-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
353 lines (320 loc) · 12.2 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
ARG ROOT_CONTAINER=debian:bullseye-slim
FROM $ROOT_CONTAINER
LABEL maintainer="Jupyter Project <[email protected]>"
ARG NB_USER="jovyan"
ARG NB_UID="1000"
ARG NB_GID="100"
# Fix: https://github.com/hadolint/hadolint/wiki/DL4006
# Fix: https://github.com/koalaman/shellcheck/wiki/SC3014
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
USER root
# Install all OS dependencies for notebook server that starts but lacks all features (e.g., download as all possible file formats)
RUN apt-get update --yes && \
apt-get install --yes --no-install-recommends \
bzip2 \
locales \
sudo \
tini \
wget \
ca-certificates && \
apt-get clean && rm -rf /var/lib/apt/lists/* && \
echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && \
locale-gen
# Configure environment
ENV CONDA_DIR=/opt/conda \
SHELL=/bin/bash \
NB_USER="${NB_USER}" \
NB_UID=${NB_UID} \
NB_GID=${NB_GID} \
LC_ALL=en_US.UTF-8 \
LANG=en_US.UTF-8 \
LANGUAGE=en_US.UTF-8
ENV PATH="${CONDA_DIR}/bin:${PATH}" \
HOME="/home/${NB_USER}"
# Copy a script that we will use to correct permissions after running certain commands
COPY installation/shells/fix-permissions /usr/local/bin/fix-permissions
RUN chmod a+rx /usr/local/bin/fix-permissions
# Enable prompt color in the skeleton .bashrc before creating the default NB_USER, ignore=SC2016
RUN sed -i 's/^#force_color_prompt=yes/force_color_prompt=yes/' /etc/skel/.bashrc && \
# Add call to conda init script see https://stackoverflow.com/a/58081608/4413446
echo 'eval "$(command conda shell.bash hook 2> /dev/null)"' >> /etc/skel/.bashrc
# Create NB_USER with name jovyan user with UID=1000 and in the 'users' group
# and make sure these dirs are writable by the `users` group.
RUN echo "auth requisite pam_deny.so" >> /etc/pam.d/su && \
sed -i.bak -e 's/^%admin/#%admin/' /etc/sudoers && \
sed -i.bak -e 's/^%sudo/#%sudo/' /etc/sudoers && \
useradd -l -m -s /bin/bash -N -u "${NB_UID}" "${NB_USER}" && \
mkdir -p "${CONDA_DIR}" && \
chown "${NB_USER}:${NB_GID}" "${CONDA_DIR}" && \
chmod g+w /etc/passwd && \
fix-permissions "${HOME}" && \
fix-permissions "${CONDA_DIR}"
# Pin python version here, or set it to "default"
ARG PYTHON_VERSION=3.10
# Setup work directory for backward-compatibility
RUN mkdir "/home/${NB_USER}/work" && fix-permissions "/home/${NB_USER}"
# Download and install Micromamba, and initialize Conda prefix.
# <https://github.com/mamba-org/mamba#micromamba>
# Similar projects using Micromamba:
# - Micromamba-Docker: <https://github.com/mamba-org/micromamba-docker>
# - repo2docker: <https://github.com/jupyterhub/repo2docker>
# Install Python, Mamba and jupyter_core
# Cleanup temporary files and remove Micromamba
# Correct permissions
# Do all this in a single RUN command to avoid duplicating all of the
# files across image layers when the permissions change
COPY --chown="${NB_UID}:${NB_GID}" installation/initial-condarc.yaml "${CONDA_DIR}/.condarc"
COPY --chown="${NB_UID}:${NB_GID}" installation/initial-condarc.yaml "/home/${NB_USER}/.condarc"
WORKDIR /tmp
RUN set -x && \
# Check architecture
arch=$(uname -m) && \
if [ "${arch}" = "x86_64" ]; then \
arch="64"; \
fi && \
echo "Architecture: ${arch}" && \
# Download micromamba.tar.bz2
wget --no-check-certificate -qO /tmp/micromamba.tar.bz2 https://github.com/mamba-org/micromamba-releases/releases/download/2.0.4-0/micromamba-linux-64.tar.bz2 && \
if [ $? -ne 0 ]; then \
echo "Failed to download micromamba.tar.bz2"; \
exit 1; \
fi && \
echo "Downloaded micromamba.tar.bz2 successfully" && \
# Extract micromamba.tar.bz2
tar -xvjf /tmp/micromamba.tar.bz2 --strip-components=1 -C /tmp bin/micromamba && \
if [ $? -ne 0 ]; then \
echo "Failed to extract micromamba.tar.bz2"; \
exit 1; \
fi && \
echo "Extracted micromamba.tar.bz2 successfully" && \
rm /tmp/micromamba.tar.bz2 && \
# Set PYTHON_SPECIFIER
PYTHON_SPECIFIER="python=${PYTHON_VERSION}" && \
if [[ "${PYTHON_VERSION}" == "default" ]]; then \
PYTHON_SPECIFIER="python"; \
fi && \
echo "PYTHON_SPECIFIER: ${PYTHON_SPECIFIER}" && \
# Install packages with micromamba
/tmp/micromamba install \
--root-prefix="${CONDA_DIR}" \
--prefix="${CONDA_DIR}" \
--yes \
"${PYTHON_SPECIFIER}" \
'mamba' \
'conda<23.9' \
'jupyter_core' && \
if [ $? -ne 0 ]; then \
echo "Failed to install packages with micromamba"; \
exit 1; \
fi && \
echo "Installed packages successfully" && \
# Cleanup
rm /tmp/micromamba && \
# Debugging: Check if mamba list python works
mamba list python > /tmp/mamba_list_python.txt && \
if [ $? -ne 0 ]; then \
echo "Failed to list python packages with mamba"; \
exit 1; \
fi && \
echo "Listed python packages successfully" && \
# Debugging: Print content of mamba_list_python.txt
echo "Content of /tmp/mamba_list_python.txt:" && \
cat /tmp/mamba_list_python.txt && \
# Debugging: Use awk to extract the python package line
awk '/^python[[:space:]]/ {print $1, $2}' /tmp/mamba_list_python.txt > /tmp/awk_python.txt && \
if [ $? -ne 0 ]; then \
echo "Failed to extract python packages with awk"; \
exit 1; \
fi && \
echo "Extracted python packages successfully" && \
# Write to pinned file
cat /tmp/awk_python.txt >> "${CONDA_DIR}/conda-meta/pinned" && \
if [ $? -ne 0 ]; then \
echo "Failed to write to ${CONDA_DIR}/conda-meta/pinned"; \
exit 1; \
fi && \
echo "Wrote Python version to ${CONDA_DIR}/conda-meta/pinned successfully" && \
mamba clean --all -f -y && \
fix-permissions "${CONDA_DIR}" && \
if [ $? -ne 0 ]; then \
echo "Failed to fix permissions for ${CONDA_DIR}"; \
exit 1; \
fi && \
echo "Fixed permissions for ${CONDA_DIR} successfully" && \
fix-permissions "/home/${NB_USER}" && \
if [ $? -ne 0 ]; then \
echo "Failed to fix permissions for /home/${NB_USER}"; \
exit 1; \
fi && \
echo "Fixed permissions for /home/${NB_USER} successfully"
# Configure container startup
ENTRYPOINT ["tini", "-g", "--"]
WORKDIR "${HOME}"
#todo duplicate is it need?
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
# Download run-one file and upload to /tmp
RUN wget -O /tmp/run-one_1.17.orig.tar.gz http://security.ubuntu.com/ubuntu/pool/main/r/run-one/run-one_1.17.orig.tar.gz
# Unpack the file to /opt
RUN tar --directory=/opt -xvf /tmp/run-one_1.17.orig.tar.gz
# delete temp files
RUN rm /tmp/run-one_1.17.orig.tar.gz
# Install all OS dependencies for fully functional notebook server
RUN apt-get -o Acquire::Check-Valid-Until=false update --yes && \
apt-get install --yes --no-install-recommends \
fonts-liberation \
# - pandoc is used to convert notebooks to html files
# it's not present in arch64 ubuntu image, so we install it here
pandoc \
# Common useful utilities
curl \
iputils-ping \
traceroute \
git \
nano-tiny \
tzdata \
unzip \
vim-tiny \
# git-over-ssh
openssh-client \
# less is needed to run help in R
# see: https://github.com/jupyter/docker-stacks/issues/1588
less \
# nbconvert dependencies
# https://nbconvert.readthedocs.io/en/latest/install.html#installing-tex
texlive-xetex \
texlive-fonts-recommended \
texlive-plain-generic \
# Enable clipboard on Linux host systems
xclip && \
apt-get clean && rm -rf /var/lib/apt/lists/*
# Install Jupyter Notebook, Lab, and Hub
# Generate a notebook server config
# Cleanup temporary files
# Correct permissions
# Do all this in a single RUN command to avoid duplicating all of the
# files across image layers when the permissions change
WORKDIR /tmp
RUN mamba install --yes \
'traitlets<5.10' \
'notebook' \
'jupyterlab-lsp=5.1.0' \
'jupyter-lsp=2.2.5' \
'jupyterhub=5.1.0' \
'jupyterlab=4.2.4' \
&& \
jupyter notebook --generate-config && \
mamba clean --all -f -y && \
npm cache clean --force && \
jupyter lab clean && \
rm -rf "/home/${NB_USER}/.cache/yarn" && \
fix-permissions "${CONDA_DIR}" && \
fix-permissions "/home/${NB_USER}"
ENV JUPYTER_PORT=8888
EXPOSE $JUPYTER_PORT
# Copy local files as late as possible to avoid cache busting
COPY installation/shells/start-notebook.sh installation/shells/start-singleuser.sh /usr/local/bin/
# Copy local files as late as possible to avoid cache busting
COPY installation/shells/start.sh /usr/local/bin/
# Currently need to have both jupyter_notebook_config and jupyter_server_config to support classic and lab
COPY installation/python/jupyter_server_config.py installation/python/docker_healthcheck.py /etc/jupyter/
RUN chmod +x /usr/local/bin/start-notebook.sh && \
chmod +x /usr/local/bin/start.sh
#debug for get jupiterlab --version
RUN jupyter lab --version
# Configure container startup
CMD ["/usr/local/bin/start-notebook.sh"]
# Legacy for Jupyter Notebook Server, see: [#1205](https://github.com/jupyter/docker-stacks/issues/1205)
RUN sed -re "s/c.ServerApp/c.NotebookApp/g" \
/etc/jupyter/jupyter_server_config.py > /etc/jupyter/jupyter_notebook_config.py && \
fix-permissions /etc/jupyter/
# HEALTHCHECK documentation: https://docs.docker.com/engine/reference/builder/#healthcheck
# This healtcheck works well for `lab`, `notebook`, `nbclassic`, `server` and `retro` jupyter commands
# https://github.com/jupyter/docker-stacks/issues/915#issuecomment-1068528799
HEALTHCHECK --interval=5s --timeout=3s --start-period=5s --retries=3 \
CMD /etc/jupyter/docker_healthcheck.py || exit 1
WORKDIR "${HOME}"
# Disabling notifications in the UI at startup
#RUN mkdir -p /usr/local/etc/jupyter && \
# chown -R "${NB_USER}:${NB_GID}" /usr/local/etc/jupyter && \
# jupyter labextension disable --level=system "@jupyterlab/apputils-extension:announcements"
# Download and install kubectl
RUN curl -Lo kubectl-v1.32 https://dl.k8s.io/v1.32.0/bin/linux/amd64/kubectl && \
chmod +x ./kubectl-v1.32 && \
mv ./kubectl-v1.32 /usr/local/bin/ && \
ln -s /usr/local/bin/kubectl-v1.32 /usr/local/bin/kubectl
# Download and install yq
RUN wget https://github.com/mikefarah/yq/releases/download/v4.40.5/yq_linux_amd64.tar.gz && \
tar -xzvf yq_linux_amd64.tar.gz -C /usr/bin/ && \
mv /usr/bin/yq_linux_amd64 /usr/bin/yq && \
chmod +x /usr/bin/yq && \
rm yq_linux_amd64.tar.gz
# update apt
RUN apt -o Acquire::Check-Valid-Until=false update
RUN apt install golang -y
# Install additional packages
RUN mamba install --yes \
'yaml' \
'xlrd' \
'altair' \
'beautifulsoup4' \
'bokeh' \
'bottleneck' \
'cloudpickle' \
'blas' \
'aiohttp>=3.9.2' \
'aiosmtplib' \
'cython' \
'dask' \
'dill' \
'fonttools>=4.43.0' \
'urllib3>=2.0.6' \
'pyarrow>=14.0.1' \
'pillow>=10.2.0' \
'h5py' \
'prettytable' \
'papermill' \
'ipympl' \
'ipywidgets' \
'jupyter_server>=2.0.0' \
'matplotlib-base' \
'numba' \
'numexpr' \
'openpyxl' \
'pandas' \
'patsy' \
'protobuf' \
'pytables' \
'scikit-image' \
'scikit-learn' \
'scipy' \
'seaborn' \
'sqlalchemy' \
'statsmodels' \
'sympy' \
'widgetsnbextension' \
'python-kubernetes' \
'papermill' \
'scrapbook' \
'pymongo' \
'pypdf2' \
'pika' \
'psycopg2' \
'kafka-python' \
'cassandra-driver' \
'clickhouse-driver' \
'xlsxwriter' \
'python-snappy' \
'opentelemetry-sdk' \
'opentelemetry-semantic-conventions' \
'opentelemetry-api' \
'boto3' && \
mamba clean --all -f -y && \
fix-permissions "${CONDA_DIR}" && \
fix-permissions "/home/${NB_USER}/"
RUN echo 'export PATH=/opt/conda/bin:$PATH' >> /home/jovyan/.bashrc
RUN pip install opentelemetry-exporter-prometheus-remote-write
RUN chgrp -Rf root /home/$NB_USER && chmod -Rf g+w /home/$NB_USER
# Switch back to jovyan to avoid accidental container runs as root
USER ${NB_UID}
# Add R mimetype option to specify how the plot returns from R to the browser
COPY --chown=${NB_UID}:${NB_GID} installation/Rprofile.site /opt/conda/lib/R/etc/