Skip to content

Latest commit

 

History

History
115 lines (70 loc) · 5.07 KB

README.md

File metadata and controls

115 lines (70 loc) · 5.07 KB
Raw

Code-Server-Hub Documentation

EN | 中文

This project is for our lab, to allow users have their own envirement to avoid users installed packages ruin the whole server

Usage

In this page choose a panel to enter. Then click jupyter button to enter the interface.

index

The main difference between RealOS Panel and Container Panel is everyone can use sudo command in container,while RealOS can't. each container are independent, and can be reset at anytime to avoid mess up whole Real OS environment .

Things should be done in Container

  • Most things can be done in the Container. Everyone have the sudo permission to install packages that they need.

Things should be done in Real OS

  • Change password
    • Change password in container is useless because hashed password will be passwd to container before start it each time
    • You have to change your password in Real OS via passwd command or in cockpit account page.
  • port forwarding
    • Because we can't connect listened port from external network.
    • If you want to host services in the container, please check IP of the container with ip addr command first.
    • Then port forwarding port from RealOS to your container by execute this command(Replace 172.22.17.3 by your ip) in Real OS.
    • socat TCP-LISTEN:10080,fork TCP:172.22.17.3:8080
  • run docker
    • Because we can't run docker in docker, so I installed rootless docker at every server.
    • If you need to run docker, just run docker command in RealOS.

Difference

Shell in real OS

RealOS panel shell sudo

Shell in the container

Container panel shell sudo

Login

Whenever this dialog prompt, just login with your linux account

Login

File shareing

By default, /data and /home/{username} this two folder will mounted into the container so that users can share files though this two folder.

Real OS Panel

  • In this panel, all operations are running in the real OS, means all users are share one envirement.
  • If you are not a sudoer, you don't have root privilege.
  • If you login the server via SSH, your envirement are the same envirement as you login at this panel

real os panel

Start Server

It will start a vscode instance by your account at background

real os panel Start

VS code

Connrct to your code-server

real os panel VS

Jupyter

Connect to a jupyterlab session

real os panel Jupyter

Cockpit

Connect to cockpit

Account

Connect to account page in the cockpit

Container panel

Whenever you run any program in this panel, all programs will running in a docker container.

Everyone has sudo permission in their own container.

Start Container

Just start your container.

If not exist, it will create one

Container panel

Factort reset

Delete your contaainer. It it will be created at next time you start the container

/data and /home/{username} folders are mounted externally, so they will not be deleted

Container panel FS

VS code

Connrct to your code-server which running in the container

Container panel VS

Jupyter

Connrct to your jupyter which running in the container

Container panel Jupyter

Security Warning

  • Please mount /home and /data with paramater nosuid,nodev in real OS.
    • Because user has root permission in container which allows user to setuid a binary in container and ececute it in Real OS.
    • Only /home/{username} and /data are share between container and Real OS, so doing this will prevent users get root permission in RealOS.