oracle-devrel
diff --git a/‎holoscan/CONTRIBUTING.md
Lines changed: 55 additions & 0 deletions b/‎holoscan/CONTRIBUTING.md
Lines changed: 55 additions & 0 deletions
diff --git a/‎holoscan/LICENSE.txt
Lines changed: 35 additions & 0 deletions b/‎holoscan/LICENSE.txt
Lines changed: 35 additions & 0 deletions
diff --git a/‎holoscan/README.md
Lines changed: 93 additions & 0 deletions b/‎holoscan/README.md
Lines changed: 93 additions & 0 deletions
diff --git a/‎holoscan/SECURITY.md
Lines changed: 38 additions & 0 deletions b/‎holoscan/SECURITY.md
Lines changed: 38 additions & 0 deletions
diff --git a/‎holoscan/cloud_init.tf
Lines changed: 19 additions & 0 deletions b/‎holoscan/cloud_init.tf
Lines changed: 19 additions & 0 deletions
diff --git a/‎holoscan/cloudinit.sh
Lines changed: 140 additions & 0 deletions b/‎holoscan/cloudinit.sh
Lines changed: 140 additions & 0 deletions
@@ -0,0 +1,55 @@
+# Contributing to this repository
+
+We welcome your contributions! There are multiple ways to contribute.
+
+## Opening issues
+
+For bugs or enhancement requests, please file a GitHub issue unless it's
+security related. When filing a bug remember that the better written the bug is,
+the more likely it is to be fixed. If you think you've found a security
+vulnerability, do not raise a GitHub issue and follow the instructions in our
+[security policy](./SECURITY.md).
+
+## Contributing code
+
+We welcome your code contributions. Before submitting code via a pull request,
+you will need to have signed the [Oracle Contributor Agreement][OCA] (OCA) and
+your commits need to include the following line using the name and e-mail
+address you used to sign the OCA:
+
+```text
+Signed-off-by: Your Name <[email protected]>
+```
+
+This can be automatically added to pull requests by committing with `--sign-off`
+or `-s`, e.g.
+
+```text
+git commit --signoff
+```
+
+Only pull requests from committers that can be verified as having signed the OCA
+can be accepted.
+
+## Pull request process
+
+1. Ensure there is an issue created to track and discuss the fix or enhancement
+   you intend to submit.
+1. Fork this repository.
+1. Create a branch in your fork to implement the changes. We recommend using
+   the issue number as part of your branch name, e.g. `1234-fixes`.
+1. Ensure that any documentation is updated with the changes that are required
+   by your change.
+1. Ensure that any samples are updated if the base image has been changed.
+1. Submit the pull request. *Do not leave the pull request blank*. Explain exactly
+   what your changes are meant to do and provide simple steps on how to validate.
+   your changes. Ensure that you reference the issue you created as well.
+1. We will assign the pull request to 2-3 people for review before it is merged.
+
+## Code of conduct
+
+Follow the [Golden Rule](https://en.wikipedia.org/wiki/Golden_Rule). If you'd
+like more specific guidelines, see the [Contributor Covenant Code of Conduct][COC].
+
+[OCA]: https://oca.opensource.oracle.com
+[COC]: https://www.contributor-covenant.org/version/1/4/code-of-conduct/
@@ -0,0 +1,35 @@
+Copyright (c) 2025 Oracle and/or its affiliates.
+
+The Universal Permissive License (UPL), Version 1.0
+
+Subject to the condition set forth below, permission is hereby granted to any
+person obtaining a copy of this software, associated documentation and/or data
+(collectively the "Software"), free of charge and under any and all copyright
+rights in the Software, and any and all patent rights owned or freely
+licensable by each licensor hereunder covering either (i) the unmodified
+Software as contributed to or provided by such licensor, or (ii) the Larger
+Works (as defined below), to deal in both
+
+(a) the Software, and
+(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if
+one is included with the Software (each a "Larger Work" to which the Software
+is contributed by such licensors),
+
+without restriction, including without limitation the rights to copy, create
+derivative works of, display, perform, and distribute the Software and make,
+use, sell, offer for sale, import, export, have made, and have sold the
+Software and the Larger Work(s), and to sublicense the foregoing rights on
+either these or other terms.
+
+This license is subject to the following condition:
+The above copyright notice and either this complete permission notice or at
+a minimum a reference to the UPL must be included in all copies or
+substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
@@ -0,0 +1,93 @@
+# Deploy NVIDIA Holoscan on Oracle Linux A10 Instance
+
+## Introduction
+This Oracle Cloud Infrastructure (OCI) Terraform stack deploys an A10 (VM.GPU.A10.1) instance running Oracle Linux, installs NVIDIA Holoscan, and configures all required dependencies, including Docker and the NVIDIA container toolkit. The deployment occurs within an existing Virtual Cloud Network (VCN) and allows SSH access to the deployed VM for administration and troubleshooting. Additionally, a Jupyter Notebook service is set up to facilitate Holoscan usage.
+
+## Getting Started
+This code is created to run as a stack in the OCI Resource Manager(ORM). Upload the code as a folder or .zip file to the ORM to create a stack and configure the required parameters.
+
+### Prerequisites
+Before deploying, ensure you have the following:
+
+1. **OCI Account**: A valid Oracle Cloud Infrastructure (OCI) account with access to GPU instances.
+2. **NVIDIA NGC API Key**: Required to pull the Holoscan container image from NVIDIA's NGC Catalog. You can generate an API key by following the instructions in NVIDIA's documentation: [Generate Your NGC Keys](https://docs.nvidia.com/nemo/retriever/extraction/ngc-api-key/).
+3. **SSH Key Pair**: A public SSH key for accessing the deployed instance.
+4. **Existing VCN and Public Subnet**: The deployment requires an existing VCN and a public subnet in OCI.
+
+### Required Inputs
+
+The following variables are visible and need to be configured in the deployment UI of the OCI ORM:
+
+| Parameter               | Description                                                           |
+| ----------------------- | --------------------------------------------------------------------- |
+| **Compartment OCID**    | OCI Compartment where the GPU VM will be deployed.                    |
+| **VCN ID**              | ID of the Virtual Cloud Network where resources will be provisioned.  |
+| **Subnet ID**           | The public subnet within the VCN for deployment.                      |
+| **VM Display Name**     | Custom display name for the VM instance.                              |
+| **SSH Public Key**      | Your public SSH key for remote access.                                |
+| **Availability Domain** | The availability domain where the instance will be deployed.          |
+| **NVIDIA API Key**      | Required to authenticate with NVIDIA NGC and pull the Holoscan image. |
+
+## Notes/Issues
+
+### Deployment Time
+- The apply job itself will complete in a few minutes in the ORM, meaning the VM will be successfully created. The output will include both a public IP and a private IP. Nevertheless the depoyment is not complete at that time, because a *cloudinit.sh* script will run after that on the VM. Running the *cloudinit.sh* script **takes approximately 10 minutes**, as it includes pulling the Holoscan container image and setting up the environment. During this time, the **Jupyter Notebook link will not be immediately available**.
+
+- To **monitor the progress** of the *cloudinit.sh* script, SSH into the VM and run:
+    ```
+    tail -f /var/log/cloud-init-output.log
+    ```
+
+### CloudInit Script Automation
+
+The *cloudinit.sh* script does the following:
+
+1. **Install required packages** (Docker, NVIDIA container toolkit, and Python dependencies).
+
+2. **Configure Docker** to use NVIDIA's runtime.
+
+3. **Authenticate to NVIDIA NGC** and pull the Holoscan container.
+
+4. **Run the Holoscan container** with GPU support, mounting required volumes.
+
+5. **Start a Jupyter Notebook service**, accessible on port **8888**, to facilitate interactive exploration of Holoscan.
+
+6. **Configure firewall rules** to allow access to Jupyter Notebook.
+
+## Jupyter Notebooks Folder
+
+**Note:** The Jupyter notebooks folder is initially empty.
+
+After the *cloudinit.sh* script completes, you can access the Jupyter Notebook by navigating to:
+`http://<public_ip>:8888`
+
+Once inside, browse to the `holoscan_jupyter_notebooks` directory to create and manage your notebooks.
+
+For example notebooks and detailed guidance, refer to the official NVIDIA Holoscan documentation:
+[Holoscan by Example](https://docs.nvidia.com/holoscan/sdk-user-guide/holoscan_by_example.html)
+
+## URLs
+[NVIDIA Holoscan](https://developer.nvidia.com/holoscan-sdk)
+[Holoscan by Example](https://docs.nvidia.com/holoscan/sdk-user-guide/holoscan_by_example.html)
+
+
+## Contributing
+<!-- If your project has specific contribution requirements, update the
+    CONTRIBUTING.md file to ensure those requirements are clearly explained. -->
+
+This project welcomes contributions from the community. Before submitting a pull
+request, please [review our contribution guide](./CONTRIBUTING.md).
+
+## Security
+
+Please consult the [security guide](./SECURITY.md) for our responsible security
+vulnerability disclosure process.
+
+## License
+Copyright (c) 2024 Oracle and/or its affiliates.
+
+Licensed under the Universal Permissive License (UPL), Version 1.0.
+
+See [LICENSE](LICENSE.txt) for more details.
+
+ORACLE AND ITS AFFILIATES DO NOT PROVIDE ANY WARRANTY WHATSOEVER, EXPRESS OR IMPLIED, FOR ANY SOFTWARE, MATERIAL OR CONTENT OF ANY KIND CONTAINED OR PRODUCED WITHIN THIS REPOSITORY, AND IN PARTICULAR SPECIFICALLY DISCLAIM ANY AND ALL IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE.  FURTHERMORE, ORACLE AND ITS AFFILIATES DO NOT REPRESENT THAT ANY CUSTOMARY SECURITY REVIEW HAS BEEN PERFORMED WITH RESPECT TO ANY SOFTWARE, MATERIAL OR CONTENT CONTAINED OR PRODUCED WITHIN THIS REPOSITORY. IN ADDITION, AND WITHOUT LIMITING THE FOREGOING, THIRD PARTIES MAY HAVE POSTED SOFTWARE, MATERIAL OR CONTENT TO THIS REPOSITORY WITHOUT ANY REVIEW. USE AT YOUR OWN RISK.
@@ -0,0 +1,38 @@
+# Reporting security vulnerabilities
+
+Oracle values the independent security research community and believes that
+responsible disclosure of security vulnerabilities helps us ensure the security
+and privacy of all our users.
+
+Please do NOT raise a GitHub Issue to report a security vulnerability. If you
+believe you have found a security vulnerability, please submit a report to
+[[email protected]][1] preferably with a proof of concept. Please review
+some additional information on [how to report security vulnerabilities to Oracle][2].
+We encourage people who contact Oracle Security to use email encryption using
+[our encryption key][3].
+
+We ask that you do not use other channels or contact the project maintainers
+directly.
+
+Non-vulnerability related security issues including ideas for new or improved
+security features are welcome on GitHub Issues.
+
+## Security updates, alerts and bulletins
+
+Security updates will be released on a regular cadence. Many of our projects
+will typically release security fixes in conjunction with the
+Oracle Critical Patch Update program. Additional
+information, including past advisories, is available on our [security alerts][4]
+page.
+
+## Security-related information
+
+We will provide security related information such as a threat model, considerations
+for secure use, or any known security issues in our documentation. Please note
+that labs and sample code are intended to demonstrate a concept and may not be
+sufficiently hardened for production use.
+
+[1]: mailto:[email protected]
+[2]: https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html
+[3]: https://www.oracle.com/security-alerts/encryptionkey.html
+[4]: https://www.oracle.com/security-alerts/
@@ -0,0 +1,19 @@
+resource local_file cloudinit {
+  content = templatefile("${path.module}/cloudinit.sh",
+    { 
+      PUB_KEY       = var.ssh_public_key,
+      nvidia_api_key = var.nvidia_api_key,
+  })
+  filename        = "${path.module}/cloudinit.sh"
+}
+
+data "cloudinit_config" "config" {
+	depends_on = [local_file.cloudinit]  
+    gzip          = false
+    base64_encode = true
+    part {
+        filename     = "cloudinit.sh"
+        content_type = "text/x-shellscript"
+        content      = file("${path.module}/cloudinit.sh")
+    }
+}
@@ -0,0 +1,140 @@
+#!/bin/bash
+
+# Function to broadcast and log messages
+broadcast() {
+  echo "$1"
+}
+
+log() {
+  echo "$1" >> /var/log/script.log
+}
+
+# Main script execution starts here
+echo "Running cloudinit.sh script"
+
+# Add public key to OPC user
+echo "Adding public key to OPC authorized_keys"
+sudo -u opc sh -c "echo ${PUB_KEY} >> /home/opc/.ssh/authorized_keys"
+
+# Install essential packages including git
+echo "Installing necessary packages..."
+dnf install -y dnf-utils zip unzip gcc git
+dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
+dnf remove -y runc
+
+# Install Docker
+echo "Installing Docker..."
+dnf install -y docker-ce --nobest
+systemctl enable docker.service
+
+# Get API key from Terraform variable
+api_key="${nvidia_api_key}"
+
+# Install NVIDIA container toolkit for Docker
+broadcast "Installing NVIDIA container toolkit for Docker..."
+log "Installing NVIDIA container toolkit for Docker..."
