eoeair/jupyter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update code with upstream(start scripts) include add healthcheck,newer start scripts(to repair PATH be overwrited)

Browse Source
This commit is contained in:
ben0i0d 2024-10-17 23:36:44 +08:00
parent 6727f1e209
commit 8b2196a72c
24 changed files with 283 additions and 2534 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
.gitea/workflows/Flow.yaml
View File

@ -11,7 +11,8 @@ jobs:
- name: py-c build
uses: https://eoelab.org:1027/actions/build-push-action@v6
with:
context: python/cpu
context: python
build-args: BASE_IMAGE=debian:bookworm-slim
tags: eoelab.org:1027/${{ gitea.repository }}:py-c
SCIPY:
@ -38,7 +39,7 @@ jobs:
context: ScienceCompute/pyai/cpu
tags: eoelab.org:1027/${{ gitea.repository }}:pyai-c
SCRPY_C:
SCRPY:
runs-on: runner
needs: Base
steps:
@ -135,6 +136,11 @@ jobs:
steps:
- name: checkout code
uses: https://eoelab.org:1027/actions/checkout@v4
- name: chapel build
uses: https://eoelab.org:1027/actions/build-push-action@v6
with:
context: Program/chapel
tags: eoelab.org:1027/${{ gitea.repository }}:chapel
CPP:
runs-on: runner
@ -326,7 +332,7 @@ jobs:
Push:
runs-on: runner
needs: [HASKELL] # MATLAB_MCM, MAPLE, MMA
needs: [CHAPEL] # MATLAB_MCM, MAPLE, MMA
steps:
- name: login gitea_registry
uses: https://eoelab.org:1027/actions/login-action@v3

2
.gitignore vendored
View File

@ -1,2 +0,0 @@
mathematica/Mathematica_14.0.0_LINUX.sh
maple/Maple2024.0LinuxX64Installer.run

34
Program/chapel/Dockerfile
View File

@ -1,24 +1,24 @@
FROM eoelab.org:1027/ben0i0d/jupyter:py-c
WORKDIR /opt
COPY chapel-1.31.0.tar.gz ./
FROM eoelab.org:1027/ben0i0d/jupyter:py-c AS builder
USER root
ENV PATH="/home/linuxbrew/.linuxbrew/bin:/home/linuxbrew/.linuxbrew/sbin:${PATH}" \
CHPL_LIB_PIC=shared
WORKDIR /opt
RUN apt-get update --yes && apt-get install --yes --no-install-recommends wget && apt-get clean && rm -rf /var/lib/apt/lists/* && \
wget https://eoelab.org:1027/ben0i0d/sources/src/commit/a3cbcdd8551fa0bc27be0ae7e6d2d0aa5d997efe/chapel-2.2.0-1.debian12.amd64.deb
FROM eoelab.org:1027/ben0i0d/jupyter:py-c
USER root
COPY --from=builder /opt/chapel-2.2.0-1.debian12.amd64.deb /tmp/chapel-2.2.0-1.debian12.amd64.deb
RUN apt-get update --yes && \
apt-get install --yes --no-install-recommends gcc g++ m4 perl make mawk pkg-config cmake \
llvm-dev llvm clang libclang-dev libclang-cpp-dev libedit-dev && \
apt-get clean && rm -rf /var/lib/apt/lists/* && \
tar -xzf chapel-1.31.0.tar.gz && \
cd chapel-1.31.0 && \
source util/quickstart/setchplenv.bash && make && \
pip install --no-cache-dir jupyter-kernel-chapel
apt-get install --yes /tmp/chapel-2.2.0-1.debian12.amd64.deb && rm /tmp/chapel-2.2.0-1.debian12.amd64.deb && \
apt-get clean && rm -rf /var/lib/apt/lists/*
USER ${NB_UID}
WORKDIR "${HOME}"
RUN pip install jupyter-kernel-chapel && \
pip cache purge

40
Program/haskell/Dockerfile
View File

@ -1,19 +1,45 @@
FROM eoelab.org:1027/ben0i0d/jupyter:py-c
FROM eoelab.org:1027/ben0i0d/jupyter:py-c
# AS builder
USER root
WORKDIR /opt
ENV STACK_ROOT=/opt/stack
# Stack switch to mirrored source
COPY stack.config.yaml /etc/stack/config.yaml
#COPY global-hints.yaml /etc/stack/global-hints-cache.yaml
COPY config.yaml /etc/stack/config.yaml
# Install system dependencies
RUN apt-get update && apt-get install --yes haskell-stack git g++ && \
RUN apt-get update && apt-get install --yes haskell-stack git g++ wget libtinfo-dev libzmq3-dev libcairo2-dev libpango1.0-dev libmagic-dev libblas-dev liblapack-dev && \
apt-get clean && rm -rf /var/lib/apt/lists/* && \
mkdir -p /opt/stack && chown $NB_UID:$NB_GID /opt/stack
wget -O /etc/stack/global-hints-cache.yaml https://mirrors.ustc.edu.cn/stackage/stackage-content/stack/global-hints.yaml && \
mkdir -p /opt/stack && chown ${NB_UID}:${NB_GID} /opt/stack && \
git clone --depth 1 https://eoelab.org:1027/mirrors/IHaskell.git && \
sed -i 's/github.com\/codedownio/eoelab.org:1027\/mirrors/g' IHaskell/stack.yaml && \
chown -R ${NB_UID}:${NB_GID} IHaskell
USER ${NB_UID}
# Build IHaskell
USER $NB_UID
#RUN cd IHaskell && stack install --fast --local-bin-path=/usr/local/bin
# FROM eoelab.org:1027/ben0i0d/jupyter:py-c
# USER root
# ENV STACK_ROOT=/opt/stack
# # Stack switch to mirrored source
# COPY config.yaml /etc/stack/config.yaml
# COPY --from=builder /usr/local/bin/ihaskell /usr/local/bin/ihaskell
# COPY --chown="${NB_UID}:${NB_GID}" --from=builder /opt/stack/ /opt/stack/
# RUN apt-get update --yes && apt-get install --yes --no-install-recommends haskell-stack && \
# apt-get clean && rm -rf /var/lib/apt/lists/*
# USER ${NB_UID}
# RUN ihaskell install --stack --prefix=/opt/base

