From 69d0c6788b53e1a874ba9a3be2fc1496bae67b05 Mon Sep 17 00:00:00 2001 From: Greg Merritt Date: Sun, 7 Jul 2024 14:53:39 -0700 Subject: [PATCH 01/25] UGR GKE as GCP Deployments; minor docs edit --- docs/admins/cluster-config.rst | 6 +- .../ugr/gke/configs/gke_ugresearch.yaml | 17 ++++ .../ugr/gke/configs/node_pool_ugr01.yaml | 16 ++++ vendor/google/ugr/gke/deploy_gke_ugr.sh | 21 +++++ .../google/ugr/gke/deploy_node_pool_ugr01.sh | 21 +++++ .../google/ugr/gke/templates/gke_template.py | 78 +++++++++++++++++++ .../ugr/gke/templates/node_pool_template.py | 53 +++++++++++++ 7 files changed, 211 insertions(+), 1 deletion(-) create mode 100644 vendor/google/ugr/gke/configs/gke_ugresearch.yaml create mode 100644 vendor/google/ugr/gke/configs/node_pool_ugr01.yaml create mode 100755 vendor/google/ugr/gke/deploy_gke_ugr.sh create mode 100755 vendor/google/ugr/gke/deploy_node_pool_ugr01.sh create mode 100644 vendor/google/ugr/gke/templates/gke_template.py create mode 100644 vendor/google/ugr/gke/templates/node_pool_template.py diff --git a/docs/admins/cluster-config.rst b/docs/admins/cluster-config.rst index c9973e93b..0c06b57d5 100644 --- a/docs/admins/cluster-config.rst +++ b/docs/admins/cluster-config.rst @@ -25,6 +25,8 @@ A ``gcloud container clusters create`` command can succintly express the configuration of our kubernetes cluster. The following command represents the currently favored configuration. +This creates the GKE cluster. It may host one or more node pools: + .. code:: bash gcloud container clusters create \ @@ -42,6 +44,8 @@ the currently favored configuration. --tags=hub-cluster \ +Here's how we add a node pool to the cluster, beyond the default pool: + .. code:: bash gcloud container node-pools create \ @@ -56,7 +60,7 @@ the currently favored configuration. --disk-size=200 --disk-type=pd-balanced \ --no-enable-autoupgrade \ --tags=hub-cluster \ - --cluster=spring-2024 \ + --cluster= \ user----
diff --git a/vendor/google/ugr/gke/configs/gke_ugresearch.yaml b/vendor/google/ugr/gke/configs/gke_ugresearch.yaml new file mode 100644 index 000000000..134b2f047 --- /dev/null +++ b/vendor/google/ugr/gke/configs/gke_ugresearch.yaml @@ -0,0 +1,17 @@ +imports: + - path: ../templates/gke_template.py + +resources: + - name: ugresearch-cluster + type: ../templates/gke_template.py + properties: + clusterName: ugresearch-cluster + region: us-central1 + poolName: core + dateSuffix: '2024-07-07' + nodeLocation: us-central1-b + initialNodeCount: 1 + diskSizeGb: 100 + machineType: n2-standard-2 + minNodeCount: 1 + maxNodeCount: 20 \ No newline at end of file diff --git a/vendor/google/ugr/gke/configs/node_pool_ugr01.yaml b/vendor/google/ugr/gke/configs/node_pool_ugr01.yaml new file mode 100644 index 000000000..9ac8f88f0 --- /dev/null +++ b/vendor/google/ugr/gke/configs/node_pool_ugr01.yaml @@ -0,0 +1,16 @@ +imports: + - path: ../templates/node_pool_template.py + +resources: + - name: ugr01-node-pool + type: ../templates/node_pool_template.py + properties: + poolName: ugr01 + clusterName: ugresearch-cluster + region: us-central1 + dateSuffix: '2024-07-07' + initialNodeCount: 1 + diskSizeGb: 100 + machineType: n2-standard-2 + minNodeCount: 1 + maxNodeCount: 20 \ No newline at end of file diff --git a/vendor/google/ugr/gke/deploy_gke_ugr.sh b/vendor/google/ugr/gke/deploy_gke_ugr.sh new file mode 100755 index 000000000..ed7dce1b8 --- /dev/null +++ b/vendor/google/ugr/gke/deploy_gke_ugr.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +# Define variables +PROJECT_ID="ucb-datahub-2018" # Replace this with your actual GCP project ID +DEPLOYMENT_NAME="ugr-gke-deployment" +CONFIG_PATH="./configs/gke_ugresearch.yaml" + +# Set the GCP project context +gcloud config set project "$PROJECT_ID" + +# Navigate to the directory where the deploy.sh script is located +cd "$(dirname "$0")" + +# Deploy the configuration +gcloud deployment-manager deployments create "$DEPLOYMENT_NAME" --config "$CONFIG_PATH" || \ +gcloud deployment-manager deployments update "$DEPLOYMENT_NAME" --config "$CONFIG_PATH" + +# To manually delete the deployment, run the following command: +# gcloud deployment-manager deployments delete "$DEPLOYMENT_NAME" + +echo "Deployment process completed." \ No newline at end of file diff --git a/vendor/google/ugr/gke/deploy_node_pool_ugr01.sh b/vendor/google/ugr/gke/deploy_node_pool_ugr01.sh new file mode 100755 index 000000000..a88aa49c9 --- /dev/null +++ b/vendor/google/ugr/gke/deploy_node_pool_ugr01.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +# Define variables +PROJECT_ID="ucb-datahub-2018" # Replace this with your actual GCP project ID +DEPLOYMENT_NAME="ugr-ugr01-node-pool-deployment" +CONFIG_PATH="./configs/node_pool_ugr01.yaml" + +# Set the GCP project context +gcloud config set project "$PROJECT_ID" + +# Navigate to the directory where the script is located +cd "$(dirname "$0")" + +# Deploy the node pool configuration +gcloud deployment-manager deployments create "$DEPLOYMENT_NAME" --config "$CONFIG_PATH" || \ +gcloud deployment-manager deployments update "$DEPLOYMENT_NAME" --config "$CONFIG_PATH" + +# To manually delete the deployment, run the following command: +# gcloud deployment-manager deployments delete "$DEPLOYMENT_NAME" + +echo "Node pool deployment process completed." \ No newline at end of file diff --git a/vendor/google/ugr/gke/templates/gke_template.py b/vendor/google/ugr/gke/templates/gke_template.py new file mode 100644 index 000000000..4f8e96b84 --- /dev/null +++ b/vendor/google/ugr/gke/templates/gke_template.py @@ -0,0 +1,78 @@ +"""Creates a GKE cluster with specific configurations.""" + + +def GenerateConfig(context): + """Generates the YAML resource configuration.""" + + project = context.env['project'] + cluster_name = context.properties['clusterName'] + region = context.properties['region'] + pool_name = context.properties['poolName'] + date_suffix = context.properties['dateSuffix'] # Format: yyyy-mm-dd + node_location = context.properties['nodeLocation'] + initial_node_count = context.properties['initialNodeCount'] + disk_size_gb = context.properties['diskSizeGb'] + machine_type = context.properties['machineType'] + min_node_count = context.properties['minNodeCount'] + max_node_count = context.properties['maxNodeCount'] + + resources = [{ + 'name': cluster_name, + 'type': 'gcp-types/container-v1:projects.locations.clusters', + 'properties': { + 'parent': f'projects/{project}/locations/{region}', + 'cluster': { + 'name': cluster_name, + 'initialClusterVersion': 'latest', + 'location': region, + 'locations': [node_location], + 'ipAllocationPolicy': { + 'useIpAliases': True + }, + 'addonsConfig': { + 'httpLoadBalancing': { + 'disabled': True + } + }, + 'nodePools': [{ + 'name': f'{pool_name}-{date_suffix}', + 'initialNodeCount': initial_node_count, + 'config': { + 'diskSizeGb': disk_size_gb, + 'diskType': 'pd-balanced', + 'machineType': machine_type, + 'imageType': 'COS_CONTAINERD', + 'labels': { + 'hub.jupyter.org/pool-name': f'{pool_name}-pool-{date_suffix}' + }, + 'oauthScopes': [ + 'https://www.googleapis.com/auth/compute', + 'https://www.googleapis.com/auth/devstorage.read_only', + 'https://www.googleapis.com/auth/logging.write', + 'https://www.googleapis.com/auth/monitoring', + 'https://www.googleapis.com/auth/servicecontrol', + 'https://www.googleapis.com/auth/service.management.readonly', + 'https://www.googleapis.com/auth/trace.append' + ], + }, + 'autoscaling': { + 'enabled': True, + 'maxNodeCount': max_node_count, + 'minNodeCount': min_node_count + }, + 'management': { + 'autoUpgrade': False, + 'autoRepair': True + }, + 'locations': [ + node_location + ] + }], + 'networkPolicy': { + 'enabled': True + } + } + } + }] + + return {'resources': resources} diff --git a/vendor/google/ugr/gke/templates/node_pool_template.py