cylc web architecture

10 Members
architecture supporting the new Cylc web GUI1 Servers

Load older messages

Timestamp Message
25 Feb 2019
00:07:29@martinryan:matrix.orgmartinmy new one is from my days as a mountie in Alaska 🙂
04:35:03@sadielbartholomew:matrix.orgSadie Bartholomew
In reply to @martinryan:matrix.org
my new one is from my days as a mountie in Alaska 🙂
Very nice! Admittedly I had to look up what a mountie is, but it sounds cool. I should get a profile pic up but I can't promise anything interesting like this or Bruno's fake glasses/mustache one etc.
07:35:16@kinow:matrix.orgBruno P. Kinoshita🕵
26 Feb 2019
03:28:21@kinow:matrix.orgBruno P. Kinoshita

NB: there is no more spawner in cylc-jupyterhub. And now it uses setup.py. It exposes its main method as a script called cylc-singleuser. That script can be executed by itself. The configuration file for the hub was updated to use the vanilla LocalProcessSpawner by default, with the extra arguments for the cylc-singleuser.

In the end, the spawner simply calls something like: cylc-singleuser --port=12345 -s ../cylc-web/dist.

The port is a random port outside of the admin range.

The -s is for static content. Before I was copying the static content from cylc-web, but that's not really practical. So now I will work on cylc-web to have faster generation of index.html plus JS/CSS/etc (it takes ~20 seconds now to produce these files for production, we need a simpler version good enough for development).

This way one should be able to work on the cylc-jupyterhub and/or cylc-web independently. 👍

(that ends up being quite similar to how node.js, PHP, Java projects look like when you have a frontend in angular/vue/etc and a backend in express/symfony,laravel/spring-boot,etc)

03:56:31@revilo666:matrix.orgHilary Oliver👍
1 Mar 2019
02:47:05@martinryan:matrix.orgmartin changed their profile picture.
20:16:11@kinow:matrix.orgBruno P. Kinoshita

FYI Tornado 6 was released on 1st March: https://www.tornadoweb.org/en/stable/releases/v6.0.0.html

Backwards-incompatible changes

Python 2.7 and 3.4 are no longer supported; the minimum supported Python version is 3.5.2.
APIs deprecated in Tornado 5.1 have been removed. This includes the tornado.stack_context module and most callback arguments throughout the package. All >removed APIs emitted DeprecationWarning when used in Tornado 5.1, so running your application with the -Wd Python command-line flag or the environment >variable PYTHONWARNINGS=d should tell you whether your application is ready to move to Tornado 6.0.
.WebSocketHandler.get is now a coroutine and must be called accordingly in any subclasses that override this method (but note that overriding get is not >recommended; either prepare or open should be used instead).

20:39:05@dwsutherland:matrix.orgDavid SutherlandBruno P. Kinoshita: 👏 oh nice, I’ll read up
4 Mar 2019
22:51:39@sadielbartholomew:matrix.orgSadie Bartholomew Me too (reading up). Thanks Bruno P. Kinoshita , good idea to keep on top of the new technologies so we don't risk ending up with a Cylc 8 that is already partly outdated 👍
13 Mar 2019
04:37:56@martinryan:matrix.orgmartin changed their profile picture.
18 Mar 2019
09:52:55@martinryan:matrix.orgmartin Spawner Options Form - part way down https://universe-docs.readthedocs.io/en/latest/spawners.html
09:53:30@kinow:matrix.orgBruno P. KinoshitaOh, that option form looks nice/useful
09:58:27@kinow:matrix.orgBruno P. KinoshitaAnd the Services - https://jupyterhub.readthedocs.io/en/stable/reference/services.html
09:59:35@martinryan:matrix.orgmartinvery interesting
10:31:31@revilo666:matrix.orgHilary OliverYeah, that could be super useful.
10:37:10@kinow:matrix.orgBruno P. KinoshitaI thought it would be simpler, and this kind of self-service, where the user decides to share with whoever he wants would be enough. But if we will need a central service running alongside the hub, accessed by admins, then we could start implementing that. I think that's the item "Fine-grained Authorization" in the gantt chart I think, planned for April. This could be started any time, and done in parallel to the decision of data structure, communication models, etc 👍
10:41:28@dwsutherland:matrix.orgDavid Sutherland👍
10:41:58@revilo666:matrix.orgHilary OliverThat's true, the "site level" authorization could be started already. Example of what we need: site managers might decree that only the "operations" group of users can even look at the six (or whatever) operational UI Servers. If implemented at the hub, then the operational UI servers will not even have to field (and deny) requests from other users.
10:43:08@revilo666:matrix.orgHilary OliverOtherwise, if left up to users to completely control authorization, operations users (for example) could acccidentally expose operational workflows to everyone. This would definitely be seen as a security issue at BOM.
10:43:54@kinow:matrix.orgBruno P. Kinoshita👍
10:43:55@kinow:matrix.orgBruno P. Kinoshita

site managers

JupyterHub is adding roles/groups I believe (they have groups, but IIRC they are improving it for the next releases).

We could use groups, or we could try to make it simpler, and re-use their "admin" flag.

Q: would it be enough in this authorization service to define that the site manager is a user in the hub with the flag "admin" set to true? (i.e. a user in the array of admins of the jupyterhub config)

10:44:00@revilo666:matrix.orgHilary Oliver(However, the UI Servers could read a central site config file, and reject non-operational users ... achieving the same result, but not as cleanly... I think)
10:46:50@revilo666:matrix.orgHilary Oliver

Q: would it be enough in this authorization service to define that the site manager is a user in the hub with the flag "admin" set to true?

Do you mean that the "site manager" in this sense would have to log into the Hub to configure site authorization via the UI? I imagine a config file would be preferred. (But maybe I've misunderstood what you're asking?)

10:48:24@kinow:matrix.orgBruno P. Kinoshita invited @wxtim2:matrix.orgwxtim2.
10:48:25@wxtim2:matrix.orgwxtim2 joined the room.
10:48:52@kinow:matrix.orgBruno P. KinoshitaNo, you are correct, that's what I thought. I think I haven't gotten the whole picture of how that should work.
10:49:13@kinow:matrix.orgBruno P. KinoshitaBut possibly thinking about that in the morning with coffee my brain will do a better job
11:01:21@revilo666:matrix.orgHilary OliverI've probably explained it badly - let's chat about it tomorrow (I'll need coffee too...)
11:07:01@kinow:matrix.orgBruno P. Kinoshita👍
21 Mar 2019
23:59:07@martinryan:matrix.orgmartin changed their profile picture.

There are no newer messages yet.

Back to Room List