From 5705f515b7f132f5e65dffab43a6eb464eeec0d9 Mon Sep 17 00:00:00 2001 From: Cory Latschkowski Date: Wed, 1 Nov 2023 18:09:17 -0500 Subject: [PATCH] add: cuda and python containers w/ gh actions --- .github/workflows/build-udi-cuda-11.8.0.yaml | 123 +++++++++++++ .github/workflows/build-udi-cuda-12.2.0.yaml | 123 +++++++++++++ .gitignore | 178 +++++++++++++++++++ python/README.md | 41 +++++ python/ubi8/3.11/Dockerfile | 23 +++ python/ubi8/3.9/Dockerfile | 23 +++ udi-cuda/README.md | 39 ++++ udi-cuda/ubi8/Dockerfile | 73 ++++++++ udi-cuda/ubi8/entrypoint.sh | 41 +++++ 9 files changed, 664 insertions(+) create mode 100644 .github/workflows/build-udi-cuda-11.8.0.yaml create mode 100644 .github/workflows/build-udi-cuda-12.2.0.yaml create mode 100644 .gitignore create mode 100644 python/README.md create mode 100644 python/ubi8/3.11/Dockerfile create mode 100644 python/ubi8/3.9/Dockerfile create mode 100644 udi-cuda/README.md create mode 100644 udi-cuda/ubi8/Dockerfile create mode 100755 udi-cuda/ubi8/entrypoint.sh diff --git a/.github/workflows/build-udi-cuda-11.8.0.yaml b/.github/workflows/build-udi-cuda-11.8.0.yaml new file mode 100644 index 00000000..f86798ad --- /dev/null +++ b/.github/workflows/build-udi-cuda-11.8.0.yaml @@ -0,0 +1,123 @@ +name: Publish Build 11.8.0 + +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +on: # yamllint disable-line rule:truthy + # schedule: + # - cron: '5 4 * * 6' + push: + branches: ["*"] + # Publish semver tags as releases. + # tags: ["v*.*.*"] + paths: + - ".github/workflows/**" + - "udi-cuda/ubi8/**" + - "python/ubi8/**" + pull_request: + branches: ["main"] + paths: + - "udi-cuda/ubi8/**" + - "python/ubi8/**" + +env: + IMAGE_NAME: udi-cuda + IMAGE_VERSION: 11.8.0 + GHCR_REGISTRY: ghcr.io + GHCR_USER: ${{ github.repository_owner }} + GHCR_IMAGE: ${GHCR_REGISTRY}/${GHCR_USER}/${IMAGE_NAME} + + +jobs: + publish: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4.1.0 + + - name: Prepare + id: prep + run: | + VERSION=${{ env.IMAGE_VERSION }} + GHCR_IMAGE=${{ env.GHCR_IMAGE }} + MINOR=${VERSION%.*} + MAJOR=${VERSION%%.*} + TAGS="${GHCR_IMAGE}:${VERSION}" + echo ::set-output name=name::${{ env.IMAGE_NAME }} + echo ::set-output name=tags::${TAGS} + echo ::set-output name=version::${VERSION} + echo ::set-output name=ghcr_image::${GHCR_IMAGE} + + # https://github.com/docker/login-action + - name: Log into GitHub Container Registry + if: github.event_name != 'pull_request' + uses: docker/login-action@v3.0.0 + with: + registry: ${{ env.GHCR_REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + # https://github.com/docker/build-push-action + - name: Build and push runtime + uses: docker/build-push-action@v5.0.0 + with: + context: containers/${{ steps.prep.outputs.name }}/ubi8 + file: containers/${{ steps.prep.outputs.name }}/ubi8/Dockerfile + push: ${{ github.event_name != 'pull_request' }} + build-args: | + IMAGE_NAME=docker.io/nvidia/cuda:${{ steps.prep.outputs.version }}-cudnn8-runtime-ubi8 + TARGETARCH=amd64 + tags: ${{ steps.prep.outputs.tags }}-cudnn8-runtime-ubi8 + labels: org.opencontainers.image.version=${{ steps.prep.outputs.version }}-cudnn8-runtime-ubi8 + + # https://github.com/docker/build-push-action + - name: Build and push devel + uses: docker/build-push-action@v5.0.0 + with: + context: containers/${{ steps.prep.outputs.name }}/ubi8 + file: containers/${{ steps.prep.outputs.name }}/ubi8/Dockerfile + push: ${{ github.event_name != 'pull_request' }} + build-args: | + IMAGE_NAME=docker.io/nvidia/cuda:${{ steps.prep.outputs.version }}-cudnn8-devel-ubi8 + TARGETARCH=amd64 + tags: ${{ steps.prep.outputs.tags }}-cudnn8-devel-ubi8 + labels: org.opencontainers.image.version=${{ steps.prep.outputs.version }}-cudnn8-devel-ubi8 + + # https://github.com/docker/build-push-action + - name: Build and push devel python 3.9 + uses: docker/build-push-action@v5.0.0 + with: + context: python/ubi8/3.9 + file: python/ubi8/3.9/Dockerfile + push: ${{ github.event_name != 'pull_request' }} + build-args: | + IMAGE_NAME=${{ steps.prep.outputs.ghcr_image }}:${{ steps.prep.outputs.version }}-cudnn8-devel-ubi8 + TARGETARCH=amd64 + tags: ${{ steps.prep.outputs.tags }}-cudnn8-devel-ubi8-python39,${{ steps.prep.outputs.ghcr_image }}:latest + labels: org.opencontainers.image.version=${{ steps.prep.outputs.version }}-cudnn8-devel-ubi8-python39 + + # https://github.com/docker/build-push-action + - name: Build and push devel python 3.11 + uses: docker/build-push-action@v5.0.0 + with: + context: python/ubi8/3.11 + file: python/ubi8/3.11/Dockerfile + push: ${{ github.event_name != 'pull_request' }} + build-args: | + IMAGE_NAME=${{ steps.prep.outputs.ghcr_image }}:${{ steps.prep.outputs.version }}-cudnn8-devel-ubi8 + TARGETARCH=amd64 + tags: ${{ steps.prep.outputs.tags }}-cudnn8-devel-ubi8-python311 + labels: org.opencontainers.image.version=${{ steps.prep.outputs.version }}-cudnn8-devel-ubi8-python311 \ No newline at end of file diff --git a/.github/workflows/build-udi-cuda-12.2.0.yaml b/.github/workflows/build-udi-cuda-12.2.0.yaml new file mode 100644 index 00000000..8f28d4db --- /dev/null +++ b/.github/workflows/build-udi-cuda-12.2.0.yaml @@ -0,0 +1,123 @@ +name: Publish Build 12.2.0 + +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +on: # yamllint disable-line rule:truthy + # schedule: + # - cron: '5 4 * * 6' + push: + branches: ["*"] + # Publish semver tags as releases. + # tags: ["v*.*.*"] + paths: + - ".github/workflows/**" + - "udi-cuda/ubi8/**" + - "python/ubi8/**" + pull_request: + branches: ["main"] + paths: + - "udi-cuda/ubi8/**" + - "python/ubi8/**" + +env: + IMAGE_NAME: udi-cuda + IMAGE_VERSION: 12.2.0 + GHCR_REGISTRY: ghcr.io + GHCR_USER: ${{ github.repository_owner }} + GHCR_IMAGE: ${GHCR_REGISTRY}/${GHCR_USER}/${IMAGE_NAME} + + +jobs: + publish: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4.1.0 + + - name: Prepare + id: prep + run: | + VERSION=${{ env.IMAGE_VERSION }} + GHCR_IMAGE=${{ env.GHCR_IMAGE }} + MINOR=${VERSION%.*} + MAJOR=${VERSION%%.*} + TAGS="${GHCR_IMAGE}:${VERSION}" + echo ::set-output name=name::${{ env.IMAGE_NAME }} + echo ::set-output name=tags::${TAGS} + echo ::set-output name=version::${VERSION} + echo ::set-output name=ghcr_image::${GHCR_IMAGE} + + # https://github.com/docker/login-action + - name: Log into GitHub Container Registry + if: github.event_name != 'pull_request' + uses: docker/login-action@v3.0.0 + with: + registry: ${{ env.GHCR_REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + # https://github.com/docker/build-push-action + - name: Build and push runtime + uses: docker/build-push-action@v5.0.0 + with: + context: containers/${{ steps.prep.outputs.name }}/ubi8 + file: containers/${{ steps.prep.outputs.name }}/ubi8/Dockerfile + push: ${{ github.event_name != 'pull_request' }} + build-args: | + IMAGE_NAME=docker.io/nvidia/cuda:${{ steps.prep.outputs.version }}-runtime-ubi8 + TARGETARCH=amd64 + tags: ${{ steps.prep.outputs.tags }}-runtime-ubi8 + labels: org.opencontainers.image.version=${{ steps.prep.outputs.version }}-runtime-ubi8 + + # https://github.com/docker/build-push-action + - name: Build and push devel + uses: docker/build-push-action@v5.0.0 + with: + context: containers/${{ steps.prep.outputs.name }}/ubi8 + file: containers/${{ steps.prep.outputs.name }}/ubi8/Dockerfile + push: ${{ github.event_name != 'pull_request' }} + build-args: | + IMAGE_NAME=docker.io/nvidia/cuda:${{ steps.prep.outputs.version }}-devel-ubi8 + TARGETARCH=amd64 + tags: ${{ steps.prep.outputs.tags }}-devel-ubi8 + labels: org.opencontainers.image.version=${{ steps.prep.outputs.version }}-devel-ubi8 + + # https://github.com/docker/build-push-action + - name: Build and push devel python 3.9 + uses: docker/build-push-action@v5.0.0 + with: + context: python/ubi8/3.9 + file: python/ubi8/3.9/Dockerfile + push: ${{ github.event_name != 'pull_request' }} + build-args: | + IMAGE_NAME=${{ steps.prep.outputs.ghcr_image }}:${{ steps.prep.outputs.version }}-devel-ubi8 + TARGETARCH=amd64 + tags: ${{ steps.prep.outputs.tags }}-devel-ubi8-python39 + labels: org.opencontainers.image.version=${{ steps.prep.outputs.version }}-devel-ubi8-python39 + + # https://github.com/docker/build-push-action + - name: Build and push devel python 3.11 + uses: docker/build-push-action@v5.0.0 + with: + context: python/ubi8/3.11 + file: python/ubi8/3.11/Dockerfile + push: ${{ github.event_name != 'pull_request' }} + build-args: | + IMAGE_NAME=${{ steps.prep.outputs.ghcr_image }}:${{ steps.prep.outputs.version }}-devel-ubi8 + TARGETARCH=amd64 + tags: ${{ steps.prep.outputs.tags }}-devel-ubi8-python311 + labels: org.opencontainers.image.version=${{ steps.prep.outputs.version }}-devel-ubi8-python311 \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..09c43ffc --- /dev/null +++ b/.gitignore @@ -0,0 +1,178 @@ +# custom excludes +data/ +scratch/ +files.txt +bootstrap/sealed-secrets-secret.yaml + +dictionary.dic + +# swap files +*~ +.*~ +*.swp +.*.swp +*.swo + +# bfg - because we never commit large data or passwords to git +..bfg-report/ + +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +share/python-wheels/ +*.egg-info/ +.installed.cfg +*.egg +MANIFEST + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.nox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +*.py,cover +.hypothesis/ +.pytest_cache/ +cover/ + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py +db.sqlite3 +db.sqlite3-journal + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +.pybuilder/ +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# IPython +profile_default/ +ipython_config.py + +# pyenv +# For a library or package, you might want to ignore these files since the code is +# intended to run in multiple environments; otherwise, check them in: +# .python-version + +# pipenv +# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. +# However, in case of collaboration, if having platform-specific dependencies or dependencies +# having no cross-platform support, pipenv may install dependencies that don't work, or not +# install all needed dependencies. +#Pipfile.lock + +# poetry +# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control. +# This is especially recommended for binary packages to ensure reproducibility, and is more +# commonly ignored for libraries. +# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control +#poetry.lock + +# pdm +# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control. +#pdm.lock +# pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it +# in version control. +# https://pdm.fming.dev/#use-with-ide +.pdm.toml + +# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm +__pypackages__/ + +# Celery stuff +celerybeat-schedule +celerybeat.pid + +# SageMath parsed files +*.sage.py + +# Environments +.env +.venv +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ +.dmypy.json +dmypy.json + +# Pyre type checker +.pyre/ + +# pytype static type analyzer +.pytype/ + +# Cython debug symbols +cython_debug/ + +# PyCharm +# JetBrains specific template is maintained in a separate JetBrains.gitignore that can +# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore +# and can be added to the global gitignore or merged into this file. For a more nuclear +# option (not recommended) you can uncomment the following to ignore the entire idea folder. +.idea/ diff --git a/python/README.md b/python/README.md new file mode 100644 index 00000000..4c610feb --- /dev/null +++ b/python/README.md @@ -0,0 +1,41 @@ +# Info + +Dependencies can be created as container layers building upon a base image. + +Specifically we are installing dependencies for Python on a udi-cuda base. + +## Quickstart + +``` +cd ubi8/3.9 + +BASE_IMAGE=ghcr.io/redhat-na-ssa/udi-cuda:11.8.0-cudnn8-devel-ubi8 + +# local build - runtime +podman build . \ + -t udi-cuda:11.8.0-cudnn8-runtime-ubi8-python39 \ + --build-arg IMAGE_NAME=${BASE_IMAGE} + +# local build - devel +podman build . \ + -t udi-cuda:11.8.0-cudnn8-devel-ubi8-python39 \ + --build-arg IMAGE_NAME=${BASE_IMAGE} + +cd ubi8/3.11 + +# local build - runtime +podman build . \ + -t udi-cuda:11.8.0-cudnn8-runtime-ubi8-python311 \ + --build-arg IMAGE_NAME=${BASE_IMAGE} + +# local build - devel +podman build . \ + -t udi-cuda:11.8.0-cudnn8-devel-ubi8-python311 \ + --build-arg IMAGE_NAME=${BASE_IMAGE} +``` + +## Links + +- [Dev Spaces - Developer Images](https://github.com/devfile/developer-images) + +## Notes diff --git a/python/ubi8/3.11/Dockerfile b/python/ubi8/3.11/Dockerfile new file mode 100644 index 00000000..12249501 --- /dev/null +++ b/python/ubi8/3.11/Dockerfile @@ -0,0 +1,23 @@ +# syntax=docker/dockerfile:1.3-labs +ARG IMAGE_NAME=ghcr.io/redhat-na-ssa/udi-cuda:11.8.0-cudnn8-devel-ubi8 +FROM ${IMAGE_NAME} + +# cherry picked from below +# https://github.com/devfile/developer-images/blob/main/base/ubi8/Dockerfile + +# labels for container catalog +LABEL summary="Python 3.11 devfile base developer image" +LABEL description="Python 3.11 image with base developers tools" +LABEL io.k8s.display-name="python-3.11-devfile-developer-base" +LABEL io.openshift.expose-services="" + +USER 0 + +# install: python +RUN yum install -y python311 python3.11-pip && \ + alternatives --set python /usr/bin/python3.11 && \ + ln -sf /usr/bin/pip3.11 /usr/bin/pip && \ + yum clean all && \ + rm -rf /var/cache/yum/* + +USER 1001 diff --git a/python/ubi8/3.9/Dockerfile b/python/ubi8/3.9/Dockerfile new file mode 100644 index 00000000..e7609e73 --- /dev/null +++ b/python/ubi8/3.9/Dockerfile @@ -0,0 +1,23 @@ +# syntax=docker/dockerfile:1.3-labs +ARG IMAGE_NAME=ghcr.io/redhat-na-ssa/udi-cuda:11.8.0-cudnn8-devel-ubi8 +FROM ${IMAGE_NAME} + +# cherry picked from below +# https://github.com/devfile/developer-images/blob/main/base/ubi8/Dockerfile + +# labels for container catalog +LABEL summary="Python 3.9 devfile base developer image" +LABEL description="Python 3.9 image with base developers tools" +LABEL io.k8s.display-name="python-3.9-devfile-developer-base" +LABEL io.openshift.expose-services="" + +USER 0 + +# install: python +RUN yum install -y python39 && \ + alternatives --set python /usr/bin/python3.9 && \ + ln -sf /usr/bin/pip3.9 /usr/bin/pip && \ + yum clean all && \ + rm -rf /var/cache/yum/* + +USER 1001 diff --git a/udi-cuda/README.md b/udi-cuda/README.md new file mode 100644 index 00000000..112d0b5e --- /dev/null +++ b/udi-cuda/README.md @@ -0,0 +1,39 @@ +# Info + +Universal Developer Images (UDI) are containers that can be used +in OpenShift Dev Spaces. + +Containers usable for Dev Spaces can use the [upstream container +build from Nvidia](https://hub.docker.com/r/nvidia/cuda) + +## Quickstart + +``` +cd ubi8 + +# local build - runtime +podman build . \ + -t udi-cuda:11.8.0-cudnn8-runtime-ubi8 \ + --build-arg IMAGE_NAME=docker.io/nvidia/cuda:11.8.0-cudnn8-runtime-ubi8 + +# local build - devel +podman build . \ + -t udi-cuda:11.8.0-cudnn8-devel-ubi8 \ + --build-arg IMAGE_NAME=docker.io/nvidia/cuda:11.8.0-cudnn8-devel-ubi8 + +# local build - runtime +podman build . \ + -t udi-cuda:12.2.0-runtime-ubi8 \ + --build-arg IMAGE_NAME=docker.io/nvidia/cuda:12.2.0-runtime-ubi8 + +# local build - devel +podman build . \ + -t udi-cuda:12.2.0-devel-ubi8 \ + --build-arg IMAGE_NAME=docker.io/nvidia/cuda:12.2.0-devel-ubi8 +``` + +## Links + +- [Nvidia - CUDA Container Sources](https://gitlab.com/nvidia/container-images/cuda.git) + +## Notes diff --git a/udi-cuda/ubi8/Dockerfile b/udi-cuda/ubi8/Dockerfile new file mode 100644 index 00000000..6e21f15c --- /dev/null +++ b/udi-cuda/ubi8/Dockerfile @@ -0,0 +1,73 @@ +# syntax=docker/dockerfile:1.3-labs +ARG IMAGE_NAME=docker.io/nvidia/cuda:11.8.0-cudnn8-devel-ubi8 +# hadolint ignore=DL3006 +FROM ${IMAGE_NAME} + +# cherry picked from below +# https://github.com/devfile/developer-images/blob/main/base/ubi8/Dockerfile + +# labels for container catalog +LABEL summary="devfile base developer image" +LABEL description="Python image with base developers tools" +LABEL io.k8s.display-name="devfile-developer-base" +LABEL io.openshift.expose-services="" + +USER 0 + +# install: common tools +# hadolint ignore=DL3033 +RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \ + yum install -y bash curl diffutils git git-lfs iproute jq less lsof man nano procps p7zip p7zip-plugins \ + perl-Digest-SHA net-tools openssh-clients rsync socat sudo time vim wget zip && \ + yum clean all && \ + rm -rf /var/cache/yum/* + +# install: other bins +RUN yum install -y libGL bash-completion && \ + yum clean all && \ + rm -rf /var/cache/yum/* + +# install: oc,tkn +# todo: install cli tools during env init / not in container +ARG OC4_URL="https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable/openshift-client-linux.tar.gz" +ARG TKN_URL="https://mirror.openshift.com/pub/openshift-v4/clients/pipeline/latest/tkn-linux-amd64.tar.gz" + +SHELL ["/bin/bash", "-o", "pipefail", "-c"] +RUN curl -sL "${OC4_URL}" | \ + tar -C /usr/local/bin -vzxf- oc kubectl && \ + /usr/local/bin/oc completion bash > /etc/bash_completion.d/oc && \ + echo "source /etc/bash_completion.d/oc" >> /etc/skel/.bashrc && \ + curl -sL "${TKN_URL}" | \ + tar -C /usr/local/bin -vzxf- --no-same-owner tkn && \ + /usr/local/bin/tkn completion bash > /etc/bash_completion.d/tkn && \ + echo "source /etc/bash_completion.d/tkn" >> /etc/skel/.bashrc + +# install: entrypoint +COPY --chown=0:0 entrypoint.sh / + +# setup: user +# hadolint ignore=SC2016 +RUN \ + # setup $PS1 prompt + echo "export PS1='\W \`git branch --show-current 2>/dev/null | sed -r -e \"s@^(.+)@\(\1\) @\"\`$ '" >> /etc/skel/.bashrc && \ + echo 'NVIDIA_ENTRYPOINT=/opt/nvidia/entrypoint.d' >> /etc/skel/.bashrc && \ + echo '[ -d "${NVIDIA_ENTRYPOINT}" ] && cat "${NVIDIA_ENTRYPOINT}"/*.txt' >> /etc/skel/.bashrc && \ + # copy global git configuration to user config + cp /etc/gitconfig /etc/skel/.gitconfig && \ + useradd -u 1001 \ + -G wheel,root \ + -d /home/user \ + --shell /bin/bash \ + -m user && \ + # Set permissions on /etc/passwd and /home to allow users to write + chgrp -R 0 /home && \ + chmod -R g=u /etc/passwd /etc/group /home && \ + chmod +x /entrypoint.sh + +USER 1001 +ENV HOME=/home/user +VOLUME /home/user + +WORKDIR /projects +ENTRYPOINT [ "/entrypoint.sh" ] +CMD ["sleep", "infinity"] diff --git a/udi-cuda/ubi8/entrypoint.sh b/udi-cuda/ubi8/entrypoint.sh new file mode 100755 index 00000000..e3a765bd --- /dev/null +++ b/udi-cuda/ubi8/entrypoint.sh @@ -0,0 +1,41 @@ +#!/bin/bash + +# Ensure $HOME exists when starting +if [ ! -d "${HOME}" ]; then + mkdir -p "${HOME}" +fi + +# kludge: initalize home +cp -an /etc/skel/.{bash,profile,gitconfig}* ${HOME} 2>/dev/null || true + +# Add current (arbitrary) user to /etc/passwd and /etc/group +if ! whoami &> /dev/null; then + if [ -w /etc/passwd ]; then + echo "${USER_NAME:-user}:x:$(id -u):0:${USER_NAME:-user} user:${HOME}:/bin/bash" >> /etc/passwd + echo "${USER_NAME:-user}:x:$(id -u):" >> /etc/group + fi +fi + +# fix: ssh perms +# address issue for some storage classes +# where sticky bit in home modifies +# .ssh folder on pod restarts +if [ -f ${HOME}/.ssh/id_rsa ]; then + chmod 700 ${HOME}/.ssh + chmod 600 ${HOME}/.ssh/id_rsa* + + if [ -f ${HOME}/.ssh/known_hosts ]; then + chmod 600 ${HOME}/.ssh/known_hosts + fi +fi + +# notice: show attribution +NVIDIA_ENTRYPOINT=/opt/nvidia/nvidia_entrypoint.sh + +[ -e /NGC-DL-CONTAINER-LICENSE ] && cat /NGC-DL-CONTAINER-LICENSE + +if [ -e "${NVIDIA_ENTRYPOINT}" ]; then + "${NVIDIA_ENTRYPOINT}" "$@" +else + exec "$@" +fi