From b73689df48653ffffb04821e573992e3562cebe5 Mon Sep 17 00:00:00 2001 From: Bob Date: Fri, 28 Aug 2020 18:28:15 +0200 Subject: [PATCH 01/13] example for using fuse-overlayfs in singularity --- singularity_cvmfs_overlay/README | 14 ++++++++++++++ singularity_cvmfs_overlay/fuse-overlay.def | 22 ++++++++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 singularity_cvmfs_overlay/README create mode 100644 singularity_cvmfs_overlay/fuse-overlay.def diff --git a/singularity_cvmfs_overlay/README b/singularity_cvmfs_overlay/README new file mode 100644 index 00000000..b161caf9 --- /dev/null +++ b/singularity_cvmfs_overlay/README @@ -0,0 +1,14 @@ +On the host: +``` +sudo singularity build --sandbox fuse-overlay fuse-overlay.def +singularity shell -S /var/run/cvmfs -B /tmp/cvmfs_cache:/var/lib/cvmfs --fusemount "container:cvmfs2 cvmfs-config.eessi-hpc.org /cvmfs_ro/cvmfs-config.eessi-hpc.org" --fusemount "container:cvmfs2 pilot.eessi-hpc.org /cvmfs_ro/pilot.eessi-hpc.org" -f fuse-overlay/ +# Make some directory which is shared with the container (/tmp is mounted automatically) +mkdir -p /tmp/overlay/{upper,work} +``` + +Inside the container: +``` +fuse-overlayfs -o lowerdir=/cvmfs_ro/pilot.eessi-hpc.org -o upperdir=/tmp/overlay/upper -o workdir=/tmp/overlay/work /cvmfs/pilot.eessi-hpc.org +``` + +Now you should be able to make files in `/cvmfs/pilot.eessi-hpc.org`, and they will appear in the `upper` directory. diff --git a/singularity_cvmfs_overlay/fuse-overlay.def b/singularity_cvmfs_overlay/fuse-overlay.def new file mode 100644 index 00000000..e3d9df31 --- /dev/null +++ b/singularity_cvmfs_overlay/fuse-overlay.def @@ -0,0 +1,22 @@ +BootStrap: docker +From: centos:7 + +%post + yum update -y + yum install -y epel-release + yum install -y http://cvmrepo.web.cern.ch/cvmrepo/yum/cvmfs-release-latest.noarch.rpm + yum install -y cvmfs cvmfs-config-default cvmfs-fuse3 + yum install -y /root/cvmfs-config-eessi-0.1-1.noarch.rpm + yum install -y fuse-overlayfs + + cat << EOF > /etc/cvmfs/default.local +CVMFS_QUOTA_LIMIT=10000 +CVMFS_HTTP_PROXY="DIRECT" +EOF + mkdir -p /cvmfs/pilot.eessi-hpc.org + +%environment + export LC_ALL=C + +%files + cvmfs-config-eessi-0.1-1.noarch.rpm /root From 7e2bbc474efdc8379e2154b13b54cf6e0876d7fd Mon Sep 17 00:00:00 2001 From: Bob Date: Fri, 28 Aug 2020 18:29:11 +0200 Subject: [PATCH 02/13] rename README --- singularity_cvmfs_overlay/{README => README.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename singularity_cvmfs_overlay/{README => README.md} (100%) diff --git a/singularity_cvmfs_overlay/README b/singularity_cvmfs_overlay/README.md similarity index 100% rename from singularity_cvmfs_overlay/README rename to singularity_cvmfs_overlay/README.md From 5c4199a1ea97610a8427ef115fff546c46786609 Mon Sep 17 00:00:00 2001 From: Bob Date: Fri, 28 Aug 2020 18:32:45 +0200 Subject: [PATCH 03/13] add more attempts --- singularity_cvmfs_overlay/README.