From 02ac7e3e860e4cf54d72519c103aa896b92c4abd Mon Sep 17 00:00:00 2001 From: pav511 <38131208+pav511@users.noreply.github.com> Date: Thu, 20 Jul 2023 14:11:24 -0700 Subject: [PATCH 1/3] enable nublado3 usdfprod --- applications/nublado/values-usdfprod.yaml | 175 ++++++++++++++++++++++ environments/values-usdfprod.yaml | 2 +- 2 files changed, 176 insertions(+), 1 deletion(-) create mode 100644 applications/nublado/values-usdfprod.yaml diff --git a/applications/nublado/values-usdfprod.yaml b/applications/nublado/values-usdfprod.yaml new file mode 100644 index 0000000000..e3885bfafe --- /dev/null +++ b/applications/nublado/values-usdfprod.yaml @@ -0,0 +1,175 @@ +controller: + config: + safir: + logLevel: "DEBUG" + fileserver: + enabled: true + timeout: 21600 + + images: + source: + type: "docker" + registry: "docker-registry.slac.stanford.edu" + repository: "lsstsqre/sciplat-lab" + recommendedTag: "recommended" + numReleases: 1 + numWeeklies: 2 + numDailies: 3 + + lab: + pullSecret: "pull-secret" + + homedirSchema: "initialThenUsername" + + env: + AWS_SHARED_CREDENTIALS_FILE: "/opt/lsst/software/jupyterlab/secrets/aws-credentials.ini" + AUTO_REPO_SPECS: "https://github.com/lsst-sqre/system-test@prod,https://github.com/rubin-dp0/tutorial-notebooks@prod" + DAF_BUTLER_REPOSITORY_INDEX: "/project/data-repos.yaml" + HUB_ROUTE: "/nb/hub" + PGPASSFILE: "/opt/lsst/software/jupyterlab/secrets/postgres-credentials.txt" + PGUSER: "rubin" + S3_ENDPOINT_URL: "https://s3dfrgw.slac.stanford.edu" + http_proxy: "http://sdfproxy.sdf.slac.stanford.edu:3128" + https_proxy: "http://sdfproxy.sdf.slac.stanford.edu:3128" + no_proxy: "hub.nublado,.sdf.slac.stanford.edu,.slac.stanford.edu,localhost,127.0.0.1" + + files: + # Add rubin_users group (there is not yet a simpler way to do this). + /etc/group: + contents: | + root:x:0: + bin:x:1: + daemon:x:2: + sys:x:3: + adm:x:4: + tty:x:5: + disk:x:6: + lp:x:7: + mem:x:8: + kmem:x:9: + wheel:x:10: + cdrom:x:11: + mail:x:12: + man:x:15: + dialout:x:18: + floppy:x:19: + games:x:20: + utmp:x:22: + tape:x:33: + utempter:x:35: + video:x:39: + ftp:x:50: + lock:x:54: + tss:x:59: + audio:x:63: + dbus:x:81: + screen:x:84: + nobody:x:99: + users:x:100: + systemd-journal:x:190: + systemd-network:x:192: + cgred:x:997: + ssh_keys:x:998: + input:x:999: + rubin_users:x:4085: + + secrets: + - secretName: "nublado-lab-secret" + secretKey: "aws-credentials.ini" + - secretName: "nublado-lab-secret" + secretKey: "postgres-credentials.txt" + + volumes: + - containerPath: "/home" + mode: "rw" + source: + type: "persistentVolumeClaim" + storageClassName: "sdf-home" + accessModes: + - "ReadWriteMany" + resources: + requests: + storage: "1Gi" + - containerPath: "/project" + subPath: "g" + mode: "rw" + source: + type: "persistentVolumeClaim" + storageClassName: "sdf-group-rubin" + accessModes: + - "ReadWriteMany" + resources: + requests: + storage: "1Gi" + - containerPath: "/sdf/group/rubin" + mode: "rw" + source: + type: "persistentVolumeClaim" + storageClassName: "sdf-group-rubin" + accessModes: + - "ReadWriteMany" + resources: + requests: + storage: "1Gi" + - containerPath: "/sdf/data/rubin" + mode: "rw" + source: + type: "persistentVolumeClaim" + storageClassName: "sdf-data-rubin" + accessModes: + - "ReadWriteMany" + resources: + requests: + storage: "1Gi" + - containerPath: "/scratch" + mode: "rw" + source: + type: "persistentVolumeClaim" + storageClassName: "sdf-scratch" + accessModes: + - "ReadWriteMany" + resources: + requests: + storage: "1Gi" + - containerPath: "/fs/ddn/sdf/group/rubin" + mode: "rw" + source: + type: "persistentVolumeClaim" + storageClassName: "fs-ddn-sdf-group-rubin" + accessModes: + - "ReadWriteMany" + resources: + requests: + storage: "1Gi" + - containerPath: "/fs/ddn/sdf/group/lsst" + mode: "rw" + source: + type: "persistentVolumeClaim" + storageClassName: "fs-ddn-sdf-group-lsst" + accessModes: + - "ReadWriteMany" + resources: + requests: + storage: "1Gi" + +proxy: + ingress: + annotations: + # proxy-body-size is temporary until USDF uses our normal ingress-nginx, + # which already configures a larger value. + nginx.ingress.kubernetes.io/proxy-body-size: "50m" + + # These are substantially shorter than the default timeouts (it's not + # clear why). + nginx.ingress.kubernetes.io/proxy-connect-timeout: "30" + nginx.ingress.kubernetes.io/proxy-read-timeout: "20" + +jupyterhub: + hub: + baseUrl: "/nb" + db: + url: "postgresql://nublado3@postgres.postgres/nublado3" + cull: + timeout: 432000 + every: 300 + maxAge: 2160000 diff --git a/environments/values-usdfprod.yaml b/environments/values-usdfprod.yaml index 08563410d7..419025cf4c 100644 --- a/environments/values-usdfprod.yaml +++ b/environments/values-usdfprod.yaml @@ -35,7 +35,7 @@ narrativelog: noteburst: enabled: false nublado: - enabled: false + enabled: true nublado2: enabled: true ook: From be6f9192d7a3767fd63ba3e45f8a4d423eebe391 Mon Sep 17 00:00:00 2001 From: adam Date: Thu, 20 Jul 2023 15:26:16 -0700 Subject: [PATCH 2/3] remove baseUrl since it's the default --- applications/nublado/values-usdfprod.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/applications/nublado/values-usdfprod.yaml b/applications/nublado/values-usdfprod.yaml index e3885bfafe..b706852fc2 100644 --- a/applications/nublado/values-usdfprod.yaml +++ b/applications/nublado/values-usdfprod.yaml @@ -166,7 +166,6 @@ proxy: jupyterhub: hub: - baseUrl: "/nb" db: url: "postgresql://nublado3@postgres.postgres/nublado3" cull: From 96edcecaf0611495af25f74fd0646534b30a442a Mon Sep 17 00:00:00 2001 From: adam Date: Thu, 20 Jul 2023 15:28:31 -0700 Subject: [PATCH 3/3] point nublado2 in usdf-prod to /n2 --- applications/nublado2/values-usdfprod.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/applications/nublado2/values-usdfprod.yaml b/applications/nublado2/values-usdfprod.yaml index 26723b22d4..690fd7c7bd 100644 --- a/applications/nublado2/values-usdfprod.yaml +++ b/applications/nublado2/values-usdfprod.yaml @@ -1,6 +1,7 @@ jupyterhub: hub: + baseUrl: "/n2" config: ServerApp: shutdown_no_activity_timeout: 432000