[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"similar-ml-tooling--ml-workspace":3,"tool-ml-tooling--ml-workspace":61},[4,18,26,36,44,53],{"id":5,"name":6,"github_repo":7,"description_zh":8,"stars":9,"difficulty_score":10,"last_commit_at":11,"category_tags":12,"status":17},4358,"openclaw","openclaw\u002Fopenclaw","OpenClaw 是一款专为个人打造的本地化 AI 助手，旨在让你在自己的设备上拥有完全可控的智能伙伴。它打破了传统 AI 助手局限于特定网页或应用的束缚，能够直接接入你日常使用的各类通讯渠道，包括微信、WhatsApp、Telegram、Discord、iMessage 等数十种平台。无论你在哪个聊天软件中发送消息，OpenClaw 都能即时响应，甚至支持在 macOS、iOS 和 Android 设备上进行语音交互，并提供实时的画布渲染功能供你操控。\n\n这款工具主要解决了用户对数据隐私、响应速度以及“始终在线”体验的需求。通过将 AI 部署在本地，用户无需依赖云端服务即可享受快速、私密的智能辅助，真正实现了“你的数据，你做主”。其独特的技术亮点在于强大的网关架构，将控制平面与核心助手分离，确保跨平台通信的流畅性与扩展性。\n\nOpenClaw 非常适合希望构建个性化工作流的技术爱好者、开发者，以及注重隐私保护且不愿被单一生态绑定的普通用户。只要具备基础的终端操作能力（支持 macOS、Linux 及 Windows WSL2），即可通过简单的命令行引导完成部署。如果你渴望拥有一个懂你",349277,3,"2026-04-06T06:32:30",[13,14,15,16],"Agent","开发框架","图像","数据工具","ready",{"id":19,"name":20,"github_repo":21,"description_zh":22,"stars":23,"difficulty_score":10,"last_commit_at":24,"category_tags":25,"status":17},3808,"stable-diffusion-webui","AUTOMATIC1111\u002Fstable-diffusion-webui","stable-diffusion-webui 是一个基于 Gradio 构建的网页版操作界面，旨在让用户能够轻松地在本地运行和使用强大的 Stable Diffusion 图像生成模型。它解决了原始模型依赖命令行、操作门槛高且功能分散的痛点，将复杂的 AI 绘图流程整合进一个直观易用的图形化平台。\n\n无论是希望快速上手的普通创作者、需要精细控制画面细节的设计师，还是想要深入探索模型潜力的开发者与研究人员，都能从中获益。其核心亮点在于极高的功能丰富度：不仅支持文生图、图生图、局部重绘（Inpainting）和外绘（Outpainting）等基础模式，还独创了注意力机制调整、提示词矩阵、负向提示词以及“高清修复”等高级功能。此外，它内置了 GFPGAN 和 CodeFormer 等人脸修复工具，支持多种神经网络放大算法，并允许用户通过插件系统无限扩展能力。即使是显存有限的设备，stable-diffusion-webui 也提供了相应的优化选项，让高质量的 AI 艺术创作变得触手可及。",162132,"2026-04-05T11:01:52",[14,15,13],{"id":27,"name":28,"github_repo":29,"description_zh":30,"stars":31,"difficulty_score":32,"last_commit_at":33,"category_tags":34,"status":17},1381,"everything-claude-code","affaan-m\u002Feverything-claude-code","everything-claude-code 是一套专为 AI 编程助手（如 Claude Code、Codex、Cursor 等）打造的高性能优化系统。它不仅仅是一组配置文件，而是一个经过长期实战打磨的完整框架，旨在解决 AI 代理在实际开发中面临的效率低下、记忆丢失、安全隐患及缺乏持续学习能力等核心痛点。\n\n通过引入技能模块化、直觉增强、记忆持久化机制以及内置的安全扫描功能，everything-claude-code 能显著提升 AI 在复杂任务中的表现，帮助开发者构建更稳定、更智能的生产级 AI 代理。其独特的“研究优先”开发理念和针对 Token 消耗的优化策略，使得模型响应更快、成本更低，同时有效防御潜在的攻击向量。\n\n这套工具特别适合软件开发者、AI 研究人员以及希望深度定制 AI 工作流的技术团队使用。无论您是在构建大型代码库，还是需要 AI 协助进行安全审计与自动化测试，everything-claude-code 都能提供强大的底层支持。作为一个曾荣获 Anthropic 黑客大奖的开源项目，它融合了多语言支持与丰富的实战钩子（hooks），让 AI 真正成长为懂上",143909,2,"2026-04-07T11:33:18",[14,13,35],"语言模型",{"id":37,"name":38,"github_repo":39,"description_zh":40,"stars":41,"difficulty_score":32,"last_commit_at":42,"category_tags":43,"status":17},2271,"ComfyUI","Comfy-Org\u002FComfyUI","ComfyUI 是一款功能强大且高度模块化的视觉 AI 引擎，专为设计和执行复杂的 Stable Diffusion 图像生成流程而打造。它摒弃了传统的代码编写模式，采用直观的节点式流程图界面，让用户通过连接不同的功能模块即可构建个性化的生成管线。\n\n这一设计巧妙解决了高级 AI 绘图工作流配置复杂、灵活性不足的痛点。用户无需具备编程背景，也能自由组合模型、调整参数并实时预览效果，轻松实现从基础文生图到多步骤高清修复等各类复杂任务。ComfyUI 拥有极佳的兼容性，不仅支持 Windows、macOS 和 Linux 全平台，还广泛适配 NVIDIA、AMD、Intel 及苹果 Silicon 等多种硬件架构，并率先支持 SDXL、Flux、SD3 等前沿模型。\n\n无论是希望深入探索算法潜力的研究人员和开发者，还是追求极致创作自由度的设计师与资深 AI 绘画爱好者，ComfyUI 都能提供强大的支持。其独特的模块化架构允许社区不断扩展新功能，使其成为当前最灵活、生态最丰富的开源扩散模型工具之一，帮助用户将创意高效转化为现实。",107888,"2026-04-06T11:32:50",[14,15,13],{"id":45,"name":46,"github_repo":47,"description_zh":48,"stars":49,"difficulty_score":32,"last_commit_at":50,"category_tags":51,"status":17},4721,"markitdown","microsoft\u002Fmarkitdown","MarkItDown 是一款由微软 AutoGen 团队打造的轻量级 Python 工具，专为将各类文件高效转换为 Markdown 格式而设计。它支持 PDF、Word、Excel、PPT、图片（含 OCR）、音频（含语音转录）、HTML 乃至 YouTube 链接等多种格式的解析，能够精准提取文档中的标题、列表、表格和链接等关键结构信息。\n\n在人工智能应用日益普及的今天，大语言模型（LLM）虽擅长处理文本，却难以直接读取复杂的二进制办公文档。MarkItDown 恰好解决了这一痛点，它将非结构化或半结构化的文件转化为模型“原生理解”且 Token 效率极高的 Markdown 格式，成为连接本地文件与 AI 分析 pipeline 的理想桥梁。此外，它还提供了 MCP（模型上下文协议）服务器，可无缝集成到 Claude Desktop 等 LLM 应用中。\n\n这款工具特别适合开发者、数据科学家及 AI 研究人员使用，尤其是那些需要构建文档检索增强生成（RAG）系统、进行批量文本分析或希望让 AI 助手直接“阅读”本地文件的用户。虽然生成的内容也具备一定可读性，但其核心优势在于为机器",93400,"2026-04-06T19:52:38",[52,14],"插件",{"id":54,"name":55,"github_repo":56,"description_zh":57,"stars":58,"difficulty_score":10,"last_commit_at":59,"category_tags":60,"status":17},4487,"LLMs-from-scratch","rasbt\u002FLLMs-from-scratch","LLMs-from-scratch 是一个基于 PyTorch 的开源教育项目，旨在引导用户从零开始一步步构建一个类似 ChatGPT 的大型语言模型（LLM）。它不仅是同名技术著作的官方代码库，更提供了一套完整的实践方案，涵盖模型开发、预训练及微调的全过程。\n\n该项目主要解决了大模型领域“黑盒化”的学习痛点。许多开发者虽能调用现成模型，却难以深入理解其内部架构与训练机制。通过亲手编写每一行核心代码，用户能够透彻掌握 Transformer 架构、注意力机制等关键原理，从而真正理解大模型是如何“思考”的。此外，项目还包含了加载大型预训练权重进行微调的代码，帮助用户将理论知识延伸至实际应用。\n\nLLMs-from-scratch 特别适合希望深入底层原理的 AI 开发者、研究人员以及计算机专业的学生。对于不满足于仅使用 API，而是渴望探究模型构建细节的技术人员而言，这是极佳的学习资源。其独特的技术亮点在于“循序渐进”的教学设计：将复杂的系统工程拆解为清晰的步骤，配合详细的图表与示例，让构建一个虽小但功能完备的大模型变得触手可及。无论你是想夯实理论基础，还是为未来研发更大规模的模型做准备",90106,"2026-04-06T11:19:32",[35,15,13,14],{"id":62,"github_repo":63,"name":64,"description_en":65,"description_zh":66,"ai_summary_zh":67,"readme_en":68,"readme_zh":69,"quickstart_zh":70,"use_case_zh":71,"hero_image_url":72,"owner_login":73,"owner_name":74,"owner_avatar_url":75,"owner_bio":76,"owner_company":77,"owner_location":77,"owner_email":78,"owner_twitter":79,"owner_website":77,"owner_url":80,"languages":81,"stars":109,"forks":110,"last_commit_at":111,"license":112,"difficulty_score":32,"env_os":113,"env_gpu":114,"env_ram":115,"env_deps":116,"category_tags":127,"github_topics":131,"view_count":32,"oss_zip_url":77,"oss_zip_packed_at":77,"status":17,"created_at":152,"updated_at":153,"faqs":154,"releases":189},5019,"ml-tooling\u002Fml-workspace","ml-workspace","🛠 All-in-one web-based IDE specialized for machine learning and data science.","ml-workspace 是一款专为机器学习和数据科学打造的一站式网页版集成开发环境（IDE）。它旨在解决传统本地开发中环境配置繁琐、依赖库冲突以及跨设备协作困难等痛点，让用户无需花费数小时安装配置，即可在几分钟内启动一个功能完备的开发平台。\n\n这款工具非常适合机器学习工程师、数据科学家以及相关领域的研究人员使用。无论是需要快速验证算法原型的开发者，还是希望专注于模型训练而非运维的研究者，都能从中受益。ml-workspace 基于 Docker 部署，支持在 Mac、Linux 和 Windows 上轻松运行。\n\n其核心亮点在于“开箱即用”的丰富预装生态，内置了 TensorFlow、PyTorch、Keras、Sklearn 等主流深度学习框架，并完美集成了 JupyterLab、VS Code Web 版以及 Tensorboard 等开发监控工具。更独特的是，它不仅提供代码编辑功能，还通过浏览器提供完整的 Linux 桌面图形界面（GUI），支持无缝的 Git 版本控制、硬件资源实时监控，并允许用户通过单一端口从任何地方通过 Web、SSH 或 VNC 进行远程访问。这使得 m","ml-workspace 是一款专为机器学习和数据科学打造的一站式网页版集成开发环境（IDE）。它旨在解决传统本地开发中环境配置繁琐、依赖库冲突以及跨设备协作困难等痛点，让用户无需花费数小时安装配置，即可在几分钟内启动一个功能完备的开发平台。\n\n这款工具非常适合机器学习工程师、数据科学家以及相关领域的研究人员使用。无论是需要快速验证算法原型的开发者，还是希望专注于模型训练而非运维的研究者，都能从中受益。ml-workspace 基于 Docker 部署，支持在 Mac、Linux 和 Windows 上轻松运行。\n\n其核心亮点在于“开箱即用”的丰富预装生态，内置了 TensorFlow、PyTorch、Keras、Sklearn 等主流深度学习框架，并完美集成了 JupyterLab、VS Code Web 版以及 Tensorboard 等开发监控工具。更独特的是，它不仅提供代码编辑功能，还通过浏览器提供完整的 Linux 桌面图形界面（GUI），支持无缝的 Git 版本控制、硬件资源实时监控，并允许用户通过单一端口从任何地方通过 Web、SSH 或 VNC 进行远程访问。这使得 ml-workspace 成为构建高效、灵活且可远程协作的机器学习工作流的理想选择。","\u003Ch1 align=\"center\">\n    \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\" title=\"ML Workspace Home\">\n    \u003Cimg width=50% alt=\"\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_f32e7c154f14.png\"> \u003C\u002Fa>\n    \u003Cbr>\n\u003C\u002Fh1>\n\n\u003Cp align=\"center\">\n    \u003Cstrong>All-in-one web-based development environment for machine learning\u003C\u002Fstrong>\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n    \u003Ca href=\"https:\u002F\u002Fhub.docker.com\u002Fr\u002Fmltooling\u002Fml-workspace\" title=\"Docker Image Version\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fv\u002Fmltooling\u002Fml-workspace?color=blue&sort=semver\">\u003C\u002Fa>\n    \u003Ca href=\"https:\u002F\u002Fhub.docker.com\u002Fr\u002Fmltooling\u002Fml-workspace\" title=\"Docker Pulls\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fpulls\u002Fmltooling\u002Fml-workspace.svg?color=blue\">\u003C\u002Fa>\n    \u003Ca href=\"https:\u002F\u002Fhub.docker.com\u002Fr\u002Fmltooling\u002Fml-workspace\" title=\"Docker Image Size\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fimage-size\u002Fmltooling\u002Fml-workspace?color=blue&sort=semver\">\u003C\u002Fa>\n    \u003Ca href=\"https:\u002F\u002Fgitter.im\u002Fml-tooling\u002Fml-workspace\" title=\"Chat on Gitter\">\u003Cimg src=\"https:\u002F\u002Fbadges.gitter.im\u002Fml-tooling\u002Fml-workspace.svg\">\u003C\u002Fa>\n    \u003Ca href=\"https:\u002F\u002Fmltooling.substack.com\u002Fsubscribe\" title=\"Subscribe to newsletter\">\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_c2109c0b6cbf.png\">\u003C\u002Fa>\n    \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fmltooling\" title=\"Follow on Twitter\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Ftwitter\u002Ffollow\u002Fmltooling.svg?style=social&label=Follow\">\u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n  \u003Ca href=\"#getting-started\">Getting Started\u003C\u002Fa> •\n  \u003Ca href=\"#features\">Features & Screenshots\u003C\u002Fa> •\n  \u003Ca href=\"#support\">Support\u003C\u002Fa> •\n  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fissues\u002Fnew?labels=bug&template=01_bug-report.md\">Report a Bug\u003C\u002Fa> •\n  \u003Ca href=\"#faq\">FAQ\u003C\u002Fa> •\n  \u003Ca href=\"#known-issues\">Known Issues\u003C\u002Fa> •\n  \u003Ca href=\"#contribution\">Contribution\u003C\u002Fa>\n\u003C\u002Fp>\n\nThe ML workspace is an all-in-one web-based IDE specialized for machine learning and data science. It is simple to deploy and gets you started within minutes to productively built ML solutions on your own machines. This workspace is the ultimate tool for developers preloaded with a variety of popular data science libraries (e.g., Tensorflow, PyTorch, Keras, Sklearn) and dev tools (e.g., Jupyter, VS Code, Tensorboard) perfectly configured, optimized, and integrated.\n\n## Highlights\n\n- 💫  Jupyter, JupyterLab, and Visual Studio Code web-based IDEs.\n- 🗃  Pre-installed with many popular data science libraries & tools.\n- 🖥  Full Linux desktop GUI accessible via web browser.\n- 🔀  Seamless Git integration optimized for notebooks.\n- 📈  Integrated hardware & training monitoring via Tensorboard & Netdata.\n- 🚪  Access from anywhere via Web, SSH, or VNC under a single port.\n- 🎛  Usable as remote kernel (Jupyter) or remote machine (VS Code) via SSH.\n- 🐳  Easy to deploy on Mac, Linux, and Windows via Docker.\n\n\u003Cbr>\n\n## Getting Started\n\n\u003Cp>\n\u003Ca href=\"https:\u002F\u002Flabs.play-with-docker.com\u002F?stack=https:\u002F\u002Fraw.githubusercontent.com\u002Fml-tooling\u002Fml-workspace\u002Fmain\u002Fdeployment\u002Fplay-with-docker\u002Fdocker-compose.yml\" title=\"Docker Image Metadata\" target=\"_blank\">\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_084a46bc982a.png\" alt=\"Try in PWD\" width=\"100px\">\u003C\u002Fa>\n\u003C\u002Fp>\n\n### Prerequisites\n\nThe workspace requires **Docker** to be installed on your machine ([📖 Installation Guide](https:\u002F\u002Fdocs.docker.com\u002Finstall\u002F#supported-platforms)).\n\n### Start single instance\n\nDeploying a single workspace instance is as simple as:\n\n```bash\ndocker run -p 8080:8080 mltooling\u002Fml-workspace:0.13.2\n```\n\nVoilà, that was easy! Now, Docker will pull the latest workspace image to your machine. This may take a few minutes, depending on your internet speed. Once the workspace is started, you can access it via http:\u002F\u002Flocalhost:8080.\n\n> _If started on another machine or with a different port, make sure to use the machine's IP\u002FDNS and\u002For the exposed port._\n\nTo deploy a single instance for productive usage, we recommend to apply at least the following options:\n\n```bash\ndocker run -d \\\n    -p 8080:8080 \\\n    --name \"ml-workspace\" \\\n    -v \"${PWD}:\u002Fworkspace\" \\\n    --env AUTHENTICATE_VIA_JUPYTER=\"mytoken\" \\\n    --shm-size 512m \\\n    --restart always \\\n    mltooling\u002Fml-workspace:0.13.2\n```\n\nThis command runs the container in background (`-d`), mounts your current working directory into the `\u002Fworkspace` folder (`-v`), secures the workspace via a provided token (`--env AUTHENTICATE_VIA_JUPYTER`), provides 512MB of shared memory (`--shm-size`) to prevent unexpected crashes (see [known issues section](#known-issues)), and keeps the container running even on system restarts (`--restart always`). You can find additional options for docker run [here](https:\u002F\u002Fdocs.docker.com\u002Fengine\u002Freference\u002Fcommandline\u002Frun\u002F) and workspace configuration options in [the section below](#Configuration).\n\n### Configuration Options\n\nThe workspace provides a variety of configuration options that can be used by setting environment variables (via docker run option: `--env`).\n\n\u003Cdetails>\n\u003Csummary>Configuration options (click to expand...)\u003C\u002Fsummary>\n\n\u003Ctable>\n    \u003Ctr>\n        \u003Cth>Variable\u003C\u002Fth>\n        \u003Cth>Description\u003C\u002Fth>\n        \u003Cth>Default\u003C\u002Fth>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>WORKSPACE_BASE_URL\u003C\u002Ftd>\n        \u003Ctd>The base URL under which Jupyter and all other tools will be reachable from.\u003C\u002Ftd>\n        \u003Ctd>\u002F\u003C\u002Ftd>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>WORKSPACE_SSL_ENABLED\u003C\u002Ftd>\n        \u003Ctd>Enable or disable SSL. When set to true, either certificate (cert.crt) must be mounted to \u003Ccode>\u002Fresources\u002Fssl\u003C\u002Fcode> or, if not, the container generates self-signed certificate.\u003C\u002Ftd>\n        \u003Ctd>false\u003C\u002Ftd>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>WORKSPACE_AUTH_USER\u003C\u002Ftd>\n        \u003Ctd>Basic auth user name. To enable basic auth, both the user and password need to be set. We recommend to use the \u003Ccode>AUTHENTICATE_VIA_JUPYTER\u003C\u002Fcode> for securing the workspace.\u003C\u002Ftd>\n        \u003Ctd>\u003C\u002Ftd>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>WORKSPACE_AUTH_PASSWORD\u003C\u002Ftd>\n        \u003Ctd>Basic auth user password. To enable basic auth, both the user and password need to be set. We recommend to use the \u003Ccode>AUTHENTICATE_VIA_JUPYTER\u003C\u002Fcode> for securing the workspace.\u003C\u002Ftd>\n        \u003Ctd>\u003C\u002Ftd>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>WORKSPACE_PORT\u003C\u002Ftd>\n        \u003Ctd>Configures the main container-internal port of the workspace proxy. For most scenarios, this configuration should not be changed, and the port configuration via Docker should be used instead of the workspace should be accessible from a different port.\u003C\u002Ftd>\n        \u003Ctd>8080\u003C\u002Ftd>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>CONFIG_BACKUP_ENABLED\u003C\u002Ftd>\n        \u003Ctd>Automatically backup and restore user configuration to the persisted \u003Ccode>\u002Fworkspace\u003C\u002Fcode> folder, such as the .ssh, .jupyter, or .gitconfig from the users home directory.\u003C\u002Ftd>\n        \u003Ctd>true\u003C\u002Ftd>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>SHARED_LINKS_ENABLED\u003C\u002Ftd>\n        \u003Ctd>Enable or disable the capability to share resources via external links. This is used to enable file sharing, access to workspace-internal ports, and easy command-based SSH setup. All shared links are protected via a token. However, there are certain risks since the token cannot be easily invalidated after sharing and does not expire.\u003C\u002Ftd>\n        \u003Ctd>true\u003C\u002Ftd>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>INCLUDE_TUTORIALS\u003C\u002Ftd>\n        \u003Ctd>If \u003Ccode>true\u003C\u002Fcode>, a selection of tutorial and introduction notebooks are added to the \u003Ccode>\u002Fworkspace\u003C\u002Fcode> folder at container startup, but only if the folder is empty.\u003C\u002Ftd>\n        \u003Ctd>true\u003C\u002Ftd>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>MAX_NUM_THREADS\u003C\u002Ftd>\n        \u003Ctd>The number of threads used for computations when using various common libraries (MKL, OPENBLAS, OMP, NUMBA, ...). You can also use \u003Ccode>auto\u003C\u002Fcode> to let the workspace dynamically determine the number of threads based on available CPU resources. This configuration can be overwritten by the user from within the workspace. Generally, it is good to set it at or below the number of CPUs available to the workspace.\u003C\u002Ftd>\n        \u003Ctd>auto\u003C\u002Ftd>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd colspan=\"3\">\u003Cb>Jupyter Configuration:\u003C\u002Fb>\u003C\u002Ftd>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>SHUTDOWN_INACTIVE_KERNELS\u003C\u002Ftd>\n        \u003Ctd>Automatically shutdown inactive kernels after a given timeout (to clean up memory or GPU resources). Value can be either a timeout in seconds or set to \u003Ccode>true\u003C\u002Fcode> with a default value of 48h.\u003C\u002Ftd>\n        \u003Ctd>false\u003C\u002Ftd>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>AUTHENTICATE_VIA_JUPYTER\u003C\u002Ftd>\n        \u003Ctd>If \u003Ccode>true\u003C\u002Fcode>, all HTTP requests will be authenticated against the Jupyter server, meaning that the authentication method configured with Jupyter will be used for all other tools as well. This can be deactivated with \u003Ccode>false\u003C\u002Fcode>. Any other value will activate this authentication and are applied as token via NotebookApp.token configuration of Jupyter.\u003C\u002Ftd>\n        \u003Ctd>false\u003C\u002Ftd>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>NOTEBOOK_ARGS\u003C\u002Ftd>\n        \u003Ctd>Add and overwrite Jupyter configuration options via command line args. Refer to \u003Ca href=\"https:\u002F\u002Fjupyter-notebook.readthedocs.io\u002Fen\u002Fstable\u002Fconfig.html\">this overview\u003C\u002Fa> for all options.\u003C\u002Ftd>\n        \u003Ctd>\u003C\u002Ftd>\n    \u003C\u002Ftr>\n\u003C\u002Ftable>\n\n\u003C\u002Fdetails>\n\n### Persist Data\n\nTo persist the data, you need to mount a volume into `\u002Fworkspace` (via docker run option: `-v`).\n\n\u003Cdetails>\n\u003Csummary>Details (click to expand...)\u003C\u002Fsummary>\n\nThe default work directory within the container is `\u002Fworkspace`, which is also the root directory of the Jupyter instance. The `\u002Fworkspace` directory is intended to be used for all the important work artifacts. Data within other directories of the server (e.g., `\u002Froot`) might get lost at container restarts.\n\u003C\u002Fdetails>\n\n### Enable Authentication\n\nWe strongly recommend enabling authentication via one of the following two options. For both options, the user will be required to authenticate for accessing any of the pre-installed tools.\n\n> _The authentication only works for all tools accessed through the main workspace port (default: `8080`). This works for all preinstalled tools and the [Access Ports](#access-ports) feature. If you expose another port of the container, please make sure to secure it with authentication as well!_\n\n\u003Cdetails>\n\u003Csummary>Details (click to expand...)