Woohoo! Super excited to try this out - perfectly matches our usage case Sent from my iPhone
> On Oct 15, 2016, at 8:16 AM, Kyle Kelley <[email protected]> wrote: > > That's awesome Yuvi. Love seeing the embrace of systemd. > >> On Tuesday, October 11, 2016, Yuvi Panda <[email protected]> wrote: >> Hello! >> >> I'm proud to announce the initial release of a Systemd Spawner for >> JupyterHub. You can install it from PyPI as >> `jupyterhub-systemdspawner`, and read the documentation at >> https://github.com/jupyterhub/systemdspawner >> >> If you want to use Linux Containers (Docker, rkt, etc) for isolation and >> security benefits, but don't want the headache and complexity of >> container image management, then you should use the SystemdSpawner. >> It uses Systemd (https://www.freedesktop.org/wiki/Software/systemd/), a linux >> init system that is used by most modern Linux distros, to provide >> these features. >> >> With the **systemdspawner**, you get to use the familiar, traditional system >> administration tools, whether you love or meh them, without having to learn >> an >> extra layer of container related tooling. >> >> The following features are currently available: >> >> 1. Limit maximum memory permitted to each user. >> >> If they request more memory than this, it will not be granted (`malloc` >> will fail, which will manifest in different ways depending on the >> programming language you are using). >> >> 2. Limit maximum CPU available to each user. >> >> 3. Provide fair scheduling to users independent of the number of processes >> they >> are running. >> >> For example, if User A is running 100 CPU hogging processes, it will >> usually >> mean User B's 2 CPU hogging processes will never get enough CPU >> time as scheduling >> is traditionally per-process. With Systemd Spawner, both these >> users' processes >> will as a whole get the same amount of CPU time, regardless of >> number of processes >> being run. Good news if you are User B. >> >> 4. Accurate accounting of memory and CPU usage (via cgroups, which >> systemd uses internally). >> >> You can check this out with `systemd-cgtop`. >> >> 5. `/tmp` isolation. >> >> Each user gets their own `/tmp`, to prevent accidental information >> leakage. >> >> 6. Spawn notebook servers as specific local users on the system. >> >> This can replace the need for using SudoSpawner. >> >> 7. Restrict users from being able to sudo to root (or as other users) >> from within the >> notebook. >> >> This is an additional security measure to make sure that a compromise of >> a jupyterhub notebook instance doesn't allow root access. >> >> 8. Restrict what paths users can write to. >> >> This allows making `/` read only and only granting write privileges to >> specific paths, for additional security. >> >> 9. Automatically collect logs from each individual user notebook into >> `journald`, which also handles log rotation. >> >> You can find more information at >> https://github.com/jupyterhub/systemdspawner/blob/master/README.md. >> >> I'm currently working on deploying this at both UC Berkeley and at >> Wikimedia, and will release a 1.0 version once they have been running >> in production for a while without issues. Feature requests / Issues >> welcome! I'm also available on the JupyterHub Gitter >> (https://gitter.im/jupyterhub/jupyterhub) to answer questions too! >> >> Thanks a lot to @willingc, @aculich & @ryanlovett for their helping >> make this release happen! <3 >> >> -- >> Yuvi Panda T >> http://yuvi.in/blog >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Project Jupyter" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/jupyter/CAFw%3DyShZbDZMd7PW9JKvo-nYgCfPkLLzK%2BshazkNXp6CMUKqbg%40mail.gmail.com. >> For more options, visit https://groups.google.com/d/optout. > > > -- > Kyle Kelley (@rgbkrk; lambdaops.com) > > -- > You received this message because you are subscribed to the Google Groups > "Project Jupyter" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jupyter/CA%2BtbMaXSpqsZB9tL6x8caKzpZQGXJj79pKALwiNCRwEDV-n7Cg%40mail.gmail.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Project Jupyter" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jupyter/B781A7A7-689E-41CB-ACCD-0923B3EE16A1%40gmail.com. For more options, visit https://groups.google.com/d/optout.
