New modality of building the images

2023-04-10 22:19:19 +02:00 · 2023-04-10 22:19:19 +02:00 · ed286a3f52
parent fa28a66847
commit ed286a3f52
10 changed files with 17 additions and 348 deletions
--- a/01_set_env.sh
+++ b/01_set_env.sh
@ -1,16 +0,0 @@
 #!/bin/bash
 # shellcheck shell=bash
 if [ -d "/var/run/s6/container_environment" ] ; then
  ## Set our dynamic variables in Renviron.site to be reflected by RStudio Server or Shiny Server
  exclude_vars="HOME PASSWORD RSTUDIO_VERSION BATCH_USER_CREATION"
  for file in /var/run/s6/container_environment/*
  do
    sed -i "/^${file##*/}=/d" ${R_HOME}/etc/Renviron.site
    regex="(^| )${file##*/}($| )"
    [[ ! $exclude_vars =~ $regex ]] && echo "${file##*/}=$(cat $file)" >> ${R_HOME}/etc/Renviron.site || echo "skipping $file"
  done
  ## only file-owner (root) should read container_environment files:
  chmod 600 /var/run/s6/container_environment/*
 fi
--- a/02_userconf.sh
+++ b/02_userconf.sh
@ -1,120 +0,0 @@
 #!/usr/bin/with-contenv bash
 # shellcheck shell=bash
 ## Set defaults for environmental variables in case they are undefined
 DEFAULT_USER=${DEFAULT_USER:-rstudio}
 USER=${USER:=${DEFAULT_USER}}
 USERID=${USERID:=1000}
 GROUPID=${GROUPID:=1000}
 ROOT=${ROOT:=FALSE}
 UMASK=${UMASK:=022}
 LANG=${LANG:=en_US.UTF-8}
 TZ=${TZ:=Etc/UTC}
 HOME=/home/${USER}
 bold=$(tput bold)
 normal=$(tput sgr0)
 if [[ ${DISABLE_AUTH,,} == "true" ]]
 then
        mv /etc/rstudio/disable_auth_rserver.conf /etc/rstudio/rserver.conf
        echo "USER=$USER" >> /etc/environment
 fi
 if grep --quiet "auth-none=1" /etc/rstudio/rserver.conf
 then
        echo "Skipping authentication as requested"
 elif [ -z "$PASSWORD" ]
 then
    PASSWORD=$(pwgen 16 1)
    printf "\n\n"
    tput bold
    printf "The password is set to \e[31m%s\e[39m\n" "$PASSWORD"
    printf "If you want to set your own password, set the PASSWORD environment variable. e.g. run with:\n"
    printf "docker run -e PASSWORD=\e[92m<YOUR_PASS>\e[39m -p 8787:8787 rocker/rstudio\n"
    tput sgr0
    printf "\n\n"
 fi
 if [ "$USERID" -lt 1000 ]
 # Probably a macOS user, https://github.com/rocker-org/rocker/issues/205
  then
    echo "$USERID is less than 1000"
    check_user_id=$(grep -F "auth-minimum-user-id" /etc/rstudio/rserver.conf)
    if [[ ! -z $check_user_id ]]
    then
      echo "minumum authorised user already exists in /etc/rstudio/rserver.conf: $check_user_id"
    else
      echo "setting minumum authorised user to 499"
      echo auth-minimum-user-id=499 >> /etc/rstudio/rserver.conf
    fi
 fi
 if [ "$USERID" -ne 1000 ]
 ## Configure user with a different USERID if requested.
  then
    echo "deleting the default user"
    userdel $DEFAULT_USER
    echo "creating new $USER with UID $USERID"
    useradd -m $USER -u $USERID
    mkdir -p /home/$USER
    chown -R $USER /home/$USER
    usermod -a -G staff $USER
 elif [ "$USER" != "$DEFAULT_USER" ]
  then
    ## cannot move home folder when it's a shared volume, have to copy and change permissions instead
    if ! [ -f /home/$USER/.profile ]
      then
        cp -r /home/$DEFAULT_USER/.??* /home/$USER || true
    fi
    ## RENAME the user
    usermod -l $USER -d /home/$USER $DEFAULT_USER
    groupmod -n $USER $DEFAULT_USER
    usermod -a -G staff $USER
    chown -R $USER:$USER /home/$USER
    echo "USER is now $USER"
 fi
 [ "$USER" != "rstudio" ] && rm -fr /home/rstudio
 if [ "$GROUPID" -ne 1000 ]
 ## Configure the primary GID (whether rstudio or $USER) with a different GROUPID if requested.
  then
    echo "Modifying primary group $(id $USER -g -n)"
    groupmod -g $GROUPID $(id $USER -g -n)
    echo "Primary group ID is now custom_group $GROUPID"
 fi
 if [[ ${DISABLE_AUTH,,} != "true" ]]
 then
    ## Add a password to user
    echo "$USER:$PASSWORD" | chpasswd
 fi
 # Use Env flag to know if user should be added to sudoers
 if [[ ${ROOT,,} == "true" ]]
  then
    adduser $USER sudo && echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
    echo "$USER added to sudoers"
 fi
 ## Change Umask value if desired
 if [ "$UMASK" -ne 022 ]
  then
    echo "server-set-umask=false" >> /etc/rstudio/rserver.conf
    echo "Sys.umask(mode=$UMASK)" >> /home/$USER/.Rprofile
 fi
 ## Next one for timezone setup
 if [ "$TZ" !=  "Etc/UTC" ]
  then
    ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
 fi
 ## Update Locale if needed
 if [ "$LANG" !=  "en_US.UTF-8" ]
  then
    /usr/sbin/locale-gen --lang $LANG
    /usr/sbin/update-locale --reset LANG=$LANG
 fi
--- a/03_setup_root_path.sh
+++ b/03_setup_root_path.sh
@ -1,11 +0,0 @@
 #!/usr/bin/with-contenv bash
 echo "root path: $WWW_ROOT_PATH"
 if [[ ! -z $WWW_ROOT_PATH ]]
 then
        echo "Set www-root-path to $WWW_ROOT_PATH"
        echo "www-root-path=$WWW_ROOT_PATH" >> /etc/rstudio/rserver.conf
 else
        echo "Not setting www-root-path"
 fi
--- a/04_copy_env.sh
+++ b/04_copy_env.sh
@ -1,5 +0,0 @@
 #!/usr/bin/with-contenv bash
 printenv >> /etc/R/Renviron.site
 printenv > /home/$USER/.Renviron
--- a/05_setup_rsession_parameters.sh
+++ b/05_setup_rsession_parameters.sh
@ -1,13 +0,0 @@
 #!/usr/bin/with-contenv bash
 echo "session-timeout-minutes=7200" >> /etc/rstudio/rsession.conf
 echo "session-disconnected-timeout-minutes=1440" >> /etc/rstudio/rsession.conf
 echo "session-quit-child-processes-on-exit=0" >> /etc/rstudio/rsession.conf
 echo "session-default-working-dir=~" >> /etc/rstudio/rsession.conf
 echo "session-default-new-project-dir=~" >> /etc/rstudio/rsession.conf
 #echo "session-save-action-default=yes" >> /etc/rstudio/rsession.conf
 echo "allow-shell=1" >> /etc/rstudio/rsession.conf
 #echo "allow-terminal-websockets=1" >> /etc/rstudio/rsession.conf
 echo "limit-cpu-time-minutes=0" >> /etc/rstudio/rsession.conf
 echo "limit-file-upload-size-mb=0" >> /etc/rstudio/rsession.conf
 #echo "limit-xfs-disk-quota=no" >> /etc/rstudio/rsession.conf
--- a/06-fuse-logback.xml
+++ b/06-fuse-logback.xml
@ -1,24 +0,0 @@
 <?xml version="1.0" encoding="utf-8"?>
 <configuration scan="true" scanPeriod="60 seconds" debug="false">
  <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
    <file>/var/log/workspace-lib/fuse-workspace.log</file>
    <append>true</append>
    <encoder>
      <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{0}: %msg%n
      </pattern>
    </encoder>
    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
      <fileNamePattern>./var/log/workspace-lib/fuse-workspace.log%d{yyyy-MM-dd}.log</fileNamePattern>
      <maxHistory>30</maxHistory>
      <maxFileSize>10MB</maxFileSize>
      <totalSizeCap>100MB</totalSizeCap>
    </rollingPolicy>
  </appender>
  <logger name="org.gcube.data.access.storagehub.fs" level="WARN" />
  <logger name="org.gcube" level="WARN" />
  <root level="WARN">
    <appender-ref ref="FILE" />
  </root>
 </configuration>
--- a/06_workspace_mount.sh
+++ b/06_workspace_mount.sh
@ -1,64 +0,0 @@
 #!/usr/bin/with-contenv bash
 # Functions that decode a JWT token
 _decode_base64_url() {
  local len=$((${#1} % 4))
  local result="$1"
  if [ $len -eq 2 ]; then result="$1"'=='
  elif [ $len -eq 3 ]; then result="$1"'='
  fi
  echo "$result" | tr '_-' '/+' | base64 -d
 }
 # $1 => JWT to decode
 # $2 => either 1 for header or 2 for body (default is 2)
 decode_jwt() { _decode_base64_url $(echo -n $1 | cut -d "." -f ${2:-2}) | jq .; }
 _workspace_scope="/d4science.research-infrastructures.eu"
 echo "Manage the user's workspace"
 workspace_dir='/workspace'
 workspace_logdir='/var/log/workspace-lib'
 workspace_libdir='/opt/workspace-lib'
 workspace_fuse_jar="$workspace_libdir/fuse-workspace.jar"
 [[ ! -d "$workspace_dir" ]] || [[ -z `ls -A "$workspace_dir"` ]] || mv $workspace_dir ${workspace_dir}.old
 mkdir -p $workspace_dir
 chown ${USER}:${USER} $workspace_dir
 chown -R ${USER}:${USER} $workspace_logdir
 chmod 444 $workspace_fuse_jar
 _retval=
 if [ -d /home/${USER}/workspace ]; then
  rmdir /home/${USER}/workspace
  _retval=$?
