HTCondor Jobs In Containers

From GridPP Wiki
Jump to: navigation, search

This page explains two methods of running LHC jobs in SL6 containers using HTCondor with SL7 worker nodes.

Docker

The SL7 or Centos7 worker nodes should have:CVMFS, HTCondor, Docker engine, CA certs and fetch-crl installed. Usually autofs is used with CVMFS but this will not work with Docker - you will likely get errors of the form:

ls: cannot open directory /cvmfs/cms.cern.ch: Too many levels of symbolic links

Each CVMFS repository must be mounted manually, e.g.

mount -t cvmfs grid.cern.ch /cvmfs/grid.cern.ch
mount -t cvmfs grid.cern.ch /cvmfs/cms.cern.ch

Add the condor user to the Docker group:

usermod -G docker condor

Some additional HTCondor configuration required in order to automatically bind mount CVMFS and /etc/grid-security into all Docker containers run by HTCondor:

DOCKER_MOUNT_VOLUMES=CVMFS, GRID_SECURITY, PASSWD, GROUP
DOCKER_VOLUMES=CVMFS, GRID_SECURITY
DOCKER_VOLUME_DIR_CVMFS=/cvmfs:/cvmfs:ro
DOCKER_VOLUME_DIR_GRID_SECURITY=/etc/grid-security:/etc/grid-security:ro
DOCKER_VOLUME_DIR_PASSWD=/etc/passwd:/etc/passwd:ro
DOCKER_VOLUME_DIR_GROUP=/etc/group:/etc/group:ro

Here we also bind mount /etc/passwd and /etc/group into the containers so that pool accounts are available. The pool accounts must be configured on the host.

In order for glexec to work, the glexec, lcas and lcmaps config files should be installed on the worker node hosts so that they can be bind mounted into the containers. The HTCondor config should be in this case:

DOCKER_MOUNT_VOLUMES=CVMFS, GRID_SECURITY, PASSWD, GROUP, GLEXEC, LCAS, LCMAPS
DOCKER_VOLUMES=CVMFS, GRID_SECURITY
DOCKER_VOLUME_DIR_CVMFS=/cvmfs:/cvmfs:ro
DOCKER_VOLUME_DIR_GRID_SECURITY=/etc/grid-security:/etc/grid-security:ro
DOCKER_VOLUME_DIR_PASSWD=/etc/passwd:/etc/passwd:ro
DOCKER_VOLUME_DIR_GROUP=/etc/group:/etc/group:ro
DOCKER_VOLUME_DIR_GLEXEC=/etc/glexec.conf:/etc/glexec.conf:ro
DOCKER_VOLUME_DIR_LCAS=/etc/lcas/lcas-glexec.db:/etc/lcas/lcas-glexec.db:ro
DOCKER_VOLUME_DIR_LCMAPS=/etc/lcmaps/lcmaps-glexec.db:/etc/lcmaps/lcmaps-glexec.db:ro

Singularity