fix merge conflict

README.md

@@ -178,18 +178,6 @@ In order for SSH-ing into the workspace to be possible, the `org.eclipse.che.exe
   "id": "stacktdo2q0ixhv7cge00"
 }
 ```
-#### Enabling Privileged Docker Containers
-1. Cluster Privileges
-- in `/var/snap/microk8s/current/args/kubelet` and `/var/snap/microk8s/current/args/kube-apiserver`, append `--allow-privileged`
-- restart both services:
-```
-sudo systemctl restart snap.microk8s.daemon-apiserver
-sudo systemctl restart snap.microk8s.daemon-kubelet
-```
-
-2. Che Permissions
-- in `che/dockerfiles/init/manifest/che.env`, set `CHE_DOCKER_PRIVILEGED=true` under the Privileged Mode section
-- restart Che
 
 #### Creating and Sharing Stacks
 To create a stack, you write a raw configuration with all the che and docker settings your workspace will require, including installers, volumes, docker run tags, docker images, etc. See the example above.

maap_environments.json

@@ -6,6 +6,7 @@
         "auth_server": "auth.nasa.maap.xyz",
         "mas_server": "repo.nasa.maap.xyz",
         "edsc_server": "ade.che7test.xyz:30052",
+        "workspace_bucket": "maap-dev-dataset",
         "default_host": false
     },
     {
@@ -15,15 +16,17 @@
         "auth_server": "auth.nasa.maap.xyz",
         "mas_server": "repo.nasa.maap.xyz",
         "edsc_server": "che-k8s.maap.xyz:3052",
+        "workspace_bucket": "maap-dev-dataset",
         "default_host": false
     },
     {
         "environment": "uat",
         "ade_server": "ade.uat.maap-project.org",
         "api_server": "api.uat.maap-project.org",
         "auth_server": "auth.uat.maap-project.org",
-        "mas_server": "mas.uat.maap-project.org",
+        "mas_server": "repo.uat.maap-project.org",
         "edsc_server": "ade.uat.maap-project.org:30052",
+        "workspace_bucket": "maap-uat-workspace",
         "default_host": false
     },
     {
@@ -33,6 +36,7 @@
         "auth_server": "auth.maap-project.org",
         "mas_server": "mas.maap-project.org",
         "edsc_server": "ade.maap-project.org:30052",
+        "workspace_bucket": "maap-ops-dataset",
         "default_host": true
     }
 ]

show_ssh_info/show_ssh_info/__init__.py

@@ -2,7 +2,7 @@
 import os
 import os.path
 from notebook.utils import url_path_join
-from .handlers import GetHandler, InjectKeyHandler, MountBucketHandler, Presigneds3UrlHandler, MountOrgBucketsHandler
+from .handlers import GetHandler, InjectKeyHandler, MountBucketHandler, Presigneds3UrlHandler, MountOrgBucketsHandler, MountSharedBucketsHandler
 
 def _jupyter_server_extension_paths():
     return [{
@@ -26,6 +26,7 @@ def load_jupyter_server_extension(nb_server_app):
     web_app.add_handlers(host_pattern, [(url_path_join(base_url, 'show_ssh_info/get'), GetHandler)])
     web_app.add_handlers(host_pattern, [(url_path_join(base_url, 'show_ssh_info/inject_public_key'), InjectKeyHandler)])
     web_app.add_handlers(host_pattern, [(url_path_join(base_url, 'show_ssh_info/mountBucket'), MountBucketHandler)])
+    web_app.add_handlers(host_pattern, [(url_path_join(base_url, 'show_ssh_info/mountSharedBucket'), MountSharedBucketsHandler)])
     web_app.add_handlers(host_pattern, [(url_path_join(base_url, 'show_ssh_info/getOrgs'), MountOrgBucketsHandler)])
     web_app.add_handlers(host_pattern, [(url_path_join(base_url, 'show_ssh_info/getSigneds3Url'), Presigneds3UrlHandler)])
 

show_ssh_info/show_ssh_info/handlers.py

@@ -29,7 +29,7 @@ def maap_api_url(host):
 	return 'https://{}'.format(get_maap_config(host)['api_server'])
 
 def dps_bucket_name(host):
-	return 'maap-{}-dataset'.format(get_maap_config(host)['environment'])
+	return get_maap_config(host)['workspace_bucket']
 
 class InjectKeyHandler(IPythonHandler):
     def get(self):
@@ -157,7 +157,8 @@ def get(self):
                 logging.debug('chmod tmp {}'.format(chtmp_output))
 
                 # mount whole bucket first
-                mount_output = subprocess.check_output('s3fs -o passwd_file="/.passwd-s3fs" -o use_cache=/tmp/cache {} {}'.format(bucket,user_workspace), shell=True).decode('utf-8')
+                mount_output = subprocess.check_output('s3fs -o iam_role=auto -o imdsv1only -o use_cache=/tmp/cache {} {}'.format(bucket,user_workspace), shell=True).decode('utf-8')
+
                 message = mount_output
                 logging.debug('mount log {}'.format(mount_output))
 
@@ -183,14 +184,66 @@ def get(self):
                 message = umount_output
                 logging.debug('umount output {}'.format(umount_output))
 
-                mountdir_output = subprocess.check_output('s3fs -o passwd_file="/.passwd-s3fs" -o use_cache=/tmp/cache {} {}'.format(user_bucket_dir,user_workspace), shell=True).decode('utf-8')
+                mountdir_output = subprocess.check_output('s3fs -o iam_role=auto -o imdsv1only -o use_cache=/tmp/cache {} {}'.format(user_bucket_dir,user_workspace), shell=True).decode('utf-8')
+
                 message = mountdir_output
                 logging.debug('mountdir output {}'.format(mountdir_output))
 
                 self.finish({"status_code":200, "message":message, "user_workspace":user_workspace,"user_bucket_dir":user_bucket_dir})
         except:
             self.finish({"status_code":500, "message":message, "user_workspace":user_workspace,"user_bucket_dir":user_bucket_dir})
 
+class MountSharedBucketsHandler(IPythonHandler):
+    def get(self):
+        message = ''
+        maap_workspaces_dir = 'maap-workspaces'
+        try:
+            # get bucket name 
+            bucket = dps_bucket_name(self.request.host)
+            logging.debug('shared bucket is '+bucket)
+
+            # local mount points
+            shared_workspaces = '/projects/{}'.format(maap_workspaces_dir)
+            logging.debug('shared_workspaces {}'.format(shared_workspaces))
+
+            # create local mount points if they don't exist
+            if not os.path.exists(shared_workspaces):
+                os.mkdir(shared_workspaces)
+
+            logging.debug('shared_workspaces created')
+
+            # cache
+            if not os.path.exists('/tmp/cache'):
+                os.mkdir('/tmp/cache')
+
+            logging.debug('cache created')
+
+            # check if already mounted
+            check_status = subprocess.call('df -h | grep s3fs | grep {}'.format(shared_workspaces),shell=True)
+            logging.debug('check mounted is '+str(check_status))
+
+            #if status == 0, user workspace already mounted
+            if check_status == 0:
+                message = 'shared workspaces already mounted'
+                self.finish({'status_code':200,'message':message, 'shared_workspaces':shared_workspaces})
+
+            # if status !- 0, user workspace not already mounted
+            else:
+                # create tmp directory for caching
+                chtmp_output = subprocess.check_output('chmod 777 /tmp/cache', shell=True).decode('utf-8')
+                message = chtmp_output
+                logging.debug('chmod tmp {}'.format(chtmp_output))
+
+                # mount whole bucket in read-only mode
+                mount_output = subprocess.check_output('s3fs -o iam_role=auto -o imdsv1only -o ro -o use_cache=/tmp/cache {} {}'.format(bucket,shared_workspaces), shell=True).decode('utf-8')
+
+                message = mount_output
+                logging.debug('mount log {}'.format(mount_output))
+
+                self.finish({"status_code":200, "message":message, "shared_workspaces":shared_workspaces})
+        except:
+            self.finish({"status_code":500, "message":message, "shared_workspaces":shared_workspaces})
+
 class MountOrgBucketsHandler(IPythonHandler):
     def get(self):
         # Send request to Che API for list of user's orgs
@@ -244,7 +297,7 @@ def get(self):
                     else:
                         # mount whole bucket first
                         mount_output = subprocess.check_output(
-                            's3fs -o passwd_file="/.passwd-s3fs" {} /projects/{}'.format(
+                            's3fs -o iam_role=auto -o imdsv1only {} /projects/{}'.format(
                                 bucket, org),
                             shell=True).decode('utf-8')
                         message = mount_output
@@ -269,11 +322,8 @@ def get(self):
                         message = umount_output
                         logging.debug('umount output {}'.format(umount_output))
 
-                        # org folders are read-only (-o ro)
-                        readonly_opt = '-o ro ' if org == 'maap-users' else ''
                         mountdir_output = subprocess.check_output(
-                            's3fs -o passwd_file="/.passwd-s3fs" {} {} {}'.format(
-                                readonly_opt, org_bucket_dir, org_workspace),
+                            's3fs -o iam_role=auto -o imdsv1only {} {}'.format(org_bucket_dir, org_workspace),
                             shell=True).decode('utf-8')
                         message = mountdir_output
                         logging.debug('mountdir output {}'.format(mountdir_output))

submit_jobs/submit_jobs/handlers.py

@@ -177,7 +177,7 @@ def get(self, **params):
         logging.debug('repo url is {}'.format(config['repository_url']))
 
         # check if repo is hosted on a MAAP GitLab instance
-        if (not ('repo.nasa.maap') in config['repository_url']) and (not ('mas.maap-project') in config['repository_url']):
+        if (not ('repo.nasa.maap') in config['repository_url']) and (not ('maap-project.org') in config['repository_url']):
             self.finish({"status_code": 412, "result": "Error: Your git repo is not from a supported host (e.g. mas.maap-project.org)"})
             return