0
Program/haskell/stack.config.yaml → Program/haskell/config.yaml
View File

2004
Program/haskell/global-hints.yaml
View File

File diff suppressed because it is too large Load Diff

30
python/gpu/Dockerfile → python/Dockerfile
View File

@ -1,4 +1,6 @@
FROM debian:bookworm-slim
ARG BASE_IMAGE
FROM ${BASE_IMAGE}
EXPOSE 8888
@ -11,21 +13,27 @@ ENV DEBIAN_FRONTEND=noninteractive \
NB_GID=100 \
SHELL=/bin/bash \
PATH="/opt/base/bin:${PATH}" \
HOME="/home/jovyan"
HOME="/home/jovyan"
# start script
COPY start-sh/* /usr/local/bin/
# jupyter config(to disable hide files)
COPY jupyter_server_config.py /etc/jupyter/
# jupyter config (to disable hide files) & healthcheck script
COPY jupyter_server_config.py docker_healthcheck.py /etc/jupyter/
# shell profile , to disable PATH be overwrited by jupyter
COPY profile /etc/
RUN sed -i 's/deb.debian.org/mirrors.ustc.edu.cn/g' /etc/apt/sources.list.d/debian.sources && \
# install base packages
apt-get update --yes && apt-get install --yes --no-install-recommends sudo tini unzip python3-venv && \
apt-get clean && rm -rf /var/lib/apt/lists/* && \
chmod a+rx /usr/local/bin/* && \
# disable super permision
echo "auth requisite pam_deny.so" >> /etc/pam.d/su && \
sed -i.bak -e 's/^%admin/#%admin/' /etc/sudoers && \
sed -i.bak -e 's/^%sudo/#%sudo/' /etc/sudoers && \
# Create user , set password and add to sudoers
useradd -l -m -s /bin/bash -N -u "${NB_UID}" "${NB_USER}" && \
usermod -aG sudo "${NB_USER}" && echo "${NB_USER} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers && \
useradd --no-log-init --create-home --shell /bin/bash --uid "${NB_UID}" --no-user-group "${NB_USER}" && \
echo "${NB_USER} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers && \
chmod g+w /etc/passwd && \
# Create dirs for startup hooks
mkdir /usr/local/bin/start-notebook.d && mkdir /usr/local/bin/before-notebook.d && \
@ -33,6 +41,12 @@ RUN sed -i 's/deb.debian.org/mirrors.ustc.edu.cn/g' /etc/apt/sources.list.d/debi
mkdir -p "/opt/base/" && python3 -m venv /opt/base && chown -hR "${NB_USER}:${NB_GID}" "/opt/base" && \
echo '[global]\nindex-url = https://mirrors.bfsu.edu.cn/pypi/web/simple' > /etc/pip.conf
# HEALTHCHECK documentation: https://docs.docker.com/engine/reference/builder/#healthcheck
# This healtcheck works well for `lab`, `notebook`, `nbclassic`, `server`, and `retro` jupyter commands
# https://github.com/jupyter/docker-stacks/issues/915#issuecomment-1068528799
HEALTHCHECK --interval=3s --timeout=1s --start-period=3s --retries=3 \
CMD /etc/jupyter/docker_healthcheck.py || exit 1
USER ${NB_UID}
# install jupyter extension
@ -43,5 +57,5 @@ RUN pip install 'jupyterlab' 'jupyterhub' && \
WORKDIR "${HOME}"
# Configure container startup
ENTRYPOINT ["tini", "-g", "--"]
CMD ["start-notebook.sh"]
ENTRYPOINT ["tini", "-g", "--", "start.sh"]
CMD ["start-notebook.py"]

47
python/cpu/Dockerfile
View File

@ -1,47 +0,0 @@
FROM debian:bookworm-slim
EXPOSE 8888
USER root
# Configure environment
ENV DEBIAN_FRONTEND=noninteractive \
NB_USER=jovyan \
NB_UID=1000 \
NB_GID=100 \
SHELL=/bin/bash \
PATH="/opt/base/bin:${PATH}" \
HOME="/home/jovyan"
# start script
COPY start-sh/* /usr/local/bin/
# jupyter config(to disable hide files)
COPY jupyter_server_config.py /etc/jupyter/
RUN sed -i 's/deb.debian.org/mirrors.ustc.edu.cn/g' /etc/apt/sources.list.d/debian.sources && \
# install base packages
apt-get update --yes && apt-get install --yes --no-install-recommends sudo tini unzip python3-venv && \
apt-get clean && rm -rf /var/lib/apt/lists/* && \
chmod a+rx /usr/local/bin/* && \
# Create user , set password and add to sudoers
useradd -l -m -s /bin/bash -N -u "${NB_UID}" "${NB_USER}" && \
usermod -aG sudo "${NB_USER}" && echo "${NB_USER} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers && \
chmod g+w /etc/passwd && \
# Create dirs for startup hooks
mkdir /usr/local/bin/start-notebook.d && mkdir /usr/local/bin/before-notebook.d && \
# setup base venv & pip_mirror
mkdir -p "/opt/base/" && python3 -m venv /opt/base && chown -hR "${NB_USER}:${NB_GID}" "/opt/base" && \
echo '[global]\nindex-url = https://mirrors.bfsu.edu.cn/pypi/web/simple' > /etc/pip.conf
USER ${NB_UID}
# install jupyter extension
RUN pip install 'jupyterlab' 'jupyterhub' && \
pip install jupyterlab-language-pack-zh-CN jupyterlab_tabnine && \
pip cache purge
WORKDIR "${HOME}"
# Configure container startup
ENTRYPOINT ["tini", "-g", "--"]
CMD ["start-notebook.sh"]

