feat(core): design of renku session #2529
Conversation
vigsterkr
changed the title
vigsterkr
force-pushed
the
session-rfc
branch
from
2fe3285
to
5800ebf
Compare
|
@SwissDataScienceCenter/poc this is an initial implementation of supporting a local interactive session. any feedback is more than welcome. |
vigsterkr
force-pushed
the
session-rfc
branch
from
5800ebf
to
4cd9366
Compare
vigsterkr
force-pushed
the
session-rfc
branch
from
4cd9366
to
2791b22
Compare
There was a problem hiding this comment.
Nice! I really like this, it's very simple and clean. There are a couple of outstanding questions, with the error handling and UX around suggesting alternative paths in case of failure being a big one here, I think, since we have to assume we are dealing with users with very little docker experience.
|
|
||
| A command to start an interactive session. | ||
|
|
||
| By default, the `Dockerfile` present in the given project is going to be used for building the docker image |
There was a problem hiding this comment.
I would say by default we look for the image on the hosted instance (if we can identify one). That would be quicker than building in most cases. We can identify the registry from the origin remote.
There is a lot of potential for failure here so we need to think about the error handling with user-friendly suggestions for what to do next. E.g.
- check local docker images --> none exists, check remote
- remote image lookup fails because image isn't there and no local image exists --> prompt to build one
- remote image lookup fails (private project and no token) --> suggest to login
- remote image lookup fails, (private project with token) --> suggest image build
- image build fails, no docker --> link to docker install / documentation
- image build fails, docker working but problem in Dockerfile --> suggest a base image? or 🤷
A related question is how do we actually identify which image we need? Simply by the commit sha? When the runtime doesn't change for many commits, we could just check which commit we need (i.e. when did the runtime dependencies change last - though we might not know all the paths in the repo that affect the runtime). Probably the safest is to go with the commit sha even if it results in too many image builds.
There was a problem hiding this comment.
by using commit hash when the runtime env doesn't change the caching mechanism (at least in case of docker) will circumvent the unnecessary rebuilds. by default the code-base itself (of the project) is mounted into the running container, so it shouldn't affect the image building at all.
There was a problem hiding this comment.
There is a lot of potential for failure here so we need to think about the error handling with user-friendly suggestions for what to do next. E.g.
check local docker images --> none exists, check remote
remote image lookup fails because image isn't there and no local image exists --> prompt to build one
remote image lookup fails (private project and no token) --> suggest to login
remote image lookup fails, (private project with token) --> suggest image build
image build fails, no docker --> link to docker install / documentation
image build fails, docker working but problem in Dockerfile --> suggest a base image? or 🤷
we should describe this logic or do you think we should always build and never fetch from the remote registry?
There was a problem hiding this comment.
regarding the logic of image fetching/building: since now it is a plugin based solution, this is strictly up to the plugin what and how to do things. the most this RFC can do is to kind of write a suggestion how it should be handled, but honestly the plugin will do whatever it wants to do... note i'm not so sure what happens in case of notebook api when an image is defined...
| ## Drawbacks | ||
|
|
||
| One of the major drawback of the current design is the dependency on docker. Namely, to only support local | ||
| interactive session if docker is available. Many HPC environments do not support docker, but they support |
There was a problem hiding this comment.
I think considering other runtimes is definitely a valid concern but with regards to HPC specifically, there are a lot of other hurdles (port-forwarding to compute nodes, for example). We might want to consider that a separate case altogether.
| other container formats, like [runC](https://github.com/opencontainers/runc). As a long term goal of this | ||
| effort it would be good to consider support for different container engines, hence the design and implementation | ||
| of the initial `renku session` should take this into consideration. | ||
|
|
There was a problem hiding this comment.
One general question - the idea here is to mount the local repo directory into the container. Our containers typically run as user 1000 with gid 1000 - what happens with the file ownership outside the container?
There was a problem hiding this comment.
yep i was looking into this, specifically from windows perspective 🙃
vigsterkr
force-pushed
the
session-rfc
branch
from
22c2a4d
to
54011e4
Compare
vigsterkr
force-pushed
the
session-rfc
branch
2 times, most recently
from
be2e037
to
1ba476e
Compare
vigsterkr
force-pushed
the
session-rfc
branch
from
1acead4
to
2b06990
Compare
Co-authored-by: Rok Roškar <roskarr@ethz.ch>
in order to support custom image for a session
vigsterkr
force-pushed
the
session-rfc
branch
from
62db192
to
fbb8652
Compare
|
actually today i was thinking a bit more about this whole local vs remote story and realised that this is not the best approach, i.e. it shouldn't be distinguished like this. rather by default renku would provide two different plugins: maybe the |
|
I think |
refactored, updated the RFC. now docker based interactive sessions are implemented as a plugin. i'll add the |
|
mmm seems a good side-effect of this refactor that the |
this way the plugin will always be present and the error will only be raised when actually trying to use a session command and the docker instance cannot be found.
There was a problem hiding this comment.
@vigsterkr I tried to install this and run it on my mac. With a project I created with renku init. I am getting this message:
AttributeError: 'ImageNotFound' object has no attribute 'msg'
It also happens if I specify a wrong not-real image with --image
If I specify a real image then things work.
I know this is a WIP but just thought I would point this out.
Also see my comment about getting the default url from the project. I think that would be really useful.
|
Sorry for spamming. I noticed I was a few commits back on this branch when I was testing. A small clarification on the errors I am seeing.
|
@olevski nw, added a fix for those comments |
| an interactive session. By default two different providers are shipped with Renku CLI: | ||
| - docker | ||
| - renkulab | ||
| The provider specific configuration values can be specified by using the `--config <config.yaml>` flag. |
There was a problem hiding this comment.
I should be able to persist them also in the project settings?
There was a problem hiding this comment.
this is in line with the workflow execute provider logic.... of course these values could be stored anywhere... i dont have any strong opinion about this.
There was a problem hiding this comment.
although i'm not so sure why would one want to store youki, singularity etc config values on a project level...these these key-value pairs meant for actually specifying some config value for the provider plugin, that i see more like a global setting not a project level setting. none the less, they could be persisted anywhere...
|
|
||
| A command to start an interactive session. | ||
|
|
||
| By default, the `Dockerfile` present in the given project is going to be used for building the docker image |
There was a problem hiding this comment.
There is a lot of potential for failure here so we need to think about the error handling with user-friendly suggestions for what to do next. E.g.
check local docker images --> none exists, check remote
remote image lookup fails because image isn't there and no local image exists --> prompt to build one
remote image lookup fails (private project and no token) --> suggest to login
remote image lookup fails, (private project with token) --> suggest image build
image build fails, no docker --> link to docker install / documentation
image build fails, docker working but problem in Dockerfile --> suggest a base image? or 🤷
we should describe this logic or do you think we should always build and never fetch from the remote registry?
Description
Fixes #1991 #2394