-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
6 changed files
with
255 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
name: Spellcheck Action | ||
on: push | ||
|
||
jobs: | ||
build: | ||
name: Spellcheck | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Code Checkout | ||
uses: actions/checkout@v3 | ||
- name: Spellcheck | ||
uses: rojopolis/[email protected] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
matrix: | ||
- name: Markdown | ||
aspell: | ||
lang: en | ||
# ignore-case: true | ||
dictionary: | ||
encoding: utf-8 | ||
wordlists: | ||
- .wordlist-md | ||
output: scratch/dictionary.dic | ||
pipeline: | ||
- pyspelling.filters.markdown: | ||
- pyspelling.filters.html: | ||
comments: false | ||
ignores: | ||
- code | ||
- pre | ||
sources: | ||
- '!**/INFO.md|!**/TODO.md|!venv/**|!scratch/**|**/*.md' | ||
default_encoding: utf-8 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,3 @@ | ||
# demo-unstructured | ||
# demo-unstructured | ||
|
||
Unstructureed demo |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
# Notes - Template | ||
|
||
Notes for the Distributed Workloads Demonstration | ||
|
||
## Running distributed data science workloads from notebooks | ||
|
||
[source](https://access.redhat.com/documentation/en-us/red_hat_openshift_ai_self-managed/2.10/html/working_with_distributed_workloads/running-distributed-workloads_distributed-workloads) | ||
|
||
1. Access the RHOAI Dashboard | ||
1. Create a data science project that contains a workbench that is running one of the default notebook images, for example, the Standard Data Science notebook. (not code-server) | ||
1. In the JupyterLab interface, click Git > Clone a Repository | ||
1. In the "Clone a repo" dialog, enter `https://github.com/project-codeflare/codeflare-sdk.git` | ||
1. In the JupyterLab interface, in the left navigation pane, double-click codeflare-sdk. | ||
1. Double-click demo-notebooks. | ||
1. Double-click guided-demos. | ||
1. Execute the notebooks in order | ||
1. `0_basic_ray.ipynb` | ||
1. `1_cluster_job_client.ipynb` | ||
1. `2_basic_interactive.ipynb` | ||
|
||
### Update each example demo notebook accordingly | ||
|
||
You may have to pip install the codeflare_sdk if not provided with the Notebook Image. | ||
`!pip install codeflare_sdk -q` | ||
|
||
Update the following `token` and `server` values from your `oc login` command values | ||
`oc login --token=<YOUR_TOKEN> --server=<YOUR_API_URL>` | ||
|
||
```sh | ||
# if you are already logged in | ||
oc whoami -t | ||
``` | ||
|
||
```python | ||
# Create authentication object for user permissions | ||
# IF unused, SDK will automatically check for default kubeconfig, then in-cluster config | ||
# KubeConfigFileAuthentication can also be used to specify kubeconfig path manually | ||
auth = TokenAuthentication( | ||
token = "XXXXX", # replace with <YOUR_TOKEN> | ||
server = "XXXXX", # replace with <YOUR_API_URL> | ||
skip_tls=False # change to True to bypass certificate | ||
) | ||
auth.login() | ||
``` | ||
|
||
(Recommended) Change TLS trust certificate, this will always work and prevent unnecessary hops. | ||
|
||
you should use the internal K8s service as the server value | ||
`server = "https://kubernetes.default.svc.cluster.local:443"` | ||
|
||
Shorter and easier to remember | ||
```sh | ||
# TLS verify with https service | ||
server = "https://kubernetes.default", | ||
skip_tls=False | ||
|
||
# Skip TLS verify with http service | ||
server = "http://kubernetes.default", | ||
skip_tls=True | ||
`````` | ||
|
||
You may need to create a local-queue in your project - see the CHECKLIST_PROCEDURE "Create a local queue that points to your cluster queue" | ||
|
||
![NOTE] | ||
It may also be helpful to ignore the warnings Jupyter displays | ||
|
||
```python | ||
import warnings | ||
warnings.filterwarnings('ignore') | ||
``` | ||
|
||
![NOTE] | ||
|
||
`2_basic_interactive.ipynb` will require you to upgrade the `codeflare-sdk` to the latest to avoid errors. Append a cell at the top with the following: | ||
|
||
```ssh | ||
!pip install -U pip -q | ||
!pip install -U codeflare-sdk -q | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
#!/bin/bash | ||
|
||
RED='\033[1;31m' | ||
NC='\033[0m' # No Color | ||
BLUE='\033[1;36m' | ||
PURPLE='\033[1;35m' | ||
ORANGE='\033[0;33m' | ||
|
||
logbanner() { | ||
echo -e "${PURPLE}====${NC} ${1} ${PURPLE}================================${NC}" | ||
if [ -f "$LOG_FILE" ]; then | ||
echo "$(date +"%H:%M:%S") - INFO - $1" >> $LOG_FILE | ||
fi | ||
} | ||
|
||
loginfo() { | ||
echo -e "${BLUE}INFO:${NC} ${1}" | ||
if [ -f "$LOG_FILE" ]; then | ||
echo "$(date +"%H:%M:%S") - INFO - $1" >> $LOG_FILE | ||
fi | ||
} | ||
|
||
logerror () { | ||
echo -e "${RED}ERROR:${NC} ${1}" | ||
if [ -f "$LOG_FILE" ]; then | ||
echo "$(date +"%H:%M:%S") - ERROR - $1" >> $LOG_FILE | ||
fi | ||
} | ||
|
||
logwarning () { | ||
echo -e "${ORANGE}WARNING:${NC} ${1}" | ||
if [ -f "$LOG_FILE" ]; then | ||
echo "$(date +"%H:%M:%S") - WARNING - $1" >> $LOG_FILE | ||
fi | ||
} | ||
|
||
log() { | ||
echo "$1" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,102 @@ | ||
## 1. Add administrative user | ||
|
||
Only users with cluster administrator privileges can install and configure RHOAI. | ||
|
||
You may be logged into the cluster as user `kubeadmin`, which is an automatically generated temporary user that should not be used as a best practice. See _APPENDIX.md for more details on best practices and patching if needed. | ||
|
||
For this procedure, we are using HTpasswd as the Identity Provider (IdP). HTPasswd updates the files that store usernames and password for authentication of HTTP users. RHOAI uses the same IdP as RHOCP, such as: htpasswd, keystone, LDAP, basic-authentication, request-header, GitHub, GitLab, Google, OpenID Connect. [More info](https://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html/authentication_and_authorization/understanding-identity-provider#supported-identity-providers). | ||
|
||
### Steps | ||
|
||
- Create an htpasswd file to store the user and password information | ||
|
||
- ```sh | ||
htpasswd -c -B -b scratch/users.htpasswd <username> <password> | ||
``` | ||
```sh | ||
# Expected output | ||
Adding password for user <username> | ||
``` | ||
|
||
- Create a secret to represent the htpasswd file | ||
|
||
- ```sh | ||
oc create secret generic htpasswd-secret --from-file=htpasswd=scratch/users.htpasswd -n openshift-config | ||
``` | ||
|
||
```sh | ||
# expected output | ||
secret/htpasswd-secret created | ||
``` | ||
|
||
- Verify you created a secret/htpasswd-secret object in openshift-config project | ||
|
||
- ```sh | ||
oc get secret/htpasswd-secret -n openshift-config | ||
``` | ||
```sh | ||
# expected output | ||
NAME TYPE DATA AGE | ||
htpasswd-secret Opaque 1 4m46s | ||
``` | ||
|
||
- Apply the resource to the default OAuth configuration to add the identity provider | ||
|
||
- ```sh | ||
oc apply -f configs/htpasswd-cr.yaml | ||
``` | ||
```sh | ||
# expected output | ||
oauth.config.openshift.io/cluster configured | ||
``` | ||
|
||
- Verify the identity provider | ||
|
||
- ```sh | ||
oc get oauth/cluster -o yaml | ||
``` | ||
|
||
- Watch for the cluster operator to cycle | ||
|
||
- ```sh | ||
oc get co authentication -w | ||
``` | ||
|
||
```sh | ||
Wait until you see the co refresh to `0s` | ||
# expected output | ||
NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE MESSAGE | ||
authentication 4.16.6 True False False 0s | ||
``` | ||
- As kubeadmin, assign the cluster-admin role to perform administrator level tasks | ||
- ```sh | ||
oc adm policy add-cluster-role-to-user cluster-admin admin1 | ||
``` | ||
```sh | ||
# expected output | ||
clusterrole.rbac.authorization.k8s.io/cluster-admin added: "<username>" | ||
``` | ||
- Log in to the cluster as a user from your identity provider, entering the password when prompted. | ||
> NOTE: You may need to add the parameter `--insecure-skip-tls-verify=true` if your clusters api endpoint does not have a trusted cert. | ||
- ```sh | ||
oc cluster-info | ||
``` | ||
- ```sh | ||
oc login https://api.cluster-<id>.<id>.sandbox.opentlc.com:6443 --insecure-skip-tls-verify=true -u <username> -p <password> | ||
``` | ||
> NOTE: The remainder of the procedure should be completed with the new cluster-admin `<username>`. | ||
## Automation key | ||
- From this repo's root directory, run below command | ||
- ```sh | ||
./bootcamp/scripts/runstep.sh -s 1 | ||
``` |