Fix typo

docker/Dockerfile.cc-base-alma8

@@ -0,0 +1,327 @@
+FROM coffeateam/coffea-base-almalinux8:0.7.22-py3.10
+
+# https://github.com/jupyter/docker-stacks/blob/master/base-notebook/Dockerfile
+
+# Fix DL4006
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+USER root
+LABEL maintainer="Oksana Shadura <[email protected]>"
+# Jupyterhub
+ARG NB_USER="cms-jovyan"
+ARG NB_UID="6440"
+ARG NB_GID="11265"
+# Configure Labextention Dask Cluster factory
+ARG DASK_ROOT_CONFIG="/opt/dask"
+ARG CERT_DIR="/etc/cmsaf-secrets"
+# Labextention
+ARG LABEXTENTION_CLUSTER="UNL HTCondor Cluster"
+ARG LABEXTENTION_FACTORY_CLASS="CoffeaCasaCluster"
+ARG LABEXTENTION_FACTORY_MODULE="coffea_casa"
+# Condor settings
+ARG CONDOR_HOST="red-condor.unl.edu"
+ARG COLLECTOR_NAME="Nebraska T2"
+ARG UID_DOMAIN="unl.edu"
+ARG SCHEDD_HOST="t3.unl.edu"
+# XCACHE
+ARG XCACHE_HOST="red-xcache1.unl.edu"
+# FIX ME AFTER TEST:
+ARG BEARER_TOKEN_FILE="/etc/cmsaf-secrets-chown/access_token"
+# Tag
+ARG TAG="development"
+ARG PROJECT="coffea-casa"
+ARG REGISTRY="hub.opensciencegrid.org"
+ARG WORKER_IMAGE="${REGISTRY}/${PROJECT}/cc-analysis-centos7"
+
+# Hack for GH Actions
+ARG GITHUB_ACTIONS="false"
+
+# Configure environment
+ENV CONDA_DIR /usr/local
+ENV SHELL /bin/bash
+ENV NB_USER $NB_USER
+ENV USER $NB_USER
+ENV NB_UID $NB_UID
+ENV NB_GID $NB_GID
+ENV HOME /home/$NB_USER
+ENV PATH "${CONDA_DIR}/bin/:$PATH"
+ENV DASK_ROOT_CONFIG $DASK_ROOT_CONFIG
+ENV LABEXTENTION_CLUSTER $LABEXTENTION_CLUSTER
+ENV LABEXTENTION_FACTORY_CLASS $LABEXTENTION_FACTORY_CLASS
+ENV LABEXTENTION_FACTORY_MODULE $LABEXTENTION_FACTORY_MODULE
+ENV CONDOR_HOST $CONDOR_HOST
+ENV COLLECTOR_NAME $COLLECTOR_NAME
+ENV UID_DOMAIN $UID_DOMAIN
+ENV SCHEDD_HOST $SCHEDD_HOST
+ENV CERT_DIR $CERT_DIR
+ENV TAG $TAG
+ENV XCACHE_HOST $XCACHE_HOST
+ENV WORKER_IMAGE $WORKER_IMAGE
+ENV BEARER_TOKEN_FILE $BEARER_TOKEN_FILE
+ENV LC_ALL en_US.UTF-8
+ENV LANG en_US.UTF-8
+ENV LANGUAGE en_US.UTF-8
+
+# Install all OS dependencies for notebook server that starts but lacks all
+# features (e.g., download as all possible file formats)
+RUN yum -y update \
+ && yum -y group install "Development Tools" \
+ && yum -y install \
+    wget \
+    epel-release \
+    gettext \
+    bzip2 \
+    ca-certificates \
+    sudo \
+    langpacks-en \
+    glibc-all-langpacks \
+    liberation-fonts \
+    wget \
+    nss_wrapper \
+    openssl \
+    emacs \
+    git \
+    unzip \
+    nano \
+    vim  \
+    curl \
+    net-tools \
+    libXext \
+    libSM \
+    libXrender \
+    xdg-utils \
+    nc \
+    openssh-clients \
+    tzdata \
+    unzip \
+    gdb \
+    && yum clean all && rm -rf /var/cache/yum
+
+# Copy a script that we will use to correct permissions after running certain commands
+COPY jupyterhub/fix-permissions /usr/local/bin/fix-permissions
+RUN chmod a+rx /usr/local/bin/fix-permissions
+
+# Enable prompt color in the skeleton .bashrc before creating the default NB_USER
+# hadolint ignore=SC2016
+RUN sed -i 's/^#force_color_prompt=yes/force_color_prompt=yes/' /etc/skel/.bashrc && \
+   # Add call to conda init script see https://stackoverflow.com/a/58081608/4413446
+   echo 'eval "$(command conda shell.bash hook 2> /dev/null)"' >> /etc/skel/.bashrc
+
+# Create NB_USER with name cms-jovyan user with given UID and in the 'users' group
+# and make sure these dirs are writable by the `users` group.
+RUN echo "auth requisite pam_deny.so" >> /etc/pam.d/su && \
+    sed -i.bak -e 's/^%admin/#%admin/' /etc/sudoers && \
+    sed -i.bak -e 's/^%sudo/#%sudo/' /etc/sudoers && \
+    groupadd -r "${NB_USER}" --gid "$NB_GID" && \
+    useradd -l -m -s /bin/bash -N -u "${NB_UID}" "${NB_USER}" && \
+    mkdir -p "${CONDA_DIR}" && \
+    chown -R "${NB_USER}:${NB_GID}" "${CONDA_DIR}" && \
+    chown -R "${NB_USER}:${NB_GID}" "${HOME}" && \
+    chmod g+w /etc/passwd && \
+    fix-permissions "${HOME}" && \
+    fix-permissions "${CONDA_DIR}"
+
+USER $NB_USER
+WORKDIR $HOME
+# Setup work directory for backward-compatibility
+RUN mkdir "/home/${NB_USER}/work" && \
+    fix-permissions "/home/${NB_USER}"
+
+# Install Jupyter Notebook, Lab, and Hub
+# Generate a notebook server config
+# Cleanup temporary files
+# Correct permissions
+# Do all this in a single RUN command to avoid duplicating all of the
+# files across image layers when the permissions change
+
+RUN  mamba remove htcondor
+
+RUN mamba install --quiet --yes \
+    -c conda-forge \
+    'notebook'==6.5.3 \
+    'jupyterhub'==3.1.1 \
+    'jupyterlab'==3.6.1 \
+    jupyterlab_widgets==3.0.7 \
+    jupyterlab-git==0.41.0 \
+    jupyter_client==8.1.0 \
+    jupyterlab_widgets \
+    nodejs \
+    htcondor==10.8.0 \
+    ipywidgets==8.0.6 && \
+    mamba clean \
+        --all \
+        --force-pkgs-dirs \
+        --yes && \
+    npm cache clean --force && \
+    jupyter notebook --generate-config && \
+    jupyter lab clean && \
+    rm -rf "/home/${NB_USER}/.cache/yarn"
+    #fix-permissions "${CONDA_DIR}" && \
+    #fix-permissions "/home/${NB_USER}"
+
+EXPOSE 8888
+
+# Copy local files as late as possible to avoid cache busting
+COPY jupyterhub/start.sh jupyterhub/start-notebook.sh jupyterhub/start-singleuser.sh /usr/local/bin/
+# Currently need to have both jupyter_notebook_config and jupyter_server_config to support classic and lab
+COPY jupyterhub/jupyter_notebook_config.py /etc/jupyter/
+
+# Fix permissions on /etc/jupyter as root
+USER root
+
+# Prepare upgrade to JupyterLab V3.0 #1205
+RUN sed -re "s/c.NotebookApp/c.ServerApp/g" \
+    /etc/jupyter/jupyter_notebook_config.py > /etc/jupyter/jupyter_server_config.py && \
+    fix-permissions /etc/jupyter/
+
+# Enable the serverextensions that do not use the conf.d approach and
+# build JupyterLab.
+RUN jupyter serverextension enable dask_labextension jupyterlab_git && \ 
+    jupyter server extension list && \
+    jupyter lab build --debug --dev-build=False --minimize=False && jupyter lab clean && \
+    npm cache clean --force && \
+    rm -rf $HOME/.cache/yarn && \
+    rm -rf $HOME/.node-gyp
+
+USER root
+# Preparing directories for Dask conf files, patches and job spool directory for HTCondor
+RUN mkdir -p ${DASK_ROOT_CONFIG}  && chown -R "${NB_USER}:${NB_GID}" ${DASK_ROOT_CONFIG} && \
+    mkdir -p /opt/condor/config.d  && chown -R "${NB_USER}:${NB_GID}" /opt/condor/config.d && \
+    mkdir -p ${HOME}/.condor/tokens.d && \
+    mkdir -p /var/lib/condor && \
+    mkdir -p /etc/condor/config.d
+
+USER ${NB_UID}
+
+RUN mamba install --yes \
+    -c conda-forge \
+    zstandard \
+    htcondor==10.8.0 \
+    xgboost \
+    pyhf \
+    xrootd \
+    scipy>=1.8.1 \
+    cabinetry \
+    vector \
+    hist \
+    mplhep \
+    iminuit \
+    cmake \
+    scikit-hep-testdata \
+    && mamba clean \
+        --all \
+        --force-pkgs-dirs \
+        --yes
+
+USER ${NB_UID}
+# Dask, Labextention and coffea-casa setup
+COPY dask/dask.yaml dask/labextension.yaml ${DASK_ROOT_CONFIG}/
+
+USER root
+# Add HTCondor configuration files that not needed to be edited
+COPY condor/condor_config /etc/condor/
+COPY condor/config.d  /etc/condor/config.d/
+
+RUN ln -s /usr/local/etc/grid-security /etc/grid-security
+
+RUN curl -L https://github.com/opensciencegrid/osg-vo-config/archive/refs/heads/master.tar.gz | \
+    tar -xz --strip-components=1 --directory=/etc/grid-security --wildcards */vomses */vomsdir && \
+    mv /etc/grid-security/vomses /etc
+
+# Setup HTCondor user/group and change group for user $NB_USER
+# Fix error (submitting jobs as user/group 0 (root) is not allowed for security reasons) and
+# it configured from kubernetes side and updated in docker container to match it
+RUN groupadd -r condor && \
+    useradd -r -g condor -d /var/lib/condor -s /sbin/nologin condor
+
+# Fix permissions for Dask/Ceph config files
+RUN chown -R "${NB_USER}:${NB_GID}" ${DASK_ROOT_CONFIG}/*.yaml
+ENV LD_LIBRARY_PATH="${CONDA_DIR}/lib/:$LD_LIBRARY_PATH"
+ENV PATH="${CONDA_DIR}/bin/:$PATH"
+
+# FIXME: we have a wrong path, let's make a link.
+# cms-jovyan@jupyter-oksana-2eshadura-40cern-2ech:~$ echo $PATH
+# ${CONDA_DIR}/condabin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+RUN rm -rf ${CONDA_DIR}/condabin && ln -s ${CONDA_DIR}/bin ${CONDA_DIR}/condabin
+
+# Mkdir CVMFS mount directory.  Mount done upstream in configs. Harmless
+# if not utilized, crucial if CVMFS is desired
+RUN mkdir /cvmfs
+
+USER ${NB_USER}    
+RUN pip install --no-cache-dir \
+    correctionlib \
+    funcx \
+    pyyaml \
+    # visualization
+    Shapely==1.8.1.post1 \
+    descartes==1.1.0 \
+    # JSON processor
+    jq \
+    # ML packages
+    dask-ml \
+    prometheus_client \
+    comm>=0.1.2 \
+    mlflow \
+    jupytext \
+    # https://github.com/ssl-hep/servicex-labextension.git
+    servicex-dashboard
+
+RUN if [ "${TAG:-}" == "development" ]; then pip install --no-cache-dir git+https://github.com/CoffeaTeam/coffea-casa.git#egg=coffea_casa ; else pip install --no-cache-dir coffea_casa -U ; fi
+
+# ------- xrootd-xcache-plugin -------------------------------
+RUN cd /tmp && \
+    git clone -b xcache https://github.com/jthiltges/xrdcl-authz-plugin.git && \
+    cd xrdcl-authz-plugin && \
+    mkdir build && \
+    cd  build && \
+    cmake /tmp/xrdcl-authz-plugin -DCMAKE_INSTALL_PREFIX=${CONDA_DIR} && \
+    make && \
+    make install
+
+ENV XRD_PLUGINCONFDIR="${CONDA_DIR}/etc/xrootd/client.plugins.d/"
+ENV XRD_PLUGIN="${CONDA_DIR}/lib/libXrdClXcachePlugin-5.so"
+
+RUN chmod 755 /etc/grid-security/certificates
+COPY certs/hcc-flatiron.pem /etc/grid-security/certificates/
+RUN ln -s /etc/grid-security/certificates/hcc-flatiron.pem /etc/grid-security/certificates/80d1fda9.0
+
+# Coffea_casa - > jobqueue-coffea-casa.yaml
+COPY dask/jobqueue-coffea-casa.yaml dask/dask_tls.yaml ${DASK_ROOT_CONFIG}/
+
+USER root
+# Distributed: we need to install patched version of distributed version
+COPY dask/distributed ${CONDA_DIR}/lib/python3.10/site-packages/distributed
+RUN cd ${CONDA_DIR}/lib/python3.10/site-packages/distributed && \
+    patch -p2 < 0001-Patch-from-bbockelman-adaptive-scaling.patch && \
+    patch -p2 < 0002-Allow-scheduler-to-preserve-worker-hostnames.patch
+    # && patch -p2 < 0003-Activate-patch.patch
+    # && patch -p2 < 0004-Add-possibility-to-setup-external_adress-for-schedul.patch
+    # && patch -p2 < 0005-Add-nanny-patch.patch
+
+# Cleanup
+RUN rm -rf /tmp/* \
+    && rm -rf $HOME/.cache/.pip/* \
+    && mamba clean --all -f -y \
+    && jupyter lab clean \
+    && jlpm cache clean \
+    && npm cache clean --force \
+    && find ${CONDA_DIR} -type f -name '*.a' -delete \
+    && find ${CONDA_DIR} -type f -name '*.pyc' -delete \
+    && find ${CONDA_DIR} -type f -name '*.js.map' -delete \
+    && (find ${CONDA_DIR}/lib/python3.10/site-packages/bokeh/server/static -type f,l -name '*.js' -not -name '*.min.js' -delete || echo "no bokeh static files to cleanup") \
+    && rm -rf ${CONDA_DIR}/pkgs
+
+# FIXME: add better layering for preparation of env
+ADD prepare-env/prepare-env-cc.sh /usr/local/bin/prepare-env.sh
+RUN chmod ugo+x /usr/local/bin/prepare-env.sh
+
+# Switch back to cms-jovyan to avoid accidental container runs as root
+USER ${NB_UID}
+WORKDIR $HOME
+ENTRYPOINT ["tini", "-g", "--", "/usr/local/bin/prepare-env.sh"]
+
+# Extra packages to be installed (apt, pip, conda) and commands to be executed
+# Use bash login shell for entrypoint in order
+# to automatically source user's .bashrc
+CMD ["start-notebook.sh"]

docker/README.IDAP.md

@@ -8,5 +8,5 @@ sudo docker build --build-arg TAG="2024.03.26" -t hub.opensciencegrid.org/coffea
 ```
 
 ```
-docker build --build-arg TAG="2024.03.26" -t hub.opensciencegrid.org/coffea-casa/cc-dask-alma8:2024.03.26 -f ./Dockerfile.cc-analysis-alma8 .
+docker build --build-arg TAG="2024.03.26" -t hub.opensciencegrid.org/coffea-casa/cc-analysis-alma8:2024.03.26 -f ./Dockerfile.cc-analysis-alma8 .
 ```