# User workspace

Developing ML apps in shared JupyterLab environment running on Kubeflow + Kubernetes is an attractive option for various reasons relating to both cloud vs. local and JupyterLab vs. vim/etc., e.g.:
- Hardware accelerators not available on user's local machine can be attached as needed
- Users can share a common NFS space for TensorBoard logs and large datasets

## Development workflow

The workflow is approximately this:
- Initially models are debugged locally, in the JupyterLab environment; we can check that our model trains and perhaps achieves good performance on a single task, a single hparam set, and a single node.
- We can then train models as TFJobs to perform a range of tasks, explore hparam sets, or distribute training or rollouts over a large number of nodes.
    - TFJobs are Kubernetes CRD's and require model code to be encapsulated in a container; there are multiple options for preparing such a container from the code and dependencies in a user's workspace:
        - Use a remote container builder tool, e.g.
            - Google Container Builder
            - Argo
        - Attach a Docker daemon sidecar to the workspace environment and use Docker
        - Build in the workspace environment with a Docker alternative, preferably without requiring root at runtime, e.g.
            - buildah
            - ftl
        - Don't build a new container
            - simply stage user's workspace to GCS or NFS and when trainer runs have the first step be to stage in and set up (e.g. pip install -r requirements.txt)

Here we take a look at the setup and usage of a couple rootless container build options.

### buildah

https://github.com/projectatomic/buildah/blob/master/install.md

In [None]:
!sudo apt-get update
!sudo apt-get -y upgrade
!sudo apt-get install -y make gcc git pkg-config
!sudo apt-get -y install golang-1.8

!sudo apt-get -y install software-properties-common
!sudo add-apt-repository -y ppa:alexlarsson/flatpak
!sudo add-apt-repository -y ppa:gophers/archive
!sudo apt-add-repository -y ppa:projectatomic/ppa
!sudo apt-get -y -qq update
!sudo apt-get install -y skopeo
!sudo apt-get -y install bats btrfs-tools git libapparmor-dev libdevmapper-dev libglib2.0-dev libgpgme11-dev libostree-dev libseccomp-dev libselinux1-dev skopeo-containers go-md2man

!git clone https://github.com/projectatomic/buildah $GOPATH/src/github.com/projectatomic/buildah
!cd $GOPATH/src/github.com/projectatomic/buildah
!make buildah imgtype TAGS="apparmor seccomp"
!sudo install -D -m0755 buildah /usr/local/bin/buildah

In [1]:
!buildah

NAME:
   buildah - an image builder

USAGE:
   buildah [global options] command [command options] [arguments...]

VERSION:
   0.15 (image-spec 1.0.0, runtime-spec 1.0.0)

COMMANDS:
     add                          Add content to the container
     build-using-dockerfile, bud  Build an image using instructions in a Dockerfile
     commit                       Create an image from a working container
     config                       Update image configuration settings
     containers                   List working containers and their base images
     copy                         Copy content into the container
     from                         Create a working container based on an image
     images                       List images in local storage
     inspect                      Inspects the configuration of a container or image
     mount                        Mount a working container's root filesystem
     push                         Push an image to a spe

In [4]:
!buildah images

mkdir /var/run/containers/storage: permission denied
mkdir /var/run/containers/storage: permission denied


In [15]:
!sudo buildah images
# None to show

[31mERRO[0m[0000] 'overlay' is not supported over overlayfs    


In [58]:
import os
!mkdir ~/buildah-dev
os.chdir("/home/jovyan/buildah-dev")
!echo "FROM gcr.io/tensorflow/tensorflow:1.4.1" > Dockerfile
!sudo buildah bud --tag something .

