This is the NOMAD Oasis distribution of FAIRmat-NFDI. Below are instructions for how to deploy this distribution and how to customize it through adding plugins.
Important
Depending on the settings of the owner of this repository, the distributed image might be private and require authentication to pull. If you want to keep the image private you need to configure and use a personal access token (PAT) according to the instructions in the GitHub docs here. If you want to make the image public (recommended), you should make sure that your organization settings allow public packages and make this package public after building it. You can read more about this in the GitHub docs here.
Tip
In order for others to find and learn from your distribution we in FAIRmat would
greatly appreciate it if you would add the topic nomad-distribution by clicking the
⚙️ next to "About" on the main GitHub page for this repository.
In this README you will find instructions for:
- Deploying the distribution
- Adding a plugin
- Using the jupyter image
- Automated unit and example upload tests in CI
- Setup regular package updates with Dependabot
- Updating the distribution from the template
- Solving common issues
Below are instructions for how to deploy this NOMAD Oasis distribution for a new Oasis and for an existing Oasis
-
Make sure you have docker installed. Docker nowadays comes with
docker composebuilt in. Prior, you needed to install the stand-alone docker-compose. -
Clone the repository or download the repository as a zip file.
git clone https://github.com//rohzb/hzb-sci-nomad-testing.git cd nomad-distro-templateor
curl-L -o nomad-distro-template.zip "https://github.com//rohzb/hzb-sci-nomad-testing/archive/main.zip" unzip nomad-distro-template.zip cd nomad-distro-template
-
On Linux only, recursively change the owner of the
.volumesdirectory to the nomad user (1000)sudo chown -R 1000 .volumes
-
Pull the images specified in the
docker-compose.yamlNote that the image needs to be public or you need to provide a PAT (see "Important" note above).
docker compose pull
-
(Optional) Deploy Oasis with HTTPS
Generate a self-signed SSL certificate (or use a trusted certificate authority if preferred):
mkdir ssl openssl req -x509 -nodes -days 365 \ -newkey rsa:2048 \ -keyout ./ssl/selfsigned.key \ -out ./ssl/selfsigned.crt \ -subj "/CN=localhost"Update the
proxyconfig indocker-compose.ymlto use the HTTPS Nginx config instead of the HTTP one:- # HTTP - - ./configs/nginx_http.conf:/etc/nginx/conf.d/default.conf:ro + # HTTPS (you need to generate SSL certificate) + - ./configs/nginx_https.conf:/etc/nginx/conf.d/default.conf:ro + - ./ssl:/etc/nginx/ssl:ro # generate your SSL certificate
Also make sure port 443 is exposed:
ports: - 80:80 - 443:443
-
And run it with docker compose in detached (--detach or -d) mode
docker compose up -d
-
(Optional) You can now test that NOMAD is running with
# HTTP curl localhost/nomad-oasis/alive # HTTPS with self-signed SSL certificate (and trust self-signed certificate) curl --insecure https://localhost/nomad-oasis/alive
-
Finally, open http://localhost/nomad-oasis in your browser to start using your new NOMAD Oasis.
Any pushes to the main branch of this repository, such as when adding a plugin, will trigger a pipeline that generates a new app and jupyter image.
-
To update your local image you need to shut down NOMAD using
docker compose down
and then repeat steps 4. and 5. above.
-
You can remove unused images to free up space by running
docker image prune -a
To run NORTH (the NOMAD Remote Tools Hub), the hub container needs to run docker and
the container has to be run under the docker group. You need to replace the default group
id 991 in the docker-compose.yaml's hub section with your systems docker group id.
Run id if you are a docker user, or getent group | grep docker to find your
systems docker gid. The user id 1000 is used as the nomad user inside all containers.
Please see the Jupyter image section below for more information on the jupyter NORTH image being generated in this repository.
You can find more details on setting up and maintaining an Oasis in the NOMAD docs here: nomad-lab.eu/prod/v1/docs/oasis/install.html
If you already have an Oasis running you only need to change the image being pulled in
your docker-compose.yaml with ghcr.io/rohzb/hzb-sci-nomad-testing:main for the services
worker, app, north, and logtransfer.
If you want to use the nomad.yaml from this repository you also need to comment out
the inclusion of the nomad.yaml under the volumes key of those services in the
docker-compose.yaml.
volumes:
# - ./configs/nomad.yaml:/app/nomad.yamlTo run the new image you can follow steps 5. and 6. above.
To add a new plugin to the docker image you should add it to the plugins table in the pyproject.toml file.