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/singularity_cvmfs_overlay/README.md b/singularity_cvmfs_overlay/README.md index b161caf9..718695ac 100644 --- a/singularity_cvmfs_overlay/README.md +++ b/singularity_cvmfs_overlay/README.md @@ -1,9 +1,9 @@ On the host: ``` sudo singularity build --sandbox fuse-overlay fuse-overlay.def -singularity shell -S /var/run/cvmfs -B /tmp/cvmfs_cache:/var/lib/cvmfs --fusemount "container:cvmfs2 cvmfs-config.eessi-hpc.org /cvmfs_ro/cvmfs-config.eessi-hpc.org" --fusemount "container:cvmfs2 pilot.eessi-hpc.org /cvmfs_ro/pilot.eessi-hpc.org" -f fuse-overlay/ # Make some directory which is shared with the container (/tmp is mounted automatically) mkdir -p /tmp/overlay/{upper,work} +singularity shell -S /var/run/cvmfs -B /tmp/cvmfs_cache:/var/lib/cvmfs --fusemount "container:cvmfs2 cvmfs-config.eessi-hpc.org /cvmfs_ro/cvmfs-config.eessi-hpc.org" --fusemount "container:cvmfs2 pilot.eessi-hpc.org /cvmfs_ro/pilot.eessi-hpc.org" -f fuse-overlay/ ``` Inside the container: @@ -12,3 +12,9 @@ fuse-overlayfs -o lowerdir=/cvmfs_ro/pilot.eessi-hpc.org -o upperdir=/tmp/overla ``` Now you should be able to make files in `/cvmfs/pilot.eessi-hpc.org`, and they will appear in the `upper` directory. + + +The following would be even nicer, but it gives weird `Operation not permitted` errors, for instance when you do `cd /cvmfs/pilot.eessi-hpc.org/`: +``` +singularity shell -S /var/run/cvmfs -B /tmp/cvmfs_cache:/var/lib/cvmfs --fusemount "container:cvmfs2 cvmfs-config.eessi-hpc.org /cvmfs_ro/cvmfs-config.eessi-hpc.org" --fusemount "container:cvmfs2 pilot.eessi-hpc.org /cvmfs_ro/pilot.eessi-hpc.org" --fusemount "container:fuse-overlayfs -o lowerdir=/cvmfs_ro/pilot.eessi-hpc.org -o upperdir=/tmp/overlay/upper -o workdir=/tmp/overlay/work /cvmfs/pilot.eessi-hpc.org" -f fuse-overlay/ +``` From 41b5c284c044673f057239ca91ec581df6c452e5 Mon Sep 17 00:00:00 2001 From: Bob Date: Fri, 28 Aug 2020 18:34:18 +0200 Subject: [PATCH 04/13] fixes --- singularity_cvmfs_overlay/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/singularity_cvmfs_overlay/README.md b/singularity_cvmfs_overlay/README.md index 718695ac..7dccb737 100644 --- a/singularity_cvmfs_overlay/README.md +++ b/singularity_cvmfs_overlay/README.md @@ -14,7 +14,7 @@ fuse-overlayfs -o lowerdir=/cvmfs_ro/pilot.eessi-hpc.org -o upperdir=/tmp/overla Now you should be able to make files in `/cvmfs/pilot.eessi-hpc.org`, and they will appear in the `upper` directory. -The following would be even nicer, but it gives weird `Operation not permitted` errors, for instance when you do `cd /cvmfs/pilot.eessi-hpc.org/`: +The following would be even nicer (it automatically mounts the overlay, and doesn't need fakeroot stuff), but it gives weird `Operation not permitted` errors, for instance when you do `cd /cvmfs/pilot.eessi-hpc.org/`: ``` -singularity shell -S /var/run/cvmfs -B /tmp/cvmfs_cache:/var/lib/cvmfs --fusemount "container:cvmfs2 cvmfs-config.eessi-hpc.org /cvmfs_ro/cvmfs-config.eessi-hpc.org" --fusemount "container:cvmfs2 pilot.eessi-hpc.org /cvmfs_ro/pilot.eessi-hpc.org" --fusemount "container:fuse-overlayfs -o lowerdir=/cvmfs_ro/pilot.eessi-hpc.org -o upperdir=/tmp/overlay/upper -o workdir=/tmp/overlay/work /cvmfs/pilot.eessi-hpc.org" -f fuse-overlay/ +singularity shell -S /var/run/cvmfs -B /tmp/cvmfs_cache:/var/lib/cvmfs --fusemount "container:cvmfs2 cvmfs-config.eessi-hpc.org /cvmfs_ro/cvmfs-config.eessi-hpc.org" --fusemount "container:cvmfs2 pilot.eessi-hpc.org /cvmfs_ro/pilot.eessi-hpc.org" --fusemount "container:fuse-overlayfs -o lowerdir=/cvmfs_ro/pilot.eessi-hpc.org -o upperdir=/tmp/overlay/upper -o workdir=/tmp/overlay/work /cvmfs/pilot.eessi-hpc.org" fuse-overlay/ ``` From 8efc316a430c92e032ef826ccfc3684b0a4acc8e Mon Sep 17 00:00:00 2001 From: Kenneth Hoste Date: Sat, 29 Aug 2020 15:52:19 +0200 Subject: [PATCH 05/13] config repo *must* be mounted at /cvmfs/cvmfs-config.eessi-hpc.org, because of /cvmfs/ path specified in etc/cvmfs/domain.d/eessi-hpc.org.conf (CVMFS_KEYS_DIR) --- singularity_cvmfs_overlay/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/singularity_cvmfs_overlay/README.md b/singularity_cvmfs_overlay/README.md index 7dccb737..797a25bc 100644 --- a/singularity_cvmfs_overlay/README.md +++ b/singularity_cvmfs_overlay/README.md @@ -3,7 +3,7 @@ On the host: sudo singularity build --sandbox fuse-overlay fuse-overlay.def # Make some directory which is shared with the container (/tmp is mounted automatically) mkdir -p /tmp/overlay/{upper,work} -singularity shell -S /var/run/cvmfs -B /tmp/cvmfs_cache:/var/lib/cvmfs --fusemount "container:cvmfs2 cvmfs-config.eessi-hpc.org /cvmfs_ro/cvmfs-config.eessi-hpc.org" --fusemount "container:cvmfs2 pilot.eessi-hpc.org /cvmfs_ro/pilot.eessi-hpc.org" -f fuse-overlay/ +singularity shell -S /var/run/cvmfs -B /tmp/cvmfs_cache:/var/lib/cvmfs --fusemount "container:cvmfs2 cvmfs-config.eessi-hpc.org /cvmfs/cvmfs-config.eessi-hpc.org" --fusemount "container:cvmfs2 pilot.eessi-hpc.org /cvmfs_ro/pilot.eessi-hpc.org" -f fuse-overlay/ ``` Inside the container: @@ -16,5 +16,5 @@ Now you should be able to make files in `/cvmfs/pilot.eessi-hpc.org`, and they w The following would be even nicer (it automatically mounts the overlay, and doesn't need fakeroot stuff), but it gives weird `Operation not permitted` errors, for instance when you do `cd /cvmfs/pilot.eessi-hpc.org/`: ``` -singularity shell -S /var/run/cvmfs -B /tmp/cvmfs_cache:/var/lib/cvmfs --fusemount "container:cvmfs2 cvmfs-config.eessi-hpc.org /cvmfs_ro/cvmfs-config.eessi-hpc.org" --fusemount "container:cvmfs2 pilot.eessi-hpc.org /cvmfs_ro/pilot.eessi-hpc.org" --fusemount "container:fuse-overlayfs -o lowerdir=/cvmfs_ro/pilot.eessi-hpc.org -o upperdir=/tmp/overlay/upper -o workdir=/tmp/overlay/work /cvmfs/pilot.eessi-hpc.org" fuse-overlay/ +singularity shell -S /var/run/cvmfs -B /tmp/cvmfs_cache:/var/lib/cvmfs --fusemount "container:cvmfs2 cvmfs-config.eessi-hpc.org /cvmfs/cvmfs-config.eessi-hpc.org" --fusemount "container:cvmfs2 pilot.eessi-hpc.org /cvmfs_ro/pilot.eessi-hpc.org" --fusemount "container:fuse-overlayfs -o lowerdir=/cvmfs_ro/pilot.eessi-hpc.org -o upperdir=/tmp/overlay/upper -o workdir=/tmp/overlay/work /cvmfs/pilot.eessi-hpc.org" fuse-overlay/ ``` From 7906eec959c6cd3ad89dd191b87300db1fb3bd1e Mon Sep 17 00:00:00 2001 From: Bob Date: Tue, 1 Sep 2020 16:18:37 +0200 Subject: [PATCH 06/13] Ignore sif files --- singularity_cvmfs_overlay/.gitignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 singularity_cvmfs_overlay/.gitignore diff --git a/singularity_cvmfs_overlay/.gitignore b/singularity_cvmfs_overlay/.gitignore new file mode 100644 index 00000000..6e91d7ef --- /dev/null +++ b/singularity_cvmfs_overlay/.gitignore @@ -0,0 +1 @@ +*.sif From 468f4a3eb5dbb213175ae2073a1f29579aa9ee8f Mon Sep 17 00:00:00 2001 From: Bob Date: Tue, 1 Sep 2020 16:18:52 +0200 Subject: [PATCH 07/13] Add CVMFS config deb package --- .../cvmfs-config-eessi-0.1-all.deb | Bin 0 -> 1416 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 singularity_cvmfs_overlay/cvmfs-config-eessi-0.1-all.deb diff --git a/singularity_cvmfs_overlay/cvmfs-config-eessi-0.1-all.deb b/singularity_cvmfs_overlay/cvmfs-config-eessi-0.1-all.deb new file mode 100644 index 0000000000000000000000000000000000000000..02430337fbce8ac5e5cd295454dad12d635549a9 GIT binary patch literal 1416 zcmY$iNi0gvu;WTeP0CEn(@o0EODw8XP*5;5wKO&~GdDFeQ&2Df@?oT*fq|KciGl(U zK|unSk)8opa(-S(QGSkINn(*+MHONF#vnt$Ac5=yl%1z?9m0n*eC!#Y$M3P6c zrk3%I)ahBTRsDX;uSlP=gzs$U4(a)P|^J4j1-=25l@c+N= z))V);TONJ7AJpI18twH#yV}EO#*+w-`>E>hv(xOXXKsGlXpsHCCv>~o&ZnhoOEcK6 zFh{tFc63=;9+|gFwEg}0FSYqD^+$8J&uf}xQ9Q>%>D#r-DQwOsHJzJF|3guNDCk%sqf!z}65$a73~NGhYGDD1X$1xJI9bnz9480bZVCe9 zgjpR=oMdG1Ouj4iS?&12&5J`5Rh91O*4^S*6D8PUF>j*^`v=v44pFy<)7BU7TT|FR z<>9i77k9$e>j(X=TIDCz#=`JFI3z>YYtghT1rK9u?v+Kad-UV;mklf3-IrY3by#Dn z{w=S}vhXa+MQ#eBVTx||7f*TV;c8oSVR0sFi}O~e$X!2{t2wAfS+6=4%`M`gc;wU1 ziw}~rvs~TQzVe*$ZC#pnU{NLKlXqNJYuZj+dKzG77CT|*w}X<;-yQDXpH>|rAiYgd zWa2Tu>ih!H*kiRhhA}_u?lx?A#qnUqfqPB=#Gjr@_|dq{??#&w^OV50H%Gw-g`w!vAx8DB2ESgXa#xcnz;;S`48W6R&f9JyU7Kk>ipmkl2enExoB znw7csfuVr-yR`1USw&y;_*^%&X(pL6xbQxYojzv|Ys8LOS*7NYjb-2EN(Jg-9nDf3 zXEz((l@7YKn_E>-y7Oa`cnVx?^uD45J{o2fzdA09vZOX{B`z&R)NpZuumH?*88GHgI9aElV&0_pD zWuAvcb%#i>c%R&%Lit}D3x8YbB)gvPHse25@c;hvhR|o}P7(I=k^-AzrPkOToj0#T zPouPZ=D(uF>n3krI`Pev{*5>DX1OstY`!0K{KBbj)A(z4`_nC3{=As|rC!0DM>e_T zyuYyc8o{E)jX%GY?tkh~k`P|w7`1!f6V{|O16jk*KV4Rf9L;o;4m;1&6>9m!