 if you already assume that a TLJH is running out there somewhere, and you know where it is, then you should be able to use an nbgitpuller link to direct you to the TLJH instance and pull in the content. As @yuvipanda says, the only thing you wouldn’t get there is dynamic environment building.

Also re: implementation, don’t forget we’re an open project, so PRs are welcome :wink:


#6

Ok. I will revisit the nbgitpuller doc. I did not get that working last time I tried.

I do have a PR. But it is only documentation.

I just reviewed the docs. This did not work because it needed the token. Maybe i did it wrong.


#7

From your issue on nbgitpuller I think the hardest part around getting it working in a environment where you need auth to be able to git clone is getting that auth sorted out and in my experience that is also quite dependent on how exactly auth is handled in that particular setup.

My guess would be that you need to take the token obtained from the GitHub enterprise login process and pass it into the environment in which the user’s server is running and then teach nbgitpuller/git to use it from an environment variable. For the git credential from env acrobatics I’d start from https://github.com/jupyter/repo2docker/issues/388 and try and understand what ways git has to get credentials from env variables and such. (I don’t actually fully understand this off the top of my head)


#8

@betatim @choldgraf
In my case, there is no user/password for GHE. It serves as my OAuth and is protected by an external SSO mechanism. That means that the nbigtpuller link does not work “out of the box”.

But, the nbgitpuller link works fine if

  1. the user first generates a GHE token
  2. Performs a git clone in terminal using that token
  3. The uses an nbgitpuller link

It does not work quite like binder if

  1. The user has not ever been on the TLJH site, and
  2. Has not generated a token, and
  3. Has not used it.

At least from the experimentation i just did. That said, it works like magic if the preconditions have been met. I sure wish that I knew how to hook into the process so that the user who clicks my link, even though he has not yet used my TLJH, just magically gets this all to happen. :smile:


#9

What is the exact command a user types into their terminal when they clone the repo witha token?

Try and inspect the remotes of the git repository that is created when you first check it out as a user with a GHE token. I think the token will be part of the URL of the remote. The second time around when nbgitpuller runs it uses the URL of the remote which now has the token baked into it.

I think if you do the right jiggery-pokery with git credential helper that the issue I linked to talks about you can make it so that even the first time nbgitpuller runs it gets a token from an environment variable.


#10

This is the command format used when cloning in terminal:

git clone https://user:token@example.com/org/repo