populate the repo

.github/workflows/build_container.yml

@@ -0,0 +1,50 @@
+#
+name: Create and publish a Docker image
+
+on:
+  push:
+  workflow_dispatch:
+
+# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds.
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu.
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
+    permissions:
+      contents: read
+      packages: write
+      # 
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels.
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+      # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages.
+      # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository.
+      # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          file: ./docker/Dockerfile

docker/Dockerfile

@@ -0,0 +1,57 @@
+FROM rocker/geospatial:latest
+
+# install system dependencies
+# TODO: move ldap-utils, libnss-ldapd, libpam-ldapd, nscd, nslcd to base image??
+RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \
+        curl \
+        dnsutils \
+        git \
+        jq \
+        ldap-utils \
+        libnss-ldapd \
+        libpam-ldapd \
+        less \
+        nano \
+        nodejs \
+        nscd \
+        nslcd \
+        rsync \
+        unzip \
+        vim \
+        wget \
+        zip \
+    && rm -rf /var/lib/apt/lists/*
+
+# install kubectl, required for running on the k8s cluster
+ARG KUBECTL_VERSION=v1.28.5
+RUN curl -LO https://dl.k8s.io/release/$KUBECTL_VERSION/bin/linux/amd64/kubectl \
+    && mv kubectl /usr/local/bin/kubectl \
+    && chmod +x /usr/local/bin/kubectl
+
+# copy in ood k8s utils
+ARG UTILS_HASH=6298fb01f7a7c66a8454e3f0fd74437a32491423
+RUN git clone https://github.com/nesi/training-environment-k8s-utils.git /opt/ood-k8s-utils \
+    && cd /opt/ood-k8s-utils \
+    && git checkout $UTILS_HASH \
+    && chmod +x /opt/ood-k8s-utils/files/* \
+    && mv /opt/ood-k8s-utils/files/* /bin/ \
+    && rm -rf /opt/ood-k8s-utils
+
+# make a dummy module command to avoid warnings from ondemand job_script_content.sh
+RUN echo "#!/bin/bash" > /bin/module \
+    && chmod +x /bin/module
+
+# install R packages
+RUN Rscript -e 'install.packages("BiocManager", repos = "https://cloud.r-project.org")' \
+    && Rscript -e 'BiocManager::install("phyloseq")' \
+    && Rscript -e 'install.packages("beeswarm")' \
+    && Rscript -e 'install.packages("knitr")' \
+    && Rscript -e 'install.packages("gplots")' \
+    && Rscript -e 'install.packages("dplyr")' \
+    && Rscript -e 'install.packages("ggplot2")' \
+    && Rscript -e 'install.packages("vegan")' \
+    && Rscript -e 'install.packages("tidyverse")' 
+
+
+# copy data
+COPY docker/OTU_table.biom /var/lib/RNA_seq/

form.yml

@@ -0,0 +1,17 @@
+---
+cluster: "my-k8s-cluster"
+
+form:
+  - cpu
+  - memory
+  - wall_time
+
+attributes:
+  cpu: 2
+  memory: 4
+  wall_time:
+    widget: number_field
+    label: "Hours"
+    min: 8
+    max: 36
+    value: 12

manifest.yml

@@ -0,0 +1,8 @@
+---
+name: RStudio-IndigiData
+category: Interactive Apps
+role: batch_connect
+description: |
+  This app will launch [RStudio Server] for the Indigidata R workshop.
+
+  [RStudio Server]: https://www.rstudio.com/products/rstudio-server/

submit.yml.erb

@@ -0,0 +1,64 @@
+
+<%
+   user = OodSupport::User.new
+   services_node = Resolv.getaddress("servicesnode")
+%>
+---
+batch_connect:
+  template: "basic"
+  conn_params:
+    - csrf_token
+script:
+  wall_time: "<%= wall_time.to_i * 3600 %>"
+  native:
+    container:
+      name: "indigidatar"
+      image: "ghcr.io/nesi/training-environment-rstudio--indigidata-app:v0.1.0"
+      command: ["/bin/bash","-l","<%= staged_root %>/job_script_content.sh"]
+      restart_policy: 'OnFailure'
+      env:
+        TZ: "Pacific/Auckland"
+      port: "8080"
+      cpu: "<%= cpu %>"
+      memory: "<%= memory %>Gi"
+    mounts:
+      - type: nfs
+        name: home
+        host: <%= services_node %>
+        path: /srv/homes
+        destination_path: /home/shared
+      - type: host
+        name: nslcd-socket
+        host_type: Socket
+        path: /var/run/nslcd/socket
+        destination_path: /var/run/nslcd/socket
+      - type: host
+        name: nsswitch-conf
+        host_type: File
+        path: /etc/nsswitch.conf
+        destination_path: /etc/nsswitch.conf
+    configmap:
+      files:
+        - filename: "logging.conf"
+          data: |
+            [*]
+            log-level=debug
+            logger-type=file
+            log-dir=<%= staged_root %>/logs
+          mount_path: '/etc/rstudio'
+        - filename: "database.conf"
+          data: |
+            directory=/tmp/lib/rstudio-server
+          mount_path: '/etc/rstudio/database'
+        - filename: 'k8_helper'
+          data: |
+            #!/usr/bin/env bash
+
+            set -x
+
+            KEY=$1
+            VALUE=$(echo -n $2 | base64)
+            CFG="$(hostname)-secret"
+
+            kubectl get secret ${CFG} -o json | jq --arg key $KEY --arg value $VALUE '.data[$key] = $value'  | kubectl apply -f -
+          mount_path: '/opt/open_ondemand/helpers'

template/before.sh.erb

@@ -0,0 +1,21 @@
+# Export the module function if it exists
+
+exec &> >(tee -a "pod.log")
+
+source /bin/find_host_port
+source /bin/save_passwd_as_secret
+export password="$PASSWORD"
+export host="$HOST_CFG"
+export port="$PORT_CFG"
+
+echo "host is: ${host}"
+echo "port is: ${port}"
+
+# rstudio 1.4+ needs a csrf token
+export csrf_token=<%= SecureRandom.uuid %>
+echo "password is: $password"
+echo "csrf_token is: ${csrf_token}"
+/bin/bash /opt/open_ondemand/helpers/k8_helper csrf_token "$csrf_token"
+
+export RSTUDIO_PASSWORD="${password}"
+

template/bin/auth

@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+
+# Confirm username is supplied
+if [[ $# -lt 1 ]]; then
+  echo "Usage: auth USERNAME"
+  exit 1
+fi
+USERNAME="${1}"
+
+# Confirm password environment variable exists
+if [[ -z ${RSTUDIO_PASSWORD} ]]; then
+  echo "The environment variable RSTUDIO_PASSWORD is not set"
+  exit 1
+fi
+
+# Read in the password from user
+read -s -p "Password: " PASSWORD
+echo ""
+
+if [[ ${USERNAME} == ${USER} && ${PASSWORD} == ${RSTUDIO_PASSWORD} ]]; then
+  echo "Successful authentication"
+  exit 0
+else
+  echo "Invalid authentication"
+  exit 1
+fi
+

template/script.sh.erb

@@ -0,0 +1,59 @@
+#!/usr/bin/env bash
+
+#
+# Start RStudio Server
+#
+# PAM auth helper used by RStudio
+export WORKING_DIR="<%= session.staged_root %>"
+export RSTUDIO_AUTH="$WORKING_DIR/bin/auth"
+
+export PATH="$PATH:/usr/lib/rstudio-server/bin"
+
+# Generate an `rsession` wrapper script
+export RSESSION_WRAPPER_FILE="$WORKING_DIR/rsession.sh"
+(
+umask 077
+sed 's/^ \{2\}//' > "$WORKING_DIR/rsession.sh" << EOL
+  #!/usr/bin/env bash
+
+  # Log all output from this script
+  export RSESSION_LOG_FILE="$WORKING_DIR/rsession.log"
+
+  exec &>>"\${RSESSION_LOG_FILE}"
+
+  # rsession.sh doesn't share the same env as the outside script, so these
+  # need to be set explicitly
+  export TZ="Pacific/Auckland"
+  export PATH="$PATH"
+
+  # Launch the original command
+  echo "Launching rsession..."
+  set -x
+  exec rsession "\${@}"
+EOL
+)
+chmod 700 "$WORKING_DIR/rsession.sh"
+mkdir -p "$WORKING_DIR/logs"
+mkdir -p /tmp/rserver-run
+
+cd $HOME
+
+set -x
+echo "Starting up rserver..."
+
+# copy data
+rsync --ignore-existing -avz /var/lib/OTU_table.biom ~/OTU_table.biom
+
+# launch rserver
+rserver \
+    --www-port=8080 \
+    --auth-none=0 \
+    --auth-pam-helper-path="${RSTUDIO_AUTH}" \
+    --auth-encrypt-password=0 \
+    --auth-timeout-minutes=0 \
+    --database-config-file='/etc/rstudio/database/database.conf' \
+    --server-data-dir='/tmp/rserver-run' \
+    --server-daemonize=0 \
+    --server-user=$(whoami) \
+    --rsession-path "${RSESSION_WRAPPER_FILE}" \
+    --server-app-armor-enabled=0

view.html.erb

@@ -0,0 +1,21 @@
+<script type="text/javascript">
+(function () {
+  let date = new Date();
+  date.setTime(date.getTime() + (7*24*60*60*1000));
+  let expires = "expires=" + date.toUTCString();
+  let cookiePath = "path=/rnode/" + "<%= host.to_s %>" + "/" + "<%= port.to_s %>";
+  let cookie = `csrf-token=<%= csrf_token %>;${expires};${cookiePath};SameSite=strict;secure`;
+  document.cookie = cookie;
+})();
+</script>
+
+<form action="/rnode/<%= host %>/<%= port %>/auth-do-sign-in" method="post" target="_blank">
+  <input type="hidden" name="csrf-token" value="<%= csrf_token %>"/>
+  <input type="hidden" name="username" value="<%= ENV["USER"] %>">
+  <input type="hidden" name="password" value="<%= password %>">
+  <input type="hidden" name="staySignedIn" value="1">
+  <input type="hidden" name="appUri" value="">
+  <button class="btn btn-primary" type="submit">
+    <i class="fa fa-registered"></i> Connect to Indigidata RStudio
+  </button>
+</form>