-
Notifications
You must be signed in to change notification settings - Fork 19
/
Copy pathDockerfile.cc-base-centos7
277 lines (245 loc) · 8.99 KB
/
Dockerfile.cc-base-centos7
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
FROM coffeateam/coffea-dask-cc7:0.7.18-fastjet-3.3.4.0rc9-g0510edd
# https://github.com/jupyter/docker-stacks/blob/master/base-notebook/Dockerfile
# Fix DL4006
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
USER root
LABEL maintainer="Oksana Shadura <ksu.shadura@gmail.com>"
# Jupyterhub
ARG NB_USER="cms-jovyan"
ARG NB_UID="6440"
ARG NB_GID="11265"
# Configure Labextention Dask Cluster factory
ARG DASK_ROOT_CONFIG="/opt/dask"
ARG LABEXTENTION_CLUSTER="Local Cluster"
ARG LABEXTENTION_FACTORY_CLASS="LocalCluster"
ARG LABEXTENTION_FACTORY_MODULE="dask.distributed"
# Condor settings
ARG CONDOR_HOST="red-condor.unl.edu"
ARG COLLECTOR_NAME="Nebraska T2"
ARG UID_DOMAIN="unl.edu"
ARG SCHEDD_HOST="t3.unl.edu"
# Hack for GH Actions
ARG GITHUB_ACTIONS="false"
# Configure environment
ENV CONDA_DIR /usr/local
ENV SHELL /bin/bash
ENV NB_USER $NB_USER
ENV USER $NB_USER
ENV NB_UID $NB_UID
ENV NB_GID $NB_GID
ENV HOME /home/$NB_USER
ENV PATH "${CONDA_DIR}/bin/:$PATH"
ENV WORKER_IMAGE $WORKER_IMAGE
ENV TAG $TAG
ENV DASK_ROOT_CONFIG $DASK_ROOT_CONFIG
ENV LABEXTENTION_CLUSTER $LABEXTENTION_CLUSTER
ENV LABEXTENTION_FACTORY_CLASS $LABEXTENTION_FACTORY_CLASS
ENV LABEXTENTION_FACTORY_MODULE $LABEXTENTION_FACTORY_MODULE
ENV CONDOR_HOST $CONDOR_HOST
ENV COLLECTOR_NAME $COLLECTOR_NAME
ENV UID_DOMAIN $UID_DOMAIN
ENV SCHEDD_HOST $SCHEDD_HOST
ENV LC_ALL en_US.UTF-8
ENV LANG en_US.UTF-8
ENV LANGUAGE en_US.UTF-8
# Install all OS dependencies for notebook server that starts but lacks all
# features (e.g., download as all possible file formats)
RUN yum -y install http://opensource.wandisco.com/centos/7/git/x86_64/wandisco-git-release-7-2.noarch.rpm \
&& yum -y update \
&& yum -y group install "Development Tools" \
&& yum -y install \
wget \
epel-release \
gettext \
bzip2 \
ca-certificates \
sudo \
langpacks-en \
glibc-all-langpacks \
liberation-fonts \
wget \
nss_wrapper \
openssl \
emacs \
git \
unzip \
nano \
vim \
curl \
net-tools \
libXext \
libSM \
libXrender \
xdg-utils \
nc \
openssh-clients \
tzdata \
unzip \
gdb \
&& yum clean all && rm -rf /var/cache/yum
# Copy a script that we will use to correct permissions after running certain commands
COPY jupyterhub/fix-permissions /usr/local/bin/fix-permissions
RUN chmod a+rx /usr/local/bin/fix-permissions
# Enable prompt color in the skeleton .bashrc before creating the default NB_USER
# hadolint ignore=SC2016
RUN sed -i 's/^#force_color_prompt=yes/force_color_prompt=yes/' /etc/skel/.bashrc && \
# Add call to conda init script see https://stackoverflow.com/a/58081608/4413446
echo 'eval "$(command conda shell.bash hook 2> /dev/null)"' >> /etc/skel/.bashrc
# Create NB_USER with name cms-jovyan user with given UID and in the 'users' group
# and make sure these dirs are writable by the `users` group.
RUN echo "auth requisite pam_deny.so" >> /etc/pam.d/su && \
sed -i.bak -e 's/^%admin/#%admin/' /etc/sudoers && \
sed -i.bak -e 's/^%sudo/#%sudo/' /etc/sudoers && \
groupadd -r "${NB_USER}" --gid "$NB_GID" && \
useradd -l -m -s /bin/bash -N -u "${NB_UID}" "${NB_USER}" && \
mkdir -p "${CONDA_DIR}" && \
chown -R "${NB_USER}:${NB_GID}" "${CONDA_DIR}" && \
chown -R "${NB_USER}:${NB_GID}" "${HOME}" && \
chmod g+w /etc/passwd && \
fix-permissions "${HOME}" && \
fix-permissions "${CONDA_DIR}"
USER $NB_USER
WORKDIR $HOME
# Setup work directory for backward-compatibility
RUN mkdir "/home/${NB_USER}/work" && \
fix-permissions "/home/${NB_USER}"
# Install Jupyter Notebook, Lab, and Hub
# Generate a notebook server config
# Cleanup temporary files
# Correct permissions
# Do all this in a single RUN command to avoid duplicating all of the
# files across image layers when the permissions change
RUN mamba install --quiet --yes \
-c conda-forge \
'notebook' \
'jupyterhub' \
'jupyterlab' \
jupyterlab_widgets \
jupyterlab-git \
dask_labextension && \
mamba clean \
--all \
--yes && \
npm cache clean --force && \
jupyter notebook --generate-config && \
jupyter lab clean && \
rm -rf "/home/${NB_USER}/.cache/yarn"
#fix-permissions "${CONDA_DIR}" && \
#fix-permissions "/home/${NB_USER}"
EXPOSE 8888
# Copy local files as late as possible to avoid cache busting
COPY jupyterhub/start.sh jupyterhub/start-notebook.sh jupyterhub/start-singleuser.sh /usr/local/bin/
# Currently need to have both jupyter_notebook_config and jupyter_server_config to support classic and lab
COPY jupyterhub/jupyter_notebook_config.py /etc/jupyter/
# Fix permissions on /etc/jupyter as root
USER root
# Prepare upgrade to JupyterLab V3.0 #1205
RUN sed -re "s/c.NotebookApp/c.ServerApp/g" \
/etc/jupyter/jupyter_notebook_config.py > /etc/jupyter/jupyter_server_config.py && \
fix-permissions /etc/jupyter/
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Update: 7.06.2021
# https://github.com/jupyter/docker-stacks/blob/master/minimal-notebook/Dockerfile
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
RUN pip install --upgrade --no-cache-dir \
jupyterlab_github \
jupyter_client \
ipywidgets
# Enable the serverextensions that do not use the conf.d approach and
# build JupyterLab.
RUN jupyter labextension install @jupyter-widgets/jupyterlab-manager && \
jupyter labextension install jupyterlab-jupytext && \
jupyter serverextension enable --sys-prefix jupyterlab_git && \
jupyter serverextension enable --sys-prefix jupyterlab_github && \
jupyter labextension install dask-labextension && \
jupyter serverextension enable dask_labextension && \
jupyter lab build --dev-build=False && jupyter lab clean && \
npm cache clean --force && \
rm -rf $HOME/.cache/yarn && \
rm -rf $HOME/.node-gyp
USER root
# Preparing directories for Dask conf files, patches and job spool directory for HTCondor
RUN mkdir -p ${DASK_ROOT_CONFIG} && chown -R "${NB_USER}:${NB_GID}" ${DASK_ROOT_CONFIG} && \
mkdir -p /opt/condor/config.d && chown -R "${NB_USER}:${NB_GID}" /opt/condor/config.d && \
mkdir -p ${HOME}/.condor/tokens.d && \
mkdir -p /var/lib/condor && \
mkdir -p /etc/condor/config.d
USER ${NB_UID}
RUN mamba install --yes \
-c conda-forge \
conda-build \
htcondor \
xgboost \
pyhf \
cabinetry>=0.5.1 \
vector \
hist \
mplhep \
iminuit \
cmake \
scikit-hep-testdata \
&& mamba clean \
--all \
--yes
RUN pip install --no-cache-dir \
aiostream \
tenacity \
func-adl_servicex \
func_adl_uproot \
tcut_to_qastle \
servicex-databinder \
correctionlib \
func_adl_uproot \
tcut_to_qastle \
servicex-databinder \
funcx \
pyyaml
USER ${NB_UID}
# Dask, Labextention and coffea-casa setup
COPY dask/dask.yaml dask/labextension.yaml ${DASK_ROOT_CONFIG}/
USER root
# Add HTCondor configuration files that not needed to be edited
COPY condor/condor_config /etc/condor/
COPY condor/config.d /etc/condor/config.d/
# Setup HTCondor user/group and change group for user $NB_USER
# Fix error (submitting jobs as user/group 0 (root) is not allowed for security reasons) and
# it configured from kubernetes side and updated in docker container to match it
RUN groupadd -r condor && \
useradd -r -g condor -d /var/lib/condor -s /sbin/nologin condor
# Cleanup
RUN rm -rf /tmp/* \
&& rm -rf $HOME/.cache/.pip/* \
&& jupyter lab clean \
&& jlpm cache clean \
&& npm cache clean --force \
&& find ${CONDA_DIR} -type f -name '*.a' -delete \
&& find ${CONDA_DIR} -type f -name '*.pyc' -delete \
&& find ${CONDA_DIR} -type f -name '*.js.map' -delete \
&& (find ${CONDA_DIR}/lib/python*/site-packages/bokeh/server/static -type f,l -name '*.js' -not -name '*.min.js' -delete || echo "no bokeh static files to cleanup") \
&& rm -rf ${CONDA_DIR}/pkgs
# Fix permissions for Dask files
RUN chown -R "${NB_USER}:${NB_GID}" ${DASK_ROOT_CONFIG}/*.yaml
# xcache setup
#ENV XRD_PLUGINCONFDIR="${CONDA_DIR}/etc/xrootd/client.plugins.d/"
ENV LD_LIBRARY_PATH="${CONDA_DIR}/lib/:$LD_LIBRARY_PATH"
#ENV XRD_PLUGIN="${CONDA_DIR}/lib/libXrdClAuthzPlugin.so"
ENV PATH="${CONDA_DIR}/bin/:$PATH"
# FIXME: we have a wrong path, let's make a link.
# cms-jovyan@jupyter-oksana-2eshadura-40cern-2ech:~$ echo $PATH
# /opt/conda/condabin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
RUN rm -rf ${CONDA_DIR}/condabin && ln -s ${CONDA_DIR}/bin ${CONDA_DIR}/condabin
# Mkdir CVMFS mount directory. Mount done upstream in configs. Harmless
# if not utilized, crucial if CVMFS is desired
RUN mkdir /cvmfs
# prepare-env.sh script
COPY prepare-env/prepare-env-cc-base.sh /usr/local/bin/prepare-env.sh
RUN chmod ugo+x /usr/local/bin/prepare-env.sh
# Switch back to cms-jovyan to avoid accidental container runs as root
USER ${NB_UID}
WORKDIR $HOME
#ENTRYPOINT ["tini", "-g", "--"]
ENTRYPOINT ["tini", "-g", "--", "/usr/local/bin/prepare-env.sh"]
# Extra packages to be installed (apt, pip, conda) and commands to be executed
# Use bash login shell for entrypoint in order
# to automatically source user's .bashrc
CMD ["start-notebook.sh"]