Last active
October 23, 2019 14:08
-
-
Save rok/909b6bb57b856ac1e5e8f1f123286e92 to your computer and use it in GitHub Desktop.
Add water for Jupyterhub
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# To run: | |
# aws cloudformation create-stack \ | |
# --template-body file://jh.yml \ | |
# --profile <YOUR_USER_PROFILE> \ | |
# --stack-name jupyterhub \ | |
# --parameters ParameterKey=KeyName,ParameterValue=<YOUR_KEYPAIR_NAME> \ | |
# ParameterKey=InstanceType,ParameterValue=t2.micro | |
Parameters: | |
KeyName: | |
Type: "AWS::EC2::KeyPair::KeyName" | |
Description: Amazon EC2 Key Pair | |
InstanceType: | |
Type: String | |
Default: t2.micro | |
Description: Enter t2.micro, m1.small, or m1.large, etc. | |
Resources: | |
VPC: | |
Type: AWS::EC2::VPC | |
Properties: | |
CidrBlock: 10.1.0.0/16 | |
Tags: | |
- Key: Application | |
Value: !Ref AWS::StackId | |
- Key: Network | |
Value: Public | |
PublicSubnet: | |
Type: AWS::EC2::Subnet | |
Properties: | |
VpcId: !Ref VPC | |
MapPublicIpOnLaunch: true | |
CidrBlock: 10.1.0.0/16 | |
Tags: | |
- Key: Application | |
Value: !Ref AWS::StackId | |
- Key: Network | |
Value: Public | |
DependsOn: VPC | |
InstanceSecurityGroup: | |
Type: AWS::EC2::SecurityGroup | |
Properties: | |
GroupDescription: Enable SSH access via port 22 and HTTPS via 443 | |
VpcId: !Ref VPC | |
SecurityGroupIngress: | |
- IpProtocol: tcp | |
FromPort: 22 | |
ToPort: 22 | |
CidrIp: 0.0.0.0/0 | |
- IpProtocol: tcp | |
FromPort: 443 | |
ToPort: 443 | |
CidrIp: 0.0.0.0/0 | |
InternetGateway: | |
Type: AWS::EC2::InternetGateway | |
Properties: | |
Tags: | |
- Key: Application | |
Value: !Ref AWS::StackId | |
- Key: Network | |
Value: Public | |
GatewayToInternet: | |
Type: AWS::EC2::VPCGatewayAttachment | |
Properties: | |
VpcId: !Ref VPC | |
InternetGatewayId: !Ref InternetGateway | |
PublicRouteTable: | |
Type: AWS::EC2::RouteTable | |
Properties: | |
VpcId: !Ref VPC | |
Tags: | |
- Key: Application | |
Value: !Ref AWS::StackId | |
- Key: Network | |
Value: Public | |
PublicRoute: | |
Type: AWS::EC2::Route | |
DependsOn: GatewayToInternet | |
Properties: | |
RouteTableId: !Ref PublicRouteTable | |
DestinationCidrBlock: 0.0.0.0/0 | |
GatewayId: !Ref InternetGateway | |
PublicSubnetRouteTableAssociation: | |
Type: AWS::EC2::SubnetRouteTableAssociation | |
Properties: | |
SubnetId: !Ref PublicSubnet | |
RouteTableId: !Ref PublicRouteTable | |
EC2Instance: | |
Type: AWS::EC2::Instance | |
Metadata: | |
AWS::CloudFormation::Init: | |
configSets: | |
default: | |
- create-files | |
- run-commands | |
create-files: | |
files: | |
/etc/supervisor/conf.d/jupyterhub.conf: | |
content: | | |
# /etc/supervisor/conf.d/jupyterhub.conf | |
[program:jupyterhub] | |
command=bash launch.sh | |
directory=/srv/jupyterhub | |
autostart=true | |
autorestart=true | |
startretries=3 | |
exitcode=0,2 | |
stopsignal=TERM | |
redirect_stderr=true | |
stdout_logfile=/var/log/jupyterhub.log | |
stdout_logfile_maxbytes=1MB | |
stdout_logfile_backups=10 | |
user=root | |
/srv/jupyterhub/launch.sh: | |
content: | | |
#!/usr/bin/env bashpen | |
# /srv/jupyterhub/launch.sh | |
source /srv/jupyterhub/env/jupyterhub/bin/activate | |
set -e | |
exec jupyterhub -f ./jupyterhub_config.py $@ | |
/srv/jupyterhub/jupyterhub_config.py: | |
content: | | |
# /srv/jupyterhub/jupyterhub_config.py | |
import os | |
pjoin = os.path.join | |
c = get_config() | |
runtime_dir = os.path.join('/srv/jupyterhub') | |
ssl_dir = pjoin(runtime_dir, 'ssl') | |
c.JupyterHub.ip = '0.0.0.0' | |
c.JupyterHub.port = 443 | |
c.JupyterHub.ssl_key = pjoin(ssl_dir, 'ssl.key') | |
c.JupyterHub.ssl_cert = pjoin(ssl_dir, 'ssl.cert') | |
c.JupyterHub.cookie_secret_file = pjoin(runtime_dir, 'jupyterhub_cookie_secret') | |
c.JupyterHub.db_url = pjoin(runtime_dir, 'jupyterhub.sqlite') | |
c.Authenticator.admin_users = {'ubuntu'} | |
c.LocalAuthenticator.create_system_users = True | |
c.JupyterHub.admin_access = True | |
run-commands: | |
commands: | |
'1': | |
command: echo $(hostname -I | cut -d\ -f1) $(hostname) | sudo tee -a /etc/hosts | |
'2': | |
command: | | |
sudo DEBIAN_FRONTEND=noninteractive apt -y \ | |
-o Dpkg::Options::="--force-confdef" \ | |
-o Dpkg::Options::="--force-confold" upgrade | |
'3': | |
command: sudo apt -y install supervisor npm nodejs-legacy python3-pip | |
'4': | |
command: mkdir /srv/jupyterhub/ssl | |
'5': | |
command: | | |
sudo openssl req -newkey rsa:2048 -nodes -x509 \ | |
-keyout /srv/jupyterhub/ssl/ssl.key \ | |
-out /srv/jupyterhub/ssl/ssl.cert \ | |
-subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" | |
'6': | |
command: sudo npm install -g configurable-http-proxy | |
'7': | |
command: sudo -H pip3 install --system notebook jupyterhub | |
'8': | |
command: sudo setcap 'cap_net_bind_service=+ep' $(readlink -f $(which node)) | |
'9': | |
command: sudo supervisorctl start jupyterhub | |
Properties: | |
UserData: | |
Fn::Base64: !Sub | | |
#!bin/bash -xe | |
sudo apt-get update | |
sudo apt -y install python-setuptools | |
sudo easy_install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz | |
sudo /usr/local/bin/cfn-init -v --stack ${AWS::StackId} --resource EC2Instance --region ${AWS::Region} | |
sudo /usr/local/bin/cfn-signal -e $? --stack ${AWS::StackId} --resource EC2Instance --region ${AWS::Region} | |
ImageId: ami-785db401 | |
InstanceType: !Ref InstanceType | |
KeyName: !Ref KeyName | |
SubnetId: !Ref PublicSubnet | |
SecurityGroupIds: | |
- !Ref InstanceSecurityGroup | |
BlockDeviceMappings: | |
- DeviceName: /dev/sda1 | |
Ebs: | |
VolumeSize: 200 | |
Tags: | |
- Key: Name | |
Value: !Ref AWS::StackName | |
DependsOn: | |
- PublicSubnet | |
- InstanceSecurityGroup |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment