VRE - interTwin DL integration (#45)

* build image for vre-interwtin integration * add asyncssh script and lib into the container * fix permissions on docker file * rename asycn ssh script inside the image * add jupyterhub package in the singluser image * update python executer for asynchssh image * fix jhub version to 1.5.1 * fix jhub version to 1.5.0 * create rucio config file in hooks * fix build * fix paths in dockerfile * fix permissions * fix permissions 2 * touch config file * comment creation of rucio config file * rebuild wiht latests version * rebuild * rebuild 2 * fix server instance config * build with rucio cfg * build with rucio cfg 2 * build with rucio cfg 2.5 * build with rucio cfg 2.5 * build with rucio cfg 3 * update configure * add pre hooks in the ssh script * create rucio.cfg file within the setup.sh file * fix permissions and rucio URLs * hardcode jupyter config * hardcode jupyter config * hardcode jupyter config 2 * hardcode jupyter config 3 * hardcode jupyter config 4 * hardcode jupyter config 3 * hardcode jupyter config 2 * hardcode jupyter config * hardcode jupyter config json * test with download mode * test with writable /opt/rucio dir * not trigger dump of config * replica mode and update anchors * replica mode and update trust certs 2 * replica mode * rename dir and add README with documentation * restore CI to main
vre-hub · Jun 13, 2024 · 3a5ac95 · 3a5ac95
1 parent 73cc512
commit 3a5ac95
Show file tree

Hide file tree

Showing 6 changed files with 426 additions and 0 deletions.
diff --git a/vre-singleuser-interTwin/Dockerfile b/vre-singleuser-interTwin/Dockerfile
@@ -0,0 +1,99 @@
+FROM jupyter/scipy-notebook:python-3.9.13
+LABEL author="Image based on the work by Muhammad Aditya Hilmy - ESCAPE WP2 2020"
+LABEL maintainer="VRE Team @ CERN 23/24 - E. Garcia, G. Guerrieri"
+LABEL org.opencontainers.image.source https://github.com/vre-hub/environments
+ARG BUILD_DATE
+LABEL org.label-schema.build-date=$BUILD_DATE
+
+RUN pip install --upgrade pip
+
+USER $NB_UID
+
+RUN conda install -y -n base mamba \
+    && mamba install -y -c conda-forge python-gfal2 asyncssh jupyterhub==1.5.0 \
+    && conda clean --all -f -y
+
+# Install rucio-jupyterlab with jlab v=3
+RUN pip install rucio-jupyterlab==0.10.0 \
+    && jupyter serverextension enable --py rucio_jupyterlab --sys-prefix 
+
+USER root
+
+RUN apt update -y \
+    && apt install -y build-essential curl voms-clients-java software-properties-common \
+    && apt clean -y \
+    && rm /opt/conda/bin/voms-proxy-init \
+    && ln -s /usr/bin/voms-proxy-init /opt/conda/bin/voms-proxy-init
+
+# ESCAPE grid-security and VOMS setup
+RUN wget -q -O - https://dist.eugridpma.info/distribution/igtf/current/GPG-KEY-EUGridPMA-RPM-3 | apt-key add -
+
+RUN apt update \
+    && add-apt-repository 'deb http://repository.egi.eu/sw/production/cas/1/current egi-igtf core' \
+    && apt -y install ca-policy-egi-core
+
+RUN mkdir -p /etc/vomses \
+    && wget https://indigo-iam.github.io/escape-docs/voms-config/voms-escape.cloud.cnaf.infn.it.vomses -O /etc/vomses/voms-escape.cloud.cnaf.infn.it.vomses \
+    && mkdir -p /etc/grid-security/vomsdir/escape \
+    && wget https://indigo-iam.github.io/escape-docs/voms-config/voms-escape.cloud.cnaf.infn.it.lsc -O /etc/grid-security/vomsdir/escape/voms-escape.cloud.cnaf.infn.it.lsc
+
+# Setup merged CERN CA file on Ubuntu based images.
