Updating DMOD Install Process and Docs

.gitignore

@@ -27,6 +27,8 @@ request_handler/*.tar.gz
 requestservice/macbook_ssl/
 docker/main/schedulerservice/scheduler.log
 
+data/scheduler_service/
+
 docker/main/base/Dockerfile.bkup
 custom_up_stack.sh-orig
 docker-build-custom.yml-orig
@@ -46,6 +48,7 @@ docker/main/nwm/run.sh
 docker/main/nwm/run_model.sh-work
 docker/main/nwm/run_test.sh
 docker/main/nwm/testfile
+docker/main/ngen/ssh/
 /docker/secrets/*
 
 redis_test/

data/example_image_and_domain.yaml

@@ -0,0 +1,31 @@
+nwm:
+  version:
+    2: '127.0.0.1:5000/nwm:2.0'
+    latest: '127.0.0.1:5000/nwm:latest'
+    reservoir: '127.0.0.1:5000/nwm-conus-reservoir'
+  domains:
+    croton_NY:
+      local: './domains/example_case/NWM'
+      run: '/nwm/domains'
+    SixMileXCreek:
+      local: './domains/SixMileCreek'
+      run: './domains/SixMileCreek'
+    test-domain:
+      local: './domains'
+      run: './domains'
+  output:
+    local: 'docker_host_volumes/output'
+    run: '/nwm/output'
+
+ngen:
+  version:
+    1: '127.0.0.1:5000/ngen:latest'
+  domains:
+      local: './domains/ngen/data/'
+    example-domain-A:
+      run: '/ngen/data'
+
+  output:
+    local: 'docker_host_volumes/output'
+    run: '/ngen/output'
+

doc/DEPENDENCIES.md

@@ -7,25 +7,28 @@ The DMOD project has two related sets of dependencies:
 
 ## Usage Dependencies
 
-| Dependency              | Constraints         |                                                                  Notes                                                                   |
-|-------------------------|:--------------------|:----------------------------------------------------------------------------------------------------------------------------------------:|
-| Docker Engine           | \>=20.10.16         |                      Docker Swarm support required (i.e., alternatives without this, like Podman, are insufficient)                      |
-| Docker Compose          | \>=2.0.x            |               [See issue #133](https://github.com/NOAA-OWP/DMOD/issues/133); _deployx_ plugin now required as noted below                |
+| Dependency              | Constraints         |                                                                  Notes                                                                 |
+|-------------------------|:--------------------|:--------------------------------------------------------------------------------------------------------------------------------------:|
+| Docker Engine           | \>=20.10.16         |                      Docker Swarm support required (i.e., alternatives without this, like Podman, are insufficient)                    |
+| Docker Compose          | \>=2.0.x            |               [See issue #133](https://github.com/NOAA-OWP/DMOD/issues/133); _deployx_ plugin now required as noted below              |
 | _deployx_ Docker plugin | \>=0.0.1            | Available [here](https://github.com/aaraney/deployx).  Results in some transitive dependencies not explicitly enumerated here (e.g., Go) |
-| Bash                    | \>=3.2.57           |                                                                                                                                          |
-| OpenSSL / LibreSSL      | \>=3.0.0 / \>=2.8.3 |                                                                                                                                          |
+| Bash                    | \>=3.2.57           |                                                                                                                                        |
+| OpenSSL / LibreSSL      | \>=3.0.0 / \>=2.8.3 |                                                                                                                                        |
+| MinIO CLI client        |  |                                                                                                                                        |
 
 ## Development Dependencies
-| Dependency                                | Constraints                                 |                       Notes                        |
-|-------------------------------------------|:--------------------------------------------|:--------------------------------------------------:|
-| [Usage Dependencies](#usage-dependencies) | Same as above                               |                                                    |
-| Python                                    | \>=3.8.x                                    |                                                    |
-| Python Packages                           | See [requirements.txt](../requirements.txt) | Recommend installing in Python virtual environment |
+| Dependency                                | Constraints                                 |                                 Notes                                  |
+|-------------------------------------------|:--------------------------------------------|:----------------------------------------------------------------------:|
+| [Usage Dependencies](#usage-dependencies) | Same as above                               |                                                                        |
+| Python                                    | \>=3.8.x                                    |                                                                        |
+| Python Pip                                | Analogous to installed Python version       |                                                                      |
+| Python Development Headers/Libs           | Analogous to installed Python version       | Required for building certain Python dependency wheels; e.g., *pandas*                                                                       |
+| C++ Compiler                              |        | Required for building certain Python dependency wheels; e.g., *pandas* |
+| Python Packages                           | See [requirements.txt](../requirements.txt) |           Recommend installing in Python virtual environment           |
 
 ## Dependency Caveats
-The strictness of these dependencies can vary in different situations, in a way that is hard to define concisely.  E.g., one could probably avoid installing Bash by manually performing all the tasks handled by Bash scripts [^1].  Also, OpenSSL is not needed (locally) if all required SSL certificates can be provided from elsewhere.
-
-As a general rule, however, it is highly recommended these be regarded as strict dependencies unless a user fully understands where and why any exception applies.
+The strictness of these dependencies can vary in different situations, in a way that is hard to define concisely.  E.g., one could probably avoid installing Bash by manually performing all the tasks handled by Bash scripts [^1].  Also, OpenSSL is not needed (locally) if all required SSL certificates can be provided from elsewhere.  And somewhat related:  multi-node deployments probably don't need ***all*** dependencies on the non-primary node(s).
 
+As a general rule, however, it is highly recommended to begin by installing all documented dependencies, until a user understands where and why any exception applies.  
 
 [^1]: Or, even better, by writing other automation tools, which could then be contributed :-)

docker/main/docker-deploy.yml

@@ -25,7 +25,7 @@ services:
     environment:
       - LISTEN_PORT=${DOCKER_SCHEDULER_CONTAINER_PORT:-3013}
       - SERVICE_PACKAGE_NAME=${PYTHON_PACKAGE_NAME_SCHEDULER_SERVICE:?}
-      - SERVICE_SSL_DIR=${DOCKER_SCHEDULER_CONTAINER_SERVICE_SSL_DIR:-/ssl/scheduler}
+      - SERVICE_SSL_DIR=/ssl/scheduler-service
       - DOCKER_SECRET_REDIS_PASS=myredis_pass
       - REDIS_HOST=${DOCKER_REDIS_SERVICE_ALIAS:-myredis}
       # Way to configure 1 extra mount for workers via env, as '<DMOD_JOB_WORKER_HOST_MOUNT>:/dmod/datasets/from_env:rw'
@@ -82,19 +82,19 @@ services:
       - DOCKER_SECRET_REDIS_PASS=myredis_pass
       - LISTEN_PORT=${DOCKER_REQUESTS_CONTAINER_PORT:-3012}
       - SERVICE_PACKAGE_NAME=${PYTHON_PACKAGE_NAME_REQUEST_SERVICE:?}
-      - SERVICE_SSL_DIR=${DOCKER_REQUESTS_CONTAINER_SERVICE_SSL_DIR:-/ssl/requestservice}
-      - SCHEDULER_ENDPOINT_HOST=${DOCKER_REQUESTS_SCHEDULER_ENDPOINT_HOST:?}
+      - SERVICE_SSL_DIR=/ssl/request-service
+      - SCHEDULER_ENDPOINT_HOST=${DOCKER_REQUESTS_SCHEDULER_ENDPOINT_HOST:-scheduler-service}
       - SCHEDULER_ENDPOINT_PORT=${DOCKER_SCHEDULER_PORT:-3013}
-      - SCHEDULER_CLIENT_SSL_DIR=${DOCKER_REQUESTS_CONTAINER_CLIENT_SSL_DIR:-/ssl/scheduler}
+      - SCHEDULER_CLIENT_SSL_DIR=/ssl/scheduler-service
       - DATA_SERVICE_ENDPOINT_HOST=${DOCKER_REQUESTS_DATASERVICE_ENDPOINT_HOST:-data-service}
       - DATA_SERVICE_ENDPOINT_PORT=${DOCKER_DATASERVICE_CONTAINER_PORT:-3015}
-      - DATA_SERVICE_CLIENT_SSL_DIR=${DOCKER_REQUESTS_CONTAINER_DATASERVICE_CLIENT_SSL_DIR:-/ssl/dataservice}
+      - DATA_SERVICE_CLIENT_SSL_DIR=/ssl/data-service
       - EVALUATION_SERVICE_ENDPOINT_HOST=${DOCKER_REQUESTS_EVALUATIONSERVICE_ENDPOINT_HOST:-evaluation-service}
       - EVALUATION_SERVICE_ENDPOINT_PORT=${DOCKER_EVALUATIONSERVICE_CONTAINER_PORT:-3015}
-      - EVALUATION_SERVICE_CLIENT_SSL_DIR=${DOCKER_REQUESTS_CONTAINER_EVALUATIONSERVICE_CLIENT_SSL_DIR:-/ssl/evaluationservice}
+      - EVALUATION_SERVICE_CLIENT_SSL_DIR=/ssl/evaluation-service
       - PARTITIONER_SERVICE_ENDPOINT_HOST=${DOCKER_REQUESTS_PARTITIONERSERVICE_ENDPOINT_HOST:-partitioner-service}
       - PARTITIONER_SERVICE_ENDPOINT_PORT=${DOCKER_PARTITIONER_SERVICE_CONTAINER_PORT:-3014}
-      - PARTITIONER_SERVICE_CLIENT_SSL_DIR=${DOCKER_REQUESTS_CONTAINER_PARTITIONERSERVICE_CLIENT_SSL_DIR:-/ssl/partitionerservice}
+      - PARTITIONER_SERVICE_CLIENT_SSL_DIR=/ssl/partitioner-service
       - PYCHARM_REMOTE_DEBUG_ACTIVE=${PYCHARM_REMOTE_DEBUG_REQUEST_SERVICE_ACTIVE:-false}
       - PYCHARM_REMOTE_DEBUG_SERVER_HOST=${PYCHARM_REMOTE_DEBUG_SERVER_HOST:-host.docker.internal}
       - PYCHARM_REMOTE_DEBUG_SERVER_PORT=${PYCHARM_REMOTE_DEBUG_SERVER_PORT_REQUEST_SERVICE:-55870}
@@ -111,35 +111,37 @@ services:
       #- updated_packages:${UPDATED_PACKAGES_CONTAINER_DIR:?Check if updated packages directory should be used}
     #depends_on:
     #  - myredis
-  subset-service:
-    image: ${DOCKER_INTERNAL_REGISTRY:?Missing DOCKER_INTERNAL_REGISTRY value (see 'Private Docker Registry ' section in example.env)}/subset-service
-    networks:
-      - main-internal-net
-    ports:
-      - ${DOCKER_SUBSET_API_PORT:-5001}:${DOCKER_SUBSET_CONTAINER_PORT:-5001}
-    volumes:
-      - ${HYDROFABRIC_DATA_DIR:?Please set HYDROFABRIC_DATA_DIR for Docker environment in .env config file}:/hydrofabric_data
-      # This typically needs to be commented out; intended for development use (see related 'environment' config above)
-      #- updated_packages:${UPDATED_PACKAGES_CONTAINER_DIR:?Check if updated packages directory should be used}
-    deploy:
-      placement:
-        constraints:
-          - ${DOCKER_SCHEDULER_DEPLOY_CONSTRAINT_1:-node.role==manager}
-          - ${DOCKER_SCHEDULER_DEPLOY_CONSTRAINT_2:-node.id!=notrealid_tautology_by_default}
-    secrets:
-      - myredis_pass
-    environment:
-      - LISTEN_PORT=${DOCKER_SUBSET_CONTAINER_PORT:-5000}
-      - SERVICE_PACKAGE_NAME=${PYTHON_PACKAGE_NAME_SUBSET_SERVICE:?}
-      - FILES_DIRECTORY=/hydrofabric_data
-      - PYCHARM_REMOTE_DEBUG_ACTIVE=${PYCHARM_REMOTE_DEBUG_SUBSET_SERVICE_ACTIVE:-false}
-      - PYCHARM_REMOTE_DEBUG_SERVER_HOST=${PYCHARM_REMOTE_DEBUG_SERVER_HOST:-host.docker.internal}
-      - PYCHARM_REMOTE_DEBUG_SERVER_PORT=${PYCHARM_REMOTE_DEBUG_SERVER_PORT_SUBSET_SERVICE:-55874}
-      # This typically needs to be commented out; intended for development use (see related 'volume' config below)
-      #- UPDATED_PACKAGES_DIR=${UPDATED_PACKAGES_CONTAINER_DIR:?Updated packages directory not set, make sure this should be active}
-    command: ["--files-directory", "/hydrofabric_data",
-              "--port", "${DOCKER_SUBSET_CONTAINER_PORT:-5000}",
-              "--crosswalk-file", "${HYRDOFABRIC_CROSSWALK_FILE_BASENAME:-crosswalk.json}"]
+# TODO: service not especially useful with hard-coded hydrofabric bind mount and only single hydrofabric support
+# TODO: create issue for re-activating after support added for using multiple (DMOD-dataset-based) hydrofabrics
+#  subset-service:
+#    image: ${DOCKER_INTERNAL_REGISTRY:?Missing DOCKER_INTERNAL_REGISTRY value (see 'Private Docker Registry ' section in example.env)}/subset-service
+#    networks:
+#      - main-internal-net
+#    ports:
+#      - ${DOCKER_SUBSET_API_PORT:-5001}:${DOCKER_SUBSET_CONTAINER_PORT:-5001}
+#    volumes:
+#      - ${HYDROFABRIC_DATA_DIR:?Please set HYDROFABRIC_DATA_DIR for Docker environment in .env config file}:/hydrofabric_data
+#      # This typically needs to be commented out; intended for development use (see related 'environment' config above)
+#      #- updated_packages:${UPDATED_PACKAGES_CONTAINER_DIR:?Check if updated packages directory should be used}
+#    deploy:
+#      placement:
+#        constraints:
+#          - ${DOCKER_SCHEDULER_DEPLOY_CONSTRAINT_1:-node.role==manager}
+#          - ${DOCKER_SCHEDULER_DEPLOY_CONSTRAINT_2:-node.id!=notrealid_tautology_by_default}
+#    secrets:
+#      - myredis_pass
+#    environment:
+#      - LISTEN_PORT=${DOCKER_SUBSET_CONTAINER_PORT:-5000}
+#      - SERVICE_PACKAGE_NAME=${PYTHON_PACKAGE_NAME_SUBSET_SERVICE:?}
+#      - FILES_DIRECTORY=/hydrofabric_data
+#      - PYCHARM_REMOTE_DEBUG_ACTIVE=${PYCHARM_REMOTE_DEBUG_SUBSET_SERVICE_ACTIVE:-false}
+#      - PYCHARM_REMOTE_DEBUG_SERVER_HOST=${PYCHARM_REMOTE_DEBUG_SERVER_HOST:-host.docker.internal}
+#      - PYCHARM_REMOTE_DEBUG_SERVER_PORT=${PYCHARM_REMOTE_DEBUG_SERVER_PORT_SUBSET_SERVICE:-55874}
+#      # This typically needs to be commented out; intended for development use (see related 'volume' config below)
+#      #- UPDATED_PACKAGES_DIR=${UPDATED_PACKAGES_CONTAINER_DIR:?Updated packages directory not set, make sure this should be active}
+#    command: ["--files-directory", "/hydrofabric_data",
+#              "--port", "${DOCKER_SUBSET_CONTAINER_PORT:-5000}",
+#              "--crosswalk-file", "${HYRDOFABRIC_CROSSWALK_FILE_BASENAME:-crosswalk.json}"]
   data-service:
     image: ${DOCKER_INTERNAL_REGISTRY:?}/dmod-data-service
     hostname: data-service
@@ -158,7 +160,7 @@ services:
     environment:
       - SERVICE_PACKAGE_NAME=${PYTHON_PACKAGE_NAME_DATA_SERVICE:-dmod.dataservice}
       - LISTEN_PORT=${DOCKER_DATASERVICE_CONTAINER_PORT:-3015}
-      - SERVICE_SSL_DIR=${DOCKER_DATASERVICE_CONTAINER_SERVICE_SSL_DIR:-/ssl/dataservice}
+      - SERVICE_SSL_DIR=/ssl/data-service
       - USER_SECRET_NAME=object_store_exec_user_name
       - PASSWD_SECRET_NAME=object_store_exec_user_passwd
       - OBJECT_STORE_HOST=${DMOD_DATA_SERVICE_OBJ_STORE_HOST:-minio-proxy}