b/vendor/google/ugr/gke/templates/node_pool_template.py new file mode 100644 index 000000000..19a9806a2 --- /dev/null +++ b/vendor/google/ugr/gke/templates/node_pool_template.py @@ -0,0 +1,53 @@ +"""Creates a GKE node pool with specific configurations.""" + + +def GenerateConfig(context): + """Generates the YAML resource configuration for a node pool.""" + + pool_name = context.properties['poolName'] + cluster_name = context.properties['clusterName'] + region = context.properties['region'] + date_suffix = context.properties['dateSuffix'] # Format: yyyy-mm-dd + initial_node_count = context.properties['initialNodeCount'] + disk_size_gb = context.properties['diskSizeGb'] + machine_type = context.properties['machineType'] + min_node_count = context.properties['minNodeCount'] + max_node_count = context.properties['maxNodeCount'] + + resources = [{ + 'name': f'user-{pool_name}-{date_suffix}', + 'type': 'gcp-types/container-v1:projects.locations.clusters.nodePools', + 'properties': { + 'parent': f'projects/{context.env["project"]}/locations/{region}/clusters/{cluster_name}', + 'nodePool': { + 'name': f'{pool_name}-pool', + 'initialNodeCount': initial_node_count, + 'config': { + 'machineType': machine_type, + 'diskSizeGb': disk_size_gb, + 'diskType': 'pd-balanced', + 'imageType': 'COS_CONTAINERD', + 'labels': { + 'hub.jupyter.org/pool-name': f'{pool_name}-pool' + }, + 'taints': [{ + 'key': 'hub.jupyter.org_dedicated', + 'value': 'user', + 'effect': 'NO_SCHEDULE' + }], + 'tags': ['hub-cluster'], + }, + 'autoscaling': { + 'enabled': True, + 'maxNodeCount': max_node_count, + 'minNodeCount': min_node_count + }, + 'management': { + 'autoUpgrade': False, + 'autoRepair': True + }, + } + } + }] + + return {'resources': resources} From 3c4684ca4c3bae886d49908cb60d690a9c599e1a Mon Sep 17 00:00:00 2001 From: Greg Merritt Date: Mon, 8 Jul 2024 11:18:36 -0700 Subject: [PATCH 02/25] Clean-up thanks to Shane's feedback --- vendor/google/ugr/gke/configs/gke_ugresearch.yaml | 2 +- vendor/google/ugr/gke/configs/node_pool_ugr01.yaml | 2 +- vendor/google/ugr/gke/deploy_gke_ugr.sh | 3 ++- vendor/google/ugr/gke/deploy_node_pool_ugr01.sh | 3 ++- 4 files changed, 6 insertions(+), 4 deletions(-) diff --git a/vendor/google/ugr/gke/configs/gke_ugresearch.yaml b/vendor/google/ugr/gke/configs/gke_ugresearch.yaml index 134b2f047..fe23b0362 100644 --- a/vendor/google/ugr/gke/configs/gke_ugresearch.yaml +++ b/vendor/google/ugr/gke/configs/gke_ugresearch.yaml @@ -14,4 +14,4 @@ resources: diskSizeGb: 100 machineType: n2-standard-2 minNodeCount: 1 - maxNodeCount: 20 \ No newline at end of file + maxNodeCount: 20 diff --git a/vendor/google/ugr/gke/configs/node_pool_ugr01.yaml b/vendor/google/ugr/gke/configs/node_pool_ugr01.yaml index 9ac8f88f0..5979cc1af 100644 --- a/vendor/google/ugr/gke/configs/node_pool_ugr01.yaml +++ b/vendor/google/ugr/gke/configs/node_pool_ugr01.yaml @@ -13,4 +13,4 @@ resources: diskSizeGb: 100 machineType: n2-standard-2 minNodeCount: 1 - maxNodeCount: 20 \ No newline at end of file + maxNodeCount: 20 diff --git a/vendor/google/ugr/gke/deploy_gke_ugr.sh b/vendor/google/ugr/gke/deploy_gke_ugr.sh index ed7dce1b8..7ca45f98a 100755 --- a/vendor/google/ugr/gke/deploy_gke_ugr.sh +++ b/vendor/google/ugr/gke/deploy_gke_ugr.sh @@ -1,4 +1,5 @@ #!/bin/bash +set -euo pipefail # Define variables PROJECT_ID="ucb-datahub-2018" # Replace this with your actual GCP project ID @@ -18,4 +19,4 @@ gcloud deployment-manager deployments update "$DEPLOYMENT_NAME" --config "$CONFI # To manually delete the deployment, run the following command: # gcloud deployment-manager deployments delete "$DEPLOYMENT_NAME" -echo "Deployment process completed." \ No newline at end of file +echo "Deployment process completed." diff --git a/vendor/google/ugr/gke/deploy_node_pool_ugr01.sh b/vendor/google/ugr/gke/deploy_node_pool_ugr01.sh index a88aa49c9..8f95fc211 100755 --- a/vendor/google/ugr/gke/deploy_node_pool_ugr01.sh +++ b/vendor/google/ugr/gke/deploy_node_pool_ugr01.sh @@ -1,4 +1,5 @@ #!/bin/bash +set -euo pipefail # Define variables PROJECT_ID="ucb-datahub-2018" # Replace this with your actual GCP project ID @@ -18,4 +19,4 @@ gcloud deployment-manager deployments update "$DEPLOYMENT_NAME" --config "$CONFI # To manually delete the deployment, run the following command: # gcloud deployment-manager deployments delete "$DEPLOYMENT_NAME" -echo "Node pool deployment process completed." \ No newline at end of file +echo "Node pool deployment process completed." From 6d1b6f2ab7db2171c0f06cf311e4cc0172e869b6 Mon Sep 17 00:00:00 2001 From: Greg Merritt Date: Tue, 16 Jul 2024 14:34:22 -0700 Subject: [PATCH 03/25] cookiecutter'ed the deployment, sops'ed the secrets --- deployments/ugr01/config/common.yaml | 94 +++++++++++++++++++ .../ugr01/config/filestore/squash-flags.json | 16 ++++ deployments/ugr01/config/prod.yaml | 18 ++++ deployments/ugr01/config/staging.yaml | 19 ++++ deployments/ugr01/hubploy.yaml | 17 ++++ deployments/ugr01/secrets/prod.yaml | 21 +++++ deployments/ugr01/secrets/staging.yaml | 21 +++++ 7 files changed, 206 insertions(+) create mode 100644 deployments/ugr01/config/common.yaml create mode 100644 deployments/ugr01/config/filestore/squash-flags.json create mode 100644 deployments/ugr01/config/prod.yaml create mode 100644 deployments/ugr01/config/staging.yaml create mode 100644 deployments/ugr01/hubploy.yaml create mode 100644 deployments/ugr01/secrets/prod.yaml create mode 100644 deployments/ugr01/secrets/staging.yaml diff --git a/deployments/ugr01/config/common.yaml b/deployments/ugr01/config/common.yaml new file mode 100644 index 000000000..1b6ec1473 --- /dev/null +++ b/deployments/ugr01/config/common.yaml @@ -0,0 +1,94 @@ +nfsPVC: + enabled: true + nfs: + serverIP: 10.49.181.18 + +jupyterhub: + scheduling: + userScheduler: + nodeSelector: + hub.jupyter.org/pool-name: core-pool-2024-05-08 + proxy: + chp: + nodeSelector: + hub.jupyter.org/pool-name: core-pool-2024-05-08 + + hub: + nodeSelector: + hub.jupyter.org/pool-name: core-pool-2024-05-08 + config: + loadRoles: + # datahub staff + datahub-staff: + description: Enable admin for datahub staff + # this role provides permissions to... + scopes: + - admin-ui + - admin:groups + - admin:users + - admin:servers + - read:roles + - read:hub + - access:servers + # this role will be assigned to... + groups: + - course::1524699::group::all-admins + singleuser: + extraFiles: + # DH-216 + remove-exporters: + mountPath: /etc/jupyter/jupyter_notebook_config.py + stringData: | + c.QtPDFExporter.enabled = False + c.QtPNGExporter.enabled = False + c.WebPDFExporter.enabled = False + extraEnv: + # Unset NotebookApp from hub/values. Necessary for recent lab versions. + JUPYTERHUB_SINGLEUSER_APP: "jupyter_server.serverapp.ServerApp" + nodeSelector: + hub.jupyter.org/pool-name: user-ugr01 + storage: + type: static + static: + pvcName: home-nfs-v3 + subPath: "{username}" + memory: + guarantee: 512M + limit: 1G + + #custom: + # group_profiles: + # + # # Example: increase memory for everyone affiliated with a course. + # + # # Name of Class 100, Fall '22; requested in #98765 + # course::123456: + # mem_limit: 4096M + # mem_guarantee: 2048M + # + # # Example: grant admin rights to course staff. + # # Enrollment types returned by the Canvas API are `teacher`, + # # `student`, `ta`, `observer`, and `designer`. + # # https://canvas.instructure.com/doc/api/enrollments.html + # + # # Some other class 200, Spring '23; requested in #98776 + # course::234567::enrollment_type::teacher: + # mem_limit: 2096M + # mem_guarantee: 2048M + # course::234567::enrollment_type::ta: + # mem_limit: 2096M + # mem_guarantee: 2048M + # + # + # # Example: a fully specified CanvasOAuthenticator group name. + # # This could be useful for temporary resource bumps where the + # # instructor could add people to groups in the bCourses UI. This + # # would benefit from the ability to read resource bumps from + # # jupyterhub's properties. (attributes in the ORM) + # + # # Name of Class 100, Fall '22; requested in #98770 + # course::123456::group::lab4-bigdata: + # - mountPath: /home/rstudio/.ssh + # name: home + # subPath: _some_directory/_ssh + # readOnly: true diff --git a/deployments/ugr01/config/filestore/squash-flags.json b/deployments/ugr01/config/filestore/squash-flags.json new file mode 100644 index 000000000..d5d1e38e7 --- /dev/null +++ b/deployments/ugr01/config/filestore/squash-flags.json @@ -0,0 +1,16 @@ +{ +"--file-share": + { + "name": "shares", + "capacity": "desired-capacity", + "nfs-export-options": [ + { + "access-mode": "READ_WRITE", + "ip-ranges": ["10.0.0.0/8"], + "squash-mode": "ROOT_SQUASH", + "anon_uid": 1000, + "anon_gid": 1000 + } + ], + } +} diff --git a/deployments/ugr01/config/prod.yaml b/deployments/ugr01/config/prod.yaml new file mode 100644 index 000000000..9268ff061 --- /dev/null +++ b/deployments/ugr01/config/prod.yaml @@ -0,0 +1,18 @@ +nfsPVC: + nfs: + shareName: shares/ugr01/prod + +jupyterhub: + ingress: + enabled: true + hosts: + - ugr01.datahub.berkeley.edu + tls: + - secretName: tls-cert + hosts: + - ugr01.datahub.berkeley.edu + hub: + db: + pvc: + # This also holds logs + storage: 4Gi diff --git a/deployments/ugr01/config/staging.yaml b/deployments/ugr01/config/staging.yaml new file mode 100644 index 000000000..66224c5a3 --- /dev/null +++ b/deployments/ugr01/config/staging.yaml @@ -0,0 +1,19 @@ +nfsPVC: + nfs: + shareName: shares/ugr01/staging + +jupyterhub: + scheduling: + userScheduler: + replicas: 1 + prePuller: + continuous: + enabled: false + ingress: + enabled: true + hosts: + - ugr01-staging.datahub.berkeley.edu + tls: + - secretName: tls-cert + hosts: + - ugr01-staging.datahub.berkeley.edu diff --git a/deployments/ugr01/hubploy.yaml b/deployments/ugr01/hubploy.yaml new file mode 100644 index 000000000..7fd383042 --- /dev/null +++ b/deployments/ugr01/hubploy.yaml @@ -0,0 +1,17 @@ +images: + images: + - name: us-central1-docker.pkg.dev/ucb-datahub-2018/user-images/primary-user-image + path: ../datahub/images/default + registry: + provider: gcloud + gcloud: + project: ucb-datahub-2018 + service_key: gcr-key.json + +cluster: + provider: gcloud + gcloud: + project: ucb-datahub-2018 + service_key: gke-key.json + cluster: ugresearch-cluster + zone: us-central1 diff --git a/deployments/ugr01/secrets/prod.yaml b/deployments/ugr01/secrets/prod.yaml new file mode 100644 index 000000000..422104f73 --- /dev/null +++ b/deployments/ugr01/secrets/prod.yaml @@ -0,0 +1,21 @@ +jupyterhub: + hub: + config: + CanvasOAuthenticator: + client_id: ENC[AES256_GCM,data:/VedfPLyL+Rj3gciMxQ5H84=,iv:WZsC/06SEfEEeH4/NY+txGypgP/lShrJLc8DVXS7tco=,tag:kdZCzktRscuCYz4nRlkxTA==,type:str] + client_secret: ENC[AES256_GCM,data:EqzXDvAIMyGeTnGjUDOg6X6XqSwDmogtz/HXhc2LNYMhoSgg8PSUqvEFNUNG6w59tkRXPerBR6PyOuG31ftYXQ==,iv:D/rf3aWams6O2NcmdjFYxEVV5dQoWv3ubZ1kTN5KMO8=,tag:/LLaEHP/RB17Td0UW1I2bQ==,type:str] + oauth_callback_url: ENC[AES256_GCM,data:RU1IE0Q0bHIXfuVwptLkVgRyj+7z9ps4V30cvQozIL1XcprM3PSp5cJ7Mdyk9MwWQKUHe3o=,iv:QfiqlA0VAJIigpKfhbmvsg74VA/f8l0/+E7n587DZSI=,tag:i5OLqjG4BdJm+cVE3nBgIQ==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/ucb-datahub-2018/locations/global/keyRings/datahub/cryptoKeys/sops + created_at: "2021-05-05T10:57:58Z" + enc: CiQA67O9AK2027WGYGTzywa01Cz+Ez7sOTk/d9payovyK5pg8g4SSADmhpq89bbIWFjlGg79o/iupJ4anLU5Ab9VL+qNzhu6e83JtJ7wSv6sK+cDiEfVSaKQ1YIcadDXFt4WUKRt7MFvAa1sLqp2LA== + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2024-07-16T21:32:11Z" + mac: ENC[AES256_GCM,data:NC/cFuqBfuRWCKKuIWBIyejGcOme6lOD84trvY/QQWVWd9dJVHfCDKwDEVU2EOYn4bFjXR1z4Hi//hlWqoH47LIfS87KprPoVSGN+0DoG6tdN0SzP44hKi37rGwKotrvL6+qnwHnH45M6yk12efs2bU5iFbiOlFhuWMYOxqNEo8=,iv:GqPajLKVLr+R8kUQgWwFkjd+duKnpKFMmPPYBBrssq8=,tag:yYsWY3wuIsNXZRmN33rG9Q==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.0 diff --git a/deployments/ugr01/secrets/staging.yaml b/deployments/ugr01/secrets/staging.yaml new file mode 100644 index 000000000..0a45fb78f --- /dev/null +++ b/deployments/ugr01/secrets/staging.yaml @@ -0,0 +1,21 @@ +jupyterhub: + hub: + config: + CanvasOAuthenticator: + client_id: ENC[AES256_GCM,data:G0+pIvyOsh+Zj4ZxddKbON4=,iv:iX8jMrXcJvjBi0GKRtuN886bXWFwBfCsaUoH+HRMn6U=,tag:BsyGAveKrd8TvWMuUlw3kw==,type:str] + client_secret: ENC[AES256_GCM,data:6mR3zs4jvkVuVwjut56tuW3HIOHcYWRSIJJZiOeC+H82tqgZeuVEe7+/zMxq6J0ba5RMas9npep4svuL+TppcA==,iv:K6/MFusdxnLkrEA5LaXLO8mFm1Xa4U2OmxUBOLqdpJk=,tag:xweE4+/ZCIcXj9CtbFpUSw==,type:str] + oauth_callback_url: ENC[AES256_GCM,data:ycdZfwiP7ouq/0pGarj89xGze4aXoVAJiA+k0U+9GHtt1yqiqcw4cndcO67q+0LfrtNOB/ugHPaWu+gkig==,iv:Y9k4n0NyHKX2B8cO1Bo4cRIUZBtYD8si9GszXd4aGKc=,tag:h0Bff7yQPxc57GBk1e44wQ==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/ucb-datahub-2018/locations/global/keyRings/datahub/cryptoKeys/sops + created_at: "2021-05-05T10:57:58Z" + enc: CiQA67O9ALEiz+lgnWQQgjT08Fx2+SUNdWEA2MqdIoEl0Ett3zASSQDmhpq85T+08Rtt/sqeMktjA6t8rCVH8soCR/sNJwDHgXabOipn/od+64D/L+aggCaXqJ433twByk0+YUJAe5z733oW/3J53eU= + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2024-07-16T21:32:30Z" + mac: ENC[AES256_GCM,data:V+KX6npLuuvAGl3+PgZ2EmdEk8glFRxNOjNvm0A5e20/gJIABFucy0yo7xnel/NfLfyGPnMwKHWJ/5CPLJYNRZ2x/gBYY15L+QvPN1ktwtLWa15rr9o1bQP5grv8WVt78iverz39l9HUgaLODjgPNKrsHFmvpAkUruH1uSD5T1M=,iv:elQE5tpiQ5spWOw/3GpdsUDnKxiavBruMA8bvAoSP0g=,tag:hSFukL/hx7SgkDne7ctH+w==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.0 From 1fe4caeb19443e100467c30257071dc00bb4201d Mon Sep 17 00:00:00 2001 From: Greg Merritt Date: Tue, 23 Jul 2024 13:41:48 -0700 Subject: [PATCH 04/25] README for deployment manager scripts & files --- vendor/google/ugr/README.md | 88 +++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 vendor/google/ugr/README.md diff --git a/vendor/google/ugr/README.md b/vendor/google/ugr/README.md new file mode 100644 index 000000000..4ca1367d6 --- /dev/null +++ b/vendor/google/ugr/README.md @@ -0,0 +1,88 @@ +# UGR Cluster & Hub Deployment + +This set of templates, configuration files and scripts use the [GCP Cloud Deployment Manager](https://cloud.google.com/deployment-manager/docs) service to deploy and update the undergraduate research GKE cluster and node pools. + +The documentation below starts from the highest level -- the Deployment Scripts -- and drills down into the two supporting layers beneath (Configurations, Templates). + + +## Deployment Scripts (gcloud wrapped in shell) + +The deployment shell scripts are wrapped around gcloud commands to add a bit of convenience. This convenience boils down to the following: + +``` +gcloud deployment-manager deployments create ... || \ +gcloud deployment-manager deployments update ... +``` + +That is, the script will run the create version; if this fails (due to the deployement already existing), then it will update the deployment, only taking actions to effect changes in the "deltas" between the live deployment and the new local configuration. + +Deployments may be destroyed wholesale with "one click" in the web console, or with gcloud as described in the shell script comments: + +``` +gcloud deployment-manager deployments delete "$DEPLOYMENT_NAME" +``` +## Configurations (yaml) + +Each deployment shell script (above) "knows" its config, e.g. + +``` +CONFIG_PATH="./configs/gke_ugresearch.yaml" +``` + +[The yaml file for a templated config](https://cloud.google.com/deployment-manager/docs/configuration/templates/define-template-properties) contains all of the configuration variable values, such as resource names, numbers, sizes, and other parameters; for example, + +``` + initialNodeCount: 1 + diskSizeGb: 100 + machineType: n2-standard-2 +``` + +## Custom Templates (python) + +The yaml config files (above) work with [templates](https://cloud.google.com/deployment-manager/docs/configuration/templates/create-basic-template) to feed the full deployment specifications to the shell script's gcloud command. The yaml specifies the template(s) that the deployment manager should use for the deployment: + +``` +imports: + - path: ../templates/gke_template.py +``` + +When choosing python for the template language, the following function is expected: + +``` +def GenerateConfig(context): +``` + +At deployment, the template has access to the properties set in the associated yaml, and this function's one job is to return a dictionary that descries the deployment: + +``` + return {'resources': resources} +``` + +Note that this python is run "in the cloud" by the deployment manager service, not locally in the gcloud context. + +## Adding a Node Pool + +To add a node pool, such as ugr02, create these two files (based on the ugr01 example): + +``` +.//configs/node_pool_ugr02.yaml +.//deploy_node_pool_ugr02.sh +``` + +Edit the yaml config to have the names and properties of your new node pool, and edit the shell script's CONFIG_PATH to reference the new yaml config. + +The associated template is meant to be unchanged; it contains the structure, not the configuration: + +``` +templates/node_pool_template.py +``` + +Run the shell script to deploy: + +``` +./deploy_node_pool_ugr02.sh +``` + +## Change a deployment + +To change an existing deployment, edit the parameters to be changed in the deployment's yaml config and run its associated shell script. \ No newline at end of file From c8384f14b42e3ff215a68be1921b2f6b1fa4204e Mon Sep 17 00:00:00 2001 From: Greg Merritt Date: Tue, 30 Jul 2024 12:56:51 -0700 Subject: [PATCH 05/25] Custom image, BUT I'm having personal repo2docker issues in general --- .circleci/config.yml | 23 +++++ deployments/ugr01/hubploy.yaml | 6 +- deployments/ugr01/image/apt.txt | 97 +++++++++++++++++++ deployments/ugr01/image/environment.yml | 63 ++++++++++++ .../ugr01/image/infra-requirements.txt | 29 ++++++ deployments/ugr01/image/postBuild | 5 + deployments/ugr01/image/start | 5 + 7 files changed, 226 insertions(+), 2 deletions(-) create mode 100644 deployments/ugr01/image/apt.txt create mode 100644 deployments/ugr01/image/environment.yml create mode 100644 deployments/ugr01/image/infra-requirements.txt create mode 100644 deployments/ugr01/image/postBuild create mode 100644 deployments/ugr01/image/start diff --git a/.circleci/config.yml b/.circleci/config.yml index 399a528bc..5f8d53e07 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -325,6 +325,12 @@ jobs: hubploy deploy --timeout 30m stat20 hub ${CIRCLE_BRANCH} no_output_timeout: 30m + - run: + name: Deploy ugr01 + command: | + hubploy deploy --timeout 30m ugr01 hub ${CIRCLE_BRANCH} + no_output_timeout: 30m + - run: name: Deploy workshop command: | @@ -626,6 +632,15 @@ workflows: ignore: - staging - prod + - hubploy/build-image: + deployment: ugr01 + name: ugr01 image build + # Filters can only be per-job? wtf + filters: + branches: + ignore: + - staging + - prod deploy: jobs: @@ -799,6 +814,14 @@ workflows: branches: only: - staging + - hubploy/build-image: + deployment: ugr01 + name: ugr01 image build + push: true + filters: + branches: + only: + - staging # Build images only during the staging deploy. All merges # to prod need to go via staging, so prod should *never* # use images not built for staging. By enforcing this at the diff --git a/deployments/ugr01/hubploy.yaml b/deployments/ugr01/hubploy.yaml index 7fd383042..2ff8daaea 100644 --- a/deployments/ugr01/hubploy.yaml +++ b/deployments/ugr01/hubploy.yaml @@ -1,7 +1,9 @@ images: images: - - name: us-central1-docker.pkg.dev/ucb-datahub-2018/user-images/primary-user-image - path: ../datahub/images/default + - name: us-central1-docker.pkg.dev/ucb-datahub-2018/user-images/ugr01-user-image + path: image/ + repo2docker: + base_image: docker.io/library/buildpack-deps:jammy registry: provider: gcloud gcloud: diff --git a/deployments/ugr01/image/apt.txt b/deployments/ugr01/image/apt.txt new file mode 100644 index 000000000..10e53b036 --- /dev/null +++ b/deployments/ugr01/image/apt.txt @@ -0,0 +1,97 @@ +# Some linux packages for basic terminal work, particularly +# oriented at users new to Unix/cmd line environments. + +# installing less as more just isn't enough +less + +# Basic unix tools +man +man-db +manpages-posix +manpages-dev +manpages-posix-dev + +# Download tools +curl +wget + +# Core text editors on a *nix box: vim +vim + +# A couple of CLI editors that are easier than vim +# micro # currently not working on 18.04 +nano +jed +jed-extra + +# powerful terminal-based file manager, better than the one in JLab +mc + +# for easily managing multiple repositories with one command (perl-doc +# is needed for its help pages to work) +mr +perl-doc + +# Regular build tools for compiling common stuff +build-essential +gfortran + +# Dependencies for nbconvert +texlive-xetex +texlive-fonts-recommended +texlive-plain-generic +# https://github.com/berkeley-dsep-infra/datahub/issues/3719 +texlive-lang-chinese +lmodern + +# Other useful document-related tools +pandoc +latexdiff + +# Some useful git utilities use basic Ruby +ruby + +# Other niceties for command-line work and life +ack # powerful grep-like tool +pydf # colorized disk usage +tmux +screen +htop +nnn # cmd line file manager +zsh +rsync +tig # console UI for git +multitail + +# For later, these are not available in 18.04 +#browsh # text-based web browser, occasionally handy +#dasel # json/yml/csv/etc data wrangling at the terminal +#fzf # fuzzy file finder + +## This section adds tools for desktop environment usage +dbus-x11 +xorg +xubuntu-icon-theme +xfce4 +xfce4-goodies +xclip +xsel +firefox +chromium-browser + +# GUI text editors +vim-gtk3 +gedit + +# Git clients and tools +git-gui +gitg +qgit +meld + +# For jupyter-tree-download. Ref: https://github.com/berkeley-dsep-infra/datahub/issues/3979 +zip + +# playwright deps https://jira-secure.berkeley.edu/browse/DH-305 +libnss3 +libnspr4 diff --git a/deployments/ugr01/image/environment.yml b/deployments/ugr01/image/environment.yml new file mode 100644 index 000000000..9ee6fc0fa --- /dev/null +++ b/deployments/ugr01/image/environment.yml @@ -0,0 +1,63 @@ +name: ugr01-FA24 + +channels: +- conda-forge +- pytorch + +dependencies: +- python==3.11.* +- git==2.39.1 +- jupyter-resource-usage==1.0.0 +- jupyterlab==4.0.11 +- jupyterlab-favorites==3.0.0 +- jupyterlab_server==2.23.0 +- jupyterlab_widgets==3.0.8 +- jupyter_server==2.7.0 +- nbgitpuller==1.2.1 +- notebook==7.0.7 +- folium==0.14.0 +- h5netcdf==1.0.2 +- ipywidgets==8.0.7 +- jupysql==0.8.0 +- jupyter-archive==3.4.0 +- matplotlib==3.7.1 +- mdit-py-plugins==0.4.0 +- numpy==1.24.2 +- pandas==2.0.2 +- plotly==5.13.1 +- requests==2.28.2 +- scikit-image==0.19.3 +- scikit-learn==1.2.2 +- scipy==1.10.1 +- seaborn==0.12.2 +- statsmodels==0.14.0 +- tensorflow-cpu==2.12.1 +- sqlalchemy==2.0.16 +- mlxtend==0.23.0 +# Spring 2024 data 100 +- pytorch==2.1.2 +- cpuonly==2.0 +- transformers==4.37.1 +# Spring 2024 table demos +- lxml==5.1.0 +# Spring 2024 Econ 148 Packages +- geopandas==0.14.2 +- geopy==2.4.1 +- lifelines==0.27.8 +- pycountry==22.3.5 +- pip +- pip: + # - -r infra-requirements.txt + - ipywidgets==8.0.7 + # disable until fixed (probably this: https://github.com/jupyterlab/jupyter-collaboration/issues/162) + # - jupyter_collaboration==1.0.1 + - jupyterhub==4.1.5 + - nbconvert[webpdf] + # - pyppeteer==2.0.0 + - pytest-notebook==0.8.1 + - gh-scoped-creds==4.1 + - git+https://github.com/shaneknapp/python-popularity-contest.git@add-error-handling + - ydata-profiling==4.6.4 + - otter-grader==5.4.0 + - duckdb==0.10.1 + - duckdb_engine==0.11.2 diff --git a/deployments/ugr01/image/infra-requirements.txt b/deployments/ugr01/image/infra-requirements.txt new file mode 100644 index 000000000..b01c9d80d --- /dev/null +++ b/deployments/ugr01/image/infra-requirements.txt @@ -0,0 +1,29 @@ +# WARNING: Original source at scripts/infra-packages/requirements.txt +# PLEASE DO NOT EDIT ELSEWHERE +# After editing scripts/infra-packages/requirements.txt, please run +# scripts/infra-packages/sync.bash. + +# This file pins versions of notebook related python packages we want +# across all hubs. This makes sure we don't need to upgrade them +# everwhere one by one. + +# FIXME: Freeze this to get exact versions of all dependencies +notebook==7.0.7 +jupyterlab==4.0.11 +nbgitpuller==1.2.1 +jupyter-resource-usage==1.0.1 +# Matches version in images/hub/Dockerfile +jupyterhub==4.1.5 +appmode==0.8.0 +ipywidgets==8.0.7 +jupyter-tree-download==1.0.1 +git-credential-helpers==0.2 +# Measure popularity of different packages in our hubs +# https://discourse.jupyter.org/t/request-for-implementation-instrument-libraries-actively-used-by-users-on-a-jupyterhub/7994?u=yuvipanda +git+https://github.com/shaneknapp/python-popularity-contest.git@add-error-handling +# RISE is useful for presentations - see https://github.com/berkeley-dsep-infra/datahub/issues/2527 +RISE==5.7.1 +# syncthing for dropbox-like functionality +jupyter-syncthing-proxy==1.0.3 +# jupyter archival tool for easy user downloads +jupyter-archive==3.4.0 diff --git a/deployments/ugr01/image/postBuild b/deployments/ugr01/image/postBuild new file mode 100644 index 000000000..1b6bcc9d1 --- /dev/null +++ b/deployments/ugr01/image/postBuild @@ -0,0 +1,5 @@ +#!/usr/bin/env bash + +# installing chromium browser to enable webpdf conversion using nbconvert +export PLAYWRIGHT_BROWSERS_PATH=${CONDA_DIR} +playwright install chromium diff --git a/deployments/ugr01/image/start b/deployments/ugr01/image/start new file mode 100644 index 000000000..c3a978b7f --- /dev/null +++ b/deployments/ugr01/image/start @@ -0,0 +1,5 @@ +#!/bin/bash + +# See https://jira-secure.berkeley.edu/browse/DH-305 +export PLAYWRIGHT_BROWSERS_PATH=${CONDA_DIR} +exec "$@" From 8375cbf341bd05322220ec74be457b310996b77d Mon Sep 17 00:00:00 2001 From: Greg Merritt Date: Wed, 31 Jul 2024 16:03:20 -0700 Subject: [PATCH 06/25] Fixing cluster reference in ugr01 common.yaml --- deployments/ugr01/config/common.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deployments/ugr01/config/common.yaml b/deployments/ugr01/config/common.yaml index 1b6ec1473..851b5c2a9 100644 --- a/deployments/ugr01/config/common.yaml +++ b/deployments/ugr01/config/common.yaml @@ -7,15 +7,15 @@ jupyterhub: scheduling: userScheduler: nodeSelector: - hub.jupyter.org/pool-name: core-pool-2024-05-08 + hub.jupyter.org/pool-name: core-pool-2024-07-07 proxy: chp: nodeSelector: - hub.jupyter.org/pool-name: core-pool-2024-05-08 + hub.jupyter.org/pool-name: core-pool-2024-07-07 hub: nodeSelector: - hub.jupyter.org/pool-name: core-pool-2024-05-08 + hub.jupyter.org/pool-name: core-pool-2024-07-07 config: loadRoles: # datahub staff From 37c8d1a8af765225fc4eb69d7a423957dd921276 Mon Sep 17 00:00:00 2001 From: Greg Merritt Date: Thu, 1 Aug 2024 13:50:47 -0700 Subject: [PATCH 07/25] Add GCP .json secrets to ugr01 deployment --- deployments/ugr01/secrets/gcr-key.json | 30 ++++++++++++++++++++++++++ deployments/ugr01/secrets/gke-key.json | 30 ++++++++++++++++++++++++++ 2 files changed, 60 insertions(+) create mode 100644 deployments/ugr01/secrets/gcr-key.json create mode 100644 deployments/ugr01/secrets/gke-key.json diff --git a/deployments/ugr01/secrets/gcr-key.json b/deployments/ugr01/secrets/gcr-key.json new file mode 100644 index 000000000..9fe18e31a --- /dev/null +++ b/deployments/ugr01/secrets/gcr-key.json @@ -0,0 +1,30 @@ +{ + "type": "ENC[AES256_GCM,data:sSMZTPHoc56dS2QmRItV,iv:OYhPfSncuId7PA9aiszNvKsjdXkDx5+8JmENATsWp/I=,tag:5q0nB7gQzZ6F0vLs+gA3rA==,type:str]", + "project_id": "ENC[AES256_GCM,data:5lCYzQaxBsllxoFWv+2+tA==,iv:JJcedEiqtjdAXv8ZyByKkLA6S3WAo4fXZzsL2Pz26qY=,tag:VEzWDtql0mnQFweATURVxg==,type:str]", + "private_key_id": "ENC[AES256_GCM,data:R1MEERmxErsigrEXhZJKaFMwLCtllTgDsUtnj8VKOiAjDChXq0zD9A==,iv:2Yj18QUDQaYmffDsoc721Gh/wfkK6zu1gVko6cw3NZQ=,tag:sybx0ddAMNr1Miw04j5JwA==,type:str]", + "private_key": "ENC[AES256_GCM,data:vLehnTBC4K7eP8cyHkoZFQDlhvfxpwOu6JcPa5IVPuGNufF9yrDlDM7bs03l4YsSxevaSOEMy9vbQDnZWMltTQRhcO8kkrsEm2G4VogjATwTYElWNzr6OhK9K9oUTO8/uuMkUPp9AUG0QQMbcUO7Vhm36IIN5/HlpoPqX7UYDbTmR8ziN1dNGHHdFEIC2/TTrnZPx60j9nzyHz4juBPl4TlSsaaAAzqGmKV4WjtO99hYz2Fr3hfQg/A2us/HGvnUlzMrzQqMujbDFpl00v2XuI2PATTiQm/Uvo/D/mOHy1+P4WVLm/qNB6X6NXWZvLT+KDqJiSHQxV5ayABzs2VaUBk5eNuBCKHPZz00JLK/jIEl+tQOjz+kd0jmqKtrbKBl4OLDYP25ftgyQLhrPApdWMGSDj+f+5SiTecKdxDhYhGPW/onf8RHAO/0v6J7RSSlyqk7KWhKqcOeRzo5eEl9AdduaduwUtlkffVynFJOCf8xH0pLQcF0jTVZl7TG4vp9Pw6tPp3lUj3hovr1Zu+YJSOz05Zrhwprq96o5mQFHw/WkCdS1IwwVQ3WfRzR1uuHuSziDuRzA2fWDwtenolGMMzMKq8StU1ZyHqbJKGnSoZVExT4SPaatUUXELwA+GjKXrr8SPXM6PII5QqpHLCcP1rpCFzXtBaYiM1+uJPSIZ4I9kuaWVhzdJ/XbUdKsIYrTV850WrQKTpNiu9fk/DC4G9T9G6n0jtD3+jYdDi0nn4nSY5o/1WS/2uiZ4PP3TsSMBKfuY6gn/88QCZWRe4iUx0kt6zbvJsePaEm2pq4WB2Ylz5u/tN6erD/qVm7an434CopLzrBc2gzdnfxLAuDQO0I8SyiGxt03htBH42R9ahQAYVdpOW6ygI7YdIbV9eYCK0q4/RkqVel/SnSSca5qdY/iCT6lmzKd9NbzT0BYhATSNoH6RG1YkcAZZzjHlfBWugXnFpmJMBiz4BwUpSNIcXMHnsKYJAsQBQcTqi3DGf9LbWSaWAS1ZMQFQ9gqU1rip9ZGUQAlM/tv2/LIDITAltrxxZxVDroZ+b0kbuYp95QgcuBVudx0Bmq/qlvZWbKrs6C5Hw/UONzwOCV/eVocYpwfoJYsznlJPDOXuJEnN48jsUgeRsm4xeod2EraJ2Y6FPkNFRs6xE6GMHLllNBoXv1O/ihJoVeten/mkNmMIVpf1oG8lC9CxTbAOS/nvRiFXlJbCCUHHJFrh8O+r69UkrfEtL1pu+f5dfft7Al6Rc8tdc/InVPx5wUldkfGPpJ6GvetEJujqv9Ad2V4TWHaiM3zoLp60EylJ8sDbD7KupqN4mmx22eefaD4XXJCiGNpzIcsqPUjjrgMEQ6DwPF+553RLd2Acsp9gnL6aoQaVrlgfwUQ7a0NHCGTD4qm9I6LxVLlQXTtqvricGeC5nzMpftOPS4v0hbakdQ2TOJ9O6I7Ea2LY4TAOJrmqeXbu7J3DSY6V+bScDGUZVtqewVEteTB80GANMOZF3d1e74c5M09XGTDqssaLm5yZjhM6x0fSlG/8EWvvuq5ZT8a9oWZL9GL9N2QvgdAxQ4hu/L1aZnkmaEnm/t0itHijUlgwqocrxzl02savG0vS/74Jt567WVs/B8jYY7qwNkuC8N5PaGc7D6e7xRRYGQbUZTo1GKJw54Yieodt/p+QHyXrJQegci5RSVJbxTS6tkh5Ps5UP3t0+/oK3obD9Y7pD/MUYmzs2wm70nbuIzILacKAD3mLKV6zWnEuiTtVds9qlgHNYURDpEt43HHLChcL5soxWYXsds7Qqlv2z+Bg0z1lp6VScaieC0BDtCjzqvKKpFVn6Ou2VkrSWl14Jxmzr08RCgxu4qnhzxmNShftqbgkTe68EC/XjGvN9eqEsfz+TdT1jHnQYmTmV88DP/EgPsI0WO/elO60LAVALNtpQXm5qH+lx4anCzwePuki9RAnIOnhJG9yC9XEE0qDf/ugwczDJZZaHYfluKEAqzPgwvw1jpPGMdO5MBfXGoTp8NsfO785+FjxJ8+lReant1BG6TN/FQUGiZG6oFdfVn7rQG64ULrj9M7LbILzjpM7c0E40sCDbA/gcZ/Qq8z7cr3m/Dj9jzbObgvEKcgpMgoxcLmfiGdG7lrE4osAd+WBBq8nggQb8wCj+93vQnLjB7z2bCbi5QGYVvvT0wAoi9xnPXt2crm0WwJcvSoLhyUQHlY7VS7q/RIW0l2V1ZFYSze3uOjE6yDnT78YCgGfZnFPcQM+ptF+Ue9DxQBDyi,iv:TjdSa3QrrsWYSbEbGDMEfBK5mjWAV+XpbjdqDJYdifY=,tag:a9tA75QeegIzOhKWsqUM9g==,type:str]", + "client_email": "ENC[AES256_GCM,data:I82UyGVgjfabeSwcP6VFhNLQeNJE95Rk4y9k0c31nopBegNCr7efnC+/DlJLvojlm41nHmfAuGOkmw==,iv:j9QJCExmRWDbiu22JBQootXeEiy9QDTPuhOKSshTYR0=,tag:8wEy9W/jOgTXcpyRY3x8dg==,type:str]", + "client_id": "ENC[AES256_GCM,data:mCjJFCWLdptaXokoZNTtrqA0ACwH,iv:zMr5U5urtbpsO3XjWdc7Sir70zi8ToH7Oy2beYRvGww=,tag:JgM9nrwGe4Y+BqdRx7MOGQ==,type:str]", + "auth_uri": "ENC[AES256_GCM,data:/UEubFJIcCpvx8WIHgkxsltppO5CjEzqXW97UWVix6UCMQrL4Ugd1bI=,iv:PqEcw2JnjDNRGSh17+qkL1TaJkJqWJ+/Et+i6tDVfbs=,tag:XznNBtLLnlq/rFTToRsH/Q==,type:str]", + "token_uri": "ENC[AES256_GCM,data:CBRAorj4zG90mN2fF+ASla/x+edKvOkgMYQUN+hgjaA5/v8=,iv:QevCiojMP1EoYOK9TBGEhPxXXEr3imOoU5OijImp1xU=,tag:vquitBLE6ZwqKl19HapmFw==,type:str]", + "auth_provider_x509_cert_url": "ENC[AES256_GCM,data:4pMJ0qPTEfMmZDTLlcJHYf1McBiTrKKs2A+a5ZfLR+DCArq6LTpDnSAl,iv:Ict6og/P6ks3r4cflG8sRzZH+YrCJldx9pzseJrLMWk=,tag:DMFkzIGiGQthS16D4Cr+kg==,type:str]", + "client_x509_cert_url": "ENC[AES256_GCM,data:6ZQXeNld6P9Sf7WyKIr1+yVui+CqEnEi8va4/q8w1xaBPYJAZGd2rWzKuphBcjgUj2E3BoqXtpG6oPeZYhDjlIRllHI/D/z5GnaMy450EzVNGci42i4CzE+uW+/dMqmFvGcVdVybhvJXpKhBN7k=,iv:Wa+RnN/OLZWWRE2iw70tiIVJKLpouaTz1VLyxszvdzc=,tag:wtYYUme/9tMQiIP4/zo2Xw==,type:str]", + "sops": { + "kms": null, + "gcp_kms": [ + { + "resource_id": "projects/ucb-datahub-2018/locations/global/keyRings/datahub/cryptoKeys/sops", + "created_at": "2021-04-09T22:02:09Z", + "enc": "CiQA67O9ABQMqfuxdMibeM0Kd4giFI4f028ytEQ5mGD4LVap6CQSSQDmhpq8WM8e2Gv4k0WlOZy2JdbrcUYcMLZCGZXvnOyGqyKA/rdOEVS37QAKVEavjPngLpi+GSBEn/aVkxVuoa3gL1a+bk0ikiU=" + } + ], + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2021-04-09T22:02:09Z", + "mac": "ENC[AES256_GCM,data:kq/VhJN2srGNm5Z9f+uAjUpooefLmwakgKqxIfVBALS1X4jcH5dpFJqZs/UB5AA4xm/97rPdnCqW7IZIFVWzG2zKcajyIMcnOOc/HLG8rYp+lG7om2aGWqoXGkiitWZ1fplALx7AdWvXcLHZF83E58l/OQ+8wrwQDOa/fd0PZdw=,iv:mFn075xtHaFGQqx43R5ekZnbrIlIRaKqBDtc+Uog9SM=,tag:B1ni3Sef2yrh1Sz3TbUeJw==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.7.0" + } +} \ No newline at end of file diff --git a/deployments/ugr01/secrets/gke-key.json b/deployments/ugr01/secrets/gke-key.json new file mode 100644 index 000000000..511dea2ad --- /dev/null +++ b/deployments/ugr01/secrets/gke-key.json @@ -0,0 +1,30 @@ +{ + "type": "ENC[AES256_GCM,data:dyZdutOSgZOjlFfdDJxN,iv:YRBab4upN5r5t2Er4R5RUeW9eU9eNbsfz353T93dpjc=,tag:XatnP9bkiAWRWoBgAZomrw==,type:str]", + "project_id": "ENC[AES256_GCM,data:MGff54r4talxCtnxf6aVFA==,iv:Ua5hVb6mcnEhI+mSHXSljFZlbfoYhMevGLjVVUA2kvQ=,tag:rhos4hcY8j2tcciigk0TcA==,type:str]", + "private_key_id": "ENC[AES256_GCM,data:nAnt+VZz+qp+0cxV+JDR2mT/pH067ocqibGS0xG2AjsV8MtmCpR+9A==,iv:nWfmnEAPvCaUsWjsOvnsUGjzLYvnum+ZhFmON5ru8Z4=,tag:INN8T5w3RbqhBfvAYoaFZA==,type:str]", + "private_key": "ENC[AES256_GCM,data:g9Y8AKuGj9b7tDdo5MhIhGDA/qB/T6LbRMJf8pdm2kwLFKm7hqFXkxIItyZCcWq7CvSeY/tf/J5lnhzDc/NLLJcq3Et1gxlrnWlMguXpNn7YXgcp1aQnKqjWQUpZNqwBWRx8olqXxND0V/M8iZyNtqGX9q2GekYJughKPgq/hZcKZKJNoKcP/784+R/NB46o1zXM7pz5BtHWwm4VskYSh1nawP/d6K6JXtiTBQl8GCkK+yS8/b1xEFhwerbbQiIenMEcceFEZ3aqdDxgkHj7GnRvfmJqjyVaACFujaFy29I9aW7agk6B2unlT8+rSkX91RadWHTp9BUWVYVuOEgfU1Ht7u0CX0RsWSbdNqsHWKjsRbvbUkySpAsiTdgwi+ZW0zT0oxVXEu04Sam0bWMLn0Bzrag/q/y8ZZwTfVB7U0SjDxCL+P2jZ4LtGqiwuAbRmDc+0tQk6PpJ+eQRZGz35CZOkQYjNiz/uQExtDR9c7yxw6dwKs9b7tLSl3UCiJbA85HIuhlhNXNvG/Ccumf0hGJeAeJnQ0R/9usqQEoNwZ86YR1Nz3TWkq2NoN6AIVl2b/FCp9IetnUGzw9PoB+7m91Y4gIlXbK77JXEQy8W0Iux98Eu/qZMVxjs5TAdpuaVr6LIHnDGMLy3+g1Fr6daIYDKIN7Fo2Er80uh0deeiURFoT8o9MZjj5IChSm/8kBzwna9jfpBsSK1XjMD+H6Dh/+4HDP2yGoEQnPEbPtc0ztPGcu+luc/GC9pUvOuad/OH/WFybmN5GRN6q1IfmxJ8P7szCPDqTRqSebxMy25bmISNHb3p45KaqACoRuBvzRZKeymQt2j1n0XQeAm/H7S4m5i3W9rkbMrBl0ge7SqUzK2EN5ihB2eiDd9YFextVUFsPEFaguKC7gIlQ31jjaKGpgXecBGVJGemufOYg9cbqPIRa4L7f8bYPAa5ThnqmCIn6uba4exTn4e07yy0Ilk0SAZ2Gydm53hOmGRu4pP/Qn6UPVj1o0WAxNq0ERhbU0Bbvvll7ZIvSA8iU2GWl/PG8wIxoYB48bTGObI1hILQAL0zjIkb9/fxYB4jEo4aw2JF6e5F0Gyu28HDVGeb8+X310UFNXZrWrD+yKKV6+Me6FWaZOFhwgD2/8gJODVmyqWlv1PpJyavCj7KhFRlzrkK1g+6LdPjcgFIaQxCcmVOl71uQoN9v3qfXBYDbakUPGlyysi3DGRwjz5rUBuZ4vDfn87mys4cUoGqK+eIPzMG0oQ4xT2CLg5ZvQR5eiUk/fILT6ABzeAV7IzjLgACmSiRcBGxzlgkpDWgP978qc8Z3/QZrXw75Ete5ZQtwMO1aaXMUJkfOC+aR1dgZx2ZrWoF2GvqJCBwl/piU+XRZiJE4bw33z6tXgTSONHotnx9fMkTO5JA+7E/3ee1LXYqXYOesNpHqNX8JkZxkaoPNjXLjMchXa2zr8rSmQ7lY056j0clhvskPR+e3RwU8hwLuZxkt3WV+Ai6O1WjHA/FEGTuCEt7uLQLJgUZLVtkSB3YZNDNT3zENSGTrvWUpllNZEK8aO+aay54KjJ8mIexr9WzKdUhNUAjjWqznbaaF01IAJXHQe1688bj7ktebccNN3BCNp91LhN8O34kA/qXdEDGmx/dxPloCw2aOZQQJ4NH3F0a7LJQj5e2AcJwakm03yQ1QQWPz7siiMh/4czPtOfRHA9zLwlUN2TnX8pL+K9+pU9osZmvREpaYfya1ZAXR8zbnN1V82okT4bFdlrf2oJzxKKVnMa8yg3gIckeP/bvuo1M0EoXF+3tC6pSLJTw4SY2bFOhYzBv/C3XExx5JJBZu66YUymaX/XME3lt+jlxgxMs8pam523D/v3pZSysIeYJArfByrctyHzji6dQS8zMSB9aZBi7VunwX+0fcCvlMd269FjCj4+cr+qqImftDaJJTVFcRksDy1nvhCjZ0IsJQxgey3mTPaBSdOL7dT797+CvN/nIC98P+4txCm0WgMg9vEdnTZmsXCUrA3xiYrMkJFB5UBCXmaqHgQFnWv21q/J7OESWzu/vLsGw1AznKpTeTXx3k8Qcn5ljs7oB2wf56CiSiotwmWlC3kWZq9sAAM+jB9/k1lFbnnJ9BFkkPCa7A1PpmtlwN3n0euvKT9aR7Rwi7aFQ/hyPL+rFfeB8hIZgWYV0dkQUhK8O7fb2oAVVYbj229SshEC3+RCs3Br2hirH6eEzJwwHpN2wk9cnHjQnh8nKfwqKXOTu7NNzM35iTkheLgl1Daq,iv:RhXEMw1Ql1VJ4rf4sgxd5J6gIZuvm2n9KXKmNrm/tww=,tag:mkEOiw3LeOUTXYFUSL7W+Q==,type:str]", + "client_email": "ENC[AES256_GCM,data:A1G3rQNkAA+7MTY4aN4TL7Z6DvCTllLY+Mfez7q6u2fyEq9X9pLK0SUR4pPXbHY5,iv:bSduzAokPS7wX5wbZzYhmvEjyDhCFgnIo8z0mdflvNQ=,tag:ieYxshwivPI2q09wg67S+Q==,type:str]", + "client_id": "ENC[AES256_GCM,data:ZKWsT6afAaDV6fZDs0XIQOXOsfMH,iv:lB7W/oXydiDLTha9fcYrZrd1rB8JreXeBWs4KjmUSbg=,tag:wrEFr1Eq3CrodGMZM8Ft1g==,type:str]", + "auth_uri": "ENC[AES256_GCM,data:UubSqM8v4sdYi7N3/mmkCXFlh0c8wsp2/5l+eo12CnI4Fix+H0fZ1uo=,iv:U8Utee3K2WjyHFYhP8KF/+ThQtHlekh+BN6OjkY3Tb0=,tag:+gaQ68IDDlCSnm+Y6RxdaA==,type:str]", + "token_uri": "ENC[AES256_GCM,data:PS1TrrtmAA4MEnTl/P8a/cbRsJso66YCSPpY4v3tmTx+lSo=,iv:i6QOqUYML1RpnSQeTs6mqkvmOysdUk4/zGVFQ1VfPJQ=,tag:K31R/JB5oBeYjoMf62kvXg==,type:str]", + "auth_provider_x509_cert_url": "ENC[AES256_GCM,data:oFQ6iybUgfaepr0ZtdoAUY7s0/K72p/XabKfox6s+0KPfdpDlluxA9r7,iv:Sy+/Y9iqAvkZiVliWKILGqHuYdZ1rtaMfx+7gkUXZPM=,tag:76pBnIIeaBvtTlWA2WwouQ==,type:str]", + "client_x509_cert_url": "ENC[AES256_GCM,data:dpMPB+/FIYFpYm8HdyrimI3HGSyDwERTSlJTToLVLTdj5iCVr1dBHuynlih3/A08+yUCarR/qnCIup1BNdEfS03i6zzqXhIE0Ip+s85bSQ6CBLoieJYjt7pInhzVVfssOueEYg==,iv:1CYMIgPns5ou3ZTDHrnZlBkD0cGYUxQ6wof7ZSnRVD8=,tag:/ZuVT3Ogv060M4NxHgLDqA==,type:str]", + "sops": { + "kms": null, + "gcp_kms": [ + { + "resource_id": "projects/ucb-datahub-2018/locations/global/keyRings/datahub/cryptoKeys/sops", + "created_at": "2021-04-09T22:02:08Z", + "enc": "CiQA67O9AKCrARnUYuO6JgXzVslDHSN7kZJYi0Wa3L4WMxPs0B8SSQDmhpq8M1OrTjOA1IimYrUUosn0f6d/8tlWW12w8S7GE2cYuWAnni5oZHaeVliNqkmHlz4XLVXPcZZtFf+lGaHvK1x+ehNcGus=" + } + ], + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2021-04-09T22:02:08Z", + "mac": "ENC[AES256_GCM,data:On9Hr74iYVtmK5kLQiaQ2U+DDFhQkv7uGyu8nVJsJdbg2j2FlvMk7BLzwzWmBHCWwHkRQtSrpUPDZs1gu+MtqPIt82p4MvjS+DbT7vy2cU5/99/JfZxKUTF4RqMYittudJcbtiTVp1SFvFa2oVfw5QvMvNs9I5pHla1//051uDs=,iv:69/fSd1SjJWX+Aiq3pL0DKSo0T8ypYeJ0DgK6N3P9Rg=,tag:tcdn6QeS0Um/89CsC+O4yQ==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.7.0" + } +} \ No newline at end of file From 69fa5b1591175f29d0bcbe8f1732aedd2089d213 Mon Sep 17 00:00:00 2001 From: Balaji Alwar Date: Thu, 1 Aug 2024 15:37:19 -0700 Subject: [PATCH 08/25] Add jupyter_app_launcher and jupyter_cache to dashboard image in Dev hub --- deployments/dev/images/secondary/environment.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/deployments/dev/images/secondary/environment.yml b/deployments/dev/images/secondary/environment.yml index cf4608931..2da3a6263 100644 --- a/deployments/dev/images/secondary/environment.yml +++ b/deployments/dev/images/secondary/environment.yml @@ -8,6 +8,8 @@ dependencies: - python==3.11.* - git==2.39.1 - jupyterhub==4.1.5 +- jupyter_app_launcher==0.2.1 +- jupyter-cache==1.0.0 - jupyter-resource-usage==1.0.0 - jupyterlab==4.0.11 - jupyterlab-favorites==3.0.0 From 015d6ad87bde2653cc7f22d0af63797270312e52 Mon Sep 17 00:00:00 2001 From: Balaji Alwar Date: Mon, 5 Aug 2024 12:12:06 -0700 Subject: [PATCH 09/25] Debump 4 GB RAM allocation for a Data 100 assignment --- deployments/data100/config/common.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/deployments/data100/config/common.yaml b/deployments/data100/config/common.yaml index b95787543..e06a36f57 100644 --- a/deployments/data100/config/common.yaml +++ b/deployments/data100/config/common.yaml @@ -103,11 +103,6 @@ jupyterhub: admin: true mem_limit: 4G - # Data 100, Summer 2024, https://github.com/berkeley-dsep-infra/datahub/issues/5862, to be removed by 7/29 - course::1535115: - mem_limit: 4G - mem_guarantee: 4G - # Data 100, Spring 2024, https://github.com/berkeley-dsep-infra/datahub/issues/5376 #course::1531798::group::Admins: # Spring 2024, Data 100 Admins, ensured 4G RAM # mem_limit: 4G From 35ff741a967e659de208b8bcdf3710b749a98e15 Mon Sep 17 00:00:00 2001 From: shane knapp Date: Mon, 5 Aug 2024 12:37:24 -0700 Subject: [PATCH 10/25] debumping ram --- deployments/data100/config/common.