Make subimages compatible with late user creation

* Always remain as root during install
* Put kernel specs in system path, not user home
* Create user work directory at startup
* Note this is in 4.0 and up images, not 3.2

Contribution (c) Copyright IBM Corp. 2015
This commit is contained in:
Peter Parente
2015-08-28 22:38:13 -04:00
parent 30932a3b12
commit c4616560cf
13 changed files with 21 additions and 45 deletions

View File

@@ -11,8 +11,6 @@ RUN apt-get update && \
gfortran \
gcc && apt-get clean
USER jovyan
# R packages
RUN conda config --add channels r
RUN conda install --yes \
@@ -33,6 +31,3 @@ RUN conda install --yes \
'r-caret=6.0*' \
'r-rcurl=1.95*' \
'r-randomforest=4.6*' && conda clean -yt
# Switch back to root so that supervisord runs under that user
USER root

View File

@@ -21,6 +21,7 @@ You may customize the execution of the Docker container and the Notebook server
* `-e PASSWORD="YOURPASS"` - Configures Jupyter Notebook to require the given password. Should be conbined with `USE_HTTPS` on untrusted networks.
* `-e USE_HTTPS=yes` - Configures Jupyter Notebook to accept encrypted HTTPS connections. If a `pem` file containing a SSL certificate and key is not found in `/home/jovyan/.ipython/profile_default/security/notebook.pem`, the container will generate a self-signed certificate for you.
* **(v4.0.x)** `-e NB_UID=1000` - Specify the uid of the `jovyan` user. Useful to mount host volumes with specific file ownership.
* `-e GRANT_SUDO=yes` - Gives the `jovyan` user passwordless `sudo` capability. Useful for installing OS packages. **You should only enable `sudo` if you trust the user or if the container is running on an isolated host.**
* `-v /some/host/folder/for/work:/home/jovyan/work` - Host mounts the default working directory on the host to preserve work even when the container is destroyed and recreated (e.g., during an upgrade).
* **(v3.2.x)** `-v /some/host/folder/for/server.pem:/home/jovyan/.ipython/profile_default/security/notebook.pem` - Mounts a SSL certificate plus key for `USE_HTTPS`. Useful if you have a real certificate for the domain under which you are running the Notebook server.