docker/main/ngen/Dockerfile

@@ -443,7 +443,7 @@ COPY --chown=${USER} --from=rocky_init_troute_repo ${WORKDIR}/t-route ${WORKDIR}
 RUN cd ${WORKDIR}/t-route \
     && mkdir wheels \
     && pip3 install -r ./requirements.txt \
-    && pip3 install wheel deprecated dask pyarrow geopandas \
+    && pip3 install wheel deprecated dask pyarrow geopandas Cython==3.0.3 \
     && export FC=gfortran \
     && cd ${WORKDIR}/t-route \
     && ./compiler.sh \

docker/nwm_gui/docker-compose.yml

@@ -3,7 +3,7 @@ version: "3.7"
 services:
   # Define a container belonging exclusively to the web server
   web_server:
-    image: nginx:1.21
+    image: nginx:1.25.3
     networks:
       - request-listener-net
     # Only restart if a failure occurs
@@ -61,7 +61,7 @@ services:
       - DOCKER_SECRET_POSTGRES_PASS=postgres_password
     volumes:
       - ${DMOD_APP_STATIC:?}:/usr/maas_portal/static
-      - ${DMOD_SSL_DIR}/requestservice:/usr/maas_portal/ssl
+      - ${DMOD_SSL_DIR}/request-service:/usr/maas_portal/ssl
       #- ${DOCKER_GUI_HOST_VENV_DIR:-/tmp/blah}:${DOCKER_GUI_CONTAINER_VENV_DIR:-/tmp/blah}
     # Expose Django's port to the internal network so that the web server may access it
     expose: