<a href="https://colab.research.google.com/github/google-research/skai/blob/skai-colab-0000002/src/colab/Initialize_SKAI_Colab_Kernel.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

# Initialize SKAI Colab Kernel
This notebook sets up a new custom Colab kernel VM to run the SKAI notebook.
**Please refer to the [SKAI Colab Notebooks Instructions](/docs/colab_instructions.md) before running this Colab notebook.**

To use:
1. Open this notebook in Colab.
2. Connect to the custom kernel you want to initialize.
3. Change settings as appropriate.
4. Run all code cells.


In [None]:
#@title Settings

#@markdown Please enter the parameters of **google cloud platform account** to use:
CLOUD_PROJECT_NAME = "" #@param {type:"string"}
CLOUD_LOCATION = "" #@param {type:"string"}
CLOUD_SERVICE_ACCOUNT = "" #@param {type:"string"}

#@markdown ---
#@markdown Following parameters are used to clone the **git repository** and set up the **colab workspace directory**.

#@markdown **We recommend not changing these parameters.**
PRIVATE_KEY_PATH = "/root/service-account-private-key.json" #@param {type:"string"}
VIRTUALENV_DIR = "/content/skai_env" #@param {type:"string"}
SKAI_CODE_DIR = "/content/skai_src"  #@param {type:"string"}
SKAI_REPO = "https://github.com/google-research/skai.git"  #@param {type:"string"}
SKAI_BRANCH = "main" #@param {type:"string"}
SKAI_COMMIT = "" #@param {type:"string"}

# Install newer version of GDAL

In [None]:
#@markdown The default GDAL library version installed on custom colab kernels is out of date. These commands will update to a newer version.

%%shell
sudo add-apt-repository -y ppa:ubuntugis/ubuntugis-unstable
sudo apt-get update
sudo apt-get install gdal-bin
gdalinfo --version | awk '$2 ~ /^3\./ {exit 0} {exit 1}'

# Install Python libraries for kernel

In [None]:
#@markdown These are dependencies needed by the colab notebook itself. This is distinct from installing the python dependencies into the SKAI virtualenv.
%shell pip --use-deprecated=legacy-resolver install google-cloud-aiplatform==1.15.0 appengine-python-standard==1.0.0 google-cloud-monitoring==2.10.0 ipyplot==1.1.1 pyproj==3.2.1

# Create service account key file
Because the custom kernel VM is shared among multiple users, users should not authenticate with GCP using their own accounts. Otherwise, their private credentials will be written to the kernel's filesystem for all other users to see.

Instead, the colab should authenticate as a service account. In order to do that, a private key for the service account should be created and uploaded to the kernel. This should be done either via Cloud's web console following [these instructions](https://cloud.google.com/iam/docs/creating-managing-service-account-keys#iam-service-account-keys-create-console), or the user can run `gcloud` on their workstation to create the key file. The key file should end with ".json".

Regardless of how the key is created, it should be uploaded to the kernel.

**Note 1:** For security, a new private key should be created for each kernel, instead of reusing one key for multiple kernels. This way, we can revoke a kernel's permissions by deleting the key.

**Note 2:** By default, newly created private keys never expire. For increased security, we suggest setting the key to expire after you will no longer need it, for example in 6 months. You can always generate a new key after the current one expires. See [here](https://cloud.google.com/iam/docs/service-accounts#key-expiry) for details.

In [None]:
#@markdown Upload key file

from google.colab import files

print('Use Cloud web console to create a service account private key, or run the following command on your workstation:\n')
print(f'gcloud iam service-accounts keys create service-account-private-key.json --iam-account={CLOUD_SERVICE_ACCOUNT}\n')
print('Then upload the created file to to colab')

uploaded = files.upload()
if len(uploaded) == 1:
  KEY_FILE = list(uploaded.keys())[0]
  !mv {KEY_FILE} {PRIVATE_KEY_PATH}


# Set Cloud project and service account

In [None]:
#@markdown 1. Set project name and default location.
#@markdown 2. Activate the service account.
%shell gcloud config set project {CLOUD_PROJECT_NAME}
%shell gcloud auth activate-service-account {CLOUD_SERVICE_ACCOUNT} --key-file={PRIVATE_KEY_PATH}
%shell gcloud config set compute/region {CLOUD_LOCATION}


# Clone SKAI github repo

In [None]:
#@markdown Clone main branch repo
%shell rm -rf {SKAI_CODE_DIR}
%shell git clone -b {SKAI_BRANCH} {SKAI_REPO} {SKAI_CODE_DIR}
if SKAI_COMMIT!='':
  %shell cd {SKAI_CODE_DIR} ; git checkout {SKAI_COMMIT}

# Create Python virtualenv for running SKAI

In [None]:
#@markdown 1. Install virtualenv module using pip.
#@markdown 2. Create "skai_env" virtual environment.
#@markdown 3. Install Python dependencies into virtual environment using SKAI's requirements.txt

%%bash -s "$VIRTUALENV_DIR" "$SKAI_CODE_DIR"
set -e

pip3 install virtualenv
virtualenv "$1"
source "$1/bin/activate"
pip install -r "$2/requirements.txt"