- The IMAS environment is compiled in the container, so it uses only publicly available resources (+ source codes from git://git.iter.org)
- This means that
ifort, pgf90, nagfor or matlab are unavailable and these settings are used:IMAS_IFORT=noIMAS_G95=noIMAS_NAGFOR=noIMAS_PGI=noIMAS_MATLAB=noIMAS_MEX=no
- These restrictions result from the requirements of the image building environment, namely:
- (1) either there is a Docker engine running as root
- (2) or there are user namespaces available
- Running Docker engine as root is not an option in a multi-user environment such as the EUROfusion Gateway or ITER cluster
- User namespaces is a feature of Linux kernel 3.8+ which allows isolating a process in a sandbox with the possibility of impersonating root user in the sandbox (however, the whole sandbox is run as a normal user so anything in the sandbox cannot truly escalate privileges)
- Currently, we have neither (1) nor (2) on EUROfusion Gateway and ITER cluster. The image is built elsewhere and cannot make full use of available resources.
- If user namespaces were configured on at least a single machine with IP in the pool of those enabled to use Intel license, then we would be able to build a full IMAS image
|
