Docker
Introduction
Containers are a way to package an environment along with an executable so that no additional installation or setup is required to run it on a different machine. Docker is a container solution that is designed for use on personal desktops and virtual machines. If you have previously used Docker, you can use Docker on ACES to help you make the transition to HPC.
The basic element of a container solution is an image. An image is a bundle of files that includes a self-contained environment with both installed executables and the system libraries they depend on. The container runtime mediates between the libraries in the image and the libraries on the host system. In the case of HPRC, the container runtime software options we support are Charliecloud and Singularity. They can both read many common container image file formats, including Docker. The Docker runtime is provided on ACES to help you make the transition to a supported HPC runtime.
This page describe how to fetch and run Docker containers on ACES.
Why use Containers
- Shareability: you can share your container image file with others by uploading it to a public repository, and download files shared by others.
- Portability: you can use image files made for any computer with the same architecture (x84-64).
- Reproducibility: cluster environments can change whenever the locally installed software gets updated. Container users are largely unaffected by this.
Why use Docker
- Community: DockerHub boasts the largest group of existing container users.
Docker Tutorial
The topics covered in this documentation are minimal. Visit Dockers's documentation for a more complete tutorial.
Docker at HPRC
Rootless Docker is installed on the ACES cluster.
Rootless mode allows running the Docker daemon and containers as a non-root user to mitigate potential vulnerabilities in the daemon and the container runtime. Rootless mode executes the Docker daemon and containers inside a user namespace.
Docker software
Docker is provided through our module system.
module load docker-user
The version may vary.
To start the daemon:
'dockerd-rootless-setuptool.sh install --skip-iptables'
To test it:
'docker run hello-world'
To stop the daemon:
'dockerd-rootless-setuptool.sh uninstall --skip-iptables'
Read this before using Docker commands on HPRC clusters
Docker is available on login nodes and compute nodes. It is recommended to perform Docker tasks for large images on a compute node because they may be too resource-intensive for login nodes.
- For resource-heavy activities, access a compute node using the VNC app from the Interactive Apps menu in the Portal.
- For resource-light activities, access a login node using the _cluster Shell access app from the Clusters menu in the Portal.
The Rootless Docker Daemon's configuration files are installed in your HOME directory, which is present on all nodes. However, a daemon that is started on one node may have undefined behavior if you try to interact with it on a different node. It is recommended to stop your daemon on each node when it is not in use, so that when you start the daemon again on the current node there is not a collision.
Getting a container image
Container images are found in both public and private repositories available on the internet.
Caution: dockerhub and many other container repos are public repositories; do not trust unverified sources!
Warning: downloading a large image file is resource-intensive and takes a long time.
Docker image pull
docker pull
can automatically download docker images from Docker Hub. Read more about docker repositories.
Some Docker commands such as Docker pull
require internet access. In order to access
the internet from compute nodes, use the Web Proxy module.
module load WebProxy