Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possibility to add groups (such as --group-add) when using NB_USER, NB_UID, NB_GID parameters #2137

Closed
tom725 opened this issue Aug 21, 2024 · 5 comments
Closed

Possibility to add groups (such as --group-add) when using NB_USER, NB_UID, NB_GID parameters #2137

tom725 opened this issue Aug 21, 2024 · 5 comments
Labels
type:Enhancement A proposed enhancement to the docker images

Comments

@tom725
Copy link

tom725 commented Aug 21, 2024
edited
Loading

What docker image(s) is this feature applicable to?

base-notebook

What change(s) are you proposing?

Hello !
I hope this is the right place for this message

I'm running a jupyter docker with parameters NB_USER, NB_UID, NB_GID which is very usefull.

I would like to add a group to the user in the running container, however the docker run option "--group-add" does not work in this context.

Unless I misunderstood something, I would suggest to modify the "starts.sh" script so that multiple groups can be added to the current user. I don't know exactly how to modify this script but it would imply adding a new user parameter.

How does this affect the user?

This feature will give the possibility to add multiple groups to the user

Anything else?

No response
@tom725 tom725 added the type:Enhancement A proposed enhancement to the docker images label Aug 21, 2024
@mathbunnyru
Copy link
Member

We have startup hooks, where you can run anything inside the container, does this help?

https://jupyter-docker-stacks.readthedocs.io/en/latest/using/common.html#startup-hooks

@tom725
Copy link
Author

tom725 commented Aug 22, 2024

Ho yes it works perfectly thank you !

Here is an example of adding the "docker" group to the user. I do this to be able to run docker inside docker:

To add a script in the before-notebook.d/ directory that adds the docker group to the user ${NB_USER}, you can follow the steps below:

1. Create a Custom Dockerfile

This Dockerfile will add your script to the before-notebook.d/ directory and ensure it runs before the Jupyter Notebook starts.

# Use the official Jupyter Notebook base image
FROM jupyter/base-notebook:latest

# Copy hook script that adds the docker group to the NB_USER
USER root
COPY add-docker-group.sh /usr/local/bin/before-notebook.d/add-docker-group.sh

# Ensure the script is executable
RUN chmod +x /usr/local/bin/before-notebook.d/add-docker-group.sh

2. Create the add-docker-group.sh Script

The add-docker-group.sh script will add the docker group to the user ${NB_USER}. Here’s how you can write it:

#!/bin/bash

# Check if the docker group exists, if not create it
if ! getent group docker > /dev/null 2>&1; then
    groupadd -g 999 docker
fi

# Add the ${NB_USER} to the docker group
usermod -aG docker ${NB_USER}

echo "Added ${NB_USER} to the docker group."

Explanation

  • before-notebook.d/: This directory is for scripts that need to run before the Jupyter Notebook server starts. Your script adds the docker group (if it doesn't exist) and ensures the user ${NB_USER} is part of that group.
  • ${NB_USER}: This environment variable holds the name of the Jupyter user, typically jovyan in official Jupyter Docker images.

This setup ensures that the docker group is correctly configured for the Jupyter Notebook user every time the container starts.

@mathbunnyru
Copy link
Member

I’m glad our startup hooks worked for you. I don’t think your use case should be implemented as part of start.sh, because there is already a nice way to do the thing you want to do.
So, I’m closing this issue.
At the same time, if you want to contribute your experience as a custom recipe in the documentation, I think it would be nice - but it’s completely up to you if you want to do it or not.

@tom725
Copy link
Author

tom725 commented Aug 23, 2024

Yes thank you for pointing out the startup hooks solution ! I'll try to contribute to custom recipes !

@benz0li
Copy link
Contributor

benz0li commented Sep 10, 2024

@tom725 With b-data's/my JupyterLab docker stacks1, I prefer using a docker:dind container.

.env:

NB_USER=benz0li

docker-compose.yml:

name: jupyter

services:
  docker:
    image: docker:dind
    hostname: docker
    restart: always
    networks:
      - jupyter
    volumes:
      - docker-certs:/var/tmp/docker/certs
      - docker-data:/var/lib/docker
      - ./home:/home
    environment:
      - HOME=/home/${NB_USER}
      - DOCKER_TLS_CERTDIR=/var/tmp/docker/certs
    privileged: true

  jupyterlab:
    image: glcr.b-data.ch/jupyterlab/python/scipy:latest-docker
    restart: always
    ports:
      - "127.0.0.1:8888:8888"
    networks:
      - jupyter
    volumes:
      - docker-certs:/var/tmp/docker/certs
      - ./home:/home
    environment:
      - DOCKER_HOST=tcp://docker:2376
      - DOCKER_CERT_PATH=/var/tmp/docker/certs/client
      - DOCKER_TLS_VERIFY=1
      - NB_USER=${NB_USER}
      - NOTEBOOK_ARGS=--LabApp.token=''
    user: root

networks:
  jupyter:
    external: true

volumes:
  docker-certs:
  docker-data:

Then, execute

docker network create jupyter
docker compose up -d

and access on http://127.0.0.1:8888.

Footnotes

  1. subtag docker: includes docker-ce-cli, docker-buildx-plugin, docker-compose-plugin and docker-scan-plugin (amd64 only)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type:Enhancement A proposed enhancement to the docker images
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tom725 @mathbunnyru @benz0li