\u003C\u002Fsummary>\n\n#### Token-based Authentication via Jupyter (recommended)\n\nActivate the token-based authentication based on the authentication implementation of Jupyter via the `AUTHENTICATE_VIA_JUPYTER` variable:\n\n```bash\ndocker run -p 8080:8080 --env AUTHENTICATE_VIA_JUPYTER=\"mytoken\" mltooling\u002Fml-workspace:0.13.2\n```\n\nYou can also use `\u003Cgenerated>` to let Jupyter generate a random token that is printed out on the container logs. A value of `true` will not set any token but activate that every request to any tool in the workspace will be checked with the Jupyter instance if the user is authenticated. This is used for tools like JupyterHub, which configures its own way of authentication.\n\n#### Basic Authentication via Nginx\n\nActivate the basic authentication via the `WORKSPACE_AUTH_USER` and `WORKSPACE_AUTH_PASSWORD` variable:\n\n```bash\ndocker run -p 8080:8080 --env WORKSPACE_AUTH_USER=\"user\" --env WORKSPACE_AUTH_PASSWORD=\"pwd\" mltooling\u002Fml-workspace:0.13.2\n```\n\nThe basic authentication is configured via the nginx proxy and might be more performant compared to the other option since with `AUTHENTICATE_VIA_JUPYTER` every request to any tool in the workspace will check via the Jupyter instance if the user (based on the request cookies) is authenticated.\n\n\u003C\u002Fdetails>\n\n### Enable SSL\u002FHTTPS\n\nWe recommend enabling SSL so that the workspace is accessible via HTTPS (encrypted communication). SSL encryption can be activated via the `WORKSPACE_SSL_ENABLED` variable. \n\n\u003Cdetails>\n\u003Csummary>Details (click to expand...)\u003C\u002Fsummary>\n\nWhen set to `true`, either the `cert.crt` and `cert.key` file must be mounted to `\u002Fresources\u002Fssl` or, if the certificate files do not exist, the container generates self-signed certificates. For example, if the `\u002Fpath\u002Fwith\u002Fcertificate\u002Ffiles` on the local system contains a valid certificate for the host domain (`cert.crt` and `cert.key` file), it can be used from the workspace as shown below:\n\n```bash\ndocker run \\\n    -p 8080:8080 \\\n    --env WORKSPACE_SSL_ENABLED=\"true\" \\\n    -v \u002Fpath\u002Fwith\u002Fcertificate\u002Ffiles:\u002Fresources\u002Fssl:ro \\\n    mltooling\u002Fml-workspace:0.13.2\n```\n\nIf you want to host the workspace on a public domain, we recommend to use [Let's encrypt](https:\u002F\u002Fletsencrypt.org\u002Fgetting-started\u002F) to get a trusted certificate for your domain.  To use the generated certificate (e.g., via [certbot](https:\u002F\u002Fcertbot.eff.org\u002F) tool) for the workspace, the `privkey.pem` corresponds to the `cert.key` file and the `fullchain.pem` to the `cert.crt` file.\n\n> _When you enable SSL support, you must access the workspace over `https:\u002F\u002F`, not over plain `http:\u002F\u002F`._\n\n\u003C\u002Fdetails>\n\n### Limit Memory & CPU\n\nBy default, the workspace container has no resource constraints and can use as much of a given resource as the host’s kernel scheduler allows. Docker provides ways to control how much memory, or CPU a container can use, by setting runtime configuration flags of the docker run command.\n\n> _The workspace requires atleast 2 CPUs and 500MB to run stable and be usable._\n\n\u003Cdetails>\n\u003Csummary>Details (click to expand...)\u003C\u002Fsummary>\n\nFor example, the following command restricts the workspace to only use a maximum of 8 CPUs, 16 GB of memory, and 1 GB of shared memory (see [Known Issues](#known-issues)):\n\n```bash\ndocker run -p 8080:8080 --cpus=8 --memory=16g --shm-size=1G mltooling\u002Fml-workspace:0.13.2\n```\n\n> 📖 _For more options and documentation on resource constraints, please refer to the [official docker guide](https:\u002F\u002Fdocs.docker.com\u002Fconfig\u002Fcontainers\u002Fresource_constraints\u002F)._\n\n\u003C\u002Fdetails>\n\n### Enable Proxy\n\nIf a proxy is required, you can pass the proxy configuration via the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables.\n\n### Workspace Flavors\n\nIn addition to the main workspace image (`mltooling\u002Fml-workspace`), we provide other image flavors that extend the features or minimize the image size to support a variety of use cases.\n\n#### Minimal Flavor\n\n\u003Cp>\n\u003Ca href=\"https:\u002F\u002Fhub.docker.com\u002Fr\u002Fmltooling\u002Fml-workspace\" title=\"Docker Image Version\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fv\u002Fmltooling\u002Fml-workspace?color=blue&sort=semver\">\u003C\u002Fa>\n\u003Ca href=\"https:\u002F\u002Fhub.docker.com\u002Fr\u002Fmltooling\u002Fml-workspace-minimal\" title=\"Docker Image Size\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fimage-size\u002Fmltooling\u002Fml-workspace-minimal?color=blue&sort=semver\">\u003C\u002Fa>\n\u003Ca href=\"https:\u002F\u002Fhub.docker.com\u002Fr\u002Fmltooling\u002Fml-workspace-minimal\" title=\"Docker Pulls\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fpulls\u002Fmltooling\u002Fml-workspace-minimal.svg\">\u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003Cdetails>\n\u003Csummary>Details (click to expand...)\u003C\u002Fsummary>\n\nThe minimal flavor (`mltooling\u002Fml-workspace-minimal`) is our smallest image that contains most of the tools and features described in the [features section](#features) without most of the python libraries that are pre-installed in our main image. Any Python library or excluded tool can be installed manually during runtime by the user.\n\n```bash\ndocker run -p 8080:8080 mltooling\u002Fml-workspace-minimal:0.13.2\n```\n\u003C\u002Fdetails>\n\n#### R Flavor\n\n\u003Cp>\n\u003Ca href=\"https:\u002F\u002Fhub.docker.com\u002Fr\u002Fmltooling\u002Fml-workspace-r\" title=\"Docker Image Version\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fv\u002Fmltooling\u002Fml-workspace-r?color=blue&sort=semver\">\u003C\u002Fa>\n\u003Ca href=\"https:\u002F\u002Fhub.docker.com\u002Fr\u002Fmltooling\u002Fml-workspace-r\" title=\"Docker Image Size\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fimage-size\u002Fmltooling\u002Fml-workspace-r?color=blue&sort=semver\">\u003C\u002Fa>\n\u003Ca href=\"https:\u002F\u002Fhub.docker.com\u002Fr\u002Fmltooling\u002Fml-workspace-r\" title=\"Docker Pulls\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fpulls\u002Fmltooling\u002Fml-workspace-r.svg\">\u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003Cdetails>\n\u003Csummary>Details (click to expand...)\u003C\u002Fsummary>\n\nThe R flavor (`mltooling\u002Fml-workspace-r`) is based on our default workspace image and extends it with the R-interpreter, R-Jupyter kernel, RStudio server (access via `Open Tool -> RStudio`), and a variety of popular packages from the R ecosystem.\n\n```bash\ndocker run -p 8080:8080 mltooling\u002Fml-workspace-r:0.12.1\n```\n\u003C\u002Fdetails>\n\n#### Spark Flavor\n\n\u003Cp>\n\u003Ca href=\"https:\u002F\u002Fhub.docker.com\u002Fr\u002Fmltooling\u002Fml-workspace-spark\" title=\"Docker Image Version\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fv\u002Fmltooling\u002Fml-workspace-spark?color=blue&sort=semver\">\u003C\u002Fa>\n\u003Ca href=\"https:\u002F\u002Fhub.docker.com\u002Fr\u002Fmltooling\u002Fml-workspace-spark\" title=\"Docker Image Size\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fimage-size\u002Fmltooling\u002Fml-workspace-spark?color=blue&sort=semver\">\u003C\u002Fa>\n\u003Ca href=\"https:\u002F\u002Fhub.docker.com\u002Fr\u002Fmltooling\u002Fml-workspace-spark\" title=\"Docker Pulls\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fpulls\u002Fmltooling\u002Fml-workspace-spark.svg\">\u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003Cdetails>\n\u003Csummary>Details (click to expand...)\u003C\u002Fsummary>\n\nThe Spark flavor (`mltooling\u002Fml-workspace-spark`) is based on our R-flavor workspace image and extends it with the Spark runtime, Spark-Jupyter kernel, Zeppelin Notebook (access via `Open Tool -> Zeppelin`), PySpark, Hadoop, Java Kernel, and a few additional libraries & Jupyter extensions.\n\n```bash\ndocker run -p 8080:8080 mltooling\u002Fml-workspace-spark:0.12.1\n```\n\n\u003C\u002Fdetails>\n\n#### GPU Flavor\n\n\u003Cp>\n\u003Ca href=\"https:\u002F\u002Fhub.docker.com\u002Fr\u002Fmltooling\u002Fml-workspace-gpu\" title=\"Docker Image Version\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fv\u002Fmltooling\u002Fml-workspace-gpu?color=blue&sort=semver\">\u003C\u002Fa>\n\u003Ca href=\"https:\u002F\u002Fhub.docker.com\u002Fr\u002Fmltooling\u002Fml-workspace-gpu\" ttitle=\"Docker Image Size\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fimage-size\u002Fmltooling\u002Fml-workspace-gpu?color=blue&sort=semver\">\u003C\u002Fa>\n\u003Ca href=\"https:\u002F\u002Fhub.docker.com\u002Fr\u002Fmltooling\u002Fml-workspace-gpu\" title=\"Docker Pulls\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fpulls\u002Fmltooling\u002Fml-workspace-gpu.svg\">\u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003Cdetails>\n\u003Csummary>Details (click to expand...)\u003C\u002Fsummary>\n\n> _Currently, the GPU-flavor only supports CUDA 11.2. Support for other CUDA versions might be added in the future._\n\nThe GPU flavor (`mltooling\u002Fml-workspace-gpu`) is based on our default workspace image and extends it with CUDA 10.1 and GPU-ready versions of various machine learning libraries (e.g., tensorflow, pytorch, cntk, jax). This GPU image has the following additional requirements for the system:\n\n- Nvidia Drivers for the GPUs. Drivers need to be CUDA 11.2 compatible, version `>=460.32.03` ([📖 Instructions](https:\u002F\u002Fgithub.com\u002FNVIDIA\u002Fnvidia-docker\u002Fwiki\u002FFrequently-Asked-Questions#how-do-i-install-the-nvidia-driver)).\n- (Docker >= 19.03) Nvidia Container Toolkit ([📖 Instructions](https:\u002F\u002Fgithub.com\u002FNVIDIA\u002Fnvidia-docker\u002Fwiki\u002FInstallation-(Native-GPU-Support))).\n\n```bash\ndocker run -p 8080:8080 --gpus all mltooling\u002Fml-workspace-gpu:0.13.2\n```\n\n- (Docker \u003C 19.03) Nvidia Docker 2.0 ([📖 Instructions](https:\u002F\u002Fgithub.com\u002FNVIDIA\u002Fnvidia-docker\u002Fwiki\u002FInstallation-(version-2.0))).\n\n```bash\ndocker run -p 8080:8080 --runtime nvidia --env NVIDIA_VISIBLE_DEVICES=\"all\" mltooling\u002Fml-workspace-gpu:0.13.2\n```\n\nThe GPU flavor also comes with a few additional configuration options, as explained below:\n\n\u003Ctable>\n    \u003Ctr>\n        \u003Cth>Variable\u003C\u002Fth>\n        \u003Cth>Description\u003C\u002Fth>\n        \u003Cth>Default\u003C\u002Fth>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>NVIDIA_VISIBLE_DEVICES\u003C\u002Ftd>\n        \u003Ctd>Controls which GPUs will be accessible inside the workspace. By default, all GPUs from the host are accessible within the workspace. You can either use \u003Ccode>all\u003C\u002Fcode>, \u003Ccode>none\u003C\u002Fcode>, or specify a comma-separated list of device IDs (e.g., \u003Ccode>0,1\u003C\u002Fcode>). You can find out the list of available device IDs by running \u003Ccode>nvidia-smi\u003C\u002Fcode> on the host machine.\u003C\u002Ftd>\n        \u003Ctd>all\u003C\u002Ftd>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>CUDA_VISIBLE_DEVICES\u003C\u002Ftd>\n        \u003Ctd>Controls which GPUs CUDA applications running inside the workspace will see. By default, all GPUs that the workspace has access to will be visible. To restrict applications, provide a comma-separated list of internal device IDs (e.g., \u003Ccode>0,2\u003C\u002Fcode>) based on the available devices within the workspace (run \u003Ccode>nvidia-smi\u003C\u002Fcode>). In comparison to \u003Ccode>NVIDIA_VISIBLE_DEVICES\u003C\u002Fcode>, the workspace user will be still able to access other GPUs by overwriting this configuration from within the workspace.\u003C\u002Ftd>\n        \u003Ctd>\u003C\u002Ftd>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>TF_FORCE_GPU_ALLOW_GROWTH\u003C\u002Ftd>\n        \u003Ctd>By default, the majority of GPU memory will be allocated by the first execution of a TensorFlow graph. While this behavior can be desirable for production pipelines, it is less desirable for interactive use. Use \u003Ccode>true\u003C\u002Fcode> to enable dynamic GPU Memory allocation or \u003Ccode>false\u003C\u002Fcode> to instruct TensorFlow to allocate all memory at execution.\u003C\u002Ftd>\n        \u003Ctd>true\u003C\u002Ftd>\n    \u003C\u002Ftr>\n\u003C\u002Ftable>\n\u003C\u002Fdetails>\n\n### Multi-user setup\n\nThe workspace is designed as a single-user development environment. For a multi-user setup, we recommend deploying [🧰 ML Hub](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-hub). ML Hub is based on JupyterHub with the task to spawn, manage, and proxy workspace instances for multiple users.\n\n\u003Cdetails>\n\u003Csummary>Deployment (click to expand...)\u003C\u002Fsummary>\n\nML Hub makes it easy to set up a multi-user environment on a single server (via Docker) or a cluster (via Kubernetes) and supports a variety of usage scenarios & authentication providers. You can try out ML Hub via:\n\n```bash\ndocker run -p 8080:8080 -v \u002Fvar\u002Frun\u002Fdocker.sock:\u002Fvar\u002Frun\u002Fdocker.sock mltooling\u002Fml-hub:latest\n```\n\nFor more information and documentation about ML Hub, please take a look at the [Github Site](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-hub).\n\n\u003C\u002Fdetails>\n\n---\n\n\u003Cbr>\n\n## Support\n\nThis project is maintained by [Benjamin Räthlein](https:\u002F\u002Ftwitter.com\u002Fraethlein), [Lukas Masuch](https:\u002F\u002Ftwitter.com\u002FLukasMasuch), and [Jan Kalkan](https:\u002F\u002Fwww.linkedin.com\u002Fin\u002Fjan-kalkan-b5390284\u002F). Please understand that we won't be able to provide individual support via email. We also believe that help is much more valuable if it's shared publicly so that more people can benefit from it.\n\n| Type                     | Channel                                              |\n| ------------------------ | ------------------------------------------------------ |\n| 🚨  **Bug Reports**       | \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fissues?utf8=%E2%9C%93&q=is%3Aopen+is%3Aissue+label%3Abug+sort%3Areactions-%2B1-desc+\" title=\"Open Bug Report\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fissues\u002Fml-tooling\u002Fml-workspace\u002Fbug.svg\">\u003C\u002Fa>                                  |\n| 🎁  **Feature Requests**  | \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fissues?q=is%3Aopen+is%3Aissue+label%3Afeature+sort%3Areactions-%2B1-desc\" title=\"Open Feature Request\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fissues\u002Fml-tooling\u002Fml-workspace\u002Ffeature.svg?label=feature%20request\">\u003C\u002Fa>                                 |\n| 👩‍💻  **Usage Questions**   |  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fissues?q=is%3Aopen+is%3Aissue+label%3Asupport+sort%3Areactions-%2B1-desc\" title=\"Open Support Request\"> \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fissues\u002Fml-tooling\u002Fml-workspace\u002Fsupport.svg?label=support%20request\">\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fstackoverflow.com\u002Fquestions\u002Ftagged\u002Fml-tooling\" title=\"Open Question on Stackoverflow\"> \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fstackoverflow-ml--tooling-orange.svg\">\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fgitter.im\u002Fml-tooling\u002Fml-workspace\" title=\"Chat on Gitter\">\u003Cimg src=\"https:\u002F\u002Fbadges.gitter.im\u002Fml-tooling\u002Fml-workspace.svg\">\u003C\u002Fa> |\n| 📢  **Announcements** | \u003Ca href=\"https:\u002F\u002Fgitter.im\u002Fml-tooling\u002Fml-workspace\" title=\"Chat on Gitter\">\u003Cimg src=\"https:\u002F\u002Fbadges.gitter.im\u002Fml-tooling\u002Fml-workspace.svg\">\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fmltooling.substack.com\u002Fsubscribe\" title=\"Subscribe for updates\">\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_c2109c0b6cbf.png\">\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fmltooling\" title=\"ML Tooling on Twitter\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Ftwitter\u002Ffollow\u002Fmltooling.svg?style=social&label=Follow\"> |\n| ❓  **Other Requests** | \u003Ca href=\"mailto:team@mltooling.org\" title=\"Email ML Tooling Team\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Femail-ML Tooling-green?logo=mail.ru&logoColor=white\">\u003C\u002Fa> |\n\n---\n\n\u003Cbr>\n\n## Features\n\n\u003Cp align=\"center\">\n  \u003Ca href=\"#jupyter\">Jupyter\u003C\u002Fa> •\n  \u003Ca href=\"#desktop-gui\">Desktop GUI\u003C\u002Fa> •\n  \u003Ca href=\"#visual-studio-code\">VS Code\u003C\u002Fa> •\n  \u003Ca href=\"#jupyterlab\">JupyterLab\u003C\u002Fa> •\n  \u003Ca href=\"#git-integration\">Git Integration\u003C\u002Fa> •\n  \u003Ca href=\"#file-sharing\">File Sharing\u003C\u002Fa> •\n  \u003Ca href=\"#access-ports\">Access Ports\u003C\u002Fa> •\n  \u003Ca href=\"#tensorboard\">Tensorboard\u003C\u002Fa> •\n  \u003Ca href=\"#extensibility\">Extensibility\u003C\u002Fa> •\n  \u003Ca href=\"#hardware-monitoring\">Hardware Monitoring\u003C\u002Fa> •\n  \u003Ca href=\"#ssh-access\">SSH Access\u003C\u002Fa> •\n  \u003Ca href=\"#remote-development\">Remote Development\u003C\u002Fa> •\n  \u003Ca href=\"#run-as-a-job\">Job Execution\u003C\u002Fa>\n\u003C\u002Fp>\n\nThe workspace is equipped with a selection of best-in-class open-source development tools to help with the machine learning workflow. Many of these tools can be started from the `Open Tool` menu from Jupyter (the main application of the workspace):\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_42070d559aa2.png\"\u002F>\n\n> _Within your workspace you have **full root & sudo privileges** to install any library or tool you need via terminal (e.g., `pip`, `apt-get`, `conda`, or `npm`). You can find more ways to extend the workspace within the [Extensibility](#extensibility) section_\n\n### Jupyter\n\n[Jupyter Notebook](https:\u002F\u002Fjupyter.org\u002F) is a web-based interactive environment for writing and running code. The main building blocks of Jupyter are the file-browser, the notebook editor, and kernels. The file-browser provides an interactive file manager for all notebooks, files, and folders in the `\u002Fworkspace` directory.\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_45e0ec240eee.png\"\u002F>\n\nA new notebook can be created by clicking on the `New` drop-down button at the top of the list and selecting the desired language kernel.\n\n> _You can spawn interactive **terminal** instances as well by selecting `New -> Terminal` in the file-browser._\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_e80a87964543.png\"\u002F>\n\nThe notebook editor enables users to author documents that include live code, markdown text, shell commands, LaTeX equations, interactive widgets, plots, and images. These notebook documents provide a complete and self-contained record of a computation that can be converted to various formats and shared with others.