• The INDIGO-Datacloud udocker tool
• How does udocker work in general
• Running the Mastercode container on a batch system

Using Docker requires having the docker daemon running in your system, and containers need to be run with root privileges. While this requirement is trivial if you just want to use Mastercode locally on your Linux box, it is a a big problem if you want to use it infrastructures such as linux clusters, HPC systems, or the Grid.

The INDIGO-Datacloud udocker tool

(visit https://github.com/indigo-dc/udocker for full details)

The software udocker is a basic user tool to execute simple containers (created with docker) in user space without requiring root privileges. Enables basic download and execution of docker containers by non-privileged users in systems were docker is not available. It can be used to access and execute the content of docker containers in batch systems and interactive clusters that are managed by other entities such as grid infrastructures or externaly managed batch or interactive Linux systems.

The INDIGO udocker does not require any type of privileges nor the deployment of services by system administrators. It can be downloaded and executed entirely by the end user.

How does udocker work in general

udocker is a simple tool written in Python, it has a minimal set of dependencies so that can be executed in a wide range of Linux systems. udocker does not make use of docker nor requires its presence. Therefore it is appropriate for computing infrastructures in which docker is not running.

udocker "executes" the containers by simply providing a chroot like environment over the extracted container. The current implementation uses PRoot to mimic chroot without requiring privileges.

None of these steps is performed as root. When using udocker you can always type "udocker.py --help" for assistance. In general most of the options are analogous to docker options.

• Download the last version of udocker in:

https://github.com/indigo-dc/udocker

and uncompress it to a directory accesible in the head node of the cluster. The udocker executable you can find after decompressing in:

 ./udocker-master/udocker.py

Given a container created with docker, udocker is able to create an image on your filesystem of that container. That image resides in the regular user space, so, on your filesystem space.

We should thus make sure we have enough space in that filesystem (altogether will need at least 3GB). The first step is defining the directory where to install the container image.For example, this is a convenient way to define the location of the image of the container:

  export UDOCKER_DIR=/MY_LARGE_FILESYSTEM/userabc/.udocker

Notice that for convenience we use a directory starting with a "." so that the files of the container appear hidden to the regular "ls" command. You can however use any name you like.

Now one can simply proceed.

The first step is downloading the Mastercode-enabled docker container as before, from the INDIGO repository using udocker:

userabc@headnode:~/udocker-master$ ./udocker.py pull indigodatacloud/docker-mastercode
get imagerepo: indigodatacloud/docker-mastercode tag: latest
Downloading layer: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Downloading layer: sha256:236608c7b546e2f4e7223526c74fc71470ba06d46ec82aeb402e704bfdee02a2
....

• In the next step, we will create the local image of the container with udocker, the output is the hash name of the image:

userabc@headnode:~/udocker-master$ ./udocker.py create indigodatacloud/docker-mastercode

bb889c79-2872-37f3-adad-cd9e937dd6f0 

• We can check everything is where it should be:

  userabc@headnode:~/udocker-master$ ls -lrt $UDOCKER_DIR
  total 20
  drwxrwxr-x 3 isabel isabel 4096 Sep 30  2015 lib
  drwxrwxr-x 2 isabel isabel 4096 Sep 30  2015 bin
  drwxrwxr-x 3 isabel isabel 4096 May 15 17:14 repos
  drwxrwxr-x 2 isabel isabel 4096 May 15 17:16 layers
  drwxrwxr-x 3 isabel isabel 4096 May 15 17:18 containers

• We can also give the image a nicer, human-readable, name:

  userabc@headnode:~/udocker-master$./udocker.py name bb889c79-2872-37f3-adad-cd9e937dd6f0 mastercode

• Now we can test interactively how it Runs with the help of a script. Here follows an example of such script. Notice you need to tailor MASTERDIR and UDOCKER_DIR to whatever you choose before.

In this example script (let us call it interactive_mastercode.sh) the code is inside the directory /gpfs/csic_users/userabc/mastercode/mcpp-master.

  export MASTERDIR=/gpfs/csic_users/userabc/mastercode
  export UDOCKER_DIR=$MASTERDIR/.udocker

  $MASTERDIR/udocker-master/udocker.py run --hostauth \
  -v $MASTERDIR/mcpp-master \
  -v $MASTERDIR \
  --user=userabc \
  -w $MASTERDIR/mcpp-master \
   mastercode /bin/bash

This script can be executed directly on your shell. Notice the extra arguments --hostauth and --user=userabc. They are needed to enter in the udocker image as your own userid, userabc.

If you do not specify any userid, you enter in the image as a fake root. In any case from the udocker image you will be able to do only what a regular userid can do (eg. you will NOT be able to open ports below 1024, etc...).

userabc@headnode:~/$ ./interative_mastercode.sh

\****************************************************************************** 

              STARTING d52070c2-e296-39db-9a19-c2f39962fc4b                 

\****************************************************************************** 

 executing: sh
 d52070c2[mcpp-master]$ pwd
 /gpfs/csic_users/userabc/mastercode/mcpp-master

 d52070c2[mcpp-master]$ cat /etc/redhat-release 
 Fedora release 23 (Twenty Three)

 d52070c2[mcpp-master]$whoami
 userabc

You will end up in a shell of the Fedora23-enhanced linux container, as before, in which all the environment needed to run Mastercode is present. In particular you can already type "./configure & make clean & make" to compile Mastercode, and run a very simple example.

d52070c2[mcpp-master]$ ./configure & make 
(waitt for compilation to finish....)
./mc_point.py --run-mode mc-cmssm --predictors all --inputs 500 600 0 10 --print-mc-spectrum 

Running the Mastercode container on a batch system

The following method has been tested at CESGA (Santiago de Compostela, Spain) running an SGE batch queue system, and at IFCA (Santander, Spain) running SLURM. As you see below no particular dependence of the batch system is used.

In all the systems, we have downloaded Mastercode previously, and unzipped to a locally accesible directory in the headnode. In this example the code is in $HOME/mcpp-master.

In particular for the cluster running SGE, we created a batch submission script, test-mastercode.sh, looking like this:

  export MASTERDIR=/gpfs/csic_users/userabc/mastercode
  export UDOCKER_DIR=$MASTERDIR/.udocker

 ../udocker-master/udocker.py run --hostauth \
 -v /home/csic/cdi/ica/mcpp-master \
 -v /home/csic/cdi/ica \
 --user=userabc \
 -w /home/csic/cdi/ica/mcpp-master mastercode \
 '/bin/bash -c "pwd; ./udocker-mastercode.sh"'

Notice that the only difference with the interactive case is that besides /bin/bash, we execute another script. The script that actually runs is thus udocker-mastercode.sh, and it contains the usual executable procedure of Mastercode:

 userabc@headnode> cat udocker-mastercode.sh 
./mc_point.py --run-mode mc-cmssm --predictors all --inputs 500 600 0 10 --print-mc-spectrum > output.txt

• The script test_mastercode.sh can be submitted to your batch script as usual:

userabc@headnode> qsub test-mastercode.sh

Your job 4533480 ("test-mastercode.sh") has been submitted

• The result looks according to the test correct values:

[cscdiica@compute-6-23 mcpp-master]$ more output.txt 
 BLOCK SPINFO
 1   SOFTSUSY
 2   3.3.10
 BLOCK MODSEL
     1                  1   # Model
 BLOCK SMINPUTS
     1     1.27940000E+02   # invAlfaMZ
     2     1.16637000E-05   # GF
     3     1.18500000E-01   # AlfasMZ
     4     9.11876000E+01   # MZ
     5     4.18000000E+00   # Mb
     6     1.73340000E+02   # Mt
     7     1.77700000E+00   # Mtau
     BLOCK MINPAR
     .....