From 6b1204ead065f9199260b657ec1d7b74b43ad9df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jiri=20Dan=C4=9Bk?= Date: Thu, 13 Nov 2025 07:50:16 +0100 Subject: [PATCH 1/5] RHAIENG-948: remove UBI 9 repository injection across all Dockerfiles ``` + dnf install -y perl mesa-libGL skopeo gcc gcc-c++ make openssl-devel autoconf automake libtool cmake python3-devel pybind11-devel openblas-devel unixODBC-devel Updating Subscription Management repositories. Red Hat Universal Base Image 9 (RPMs) - BaseOS 1.4 MB/s | 433 kB 00:00 Red Hat Universal Base Image 9 (RPMs) - AppStre 6.4 MB/s | 2.2 MB 00:00 Red Hat Universal Base Image 9 (RPMs) - CodeRea 683 kB/s | 174 kB 00:00 Package mesa-libGL-24.2.8-3.el9_6.s390x is already installed. Package skopeo-2:1.20.0-1.el9.s390x is already installed. Package gcc-11.5.0-11.el9.s390x is already installed. Error: Problem: package mesa-dri-drivers-25.0.7-3.el9_7.s390x from ubi-9-appstream-rpms requires libLLVM.so.20.1()(64bit), but none of the providers can be installed - package mesa-dri-drivers-25.0.7-3.el9_7.s390x from ubi-9-appstream-rpms requires libLLVM.so.20.1(LLVM_20.1)(64bit), but none of the providers can be installed - cannot install both llvm-libs-20.1.8-3.el9.s390x from ubi-9-appstream-rpms and llvm-libs-19.1.7-2.el9.s390x from @System - package mesa-libGL-25.0.7-3.el9_7.s390x from ubi-9-appstream-rpms requires libgallium-25.0.7.so()(64bit), but none of the providers can be installed ... ``` # Conflicts: # codeserver/ubi9-python-3.12/Dockerfile.cpu # jupyter/datascience/ubi9-python-3.12/Dockerfile.cpu # jupyter/minimal/ubi9-python-3.12/Dockerfile.cpu # jupyter/minimal/ubi9-python-3.12/Dockerfile.cuda # jupyter/minimal/ubi9-python-3.12/Dockerfile.rocm # jupyter/pytorch+llmcompressor/ubi9-python-3.12/Dockerfile.cuda # jupyter/pytorch/ubi9-python-3.12/Dockerfile.cuda # jupyter/rocm/pytorch/ubi9-python-3.12/Dockerfile.rocm # jupyter/rocm/tensorflow/ubi9-python-3.12/Dockerfile.rocm # jupyter/tensorflow/ubi9-python-3.12/Dockerfile.cuda # jupyter/trustyai/ubi9-python-3.12/Dockerfile.cpu # runtimes/minimal/ubi9-python-3.12/Dockerfile.cpu # runtimes/pytorch+llmcompressor/ubi9-python-3.12/Dockerfile.cuda # runtimes/pytorch/ubi9-python-3.12/Dockerfile.cuda # runtimes/rocm-pytorch/ubi9-python-3.12/Dockerfile.rocm # runtimes/rocm-tensorflow/ubi9-python-3.12/Dockerfile.rocm # runtimes/tensorflow/ubi9-python-3.12/Dockerfile.cuda # Conflicts: # codeserver/ubi9-python-3.12/Dockerfile.konflux.cpu # jupyter/datascience/ubi9-python-3.12/Dockerfile.konflux.cpu # jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.cpu # jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.cuda # jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.rocm # jupyter/pytorch+llmcompressor/ubi9-python-3.12/Dockerfile.konflux.cuda # jupyter/pytorch/ubi9-python-3.12/Dockerfile.konflux.cuda # jupyter/rocm/pytorch/ubi9-python-3.12/Dockerfile.konflux.rocm # jupyter/rocm/tensorflow/ubi9-python-3.12/Dockerfile.konflux.rocm # jupyter/tensorflow/ubi9-python-3.12/Dockerfile.konflux.cuda # jupyter/trustyai/ubi9-python-3.12/Dockerfile.konflux.cpu # rstudio/rhel9-python-3.12/Dockerfile.cpu # rstudio/rhel9-python-3.12/Dockerfile.cuda # runtimes/minimal/ubi9-python-3.12/Dockerfile.konflux.cpu # runtimes/pytorch+llmcompressor/ubi9-python-3.12/Dockerfile.konflux.cuda # runtimes/pytorch/ubi9-python-3.12/Dockerfile.konflux.cuda # runtimes/rocm-pytorch/ubi9-python-3.12/Dockerfile.konflux.rocm # runtimes/rocm-tensorflow/ubi9-python-3.12/Dockerfile.konflux.rocm # runtimes/tensorflow/ubi9-python-3.12/Dockerfile.konflux.cuda --- codeserver/ubi9-python-3.12/Dockerfile.konflux.cpu | 13 ------------- .../ubi9-python-3.12/Dockerfile.konflux.cpu | 8 -------- .../minimal/ubi9-python-3.12/Dockerfile.konflux.cpu | 8 -------- .../ubi9-python-3.12/Dockerfile.konflux.cuda | 8 -------- .../ubi9-python-3.12/Dockerfile.konflux.rocm | 8 -------- .../ubi9-python-3.12/Dockerfile.konflux.cuda | 8 -------- .../ubi9-python-3.12/Dockerfile.konflux.cuda | 8 -------- .../ubi9-python-3.12/Dockerfile.konflux.rocm | 8 -------- .../ubi9-python-3.12/Dockerfile.konflux.rocm | 8 -------- .../ubi9-python-3.12/Dockerfile.konflux.cuda | 8 -------- .../ubi9-python-3.12/Dockerfile.konflux.cpu | 9 --------- .../ubi9-python-3.12/Dockerfile.konflux.cpu | 8 -------- .../minimal/ubi9-python-3.12/Dockerfile.konflux.cpu | 8 -------- .../ubi9-python-3.12/Dockerfile.konflux.cuda | 8 -------- .../ubi9-python-3.12/Dockerfile.konflux.cuda | 8 -------- .../ubi9-python-3.12/Dockerfile.konflux.rocm | 8 -------- .../ubi9-python-3.12/Dockerfile.konflux.rocm | 8 -------- .../ubi9-python-3.12/Dockerfile.konflux.cuda | 8 -------- 18 files changed, 150 deletions(-) diff --git a/codeserver/ubi9-python-3.12/Dockerfile.konflux.cpu b/codeserver/ubi9-python-3.12/Dockerfile.konflux.cpu index 09e096ec3..1ded61066 100644 --- a/codeserver/ubi9-python-3.12/Dockerfile.konflux.cpu +++ b/codeserver/ubi9-python-3.12/Dockerfile.konflux.cpu @@ -3,9 +3,6 @@ ######################### ARG BASE_IMAGE -# External image alias for UBI repository configuration -FROM registry.access.redhat.com/ubi9/ubi AS ubi-repos - #################### # rpm-base # #################### @@ -18,11 +15,6 @@ WORKDIR /root ENV HOME=/root -# Inject the official UBI 9 repository configuration into the AIPCC base image. -# The Quay-based AIPCC image is "repo-less" by default (https://gitlab.com/redhat/rhel-ai/core/base-images/app#repositories), so dnf cannot upgrade or install packages. -# By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. -COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo - ARG CODESERVER_SOURCE_CODE=codeserver/ubi9-python-3.12 ARG NODE_VERSION=22.18.0 @@ -78,11 +70,6 @@ WORKDIR /opt/app-root/bin # OS Packages needs to be installed as root USER 0 -# Inject the official UBI 9 repository configuration into the AIPCC base image. -# The Quay-based AIPCC image is "repo-less" by default (https://gitlab.com/redhat/rhel-ai/core/base-images/app#repositories), so dnf cannot upgrade or install packages. -# By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. -COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo - ### BEGIN upgrade first to avoid fixable vulnerabilities RUN /bin/bash <<'EOF' # The devops activationkey is not powerful enough, use rhoai-ide-konflux key diff --git a/jupyter/datascience/ubi9-python-3.12/Dockerfile.konflux.cpu b/jupyter/datascience/ubi9-python-3.12/Dockerfile.konflux.cpu index e10ba4d08..d13f563e4 100644 --- a/jupyter/datascience/ubi9-python-3.12/Dockerfile.konflux.cpu +++ b/jupyter/datascience/ubi9-python-3.12/Dockerfile.konflux.cpu @@ -3,9 +3,6 @@ ######################### ARG BASE_IMAGE -# External image alias for UBI repository configuration -FROM registry.access.redhat.com/ubi9/ubi AS ubi-repos - ###################################################### # mongocli-builder (build stage only, not published) # ###################################################### @@ -47,11 +44,6 @@ WORKDIR /opt/app-root/bin USER root ARG TARGETARCH -# Inject the official UBI 9 repository configuration into the AIPCC base image. -# The Quay-based AIPCC image is "repo-less" by default (https://gitlab.com/redhat/rhel-ai/core/base-images/app#repositories), so dnf cannot upgrade or install packages. -# By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. -COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo - ### BEGIN upgrade first to avoid fixable vulnerabilities RUN /bin/bash <<'EOF' # The devops activationkey is not powerful enough, use rhoai-ide-konflux key diff --git a/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.cpu b/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.cpu index 9f24e0d8d..e64656a9f 100644 --- a/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.cpu +++ b/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.cpu @@ -3,9 +3,6 @@ ######################### ARG BASE_IMAGE -# External image alias for UBI repository configuration -FROM registry.access.redhat.com/ubi9/ubi AS ubi-repos - ############################ # Stage 1: PDF Tool Build # ############################ @@ -36,11 +33,6 @@ WORKDIR /opt/app-root/bin # OS Packages needs to be installed as root USER 0 -# Inject the official UBI 9 repository configuration into the AIPCC base image. -# The Quay-based AIPCC image is "repo-less" by default (https://gitlab.com/redhat/rhel-ai/core/base-images/app#repositories), so dnf cannot upgrade or install packages. -# By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. -COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo - ### BEGIN upgrade first to avoid fixable vulnerabilities RUN /bin/bash <<'EOF' # The devops activationkey is not powerful enough, use rhoai-ide-konflux key diff --git a/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.cuda b/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.cuda index b4f540410..f7ec22f2c 100644 --- a/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.cuda +++ b/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.cuda @@ -5,9 +5,6 @@ ARG TARGETARCH ######################### ARG BASE_IMAGE -# External image alias for UBI repository configuration -FROM registry.access.redhat.com/ubi9/ubi AS ubi-repos - #################### # cuda-base # #################### @@ -18,11 +15,6 @@ WORKDIR /opt/app-root/bin # OS Packages needs to be installed as root USER 0 -# Inject the official UBI 9 repository configuration into the AIPCC base image. -# The Quay-based AIPCC image is "repo-less" by default (https://gitlab.com/redhat/rhel-ai/core/base-images/app#repositories), so dnf cannot upgrade or install packages. -# By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. -COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo - ### BEGIN upgrade first to avoid fixable vulnerabilities RUN /bin/bash <<'EOF' # The devops activationkey is not powerful enough, use rhoai-ide-konflux key diff --git a/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.rocm b/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.rocm index b48074656..b7393cf38 100644 --- a/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.rocm +++ b/jupyter/minimal/ubi9-python-3.12/Dockerfile.konflux.rocm @@ -3,9 +3,6 @@ ######################### ARG BASE_IMAGE -# External image alias for UBI repository configuration -FROM registry.access.redhat.com/ubi9/ubi AS ubi-repos - #################### # rocm-base # #################### @@ -16,11 +13,6 @@ WORKDIR /opt/app-root/bin # OS Packages needs to be installed as root USER 0 -# Inject the official UBI 9 repository configuration into the AIPCC base image. -# The Quay-based AIPCC image is "repo-less" by default (https://gitlab.com/redhat/rhel-ai/core/base-images/app#repositories), so dnf cannot upgrade or install packages. -# By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. -COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo - ### BEGIN upgrade first to avoid fixable vulnerabilities RUN /bin/bash <<'EOF' # The devops activationkey is not powerful enough, use rhoai-ide-konflux key diff --git a/jupyter/pytorch+llmcompressor/ubi9-python-3.12/Dockerfile.konflux.cuda b/jupyter/pytorch+llmcompressor/ubi9-python-3.12/Dockerfile.konflux.cuda index 88a55e12e..1d35c5307 100644 --- a/jupyter/pytorch+llmcompressor/ubi9-python-3.12/Dockerfile.konflux.cuda +++ b/jupyter/pytorch+llmcompressor/ubi9-python-3.12/Dockerfile.konflux.cuda @@ -5,9 +5,6 @@ ARG TARGETARCH ######################### ARG BASE_IMAGE -# External image alias for UBI repository configuration -FROM registry.access.redhat.com/ubi9/ubi AS ubi-repos - ###################################################### # mongocli-builder (build stage only, not published) # ###################################################### @@ -34,11 +31,6 @@ WORKDIR /opt/app-root/bin # OS Packages needs to be installed as root USER 0 -# Inject the official UBI 9 repository configuration into the AIPCC base image. -# The Quay-based AIPCC image is "repo-less" by default (https://gitlab.com/redhat/rhel-ai/core/base-images/app#repositories), so dnf cannot upgrade or install packages. -# By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. -COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo - ### BEGIN upgrade first to avoid fixable vulnerabilities RUN /bin/bash <<'EOF' # The devops activationkey is not powerful enough, use rhoai-ide-konflux key diff --git a/jupyter/pytorch/ubi9-python-3.12/Dockerfile.konflux.cuda b/jupyter/pytorch/ubi9-python-3.12/Dockerfile.konflux.cuda index 88f03be74..cd5f50bf8 100644 --- a/jupyter/pytorch/ubi9-python-3.12/Dockerfile.konflux.cuda +++ b/jupyter/pytorch/ubi9-python-3.12/Dockerfile.konflux.cuda @@ -5,9 +5,6 @@ ARG TARGETARCH ######################### ARG BASE_IMAGE -# External image alias for UBI repository configuration -FROM registry.access.redhat.com/ubi9/ubi AS ubi-repos - ###################################################### # mongocli-builder (build stage only, not published) # ###################################################### @@ -34,11 +31,6 @@ WORKDIR /opt/app-root/bin # OS Packages needs to be installed as root USER 0 -# Inject the official UBI 9 repository configuration into the AIPCC base image. -# The Quay-based AIPCC image is "repo-less" by default (https://gitlab.com/redhat/rhel-ai/core/base-images/app#repositories), so dnf cannot upgrade or install packages. -# By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. -COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo - ### BEGIN upgrade first to avoid fixable vulnerabilities RUN /bin/bash <<'EOF' # The devops activationkey is not powerful enough, use rhoai-ide-konflux key diff --git a/jupyter/rocm/pytorch/ubi9-python-3.12/Dockerfile.konflux.rocm b/jupyter/rocm/pytorch/ubi9-python-3.12/Dockerfile.konflux.rocm index 4780417e6..f17c81691 100644 --- a/jupyter/rocm/pytorch/ubi9-python-3.12/Dockerfile.konflux.rocm +++ b/jupyter/rocm/pytorch/ubi9-python-3.12/Dockerfile.konflux.rocm @@ -3,9 +3,6 @@ ######################### ARG BASE_IMAGE -# External image alias for UBI repository configuration -FROM registry.access.redhat.com/ubi9/ubi AS ubi-repos - ###################################################### # mongocli-builder (build stage only, not published) # ###################################################### @@ -32,11 +29,6 @@ WORKDIR /opt/app-root/bin # OS Packages needs to be installed as root USER 0 -# Inject the official UBI 9 repository configuration into the AIPCC base image. -# The Quay-based AIPCC image is "repo-less" by default (https://gitlab.com/redhat/rhel-ai/core/base-images/app#repositories), so dnf cannot upgrade or install packages. -# By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. -COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo - ### BEGIN upgrade first to avoid fixable vulnerabilities RUN /bin/bash <<'EOF' # The devops activationkey is not powerful enough, use rhoai-ide-konflux key diff --git a/jupyter/rocm/tensorflow/ubi9-python-3.12/Dockerfile.konflux.rocm b/jupyter/rocm/tensorflow/ubi9-python-3.12/Dockerfile.konflux.rocm index 67a95c2b2..d1f99e716 100644 --- a/jupyter/rocm/tensorflow/ubi9-python-3.12/Dockerfile.konflux.rocm +++ b/jupyter/rocm/tensorflow/ubi9-python-3.12/Dockerfile.konflux.rocm @@ -3,9 +3,6 @@ ######################### ARG BASE_IMAGE -# External image alias for UBI repository configuration -FROM registry.access.redhat.com/ubi9/ubi AS ubi-repos - ###################################################### # mongocli-builder (build stage only, not published) # ###################################################### @@ -32,11 +29,6 @@ WORKDIR /opt/app-root/bin # OS Packages needs to be installed as root USER 0 -# Inject the official UBI 9 repository configuration into the AIPCC base image. -# The Quay-based AIPCC image is "repo-less" by default (https://gitlab.com/redhat/rhel-ai/core/base-images/app#repositories), so dnf cannot upgrade or install packages. -# By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. -COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo - ### BEGIN upgrade first to avoid fixable vulnerabilities RUN /bin/bash <<'EOF' # The devops activationkey is not powerful enough, use rhoai-ide-konflux key diff --git a/jupyter/tensorflow/ubi9-python-3.12/Dockerfile.konflux.cuda b/jupyter/tensorflow/ubi9-python-3.12/Dockerfile.konflux.cuda index 0ca2303bf..28d7a7ff1 100644 --- a/jupyter/tensorflow/ubi9-python-3.12/Dockerfile.konflux.cuda +++ b/jupyter/tensorflow/ubi9-python-3.12/Dockerfile.konflux.cuda @@ -5,9 +5,6 @@ ARG TARGETARCH ######################### ARG BASE_IMAGE -# External image alias for UBI repository configuration -FROM registry.access.redhat.com/ubi9/ubi AS ubi-repos - ###################################################### # mongocli-builder (build stage only, not published) # ###################################################### @@ -34,11 +31,6 @@ WORKDIR /opt/app-root/bin # OS Packages needs to be installed as root USER 0 -# Inject the official UBI 9 repository configuration into the AIPCC base image. -# The Quay-based AIPCC image is "repo-less" by default (https://gitlab.com/redhat/rhel-ai/core/base-images/app#repositories), so dnf cannot upgrade or install packages. -# By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. -COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo - ### BEGIN upgrade first to avoid fixable vulnerabilities RUN /bin/bash <<'EOF' # The devops activationkey is not powerful enough, use rhoai-ide-konflux key diff --git a/jupyter/trustyai/ubi9-python-3.12/Dockerfile.konflux.cpu b/jupyter/trustyai/ubi9-python-3.12/Dockerfile.konflux.cpu index 495fe1a9c..3e949706c 100644 --- a/jupyter/trustyai/ubi9-python-3.12/Dockerfile.konflux.cpu +++ b/jupyter/trustyai/ubi9-python-3.12/Dockerfile.konflux.cpu @@ -3,9 +3,6 @@ ######################### ARG BASE_IMAGE -# External image alias for UBI repository configuration -FROM registry.access.redhat.com/ubi9/ubi AS ubi-repos - ###################################################### # mongocli-builder (build stage only, not published) # ###################################################### @@ -77,11 +74,6 @@ WORKDIR /opt/app-root/bin # OS Packages needs to be installed as root USER root -# Inject the official UBI 9 repository configuration into the AIPCC base image. -# The Quay-based AIPCC image is "repo-less" by default (https://gitlab.com/redhat/rhel-ai/core/base-images/app#repositories), so dnf cannot upgrade or install packages. -# By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. -COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo - ### BEGIN upgrade first to avoid fixable vulnerabilities RUN /bin/bash <<'EOF' # The devops activationkey is not powerful enough, use rhoai-ide-konflux key @@ -156,7 +148,6 @@ WORKDIR /opt/app-root/src ENTRYPOINT ["start-notebook.sh"] - ######################## # jupyter-datascience # ######################## diff --git a/runtimes/datascience/ubi9-python-3.12/Dockerfile.konflux.cpu b/runtimes/datascience/ubi9-python-3.12/Dockerfile.konflux.cpu index fdfc833bc..97b2f85a9 100644 --- a/runtimes/datascience/ubi9-python-3.12/Dockerfile.konflux.cpu +++ b/runtimes/datascience/ubi9-python-3.12/Dockerfile.konflux.cpu @@ -3,9 +3,6 @@ ######################### ARG BASE_IMAGE -# External image alias for UBI repository configuration -FROM registry.access.redhat.com/ubi9/ubi AS ubi-repos - #################### # cpu-base # #################### @@ -22,11 +19,6 @@ WORKDIR /opt/app-root/bin # OS Packages needs to be installed as root USER 0 -# Inject the official UBI 9 repository configuration into the AIPCC base image. -# The Quay-based AIPCC image is "repo-less" by default (https://gitlab.com/redhat/rhel-ai/core/base-images/app#repositories), so dnf cannot upgrade or install packages. -# By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. -COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo - ARG TARGETARCH ### BEGIN upgrade first to avoid fixable vulnerabilities diff --git a/runtimes/minimal/ubi9-python-3.12/Dockerfile.konflux.cpu b/runtimes/minimal/ubi9-python-3.12/Dockerfile.konflux.cpu index 2a83d14d3..eef6af54e 100644 --- a/runtimes/minimal/ubi9-python-3.12/Dockerfile.konflux.cpu +++ b/runtimes/minimal/ubi9-python-3.12/Dockerfile.konflux.cpu @@ -3,9 +3,6 @@ ######################### ARG BASE_IMAGE -# External image alias for UBI repository configuration -FROM registry.access.redhat.com/ubi9/ubi AS ubi-repos - #################### # cpu-base # #################### @@ -20,11 +17,6 @@ WORKDIR /opt/app-root/bin # OS Packages needs to be installed as root USER 0 -# Inject the official UBI 9 repository configuration into the AIPCC base image. -# The Quay-based AIPCC image is "repo-less" by default (https://gitlab.com/redhat/rhel-ai/core/base-images/app#repositories), so dnf cannot upgrade or install packages. -# By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. -COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo - ### BEGIN upgrade first to avoid fixable vulnerabilities RUN /bin/bash <<'EOF' # The devops activationkey is not powerful enough, use rhoai-ide-konflux key diff --git a/runtimes/pytorch+llmcompressor/ubi9-python-3.12/Dockerfile.konflux.cuda b/runtimes/pytorch+llmcompressor/ubi9-python-3.12/Dockerfile.konflux.cuda index 0c1930e02..bc6659259 100644 --- a/runtimes/pytorch+llmcompressor/ubi9-python-3.12/Dockerfile.konflux.cuda +++ b/runtimes/pytorch+llmcompressor/ubi9-python-3.12/Dockerfile.konflux.cuda @@ -5,9 +5,6 @@ ARG TARGETARCH ######################### ARG BASE_IMAGE -# External image alias for UBI repository configuration -FROM registry.access.redhat.com/ubi9/ubi AS ubi-repos - #################### # cuda-base # #################### @@ -18,11 +15,6 @@ WORKDIR /opt/app-root/bin # OS Packages needs to be installed as root USER 0 -# Inject the official UBI 9 repository configuration into the AIPCC base image. -# The Quay-based AIPCC image is "repo-less" by default (https://gitlab.com/redhat/rhel-ai/core/base-images/app#repositories), so dnf cannot upgrade or install packages. -# By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. -COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo - ### BEGIN upgrade first to avoid fixable vulnerabilities RUN /bin/bash <<'EOF' # The devops activationkey is not powerful enough, use rhoai-ide-konflux key diff --git a/runtimes/pytorch/ubi9-python-3.12/Dockerfile.konflux.cuda b/runtimes/pytorch/ubi9-python-3.12/Dockerfile.konflux.cuda index 887021930..0d0e0242f 100644 --- a/runtimes/pytorch/ubi9-python-3.12/Dockerfile.konflux.cuda +++ b/runtimes/pytorch/ubi9-python-3.12/Dockerfile.konflux.cuda @@ -5,9 +5,6 @@ ARG TARGETARCH ######################### ARG BASE_IMAGE -# External image alias for UBI repository configuration -FROM registry.access.redhat.com/ubi9/ubi AS ubi-repos - #################### # cuda-base # #################### @@ -18,11 +15,6 @@ WORKDIR /opt/app-root/bin # OS Packages needs to be installed as root USER 0 -# Inject the official UBI 9 repository configuration into the AIPCC base image. -# The Quay-based AIPCC image is "repo-less" by default (https://gitlab.com/redhat/rhel-ai/core/base-images/app#repositories), so dnf cannot upgrade or install packages. -# By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. -COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo - ### BEGIN upgrade first to avoid fixable vulnerabilities RUN /bin/bash <<'EOF' # The devops activationkey is not powerful enough, use rhoai-ide-konflux key diff --git a/runtimes/rocm-pytorch/ubi9-python-3.12/Dockerfile.konflux.rocm b/runtimes/rocm-pytorch/ubi9-python-3.12/Dockerfile.konflux.rocm index 60ae19834..6948d6cfc 100644 --- a/runtimes/rocm-pytorch/ubi9-python-3.12/Dockerfile.konflux.rocm +++ b/runtimes/rocm-pytorch/ubi9-python-3.12/Dockerfile.konflux.rocm @@ -3,9 +3,6 @@ ######################### ARG BASE_IMAGE -# External image alias for UBI repository configuration -FROM registry.access.redhat.com/ubi9/ubi AS ubi-repos - #################### # rocm-base # #################### @@ -16,11 +13,6 @@ WORKDIR /opt/app-root/bin # OS Packages needs to be installed as root USER 0 -# Inject the official UBI 9 repository configuration into the AIPCC base image. -# The Quay-based AIPCC image is "repo-less" by default (https://gitlab.com/redhat/rhel-ai/core/base-images/app#repositories), so dnf cannot upgrade or install packages. -# By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. -COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo - ### BEGIN upgrade first to avoid fixable vulnerabilities RUN /bin/bash <<'EOF' # The devops activationkey is not powerful enough, use rhoai-ide-konflux key diff --git a/runtimes/rocm-tensorflow/ubi9-python-3.12/Dockerfile.konflux.rocm b/runtimes/rocm-tensorflow/ubi9-python-3.12/Dockerfile.konflux.rocm index 5a98fc1b7..c4a533566 100644 --- a/runtimes/rocm-tensorflow/ubi9-python-3.12/Dockerfile.konflux.rocm +++ b/runtimes/rocm-tensorflow/ubi9-python-3.12/Dockerfile.konflux.rocm @@ -3,9 +3,6 @@ ######################### ARG BASE_IMAGE -# External image alias for UBI repository configuration -FROM registry.access.redhat.com/ubi9/ubi AS ubi-repos - #################### # rocm-base # #################### @@ -16,11 +13,6 @@ WORKDIR /opt/app-root/bin # OS Packages needs to be installed as root USER 0 -# Inject the official UBI 9 repository configuration into the AIPCC base image. -# The Quay-based AIPCC image is "repo-less" by default (https://gitlab.com/redhat/rhel-ai/core/base-images/app#repositories), so dnf cannot upgrade or install packages. -# By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. -COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo - ### BEGIN upgrade first to avoid fixable vulnerabilities RUN /bin/bash <<'EOF' # The devops activationkey is not powerful enough, use rhoai-ide-konflux key diff --git a/runtimes/tensorflow/ubi9-python-3.12/Dockerfile.konflux.cuda b/runtimes/tensorflow/ubi9-python-3.12/Dockerfile.konflux.cuda index 93ba2e01b..78f4eb6fa 100644 --- a/runtimes/tensorflow/ubi9-python-3.12/Dockerfile.konflux.cuda +++ b/runtimes/tensorflow/ubi9-python-3.12/Dockerfile.konflux.cuda @@ -5,9 +5,6 @@ ARG TARGETARCH ######################### ARG BASE_IMAGE -# External image alias for UBI repository configuration -FROM registry.access.redhat.com/ubi9/ubi AS ubi-repos - #################### # cuda-base # #################### @@ -20,11 +17,6 @@ WORKDIR /opt/app-root/bin # OS Packages needs to be installed as root USER 0 -# Inject the official UBI 9 repository configuration into the AIPCC base image. -# The Quay-based AIPCC image is "repo-less" by default (https://gitlab.com/redhat/rhel-ai/core/base-images/app#repositories), so dnf cannot upgrade or install packages. -# By copying ubi.repo from the public UBI 9 image, we enable package management for upgrades and installations. -COPY --from=ubi-repos /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo - ### BEGIN upgrade first to avoid fixable vulnerabilities RUN /bin/bash <<'EOF' # The devops activationkey is not powerful enough, use rhoai-ide-konflux key From df95c7f65930ea3c873ae45405df1ade7a5b3377 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jiri=20Dan=C4=9Bk?= Date: Mon, 1 Dec 2025 14:03:54 +0100 Subject: [PATCH 2/5] RHAIENG-948: add subscription since ubi9 repos are now unavailable --- .../ubi9-python-3.12/Dockerfile.konflux.cpu | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/codeserver/ubi9-python-3.12/Dockerfile.konflux.cpu b/codeserver/ubi9-python-3.12/Dockerfile.konflux.cpu index 1ded61066..6109b9f5f 100644 --- a/codeserver/ubi9-python-3.12/Dockerfile.konflux.cpu +++ b/codeserver/ubi9-python-3.12/Dockerfile.konflux.cpu @@ -23,6 +23,21 @@ ARG CODESERVER_VERSION=v4.104.0 COPY ${CODESERVER_SOURCE_CODE}/get_code_server_rpm.sh . +### BEGIN Subscribe with subscription manager +RUN /bin/bash <<'EOF' +# The devops activationkey is not powerful enough, use rhoai-ide-konflux key +# https://redhat-internal.slack.com/archives/C07SBP17R7Z/p1764077596143619?thread_ts=1761667034.429529&cid=C07SBP17R7Z +subscription-manager register --org 18631088 --activationkey thisisunsafe + +# If we have a Red Hat subscription prepared, refresh it +set -Eeuxo pipefail +if command -v subscription-manager &> /dev/null; then + subscription-manager identity &>/dev/null && subscription-manager refresh || echo "No identity, skipping refresh." +fi +EOF + +### END Subscribe with subscription manager + # create dummy file to ensure this stage is awaited before installing rpm RUN ./get_code_server_rpm.sh && touch /tmp/control From a734379a34adfc9e76cc6d209864f7c310ab9e88 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jiri=20Dan=C4=9Bk?= Date: Mon, 1 Dec 2025 15:34:52 +0100 Subject: [PATCH 3/5] RHAIENG-2189: build(datascience): add missing -devel libraries for s390x (already added for ppc64le before) ``` The headers or library files could not be found for zlib, a required dependency when compiling Pillow from source. Please see the install instructions at: https://pillow.readthedocs.io/en/latest/installation/basic-installation.html ``` --- jupyter/datascience/ubi9-python-3.12/Dockerfile.cpu | 2 +- jupyter/datascience/ubi9-python-3.12/Dockerfile.konflux.cpu | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/jupyter/datascience/ubi9-python-3.12/Dockerfile.cpu b/jupyter/datascience/ubi9-python-3.12/Dockerfile.cpu index b743b145d..95b9f8c94 100644 --- a/jupyter/datascience/ubi9-python-3.12/Dockerfile.cpu +++ b/jupyter/datascience/ubi9-python-3.12/Dockerfile.cpu @@ -378,7 +378,7 @@ EOF RUN --mount=type=cache,target=/var/cache/dnf,sharing=locked,id=notebooks-dnf /bin/bash <<'EOF' set -Eeuxo pipefail -if [ "${TARGETARCH}" = "ppc64le" ]; then +if [ "${TARGETARCH}" = "ppc64le" ] || [ "$TARGETARCH" = "s390x" ]; then packages=( # required to compile pillow zlib-devel libjpeg-turbo-devel diff --git a/jupyter/datascience/ubi9-python-3.12/Dockerfile.konflux.cpu b/jupyter/datascience/ubi9-python-3.12/Dockerfile.konflux.cpu index d13f563e4..c4c7d0be0 100644 --- a/jupyter/datascience/ubi9-python-3.12/Dockerfile.konflux.cpu +++ b/jupyter/datascience/ubi9-python-3.12/Dockerfile.konflux.cpu @@ -382,7 +382,7 @@ EOF RUN /bin/bash <<'EOF' set -Eeuxo pipefail -if [ "${TARGETARCH}" = "ppc64le" ]; then +if [ "${TARGETARCH}" = "ppc64le" ] || [ "$TARGETARCH" = "s390x" ]; then packages=( # required to compile pillow zlib-devel libjpeg-turbo-devel From 7895d5c0c850474281f263e7b9a482d19154f588 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jiri=20Dan=C4=9Bk?= Date: Mon, 1 Dec 2025 21:30:53 +0100 Subject: [PATCH 4/5] RHAIENG-2189: build(codeserver): add back pypi index MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ``` + uv pip install /wheelsdir/pillow-11.3.0-cp312-cp312-manylinux_2_34_ppc64le.whl /wheelsdir/pyarrow-17.0.0-cp312-cp312-linux_ppc64le.whl Using Python 3.12.9 environment at: /opt/app-root × No solution found when resolving dependencies: ╰─▶ Because only numpy==2.3.4 is available and numpy==2.3.4 has no wheels with a matching platform tag (e.g., `manylinux_2_34_ppc64le`), we can conclude that numpy==2.3.4 cannot be used. And because pyarrow==17.0.0 depends on numpy==2.3.4, we can conclude that pyarrow==17.0.0 cannot be used. And because only pyarrow==17.0.0 is available and you require pyarrow, we can conclude that your requirements are unsatisfiable. hint: Wheels are available for `numpy` (v2.3.4) on the following platforms: `linux_aarch64`, `linux_x86_64` subprocess exited with status 1 ``` --- codeserver/ubi9-python-3.12/Dockerfile.cpu | 4 ++++ codeserver/ubi9-python-3.12/Dockerfile.konflux.cpu | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/codeserver/ubi9-python-3.12/Dockerfile.cpu b/codeserver/ubi9-python-3.12/Dockerfile.cpu index 3af1da047..4159eaa1a 100644 --- a/codeserver/ubi9-python-3.12/Dockerfile.cpu +++ b/codeserver/ubi9-python-3.12/Dockerfile.cpu @@ -72,6 +72,10 @@ FROM ${BASE_IMAGE} AS cpu-base WORKDIR /opt/app-root/bin +# RHAIENG-2189: this is AIPCC migration phase 1.5 +ENV PIP_EXTRA_INDEX_URL=https://pypi.org/simple +ENV UV_EXTRA_INDEX_URL=https://pypi.org/simple + # OS Packages needs to be installed as root USER 0 diff --git a/codeserver/ubi9-python-3.12/Dockerfile.konflux.cpu b/codeserver/ubi9-python-3.12/Dockerfile.konflux.cpu index 6109b9f5f..b2011b673 100644 --- a/codeserver/ubi9-python-3.12/Dockerfile.konflux.cpu +++ b/codeserver/ubi9-python-3.12/Dockerfile.konflux.cpu @@ -82,6 +82,10 @@ FROM ${BASE_IMAGE} AS cpu-base WORKDIR /opt/app-root/bin +# RHAIENG-2189: this is AIPCC migration phase 1.5 +ENV PIP_EXTRA_INDEX_URL=https://pypi.org/simple +ENV UV_EXTRA_INDEX_URL=https://pypi.org/simple + # OS Packages needs to be installed as root USER 0 From e5ee8cb910db3dff17f9d99efd3a5d1aa523c036 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jiri=20Dan=C4=9Bk?= Date: Mon, 1 Dec 2025 23:32:54 +0100 Subject: [PATCH 5/5] RHAIENG-2189: build(codeserver): and remove the --offline flag, since it causes build failure on ppc64le MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ``` + uv pip install --offline --cache-dir /root/.cache/uv --requirements=./pylock.toml warning: The `--pylock` option is experimental and may change without warning. Pass `--preview-features pylock` to disable this warning. Using Python 3.12.9 environment at: /opt/app-root × Failed to download `setuptools==80.9.0` ╰─▶ Network connectivity is disabled, but the requested data wasn't found in the cache for: `https://files.pythonhosted.org/packages/a3/dc/17031897dae0efacfea57dfd3a82fdd2a2aeb58e0ff71b77b87e44edc772/setuptools-80.9.0-py3-none-any.whl` subprocess exited with status 1 ``` --- codeserver/ubi9-python-3.12/Dockerfile.cpu | 4 ++-- codeserver/ubi9-python-3.12/Dockerfile.konflux.cpu | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/codeserver/ubi9-python-3.12/Dockerfile.cpu b/codeserver/ubi9-python-3.12/Dockerfile.cpu index 4159eaa1a..02a58f10c 100644 --- a/codeserver/ubi9-python-3.12/Dockerfile.cpu +++ b/codeserver/ubi9-python-3.12/Dockerfile.cpu @@ -304,8 +304,8 @@ RUN --mount=type=cache,target=/root/.cache/uv /bin/bash <<'EOF' set -Eeuxo pipefail echo "Installing softwares and packages" # we can ensure wheels are consumed from the cache only by restricting internet access for uv install with '--offline' flag -UV_NO_CACHE=false UV_LINK_MODE=copy uv pip install --offline --cache-dir /root/.cache/uv --requirements=./pylock.toml -# Note: debugpy wheel availabe on pypi (in uv cache) is none-any but bundles amd64.so files +UV_NO_CACHE=false UV_LINK_MODE=copy uv pip install --cache-dir /root/.cache/uv --requirements=./pylock.toml +# Note: debugpy wheel available on pypi (in uv cache) is none-any but bundles amd64.so files # Build debugpy from source instead UV_LINK_MODE=copy uv pip install --no-cache git+https://github.com/microsoft/debugpy.git@v$(grep -A1 '\"debugpy\"' ./pylock.toml | grep -Eo '\b[0-9\.]+\b') # change ownership to default user (all packages were installed as root and has root:root ownership diff --git a/codeserver/ubi9-python-3.12/Dockerfile.konflux.cpu b/codeserver/ubi9-python-3.12/Dockerfile.konflux.cpu index b2011b673..ef2479d78 100644 --- a/codeserver/ubi9-python-3.12/Dockerfile.konflux.cpu +++ b/codeserver/ubi9-python-3.12/Dockerfile.konflux.cpu @@ -317,8 +317,8 @@ RUN --mount=type=cache,target=/root/.cache/uv /bin/bash <<'EOF' set -Eeuxo pipefail echo "Installing softwares and packages" # we can ensure wheels are consumed from the cache only by restricting internet access for uv install with '--offline' flag -UV_NO_CACHE=false UV_LINK_MODE=copy uv pip install --offline --cache-dir /root/.cache/uv --requirements=./pylock.toml -# Note: debugpy wheel availabe on pypi (in uv cache) is none-any but bundles amd64.so files +UV_NO_CACHE=false UV_LINK_MODE=copy uv pip install --cache-dir /root/.cache/uv --requirements=./pylock.toml +# Note: debugpy wheel available on pypi (in uv cache) is none-any but bundles amd64.so files # Build debugpy from source instead UV_LINK_MODE=copy uv pip install --no-cache git+https://github.com/microsoft/debugpy.git@v$(grep -A1 '\"debugpy\"' ./pylock.toml | grep -Eo '\b[0-9\.]+\b') # change ownership to default user (all packages were installed as root and has root:root ownership