From 12fef9180eddf7a0d21dde9b9987fc580fc86cc0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jiri=20Dan=C4=9Bk?= Date: Mon, 10 Nov 2025 12:53:06 +0100 Subject: [PATCH 1/3] AIPCC-6903: workaround(ROCm): fix permissions in ROCm images to account for AIPCC way of setting permissions in rocm base (#1682) (cherry picked from commit 25f1b8998a918a78c3cc73c5ca1326240cff4b90) --- jupyter/minimal/ubi9-python-3.12/Dockerfile.rocm | 10 ++++++++++ jupyter/rocm/pytorch/ubi9-python-3.12/Dockerfile.rocm | 3 +++ .../rocm/tensorflow/ubi9-python-3.12/Dockerfile.rocm | 5 +++-- runtimes/rocm-pytorch/ubi9-python-3.12/Dockerfile.rocm | 3 +++ .../rocm-tensorflow/ubi9-python-3.12/Dockerfile.rocm | 3 +++ runtimes/tensorflow/ubi9-python-3.12/Dockerfile.cuda | 3 +++ 6 files changed, 25 insertions(+), 2 deletions(-) diff --git a/jupyter/minimal/ubi9-python-3.12/Dockerfile.rocm b/jupyter/minimal/ubi9-python-3.12/Dockerfile.rocm index d5753cd9e..f4ed86af1 100644 --- a/jupyter/minimal/ubi9-python-3.12/Dockerfile.rocm +++ b/jupyter/minimal/ubi9-python-3.12/Dockerfile.rocm @@ -93,6 +93,8 @@ USER 1001 COPY ${MINIMAL_SOURCE_CODE}/pylock.toml ${MINIMAL_SOURCE_CODE}/start-notebook.sh ./ +USER 0 + # Install Python dependencies from Pipfile.lock file RUN /bin/bash <<'EOF' set -Eeuxo pipefail @@ -113,6 +115,14 @@ fix-permissions /opt/app-root -P /opt/app-root/bin/utils/addons/apply.sh EOF +# Fix permissions to support pip in Openshift environments +RUN /bin/bash <<'EOF' +set -Eeuxo pipefail +chmod -R g+w /opt/app-root/lib/python3.12/site-packages +fix-permissions /opt/app-root -P +EOF + +USER 1001 WORKDIR /opt/app-root/src ENTRYPOINT ["start-notebook.sh"] diff --git a/jupyter/rocm/pytorch/ubi9-python-3.12/Dockerfile.rocm b/jupyter/rocm/pytorch/ubi9-python-3.12/Dockerfile.rocm index f8c7bc158..5e80f4493 100644 --- a/jupyter/rocm/pytorch/ubi9-python-3.12/Dockerfile.rocm +++ b/jupyter/rocm/pytorch/ubi9-python-3.12/Dockerfile.rocm @@ -156,6 +156,8 @@ LABEL name="odh-notebook-jupyter-rocm-pytorch-ubi9-python-3.12" \ COPY ${PYTORCH_SOURCE_CODE}/pylock.toml ${PYTORCH_SOURCE_CODE}/de-vendor-torch.sh ./ +USER 0 + RUN /bin/bash <<'EOF' set -Eeuxo pipefail echo "Installing softwares and packages" @@ -182,4 +184,5 @@ chmod -R g+w /opt/app-root/lib/python3.12/site-packages fix-permissions /opt/app-root -P EOF +USER 1001 WORKDIR /opt/app-root/src diff --git a/jupyter/rocm/tensorflow/ubi9-python-3.12/Dockerfile.rocm b/jupyter/rocm/tensorflow/ubi9-python-3.12/Dockerfile.rocm index 10fa5b038..e556e2d0b 100644 --- a/jupyter/rocm/tensorflow/ubi9-python-3.12/Dockerfile.rocm +++ b/jupyter/rocm/tensorflow/ubi9-python-3.12/Dockerfile.rocm @@ -157,6 +157,8 @@ LABEL name="odh-notebook-jupyter-rocm-tensorflow-ubi9-python-3.12" \ COPY ${TENSORFLOW_SOURCE_CODE}/pylock.toml ./ +USER 0 + RUN /bin/bash <<'EOF' set -Eeuxo pipefail echo "Installing softwares and packages" @@ -183,9 +185,8 @@ EOF COPY ${JUPYTER_REUSABLE_UTILS}/usercustomize.pth ${JUPYTER_REUSABLE_UTILS}/monkey_patch_protobuf_6x.py /opt/app-root/lib/python3.12/site-packages/ -USER 0 COPY ${TENSORFLOW_SOURCE_CODE}/utils/link-solibs.sh /tmp/link-solibs.sh RUN /tmp/link-solibs.sh && rm /tmp/link-solibs.sh -USER 1001 +USER 1001 WORKDIR /opt/app-root/src diff --git a/runtimes/rocm-pytorch/ubi9-python-3.12/Dockerfile.rocm b/runtimes/rocm-pytorch/ubi9-python-3.12/Dockerfile.rocm index 95fd255e5..273c249c2 100644 --- a/runtimes/rocm-pytorch/ubi9-python-3.12/Dockerfile.rocm +++ b/runtimes/rocm-pytorch/ubi9-python-3.12/Dockerfile.rocm @@ -85,6 +85,8 @@ COPY ${PYTORCH_SOURCE_CODE}/utils ./utils/ # Copy utility script COPY ${PYTORCH_SOURCE_CODE}/de-vendor-torch.sh ./ +USER 0 + RUN /bin/bash <<'EOF' set -Eeuxo pipefail echo "Installing softwares and packages" @@ -99,4 +101,5 @@ chmod -R g+w /opt/app-root/lib/python3.12/site-packages fix-permissions /opt/app-root -P EOF +USER 1001 WORKDIR /opt/app-root/src diff --git a/runtimes/rocm-tensorflow/ubi9-python-3.12/Dockerfile.rocm b/runtimes/rocm-tensorflow/ubi9-python-3.12/Dockerfile.rocm index 7668b1e44..fe0e2ff2c 100644 --- a/runtimes/rocm-tensorflow/ubi9-python-3.12/Dockerfile.rocm +++ b/runtimes/rocm-tensorflow/ubi9-python-3.12/Dockerfile.rocm @@ -84,6 +84,8 @@ COPY ${TENSORFLOW_SOURCE_CODE}/pylock.toml ./ # Copy Elyra dependencies for air-gapped enviroment COPY ${TENSORFLOW_SOURCE_CODE}/utils ./utils/ +USER 0 + RUN /bin/bash <<'EOF' set -Eeuxo pipefail echo "Installing softwares and packages" @@ -98,4 +100,5 @@ EOF COPY ${JUPYTER_REUSABLE_UTILS}/usercustomize.pth ${JUPYTER_REUSABLE_UTILS}/monkey_patch_protobuf_6x.py /opt/app-root/lib/python3.12/site-packages/ +USER 1001 WORKDIR /opt/app-root/src diff --git a/runtimes/tensorflow/ubi9-python-3.12/Dockerfile.cuda b/runtimes/tensorflow/ubi9-python-3.12/Dockerfile.cuda index 8ad8352c5..87ae38f33 100644 --- a/runtimes/tensorflow/ubi9-python-3.12/Dockerfile.cuda +++ b/runtimes/tensorflow/ubi9-python-3.12/Dockerfile.cuda @@ -88,6 +88,8 @@ COPY ${TENSORFLOW_SOURCE_CODE}/pylock.toml ./ # Copy Elyra dependencies for air-gapped enviroment COPY ${TENSORFLOW_SOURCE_CODE}/utils ./utils/ +USER 0 + RUN /bin/bash <<'EOF' set -Eeuxo pipefail echo "Installing softwares and packages" @@ -101,4 +103,5 @@ EOF COPY ${JUPYTER_REUSABLE_UTILS}/usercustomize.pth ${JUPYTER_REUSABLE_UTILS}/monkey_patch_protobuf_6x.py /opt/app-root/lib/python3.12/site-packages/ +USER 1001 WORKDIR /opt/app-root/src From 850c5d2ca8a03acc516b3a946310054105290dd0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jiri=20Dan=C4=9Bk?= Date: Tue, 11 Nov 2025 11:57:16 +0100 Subject: [PATCH 2/3] fixup, let's have it separately for now, until AIPCC fixes their things --- jupyter/minimal/ubi9-python-3.12/Dockerfile.rocm | 3 --- 1 file changed, 3 deletions(-) diff --git a/jupyter/minimal/ubi9-python-3.12/Dockerfile.rocm b/jupyter/minimal/ubi9-python-3.12/Dockerfile.rocm index f4ed86af1..d0bb39b43 100644 --- a/jupyter/minimal/ubi9-python-3.12/Dockerfile.rocm +++ b/jupyter/minimal/ubi9-python-3.12/Dockerfile.rocm @@ -108,9 +108,6 @@ jupyter labextension disable "@jupyterlab/apputils-extension:announcements" sed -i -e "s/Python.*/$(python --version | cut -d '.' -f-2)\",/" /opt/app-root/share/jupyter/kernels/python3/kernel.json # copy jupyter configuration cp /opt/app-root/bin/utils/jupyter_server_config.py /opt/app-root/etc/jupyter -# Fix permissions to support pip in Openshift environments -chmod -R g+w /opt/app-root/lib/python3.12/site-packages -fix-permissions /opt/app-root -P # Apply JupyterLab addons /opt/app-root/bin/utils/addons/apply.sh EOF From 73c7cc177242a706af971b485157922ca9a91c9e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jiri=20Dan=C4=9Bk?= Date: Tue, 11 Nov 2025 13:25:05 +0100 Subject: [PATCH 3/3] change of plans, let's have it together --- jupyter/minimal/ubi9-python-3.12/Dockerfile.rocm | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/jupyter/minimal/ubi9-python-3.12/Dockerfile.rocm b/jupyter/minimal/ubi9-python-3.12/Dockerfile.rocm index d0bb39b43..99c9a754b 100644 --- a/jupyter/minimal/ubi9-python-3.12/Dockerfile.rocm +++ b/jupyter/minimal/ubi9-python-3.12/Dockerfile.rocm @@ -108,15 +108,11 @@ jupyter labextension disable "@jupyterlab/apputils-extension:announcements" sed -i -e "s/Python.*/$(python --version | cut -d '.' -f-2)\",/" /opt/app-root/share/jupyter/kernels/python3/kernel.json # copy jupyter configuration cp /opt/app-root/bin/utils/jupyter_server_config.py /opt/app-root/etc/jupyter -# Apply JupyterLab addons -/opt/app-root/bin/utils/addons/apply.sh -EOF - # Fix permissions to support pip in Openshift environments -RUN /bin/bash <<'EOF' -set -Eeuxo pipefail chmod -R g+w /opt/app-root/lib/python3.12/site-packages fix-permissions /opt/app-root -P +# Apply JupyterLab addons +/opt/app-root/bin/utils/addons/apply.sh EOF USER 1001