-
Notifications
You must be signed in to change notification settings - Fork 63
config reference
udiRoot.conf is read by shifter and most other related shifter utilities within the udiRoot component. Unless udiRoot is built enabling particular options udiRoot.conf must be owned by root, but readable by all users, or at least all users you want accessing shifter.
The file configuration format is a basic key=value, however space seperated strings can be used for multiple options. Multiple lines can be used if the final character on the line is ''. Items cannot be quoted to allow spaces within the configuration option.
Absolute path to where shifter should generate a mount point for its own use. This path to this should be writable by root and should not be in use for other purposes.
Recommended value: /var/udiMount
Absolute path to where shifter should mount loop device filesystems. This path should be writable by root and should not be in use for other purposes.
Recommended value: /var/udiLoopMount
Absolute path to where shifter can find images. This path should be readable by root. This path should be visible by all nodes in the system. It may be possible to use some kind of rsyncing method to have this path be local on all systems, but that may prove problematic if a user attempts to use an image while it is being rsynced. Recommend using GPFS or lustre or similar.
Absolute path (can be a symlink) to where current version of udiRoot is installed. This path is used to find all needed shifter-specific utilities (shifter, shifterimg, setupRoot, unsetupRoot, mount, etc).
Recommended value: /opt/shifter/default
Script to be run before bind-mounting the siteFs filesystems. This script
needs to be root owned and executable by root. It should create any directories
on the path to the mount point, but not the mount point itself (e.g.,
mkdir -p global
but not
mkdir -p global/u1
if your siteFs path is /global/u1
)
Note that the script is executed within your udiMount directory and so all your paths within the script should be relative to that.
Recommended value: /etc/opt/nersc/udiRoot/premount.sh
Script to be run after bind-mounting the siteFs filesystems. This script need to be root owned and executable by root. It should do any work required after performing the mounts, e.g., generating a symlink.
Note that the script is executed within your udiMount directory and so all your paths within the script should be relative to that.
Recommended value: /etc/opt/nersc/udiRoot/postmount.sh
Absolute path to the udiImage directory to be bind-mounted onto /opt/udiImage. This is typically pre-built with shifter to include an sshd, but you could add other things if you so desire.
Recommended value: /opt/shifter/udiRoot/default/deps/udiImage
Absolute path to the files you want copied into /etc for every container. This path must be root owned (including the files within), and it must contain, at minimum, nsswitch.conf, passwd, group.
Note that any files you put in this path will override whatever the user included in their image.
Recommended value: /opt/shifter/default/etc_files
shifter can be used to construct a "container" out a of local path instead of a loop device filesystem. This can be useful if you have an unpacked layer you want to examine, or to enable shifter services within an existing path. Setting to 1 will allow this path-specified shifting, 0 will not.
This must be enabled if the "ccm" emulation mode is desired. (ccm emulation
is effectively done with shifter --image=local:/
within the SLURM integration.
Flag to determine if kernel modules can be automatically loaded by shifter if required. This is typically limited to loop, squashfs, ext4 (and its dependencies)
Recommend 0 if you already load loop, squashfs, and ext4 as part of node bootup process.
Recommend 1 if you want to let shifter load them for you.
Flag to remount the udiMount VFS read-only after setup. This is typically only needed for debugging, and should usually be set to 1.
Recommended value: 1
Maximum number of groups to allow. If the embedded sshd is being used, then this should be set to 31. This is used when preparing the /etc/group file, which is a filtered version of the group file you provide to shifter. The filtering is done because the libc utilities for parsing an /etc/group file are typically more limited than the LDAP counterparts. Since LDAP is not usable within shifter, a filtered group file is used.
Recommended value: 31
Absolute path to known-good modprobe
Absolute path to known-good insmod
Absolute path to known-good cp
Absolute path to known-good mv
Absolute path to known-good chmod
The filesystem type to use for setting up the shifter VFS layer. This is typically just tmpfs. On cray compute nodes (CLE 5.2), tmpfs will not work, instead use rootfs. rootfs is only known to work in the CLE environment.
Recommended value: tmpfs
Time in seconds to wait for the imagegw to respond before failing over to next (or failing).
Optional absolute path to where kernel modules are accessible -- up-to-but-not-including the kernel version directory. On many systems this will be /lib/modules, on Cray systems where kernel modules are built as part of the installation process, point to where you installed them (possibly under /opt/shifter/udiRoot/default/kmod )
This is not necessary if autoLoadKernelModule is 0, and is required if it is 1.
Do not use.
Space seperated list of paths to be automatically bind-mounted into the container. This is typically used to make network filesystems accessible within the container, but could be used to allow certain other facilities, like /var/run or /var/spool/alps to be accessible within the image (depending on your needs).
Do not attempt to bind things under /usr or other common critical paths within containers.
It is OK to perform this under /var or /opt or a novel path that your site maintains (e.g., for NERSC, /global).
Space seperated list of environment variables to automatically set (or add, or replace) when a shifter container is setup.
Example:
siteEnv=SHIFTER_RUNTIME=1
This can be useful if network home directories are mounted into the container and you users want a way to prevent their localized dotfiles from running. (e.g., do not execute if SHIFTER_RUNTIME is set).
Space seperated list of environment variables to automatically append (or add) when a shifter container is setup. This only makes sense for colon seperated environment variables, .e.g, PATH.
Example:
siteEnvAppend=PATH=/opt/udiImage/bin
This can be used if your site patches in a path that you want to appear in the path. Recommend that all binaries are compatible with all containers, i.e., are statically linked, to ensure they work.
Space seperated list of environment variables to automatically prepend (or add) when a shifter container is setup. This only makes sense for colon seperated environment variables, e.g., PATH.
Example:
siteEnvPrepend=PATH=/opt/udiImage/bin
This can be used if your site patches in a path that you want to appear in the path. Recommend that all binaries are compatible with all containers, i.e., are statically linked, to ensure they work.
Space seperated URLs for your imagegw. Used by shifterimg and SLURM batch integration to communicate with the imagegw.
Used by batch integration code to pick useful settings. May be deprecated in the future as it is not necessary at this point.
Name of your system, e.g., edison or cori. This name must match a configured system in the imagegw. This is primarily used by shifterimg to self-identify which system it is representing.
Must be blank, e.g. put nodeContextPrefix= in your config file.
Recommended value: