Merge pull request #25 from qingfengxia/dev

Dockerfile for centos8 with docker iamge ppp-centos uploaded to dockerhub

docker/Dockerfile_centos

@@ -0,0 +1,81 @@
+# command to build: docker build  --rm -f Dockerfile_centos  -t qingfengxia/ppp-centos .  --no-cache
+# docker push qingfengxia/ppp-centos:latest
+# Use multi-stage builds: https://docs.docker.com/develop/develop-images/multistage-build/
+# rebuild on top of local image (instead of base OS layer) for quick modification, run without `--rm`
+# docker build  -f Dockerfile_centos  -t qingfengxia/ppp-centos .
+
+# Base OS layer: 
+FROM centos:8
+
+LABEL name="ppp-centos" \
+    maintainer="qingfeng.xia @ UKAEA" \
+    version="0.3" \
+    description="parallel with OpenCASCADE"
+
+#USER root
+
+# avoid interactive timezone selection, ENV setting will affect child image
+# ENV TZ=Europe/London
+# RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
+
+# using yum command -y
+ENV DEBIAN_FRONTEND=noninteractive
+
+# centos-release-scl is only needed for cento 7.6 or lower
+# yum install epel-release centos-release-scl -y
+# the default cmake version is too low 2.8 for centos7
+
+# you must update before any yum install or add a repo
+# dnf group install "Development Tools" -y
+RUN   yum install epel-release -y && yum update -y && dnf groupinstall "Development Tools" -y \
+       && yum install wget  cmake  git python3 python3-devel -y
+
+
+RUN yum install tbb tbb-devel freetype freetype-devel fontconfig-devel freeimage freeimage-devel -y
+
+# for OpenCASCADE, openGL is needed for BUILD_MODULE_Visualization, and TKService
+RUN yum install libXmu-devel libX11-devel libXi-devel  -y
+
+# install those below if Draw module is enabled for building OpenCASCADE
+# yum install tk tcl tk-devel tcl-devel -y
+
+# these packages SDL2_image-devel  name maybe centos7, or needed by centos7 only
+RUN if test $(awk '/VERSION_ID=/' /etc/*-release | sed 's/VERSION_ID=//' | sed 's/\"//' | sed 's/\"$//' ) = "7" ; then \
+       yum install SDL2-devel  glew-devel  glm-devel  -y; \
+    fi
+
+# centos8 install fron non-official repo
+RUN if test $(awk '/VERSION_ID=/' /etc/*-release | sed 's/VERSION_ID=//' | sed 's/\"//' | sed 's/\"$//' ) = "8" ; then \
+        dnf --enablerepo=PowerTools install glew-devel glm-devel SDL2-devel -y; \
+    fi
+
+# install OpenCASCADE from official readonly repo is not working, it needs to upload ssh pubkey
+# https://old.opencascade.com/doc/occt-7.0.0/overview/html/occt_dev_guides__git_guide.html
+# git clone -b V7_4_0p1 [email protected]:occt occt
+
+RUN cd $HOME && wget "http://git.dev.opencascade.org/gitweb/?p=occt.git;a=snapshot;h=V7_4_0p1;sf=tgz" -O occt.tar.gz && \
+    tar -xzf occt.tar.gz 
+
+RUN cd $HOME && cd occt-* && \
+    mkdir build && cd build && \
+    cmake ..  -DUSE_TBB=ON -DBUILD_MODULE_Draw=OFF -DBUILD_MODULE_Visualization=OFF && \
+    make -j$(nproc) && \
+    make install && \
+    cd .. && rm -rf build
+
+
+ENV DISPLAY :0
+
+
+RUN cd $HOME && git clone https://github.com/ukaea/parallel-preprocessor.git && \
+    cd parallel-preprocessor && git submodule update --init --recursive && \
+    mkdir build && cd build && \
+    dnf install which -y && \
+    cmake .. -DPYTHON_EXECUTABLE=$(which python3) -DCMAKE_BUILD_TYPE=Release && \
+    make -j$(nproc) && \
+    make install && \
+    cd .. && rm -rf build
+
+#  pppGeomPipeline: error while loading shared libraries: libpppGeom.so: cannot open shared object file: No such file or directory
+# /usr/local/lib is not system LD path, the solution is below
+ENV LD_LIBRARY_PATH=/usr/local/lib

docker/Dockerfile_ppp_openmc

@@ -4,8 +4,7 @@
 # Changelog:  1) merge commands to improve performance
 #             2) add gmsh, ppp, occ_faceter, freecad
 #             3) both X11 and jupyter web interface should be supported
-#             4) ssh server
-#             5) base image can be selected from ubuntu:bionic (18.04), ubuntu:focal (20.04), jupyter/minimal-notebook
+#             4) base image can be selected from ubuntu:bionic (18.04), ubuntu:focal (20.04), jupyter/minimal-notebook
 ######################################
 #
 # build with the following command
@@ -26,8 +25,6 @@ FROM jupyter/minimal-notebook
 
 # only last CMD is working, if multiple CMD exists, interactive mode also suppress this CMD
 # jupyter can create a terminal, just like ssh
-# uncomment this CMD if the base image is not jupyter, assuming ssh server installation section is kept
-#CMD ["/usr/sbin/sshd","-D"]
 
 
 LABEL name="ppp_openmc" \
@@ -171,7 +168,7 @@ RUN cd /opt/openmc/ && python setup.py install && \
         cd .. && rm -rf build
 
 ## some python package is needed for openmc
-RUN pip install neutronics_material_maker --user
+RUN pip install neutronics_material_maker
 
 # Oct 2020, openmc must be installed to /opt/openmc, to install this parametric-plasma-source
 RUN pip install git+https://github.com/open-radiation-sources/parametric-plasma-source.git
@@ -182,26 +179,6 @@ ENV LD_LIBRARY_PATH=$HOME/MOAB/lib:$HOME/DAGMC/lib
 ENV PATH=$PATH:$HOME/MOAB/bin:/opt/openmc/bin:$HOME/DAGMC/bin
 
 
-####################  
-install ssh server 
-####################
-RUN apt install  openssh-server  nano  -y
-
-# to enable X11 forwarding via ssh
-RUN echo "ForwardX11 yes" >> /etc/ssh/ssh_config &&  echo "ForwardX11Trusted no" >> /etc/ssh/ssh_config 
-
-# use UID 1001, as 1000 has been used by another user
-RUN useradd -rm -d /home/ubuntu -s /bin/bash -g root -G sudo -u 1001 test 
-
-# set password for the user test as "test"
-RUN  echo 'test:test' | chpasswd
-RUN service ssh start
-
-# expose port, the default
-EXPOSE 22
-##################
-
-
 ##############  
 ## install gmsh and pygmsh 
 ##############
@@ -262,6 +239,10 @@ ENV OPENMC_CROSS_SECTIONS=$MAT_DIR/cross_sections.xml
 # for jupyter to work:  switch to USER $NB_USER
 USER $NB_USER
 
+# for ssh login user to have path setup
+RUN echo "export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$HOME/MOAB/lib:$HOME/DAGMC/lib" >> $HOME/.bashrc
+RUN echo "export PATH=$PATH:$HOME/MOAB/bin:/opt/openmc/bin:$HOME/DAGMC/bin"  >> $HOME/.bashrc
+
 RUN git clone -b develop https://github.com/ukaea/openmc_workshop
 # currently there is some bug stop install parametric_plasma_source 
 #RUN cd openmc_workshop && pip install -r requirements.txt

docker/Dockerfile_ssh

@@ -0,0 +1,65 @@
+# this layer add ssh, X11 forwarding, sudo capacity
+# it can be based on any image, to add ssh access feature
+#       mkdir .ssh
+#       ssh-keygen -b 1024 -t rsa -f .ssh/ssh_host_key_rsa
+# build with the following command (in the folder where pubkey has been generated)
+#       sudo docker build -f Dockerfile_ssh -t  ppp_openmc_ssh . --no-cache
+
+# To test ssh X11Forwarding
+# 1) client must have been tested to be working with X11 forwarding with other remote ssh server
+#    debug connection by -v option  `ssh -vv -Y -p 2222 [email protected]`
+# 2) user root is not usually allowed to do X11 forwarding, 
+#
+# if can not open DISPLAY, check if -X or -Y option has been set in ssh client command
+# 
+# error "X11 forwarding request failed on channel 0"
+# solved by adding `X11UseLocalhost no`  `X11Forwarding yes`  to  /etc/ssh/sshd_config
+############################################################################
+
+FROM qingfengxia/ppp_openmc
+
+USER root
+
+####################  
+# install ssh server 
+####################
+RUN apt-get install  openssh-server  nano  -y
+
+################# ssh user ####################
+
+
+# change password, add to sudo group
+RUN  echo 'jovyan:test' | chpasswd  && usermod -aG sudo $NB_USER
+
+# Allow members of group sudo to execute any command
+# TAB key causes some trouble,  use more spaces before "ALL=" seems working
+RUN echo "%sudo    ALL=(ALL:ALL) ALL" >> /etc/sudoers
+# if above still not working add this user to /etc/sudoers
+#RUN echo "$NB_USER	        ALL=(ALL:ALL) ALL" >> /etc/sudoers
+
+############### host key setup #################
+# https://nickjanetakis.com/blog/docker-tip-56-volume-mounting-ssh-keys-into-a-docker-container
+# copy the ssh key from host, so to fix the host public key when rebuilding the image
+
+COPY .ssh /root/.ssh
+RUN  chmod 700 /root/.ssh && \
+     chmod 644 /root/.ssh/ssh_host_key_rsa.pub && \
+     chmod 600 /root/.ssh/ssh_host_key_rsa
+
+RUN  cp /root/.ssh/ssh_host_key_rsa.pub  /etc/ssh/ && \
+        cp /root/.ssh/ssh_host_key_rsa /etc/ssh/
+
+# sshd_config has been modified by adding those lines
+# to enable X11 forwarding via ssh, by default has been enabled
+RUN echo "X11Forwarding yes" >> /etc/ssh/sshd_config  && echo "X11UseLocalhost no" >> /etc/ssh/sshd_config
+RUN echo "HostKey /etc/ssh/ssh_host_key_rsa" >> /etc/ssh/sshd_config
+
+# expose port, the default port
+EXPOSE 22
+##################
+
+
+CMD ["/usr/sbin/sshd", "-D"]
+
+
+USER $NB_USER

docker/README.md

@@ -1,13 +1,13 @@
 # Parallel-preprocessor in Docker
 
-Since binary packages are available for Ubuntu, fedora and Debian, there is no need to provide Dockerfile on each platforms, but Docker based on centos would be sufficient. 
+Since binary packages are available for Ubuntu, fedora and Debian, there is no need to provide Dockerfile on each platforms, but only one Docker image based on centos will be maintained
 
-## Readme for ppp_centos docker image
+## Readme for ppp-centos docker image
 
-`docker pull qingfengxia/ppp_centos`
-
-This is should be small image with only occt  and ppp; both are compiled from source.
+`docker pull qingfengxia/ppp-centos`
+This is should be a small image (size 1.6 GB) based on centos8, with only occt (v7.4)  and PPP compiled from source.
 
+It is designed for any user want to try ppp using docker. 
 
 ## Readme for ppp_openmc docker image
 
@@ -17,7 +17,8 @@ Note: this image is large, about 10 GB
 
 ## Get the docker image
 
-`docker pull qingfengxia/ppp_openmc`
+`docker pull qingfengxia/ppp_openmc`  for jupyter notebook way
+`docker pull qingfengxia/ppp_openmc_ssh`  for jupyter notebook and ssh ways, it is based on image `qingfengxia/ppp_openmc`
 
 https://hub.docker.com/repository/docker/qingfengxia/ppp_openmc
 
@@ -27,7 +28,7 @@ The docker image is based on `jupyter/mini-notebook` , but it can be switched to
 
 ## Use this image 
 
-There are 3 ways to use this docker image, choose the one you like
+There are 3 ways to use these docker images, choose the one you like
 
 ### 1. The jupyter notebook way
 
@@ -44,7 +45,7 @@ https://jupyter-docker-stacks.readthedocs.io/en/latest/using/common.html
 
 > -e GRANT_SUDO=yes - Instructs the startup script to grant the NB_USER user passwordless sudo capability. You do not need this option to allow the user to conda or pip install additional packages. This option is useful, however, when you wish to give $NB_USER the ability to install OS packages with apt or modify other root-owned files in the container. For this option to take effect, you must run the container with --user root. (The start-notebook.sh script will su $NB_USER after adding $NB_USER to sudoers.) You should only enable sudo if you trust the user or if the container is running on an isolated host.
 
-### 2. X11 forwarding on local machine
+### 2. X11 forwarding on local Linux host machine  (deprecated as X11 via SSH is more convenient)
 
 to get an interative bash shell, as ubuntu 20.04
 
@@ -68,24 +69,24 @@ See  https://medium.com/@l10nn/running-x11-applications-with-docker-75133178d090
 
 ### 3. SSH remote shell 
 SSH has also X11 forwarding turned on
-`docker run --rm -p 2222:22  -e GRANT_SUDO=yes  --user root  -it ppp_openmc bash ` then start the ssh server by `sudo service ssh start `
+`docker run --rm -p 2222:22 -p 8888:8888  -e GRANT_SUDO=yes  --user root  -it ppp_openmc_ssh bash ` then start the ssh server by `sudo service ssh start `
 
 This argument `-p 2222:22` map container's port 22 to host 2222 port. 
-To access this container by ssh: 
-either `ssh localhost -p 2222` or  `ssh <container_ip> -p 22`
+To access this container by ssh  (-v means verbose,  -Y means X11 forwarding): 
+either `ssh -v -Y localhost -p 2222` or  `ssh -v -Y <container_ip> -p 22`  
 
 see also [How to setup an ssh server within a docker container](https://phoenixnap.com/kb/how-to-ssh-into-docker-container)
 rebuild the image will change ssh server public key, as the ssh server installation  will generate new key pair each time.
 
-#### user name and password for ssh both “test”
+#### user name is "jovyan" and password is “test”
 
 On Ubuntu, install the `sshpass` package, then use it like this:  `sshpass -p 'YourPassword' ssh user@host` 
 
 #### start ssh server automatically
 
-Automatically start the ssh server is possible by uncomment `CMD ["/usr/sbin/sshd","-D"]`  in Dockerfile if **Rebuild with ubuntu:focal as the base image**. 
+Automatically start the ssh server is possible by `CMD ["/usr/sbin/sshd","-D"]`  in Dockerfile_ssh, if the docker container is running non-interactively (without -it option) 
 
-Currently, `CMD ["/usr/sbin/sshd","-D"]`  is commented out, because it will override the jupyter’s start_notebook CMD. 
+In Dockerfile_ssh, the line `CMD ["/usr/sbin/sshd","-D"]` will override the jupyter’s start_notebook CMD. 
 
 > Multiple CMD commands:  In principle, there should only be one CMD command in your Dockerfile. When CMD is used multiple times, only the last instance is executed.
    https://www.educative.io/edpresso/what-is-the-cmd-command-in-docker
@@ -94,7 +95,6 @@ Currently, `CMD ["/usr/sbin/sshd","-D"]`  is commented out, because it will over
 ### Rebuild with ubuntu:focal as the base image
 change in Dockerfile before build:  
    1) FROM   ubuntu:focal        
-   2) uncomment  `CMD ["/usr/sbin/sshd","-D"]`
 Then build with command line, 
 `sudo docker build -f  -e NB_USER=root Dockerfile_ppp_openmc -t  ppp_openmc . --no-cache`
 

wiki/BuildOnLinux.md

@@ -170,19 +170,7 @@ yum install opencascade-draw, opencascade-foundation,  opencascade-modeling,  op
 
 #### Option 2: Download the opencascade source code and compile from source.
 
- if not in package repository
-
-```bash
-###### dependencies needed to build OpenCASCADE from source ##########
-# for OpenCASCADE, openGL is needed
-yum install tbb tbb-devel freetype freetype-devel freeimage freeimage-devel -y \
-        && yum install libXmu-devel libXi-devel glew-devel SDL2-devel SDL2_image-devel glm-devel -y
-# install those below if draw module is enabled for building OpenCASCADE
-yum install tk tcl tk-devel tcl-devel -y
-
-# package name distinguish capital letter, while debian name is just  libxmu
-yum install  openmpi-devel boost-devel -y
-```
+ Compile opencascade if not available in package repository, e.g. centos 7/8,  see the "Dockerfile_centos" file for updated instructions.
 
 To get the latest source code from [OCCT official website](https://www.opencascade.com/), you need register (free of charge). Registered user may setup public ssh key and get readonly access to the occt repo
 `git clone -b V7_4_0p1 [email protected]:occt occt`
@@ -200,7 +188,7 @@ tar -xzf occt.tar.gz
 cd occt-*
 mkdir build
 cd build
-cmake .. 
+cmake .. -DUSE_TBB=ON -DBUILD_MODULE_Draw=OFF
 make -j$(nproc)
 sudo make install
 # by default install to the prefix: /usr/local/