Versions Compared

Old Version 7

changes.mady.by.user Unknown User (tzok)

Saved on

compared with

New Version Current

changes.mady.by.user Bartłomiej Pogodziński

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Repository

The repository https://gitlab.eufus.psnc.pl/containerization/imas/imas-installer contains instructions on how to build the container by yourself using script. Instructions below are more in-depth if you wish to build more custom IMAS container.

Introduction

  • This document describes how to build a Docker image with IMAS environment
  • The build is divided into several steps, each in a separate executable file with sequential naming convention: 01-base02-ual03-kepler04-fc2k05-gui, 06-intel-mpi-mkl and 07-save
  • Steps 2, 3 and 4 require access to a private SSH key to query git://git.iter.org
  • The result of step 4 is a usable image with IMAS, Kepler and FC2K
  • Step 5 is optional, it adds on top of Step 4 the GUI libraries and configurations to work with the container via VNC (remote desktop)
  • Step 6 is optional, it adds Intel libraries
  • Step 7 exports the result of step 4 and 5 into image archives (these can be transferred and loaded by Docker daemon or uDocker executable)
Warning
titleLimitations
  • The IMAS environment is compiled in the container, so it uses only publicly available resources (+ source codes from git://git.iter.org)
  • This means that ifort, pgf90, nagfor or matlab are unavailable and these settings are used:
    • IMAS_IFORT=no
    • IMAS_G95=no
    • IMAS_NAGFOR=no
    • IMAS_PGI=no
    • IMAS_MATLAB=no
    • IMAS_MEX=no
  • These restrictions result from the requirements of the image building environment, namely:
    • (1) either there is a Docker engine running as root
    • (2) or there are user namespaces available
  • Running Docker engine as root is not an option in a multi-user environment such as the EUROfusion Gateway or ITER cluster
  • User namespaces is a feature of Linux kernel 3.8+ which allows isolating a process in a sandbox with the possibility of impersonating root user in the sandbox (however, the whole sandbox is run as a normal user so anything in the sandbox cannot truly escalate privileges)
  • Currently, we have neither (1) nor (2) on EUROfusion Gateway and ITER cluster. The image is built elsewhere and cannot make full use of available resources.
  • If user namespaces were configured on at least a single machine with IP in the pool of those enabled to use Intel license, then we would be able to build a full IMAS image

Buildah

  • The building procedure is based on buildah
  • It is a standard-compliant tool which allows building container images

...

  • You can build the image rootless when these requirements are met:

    • A kernel with support for User Namespaces (CONFIG_USER_NS) must be present

    • A sysctl setting must be present kernel.unprivileged_userns_clone = 1

    • Create /etc/subuid and /etc/subgid with the following content (replace LOGIN with a login of user able to build containers)

      LOGIN:100000:65536

Building procedure

Repository

  • The building procedure is available in a version-controlled repository:

    git clone ssh://git@git.iter.org/imex/imas-container.git

...

  • All parameters are placed in config file
  • By default, almost all of the parameters' values are blank, which means that the image builder will determine the latest released tag (for each component separately) and use it automatically
  • If you want to enforce a specific tag or branch, please edit the config file accordingly

...

# step 2, 3 and 4 will ask for SSH private key
./01-base           # from ubuntu/bionic creates imas/base
./02-ual            # from imas/base creates imas/ual
./03-kepler         # from imas/ual creates imas/kepler
./04-fc2k           # from imas/kepler creates imas/fc2k

./05-gui            # (optional) from imas/fc2k creates imas/gui (adds XFCE via VNC)
./06-intel-mpi-mkl  # (optional) from imas/fc2k creates imas/mpi (adds Intel's MPI and MKL libraries)

./07-save           # stores imas/fc2k and imas/gui as archive files in /tmp/

...

titleLimitations

...