\n\n> _This workspace has a variety of **third-party Jupyter extensions** activated. You can configure these extensions in the nbextensions configurator: `nbextensions` tab on the file browser_\n\nThe Notebook allows code to be run in a range of different programming languages. For each notebook document that a user opens, the web application starts a **kernel** that runs the code for that notebook and returns output. This workspace has a Python 3 kernel pre-installed. Additional Kernels can be installed to get access to other languages (e.g., R, Scala, Go) or additional computing resources (e.g., GPUs, CPUs, Memory).\n\n> _**Python 2** is deprected and we do not recommend to use it. However, you can still install a Python 2.7 kernel via this command: `\u002Fbin\u002Fbash \u002Fresources\u002Ftools\u002Fpython-27.sh`_\n\n### Desktop GUI\n\nThis workspace provides an HTTP-based VNC access to the workspace via [noVNC](https:\u002F\u002Fgithub.com\u002Fnovnc\u002FnoVNC). Thereby, you can access and work within the workspace with a fully-featured desktop GUI. To access this desktop GUI, go to `Open Tool`, select `VNC`, and click the `Connect` button. In the case you are asked for a password, use `vncpassword`.\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_6fe7488bd15c.png\"\u002F>\n\nOnce you are connected, you will see a desktop GUI that allows you to install and use full-fledged web-browsers or any other tool that is available for Ubuntu. Within the `Tools` folder on the desktop, you will find a collection of install scripts that makes it straightforward to install some of the most commonly used development tools, such as Atom, PyCharm, R-Runtime, R-Studio, or Postman (just double-click on the script).\n\n**Clipboard:** If you want to share the clipboard between your machine and the workspace, you can use the copy-paste functionality as described below:\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_b434c14aa9a1.png\"\u002F>\n\n> 💡 _**Long-running tasks:** Use the desktop GUI for long-running Jupyter executions. By running notebooks from the browser of your workspace desktop GUI, all output will be synchronized to the notebook even if you have disconnected your browser from the notebook._\n\n### Visual Studio Code\n\n[Visual Studio Code](https:\u002F\u002Fgithub.com\u002Fmicrosoft\u002Fvscode) (`Open Tool -> VS Code`) is an open-source lightweight but powerful code editor with built-in support for a variety of languages and a rich ecosystem of extensions. It combines the simplicity of a source code editor with powerful developer tooling, like IntelliSense code completion and debugging. The workspace integrates VS Code as a web-based application accessible through the browser-based on the awesome [code-server](https:\u002F\u002Fgithub.com\u002Fcdr\u002Fcode-server) project. It allows you to customize every feature to your liking and install any number of third-party extensions.\n\n\u003Cp align=\"center\">\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_297e6177e6f7.png\"\u002F>\u003C\u002Fp>\n\nThe workspace also provides a VS Code integration into Jupyter allowing you to open a VS Code instance for any selected folder, as shown below:\n\n\u003Cp align=\"center\">\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_e3df619e8fef.png\"\u002F>\u003C\u002Fp>\n\n### JupyterLab\n\n[JupyterLab](https:\u002F\u002Fgithub.com\u002Fjupyterlab\u002Fjupyterlab) (`Open Tool -> JupyterLab`) is the next-generation user interface for Project Jupyter. It offers all the familiar building blocks of the classic Jupyter Notebook (notebook, terminal, text editor, file browser, rich outputs, etc.) in a flexible and powerful user interface. This JupyterLab instance comes pre-installed with a few helpful extensions such as a the [jupyterlab-toc](https:\u002F\u002Fgithub.com\u002Fjupyterlab\u002Fjupyterlab-toc), [jupyterlab-git](https:\u002F\u002Fgithub.com\u002Fjupyterlab\u002Fjupyterlab-git), and [juptyterlab-tensorboard](https:\u002F\u002Fgithub.com\u002Fchaoleili\u002Fjupyterlab_tensorboard).\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_04a88f9ddf9f.png\"\u002F>\n\n### Git Integration\n\nVersion control is a crucial aspect of productive collaboration. To make this process as smooth as possible, we have integrated a custom-made Jupyter extension specialized on pushing single notebooks, a full-fledged web-based Git client ([ungit](https:\u002F\u002Fgithub.com\u002FFredrikNoren\u002Fungit)), a tool to open and edit plain text documents (e.g., `.py`, `.md`) as notebooks ([jupytext](https:\u002F\u002Fgithub.com\u002Fmwouts\u002Fjupytext)), as well as a notebook merging tool ([nbdime](https:\u002F\u002Fgithub.com\u002Fjupyter\u002Fnbdime)). Additionally, JupyterLab and VS Code also provide GUI-based Git clients.\n\n#### Clone Repository\n\nFor cloning repositories via `https`, we recommend to navigate to the desired root folder and to click on the `git` button as shown below:\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_79c415d8762c.png\"\u002F>\n\nThis might ask for some required settings and, subsequently, opens [ungit](https:\u002F\u002Fgithub.com\u002FFredrikNoren\u002Fungit), a web-based Git client with a clean and intuitive UI that makes it convenient to sync your code artifacts. Within ungit, you can clone any repository. If authentication is required, you will get asked for your credentials.\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_8bcc754c535c.png\"\u002F>\n\n#### Push, Pull, Merge, and Other Git Actions\n\nTo commit and push a single notebook to a remote Git repository, we recommend to use the Git plugin integrated into Jupyter, as shown below:\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_5753ecd9b667.png\"\u002F>\n\nFor more advanced Git operations, we recommend to use [ungit](https:\u002F\u002Fgithub.com\u002FFredrikNoren\u002Fungit). With ungit, you can do most of the common git actions such as push, pull, merge, branch, tag, checkout, and many more.\n\n#### Diffing and Merging Notebooks\n\nJupyter notebooks are great, but they often are huge files, with a very specific JSON file format. To enable seamless diffing and merging via Git this workspace is pre-installed with [nbdime](https:\u002F\u002Fgithub.com\u002Fjupyter\u002Fnbdime). Nbdime understands the structure of notebook documents and, therefore, automatically makes intelligent decisions when diffing and merging notebooks. In the case you have merge conflicts, nbdime will make sure that the notebook is still readable by Jupyter, as shown below:\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_3736b7ef74f8.png\"\u002F>\n\nFurthermore, the workspace comes pre-installed with [jupytext](https:\u002F\u002Fgithub.com\u002Fmwouts\u002Fjupytext), a Jupyter plugin that reads and writes notebooks as plain text files. This allows you to open, edit, and run scripts or markdown files (e.g., `.py`, `.md`) as notebooks within Jupyter. In the following screenshot, we have opened a markdown file via Jupyter:\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_d333c65bebee.png\"\u002F>\n\nIn combination with Git, jupytext enables a clear diff history and easy merging of version conflicts. With both of those tools, collaborating on Jupyter notebooks with Git becomes straightforward.\n\n### File Sharing\n\nThe workspace has a feature to share any file or folder with anyone via a token-protected link. To share data via a link, select any file or folder from the Jupyter directory tree and click on the share button as shown in the following screenshot:\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_57ca37917b1b.png\"\u002F>\n\nThis will generate a unique link protected via a token that gives anyone with the link access to view and download the selected data via the [Filebrowser](https:\u002F\u002Fgithub.com\u002Ffilebrowser\u002Ffilebrowser) UI:\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_8e316fcf5b16.png\"\u002F>\n\nTo deactivate or manage (e.g., provide edit permissions) shared links, open the Filebrowser via `Open Tool -> Filebrowser` and select `Settings->User Management`.\n\n### Access Ports\n\nIt is possible to securely access any workspace internal port by selecting `Open Tool -> Access Port`. With this feature, you are able to access a REST API or web application running inside the workspace directly with your browser. The feature enables developers  to build, run, test, and debug REST APIs or web applications directly from the workspace.\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_210cb78dae55.png\"\u002F>\n\nIf you want to use an HTTP client or share access to a given port, you can select the `Get shareable link` option. This generates a token-secured link that anyone with access to the link can use to access the specified port.\n\n> _The HTTP app requires to be resolved from a relative URL path or configure a base path (`\u002Ftools\u002FPORT\u002F`). Tools made accessible this way are secured by the workspace's authentication system! If you decide to publish any other port of the container yourself instead of using this feature to make a tool accessible, please make sure to secure it via an authentication mechanism!_\n\n\u003Cdetails>\n\n\u003Csummary>Example (click to expand...)\u003C\u002Fsummary>\n\n1. Start an HTTP server on port `1234` by running this command in a terminal within the workspace: `python -m http.server 1234`\n2. Select `Open Tool -> Access Port`, input port `1234`, and select the `Get shareable link` option.\n3. Click `Access`, and you will see the content provided by Python's `http.server`.\n4. The opened link can also be shared to other people or called from external applications (e.g., try with Incognito Mode in Chrome).\n\n\u003C\u002Fdetails>\n\n### SSH Access\n\nSSH provides a powerful set of features that enables you to be more productive with your development tasks. You can easily set up a secure and passwordless SSH connection to a workspace by selecting `Open Tool -> SSH`. This will generate a secure setup command that can be run on any Linux or Mac machine to configure a passwordless & secure SSH connection to the workspace. Alternatively, you can also download the setup script and run it (instead of using the command).\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_ab91f881d270.png\"\u002F>\n\n> _The setup script only runs on Mac and Linux. Windows is currently not supported._\n\nJust run the setup command or script on the machine from where you want to setup a connection to the workspace and input a name for the connection (e.g., `my-workspace`). You might also get asked for some additional input during the process, e.g. to install a remote kernel if `remote_ikernel` is installed. Once the passwordless SSH connection is successfully setup and tested, you can securely connect to the workspace by simply executing `ssh my-workspace`.\n\nBesides the ability to execute commands on a remote machine, SSH also provides a variety of other features that can improve your development workflow as described in the following sections.\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>Tunnel Ports\u003C\u002Fb> (click to expand...)\u003C\u002Fsummary>\n\nAn SSH connection can be used for tunneling application ports from the remote machine to the local machine, or vice versa. For example, you can expose the workspace internal port `5901` (VNC Server) to the local machine on port `5000` by executing:\n\n```bash\nssh -nNT -L 5000:localhost:5901 my-workspace\n```\n\n> _To expose an application port from your local machine to a workspace, use the `-R` option (instead of `-L`)._\n\nAfter the tunnel is established, you can use your favorite VNC viewer on your local machine and connect to `vnc:\u002F\u002Flocalhost:5000` (default password: `vncpassword`). To make the tunnel connection more resistant and reliable, we recommend to use [autossh](https:\u002F\u002Fwww.harding.motd.ca\u002Fautossh\u002F) to automatically restart SSH tunnels in the case that the connection dies:\n\n```bash\nautossh -M 0 -f -nNT -L 5000:localhost:5901 my-workspace\n```\n\nPort tunneling is quite useful when you have started any server-based tool within the workspace that you like to make accessible for another machine. In its default setting, the workspace has a variety of tools already running on different ports, such as:\n\n- `8080`: Main workspace port with access to all integrated tools.\n- `8090`: Jupyter server.\n- `8054`: VS Code server.\n- `5901`: VNC server.\n- `22`: SSH server.\n\nYou can find port information on all the tools in the [supervisor configuration](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fblob\u002Fmain\u002Fresources\u002Fsupervisor\u002Fsupervisord.conf).\n\n> 📖 _For more information about port tunneling\u002Fforwarding, we recommend [this guide](https:\u002F\u002Fwww.everythingcli.org\u002Fssh-tunnelling-for-fun-and-profit-local-vs-remote\u002F)._\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>Copy Data via SCP\u003C\u002Fb> (click to expand...)\u003C\u002Fsummary>\n\n[SCP](https:\u002F\u002Flinux.die.net\u002Fman\u002F1\u002Fscp) allows files and directories to be securely copied to, from, or between different machines via SSH connections. For example, to copy a local file (`.\u002Flocal-file.txt`) into the `\u002Fworkspace` folder inside the workspace, execute:\n\n```bash\nscp .\u002Flocal-file.txt my-workspace:\u002Fworkspace\n```\n\nTo copy the `\u002Fworkspace` directory from `my-workspace` to the working directory of the local machine, execute:\n\n```bash\nscp -r my-workspace:\u002Fworkspace .\n```\n\n> 📖 _For more information about scp, we recommend [this guide](https:\u002F\u002Fwww.garron.me\u002Fen\u002Farticles\u002Fscp.html)._\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>Sync Data via Rsync\u003C\u002Fb> (click to expand...)\u003C\u002Fsummary>\n\n[Rsync](https:\u002F\u002Flinux.die.net\u002Fman\u002F1\u002Frsync) is a utility for efficiently transferring and synchronizing files between different machines (e.g., via SSH connections) by comparing the modification times and sizes of files. The rsync command will determine which files need to be updated each time it is run, which is far more efficient and convenient than using something like scp or sftp. For example, to sync all content of a local folder (`.\u002Flocal-project-folder\u002F`) into the `\u002Fworkspace\u002Fremote-project-folder\u002F` folder inside the workspace, execute:\n\n```bash\nrsync -rlptzvP --delete --exclude=\".git\" \".\u002Flocal-project-folder\u002F\" \"my-workspace:\u002Fworkspace\u002Fremote-project-folder\u002F\"\n```\n\nIf you have some changes inside the folder on the workspace, you can sync those changes back to the local folder by changing the source and destination arguments:\n\n```bash\nrsync -rlptzvP --delete --exclude=\".git\" \"my-workspace:\u002Fworkspace\u002Fremote-project-folder\u002F\" \".\u002Flocal-project-folder\u002F\"\n```\n\nYou can rerun these commands each time you want to synchronize the latest copy of your files. Rsync will make sure that only updates will be transferred.\n\n> 📖 _You can find more information about rsync on [this man page](https:\u002F\u002Flinux.die.net\u002Fman\u002F1\u002Frsync)._\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>Mount Folders via SSHFS\u003C\u002Fb> (click to expand...)\u003C\u002Fsummary>\n\nBesides copying and syncing data, an SSH connection can also be used to mount directories from a remote machine into the local filesystem via [SSHFS](https:\u002F\u002Fgithub.com\u002Flibfuse\u002Fsshfs). \nFor example, to mount the `\u002Fworkspace` directory of `my-workspace` into a local path (e.g. `\u002Flocal\u002Ffolder\u002Fpath`), execute:\n\n```bash\nsshfs -o reconnect my-workspace:\u002Fworkspace \u002Flocal\u002Ffolder\u002Fpath\n```\n\nOnce the remote directory is mounted, you can interact with the remote file system the same way as with any local directory and file.\n\n> 📖 _For more information about sshfs, we recommend [this guide](https:\u002F\u002Fwww.digitalocean.com\u002Fcommunity\u002Ftutorials\u002Fhow-to-use-sshfs-to-mount-remote-file-systems-over-ssh)._\n\u003C\u002Fdetails>\n\n### Remote Development\n\nThe workspace can be integrated and used as a remote runtime (also known as remote kernel\u002Fmachine\u002Finterpreter) for a variety of popular development tools and IDEs, such as Jupyter, VS Code, PyCharm, Colab, or Atom Hydrogen. Thereby, you can connect your favorite development tool running on your local machine to a remote machine for code execution. This enables a local-quality development experience with remote-hosted compute resources.\n\nThese integrations usually require a passwordless SSH connection from the local machine to the workspace. To set up an SSH connection, please follow the steps explained in the [SSH Access](#ssh-access) section.\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>Jupyter - Remote Kernel\u003C\u002Fb> (click to expand...)\u003C\u002Fsummary>\n\nThe workspace can be added to a Jupyter instance as a remote kernel by using the [remote_ikernel](https:\u002F\u002Fbitbucket.org\u002Ftdaff\u002Fremote_ikernel\u002F) tool. If you have installed remote_ikernel (`pip install remote_ikernel`) on your local machine, the SSH setup script of the workspace will automatically offer you the option to setup a remote kernel connection.\n\n> _When running kernels on remote machines, the notebooks themselves will be saved onto the local filesystem, but the kernel will only have access to the filesystem of the remote machine running the kernel. If you need to sync data, you can make use of rsync, scp, or sshfs as explained in the [SSH Access](#ssh-access) section._\n\nIn case you want to manually setup and manage remote kernels, use the [remote_ikernel](https:\u002F\u002Fbitbucket.org\u002Ftdaff\u002Fremote_ikernel\u002Fsrc\u002Fdefault\u002FREADME.rst) command-line tool, as shown below:\n\n```bash\n# Change my-workspace with the name of a workspace SSH connection\nremote_ikernel manage --add \\\n    --interface=ssh \\\n    --kernel_cmd=\"ipython kernel -f {connection_file}\" \\\n    --name=\"ml-server (Python)\" \\\n    --host=\"my-workspace\"\n```\n\nYou can use the remote_ikernel command line functionality to list (`remote_ikernel manage --show`) or delete (`remote_ikernel manage --delete \u003CREMOTE_KERNEL_NAME>`) remote kernel connections.\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_237a495cd633.png\"\u002F>\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>VS Code - Remote Machine\u003C\u002Fb> (click to expand...)\u003C\u002Fsummary>\n\nThe Visual Studio Code [Remote - SSH](https:\u002F\u002Fmarketplace.visualstudio.com\u002Fitems?itemName=ms-vscode-remote.remote-ssh) extension allows you to open a remote folder on any remote machine with SSH access and work with it just as you would if the folder were on your own machine. Once connected to a remote machine, you can interact with files and folders anywhere on the remote filesystem and take full advantage of VS Code's feature set (IntelliSense, debugging, and extension support). The discovers and works out-of-the-box with passwordless SSH connections as configured by the workspace SSH setup script. To enable your local VS Code application to connect to a workspace:\n\n1. Install [Remote - SSH](https:\u002F\u002Fmarketplace.visualstudio.com\u002Fitems?itemName=ms-vscode-remote.remote-ssh) extension inside your local VS Code.\n2. Run the SSH setup script of a selected workspace as explained in the [SSH Access](#ssh-access) section.\n3. Open the Remote-SSH panel in your local VS Code. All configured SSH connections should be automatically discovered. Just select any configured workspace connection you like to connect to as shown below:\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_9ee645671ac3.gif\"\u002F>\n\n> 📖 _You can find additional features and information about the Remote SSH extension in [this guide](https:\u002F\u002Fcode.visualstudio.com\u002Fdocs\u002Fremote\u002Fssh)._\n\n\u003C\u002Fdetails>\n\n### Tensorboard\n\n[Tensorboard](https:\u002F\u002Fwww.tensorflow.org\u002Ftensorboard) provides a suite of visualization tools to make it easier to understand, debug, and optimize your experiment runs. It includes logging features for scalar, histogram, model structure, embeddings, and text & image visualization. The workspace comes pre-installed with [jupyter_tensorboard extension](https:\u002F\u002Fgithub.com\u002Flspvic\u002Fjupyter_tensorboard) that integrates Tensorboard into the Jupyter interface with functionalities to start, manage, and stop instances. You can open a new instance for a valid logs directory, as shown below:\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_e69ecec405cd.png\" \u002F>\n\nIf you have opened a Tensorboard instance in a valid log directory, you will see the visualizations of your logged data:\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_98995aa8ad9b.png\" \u002F>\n\n> _Tensorboard can be used in combination with many other ML frameworks besides Tensorflow. By using the [tensorboardX](https:\u002F\u002Fgithub.com\u002Flanpa\u002FtensorboardX) library you can log basically from any python based library. Also, PyTorch has a direct Tensorboard integration as described [here](https:\u002F\u002Fpytorch.org\u002Fdocs\u002Fstable\u002Ftensorboard.html)._\n\nIf you prefer to see the tensorboard directly within your notebook, you can make use of following **Jupyter magic**:\n\n```\n%load_ext tensorboard\n%tensorboard --logdir \u002Fworkspace\u002Fpath\u002Fto\u002Flogs\n```\n\n### Hardware Monitoring\n\nThe workspace provides two pre-installed web-based tools to help developers during model training and other experimentation tasks to get insights into everything happening on the system and figure out performance bottlenecks.\n\n[Netdata](https:\u002F\u002Fgithub.com\u002Fnetdata\u002Fnetdata) (`Open Tool -> Netdata`) is a real-time hardware and performance monitoring dashboard that visualize the processes and services on your Linux systems. It monitors metrics about CPU, GPU, memory, disks, networks, processes, and more.\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_4d224452460d.png\" \u002F>\n\n[Glances](https:\u002F\u002Fgithub.com\u002Fnicolargo\u002Fglances) (`Open Tool -> Glances`) is a web-based hardware monitoring dashboard as well and can be used as an alternative to Netdata.\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_8ce01522c649.png\"\u002F>\n\n> _Netdata and Glances will show you the hardware statistics for the entire machine on which the workspace container is running._\n\n### Run as a job\n\n> _A job is defined as any computational task that runs for a certain time to completion, such as a model training or a data pipeline._\n\nThe workspace image can also be used to execute arbitrary Python code without starting any of the pre-installed tools. This provides a seamless way to productize your ML projects since the code that has been developed interactively within the workspace will have the same environment and configuration when run as a job via the same workspace image.\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>Run Python code as a job via the workspace image\u003C\u002Fb> (click to expand...)\u003C\u002Fsummary>\n\nTo run Python code as a job, you need to provide a path or URL to a code directory (or script) via `EXECUTE_CODE`. The code can be either already mounted into the workspace container or downloaded from a version control system (e.g., git or svn) as described in the following sections. The selected code path needs to be python executable. In case the selected code is a directory (e.g., whenever you download the code from a VCS) you need to put a `__main__.py` file at the root of this directory. The `__main__.py` needs to contain the code that starts your job.\n\n#### Run code from version control system\n\nYou can execute code directly from Git, Mercurial, Subversion, or Bazaar by using the pip-vcs format as described in [this guide](https:\u002F\u002Fpip.pypa.io\u002Fen\u002Fstable\u002Freference\u002Fpip_install\u002F#vcs-support). For example, to execute code from a [subdirectory](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Ftree\u002Fmain\u002Fresources\u002Ftests\u002Fml-job) of a git repository, just run:\n\n```bash\ndocker run --env EXECUTE_CODE=\"git+https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace.git#subdirectory=resources\u002Ftests\u002Fml-job\" mltooling\u002Fml-workspace:0.13.2\n```\n\n> 📖 _For additional information on how to specify branches, commits, or tags please refer to [this guide](https:\u002F\u002Fpip.pypa.io\u002Fen\u002Fstable\u002Freference\u002Fpip_install\u002F#vcs-support)._\n\n#### Run code mounted into the workspace\n\nIn the following example, we mount and execute the current working directory (expected to contain our code) into the `\u002Fworkspace\u002Fml-job\u002F` directory of the workspace:\n\n```bash\ndocker run -v \"${PWD}:\u002Fworkspace\u002Fml-job\u002F\" --env EXECUTE_CODE=\"\u002Fworkspace\u002Fml-job\u002F\" mltooling\u002Fml-workspace:0.13.2\n```\n\n#### Install Dependencies\n\nIn the case that the pre-installed workspace libraries are not compatible with your code, you can install or change dependencies by just adding one or multiple of the following files to your code directory:\n\n- `requirements.txt`: [pip requirements format](https:\u002F\u002Fpip.pypa.io\u002Fen\u002Fstable\u002Fuser_guide\u002F#requirements-files) for pip-installable dependencies.\n- `environment.yml`: [conda environment file](https:\u002F\u002Fdocs.conda.io\u002Fprojects\u002Fconda\u002Fen\u002Flatest\u002Fuser-guide\u002Ftasks\u002Fmanage-environments.html?highlight=environment.yml#creating-an-environment-file-manually) to create a separate Python environment.\n- `setup.sh`: A shell script executed via `\u002Fbin\u002Fbash`.\n\nThe execution order is 1. `environment.yml` -> 2. `setup.sh` -> 3. `requirements.txt`\n\n#### Test job in interactive mode\n\nYou can test your job code within the workspace (started normally with interactive tools) by executing the following python script:\n\n```bash\npython \u002Fresources\u002Fscripts\u002Fexecute_code.py \u002Fpath\u002Fto\u002Fyour\u002Fjob\n```\n\n#### Build a custom job image\n\nIt is also possible to embed your code directly into a custom job image, as shown below:\n\n```dockerfile\nFROM mltooling\u002Fml-workspace:0.13.2\n\n# Add job code to image\nCOPY ml-job \u002Fworkspace\u002Fml-job\nENV EXECUTE_CODE=\u002Fworkspace\u002Fml-job\n\n# Install requirements only\nRUN python \u002Fresources\u002Fscripts\u002Fexecute_code.py --requirements-only\n\n# Execute only the code at container startup\nCMD [\"python\", \"\u002Fresources\u002Fdocker-entrypoint.py\", \"--code-only\"]\n```\n\n\u003C\u002Fdetails>\n\n### Pre-installed Libraries and Interpreters\n\nThe workspace is pre-installed with many popular interpreters, data science libraries, and ubuntu packages:\n\n- **Interpreter:** Python 3.8 (Miniconda 3), NodeJS 14, Scala, Perl 5\n- **Python libraries:** Tensorflow, Keras, Pytorch, Sklearn, XGBoost, MXNet, Theano, and [many more](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Ftree\u002Fmain\u002Fresources\u002Flibraries)\n- **Package Manager:** `conda`, `pip`, `apt-get`, `npm`, `yarn`, `sdk`, `poetry`, `gdebi`...  \n\nThe full list of installed tools can be found within the [Dockerfile](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fblob\u002Fmain\u002FDockerfile).\n\n> _For every minor version release, we run vulnerability, virus, and security checks within the workspace using [safety](https:\u002F\u002Fpyup.io\u002Fsafety\u002F), [clamav](https:\u002F\u002Fwww.clamav.net\u002F), [trivy](https:\u002F\u002Fgithub.com\u002Faquasecurity\u002Ftrivy), and [snyk via docker scan](https:\u002F\u002Fdocs.docker.com\u002Fengine\u002Fscan\u002F) to make sure that the workspace environment is as secure as possible. We are committed to fix and prevent all high- or critical-severity vulnerabilities. You can find some up-to-date reports [here](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Ftree\u002Fmain\u002Fresources\u002Freports)._\n\n### Extensibility\n\nThe workspace provides a high degree of extensibility. Within the workspace, you have **full root & sudo privileges** to install any library or tool you need via terminal (e.g., `pip`, `apt-get`, `conda`, or `npm`). You can open a terminal by one of the following ways:\n\n- **Jupyter:** `New -> Terminal`\n- **Desktop VNC:** `Applications -> Terminal Emulator`\n- **JupyterLab:** `File -> New -> Terminal`\n- **VS Code:** `Terminal -> New Terminal`\n\nAdditionally, pre-installed tools such as Jupyter, JupyterLab, and Visual Studio Code each provide their own rich ecosystem of extensions. The workspace also contains a [collection of installer scripts](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Ftree\u002Fmain\u002Fresources\u002Ftools) for many commonly used development tools or libraries (e.g., `PyCharm`, `Zeppelin`, `RStudio`, `Starspace`). You can find and execute all tool installers via `Open Tool -> Install Tool`. Those scripts can be also executed from the Desktop VNC (double-click on the script within the `Tools` folder on the Desktop VNC).\n\n\u003Cdetails>\n\u003Csummary>Example (click to expand...)\u003C\u002Fsummary>\n\nFor example, to install the [Apache Zeppelin](https:\u002F\u002Fzeppelin.apache.org\u002F) notebook server, simply execute:\n\n```bash\n\u002Fresources\u002Ftools\u002Fzeppelin.sh --port=1234\n```\n\nAfter installation, refresh the Jupyter website and the Zeppelin tool will be available under `Open Tool -> Zeppelin`. Other tools might only be available within the Desktop VNC (e.g., `atom` or `pycharm`) or do not provide any UI (e.g., `starspace`, `docker-client`).\n\u003C\u002Fdetails>\n\nAs an alternative to extending the workspace at runtime, you can also customize the workspace Docker image to create your own flavor as explained in the [FAQ](#faq) section.\n\n---\n\n\u003Cbr>\n\n## FAQ\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>How to customize the workspace image (create your own flavor)?\u003C\u002Fb> (click to expand...)\u003C\u002Fsummary>\n\nThe workspace can be extended in many ways at runtime, as explained [here](#extensibility). However, if you like to customize the workspace image with your own software or configuration, you can do that via a Dockerfile as shown below:\n\n```dockerfile\n# Extend from any of the workspace versions\u002Fflavors\nFROM mltooling\u002Fml-workspace:0.13.2\n\n# Run you customizations, e.g.\nRUN \\\n    # Install r-runtime, r-kernel, and r-studio web server from provided install scripts\n    \u002Fbin\u002Fbash $RESOURCES_PATH\u002Ftools\u002Fr-runtime.sh --install && \\\n    \u002Fbin\u002Fbash $RESOURCES_PATH\u002Ftools\u002Fr-studio-server.sh --install && \\\n    # Cleanup Layer - removes unneccessary cache files\n    clean-layer.sh\n```\n\nFinally, use [docker build](https:\u002F\u002Fdocs.docker.com\u002Fengine\u002Freference\u002Fcommandline\u002Fbuild\u002F) to build your customized Docker image.\n\n> 📖 _For a more comprehensive Dockerfile example, take a look at the [Dockerfile of the R-flavor](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fblob\u002Fmain\u002Fr-flavor\u002FDockerfile)._\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>How to update a running workspace container?\u003C\u002Fb> (click to expand...)\u003C\u002Fsummary>\n\nTo update a running workspace instance to a more recent version, the running Docker container needs to be replaced with a new container based on the updated workspace image.\n\nAll data within the workspace that is not persisted to a mounted volume will be lost during this update process. As mentioned in the [persist data](#Persist-Data) section, a volume is expected to be mounted into the `\u002Fworkspace` folder. All tools within the workspace are configured to make use of the `\u002Fworkspace` folder as the root directory for all source code and data artifacts. During an update, data within other directories will be removed, including installed\u002Fupdated libraries or certain machine configurations. We have integrated a backup and restore feature (`CONFIG_BACKUP_ENABLED`) for various selected configuration files\u002Ffolders, such as the user's Jupyter\u002FVS-Code configuration, `~\u002F.gitconfig`, and `~\u002F.ssh`.\n\n\u003Cdetails>\n\n\u003Csummary>Update Example (click to expand...)\u003C\u002Fsummary>\n\nIf the workspace is deployed via Docker (Kubernetes will have a different update process), you need to remove the existing container (via `docker rm`) and start a new one (via `docker run`) with the newer workspace image. Make sure to use the same configuration, volume, name, and port. For example, a workspace (image version `0.8.7`) was started with this command:\n```\ndocker run -d \\\n    -p 8080:8080 \\\n    --name \"ml-workspace\" \\\n    -v \"\u002Fpath\u002Fon\u002Fhost:\u002Fworkspace\" \\\n    --env AUTHENTICATE_VIA_JUPYTER=\"mytoken\" \\\n    --restart always \\\n    mltooling\u002Fml-workspace:0.8.7\n```\nand needs to be updated to version `0.9.1`, you need to:\n\n1. Stop and remove the running workspace container: `docker stop \"ml-workspace\" && docker rm \"ml-workspace\"`\n2. Start a new workspace container with the newer image and same configuration: `docker run -d -p 8080:8080 --name \"ml-workspace\" -v \"\u002Fpath\u002Fon\u002Fhost:\u002Fworkspace\" --env AUTHENTICATE_VIA_JUPYTER=\"mytoken\" --restart always mltooling\u002Fml-workspace:0.9.1`\n\n\u003C\u002Fdetails>\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>How to configure the VNC server?\u003C\u002Fb> (click to expand...)\u003C\u002Fsummary>\n\nIf you want to directly connect to the workspace via a VNC client (not using the [noVNC webapp](#desktop-gui)), you might be interested in changing certain VNC server configurations. To configure the VNC server, you can provide\u002Foverwrite the following environment variables at container start (via docker run option: `--env`):\n\n\u003Ctable>\n    \u003Ctr>\n        \u003Cth>Variable\u003C\u002Fth>\n        \u003Cth>Description\u003C\u002Fth>\n        \u003Cth>Default\u003C\u002Fth>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>VNC_PW\u003C\u002Ftd>\n        \u003Ctd>Password of VNC connection. This password only needs to be secure if the VNC server is directly exposed. If it is used via noVNC, it is already protected based on the configured authentication mechanism.\u003C\u002Ftd>\n        \u003Ctd>vncpassword\u003C\u002Ftd>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>VNC_RESOLUTION\u003C\u002Ftd>\n        \u003Ctd>Default desktop resolution of VNC connection. When using noVNC, the resolution will be dynamically adapted to the window size.\u003C\u002Ftd>\n        \u003Ctd>1600x900\u003C\u002Ftd>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>VNC_COL_DEPTH\u003C\u002Ftd>\n        \u003Ctd>Default color depth of VNC connection.\u003C\u002Ftd>\n        \u003Ctd>24\u003C\u002Ftd>\n    \u003C\u002Ftr>\n\u003C\u002Ftable>\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>How to use a non-root user within the workspace?\u003C\u002Fb> (click to expand...)\u003C\u002Fsummary>\n\nUnfortunately, we currently do not support using a non-root user within the workspace. We plan to provide this capability and already started with some refactoring to allow this configuration. However, this still requires a lot more work, refactoring, and testing from our side.\n\nUsing root-user (or users with sudo permission) within containers is generally not recommended since, in case of system\u002Fkernel vulnerabilities, a user might be able to break out of the container and be able to access the host system. Since it is not very common to have such problematic kernel vulnerabilities, the risk of a severe attack is quite minimal. As explained in the [official Docker documentation](https:\u002F\u002Fdocs.docker.com\u002Fengine\u002Fsecurity\u002Fsecurity\u002F#linux-kernel-capabilities), containers (even with root users) are generally quite secure in preventing a breakout to the host. And compared to many other container use-cases, we actually want to provide the flexibility to the user to have control and system-level installation permissions within the workspace container.\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>How to create and use a virtual environment?\u003C\u002Fb> (click to expand...)\u003C\u002Fsummary>\n\nThe workspace comes preinstalled with various common tools to create isolated Python environments (virtual environments). The following sections provide a quick-intro on how to use these tools within the workspace. You can find information on when to use which tool [here](https:\u002F\u002Fstackoverflow.com\u002Fa\u002F41573588). Please refer to the documentation of the given tool for additional usage information.\n\n**venv** (recommended):\n\nTo create a virtual environment via [venv](https:\u002F\u002Fdocs.python.org\u002F3\u002Ftutorial\u002Fvenv.html), execute the following commands:\n\n```bash\n# Create environment in the working directory\npython -m venv my-venv\n# Activate environment in shell\nsource .