JupyterHub: update jupyterhub component default version to 5.2.1

[mishaschwartz]

Overview

This implements all changes between JupyterHub version
4.1.6 and 5.2.1.

This update requires the following manual upgrade steps:

• If your local environment file sets the c.DockerSpawner.image_whitelist config option in the
  JUPYTERHUB_ENABLE_MULTI_NOTEBOOKS environnment variable. Change c.DockerSpawner.image_whitelist
  to c.DockerSpawner.allowed_images.
• Update the jupyterhub database with the following command after you have started up the stack:

  birdhouse compose exec jupyterhub jupyterhub upgrade-db
  

  You can also simply delete the jupyterhub_data_persistence volume if you're not storing any custom
  information there and if you haven't manually set c.Authenticator.allow_all to False (ensure that
  the stack is stopped and all jupyterlab containers have been stopped and removed first).

If you have changed any of the default jupyterhub settings you may need to consult the JupyterHub upgrade guide to see if any of those settings have been changed.

Changes

Non-breaking changes

• New component version jupyterhub:5.2.1-20241114

Breaking changes

Related Issue / Discussion

Additional Information

CI Operations

birdhouse_daccs_configs_branch: master
birdhouse_skip_ci: false

[fmigneault]

The changelog should describe that changing to this version can break everything depending on the OS the server is running on, since the whole Jenkins CI fiasco originates from this.

Link to Ouranosinc/PAVICS-e2e-workflow-tests#137

It is not necessarily a seamless change.

[fmigneault]

This combination is extremely confusing and prone to misinterpretation.
Please provide the doc reference and some comment.

https://jupyterhub.readthedocs.io/en/latest/reference/api/auth.html#jupyterhub.auth.Authenticator.allow_all

Even after reading the doc details, it feels config to "allow all" after an explicit set of blocked users.

[mishaschwartz]

This is to maintain the previous behaviour which is what is mentioned a few times both in the link you provided and the upgrade guide (https://jupyterhub.readthedocs.io/en/latest/howto/upgrading-v5.html#authenticator-allow-all-and-allow-existing-users).

We use Magpie as the source of truth for who our users are so we do not want jupyterhub to filter/block those users further.

Can you clarify what the confusion is please? That would help me draft a better comment to help.

[fmigneault]

Can't this be defined as a compose service jupyterhub-db-migration with restart: "no"?

[mishaschwartz]

It can. But I don't think it should. We do not want this to run every time jupyterhub starts up. This database upgrade is described as "not too disruptive" but more involved upgrades in the future may break things. This is really something that we want to do manually.