-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🐛 [BUG]: jupyterlab server fails to spawn due to read-only volume mount #392
Comments
@ChaamC @Nazim-crim |
I am guessing birdhouse-deploy/birdhouse/env.local.example Lines 352 to 400 in 2b9f31e
This sample config was our poor-man sharing solution between Jupyter users before Cowbird exists so maybe Cowbird can replace that? So maybe we do not have to enable that sharing solution together with Cowbird so they won't clash with each other? If we need to keep both sharing mechanism and if they actually clash with each other, I think it would be better for Cowbird to bind to Just curious about the Cowbird sharing workflow. Currently, with the poor-man sharing solution, everyone sees the public share of everyone, not configurable by each user. With Cowbird, I assume each user will decide to which users specifically they want to share. So how do they "enable" this "a la carte" sharing? Via Magpie? |
@fmigneault, the spawning error in DAC-584 - Error spawning jupyter notebook images is related to the mount of the |
We would need to adjust the sample config when using Cowbird. The general structure for WPS outputs is as follows:
Cowbird understands that WPS-output structure and aligns permissions on the All WPS outputs volumes are purposely mounted with |
@mishaschwartz @tlvu Were you able to reproduce this bug? The default config on cowbird already uses a nested directory and I didn't have the error you mentioned. |
@Nazim-crim I have not tried to reproduce. Are you saying @mishaschwartz and you end up with different result when trying to reproduce this? This is odd ! Maybe I should try to reproduce myself. Since I have your attention, how does this workflow work "With Cowbird, I assume each user will decide to which users specifically they want to share. So how do they "enable" this "a la carte" sharing? Via Magpie?" |
@fmigneault is this inside each jupyter container? This is new to me. Previously, I understood any new mounts inside jupyter containers should be under If a new mount is at |
@tlvu |
@fmigneault then I am more confused by your comment #392 (comment) Where does
|
To reproduce the issue:
|
@tlvu The logic was added to handle these combinations for backward compatibility of the existing WPS outputs data structure that assumed a lot of items were fully open. |
FYI, I was able to reproduce this problem as well, while trying to test #415. However, I think it was fixed by #401 because when I set @mishaschwartz I let you close this issue to confirm weather the fix is fully working. This allows the Jupyterlab server to start. However I have not confirmed this variable to fully respected by Cowbird and/or Weaver and whether they can function properly with this variable changed from its Now that the Jupyterlab can start, I am faced with another problem: all the data from all my existing users under |
|
@fmigneault @Nazim-crim @ChaamC Not sure if you guys notice my question above since comment #392 (comment) |
For Cowbird, it is harder to tell easily if For Weaver, you should see the birdhouse-deploy/birdhouse/components/weaver/config/magpie/weaver_hooks.py.template Line 61 in 13645f3
You can see this Job URL in the last cell output from: |
The A user-protected wps-output should have a form similar to: Using Using the same structure as defined here: #392 (comment) (need to create child resources for the user-specific structure that is desired), you can set individual user/group permissions to each specific sub-dir/file. When user/group permissions are created in Magpie, this will trigger Webhooks, ie:
Cowbird will receive these Webhooks to perform various operations, such as creating handlinks to make corresponding files "visible" by users. The tricky aspect of all this is that the files that you see in the user-workspace do not themselves get attributed Magpie permissions. There is no Magpie "user-workspace" service. Instead, files placed in the workspace are mapped to corresponding services where they originate from. Therefore, for WPS-outputs, that are accessed via the The "mapping" of service-specific permissions to corresponding user-workspaces contents depends on birdhouse-deploy/birdhouse/components/cowbird/config/cowbird/config.yml.template Lines 43 to 91 in 13645f3
And the Currently, users cannot themselves set permissions for their user-workspace files unless they have Magpie admin privileges. |
Discussion continues here: |
## Overview The recommended public share folders in the `env.local.example` file create a conflict with the default `PUBLIC_WORKSPACE_WPS_OUTPUTS_SUBDIR` path when both are enabled and mounted on a Jupyterlab container. This change updates the recommended paths for the public share folders to avoid this conflict and adds a warning helping users to avoid this conflict. Note: the conflict arises when `PUBLIC_WORKSPACE_WPS_OUTPUTS_SUBDIR` is mounted to a container as read-only volume and then Jupyterhub tries to mount the public share folder within that volume. Since the parent volume is read-only, the second volume mount fails. ## Changes **Non-breaking changes** None, documentation only **Breaking changes** None ## Related Issue / Discussion - Resolves #392 ## Additional Information Links to other issues or sources. ## CI Operations <!-- The test suite can be run using a different DACCS config with ``birdhouse_daccs_configs_branch: branch_name`` in the PR description. To globally skip the test suite regardless of the commit message use ``birdhouse_skip_ci`` set to ``true`` in the PR description. Using ``[<cmd>]`` (with the brackets) where ``<cmd> = skip ci`` in the commit message will override ``birdhouse_skip_ci`` from the PR description. Such commit command can be used to override the PR description behavior for a specific commit update. However, a commit message cannot 'force run' a PR which the description turns off the CI. To run the CI, the PR should instead be updated with a ``true`` value, and a running message can be posted in following PR comments to trigger tests once again. --> birdhouse_daccs_configs_branch: master birdhouse_skip_ci: false
Summary
The jupyterlab server fails spawn when cowbird settings are enabled that mount the
public/wps_outputs
directory.Details
A new jupyterlab container will try to mount to the
/notebook_dir/public/wps_outputs
directory in the jupyterlab container. Docker complains that it cannot mount to that location.Possibly because it is a read-only bind-mount and the mount location is a nested directory that does not exist on the container (ie. it needs to create
/notebook_dir/public
before it creates/notebook_dir/public/wps_outputs
and it may be creating/notebook_dir/public
as read-only as well).Traceback (in jupyterhub container):
docker version: Docker version 24.0.2, build cb74dfc
Note that this problem goes away if we set the
PUBLIC_WORKSPACE_WPS_OUTPUTS_SUBDIR
variable to a non-nested directory:To Reproduce
Steps to reproduce the behavior:
docker logs -f jupyterhub
Environment
Concerned Organizations
The text was updated successfully, but these errors were encountered: