microsoft · hippogr · Jan 20, 2026 · Jan 20, 2026 · Copilot · Jan 20, 2026
diff --git a/src/job-exporter/build/job-exporter.common.dockerfile b/src/job-exporter/build/job-exporter.common.dockerfile
@@ -16,75 +16,120 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
 
+############################
+# builder: only for compiling python wheels
+############################
+FROM mcr.microsoft.com/mirror/nvcr/nvidia/cuda:12.0.1-runtime-ubuntu22.04 AS builder
+
+ARG TARGETARCH
+
+RUN set -eux; \
+    apt-get update; \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+        ca-certificates \
+        python3-pip \
+        python3-dev \
+        build-essential \
+        gcc; \
+    rm -rf /var/lib/apt/lists/*
+
+WORKDIR /w
+
+# build wheels once
+COPY requirements.txt /w/requirements.txt
+RUN python3 -m pip install --no-cache-dir -U pip wheel && \
+    python3 -m pip wheel --no-cache-dir --wheel-dir /w/wheels \
+        -r /w/requirements.txt \
+        prometheus_client psutil filelock
+
+
-        -r /w/requirements.txt \
-        prometheus_client psutil filelock
+        -r /w/requirements.txt
-        -r /w/requirements.txt \
-        prometheus_client psutil filelock
+        -r /w/requirements.txt
+############################
+# runtime: final image
+############################
 FROM mcr.microsoft.com/mirror/nvcr/nvidia/cuda:12.0.1-runtime-ubuntu22.04
 
 ARG TARGETARCH
-# Register the ROCM package repository, and install rocm-dev package
 ARG ROCM_VERSION=6.2.2
 ARG AMDGPU_VERSION=6.2.2
+ARG DCGM_TARGET_VERSION=1:4.4.1-1
 
-RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
-  autoconf \
-  automake \
-  bash \
-  build-essential \
-  cmake \
-  curl \
-  file \
-  g++ \
-  git \
-  gnupg \
-  ibverbs-utils \
-  kmod \
-  libc++-dev \
-  libcap-dev \
-  libelf1 \
-  libgflags-dev \
-  libgtest-dev \
-  libnuma-dev \
-  libtool \
-  numactl \
-  pkg-config \
-  python3-dev \
-  python3-pip \
-  sudo \
-  unzip && \
-  if [ "$TARGETARCH" = "amd64" ]; then \
-    printf "Package: *\nPin: release o=repo.radeon.com\nPin-Priority: 600" | tee /etc/apt/preferences.d/rocm-pin-600 && \
-    curl -sL https://repo.radeon.com/rocm/rocm.gpg.key | apt-key add - && \
-    echo "deb https://repo.radeon.com/rocm/apt/$ROCM_VERSION/ jammy main" | tee /etc/apt/sources.list.d/rocm.list && \
-    echo "deb https://repo.radeon.com/amdgpu/$AMDGPU_VERSION/ubuntu jammy main" | tee /etc/apt/sources.list.d/amdgpu.list && \
-    apt-get update && \
-    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends rocm-dev; \
-  fi
-
-COPY src/Moneo /Moneo
+# --------------------------
+# base + REQUIRED apt upgrade
+# --------------------------
+RUN set -eux; \
+    apt-get update; \
+    apt-get upgrade -y; \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+        bash \
+        ca-certificates \
+        curl \
+        gnupg \
+        wget \
+        python3 \
+        python3-pip; \
+    apt-get clean; \
+    rm -rf /var/lib/apt/lists/* /var/cache/apt/*
 
