...
- Needs someone that he could show the pipeline code and train to do heavy lifting when it comes to kicking the pipeline
- Docker containers for something like the batch system may cause some problems, since
- For something like the L1 pipeline, a number of images would need to be launched simultaneously
- Would size of the software cause problems with deployment?
- We would need a system where you restrict loading images to the batch farm to prevent collisions/problems
- There is probably a precedent for this, however, Matt has no experience deploying on this scale
- File size of ~1 GB is best, a few is manageable for production.
- IT dept supportive of docker@SLAC. There is 1 machine with RHEL7
- Lyon is a much larger computing center - likely they will upgrade to Docker first
Now full support for Docker at Lyon (Fred)
Joris : Lyon wants to use Singularity because they have security issues with UGE + Docker.
Infrastructure:
...
...
- Use right docker (UID issues w/security)
...
- AFS on RHEL6 docker
- read files if world readable.
- NFS is hardest.
...
- RHEL7 support is dodgy.
- Configuration stuff is hard part
Software dependencies
...
- GPL_TOOLS (staging and logging)
- REPRO common tools
- REPRO task scripts
- GlastRelease
- ScienceTools
- GLAST_EXT software (e.g., python, root)
- Ftools (KIPAC installation)
- ROOT skimmer
- FITS skimmer (possibly unnecessary?)
- evtClassDefs
- calibration and alignment files
- diffuse models
- xroot tools
- xroot /glast/Scratch space
- /scratch on local batch machines
- data catalog query (FT2 file and current version of FITS files)
- mySQL DB (calibration and alignment)
- Fermi astrotools (could probably eliminate)
...
| Farm | Node OS | Network FS | VMs | Container |
|---|---|---|---|---|
| SLAC | RHEL6 | AFS / NFS | No (never says Brian) | Docker |
| CC-IN2P3 | RHEL6 and CentOS7 | AFS to be phased out, CVMFS | A OpenStack Cloud is running but not for production | ?Docker full support, but looking into Singularity |
| GRID sites | mostly RHEL6, a few CentOS7 | many have CVMFS | no | ? |
- Notes for the SLAC farm
- Last purchase went into dev cluster
- many nodes @RHEL6, upgrade to RHEL7 and doing docker with this
- Still figuring out NFS/AFS sorted out with RHEL7. GPFS?
- It's good to come up with a plan because of security implications if NFS underneath.
- Use right docker (UID issues w/security)
- SLAC has a few nodes for testing docker.
- AFS on RHEL6 docker
- read files if world readable.
- NFS is hardest.
- Timeline for RHEL7, 12mo? 2018? (Matt)
- RHEL7 support is dodgy.
- Configuration stuff is hard part
- Last purchase went into dev cluster
- Notes for CC-IN2P3
- Now full support for Docker at Lyon (Fred)
Joris : Lyon wants to use Singularity because they have security issues with UGE + Docker.
...
Questions
- Joris : Is there some security issues with LSF & Docker (https://developer.ibm.com/storage/2017/01/09/running-ibm-spectrum-lsf-jobs-in-docker-containers/ )
- Joris : We need to verify the compatibility between Singularity ( Lyon CC ) and Docker
- etc.
...