Here you can put either plugins distributed to PyPI, e.g.
[project.optional-dependencies]
plugins = [
"nomad-material-processing>=1.0.0",
]or plugins in a git repository with either the commit hash
[project.optional-dependencies]
plugins = [
"nomad-measurements @ git+https://github.com/FAIRmat-NFDI/nomad-measurements.git@71b7e8c9bb376ce9e8610aba9a20be0b5bce6775",
]or with a tag
[project.optional-dependencies]
plugins = [
"nomad-measurements @ git+https://github.com/FAIRmat-NFDI/[email protected]"
]To add a plugin in a subdirectory of a git repository you can use the subdirectory option, e.g.
[project.optional-dependencies]
plugins = [
"ikz_pld_plugin @ git+https://github.com/FAIRmat-NFDI/AreaA-data_modeling_and_schemas.git@30fc90843428d1b36a1d222874803abae8b1cb42#subdirectory=PVD/PLD/jeremy_ikz/ikz_pld_plugin"
]Once the changes have been committed to the main branch, the new image will automatically be generated.
In addition to the Docker image for running the oasis, this repository also builds a custom NORTH image for running a jupyter hub with the installed plugins.
This image has been added to the configs/nomad.yaml during the initialization of this repository and should therefore already be available in your Oasis under "Analyze / NOMAD Remote Tools Hub / jupyter"
The image is quite large and might cause a timeout the first time it is run. In order to avoid this you can pre pull the image with:
docker pull ghcr.io/rohzb/hzb-sci-nomad-testing/jupyter:mainIf you want additional python packages to be available to all users in the jupyter hub you can add those to the jupyter table in the pyproject.toml:
[project.optional-dependencies]
jupyter = [
"voila",
"ipyaggrid",
"ipysheet",
"ipydatagrid",
"jupyter-flex",
]By default, all unit tests from every plugin are executed to ensure system stability and catch potential issues early. These tests validate core functionality and help maintain consistency across different plugins.
In addition to unit tests, the pipeline also verifies that all example uploads can be processed correctly. This ensures that any generated entries do not contain error messages, providing confidence that data flows through the system as expected.
For example upload tests, the CI uses the image built in the Build Image step. It then runs the Docker container and starts up the application to confirm that it functions correctly. This approach ensures that if the pipeline passes, the app is more likely to run smoothly in a Dockerized environment on a server, not just locally.
If you need to disable tests for specific plugins, update the PLUGIN_TESTS_PLUGINS_TO_SKIP variable in .github/workflows/docker-publish.yml by adding the plugin names to the existing list.
Dependabot is already configured in the repository’s CI setup, but you need to enable it manually in the repository settings.
To enable Dependabot, go to Settings > Code security and analysis in your GitHub repository. From there, turn on Dependabot alerts and version updates. Once enabled, Dependabot will automatically check for dependency updates and create pull requests when new versions are available.
This automated process helps ensure that your dependencies stay up to date, improving security and reducing the risk of vulnerabilities.
In order to update an existing distribution with any potential changes in the template you can add a new git remote for the template and merge with that one while allowing for unrelated histories:
git remote add template https://github.com//rohzb/hzb-sci-nomad-testing
git fetch template
git merge template/main --allow-unrelated-historiesMost likely this will result in some merge conflicts which will need to be resolved. At the very least the Dockerfile and GitHub workflows should be taken from "theirs":
git checkout --theirs Dockerfile
git checkout --theirs .github/workflows/docker-publish.ymlFor detailed instructions on how to resolve the merge conflicts between different version we refer you to the latest template release notes
Once the merge conflicts are resolved you should add the changes and commit them
git add -A
git commit -m "Updated to new distribution version"Ideally all workflows should be triggered automatically but you might need to run the initialization one manually by navigating to the "Actions" tab at the top, clicking "Template Repository Initialization" on the left side, and triggering it by clicking "Run workflow" under the "Run workflow" button on the right.
I get an Error response from daemon: Head "https://ghcr.io/v2//rohzb/hzb-sci-nomad-testing/manifests/main": unauthorized
when trying to pull my docker image.
Most likely you have not made the package public or provided a personal access token (PAT). You can read how to make your package public in the GitHub docs here or how to configure a PAT (if you want to keep the distribution private) in the GitHub docs here.