-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
VRE - interTwin DL integration (#45)
* build image for vre-interwtin integration * add asyncssh script and lib into the container * fix permissions on docker file * rename asycn ssh script inside the image * add jupyterhub package in the singluser image * update python executer for asynchssh image * fix jhub version to 1.5.1 * fix jhub version to 1.5.0 * create rucio config file in hooks * fix build * fix paths in dockerfile * fix permissions * fix permissions 2 * touch config file * comment creation of rucio config file * rebuild wiht latests version * rebuild * rebuild 2 * fix server instance config * build with rucio cfg * build with rucio cfg 2 * build with rucio cfg 2.5 * build with rucio cfg 2.5 * build with rucio cfg 3 * update configure * add pre hooks in the ssh script * create rucio.cfg file within the setup.sh file * fix permissions and rucio URLs * hardcode jupyter config * hardcode jupyter config * hardcode jupyter config 2 * hardcode jupyter config 3 * hardcode jupyter config 4 * hardcode jupyter config 3 * hardcode jupyter config 2 * hardcode jupyter config * hardcode jupyter config json * test with download mode * test with writable /opt/rucio dir * not trigger dump of config * replica mode and update anchors * replica mode and update trust certs 2 * replica mode * rename dir and add README with documentation * restore CI to main
- Loading branch information
1 parent
73cc512
commit 3a5ac95
Showing
6 changed files
with
426 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,99 @@ | ||
FROM jupyter/scipy-notebook:python-3.9.13 | ||
LABEL author="Image based on the work by Muhammad Aditya Hilmy - ESCAPE WP2 2020" | ||
LABEL maintainer="VRE Team @ CERN 23/24 - E. Garcia, G. Guerrieri" | ||
LABEL org.opencontainers.image.source https://github.com/vre-hub/environments | ||
ARG BUILD_DATE | ||
LABEL org.label-schema.build-date=$BUILD_DATE | ||
|
||
RUN pip install --upgrade pip | ||
|
||
USER $NB_UID | ||
|
||
RUN conda install -y -n base mamba \ | ||
&& mamba install -y -c conda-forge python-gfal2 asyncssh jupyterhub==1.5.0 \ | ||
&& conda clean --all -f -y | ||
|
||
# Install rucio-jupyterlab with jlab v=3 | ||
RUN pip install rucio-jupyterlab==0.10.0 \ | ||
&& jupyter serverextension enable --py rucio_jupyterlab --sys-prefix | ||
|
||
USER root | ||
|
||
RUN apt update -y \ | ||
&& apt install -y build-essential curl voms-clients-java software-properties-common \ | ||
&& apt clean -y \ | ||
&& rm /opt/conda/bin/voms-proxy-init \ | ||
&& ln -s /usr/bin/voms-proxy-init /opt/conda/bin/voms-proxy-init | ||
|
||
# ESCAPE grid-security and VOMS setup | ||
RUN wget -q -O - https://dist.eugridpma.info/distribution/igtf/current/GPG-KEY-EUGridPMA-RPM-3 | apt-key add - | ||
|
||
RUN apt update \ | ||
&& add-apt-repository 'deb http://repository.egi.eu/sw/production/cas/1/current egi-igtf core' \ | ||
&& apt -y install ca-policy-egi-core | ||
|
||
RUN mkdir -p /etc/vomses \ | ||
&& wget https://indigo-iam.github.io/escape-docs/voms-config/voms-escape.cloud.cnaf.infn.it.vomses -O /etc/vomses/voms-escape.cloud.cnaf.infn.it.vomses \ | ||
&& mkdir -p /etc/grid-security/vomsdir/escape \ | ||
&& wget https://indigo-iam.github.io/escape-docs/voms-config/voms-escape.cloud.cnaf.infn.it.lsc -O /etc/grid-security/vomsdir/escape/voms-escape.cloud.cnaf.infn.it.lsc | ||
|
||
# Setup merged CERN CA file on Ubuntu based images. | ||
# This file is contained in the `CERN-bundle.pem` file downloaded using | ||
RUN mkdir /certs \ | ||
&& touch /certs/rucio_ca.pem \ | ||
&& curl -fsSL 'https://cafiles.cern.ch/cafiles/certificates/CERN%20Root%20Certification%20Authority%202.crt' | openssl x509 -inform DER -out /tmp/cernrootca2.crt \ | ||
&& curl -fsSL 'https://cafiles.cern.ch/cafiles/certificates/CERN%20Grid%20Certification%20Authority(1).crt' -o /tmp/cerngridca.crt \ | ||
&& curl -fsSL 'https://cafiles.cern.ch/cafiles/certificates/CERN%20Certification%20Authority.crt' -o /tmp/cernca.crt \ | ||
&& cat /tmp/cernrootca2.crt >> /certs/rucio_ca.pem \ | ||
&& cat /tmp/cerngridca.crt >> /certs/rucio_ca.pem \ | ||
&& cat /tmp/cernca.crt >> /certs/rucio_ca.pem \ | ||
&& rm /tmp/*.crt \ | ||
&& update-ca-certificates | ||
|
||
# # Install trust anchors | ||
# RUN curl https://ca.cern.ch/cafiles/certificates/CERN%20Root%20Certification%20Authority%202.crt -o /etc/pki/ca-trust/source/anchors/1.crt &&\ | ||
# curl https://ca.cern.ch/cafiles/certificates/CERN%20Grid%20Certification%20Authority.crt -o /etc/pki/ca-trust/source/anchors/2.crt &&\ | ||
# curl https://ca.cern.ch/cafiles/certificates/CERN%20Grid%20Certification%20Authority\(1\).crt -o /etc/pki/ca-trust/source/anchors/3.crt &&\ | ||
# curl http://signet-ca.ijs.si/pub/cacert/signet02cacert.crt -o /etc/pki/ca-trust/source/anchors/4.crt &&\ | ||
# curl https://doku.tid.dfn.de/_media/de:dfnpki:ca:tcs-server-certificate-ca-bundle.tar -o geant-bundle.tar &&\ | ||
# tar xf geant-bundle.tar &&\ | ||
# cp tcs-server-certificate-ca-bundle/*.pem /etc/pki/ca-trust/source/anchors/ &&\ | ||
# rm -rf geant-bundle.tar tcs-server-certificate-ca-bundle &&\ | ||
# update-ca-trust | ||
|
||
# Add async ssh script | ||
ADD asyncssh_config.py /opt/ssh/jupyterhub-singleuser | ||
RUN fix-permissions /opt/ssh/jupyterhub-singleuser \ | ||
&& chown -R $NB_UID /opt/ssh/jupyterhub-singleuser \ | ||
&& chmod +x /opt/ssh/jupyterhub-singleuser | ||
|
||
# Setup extension Rucio instance config | ||
ADD configure.py /opt/setup-rucio-jupyterlab/configure.py | ||
RUN fix-permissions /opt/setup-rucio-jupyterlab/configure.py \ | ||
&& chown -R $NB_UID /opt/setup-rucio-jupyterlab/configure.py \ | ||
&& chmod +x /opt/setup-rucio-jupyterlab/configure.py | ||
|
||
ADD setup.sh /usr/local/bin/setup.sh | ||
RUN fix-permissions /usr/local/bin/setup.sh \ | ||
&& sed -i -e 's/\r$/\n/' /usr/local/bin/setup.sh \ | ||
&& chmod +x /usr/local/bin/setup.sh | ||
|
||
RUN mkdir -p /opt/rucio/etc \ | ||
# && touch /opt/rucio/etc/rucio.cfg \ | ||
&& fix-permissions /opt/rucio/etc \ | ||
&& chown -R ${NB_UID}:${NB_GID} /opt/rucio/etc | ||
|
||
# && /usr/local/bin/setup.sh | ||
#RUN chown -R $NB_UID $HOME/.jupyter/jupyter_notebook_config.json | ||
# && chown -R $NB_UID /etc/jupyter/jupyter_notebook_config.py | ||
|
||
|
||
#ENV IPYTHONDIR=/etc/ipython | ||
#ADD ipython_kernel_config.json /etc/ipython/profile_default/ipython_kernel_config.json | ||
#RUN chown -R $NB_UID /etc/ipython | ||
ENV JUPYTER_ENABLE_LAB=yes | ||
|
||
WORKDIR $HOME | ||
USER $NB_UID | ||
|
||
CMD ["setup.sh", "start-notebook.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,119 @@ | ||
# Integration of the Rucio JupyterLab extension in the interTwin infrastructure | ||
|
||
The extentension interacts with the interTwin RUCIO instance, running at DESY. The Jupyter session is spawned by [interLink](https://github.com/interTwin-eu/interLink), a package able to run a k8s pod (and thus any contenairised application) on remote resources. | ||
|
||
Please note that this image is still under development and will be constantly evolving | ||
|
||
## Try this image | ||
|
||
**Needs both an EGI CheckIn and an interTwin Rucio active account** | ||
|
||
- Connect to the [cluster](https://jhub.131.154.98.40.myip.cloud.infn.it/) | ||
- Use the following image within the `Select your desired image` field, and select the desired offload mode. You must enable an offloading mode to be able to interact with Rucio. | ||
```bash | ||
docker://ghcr.io/vre-hub/vre-singleuser-intertwin_dev:sha-7d09a10 | ||
``` | ||
|
||
### Setup your image to be compatible with interLink | ||
|
||
Within your Dockerfile image, install the following packages and add the `asyncssh_config.py` to the container. You could have a look to the [Dockerfile](./Dockerfile) as well. | ||
|
||
```Dockerfile | ||
# Spawning a jupyterLab session needs any jupyter BASE layer | ||
FROM jupyter/scipy-notebook:python-3.9.13 | ||
RUN conda install -y -n base mamba \ | ||
&& mamba install -y -c conda-forge asyncssh jupyterhub==1.5.0 \ | ||
&& conda clean --all -f -y | ||
ADD asyncssh_config.py /opt/ssh/jupyterhub-singleuser | ||
RUN fix-permissions /opt/ssh/jupyterhub-singleuser \ | ||
&& chown -R $NB_UID /opt/ssh/jupyterhub-singleuser \ | ||
&& chmod +x /opt/ssh/jupyterhub-singleuser | ||
``` | ||
with | ||
```python | ||
$ cat asyncssh_config.py | ||
#!/opt/conda/bin/python | ||
# -*- coding: utf-8 -*- | ||
# | ||
# D. Ciangottini | ||
# | ||
import re | ||
import sys | ||
from jupyterhub.singleuser import main | ||
import asyncssh | ||
import logging | ||
import sys | ||
import asyncio | ||
import os | ||
from subprocess import Popen | ||
ssh_host = os.environ.get("JHUB_HOST") | ||
ssh_url_port = os.environ.get("SSH_PORT") | ||
username = os.environ.get("JUPYTERHUB_USER") | ||
token = os.environ.get("JUPYTERHUB_API_TOKEN") | ||
fwd_port = os.environ.get("FWD_PORT") | ||
async def run_client(): | ||
async with asyncssh.connect( | ||
host=ssh_host, | ||
port=int(ssh_url_port), | ||
username=username, | ||
password=token, | ||
known_hosts=None, | ||
) as conn: | ||
conn.set_keepalive(interval=14.0, count_max=10) | ||
listener = await conn.forward_remote_port( | ||
"0.0.0.0", | ||
int(fwd_port), | ||
"0.0.0.0", | ||
int(fwd_port), | ||
) | ||
await listener.wait_closed() | ||
if __name__ == '__main__': | ||
print("Connecting ssh...") | ||
loop = asyncio.get_event_loop() | ||
loop.create_task(run_client()) | ||
print("Starting JLAB") | ||
sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0]) | ||
sys.exit(main()) | ||
``` | ||
### Install the Rucio [JupyterLab extension](https://github.com/rucio/jupyterlab-extension) in the container | ||
Within your Dockerfile add the following lines. Check, and addapt if needed, the content of the bash and python files that also need to be added to the container. | ||
```Dockerfile | ||
# Installation of the RUCIO JupyterLab extension | ||
RUN conda install -y -n base mamba \ | ||
&& mamba install -y -c conda-forge python-gfal2 | ||
# jupyterlab extension compatible with jlab v=3.X.Y | ||
RUN pip install rucio-jupyterlab==0.10.0 \ | ||
&& jupyter serverextension enable --py rucio_jupyterlab --sys-prefix | ||
ADD configure.py /opt/setup-rucio-jupyterlab/configure.py | ||
RUN fix-permissions /opt/setup-rucio-jupyterlab/configure.py \ | ||
&& chown -R $NB_UID /opt/setup-rucio-jupyterlab/configure.py \ | ||
&& chmod +x /opt/setup-rucio-jupyterlab/configure.py | ||
ADD setup.sh /usr/local/bin/setup.sh | ||
RUN fix-permissions /usr/local/bin/setup.sh \ | ||
&& sed -i -e 's/\r$/\n/' /usr/local/bin/setup.sh \ | ||
&& chmod +x /usr/local/bin/setup.sh | ||
RUN mkdir -p /opt/rucio/etc \ | ||
&& fix-permissions /opt/rucio/etc \ | ||
&& chown -R ${NB_UID}:${NB_GID} /opt/rucio/etc | ||
ENV JUPYTER_ENABLE_LAB=yes | ||
CMD ["setup.sh", "start-notebook.sh"] | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
#!/opt/conda/bin/python | ||
# -*- coding: utf-8 -*- | ||
# | ||
# D. Ciangottini | ||
# | ||
import re | ||
import sys | ||
from jupyterhub.singleuser import main | ||
import asyncssh | ||
import logging | ||
import sys | ||
import asyncio | ||
import os | ||
from subprocess import Popen | ||
|
||
ssh_host = os.environ.get("JHUB_HOST") | ||
ssh_url_port = os.environ.get("SSH_PORT") | ||
username = os.environ.get("JUPYTERHUB_USER") | ||
token = os.environ.get("JUPYTERHUB_API_TOKEN") | ||
|
||
fwd_port = os.environ.get("FWD_PORT") | ||
|
||
async def run_client(): | ||
async with asyncssh.connect( | ||
host=ssh_host, | ||
port=int(ssh_url_port), | ||
username=username, | ||
password=token, | ||
known_hosts=None, | ||
) as conn: | ||
conn.set_keepalive(interval=14.0, count_max=10) | ||
listener = await conn.forward_remote_port( | ||
"0.0.0.0", | ||
int(fwd_port), | ||
"0.0.0.0", | ||
int(fwd_port), | ||
) | ||
await listener.wait_closed() | ||
|
||
|
||
if __name__ == '__main__': | ||
print("Connecting ssh...") | ||
loop = asyncio.get_event_loop() | ||
loop.create_task(run_client()) | ||
|
||
print("Configuring Rucio extension...") | ||
p = Popen(['/usr/local/bin/setup.sh']) | ||
while p.poll() is None: | ||
pass | ||
|
||
print("Starting JLAB") | ||
sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0]) | ||
sys.exit(main()) | ||
|
||
|
Oops, something went wrong.