\u002Fmy-venv\u002Fbin\u002Factivate\n# Optional: Create Jupyter kernel for this environment\npip install ipykernel\npython -m ipykernel install --user --name=my-venv --display-name=\"my-venv ($(python --version))\"\n# Optional: Close enviornment session\ndeactivate\n```\n\n**pipenv** (recommended):\n\nTo create a virtual environment via [pipenv](https:\u002F\u002Fpipenv.pypa.io\u002Fen\u002Flatest\u002F), execute the following commands:\n\n```bash\n# Create environment in the working directory\npipenv install\n# Activate environment session in shell\npipenv shell\n# Optional: Create Jupyter kernel for this environment\npipenv install ipykernel\npython -m ipykernel install --user --name=my-pipenv --display-name=\"my-pipenv ($(python --version))\"\n# Optional: Close environment session\nexit\n```\n\n**virtualenv**:\n\nTo create a virtual environment via [virtualenv](https:\u002F\u002Fvirtualenv.pypa.io\u002Fen\u002Flatest\u002F), execute the following commands:\n\n```bash\n# Create environment in the working directory\nvirtualenv my-virtualenv\n# Activate environment session in shell\nsource .\u002Fmy-virtualenv\u002Fbin\u002Factivate\n# Optional: Create Jupyter kernel for this environment\npip install ipykernel\npython -m ipykernel install --user --name=my-virtualenv --display-name=\"my-virtualenv ($(python --version))\"\n# Optional: Close environment session\ndeactivate\n```\n\n**conda**:\n\nTo create a virtual environment via [conda](https:\u002F\u002Fdocs.conda.io\u002Fprojects\u002Fconda\u002Fen\u002Flatest\u002Fuser-guide\u002Ftasks\u002Fmanage-environments.html), execute the following commands:\n\n```bash\n# Create environment (globally)\nconda create -n my-conda-env\n# Activate environment session in shell\nconda activate my-conda-env\n# Optional: Create Jupyter kernel for this environment\npython -m ipykernel install --user --name=my-conda-env --display-name=\"my-conda-env ($(python --version))\"\n# Optional: Close environment session\nconda deactivate\n```\n\n**Tip: Shell Commands in Jupyter Notebooks:**\n\nIf you install and use a virtual environment via a dedicated Jupyter Kernel and use shell commands within Jupyter (e.g. `!pip install matplotlib`), the wrong python\u002Fpip version will be used. To use the python\u002Fpip version of the selected kernel, do the following instead:\n\n```python\nimport sys\n!{sys.executable} -m pip install matplotlib\n```\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>How to install a different Python version?\u003C\u002Fb> (click to expand...)\u003C\u002Fsummary>\n\nThe workspace provides three easy options to install different Python versions alongside the main Python instance: [pyenv](https:\u002F\u002Fgithub.com\u002Fpyenv\u002Fpyenv), [pipenv](https:\u002F\u002Fpipenv.pypa.io\u002Fen\u002Flatest\u002Fcli\u002F) (recommended), [conda](https:\u002F\u002Fgithub.com\u002Fpyenv\u002Fpyenv).\n\n**pipenv** (recommended):\n\nTo install a different python version (e.g. `3.7.8`) within the workspace via [pipenv](https:\u002F\u002Fpipenv.pypa.io\u002Fen\u002Flatest\u002Fcli\u002F), execute the following commands:\n\n```bash\n# Install python vers\npipenv install --python=3.7.8\n# Activate environment session in shell\npipenv shell\n# Check python installation\npython --version\n# Optional: Create Jupyter kernel for this environment\npipenv install ipykernel\npython -m ipykernel install --user --name=my-pipenv --display-name=\"my-pipenv ($(python --version))\"\n# Optional: Close environment session\nexit\n```\n\n**pyenv**:\n\nTo install a different python version (e.g. `3.7.8`) within the workspace via [pyenv](https:\u002F\u002Fgithub.com\u002Fpyenv\u002Fpyenv), execute the following commands:\n\n```bash\n# Install python version\npyenv install 3.7.8\n# Make globally accessible\npyenv global 3.7.8\n# Activate python version in shell\npyenv shell 3.7.8\n# Check python installation\npython3.7 --version\n# Optional: Create Jupyter kernel for this python version\npython3.7 -m pip install ipykernel\npython3.7 -m ipykernel install --user --name=my-pyenv-3.7.8 --display-name=\"my-pyenv (Python 3.7.8)\"\n```\n\n**conda**:\n\nTo install a different python version (e.g. `3.7.8`) within the workspace via [conda](https:\u002F\u002Fgithub.com\u002Fpyenv\u002Fpyenv), execute the following commands:\n\n```bash\n# Create environment with python version\nconda create -n my-conda-3.7 python=3.7.8\n# Activate environment session in shell\nconda activate my-conda-3.7\n# Check python installation\npython --version\n# Optional: Create Jupyter kernel for this python version\npip install ipykernel\npython -m ipykernel install --user --name=my-conda-3.7 --display-name=\"my-conda ($(python --version))\"\n# Optional: Close environment session\nconda deactivate\n```\n\n**Tip: Shell Commands in Jupyter Notebooks:**\n\nIf you install and use another Python version via a dedicated Jupyter Kernel and use shell commands within Jupyter (e.g. `!pip install matplotlib`), the wrong python\u002Fpip version will be used. To use the python\u002Fpip version of the selected kernel, do the following instead:\n\n```python\nimport sys\n!{sys.executable} -m pip install matplotlib\n```\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>Can I publish any other than the default port to access a tool inside the container?\u003C\u002Fb> (click to expand...)\u003C\u002Fsummary>\nYou can do this, but please be aware that this port is \u003Cb>not\u003C\u002Fb> protected by the workspace's authentication mechanism then! For security reasons, we therefore highly recommend to use the \u003Ca href=\"#access-ports\">Access Ports\u003C\u002Fa> functionality of the workspace.\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>System and Tool Translations\u003C\u002Fb> (click to expand...)\u003C\u002Fsummary>\nIf you want to configure another language than English in your workspace and some tools are not translated properly, have a look \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fissues\u002F70#issuecomment-841863145\">at this issue\u003C\u002Fa>. Try to comment out the 'exclude translations' line in `\u002Fetc\u002Fdpkg\u002Fdpkg.cfg.d\u002Fexcludes` and re-install \u002F configure the package.\n\u003C\u002Fdetails>\n\n---\n\n\u003Cbr>\n\n## Known Issues\n\n\u003Cdetails>\n\n\u003Csummary>\u003Cb>Too small shared memory might crash tools or scripts\u003C\u002Fb> (click to expand...)\u003C\u002Fsummary>\n\nCertain desktop tools (e.g., recent versions of [Firefox](https:\u002F\u002Fgithub.com\u002Fjlesage\u002Fdocker-firefox#increasing-shared-memory-size)) or libraries (e.g., Pytorch - see Issues: [1](https:\u002F\u002Fgithub.com\u002Fpytorch\u002Fpytorch\u002Fissues\u002F2244), [2](https:\u002F\u002Fgithub.com\u002Fpytorch\u002Fpytorch\u002Fissues\u002F1355)) might crash if the shared memory size (`\u002Fdev\u002Fshm`) is too small. The default shared memory size of Docker is 64MB, which might not be enough for a few tools. You can provide a higher shared memory size via the `shm-size` docker run option:\n\n```bash\ndocker run --shm-size=2G mltooling\u002Fml-workspace:0.13.2\n```\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\n\u003Csummary>\u003Cb>Multiprocessing code is unexpectedly slow \u003C\u002Fb> (click to expand...)\u003C\u002Fsummary>\n\nIn general, the performance of running code within Docker is [nearly identical](https:\u002F\u002Fstackoverflow.com\u002Fquestions\u002F21889053\u002Fwhat-is-the-runtime-performance-cost-of-a-docker-container) compared to running it directly on the machine. However, in case you have limited the container's CPU quota (as explained in [this section](#limit-memory--cpu)), the container can still see the full count of CPU cores available on the machine and there is no technical way to prevent this. Many libraries and tools will use the full CPU count (e.g., via `os.cpu_count()`) to set the number of threads used for multiprocessing\u002F-threading. This might cause the program to start more threads\u002Fprocesses than it can efficiently handle with the available CPU quota, which can tremendously slow down the overall performance. Therefore, it is important to set the available CPU count or the maximum number of threads explicitly to the configured CPU quota. The workspace provides capabilities to detect the number of available CPUs automatically, which are used to configure a variety of common libraries via environment variables such as `OMP_NUM_THREADS` or `MKL_NUM_THREADS`. It is also possible to explicitly set the number of available CPUs at container startup via the `MAX_NUM_THREADS` environment variable (see [configuration section](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace#configuration-options)). The same environment variable can also be used to get the number of available CPUs at runtime.\n\nEven though the automatic configuration capabilities of the workspace will fix a variety of inefficiencies, we still recommend configuring the number of available CPUs with all libraries explicitly. For example:\n\n```python\nimport os\nMAX_NUM_THREADS = int(os.getenv(\"MAX_NUM_THREADS\"))\n\n# Set in pytorch\nimport torch\ntorch.set_num_threads(MAX_NUM_THREADS)\n\n# Set in tensorflow\nimport tensorflow as tf\nconfig = tf.ConfigProto(\n    device_count={\"CPU\": MAX_NUM_THREADS},\n    inter_op_parallelism_threads=MAX_NUM_THREADS,\n    intra_op_parallelism_threads=MAX_NUM_THREADS,\n)\ntf_session = tf.Session(config=config)\n\n# Set session for keras\nimport keras.backend as K\nK.set_session(tf_session)\n\n# Set in sklearn estimator\nfrom sklearn.linear_model import LogisticRegression\nLogisticRegression(n_jobs=MAX_NUM_THREADS).fit(X, y)\n\n# Set for multiprocessing pool\nfrom multiprocessing import Pool\n\nwith Pool(MAX_NUM_THREADS) as pool:\n    results = pool.map(lst)\n```\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\n\u003Csummary>\u003Cb>Nginx terminates with SIGILL core dumped error\u003C\u002Fb> (click to expand...)\u003C\u002Fsummary>\n\nIf you encounter the following error within the container logs when starting the workspace, it will most likely not be possible to run the workspace on your hardware:\n\n```\nexited: nginx (terminated by SIGILL (core dumped); not expected)\n```\n\nThe OpenResty\u002FNginx binary package used within the workspace requires to run on a CPU with `SSE4.2` support (see [this issue](https:\u002F\u002Fgithub.com\u002Fopenresty\u002Fopenresty\u002Fissues\u002F267#issuecomment-309296900)). Unfortunately, some older CPUs do not have support for `SSE4.2` and, therefore, will not be able to run the workspace container. On Linux, you can check if your CPU supports `SSE4.2` when looking into the `cat \u002Fproc\u002Fcpuinfo` flags section. If you encounter this problem, feel free to notify us by commenting on the following issue: [#30](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fissues\u002F30).\n\n\u003C\u002Fdetails>\n\n---\n\n\u003Cbr>\n\n## Contribution\n\n- Pull requests are encouraged and always welcome. Read our [contribution guidelines](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Ftree\u002Fmain\u002FCONTRIBUTING.md) and check out [help-wanted](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fissues?utf8=%E2%9C%93&q=is%3Aopen+is%3Aissue+label%3A\"help+wanted\"+sort%3Areactions-%2B1-desc+) issues.\n- Submit Github issues for any [feature request and enhancement](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fissues\u002Fnew?assignees=&labels=feature&template=02_feature-request.md&title=), [bugs](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fissues\u002Fnew?assignees=&labels=bug&template=01_bug-report.md&title=), or [documentation](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fissues\u002Fnew?assignees=&labels=documentation&template=03_documentation.md&title=) problems.\n- By participating in this project, you agree to abide by its [Code of Conduct](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fblob\u002Fmain\u002F.github\u002FCODE_OF_CONDUCT.md).\n- The [development section](#development) below contains information on how to build and test the project after you have implemented some changes.\n\n## Development\n\n> _**Requirements**: [Docker](https:\u002F\u002Fdocs.docker.com\u002Fget-docker\u002F) and [Act](https:\u002F\u002Fgithub.com\u002Fnektos\u002Fact#installation) are required to be installed on your machine to execute the build process._\n\nTo simplify the process of building this project from scratch, we provide build-scripts - based on [universal-build](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Funiversal-build) - that run all necessary steps (build, test, and release) within a containerized environment. To build and test your changes, execute the following command in the project root folder:\n\n```bash\nact -b -j build\n```\n\nUnder the hood it uses the build.py files in this repo based on the [universal-build library](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Funiversal-build). So, if you want to build it locally, you can also execute this command in the project root folder to build the docker container:\n\n```bash\npython build.py --make\n```\n\nFor additional script options:\n\n```bash\npython build.py --help\n```\n\nRefer to our [contribution guides](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fblob\u002Fmain\u002FCONTRIBUTING.md#development-instructions) for more detailed information on our build scripts and development process.\n\n---\n\nLicensed **Apache 2.0**. Created and maintained with ❤️  by developers from Berlin.\n","\u003Ch1 align=\"center\">\n    \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\" title=\"ML Workspace 主页\">\n    \u003Cimg width=50% alt=\"\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_f32e7c154f14.png\"> \u003C\u002Fa>\n    \u003Cbr>\n\u003C\u002Fh1>\n\n\u003Cp align=\"center\">\n    \u003Cstrong>面向机器学习的一站式基于Web的开发环境\u003C\u002Fstrong>\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n    \u003Ca href=\"https:\u002F\u002Fhub.docker.com\u002Fr\u002Fmltooling\u002Fml-workspace\" title=\"Docker 镜像版本\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fv\u002Fmltooling\u002Fml-workspace?color=blue&sort=semver\">\u003C\u002Fa>\n    \u003Ca href=\"https:\u002F\u002Fhub.docker.com\u002Fr\u002Fmltooling\u002Fml-workspace\" title=\"Docker 拉取次数\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fpulls\u002Fmltooling\u002Fml-workspace.svg?color=blue\">\u003C\u002Fa>\n    \u003Ca href=\"https:\u002F\u002Fhub.docker.com\u002Fr\u002Fmltooling\u002Fml-workspace\" title=\"Docker 镜像大小\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fimage-size\u002Fmltooling\u002Fml-workspace?color=blue&sort=semver\">\u003C\u002Fa>\n    \u003Ca href=\"https:\u002F\u002Fgitter.im\u002Fml-tooling\u002Fml-workspace\" title=\"在 Gitter 上聊天\">\u003Cimg src=\"https:\u002F\u002Fbadges.gitter.im\u002Fml-tooling\u002Fml-workspace.svg\">\u003C\u002Fa>\n    \u003Ca href=\"https:\u002F\u002Fmltooling.substack.com\u002Fsubscribe\" title=\"订阅新闻通讯\">\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_c2109c0b6cbf.png\">\u003C\u002Fa>\n    \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fmltooling\" title=\"在 Twitter 上关注\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Ftwitter\u002Ffollow\u002Fmltooling.svg?style=social&label=Follow\">\u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n  \u003Ca href=\"#getting-started\">开始使用\u003C\u002Fa> •\n  \u003Ca href=\"#features\">功能与截图\u003C\u002Fa> •\n  \u003Ca href=\"#support\">支持\u003C\u002Fa> •\n  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fissues\u002Fnew?labels=bug&template=01_bug-report.md\">报告 bug\u003C\u002Fa> •\n  \u003Ca href=\"#faq\">常见问题解答\u003C\u002Fa> •\n  \u003Ca href=\"#known-issues\">已知问题\u003C\u002Fa> •\n  \u003Ca href=\"#contribution\">贡献\u003C\u002Fa>\n\u003C\u002Fp>\n\nML 工作空间是一款专为机器学习和数据科学打造的一站式基于 Web 的集成开发环境。它部署简单，只需几分钟即可启动，帮助您在本地机器上高效地构建机器学习解决方案。该工作空间是开发者的终极工具，预装了多种流行的数据科学库（如 TensorFlow、PyTorch、Keras、Scikit-learn）和开发工具（如 Jupyter、VS Code、TensorBoard），并经过完美配置、优化和集成。\n\n## 亮点\n\n- 💫  基于 Web 的 Jupyter、JupyterLab 和 Visual Studio Code 集成开发环境。\n- 🗃  预装大量流行的数据科学库和工具。\n- 🖥  可通过 Web 浏览器访问完整的 Linux 桌面 GUI。\n- 🔀  无缝集成 Git，专为笔记本优化。\n- 📈  通过 TensorBoard 和 Netdata 集成硬件与训练监控。\n- 🚪  可通过 Web、SSH 或 VNC 在单个端口下从任何地方访问。\n- 🎛  可作为远程内核（Jupyter）或远程机器（VS Code）通过 SSH 使用。\n- 🐳  可通过 Docker 轻松部署在 Mac、Linux 和 Windows 上。\n\n\u003Cbr>\n\n## 开始使用\n\n\u003Cp>\n\u003Ca href=\"https:\u002F\u002Flabs.play-with-docker.com\u002F?stack=https:\u002F\u002Fraw.githubusercontent.com\u002Fml-tooling\u002Fml-workspace\u002Fmain\u002Fdeployment\u002Fplay-with-docker\u002Fdocker-compose.yml\" title=\"Docker 镜像元数据\" target=\"_blank\">\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_084a46bc982a.png\" alt=\"在 PWD 中试用\" width=\"100px\">\u003C\u002Fa>\n\u003C\u002Fp>\n\n### 先决条件\n\n工作空间需要在您的机器上安装 **Docker**（[📖 安装指南](https:\u002F\u002Fdocs.docker.com\u002Finstall\u002F#supported-platforms))。\n\n### 启动单个实例\n\n部署单个工作空间实例非常简单：\n\n```bash\ndocker run -p 8080:8080 mltooling\u002Fml-workspace:0.13.2\n```\n\n瞧，就这么简单！现在，Docker 会将最新的工作空间镜像拉取到您的机器上。这可能需要几分钟时间，具体取决于您的网络速度。一旦工作空间启动，您就可以通过 http:\u002F\u002Flocalhost:8080 访问它。\n\n> _如果是在其他机器上启动，或者使用了不同的端口，请务必使用该机器的 IP\u002FDNS 地址以及暴露的端口。_\n\n为了以生产级方式部署单个实例，我们建议至少应用以下选项：\n\n```bash\ndocker run -d \\\n    -p 8080:8080 \\\n    --name \"ml-workspace\" \\\n    -v \"${PWD}:\u002Fworkspace\" \\\n    --env AUTHENTICATE_VIA_JUPYTER=\"mytoken\" \\\n    --shm-size 512m \\\n    --restart always \\\n    mltooling\u002Fml-workspace:0.13.2\n```\n\n此命令将在后台运行容器（`-d`），将您当前的工作目录挂载到 `\u002Fworkspace` 文件夹中（`-v`），通过提供的令牌保护工作空间（`--env AUTHENTICATE_VIA_JUPYTER`），提供 512MB 的共享内存（`--shm-size`）以防止意外崩溃（请参阅 [已知问题部分](#known-issues)），并在系统重启时保持容器运行（`--restart always`）。您可以在 [此处](https:\u002F\u002Fdocs.docker.com\u002Fengine\u002Freference\u002Fcommandline\u002Frun\u002F) 找到 `docker run` 的更多选项，并在 [下方的配置部分](#Configuration) 查看工作空间的配置选项。\n\n### 配置选项\n\n工作区提供了多种配置选项，可通过设置环境变量来使用（通过 docker run 选项：`--env`）。\n\n\u003Cdetails>\n\u003Csummary>配置选项（点击展开...）\u003C\u002Fsummary>\n\n\u003Ctable>\n    \u003Ctr>\n        \u003Cth>变量\u003C\u002Fth>\n        \u003Cth>描述\u003C\u002Fth>\n        \u003Cth>默认值\u003C\u002Fth>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>WORKSPACE_BASE_URL\u003C\u002Ftd>\n        \u003Ctd>Jupyter 及所有其他工具将从该基础 URL 下访问。\u003C\u002Ftd>\n        \u003Ctd>\u002F\u003C\u002Ftd>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>WORKSPACE_SSL_ENABLED\u003C\u002Ftd>\n        \u003Ctd>启用或禁用 SSL。当设置为 true 时，必须将证书（cert.crt）挂载到 \u003Ccode>\u002Fresources\u002Fssl\u003C\u002Fcode> 目录下；否则，容器会生成自签名证书。\u003C\u002Ftd>\n        \u003Ctd>false\u003C\u002Ftd>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>WORKSPACE_AUTH_USER\u003C\u002Ftd>\n        \u003Ctd>基本认证用户名。要启用基本认证，必须同时设置用户名和密码。我们建议使用 \u003Ccode>AUTHENTICATE_VIA_JUPYTER\u003C\u002Fcode> 来保护工作区的安全。\u003C\u002Ftd>\n        \u003Ctd>\u003C\u002Ftd>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>WORKSPACE_AUTH_PASSWORD\u003C\u002Ftd>\n        \u003Ctd>基本认证用户密码。要启用基本认证，必须同时设置用户名和密码。我们建议使用 \u003Ccode>AUTHENTICATE_VIA_JUPYTER\u003C\u002Fcode> 来保护工作区的安全。\u003C\u002Ftd>\n        \u003Ctd>\u003C\u002Ftd>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>WORKSPACE_PORT\u003C\u002Ftd>\n        \u003Ctd>配置工作区代理的主要容器内端口。在大多数情况下，不应更改此配置，而应通过 Docker 的端口映射来访问工作区，而不是直接修改工作区的端口配置。\u003C\u002Ftd>\n        \u003Ctd>8080\u003C\u002Ftd>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>CONFIG_BACKUP_ENABLED\u003C\u002Ftd>\n        \u003Ctd>自动备份和恢复用户配置到持久化 \u003Ccode>\u002Fworkspace\u003C\u002Fcode> 文件夹中，例如用户的 .ssh、.jupyter 或 .gitconfig 等主目录文件。\u003C\u002Ftd>\n        \u003Ctd>true\u003C\u002Ftd>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>SHARED_LINKS_ENABLED\u003C\u002Ftd>\n        \u003Ctd>启用或禁用通过外部链接共享资源的功能。这用于实现文件共享、访问工作区内网端口以及便捷的基于命令的 SSH 设置。所有共享链接都通过令牌进行保护。然而，存在一定风险，因为令牌在共享后难以撤销且不会过期。\u003C\u002Ftd>\n        \u003Ctd>true\u003C\u002Ftd>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>INCLUDE_TUTORIALS\u003C\u002Ftd>\n        \u003Ctd>如果为 \u003Ccode>true\u003C\u002Fcode>,则在容器启动时会将一部分教程和入门笔记本添加到 \u003Ccode>\u002Fworkspace\u003C\u002Fcode> 文件夹中，但仅当该文件夹为空时才会执行此操作。\u003C\u002Ftd>\n        \u003Ctd>true\u003C\u002Ftd>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>MAX_NUM_THREADS\u003C\u002Ftd>\n        \u003Ctd>在使用各种常用库（MKL、OPENBLAS、OMP、NUMBA 等）进行计算时使用的线程数。您也可以使用 \u003Ccode>auto\u003C\u002Fcode> 让工作区根据可用 CPU 资源动态确定线程数。此配置可在工作区内部由用户覆盖。通常，将其设置为等于或低于工作区可用的 CPU 核心数是比较合适的。\u003C\u002Ftd>\n        \u003Ctd>auto\u003C\u002Ftd>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd colspan=\"3\">\u003Cb>Jupyter 配置：\u003C\u002Fb>\u003C\u002Ftd>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>SHUTDOWN_INACTIVE_KERNELS\u003C\u002Ftd>\n        \u003Ctd>在给定超时后自动关闭不活跃的内核，以释放内存或 GPU 资源。值可以是秒数，也可以设置为 \u003Ccode>true\u003C\u002Fcode>，此时默认超时时间为 48 小时。\u003C\u002Ftd>\n        \u003Ctd>false\u003C\u002Ftd>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>AUTHENTICATE_VIA_JUPYTER\u003C\u002Ftd>\n        \u003Ctd>如果为 \u003Ccode>true\u003C\u002Fcode>,则所有 HTTP 请求都将针对 Jupyter 服务器进行身份验证，这意味着 Jupyter 配置的身份验证方法也将用于其他工具。可以通过设置为 \u003Ccode>false\u003C\u002Fcode> 来禁用此功能。任何其他值都会激活此身份验证，并作为 Jupyter 的 NotebookApp.token 配置应用到令牌中。\u003C\u002Ftd>\n        \u003Ctd>false\u003C\u002Ftd>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>NOTEBOOK_ARGS\u003C\u002Ftd>\n        \u003Ctd>通过命令行参数添加和覆盖 Jupyter 配置选项。有关所有选项，请参阅 \u003Ca href=\"https:\u002F\u002Fjupyter-notebook.readthedocs.io\u002Fen\u002Fstable\u002Fconfig.html\">此概述\u003C\u002Fa>。\u003C\u002Ftd>\n        \u003Ctd>\u003C\u002Ftd>\n    \u003C\u002Ftr>\n\u003C\u002Ftable>\n\n\u003C\u002Fdetails>\n\n### 数据持久化\n\n要使数据持久化，需要将卷挂载到 `\u002Fworkspace` 目录下（通过 docker run 选项：`-v`）。\n\n\u003Cdetails>\n\u003Csummary>详细信息（点击展开...）\u003C\u002Fsummary>\n\n容器内的默认工作目录是 `\u002Fworkspace`，这也是 Jupyter 实例的根目录。`\u002Fworkspace` 目录旨在用于存储所有重要的工作成果。服务器其他目录中的数据（例如 `\u002Froot`）可能会在容器重启时丢失。\n\u003C\u002Fdetails>\n\n### 启用身份验证\n\n我们强烈建议通过以下两种方式之一启用身份验证。对于这两种方式，用户在访问任何预装工具时都需要进行身份验证。\n\n> _身份验证仅适用于通过主工作区端口（默认：`8080`）访问的所有工具。这适用于所有预装工具以及 [访问端口](#access-ports) 功能。如果您暴露了容器的其他端口，请务必也为其启用身份验证！_\n\n\u003Cdetails>\n\u003Csummary>详细信息（点击展开...）\u003C\u002Fsummary>\n\n#### 基于 Jupyter 的令牌身份验证（推荐）\n\n通过 `AUTHENTICATE_VIA_JUPYTER` 变量激活基于 Jupyter 身份验证实现的令牌身份验证：\n\n```bash\ndocker run -p 8080:8080 --env AUTHENTICATE_VIA_JUPYTER=\"mytoken\" mltooling\u002Fml-workspace:0.13.2\n```\n\n您还可以使用 `\u003Cgenerated>` 让 Jupyter 生成一个随机令牌，并将其打印到容器日志中。如果设置为 `true`，则不会设置任何令牌，但会确保对工作区中任何工具的请求都会通过 Jupyter 实例检查用户是否已身份验证。这通常用于 JupyterHub 等工具，这些工具会配置自己的身份验证方式。\n\n#### 基于 Nginx 的基本身份验证\n\n通过 `WORKSPACE_AUTH_USER` 和 `WORKSPACE_AUTH_PASSWORD` 变量激活基本身份验证：\n\n```bash\ndocker run -p 8080:8080 --env WORKSPACE_AUTH_USER=\"user\" --env WORKSPACE_AUTH_PASSWORD=\"pwd\" mltooling\u002Fml-workspace:0.13.2\n```\n\n基本身份验证是通过 Nginx 代理配置的，与另一种方式相比可能性能更好。因为在使用 `AUTHENTICATE_VIA_JUPYTER` 时，每次对工作区中任何工具的请求都需要通过 Jupyter 实例检查用户（基于请求的 Cookie）是否已身份验证。\n\u003C\u002Fdetails>\n\n### 启用 SSL\u002FHTTPS\n\n我们建议启用 SSL，以便可以通过 HTTPS（加密通信）访问工作区。SSL 加密可以通过 `WORKSPACE_SSL_ENABLED` 变量来激活。\n\n\u003Cdetails>\n\u003Csummary>详情（点击展开…）\u003C\u002Fsummary>\n\n当设置为 `true` 时，必须将 `cert.crt` 和 `cert.key` 文件挂载到 `\u002Fresources\u002Fssl` 目录；或者，如果证书文件不存在，则容器会生成自签名证书。例如，如果本地系统的 `\u002Fpath\u002Fwith\u002Fcertificate\u002Ffiles` 目录下包含主机域名的有效证书文件（`cert.crt` 和 `cert.key`），则可以在工作区中按如下方式使用：\n\n```bash\ndocker run \\\n    -p 8080:8080 \\\n    --env WORKSPACE_SSL_ENABLED=\"true\" \\\n    -v \u002Fpath\u002Fwith\u002Fcertificate\u002Ffiles:\u002Fresources\u002Fssl:ro \\\n    mltooling\u002Fml-workspace:0.13.2\n```\n\n如果您希望在公共域名上托管工作区，我们建议使用 [Let's Encrypt](https:\u002F\u002Fletsencrypt.org\u002Fgetting-started\u002F) 为您的域名获取受信任的证书。要将生成的证书（例如通过 [certbot](https:\u002F\u002Fcertbot.eff.org\u002F) 工具）用于工作区，`privkey.pem` 对应于 `cert.key` 文件，而 `fullchain.pem` 则对应于 `cert.crt` 文件。\n\n> _启用 SSL 支持后，您必须通过 `https:\u002F\u002F` 访问工作区，而不是普通的 `http:\u002F\u002F`。_\n\n\u003C\u002Fdetails>\n\n### 限制内存和 CPU\n\n默认情况下，工作区容器没有资源限制，可以使用宿主机内核调度器允许的任意数量的资源。Docker 提供了方法，可以通过设置 `docker run` 命令的运行时配置标志来控制容器可以使用的内存或 CPU 数量。\n\n> _工作区至少需要 2 个 CPU 和 500MB 内存才能稳定运行并正常使用。_\n\n\u003Cdetails>\n\u003Csummary>详情（点击展开…）\u003C\u002Fsummary>\n\n例如，以下命令将工作区的资源限制为最多 8 个 CPU、16GB 内存和 1GB 共享内存（参见[已知问题](#known-issues))：\n\n```bash\ndocker run -p 8080:8080 --cpus=8 --memory=16g --shm-size=1G mltooling\u002Fml-workspace:0.13.2\n```\n\n> 📖 _有关更多选项和资源限制的文档，请参阅[Docker 官方指南](https:\u002F\u002Fdocs.docker.com\u002Fconfig\u002Fcontainers\u002Fresource_constraints\u002F)。_\n\n\u003C\u002Fdetails>\n\n### 启用代理\n\n如果需要使用代理，可以通过 `HTTP_PROXY`、`HTTPS_PROXY` 和 `NO_PROXY` 环境变量传递代理配置。\n\n### 工作区镜像版本\n\n除了主工作区镜像（`mltooling\u002Fml-workspace`）之外，我们还提供了其他扩展功能或缩小镜像体积的版本，以满足多种使用场景的需求。\n\n#### 极简版\n\n\u003Cp>\n\u003Ca href=\"https:\u002F\u002Fhub.docker.com\u002Fr\u002Fmltooling\u002Fml-workspace\" title=\"Docker 镜像版本\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fv\u002Fmltooling\u002Fml-workspace?color=blue&sort=semver\">\u003C\u002Fa>\n\u003Ca href=\"https:\u002F\u002Fhub.docker.com\u002Fr\u002Fmltooling\u002Fml-workspace-minimal\" title=\"Docker 镜像大小\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fimage-size\u002Fmltooling\u002Fml-workspace-minimal?color=blue&sort=semver\">\u003C\u002Fa>\n\u003Ca href=\"https:\u002F\u002Fhub.docker.com\u002Fr\u002Fmltooling\u002Fml-workspace-minimal\" title=\"Docker 拉取次数\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fpulls\u002Fmltooling\u002Fml-workspace-minimal.svg\">\u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003Cdetails>\n\u003Csummary>详细信息（点击展开...）\u003C\u002Fsummary>\n\n极简版镜像（`mltooling\u002Fml-workspace-minimal`）是我们最小的镜像，包含了[功能部分](#features)中描述的大多数工具和特性，但去除了主镜像中预装的大部分 Python 库。任何被排除的 Python 库或工具都可以在运行时由用户手动安装。\n\n```bash\ndocker run -p 8080:8080 mltooling\u002Fml-workspace-minimal:0.13.2\n```\n\u003C\u002Fdetails>\n\n#### R 版\n\n\u003Cp>\n\u003Ca href=\"https:\u002F\u002Fhub.docker.com\u002Fr\u002Fmltooling\u002Fml-workspace-r\" title=\"Docker 镜像版本\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fv\u002Fmltooling\u002Fml-workspace-r?color=blue&sort=semver\">\u003C\u002Fa>\n\u003Ca href=\"https:\u002F\u002Fhub.docker.com\u002Fr\u002Fmltooling\u002Fml-workspace-r\" title=\"Docker 镜像大小\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fimage-size\u002Fmltooling\u002Fml-workspace-r?color=blue&sort=semver\">\u003C\u002Fa>\n\u003Ca href=\"https:\u002F\u002Fhub.docker.com\u002Fr\u002Fmltooling\u002Fml-workspace-r\" title=\"Docker 拉取次数\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fpulls\u002Fmltooling\u002Fml-workspace-r.svg\">\u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003Cdetails>\n\u003Csummary>详细信息（点击展开...）\u003C\u002Fsummary>\n\nR 版镜像（`mltooling\u002Fml-workspace-r`）基于我们的默认工作区镜像，并在此基础上添加了 R 解释器、R Jupyter 内核、RStudio 服务器（可通过“打开工具 -> RStudio”访问），以及 R 生态系统中的多种流行包。\n\n```bash\ndocker run -p 8080:8080 mltooling\u002Fml-workspace-r:0.12.1\n```\n\u003C\u002Fdetails>\n\n#### Spark 版\n\n\u003Cp>\n\u003Ca href=\"https:\u002F\u002Fhub.docker.com\u002Fr\u002Fmltooling\u002Fml-workspace-spark\" title=\"Docker 镜像版本\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fv\u002Fmltooling\u002Fml-workspace-spark?color=blue&sort=semver\">\u003C\u002Fa>\n\u003Ca href=\"https:\u002F\u002Fhub.docker.com\u002Fr\u002Fmltooling\u002Fml-workspace-spark\" title=\"Docker 镜像大小\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fimage-size\u002Fmltooling\u002Fml-workspace-spark?color=blue&sort=semver\">\u003C\u002Fa>\n\u003Ca href=\"https:\u002F\u002Fhub.docker.com\u002Fr\u002Fmltooling\u002Fml-workspace-spark\" title=\"Docker 拉取次数\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fpulls\u002Fmltooling\u002Fml-workspace-spark.svg\">\u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003Cdetails>\n\u003Csummary>详细信息（点击展开...）\u003C\u002Fsummary>\n\nSpark 版镜像（`mltooling\u002Fml-workspace-spark`）基于我们的 R 版工作区镜像，并在此基础上添加了 Spark 运行时、Spark Jupyter 内核、Zeppelin Notebook（可通过“打开工具 -> Zeppelin”访问）、PySpark、Hadoop、Java 内核，以及一些额外的库和 Jupyter 扩展。\n\n```bash\ndocker run -p 8080:8080 mltooling\u002Fml-workspace-spark:0.12.1\n```\n\n\u003C\u002Fdetails>\n\n#### GPU 版\n\n\u003Cp>\n\u003Ca href=\"https:\u002F\u002Fhub.docker.com\u002Fr\u002Fmltooling\u002Fml-workspace-gpu\" title=\"Docker 镜像版本\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fv\u002Fmltooling\u002Fml-workspace-gpu?color=blue&sort=semver\">\u003C\u002Fa>\n\u003Ca href=\"https:\u002F\u002Fhub.docker.com\u002Fr\u002Fmltooling\u002Fml-workspace-gpu\" title=\"Docker 镜像大小\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fimage-size\u002Fmltooling\u002Fml-workspace-gpu?color=blue&sort=semver\">\u003C\u002Fa>\n\u003Ca href=\"https:\u002F\u002Fhub.docker.com\u002Fr\u002Fmltooling\u002Fml-workspace-gpu\" title=\"Docker 拉取次数\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fpulls\u002Fmltooling\u002Fml-workspace-gpu.svg\">\u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003Cdetails>\n\u003Csummary>详细信息（点击展开...）\u003C\u002Fsummary>\n\n> _目前，GPU 版仅支持 CUDA 11.2。未来可能会增加对其他 CUDA 版本的支持。_\n\nGPU 版镜像（`mltooling\u002Fml-workspace-gpu`）基于我们的默认工作区镜像，并在此基础上添加了 CUDA 10.1 以及适用于 GPU 的各种机器学习库（如 TensorFlow、PyTorch、CNTK、JAX 等）。此 GPU 镜像对系统有以下额外要求：\n\n- 显卡的 NVIDIA 驱动程序。驱动程序需兼容 CUDA 11.2，版本为 `>=460.32.03`（[📖 说明](https:\u002F\u002Fgithub.com\u002FNVIDIA\u002Fnvidia-docker\u002Fwiki\u002FFrequently-Asked-Questions#how-do-i-install-the-nvidia-driver)）。\n- （Docker ≥ 19.03）NVIDIA 容器工具包（[📖 说明](https:\u002F\u002Fgithub.com\u002FNVIDIA\u002Fnvidia-docker\u002Fwiki\u002FInstallation-(Native-GPU-Support))）。\n\n```bash\ndocker run -p 8080:8080 --gpus all mltooling\u002Fml-workspace-gpu:0.13.2\n```\n\n- （Docker \u003C 19.03）NVIDIA Docker 2.0（[📖 说明](https:\u002F\u002Fgithub.com\u002FNVIDIA\u002Fnvidia-docker\u002Fwiki\u002FInstallation-(version-2.0))）。\n\n```bash\ndocker run -p 8080:8080 --runtime nvidia --env NVIDIA_VISIBLE_DEVICES=\"all\" mltooling\u002Fml-workspace-gpu:0.13.2\n```\n\nGPU 版还提供了一些额外的配置选项，如下所述：\n\n\u003Ctable>\n    \u003Ctr>\n        \u003Cth>变量\u003C\u002Fth>\n        \u003Cth>描述\u003C\u002Fth>\n        \u003Cth>默认值\u003C\u002Fth>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>NVIDIA_VISIBLE_DEVICES\u003C\u002Ftd>\n        \u003Ctd>控制工作区内可访问的 GPU。默认情况下，主机上的所有 GPU 都可在工作区内访问。您可以使用 `all`、`none`，或者指定一个用逗号分隔的设备 ID 列表（例如 `0,1`）。您可以通过在主机上运行 `nvidia-smi` 来查看可用的设备 ID 列表。\u003C\u002Ftd>\n        \u003Ctd>all\u003C\u002Ftd>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>CUDA_VISIBLE_DEVICES\u003C\u002Ftd>\n        \u003Ctd>控制工作区内运行的 CUDA 应用程序可见的 GPU。默认情况下，工作区可访问的所有 GPU 都是可见的。要限制应用程序可见的 GPU，请根据工作区内的可用设备（运行 `nvidia-smi`）提供一个内部设备 ID 的逗号分隔列表（例如 `0,2`）。与 `NVIDIA_VISIBLE_DEVICES` 不同的是，工作区用户仍可通过在工作区内覆盖此配置来访问其他 GPU。\u003C\u002Ftd>\n        \u003Ctd>\u003C\u002Ftd>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>TF_FORCE_GPU_ALLOW_GROWTH\u003C\u002Ftd>\n        \u003Ctd>默认情况下，TensorFlow 图的第一个执行会分配大部分 GPU 内存。虽然这种行为对于生产流水线来说可能是理想的，但对于交互式使用则不太理想。使用 `true` 可启用动态 GPU 内存分配，而使用 `false` 则会指示 TensorFlow 在执行时一次性分配所有内存。\u003C\u002Ftd>\n        \u003Ctd>true\u003C\u002Ftd>\n    \u003C\u002Ftr>\n\u003C\u002Ftable>\n\u003C\u002Fdetails>\n\n### 多用户设置\n\n工作区被设计为单用户开发环境。对于多用户设置，我们建议部署 [🧰 ML Hub](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-hub)。ML Hub 基于 JupyterHub，其任务是为多个用户启动、管理和代理工作区实例。\n\n\u003Cdetails>\n\u003Csummary>部署（点击展开...）\u003C\u002Fsummary>\n\nML Hub 可以轻松地在单个服务器上（通过 Docker）或集群上（通过 Kubernetes）搭建多用户环境，并支持多种使用场景和身份验证提供商。您可以通过以下方式试用 ML Hub：\n\n```bash\ndocker run -p 8080:8080 -v \u002Fvar\u002Frun\u002Fdocker.sock:\u002Fvar\u002Frun\u002Fdocker.sock mltooling\u002Fml-hub:latest\n```\n\n有关 ML Hub 的更多信息和文档，请查看 [GitHub 网站](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-hub)。\n\n\u003C\u002Fdetails>\n\n---\n\n\u003Cbr>\n\n## 支持\n\n该项目由 [Benjamin Räthlein](https:\u002F\u002Ftwitter.com\u002Fraethlein)、[Lukas Masuch](https:\u002F\u002Ftwitter.com\u002FLukasMasuch) 和 [Jan Kalkan](https:\u002F\u002Fwww.linkedin.com\u002Fin\u002Fjan-kalkan-b5390284\u002F) 维护。请理解，我们无法通过电子邮件提供个人支持。我们还认为，公开分享的帮助更有价值，这样更多人可以从中受益。\n\n| 类型                     | 渠道                                              |\n| ------------------------ | ------------------------------------------------------ |\n| 🚨  **错误报告**       | \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fissues?utf8=%E2%9C%93&q=is%3Aopen+is%3Aissue+label%3Abug+sort%3Areactions-%2B1-desc+\" title=\"打开错误报告\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fissues\u002Fml-tooling\u002Fml-workspace\u002Fbug.svg\">\u003C\u002Fa>                                  |\n| 🎁  **功能请求**  | \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fissues?q=is%3Aopen+is%3Aissue+label%3Afeature+sort%3Areactions-%2B1-desc\" title=\"打开功能请求\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fissues\u002Fml-tooling\u002Fml-workspace\u002Ffeature.svg?label=feature%20request\">\u003C\u002Fa>                                 |\n| 👩‍💻  **使用问题**   |  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fissues?q=is%3Aopen+is%3Aissue+label%3Asupport+sort%3Areactions-%2B1-desc\" title=\"打开支持请求\"> \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fissues\u002Fml-tooling\u002Fml-workspace\u002Fsupport.svg?label=support%20request\">\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fstackoverflow.com\u002Fquestions\u002Ftagged\u002Fml-tooling\" title=\"在 Stack Overflow 上提问\"> \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fstackoverflow-ml--tooling-orange.svg\">\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fgitter.im\u002Fml-tooling\u002Fml-workspace\" title=\"在 Gitter 上聊天\">\u003Cimg src=\"https:\u002F\u002Fbadges.gitter.im\u002Fml-tooling\u002Fml-workspace.svg\">\u003C\u002Fa> |\n| 📢  **公告** | \u003Ca href=\"https:\u002F\u002Fgitter.im\u002Fml-tooling\u002Fml-workspace\" title=\"在 Gitter 上聊天\">\u003Cimg src=\"https:\u002F\u002Fbadges.gitter.im\u002Fml-tooling\u002Fml-workspace.svg\">\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fmltooling.substack.com\u002Fsubscribe\" title=\"订阅更新\">\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_c2109c0b6cbf.png\">\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fmltooling\" title=\"ML Tooling 在 Twitter 上\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Ftwitter\u002Ffollow\u002Fmltooling.svg?style=social&label=Follow\"> |\n| ❓  **其他请求** | \u003Ca href=\"mailto:team@mltooling.org\" title=\"发送邮件给 ML Tooling 团队\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Femail-ML Tooling-green?logo=mail.ru&logoColor=white\">\u003C\u002Fa> |\n\n---\n\n\u003Cbr>\n\n## 功能\n\n\u003Cp align=\"center\">\n  \u003Ca href=\"#jupyter\">Jupyter\u003C\u002Fa> •\n  \u003Ca href=\"#desktop-gui\">桌面 GUI\u003C\u002Fa> •\n  \u003Ca href=\"#visual-studio-code\">VS Code\u003C\u002Fa> •\n  \u003Ca href=\"#jupyterlab\">JupyterLab\u003C\u002Fa> •\n  \u003Ca href=\"#git-integration\">Git 集成\u003C\u002Fa> •\n  \u003Ca href=\"#file-sharing\">文件共享\u003C\u002Fa> •\n  \u003Ca href=\"#access-ports\">访问端口\u003C\u002Fa> •\n  \u003Ca href=\"#tensorboard\">TensorBoard\u003C\u002Fa> •\n  \u003Ca href=\"#extensibility\">可扩展性\u003C\u002Fa> •\n  \u003Ca href=\"#hardware-monitoring\">硬件监控\u003C\u002Fa> •\n  \u003Ca href=\"#ssh-access\">SSH 访问\u003C\u002Fa> •\n  \u003Ca href=\"#remote-development\">远程开发\u003C\u002Fa> •\n  \u003Ca href=\"#run-as-a-job\">作业执行\u003C\u002Fa>\n\u003C\u002Fp>\n\n工作区配备了一系列一流的开源开发工具，以帮助完成机器学习工作流。其中许多工具可以从 Jupyter（工作区的主要应用程序）的“Open Tool”菜单中启动：\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_42070d559aa2.png\"\u002F>\n\n> _在您的工作区内，您拥有 **完全的 root 和 sudo 权限**，可以通过终端安装任何所需的库或工具（例如 `pip`、`apt-get`、`conda` 或 `npm`）。您可以在 [可扩展性](#extensibility) 部分找到更多扩展工作区的方法_\n\n### Jupyter\n\n[Jupyter Notebook](https:\u002F\u002Fjupyter.org\u002F) 是一个基于 Web 的交互式环境，用于编写和运行代码。Jupyter 的主要组成部分包括文件浏览器、笔记本编辑器和内核。文件浏览器为 `\u002Fworkspace` 目录中的所有笔记本、文件和文件夹提供了一个交互式文件管理器。\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_45e0ec240eee.png\"\u002F>\n\n可以通过点击列表顶部的“New”下拉按钮并选择所需的语言内核来创建一个新的笔记本。\n\n> _您还可以通过在文件浏览器中选择“New -> Terminal”来启动交互式的 **终端** 实例。_\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_e80a87964543.png\"\u002F>\n\n笔记本编辑器使用户能够编写包含实时代码、Markdown 文本、Shell 命令、LaTeX 公式、交互式小部件、图表和图像的文档。这些笔记本文档提供了计算过程的完整且自包含的记录，可以转换为各种格式并与他人共享。\n\n> _此工作区已激活多种 **第三方 Jupyter 扩展**。您可以在 nbextensions 配置器中配置这些扩展：文件浏览器上的 `nbextensions` 选项卡_\n\n笔记本允许使用多种不同的编程语言运行代码。对于用户打开的每个笔记本文档，Web 应用程序都会启动一个 **内核** 来运行该笔记本的代码并返回输出。此工作区预装了 Python 3 内核。可以安装其他内核以访问其他语言（例如 R、Scala、Go）或额外的计算资源（例如 GPU、CPU、内存）。\n\n> _**Python 2** 已被弃用，我们不建议使用它。不过，您仍然可以通过以下命令安装 Python 2.7 内核：`\u002Fbin\u002Fbash \u002Fresources\u002Ftools\u002Fpython-27.sh`_\n\n### 桌面 GUI\n\n该工作区通过 [noVNC](https:\u002F\u002Fgithub.com\u002Fnovnc\u002FnoVNC) 提供基于 HTTP 的 VNC 访问，从而允许您使用功能齐全的桌面 GUI 来访问和操作工作区。要访问此桌面 GUI，请转到“Open Tool”，选择“VNC”，然后单击“Connect”按钮。如果系统提示输入密码，请使用 `vncpassword`。\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_6fe7488bd15c.png\"\u002F>\n\n连接成功后，您将看到一个桌面 GUI，允许您安装并使用功能完善的网页浏览器或其他适用于 Ubuntu 的工具。在桌面上的“Tools”文件夹中，您会找到一系列安装脚本，可以方便地安装一些最常用的开发工具，例如 Atom、PyCharm、R-Runtime、R-Studio 或 Postman（只需双击相应的脚本即可）。\n\n**剪贴板：** 如果您希望在本地机器与工作区之间共享剪贴板，可以按照以下说明使用复制粘贴功能：\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_b434c14aa9a1.png\"\u002F>\n\n> 💡 _**长时间运行的任务：** 对于长时间运行的 Jupyter 作业，请使用桌面 GUI。通过从工作区桌面 GUI 的浏览器中运行笔记本，即使您已断开浏览器与笔记本的连接，所有输出仍会同步更新到笔记本中。_\n\n### Visual Studio Code\n\n[Visual Studio Code](https:\u002F\u002Fgithub.com\u002Fmicrosoft\u002Fvscode)（“Open Tool -> VS Code”）是一款开源、轻量级但功能强大的代码编辑器，内置对多种语言的支持，并拥有丰富的扩展生态系统。它将源代码编辑器的简洁性与 IntelliSense 代码补全和调试等强大的开发者工具相结合。该工作区将 VS Code 集成为基于 Web 的应用程序，可通过基于浏览器的优秀项目 [code-server](https:\u002F\u002Fgithub.com\u002Fcdr\u002Fcode-server) 访问。这使您可以根据自己的喜好自定义各项功能，并安装任意数量的第三方扩展。\n\n\u003Cp align=\"center\">\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_297e6177e6f7.png\"\u002F>\u003C\u002Fp>\n\n此外，该工作区还提供了 VS Code 与 Jupyter 的集成，允许您为任何选定的文件夹打开一个 VS Code 实例，如下所示：\n\n\u003Cp align=\"center\">\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_e3df619e8fef.png\"\u002F>\u003C\u002Fp>\n\n### JupyterLab\n\n[JupyterLab](https:\u002F\u002Fgithub.com\u002Fjupyterlab\u002Fjupyterlab)（“Open Tool -> JupyterLab”）是 Project Jupyter 的下一代用户界面。它在一个灵活而强大的用户界面中提供了经典 Jupyter Notebook 的所有熟悉组件（笔记本、终端、文本编辑器、文件浏览器、富输出等）。此 JupyterLab 实例预装了一些有用的扩展，例如 [jupyterlab-toc](https:\u002F\u002Fgithub.com\u002Fjupyterlab\u002Fjupyterlab-toc)、[jupyterlab-git](https:\u002F\u002Fgithub.com\u002Fjupyterlab\u002Fjupyterlab-git) 和 [juptyterlab-tensorboard](https:\u002F\u002Fgithub.com\u002Fchaoleili\u002Fjupyterlab_tensorboard)。\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_04a88f9ddf9f.png\"\u002F>\n\n### Git 集成\n\n版本控制是高效协作的关键环节。为了使这一过程尽可能顺畅，我们集成了一个专门用于推送单个笔记本的定制 Jupyter 扩展、一个功能完善的基于 Web 的 Git 客户端（[ungit](https:\u002F\u002Fgithub.com\u002FFredrikNoren\u002Fungit)）、一个可将纯文本文件（如 `.py`、`.md`）作为笔记本打开并编辑的工具（[jupytext](https:\u002F\u002Fgithub.com\u002Fmwouts\u002Fjupytext)），以及一个笔记本合并工具（[nbdime](https:\u002F\u002Fgithub.com\u002Fjupyter\u002Fnbdime)）。此外，JupyterLab 和 VS Code 也提供基于 GUI 的 Git 客户端。\n\n#### 克隆仓库\n\n对于通过 `https` 克隆仓库，我们建议导航到目标根目录，然后单击如下所示的“git”按钮：\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_79c415d8762c.png\"\u002F>\n\n这可能会要求您进行一些必要的设置，随后会打开 [ungit](https:\u002F\u002Fgithub.com\u002FFredrikNoren\u002Fungit)，这是一个具有简洁直观界面的基于 Web 的 Git 客户端，便于同步您的代码工件。在 ungit 中，您可以克隆任何仓库。如果需要身份验证，系统将提示您输入凭据。\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_8bcc754c535c.png\"\u002F>\n\n#### 推送、拉取、合并及其他 Git 操作\n\n要将单个笔记本提交并推送到远程 Git 仓库，我们建议使用集成在 Jupyter 中的 Git 插件，如下所示：\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_5753ecd9b667.png\"\u002F>\n\n对于更高级的 Git 操作，我们建议使用 [ungit](https:\u002F\u002Fgithub.com\u002FFredrikNoren\u002Fungit)。借助 ungit，您可以执行大多数常见的 Git 操作，如推送、拉取、合并、分支、标签、检出等。\n\n#### 笔记本的差异比较与合并\n\nJupyter 笔记本非常强大，但它们通常是体积庞大的文件，采用非常特殊的 JSON 文件格式。为了实现通过 Git 进行无缝的差异比较和合并，该工作区预装了 [nbdime](https:\u002F\u002Fgithub.com\u002Fjupyter\u002Fnbdime)。nbdime 能够理解笔记本文档的结构，因此在比较和合并笔记本时会自动做出智能决策。如果出现合并冲突，nbdime 会确保笔记本仍然能够被 Jupyter 读取，如下所示：\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_3736b7ef74f8.png\"\u002F>\n\n此外，该工作区还预装了 [jupytext](https:\u002F\u002Fgithub.com\u002Fmwouts\u002Fjupytext)，这是一个可以读取和写入纯文本文件的 Jupyter 插件。这使得您能够在 Jupyter 中将脚本或 Markdown 文件（如 `.py`、`.md`）作为笔记本打开、编辑和运行。在下面的截图中，我们通过 Jupyter 打开了一个 Markdown 文件：\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_d333c65bebee.png\"\u002F>\n\n结合 Git 使用时，jupytext 可以提供清晰的差异历史记录，并轻松解决版本冲突。借助这两款工具，使用 Git 协作处理 Jupyter 笔记本将变得十分简便。\n\n### 文件共享\n\n工作区提供了一项功能，可通过受令牌保护的链接与任何人共享任意文件或文件夹。要通过链接共享数据，请从 Jupyter 目录树中选择任意文件或文件夹，然后单击如下截图所示的“分享”按钮：\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_57ca37917b1b.png\"\u002F>\n\n这将生成一个由令牌保护的唯一链接，任何拥有该链接的人都可以通过 [Filebrowser](https:\u002F\u002Fgithub.com\u002Ffilebrowser\u002Ffilebrowser) 界面查看并下载所选数据：\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_8e316fcf5b16.png\"\u002F>\n\n要停用或管理（例如授予编辑权限）共享链接，请通过 `Open Tool -> Filebrowser` 打开 Filebrowser，并选择 `Settings->User Management`。\n\n### 访问端口\n\n您可以通过选择 `Open Tool -> Access Port` 安全地访问工作区内的任何内部端口。借助此功能，您可以直接使用浏览器访问工作区内部运行的 REST API 或 Web 应用程序。该功能使开发者能够直接在工作区内构建、运行、测试和调试 REST API 或 Web 应用程序。\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_210cb78dae55.png\"\u002F>\n\n如果您希望使用 HTTP 客户端或与他人共享对特定端口的访问权限，可以选择“获取可共享链接”选项。这将生成一个受令牌保护的链接，任何拥有该链接的人都可以使用它来访问指定的端口。\n\n> _HTTP 应用必须从相对 URL 路径解析，或配置基础路径（`\u002Ftools\u002FPORT\u002F`）。以这种方式公开的工具受到工作区身份验证系统的保护！如果您决定不使用此功能来公开工具，而是自行发布容器的其他端口，请务必通过身份验证机制对其进行保护！_\n\n\u003Cdetails>\n\n\u003Csummary>示例（点击展开...）\u003C\u002Fsummary>\n\n1. 在工作区的终端中运行以下命令，在端口 `1234` 上启动一个 HTTP 服务器：`python -m http.server 1234`\n2. 选择 `Open Tool -> Access Port`，输入端口 `1234`，并选择“获取可共享链接”选项。\n3. 单击“Access”，您将看到 Python 的 `http.server` 提供的内容。\n4. 打开的链接也可以分享给其他人，或从外部应用程序中调用（例如，尝试在 Chrome 的无痕模式下访问）。\n\n\u003C\u002Fdetails>\n\n### SSH 访问\n\nSSH 提供了一组强大的功能，可帮助您更高效地完成开发任务。您可以通过选择 `Open Tool -> SSH` 轻松设置到工作空间的安全无密码 SSH 连接。这将生成一条安全的设置命令，可在任何 Linux 或 Mac 机器上运行，以配置与工作空间之间的无密码且安全的 SSH 连接。或者，您也可以下载设置脚本并直接运行（而不使用命令）。\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_ab91f881d270.png\"\u002F>\n\n> _该设置脚本仅适用于 Mac 和 Linux 系统，目前不支持 Windows。_\n\n只需在您希望建立连接的工作站上运行设置命令或脚本，并为该连接命名（例如 `my-workspace`）。在设置过程中，系统可能会提示您提供一些额外信息，比如在安装了 `remote_ikernel` 的情况下安装远程内核。成功设置并测试无密码 SSH 连接后，您只需执行 `ssh my-workspace` 即可安全地连接到工作空间。\n\n除了能够在远程机器上执行命令之外，SSH 还提供了多种其他功能，可改善您的开发工作流程，具体说明如下。\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>端口隧道\u003C\u002Fb>（点击展开...）\u003C\u002Fsummary>\n\n通过 SSH 连接，可以实现从远程机器到本地机器，或反之的端口隧道转发。例如，您可以将工作空间内部的 `5901` 端口（VNC 服务器）暴露到本地机器的 `5000` 端口，方法是执行以下命令：\n\n```bash\nssh -nNT -L 5000:localhost:5901 my-workspace\n```\n\n> _若要将本地机器上的应用端口暴露到工作空间，请使用 `-R` 选项（而非 `-L`）。_\n\n隧道建立后，您可以在本地机器上使用自己喜欢的 VNC 查看器，连接到 `vnc:\u002F\u002Flocalhost:5000`（默认密码：`vncpassword`）。为了使隧道连接更加稳定可靠，我们建议使用 [autossh](https:\u002F\u002Fwww.harding.motd.ca\u002Fautossh\u002F) 自动重启 SSH 隧道，以防连接中断：\n\n```bash\nautossh -M 0 -f -nNT -L 5000:localhost:5901 my-workspace\n```\n\n端口隧道在您于工作空间内启动了基于服务器的工具，并希望将其对外部机器开放时非常有用。默认情况下，工作空间已在不同端口上运行多种工具，例如：\n\n- `8080`：主工作空间端口，可访问所有集成工具。\n- `8090`：Jupyter 服务器。\n- `8054`：VS Code 服务器。\n- `5901`：VNC 服务器。\n- `22`：SSH 服务器。\n\n有关所有工具的端口信息，请参阅 [supervisor 配置文件](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fblob\u002Fmain\u002Fresources\u002Fsupervisor\u002Fsupervisord.conf)。\n\n> 📖 _如需了解更多关于端口隧道\u002F转发的信息，建议参考[这篇指南](https:\u002F\u002Fwww.everythingcli.org\u002Fssh-tunnelling-for-fun-and-profit-local-vs-remote\u002F)。_\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>通过 SCP 复制数据\u003C\u002Fb>（点击展开...）\u003C\u002Fsummary>\n\n[SCP](https:\u002F\u002Flinux.die.net\u002Fman\u002F1\u002Fscp) 允许通过 SSH 连接，在不同机器之间安全地复制文件和目录。例如，要将本地文件（`.\u002Flocal-file.txt`）复制到工作空间内的 `\u002Fworkspace` 目录中，可执行以下命令：\n\n```bash\nscp .\u002Flocal-file.txt my-workspace:\u002Fworkspace\n```\n\n若要将 `my-workspace` 中的 `\u002Fworkspace` 目录复制到本地机器的工作目录中，则可执行：\n\n```bash\nscp -r my-workspace:\u002Fworkspace .\n```\n\n> 📖 _如需了解更多关于 scp 的信息，建议参考[这篇指南](https:\u002F\u002Fwww.garron.me\u002Fen\u002Farticles\u002Fscp.html)。_\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>通过 Rsync 同步数据\u003C\u002Fb>（点击展开...）\u003C\u002Fsummary>\n\n[Rsync](https:\u002F\u002Flinux.die.net\u002Fman\u002F1\u002Frsync) 是一种用于在不同机器之间高效传输和同步文件的工具（例如通过 SSH 连接），它通过比较文件的修改时间和大小来确定需要更新的内容。每次运行 rsync 命令时，它都会自动识别哪些文件需要更新，相比使用 scp 或 sftp 等工具更为高效便捷。例如，要将本地文件夹（`.\u002Flocal-project-folder\u002F`）中的所有内容同步到工作空间内的 `\u002Fworkspace\u002Fremote-project-folder\u002F` 文件夹中，可执行以下命令：\n\n```bash\nrsync -rlptzvP --delete --exclude=\".git\" \".\u002Flocal-project-folder\u002F\" \"my-workspace:\u002Fworkspace\u002Fremote-project-folder\u002F\"\n```\n\n如果工作空间内的文件夹中有更改，您也可以通过交换源和目标参数，将这些更改同步回本地文件夹：\n\n```bash\nrsync -rlptzvP --delete --exclude=\".git\" \"my-workspace:\u002Fworkspace\u002Fremote-project-folder\u002F\" \".\u002Flocal-project-folder\u002F\"\n```\n\n每当您需要同步最新版本的文件时，都可以重新运行这些命令。Rsync 只会传输那些确实需要更新的文件。\n\n> 📖 _更多关于 rsync 的信息，请参阅[此 man 页面](https:\u002F\u002Flinux.die.net\u002Fman\u002F1\u002Frsync)。_\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>通过 SSHFS 挂载文件夹\u003C\u002Fb>（点击展开...）\u003C\u002Fsummary>\n\n除了复制和同步数据外，SSH 连接还可用于通过 [SSHFS](https:\u002F\u002Fgithub.com\u002Flibfuse\u002Fsshfs) 将远程机器上的目录挂载到本地文件系统中。例如，要将 `my-workspace` 的 `\u002Fworkspace` 目录挂载到本地路径（如 `\u002Flocal\u002Ffolder\u002Fpath`），可执行以下命令：\n\n```bash\nsshfs -o reconnect my-workspace:\u002Fworkspace \u002Flocal\u002Ffolder\u002Fpath\n```\n\n远程目录挂载完成后，您可以像操作本地目录和文件一样与远程文件系统进行交互。\n\n> 📖 _如需了解更多关于 sshfs 的信息，建议参考[这篇指南](https:\u002F\u002Fwww.digitalocean.com\u002Fcommunity\u002Ftutorials\u002Fhow-to-use-sshfs-to-mount-remote-file-systems-over-ssh)。_\n\u003C\u002Fdetails>\n\n### 远程开发\n\n工作区可以集成并用作多种流行开发工具和 IDE 的远程运行时（也称为远程内核\u002F机器\u002F解释器），例如 Jupyter、VS Code、PyCharm、Colab 或 Atom Hydrogen。通过这种方式，您可以将本地运行的常用开发工具连接到远程机器以执行代码。这使得您能够在远程托管的计算资源上获得与本地相同的开发体验。\n\n这些集成通常需要从本地机器到工作区的无密码 SSH 连接。要设置 SSH 连接，请按照 [SSH 访问](#ssh-access) 部分中说明的步骤操作。\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>Jupyter - 远程内核\u003C\u002Fb>（点击展开...）\u003C\u002Fsummary>\n\n工作区可以通过 [remote_ikernel](https:\u002F\u002Fbitbucket.org\u002Ftdaff\u002Fremote_ikernel\u002F) 工具添加到 Jupyter 实例中作为远程内核。如果您已在本地机器上安装了 remote_ikernel（`pip install remote_ikernel`），工作区的 SSH 设置脚本会自动为您提供设置远程内核连接的选项。\n\n> _在远程机器上运行内核时，笔记本本身会保存在本地文件系统上，但内核仅能访问运行该内核的远程机器的文件系统。如果需要同步数据，可以使用 rsync、scp 或 sshfs，具体方法请参阅 [SSH 访问](#ssh-access) 部分。_\n\n如果您希望手动设置和管理远程内核，可以使用 [remote_ikernel](https:\u002F\u002Fbitbucket.org\u002Ftdaff\u002Fremote_ikernel\u002Fsrc\u002Fdefault\u002FREADME.rst) 命令行工具，如下所示：\n\n```bash\n# 将 my-workspace 替换为工作区 SSH 连接的名称\nremote_ikernel manage --add \\\n    --interface=ssh \\\n    --kernel_cmd=\"ipython kernel -f {connection_file}\" \\\n    --name=\"ml-server (Python)\" \\\n    --host=\"my-workspace\"\n```\n\n您可以使用 remote_ikernel 命令行功能列出（`remote_ikernel manage --show`）或删除（`remote_ikernel manage --delete \u003CREMOTE_KERNEL_NAME>`）远程内核连接。\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_237a495cd633.png\"\u002F>\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>VS Code - 远程机器\u003C\u002Fb>（点击展开...）\u003C\u002Fsummary>\n\nVisual Studio Code 的 [Remote - SSH](https:\u002F\u002Fmarketplace.visualstudio.com\u002Fitems?itemName=ms-vscode-remote.remote-ssh) 扩展允许您打开任何可通过 SSH 访问的远程机器上的远程文件夹，并像处理本地文件夹一样进行操作。连接到远程机器后，您可以与远程文件系统中的任何文件和文件夹交互，并充分利用 VS Code 的各项功能（IntelliSense、调试和支持扩展）。该扩展能够自动发现并开箱即用支持由工作区 SSH 设置脚本配置的无密码 SSH 连接。要使您的本地 VS Code 应用程序连接到工作区：\n\n1. 在本地 VS Code 中安装 [Remote - SSH](https:\u002F\u002Fmarketplace.visualstudio.com\u002Fitems?itemName=ms-vscode-remote.remote-ssh) 扩展。\n2. 按照 [SSH 访问](#ssh-access) 部分的说明运行所选工作区的 SSH 设置脚本。\n3. 打开本地 VS Code 中的 Remote-SSH 面板。所有已配置的 SSH 连接都应自动被发现。只需选择您想要连接的任意已配置的工作区连接，如下所示：\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_9ee645671ac3.gif\"\u002F>\n\n> 📖 _有关 Remote SSH 扩展的更多功能和信息，请参阅[此指南](https:\u002F\u002Fcode.visualstudio.com\u002Fdocs\u002Fremote\u002Fssh)。_\n\n\u003C\u002Fdetails>\n\n### TensorBoard\n\n[TensorBoard](https:\u002F\u002Fwww.tensorflow.org\u002Ftensorboard) 提供了一套可视化工具，可帮助您更轻松地理解、调试和优化实验过程。它包含标量、直方图、模型结构、嵌入以及文本和图像可视化的日志记录功能。工作区预装了 [jupyter_tensorboard 扩展](https:\u002F\u002Fgithub.com\u002Flspvic\u002Fjupyter_tensorboard)，可将 TensorBoard 集成到 Jupyter 界面中，并提供启动、管理和停止实例的功能。您可以为有效的日志目录打开一个新的实例，如下所示：\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_e69ecec405cd.png\" \u002F>\n\n如果您已在有效的日志目录中打开了 TensorBoard 实例，您将看到已记录数据的可视化效果：\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_98995aa8ad9b.png\" \u002F>\n\n> _除了 TensorFlow 之外，TensorBoard 还可以与其他许多机器学习框架结合使用。通过使用 [tensorboardX](https:\u002F\u002Fgithub.com\u002Flanpa\u002FtensorboardX) 库，您可以从几乎任何基于 Python 的库中进行日志记录。此外，PyTorch 也有直接的 TensorBoard 集成，详情请参阅[此处](https:\u002F\u002Fpytorch.org\u002Fdocs\u002Fstable\u002Ftensorboard.html)。_\n\n如果您希望直接在笔记本中查看 TensorBoard，可以使用以下 **Jupyter magic** 命令：\n\n```\n%load_ext tensorboard\n%tensorboard --logdir \u002Fworkspace\u002Fpath\u002Fto\u002Flogs\n```\n\n### 硬件监控\n\n工作区提供了两个预装的基于 Web 的工具，可在模型训练和其他实验任务中帮助开发者深入了解系统中发生的一切，并找出性能瓶颈。\n\n[Netdata](https:\u002F\u002Fgithub.com\u002Fnetdata\u002Fnetdata)（“打开工具 -> Netdata”）是一个实时硬件和性能监控仪表板，可可视化 Linux 系统上的进程和服务。它会监控 CPU、GPU、内存、磁盘、网络、进程等指标。\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_4d224452460d.png\" \u002F>\n\n[Glances](https:\u002F\u002Fgithub.com\u002Fnicolargo\u002Fglances)（“打开工具 -> Glances”）也是一个基于 Web 的硬件监控仪表板，可用作 Netdata 的替代方案。\n\n\u003Cimg style=\"width: 100%\" src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_readme_8ce01522c649.png\"\u002F>\n\n> _Netdata 和 Glances 将显示工作区容器正在运行的整台机器的硬件统计信息。_\n\n### 作为作业运行\n\n> _作业被定义为任何在一定时间内运行直至完成的计算任务，例如模型训练或数据流水线。_\n\n工作区镜像还可以用于执行任意 Python 代码，而无需启动任何预装工具。这为将您的机器学习项目产品化提供了一种无缝的方式，因为在工作区内交互式开发的代码，在通过同一工作区镜像作为作业运行时，将具有相同的环境和配置。\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>通过工作区镜像将 Python 代码作为作业运行\u003C\u002Fb>（点击展开...）\u003C\u002Fsummary>\n\n要将 Python 代码作为作业运行，您需要通过 `EXECUTE_CODE` 提供一个代码目录（或脚本）的路径或 URL。该代码可以已经挂载到工作区容器中，也可以从版本控制系统（例如 git 或 svn）下载，具体方法如下文所述。所选代码路径必须是可执行的 Python 文件。如果所选代码是一个目录（例如从 VCS 下载代码时），则需要在该目录的根目录下放置一个 `__main__.py` 文件。`__main__.py` 文件应包含启动作业的代码。\n\n#### 从版本控制系统运行代码\n\n您可以使用 pip-vcs 格式直接从 Git、Mercurial、Subversion 或 Bazaar 执行代码，如 [此指南](https:\u002F\u002Fpip.pypa.io\u002Fen\u002Fstable\u002Freference\u002Fpip_install\u002F#vcs-support) 中所述。例如，要从一个 git 仓库的[子目录](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Ftree\u002Fmain\u002Fresources\u002Ftests\u002Fml-job)执行代码，只需运行：\n\n```bash\ndocker run --env EXECUTE_CODE=\"git+https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace.git#subdirectory=resources\u002Ftests\u002Fml-job\" mltooling\u002Fml-workspace:0.13.2\n```\n\n> 📖 _有关如何指定分支、提交或标签的更多信息，请参阅 [此指南](https:\u002F\u002Fpip.pypa.io\u002Fen\u002Fstable\u002Freference\u002Fpip_install\u002F#vcs-support)。_\n\n#### 运行挂载到工作区的代码\n\n在下面的示例中，我们将当前工作目录（预计包含我们的代码）挂载到工作区的 `\u002Fworkspace\u002Fml-job\u002F` 目录中并执行：\n\n```bash\ndocker run -v \"${PWD}:\u002Fworkspace\u002Fml-job\u002F\" --env EXECUTE_CODE=\"\u002Fworkspace\u002Fml-job\u002F\" mltooling\u002Fml-workspace:0.13.2\n```\n\n#### 安装依赖项\n\n如果预装的工作区库与您的代码不兼容，可以通过将以下一个或多个文件添加到您的代码目录来安装或更改依赖项：\n\n- `requirements.txt`: [pip 要求格式](https:\u002F\u002Fpip.pypa.io\u002Fen\u002Fstable\u002Fuser_guide\u002F#requirements-files)用于 pip 可安装的依赖项。\n- `environment.yml`: [conda 环境文件](https:\u002F\u002Fdocs.conda.io\u002Fprojects\u002Fconda\u002Fen\u002Flatest\u002Fuser-guide\u002Ftasks\u002Fmanage-environments.html?highlight=environment.yml#creating-an-environment-file-manually)用于创建独立的 Python 环境。\n- `setup.sh`: 通过 `\u002Fbin\u002Fbash` 执行的 Shell 脚本。\n\n执行顺序为：1. `environment.yml` -> 2. `setup.sh` -> 3. `requirements.txt`\n\n#### 在交互模式下测试作业\n\n您可以在工作区中（以正常方式启动并带有交互式工具）测试您的作业代码，方法是执行以下 Python 脚本：\n\n```bash\npython \u002Fresources\u002Fscripts\u002Fexecute_code.py \u002Fpath\u002Fto\u002Fyour\u002Fjob\n```\n\n#### 构建自定义作业镜像\n\n您也可以将代码直接嵌入到自定义作业镜像中，如下所示：\n\n```dockerfile\nFROM mltooling\u002Fml-workspace:0.13.2\n\n# 将作业代码添加到镜像\nCOPY ml-job \u002Fworkspace\u002Fml-job\nENV EXECUTE_CODE=\u002Fworkspace\u002Fml-job\n\n# 仅安装依赖项\nRUN python \u002Fresources\u002Fscripts\u002Fexecute_code.py --requirements-only\n\n# 在容器启动时仅执行代码\nCMD [\"python\", \"\u002Fresources\u002Fdocker-entrypoint.py\", \"--code-only\"]\n```\n\n\u003C\u002Fdetails>\n\n### 预装库和解释器\n\n工作区预装了许多流行的解释器、数据科学库以及 Ubuntu 软件包：\n\n- **解释器:** Python 3.8 (Miniconda 3)、NodeJS 14、Scala、Perl 5\n- **Python 库:** Tensorflow、Keras、Pytorch、Sklearn、XGBoost、MXNet、Theano，以及[更多](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Ftree\u002Fmain\u002Fresources\u002Flibraries)\n- **包管理器:** `conda`、`pip`、`apt-get`、`npm`、`yarn`、`sdk`、`poetry`、`gdebi`...\n\n已安装工具的完整列表可在 [Dockerfile](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fblob\u002Fmain\u002FDockerfile) 中找到。\n\n> _对于每个次要版本发布，我们都会使用 [safety](https:\u002F\u002Fpyup.io\u002Fsafety\u002F)、[clamav](https:\u002F\u002Fwww.clamav.net\u002F)、[trivy](https:\u002F\u002Fgithub.com\u002Faquasecurity\u002Ftrivy) 以及 [snyk via docker scan](https:\u002F\u002Fdocs.docker.com\u002Fengine\u002Fscan\u002F) 在工作区内进行漏洞、病毒和安全检查，以确保工作区环境尽可能安全。我们致力于修复和预防所有高危或严重级别的漏洞。您可以在 [这里](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Ftree\u002Fmain\u002Fresources\u002Freports) 查看一些最新的报告。_\n\n### 可扩展性\n\n工作区具有高度的可扩展性。在工作区内，您拥有**完整的 root 和 sudo 权限**，可以通过终端安装所需的任何库或工具（例如 `pip`、`apt-get`、`conda` 或 `npm`）。您可以通过以下方式打开终端：\n\n- **Jupyter:** `New -> Terminal`\n- **Desktop VNC:** `Applications -> Terminal Emulator`\n- **JupyterLab:** `File -> New -> Terminal`\n- **VS Code:** `Terminal -> New Terminal`\n\n此外，预装的工具，如 Jupyter、JupyterLab 和 Visual Studio Code，各自都提供了丰富的扩展生态系统。工作区还包含一个[安装脚本集合](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Ftree\u002Fmain\u002Fresources\u002Ftools)，用于许多常用开发工具或库（例如 `PyCharm`、`Zeppelin`、`RStudio`、`Starspace`）。您可以通过 `Open Tool -> Install Tool` 查找并执行所有工具的安装程序。这些脚本也可以从 Desktop VNC 执行（双击 Desktop VNC 桌面上 `Tools` 文件夹中的脚本）。\n\n\u003Cdetails>\n\u003Csummary>示例（点击展开...）\u003C\u002Fsummary>\n\n例如，要安装 [Apache Zeppelin](https:\u002F\u002Fzeppelin.apache.org\u002F) 笔记本服务器，只需执行：\n\n```bash\n\u002Fresources\u002Ftools\u002Fzeppelin.sh --port=1234\n```\n\n安装完成后，刷新 Jupyter 网站，Zeppelin 工具将出现在 `Open Tool -> Zeppelin` 下。其他工具可能仅在 Desktop VNC 中可用（例如 `atom` 或 `pycharm`），或者根本不提供 UI（例如 `starspace`、`docker-client`）。\n\u003C\u002Fdetails>\n\n除了在运行时扩展工作区之外，您还可以按照 [FAQ](#faq) 部分的说明自定义工作区 Docker 镜像，以创建您自己的版本。\n\n---\n\n\u003Cbr>\n\n## 常见问题解答\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>如何自定义工作空间镜像（创建自己的版本）？\u003C\u002Fb>（点击展开...）\u003C\u002Fsummary>\n\n工作空间在运行时可以通过多种方式扩展，具体说明请参见[此处](#extensibility)。然而，如果您希望使用自己的软件或配置来定制工作空间镜像，可以按照以下示例通过 Dockerfile 实现：\n\n```dockerfile\n# 从任意一个工作空间版本\u002F风味继承\nFROM mltooling\u002Fml-workspace:0.13.2\n\n# 执行自定义操作，例如：\nRUN \\\n    # 使用提供的安装脚本安装 r-runtime、r-kernel 和 r-studio Web 服务器\n    \u002Fbin\u002Fbash $RESOURCES_PATH\u002Ftools\u002Fr-runtime.sh --install && \\\n    \u002Fbin\u002Fbash $RESOURCES_PATH\u002Ftools\u002Fr-studio-server.sh --install && \\\n    # 清理层 - 移除不必要的缓存文件\n    clean-layer.sh\n```\n\n最后，使用 [docker build](https:\u002F\u002Fdocs.docker.com\u002Fengine\u002Freference\u002Fcommandline\u002Fbuild\u002F) 构建您自定义的 Docker 镜像。\n\n> 📖 _如需更全面的 Dockerfile 示例，请参阅 [R 版本的 Dockerfile](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fblob\u002Fmain\u002Fr-flavor\u002FDockerfile)。_\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>如何更新正在运行的工作空间容器？\u003C\u002Fb>（点击展开...）\u003C\u002Fsummary>\n\n要将正在运行的工作空间实例更新到最新版本，需要将当前的 Docker 容器替换为基于更新后工作空间镜像的新容器。\n\n在此更新过程中，工作空间内未挂载卷持久化的所有数据都将丢失。正如 [持久化数据](#Persist-Data) 部分所述，通常会将卷挂载到 `\u002Fworkspace` 文件夹。工作空间内的所有工具都配置为将 `\u002Fworkspace` 文件夹作为所有源代码和数据工件的根目录。在更新期间，其他目录中的数据将被移除，包括已安装或更新的库以及某些机器配置。我们集成了备份与恢复功能（`CONFIG_BACKUP_ENABLED`），用于备份和恢复一些选定的配置文件\u002F文件夹，例如用户的 Jupyter\u002FVS-Code 配置、`~\u002F.gitconfig` 和 `~\u002F.ssh`。\n\n\u003Cdetails>\n\n\u003Csummary>更新示例（点击展开...）\u003C\u002Fsummary>\n\n如果工作空间是通过 Docker 部署的（Kubernetes 的更新流程有所不同），则需要先删除现有容器（使用 `docker rm`），然后使用更新后的工作空间镜像启动新容器（使用 `docker run`）。请确保使用相同的配置、卷、名称和端口。例如，某个工作空间（镜像版本为 `0.8.7`）最初是通过以下命令启动的：\n```\ndocker run -d \\\n    -p 8080:8080 \\\n    --name \"ml-workspace\" \\\n    -v \"\u002Fpath\u002Fon\u002Fhost:\u002Fworkspace\" \\\n    --env AUTHENTICATE_VIA_JUPYTER=\"mytoken\" \\\n    --restart always \\\n    mltooling\u002Fml-workspace:0.8.7\n```\n现在需要将其更新至版本 `0.9.1`，则需执行以下步骤：\n\n1. 停止并移除正在运行的工作空间容器：`docker stop \"ml-workspace\" && docker rm \"ml-workspace\"`\n2. 使用更新后的镜像和相同配置启动新的工作空间容器：`docker run -d -p 8080:8080 --name \"ml-workspace\" -v \"\u002Fpath\u002Fon\u002Fhost:\u002Fworkspace\" --env AUTHENTICATE_VIA_JUPYTER=\"mytoken\" --restart always mltooling\u002Fml-workspace:0.9.1`\n\n\u003C\u002Fdetails>\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>如何配置 VNC 服务器？\u003C\u002Fb>（点击展开...）\u003C\u002Fsummary>\n\n如果您希望通过 VNC 客户端直接连接到工作空间（而不是使用 [noVNC Web 应用程序](#desktop-gui)），可能需要更改某些 VNC 服务器配置。要配置 VNC 服务器，可以在容器启动时通过 `docker run` 的 `--env` 选项提供或覆盖以下环境变量：\n\n\u003Ctable>\n    \u003Ctr>\n        \u003Cth>变量\u003C\u002Fth>\n        \u003Cth>描述\u003C\u002Fth>\n        \u003Cth>默认值\u003C\u002Fth>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>VNC_PW\u003C\u002Ftd>\n        \u003Ctd>VNC 连接的密码。只有当 VNC 服务器直接暴露在外时，此密码才需要足够安全。如果通过 noVNC 使用，则其安全性已由配置的身份验证机制保障。\u003C\u002Ftd>\n        \u003Ctd>vncpassword\u003C\u002Ftd>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>VNC_RESOLUTION\u003C\u002Ftd>\n        \u003Ctd>VNC 连接的默认桌面分辨率。使用 noVNC 时，分辨率会根据窗口大小动态调整。\u003C\u002Ftd>\n        \u003Ctd>1600x900\u003C\u002Ftd>\n    \u003C\u002Ftr>\n    \u003Ctr>\n        \u003Ctd>VNC_COL_DEPTH\u003C\u002Ftd>\n        \u003Ctd>VNC 连接的默认颜色深度。\u003C\u002Ftd>\n        \u003Ctd>24\u003C\u002Ftd>\n    \u003C\u002Ftr>\n\u003C\u002Ftable>\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>如何在工作空间中使用非 root 用户？\u003C\u002Fb>（点击展开...）\u003C\u002Fsummary>\n\n很遗憾，目前我们尚不支持在工作空间中使用非 root 用户。我们计划实现这一功能，并已开始进行一些重构以支持该配置。然而，这仍需要我们投入大量额外的工作、重构和测试。\n\n通常不建议在容器中使用 root 用户（或具有 sudo 权限的用户），因为一旦系统或内核出现漏洞，用户可能会突破容器限制并访问宿主机系统。尽管此类严重的内核漏洞并不常见，因此发生严重攻击的风险极低。正如 [Docker 官方文档](https:\u002F\u002Fdocs.docker.com\u002Fengine\u002Fsecurity\u002Fsecurity\u002F#linux-kernel-capabilities) 所述，即使使用 root 用户，容器通常也能很好地防止突破到宿主机。而且与其他许多容器应用场景相比，我们实际上希望为用户提供灵活性，使其能够在工作空间容器内拥有控制权和系统级安装权限。\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>如何创建和使用虚拟环境？\u003C\u002Fb>（点击展开...）\u003C\u002Fsummary>\n\n工作空间预装了多种常用的工具，可用于创建隔离的 Python 虚拟环境。以下部分将简要介绍如何在工作空间中使用这些工具。关于何时使用哪种工具的信息，请参阅 [此处](https:\u002F\u002Fstackoverflow.com\u002Fa\u002F41573588)。更多使用信息请参考相应工具的官方文档。\n\n**venv**（推荐）：\n\n要通过 [venv](https:\u002F\u002Fdocs.python.org\u002F3\u002Ftutorial\u002Fvenv.html) 创建虚拟环境，请执行以下命令：\n\n```bash\n# 在工作目录中创建环境\npython -m venv my-venv\n# 在 shell 中激活环境\nsource .\u002Fmy-venv\u002Fbin\u002Factivate\n# 可选：为该环境创建 Jupyter 内核\npip install ipykernel\npython -m ipykernel install --user --name=my-venv --display-name=\"my-venv ($(python --version))\"\n# 可选：退出环境会话\ndeactivate\n```\n\n**pipenv**（推荐）：\n\n要通过 [pipenv](https:\u002F\u002Fpipenv.pypa.io\u002Fen\u002Flatest\u002F) 创建虚拟环境，请执行以下命令：\n\n```bash\n# 在工作目录中创建环境\npipenv install\n# 在 shell 中激活环境会话\npipenv shell\n\n# 可选：为该环境创建 Jupyter 内核\npipenv install ipykernel\npython -m ipykernel install --user --name=my-pipenv --display-name=\"my-pipenv ($(python --version))\"\n# 可选：关闭环境会话\nexit\n```\n\n**virtualenv**:\n\n要通过 [virtualenv](https:\u002F\u002Fvirtualenv.pypa.io\u002Fen\u002Flatest\u002F) 创建虚拟环境，请执行以下命令：\n\n```bash\n# 在工作目录中创建环境\nvirtualenv my-virtualenv\n# 在 shell 中激活环境会话\nsource .\u002Fmy-virtualenv\u002Fbin\u002Factivate\n# 可选：为该环境创建 Jupyter 内核\npip install ipykernel\npython -m ipykernel install --user --name=my-virtualenv --display-name=\"my-virtualenv ($(python --version))\"\n# 可选：关闭环境会话\ndeactivate\n```\n\n**conda**:\n\n要通过 [conda](https:\u002F\u002Fdocs.conda.io\u002Fprojects\u002Fconda\u002Fen\u002Flatest\u002Fuser-guide\u002Ftasks\u002Fmanage-environments.html) 创建虚拟环境，请执行以下命令：\n\n```bash\n# 创建环境（全局）\nconda create -n my-conda-env\n# 在 shell 中激活环境会话\nconda activate my-conda-env\n# 可选：为该环境创建 Jupyter 内核\npython -m ipykernel install --user --name=my-conda-env --display-name=\"my-conda-env ($(python --version))\"\n# 可选：关闭环境会话\nconda deactivate\n```\n\n**提示：Jupyter 笔记本中的 Shell 命令：**\n\n如果您通过专用的 Jupyter 内核安装并使用虚拟环境，并在 Jupyter 中使用 shell 命令（例如 `!pip install matplotlib`），则可能会使用错误的 Python 或 pip 版本。要使用所选内核的 Python 和 pip 版本，请改用以下方法：\n\n```python\nimport sys\n!{sys.executable} -m pip install matplotlib\n```\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>如何安装不同的 Python 版本？\u003C\u002Fb>（点击展开...）\u003C\u002Fsummary>\n\n工作区提供了三种简便的方法来在主 Python 实例之外安装不同的 Python 版本：[pyenv](https:\u002F\u002Fgithub.com\u002Fpyenv\u002Fpyenv)、[pipenv](https:\u002F\u002Fpipenv.pypa.io\u002Fen\u002Flatest\u002Fcli\u002F)（推荐）、[conda](https:\u002F\u002Fgithub.com\u002Fpyenv\u002Fpyenv)。\n\n**pipenv**（推荐）：\n\n要在工作区内通过 [pipenv](https:\u002F\u002Fpipenv.pypa.io\u002Fen\u002Flatest\u002Fcli\u002F) 安装不同的 Python 版本（例如 `3.7.8`），请执行以下命令：\n\n```bash\n# 安装指定版本的 Python\npipenv install --python=3.7.8\n# 在 shell 中激活环境会话\npipenv shell\n# 检查 Python 安装情况\npython --version\n# 可选：为该环境创建 Jupyter 内核\npipenv install ipykernel\npython -m ipykernel install --user --name=my-pipenv --display-name=\"my-pipenv ($(python --version))\"\n# 可选：关闭环境会话\nexit\n```\n\n**pyenv**：\n\n要在工作区内通过 [pyenv](https:\u002F\u002Fgithub.com\u002Fpyenv\u002Fpyenv) 安装不同的 Python 版本（例如 `3.7.8`），请执行以下命令：\n\n```bash\n# 安装指定版本的 Python\npyenv install 3.7.8\n# 使其全局可用\npyenv global 3.7.8\n# 在 shell 中激活该版本的 Python\npyenv shell 3.7.8\n# 检查 Python 安装情况\npython3.7 --version\n# 可选：为该 Python 版本创建 Jupyter 内核\npython3.7 -m pip install ipykernel\npython3.7 -m ipykernel install --user --name=my-pyenv-3.7.8 --display-name=\"my-pyenv (Python 3.7.8)\"\n```\n\n**conda**：\n\n要在工作区内通过 [conda](https:\u002F\u002Fgithub.com\u002Fpyenv\u002Fpyenv) 安装不同的 Python 版本（例如 `3.7.8`），请执行以下命令：\n\n```bash\n# 创建包含指定 Python 版本的环境\nconda create -n my-conda-3.7 python=3.7.8\n# 在 shell 中激活环境会话\nconda activate my-conda-3.7\n# 检查 Python 安装情况\npython --version\n# 可选：为该 Python 版本创建 Jupyter 内核\npip install ipykernel\npython -m ipykernel install --user --name=my-conda-3.7 --display-name=\"my-conda ($(python --version))\"\n# 可选：关闭环境会话\nconda deactivate\n```\n\n**提示：Jupyter 笔记本中的 Shell 命令：**\n\n如果您通过专用的 Jupyter 内核安装并使用其他 Python 版本，同时在 Jupyter 中使用 shell 命令（例如 `!pip install matplotlib`），则可能会使用错误的 Python 或 pip 版本。要使用所选内核的 Python 和 pip 版本，请改用以下方法：\n\n```python\nimport sys\n!{sys.executable} -m pip install matplotlib\n```\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>我能否发布除默认端口之外的其他端口来访问容器内的工具？\u003C\u002Fb>（点击展开...）\u003C\u002Fsummary>\n您可以这样做，但请注意，此时该端口将\u003Cb>不受\u003C\u002Fb>工作区身份验证机制的保护！出于安全考虑，我们强烈建议您使用工作区的\u003Ca href=\"#access-ports\">访问端口\u003C\u002Fa>功能。\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>系统和工具翻译\u003C\u002Fb>（点击展开...）\u003C\u002Fsummary>\n如果您希望在工作区中配置除英语之外的其他语言，而某些工具未正确翻译，请查看\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fissues\u002F70#issuecomment-841863145\">此问题\u003C\u002Fa>。尝试注释掉 `\u002Fetc\u002Fdpkg\u002Fdpkg.cfg.d\u002Fexcludes` 文件中的“排除翻译”行，然后重新安装或配置相关软件包。\n\u003C\u002Fdetails>\n\n---\n\n\u003Cbr>\n\n## 已知问题\n\n\u003Cdetails>\n\n\u003Csummary>\u003Cb>共享内存过小可能导致工具或脚本崩溃\u003C\u002Fb>（点击展开...）\u003C\u002Fsummary>\n\n某些桌面工具（例如，最新版本的 [Firefox](https:\u002F\u002Fgithub.com\u002Fjlesage\u002Fdocker-firefox#increasing-shared-memory-size)）或库（例如，PyTorch - 参见问题：[1](https:\u002F\u002Fgithub.com\u002Fpytorch\u002Fpytorch\u002Fissues\u002F2244)、[2](https:\u002F\u002Fgithub.com\u002Fpytorch\u002Fpytorch\u002Fissues\u002F1355)）在共享内存大小（`\u002Fdev\u002Fshm`）过小时可能会崩溃。Docker 的默认共享内存大小为 64MB，这可能对一些工具来说不够。您可以通过 `shm-size` docker run 选项提供更大的共享内存大小：\n\n```bash\ndocker run --shm-size=2G mltooling\u002Fml-workspace:0.13.2\n```\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\n\u003Csummary>\u003Cb>多进程代码运行速度异常缓慢\u003C\u002Fb>（点击展开...）\u003C\u002Fsummary>\n\n一般来说，在 Docker 中运行代码的性能与直接在主机上运行几乎相同。然而，如果您限制了容器的 CPU 配额（如 [此部分](#limit-memory--cpu) 所述），容器仍然会看到主机上可用的全部 CPU 核心数，且没有技术手段可以阻止这一点。许多库和工具会使用全部 CPU 核心数（例如通过 `os.cpu_count()`）来设置用于多进程或多线程处理的线程数。这可能导致程序启动的线程或进程数量超过其在现有 CPU 配额下能够高效处理的能力，从而极大地降低整体性能。因此，重要的是将可用的 CPU 数量或最大线程数显式地设置为配置的 CPU 配额。该工作空间提供了自动检测可用 CPU 数量的功能，并通过环境变量（如 `OMP_NUM_THREADS` 或 `MKL_NUM_THREADS`）来配置各种常用库。此外，也可以在容器启动时通过 `MAX_NUM_THREADS` 环境变量显式设置可用 CPU 数量（参见 [配置部分](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace#configuration-options)）。同一环境变量也可用于在运行时获取可用 CPU 数量。\n\n尽管工作空间的自动配置功能可以解决多种效率低下的问题，我们仍建议为所有库显式配置可用的 CPU 数量。例如：\n\n```python\nimport os\nMAX_NUM_THREADS = int(os.getenv(\"MAX_NUM_THREADS\"))\n\n# 在 PyTorch 中设置\nimport torch\ntorch.set_num_threads(MAX_NUM_THREADS)\n\n# 在 TensorFlow 中设置\nimport tensorflow as tf\nconfig = tf.ConfigProto(\n    device_count={\"CPU\": MAX_NUM_THREADS},\n    inter_op_parallelism_threads=MAX_NUM_THREADS,\n    intra_op_parallelism_threads=MAX_NUM_THREADS,\n)\ntf_session = tf.Session(config=config)\n\n# 为 Keras 设置会话\nimport keras.backend as K\nK.set_session(tf_session)\n\n# 在 sklearn 的估计器中设置\nfrom sklearn.linear_model import LogisticRegression\nLogisticRegression(n_jobs=MAX_NUM_THREADS).fit(X, y)\n\n# 为 multiprocessing 池设置\nfrom multiprocessing import Pool\n\nwith Pool(MAX_NUM_THREADS) as pool:\n    results = pool.map(lst)\n```\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\n\u003Csummary>\u003Cb>Nginx 因 SIGILL 错误而终止并生成核心转储文件\u003C\u002Fb>（点击展开...）\u003C\u002Fsummary>\n\n如果您在启动工作空间时，容器日志中出现以下错误，则很可能无法在您的硬件上运行该工作空间：\n\n```\nexited: nginx (terminated by SIGILL (core dumped); not expected)\n```\n\n工作空间中使用的 OpenResty\u002FNginx 二进制包需要在支持 `SSE4.2` 的 CPU 上运行（参见 [此问题](https:\u002F\u002Fgithub.com\u002Fopenresty\u002Fopenresty\u002Fissues\u002F267#issuecomment-309296900)）。不幸的是，一些较旧的 CPU 不支持 `SSE4.2`，因此无法运行该工作空间容器。在 Linux 系统中，您可以通过查看 `\u002Fproc\u002Fcpuinfo` 文件中的 flags 部分来确认您的 CPU 是否支持 `SSE4.2`。如果遇到此类问题，请随时通过评论告知我们：[#30](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fissues\u002F30)。\n\n\u003C\u002Fdetails>\n\n---\n\n\u003Cbr>\n\n## 贡献\n\n- 我们鼓励并欢迎 Pull 请求。请阅读我们的 [贡献指南](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Ftree\u002Fmain\u002FCONTRIBUTING.md)，并查看 [待办事项](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fissues?utf8=%E2%9C%93&q=is%3Aopen+is%3Aissue+label%3A\"help+wanted\"+sort%3Areactions-%2B1-desc+) 列表。\n- 如有任何 [功能请求与改进](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fissues\u002Fnew?assignees=&labels=feature&template=02_feature-request.md&title=)、[Bug](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fissues\u002Fnew?assignees=&labels=bug&template=01_bug-report.md&title=) 或 [文档](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fissues\u002Fnew?assignees=&labels=documentation&template=03_documentation.md&title=) 相关的问题，请提交 GitHub 问题。\n- 参与本项目即表示您同意遵守其 [行为准则](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fblob\u002Fmain\u002F.github\u002FCODE_OF_CONDUCT.md)。\n- 下文的 [开发部分](#development) 包含有关在实现更改后如何构建和测试该项目的信息。\n\n## 开发\n\n> _**要求**：要执行构建流程，您的机器上必须安装 [Docker](https:\u002F\u002Fdocs.docker.com\u002Fget-docker\u002F) 和 [Act](https:\u002F\u002Fgithub.com\u002Fnektos\u002Fact#installation)。_\n\n为了简化从头开始构建该项目的过程，我们基于 [universal-build](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Funiversal-build) 提供了构建脚本，这些脚本会在容器化环境中运行所有必要的步骤（构建、测试和发布）。要构建并测试您的更改，请在项目根目录下执行以下命令：\n\n```bash\nact -b -j build\n```\n\n其底层使用了本仓库中基于 [universal-build 库](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Funiversal-build) 的 build.py 文件。因此，如果您想在本地构建，也可以在项目根目录下执行以下命令来构建 Docker 容器：\n\n```bash\npython build.py --make\n```\n\n如需更多脚本选项：\n\n```bash\npython build.py --help\n```\n\n有关我们的构建脚本和开发流程的更详细信息，请参阅我们的 [贡献指南](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fblob\u002Fmain\u002FCONTRIBUTING.md#development-instructions)。\n\n---\n\n采用 **Apache 2.0** 许可证。由柏林的开发者用 ❤️ 维护。","# ML Workspace 快速上手指南\n\nML Workspace 是一个专为机器学习和数据科学打造的一体化 Web 开发环境。它预装了 TensorFlow、PyTorch、Keras、Sklearn 等主流库，并集成了 Jupyter、VS Code Web 版和 Tensorboard 等开发工具，通过 Docker 即可在几分钟内启动。\n\n## 环境准备\n\n*   **操作系统**：支持 macOS、Linux 和 Windows。\n*   **前置依赖**：必须安装 **Docker**。\n    *   请确保 Docker 引擎已正常运行。\n    *   国内用户建议配置 Docker 镜像加速器（如阿里云、腾讯云或网易云镜像加速），以加快镜像拉取速度。\n\n## 安装步骤\n\n### 1. 快速体验（单次运行）\n最简单的方式是直接运行以下命令。Docker 将自动拉取最新镜像并启动服务：\n\n```bash\ndocker run -p 8080:8080 mltooling\u002Fml-workspace:0.13.2\n```\n\n启动完成后，在浏览器访问 `http:\u002F\u002Flocalhost:8080` 即可使用。\n\n### 2. 生产环境部署（推荐）\n为了持久化数据、设置访问令牌并保证服务稳定运行，建议使用以下完整命令：\n\n```bash\ndocker run -d \\\n    -p 8080:8080 \\\n    --name \"ml-workspace\" \\\n    -v \"${PWD}:\u002Fworkspace\" \\\n    --env AUTHENTICATE_VIA_JUPYTER=\"mytoken\" \\\n    --shm-size 512m \\\n    --restart always \\\n    mltooling\u002Fml-workspace:0.13.2\n```\n\n**参数说明：**\n*   `-d`：后台运行容器。\n*   `-v \"${PWD}:\u002Fworkspace\"`：将当前目录挂载到容器内的 `\u002Fworkspace`，确保代码和数据不会因容器重启而丢失。\n*   `--env AUTHENTICATE_VIA_JUPYTER=\"mytoken\"`：设置访问令牌（请将 `mytoken` 替换为强密码），用于保护工作区安全。\n*   `--shm-size 512m`：增加共享内存，防止某些机器学习库意外崩溃。\n*   `--restart always`：系统重启后自动恢复容器。\n\n## 基本使用\n\n1.  **访问界面**：\n    打开浏览器访问 `http:\u002F\u002Flocalhost:8080`（若部署在远程服务器，请使用 `http:\u002F\u002F\u003C服务器 IP>:8080`）。\n\n2.  **身份验证**：\n    如果设置了 `AUTHENTICATE_VIA_JUPYTER`，输入配置的 Token 即可登录。\n\n3.  **开始开发**：\n    登录后，您将看到集成的开发面板，可以直接选择：\n    *   **Jupyter \u002F JupyterLab**：进行交互式 Notebook 开发。\n    *   **VS Code (Web)**：享受完整的 IDE 体验。\n    *   **Linux 桌面**：通过浏览器访问完整的 Linux GUI 环境。\n\n4.  **数据持久化**：\n    所有在 `\u002Fworkspace` 目录下创建的文件（包括 Notebooks 和代码）都会自动保存到您宿主机的当前目录中。","某初创公司的数据科学团队需要在本地服务器上快速搭建一个支持多框架（TensorFlow、PyTorch）且具备远程协作能力的机器学习开发环境。\n\n### 没有 ml-workspace 时\n- **环境配置繁琐**：每位新入职的算法工程师需花费半天时间手动安装 Python、CUDA 驱动及各类依赖库，常因版本冲突导致环境不可用。\n- **工具链割裂**：开发者需在本地 IDE、独立的 Jupyter 服务和命令行终端之间频繁切换，缺乏统一的集成界面。\n- **远程访问困难**：团队成员无法直接从家中浏览器安全访问公司服务器的桌面或代码编辑器，必须配置复杂的 SSH 隧道或 VNC。\n- **监控缺失**：模型训练过程中，缺乏直观的工具实时监控 GPU 利用率和训练指标，往往等到报错才发现资源瓶颈。\n\n### 使用 ml-workspace 后\n- **一键启动环境**：只需一条 Docker 命令，几分钟内即可部署预装了主流数据科学库和驱动的完美环境，新人入职即刻开工。\n- **全功能 Web 集成**：通过浏览器即可同时访问 JupyterLab、VS Code 和完整 Linux 桌面，所有开发工具在同一端口无缝切换。\n- **随时随地接入**：团队成员无论身处何地，仅需通过网页或 SSH 即可安全连接至中央服务器，像操作本地机器一样进行远程开发。\n- **内置智能监控**：集成 Tensorboard 和 Netdata，开发者可实时可视化训练曲线与硬件状态，迅速定位并优化性能问题。\n\nml-workspace 将原本数天的环境搭建与整合工作压缩至分钟级，让数据科学家能专注于核心算法创新而非运维琐事。","https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fml-tooling_ml-workspace_42070d55.png","ml-tooling","Machine Learning Tooling","https:\u002F\u002Foss.gittoolsai.com\u002Favatars\u002Fml-tooling_4577802e.png","",null,"team@mltooling.org","mltooling","https:\u002F\u002Fgithub.com\u002Fml-tooling",[82,86,90,93,97,101,105],{"name":83,"color":84,"percentage":85},"Jupyter Notebook","#DA5B0B",45.4,{"name":87,"color":88,"percentage":89},"Python","#3572A5",11.7,{"name":91,"color":92,"percentage":89},"JavaScript","#f1e05a",{"name":94,"color":95,"percentage":96},"Shell","#89e051",11.4,{"name":98,"color":99,"percentage":100},"HTML","#e34c26",7.4,{"name":102,"color":103,"percentage":104},"Dockerfile","#384d54",6.9,{"name":106,"color":107,"percentage":108},"Lua","#000080",5.4,3542,456,"2026-04-02T13:04:50","Apache-2.0","Linux, macOS, Windows","未说明","未说明 (建议配置 --shm-size 512m 以防止崩溃)",{"notes":117,"python":114,"dependencies":118},"该工具基于 Docker 部署，需预先安装 Docker。默认工作目录为容器内的 \u002Fworkspace，必须通过挂载卷 (-v) 将本地目录映射到 \u002Fworkspace 以持久化数据，否则重启后数据会丢失。支持通过环境变量配置认证（推荐 Jupyter Token 或 Nginx Basic Auth）和 SSL。可通过单个端口访问 Web IDE、SSH 或 VNC。",[119,120,121,122,123,124,125,126],"Tensorflow","PyTorch","Keras","Sklearn","Jupyter","VS Code","Tensorboard","Netdata",[128,129,16,15,35,13,14,130,52],"视频","音频","其他",[132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151],"machine-learning","deep-learning","data-science","docker","jupyter","jupyter-lab","python","anaconda","tensorflow","pytorch","neural-networks","data-analysis","scikit-learn","r","gpu","jupyter-notebook","kubernetes","data-visualization","vscode","nlp","2026-03-27T02:49:30.150509","2026-04-07T22:50:55.495256",[155,160,165,170,175,179,184],{"id":156,"question_zh":157,"answer_zh":158,"source_url":159},22812,"如何为 ml-workspace 启用 SSL\u002FHTTPS 并解决自签名证书相关的错误？","可以通过设置环境变量 `WORKSPACE_SSL_ENABLED=\"true\"` 来启用 SSL。如果在生成自签名证书时遇到类似 `test: error: unrecognized arguments: -e` 的错误，这通常是由于旧版本中的脚本问题导致的。维护者已在版本 0.13.2 中修复了此问题。建议升级镜像到最新版本（如 `mltooling\u002Fml-workspace-gpu:0.13.2` 或更高）以解决该证书安装问题。","https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fissues\u002F69",{"id":161,"question_zh":162,"answer_zh":163,"source_url":164},22813,"项目是否还在维护？软件依赖过时了怎么办？","项目仍在活动中，但更新频率可能不如单独的工具快。如果感觉内置软件（如 JupyterLab, VS Code 等）版本过旧，不建议等待官方镜像更新。最佳实践是基于官方的 Dockerfile 自行构建镜像，在构建过程中更新所有依赖包（通过 pip 或 apt）。您可以参考仓库中的 Dockerfile，修改其中的版本引脚或直接运行更新命令，然后重新构建镜像以保持工具链的最新状态。","https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fissues\u002F107",{"id":166,"question_zh":167,"answer_zh":168,"source_url":169},22814,"如何在反向代理（如 Traefik）后配置 ml-workspace 以支持 WebSocket 连接？","当使用 Traefik 等反向代理时，Ungit 或 Jupyter Kernel 无法加载通常是因为 WebSocket 配置不当。对于 Traefik 1.7，需要在标签中添加 `passHostHeader` 并配置专门的 WebSocket 入口点（wss）。示例配置包括：\n- 添加标签：`traefik.backend=mlworkspace`, `traefik.enable=true`, `traefik.port=8080`\n- 确保 `traefik.toml` 中定义了 websockets 入口点。\n如果不配置 `passHostHeader` 和正确的 WebSocket 路由，前端工具将无法连接到后端服务。","https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fissues\u002F21",{"id":171,"question_zh":172,"answer_zh":173,"source_url":174},22815,"是否有结合了 GPU 支持和 R 语言环境的镜像版本？","是的，社区提供了一个实验性的 `gpu-r` 风味镜像，它结合了现有的 `gpu` 和 `r` 版本的功能。您可以尝试拉取 `mltooling\u002Fml-workspace-gpu-r` 镜像。由于这是实验性版本，建议在使用前进行测试，并向维护者反馈使用情况。","https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fissues\u002F65",{"id":176,"question_zh":177,"answer_zh":178,"source_url":174},22816,"如何为 VSCode、VNC、Ungit 或 RStudio 等服务设置密码认证以提高安全性？","默认情况下，某些工具可能在特定配置下无需密码即可访问，存在安全风险。虽然具体的密码设置方法取决于启动参数（例如通过 `AUTHENTICATE_VIA_JUPYTER` 设置 Jupyter 密码），但对于其他工具如 VNC 或 RStudio，通常需要检查对应的环境变量配置或在容器内部手动配置认证文件。用户应查阅最新文档或通过设置强密码的环境变量来防止未经授权的访问。如果遇到权限问题，请确保在 docker run 命令中正确传递了认证相关的环境变量。",{"id":180,"question_zh":181,"answer_zh":182,"source_url":183},22817,"如何使用 GitHub Actions 自动构建 ml-workspace 镜像？构建需要多长时间？","项目已创建了 GitHub Actions 工作流来自动构建镜像。根据维护者的测试，完整构建过程大约需要 70 分钟，具体时间可能会因运行环境不同而有所波动。用户可以利用现有的 GitHub Actions 配置文件，或者使用本地工具如 `act` 来测试构建流程。首先通常会触发最小化版本（minimal flavor）的构建以验证流程是否通畅。","https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fissues\u002F48",{"id":185,"question_zh":186,"answer_zh":187,"source_url":188},22818,"是否会发布包含 Spark 支持的新版本镜像（基于 0.13.2+）？","社区用户对基于新版本基础镜像（如 0.13.2）构建 Spark 风味（flavor）的镜像有强烈需求。虽然官方尚未立即发布预构建的 Spark 镜像，但用户可以参考官方的 Dockerfile 和构建脚本，自行在 Docker Hub 或本地环境中基于新的基础版本构建包含 Spark 支持的自定义镜像。建议关注仓库的 Release 页面以获取官方更新。","https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fml-workspace\u002Fissues\u002F98",[190,195,200,205],{"id":191,"version":192,"summary_zh":193,"released_at":194},136517,"v0.13.2","## ⬆ 依赖项\n\n- 升级到 Ubuntu 20.04\n- 将工具和库更新至最新版本\n- [GPU 版本] 将 CUDA 更新至 11.2","2021-07-13T22:12:59",{"id":196,"version":197,"summary_zh":198,"released_at":199},136518,"v0.12.1","## 📝 文档\n\n- 记录暴露其他端口时的安全注意事项 (#67)。\n- 对 README 进行了多项小幅更新。\n\n## 👷 维护与重构\n\n- 将 Spark 镜像风味重构为独立的工具脚本。\n- 使用 r-flavor 作为 Spark 镜像风味的基础镜像。\n- 在工具菜单中添加指向 GitHub 仓库的链接。\n\n## 🎁 功能与改进\n\n- 添加 `gpu-r` 镜像风味。\n\n## 🚨 错误修复\n\n- 修复当文件夹名为 `notebooks` 时出现的错误 (#63)。\n\n## ⬆ 依赖项\n\n- 将 code-server、ungit 和 filebrowser 更新至最新版本。\n- 将 Jupyter 更新至 `6.1.6`。\n- 更新 Python 的最小化和精简依赖。\n- 其他多项依赖项更新及修复。","2021-01-11T00:36:32",{"id":201,"version":202,"summary_zh":203,"released_at":204},136519,"v0.11.0","## 👷 维护与重构\n\n- 将默认分支从 `master` 更改为 `main`\n\n## 🚨 错误修复\n\n- 修复由 `icc_rt` 引入的 numba 内存错误\n- 修复并更新 TensorBoard 的魔法命令\n- 更新教程笔记本\n\n## ⬆ 依赖项\n\n- 添加 CatBoost 和 PyCaret\n- 在 GPU 版本中安装 LightGBM 的 GPU 版\n- 将 RAPIDS 安装程序更新至 0.17 版\n","2020-12-13T13:06:31",{"id":206,"version":207,"summary_zh":208,"released_at":209},136520,"v0.10.4","## 🎁 功能与改进\n\n- 将所有依赖更新至最新版本\n- 基于 [`best-of-ml-python`](https:\u002F\u002Fgithub.com\u002Fml-tooling\u002Fbest-of-ml-python) 列表添加了额外的依赖\n- 实现了新的构建、测试和发布工作流\n- 应用 Trivy 和 Snyk 漏洞扫描，以增强安全性\n- 实现并文档化了对虚拟\u002F隔离 Python 环境的改进支持\n- 各种其他修复和改进，以提升稳定性","2020-12-13T12:52:43"]