Fix/pytorch add updated start script (#10)

* update

* fix: add missing start1.sh to container-template for pytorch build

* Update container-template/updated_start.sh

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* name change

* rename start1.sh to updated_start.sh

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Author: AanningZoeng

container-template/updated_start.sh

@@ -0,0 +1,106 @@
+
+#!/bin/bash
+set -e  # Exit the script if any statement returns a non-true return value
+
+# ---------------------------------------------------------------------------- #
+#                          Function Definitions                                #
+# ---------------------------------------------------------------------------- #
+
+# Start nginx service
+start_nginx() {
+    echo "Starting Nginx service..."
+    service nginx start
+}
+
+# Execute script if exists
+execute_script() {
+    local script_path=$1
+    local script_msg=$2
+    if [ -f "${script_path}" ]; then
+        echo "${script_msg}"
+        bash ${script_path}
+    fi
+}
+
+# Setup ssh
+setup_ssh() {
+    if [ "$PUBLIC_KEY" ]; then
+        echo "Setting up SSH..."
+        mkdir -p ~/.ssh
+        echo "$PUBLIC_KEY" >> ~/.ssh/authorized_keys
+        chmod 700 -R ~/.ssh
+    fi
+
+    if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
+        ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -q -N ''
+        echo "RSA key fingerprint:"
+        ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub
+    fi
+
+    if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
+        ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -q -N ''
+        echo "DSA key fingerprint:"
+        ssh-keygen -lf /etc/ssh/ssh_host_dsa_key.pub
+    fi
+
+    if [ ! -f /etc/ssh/ssh_host_ecdsa_key ]; then
+        ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -q -N ''
+        echo "ECDSA key fingerprint:"
+        ssh-keygen -lf /etc/ssh/ssh_host_ecdsa_key.pub
+    fi
+
+    if [ ! -f /etc/ssh/ssh_host_ed25519_key ]; then
+        ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -q -N ''
+        echo "ED25519 key fingerprint:"
+        ssh-keygen -lf /etc/ssh/ssh_host_ed25519_key.pub
+    fi
+
+    service ssh start
+
+    echo "SSH host keys:"
+    for key in /etc/ssh/*.pub; do
+        echo "Key: $key"
+        ssh-keygen -lf $key
+    done
+
+}
+
+# Export env vars
+export_env_vars() {
+    echo "Exporting environment variables..."
+    printenv | grep -E '^YOTTA_|^PATH=|^_=' | awk -F = '{ print "export " $1 "=\"" $2 "\"" }' >> /etc/rp_environment
+    echo 'export PATH=/usr/local/nvidia/bin:/usr/local/cuda-12.8/bin:~/.local/bin:$PATH' >> /etc/rp_environment
+    echo 'source /etc/rp_environment' >> ~/.bashrc
+}
+
+# Start jupyter lab
+start_jupyter() {
+    if [ "$JUPYTER_PASSWORD" ]; then
+        echo "Starting Jupyter Lab..."
+        mkdir -p /workspace && \
+        cd / && \
+        nohup python3 -m jupyter lab --allow-root --no-browser --port=8888 --ip=* --FileContentsManager.delete_to_trash=False --ServerApp.terminado_settings='{"shell_command":["/bin/bash"]}' --ServerApp.token=$JUPYTER_PASSWORD --ServerApp.allow_origin=* --ServerApp.preferred_dir=/workspace &> /workspace/jupyter.log &
+        echo "Jupyter Lab started"
+    fi
+}
+
+
+# ---------------------------------------------------------------------------- #
+#                               Main Program                                   #
+# ---------------------------------------------------------------------------- #
+
+start_nginx
+
+execute_script "/pre_start.sh" "Running pre-start script..."
+
+echo "Pod Started"
+
+setup_ssh
+start_jupyter
+export_env_vars
+
+execute_script "/post_start.sh" "Running post-start script..."
+
+echo "Start script(s) finished, pod is ready to use."
+
+sleep infinity

official-templates/pytorch/Dockerfile

@@ -22,13 +22,13 @@ ENV DEBIAN_FRONTEND=noninteractive \
     SHELL=/bin/bash \
     PATH=/opt/conda/bin:/usr/local/nvidia/bin:/usr/local/cuda/bin:/usr/local/bin:$PATH \
     LD_LIBRARY_PATH=/usr/local/nvidia/lib64:$LD_LIBRARY_PATH \
-    JUPYTER_PASSWORD=ubuntu
+    JUPYTER_PASSWORD=yotta
 