  if [ $_retval -ne 0 ]; then
      echo "The user has a directory named 'workspace' inside their home directory and it is not empty."
      echo "Not starting the workspace mount"
      exit $_retval
  fi
 fi
 echo "Mount the workspace"
 su - "$USER" -c "/usr/bin/java  -cp .:${workspace_dir}:${workspace_logdir}/ -Dlogback.configurationFile=${workspace_logdir}/logback.xml -jar $workspace_fuse_jar $SHINYPROXY_OIDC_ACCESS_TOKEN ${_workspace_scope} $workspace_dir" >/dev/null 2>&1 &
 sleep 5
 _retval=
 _fuse_process=$(ps auwwx | grep fuse | grep java)
 _retval=$?
 if [ $_retval -ne 0 ]; then
  echo "The mount of the workspace failed"
  exit 1
 else
  pushd /home/${USER}
  if [ $? -ne 0 ]; then
    if ! [ -L workspace ]; then
      su - "$USER" -c "ln -s $workspace_dir /workspace"
    fi
  else
    echo "Cannot cd inside the user's home directory"
    exit 1
  fi
  echo "The workspace has been mounted"
  exit 0
 fi
--- a/89
+++ b/89
@ -1,93 +1,12 @@
-FROM d4science/r-studio-requirement
+FROM d4science/rstudio-base:2023-03-R4-2
 LABEL org.d4science.image.licenses="EUPL-1.2" \
-      org.d4science.image.source="https://code-repo.d4science.org/gCubeSystem/r-studio-requirement" \
+      org.d4science.image.source="https://code-repo.d4science.org/gCubeSystem/r-studio-test" \
      org.d4science.image.vendor="D4Science <https://www.d4science.org>" \
      org.d4science.image.authors="Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>, Roberto Cirillo <roberto.cirillo@isti.cnr.it>" \
      org.d4science.image.r_version="2022.02.1+461"
-ARG NB_USER="jovyan"
+COPY rsession.conf /etc/rstudio/rsession.conf
-ARG NB_UID="1000"
+RUN chmod 0644 /etc/rstudio/rsession.conf
 ARG NB_GID="100"
 ARG HOME="/home/${NB_USER}"
 ENV S6_VERSION=v2.1.0.2
 ENV RSTUDIO_VERSION=2022.02.1+461
 ENV DEFAULT_USER="jovyan"
 ENV USERID="1000"
 ENV GROUPID="100"
 ENV PANDOC_VERSION=default
 ENV PATH=/usr/lib/rstudio-server/bin:$PATH
 ENV DEBIAN_FRONTEND=noninteractive
 ENV R_HOME=/usr/local/lib/R
 # Configure environment
 ENV SHELL=/bin/bash \
    NB_USER="${NB_USER}" \
    NB_UID=${NB_UID} \
    NB_GID=${NB_GID} \
    LC_ALL=en_US.UTF-8 \
    LANG=en_US.UTF-8 \
    LANGUAGE=en_US.UTF-8
 ENV HOME="/home/${NB_USER}"
 RUN apt-get update --yes && \
    apt-get upgrade --yes && \
    apt-get install --yes --no-install-recommends \
    python3 python3-pip \
    curl
 RUN /rocker_scripts/install_rstudio.sh
 # This part comes from https://github.com/openanalytics/shinyproxy-rstudio-ide-demo/blob/master/Dockerfile
 RUN echo "www-frame-origin=same" >> /etc/rstudio/disable_auth_rserver.conf
 RUN echo "www-verify-user-agent=0" >> /etc/rstudio/disable_auth_rserver.conf
 # ADD 02_userconf.sh /etc/cont-init.d/02_userconf
 RUN mv -f /etc/rstudio/disable_auth_rserver.conf /etc/rstudio/rserver.conf
 RUN echo "USER=$NB_USER" >> /etc/environment
 # ADD 03_setup_root_path.sh /etc/cont-init.d/03_setup_root_path
 # ADD 05_setup_rsession_parameters.sh /etc/cont-init.d/05_setup_rsession_parameters
 RUN echo "session-timeout-minutes=7200" >> /etc/rstudio/rsession.conf
 RUN echo "session-disconnected-timeout-minutes=1440" >> /etc/rstudio/rsession.conf
 RUN echo "session-quit-child-processes-on-exit=0" >> /etc/rstudio/rsession.conf
 RUN echo "session-default-working-dir=~" >> /etc/rstudio/rsession.conf
 RUN echo "session-default-new-project-dir=~" >> /etc/rstudio/rsession.conf
 RUN #echo "session-save-action-default=yes" >> /etc/rstudio/rsession.conf
 RUN echo "allow-shell=1" >> /etc/rstudio/rsession.conf
 RUN #echo "allow-terminal-websockets=1" >> /etc/rstudio/rsession.conf
 RUN echo "limit-cpu-time-minutes=0" >> /etc/rstudio/rsession.conf
 RUN echo "limit-file-upload-size-mb=0" >> /etc/rstudio/rsession.conf
 RUN #echo "limit-xfs-disk-quota=no" >> /etc/rstudio/rsession.conf
 RUN curl -o "${R_HOME}/etc/Rprofile.site" "https://code-repo.d4science.org/gCubeSystem/rstudio-rprofile/raw/branch/master/jupyter-Rprofile.site"
 # Copy a script that we will use to correct permissions after running certain commands
 COPY fix-permissions /usr/local/bin/fix-permissions
 RUN chmod a+rx /usr/local/bin/fix-permissions
 # Create NB_USER with name jovyan user with UID=1000 and in the 'users' group
 # and make sure these dirs are writable by the `users` group.
 RUN echo "auth requisite pam_deny.so" >> /etc/pam.d/su && \
    sed -i.bak -e 's/^%admin/#%admin/' /etc/sudoers && \
    sed -i.bak -e 's/^%sudo/#%sudo/' /etc/sudoers && \
    userdel -r "${NB_USER}" && \
    useradd -l -m -s /bin/bash -N -u "${NB_UID}" "${NB_USER}" && \
    chmod g+w /etc/passwd && \
    fix-permissions "${HOME}"
 # Install the jupiterhub proxy
 RUN pip3 install \
    jsonschema'[format,format-nongpl]' \
    jupyterhub \
    jupyterlab \
    jupyter-rsession-proxy \
    jupyter-server-proxy \
    notebook
 RUN apt-get clean && rm -rf /var/lib/apt/lists/* && \
    echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && \
    locale-gen
 # Enable prompt color in the skeleton .bashrc before creating the default NB_USER
 # hadolint ignore=SC2016
 RUN sed -i 's/^#force_color_prompt=yes/force_color_prompt=yes/' /etc/skel/.bashrc
 WORKDIR ${HOME}
--- a/README.md
+++ b/README.md
@ -1,12 +1,4 @@
-# Pipeline-Docker-Template
+# Rstudio test image
-This is a template useful for building docker images and push to dockerhub.
+This image is built from the rstudio-base image, to test changes to packages and the environment.
 There is a jenkinsjob template on our jenkins with the same name.
 ## USAGE TIPS:
 * REMEMBER TO FILL the jenkinsfile environment section with your values. The following field should be properly filled: imagename, git_url
 * REMEMBER TO PUT your Dockerfile in the root folder of your new project
 * You can find the related jenkinsjob template here: https://jenkins.d4science.org/job/Pipeline-Docker-Template/
--- a/rsession.conf
+++ b/rsession.conf
@ -0,0 +1,11 @@
 session-timeout-minutes=7200
 session-disconnected-timeout-minutes=1440
 session-quit-child-processes-on-exit=1
 session-default-working-dir=~
 session-default-new-project-dir=~
 session-save-action-default=no
 allow-shell=1
 allow-terminal-websockets=0
 limit-cpu-time-minutes=0
 limit-file-upload-size-mb=0
 limit-xfs-disk-quota=no