From df772c09a887425267f90d2667dfa94ed8c3df58 Mon Sep 17 00:00:00 2001 From: Peter Su Date: Tue, 12 Aug 2025 13:51:38 -0700 Subject: [PATCH 01/25] initial commits for the nemo container custom app --- src/nemo_jupyter/.devcontainer.json | 51 +++++++++++++++++++++ src/nemo_jupyter/devcontainer-template.json | 23 ++++++++++ src/nemo_jupyter/docker-compose.yaml | 23 ++++++++++ 3 files changed, 97 insertions(+) create mode 100644 src/nemo_jupyter/.devcontainer.json create mode 100644 src/nemo_jupyter/devcontainer-template.json create mode 100644 src/nemo_jupyter/docker-compose.yaml diff --git a/src/nemo_jupyter/.devcontainer.json b/src/nemo_jupyter/.devcontainer.json new file mode 100644 index 00000000..d1a6c920 --- /dev/null +++ b/src/nemo_jupyter/.devcontainer.json @@ -0,0 +1,51 @@ +{ + "name": "Workbench NeMo devcontainer template", + "dockerComposeFile": "docker-compose.yaml", + "service": "app", + "shutdownAction": "none", + "workspaceFolder": "/workspace", + // Get the host's docker group ID and propagate it into the .env file, which + // allows it to be used within docker-compose.yaml. + "initializeCommand": "DOCKER_GID=`getent group docker | cut -d: -f3` && echo \"DOCKER_GID=${DOCKER_GID}\" > .env", + "postCreateCommand": "./startupscript/post-startup.sh jupyter /home/jupyter ${templateOption:cloud} ${templateOption:login} && ./startupscript/setup-docker.sh", + // re-mount bucket files on container start up + "postStartCommand": [ + "./startupscript/remount-on-restart.sh", + "jupyter", + "/home/jupyter", + "${templateOption:cloud}", + "${templateOption:login}" + ], + "remoteUser": "root", + "customizations": { + "workbench": { + "opens": { + "extensions": [ + // Source + ".ipynb", + ".R", + ".py", + // Documents + ".md", + ".html", + ".latex", + ".pdf", + // Images + ".bmp", + ".gif", + ".jpeg", + ".jpg", + ".png", + ".svg", + // Data + ".csv", + ".tsv", + ".json", + ".vl" + ], + "fileUrlSuffix": "/lab/tree/{path}", + "folderUrlSuffix": "/lab/tree/{path}" + } + } + } +} diff --git a/src/nemo_jupyter/devcontainer-template.json b/src/nemo_jupyter/devcontainer-template.json new file mode 100644 index 00000000..80985308 --- /dev/null +++ b/src/nemo_jupyter/devcontainer-template.json @@ -0,0 +1,23 @@ +{ + "id": "jupyter", + "version": "0.0.2", + "name": "Jupyter", + "description": "A Template to run jupyter on workbench", + "documentationURL": "https://github.com/verily-src/workbench-app-devcontainers/tree/master/src/jupyter", + "licenseURL": "https://github.com/verily-src/workbench-app-devcontainers/blob/master/LICENSE", + "options": { + "cloud": { + "type": "string", + "description": "VM cloud environment", + "proposals": ["gcp", "aws"], + "default": "gcp" + }, + "login": { + "type": "string", + "description": "Whether to log in to workbench CLI", + "proposals": ["true", "false"], + "default": "false" + } + }, + "platforms": ["Any"] +} diff --git a/src/nemo_jupyter/docker-compose.yaml b/src/nemo_jupyter/docker-compose.yaml new file mode 100644 index 00000000..e0f570dd --- /dev/null +++ b/src/nemo_jupyter/docker-compose.yaml @@ -0,0 +1,23 @@ +version: "2.4" +services: + app: + container_name: "application-server" + image: "us-central1-docker.pkg.dev/wb-quick-seed-877/nemo-demo-repo/test1:20250812" + user: "jupyter" + restart: always + volumes: + - .:/workspace:cached + ports: + - "8888:8888" + networks: + - app-network + cap_add: + - SYS_ADMIN + devices: + - /dev/fuse + security_opt: + - apparmor:unconfined + command: jupyter lab --ip=0.0.0.0 --port=8888 --no-browser --allow-root --LabApp.token='' + networks: + app-network: + external: true \ No newline at end of file From 5feb355aec978c6cd77a60a0a509ca0fff92bfba Mon Sep 17 00:00:00 2001 From: Peter Su Date: Tue, 12 Aug 2025 16:01:44 -0700 Subject: [PATCH 02/25] adding Dockerfile using nvcr.io/nvidia/nemo:24.09 --- src/nemo_jupyter/Dockerfile | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 src/nemo_jupyter/Dockerfile diff --git a/src/nemo_jupyter/Dockerfile b/src/nemo_jupyter/Dockerfile new file mode 100644 index 00000000..5bd00c83 --- /dev/null +++ b/src/nemo_jupyter/Dockerfile @@ -0,0 +1,18 @@ +# Use official Python image +FROM nvcr.io/nvidia/nemo:24.09 + +# Set working directory +# WORKDIR /workspace + +# Install NeMo and JupyterLab +# RUN pip install --upgrade pip && \ +# pip install nemo_toolkit jupyterlab + +# # Expose ports for JupyterLab and example NeMo service +# EXPOSE 8888 +# EXPOSE 5000 + +# Start JupyterLab by default +# CMD ["jupyter", "lab", "--ip=0.0.0.0", "--port=8888", "--no-browser", "--allow-root", "--LabApp.token=''"] +# Make sure python points to python3 +RUN sudo ln -s /usr/bin/python3 /usr/bin/python \ No newline at end of file From fc72322fef9423bab20ac5de2c338bc72c236791 Mon Sep 17 00:00:00 2001 From: Peter Su Date: Wed, 13 Aug 2025 15:16:16 +0000 Subject: [PATCH 03/25] putting the image directly in docker-compose.yaml --- src/nemo_jupyter/docker-compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/nemo_jupyter/docker-compose.yaml b/src/nemo_jupyter/docker-compose.yaml index e0f570dd..49370be7 100644 --- a/src/nemo_jupyter/docker-compose.yaml +++ b/src/nemo_jupyter/docker-compose.yaml @@ -2,7 +2,7 @@ version: "2.4" services: app: container_name: "application-server" - image: "us-central1-docker.pkg.dev/wb-quick-seed-877/nemo-demo-repo/test1:20250812" + image: "nvcr.io/nvidia/nemo:24.09" user: "jupyter" restart: always volumes: From 87b53685a755a09de542eb4657bbe9ea7424320a Mon Sep 17 00:00:00 2001 From: Peter Su Date: Wed, 13 Aug 2025 23:29:13 +0000 Subject: [PATCH 04/25] commented out the sudo command at the end --- src/nemo_jupyter/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/nemo_jupyter/Dockerfile b/src/nemo_jupyter/Dockerfile index 5bd00c83..a05edafe 100644 --- a/src/nemo_jupyter/Dockerfile +++ b/src/nemo_jupyter/Dockerfile @@ -15,4 +15,4 @@ FROM nvcr.io/nvidia/nemo:24.09 # Start JupyterLab by default # CMD ["jupyter", "lab", "--ip=0.0.0.0", "--port=8888", "--no-browser", "--allow-root", "--LabApp.token=''"] # Make sure python points to python3 -RUN sudo ln -s /usr/bin/python3 /usr/bin/python \ No newline at end of file +# RUN sudo ln -s /usr/bin/python3 /usr/bin/python \ No newline at end of file From afa24f733b2c80ca4f0825099b4823c8e9d4bbd3 Mon Sep 17 00:00:00 2001 From: Peter Su Date: Wed, 13 Aug 2025 23:29:33 +0000 Subject: [PATCH 05/25] fixed syntax error with network spacing, set user to root --- src/nemo_jupyter/docker-compose.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/nemo_jupyter/docker-compose.yaml b/src/nemo_jupyter/docker-compose.yaml index 49370be7..2d4d3057 100644 --- a/src/nemo_jupyter/docker-compose.yaml +++ b/src/nemo_jupyter/docker-compose.yaml @@ -3,7 +3,7 @@ services: app: container_name: "application-server" image: "nvcr.io/nvidia/nemo:24.09" - user: "jupyter" + user: root restart: always volumes: - .:/workspace:cached @@ -17,7 +17,7 @@ services: - /dev/fuse security_opt: - apparmor:unconfined - command: jupyter lab --ip=0.0.0.0 --port=8888 --no-browser --allow-root --LabApp.token='' + # command: jupyter lab --ip=0.0.0.0 --port=8888 --no-browser --allow-root --LabApp.token='' networks: - app-network: - external: true \ No newline at end of file + app-network: + external: true \ No newline at end of file From 05d12e3f7aae8f37bd22dbc2e2e47dde436f4fe9 Mon Sep 17 00:00:00 2001 From: Peter Su Date: Thu, 14 Aug 2025 19:08:48 +0000 Subject: [PATCH 06/25] fixed more indentation errors --- src/nemo_jupyter/docker-compose.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/nemo_jupyter/docker-compose.yaml b/src/nemo_jupyter/docker-compose.yaml index 2d4d3057..62eb6b75 100644 --- a/src/nemo_jupyter/docker-compose.yaml +++ b/src/nemo_jupyter/docker-compose.yaml @@ -19,5 +19,5 @@ services: - apparmor:unconfined # command: jupyter lab --ip=0.0.0.0 --port=8888 --no-browser --allow-root --LabApp.token='' networks: - app-network: - external: true \ No newline at end of file + app-network: + external: true \ No newline at end of file From 86a9f2c43b09eec356966d16ee75138f8affe128 Mon Sep 17 00:00:00 2001 From: Peter Su Date: Thu, 14 Aug 2025 22:48:46 +0000 Subject: [PATCH 07/25] indentation fix not persisting? --- src/nemo_jupyter/docker-compose.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/nemo_jupyter/docker-compose.yaml b/src/nemo_jupyter/docker-compose.yaml index 62eb6b75..a4f2adad 100644 --- a/src/nemo_jupyter/docker-compose.yaml +++ b/src/nemo_jupyter/docker-compose.yaml @@ -18,6 +18,6 @@ services: security_opt: - apparmor:unconfined # command: jupyter lab --ip=0.0.0.0 --port=8888 --no-browser --allow-root --LabApp.token='' - networks: - app-network: - external: true \ No newline at end of file +networks: + app-network: + external: true \ No newline at end of file From 1c9fb67035c5f7cb965ac325a0dafe12f8b63e40 Mon Sep 17 00:00:00 2001 From: Peter Su Date: Fri, 15 Aug 2025 22:39:21 +0000 Subject: [PATCH 08/25] removed initialize command, hardcoded /workspace as the post-startup.sh script, added java and google-cloud-cli as features to install --- src/nemo_jupyter/.devcontainer.json | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/src/nemo_jupyter/.devcontainer.json b/src/nemo_jupyter/.devcontainer.json index d1a6c920..79dd7eb6 100644 --- a/src/nemo_jupyter/.devcontainer.json +++ b/src/nemo_jupyter/.devcontainer.json @@ -6,16 +6,22 @@ "workspaceFolder": "/workspace", // Get the host's docker group ID and propagate it into the .env file, which // allows it to be used within docker-compose.yaml. - "initializeCommand": "DOCKER_GID=`getent group docker | cut -d: -f3` && echo \"DOCKER_GID=${DOCKER_GID}\" > .env", - "postCreateCommand": "./startupscript/post-startup.sh jupyter /home/jupyter ${templateOption:cloud} ${templateOption:login} && ./startupscript/setup-docker.sh", + // "initializeCommand": "DOCKER_GID=`getent group docker | cut -d: -f3` && echo \"DOCKER_GID=${DOCKER_GID}\" > .env", + "postCreateCommand": "apt update && apt install -y sudo && ./startupscript/post-startup.sh root /workspace gcp true", // re-mount bucket files on container start up "postStartCommand": [ "./startupscript/remount-on-restart.sh", - "jupyter", - "/home/jupyter", - "${templateOption:cloud}", - "${templateOption:login}" + "root", + "/workspace", + "gcp", + "true" ], + "features": { + "ghcr.io/devcontainers/features/java@sha256:df67d6ff6e9cdd858207ae9e92a99ddb88384b789f79eecd6f873216e951d286": { + "version": "17" + }, + "ghcr.io/dhoeric/features/google-cloud-cli@sha256:fa5d894718825c5ad8009ac8f2c9f0cea3d1661eb108a9d465cba9f3fc48965f": {} + }, "remoteUser": "root", "customizations": { "workbench": { @@ -48,4 +54,4 @@ } } } -} +} \ No newline at end of file From aa564e03548f573503c7196c8dc619b4a778ad72 Mon Sep 17 00:00:00 2001 From: Peter Su Date: Fri, 15 Aug 2025 22:39:47 +0000 Subject: [PATCH 09/25] added the jupyter command back in --- src/nemo_jupyter/docker-compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/nemo_jupyter/docker-compose.yaml b/src/nemo_jupyter/docker-compose.yaml index a4f2adad..02e0179c 100644 --- a/src/nemo_jupyter/docker-compose.yaml +++ b/src/nemo_jupyter/docker-compose.yaml @@ -17,7 +17,7 @@ services: - /dev/fuse security_opt: - apparmor:unconfined - # command: jupyter lab --ip=0.0.0.0 --port=8888 --no-browser --allow-root --LabApp.token='' + command: jupyter lab --ip=0.0.0.0 --port=8888 --no-browser --allow-root --LabApp.token='' networks: app-network: external: true \ No newline at end of file From 0ad46fbbbdbfe3c4016f07ddd4a11d9593a7d633 Mon Sep 17 00:00:00 2001 From: Peter Su Date: Mon, 18 Aug 2025 19:16:35 +0000 Subject: [PATCH 10/25] adding files for parabricks container, only differs from nemo in the image itself right now --- src/parabricks/.devcontainer.json | 57 +++++++++++++++++++++++ src/parabricks/Dockerfile | 18 +++++++ src/parabricks/devcontainer-template.json | 23 +++++++++ src/parabricks/docker-compose.yaml | 23 +++++++++ 4 files changed, 121 insertions(+) create mode 100644 src/parabricks/.devcontainer.json create mode 100644 src/parabricks/Dockerfile create mode 100644 src/parabricks/devcontainer-template.json create mode 100644 src/parabricks/docker-compose.yaml diff --git a/src/parabricks/.devcontainer.json b/src/parabricks/.devcontainer.json new file mode 100644 index 00000000..79dd7eb6 --- /dev/null +++ b/src/parabricks/.devcontainer.json @@ -0,0 +1,57 @@ +{ + "name": "Workbench NeMo devcontainer template", + "dockerComposeFile": "docker-compose.yaml", + "service": "app", + "shutdownAction": "none", + "workspaceFolder": "/workspace", + // Get the host's docker group ID and propagate it into the .env file, which + // allows it to be used within docker-compose.yaml. + // "initializeCommand": "DOCKER_GID=`getent group docker | cut -d: -f3` && echo \"DOCKER_GID=${DOCKER_GID}\" > .env", + "postCreateCommand": "apt update && apt install -y sudo && ./startupscript/post-startup.sh root /workspace gcp true", + // re-mount bucket files on container start up + "postStartCommand": [ + "./startupscript/remount-on-restart.sh", + "root", + "/workspace", + "gcp", + "true" + ], + "features": { + "ghcr.io/devcontainers/features/java@sha256:df67d6ff6e9cdd858207ae9e92a99ddb88384b789f79eecd6f873216e951d286": { + "version": "17" + }, + "ghcr.io/dhoeric/features/google-cloud-cli@sha256:fa5d894718825c5ad8009ac8f2c9f0cea3d1661eb108a9d465cba9f3fc48965f": {} + }, + "remoteUser": "root", + "customizations": { + "workbench": { + "opens": { + "extensions": [ + // Source + ".ipynb", + ".R", + ".py", + // Documents + ".md", + ".html", + ".latex", + ".pdf", + // Images + ".bmp", + ".gif", + ".jpeg", + ".jpg", + ".png", + ".svg", + // Data + ".csv", + ".tsv", + ".json", + ".vl" + ], + "fileUrlSuffix": "/lab/tree/{path}", + "folderUrlSuffix": "/lab/tree/{path}" + } + } + } +} \ No newline at end of file diff --git a/src/parabricks/Dockerfile b/src/parabricks/Dockerfile new file mode 100644 index 00000000..a05edafe --- /dev/null +++ b/src/parabricks/Dockerfile @@ -0,0 +1,18 @@ +# Use official Python image +FROM nvcr.io/nvidia/nemo:24.09 + +# Set working directory +# WORKDIR /workspace + +# Install NeMo and JupyterLab +# RUN pip install --upgrade pip && \ +# pip install nemo_toolkit jupyterlab + +# # Expose ports for JupyterLab and example NeMo service +# EXPOSE 8888 +# EXPOSE 5000 + +# Start JupyterLab by default +# CMD ["jupyter", "lab", "--ip=0.0.0.0", "--port=8888", "--no-browser", "--allow-root", "--LabApp.token=''"] +# Make sure python points to python3 +# RUN sudo ln -s /usr/bin/python3 /usr/bin/python \ No newline at end of file diff --git a/src/parabricks/devcontainer-template.json b/src/parabricks/devcontainer-template.json new file mode 100644 index 00000000..80985308 --- /dev/null +++ b/src/parabricks/devcontainer-template.json @@ -0,0 +1,23 @@ +{ + "id": "jupyter", + "version": "0.0.2", + "name": "Jupyter", + "description": "A Template to run jupyter on workbench", + "documentationURL": "https://github.com/verily-src/workbench-app-devcontainers/tree/master/src/jupyter", + "licenseURL": "https://github.com/verily-src/workbench-app-devcontainers/blob/master/LICENSE", + "options": { + "cloud": { + "type": "string", + "description": "VM cloud environment", + "proposals": ["gcp", "aws"], + "default": "gcp" + }, + "login": { + "type": "string", + "description": "Whether to log in to workbench CLI", + "proposals": ["true", "false"], + "default": "false" + } + }, + "platforms": ["Any"] +} diff --git a/src/parabricks/docker-compose.yaml b/src/parabricks/docker-compose.yaml new file mode 100644 index 00000000..557ef5ca --- /dev/null +++ b/src/parabricks/docker-compose.yaml @@ -0,0 +1,23 @@ +version: "2.4" +services: + app: + container_name: "application-server" + image: "nvcr.io/nvidia/clara/clara-parabricks:4.5.1-1" + user: root + restart: always + volumes: + - .:/workspace:cached + ports: + - "8888:8888" + networks: + - app-network + cap_add: + - SYS_ADMIN + devices: + - /dev/fuse + security_opt: + - apparmor:unconfined + command: jupyter lab --ip=0.0.0.0 --port=8888 --no-browser --allow-root --LabApp.token='' +networks: + app-network: + external: true \ No newline at end of file From daa2c4ad8ba2e9dab74cbf9817ddf8567b7e1a3c Mon Sep 17 00:00:00 2001 From: Peter Su Date: Mon, 18 Aug 2025 22:48:46 +0000 Subject: [PATCH 11/25] modifying parabricks container to run command: tail -f /dev/null --- src/parabricks/docker-compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/parabricks/docker-compose.yaml b/src/parabricks/docker-compose.yaml index 557ef5ca..670356ed 100644 --- a/src/parabricks/docker-compose.yaml +++ b/src/parabricks/docker-compose.yaml @@ -17,7 +17,7 @@ services: - /dev/fuse security_opt: - apparmor:unconfined - command: jupyter lab --ip=0.0.0.0 --port=8888 --no-browser --allow-root --LabApp.token='' + command: tail -f /dev/null # This keeps the container alive networks: app-network: external: true \ No newline at end of file From e7e41f47f49121f3146023276065cc5128fed484 Mon Sep 17 00:00:00 2001 From: Peter Su Date: Mon, 18 Aug 2025 22:50:32 +0000 Subject: [PATCH 12/25] adding a workbench-jupyter-parabricks directory --- .../.devcontainer.json | 51 +++++++++++++++++++ .../devcontainer-template.json | 23 +++++++++ .../docker-compose.yaml | 42 +++++++++++++++ 3 files changed, 116 insertions(+) create mode 100644 src/workbench-jupyter-parabricks/.devcontainer.json create mode 100644 src/workbench-jupyter-parabricks/devcontainer-template.json create mode 100644 src/workbench-jupyter-parabricks/docker-compose.yaml diff --git a/src/workbench-jupyter-parabricks/.devcontainer.json b/src/workbench-jupyter-parabricks/.devcontainer.json new file mode 100644 index 00000000..07d618b6 --- /dev/null +++ b/src/workbench-jupyter-parabricks/.devcontainer.json @@ -0,0 +1,51 @@ +{ + "name": "Workbench JupyterLab with docker support devcontainer template", + "dockerComposeFile": "docker-compose.yaml", + "service": "app", + "shutdownAction": "none", + "workspaceFolder": "/workspace", + // Get the host's docker group ID and propagate it into the .env file, which + // allows it to be used within docker-compose.yaml. + "initializeCommand": "DOCKER_GID=`getent group docker | cut -d: -f3` && echo \"DOCKER_GID=${DOCKER_GID}\" > .env", + "postCreateCommand": "./startupscript/post-startup.sh jupyter /home/jupyter ${templateOption:cloud} ${templateOption:login} && ./startupscript/setup-docker.sh", + // re-mount bucket files on container start up + "postStartCommand": [ + "./startupscript/remount-on-restart.sh", + "jupyter", + "/home/jupyter", + "${templateOption:cloud}", + "${templateOption:login}" + ], + "remoteUser": "root", + "customizations": { + "workbench": { + "opens": { + "extensions": [ + // Source + ".ipynb", + ".R", + ".py", + // Documents + ".md", + ".html", + ".latex", + ".pdf", + // Images + ".bmp", + ".gif", + ".jpeg", + ".jpg", + ".png", + ".svg", + // Data + ".csv", + ".tsv", + ".json", + ".vl" + ], + "fileUrlSuffix": "/lab/tree/{path}", + "folderUrlSuffix": "/lab/tree/{path}" + } + } + } +} diff --git a/src/workbench-jupyter-parabricks/devcontainer-template.json b/src/workbench-jupyter-parabricks/devcontainer-template.json new file mode 100644 index 00000000..8897453d --- /dev/null +++ b/src/workbench-jupyter-parabricks/devcontainer-template.json @@ -0,0 +1,23 @@ +{ + "id": "custom-workbench-jupyter-template", + "description": "A template used to serve the Workbench JupyterLab container image", + "version": "0.0.1", + "name": "Workbench Prebuilt JupyterLab Template", + "documentationURL": "https://github.com/verily-src/workbench-app-devcontainers/tree/master/src/custom-workbench-jupyter-template", + "licenseURL": "https://github.com/verily-src/workbench-app-devcontainers/blob/master/LICENSE", + "options": { + "cloud": { + "type": "string", + "description": "VM cloud environment", + "proposals": ["gcp", "aws"], + "default": "gcp" + }, + "login": { + "type": "string", + "description": "Whether to log in to workbench CLI", + "proposals": ["true", "false"], + "default": "false" + } + }, + "platforms": ["Any"] +} diff --git a/src/workbench-jupyter-parabricks/docker-compose.yaml b/src/workbench-jupyter-parabricks/docker-compose.yaml new file mode 100644 index 00000000..63d886b2 --- /dev/null +++ b/src/workbench-jupyter-parabricks/docker-compose.yaml @@ -0,0 +1,42 @@ +version: "2.4" +services: + app: + container_name: "application-server" + image: "us-central1-docker.pkg.dev/verily-workbench-public/apps/workbench-jupyter:latest" + user: "jupyter:${DOCKER_GID}" + restart: always + volumes: + - .:/workspace:cached + # mount Host machine's docker.sock to container's docker.sock + - /var/run/docker.sock:/var/run/docker.sock + # mount Host machine's /etc/group to container's /etc/host-group + - /etc/group:/etc/host-group + # mount Host machine's default docker config dir to container's jupyter user docker config dir + - /etc/docker:/home/jupyter/.docker + ports: + - "8888:8888" + networks: + - app-network + cap_add: + - SYS_ADMIN + devices: + - /dev/fuse + security_opt: + - apparmor:unconfined + + parabricks: + image: "nvcr.io/nvidia/clara/clara-parabricks:4.5.1-1" + container_name: parabricks_service + volumes: + - .:/data # Mount the SAME shared volume + command: tail -f /dev/null # Keep the container running + deploy: + resources: + reservations: + devices: + - driver: nvidia + count: all + capabilities: [gpu] +networks: + app-network: + external: true \ No newline at end of file From f80d11c50fbd2046420c89eec2c82544f82734be Mon Sep 17 00:00:00 2001 From: Peter Su Date: Wed, 20 Aug 2025 16:24:56 +0000 Subject: [PATCH 13/25] adding restart: always to the parabricks app --- src/workbench-jupyter-parabricks/docker-compose.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/src/workbench-jupyter-parabricks/docker-compose.yaml b/src/workbench-jupyter-parabricks/docker-compose.yaml index 63d886b2..a6ac91f0 100644 --- a/src/workbench-jupyter-parabricks/docker-compose.yaml +++ b/src/workbench-jupyter-parabricks/docker-compose.yaml @@ -27,6 +27,7 @@ services: parabricks: image: "nvcr.io/nvidia/clara/clara-parabricks:4.5.1-1" container_name: parabricks_service + restart: always volumes: - .:/data # Mount the SAME shared volume command: tail -f /dev/null # Keep the container running From 186c6429cea476eb6b065ceffd741d5f3d616ed6 Mon Sep 17 00:00:00 2001 From: Peter Su Date: Wed, 20 Aug 2025 16:25:19 +0000 Subject: [PATCH 14/25] replacing wb with /usr/bin/wb to avoid conflicts with the weights&biases executable --- startupscript/git-setup.sh | 6 +++--- startupscript/install-cli.sh | 16 ++++++++-------- startupscript/remount-on-restart.sh | 4 ++-- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/startupscript/git-setup.sh b/startupscript/git-setup.sh index a5e178ae..3c14fada 100755 --- a/startupscript/git-setup.sh +++ b/startupscript/git-setup.sh @@ -31,7 +31,7 @@ ${RUN_AS_LOGIN_USER} "mkdir -p ${USER_SSH_DIR} --mode 0700" # Get the user's SSH key from Workbench, and if set, write it to the user's .ssh directory ${RUN_AS_LOGIN_USER} "\ install --mode 0600 /dev/null '${USER_SSH_DIR}/id_rsa.tmp' && \ - wb security ssh-key get --include-private-key --format=JSON >> '${USER_SSH_DIR}/id_rsa.tmp' || true" + /usr/bin/wb security ssh-key get --include-private-key --format=JSON >> '${USER_SSH_DIR}/id_rsa.tmp' || true" if [[ -s "${USER_SSH_DIR}/id_rsa.tmp" ]]; then ${RUN_AS_LOGIN_USER} "\ install --mode 0600 /dev/null '${USER_SSH_DIR}/id_rsa' && \ @@ -57,13 +57,13 @@ ${RUN_AS_LOGIN_USER} "mkdir -p '${WORKBENCH_GIT_REPOS_DIR}'" # Keep this as last thing in script. There will be integration test for git cloning (PF-1660). If this is last thing, then # integration test will ensure that everything in script worked. -# This loop replaces the logic of "wb git clone --all", which currently does not work without +# This loop replaces the logic of "/usr/bin/wb git clone --all", which currently does not work without # Google Application Default Credentials being available. This emulates the behavior of the CLI # command, continuing with an error message when an individual repo cannot be cloned. # shellcheck disable=SC2164 pushd "${WORKBENCH_GIT_REPOS_DIR}" -${RUN_AS_LOGIN_USER} "wb resource list --type=GIT_REPO --format json" | \ +${RUN_AS_LOGIN_USER} "/usr/bin/wb resource list --type=GIT_REPO --format json" | \ jq -c .[] | \ while read -r ITEM; do GIT_REPO_NAME="$(echo "$ITEM" | jq -r .id)" diff --git a/startupscript/install-cli.sh b/startupscript/install-cli.sh index bd982b1a..f3536e07 100755 --- a/startupscript/install-cli.sh +++ b/startupscript/install-cli.sh @@ -44,7 +44,7 @@ fi readonly TERRA_SERVER # Only install cli if not already installed -if ! command -v wb &> /dev/null; then +if ! command -v /usr/bin/wb &> /dev/null; then emit "Installing the Workbench CLI ..." if ! AXON_VERSION_URL="$(get_axon_version_url "${TERRA_SERVER}")"; then @@ -66,24 +66,24 @@ if ! command -v wb &> /dev/null; then readonly CLI_VERSION ${RUN_AS_LOGIN_USER} "curl -L https://storage.googleapis.com/${CLI_DISTRIBUTION_PATH#gs://}/download-install.sh | WORKBENCH_CLI_VERSION=${CLI_VERSION} bash" - cp wb "${WORKBENCH_INSTALL_PATH}" + cp /usr/bin/wb "${WORKBENCH_INSTALL_PATH}" # Copy 'wb' to its legacy 'terra' name. cp "${WORKBENCH_INSTALL_PATH}" "${WORKBENCH_LEGACY_PATH}" fi # Set browser manual login since that's the only login supported from a Vertex AI Notebook VM -${RUN_AS_LOGIN_USER} "wb config set browser MANUAL" +${RUN_AS_LOGIN_USER} "/usr/bin/wb config set browser MANUAL" # Set the CLI server based on the server that created the VM. -${RUN_AS_LOGIN_USER} "wb server set --name=${TERRA_SERVER}" +${RUN_AS_LOGIN_USER} "/usr/bin/wb server set --name=${TERRA_SERVER}" # Generate the bash completion script -${RUN_AS_LOGIN_USER} "wb generate-completion > '${USER_BASH_COMPLETION_DIR}/workbench'" +${RUN_AS_LOGIN_USER} "/usr/bin/wb generate-completion > '${USER_BASH_COMPLETION_DIR}/workbench'" if [[ "${LOG_IN}" == "true" ]]; then - # For GCP use "APP_DEFAULT_CREDENTIALS", for AWS use "AWS_IAM" as --mode arg to "wb auth login". + # For GCP use "APP_DEFAULT_CREDENTIALS", for AWS use "AWS_IAM" as --mode arg to "/usr/bin/wb auth login". LOG_IN_MODE="APP_DEFAULT_CREDENTIALS" if [[ "${CLOUD}" == "aws" ]]; then LOG_IN_MODE="AWS_IAM" @@ -92,13 +92,13 @@ if [[ "${LOG_IN}" == "true" ]]; then # Log in with app-default-credentials emit "Logging into workbench CLI with mode ${LOG_IN_MODE}" - ${RUN_AS_LOGIN_USER} "wb auth login --mode=${LOG_IN_MODE}" + ${RUN_AS_LOGIN_USER} "/usr/bin/wb auth login --mode=${LOG_IN_MODE}" # Set the CLI workspace id using the VM metadata, if set. TERRA_WORKSPACE="$(get_metadata_value "terra-workspace-id")" readonly TERRA_WORKSPACE if [[ -n "${TERRA_WORKSPACE}" ]]; then - ${RUN_AS_LOGIN_USER} "wb workspace set --id='${TERRA_WORKSPACE}'" + ${RUN_AS_LOGIN_USER} "/usr/bin/wb workspace set --id='${TERRA_WORKSPACE}'" fi else emit "Do not log user into workbench CLI. Manual log in is required." diff --git a/startupscript/remount-on-restart.sh b/startupscript/remount-on-restart.sh index 610a28c9..bdd5dd23 100755 --- a/startupscript/remount-on-restart.sh +++ b/startupscript/remount-on-restart.sh @@ -49,8 +49,8 @@ source "${SCRIPT_DIR}/emit.sh" # CLI login ############################# readonly RUN_AS_LOGIN_USER="sudo -u ${USER_NAME} bash -l -c" -if [[ "${LOG_IN}" == "true" ]] && ${RUN_AS_LOGIN_USER} "wb auth status 2>&1" | grep -q "NO USER LOGGED IN"; then - ${RUN_AS_LOGIN_USER} "wb auth login --mode=APP_DEFAULT_CREDENTIALS" +if [[ "${LOG_IN}" == "true" ]] && ${RUN_AS_LOGIN_USER} "/usr/bin/wb auth status 2>&1" | grep -q "NO USER LOGGED IN"; then + ${RUN_AS_LOGIN_USER} "/usr/bin/wb auth login --mode=APP_DEFAULT_CREDENTIALS" fi ############################# From c13dcf9f39b05b53058fb80dc1aa1631451e0fb2 Mon Sep 17 00:00:00 2001 From: Peter Su Date: Wed, 20 Aug 2025 16:32:36 +0000 Subject: [PATCH 15/25] Removing parabricks standalone --- src/parabricks/.devcontainer.json | 57 ----------------------- src/parabricks/Dockerfile | 18 ------- src/parabricks/devcontainer-template.json | 23 --------- src/parabricks/docker-compose.yaml | 23 --------- 4 files changed, 121 deletions(-) delete mode 100644 src/parabricks/.devcontainer.json delete mode 100644 src/parabricks/Dockerfile delete mode 100644 src/parabricks/devcontainer-template.json delete mode 100644 src/parabricks/docker-compose.yaml diff --git a/src/parabricks/.devcontainer.json b/src/parabricks/.devcontainer.json deleted file mode 100644 index 79dd7eb6..00000000 --- a/src/parabricks/.devcontainer.json +++ /dev/null @@ -1,57 +0,0 @@ -{ - "name": "Workbench NeMo devcontainer template", - "dockerComposeFile": "docker-compose.yaml", - "service": "app", - "shutdownAction": "none", - "workspaceFolder": "/workspace", - // Get the host's docker group ID and propagate it into the .env file, which - // allows it to be used within docker-compose.yaml. - // "initializeCommand": "DOCKER_GID=`getent group docker | cut -d: -f3` && echo \"DOCKER_GID=${DOCKER_GID}\" > .env", - "postCreateCommand": "apt update && apt install -y sudo && ./startupscript/post-startup.sh root /workspace gcp true", - // re-mount bucket files on container start up - "postStartCommand": [ - "./startupscript/remount-on-restart.sh", - "root", - "/workspace", - "gcp", - "true" - ], - "features": { - "ghcr.io/devcontainers/features/java@sha256:df67d6ff6e9cdd858207ae9e92a99ddb88384b789f79eecd6f873216e951d286": { - "version": "17" - }, - "ghcr.io/dhoeric/features/google-cloud-cli@sha256:fa5d894718825c5ad8009ac8f2c9f0cea3d1661eb108a9d465cba9f3fc48965f": {} - }, - "remoteUser": "root", - "customizations": { - "workbench": { - "opens": { - "extensions": [ - // Source - ".ipynb", - ".R", - ".py", - // Documents - ".md", - ".html", - ".latex", - ".pdf", - // Images - ".bmp", - ".gif", - ".jpeg", - ".jpg", - ".png", - ".svg", - // Data - ".csv", - ".tsv", - ".json", - ".vl" - ], - "fileUrlSuffix": "/lab/tree/{path}", - "folderUrlSuffix": "/lab/tree/{path}" - } - } - } -} \ No newline at end of file diff --git a/src/parabricks/Dockerfile b/src/parabricks/Dockerfile deleted file mode 100644 index a05edafe..00000000 --- a/src/parabricks/Dockerfile +++ /dev/null @@ -1,18 +0,0 @@ -# Use official Python image -FROM nvcr.io/nvidia/nemo:24.09 - -# Set working directory -# WORKDIR /workspace - -# Install NeMo and JupyterLab -# RUN pip install --upgrade pip && \ -# pip install nemo_toolkit jupyterlab - -# # Expose ports for JupyterLab and example NeMo service -# EXPOSE 8888 -# EXPOSE 5000 - -# Start JupyterLab by default -# CMD ["jupyter", "lab", "--ip=0.0.0.0", "--port=8888", "--no-browser", "--allow-root", "--LabApp.token=''"] -# Make sure python points to python3 -# RUN sudo ln -s /usr/bin/python3 /usr/bin/python \ No newline at end of file diff --git a/src/parabricks/devcontainer-template.json b/src/parabricks/devcontainer-template.json deleted file mode 100644 index 80985308..00000000 --- a/src/parabricks/devcontainer-template.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "id": "jupyter", - "version": "0.0.2", - "name": "Jupyter", - "description": "A Template to run jupyter on workbench", - "documentationURL": "https://github.com/verily-src/workbench-app-devcontainers/tree/master/src/jupyter", - "licenseURL": "https://github.com/verily-src/workbench-app-devcontainers/blob/master/LICENSE", - "options": { - "cloud": { - "type": "string", - "description": "VM cloud environment", - "proposals": ["gcp", "aws"], - "default": "gcp" - }, - "login": { - "type": "string", - "description": "Whether to log in to workbench CLI", - "proposals": ["true", "false"], - "default": "false" - } - }, - "platforms": ["Any"] -} diff --git a/src/parabricks/docker-compose.yaml b/src/parabricks/docker-compose.yaml deleted file mode 100644 index 670356ed..00000000 --- a/src/parabricks/docker-compose.yaml +++ /dev/null @@ -1,23 +0,0 @@ -version: "2.4" -services: - app: - container_name: "application-server" - image: "nvcr.io/nvidia/clara/clara-parabricks:4.5.1-1" - user: root - restart: always - volumes: - - .:/workspace:cached - ports: - - "8888:8888" - networks: - - app-network - cap_add: - - SYS_ADMIN - devices: - - /dev/fuse - security_opt: - - apparmor:unconfined - command: tail -f /dev/null # This keeps the container alive -networks: - app-network: - external: true \ No newline at end of file From 738c16bf8a584bf91a49257da449ec2f68f0702c Mon Sep 17 00:00:00 2001 From: Peter Su Date: Wed, 20 Aug 2025 21:23:29 +0000 Subject: [PATCH 16/25] alias the weightsbiases in the postCreateCommand in the devcontainer for nemo_jupyter --- src/nemo_jupyter/.devcontainer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/nemo_jupyter/.devcontainer.json b/src/nemo_jupyter/.devcontainer.json index 79dd7eb6..a39cff40 100644 --- a/src/nemo_jupyter/.devcontainer.json +++ b/src/nemo_jupyter/.devcontainer.json @@ -7,7 +7,7 @@ // Get the host's docker group ID and propagate it into the .env file, which // allows it to be used within docker-compose.yaml. // "initializeCommand": "DOCKER_GID=`getent group docker | cut -d: -f3` && echo \"DOCKER_GID=${DOCKER_GID}\" > .env", - "postCreateCommand": "apt update && apt install -y sudo && ./startupscript/post-startup.sh root /workspace gcp true", + "postCreateCommand": "apt update && apt install -y sudo && ./startupscript/post-startup.sh root /workspace gcp true && echo \"alias weightsbiases='/usr/local/bin/wb'\" >> /root/.bashrc", // re-mount bucket files on container start up "postStartCommand": [ "./startupscript/remount-on-restart.sh", From 232f381971493eb685642776cd76a281b86aea0f Mon Sep 17 00:00:00 2001 From: Peter Su Date: Thu, 21 Aug 2025 01:15:46 +0000 Subject: [PATCH 17/25] removing erroneous wb replacement --- startupscript/install-cli.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/startupscript/install-cli.sh b/startupscript/install-cli.sh index f3536e07..dab8a6d0 100755 --- a/startupscript/install-cli.sh +++ b/startupscript/install-cli.sh @@ -66,7 +66,7 @@ if ! command -v /usr/bin/wb &> /dev/null; then readonly CLI_VERSION ${RUN_AS_LOGIN_USER} "curl -L https://storage.googleapis.com/${CLI_DISTRIBUTION_PATH#gs://}/download-install.sh | WORKBENCH_CLI_VERSION=${CLI_VERSION} bash" - cp /usr/bin/wb "${WORKBENCH_INSTALL_PATH}" + cp wb "${WORKBENCH_INSTALL_PATH}" # Copy 'wb' to its legacy 'terra' name. cp "${WORKBENCH_INSTALL_PATH}" "${WORKBENCH_LEGACY_PATH}" From 13aaca6cd7f297b22eb2c4551b5e1047c5fc2035 Mon Sep 17 00:00:00 2001 From: Peter Su Date: Thu, 21 Aug 2025 16:42:54 +0000 Subject: [PATCH 18/25] replacing more instances of wb with /usr/bin/wb --- startupscript/setup-bashrc.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/startupscript/setup-bashrc.sh b/startupscript/setup-bashrc.sh index 5062bddf..9861dd33 100644 --- a/startupscript/setup-bashrc.sh +++ b/startupscript/setup-bashrc.sh @@ -27,14 +27,14 @@ emit "Customize user bashrc ..." if [[ "${LOG_IN}" == "true" ]]; then # OWNER_EMAIL is really the Workbench user account email address OWNER_EMAIL="$( - ${RUN_AS_LOGIN_USER} "wb workspace describe --format=json" | \ + ${RUN_AS_LOGIN_USER} "/usr/bin/wb workspace describe --format=json" | \ jq --raw-output ".userEmail")" readonly OWNER_EMAIL # PET_SA_EMAIL is the pet service account for the Workbench user and # is specific to the GCP project backing the workspace PET_SA_EMAIL="$( - ${RUN_AS_LOGIN_USER} "wb auth status --format=json" | \ + ${RUN_AS_LOGIN_USER} "/usr/bin/wb auth status --format=json" | \ jq --raw-output ".serviceAccountEmail")" readonly PET_SA_EMAIL @@ -57,7 +57,7 @@ if [[ "${CLOUD}" == "gcp" && "${LOG_IN}" == "true" ]]; then # GOOGLE_PROJECT is the project id for the GCP project backing the workspace GOOGLE_PROJECT="$( - ${RUN_AS_LOGIN_USER} "wb workspace describe --format=json" | \ + ${RUN_AS_LOGIN_USER} "/usr/bin/wb workspace describe --format=json" | \ jq --raw-output ".googleProjectId")" readonly GOOGLE_PROJECT @@ -77,7 +77,7 @@ if [[ "${CLOUD}" == "aws" && "${LOG_IN}" == "true" ]]; then # Create a symlink to this workspace's AWS config file to use as the target for AWS_CONFIG_FILE. readonly AWS_CONFIG_SYMLINK="${USER_WORKBENCH_CONFIG_DIR}/workspace.conf" - ${RUN_AS_LOGIN_USER} "eval \$(wb workspace configure-aws) && \ + ${RUN_AS_LOGIN_USER} "eval \$(/usr/bin/wb workspace configure-aws) && \ ln -sf \${AWS_CONFIG_FILE} ${AWS_CONFIG_SYMLINK}" emit "Adding Workbench AWS-sepcific environment variables to ~/.bashrc ..." From f7145fcf798279ae822338d96055b6b2d423073c Mon Sep 17 00:00:00 2001 From: Peter Su Date: Thu, 21 Aug 2025 16:51:32 +0000 Subject: [PATCH 19/25] replacing more instances of wb --- startupscript/gcp/resource-mount.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/startupscript/gcp/resource-mount.sh b/startupscript/gcp/resource-mount.sh index 78d231a5..adcdbec2 100644 --- a/startupscript/gcp/resource-mount.sh +++ b/startupscript/gcp/resource-mount.sh @@ -50,5 +50,5 @@ fi sed -i '/user_allow_other/s/^#//g' /etc/fuse.conf if [[ "${LOG_IN}" == "true" ]]; then - ${RUN_AS_LOGIN_USER} "wb resource mount --allow-other || echo 'Resource mounting failed.'" + ${RUN_AS_LOGIN_USER} "/usr/bin/wb resource mount --allow-other || echo 'Resource mounting failed.'" fi From 460e4b26dee243eb6d12480aea7fd9d4f4deb9ee Mon Sep 17 00:00:00 2001 From: Peter Su Date: Thu, 21 Aug 2025 18:45:07 +0000 Subject: [PATCH 20/25] replaced /usr/bin/wb with --- src/nemo_jupyter/Dockerfile | 18 ------------------ startupscript/gcp/resource-mount.sh | 2 +- startupscript/git-setup.sh | 6 +++--- startupscript/install-cli.sh | 12 ++++++------ startupscript/setup-bashrc.sh | 8 ++++---- 5 files changed, 14 insertions(+), 32 deletions(-) delete mode 100644 src/nemo_jupyter/Dockerfile diff --git a/src/nemo_jupyter/Dockerfile b/src/nemo_jupyter/Dockerfile deleted file mode 100644 index a05edafe..00000000 --- a/src/nemo_jupyter/Dockerfile +++ /dev/null @@ -1,18 +0,0 @@ -# Use official Python image -FROM nvcr.io/nvidia/nemo:24.09 - -# Set working directory -# WORKDIR /workspace - -# Install NeMo and JupyterLab -# RUN pip install --upgrade pip && \ -# pip install nemo_toolkit jupyterlab - -# # Expose ports for JupyterLab and example NeMo service -# EXPOSE 8888 -# EXPOSE 5000 - -# Start JupyterLab by default -# CMD ["jupyter", "lab", "--ip=0.0.0.0", "--port=8888", "--no-browser", "--allow-root", "--LabApp.token=''"] -# Make sure python points to python3 -# RUN sudo ln -s /usr/bin/python3 /usr/bin/python \ No newline at end of file diff --git a/startupscript/gcp/resource-mount.sh b/startupscript/gcp/resource-mount.sh index adcdbec2..9c5695de 100644 --- a/startupscript/gcp/resource-mount.sh +++ b/startupscript/gcp/resource-mount.sh @@ -50,5 +50,5 @@ fi sed -i '/user_allow_other/s/^#//g' /etc/fuse.conf if [[ "${LOG_IN}" == "true" ]]; then - ${RUN_AS_LOGIN_USER} "/usr/bin/wb resource mount --allow-other || echo 'Resource mounting failed.'" + ${RUN_AS_LOGIN_USER} "/${WORKBENCH_INSTALL_PATH} resource mount --allow-other || echo 'Resource mounting failed.'" fi diff --git a/startupscript/git-setup.sh b/startupscript/git-setup.sh index 3c14fada..76e14a5e 100755 --- a/startupscript/git-setup.sh +++ b/startupscript/git-setup.sh @@ -31,7 +31,7 @@ ${RUN_AS_LOGIN_USER} "mkdir -p ${USER_SSH_DIR} --mode 0700" # Get the user's SSH key from Workbench, and if set, write it to the user's .ssh directory ${RUN_AS_LOGIN_USER} "\ install --mode 0600 /dev/null '${USER_SSH_DIR}/id_rsa.tmp' && \ - /usr/bin/wb security ssh-key get --include-private-key --format=JSON >> '${USER_SSH_DIR}/id_rsa.tmp' || true" + ${WORKBENCH_INSTALL_PATH} security ssh-key get --include-private-key --format=JSON >> '${USER_SSH_DIR}/id_rsa.tmp' || true" if [[ -s "${USER_SSH_DIR}/id_rsa.tmp" ]]; then ${RUN_AS_LOGIN_USER} "\ install --mode 0600 /dev/null '${USER_SSH_DIR}/id_rsa' && \ @@ -57,13 +57,13 @@ ${RUN_AS_LOGIN_USER} "mkdir -p '${WORKBENCH_GIT_REPOS_DIR}'" # Keep this as last thing in script. There will be integration test for git cloning (PF-1660). If this is last thing, then # integration test will ensure that everything in script worked. -# This loop replaces the logic of "/usr/bin/wb git clone --all", which currently does not work without +# This loop replaces the logic of "wb git clone --all", which currently does not work without # Google Application Default Credentials being available. This emulates the behavior of the CLI # command, continuing with an error message when an individual repo cannot be cloned. # shellcheck disable=SC2164 pushd "${WORKBENCH_GIT_REPOS_DIR}" -${RUN_AS_LOGIN_USER} "/usr/bin/wb resource list --type=GIT_REPO --format json" | \ +${RUN_AS_LOGIN_USER} "${WORKBENCH_INSTALL_PATH} resource list --type=GIT_REPO --format json" | \ jq -c .[] | \ while read -r ITEM; do GIT_REPO_NAME="$(echo "$ITEM" | jq -r .id)" diff --git a/startupscript/install-cli.sh b/startupscript/install-cli.sh index dab8a6d0..dd45e342 100755 --- a/startupscript/install-cli.sh +++ b/startupscript/install-cli.sh @@ -44,7 +44,7 @@ fi readonly TERRA_SERVER # Only install cli if not already installed -if ! command -v /usr/bin/wb &> /dev/null; then +if ! command -v ${WORKBENCH_INSTALL_PATH}&> /dev/null; then emit "Installing the Workbench CLI ..." if ! AXON_VERSION_URL="$(get_axon_version_url "${TERRA_SERVER}")"; then @@ -73,13 +73,13 @@ if ! command -v /usr/bin/wb &> /dev/null; then fi # Set browser manual login since that's the only login supported from a Vertex AI Notebook VM -${RUN_AS_LOGIN_USER} "/usr/bin/wb config set browser MANUAL" +${RUN_AS_LOGIN_USER} "${WORKBENCH_INSTALL_PATH}config set browser MANUAL" # Set the CLI server based on the server that created the VM. -${RUN_AS_LOGIN_USER} "/usr/bin/wb server set --name=${TERRA_SERVER}" +${RUN_AS_LOGIN_USER} "${WORKBENCH_INSTALL_PATH}server set --name=${TERRA_SERVER}" # Generate the bash completion script -${RUN_AS_LOGIN_USER} "/usr/bin/wb generate-completion > '${USER_BASH_COMPLETION_DIR}/workbench'" +${RUN_AS_LOGIN_USER} "${WORKBENCH_INSTALL_PATH}generate-completion > '${USER_BASH_COMPLETION_DIR}/workbench'" if [[ "${LOG_IN}" == "true" ]]; then @@ -92,13 +92,13 @@ if [[ "${LOG_IN}" == "true" ]]; then # Log in with app-default-credentials emit "Logging into workbench CLI with mode ${LOG_IN_MODE}" - ${RUN_AS_LOGIN_USER} "/usr/bin/wb auth login --mode=${LOG_IN_MODE}" + ${RUN_AS_LOGIN_USER} "${WORKBENCH_INSTALL_PATH}auth login --mode=${LOG_IN_MODE}" # Set the CLI workspace id using the VM metadata, if set. TERRA_WORKSPACE="$(get_metadata_value "terra-workspace-id")" readonly TERRA_WORKSPACE if [[ -n "${TERRA_WORKSPACE}" ]]; then - ${RUN_AS_LOGIN_USER} "/usr/bin/wb workspace set --id='${TERRA_WORKSPACE}'" + ${RUN_AS_LOGIN_USER} "${WORKBENCH_INSTALL_PATH}workspace set --id='${TERRA_WORKSPACE}'" fi else emit "Do not log user into workbench CLI. Manual log in is required." diff --git a/startupscript/setup-bashrc.sh b/startupscript/setup-bashrc.sh index 9861dd33..74d4c685 100644 --- a/startupscript/setup-bashrc.sh +++ b/startupscript/setup-bashrc.sh @@ -27,14 +27,14 @@ emit "Customize user bashrc ..." if [[ "${LOG_IN}" == "true" ]]; then # OWNER_EMAIL is really the Workbench user account email address OWNER_EMAIL="$( - ${RUN_AS_LOGIN_USER} "/usr/bin/wb workspace describe --format=json" | \ + ${RUN_AS_LOGIN_USER} "${WORKBENCH_INSTALL_PATH} workspace describe --format=json" | \ jq --raw-output ".userEmail")" readonly OWNER_EMAIL # PET_SA_EMAIL is the pet service account for the Workbench user and # is specific to the GCP project backing the workspace PET_SA_EMAIL="$( - ${RUN_AS_LOGIN_USER} "/usr/bin/wb auth status --format=json" | \ + ${RUN_AS_LOGIN_USER} "${WORKBENCH_INSTALL_PATH} auth status --format=json" | \ jq --raw-output ".serviceAccountEmail")" readonly PET_SA_EMAIL @@ -57,7 +57,7 @@ if [[ "${CLOUD}" == "gcp" && "${LOG_IN}" == "true" ]]; then # GOOGLE_PROJECT is the project id for the GCP project backing the workspace GOOGLE_PROJECT="$( - ${RUN_AS_LOGIN_USER} "/usr/bin/wb workspace describe --format=json" | \ + ${RUN_AS_LOGIN_USER} "${WORKBENCH_INSTALL_PATH} workspace describe --format=json" | \ jq --raw-output ".googleProjectId")" readonly GOOGLE_PROJECT @@ -77,7 +77,7 @@ if [[ "${CLOUD}" == "aws" && "${LOG_IN}" == "true" ]]; then # Create a symlink to this workspace's AWS config file to use as the target for AWS_CONFIG_FILE. readonly AWS_CONFIG_SYMLINK="${USER_WORKBENCH_CONFIG_DIR}/workspace.conf" - ${RUN_AS_LOGIN_USER} "eval \$(/usr/bin/wb workspace configure-aws) && \ + ${RUN_AS_LOGIN_USER} "eval \$(${WORKBENCH_INSTALL_PATH} workspace configure-aws) && \ ln -sf \${AWS_CONFIG_FILE} ${AWS_CONFIG_SYMLINK}" emit "Adding Workbench AWS-sepcific environment variables to ~/.bashrc ..." From 0297a9dd548175fa5760cf22ff104fec26ccc846 Mon Sep 17 00:00:00 2001 From: Peter Su Date: Thu, 21 Aug 2025 18:51:59 +0000 Subject: [PATCH 21/25] added mappings back into .devcontainer.json --- src/nemo_jupyter/.devcontainer.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/nemo_jupyter/.devcontainer.json b/src/nemo_jupyter/.devcontainer.json index a39cff40..2d73c7fb 100644 --- a/src/nemo_jupyter/.devcontainer.json +++ b/src/nemo_jupyter/.devcontainer.json @@ -7,14 +7,14 @@ // Get the host's docker group ID and propagate it into the .env file, which // allows it to be used within docker-compose.yaml. // "initializeCommand": "DOCKER_GID=`getent group docker | cut -d: -f3` && echo \"DOCKER_GID=${DOCKER_GID}\" > .env", - "postCreateCommand": "apt update && apt install -y sudo && ./startupscript/post-startup.sh root /workspace gcp true && echo \"alias weightsbiases='/usr/local/bin/wb'\" >> /root/.bashrc", + "postCreateCommand": "apt update && apt install -y sudo && ./startupscript/post-startup.sh root /workspace ${templateOption:cloud} ${templateOption:login} && echo \"alias weightsbiases='/usr/local/bin/wb'\" >> /root/.bashrc", // re-mount bucket files on container start up "postStartCommand": [ "./startupscript/remount-on-restart.sh", "root", "/workspace", - "gcp", - "true" + "${templateOption:cloud}", + "${templateOption:login}" ], "features": { "ghcr.io/devcontainers/features/java@sha256:df67d6ff6e9cdd858207ae9e92a99ddb88384b789f79eecd6f873216e951d286": { From 65f2f23cb0b78fa693a7dcaf6f1625ac7731c668 Mon Sep 17 00:00:00 2001 From: Peter Su Date: Thu, 21 Aug 2025 18:58:29 +0000 Subject: [PATCH 22/25] updating devcontainer-template id and description --- src/nemo_jupyter/devcontainer-template.