app-in-browser allows controlling 3D accelerated graphic servers in the browser that will display a set of apps. Additionally, it mounts Nextcloud homedirs and group folders into the app containers.
To deploy app-in-browser on Ubuntu 22.04, follow these steps.
- Install
dockerusing this guide. Don't forget to enable the docker service usingsudo systemctl enable docker. - Install
Node.jsusing guide.
- By default, docker only allows creating 32 bridge networks. As each server uses two of them, you will only be able to start 16 servers with the default configuration. To bump this number to 256 servers, add the following to
/etc/docker/daemon.json:
{
"default-address-pools": [
{
"base": "172.17.0.0/12",
"size": 20
},
{
"base": "192.168.0.0/16",
"size": 24
}
]
}then restart the docker service with sudo systemctl restart docker.
- Install the recommended Nvidia drivers for your system. Install
ubuntu-driversusingsudo apt-get install ubuntu-drivers-commonand check which drivers are recommended using the commandubuntu-drivers devices. Then install them usingsudo ubuntu-drivers autoinstall. - Reboot the system with
sudo rebootand check that the drivers are functional usingsudo nvidia-smi. Additionally, you can check that the nvidia module is loaded withlspci -nnk | grep -i nvidia. - Install the NVIDIA Container Toolkit package repository and GPG key:
distribution=$(. /etc/os-release;echo $ID$VERSION_ID) \
&& curl -fsSL https://nvidia.github.io/libnvidia-container/gpgkey | sudo gpg --dearmor -o /usr/share/keyrings/nvidia-container-toolkit-keyring.gpg \
&& curl -s -L https://nvidia.github.io/libnvidia-container/$distribution/libnvidia-container.list | \
sed 's#deb https://#deb [signed-by=/usr/share/keyrings/nvidia-container-toolkit-keyring.gpg] https://#g' | \
sudo tee /etc/apt/sources.list.d/nvidia-container-toolkit.list- Run
sudo apt-get updateand then install the runtime withsudo apt-get install -y nvidia-container-toolkit. - Configure the Docker daemon to recognize the NVIDIA Container Runtime:
sudo nvidia-ctk runtime configure --runtime=docker- Finally restart the docker service with
sudo systemctl restart docker. - You can test your installation is working by running the following image
sudo docker run --rm --runtime=nvidia --gpus all nvidia/cuda:11.6.2-base-ubuntu20.04 nvidia-smiand getting the same output as in step 2 above. - You might want to deactivate kernel automatic upgrades:
sudo apt-get remove linux-image-virtual
sudo apt-get autoremove- Clone the repository with
git clone --recurse-submodules https://github.com/HIP-infrastructure/app-in-browser.git. If you can see thisREADME.md, it means you already have access to the repository. cdinto theapp-in-browserdirectory.- Change to the branch of your liking. If unsure use the
masterbranch. - Run
./build/submodule_branch.sh [branch_name]to get the right version of the submodules.
- Run
cp hip.config.template.yml hip.config.ymlto copy the config file from its template. - Edit the config file as specified in the next points.
- If you don't have a supported Nvidia graphics card, you need to edit these settings:
backend:
dri:
card: none
runtime: runc- If you have several graphics cards on your machine, you need to figure out which one is the Nvidia one and configure
app-in-browserto use it. Change thecardvariable above to match the output of
readlink -f /dev/dri/by-path/pci-0000:`lspci | grep NVIDIA | awk '{print $1}'`-card | xargs basename- Edit the
['backend']['auth']settings with the credentials generated on the frontend. Setserver_urlto the domain of your Keycloak instance andredirect_uri_baseto the domain the app-in-browser backend instance. The other settings correspond to the Keycloak realm and client you're going to be using. - If you'd like to use
keycloak, enter thekeycloakclient information and set to['server']['keycloak']['auth']toyes. - Put the
tlscertificates you generated on the frontend and collab in['base']['dockerfs']['cert_private']and['base']['dockerfs']['cert_collab']respectively. The certificates need to be transformed to single lines. You can use the following command:
awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' /path/to/cert.pem- Copy the backend environment template file with
cp backend/backend.env.template backend/backend.envand modify theBACKEND_DOMAINvariable to the domain on which the backend is will be hosted. - Install the HIP backend with
./scripts/install.sh. This script will interactively generate credentials for the REST API of the backend if they don't already exist. - Check that the backend is running with
./scripts/backendstatus.shand by checking https://url/api/ok. - If you have a Matlab licence server, uncomment line 51 and 52 and replace by the host name of the machine where the matlab server is installed and with the Host ID that you used during the installation of the server. This information can be found on Mathworks with the information of your licence server. You also need to whitelist the matlab server in the configuration file.
There are two options to control app-in-browser. You can use the REST API, or bash scripts. The former is used for integration and the latter option can be used for debug.
- Control servers using the following REST API:
https://url/api/control/server?action=action&sid=sid&hipuser=hipuser
where
urlis the url of the server where the backend is runningactionis one of:start: start serverpause: pause serverresume: resume serverstart: start serverstart: start serverstop: stop serverrestart: restart serverdestroy: destroy serverlogs: show server logstatus: show server status
sidis the server idhipuseris the username of theNextcloudHIPuser
- Start and restart apps use the following REST API:
https://url/api/control/app?action=action&app=app&sid=sid&aid=aid&hipuser=hipuser&hippass=hippass&nc=https://example.com
where
urlis the url of the server where the backend is runningactionis one of:start: start apprestart: restart app
appis the canonical name of the app to controlsidis the server id onto which the app is mappedaidis the app idhipuseris the username of theNextcloudHIPuserhippassis the password of theNextcloudHIPuserncis the complete url of theNextcloudinstance to connect to
- For all other actions to control apps use the following REST API:
https://url/api/control/app?action=action&app=app&sid=sid&aid=aid&hipuser=hipuser
where
urlis the url of the server where the backend is runningactionis one of:pause: pause appresume: resume appstop: stop appdestroy: destroy applogs: show app logstatus: show app status
appis the canonical name of the app to controlsidis the server id onto which the app is mappedaidis the app idhipuseris the username of theNextcloudHIPuser
You can launch servers and apps using the following bash scripts from the app-in-browser directory. The parameters are as described above.
- Servers:
- start:
./scripts/startserver.sh sid hipuser auth_groups - pause:
./scripts/pauseserver.sh sid hipuser - resume:
./scripts/unpauseserver.sh sid hipuser - stop:
./scripts/stopserver.sh sid hipuser - restart:
./scripts/restartserver.sh sid hipuser - destroy:
./scripts/destroyserver.sh sid hipuser - healthcheck:
./scripts/checkserverhealth.sh sid hipuser - logs:
./scripts/viewserverlogs.sh sid hipuser - status:
./scripts/serverstatus.sh sid hipuser
- start:
- Apps:
- start:
./scripts/startapp.sh app sid aid hipuser hippass "nc" "ab" group_folders - pause:
./scripts/pauseapp.sh app sid aid hipuser - resume:
./scripts/unpause.sh app sid aid hipuser - stop:
./scripts/stopapp.sh app sid aid hipuser - restart:
./scripts/restartapp.sh app sid aid hipuser hippass "nc" "ab" group_folders - destroy:
./scripts/destroyapp.sh app sid aid hipuser - healthcheck:
./scripts/checkapphealth.sh app sid aid hipuser - logs:
./scripts/viewapplogs.sh app sid aid hipuser - status:
./scripts/appstatus.sh app sid aid hipuser
- start:
If you wish to build app-in-browser on a local machine, first install the build dependencies:
sudo apt-get install python3-pip
sudo pip3 install -r build/requirements.txtThen for building everything, execute:
./buildall.pyFor building the server only, execute:
./buildserver.pyFor building a specific base image, execute:
./buildbaseimage.py [base_image_name]For building a specific app, execute:
./buildapp.py [app_image_name]Changes and testing for development of an application must be done on the dev servers.
When the changes are ready, to be tested, commit them to the dev branch
If you need to build the containers on the machine, you will need to:
Permit the networks to allow access to the docker registry
./scripts/permitnetwork.sh
Build the containers you want to build (ensure they are present in the the hip.yml)
./scripts/buildapp.py myappname
Restrict the networks again
./scripts/restrictnetwork.sh
Look into the scripts folder for other useful scripts.
This project has received funding from the European Union's Horizon Europe research and innovation program under grant agreement No 101147319 and from the Swiss State Secretariat for Education, Research and Innovation (SERI) under contract number 23.00638, as part of the Horizon Europe project “EBRAINS 2.0”.
This research was supported by the EBRAINS research infrastructure, funded from the European Union’s Horizon 2020 Framework Programme for Research and Innovation under the Specific Grant Agreement No. 945539 (Human Brain Project SGA3).