diff --git a/all-spark-notebook/Dockerfile b/all-spark-notebook/Dockerfile index 5403ee73..d2adda6e 100644 --- a/all-spark-notebook/Dockerfile +++ b/all-spark-notebook/Dockerfile @@ -8,8 +8,8 @@ LABEL maintainer="Jupyter Project " USER root # RSpark config -ENV R_LIBS_USER $SPARK_HOME/R/lib -RUN fix-permissions $R_LIBS_USER +ENV R_LIBS_USER "${SPARK_HOME}/R/lib" +RUN fix-permissions "${R_LIBS_USER}" # R pre-requisites RUN apt-get update --yes && \ diff --git a/base-notebook/Dockerfile b/base-notebook/Dockerfile index d8c709c9..2e35557a 100644 --- a/base-notebook/Dockerfile +++ b/base-notebook/Dockerfile @@ -90,15 +90,15 @@ RUN echo "auth requisite pam_deny.so" >> /etc/pam.d/su && \ mkdir -p $CONDA_DIR && \ chown $NB_USER:$NB_GID $CONDA_DIR && \ chmod g+w /etc/passwd && \ - fix-permissions $HOME && \ - fix-permissions $CONDA_DIR + fix-permissions "${HOME}" && \ + fix-permissions "${CONDA_DIR}" USER $NB_UID ARG PYTHON_VERSION=default # Setup work directory for backward-compatibility RUN mkdir "/home/$NB_USER/work" && \ - fix-permissions "/home/$NB_USER" + fix-permissions "/home/${NB_USER}" # Install conda as jovyan and check the sha256 sum provided on the download site WORKDIR /tmp @@ -120,8 +120,8 @@ RUN wget --quiet "https://github.com/conda-forge/miniforge/releases/download/${m conda update --all --quiet --yes && \ conda clean --all -f -y && \ rm -rf /home/$NB_USER/.cache/yarn && \ - fix-permissions $CONDA_DIR && \ - fix-permissions /home/$NB_USER + fix-permissions "${CONDA_DIR}" && \ + fix-permissions "/home/${NB_USER}" # Install Jupyter Notebook, Lab, and Hub # Generate a notebook server config @@ -138,8 +138,8 @@ RUN conda install --quiet --yes \ jupyter notebook --generate-config && \ jupyter lab clean && \ rm -rf /home/$NB_USER/.cache/yarn && \ - fix-permissions $CONDA_DIR && \ - fix-permissions /home/$NB_USER + fix-permissions "${CONDA_DIR}" && \ + fix-permissions "/home/${NB_USER}" EXPOSE 8888 diff --git a/docs/using/common.md b/docs/using/common.md index 3fc1fc63..894809b5 100644 --- a/docs/using/common.md +++ b/docs/using/common.md @@ -137,7 +137,7 @@ conda install --channel defaults humanize conda config --system --prepend channels defaults # install a package conda install --quiet --yes humanize && \ - mamba clean --all -f -y && \ + conda clean --all -f -y && \ fix-permissions "${CONDA_DIR}" && \ fix-permissions "/home/${NB_USER}" ``` diff --git a/docs/using/recipes.md b/docs/using/recipes.md index 13129c77..5091220c 100644 --- a/docs/using/recipes.md +++ b/docs/using/recipes.md @@ -32,7 +32,9 @@ Create a new Dockerfile like the one shown below. # Start from a core stack version FROM jupyter/datascience-notebook:33add21fab64 # Install in the default python3 environment -RUN pip install 'ggplot==0.6.8' +RUN pip install --quiet --no-cache-dir 'flake8==3.9.2' && \ + fix-permissions "${CONDA_DIR}" && \ + fix-permissions "/home/${NB_USER}" ``` Then build a new image. @@ -49,9 +51,9 @@ packages desired. Next, create a new Dockerfile like the one shown below. FROM jupyter/datascience-notebook:33add21fab64 # Install from requirements.txt file COPY --chown=${NB_UID}:${NB_GID} requirements.txt /tmp/ -RUN pip install --requirement /tmp/requirements.txt && \ - fix-permissions $CONDA_DIR && \ - fix-permissions /home/$NB_USER +RUN pip install --quiet --no-cache-dir --requirement /tmp/requirements.txt && \ + fix-permissions "${CONDA_DIR}" && \ + fix-permissions "/home/${NB_USER}" ``` For conda, the Dockerfile is similar: @@ -62,8 +64,9 @@ FROM jupyter/datascience-notebook:33add21fab64 # Install from requirements.txt file COPY --chown=${NB_UID}:${NB_GID} requirements.txt /tmp/ RUN conda install --yes --file /tmp/requirements.txt && \ - fix-permissions $CONDA_DIR && \ - fix-permissions /home/$NB_USER + conda clean --all -f -y && \ + fix-permissions "${CONDA_DIR}" && \ + fix-permissions "/home/${NB_USER}" ``` Ref: [docker-stacks/commit/79169618d571506304934a7b29039085e77db78c](https://github.com/jupyter/docker-stacks/commit/79169618d571506304934a7b29039085e77db78c#commitcomment-15960081) @@ -124,8 +127,8 @@ RUN conda create --quiet --yes -p $CONDA_DIR/envs/$conda_env python=$py_ver ipyt # create Python 3.x environment and link it to jupyter RUN $CONDA_DIR/envs/${conda_env}/bin/python -m ipykernel install --user --name=${conda_env} && \ - fix-permissions $CONDA_DIR && \ - fix-permissions /home/$NB_USER + fix-permissions "${CONDA_DIR}" && \ + fix-permissions "/home/${NB_USER}" # any additional pip installs can be added by uncommenting the following line # RUN $CONDA_DIR/envs/${conda_env}/bin/pip install @@ -154,7 +157,9 @@ Run jupyterlab using a command such as FROM jupyter/scipy-notebook:latest # Install the Dask dashboard -RUN pip install dask-labextension +RUN pip install --quiet --no-cache-dir dask-labextension && \ + fix-permissions "${CONDA_DIR}" && \ + fix-permissions "/home/${NB_USER}" # Dask Scheduler & Bokeh ports EXPOSE 8787 @@ -192,7 +197,10 @@ notebooks, with no conversion, adding javascript Reveal.js: ```bash # Add Live slideshows with RISE -RUN conda install -c damianavila82 rise +RUN conda install --quiet --yes -c damianavila82 rise && \ + conda clean --all -f -y && \ + fix-permissions "${CONDA_DIR}" && \ + fix-permissions "/home/${NB_USER}" ``` Credit: [Paolo D.](https://github.com/pdonorio) based on @@ -204,11 +212,16 @@ You need to install conda's gcc for Python xgboost to work properly. Otherwise, exception about libgomp.so.1 missing GOMP_4.0. ```bash -%%bash -conda install -y gcc -pip install xgboost +conda install --quiet --yes gcc && \ + conda clean --all -f -y && \ + fix-permissions "${CONDA_DIR}" && \ + fix-permissions "/home/${NB_USER}" -import xgboost +pip install --quiet --no-cache-dir xgboost && \ + fix-permissions "${CONDA_DIR}" && \ + fix-permissions "/home/${NB_USER}" + +# run "import xgboost" in python ``` ## Running behind a nginx proxy @@ -308,7 +321,9 @@ version in the Hub itself. ```dockerfile FROM jupyter/base-notebook:33add21fab64 -RUN pip install jupyterhub==0.8.0b1 +RUN pip install --quiet --no-cache-dir jupyterhub==1.4.1 && \ + fix-permissions "${CONDA_DIR}" && \ + fix-permissions "/home/${NB_USER}" ``` Credit: [MinRK](https://github.com/jupyter/docker-stacks/issues/423#issuecomment-322767742) @@ -444,9 +459,11 @@ USER $NB_USER # - Dashboards # - PyDoop # - PyHive -RUN pip install jupyter_dashboards faker && \ +RUN pip install --quiet --no-cache-dir jupyter_dashboards faker && \ jupyter dashboards quick-setup --sys-prefix && \ - pip2 install pyhive pydoop thrift sasl thrift_sasl faker + pip2 install --quiet --no-cache-dir pyhive pydoop thrift sasl thrift_sasl faker && \ + fix-permissions "${CONDA_DIR}" && \ + fix-permissions "/home/${NB_USER}" USER root # Ensure we overwrite the kernel config so that toree connects to cluster @@ -488,10 +505,12 @@ FROM jupyter/minimal-notebook:latest USER $NB_USER -RUN pip install jupyter_contrib_nbextensions && \ +RUN pip install --quiet --no-cache-dir jupyter_contrib_nbextensions && \ jupyter contrib nbextension install --user && \ # can modify or enable additional extensions here - jupyter nbextension enable spellchecker/main --user + jupyter nbextension enable spellchecker/main --user && \ + fix-permissions "${CONDA_DIR}" && \ + fix-permissions "/home/${NB_USER}" ``` Ref: @@ -513,7 +532,9 @@ RUN apt-get update --yes && \ USER $NB_UID -RUN pip install --quiet --no-cache-dir auto-sklearn +RUN pip install --quiet --no-cache-dir auto-sklearn && \ + fix-permissions "${CONDA_DIR}" && \ + fix-permissions "/home/${NB_USER}" ``` ## Enable Delta Lake in Spark notebooks diff --git a/examples/docker-compose/notebook/Dockerfile b/examples/docker-compose/notebook/Dockerfile index d08062ce..b9309cc7 100644 --- a/examples/docker-compose/notebook/Dockerfile +++ b/examples/docker-compose/notebook/Dockerfile @@ -13,4 +13,4 @@ USER $NB_UID # Switch back to jovyan to avoid accidental container runs as root # Add permanent pip/conda installs, data files, other user libs here -# e.g., RUN pip install jupyter_dashboards +# e.g., RUN pip install --quiet --no-cache-dir flake8 diff --git a/examples/make-deploy/Dockerfile b/examples/make-deploy/Dockerfile index d08062ce..b9309cc7 100644 --- a/examples/make-deploy/Dockerfile +++ b/examples/make-deploy/Dockerfile @@ -13,4 +13,4 @@ USER $NB_UID # Switch back to jovyan to avoid accidental container runs as root # Add permanent pip/conda installs, data files, other user libs here -# e.g., RUN pip install jupyter_dashboards +# e.g., RUN pip install --quiet --no-cache-dir flake8 diff --git a/examples/source-to-image/README.md b/examples/source-to-image/README.md index b650d73f..2832af7a 100644 --- a/examples/source-to-image/README.md +++ b/examples/source-to-image/README.md @@ -102,8 +102,8 @@ This means that so long as a set of notebook files provides one of these files l A final step is: ```bash -fix-permissions $CONDA_DIR -fix-permissions /home/$NB_USER +fix-permissions "${CONDA_DIR}" +fix-permissions "/home/${NB_USER}" ``` This fixes up permissions on any new files created by the build. This is necessary to ensure that when the image is run, you can still install additional files. This is important for when an image is run in `sudo` mode, or it is hosted in a more secure container platform such as Kubernetes/OpenShift where it will be run as a set user ID that isn't known in advance. diff --git a/r-notebook/Dockerfile b/r-notebook/Dockerfile index 8d314006..056d4f6b 100644 --- a/r-notebook/Dockerfile +++ b/r-notebook/Dockerfile @@ -49,4 +49,7 @@ RUN conda install --quiet --yes \ fix-permissions "/home/${NB_USER}" # Install e1071 R package (dependency of the caret R package) -RUN conda install --quiet --yes r-e1071 +RUN conda install --quiet --yes r-e1071 && \ + conda clean --all -f -y && \ + fix-permissions "${CONDA_DIR}" && \ + fix-permissions "/home/${NB_USER}" diff --git a/tensorflow-notebook/Dockerfile b/tensorflow-notebook/Dockerfile index 7be3aed8..3271de75 100644 --- a/tensorflow-notebook/Dockerfile +++ b/tensorflow-notebook/Dockerfile @@ -8,6 +8,6 @@ LABEL maintainer="Jupyter Project " # Install Tensorflow RUN mamba install --quiet --yes \ 'tensorflow=2.4.1' && \ - conda clean --all -f -y && \ + mamba clean --all -f -y && \ fix-permissions "${CONDA_DIR}" && \ fix-permissions "/home/${NB_USER}"