hazza/docker-stacks
1
0
Fork 0
mirror of https://github.com/jupyter/docker-stacks.git synced 2025-10-10 19:42:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make subimages compatible with late user creation

Browse Source 
* Always remain as root during install
* Put kernel specs in system path, not user home
* Create user work directory at startup
* Note this is in 4.0 and up images, not 3.2

Contribution (c) Copyright IBM Corp. 2015
This commit is contained in:
Peter Parente
2015-08-28 22:38:13 -04:00
parent 30932a3b12
commit c4616560cf
13 changed files with 21 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
all-spark-notebook/Dockerfile
View File

@@ -3,8 +3,6 @@ FROM jupyter/minimal-notebook
MAINTAINER Jupyter Project <jupyter@googlegroups.com>
USER root
# Spark dependencies
ENV APACHE_SPARK_VERSION 1.4.1
RUN apt-get -y update && \
@@ -43,8 +41,6 @@ RUN cd /tmp && \
apt-get remove -y sbt && \
apt-get clean
USER jovyan
# Spark and Mesos pointers
ENV SPARK_HOME /usr/local/spark
ENV R_LIBS_USER $SPARK_HOME/R/lib
@@ -74,7 +70,7 @@ RUN conda create -p $CONDA_DIR/envs/python2 python=2.7 \
&& conda clean -yt
RUN $CONDA_DIR/envs/python2/bin/python \
$CONDA_DIR/envs/python2/bin/ipython \
kernelspec install-self --user
kernelspec install-self
# R packages
RUN conda config --add channels r
@@ -85,9 +81,5 @@ RUN conda install --yes \
'r-rcurl=1.95*' && conda clean -yt
# Scala Spark kernel spec
RUN mkdir -p $HOME/.ipython/kernels/scala
COPY kernel.json $HOME/.ipython/kernels/scala/
# Switch back to root so that supervisord runs under that user
USER root
RUN chown -R $NB_USER:$NB_USER $HOME/.ipython/kernels/scala/
RUN mkdir -p /usr/local/share/jupyter/kernels/scala
COPY kernel.json /usr/local/share/jupyter/kernels/scala/

1
all-spark-notebook/README.md
View File

@@ -203,6 +203,7 @@ You may customize the execution of the Docker container and the Notebook server
* `-e PASSWORD="YOURPASS"` - Configures Jupyter Notebook to require the given password. Should be conbined with `USE_HTTPS` on untrusted networks.
* `-e USE_HTTPS=yes` - Configures Jupyter Notebook to accept encrypted HTTPS connections. If a `pem` file containing a SSL certificate and key is not found in `/home/jovyan/.ipython/profile_default/security/notebook.pem`, the container will generate a self-signed certificate for you.
* **(v4.0.x)** `-e NB_UID=1000` - Specify the uid of the `jovyan` user. Useful to mount host volumes with specific file ownership.
* `-e GRANT_SUDO=yes` - Gives the `jovyan` user passwordless `sudo` capability. Useful for installing OS packages. **You should only enable `sudo` if you trust the user or if the container is running on an isolated host.**
* `-v /some/host/folder/for/work:/home/jovyan/work` - Host mounts the default working directory on the host to preserve work even when the container is destroyed and recreated (e.g., during an upgrade).
* **(v3.2.x)** `-v /some/host/folder/for/server.pem:/home/jovyan/.ipython/profile_default/security/notebook.pem` - Mounts a SSL certificate plus key for `USE_HTTPS`. Useful if you have a real certificate for the domain under which you are running the Notebook server.

7
datascience-notebook/Dockerfile
View File

@@ -16,8 +16,6 @@ RUN apt-get update && \
julia \
libnettle4 && apt-get clean
USER jovyan
# Install Python 3 packages
RUN conda install --yes \
'ipywidgets=4.0*' \
@@ -59,7 +57,7 @@ RUN conda create -p $CONDA_DIR/envs/python2 python=2.7 \
&& conda clean -yt
RUN $CONDA_DIR/envs/python2/bin/python \
$CONDA_DIR/envs/python2/bin/ipython \
kernelspec install-self --user
kernelspec
# R packages
RUN conda config --add channels r
@@ -85,6 +83,3 @@ RUN conda install --yes \
# IJulia and Julia packages
RUN julia -e 'Pkg.add("IJulia")'
RUN julia -e 'Pkg.add("Gadfly")' && julia -e 'Pkg.add("RDatasets")'
# Switch back to root so that supervisord runs under that user
USER root

1
datascience-notebook/README.md
View File

@@ -24,6 +24,7 @@ You may customize the execution of the Docker container and the Notebook server
* `-e PASSWORD="YOURPASS"` - Configures Jupyter Notebook to require the given password. Should be conbined with `USE_HTTPS` on untrusted networks.
* `-e USE_HTTPS=yes` - Configures Jupyter Notebook to accept encrypted HTTPS connections. If a `pem` file containing a SSL certificate and key is not found in `/home/jovyan/.ipython/profile_default/security/notebook.pem`, the container will generate a self-signed certificate for you.
* **(v4.0.x)** `-e NB_UID=1000` - Specify the uid of the `jovyan` user. Useful to mount host volumes with specific file ownership.
* `-e GRANT_SUDO=yes` - Gives the `jovyan` user passwordless `sudo` capability. Useful for installing OS packages. **You should only enable `sudo` if you trust the user or if the container is running on an isolated host.**
* `-v /some/host/folder/for/work:/home/jovyan/work` - Host mounts the default working directory on the host to preserve work even when the container is destroyed and recreated (e.g., during an upgrade).
* `-v /some/host/folder/for/server.pem:/home/jovyan/.local/share/jupyter/notebook.pem` - Mounts a SSL certificate plus key for `USE_HTTPS`. Useful if you have a real certificate for the domain under which you are running the Notebook server.

11
minimal-notebook/Dockerfile
View File

@@ -24,8 +24,11 @@ RUN apt-get update && apt-get install -yq --no-install-recommends \
sudo \
&& apt-get clean
# Configure docker environment
ENV CONDA_DIR /opt/conda
ENV NB_USER jovyan
ENV WORK /home/$NB_USER/work
ENV PATH $CONDA_DIR/bin:$PATH
# Install conda
RUN echo export PATH=$CONDA_DIR/bin:'$PATH' > /etc/profile.d/conda.sh && \
@@ -34,14 +37,6 @@ RUN echo export PATH=$CONDA_DIR/bin:'$PATH' > /etc/profile.d/conda.sh && \
rm Miniconda3-3.9.1-Linux-x86_64.sh && \
$CONDA_DIR/bin/conda install --yes conda==3.14.1
# Configure docker environment
ENV PATH $CONDA_DIR/bin:$PATH
# Setup a work directory rooted in home for ease of volume mounting
ENV WORK /notebooks
RUN mkdir -p $WORK && chown root.users $WORK && chmod g+w $WORK
WORKDIR $WORK
# Install Jupyter notebook
RUN conda install --yes \
'notebook=4.0*' \

2
minimal-notebook/README.md
View File

@@ -21,7 +21,7 @@ You may customize the execution of the Docker container and the Notebook server
* `-e PASSWORD="YOURPASS"` - Configures Jupyter Notebook to require the given password. Should be conbined with `USE_HTTPS` on untrusted networks.
* `-e USE_HTTPS=yes` - Configures Jupyter Notebook to accept encrypted HTTPS connections. If a `pem` file containing a SSL certificate and key is not provided (see below), the container will generate a self-signed certificate for you.
* `-e NB_UID=1000` - Specify the uid of the `jovyan` user. Useful to mount host volumes with specific file ownership.
* **(v4.0.x)** `-e NB_UID=1000` - Specify the uid of the `jovyan` user. Useful to mount host volumes with specific file ownership.
* `-e GRANT_SUDO=yes` - Gives the `jovyan` user passwordless `sudo` capability. Useful for installing OS packages. **You should only enable `sudo` if you trust the user or if the container is running on an isolated host.**
* `-v /some/host/folder/for/work:/home/jovyan/work` - Host mounts the default working directory on the host to preserve work even when the container is destroyed and recreated (e.g., during an upgrade).
* **(v3.2.x)** `-v /some/host/folder/for/server.pem:/home/jovyan/.ipython/profile_default/security/notebook.pem` - Mounts a SSL certificate plus key for `USE_HTTPS`. Useful if you have a real certificate for the domain under which you are running the Notebook server.

6
minimal-notebook/start-notebook.sh
View File

@@ -1,4 +1,5 @@
#!/bin/bash
set -e
# Create non-root NB_USER, member of group "users"
useradd -m -s /bin/bash -u ${NB_UID:-1000} -G users $NB_USER
@@ -7,6 +8,11 @@ useradd -m -s /bin/bash -u ${NB_UID:-1000} -G users $NB_USER
chown -R root.users $CONDA_DIR
chmod -R g+w $CONDA_DIR
# Setup a work directory rooted in the NB_USER home
mkdir -p $WORK
chown root.users $WORK
chmod g+w $WORK
# Enable sudo if requested
if [ ! -z "$GRANT_SUDO" ]; then
echo "$NB_USER ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/notebook

9
pyspark-notebook/Dockerfile
View File

@@ -3,8 +3,6 @@ FROM jupyter/minimal-notebook
MAINTAINER Jupyter Project <jupyter@googlegroups.com>
USER root
# Spark dependencies
ENV APACHE_SPARK_VERSION 1.4.1
RUN apt-get -y update && \
@@ -22,8 +20,6 @@ RUN apt-key adv --keyserver keyserver.ubuntu.com --recv E56151BF && \
apt-get --no-install-recommends -y --force-yes install mesos=0.22.1-1.0.debian78 && \
apt-get clean
USER jovyan
# Spark and Mesos pointers
ENV SPARK_HOME /usr/local/spark
ENV PYTHONPATH $SPARK_HOME/python:$SPARK_HOME/python/lib/py4j-0.8.2.1-src.zip
@@ -52,7 +48,4 @@ RUN conda create -p $CONDA_DIR/envs/python2 python=2.7 \
&& conda clean -yt
RUN $CONDA_DIR/envs/python2/bin/python \
$CONDA_DIR/envs/python2/bin/ipython \
kernelspec install-self --user
# Switch back to root so that supervisord runs under that user
USER root
kernelspec install-self

1
pyspark-notebook/README.md
View File

@@ -93,6 +93,7 @@ You may customize the execution of the Docker container and the Notebook server
* `-e PASSWORD="YOURPASS"` - Configures Jupyter Notebook to require the given password. Should be conbined with `USE_HTTPS` on untrusted networks.
* `-e USE_HTTPS=yes` - Configures Jupyter Notebook to accept encrypted HTTPS connections. If a `pem` file containing a SSL certificate and key is not found in `/home/jovyan/.ipython/profile_default/security/notebook.pem`, the container will generate a self-signed certificate for you.
* **(v4.0.x)** `-e NB_UID=1000` - Specify the uid of the `jovyan` user. Useful to mount host volumes with specific file ownership.
* `-e GRANT_SUDO=yes` - Gives the `jovyan` user passwordless `sudo` capability. Useful for installing OS packages. **You should only enable `sudo` if you trust the user or if the container is running on an isolated host.**
* `-v /some/host/folder/for/work:/home/jovyan/work` - Host mounts the default working directory on the host to preserve work even when the container is destroyed and recreated (e.g., during an upgrade).
* **(v3.2.x)** `-v /some/host/folder/for/server.pem:/home/jovyan/.ipython/profile_default/security/notebook.pem` - Mounts a SSL certificate plus key for `USE_HTTPS`. Useful if you have a real certificate for the domain under which you are running the Notebook server.

