yotann/README.md

## README.md

      
    Raw
  

              README.md
            
          
    Running udocker on HTCondor

This script demonstrates how to run Docker containers
on an HTCondor cluster that doesn't have Docker installed,
by using udocker
to run them in userspace.
udocker has limited compatibility with many images,
depending on what you're trying to run.
In particular, you can't run sudo or change users inside the container.
As an alternative to udocker, you may be able to use
Singularity
if your cluster has it installed.

  
## test_udocker.job
universe = vanilla
executable = test_udocker.sh
should_transfer_files = yes

# Save output from the job.
output = test_udocker.out.$(Cluster).$(Process)
error = test_udocker.err.$(Cluster).$(Process)
log = test_udocker.log.$(Cluster).$(Process)

# This is only required if you use udocker's "S1" execution mode.
requirements = HasSingularity

# 1 CPU core, 1GB RAM, 100MB disk space
request_cpus = 1
request_memory = 1000
request_disk = 100000

# Start one job.
queue 1

## test_udocker.sh
#!/bin/sh
set -e

if [ $BATCH_SYSTEM != HTCondor ]; then
  echo "Run this job using condor_submit test_udocker.job"
  exit 1
fi

# We start in a temporary directory. HTCondor puts the job's input files here,
# and expects to find the job's output files here.
JOBDIR=$PWD

# HTCondor doesn't set HOME. /home/$(whoami) is available on some nodes but not
# others.
export HOME=$JOBDIR

# Install udocker
if ! [ -e "$HOME/udocker/udocker" ]; then
  git clone "https://github.com/indigo-dc/udocker" "$HOME/udocker"
fi
export PATH=$HOME/udocker:$PATH
if ! [ -d "$HOME/.udocker/bin" ]; then
  udocker install
fi

# Use the copy of runc that udocker installs.
export UDOCKER_USE_RUNC_EXECUTABLE=UDOCKER

# Set the execution mode (see udocker setup --help).
#
# This may need some trial and error depending on what image you're trying to
# use. I've found that S1 works best when singularity is available.
# Otherwise, I use P1.
export UDOCKER_DEFAULT_EXECUTION_MODE=S1

# Pull an image
udocker pull alpine:latest

# Run a command!
udocker run --rm alpine:latest echo "Hi from Docker!"

## zzz-container-script.sh
#!/bin/sh

# Depending on what your container does,
# it might get confused about what user it's running as.
# I run this script *inside* the container
# to fix things up, so I can run an SSH server.
# In order for this to work, the Dockerfile has to create a user named "user".

export USER=user
export HOME=/home/user
cd "$HOME"

# Fix /etc/passwd to match whatever UID we happen to be using.
if [ -w /etc/passwd ]; then
  # Replace bad entries with the correct ones.
  cp /etc/group /etc/passwd ./
  sed -i -e "/^user:\|:$(id -u):/d" passwd
  sed -i -e "/^user:\|:$(id -g):/d" group
  echo "user:x:$(id -u):$(id -g):user:$HOME:" >> passwd
  echo "user:x:$(id -g):" >> group

  # When using udocker with singularity, we can't replace /etc/passwd, but we
  # can rewrite it.
  truncate -s 0 /etc/group /etc/passwd
  cat passwd >>/etc/passwd
  cat group >>/etc/group
fi

# Prevent programs from modifying /
if [ -w / ]; then
  chmod 555 /
fi
	universe = vanilla
	executable = test_udocker.sh
	should_transfer_files = yes

	# Save output from the job.
	output = test_udocker.out.$(Cluster).$(Process)
	error = test_udocker.err.$(Cluster).$(Process)
	log = test_udocker.log.$(Cluster).$(Process)

	# This is only required if you use udocker's "S1" execution mode.
	requirements = HasSingularity

	# 1 CPU core, 1GB RAM, 100MB disk space
	request_cpus = 1
	request_memory = 1000
	request_disk = 100000

	# Start one job.
	queue 1
	#!/bin/sh
	set -e

	if [ $BATCH_SYSTEM != HTCondor ]; then
	echo "Run this job using condor_submit test_udocker.job"
	exit 1
	fi

	# We start in a temporary directory. HTCondor puts the job's input files here,
	# and expects to find the job's output files here.
	JOBDIR=$PWD

	# HTCondor doesn't set HOME. /home/$(whoami) is available on some nodes but not
	# others.
	export HOME=$JOBDIR

	# Install udocker
	if ! [ -e "$HOME/udocker/udocker" ]; then
	git clone "https://github.com/indigo-dc/udocker" "$HOME/udocker"
	fi
	export PATH=$HOME/udocker:$PATH
	if ! [ -d "$HOME/.udocker/bin" ]; then
	udocker install
	fi

	# Use the copy of runc that udocker installs.
	export UDOCKER_USE_RUNC_EXECUTABLE=UDOCKER

	# Set the execution mode (see udocker setup --help).
	#
	# This may need some trial and error depending on what image you're trying to
	# use. I've found that S1 works best when singularity is available.
	# Otherwise, I use P1.
	export UDOCKER_DEFAULT_EXECUTION_MODE=S1

	# Pull an image
	udocker pull alpine:latest

	# Run a command!
	udocker run --rm alpine:latest echo "Hi from Docker!"
	#!/bin/sh

	# Depending on what your container does,
	# it might get confused about what user it's running as.
	# I run this script inside the container
	# to fix things up, so I can run an SSH server.
	# In order for this to work, the Dockerfile has to create a user named "user".

	export USER=user
	export HOME=/home/user
	cd "$HOME"

	# Fix /etc/passwd to match whatever UID we happen to be using.
	if [ -w /etc/passwd ]; then
	# Replace bad entries with the correct ones.
	cp /etc/group /etc/passwd ./
	sed -i -e "/^user:\\|:$(id -u):/d" passwd
	sed -i -e "/^user:\\|:$(id -g):/d" group
	echo "user:x:$(id -u):$(id -g):user:$HOME:" >> passwd
	echo "user:x:$(id -g):" >> group

	# When using udocker with singularity, we can't replace /etc/passwd, but we
	# can rewrite it.
	truncate -s 0 /etc/group /etc/passwd
	cat passwd >>/etc/passwd
	cat group >>/etc/group
	fi

	# Prevent programs from modifying /
	if [ -w / ]; then
	chmod 555 /
	fi