main.yml 1.38 KB
Newer Older
Jocelyn Delalande's avatar
Jocelyn Delalande committed
1
- name: install apt dependencies
2
  apt: pkg={{ item }} update_cache=yes cache_valid_time=1800
Jocelyn Delalande's avatar
Jocelyn Delalande committed
3 4 5
  with_items:
    - npm
    - nodejs-legacy
6 7
    - virtualenv
    - python3-dev
Jocelyn Delalande's avatar
Jocelyn Delalande committed
8 9

- name: create dedicated user
10 11 12
  user:
    name: jupyterhub
    home: /opt/jupyterhub
Jocelyn Delalande's avatar
Jocelyn Delalande committed
13

14 15 16 17 18 19 20 21 22 23 24 25 26
- name: ensure jupyterhub-users group exists
  group:
    name: jupyterhub-users
    state: present

- name: install pip dependencies
  pip:
    name: "{{ item }}"
    virtualenv: /opt/jupyterhub/venv
    virtualenv_python: python3
  with_items:
    - jupyterhub
    - sudospawner
Jocelyn Delalande's avatar
Jocelyn Delalande committed
27 28 29
  become: jupyterhub
  notify: restart jupyterhub

30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49
- name: Install npm deps
  npm:
    name: configurable-http-proxy
    global: yes

- name: Authorize jupyterhub to spawn notebooks for jupyterhub-users members
  copy:
    content: "jupyterhub ALL = (%jupyterhub-users) NOPASSWD: /opt/jupyterhub/venv/bin/sudospawner\n"
    dest: /etc/sudoers.d/50-jupyterhub
    mode: 0440
    validate: visudo -cf %s

# Adding jupyterhub to shadow group would not be the right thing, as it gives
# too much power.
- name: authorize jupyterhub to do PAM auth
  acl:
    path: /etc/shadow
    entry: "user:jupyterhub:r"
    state: present

Jocelyn Delalande's avatar
Jocelyn Delalande committed
50 51 52 53
- name: systemd script is in place
  template:
    src: jupyterhub.service.j2
    dest: /etc/systemd/system/jupyterhub.service
54 55 56 57 58 59
  notify:
    - restart jupyterhub
    - reload systemd

- name: jupyterhub is started
  service: name=jupyterhub state=started