For the replies. Matlab was an example. I would also like to create to containers for OpenFoam with different versions. Then a user can choose what he actually wants.
I would also like to know, if the technologies you mentioned can be deployed in multinode clusters. Currently, we use Rocks 7. Should I install singularity (or others) on all nodes or just the frontend? And then, can users use "srun" or "salloc" for interactively login to a node and run the container or not? Regards, Mahmood On Thu, Sep 19, 2019 at 8:03 PM Michael Jennings <m...@lanl.gov> wrote: > > Docker is the wrong choice for HPC, at least today. But Podman, from > Red Hat's CRI-O project, is a drop-in replacement for Docker which > doesn't use the client-server model of Docker and therefore addresses > many of the challenges with trying to run Docker for HPC user jobs. > > There's also LANL's Charliecloud, which is a highly optimized > container runtime that (unlike the other options in this space, save > Podman) DOES NOT require any root privileges whatsoever, not even at > install time. For (hopefully obvious) security reasons, you are far > safer using one of the unprivileged options. > > Here at Los Alamos, we use both Charliecloud and Podman/Buildah along > with the Spokeo and umoci tools. While we do not permit Singularity > on our systems for security reasons and don't run Shifter because it > requires privilege, we have had Charliecloud deployed and actively > used on both our Classified and Open Science systems for well over a > year now, and we are in the process of getting Podman/Buildah and > friends into the Secure systems as we speak. > > (Note that all of the above require RHEL7 or higher; if you need RHEL6 > support, you'll want to check out Shifter.) > > Here are some videos of talks that might help you get up-to-speed on > this subject: > > "LISA18 - Containers and Security on Planet X" > (https://youtu.be/F3qCvZMzUtE) - Why containers matter for HPC, what > makes HPC so different from the typical Docker/AppC use cases, and how > to choose the right solution for your site. > > "Charliecloud - Unprivileged Containers for HPC" > (https://youtu.be/ESsZgcaP-ZQ) - What containers actually are under > the hood, how they work, what they are good for, and how to get up and > running with Charliecloud in under 5 minutes. > > "Container Mythbusters" (https://youtu.be/FFyXdgWXD3A) - Dispelling > common misconceptions and debunking propaganda around containers, > container runtime security, and when/how you should (and should NOT) > use containers. > > Hope those help! > Michael > > -- > Michael E. Jennings <m...@lanl.gov> > HPC Systems Team, Los Alamos National Laboratory > Bldg. 03-2327, Rm. 2341 W: +1 (505) 606-0605 > >