5
r-notebook/Dockerfile
View File

@@ -11,8 +11,6 @@ RUN apt-get update && \
gfortran \
gcc && apt-get clean
USER jovyan
# R packages
RUN conda config --add channels r
RUN conda install --yes \
@@ -33,6 +31,3 @@ RUN conda install --yes \
'r-caret=6.0*' \
'r-rcurl=1.95*' \
'r-randomforest=4.6*' && conda clean -yt
# Switch back to root so that supervisord runs under that user
USER root

1
r-notebook/README.md
View File

@@ -21,6 +21,7 @@ You may customize the execution of the Docker container and the Notebook server
* `-e PASSWORD="YOURPASS"` - Configures Jupyter Notebook to require the given password. Should be conbined with `USE_HTTPS` on untrusted networks.
* `-e USE_HTTPS=yes` - Configures Jupyter Notebook to accept encrypted HTTPS connections. If a `pem` file containing a SSL certificate and key is not found in `/home/jovyan/.ipython/profile_default/security/notebook.pem`, the container will generate a self-signed certificate for you.
* **(v4.0.x)** `-e NB_UID=1000` - Specify the uid of the `jovyan` user. Useful to mount host volumes with specific file ownership.
* `-e GRANT_SUDO=yes` - Gives the `jovyan` user passwordless `sudo` capability. Useful for installing OS packages. **You should only enable `sudo` if you trust the user or if the container is running on an isolated host.**
* `-v /some/host/folder/for/work:/home/jovyan/work` - Host mounts the default working directory on the host to preserve work even when the container is destroyed and recreated (e.g., during an upgrade).
* **(v3.2.x)** `-v /some/host/folder/for/server.pem:/home/jovyan/.ipython/profile_default/security/notebook.pem` - Mounts a SSL certificate plus key for `USE_HTTPS`. Useful if you have a real certificate for the domain under which you are running the Notebook server.

7
scipy-notebook/Dockerfile
View File

@@ -3,8 +3,6 @@ FROM jupyter/minimal-notebook
MAINTAINER Jupyter Project <jupyter@googlegroups.com>
USER jovyan
# Install Python 3 packages
RUN conda install --yes \
'ipywidgets=4.0*' \
@@ -46,7 +44,4 @@ RUN conda create -p $CONDA_DIR/envs/python2 python=2.7 \
&& conda clean -yt
RUN $CONDA_DIR/envs/python2/bin/python \
$CONDA_DIR/envs/python2/bin/ipython \
kernelspec install-self --user
# Switch back to root so that supervisord runs under that user
USER root
kernelspec install-self

1
scipy-notebook/README.md
View File

@@ -21,6 +21,7 @@ You may customize the execution of the Docker container and the Notebook server
* `-e PASSWORD="YOURPASS"` - Configures Jupyter Notebook to require the given password. Should be conbined with `USE_HTTPS` on untrusted networks.
* `-e USE_HTTPS=yes` - Configures Jupyter Notebook to accept encrypted HTTPS connections. If a `pem` file containing a SSL certificate and key is not found in `/home/jovyan/.ipython/profile_default/security/notebook.pem`, the container will generate a self-signed certificate for you.
* **(v4.0.x)** `-e NB_UID=1000` - Specify the uid of the `jovyan` user. Useful to mount host volumes with specific file ownership.
* `-e GRANT_SUDO=yes` - Gives the `jovyan` user passwordless `sudo` capability. Useful for installing OS packages. **You should only enable `sudo` if you trust the user or if the container is running on an isolated host.**
* `-v /some/host/folder/for/work:/home/jovyan/work` - Host mounts the default working directory on the host to preserve work even when the container is destroyed and recreated (e.g., during an upgrade).
* **(v3.2.x)** `-v /some/host/folder/for/server.pem:/home/jovyan/.ipython/profile_default/security/notebook.pem` - Mounts a SSL certificate plus key for `USE_HTTPS`. Useful if you have a real certificate for the domain under which you are running the Notebook server.