mkdir: cannot create directory ‘/home/jovyan/buildah-dev’: File exists
[31mERRO[0m[0000] 'overlay' is not supported over overlayfs    
STEP 1: FROM gcr.io/tensorflow/tensorflow:1.4.1
Getting image source signatures
Copying blob sha256:054be6183d067af1af06196d7123f7dd0b67f7157a0959bd857ad73046c3be9a
Copying blob sha256:779578d7ea6e8cc3934791724d28c56bbfc8b1a99e26236e7bf53350ed839b98
Copying blob sha256:82315138c8bd2f784643520005a8974552aaeaaf9ce365faea4e50554cf1bb44
Copying blob sha256:88dc0000f5c4a5feee72bae2c1998412a4b06a36099da354f4f97bdc8f48d0ed
Copying blob sha256:79f59e52a355a539af4e15ec0241dffaee6400ce5de828b372d06c625285fd77
Copying blob sha256:c6b4150e4487406f8a7e2f43cf8963ae779206aacdaa5745cdc2b797fe92aacb
Copying blob sha256:3f1dc80503485f1b34b8b7fda5d37fc3c050aff71aa5be60c14f1c357620173a
Copying blob sha256:dc5347efd9612dbea533e212a8bfa70f10df18b48e8c12faf6342bbeaebc6212
Copying blob sha256:269ae20acca218dc017ca719b00c98057b3ae584edffe7548a01c6037e2d9aad
Copyi

In [59]:
!echo "FROM docker://tensorflow/tensorflow:1.4.1" > Dockerfile
!sudo buildah bud --tag something .

[31mERRO[0m[0000] 'overlay' is not supported over overlayfs    
STEP 1: FROM docker://tensorflow/tensorflow:1.4.1
Getting image source signatures
Copying blob sha256:1be7f2b886e89a58e59c4e685fcc5905a26ddef3201f290b96f1eff7d778e122
Copying blob sha256:6fbc4a21b806838b63b774b338c6ad19d696a9e655f50b4e358cc4006c3baa79
Copying blob sha256:c71a6f8e13782fed125f2247931c3eb20cc0e6428a5d79edb546f1f1405f0e49
Copying blob sha256:4be3072e5a37392e32f632bb234c0b461ff5675ab7e362afad6359fbd36884af
Copying blob sha256:06c6d2f5970057aef3aef6da60f0fde280db1c077f0cd88ca33ec1a70a9c7b58
Copying blob sha256:ed8e33f2ff8a17bf8cdbd390eb02257e9be5c43f2b39d63a8a8e9dffe221f534
Copying blob sha256:dfeba1dccc9ab4dac7b765e3d9120efc709c9dd059af82656878c5a0003212dc
Copying blob sha256:eac5fb5b0052d46702142ff38883877bb767257d04403aaf2596d533c90d0977
Copying blob sha256:5602d9a3bb07879eb620bed63e331467fc5af781279e4a1a3cb6b9d2928189f6
Copying blob sha256:7ecb3ab8730a16ee54c1c59464ddcfb1968a0b5898ec8969953a25e

In [60]:
!sudo buildah images

[31mERRO[0m[0000] 'overlay' is not supported over overlayfs    


In [61]:
!sudo buildah containers

[31mERRO[0m[0000] 'overlay' is not supported over overlayfs    
CONTAINER ID  BUILDER  IMAGE ID     IMAGE NAME                       CONTAINER NAME


### ftl

https://github.com/GoogleCloudPlatform/runtimes-common/tree/master/ftl/python

In [33]:
!bazel run //ftl:python_builder -- --help

[32mLoading:[0m 
[1A[K[32mLoading:[0m 0 packages loaded
[1A[K[32mINFO: [0mAnalysed target //ftl:python_builder (0 packages loaded).
[32mBuilding:[0m no action
[1A[K[32mINFO: [0mFound 1 target...
[32mBuilding:[0m no action
[1A[K[32m[0 / 1][0m [-----] BazelWorkspaceStatusAction stable-status.txt
[1A[KTarget //ftl:python_builder up-to-date:
[32m[1 / 1][0m no action
[1A[K  bazel-bin/ftl/python_builder
[32m[1 / 1][0m no action
[1A[K[32mINFO: [0mElapsed time: 0.157s, Critical Path: 0.00s
[32m[1 / 1][0m no action
[1A[K[32mINFO:[0m Build completed successfully, 1 total action

