Re: [OMPI users] Docker Cluster Queue Manager

[dani]

For provisioning, I personally use xCAT, which just started supporting docker http://xcat-docs.readthedocs.io/en/stable/advanced/docker/lifecycle_management.html Together with slurm elastic computing feature http://xcat-docs.readthedocs.io/en/stable/advanced/docker/lifecycle_management.html this could be a poor man's solution. I'm not sure how convenient xCAT would be to maintain non-unix ids. Frankly, I'm still not sure of your requirements in that regard. On 04/06//2016 16:01, Rob Nagler wrote: Hi Daniel, Thanks.  Shifter is also interesting. However, it assumes our users map to a Unix user id, and therefore the access to the shared file system can be controlled by normal Unix permissions. That's not scalable, and makes for quite a bit of complexity. Each node must know about each user so you have to run LDAP or something similar. This adds complexity to dynamic cluster creation. Shifter runs in a chroot, not an cgroup, context. For a supercomputer center with an application process to get an account, this works fine. For a web application with no "background check", it's more risky. At NERSC, you don't have the bad actor problem. Web apps do, and all it takes is one local exploit to escape chroot. Docker/cgroups is safer, and the focus on improving Linux security is on cgroups these days, not chroot "jails". Shifter also does not solve the problem of queuing dynamic clusters. SLURM/Torque, which Shifter relies on, does not either. This is probably the most difficult item. StarCluster does solve this problem, but doesn't work on bare metal, and it's not clear if it is being maintained any more.  Rob _______________________________________________ users mailing list us...@open-mpi.org Subscription: https://www.open-mpi.org/mailman/listinfo.cgi/users Link to this post: http://www.open-mpi.org/community/lists/users/2016/06/29366.php

smime.p7s
Description: S/MIME Cryptographic Signature