[Beowulf] Singularity 1.0 is out
Christopher Samuel
samuel at unimelb.edu.au
Wed May 4 16:43:28 PDT 2016
Hi Jeff,
On 05/05/16 05:18, Jeffrey Layton wrote:
> You may want to reach out to Greg. He has some pretty serious
> reservations about Docker and security.
He's not the only one, hence our interest in Shifter. At least since
Shifter decloaked Docker started using user namespaces so UID 0 inside a
container is not actually UID 0 on the host.
> He can also tell you a bit more about Shifter since NERSC is so
> close to him. From what I've read, Shifter can take Docker
> containers as input and it converts them into something that can
> run safely (I don't know know what the end results looks like).
That's correct:
https://github.com/NERSC/shifter
# Shifter enables container images for HPC. In a nutshell, Shifter
# allows an HPC system to efficiently and safely allow end-users
# to run a docker image. Shifter consists of a few moving parts
# 1) a utility that typically runs on the compute node that creates
# the run time environment for the application
# 2) an image gateway service that pulls images from a registry
# and repacks it in a format suitable for the HPC system (typically
# squashfs)
# 3) and example scripts/plugins to integrate Shifter with various
# batch scheduler systems.
They've also got a Slack channel for Shifter too which is handy.
> Fortunately, I think Shifter has some fairly deep hooks into Slurm
> (I seem to remember you being a Slurm kind of person).
Indeed, I saw Doug talk about Shifter at the Slurm User Group last
September and that's what got me really interested in it, been following
it for a while but a lack of Copious Free Time(tm) has meant I've not
been able to do much yet. But users expressing interest has a way of
helping there.. :-)
> You might also reach out to the Shifter folks at NERSC.
Already there, but if others are interested in Docker in HPC and use
Slurm I'd strongly suggest getting involved.
All the best!
Chris
--
Christopher Samuel Senior Systems Administrator
VLSCI - Victorian Life Sciences Computation Initiative
Email: samuel at unimelb.edu.au Phone: +61 (0)3 903 55545
http://www.vlsci.org.au/ http://twitter.com/vlsci
More information about the Beowulf
mailing list