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/nemo_jupyter/devcontainer-template.json b/src/nemo_jupyter/devcontainer-template.json index 80985308..a2d8f81c 100644 --- a/src/nemo_jupyter/devcontainer-template.json +++ b/src/nemo_jupyter/devcontainer-template.json @@ -1,8 +1,8 @@ { - "id": "jupyter", + "id": "NeMo jupyter", "version": "0.0.2", "name": "Jupyter", - "description": "A Template to run jupyter on workbench", + "description": "A NeMo container with Jupyter - GCP only for now", "documentationURL": "https://github.com/verily-src/workbench-app-devcontainers/tree/master/src/jupyter", "licenseURL": "https://github.com/verily-src/workbench-app-devcontainers/blob/master/LICENSE", "options": { From 1451e1b11d2c98d98b3aa07bc42462908eaad3a3 Mon Sep 17 00:00:00 2001 From: Peter Su Date: Thu, 21 Aug 2025 20:48:35 +0000 Subject: [PATCH 23/25] adding quotes around all calls to {WORKBENCH_INSTALL_PATH} --- startupscript/gcp/resource-mount.sh | 2 +- startupscript/git-setup.sh | 4 ++-- startupscript/install-cli.sh | 14 +++++++------- startupscript/setup-bashrc.sh | 8 ++++---- 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/startupscript/gcp/resource-mount.sh b/startupscript/gcp/resource-mount.sh index 9c5695de..5d85b0ff 100644 --- a/startupscript/gcp/resource-mount.sh +++ b/startupscript/gcp/resource-mount.sh @@ -50,5 +50,5 @@ fi sed -i '/user_allow_other/s/^#//g' /etc/fuse.conf if [[ "${LOG_IN}" == "true" ]]; then - ${RUN_AS_LOGIN_USER} "/${WORKBENCH_INSTALL_PATH} resource mount --allow-other || echo 'Resource mounting failed.'" + ${RUN_AS_LOGIN_USER} "/'${WORKBENCH_INSTALL_PATH}' resource mount --allow-other || echo 'Resource mounting failed.'" fi diff --git a/startupscript/git-setup.sh b/startupscript/git-setup.sh index 76e14a5e..72ef017b 100755 --- a/startupscript/git-setup.sh +++ b/startupscript/git-setup.sh @@ -31,7 +31,7 @@ ${RUN_AS_LOGIN_USER} "mkdir -p ${USER_SSH_DIR} --mode 0700" # Get the user's SSH key from Workbench, and if set, write it to the user's .ssh directory ${RUN_AS_LOGIN_USER} "\ install --mode 0600 /dev/null '${USER_SSH_DIR}/id_rsa.tmp' && \ - ${WORKBENCH_INSTALL_PATH} security ssh-key get --include-private-key --format=JSON >> '${USER_SSH_DIR}/id_rsa.tmp' || true" + '${WORKBENCH_INSTALL_PATH}' security ssh-key get --include-private-key --format=JSON >> '${USER_SSH_DIR}/id_rsa.tmp' || true" if [[ -s "${USER_SSH_DIR}/id_rsa.tmp" ]]; then ${RUN_AS_LOGIN_USER} "\ install --mode 0600 /dev/null '${USER_SSH_DIR}/id_rsa' && \ @@ -63,7 +63,7 @@ ${RUN_AS_LOGIN_USER} "mkdir -p '${WORKBENCH_GIT_REPOS_DIR}'" # shellcheck disable=SC2164 pushd "${WORKBENCH_GIT_REPOS_DIR}" -${RUN_AS_LOGIN_USER} "${WORKBENCH_INSTALL_PATH} resource list --type=GIT_REPO --format json" | \ +${RUN_AS_LOGIN_USER} "'${WORKBENCH_INSTALL_PATH}' resource list --type=GIT_REPO --format json" | \ jq -c .[] | \ while read -r ITEM; do GIT_REPO_NAME="$(echo "$ITEM" | jq -r .id)" diff --git a/startupscript/install-cli.sh b/startupscript/install-cli.sh index dd45e342..b98fa79c 100755 --- a/startupscript/install-cli.sh +++ b/startupscript/install-cli.sh @@ -44,7 +44,7 @@ fi readonly TERRA_SERVER # Only install cli if not already installed -if ! command -v ${WORKBENCH_INSTALL_PATH}&> /dev/null; then +if ! command -v '${WORKBENCH_INSTALL_PATH}'&> /dev/null; then emit "Installing the Workbench CLI ..." if ! AXON_VERSION_URL="$(get_axon_version_url "${TERRA_SERVER}")"; then @@ -69,17 +69,17 @@ if ! command -v ${WORKBENCH_INSTALL_PATH}&> /dev/null; then cp wb "${WORKBENCH_INSTALL_PATH}" # Copy 'wb' to its legacy 'terra' name. - cp "${WORKBENCH_INSTALL_PATH}" "${WORKBENCH_LEGACY_PATH}" + cp wb "${WORKBENCH_LEGACY_PATH}" fi # Set browser manual login since that's the only login supported from a Vertex AI Notebook VM -${RUN_AS_LOGIN_USER} "${WORKBENCH_INSTALL_PATH}config set browser MANUAL" +${RUN_AS_LOGIN_USER} "'${WORKBENCH_INSTALL_PATH}' config set browser MANUAL" # Set the CLI server based on the server that created the VM. -${RUN_AS_LOGIN_USER} "${WORKBENCH_INSTALL_PATH}server set --name=${TERRA_SERVER}" +${RUN_AS_LOGIN_USER} "'${WORKBENCH_INSTALL_PATH}' server set --name=${TERRA_SERVER}" # Generate the bash completion script -${RUN_AS_LOGIN_USER} "${WORKBENCH_INSTALL_PATH}generate-completion > '${USER_BASH_COMPLETION_DIR}/workbench'" +${RUN_AS_LOGIN_USER} "'${WORKBENCH_INSTALL_PATH}' generate-completion > '${USER_BASH_COMPLETION_DIR}/workbench'" if [[ "${LOG_IN}" == "true" ]]; then @@ -92,13 +92,13 @@ if [[ "${LOG_IN}" == "true" ]]; then # Log in with app-default-credentials emit "Logging into workbench CLI with mode ${LOG_IN_MODE}" - ${RUN_AS_LOGIN_USER} "${WORKBENCH_INSTALL_PATH}auth login --mode=${LOG_IN_MODE}" + ${RUN_AS_LOGIN_USER} "'${WORKBENCH_INSTALL_PATH}' auth login --mode=${LOG_IN_MODE}" # Set the CLI workspace id using the VM metadata, if set. TERRA_WORKSPACE="$(get_metadata_value "terra-workspace-id")" readonly TERRA_WORKSPACE if [[ -n "${TERRA_WORKSPACE}" ]]; then - ${RUN_AS_LOGIN_USER} "${WORKBENCH_INSTALL_PATH}workspace set --id='${TERRA_WORKSPACE}'" + ${RUN_AS_LOGIN_USER} "'${WORKBENCH_INSTALL_PATH}' workspace set --id='${TERRA_WORKSPACE}'" fi else emit "Do not log user into workbench CLI. Manual log in is required." diff --git a/startupscript/setup-bashrc.sh b/startupscript/setup-bashrc.sh index 74d4c685..8a9a9754 100644 --- a/startupscript/setup-bashrc.sh +++ b/startupscript/setup-bashrc.sh @@ -27,14 +27,14 @@ emit "Customize user bashrc ..." if [[ "${LOG_IN}" == "true" ]]; then # OWNER_EMAIL is really the Workbench user account email address OWNER_EMAIL="$( - ${RUN_AS_LOGIN_USER} "${WORKBENCH_INSTALL_PATH} workspace describe --format=json" | \ + ${RUN_AS_LOGIN_USER} "''${WORKBENCH_INSTALL_PATH}'' workspace describe --format=json" | \ jq --raw-output ".userEmail")" readonly OWNER_EMAIL # PET_SA_EMAIL is the pet service account for the Workbench user and # is specific to the GCP project backing the workspace PET_SA_EMAIL="$( - ${RUN_AS_LOGIN_USER} "${WORKBENCH_INSTALL_PATH} auth status --format=json" | \ + ${RUN_AS_LOGIN_USER} "'${WORKBENCH_INSTALL_PATH}' auth status --format=json" | \ jq --raw-output ".serviceAccountEmail")" readonly PET_SA_EMAIL @@ -57,7 +57,7 @@ if [[ "${CLOUD}" == "gcp" && "${LOG_IN}" == "true" ]]; then # GOOGLE_PROJECT is the project id for the GCP project backing the workspace GOOGLE_PROJECT="$( - ${RUN_AS_LOGIN_USER} "${WORKBENCH_INSTALL_PATH} workspace describe --format=json" | \ + ${RUN_AS_LOGIN_USER} "'${WORKBENCH_INSTALL_PATH}' workspace describe --format=json" | \ jq --raw-output ".googleProjectId")" readonly GOOGLE_PROJECT @@ -77,7 +77,7 @@ if [[ "${CLOUD}" == "aws" && "${LOG_IN}" == "true" ]]; then # Create a symlink to this workspace's AWS config file to use as the target for AWS_CONFIG_FILE. readonly AWS_CONFIG_SYMLINK="${USER_WORKBENCH_CONFIG_DIR}/workspace.conf" - ${RUN_AS_LOGIN_USER} "eval \$(${WORKBENCH_INSTALL_PATH} workspace configure-aws) && \ + ${RUN_AS_LOGIN_USER} "eval \$('${WORKBENCH_INSTALL_PATH}' workspace configure-aws) && \ ln -sf \${AWS_CONFIG_FILE} ${AWS_CONFIG_SYMLINK}" emit "Adding Workbench AWS-sepcific environment variables to ~/.bashrc ..." From 345417f8a81e98e4702ec0936e06796e3bd980f6 Mon Sep 17 00:00:00 2001 From: Peter Su Date: Thu, 21 Aug 2025 23:36:13 +0000 Subject: [PATCH 24/25] updated some descriptions and IDs --- src/nemo_jupyter/.devcontainer.json | 57 ------------------- src/nemo_jupyter/devcontainer-template.json | 23 -------- src/nemo_jupyter/docker-compose.yaml | 23 -------- .../.devcontainer.json | 2 +- .../devcontainer-template.json | 6 +- .../docker-compose.yaml | 4 +- 6 files changed, 6 insertions(+), 109 deletions(-) delete mode 100644 src/nemo_jupyter/.devcontainer.json delete mode 100644 src/nemo_jupyter/devcontainer-template.json delete mode 100644 src/nemo_jupyter/docker-compose.yaml diff --git a/src/nemo_jupyter/.devcontainer.json b/src/nemo_jupyter/.devcontainer.json deleted file mode 100644 index 2d73c7fb..00000000 --- a/src/nemo_jupyter/.devcontainer.json +++ /dev/null @@ -1,57 +0,0 @@ -{ - "name": "Workbench NeMo devcontainer template", - "dockerComposeFile": "docker-compose.yaml", - "service": "app", - "shutdownAction": "none", - "workspaceFolder": "/workspace", - // Get the host's docker group ID and propagate it into the .env file, which - // allows it to be used within docker-compose.yaml. - // "initializeCommand": "DOCKER_GID=`getent group docker | cut -d: -f3` && echo \"DOCKER_GID=${DOCKER_GID}\" > .env", - "postCreateCommand": "apt update && apt install -y sudo && ./startupscript/post-startup.sh root /workspace ${templateOption:cloud} ${templateOption:login} && echo \"alias weightsbiases='/usr/local/bin/wb'\" >> /root/.bashrc", - // re-mount bucket files on container start up - "postStartCommand": [ - "./startupscript/remount-on-restart.sh", - "root", - "/workspace", - "${templateOption:cloud}", - "${templateOption:login}" - ], - "features": { - "ghcr.io/devcontainers/features/java@sha256:df67d6ff6e9cdd858207ae9e92a99ddb88384b789f79eecd6f873216e951d286": { - "version": "17" - }, - "ghcr.io/dhoeric/features/google-cloud-cli@sha256:fa5d894718825c5ad8009ac8f2c9f0cea3d1661eb108a9d465cba9f3fc48965f": {} - }, - "remoteUser": "root", - "customizations": { - "workbench": { - "opens": { - "extensions": [ - // Source - ".ipynb", - ".R", - ".py", - // Documents - ".md", - ".html", - ".latex", - ".pdf", - // Images - ".bmp", - ".gif", - ".jpeg", - ".jpg", - ".png", - ".svg", - // Data - ".csv", - ".tsv", - ".json", - ".vl" - ], - "fileUrlSuffix": "/lab/tree/{path}", - "folderUrlSuffix": "/lab/tree/{path}" - } - } - } -} \ No newline at end of file diff --git a/src/nemo_jupyter/devcontainer-template.json b/src/nemo_jupyter/devcontainer-template.json deleted file mode 100644 index a2d8f81c..00000000 --- a/src/nemo_jupyter/devcontainer-template.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "id": "NeMo jupyter", - "version": "0.0.2", - "name": "Jupyter", - "description": "A NeMo container with Jupyter - GCP only for now", - "documentationURL": "https://github.com/verily-src/workbench-app-devcontainers/tree/master/src/jupyter", - "licenseURL": "https://github.com/verily-src/workbench-app-devcontainers/blob/master/LICENSE", - "options": { - "cloud": { - "type": "string", - "description": "VM cloud environment", - "proposals": ["gcp", "aws"], - "default": "gcp" - }, - "login": { - "type": "string", - "description": "Whether to log in to workbench CLI", - "proposals": ["true", "false"], - "default": "false" - } - }, - "platforms": ["Any"] -} diff --git a/src/nemo_jupyter/docker-compose.yaml b/src/nemo_jupyter/docker-compose.yaml deleted file mode 100644 index 02e0179c..00000000 --- a/src/nemo_jupyter/docker-compose.yaml +++ /dev/null @@ -1,23 +0,0 @@ -version: "2.4" -services: - app: - container_name: "application-server" - image: "nvcr.io/nvidia/nemo:24.09" - user: root - restart: always - volumes: - - .:/workspace:cached - ports: - - "8888:8888" - networks: - - app-network - cap_add: - - SYS_ADMIN - devices: - - /dev/fuse - security_opt: - - apparmor:unconfined - command: jupyter lab --ip=0.0.0.0 --port=8888 --no-browser --allow-root --LabApp.token='' -networks: - app-network: - external: true \ No newline at end of file diff --git a/src/workbench-jupyter-parabricks/.devcontainer.json b/src/workbench-jupyter-parabricks/.devcontainer.json index 07d618b6..c3b24a92 100644 --- a/src/workbench-jupyter-parabricks/.devcontainer.json +++ b/src/workbench-jupyter-parabricks/.devcontainer.json @@ -1,5 +1,5 @@ { - "name": "Workbench JupyterLab with docker support devcontainer template", + "name": "Workbench JupyterLab with docker support devcontainer template plus NVIDIA Parabricks", "dockerComposeFile": "docker-compose.yaml", "service": "app", "shutdownAction": "none", diff --git a/src/workbench-jupyter-parabricks/devcontainer-template.json b/src/workbench-jupyter-parabricks/devcontainer-template.json index 8897453d..b844bdb0 100644 --- a/src/workbench-jupyter-parabricks/devcontainer-template.json +++ b/src/workbench-jupyter-parabricks/devcontainer-template.json @@ -1,8 +1,8 @@ { - "id": "custom-workbench-jupyter-template", - "description": "A template used to serve the Workbench JupyterLab container image", + "id": "custom-workbench-jupyter-parabricks-template", + "description": "A template used to serve the Workbench JupyterLab container image plus NVIDIA Parabricks", "version": "0.0.1", - "name": "Workbench Prebuilt JupyterLab Template", + "name": "Workbench Prebuilt JupyterLab Template running alongside NVIDIA Parabricks", "documentationURL": "https://github.com/verily-src/workbench-app-devcontainers/tree/master/src/custom-workbench-jupyter-template", "licenseURL": "https://github.com/verily-src/workbench-app-devcontainers/blob/master/LICENSE", "options": { diff --git a/src/workbench-jupyter-parabricks/docker-compose.yaml b/src/workbench-jupyter-parabricks/docker-compose.yaml index a6ac91f0..50418de0 100644 --- a/src/workbench-jupyter-parabricks/docker-compose.yaml +++ b/src/workbench-jupyter-parabricks/docker-compose.yaml @@ -29,8 +29,8 @@ services: container_name: parabricks_service restart: always volumes: - - .:/data # Mount the SAME shared volume - command: tail -f /dev/null # Keep the container running + - .:/data # Mount the same shared volume + command: tail -f /dev/null deploy: resources: reservations: From 09bb4a7ded4b73a261b1faec40950b710d77bf27 Mon Sep 17 00:00:00 2001 From: Peter Su Date: Wed, 27 Aug 2025 19:58:35 +0000 Subject: [PATCH 25/25] using a Dockerfile that now starts from the parabricks container base image and installs Jupyter --- src/workbench-jupyter-parabricks/Dockerfile | 21 +++++++++++++++ .../docker-compose.yaml | 26 +++---------------- 2 files changed, 24 insertions(+), 23 deletions(-) create mode 100644 src/workbench-jupyter-parabricks/Dockerfile diff --git a/src/workbench-jupyter-parabricks/Dockerfile b/src/workbench-jupyter-parabricks/Dockerfile new file mode 100644 index 00000000..c4d49c15 --- /dev/null +++ b/src/workbench-jupyter-parabricks/Dockerfile @@ -0,0 +1,21 @@ +# Use the official NVIDIA Clara Parabricks container as the base image +FROM nvcr.io/nvidia/clara/clara-parabricks:4.5.1-1 + +# Set the working directory inside the container +WORKDIR /workspace + +# Switch to root user to install packages +USER root + +# Update package lists and install python3, pip, and other essentials +# Clean up apt-get cache to reduce image size +RUN apt-get update && \ + apt-get install -y python3 python3-pip && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + +# Install Jupyter Lab using pip +RUN pip3 install jupyterlab + +# Expose the port Jupyter Lab will run on +EXPOSE 8888 \ No newline at end of file diff --git a/src/workbench-jupyter-parabricks/docker-compose.yaml b/src/workbench-jupyter-parabricks/docker-compose.yaml index 50418de0..cd279932 100644 --- a/src/workbench-jupyter-parabricks/docker-compose.yaml +++ b/src/workbench-jupyter-parabricks/docker-compose.yaml @@ -2,17 +2,11 @@ version: "2.4" services: app: container_name: "application-server" - image: "us-central1-docker.pkg.dev/verily-workbench-public/apps/workbench-jupyter:latest" - user: "jupyter:${DOCKER_GID}" + image: "us-central1-docker.pkg.dev/wb-quick-seed-877/parabricks-demo-repo/test1:20250827" + user: root restart: always volumes: - .:/workspace:cached - # mount Host machine's docker.sock to container's docker.sock - - /var/run/docker.sock:/var/run/docker.sock - # mount Host machine's /etc/group to container's /etc/host-group - - /etc/group:/etc/host-group - # mount Host machine's default docker config dir to container's jupyter user docker config dir - - /etc/docker:/home/jupyter/.docker ports: - "8888:8888" networks: @@ -23,21 +17,7 @@ services: - /dev/fuse security_opt: - apparmor:unconfined - - parabricks: - image: "nvcr.io/nvidia/clara/clara-parabricks:4.5.1-1" - container_name: parabricks_service - restart: always - volumes: - - .:/data # Mount the same shared volume - command: tail -f /dev/null - deploy: - resources: - reservations: - devices: - - driver: nvidia - count: all - capabilities: [gpu] + command: jupyter lab --ip=0.0.0.0 --port=8888 --no-browser --allow-root --LabApp.token='' networks: app-network: external: true \ No newline at end of file