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/deployments/data100/config/common.yaml b/deployments/data100/config/common.yaml index b95787543..e06a36f57 100644 --- a/deployments/data100/config/common.yaml +++ b/deployments/data100/config/common.yaml @@ -103,11 +103,6 @@ jupyterhub: admin: true mem_limit: 4G - # Data 100, Summer 2024, https://github.com/berkeley-dsep-infra/datahub/issues/5862, to be removed by 7/29 - course::1535115: - mem_limit: 4G - mem_guarantee: 4G - # Data 100, Spring 2024, https://github.com/berkeley-dsep-infra/datahub/issues/5376 #course::1531798::group::Admins: # Spring 2024, Data 100 Admins, ensured 4G RAM # mem_limit: 4G From e1a71d76cc18e0d6fe2e86aca5621006b5a38e5f Mon Sep 17 00:00:00 2001 From: shane knapp Date: Mon, 5 Aug 2024 13:18:22 -0700 Subject: [PATCH 11/25] change conf.py --- docs/conf.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/conf.py b/docs/conf.py index 397734f25..a0b74cf28 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -180,4 +180,4 @@ # -- Options for intersphinx extension --------------------------------------- # Example configuration for intersphinx: refer to the Python standard library. -intersphinx_mapping = {'https://docs.python.org/': None} +intersphinx_mapping = { 'python': ('https://docs.python.org/', None) } From fd095705a018bab45dae85600d18ebb2a9dc2227 Mon Sep 17 00:00:00 2001 From: shane knapp Date: Mon, 5 Aug 2024 13:21:28 -0700 Subject: [PATCH 12/25] undo changes to data100 config --- deployments/data100/config/common.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/deployments/data100/config/common.yaml b/deployments/data100/config/common.yaml index e06a36f57..b95787543 100644 --- a/deployments/data100/config/common.yaml +++ b/deployments/data100/config/common.yaml @@ -103,6 +103,11 @@ jupyterhub: admin: true mem_limit: 4G + # Data 100, Summer 2024, https://github.com/berkeley-dsep-infra/datahub/issues/5862, to be removed by 7/29 + course::1535115: + mem_limit: 4G + mem_guarantee: 4G + # Data 100, Spring 2024, https://github.com/berkeley-dsep-infra/datahub/issues/5376 #course::1531798::group::Admins: # Spring 2024, Data 100 Admins, ensured 4G RAM # mem_limit: 4G From 6760c51cc292b466e0b17bf6de33733d6da45a7b Mon Sep 17 00:00:00 2001 From: Ryan Lovett Date: Mon, 5 Aug 2024 13:45:30 -0700 Subject: [PATCH 13/25] Enable gh-scoped-creds on dev hub. --- deployments/dev/config/common.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/deployments/dev/config/common.yaml b/deployments/dev/config/common.yaml index 5f0a27d46..469927e01 100644 --- a/deployments/dev/config/common.yaml +++ b/deployments/dev/config/common.yaml @@ -62,6 +62,10 @@ jupyterhub: extraEnv: # Unset NotebookApp from hub/values. Necessary for recent lab versions. JUPYTERHUB_SINGLEUSER_APP: "jupyter_server.serverapp.ServerApp" + + # Specify our app for gh-scoped-creds that has read/write scopes + GH_SCOPED_CREDS_CLIENT_ID: Iv23ct7Qx1mAotaIIYx9 + GH_SCOPED_CREDS_APP_URL: https://github.com/apps/berkeley-datahub-git-access defaultUrl: /lab profileList: - display_name: "Dockerfile image" From 4b46301790166f7fbfbf093a2cb75f473823c356 Mon Sep 17 00:00:00 2001 From: Ryan Lovett Date: Mon, 5 Aug 2024 13:50:01 -0700 Subject: [PATCH 14/25] Remove group-specific vars. --- deployments/dev/config/common.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/deployments/dev/config/common.yaml b/deployments/dev/config/common.yaml index 469927e01..8c634dc6e 100644 --- a/deployments/dev/config/common.yaml +++ b/deployments/dev/config/common.yaml @@ -101,9 +101,7 @@ jupyterhub: course::1524699::group::all-admins: mem_limit: 12288M mem_guarantee: 12288M - env: - GH_SCOPED_CREDS_CLIENT_ID: "Iv23liFjgKFgkSBWph4C" - GH_SCOPED_CREDS_APP_URL: "https://github.com/apps/test-gh-scoped-creds" + # # # Example: increase memory for everyone affiliated with a course. # From 63e2ba789c6f2c6becebf77153ad11a3c73e72ca Mon Sep 17 00:00:00 2001 From: Ryan Lovett Date: Mon, 5 Aug 2024 16:17:09 -0700 Subject: [PATCH 15/25] Add tools for summer workshop. --- deployments/datahub/images/default/apt.txt | 4 ++++ deployments/datahub/images/default/environment.yml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/deployments/datahub/images/default/apt.txt b/deployments/datahub/images/default/apt.txt index bf06395cd..550845f37 100644 --- a/deployments/datahub/images/default/apt.txt +++ b/deployments/datahub/images/default/apt.txt @@ -78,3 +78,7 @@ libgdal-dev libgeos-dev libproj-dev libmysqlclient-dev + +# 2024-08 workshop +# https://github.com/berkeley-dsep-infra/datahub/issues/5906 +man diff --git a/deployments/datahub/images/default/environment.yml b/deployments/datahub/images/default/environment.yml index 8086229e2..9c0f55e2c 100644 --- a/deployments/datahub/images/default/environment.yml +++ b/deployments/datahub/images/default/environment.yml @@ -103,6 +103,10 @@ dependencies: - jupyter-vscode-proxy==0.5 - code-server==4.10.1 +# 2024-08 workshop, #5908 +- tree +- ruff + - pip: # - -r /tmp/infra-requirements.txt # Econ 148, Spring 2023 https://github.com/berkeley-dsep-infra/datahub/issues/4093 From 00a8bc983604b5f0bfd04dd9333d9e4a5c6046c5 Mon Sep 17 00:00:00 2001 From: Ryan Lovett Date: Tue, 6 Aug 2024 09:48:27 -0700 Subject: [PATCH 16/25] Bump matplotlib. leafmap from #5887 requires a newer matplotlib. --- deployments/datahub/images/default/environment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployments/datahub/images/default/environment.yml b/deployments/datahub/images/default/environment.yml index 9c0f55e2c..ad0662be0 100644 --- a/deployments/datahub/images/default/environment.yml +++ b/deployments/datahub/images/default/environment.yml @@ -18,7 +18,7 @@ dependencies: # Base scientific packages that other conda packages we install depend on # We don't want to have conda packages depend on pip packages if possible - numpy=1.26.* -- matplotlib=3.7.* +- matplotlib=3.9.* - scipy=1.10.0 - ipympl=0.9.* - pandas==2.2.2 From 7a4e56e3c373979883c23fa17c74b53a4ea00884 Mon Sep 17 00:00:00 2001 From: Ryan Lovett Date: Tue, 6 Aug 2024 09:49:20 -0700 Subject: [PATCH 17/25] Move packages from pip section to conda. --- .../datahub/images/default/environment.yml | 22 +++++++++++-------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/deployments/datahub/images/default/environment.yml b/deployments/datahub/images/default/environment.yml index ad0662be0..e90499952 100644 --- a/deployments/datahub/images/default/environment.yml +++ b/deployments/datahub/images/default/environment.yml @@ -104,8 +104,17 @@ dependencies: - code-server==4.10.1 # 2024-08 workshop, #5908 -- tree -- ruff +- tree==2.1.3 +- ruff==0.5.6 + +# Stat 165/265 requires prophet, Spring, 2024 +- prophet==1.1.5 + +# [DH-319] https://github.com/berkeley-dsep-infra/datahub/issues/5827, ESPM 157 +- altair==5.3.0 +- leafmap==0.36.4 +- mystmd==1.3.1 +- jupyterlab-git==0.50.1 - pip: # - -r /tmp/infra-requirements.txt @@ -209,9 +218,6 @@ dependencies: # pulled in by ottr, if not pinned to 1.16.2, 1.16.3 causes DH-323 - jupytext==1.16.2 - # Stat 165/265 requires prophet, Spring, 2024 - - prophet==1.1.5 - # https://github.com/berkeley-dsep-infra/datahub/issues/5497 - ottr-force-save-labextension==0.1.1 @@ -223,8 +229,6 @@ dependencies: - rtree==1.2.0 # [DH-319] https://github.com/berkeley-dsep-infra/datahub/issues/5827, ESPM 157 - - altair==5.3.0 - ibis-framework[pandas]==9.2.0 - - leafmap==0.36.1 - - mystmd==1.3.0 - - jupyterlab-git==0.50.1 + + # ATTEMPT TO PUT NEW PACKAGES IN THE CONDA LIST ABOVE FIRST, RATHER THAN PIP From c483db565fc3be4473f66575871d29179553abf0 Mon Sep 17 00:00:00 2001 From: Ryan Lovett Date: Tue, 6 Aug 2024 11:52:19 -0700 Subject: [PATCH 18/25] mystmd requires nodejs >=18. We no longer need to pin nodejs to 16. --- deployments/datahub/images/default/environment.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/deployments/datahub/images/default/environment.yml b/deployments/datahub/images/default/environment.yml index e90499952..bda73d41e 100644 --- a/deployments/datahub/images/default/environment.yml +++ b/deployments/datahub/images/default/environment.yml @@ -2,7 +2,7 @@ # For conda, == is exact constraint, while = is fuzzy constraint. # pip uses https://peps.python.org/pep-0440/ which does not have =. dependencies: -- nodejs=16.* +- nodejs=18.* - traitlets=5.9.* - pip=22.2.* - python=3.11.* @@ -99,9 +99,8 @@ dependencies: - obspy==1.4.1 # Install VSCode for ESPM courses - https://github.com/berkeley-dsep-infra/datahub/issues/5716 -- nodejs=16 # code-server requires node < 17 -- jupyter-vscode-proxy==0.5 -- code-server==4.10.1 +- jupyter-vscode-proxy==0.6 +- code-server==4.23.1 # 2024-08 workshop, #5908 - tree==2.1.3 From b6074f4eb33ee1a7b2d5c30475383f41f6656d02 Mon Sep 17 00:00:00 2001 From: Ryan Lovett Date: Thu, 8 Aug 2024 10:08:34 -0700 Subject: [PATCH 19/25] Enable man. Enabling man could possibly bloat the datahub image. Undo this if it increases the size too much. --- deployments/datahub/images/default/Dockerfile | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/deployments/datahub/images/default/Dockerfile b/deployments/datahub/images/default/Dockerfile index 29f185043..5c53faf7a 100644 --- a/deployments/datahub/images/default/Dockerfile +++ b/deployments/datahub/images/default/Dockerfile @@ -21,6 +21,17 @@ RUN apt-get -qq update --yes && \ RUN adduser --disabled-password --gecos "Default Jupyter user" ${NB_USER} +# Do not exclude manpages from being installed. +RUN sed -i -e '/usr.share.man/s/^/#/' exclude + +# From docker-ce-packaging +# Remove diverted man binary to prevent man-pages being replaced with "minimized" message. See docker/for-linux#639 +RUN if [ "$(dpkg-divert --truename /usr/bin/man)" = "/usr/bin/man.REAL" ]; then \ + rm -f /usr/bin/man; \ + dpkg-divert --quiet --remove --rename /usr/bin/man; \ + fi +RUN mandb -c + # Install all apt packages COPY apt.txt /tmp/apt.txt RUN apt-get -qq update --yes && \ From 48258977e861e67ac50782eafaa8139e51dee4fb Mon Sep 17 00:00:00 2001 From: Ryan Lovett Date: Thu, 8 Aug 2024 10:12:34 -0700 Subject: [PATCH 20/25] Specify dpkg exclude file properly. --- deployments/datahub/images/default/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployments/datahub/images/default/Dockerfile b/deployments/datahub/images/default/Dockerfile index 5c53faf7a..ae893bf5e 100644 --- a/deployments/datahub/images/default/Dockerfile +++ b/deployments/datahub/images/default/Dockerfile @@ -22,7 +22,7 @@ RUN apt-get -qq update --yes && \ RUN adduser --disabled-password --gecos "Default Jupyter user" ${NB_USER} # Do not exclude manpages from being installed. -RUN sed -i -e '/usr.share.man/s/^/#/' exclude +RUN sed -i -e '/usr.share.man/s/^/#/' /etc/dpkg/dpkg.cfg.d/exclude # From docker-ce-packaging # Remove diverted man binary to prevent man-pages being replaced with "minimized" message. See docker/for-linux#639 From bda73ad96bcd90658fb92cd31a5794a1626109e2 Mon Sep 17 00:00:00 2001 From: Ryan Lovett Date: Thu, 8 Aug 2024 10:19:54 -0700 Subject: [PATCH 21/25] Reorder commands. --- deployments/datahub/images/default/Dockerfile | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/deployments/datahub/images/default/Dockerfile b/deployments/datahub/images/default/Dockerfile index ae893bf5e..5c5faf14e 100644 --- a/deployments/datahub/images/default/Dockerfile +++ b/deployments/datahub/images/default/Dockerfile @@ -21,6 +21,15 @@ RUN apt-get -qq update --yes && \ RUN adduser --disabled-password --gecos "Default Jupyter user" ${NB_USER} +# Install all apt packages +COPY apt.txt /tmp/apt.txt +RUN apt-get -qq update --yes && \ + apt-get -qq install --yes --no-install-recommends \ + $(grep -v ^# /tmp/apt.txt) && \ + apt-get -qq purge && \ + apt-get -qq clean && \ + rm -rf /var/lib/apt/lists/* + # Do not exclude manpages from being installed. RUN sed -i -e '/usr.share.man/s/^/#/' /etc/dpkg/dpkg.cfg.d/exclude @@ -30,16 +39,8 @@ RUN if [ "$(dpkg-divert --truename /usr/bin/man)" = "/usr/bin/man.REAL" ]; then rm -f /usr/bin/man; \ dpkg-divert --quiet --remove --rename /usr/bin/man; \ fi -RUN mandb -c -# Install all apt packages -COPY apt.txt /tmp/apt.txt -RUN apt-get -qq update --yes && \ - apt-get -qq install --yes --no-install-recommends \ - $(grep -v ^# /tmp/apt.txt) && \ - apt-get -qq purge && \ - apt-get -qq clean && \ - rm -rf /var/lib/apt/lists/* +RUN mandb -c # Create user owned R libs dir # This lets users temporarily install packages From 430d86597ebb2fffbabef80c13e84305f35c5430 Mon Sep 17 00:00:00 2001 From: Ryan Lovett Date: Thu, 8 Aug 2024 10:28:52 -0700 Subject: [PATCH 22/25] Pass correct path. --- deployments/datahub/images/default/Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deployments/datahub/images/default/Dockerfile b/deployments/datahub/images/default/Dockerfile index 5c5faf14e..49062d34d 100644 --- a/deployments/datahub/images/default/Dockerfile +++ b/deployments/datahub/images/default/Dockerfile @@ -21,6 +21,9 @@ RUN apt-get -qq update --yes && \ RUN adduser --disabled-password --gecos "Default Jupyter user" ${NB_USER} +# Do not exclude manpages from being installed. +RUN sed -i -e '/usr.share.man/s/^/#/' /etc/dpkg/dpkg.cfg.d/excludes + # Install all apt packages COPY apt.txt /tmp/apt.txt RUN apt-get -qq update --yes && \ @@ -30,9 +33,6 @@ RUN apt-get -qq update --yes && \ apt-get -qq clean && \ rm -rf /var/lib/apt/lists/* -# Do not exclude manpages from being installed. -RUN sed -i -e '/usr.share.man/s/^/#/' /etc/dpkg/dpkg.cfg.d/exclude - # From docker-ce-packaging # Remove diverted man binary to prevent man-pages being replaced with "minimized" message. See docker/for-linux#639 RUN if [ "$(dpkg-divert --truename /usr/bin/man)" = "/usr/bin/man.REAL" ]; then \ From 5f6f8ef3379841b77129d65f66229066de844ff9 Mon Sep 17 00:00:00 2001 From: Greg Merritt Date: Thu, 8 Aug 2024 11:09:07 -0700 Subject: [PATCH 23/25] common.yaml proxy update to match edx --- deployments/ugr01/config/common.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/deployments/ugr01/config/common.yaml b/deployments/ugr01/config/common.yaml index 851b5c2a9..f0343e413 100644 --- a/deployments/ugr01/config/common.yaml +++ b/deployments/ugr01/config/common.yaml @@ -12,6 +12,8 @@ jupyterhub: chp: nodeSelector: hub.jupyter.org/pool-name: core-pool-2024-07-07 + service: + type: LoadBalancer hub: nodeSelector: From 180801e1073587dae3159ccbee311bfa6d73485a Mon Sep 17 00:00:00 2001 From: Greg Merritt Date: Thu, 8 Aug 2024 11:23:16 -0700 Subject: [PATCH 24/25] load balancer IP added to staging --- deployments/ugr01/config/staging.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/deployments/ugr01/config/staging.yaml b/deployments/ugr01/config/staging.yaml index 66224c5a3..239815e25 100644 --- a/deployments/ugr01/config/staging.yaml +++ b/deployments/ugr01/config/staging.yaml @@ -9,6 +9,9 @@ jupyterhub: prePuller: continuous: enabled: false + proxy: + service: + loadBalancerIP: 34.72.254.237 ingress: enabled: true hosts: From 42df27857fd660fba7062f4f68a8f40c720d941a Mon Sep 17 00:00:00 2001 From: Greg Merritt Date: Thu, 8 Aug 2024 11:39:57 -0700 Subject: [PATCH 25/25] correcting load balancer IP --- deployments/ugr01/config/staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployments/ugr01/config/staging.yaml b/deployments/ugr01/config/staging.yaml index 239815e25..20f4cb24a 100644 --- a/deployments/ugr01/config/staging.yaml +++ b/deployments/ugr01/config/staging.yaml @@ -11,7 +11,7 @@ jupyterhub: enabled: false proxy: service: - loadBalancerIP: 34.72.254.237 + loadBalancerIP: 34.172.42.174 ingress: enabled: true hosts: