How To: Use the Notebooks as a Service solution


This guide explains how to use the Notebooks as a Service (NaaS) solution available in INFN Cloud.


The user has to be registered in the IAM system for INFN-Cloud Only registered users can login into the NaaS service endpoint

  • For more details regarding the registration process please see Getting Started. To use this service you don’t need the “system admin” nomination.

Login to the service

NaaS is setup as a high-available service, therefore the endpoint points to two different sites: Bari and CNAF.


Figure 1: Authentication in the system

The user logs in to the system via IAM using INFN-AAI credentials


Figure 2: Iam homepage

INFN-CCR AAI credential

Figure 3: Using INFN-AAI identity

and then authorizes the client

INFN-CCR AAI credential

Figure 4: Client registration

Server configuration

The user has to start the notebook server using the available docker image “INFN-Cloud base image”, the “” (it can be found using the down arrow in the field “select your desired image”).

Then choose the amount of resources in terms of CPUs and RAM.

server configuration

Figure 5: Notebook server configuration

The server startup can take some time (up to few minutes).


Sometimes the server startup can fail with a timeout message. In this case just retry.

server configuration

Figure 6: Server startup

When the notebook server is ready, the notebook dashboard appears. The Files tab provides an interactive view of the portion of the filesystem accessible by the user.

server filesystem

Figure 6: Server filesystem

The filesystem

  • the cloud_storage directory is the persistent area where to store your files. This area allows to access via posix the Object Storage of INFN Cloud and it is automatically available to any new notebook server started by the user. Files written there are not removed even if the server is deleted.

  • The cloud_storage directory contains two sub-directories:

    • the personal bucket of the user, identified with the username
    • the scratch directory, i.e. the bucket shared among cloud users in read mode.

    These buckets can be accessed also via Minio-gw browser

  • this directory is a persistent area only for the node where the server is started. It means that if the user kills the server and starts a new one executed on a different node, files in the local area can be not found.

All other places are effimeral spaces.

Best practice: don’t execute and modify notebook files directly from the cloud_storage area, but copy them from the cloud_storage area to the /workarea and work from here otherwise you can experience connection problems. Finally save the changes and store the file in the permanent area cloud_storage.

The S3 api to access Minio files

In the directory examples there are two python scripts that explain how to access object storage files via S3 api. The oidc-agent profile already configured in the server is “infncloud”. Here a link to the detailed example.

Image to use

The base image for the Notebook server is provided by the service. The name of the image is “INFN-Cloud base image” and the value is “”. If the user needs to use for the Notebook server an image with other libraries and tools installed, he/she can prepare a new image starting from the base one. The base image is available in baltig; here the link to the Dockerfile. For more details please read the “How To: create a customized docker image for services”