feat: add non-root user support

Tverous · Apr 4, 2023 · 39cfc7f · 39cfc7f
1 parent 7922f95
commit 39cfc7f
Show file tree

Hide file tree

Showing 7 changed files with 156 additions and 12 deletions.
diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
@@ -25,14 +25,23 @@ jobs:
           id: buildx
           uses: docker/setup-buildx-action@v2
 
-        - name: Build and push
+        - name: Build and push base image
           id: docker_build
           uses: docker/build-push-action@v4
           with:
             context: ./
-            file: ./Dockerfile
+            file: ./base.dockerfile
             push: true
-            tags: ${{ secrets.DOCKER_HUB_USERNAME }}/pytorch-notebook:latest
+            tags: ${{ secrets.DOCKER_HUB_USERNAME }}/pytorch-notebook:base, ${{ secrets.DOCKER_HUB_USERNAME }}/pytorch-notebook 
+
+        - name: Build and push devel image
+          id: docker_build
+          uses: docker/build-push-action@v4
+          with:
+            context: ./
+            file: ./base-devel.dockerfile
+            push: true
+            tags: ${{ secrets.DOCKER_HUB_USERNAME }}/pytorch-notebook:devel
 
         - name: Image digest
           run: echo ${{ steps.docker_build.outputs.digest }}
diff --git a/README.md b/README.md
@@ -31,6 +31,54 @@ docker run --rm -it  \
            tverous/pytorch-notebook:latest
 ```
 
+### Others
+#### Build the image with customed users
+
+```
+git clone https://github.com/Tverous/pytorch-notebook.git
+cd pytorch-notebook/
+```
+```
+docker build --no-cache \
+             -f create-user.dockerfile \
+             --build-arg MY_UID="$(id -u)" \
+             --build-arg MY_GID="$(id -g)" \
+             --build-arg USER=demo \
+             --build-arg HOME=/home/demo \
+             -t tverous/pytorch-notebook:user \
+             .
+```
+```
+docker run --rm -it  \
+           -p 8888:8888  \
+           -e JUPYTER_TOKEN=passwd  \
+           tverous/pytorch-notebook:user
+```
+Where the argument `MY_UID` is the user id for the created user, `MY_GID` is the group id for the created user, `USER` is the name for the created user and `HOME` is the home directory for the created user.
+
+Please check the file `create-user.dockerfile` for details
+
+##### Build the image with jupyter lab extensions
+```
+git clone https://github.com/Tverous/pytorch-notebook.git
+cd pytorch-notebook/
+```
+```
+docker build --no-cache \
+             -f jupyter-lab-extension.dockerfile \
+             -t tverous/pytorch-notebook:extension \
+             .
+```
+```
+docker run --rm -it  \
+           -p 8888:8888  \
+           -e JUPYTER_TOKEN=passwd  \
+           tverous/pytorch-notebook:extension
+```
+
+Update the file `jupter-lab-extension.dockerfile` for other extensions you would like to install.
+
+
 ## Launch Jupyter Notebook
 
 When you start a notebook server with token authentication enabled (default), a token is generated to use for authentication. 

diff --git a/base-devel.dockerfile b/base-devel.dockerfile
@@ -0,0 +1,28 @@
+# pull from devel image instead of base
+FROM nvidia/cuda:11.8.0-devel-ubuntu20.04
+
+# Set bash as the default shell
+ENV SHELL=/bin/bash
+
+# Create a working directory
+WORKDIR /app/
+
+# Build with some basic utilities
+RUN apt-get update && apt-get install -y \
+    python3-pip \
+    apt-utils \
+    vim \
+    git
+
+# alias python='python3'
+RUN ln -s /usr/bin/python3 /usr/bin/python
+
+# build with some basic python packages
+RUN pip install \
+    numpy \
+    torch \
+    jupyterlab
+
+# start jupyter lab
+CMD ["jupyter", "lab", "--ip=0.0.0.0", "--port=8888", "--allow-root", "--no-browser"]
+EXPOSE 8888
diff --git a/Dockerfile → base.dockerfile b/Dockerfile → base.dockerfile
@@ -1,4 +1,4 @@
-FROM nvidia/cuda:12.0.1-base-ubuntu20.04
+FROM nvidia/cuda:11.8.0-base-ubuntu20.04
 
 # Set bash as the default shell
 ENV SHELL=/bin/bash
@@ -11,15 +11,17 @@ RUN apt-get update && apt-get install -y \
     python3-pip \
     apt-utils \
     vim \
-    git 
+    git
 
 # alias python='python3'
 RUN ln -s /usr/bin/python3 /usr/bin/python
 
+# build with some basic python packages
 RUN pip install \
     numpy \
     torch \
     jupyterlab
 
+# start jupyter lab
 CMD ["jupyter", "lab", "--ip=0.0.0.0", "--port=8888", "--allow-root", "--no-browser"]
-EXPOSE 8888
+EXPOSE 8888
diff --git a/create-user.dockerfile b/create-user.dockerfile
@@ -0,0 +1,47 @@
+FROM tverous/pytorch-notebook:base
+
+ARG MY_UID
+ARG MY_GID
+ARG USER
+ARG HOME
+
+# for prompts
+ENV RED='\033[0;31m'
+ENV GREEN='\033[0;32m'
+ENV NC='\033[0m'
+# run id -u
+ENV MY_UID=${MY_GID}
+# run id -g
+ENV MY_GID=${MY_UID}
+# your username
+ENV USER=${USER}
+# your home directory
+ENV HOME=${HOME}
+
+RUN test ! -z ${MY_UID} && echo ${GREEN}"MY_UID is set to ${MY_UID}"${NC} || (echo ${RED}"MY_UID is not set"${NC} && exit 1)
+RUN test ! -z ${MY_GID} && echo ${GREEN}"MY_GID is set to ${MY_GID}"${NC} || (echo ${RED}"MY_GID is not set"${NC} && exit 1)
+RUN test ! -z ${USER} && echo ${GREEN}"USER is set to ${USER}"${NC} || (echo ${RED}"USER is not set"${NC} && exit 1)
+RUN test ! -z ${HOME} && echo ${GREEN}"HOME is set to ${HOME}"${NC} || (echo ${RED}"HOME is not set"${NC} && exit 1)
+
+RUN unset RED && unset GREEN && unset NC
+
+# install sudo 
+RUN apt-get update && apt-get install -y \
+    sudo
+
+# add a new user with the specific user id and group id
+RUN groupadd -g ${MY_GID} ${USER} \
+    && useradd ${USER} -u ${MY_UID} -g ${MY_GID} -d ${HOME} -m -s /bin/bash
+
+# add user to the root group
+RUN usermod -aG root ${USER}
+
+# TODO:  disable sudo password
+RUN echo "%${USER}   ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers && exit
+
+USER ${USER}
+WORKDIR ${HOME}
+
+# start jupyter lab
+CMD ["jupyter", "lab", "--ip=0.0.0.0", "--port=8888", "--allow-root", "--no-browser"]
+EXPOSE 8888
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -4,13 +4,8 @@ services:
     image: tverous/pytorch-notebook
     environment:
       - JUPYTER_TOKEN=passwd # TODO: Change the token
-    user: ${MY_UID}:${MY_GID}
-    working_dir: ${HOME}
     volumes:
-      - /etc/passwd:/etc/passwd:ro
-      - /etc/group:/etc/group:ro
-      - /etc/shadow:/etc/shadow:ro
-      - ${HOME}:${HOME}
+      - /local_vol:/docker_vol
     ports:
       - 8888:8888
     deploy:

diff --git a/jupyter-lab-extension.dockerfile b/jupyter-lab-extension.dockerfile
@@ -0,0 +1,15 @@
+FROM tverous/pytorch-notebook:user
+
+# install jupyter lab extensions
+RUN pip install \
+    # https://github.com/mohirio/jupyterlab-horizon-theme
+    jupyterlab-horizon-theme \
+    # https://github.com/jupyterlab/jupyterlab-git
+    jupyterlab-git \
+    # https://github.com/jupyter-lsp/jupyterlab-lsp
+    jupyterlab-lsp \
+    # https://github.com/jtpio/jupyterlab-system-monitor
+    jupyterlab-system-monitor
+
+CMD ["jupyter", "lab", "--ip=0.0.0.0", "--port=8888", "--allow-root", "--no-browser"]
+EXPOSE 8888