+distribution=$(. /etc/os-release; echo $ID$VERSION_ID)
+curl -s -L https://nvidia.github.io/libnvidia-container/$distribution/nvidia-container-toolkit.repo | sudo tee /etc/yum.repos.d/nvidia-container-toolkit.repo >/dev/null
+sudo yum install -y nvidia-container-toolkit >/dev/null
+sudo systemctl restart docker
+broadcast "NVIDIA container toolkit installed successfully."
+log "NVIDIA container toolkit installed successfully."
+
+# Generate CDI configuration for Docker
+broadcast "Configuring CDI for Docker..."
+log "Configuring CDI for Docker..."
+sudo nvidia-ctk cdi generate --output=/etc/cdi/nvidia.yaml >/dev/null
+broadcast "CDI configured successfully for Docker."
+log "CDI configured successfully for Docker."
+
+# Setup NVIDIA driver persistence across reboots
+broadcast "Enabling NVIDIA persistence daemon..."
+log "Enabling NVIDIA persistence daemon..."
+nvidia-persistenced
+sudo systemctl enable nvidia-persistenced
+broadcast "NVIDIA persistence daemon enabled."
+log "NVIDIA persistence daemon enabled."
+
+# Configure Docker to use NVIDIA runtime
+broadcast "Configuring Docker to use NVIDIA runtime..."
+log "Configuring Docker to use NVIDIA runtime..."
+sudo tee /etc/docker/daemon.json > /dev/null <<EOF
+{
+    "runtimes": {
+        "nvidia": {
+            "path": "nvidia-container-runtime",
+            "runtimeArgs": []
+        }
+    }
+}
+EOF
+sudo systemctl restart docker
+broadcast "Docker configured to use NVIDIA runtime."
+log "Docker configured to use NVIDIA runtime."
+
+# Start Docker and add OPC user to Docker group
+echo "Starting Docker service..."
+systemctl start docker.service
+usermod -aG docker opc
+
+# Install Python packages
+echo "Installing Python packages..."
+python3 -m pip install --upgrade pip wheel oci
+python3 -m pip install --upgrade setuptools
+python3 -m pip install oci-cli langchain six
+
+# Grow filesystem
+echo "Expanding filesystem..."
+/usr/libexec/oci-growfs -y
+
+# Optional firewall configuration
+# broadcast "Configuring firewall..."
+# log "Configuring firewall..."
+# sudo firewall-cmd --zone=public --add-port=8888/tcp --permanent
+# sudo firewall-cmd --reload
+# broadcast "Firewall configuration complete."
+# log "Firewall configuration complete."
+
+# Holoscan installation
+broadcast "Logging in to nvcr.io..."
+log "Logging in to nvcr.io..."
+echo $api_key | docker login nvcr.io --username '$oauthtoken' --password-stdin >/dev/null
+broadcast "Logged in to nvcr.io successfully."
+log "Logged in to nvcr.io successfully."
+
+broadcast "Pulling Holoscan image from nvcr.io..."
+log "Pulling Holoscan image from nvcr.io..."
+docker pull nvcr.io/nvidia/clara-holoscan/holoscan:v2.4.0-dgpu >/dev/null
+broadcast "Holoscan image pulled successfully."
+log "Holoscan image pulled successfully."
+
+broadcast "Starting Holoscan Jupyter container..."
+log "Starting Holoscan Jupyter container..."
+
+docker run -d \
+  --gpus all \
+  --net host \
+  --ipc=host \
+  --cap-add=CAP_SYS_PTRACE \
+  --ulimit memlock=-1 \
+  --ulimit stack=67108864 \
+  -v /home/user/holoscan_examples:/examples \
+  -v /var/run/docker.sock:/var/run/docker.sock \
+  --name holoscan_jupyter \
+  nvcr.io/nvidia/clara-holoscan/holoscan:v2.4.0-dgpu /bin/bash -c \
+  "apt-get update && apt-get install -y python3-pip git && \
+  pip3 install jupyter && \
+  mkdir -p /workspace/holoscan_jupyter_notebooks && \
+  jupyter notebook --ip=0.0.0.0 --port=8888 --allow-root --no-browser --NotebookApp.token='' --NotebookApp.password='' --notebook-dir=/workspace"
+
+broadcast "Holoscan Jupyter container started successfully."
+log "Holoscan Jupyter container started successfully."
+
+# Stop and configure firewall
+echo "Configuring firewall..."
+systemctl stop firewalld
+firewall-offline-cmd --zone=public --add-port=8888/tcp
+systemctl start firewalld
+
+broadcast "Cloudinit.sh script completed."
+log "Cloudinit.sh script completed."