Debug in your containers with IDEs

Visual Studio Code remote development on a container instance

Step A - Setup your daily SSH keys

A-1. You must create your daily SSH key to connect to CSCS systems and add them to your SSH agent.

Setup you daily SSH Keys

me@laptop:~$ git clone https://github.com/eth-cscs/sshservice-cli.git
...
me@laptop:~$ cd sshservice-cli
me@laptop:~/sshservice-cli$ bash cscs-keygen.sh
Username : myuser
Password: 
Enter OTP (6-digit code): 
...

me@laptop:~/sshservice-cli$ ssh-add -t 1d ~/.ssh/cscs-key
Enter passphrase for /home/me/.ssh/cscs-key: 
Identity added: /home/me/.ssh/cscs-key (www-data@2469cb91e9d0)
Lifetime set to 86400 seconds
Certificate added: /home/me/.ssh/cscs-key-cert.pub (myuser)
Lifetime set to 86400 seconds

me@laptop:~/sshservice-cli$ ssh-add -L
ssh-ed25519 ... www-data@...
ssh-ed25519-cert-v01@openssh.com ... www-data@...

A-2. You must generate also your public key from the private one.

Generate your public key

me@laptop:~$ ssh-keygen -y -f ~/.ssh/cscs-key > ~/.ssh/cscs-key.pub
Enter passphrase:

me@laptop:~/sshservice-cli$ ls -a ~/.ssh
.  ..  cscs-key  cscs-key-cert.pub cscs-key.pub

A-3. You must copy your public key on the remote system to be consumed by the container configuration

Copy SSH public key on the remote system

me@laptop:~$ scp -J myuser@ela.cscs.ch ~/.ssh/cscs-key.pub myuser@clariden.cscs.ch:~/.ssh/

Step B - Setup your remote environment

B-1. Create the data structure for VSCode in advance on the remote system in order to prevent downloading VSCode binaries multiple times.

Create remote folders

[clariden][myuser@clariden-ln001 ~]$ mkdir -p ~/.vscode-server
[clariden][myuser@clariden-ln001 ~]$ touch ~/.wget-hsts

B-2. Configure an EDF file for your container environment

Please pay particular attention to image URI format.

URI formats

[clariden][myuser@clariden-ln001 ~]$ enroot import
Usage: enroot import [options] [--] URI

Import a container image from a specific location.

 Schemes:
   docker://[USER@][REGISTRY#]IMAGE[:TAG]  Import a Docker image from a registry
   dockerd://IMAGE[:TAG]                   Import a Docker image from the Docker daemon
   podman://IMAGE[:TAG]                    Import a Docker image from a local podman repository
...

mounts:
- /iopsstor/scratch/cscs/myuser : to preserve scratch output
- /users/myuser/.vscode-server : to preserve VSCode binaries
- /users/myuser/.wget-hsts : to preserve VSCode download history
- /users/myuser/.bash_history : to preserve bash history
writable: It is required to be able to use the hook.

i.e.

EDF example

[clariden][myuser@clariden-ln001 ~]$ cat ~/.edf/vscode-pytorch.toml
image = "nvcr.io#nvidia/pytorch:24.01-py3"
writable = true
mounts = ["/iopsstor/scratch/cscs/myuser:/iopsstor/scratch/cscs/myuser",
	  "/users/myuser/.vscode-server:/users/myuser/.vscode-server",
	  "/users/myuser/.wget-hsts:/users/myuser/.wget-hsts",
	  "/users/myuser/.bash_history:/users/myuser/.bash_history"]
workdir = "/iopsstor/scratch/cscs/myuser"

[annotations.com.hooks.ssh]
enabled = "true"
authorize_ssh_key = "/users/myuser/.ssh/cscs-key.pub"

B-3. Start a Container Engine (CE) job for your container instance on the remote system

Submit container job

[clariden][myuser@clariden-ln001 ~]$ srun -p nvgpu --environment=vscode-pytorch --pty bash
srun: job 73993 queued and waiting for resources
srun: job 73993 has been allocated resources
pyxis: importing docker image: nvcr.io#nvidia/pytorch:24.01-py3
pyxis: imported docker image: nvcr.io#nvidia/pytorch:24.01-py3 at /run/pyxis/XXXXX/73993.0.squashfs
myuser@nid00XXXX:/iopsstor/scratch/cscs/myuser$

B-4. (Temporary workaround) Update permissions of authorized_keys file

Update authorized_keys permissions

myuser@nid00XXXX:/iopsstor/scratch/cscs/myuser$ chmod g-w ~/.ssh/authorized_keys

Step C - Configure your SSH client to access the remote container instance

C-1. Configure your local SSH client to access the remote container instance

Configure ~/.ssh/config

me@laptop:~$ cat ~/.ssh/config
...
Host clariden.cscs.ch
  AddKeysToAgent yes
  ForwardAgent yes
  User myuser
  ProxyJump myuser@ela.cscs.ch

Host nid00XXXX.clariden.cscs.ch
  Hostname nid00XXXX
  AddKeysToAgent yes
  ForwardAgent yes
  User myuser
  ProxyJump myuser@ela.cscs.ch,myuser@clariden.cscs.ch

Host container.nid00XXXX.clariden.cscs.ch
  Hostname nid00XXXX
  AddKeysToAgent yes
  ForwardAgent yes
  ControlMaster no
  StrictHostKeyChecking no
  UserKnownHostsFile /dev/null
  User myuser
  Port 15263
  IdentityFile /home/me/.ssh/cscs-key 
  ProxyJump myuser@ela.cscs.ch,myuser@clariden.cscs.ch
...

C-2. Check that you can SSH into the container

Check SSH access to the container instance

me@laptop:~/.ssh$ ssh container.nid00XXXX.clariden.cscs.ch
Warning: Permanently added '[nid00XXXX]:15263' (ECDSA) to the list of known hosts.
myuser@nid00XXXX:~$ python --version
Python 3.10.12

Step D - Setup Visual Studio Code

D-1. Install VS Code IDE
D-2. Install "Remote Development" extension
D-3. Set "Remote.SSH: Remote Server Listen On Socket" as recommended at VScode gets killed page.
D-4. Follow instructions at https://code.visualstudio.com/docs/remote/ssh-tutorial to connect to container.nid00XXXX.clariden.cscs.ch

In principle this workflow should work with pytorch container from nvidia, other container images must anyway provide some basic requirements in order to work via Visual Studio Code remote development.
See Requirements at https://code.visualstudio.com/docs/remote/linux

Content

Space Tools

Visual Studio Code remote development on a container instance

Step A - Setup your daily SSH keys

Step B - Setup your remote environment

Step C - Configure your SSH client to access the remote container instance

Step D - Setup Visual Studio Code

Content

Space Tools

Breadcrumbs

Debug in your containers with IDEs

Visual Studio Code remote development on a container instance

Step A - Setup your daily SSH keys

Step B - Setup your remote environment

Step C - Configure your SSH client to access the remote container instance

Step D - Setup Visual Studio Code