the-littlest-jupyterhub icon indicating copy to clipboard operation
the-littlest-jupyterhub copied to clipboard

Published 20 hours ago verified publisher icon jupyterhub

"What does the installer do?" is not an obvious place to find uninstall instructions

Open nbastin opened this issue 4 years ago • 3 comments

If your install goes pear-shaped (see #575), you have to clean up what has been done but it's not obvious how to figure this out. At the very least it would be nice if there was a doc page that was titled in a way that made it likely you would find it, although it would also be very nice if the installer recorded a journal of installed paths and record external actions where that isn't possible (the process is terribly opaque right now, I'm not sure I could really trust the resulting installation anyhow from an audit standpoint).

nbastin avatar May 19 '20 17:05 nbastin

Thanks for the feedback! I'm not sure how much you know about JupyterHub- TLJH is intended to be an all-in-one easy to install distribution of JupyterHub.

Can you describe your auditing requirements? It may be that you're better off installing JupyterHub manually (e.g. pip install ... and create a configuration file), or use other deployment methods developed by the community (e.g. Ansible roles).

manics avatar May 19 '20 17:05 manics

We have what seemed like the basic requirements - <100 users, so I thought I'd give TLJH a try (we've previously installed JH manually, but our installations are pretty crufty at this point so I'm trying to bring us up to something more modern).

From an auditing standpoint it's problematic that I don't know what packages it installs or where it gets anything from. We can of course monitor it during the install and capture the filesystem diffs afterwards, but right now the documentation is very opaque as to what is going to happen and the installer is then very opaque about what actually happened. Minimally for security reasons we have to report packages and software installs so that upgrades/mitigation can be managed site-wide when vulnerabilities are discovered.

nbastin avatar May 20 '20 20:05 nbastin

Avoid TLJH at all cost, this repo is inactive, a lot of questions remain unanswered.

Have a look at my comment here and you can build it from ground up to completely have control over it. I guess this is the one that you said it is "crufty" but from what I have so far this is the best. The tutorials have errors too but they fix them some time.

nguyenvulong avatar Nov 27 '20 05:11 nguyenvulong