Share data between JupyterHub users with Manila shares¶
In the standard deployment of JupyterHub on top of Kubernetes on Jetstream 2, each user has access to their own home folder, but there is no built-in way to share data between users.
One option is to install a NFS server as a service in Kubernetes. However, Jetstream offers a managed service, named Manila, that offers the sharing capability out-of-the-box.
Therefore we can lower the maintenance burden by creating a shared volume inside Manila and then mount it on any Kubernetes or JupyterHub pod, so that users can access shared data read-only or read-write.
Create a Share in Manila¶
Create a share in Horizon following the instructions in the Jetstream documentation:
- for access to choose “$USER-manila-share”
- note down “Path” and “Access Key”
Test in a Pod¶
First we want to test the connection with a pod, which is also useful to perform administrative tasks on the volume.
You can find all the necessary files in this Github repository.
Copy the access key into
ceph-secret.yml, then create the secret with:
kubectl create -f ceph-secret.yml
Then split the “Path” string you copied from Horizon into the different servers and the path and copy them to
kubectl create -f ceph-pod.yml
Access the shared volume with:
kubectl exec --stdin -n jhub --tty ceph -- /bin/bash cd /mnt/cephfs
This container executes as
root, so you should have write access to the share, instead, the JupyterHub users use the
jovyan user, so we need to create a folder owned by
jovyan to give them write access, all other folders will be read-only:
mkdir readonly mkdir readwrite chown 1000:100 readwrite
so we should have:
root@cephfs-pod:/mnt/cephfs# ls -la total 6 drwxr-xr-x 4 119 126 0 Dec 1 00:48 . drwxr-xr-x 1 root root 4096 Nov 30 23:50 .. drwxr-xr-x 2 root root 0 Dec 1 00:04 readonly drwxr-xr-x 2 1000 users 0 Dec 1 00:07 readwrite
We can finally configure JupyterHub to mount this volume, if you have followed the JupyterHub deployment tutorial, you should have your
install_jhub.sh script, edit it to also add an additional configuration file:
RELEASE=jhub NAMESPACE=jhub helm upgrade --install $RELEASE jupyterhub/jupyterhub \ --namespace $NAMESPACE \ --create-namespace \ --version 1.2.0 \ --debug \ --values config_standard_storage.yaml --values secrets.yaml \ --values manila/jupyterhub_manila.yaml
manila/jupyterhub_manila.yaml contains the same configuration of
ceph-pod.yml, so you can copy-paste from there.
Now you should be able to access the shared folders from a JupyterHub single user session:
jovyan@jupyter-zonca:~$ cd /share jovyan@jupyter-zonca:/share$ ls -lah total 5.5K drwxr-xr-x 4 119 126 0 Dec 1 00:48 . drwxr-xr-x 1 root root 4.0K Nov 30 23:48 .. drwxr-xr-x 2 root root 0 Dec 1 00:04 readonly drwxr-xr-x 2 jovyan users 0 Dec 1 00:07 readwrite jovyan@jupyter-zonca:/share$ touch readwrite/myfile jovyan@jupyter-zonca:/share$ touch readonly/myfile touch: cannot touch 'readonly/myfile': Permission denied