46
python/cpu/start-sh/run-hooks.sh
View File

@ -1,46 +0,0 @@
#!/bin/bash
# Copyright (c) Jupyter Development Team.
# Distributed under the terms of the Modified BSD License.
# The run-hooks.sh script looks for *.sh scripts to source
# and executable files to run within a passed directory
if [ "$#" -ne 1 ]; then
echo "Should pass exactly one directory"
return 1
fi
if [[ ! -d "${1}" ]] ; then
echo "Directory ${1} doesn't exist or is not a directory"
return 1
fi
echo "Running hooks in: ${1} as uid: $(id -u) gid: $(id -g)"
for f in "${1}/"*; do
# Hadling a case when the directory is empty
[ -e "${f}" ] || continue
case "${f}" in
*.sh)
echo "Sourcing shell script: ${f}"
# shellcheck disable=SC1090
source "${f}"
# shellcheck disable=SC2181
if [ $? -ne 0 ] ; then
echo "${f} has failed, continuing execution"
fi
;;
*)
if [ -x "${f}" ] ; then
echo "Running executable: ${f}"
"${f}"
# shellcheck disable=SC2181
if [ $? -ne 0 ] ; then
echo "${f} has failed, continuing execution"
fi
else
echo "Ignoring non-executable: ${f}"
fi
;;
esac
done
echo "Done running hooks in: ${1}"

22
python/cpu/start-sh/start-notebook.sh
View File

@ -1,22 +0,0 @@
#!/bin/bash
# Copyright (c) Jupyter Development Team.
# Distributed under the terms of the Modified BSD License.
set -e
# The Jupyter command to launch
# JupyterLab by default
DOCKER_STACKS_JUPYTER_CMD="${DOCKER_STACKS_JUPYTER_CMD:=lab}"
if [[ -n "${JUPYTERHUB_API_TOKEN}" ]]; then
echo "WARNING: using start-singleuser.sh instead of start-notebook.sh to start a server associated with JupyterHub."
exec /usr/local/bin/start-singleuser.sh "$@"
fi
wrapper=""
if [[ "${RESTARTABLE}" == "yes" ]]; then
wrapper="run-one-constantly"
fi
# shellcheck disable=SC1091,SC2086
exec /usr/local/bin/start.sh ${wrapper} jupyter ${DOCKER_STACKS_JUPYTER_CMD} ${NOTEBOOK_ARGS} "$@"

13
python/cpu/start-sh/start-singleuser.sh
View File

@ -1,13 +0,0 @@
#!/bin/bash
# Copyright (c) Jupyter Development Team.
# Distributed under the terms of the Modified BSD License.
set -e
# set default ip to 0.0.0.0
if [[ "${NOTEBOOK_ARGS} $*" != *"--ip="* ]]; then
NOTEBOOK_ARGS="--ip=0.0.0.0 ${NOTEBOOK_ARGS}"
fi
# shellcheck disable=SC1091,SC2086
. /usr/local/bin/start.sh jupyterhub-singleuser ${NOTEBOOK_ARGS} "$@"

240
python/cpu/start-sh/start.sh
View File

@ -1,240 +0,0 @@
#!/bin/bash
# Copyright (c) Jupyter Development Team.
# Distributed under the terms of the Modified BSD License.
set -e
# The _log function is used for everything this script wants to log. It will
# always log errors and warnings, but can be silenced for other messages
# by setting JUPYTER_DOCKER_STACKS_QUIET environment variable.
_log () {
if [[ "$*" == "ERROR:"* ]] || [[ "$*" == "WARNING:"* ]] || [[ "${JUPYTER_DOCKER_STACKS_QUIET}" == "" ]]; then
echo "$@"
fi
}
_log "Entered start.sh with args:" "$@"
# A helper function to unset env vars listed in the value of the env var
# JUPYTER_ENV_VARS_TO_UNSET.
unset_explicit_env_vars () {
if [ -n "${JUPYTER_ENV_VARS_TO_UNSET}" ]; then
for env_var_to_unset in $(echo "${JUPYTER_ENV_VARS_TO_UNSET}" | tr ',' ' '); do
_log "Unset ${env_var_to_unset} due to JUPYTER_ENV_VARS_TO_UNSET"
unset "${env_var_to_unset}"
done
unset JUPYTER_ENV_VARS_TO_UNSET
fi
}
# Default to starting bash if no command was specified
if [ $# -eq 0 ]; then
cmd=( "bash" )
else
cmd=( "$@" )
fi
# NOTE: This hook will run as the user the container was started with!
# shellcheck disable=SC1091
source /usr/local/bin/run-hooks.sh /usr/local/bin/start-notebook.d
# If the container started as the root user, then we have permission to refit
# the jovyan user, and ensure file permissions, grant sudo rights, and such
# things before we run the command passed to start.sh as the desired user
# (NB_USER).
#
if [ "$(id -u)" == 0 ] ; then
# Environment variables:
# - NB_USER: the desired username and associated home folder
# - NB_UID: the desired user id
# - NB_GID: a group id we want our user to belong to
# - NB_GROUP: a group name we want for the group
# - GRANT_SUDO: a boolean ("1" or "yes") to grant the user sudo rights
# - CHOWN_HOME: a boolean ("1" or "yes") to chown the user's home folder
# - CHOWN_EXTRA: a comma separated list of paths to chown
# - CHOWN_HOME_OPTS / CHOWN_EXTRA_OPTS: arguments to the chown commands
# Refit the jovyan user to the desired the user (NB_USER)
if id jovyan &> /dev/null ; then
if ! usermod --home "/home/${NB_USER}" --login "${NB_USER}" jovyan 2>&1 | grep "no changes" > /dev/null; then
_log "Updated the jovyan user:"
_log "- username: jovyan -> ${NB_USER}"
_log "- home dir: /home/jovyan -> /home/${NB_USER}"
fi
elif ! id -u "${NB_USER}" &> /dev/null; then
_log "ERROR: Neither the jovyan user or '${NB_USER}' exists. This could be the result of stopping and starting, the container with a different NB_USER environment variable."
exit 1
fi
# Ensure the desired user (NB_USER) gets its desired user id (NB_UID) and is
# a member of the desired group (NB_GROUP, NB_GID)
if [ "${NB_UID}" != "$(id -u "${NB_USER}")" ] || [ "${NB_GID}" != "$(id -g "${NB_USER}")" ]; then
_log "Update ${NB_USER}'s UID:GID to ${NB_UID}:${NB_GID}"
# Ensure the desired group's existence
if [ "${NB_GID}" != "$(id -g "${NB_USER}")" ]; then
groupadd --force --gid "${NB_GID}" --non-unique "${NB_GROUP:-${NB_USER}}"
fi
# Recreate the desired user as we want it
userdel "${NB_USER}"
useradd --no-log-init --home "/home/${NB_USER}" --shell /bin/bash --uid "${NB_UID}" --gid "${NB_GID}" --groups 100 "${NB_USER}"
fi
# Move or symlink the jovyan home directory to the desired users home
# directory if it doesn't already exist, and update the current working
# directory to the new location if needed.
if [[ "${NB_USER}" != "jovyan" ]]; then
if [[ ! -e "/home/${NB_USER}" ]]; then
_log "Attempting to copy /home/jovyan to /home/${NB_USER}..."
mkdir "/home/${NB_USER}"
if cp -a /home/jovyan/. "/home/${NB_USER}/"; then
_log "Success!"
else
_log "Failed to copy data from /home/jovyan to /home/${NB_USER}!"
_log "Attempting to symlink /home/jovyan to /home/${NB_USER}..."
if ln -s /home/jovyan "/home/${NB_USER}"; then
_log "Success creating symlink!"
else
_log "ERROR: Failed copy data from /home/jovyan to /home/${NB_USER} or to create symlink!"
exit 1
fi
fi
fi
# Ensure the current working directory is updated to the new path
if [[ "${PWD}/" == "/home/jovyan/"* ]]; then
new_wd="/home/${NB_USER}/${PWD:13}"
_log "Changing working directory to ${new_wd}"
cd "${new_wd}"
fi
fi
# Optionally ensure the desired user get filesystem ownership of it's home
# folder and/or additional folders
if [[ "${CHOWN_HOME}" == "1" || "${CHOWN_HOME}" == "yes" ]]; then
_log "Ensuring /home/${NB_USER} is owned by ${NB_UID}:${NB_GID} ${CHOWN_HOME_OPTS:+(chown options: ${CHOWN_HOME_OPTS})}"
# shellcheck disable=SC2086
chown ${CHOWN_HOME_OPTS} "${NB_UID}:${NB_GID}" "/home/${NB_USER}"
fi
if [ -n "${CHOWN_EXTRA}" ]; then
for extra_dir in $(echo "${CHOWN_EXTRA}" | tr ',' ' '); do
_log "Ensuring ${extra_dir} is owned by ${NB_UID}:${NB_GID} ${CHOWN_EXTRA_OPTS:+(chown options: ${CHOWN_EXTRA_OPTS})}"
# shellcheck disable=SC2086
chown ${CHOWN_EXTRA_OPTS} "${NB_UID}:${NB_GID}" "${extra_dir}"
done
fi
# Update potentially outdated environment variables since image build
export XDG_CACHE_HOME="/home/${NB_USER}/.cache"
# Prepend ${CONDA_DIR}/bin to sudo secure_path
sed -r "s#Defaults\s+secure_path\s*=\s*\"?([^\"]+)\"?#Defaults secure_path=\"${CONDA_DIR}/bin:\1\"#" /etc/sudoers | grep secure_path > /etc/sudoers.d/path
# Optionally grant passwordless sudo rights for the desired user
if [[ "$GRANT_SUDO" == "1" || "$GRANT_SUDO" == "yes" ]]; then
_log "Granting ${NB_USER} passwordless sudo rights!"
echo "${NB_USER} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/added-by-start-script
fi
# NOTE: This hook is run as the root user!
# shellcheck disable=SC1091
source /usr/local/bin/run-hooks.sh /usr/local/bin/before-notebook.d
unset_explicit_env_vars
_log "Running as ${NB_USER}:" "${cmd[@]}"
exec sudo --preserve-env --set-home --user "${NB_USER}" \
LD_LIBRARY_PATH="${LD_LIBRARY_PATH}" \
PATH="${PATH}" \
PYTHONPATH="${PYTHONPATH:-}" \
"${cmd[@]}"
# Notes on how we ensure that the environment that this container is started
# with is preserved (except vars listed in JUPYTER_ENV_VARS_TO_UNSET) when
# we transition from running as root to running as NB_USER.
#
# - We use `sudo` to execute the command as NB_USER. What then
# happens to the environment will be determined by configuration in
# /etc/sudoers and /etc/sudoers.d/* as well as flags we pass to the sudo
# command. The behavior can be inspected with `sudo -V` run as root.
#
# ref: `man sudo` https://linux.die.net/man/8/sudo
# ref: `man sudoers` https://www.sudo.ws/docs/man/sudoers.man/
#
# - We use the `--preserve-env` flag to pass through most environment
# variables, but understand that exceptions are caused by the sudoers
# configuration: `env_delete` and `env_check`.
#
# - We use the `--set-home` flag to set the HOME variable appropriately.
#
# - To reduce the default list of variables deleted by sudo, we could have
# used `env_delete` from /etc/sudoers. It has higher priority than the
# `--preserve-env` flag and the `env_keep` configuration.
#
# - We preserve LD_LIBRARY_PATH, PATH and PYTHONPATH explicitly. Note however that sudo
# resolves `${cmd[@]}` using the "secure_path" variable we modified
# above in /etc/sudoers.d/path. Thus PATH is irrelevant to how the above
# sudo command resolves the path of `${cmd[@]}`. The PATH will be relevant
# for resolving paths of any subprocesses spawned by `${cmd[@]}`.
# The container didn't start as the root user, so we will have to act as the
# user we started as.
else
# Warn about misconfiguration of: granting sudo rights
if [[ "${GRANT_SUDO}" == "1" || "${GRANT_SUDO}" == "yes" ]]; then
_log "WARNING: container must be started as root to grant sudo permissions!"
fi
JOVYAN_UID="$(id -u jovyan 2>/dev/null)" # The default UID for the jovyan user
JOVYAN_GID="$(id -g jovyan 2>/dev/null)" # The default GID for the jovyan user
# Attempt to ensure the user uid we currently run as has a named entry in
# the /etc/passwd file, as it avoids software crashing on hard assumptions
# on such entry. Writing to the /etc/passwd was allowed for the root group
# from the Dockerfile during build.
#
# ref: https://github.com/jupyter/docker-stacks/issues/552
if ! whoami &> /dev/null; then
_log "There is no entry in /etc/passwd for our UID=$(id -u). Attempting to fix..."
if [[ -w /etc/passwd ]]; then
_log "Renaming old jovyan user to nayvoj ($(id -u jovyan):$(id -g jovyan))"
# We cannot use "sed --in-place" since sed tries to create a temp file in
# /etc/ and we may not have write access. Apply sed on our own temp file:
sed --expression="s/^jovyan:/nayvoj:/" /etc/passwd > /tmp/passwd
echo "${NB_USER}:x:$(id -u):$(id -g):,,,:/home/jovyan:/bin/bash" >> /tmp/passwd
cat /tmp/passwd > /etc/passwd
rm /tmp/passwd
_log "Added new ${NB_USER} user ($(id -u):$(id -g)). Fixed UID!"
if [[ "${NB_USER}" != "jovyan" ]]; then
_log "WARNING: user is ${NB_USER} but home is /home/jovyan. You must run as root to rename the home directory!"
fi
else
_log "WARNING: unable to fix missing /etc/passwd entry because we don't have write permission. Try setting gid=0 with \"--user=$(id -u):0\"."
fi
fi
# Warn about misconfiguration of: desired username, user id, or group id.
# A misconfiguration occurs when the user modifies the default values of
# NB_USER, NB_UID, or NB_GID, but we cannot update those values because we
# are not root.
if [[ "${NB_USER}" != "jovyan" && "${NB_USER}" != "$(id -un)" ]]; then
_log "WARNING: container must be started as root to change the desired user's name with NB_USER=\"${NB_USER}\"!"
fi
if [[ "${NB_UID}" != "${JOVYAN_UID}" && "${NB_UID}" != "$(id -u)" ]]; then
_log "WARNING: container must be started as root to change the desired user's id with NB_UID=\"${NB_UID}\"!"
fi
if [[ "${NB_GID}" != "${JOVYAN_GID}" && "${NB_GID}" != "$(id -g)" ]]; then
_log "WARNING: container must be started as root to change the desired user's group id with NB_GID=\"${NB_GID}\"!"
fi
# Warn if the user isn't able to write files to ${HOME}
if [[ ! -w /home/jovyan ]]; then
_log "WARNING: no write access to /home/jovyan. Try starting the container with group 'users' (100), e.g. using \"--group-add=users\"."
fi
# NOTE: This hook is run as the user we started the container as!
# shellcheck disable=SC1091
source /usr/local/bin/run-hooks.sh /usr/local/bin/before-notebook.d
unset_explicit_env_vars
_log "Executing the command:" "${cmd[@]}"
exec "${cmd[@]}"
fi

