Note about container

From Hall A Wiki
Revision as of 22:33, 13 April 2018 by Zwzhao (Talk | contribs) (docker)

Jump to: navigation, search

questions and comments should go to Zhiwen Zhao zwzhao at jlab.org

singularity

  • warning
    • if you are running singularity-2.4.x on a centos7.2 host, you could have kernel panic if you use ROOT TMD5 and share your host dir
  • installation
    • refer to installation instruction and the latest version is recommend.
    • singularity-2.4.x can run singularity-2.3.x images and has many new features and we should use it instead of 2.3.x whenever possible
    • On redhat-kind linux, build an rpm first and install it. at least "squashfs-tools,automake,rpm-build,libtool" are needed to build it.
    • On windows and Mac, the official way just running a small linux virtual machine with virtualbox, but the virtual machine is not good for graphic application. The better alternative is to use a good but not so small linux virtual machine. If you have one already, use it. If not, see below to download an existing one.
  • singularity at jlab as 2018/03/13
    • jlab farm and ifarm has singularity-2.3.1 installed as default, it's too old, don't use it.
    • other version is installed by "module", check what's available at /usr/local/singularity/ and try to use the latest one. for example, load by "module load singularity-2.4.4" to use it, or stop using it by "module rm singularity-2.4.4"
    • use ifarm1401 which auto bind "/u /w /group /work /cache /volatile /scratch" into any container by default
  • test singularity
    • cd some_where_with_enough_space
    • "setenv http_proxy http://jprox.jlab.org:8082" "setenv https_proxy http://jprox.jlab.org:8082" if you are on jlab ifarm
    • setenv SINGULARITY_CACHEDIR ./ (change cache dir from default ~/.singularity, MUST do at jlab ifarm with very limited space at home)
    • singularity pull docker://godlovedc/lolcow
    • singularity run lolcow.img
    • setenv PYTHONHTTPSVERIFY 0 (sometime needed to bypass singularity hub certificate check)
    • singularity pull shub://GodloveD/lolcow
    • singularity run GodloveD-lolcow-master-latest.simg
  • note
    • when singularity pull docker image, it pull and build singularity image right away. It can fail sometime because docker image are made as root user. you have to singularity pull with sudo

docker

  • at linux in general
    • share your current dir in container with option "-v $PWD:$PWD"
    • use graphic in container with host's Xwindows like this "sudo docker run -it -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix --ipc=host container_name"
    • use graphic in container with container's Xwindows
      • install x11docker
      • make sure the container image has fluxbox and xterm installled
      • x11docker --desktop --sharedir $PWD container_name fluxbox
      • right click on the fluxbox window and open xterm
  • at centos
    • install the new version 17.* from docker repo, not old 1.* from centos extras repo
    • you have to run start docker daemon first [see how to start and auto start it https://docs.docker.com/config/daemon/systemd/], then run "sudo docker run hello-world" to test
    • if your host is within jlab network but not jlab level1 or level2 linux, mostly likely you will encounter error like "x509: certificate signed by unknown authority" because jlab gateway hijack site certificate with its own. We can solve this by mimic a jlab maintained system as follows
      • do "yum install jlabca", if it fixed the problem, ignore steps below
      • copy all files under /etc/pki/ca-trust/source/anchors/ from a jlab system like ifarm to your system
      • run "update-ca-trust","service docker stop","service docker start" as root
      • refer to https://github.com/moby/moby/issues/8849 for some discussion
    • images are at /var/lib/docker/overlay2
  • at windows
  • at Mac
    • need OSX Yosemite 10.10.3 or above
    • virtualbox can work on the same machine where docker is installed
  • release space by https://stackoverflow.com/questions/44288901/how-to-force-docker-to-release-storage-space-after-manual-delete-of-file-in-volu

a good linux virtual machine to run singularity and docker

  • a good linux virtual machine to run singularity and docker, centos7 made with virtualbox
    • download and install virtualbox https://www.virtualbox.org/wiki/Downloads
    • It's nice, but not a must, to run singularity image in shared folder because it keeps the virtual machine size small. Vmware's shared folder doesn't work for this, but virtualbox does
    • download the machine at http://webhome.phy.duke.edu/~zz81/package/CentOS7_20180303.ova (a centos7 64bit with latest update on 20180303 and singularity-2.4.2 and latest docker installed)
    • import the virtual machine into virtualbox refer to [https://askubuntu.com/questions/588426/how-to-export-and-import-virtualbox-vm-images
    • boot up the linux virtual machine and login with user name "user" without password, just you know root password is "111111"
    • use the installed singularity and docker, or update docker by yum or singularity by compile from source if you want
    • set up a shared folder with name "share" in the machine setting and put any singularity images into the shared folder on host
    • mount the shared folder "sudo mount -t vboxsf -o uid=$uid,gid=$gid share share" and use /home/user/share" as your working dir
Retrieved from "https://hallaweb.jlab.org/wiki/index.php?title=Note_about_container&oldid=34696"