From e1aa02b574c9b67d296f107e86c7ec63296ae990 Mon Sep 17 00:00:00 2001
From: Hemang Shishir <hshishir@redhat.com>
Date: Tue, 1 Oct 2024 09:27:32 -0700
Subject: [PATCH] changes

---
 .github/workflows/spellcheck.yml             |  12 +++
 .pyspelling.yml                              |  20 ++++
 README.md                                    |   4 +-
 bootcamp/demos/distributed_workloads.md      |  79 ++++++++++++++
 bootcamp/scripts/logging.sh                  |  39 +++++++
 bootcamp/steps/01-add-administrative-user.md | 102 +++++++++++++++++++
 6 files changed, 255 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/spellcheck.yml
 create mode 100644 .pyspelling.yml
 create mode 100644 bootcamp/demos/distributed_workloads.md
 create mode 100644 bootcamp/scripts/logging.sh
 create mode 100644 bootcamp/steps/01-add-administrative-user.md

diff --git a/.github/workflows/spellcheck.yml b/.github/workflows/spellcheck.yml
new file mode 100644
index 0000000..bc8e694
--- /dev/null
+++ b/.github/workflows/spellcheck.yml
@@ -0,0 +1,12 @@
+name: Spellcheck Action
+on: push
+
+jobs:
+  build:
+    name: Spellcheck
+    runs-on: ubuntu-latest
+    steps:
+    - name: Code Checkout
+      uses: actions/checkout@v3
+    - name: Spellcheck
+      uses: rojopolis/spellcheck-github-actions@0.42.0
\ No newline at end of file
diff --git a/.pyspelling.yml b/.pyspelling.yml
new file mode 100644
index 0000000..c5e8005
--- /dev/null
+++ b/.pyspelling.yml
@@ -0,0 +1,20 @@
+matrix:
+  - name: Markdown
+    aspell:
+      lang: en
+      # ignore-case: true
+    dictionary:
+      encoding: utf-8
+      wordlists:
+        - .wordlist-md
+      output: scratch/dictionary.dic
+    pipeline:
+      - pyspelling.filters.markdown:
+      - pyspelling.filters.html:
+          comments: false
+          ignores:
+            - code
+            - pre
+    sources:
+      - '!**/INFO.md|!**/TODO.md|!venv/**|!scratch/**|**/*.md'
+    default_encoding: utf-8
\ No newline at end of file
diff --git a/README.md b/README.md
index d996261..3b22f1c 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,3 @@
-# demo-unstructured
\ No newline at end of file
+# demo-unstructured
+
+Unstructureed demo
\ No newline at end of file
diff --git a/bootcamp/demos/distributed_workloads.md b/bootcamp/demos/distributed_workloads.md
new file mode 100644
index 0000000..36674f6
--- /dev/null
+++ b/bootcamp/demos/distributed_workloads.md
@@ -0,0 +1,79 @@
+# Notes - Template
+
+Notes for the  Distributed Workloads Demonstration
+
+## Running distributed data science workloads from notebooks
+
+[source](https://access.redhat.com/documentation/en-us/red_hat_openshift_ai_self-managed/2.10/html/working_with_distributed_workloads/running-distributed-workloads_distributed-workloads)
+
+1. Access the RHOAI Dashboard
+1. Create a data science project that contains a workbench that is running one of the default notebook images, for example, the Standard Data Science notebook. (not code-server)
+1. In the JupyterLab interface, click Git > Clone a Repository
+1. In the "Clone a repo" dialog, enter `https://github.com/project-codeflare/codeflare-sdk.git`
+1. In the JupyterLab interface, in the left navigation pane, double-click codeflare-sdk.
+1. Double-click demo-notebooks.
+1. Double-click guided-demos.
+1. Execute the notebooks in order
+1. `0_basic_ray.ipynb`
+1. `1_cluster_job_client.ipynb`
+1. `2_basic_interactive.ipynb`
+
+### Update each example demo notebook accordingly
+
+You may have to pip install the codeflare_sdk if not provided with the Notebook Image.
+`!pip install codeflare_sdk -q`
+
+Update the following `token` and `server` values from your `oc login` command values
+`oc login --token=<YOUR_TOKEN> --server=<YOUR_API_URL>`
+
+```sh
+# if you are already logged in
+oc whoami -t
+```
+
+```python
+# Create authentication object for user permissions
+# IF unused, SDK will automatically check for default kubeconfig, then in-cluster config
+# KubeConfigFileAuthentication can also be used to specify kubeconfig path manually
+auth = TokenAuthentication(
+    token = "XXXXX",  # replace with <YOUR_TOKEN>
+    server = "XXXXX", # replace with <YOUR_API_URL>
+    skip_tls=False    # change to True to bypass certificate
+)
+auth.login()
+```
+
+(Recommended) Change TLS trust certificate, this will always work and prevent unnecessary hops.
+
+you should use the internal K8s service as the server value
+`server = "https://kubernetes.default.svc.cluster.local:443"`
+
+Shorter and easier to remember
+```sh
+# TLS verify with https service
+server = "https://kubernetes.default",
+skip_tls=False
+
+# Skip TLS verify with http service
+server = "http://kubernetes.default",
+skip_tls=True
+``````
+
+You may need to create a local-queue in your project - see the CHECKLIST_PROCEDURE "Create a local queue that points to your cluster queue"
+
+![NOTE]
+It may also be helpful to ignore the warnings Jupyter displays
+
+```python
+import warnings
+warnings.filterwarnings('ignore')
+```
+
+![NOTE]
+
+`2_basic_interactive.ipynb` will require you to upgrade the `codeflare-sdk` to the latest to avoid errors. Append a cell at the top with the following:
+
+```ssh
+!pip install -U pip -q
+!pip install -U codeflare-sdk -q
+```
diff --git a/bootcamp/scripts/logging.sh b/bootcamp/scripts/logging.sh
new file mode 100644
index 0000000..7c93445
--- /dev/null
+++ b/bootcamp/scripts/logging.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+RED='\033[1;31m'
+NC='\033[0m' # No Color
+BLUE='\033[1;36m'
+PURPLE='\033[1;35m'
+ORANGE='\033[0;33m'
+
+logbanner() {
+    echo -e "${PURPLE}====${NC} ${1} ${PURPLE}================================${NC}"
+    if [ -f "$LOG_FILE" ]; then
+        echo "$(date +"%H:%M:%S") - INFO - $1" >> $LOG_FILE
+    fi
+}
+
+loginfo() {
+    echo -e "${BLUE}INFO:${NC} ${1}"
+    if [ -f "$LOG_FILE" ]; then
+        echo "$(date +"%H:%M:%S") - INFO - $1" >> $LOG_FILE
+    fi
+}
+
+logerror () {
+    echo -e "${RED}ERROR:${NC} ${1}"
+    if [ -f "$LOG_FILE" ]; then
+        echo "$(date +"%H:%M:%S") - ERROR - $1" >> $LOG_FILE
+    fi
+}
+
+logwarning () {
+    echo -e "${ORANGE}WARNING:${NC} ${1}"
+    if [ -f "$LOG_FILE" ]; then
+        echo "$(date +"%H:%M:%S") - WARNING - $1" >> $LOG_FILE
+    fi
+}
+
+log() {
+    echo "$1"
+}
\ No newline at end of file
diff --git a/bootcamp/steps/01-add-administrative-user.md b/bootcamp/steps/01-add-administrative-user.md
new file mode 100644
index 0000000..689c13f
--- /dev/null
+++ b/bootcamp/steps/01-add-administrative-user.md
@@ -0,0 +1,102 @@
+## 1. Add administrative user
+
+Only users with cluster administrator privileges can install and configure RHOAI.
+
+You may be logged into the cluster as user `kubeadmin`, which is an automatically generated temporary user that should not be used as a best practice. See _APPENDIX.md for more details on best practices and patching if needed.
+
+For this procedure, we are using HTpasswd as the Identity Provider (IdP). HTPasswd updates the files that store usernames and password for authentication of HTTP users. RHOAI uses the same IdP as RHOCP, such as: htpasswd, keystone, LDAP, basic-authentication, request-header, GitHub, GitLab, Google, OpenID Connect. [More info](https://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html/authentication_and_authorization/understanding-identity-provider#supported-identity-providers).
+
+### Steps
+
+- Create an htpasswd file to store the user and password information
+
+    - ```sh
+        htpasswd -c -B -b scratch/users.htpasswd <username> <password>
+        ```
+         ```sh
+        # Expected output
+        Adding password for user <username>
+        ```
+
+- Create a secret to represent the htpasswd file
+
+    - ```sh
+        oc create secret generic htpasswd-secret --from-file=htpasswd=scratch/users.htpasswd -n openshift-config
+        ```
+
+         ```sh
+        # expected output
+        secret/htpasswd-secret created
+        ```
+
+- Verify you created a secret/htpasswd-secret object in openshift-config project
+
+    - ```sh
+        oc get secret/htpasswd-secret -n openshift-config
+        ```
+         ```sh
+        # expected output
+        NAME              TYPE     DATA   AGE
+        htpasswd-secret   Opaque   1      4m46s
+        ```
+
+- Apply the resource to the default OAuth configuration to add the identity provider
+
+    - ```sh
+        oc apply -f configs/htpasswd-cr.yaml
+        ```
+         ```sh
+        # expected output
+        oauth.config.openshift.io/cluster configured
+        ```
+
+- Verify the identity provider
+
+    - ```sh
+        oc get oauth/cluster -o yaml
+        ```
+
+- Watch for the cluster operator to cycle
+
+    - ```sh
+        oc get co authentication -w
+        ```
+
+         ```sh
+        Wait until you see the co refresh to `0s`
+        
+        # expected output
+        NAME             VERSION   AVAILABLE   PROGRESSING   DEGRADED   SINCE   MESSAGE
+        authentication   4.16.6    True        False         False      0s  
+        ```
+- As kubeadmin, assign the cluster-admin role to perform administrator level tasks
+
+    - ```sh
+        oc adm policy add-cluster-role-to-user cluster-admin admin1
+        ```
+
+         ```sh
+        # expected output
+        clusterrole.rbac.authorization.k8s.io/cluster-admin added: "<username>"
+        ```
+
+- Log in to the cluster as a user from your identity provider, entering the password when prompted. 
+
+  > NOTE: You may need to add the parameter `--insecure-skip-tls-verify=true` if your clusters api endpoint does not have a trusted cert.
+
+  - ```sh
+    oc cluster-info 
+    ```
+  - ```sh
+    oc login https://api.cluster-<id>.<id>.sandbox.opentlc.com:6443 --insecure-skip-tls-verify=true -u <username> -p <password>
+    ```
+
+> NOTE: The remainder of the procedure should be completed with the new cluster-admin `<username>`.
+
+
+## Automation key
+
+- From this repo's root directory, run below command
+    - ```sh
+        ./bootcamp/scripts/runstep.sh -s 1
+        ```
\ No newline at end of file