Hello Kasper,
thanks for your question.
Could you please give some more details about the used base image?
Is it based on a quite new operating system, e.g. debian bookworm or something similiar?
Hello Norman,
This is the images information’s.
IEOD (piloting image) OS: ieod-installer-1.16.0-4-a-rc1-25301788.tar.gz
https://captain.rtf.siemens.net/ui/native/vied-release-public-generic-egll/piloting/ieod
IED OS Version: ied-os-1.12.0-10-amd64
When entering Jupyter Notes on IEOD, the start folder is “/app/AI-Workshop” and have the files as expected. On the IED the folder is empty and not sure about the folder path. When trying to upload a file (IOED), I get the ERRNO 2. Have tried to add a non-root user with R/W access, but without luck.
Since I can't attach files, here are the dockerfile and docker-compose.
Dockerfile:
ROM python:3.8
ADD requirements.txt /RUN pip install -r /requirements.txt
WORKDIR /app
COPY /AI_Software_Development_Kit_v1.4.1 /AI_Software_Development_Kit_v1.4.1COPY /AI-Workshop /AI-Workshop
ENV PYTHONUNBUFFERED=1
RUN pip install AI_Software_Development_Kit_v1.4.1/simaticai-1.4.1-py3-none-any.whl
CMD jupyter notebook --ip 0.0.0.0 --no-browser -e GRANT_SUDO=yes --allow-root --notebook-dir=/app/AI-Workshop --NotebookApp.token=''
docker-compose
version: '2.4'
services:
Jupyter:
image: 'ai-workshop-jupyter:latest'
build: './Jupyter'
networks:
- internal-network
volumes:
- './publish/:/publish/'
- './cfg-data/:/cfg-data/'
ports:
- '8888:8888'
mem_limit: 2100mb
cpuset: '1'
environment:
JUPYTER_ENABLE_LAB: 1
NB_USER: aiuser
NB_GID: 1001
JUPYTER_TOKEN: aiuser
CHOWN_HOME: 'yes'
CHOWN_HOME_OPTS: '-R'
#### Network ####
networks:
internal-network:
name: internal-network
#### Volumes ####
volumes:
data_volume:
driver: local
Here are some info from my Log file:
When starting the app:
File \"/usr/local/lib/python3.8/threading.py\", line 852, in start\n","stream":"stderr","time":"2023-11-14T08:26:46.688397359Z"}{"log":" _start_new_thread(self._bootstrap, ())\n","stream":"stderr","time":"2023-11-14T08:26:46.688474676Z"}{"log":" RuntimeError: can't start new thread\n","stream":"stderr","time":"2023-11-14T08:26:46.688549114Z"}{"log":"[E 2023-11-14 08:26:46.687 ServerApp] {\n","stream":"stderr","time":"2023-11-14T08:26:46.688634927Z"}
When uploading the testfile
"[E 2023-11-14 08:26:46.687 ServerApp] 500 GET /api/contents?content=1\u00261699950406591 (a9f676522e17447e97cf3487e9915123@192.168.1.154) 13.31ms referer=http://192.168.1.100:8888/tree?1699950396514\n","stream":"stderr","time":"2023-11-14T08:26:46.689115943Z"}{"log":"[I 2023-11-14 08:26:46.823 ServerApp] Uploading file to /Testfile.txt\n","stream":"stderr","time":"2023-11-14T08:26:46.824330031Z"}{"log":"[W 2023-11-14 08:26:46.824 ServerApp] 403 PUT /api/contents/Testfile.txt?1699950406736 (192.168.1.154): Permission denied: Testfile.txt\n","stream":"stderr","time":"2023-11-14T08:26:46.826404217Z"}{"log":"[W 2023-11-14 08:26:46.825 ServerApp] wrote error: 'Permission denied: Testfile.txt'\n","stream":"stderr","time":"2023-11-14T08:26:46.830484344Z"}{"log":" Traceback (most recent call last):\n","stream":"stderr","time":"2023-11-14T08:26:46.83055415Z"}{"log"
Update!
Running the container in privileged mode is solving the problem. But as far as I can read this is not the recomended way of doing it when you look from a security perspective.
Hello Kasper,
great to hear that it is working now.
You are right, working with privileged is not a good idea. You can add needed capabilities to your Docker-Compose file, instead of using privileged Mode.
You can find some more information about using capabilities in the Industrial Edge Developer Guide: Developer Guide
I would like to give you another hint. In the docker file I can see you are using python 3.8, I would assume that docker is using the latest available then (bookworm).
The IPC Industrial Edge are using Bullseye (IEVD is using Bookworm) till now, so could you try using a bullseye based Docker Image instead (e.g. 3.8-bullseye) and check if the is behaviour is the same