-# Install RDC
-RUN if [ "$TARGETARCH" = "amd64" ]; then sudo bash Moneo/src/worker/install/amd.sh; fi
+# --------------------------
+# ROCm (runtime only)
+# --------------------------
+RUN set -eux; \
+    if [ "$TARGETARCH" = "amd64" ]; then \
+        printf "Package: *\nPin: release o=repo.radeon.com\nPin-Priority: 600" \
+            > /etc/apt/preferences.d/rocm-pin-600; \
+        curl -sL https://repo.radeon.com/rocm/rocm.gpg.key | apt-key add -; \
+        echo "deb https://repo.radeon.com/rocm/apt/$ROCM_VERSION/ jammy main" \
+            > /etc/apt/sources.list.d/rocm.list; \
+        echo "deb https://repo.radeon.com/amdgpu/$AMDGPU_VERSION/ubuntu jammy main" \
-        curl -sL https://repo.radeon.com/rocm/rocm.gpg.key | apt-key add -; \
-        echo "deb https://repo.radeon.com/rocm/apt/$ROCM_VERSION/ jammy main" \
-            > /etc/apt/sources.list.d/rocm.list; \
-        echo "deb https://repo.radeon.com/amdgpu/$AMDGPU_VERSION/ubuntu jammy main" \
+        curl -sL https://repo.radeon.com/rocm/rocm.gpg.key | gpg --dearmor -o /usr/share/keyrings/rocm-archive-keyring.gpg; \
+        echo "deb [signed-by=/usr/share/keyrings/rocm-archive-keyring.gpg] https://repo.radeon.com/rocm/apt/$ROCM_VERSION/ jammy main" \
+            > /etc/apt/sources.list.d/rocm.list; \
+        echo "deb [signed-by=/usr/share/keyrings/rocm-archive-keyring.gpg] https://repo.radeon.com/amdgpu/$AMDGPU_VERSION/ubuntu jammy main" \
-        curl -sL https://repo.radeon.com/rocm/rocm.gpg.key | apt-key add -; \
-        echo "deb https://repo.radeon.com/rocm/apt/$ROCM_VERSION/ jammy main" \
-            > /etc/apt/sources.list.d/rocm.list; \
-        echo "deb https://repo.radeon.com/amdgpu/$AMDGPU_VERSION/ubuntu jammy main" \
+        curl -sL https://repo.radeon.com/rocm/rocm.gpg.key | gpg --dearmor -o /usr/share/keyrings/rocm-archive-keyring.gpg; \
+        echo "deb [signed-by=/usr/share/keyrings/rocm-archive-keyring.gpg] https://repo.radeon.com/rocm/apt/$ROCM_VERSION/ jammy main" \
+            > /etc/apt/sources.list.d/rocm.list; \
+        echo "deb [signed-by=/usr/share/keyrings/rocm-archive-keyring.gpg] https://repo.radeon.com/amdgpu/$AMDGPU_VERSION/ubuntu jammy main" \
+            > /etc/apt/sources.list.d/amdgpu.list; \
+        apt-get update; \
+        DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends rdc; \
+        rm -rf /var/lib/apt/lists/*; \
+    fi
 
-# Install DCGM
-RUN sed -i 's/systemctl --now enable nvidia-dcgm/#&/' Moneo/src/worker/install/nvidia.sh && \
-    sed -i 's/systemctl start nvidia-dcgm/#&/' Moneo/src/worker/install/nvidia.sh && \
-    sudo bash Moneo/src/worker/install/nvidia.sh
+# --------------------------
+# DCGM (runtime only, same layer clean)
+# --------------------------
+RUN set -eux; \
+    apt-get update; \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+        datacenter-gpu-manager-4-cuda12=${DCGM_TARGET_VERSION} \
+        datacenter-gpu-manager-4-core=${DCGM_TARGET_VERSION} \
+        datacenter-gpu-manager-4-proprietary-cuda12=${DCGM_TARGET_VERSION}; \
+    apt-get clean; \
+    rm -rf /var/lib/apt/lists/*
-    rm -rf /var/lib/apt/lists/*
+    rm -rf /var/lib/apt/lists/*
+ENV PYTHONPATH=/usr/share/datacenter-gpu-manager-4/bindings/python3:${PYTHONPATH}
-    rm -rf /var/lib/apt/lists/*
+    rm -rf /var/lib/apt/lists/*
+ENV PYTHONPATH=/usr/share/datacenter-gpu-manager-4/bindings/python3:${PYTHONPATH}
 
-ENV PATH="${PATH}:/opt/rocm/bin"
-COPY build/moneo-*-exporter_entrypoint.sh ./
-COPY build/update-dcgm.py .
+# --------------------------
+# nerdctl
+# --------------------------
+ENV NERDCTL_VERSION=2.2.1
+RUN set -eux; \
+    wget -O /tmp/nerdctl.tar.gz \
+        https://github.com/containerd/nerdctl/releases/download/v${NERDCTL_VERSION}/nerdctl-${NERDCTL_VERSION}-linux-${TARGETARCH}.tar.gz; \
+    mkdir -p /tmp/nerdctl; \
+    tar -xzf /tmp/nerdctl.tar.gz -C /tmp/nerdctl; \
+    mv /tmp/nerdctl/nerdctl /usr/local/bin/nerdctl; \
+    rm -rf /tmp/nerdctl* /tmp/nerdctl.tar.gz
-    mkdir -p /tmp/nerdctl; \
-    tar -xzf /tmp/nerdctl.tar.gz -C /tmp/nerdctl; \
-    mv /tmp/nerdctl/nerdctl /usr/local/bin/nerdctl; \
-    rm -rf /tmp/nerdctl* /tmp/nerdctl.tar.gz
+    wget -O /tmp/nerdctl-SHA256SUMS \
+        https://github.com/containerd/nerdctl/releases/download/v${NERDCTL_VERSION}/SHA256SUMS; \
+    grep " nerdctl-${NERDCTL_VERSION}-linux-${TARGETARCH}.tar.gz$" /tmp/nerdctl-SHA256SUMS | sha256sum -c -; \
+    mkdir -p /tmp/nerdctl; \
+    tar -xzf /tmp/nerdctl.tar.gz -C /tmp/nerdctl; \
+    mv /tmp/nerdctl/nerdctl /usr/local/bin/nerdctl; \
+    rm -rf /tmp/nerdctl* /tmp/nerdctl.tar.gz /tmp/nerdctl-SHA256SUMS
-    mkdir -p /tmp/nerdctl; \
-    tar -xzf /tmp/nerdctl.tar.gz -C /tmp/nerdctl; \
-    mv /tmp/nerdctl/nerdctl /usr/local/bin/nerdctl; \
-    rm -rf /tmp/nerdctl* /tmp/nerdctl.tar.gz
+    wget -O /tmp/nerdctl-SHA256SUMS \
+        https://github.com/containerd/nerdctl/releases/download/v${NERDCTL_VERSION}/SHA256SUMS; \
+    grep " nerdctl-${NERDCTL_VERSION}-linux-${TARGETARCH}.tar.gz$" /tmp/nerdctl-SHA256SUMS | sha256sum -c -; \
+    mkdir -p /tmp/nerdctl; \
+    tar -xzf /tmp/nerdctl.tar.gz -C /tmp/nerdctl; \
+    mv /tmp/nerdctl/nerdctl /usr/local/bin/nerdctl; \
+    rm -rf /tmp/nerdctl* /tmp/nerdctl.tar.gz /tmp/nerdctl-SHA256SUMS
 
-# For the job exporter
-ENV NERDCTL_VERSION=2.1.3
-RUN apt-get update && apt-get install --no-install-recommends -y wget ca-certificates
-RUN wget -O /tmp/nerdctl.tar.gz https://github.com/containerd/nerdctl/releases/download/v${NERDCTL_VERSION}/nerdctl-${NERDCTL_VERSION}-linux-${TARGETARCH}.tar.gz && \
-    mkdir -p /tmp/nerdctl && \
-    tar -xzvf /tmp/nerdctl.tar.gz -C /tmp/nerdctl && \
-    mv /tmp/nerdctl/nerdctl /usr/local/bin/nerdctl && \
-    mkdir -p /job_exporter && \
-    rm -rf /tmp/nerdctl*
+# --------------------------
+# python runtime deps (from wheels)
+# --------------------------
 
-COPY requirements.txt /job_exporter/
-RUN pip3 install -r /job_exporter/requirements.txt
+COPY --from=builder /w/wheels /wheels
+COPY requirements.txt /job_exporter/requirements.txt
 
-RUN apt update && apt upgrade -y && apt-get clean && rm -rf /var/lib/apt/lists/*
+RUN python3 -m pip install --no-cache-dir -U pip && \  
-RUN python3 -m pip install --no-cache-dir -U pip && \  
+RUN python3 -m pip install --no-cache-dir -U pip && \
-RUN python3 -m pip install --no-cache-dir -U pip && \  
+RUN python3 -m pip install --no-cache-dir -U pip && \
+    python3 -m pip install --no-cache-dir \
+        --no-index --find-links=/wheels \
+        -r /job_exporter/requirements.txt && \
+    python3 -m pip install --no-cache-dir \
+        --no-index --find-links=/wheels \
+        prometheus_client psutil filelock && \
-RUN python3 -m pip install --no-cache-dir -U pip && \  
-    python3 -m pip install --no-cache-dir \
-        --no-index --find-links=/wheels \
-        -r /job_exporter/requirements.txt && \
-    python3 -m pip install --no-cache-dir \
-        --no-index --find-links=/wheels \
-        prometheus_client psutil filelock && \
+RUN python3 -m pip install --no-cache-dir -U pip && \
+    python3 -m pip install --no-cache-dir \
+        --no-index --find-links=/wheels \
+        -r /job_exporter/requirements.txt && \
-RUN python3 -m pip install --no-cache-dir -U pip && \  
-    python3 -m pip install --no-cache-dir \
-        --no-index --find-links=/wheels \
-        -r /job_exporter/requirements.txt && \
-    python3 -m pip install --no-cache-dir \
-        --no-index --find-links=/wheels \
-        prometheus_client psutil filelock && \
+RUN python3 -m pip install --no-cache-dir -U pip && \
+    python3 -m pip install --no-cache-dir \
+        --no-index --find-links=/wheels \
+        -r /job_exporter/requirements.txt && \
+    rm -rf /wheels
 
+# --------------------------
+# app files
+# --------------------------
+COPY src/Moneo /Moneo
 COPY src/*.py /job_exporter/
+COPY build/moneo-*-exporter_entrypoint.sh ./
diff --git a/src/job-exporter/build/moneo-gpu-exporter_entrypoint.sh b/src/job-exporter/build/moneo-gpu-exporter_entrypoint.sh
@@ -9,7 +9,6 @@ if lsmod | grep -qi amdgpu; then
     echo "AMD Exporter Started!"
 elif lsmod | grep -qi nvidia; then
     echo "NVIDIA Graphics card detected."
-    python3 /update-dcgm.py
     # Launches NVIDIA DCGM Daemon
     nohup nv-hostengine &
     echo "DCGM Daemon Started!"

diff --git a/src/job-exporter/build/update-dcgm.py b/src/job-exporter/build/update-dcgm.py
diff --git a/src/job-exporter/src/Moneo/src/worker/install/amd.sh b/src/job-exporter/src/Moneo/src/worker/install/amd.sh
diff --git a/src/job-exporter/src/Moneo/src/worker/install/common.sh b/src/job-exporter/src/Moneo/src/worker/install/common.sh