 # ===============================
 # Workspace
 # ===============================
 WORKDIR /
-RUN mkdir -p /workspace && chmod 777 /workspace
+RUN mkdir -p /workspace && chmod 777 /workspace /root
 
 # ===============================
 # Base system packages
@@ -44,46 +44,16 @@ RUN apt-get update -y && \
       build-essential pkg-config \
     && echo "en_US.UTF-8 UTF-8" > /etc/locale.gen \
     && locale-gen \
-    && mkdir -p /var/run/sshd \
+    && mkdir -p /var/run/sshd /var/log/supervisor \
+    && chmod 700 /var/run/sshd /var/log/supervisor \
+    && chmod 755 /var/log \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
 
 # ===============================
-# uv (Astral) - Python package manager
-# - Install to /usr/local/bin
-# - Avoids modifying shell profile (suitable for container/CI)
+# Remove ubuntu user (for security: prevent unauthorized SSH access)
 # ===============================
-ARG UV_VERSION="latest"
-RUN set -eux; \
-    if [ "${UV_VERSION}" = "latest" ]; then \
-      curl -LsSf https://astral.sh/uv/install.sh | env UV_UNMANAGED_INSTALL="/usr/local/bin" sh; \
-    else \
-      curl -LsSf "https://astral.sh/uv/${UV_VERSION}/install.sh" | env UV_UNMANAGED_INSTALL="/usr/local/bin" sh; \
-    fi; \
-    uv --version
-
-# ===============================
-# Miniconda
-# ===============================
-ARG MINICONDA_VERSION="py311_24.1.2-0"
-ARG CONDA_DIR="/opt/conda"
-
-RUN set -eux; \
-    ARCH="$(uname -m)"; \
-    case "${ARCH}" in \
-      x86_64)  MINICONDA_ARCH="x86_64" ;; \
-      aarch64) MINICONDA_ARCH="aarch64" ;; \
-      *) echo "Unsupported arch: ${ARCH}" && exit 1 ;; \
-    esac; \
-    curl -fsSL \
-      "https://repo.anaconda.com/miniconda/Miniconda3-${MINICONDA_VERSION}-Linux-${MINICONDA_ARCH}.sh" \
-      -o /tmp/miniconda.sh; \
-    bash /tmp/miniconda.sh -b -p "${CONDA_DIR}"; \
-    rm -f /tmp/miniconda.sh; \
-    "${CONDA_DIR}/bin/conda" config --system --set auto_activate_base false; \
-    "${CONDA_DIR}/bin/conda" clean -afy
-
-RUN ln -sf /opt/conda/bin/conda /usr/local/bin/conda
+RUN userdel -r ubuntu || true
 
 # ===============================
 # Python 3.11 (build from source, with ensurepip)
@@ -101,7 +71,7 @@ RUN set -eux; \
     && tar -xzf /tmp/Python.tgz -C /tmp/python-src --strip-components=1 \
     && rm -f /tmp/Python.tgz \
     && cd /tmp/python-src \
-    && ./configure --enable-optimizations --with-ensurepip=install \
+    && ./configure --with-ensurepip=install \
     && make -j"$(nproc)" \
     && make altinstall \
     && cd / \
@@ -125,15 +95,23 @@ RUN python -m pip install --no-cache-dir \
       huggingface-hub datasets
 
 # ===============================
-# Patch: ensure python3.11 has Jupyter (required by /start.sh)
-# Only adds jupyter to the python3.11 environment, does not modify the existing pip install logic
+# Build-time assertion: verify Jupyter installation
 # ===============================
-RUN /usr/local/bin/python3.11 -m ensurepip --upgrade && \
-    /usr/local/bin/python3.11 -m pip install --no-cache-dir \
-      jupyterlab ipywidgets jupyter-archive notebook==7.3.3
+RUN python -c "import jupyter; import notebook; import jupyterlab; print('jupyter ok')"
 
-# Build-time assertion: prevents pushing a broken image
-RUN /usr/local/bin/python3.11 -c "import jupyter; import notebook; import jupyterlab; print('python3.11 jupyter ok')"
+# ===============================
+# Configure JupyterLab: auto-login with token (no password prompt)
+# ===============================
+RUN mkdir -p /root/.jupyter && printf '%s\n' \
+    'c.ServerApp.token = "yotta"' \
+    'c.ServerApp.password = ""' \
+    'c.ServerApp.allow_remote_access = True' \
+    'c.ServerApp.allow_origin = "*"' \
+    'c.NotebookApp.token = "yotta"' \
+    'c.NotebookApp.password = ""' \
+    'c.NotebookApp.allow_remote_access = True' \
+    > /root/.jupyter/jupyter_lab_config.py && \
+    chmod 600 /root/.jupyter/jupyter_lab_config.py
 
 # ===============================
 # NCCL tests (build from source, force MPI=0 to avoid mpi.h missing)
@@ -145,31 +123,23 @@ RUN set -eux; \
     ln -sf /opt/nccl-tests/build/* /usr/local/bin/; \
     rm -rf /opt/nccl-tests/.git
 
-# ===============================
-# User
-# ===============================
-RUN useradd -ms /bin/bash ubuntu && \
-    usermod -aG sudo ubuntu && \
-    echo "ubuntu ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/ubuntu && \
-    echo "ubuntu:ubuntu" | chpasswd
-
-# ===============================
-# SSH config (start.sh handles sshd startup; this ensures password login is enabled)
-# ===============================
-RUN sed -i 's/#PasswordAuthentication yes/PasswordAuthentication yes/' /etc/ssh/sshd_config && \
-    sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config && \
-    rm -f /etc/ssh/ssh_host_*
 
 # ===============================
 # CUDA bin convenience
 # ===============================
 RUN ln -sf /usr/local/cuda/bin/* /usr/bin/ || true
 
 # ===============================
-# start.sh (from buildx bake context "scripts")
+# Supervisor configuration
 # ===============================
-COPY --from=scripts start.sh /start.sh
-RUN chmod 755 /start.sh
+RUN mkdir -p /var/log/supervisor /usr/local/bin && \
+    chmod 777 /var/log/supervisor /workspace /var/run /var/lib/nginx && \
+    mkdir -p /run/sshd && \
+    chmod 700 /run/sshd
+
+COPY --from=scripts start1.sh /start1.sh
+RUN chmod 755 /start1.sh && \
+    sed -i 's/\r$//' /start1.sh
 
 # ===============================
 # nginx / branding
@@ -187,8 +157,8 @@ RUN echo 'cat /etc/yotta.txt' >> /root/.bashrc
 EXPOSE 22 80 8888
 
 # ===============================
-# Entrypoint: root runs start.sh directly (does not modify the shared start.sh)
+# Entrypoint: root runs start1.sh with explicit bash (ensures bash syntax works)
 # ===============================
 USER root
 WORKDIR /root
-CMD ["/bin/bash", "-lc", "exec /start.sh"]
+CMD ["/bin/bash", "-c", "exec /bin/bash /start1.sh"]

official-templates/pytorch/docker-bake.hcl

@@ -1,5 +1,5 @@
 variable "PUBLISHER"  { default = "yottalabsai" }
-variable "TAG_SUFFIX" { default = "2026010901" }
+variable "TAG_SUFFIX" { default = "2026031701" }
 
 group "default" {
   targets = ["pytorch290"]
@@ -15,7 +15,7 @@ target "pytorch290" {
   dockerfile = "Dockerfile"
 
   tags = [
-    "${PUBLISHER}/pytorch:2.9.0-py3.11-cuda12.8.1-cudnn-devel-ubuntu22.04"
+    "${PUBLISHER}/pytorch:${TAG_SUFFIX}"
   ]
 
   contexts = {
@@ -25,7 +25,7 @@ target "pytorch290" {
   }
 
   args = {
-    BASE_IMAGE     = "nvidia/cuda:12.8.1-cudnn-devel-ubuntu22.04"
+    BASE_IMAGE     = "nvidia/cuda:12.8.1-cudnn-devel-ubuntu22.04"        
     PYTHON_VERSION = "3.11.14"
     TORCH          = "torch torchvision torchaudio --index-url https://download.pytorch.org/whl/nightly/cu128"
   }