[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] HTCondor OCI Support?

> On May 18, 2018, at 7:40 PM, Oliver Freyermuth <freyermuth@xxxxxxxxxxxxxxxxxx> wrote:
> Dear experts,
> reading through the slides from HEPiX:
> https://indico.cern.ch/event/676324/contributions/2981843/attachments/1651270/2641144/TannenbaumT_WhatsNew_HEPiX_Spring_2018.pdf
> I find a lot of mentioning of Singularity and Docker, but wonder whether it would not be significantly easier
> and future-proof to implement OCI support? 
> Singularity is also adding OCI compatibility, and Docker already has that with Docker-runc. It would hopefully allow
> to get rid of a lot of specialties. 
> Any plans on this? 

Yes, we are looking at this. 

> Also, the talk sadly does not mention that while Singularity can be executed without setuid root on modern OS,

Yep. Actually I did mention this during the talk, and it is also mentioned in the slides as well. 

> condor_ssh_to_job fails in that environment, and especially interactive jobs are a strong point in the container world. 

Agree completely.  The current v8.7 HTCondor supports condor_ssh_to_job with Docker universe, and we expect it to work with singularity for the next release. 

> It would be nice if there would be a working setup not requiring privileges either in form of a root-owned daemon or setuid root binaries,

Agree again, we will make a point of testing it all out with non-root. However we also need to make certain it works with âolderâ distros like rhel7 (and rhel6) plus root since (unfortunately) much of the community is stuck running these distros for years to come. 

Best regards

> and I don't see a hard technical "blocker" for that. 
> Having
> https://bugzilla.redhat.com/show_bug.cgi?id=1522992 and 
> https://bugzilla.mindrot.org/show_bug.cgi?id=2813
> solved would certainly help, but one could surely workaround those. 
> Cheers,
>    Oliver
> _______________________________________________
> HTCondor-users mailing list
> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/htcondor-users/