39
python/docker_healthcheck.py Normal file
View File

@ -0,0 +1,39 @@
#!/usr/bin/env python3
# Copyright (c) Jupyter Development Team.
# Distributed under the terms of the Modified BSD License.
import json
import os
import subprocess
from pathlib import Path
import requests
# Several operations below deliberately don't check for possible errors
# As this is a health check, it should succeed or raise an exception on error
# Docker runs health checks using an exec
# It uses the default user configured when running the image: root for the case of a custom NB_USER or jovyan for the case of the default image user.
# We manually change HOME to make `jupyter --runtime-dir` report a correct path
# More information: <https://github.com/jupyter/docker-stacks/pull/2074#issuecomment-1879778409>
result = subprocess.run(
["jupyter", "--runtime-dir"],
check=True,
capture_output=True,
text=True,
env=dict(os.environ) | {"HOME": "/home/" + os.environ["NB_USER"]},
)
runtime_dir = Path(result.stdout.rstrip())
json_file = next(runtime_dir.glob("*server-*.json"))
url = json.loads(json_file.read_bytes())["url"]
url = url + "api"
proxies = {
"http": "",
"https": "",
}
r = requests.get(url, proxies=proxies, verify=False) # request without SSL verification
r.raise_for_status()
print(r.content)

61
python/gpu/jupyter_server_config.py
View File

@ -1,61 +0,0 @@
# Copyright (c) Jupyter Development Team.
# Distributed under the terms of the Modified BSD License.
# mypy: ignore-errors
import os
import stat
import subprocess
from pathlib import Path
from jupyter_core.paths import jupyter_data_dir
c = get_config() # noqa: F821
c.ServerApp.ip = "0.0.0.0"
c.ServerApp.open_browser = False
# to output both image/svg+xml and application/pdf plot formats in the notebook file
c.InlineBackend.figure_formats = {"png", "jpeg", "svg", "pdf"}
# https://github.com/jupyter/notebook/issues/3130
c.FileContentsManager.delete_to_trash = False
# https://github.com/jupyter/notebook/issues/7409
c.ContentsManager.hide_globs = []
# Generate a self-signed certificate
OPENSSL_CONFIG = """\
[req]
distinguished_name = req_distinguished_name
[req_distinguished_name]
"""
if "GEN_CERT" in os.environ:
dir_name = Path(jupyter_data_dir())
dir_name.mkdir(parents=True, exist_ok=True)
pem_file = dir_name / "notebook.pem"
# Generate an openssl.cnf file to set the distinguished name
cnf_file = Path(os.getenv("CONDA_DIR", "/usr/lib")) / "ssl/openssl.cnf"
if not cnf_file.exists():
cnf_file.write_text(OPENSSL_CONFIG)
# Generate a certificate if one doesn't exist on a disk
subprocess.check_call(
[
"openssl",
"req",
"-new",
"-newkey=rsa:2048",
"-days=365",
"-nodes",
"-x509",
"-subj=/C=XX/ST=XX/L=XX/O=generated/CN=generated",
f"-keyout={pem_file}",
f"-out={pem_file}",
]
)
# Restrict access to the file
pem_file.chmod(stat.S_IRUSR | stat.S_IWUSR)
c.ServerApp.certfile = str(pem_file)
# Change default umask for all subprocesses of the Server if set in the environment
if "NB_UMASK" in os.environ:
os.umask(int(os.environ["NB_UMASK"], 8))

22
python/gpu/start-sh/start-notebook.sh
View File

@ -1,22 +0,0 @@
#!/bin/bash
# Copyright (c) Jupyter Development Team.
# Distributed under the terms of the Modified BSD License.
set -e
# The Jupyter command to launch
# JupyterLab by default
DOCKER_STACKS_JUPYTER_CMD="${DOCKER_STACKS_JUPYTER_CMD:=lab}"
if [[ -n "${JUPYTERHUB_API_TOKEN}" ]]; then
echo "WARNING: using start-singleuser.sh instead of start-notebook.sh to start a server associated with JupyterHub."
exec /usr/local/bin/start-singleuser.sh "$@"
fi
wrapper=""
if [[ "${RESTARTABLE}" == "yes" ]]; then
wrapper="run-one-constantly"
fi
# shellcheck disable=SC1091,SC2086
exec /usr/local/bin/start.sh ${wrapper} jupyter ${DOCKER_STACKS_JUPYTER_CMD} ${NOTEBOOK_ARGS} "$@"

13
python/gpu/start-sh/start-singleuser.sh
View File

@ -1,13 +0,0 @@
#!/bin/bash
# Copyright (c) Jupyter Development Team.
# Distributed under the terms of the Modified BSD License.
set -e
# set default ip to 0.0.0.0
if [[ "${NOTEBOOK_ARGS} $*" != *"--ip="* ]]; then
NOTEBOOK_ARGS="--ip=0.0.0.0 ${NOTEBOOK_ARGS}"
fi
# shellcheck disable=SC1091,SC2086
. /usr/local/bin/start.sh jupyterhub-singleuser ${NOTEBOOK_ARGS} "$@"

0
python/cpu/jupyter_server_config.py → python/jupyter_server_config.py
View File

34
python/profile Normal file
View File

@ -0,0 +1,34 @@
# /etc/profile: system-wide .profile file for the Bourne shell (sh(1))
# and Bourne compatible shells (bash(1), ksh(1), ash(1), ...).
# if [ "$(id -u)" -eq 0 ]; then
# PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# else
# PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games"
# fi
# export PATH
if [ "${PS1-}" ]; then
if [ "${BASH-}" ] && [ "$BASH" != "/bin/sh" ]; then
# The file bash.bashrc already sets the default PS1.
# PS1='\h:\w\$ '
if [ -f /etc/bash.bashrc ]; then
. /etc/bash.bashrc
fi
else
if [ "$(id -u)" -eq 0 ]; then
PS1='# '
else
PS1='$ '
fi
fi
fi
if [ -d /etc/profile.d ]; then
for i in /etc/profile.d/*.sh; do
if [ -r $i ]; then
. $i
fi
done
unset i
fi

12
python/gpu/start-sh/run-hooks.sh → python/start-sh/run-hooks.sh
View File

@ -10,14 +10,14 @@ if [ "$#" -ne 1 ]; then
return 1
fi
if [[ ! -d "${1}" ]] ; then
if [[ ! -d "${1}" ]]; then
echo "Directory ${1} doesn't exist or is not a directory"
return 1
fi
echo "Running hooks in: ${1} as uid: $(id -u) gid: $(id -g)"
for f in "${1}/"*; do
# Hadling a case when the directory is empty
# Handling a case when the directory is empty
[ -e "${f}" ] || continue
case "${f}" in
*.sh)
@ -25,16 +25,16 @@ for f in "${1}/"*; do
# shellcheck disable=SC1090
source "${f}"
# shellcheck disable=SC2181
if [ $? -ne 0 ] ; then
if [ $? -ne 0 ]; then
echo "${f} has failed, continuing execution"
fi
;;
*)
if [ -x "${f}" ] ; then
if [ -x "${f}" ]; then
echo "Running executable: ${f}"
"${f}"
# shellcheck disable=SC2181
if [ $? -ne 0 ] ; then
if [ $? -ne 0 ]; then
echo "${f} has failed, continuing execution"
fi
else
@ -43,4 +43,4 @@ for f in "${1}/"*; do
;;
esac
done
echo "Done running hooks in: ${1}"
echo "Done running hooks in: ${1}"

