[arvados-dev] Docker image for Crunch jobs

Brett Smith brett at curoverse.com
Mon Apr 7 10:29:53 EDT 2014


I just pushed the 2492-docker-crunch-jobs branch to git. It has the
recipe to build a Docker image that has all the base software necessary
to install and run a Crunch job. It's intentionally minimalistic because
in the future I'd like for Crunch jobs to be able to specify their own
Dockerfiles that use this image as a base, adding only the software and
configuration necessary for their specific job. But even this is enough
to install a script and run it with arv-crunch-job.

One quirk about the current recipe is that the Docker image has to be
run in privileged mode. arv-crunch-job automatically mounts Keep, and
Docker's default security policy will prohibit this mount. Longer-term,
I wonder if it would make sense for the parent compute node to mount
Keep and make it available to the job container as a volume.

If we'd like to make this usable as quickly as possible, probably the
best way to do that would be to add Dockerfiles as a new installation
path in crunch-job. Much like it looks for install scripts in the
repository, if it sees a Dockerfile, it should build that image and run
the job inside it. The code for that is relatively straightforward; the
hard part of this would be setting up Docker on the compute nodes, and
thinking through the configuration to make it robust.

We could also decide to roll that work into the larger Crunch v2 effort.

After thinking it over some, I do think that this is the right layer to
introduce Docker at; or at least, this is the layer where we need to be
able to prepare and run customized Docker images. If we try to make this
image's responsibilities part of a larger Docker container, we're
introducing space where users have to worry that their customizations
might interfere with Arvados' general operations, which is something we
should avoid. We can still containerize the compute nodes; we should
just keep it separate from this work.

I'm interesting in hearing other folks' thoughts about where work should
be focused next.

-- 
Brett Smith
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.arvados.org/pipermail/arvados-dev/attachments/20140407/958c44f5/attachment.html>


More information about the Arvados-dev mailing list