New modality of building the images

This commit is contained in:
Andrea Dell'Amico 2023-04-10 22:19:19 +02:00
parent fa28a66847
commit ed286a3f52
Signed by: andrea.dellamico
GPG Key ID: 147ABE6CEB9E20FF
10 changed files with 17 additions and 348 deletions

View File

@ -1,16 +0,0 @@
#!/bin/bash
# shellcheck shell=bash
if [ -d "/var/run/s6/container_environment" ] ; then
## Set our dynamic variables in Renviron.site to be reflected by RStudio Server or Shiny Server
exclude_vars="HOME PASSWORD RSTUDIO_VERSION BATCH_USER_CREATION"
for file in /var/run/s6/container_environment/*
do
sed -i "/^${file##*/}=/d" ${R_HOME}/etc/Renviron.site
regex="(^| )${file##*/}($| )"
[[ ! $exclude_vars =~ $regex ]] && echo "${file##*/}=$(cat $file)" >> ${R_HOME}/etc/Renviron.site || echo "skipping $file"
done
## only file-owner (root) should read container_environment files:
chmod 600 /var/run/s6/container_environment/*
fi

View File

@ -1,120 +0,0 @@
#!/usr/bin/with-contenv bash
# shellcheck shell=bash
## Set defaults for environmental variables in case they are undefined
DEFAULT_USER=${DEFAULT_USER:-rstudio}
USER=${USER:=${DEFAULT_USER}}
USERID=${USERID:=1000}
GROUPID=${GROUPID:=1000}
ROOT=${ROOT:=FALSE}
UMASK=${UMASK:=022}
LANG=${LANG:=en_US.UTF-8}
TZ=${TZ:=Etc/UTC}
HOME=/home/${USER}
bold=$(tput bold)
normal=$(tput sgr0)
if [[ ${DISABLE_AUTH,,} == "true" ]]
then
mv /etc/rstudio/disable_auth_rserver.conf /etc/rstudio/rserver.conf
echo "USER=$USER" >> /etc/environment
fi
if grep --quiet "auth-none=1" /etc/rstudio/rserver.conf
then
echo "Skipping authentication as requested"
elif [ -z "$PASSWORD" ]
then
PASSWORD=$(pwgen 16 1)
printf "\n\n"
tput bold
printf "The password is set to \e[31m%s\e[39m\n" "$PASSWORD"
printf "If you want to set your own password, set the PASSWORD environment variable. e.g. run with:\n"
printf "docker run -e PASSWORD=\e[92m<YOUR_PASS>\e[39m -p 8787:8787 rocker/rstudio\n"
tput sgr0
printf "\n\n"
fi
if [ "$USERID" -lt 1000 ]
# Probably a macOS user, https://github.com/rocker-org/rocker/issues/205
then
echo "$USERID is less than 1000"
check_user_id=$(grep -F "auth-minimum-user-id" /etc/rstudio/rserver.conf)
if [[ ! -z $check_user_id ]]
then
echo "minumum authorised user already exists in /etc/rstudio/rserver.conf: $check_user_id"
else
echo "setting minumum authorised user to 499"
echo auth-minimum-user-id=499 >> /etc/rstudio/rserver.conf
fi
fi
if [ "$USERID" -ne 1000 ]
## Configure user with a different USERID if requested.
then
echo "deleting the default user"
userdel $DEFAULT_USER
echo "creating new $USER with UID $USERID"
useradd -m $USER -u $USERID
mkdir -p /home/$USER
chown -R $USER /home/$USER
usermod -a -G staff $USER
elif [ "$USER" != "$DEFAULT_USER" ]
then
## cannot move home folder when it's a shared volume, have to copy and change permissions instead
if ! [ -f /home/$USER/.profile ]
then
cp -r /home/$DEFAULT_USER/.??* /home/$USER || true
fi
## RENAME the user
usermod -l $USER -d /home/$USER $DEFAULT_USER
groupmod -n $USER $DEFAULT_USER
usermod -a -G staff $USER
chown -R $USER:$USER /home/$USER
echo "USER is now $USER"
fi
[ "$USER" != "rstudio" ] && rm -fr /home/rstudio
if [ "$GROUPID" -ne 1000 ]
## Configure the primary GID (whether rstudio or $USER) with a different GROUPID if requested.
then
echo "Modifying primary group $(id $USER -g -n)"
groupmod -g $GROUPID $(id $USER -g -n)
echo "Primary group ID is now custom_group $GROUPID"
fi
if [[ ${DISABLE_AUTH,,} != "true" ]]
then
## Add a password to user
echo "$USER:$PASSWORD" | chpasswd
fi
# Use Env flag to know if user should be added to sudoers
if [[ ${ROOT,,} == "true" ]]
then
adduser $USER sudo && echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
echo "$USER added to sudoers"
fi
## Change Umask value if desired
if [ "$UMASK" -ne 022 ]
then
echo "server-set-umask=false" >> /etc/rstudio/rserver.conf
echo "Sys.umask(mode=$UMASK)" >> /home/$USER/.Rprofile
fi
## Next one for timezone setup
if [ "$TZ" != "Etc/UTC" ]
then
ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
fi
## Update Locale if needed
if [ "$LANG" != "en_US.UTF-8" ]
then
/usr/sbin/locale-gen --lang $LANG
/usr/sbin/update-locale --reset LANG=$LANG
fi

View File

@ -1,11 +0,0 @@
#!/usr/bin/with-contenv bash
echo "root path: $WWW_ROOT_PATH"
if [[ ! -z $WWW_ROOT_PATH ]]
then
echo "Set www-root-path to $WWW_ROOT_PATH"
echo "www-root-path=$WWW_ROOT_PATH" >> /etc/rstudio/rserver.conf
else
echo "Not setting www-root-path"
fi

View File

@ -1,5 +0,0 @@
#!/usr/bin/with-contenv bash
printenv >> /etc/R/Renviron.site
printenv > /home/$USER/.Renviron

View File

@ -1,13 +0,0 @@
#!/usr/bin/with-contenv bash
echo "session-timeout-minutes=7200" >> /etc/rstudio/rsession.conf
echo "session-disconnected-timeout-minutes=1440" >> /etc/rstudio/rsession.conf
echo "session-quit-child-processes-on-exit=0" >> /etc/rstudio/rsession.conf
echo "session-default-working-dir=~" >> /etc/rstudio/rsession.conf
echo "session-default-new-project-dir=~" >> /etc/rstudio/rsession.conf
#echo "session-save-action-default=yes" >> /etc/rstudio/rsession.conf
echo "allow-shell=1" >> /etc/rstudio/rsession.conf
#echo "allow-terminal-websockets=1" >> /etc/rstudio/rsession.conf
echo "limit-cpu-time-minutes=0" >> /etc/rstudio/rsession.conf
echo "limit-file-upload-size-mb=0" >> /etc/rstudio/rsession.conf
#echo "limit-xfs-disk-quota=no" >> /etc/rstudio/rsession.conf

View File

@ -1,24 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<configuration scan="true" scanPeriod="60 seconds" debug="false">
<appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>/var/log/workspace-lib/fuse-workspace.log</file>
<append>true</append>
<encoder>
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{0}: %msg%n
</pattern>
</encoder>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>./var/log/workspace-lib/fuse-workspace.log%d{yyyy-MM-dd}.log</fileNamePattern>
<maxHistory>30</maxHistory>
<maxFileSize>10MB</maxFileSize>
<totalSizeCap>100MB</totalSizeCap>
</rollingPolicy>
</appender>
<logger name="org.gcube.data.access.storagehub.fs" level="WARN" />
<logger name="org.gcube" level="WARN" />
<root level="WARN">
<appender-ref ref="FILE" />
</root>
</configuration>

View File

@ -1,64 +0,0 @@
#!/usr/bin/with-contenv bash
# Functions that decode a JWT token
_decode_base64_url() {
local len=$((${#1} % 4))
local result="$1"
if [ $len -eq 2 ]; then result="$1"'=='
elif [ $len -eq 3 ]; then result="$1"'='
fi
echo "$result" | tr '_-' '/+' | base64 -d
}
# $1 => JWT to decode
# $2 => either 1 for header or 2 for body (default is 2)
decode_jwt() { _decode_base64_url $(echo -n $1 | cut -d "." -f ${2:-2}) | jq .; }
_workspace_scope="/d4science.research-infrastructures.eu"
echo "Manage the user's workspace"
workspace_dir='/workspace'
workspace_logdir='/var/log/workspace-lib'
workspace_libdir='/opt/workspace-lib'
workspace_fuse_jar="$workspace_libdir/fuse-workspace.jar"
[[ ! -d "$workspace_dir" ]] || [[ -z `ls -A "$workspace_dir"` ]] || mv $workspace_dir ${workspace_dir}.old
mkdir -p $workspace_dir
chown ${USER}:${USER} $workspace_dir
chown -R ${USER}:${USER} $workspace_logdir
chmod 444 $workspace_fuse_jar
_retval=
if [ -d /home/${USER}/workspace ]; then
rmdir /home/${USER}/workspace
_retval=$?
if [ $_retval -ne 0 ]; then
echo "The user has a directory named 'workspace' inside their home directory and it is not empty."
echo "Not starting the workspace mount"
exit $_retval
fi
fi
echo "Mount the workspace"
su - "$USER" -c "/usr/bin/java -cp .:${workspace_dir}:${workspace_logdir}/ -Dlogback.configurationFile=${workspace_logdir}/logback.xml -jar $workspace_fuse_jar $SHINYPROXY_OIDC_ACCESS_TOKEN ${_workspace_scope} $workspace_dir" >/dev/null 2>&1 &
sleep 5
_retval=
_fuse_process=$(ps auwwx | grep fuse | grep java)
_retval=$?
if [ $_retval -ne 0 ]; then
echo "The mount of the workspace failed"
exit 1
else
pushd /home/${USER}
if [ $? -ne 0 ]; then
if ! [ -L workspace ]; then
su - "$USER" -c "ln -s $workspace_dir /workspace"
fi
else
echo "Cannot cd inside the user's home directory"
exit 1
fi
echo "The workspace has been mounted"
exit 0
fi

View File

@ -1,93 +1,12 @@
FROM d4science/r-studio-requirement FROM d4science/rstudio-base:2023-03-R4-2
LABEL org.d4science.image.licenses="EUPL-1.2" \ LABEL org.d4science.image.licenses="EUPL-1.2" \
org.d4science.image.source="https://code-repo.d4science.org/gCubeSystem/r-studio-requirement" \ org.d4science.image.source="https://code-repo.d4science.org/gCubeSystem/r-studio-test" \
org.d4science.image.vendor="D4Science <https://www.d4science.org>" \ org.d4science.image.vendor="D4Science <https://www.d4science.org>" \
org.d4science.image.authors="Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>, Roberto Cirillo <roberto.cirillo@isti.cnr.it>" \ org.d4science.image.authors="Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>, Roberto Cirillo <roberto.cirillo@isti.cnr.it>" \
org.d4science.image.r_version="2022.02.1+461" org.d4science.image.r_version="2022.02.1+461"
ARG NB_USER="jovyan" COPY rsession.conf /etc/rstudio/rsession.conf
ARG NB_UID="1000" RUN chmod 0644 /etc/rstudio/rsession.conf
ARG NB_GID="100"
ARG HOME="/home/${NB_USER}"
ENV S6_VERSION=v2.1.0.2
ENV RSTUDIO_VERSION=2022.02.1+461
ENV DEFAULT_USER="jovyan"
ENV USERID="1000"
ENV GROUPID="100"
ENV PANDOC_VERSION=default
ENV PATH=/usr/lib/rstudio-server/bin:$PATH
ENV DEBIAN_FRONTEND=noninteractive
ENV R_HOME=/usr/local/lib/R
# Configure environment
ENV SHELL=/bin/bash \
NB_USER="${NB_USER}" \
NB_UID=${NB_UID} \
NB_GID=${NB_GID} \
LC_ALL=en_US.UTF-8 \
LANG=en_US.UTF-8 \
LANGUAGE=en_US.UTF-8
ENV HOME="/home/${NB_USER}"
RUN apt-get update --yes && \
apt-get upgrade --yes && \
apt-get install --yes --no-install-recommends \
python3 python3-pip \
curl
RUN /rocker_scripts/install_rstudio.sh
# This part comes from https://github.com/openanalytics/shinyproxy-rstudio-ide-demo/blob/master/Dockerfile
RUN echo "www-frame-origin=same" >> /etc/rstudio/disable_auth_rserver.conf
RUN echo "www-verify-user-agent=0" >> /etc/rstudio/disable_auth_rserver.conf
# ADD 02_userconf.sh /etc/cont-init.d/02_userconf
RUN mv -f /etc/rstudio/disable_auth_rserver.conf /etc/rstudio/rserver.conf
RUN echo "USER=$NB_USER" >> /etc/environment
# ADD 03_setup_root_path.sh /etc/cont-init.d/03_setup_root_path
# ADD 05_setup_rsession_parameters.sh /etc/cont-init.d/05_setup_rsession_parameters
RUN echo "session-timeout-minutes=7200" >> /etc/rstudio/rsession.conf
RUN echo "session-disconnected-timeout-minutes=1440" >> /etc/rstudio/rsession.conf
RUN echo "session-quit-child-processes-on-exit=0" >> /etc/rstudio/rsession.conf
RUN echo "session-default-working-dir=~" >> /etc/rstudio/rsession.conf
RUN echo "session-default-new-project-dir=~" >> /etc/rstudio/rsession.conf
RUN #echo "session-save-action-default=yes" >> /etc/rstudio/rsession.conf
RUN echo "allow-shell=1" >> /etc/rstudio/rsession.conf
RUN #echo "allow-terminal-websockets=1" >> /etc/rstudio/rsession.conf
RUN echo "limit-cpu-time-minutes=0" >> /etc/rstudio/rsession.conf
RUN echo "limit-file-upload-size-mb=0" >> /etc/rstudio/rsession.conf
RUN #echo "limit-xfs-disk-quota=no" >> /etc/rstudio/rsession.conf
RUN curl -o "${R_HOME}/etc/Rprofile.site" "https://code-repo.d4science.org/gCubeSystem/rstudio-rprofile/raw/branch/master/jupyter-Rprofile.site" RUN curl -o "${R_HOME}/etc/Rprofile.site" "https://code-repo.d4science.org/gCubeSystem/rstudio-rprofile/raw/branch/master/jupyter-Rprofile.site"
# Copy a script that we will use to correct permissions after running certain commands
COPY fix-permissions /usr/local/bin/fix-permissions
RUN chmod a+rx /usr/local/bin/fix-permissions
# Create NB_USER with name jovyan user with UID=1000 and in the 'users' group
# and make sure these dirs are writable by the `users` group.
RUN echo "auth requisite pam_deny.so" >> /etc/pam.d/su && \
sed -i.bak -e 's/^%admin/#%admin/' /etc/sudoers && \
sed -i.bak -e 's/^%sudo/#%sudo/' /etc/sudoers && \
userdel -r "${NB_USER}" && \
useradd -l -m -s /bin/bash -N -u "${NB_UID}" "${NB_USER}" && \
chmod g+w /etc/passwd && \
fix-permissions "${HOME}"
# Install the jupiterhub proxy
RUN pip3 install \
jsonschema'[format,format-nongpl]' \
jupyterhub \
jupyterlab \
jupyter-rsession-proxy \
jupyter-server-proxy \
notebook
RUN apt-get clean && rm -rf /var/lib/apt/lists/* && \
echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && \
locale-gen
# Enable prompt color in the skeleton .bashrc before creating the default NB_USER
# hadolint ignore=SC2016
RUN sed -i 's/^#force_color_prompt=yes/force_color_prompt=yes/' /etc/skel/.bashrc
WORKDIR ${HOME}

View File

@ -1,12 +1,4 @@
# Pipeline-Docker-Template # Rstudio test image
This is a template useful for building docker images and push to dockerhub. This image is built from the rstudio-base image, to test changes to packages and the environment.
There is a jenkinsjob template on our jenkins with the same name.
## USAGE TIPS:
* REMEMBER TO FILL the jenkinsfile environment section with your values. The following field should be properly filled: imagename, git_url
* REMEMBER TO PUT your Dockerfile in the root folder of your new project
* You can find the related jenkinsjob template here: https://jenkins.d4science.org/job/Pipeline-Docker-Template/

11
rsession.conf Normal file
View File

@ -0,0 +1,11 @@
session-timeout-minutes=7200
session-disconnected-timeout-minutes=1440
session-quit-child-processes-on-exit=1
session-default-working-dir=~
session-default-new-project-dir=~
session-save-action-default=no
allow-shell=1
allow-terminal-websockets=0
limit-cpu-time-minutes=0
limit-file-upload-size-mb=0
limit-xfs-disk-quota=no