44
python/start-sh/start-notebook.py Normal file
View File

@ -0,0 +1,44 @@
#!/usr/bin/env python
# Copyright (c) Jupyter Development Team.
# Distributed under the terms of the Modified BSD License.
import os
import shlex
import sys
# If we are in a JupyterHub, we pass on to `start-singleuser.py` instead so it does the right thing
if "JUPYTERHUB_API_TOKEN" in os.environ:
print(
"WARNING: using start-singleuser.py instead of start-notebook.py to start a server associated with JupyterHub."
)
command = ["/usr/local/bin/start-singleuser.py"] + sys.argv[1:]
os.execvp(command[0], command)
# Entrypoint is start.sh
command = []
# If we want to survive restarts, launch the command using `run-one-constantly`
if os.environ.get("RESTARTABLE") == "yes":
command.append("run-one-constantly")
# We always launch a jupyter subcommand from this script
command.append("jupyter")
# Launch the configured subcommand.
# Note that this should be a single string, so we don't split it.
# We default to `lab`.
jupyter_command = os.environ.get("DOCKER_STACKS_JUPYTER_CMD", "lab")
command.append(jupyter_command)
# Append any optional NOTEBOOK_ARGS we were passed in.
# This is supposed to be multiple args passed on to the notebook command,
# so we split it correctly with shlex
if "NOTEBOOK_ARGS" in os.environ:
command += shlex.split(os.environ["NOTEBOOK_ARGS"])
# Pass through any other args we were passed on the command line
command += sys.argv[1:]
# Execute the command!
print("Executing: " + " ".join(command))
os.execvp(command[0], command)

5
python/start-sh/start-notebook.sh Normal file
View File

@ -0,0 +1,5 @@
#!/bin/bash
# Shim to emit warning and call start-notebook.py
echo "WARNING: Use start-notebook.py instead"
exec /usr/local/bin/start-notebook.py "$@"

26
python/start-sh/start-singleuser.py Normal file
View File

@ -0,0 +1,26 @@
#!/usr/bin/env python
# Copyright (c) Jupyter Development Team.
# Distributed under the terms of the Modified BSD License.
import os
import shlex
import sys
# Entrypoint is start.sh
command = ["jupyterhub-singleuser"]
# set default ip to 0.0.0.0
if "--ip=" not in os.environ.get("NOTEBOOK_ARGS", ""):
command.append("--ip=0.0.0.0")
# Append any optional NOTEBOOK_ARGS we were passed in.
# This is supposed to be multiple args passed on to the notebook command,
# so we split it correctly with shlex
if "NOTEBOOK_ARGS" in os.environ:
command += shlex.split(os.environ["NOTEBOOK_ARGS"])
# Pass any other args we have been passed through
command += sys.argv[1:]
# Execute the command!
print("Executing: " + " ".join(command))
os.execvp(command[0], command)

5
python/start-sh/start-singleuser.sh Normal file
View File

@ -0,0 +1,5 @@
#!/bin/bash
# Shim to emit warning and call start-singleuser.py
echo "WARNING: Use start-singleuser.py instead"
exec /usr/local/bin/start-singleuser.py "$@"

66
python/gpu/start-sh/start.sh → python/start-sh/start.sh
View File

@ -4,9 +4,9 @@
set -e
# The _log function is used for everything this script wants to log. It will
# always log errors and warnings, but can be silenced for other messages
# by setting JUPYTER_DOCKER_STACKS_QUIET environment variable.
# The _log function is used for everything this script wants to log.
# It will always log errors and warnings but can be silenced for other messages
# by setting the JUPYTER_DOCKER_STACKS_QUIET environment variable.
_log () {
if [[ "$*" == "ERROR:"* ]] || [[ "$*" == "WARNING:"* ]] || [[ "${JUPYTER_DOCKER_STACKS_QUIET}" == "" ]]; then
echo "$@"
@ -34,6 +34,17 @@ else
cmd=( "$@" )
fi
# Backwards compatibility: `start.sh` is executed by default in ENTRYPOINT
# so it should no longer be specified in CMD
if [ "${_START_SH_EXECUTED}" = "1" ]; then
_log "WARNING: start.sh is the default ENTRYPOINT, do not include it in CMD"
_log "Executing the command:" "${cmd[@]}"
exec "${cmd[@]}"
else
export _START_SH_EXECUTED=1
fi
# NOTE: This hook will run as the user the container was started with!
# shellcheck disable=SC1091
source /usr/local/bin/run-hooks.sh /usr/local/bin/start-notebook.d
@ -43,7 +54,7 @@ source /usr/local/bin/run-hooks.sh /usr/local/bin/start-notebook.d
# things before we run the command passed to start.sh as the desired user
# (NB_USER).
#
if [ "$(id -u)" == 0 ] ; then
if [ "$(id -u)" == 0 ]; then
# Environment variables:
# - NB_USER: the desired username and associated home folder
# - NB_UID: the desired user id
@ -51,18 +62,18 @@ if [ "$(id -u)" == 0 ] ; then
# - NB_GROUP: a group name we want for the group
# - GRANT_SUDO: a boolean ("1" or "yes") to grant the user sudo rights
# - CHOWN_HOME: a boolean ("1" or "yes") to chown the user's home folder
# - CHOWN_EXTRA: a comma separated list of paths to chown
# - CHOWN_EXTRA: a comma-separated list of paths to chown
# - CHOWN_HOME_OPTS / CHOWN_EXTRA_OPTS: arguments to the chown commands
# Refit the jovyan user to the desired the user (NB_USER)
if id jovyan &> /dev/null ; then
# Refit the jovyan user to the desired user (NB_USER)
if id jovyan &> /dev/null; then
if ! usermod --home "/home/${NB_USER}" --login "${NB_USER}" jovyan 2>&1 | grep "no changes" > /dev/null; then
_log "Updated the jovyan user:"
_log "- username: jovyan -> ${NB_USER}"
_log "- home dir: /home/jovyan -> /home/${NB_USER}"
fi
elif ! id -u "${NB_USER}" &> /dev/null; then
_log "ERROR: Neither the jovyan user or '${NB_USER}' exists. This could be the result of stopping and starting, the container with a different NB_USER environment variable."
_log "ERROR: Neither the jovyan user nor '${NB_USER}' exists. This could be the result of stopping and starting, the container with a different NB_USER environment variable."
exit 1
fi
# Ensure the desired user (NB_USER) gets its desired user id (NB_UID) and is
@ -77,15 +88,23 @@ if [ "$(id -u)" == 0 ] ; then
userdel "${NB_USER}"
useradd --no-log-init --home "/home/${NB_USER}" --shell /bin/bash --uid "${NB_UID}" --gid "${NB_GID}" --groups 100 "${NB_USER}"
fi
# Update the home directory if the desired user (NB_USER) is root and the
# desired user id (NB_UID) is 0 and the desired group id (NB_GID) is 0.
if [ "${NB_USER}" = "root" ] && [ "${NB_UID}" = "$(id -u "${NB_USER}")" ] && [ "${NB_GID}" = "$(id -g "${NB_USER}")" ]; then
sed -i "s|/root|/home/root|g" /etc/passwd
# Do not preserve ownership in rootless mode
CP_OPTS="-a --no-preserve=ownership"
fi
# Move or symlink the jovyan home directory to the desired users home
# Move or symlink the jovyan home directory to the desired user's home
# directory if it doesn't already exist, and update the current working
# directory to the new location if needed.
if [[ "${NB_USER}" != "jovyan" ]]; then
if [[ ! -e "/home/${NB_USER}" ]]; then
_log "Attempting to copy /home/jovyan to /home/${NB_USER}..."
mkdir "/home/${NB_USER}"
if cp -a /home/jovyan/. "/home/${NB_USER}/"; then
# shellcheck disable=SC2086
if cp ${CP_OPTS:--a} /home/jovyan/. "/home/${NB_USER}/"; then
_log "Success!"
else
_log "Failed to copy data from /home/jovyan to /home/${NB_USER}!"
@ -106,7 +125,7 @@ if [ "$(id -u)" == 0 ] ; then
fi
fi
# Optionally ensure the desired user get filesystem ownership of it's home
# Optionally ensure the desired user gets filesystem ownership of its home
# folder and/or additional folders
if [[ "${CHOWN_HOME}" == "1" || "${CHOWN_HOME}" == "yes" ]]; then
_log "Ensuring /home/${NB_USER} is owned by ${NB_UID}:${NB_GID} ${CHOWN_HOME_OPTS:+(chown options: ${CHOWN_HOME_OPTS})}"
@ -121,14 +140,11 @@ if [ "$(id -u)" == 0 ] ; then
done
fi
# Update potentially outdated environment variables since image build
export XDG_CACHE_HOME="/home/${NB_USER}/.cache"
# Prepend ${CONDA_DIR}/bin to sudo secure_path
sed -r "s#Defaults\s+secure_path\s*=\s*\"?([^\"]+)\"?#Defaults secure_path=\"${CONDA_DIR}/bin:\1\"#" /etc/sudoers | grep secure_path > /etc/sudoers.d/path
# Optionally grant passwordless sudo rights for the desired user
if [[ "$GRANT_SUDO" == "1" || "$GRANT_SUDO" == "yes" ]]; then
if [[ "${GRANT_SUDO}" == "1" || "${GRANT_SUDO}" == "yes" ]]; then
_log "Granting ${NB_USER} passwordless sudo rights!"
echo "${NB_USER} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/added-by-start-script
fi
@ -139,11 +155,14 @@ if [ "$(id -u)" == 0 ] ; then
unset_explicit_env_vars
_log "Running as ${NB_USER}:" "${cmd[@]}"
exec sudo --preserve-env --set-home --user "${NB_USER}" \
LD_LIBRARY_PATH="${LD_LIBRARY_PATH}" \
PATH="${PATH}" \
PYTHONPATH="${PYTHONPATH:-}" \
"${cmd[@]}"
if [ "${NB_USER}" = "root" ] && [ "${NB_UID}" = "$(id -u "${NB_USER}")" ] && [ "${NB_GID}" = "$(id -g "${NB_USER}")" ]; then
HOME="/home/root" exec "${cmd[@]}"
else
exec sudo --preserve-env --set-home --user "${NB_USER}" \
LD_LIBRARY_PATH="${LD_LIBRARY_PATH}" \
PATH="${PATH}" \
PYTHONPATH="${PYTHONPATH:-}" \
"${cmd[@]}"
# Notes on how we ensure that the environment that this container is started
# with is preserved (except vars listed in JUPYTER_ENV_VARS_TO_UNSET) when
# we transition from running as root to running as NB_USER.
@ -163,7 +182,7 @@ if [ "$(id -u)" == 0 ] ; then
# - We use the `--set-home` flag to set the HOME variable appropriately.
#
# - To reduce the default list of variables deleted by sudo, we could have
# used `env_delete` from /etc/sudoers. It has higher priority than the
# used `env_delete` from /etc/sudoers. It has a higher priority than the
# `--preserve-env` flag and the `env_keep` configuration.
#
# - We preserve LD_LIBRARY_PATH, PATH and PYTHONPATH explicitly. Note however that sudo
@ -171,6 +190,7 @@ if [ "$(id -u)" == 0 ] ; then
# above in /etc/sudoers.d/path. Thus PATH is irrelevant to how the above
# sudo command resolves the path of `${cmd[@]}`. The PATH will be relevant
# for resolving paths of any subprocesses spawned by `${cmd[@]}`.
fi
# The container didn't start as the root user, so we will have to act as the
# user we started as.
@ -186,7 +206,7 @@ else
# Attempt to ensure the user uid we currently run as has a named entry in
# the /etc/passwd file, as it avoids software crashing on hard assumptions
# on such entry. Writing to the /etc/passwd was allowed for the root group
# from the Dockerfile during build.
# from the Dockerfile during the build.
#
# ref: https://github.com/jupyter/docker-stacks/issues/552
if ! whoami &> /dev/null; then
@ -237,4 +257,4 @@ else
_log "Executing the command:" "${cmd[@]}"
exec "${cmd[@]}"
fi
fi