Thread 'Docker on Linux'

Author	Message
computezrmle Volunteer moderator Project tester Volunteer developer Volunteer tester Help desk expert Send message Joined: 28 Jul 16 Posts: 519 Credit: 400,710 RAC: 0	Message 8614 - Posted: 25 Mar 2025, 12:53:28 UTC Some adjustments that need to be confirmed I'm using podman instead of docker, so some options may be different. The systemd service file for boinc needs this line: RuntimeDirectory=user/%n It avoids errors like: running docker command: ps --all --filter "name=boinc__lhcathomedev.cern.ch_lhcathome-dev__theory_2848-4462726-32_0" time="2025-03-25T06:57:08+01:00" level=warning msg="RunRoot is pointing to a path (/run/user/1001/containers) which is not writable. Most likely podman will fail." in job*.toml I added/modified build_args = "--layers --squash-all" create_args = "-v /cvmfs:/cvmfs:shared" The build_args avoid the local image being build from scratch every time after a short break between tasks. Not yet tested if there are unwanted side effects. create_args runs without "--cap-add=SYS_ADMIN" "--device /dev/fuse" if "chmod go+w /cvmfs" is set on the host. This works, if CVMFS from the host is used. Not yet tested, if it also works with CVMFS in the container being used. Not tested on Windows. ID: 8614 · Rating: 0 · rate: / Reply Quote

Toby Broom Send message Joined: 19 Aug 15 Posts: 67 Credit: 3,637,785 RAC: 24	Message 8617 - Posted: 26 Mar 2025, 8:49:32 UTC Last modified: 26 Mar 2025, 8:52:20 UTC got 2 that worked: https://lhcathomedev.cern.ch/lhcathome-dev/result.php?resultid=3391288 https://lhcathomedev.cern.ch/lhcathome-dev/result.php?resultid=3391371 didn use proxy though ID: 8617 · Rating: 0 · rate: / Reply Quote

computezrmle Volunteer moderator Project tester Volunteer developer Volunteer tester Help desk expert Send message Joined: 28 Jul 16 Posts: 519 Credit: 400,710 RAC: 0	Message 8618 - Posted: 26 Mar 2025, 9:17:28 UTC - in response to Message 8617. In reply to Toby Broom's message of 26 Mar 2025: got 2 that worked: https://lhcathomedev.cern.ch/lhcathome-dev/result.php?resultid=3391288 https://lhcathomedev.cern.ch/lhcathome-dev/result.php?resultid=3391371 didn use proxy though +1 Your log tells you this: "Using CVMFS on the host." Hence, you need to configure the CVMFS on the host to use your local Squid. Check if this is set in /etc/cvmfs/default.local: CVMFS_HTTP_PROXY="http://your_proxy_name_or_IP:port;DIRECT" Then (while no container is running) run on the host "sudo cvmfs_config reload". To forward the proxy to your containers, set the container environment as described here: https://lhcathomedev.cern.ch/lhcathome-dev/forum_thread.php?id=682&postid=8607 ID: 8618 · Rating: 0 · rate: / Reply Quote

computezrmle Volunteer moderator Project tester Volunteer developer Volunteer tester Help desk expert Send message Joined: 28 Jul 16 Posts: 519 Credit: 400,710 RAC: 0	Message 8619 - Posted: 26 Mar 2025, 9:25:11 UTC - in response to Message 8614. In reply to computezrmle's message of 25 Mar 2025: create_args runs without "--cap-add=SYS_ADMIN" "--device /dev/fuse" if "chmod go+w /cvmfs" is set on the host. This works, if CVMFS from the host is used. Not yet tested, if it also works with CVMFS in the container being used. Was testing this back and forth. Unfortunately we can't avoid "--cap-add=SYS_ADMIN" and "--device /dev/fuse" when CVMFS inside the container should be used. Hence, to simplify deployment both option should remain in the *.toml file. create_args = "--cap-add=SYS_ADMIN --device /dev/fuse -v /cvmfs:/cvmfs:shared" ID: 8619 · Rating: 0 · rate: / Reply Quote

Toby Broom Send message Joined: 19 Aug 15 Posts: 67 Credit: 3,637,785 RAC: 24	Message 8627 - Posted: 26 Mar 2025, 18:21:08 UTC - in response to Message 8618. Last modified: 26 Mar 2025, 18:22:23 UTC I guess auto does not work then. I did the second part: env = [ "http_proxy=192.168.1.179:3128", "https_proxy=192.168.1.179:3128", "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ] ID: 8627 · Rating: 0 · rate: / Reply Quote

computezrmle Volunteer moderator Project tester Volunteer developer Volunteer tester Help desk expert Send message Joined: 28 Jul 16 Posts: 519 Credit: 400,710 RAC: 0	Message 8628 - Posted: 26 Mar 2025, 18:39:52 UTC - in response to Message 8627. Last modified: 26 Mar 2025, 19:12:50 UTC In reply to Toby Broom's message of 26 Mar 2025: I guess auto does not work then. I did the second part: env = [ "http_proxy=192.168.1.179:3128", "https_proxy=192.168.1.179:3128", "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ] Right, "auto" is not supported. At least not yet. ATM only the classical method is supported: 1. Define an environment variable, here: http_proxy=http://proxy:port 2. Export that variable, here via containers.conf 3. Create a script inside the container that reads the variable and does the necessary steps here: add CVMFS_HTTP_PROXY="http://proxy:port;DIRECT" to /etc/cvmfs/default.local The script is already available in the Linux app_version. The Windows app_version just needs an update. Edit: @Toby Broom You set "http_proxy=192.168.1.179:3128" instead of "http_proxy=http://192.168.1.179:3128". for https it must be "https_proxy=http://192.168.1.179:3128" (sic!) Due to the missing protocol CVMFS can't use the proxy and falls back to DIRECT. ID: 8628 · Rating: 0 · rate: / Reply Quote

Toby Broom Send message Joined: 19 Aug 15 Posts: 67 Credit: 3,637,785 RAC: 24	Message 8647 - Posted: 27 Mar 2025, 18:18:24 UTC I changed the format and it detects now. There is sort of a weired mix of results, they all seem like they worked but some have errors. https://lhcathomedev.cern.ch/lhcathome-dev/result.php?resultid=3391532 https://lhcathomedev.cern.ch/lhcathome-dev/result.php?resultid=3391544 ID: 8647 · Rating: 0 · rate: / Reply Quote

Toby Broom Send message Joined: 19 Aug 15 Posts: 67 Credit: 3,637,785 RAC: 24	Message 8769 - Posted: 23 Apr 2025, 19:47:44 UTC this didn't work for some reason https://lhcathomedev.cern.ch/lhcathome-dev/result.php?resultid=3398968 ID: 8769 · Rating: 0 · rate: / Reply Quote

Development for LHC@home