[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Condor + Docker?



On 7/11/2014 6:23 PM, Martin BukatoviÄ wrote:
On 07/10/2014 10:47 PM, Greg Thain wrote:
On 07/10/2014 03:39 PM, Branden Timm wrote:
That's great, I hadn't noticed the existing cgroup support in the
documentation.

Moreover there is also support for further filesystem isolation
via bind mounts:

http://osgtech.blogspot.cz/2012/02/file-isolation-using-bind-mounts-and.html


Similar to Docker, HTCondor already leverages a lot of Linux kernel features to provide job isolation on a machine - cgroups (limit ram, cpu), pid namespaces, cpu affinity, bind mounts (useful for giving each job its own /tmp that is cleaned up on job exit), chroot jails, ... a pithy overview of capabilities in this area are in the slides from this presentation at HTCondor Week 2013:

http://research.cs.wisc.edu/htcondor/HTCondorWeek2013/presentations/ThainG_BoxingUsers.pdf

In v8.3.x, we are adding network namespace isolation. And also looking at ways to make it easy for folks using Docker (i.e. a Docker job universe perhaps).

regards,
Todd