[32mINFO: [0mRunning command line: bazel-bin/ftl/python_builder --help
Traceback (most recent call last):
  File "/home/jovyan/.cache/bazel/_bazel_jovyan/410acaca1fa83cbd688d55783b644966/execroot/__main__/bazel-out/k8-fastbuild/bin/ftl/python_builder.runfiles/__main__/ftl/python/main.py", line 19, in <module>
    from containerregistry.tools

In [34]:
# HACK
!mv /opt/conda/bin/python ~/bk/

In [35]:
import os
os.chdir("/home/jovyan/lib/runtimes-common")

In [36]:
!bazel run //ftl:python_builder -- --help

[32mLoading:[0m 
[1A[K[32mLoading:[0m 0 packages loaded
[1A[K[32mINFO: [0mAnalysed target //ftl:python_builder (0 packages loaded).
[32mBuilding:[0m no action
[1A[K[32mINFO: [0mFound 1 target...
[32mBuilding:[0m no action
[1A[K[32m[0 / 1][0m [-----] BazelWorkspaceStatusAction stable-status.txt
[1A[KTarget //ftl:python_builder up-to-date:
[32m[1 / 1][0m no action
[1A[K  bazel-bin/ftl/python_builder
[32m[1 / 1][0m no action
[1A[K[32mINFO: [0mElapsed time: 0.189s, Critical Path: 0.00s
[32m[1 / 1][0m no action
[1A[K[32mINFO:[0m Build completed successfully, 1 total action

[32mINFO: [0mRunning command line: bazel-bin/ftl/python_builder --help
usage: main.py [-h] (--base BASE | --tar_base_image_path TAR_BASE_IMAGE_PATH)
               --name NAME --directory DIRECTORY
               [--cache-repository CACHE_REPOSITORY] [--no-cache] [--cache]
               [--global-cache] [--no-upload] [--upload]
          

In [17]:
!bazel run //ftl:python_builder -- --name gcr.io/kubeflow-rl/test:latest \
        --directory /home/jovyan/ \
        --base gcr.io/cloud-builders/docker:latest

[32mLoading:[0m 
[1A[K[32mLoading:[0m 0 packages loaded
[1A[K[32mINFO: [0mAnalysed target //ftl:python_builder (0 packages loaded).
[32mBuilding:[0m no action
[1A[K[32mINFO: [0mFound 1 target...
[32mBuilding:[0m no action
[1A[K[32m[0 / 1][0m [-----] BazelWorkspaceStatusAction stable-status.txt
[1A[KTarget //ftl:python_builder up-to-date:
[32m[1 / 1][0m no action
[1A[K  bazel-bin/ftl/python_builder
[32m[1 / 1][0m no action
[1A[K[32mINFO: [0mElapsed time: 0.150s, Critical Path: 0.00s
[32m[1 / 1][0m no action
[1A[K[32mINFO:[0m Build completed successfully, 1 total action

[32mINFO: [0mRunning command line: bazel-bin/ftl/python_builder --name gcr.io/kubeflow-rl/test:latest --directory /home/jovyan/ --base gcr.io/cloud-builders/docker:latest
2018-03-03,14:59:53.540 INFO     Beginning FTL build for python
2018-03-03,14:59:53.540 INFO     FTL arg passed: 
 exposed_ports None
2018-03-03,14:59:53.541 INFO     FTL 

In [19]:
!sudo bazel run //ftl:python_builder -- --name gcr.io/kubeflow-rl/test:latest \
        --directory /home/jovyan/examples-new/agents \
        --base gcr.io/cloud-builders/docker:latest

[32mLoading:[0m 
[1A[K[32mLoading:[0m 0 packages loaded
[1A[K[32mINFO: [0mAnalysed target //ftl:python_builder (0 packages loaded).
[32mBuilding:[0m no action
[1A[K[32mINFO: [0mFound 1 target...
[32mBuilding:[0m no action
[1A[K[32m[0 / 1][0m [-----] BazelWorkspaceStatusAction stable-status.txt
[1A[KTarget //ftl:python_builder up-to-date:
[32m[1 / 1][0m no action
[1A[K  bazel-bin/ftl/python_builder
[32m[1 / 1][0m no action
[1A[K[32mINFO: [0mElapsed time: 0.167s, Critical Path: 0.00s
[32m[1 / 1][0m no action
[1A[K[32mINFO:[0m Build completed successfully, 1 total action

[32mINFO: [0mRunning command line: bazel-bin/ftl/python_builder --name gcr.io/kubeflow-rl/test:latest --directory /home/jovyan/examples-new/agents --base gcr.io/cloud-builders/docker:latest
2018-03-03,15:03:56.429 INFO     Beginning FTL build for python
2018-03-03,15:03:56.429 INFO     FTL arg passed: 
 exposed_ports None
2018-03-03,15:03:5

In [None]:
Looks like you need to use the docker client to authenticate with any repository requiring auth.

In [20]:
!sudo bazel run //ftl:python_builder -- --name quay.io/cwbeitel/test:latest \
        --directory /home/jovyan/examples-new/agents \
        --base gcr.io/cloud-builders/docker:latest

[32mLoading:[0m 
[1A[K[32mLoading:[0m 0 packages loaded
[1A[K[32mINFO: [0mAnalysed target //ftl:python_builder (0 packages loaded).
[32mBuilding:[0m no action
[1A[K[32mINFO: [0mFound 1 target...
[32mBuilding:[0m no action
[1A[K[32m[0 / 1][0m [-----] BazelWorkspaceStatusAction stable-status.txt
[1A[KTarget //ftl:python_builder up-to-date:
[32m[1 / 1][0m no action
[1A[K  bazel-bin/ftl/python_builder
[32m[1 / 1][0m no action
[1A[K[32mINFO: [0mElapsed time: 0.155s, Critical Path: 0.00s
[32m[1 / 1][0m no action
[1A[K[32mINFO:[0m Build completed successfully, 1 total action

[32mINFO: [0mRunning command line: bazel-bin/ftl/python_builder --name quay.io/cwbeitel/test:latest --directory /home/jovyan/examples-new/agents --base gcr.io/cloud-builders/docker:latest
2018-03-03,15:04:19.612 INFO     Beginning FTL build for python
2018-03-03,15:04:19.612 INFO     FTL arg passed: 
 exposed_ports None
2018-03-03,15:04:19.

In [31]:
# Instead of moving /opt/conda/bin/python (which is python 3+) can we specify 2.7
!sudo bazel run //ftl:python_builder -- --name quay.io/cwbeitel/test:latest \
        --directory /home/jovyan/dev \
        --base gcr.io/cloud-builders/docker:latest \
        --python-cmd python2

[32mLoading:[0m 
[1A[K[32mLoading:[0m 0 packages loaded
[1A[K[32mINFO: [0mAnalysed target //ftl:python_builder (0 packages loaded).
[32mBuilding:[0m no action
[1A[K[32mINFO: [0mFound 1 target...
[32mBuilding:[0m no action
[1A[K[32m[0 / 1][0m [-----] BazelWorkspaceStatusAction stable-status.txt
[1A[KTarget //ftl:python_builder up-to-date:
[32m[1 / 1][0m no action
[1A[K  bazel-bin/ftl/python_builder
[32m[1 / 1][0m no action
[1A[K[32mINFO: [0mElapsed time: 0.168s, Critical Path: 0.00s
[32m[1 / 1][0m no action
[1A[K[32mINFO:[0m Build completed successfully, 1 total action

[32mINFO: [0mRunning command line: bazel-bin/ftl/python_builder --name quay.io/cwbeitel/test:latest --directory /home/jovyan/dev --base gcr.io/cloud-builders/docker:latest --python-cmd python2
2018-03-03,15:24:26.095 INFO     Beginning FTL build for python
2018-03-03,15:24:26.095 INFO     FTL arg passed: 
 exposed_ports None
2018-03-03,15:2

In [None]:
# So there seems to be an issue with the way we're using containerregistry...

In [42]:
!bazel run @containerregistry//:puller.par -- --help

[32mLoading:[0m 
[1A[K[32mLoading:[0m 0 packages loaded
[1A[K[32mINFO: [0mAnalysed target @containerregistry//:puller.par (0 packages loaded).
[32mBuilding:[0m no action
[1A[K[32mINFO: [0mFound 1 target...
[32mBuilding:[0m no action
[1A[K[32m[0 / 1][0m [-----] BazelWorkspaceStatusAction stable-status.txt
[1A[KTarget @containerregistry//:puller.par up-to-date:
[32m[1 / 1][0m no action
[1A[K  bazel-bin/external/containerregistry/puller.par
[32m[1 / 1][0m no action
[1A[K[32mINFO: [0mElapsed time: 0.166s, Critical Path: 0.00s
[32m[1 / 1][0m no action
[1A[K[32mINFO:[0m Build completed successfully, 1 total action

[32mINFO: [0mRunning command line: bazel-bin/external/containerregistry/puller.par --help
usage: puller.par [-h] [--name NAME] [--directory DIRECTORY]
                  [--stderrthreshold STDERRTHRESHOLD]

Pull images from a Docker Registry, faaaaast.

optional arguments:
  -h, --help            s

In [45]:
# Experiment with containerregistry tools
!bazel run @containerregistry//:puller.par -- --name gcr.io/cloud-builders/docker:latest --directory ~/dev

[32mLoading:[0m 
[1A[K[32mLoading:[0m 0 packages loaded
[1A[K[32mINFO: [0mAnalysed target @containerregistry//:puller.par (0 packages loaded).
[32mBuilding:[0m no action
[1A[K[32mINFO: [0mFound 1 target...
[32mBuilding:[0m no action
[1A[K[32m[0 / 1][0m [-----] BazelWorkspaceStatusAction stable-status.txt
[1A[KTarget @containerregistry//:puller.par up-to-date:
[32m[1 / 1][0m no action
[1A[K  bazel-bin/external/containerregistry/puller.par
[32m[1 / 1][0m no action
[1A[K[32mINFO: [0mElapsed time: 0.172s, Critical Path: 0.01s
[32m[1 / 1][0m no action
[1A[K[32mINFO:[0m Build completed successfully, 1 total action

[32mINFO: [0mRunning command line: bazel-bin/external/containerregistry/puller.par --name gcr.io/cloud-builders/docker:latest --directory /home/jovyan/dev
[0m

In [51]:
!bazel run @containerregistry//:pusher.par -- --name quay.io/cwbeitel/docker:latest --config /home/jovyan/dev/config.json

[32mLoading:[0m 
[1A[K[32mLoading:[0m 0 packages loaded
[1A[K[32mINFO: [0mAnalysed target @containerregistry//:pusher.par (0 packages loaded).
[32mBuilding:[0m no action
[1A[K[32mINFO: [0mFound 1 target...
[32mBuilding:[0m no action
[1A[K[32m[0 / 1][0m [-----] BazelWorkspaceStatusAction stable-status.txt
[1A[KTarget @containerregistry//:pusher.par up-to-date:
[32m[1 / 1][0m no action
[1A[K  bazel-bin/external/containerregistry/pusher.par
[32m[1 / 1][0m no action
[1A[K[32mINFO: [0mElapsed time: 0.165s, Critical Path: 0.00s
[32m[1 / 1][0m no action
[1A[K[32mINFO:[0m Build completed successfully, 1 total action

[32mINFO: [0mRunning command line: bazel-bin/external/containerregistry/pusher.par --name quay.io/cwbeitel/docker:latest --config /home/jovyan/dev/config.json
E0303 15:37:53.957439    6916 docker_session_.py:325] Error during upload of: quay.io/cwbeitel/docker:latest
Traceback (most recent call last):