Problems spawning single-user-servers (using groups)

JupyterHub
,
1

I have a JupyterHub 4.0 running, and it works fine with “normal” users.
Using dockerspawner those users can spawn and use their own servers.
But when I define a special group of users (that should have additional rights accessing a service), those users cannot spawn single-user-severs any more.
I get an error like this:

jupyterhub                          | [D 2023-11-20 09:56:11.585 JupyterHub dockerspawner:982] Getting container 'jupyter-mytestuser'
jupyterhub                          | [I 2023-11-20 09:56:11.587 JupyterHub dockerspawner:988] Container 'jupyter-mytestuser' is gone
jupyterhub                          | [W 2023-11-20 09:56:11.587 JupyterHub dockerspawner:963] Container not found: jupyter-mytestuser
jupyterhub                          | [W 2023-11-20 09:56:24.873 JupyterHub user:933] instructor2's server never showed up at http://----:8888/user/mytestuser/ after 30 seconds. Giving up.
jupyterhub                          |
jupyterhub                          |     Common causes of this timeout, and debugging tips:

Can someone explain why jupyterhub is trying to start a container for jupyter-mytestuser instead of jupyterhub-user-mytestuser (as it seems to be done for the “normal” users) ?

The only difference to a “normal” user is beeing part of the group test, which is defined in the jupyterhub_config.py like this:

c.JupyterHub.load_roles = roles = [
{
‘name’: ‘mytest_group’,
‘groups’: [‘test’],
‘scopes’: [
‘list:services’,
‘read:services’,
],
},

I want users in this group to be able to do what “normal” users can do, but I do not know how to create a group in the necessary way (without disrupting the usual behavior). Are there any examples (beyond Scopes in JupyterHub — JupyterHub documentation) available somewhere?

2

If you remove the assignment of groups to those “special” users, they can spawn single user servers? Are your “special” users belong to docker group on the host where JupyterHub is running?

Could you post the logs of failing single user containers using docker logs <containerid>?

3

Unfortunately I do not geta any single user container id, and thus do not have any log file.
The special users belong to a group (manage groups in the admin panel) defined on the JupyterHub (not a docker group).
If I remove the mytestuser (no longer part of the group) spawning is still not possible. (I’m quite sure it was possible before …)

4

In your case you can get single user server logs using docker logs jupyter-mytestuser. You can configure docker to log to a file so that you have logs of failed containers too. Check docker docs

1 Like
5

I tried digging deeper into differences between mytestuser and “normal” users.
When starting the single user containers there is a subtle difference

Argument-based access to /hub/api/users/mytestuser/server/progress via read:servers
vs
Unrestricted access to /hub/api/users/user1/server/progress via read:servers

I still do not know why this difference exists, I tried “upgrading” user1 into the same group as mytestuser and this difference still exists. So the grouping might not be the reason for this at all.

6

Can you share your full JupyterHub configuration with us?

7

I found the problem, the permanent home-folder for the mytestuser was owned by root. Changing the owner lead to spawning as usual.