diff --git a/Dockerfile b/Dockerfile index a7ef536023f471764ef91ce391d8c2466e5b678c..b1f45bd760f1366e4b8d0b2b339b089bdefbe87c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # reference: https://hub.docker.com/_/ubuntu/ -FROM ubuntu:focal +FROM ubuntu:focal-20210325 ARG DEBIAN_FRONTEND=noninteractive @@ -13,7 +13,6 @@ RUN apt-get -qq update \ && apt-get -yqq install apt-utils nano curl lsb-release gnupg2 krb5-user \ && apt-get -yqq clean - ############################################################################### # Install EOS, thanks to @note(faluchet) # following somehow also @@ -54,50 +53,119 @@ RUN echo "deb [arch=$(dpkg --print-architecture)] \ && echo '{"name":"project-l","hostport":"eosproject-l.cern.ch",\ "remotemountdir":"/eos/project/l/","localmountdir":"/eos/project/l/"}' > \ /etc/eos/fuse.project-l.conf \ - && mkdir -p /eos/project/l \ - # Not a cheap approach, to be discussed - && echo 'eosxd -ofsname=home-a' >> ~/.bashrc \ - && echo 'eosxd -ofsname=home-e' >> ~/.bashrc \ - && echo 'eosxd -ofsname=home-s' >> ~/.bashrc \ - && echo 'eosxd -ofsname=project-l' >> ~/.bashrc + && mkdir -p /eos/project/l ADD krb5.conf /etc/krb5.conf +# Installing AFS in the docker (not working) +# the main problem is related I think to docker +# https://stackoverflow.com/questions/53383431/how-to-enable-systemd-on-dockerfile-with-ubuntu18-04 +# the present policy is to install it on the host_machine and share the volume with the docker +# e.g., http://abpcomputing.web.cern.ch/guides/openafs/ +# ideally also for eos +#RUN apt-get install -y software-properties-common \ +#&& apt-get update \ +#&& add-apt-repository ppa:openafs/stable \ +#&& apt-get update \ +#&& apt-get upgrade \ +#&& apt install -y openafs-client openafs-modules-dkms openafs-krb5 krb5-config ############################################################################### # Some minimal packages ############################################################################### RUN apt-get -qq update \ - && apt-get -yqq install x11-apps wget git tmux vim meld \ + && apt-get -yqq install x11-apps sudo wget git tmux vim meld openssh-server\ && apt-get -yqq clean +# ADD start.sh /root/start.sh +# RUN chmod 0755 /root/start.sh \ +# && /root/start.sh ############################################################################### # Install miniconda # https://hub.docker.com/r/continuumio/miniconda/dockerfile ############################################################################### -ENV LANG=C.UTF-8 LC_ALL=C.UTF-8 -ENV PATH /opt/conda/bin:$PATH - -RUN apt-get update --fix-missing && \ - apt-get install -y wget bzip2 ca-certificates && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* +# from https://towardsdatascience.com/conda-pip-and-docker-ftw-d64fe638dc45 + +SHELL [ "/bin/bash", "--login", "-c" ] + +# Create a non-root user +ARG username=abpuser +ARG uid=1000 +ARG gid=100 +ENV USER $username +ENV UID $uid +ENV GID $gid +ENV HOME /home/$USER + +RUN adduser --disabled-password \ + --gecos "Non-root user" \ + --uid $UID \ + --gid $GID \ + --home $HOME \ + $USER + +COPY environment.yml requirements.txt /tmp/ +RUN chown $UID:$GID /tmp/environment.yml /tmp/requirements.txt +COPY postBuild.sh /usr/local/bin/postBuild.sh +RUN chown $UID:$GID /usr/local/bin/postBuild.sh && \ + chmod u+x /usr/local/bin/postBuild.sh +COPY entrypoint.sh /usr/local/bin/ +RUN chown $UID:$GID /usr/local/bin/entrypoint.sh && \ + chmod u+x /usr/local/bin/entrypoint.sh + +USER $USER + +# install miniconda +ENV MINICONDA_VERSION 4.7.12 +ENV CONDA_DIR $HOME/miniconda3 +RUN wget --quiet https://repo.anaconda.com/miniconda/Miniconda3-$MINICONDA_VERSION-Linux-x86_64.sh -O ~/miniconda.sh && \ + chmod +x ~/miniconda.sh && \ + ~/miniconda.sh -b -p $CONDA_DIR && \ + rm ~/miniconda.sh +# make non-activate conda commands available +ENV PATH=$CONDA_DIR/bin:$PATH +# make conda activate command available from /bin/bash --login shells +RUN echo ". $CONDA_DIR/etc/profile.d/conda.sh" >> ~/.profile +# make conda activate command available from /bin/bash --interative shells +RUN conda init bash + +# create a project directory inside user home +ENV PROJECT_DIR $HOME/app +RUN mkdir $PROJECT_DIR \ + && mkdir $HOME/local_host_folder +WORKDIR $PROJECT_DIR + +# build the conda environment +ENV ENV_PREFIX $HOME/env +RUN conda update --name base --channel defaults conda && \ + conda env create --prefix $ENV_PREFIX --file /tmp/environment.yml --force && \ + conda clean --all --yes +# run the postBuild script to install any JupyterLab extensions +RUN conda activate $ENV_PREFIX && \ + /usr/local/bin/postBuild.sh && \ + conda deactivate + +#ENTRYPOINT [ "/usr/local/bin/entrypoint.sh" ] + +###############################3 +#ENV LANG=C.UTF-8 LC_ALL=C.UTF-8 +#ENV PATH /opt/conda/bin:$PATH + + +#RUN apt-get update --fix-missing \ +# && apt-get install -y wget bzip2 ca-certificates \ +# && apt-get clean \ +# && rm -rf /var/lib/apt/lists/* + +#RUN wget --quiet https://repo.anaconda.com/miniconda/Miniconda3-4.5.11-Linux-x86_64.sh -O ~/miniconda.sh \ +# && /bin/bash ~/miniconda.sh -b -p /opt/conda \ +# && rm ~/miniconda.sh \ +# && /opt/conda/bin/conda clean -tipsy \ +# && ln -s /opt/conda/etc/profile.d/conda.sh /etc/profile.d/conda.sh \ +# && echo ". /opt/conda/etc/profile.d/conda.sh" >> ~/.bashrc \ +# && echo "conda activate base" >> ~/.bashrc -RUN wget --quiet https://repo.anaconda.com/miniconda/Miniconda3-4.5.11-Linux-x86_64.sh -O ~/miniconda.sh && \ - /bin/bash ~/miniconda.sh -b -p /opt/conda && \ - rm ~/miniconda.sh && \ - /opt/conda/bin/conda clean -tipsy && \ - ln -s /opt/conda/etc/profile.d/conda.sh /etc/profile.d/conda.sh && \ - echo ". /opt/conda/etc/profile.d/conda.sh" >> ~/.bashrc && \ - echo "conda activate base" >> ~/.bashrc - -# Installing AFS (not working) -#RUN apt-get install -y software-properties-common \ -#&& apt-get update \ -#&& add-apt-repository ppa:openafs/stable \ -#&& apt-get update \ -#&& apt-get upgrade #CMD /bin/bash -c "source root/bin/thisroot.sh":q #CMD eosxd -ofsname=home-s @@ -117,5 +185,9 @@ RUN wget --quiet https://repo.anaconda.com/miniconda/Miniconda3-4.5.11-Linux-x86 #WORKDIR /abp # Configure access to Jupyter -#CMD ["/bin/bash"] # CMD jupyter lab --no-browser --ip=0.0.0.0 --allow-root + +USER $USER +CMD ["/bin/bash" ] + +#docker run -it -u 0 -v /afs:/afs -v $PWD:/home/abpuser/local_host_folder --rm --cap-add SYS_ADMIN --device /dev/fuse sterbini/test diff --git a/README.md b/README.md index 1656ece369e07e0d633a54dda6246bee28a03d98..c982576ef32457e0613438489f271ae5c1e644bc 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ We would like to explore the potential of docker in our community. This repoitory is there for a first attempt. -## Main usse case +## Main use case I have a Mac laptop and I would like to work locally on my Mac in a UNIX system. Some of the reasons are - work directly on lxplus can be slow (dependent on the node). The advantage of lxplus is that it mounts `afs`, `eos`, `cvmfs` and the HTCondor interface. @@ -20,7 +20,7 @@ You do not need to install `eos` on your Mac. This is installed inside the conta To lauch the docker sterbini/test -``` +```bash docker run -ti --cap-add SYS_ADMIN --device /dev/fuse gitlab-registry.cern.ch/sterbini/be-abp-docker:$TAG ``` @@ -31,7 +31,7 @@ where you can find the $TAG you want at https://gitlab.cern.ch/sterbini/be-abp-d In case you want to mount a local folder, this has to be **shared** with Docker Docker (I did it with Docker Desktop on my Mac) and then -``` +```bash docker run -v /afs:/afs -ti --cap-add SYS_ADMIN --device /dev/fuse gitlab-registry.cern.ch/sterbini/be-abp-docker:$TAG ``` @@ -46,10 +46,12 @@ kinit $YOUR_NICE_LOGIN_NAME To build the docker ```bash -docker build . -t sterbini/test +docker build . -t $IMAGE_NAME ``` -## To export the X-graphics on mac +where $IMAGE_NAME can be for example `sterbini/test` + +## To export the X-graphics on Mac From https://medium.com/@mreichelt/how-to-show-x11-windows-within-docker-on-mac-50759f4b65cb - Install the latest XQuartz X11 server and run it @@ -74,6 +76,57 @@ to the `docker run` that is docker run --rm -e DISPLAY=host.docker.internal:0 -p 8889:8888 -ti --cap-add SYS_ADMIN --device /dev/fuse -e GRANT_SUDO=yes gitlab-registry.cern.ch/sterbini/be-abp-docker:$TAG ``` +then you can test from the container +```bash +xclock +``` + +## Some simple operations with Docker + +To see all running containers you can do (https://phoenixnap.com/kb/how-to-ssh-into-docker-container) + +```bash +docker ps +``` + +then you can attach from another local-host terminal to the container + +``` +docker attach $CONTAINER_ID +``` + +the $CONTAINER_ID is the list of the docker processes - you can also use the $CONTAINER_NAME to attach it. + +If you use `docker attach` you are attaching the very same terminal. +If you want to open a new terminal in the container you can do +```bash +docker exec -it $CONTAINER_ID /bin/bash +``` + +## Containers renaming, stopping and reattaching. +You can use '-n' option to name a container (no other containers with that name should existin in the Docker Host). +Then +```bash +docker run --name happy_newton -e DISPLAY=host.docker.internal:0 -p 8889:8888 -p 8822:22 -ti --cap-add SYS_ADMIN --device /dev/fuse -e GRANT_SUDO=yes -v /afs:/afs $MY_IMAGE:$MY_TAG +``` + +One you exit the container, it will not be removed but it will stopped. You can remove it automatically if you add `--rm` option +``` +docker run --rm --name happy_newton -e DISPLAY=host.docker.internal:0 -p 8889:8888 -p 8822:22 -ti --cap-add SYS_ADMIN --device /dev/fuse -e GRANT_SUDO=yes -v /afs:/afs $MY_IMAGE:$MY_TAG +``` + +It you do not remove the container when you exit it you can restart it and reattach it. For example: +``` +docker container start happy_newton +docker attach happy_newton +``` + +You can also remove a +``` +container rm happy_newton +``` + + # To be done ```