Woohoo! Super excited to try this out - perfectly matches our usage case Sent from my iPhone
> On Oct 15, 2016, at 8:16 AM, Kyle Kelley <rgb...@gmail.com> wrote: > > That's awesome Yuvi. Love seeing the embrace of systemd. > >> On Tuesday, October 11, 2016, Yuvi Panda <yuvipa...@gmail.com> wrote: >> Hello! >> >> I'm proud to announce the initial release of a Systemd Spawner for >> JupyterHub. You can install it from PyPI as >> `jupyterhub-systemdspawner`, and read the documentation at >> https://github.com/jupyterhub/systemdspawner >> >> If you want to use Linux Containers (Docker, rkt, etc) for isolation and >> security benefits, but don't want the headache and complexity of >> container image management, then you should use the SystemdSpawner. >> It uses Systemd (https://www.freedesktop.org/wiki/Software/systemd/), a linux >> init system that is used by most modern Linux distros, to provide >> these features. >> >> With the **systemdspawner**, you get to use the familiar, traditional system >> administration tools, whether you love or meh them, without having to learn >> an >> extra layer of container related tooling. >> >> The following features are currently available: >> >> 1. Limit maximum memory permitted to each user. >> >> If they request more memory than this, it will not be granted (`malloc` >> will fail, which will manifest in different ways depending on the >> programming language you are using). >> >> 2. Limit maximum CPU available to each user. >> >> 3. Provide fair scheduling to users independent of the number of processes >> they >> are running. >> >> For example, if User A is running 100 CPU hogging processes, it will >> usually >> mean User B's 2 CPU hogging processes will never get enough CPU >> time as scheduling >> is traditionally per-process. With Systemd Spawner, both these >> users' processes >> will as a whole get the same amount of CPU time, regardless of >> number of processes >> being run. Good news if you are User B. >> >> 4. Accurate accounting of memory and CPU usage (via cgroups, which >> systemd uses internally). >> >> You can check this out with `systemd-cgtop`. >> >> 5. `/tmp` isolation. >> >> Each user gets their own `/tmp`, to prevent accidental information >> leakage. >> >> 6. Spawn notebook servers as specific local users on the system. >> >> This can replace the need for using SudoSpawner. >> >> 7. Restrict users from being able to sudo to root (or as other users) >> from within the >> notebook. >> >> This is an additional security measure to make sure that a compromise of >> a jupyterhub notebook instance doesn't allow root access. >> >> 8. Restrict what paths users can write to. >> >> This allows making `/` read only and only granting write privileges to >> specific paths, for additional security. >> >> 9. Automatically collect logs from each individual user notebook into >> `journald`, which also handles log rotation. >> >> You can find more information at >> https://github.com/jupyterhub/systemdspawner/blob/master/README.md. >> >> I'm currently working on deploying this at both UC Berkeley and at >> Wikimedia, and will release a 1.0 version once they have been running >> in production for a while without issues. Feature requests / Issues >> welcome! I'm also available on the JupyterHub Gitter >> (https://gitter.im/jupyterhub/jupyterhub) to answer questions too! >> >> Thanks a lot to @willingc, @aculich & @ryanlovett for their helping >> make this release happen! <3 >> >> -- >> Yuvi Panda T >> http://yuvi.in/blog >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Project Jupyter" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to jupyter+unsubscr...@googlegroups.com. >> To post to this group, send email to firstname.lastname@example.org. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/jupyter/CAFw%3DyShZbDZMd7PW9JKvo-nYgCfPkLLzK%2BshazkNXp6CMUKqbg%40mail.gmail.com. >> For more options, visit https://groups.google.com/d/optout. > > > -- > Kyle Kelley (@rgbkrk; lambdaops.com) > > -- > You received this message because you are subscribed to the Google Groups > "Project Jupyter" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to jupyter+unsubscr...@googlegroups.com. > To post to this group, send email to email@example.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jupyter/CA%2BtbMaXSpqsZB9tL6x8caKzpZQGXJj79pKALwiNCRwEDV-n7Cg%40mail.gmail.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Project Jupyter" group. To unsubscribe from this group and stop receiving emails from it, send an email to jupyter+unsubscr...@googlegroups.com. To post to this group, send email to firstname.lastname@example.org. To view this discussion on the web visit https://groups.google.com/d/msgid/jupyter/B781A7A7-689E-41CB-ACCD-0923B3EE16A1%40gmail.com. For more options, visit https://groups.google.com/d/optout.