S3 bucket script #624
S3 bucket script #624
Conversation
There was a problem hiding this comment.
I tested on my Ubuntu machine, and it's also working there. I'll check with Bryan from TechOps to see if he has any security concerns with running the container like this.
Reviewed 1 of 3 files at r1, all commit messages.
Reviewable status: 1 of 3 files reviewed, 3 unresolved discussions (waiting on @benjaminking)
.devcontainer/Dockerfile line 26 at r1 (raw file):
curl \ unzip RUN apt-get update
I'm not sure it's necessary to call apt-get update again, since it's already called right before this, unless apt-get needs to be updated only after certain packages have been installed.
.devcontainer/Dockerfile line 28 at r1 (raw file):
RUN apt-get update RUN apt-get install --no-install-recommends -y \ less \
I don't see these two packages used anywhere. Are they just being added as helpful developer tools? I think they'd be useful, especially since I use nano quite a bit. I think it'd be cleaner to move this to the larger apt-get install section directly above it
.devcontainer/Dockerfile line 54 at r1 (raw file):
CMD ["bash"] # Set up the S3 bucket RUN apt update
Is this separated out because it needs to use apt instead of apt-get, or could it be added to the longer apt-get install earlier in the dockerfile?
|
I updated the Dockerfile based on your comments. Firstly, Also, for reasons I don't understand, if you want to install |
There was a problem hiding this comment.
Reviewed 1 of 3 files at r1, 1 of 1 files at r2, all commit messages.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @benjaminking)
.devcontainer/Dockerfile line 48 at r2 (raw file):
ENV SIL_NLP_CACHE_PROJECT_DIR=/root/.cache/silnlp/projects # Set up the S3 bucket RUN mkdir -p /silnlp
To be consistent with the readme instructions, which mount at ~/S, it's best to mount it at /root/S. I double checked in my docker container, and the ~ is equivalent to the /root folder.
|
I've just pushed a commit that changes the mount point to To register the new AppArmor profile, you need to run I believe that Docker will ignore the AppArmor profile on systems that don't support AppArmor (or don't have it installed), so there shouldn't be any impact to non-Linux users. The AppArmor profile is also the same as the default Docker profile, except that it allows the container to perform mounts. |
There was a problem hiding this comment.
Reviewed 4 of 4 files at r3, all commit messages.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @benjaminking)
There was a problem hiding this comment.
LGTM, but I will let someone who has a better understanding of these things approve it.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @benjaminking)
This PR modifies the previous S3 bucket script to support automatic mounting of the S3 bucket in a dev container for both WSL2-based Ubuntu systems and standalone Ubuntu systems. It splits the logic of the previous script into two portions:
s3_bucket_setup.shscript, which is run as a post-install command)The contents of the S3 bucket should now be accessible at
/silnlpupon creation of the dev container. The major change required to allow this to run on standalone Ubuntu systems is to run the Docker container with a different AppArmor profile. For simplicity, I configured the container to run in "unconfined" mode, but if more fine-grained security is desired (or if ClearML requires it), we should be able to create a custom AppArmor profile that we distribute in the SILNLP repo.This has been tested on both WSL2-based Ubuntu (in Windows 11) and in standalone Linux Mint, a Ubuntu-based distro.
This change is