+# This file is contained in the `CERN-bundle.pem` file downloaded using 
+RUN mkdir /certs \
+    && touch /certs/rucio_ca.pem \
+    && curl -fsSL 'https://cafiles.cern.ch/cafiles/certificates/CERN%20Root%20Certification%20Authority%202.crt' | openssl x509 -inform DER -out /tmp/cernrootca2.crt \
+    && curl -fsSL 'https://cafiles.cern.ch/cafiles/certificates/CERN%20Grid%20Certification%20Authority(1).crt' -o /tmp/cerngridca.crt \
+    && curl -fsSL 'https://cafiles.cern.ch/cafiles/certificates/CERN%20Certification%20Authority.crt' -o /tmp/cernca.crt \
+    && cat /tmp/cernrootca2.crt >> /certs/rucio_ca.pem \
+    && cat /tmp/cerngridca.crt >> /certs/rucio_ca.pem \
+    && cat /tmp/cernca.crt >> /certs/rucio_ca.pem \
+    && rm /tmp/*.crt \
+    && update-ca-certificates
+
+# # Install trust anchors 
+# RUN curl https://ca.cern.ch/cafiles/certificates/CERN%20Root%20Certification%20Authority%202.crt -o /etc/pki/ca-trust/source/anchors/1.crt &&\
+#     curl https://ca.cern.ch/cafiles/certificates/CERN%20Grid%20Certification%20Authority.crt -o /etc/pki/ca-trust/source/anchors/2.crt &&\
+#     curl https://ca.cern.ch/cafiles/certificates/CERN%20Grid%20Certification%20Authority\(1\).crt -o /etc/pki/ca-trust/source/anchors/3.crt &&\
+#     curl http://signet-ca.ijs.si/pub/cacert/signet02cacert.crt -o /etc/pki/ca-trust/source/anchors/4.crt &&\
+#     curl https://doku.tid.dfn.de/_media/de:dfnpki:ca:tcs-server-certificate-ca-bundle.tar -o geant-bundle.tar &&\
+#     tar xf geant-bundle.tar &&\
+#     cp tcs-server-certificate-ca-bundle/*.pem /etc/pki/ca-trust/source/anchors/ &&\
+#     rm -rf geant-bundle.tar tcs-server-certificate-ca-bundle &&\
+#     update-ca-trust
+
+# Add async ssh script
+ADD asyncssh_config.py /opt/ssh/jupyterhub-singleuser
+RUN fix-permissions /opt/ssh/jupyterhub-singleuser \
+    && chown -R $NB_UID /opt/ssh/jupyterhub-singleuser \
+    && chmod +x /opt/ssh/jupyterhub-singleuser
+
+# Setup extension Rucio instance config
+ADD configure.py /opt/setup-rucio-jupyterlab/configure.py
+RUN fix-permissions /opt/setup-rucio-jupyterlab/configure.py \
+    && chown -R $NB_UID /opt/setup-rucio-jupyterlab/configure.py \
+    && chmod +x /opt/setup-rucio-jupyterlab/configure.py
+
+ADD setup.sh /usr/local/bin/setup.sh
+RUN fix-permissions /usr/local/bin/setup.sh \
+    && sed -i -e 's/\r$/\n/' /usr/local/bin/setup.sh \
+    && chmod +x /usr/local/bin/setup.sh
+
+RUN mkdir -p /opt/rucio/etc \
+#    && touch /opt/rucio/etc/rucio.cfg \
+    && fix-permissions /opt/rucio/etc \
+    && chown -R ${NB_UID}:${NB_GID} /opt/rucio/etc 
+
+#    && /usr/local/bin/setup.sh 
+#RUN chown -R $NB_UID $HOME/.jupyter/jupyter_notebook_config.json 
+#    && chown -R $NB_UID /etc/jupyter/jupyter_notebook_config.py
+
+
+#ENV IPYTHONDIR=/etc/ipython
+#ADD ipython_kernel_config.json /etc/ipython/profile_default/ipython_kernel_config.json
+#RUN chown -R $NB_UID /etc/ipython
+ENV JUPYTER_ENABLE_LAB=yes
+
+WORKDIR $HOME
+USER $NB_UID
+
+CMD ["setup.sh", "start-notebook.sh"]
diff --git a/vre-singleuser-interTwin/README.md b/vre-singleuser-interTwin/README.md
@@ -0,0 +1,119 @@
+# Integration of the Rucio JupyterLab extension in the interTwin infrastructure
+
+The extentension interacts with the interTwin RUCIO instance, running at DESY. The Jupyter session is spawned by [interLink](https://github.com/interTwin-eu/interLink), a package able to run a k8s pod (and thus any contenairised application) on remote resources.
+
+Please note that this image is still under development and will be constantly evolving
+
+## Try this image 
+
+**Needs both an EGI CheckIn and an interTwin Rucio active account**
+
+ - Connect to the [cluster](https://jhub.131.154.98.40.myip.cloud.infn.it/)
+ - Use the following image within the `Select your desired image` field, and select the desired offload mode. You must enable an offloading mode to be able to interact with Rucio.
+ ```bash
+ docker://ghcr.io/vre-hub/vre-singleuser-intertwin_dev:sha-7d09a10
+ ```
+
+### Setup your image to be compatible with interLink
+
+Within your Dockerfile image, install the following packages and add the `asyncssh_config.py` to the container. You could have a look to the [Dockerfile](./Dockerfile) as well.
+
+```Dockerfile
+# Spawning a jupyterLab session needs any jupyter BASE layer
+FROM jupyter/scipy-notebook:python-3.9.13
+
+RUN conda install -y -n base mamba \
+    && mamba install -y -c conda-forge asyncssh jupyterhub==1.5.0 \
+    && conda clean --all -f -y
+
+ADD asyncssh_config.py /opt/ssh/jupyterhub-singleuser
+RUN fix-permissions /opt/ssh/jupyterhub-singleuser \
+    && chown -R $NB_UID /opt/ssh/jupyterhub-singleuser \
+    && chmod +x /opt/ssh/jupyterhub-singleuser
+```
+with 
+```python
+$ cat asyncssh_config.py
+
+#!/opt/conda/bin/python
+# -*- coding: utf-8 -*-
+#
+# D. Ciangottini
+#
+import re
+import sys
+from jupyterhub.singleuser import main
+import asyncssh
+import logging
+import sys
+import asyncio
+import os
+from subprocess import Popen
+
+ssh_host = os.environ.get("JHUB_HOST")
+ssh_url_port = os.environ.get("SSH_PORT")
+username = os.environ.get("JUPYTERHUB_USER")
+token = os.environ.get("JUPYTERHUB_API_TOKEN")
+
+fwd_port = os.environ.get("FWD_PORT")
+
+async def run_client():
+    async with asyncssh.connect(
+                    host=ssh_host,
+                    port=int(ssh_url_port),
+                    username=username,
+                    password=token,
+                    known_hosts=None,
+                ) as conn:
+        conn.set_keepalive(interval=14.0, count_max=10)
+        listener = await conn.forward_remote_port(
+                "0.0.0.0",
+                int(fwd_port),
+                "0.0.0.0",
+                int(fwd_port),
+        )
+        await listener.wait_closed()
+
+
+if __name__ == '__main__':
+    print("Connecting ssh...")
+    loop = asyncio.get_event_loop()
+    loop.create_task(run_client())
+
+    print("Starting JLAB")
+    sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0])
+    sys.exit(main())
+```
+
+### Install the Rucio [JupyterLab extension](https://github.com/rucio/jupyterlab-extension) in the container
+
+Within your Dockerfile add the following lines. Check, and addapt if needed, the content of the bash and python files that also need to be added to the container.
+
+```Dockerfile
+# Installation of the RUCIO JupyterLab extension
+
+RUN conda install -y -n base mamba \
+    && mamba install -y -c conda-forge python-gfal2
+
+# jupyterlab extension compatible with jlab v=3.X.Y
+RUN pip install rucio-jupyterlab==0.10.0 \
+    && jupyter serverextension enable --py rucio_jupyterlab --sys-prefix 
+
+ADD configure.py /opt/setup-rucio-jupyterlab/configure.py
+RUN fix-permissions /opt/setup-rucio-jupyterlab/configure.py \
+    && chown -R $NB_UID /opt/setup-rucio-jupyterlab/configure.py \
+    && chmod +x /opt/setup-rucio-jupyterlab/configure.py
+
+ADD setup.sh /usr/local/bin/setup.sh
+RUN fix-permissions /usr/local/bin/setup.sh \
+    && sed -i -e 's/\r$/\n/' /usr/local/bin/setup.sh \
+    && chmod +x /usr/local/bin/setup.sh
+
+RUN mkdir -p /opt/rucio/etc \
+    && fix-permissions /opt/rucio/etc \
+    && chown -R ${NB_UID}:${NB_GID} /opt/rucio/etc 
+
+ENV JUPYTER_ENABLE_LAB=yes
+
+CMD ["setup.sh", "start-notebook.sh"]
+```
diff --git a/vre-singleuser-interTwin/asyncssh_config.py b/vre-singleuser-interTwin/asyncssh_config.py
@@ -0,0 +1,55 @@
+#!/opt/conda/bin/python
+# -*- coding: utf-8 -*-
+#
+# D. Ciangottini
+#
+import re
+import sys
+from jupyterhub.singleuser import main
+import asyncssh
+import logging
+import sys
+import asyncio
+import os
+from subprocess import Popen
+
+ssh_host = os.environ.get("JHUB_HOST")
+ssh_url_port = os.environ.get("SSH_PORT")
+username = os.environ.get("JUPYTERHUB_USER")
+token = os.environ.get("JUPYTERHUB_API_TOKEN")
+
+fwd_port = os.environ.get("FWD_PORT")
+
+async def run_client():
+    async with asyncssh.connect(
+                    host=ssh_host,
+                    port=int(ssh_url_port),
+                    username=username,
+                    password=token,
+                    known_hosts=None,
+                ) as conn:
+        conn.set_keepalive(interval=14.0, count_max=10)
+        listener = await conn.forward_remote_port(
+                "0.0.0.0",
+                int(fwd_port),
+                "0.0.0.0",
+                int(fwd_port),
+        )
+        await listener.wait_closed()
+
+
+if __name__ == '__main__':
+    print("Connecting ssh...")
+    loop = asyncio.get_event_loop()
+    loop.create_task(run_client())
+
+    print("Configuring Rucio extension...")
+    p = Popen(['/usr/local/bin/setup.sh'])
+    while p.poll() is None:
+        pass
+
+    print("Starting JLAB")
+    sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0])
+    sys.exit(main())
+
+