>1^mC zkCT&L_I=b7HdQJP-lUKdo!6JbdT`$qc^==(d(y9cKVzN~_{L9KT**m%B5U=rYc+xE zk8!o0IsL3DV(xPp4X^dj{^zzurQN*L`LX`A@&x(rIfm1CYz6EOPh^Onk#EUWHcwtK z(7$8qi8ZgD^Y84K>z8?pUJraqe~ZCT>#JuR8qCdaay~@Fx2|y9LS_7! Date: Tue, 1 Sep 2020 16:19:11 +0200 Subject: [PATCH 08/13] Modified instructions and def file, better method --- singularity_cvmfs_overlay/README.md | 28 ++++++++++++++-------- singularity_cvmfs_overlay/fuse-overlay.def | 22 ++++++++++------- 2 files changed, 31 insertions(+), 19 deletions(-) diff --git a/singularity_cvmfs_overlay/README.md b/singularity_cvmfs_overlay/README.md index 797a25bc..f1e93d09 100644 --- a/singularity_cvmfs_overlay/README.md +++ b/singularity_cvmfs_overlay/README.md @@ -1,20 +1,28 @@ On the host: ``` -sudo singularity build --sandbox fuse-overlay fuse-overlay.def -# Make some directory which is shared with the container (/tmp is mounted automatically) +# Build the container +sudo singularity build fuse-overlay.sif fuse-overlay.def +# Make `upper` and `work` directories for the overlay; they should be shared with the container (/tmp is mounted automatically) mkdir -p /tmp/overlay/{upper,work} -singularity shell -S /var/run/cvmfs -B /tmp/cvmfs_cache:/var/lib/cvmfs --fusemount "container:cvmfs2 cvmfs-config.eessi-hpc.org /cvmfs/cvmfs-config.eessi-hpc.org" --fusemount "container:cvmfs2 pilot.eessi-hpc.org /cvmfs_ro/pilot.eessi-hpc.org" -f fuse-overlay/ -``` - -Inside the container: -``` -fuse-overlayfs -o lowerdir=/cvmfs_ro/pilot.eessi-hpc.org -o upperdir=/tmp/overlay/upper -o workdir=/tmp/overlay/work /cvmfs/pilot.eessi-hpc.org +singularity shell -S /var/run/cvmfs -B /tmp/cvmfs_cache:/var/lib/cvmfs --fusemount "container:cvmfs2 cvmfs-config.eessi-hpc.org /cvmfs/cvmfs-config.eessi-hpc.org" --fusemount "container:cvmfs2 pilot.eessi-hpc.org /cvmfs_ro/pilot.eessi-hpc.org" --fusemount "container:fuse-overlayfs -o lowerdir=/cvmfs_ro/pilot.eessi-hpc.org -o upperdir=/tmp/overlay/upper -o workdir=/tmp/overlay/work /cvmfs/pilot.eessi-hpc.org" ./fuse-overlay.sif ``` Now you should be able to make files in `/cvmfs/pilot.eessi-hpc.org`, and they will appear in the `upper` directory. +Note that it currently only seems to work with old versions of fuse-overlayfs (up to 0.4.1). + + +## Alternative approach +The following method works with newer versions of fuse-overlayfs as well, but does require the -f (fakeroot) option for Singularity. +For this to work you need user namespaces on the host machine. -The following would be even nicer (it automatically mounts the overlay, and doesn't need fakeroot stuff), but it gives weird `Operation not permitted` errors, for instance when you do `cd /cvmfs/pilot.eessi-hpc.org/`: +On the host: +``` +sudo singularity build --sandbox fuse-overlay fuse-overlay.def +singularity shell -S /var/run/cvmfs -B /tmp/cvmfs_cache:/var/lib/cvmfs --fusemount "container:cvmfs2 cvmfs-config.eessi-hpc.org /cvmfs/cvmfs-config.eessi-hpc.org" --fusemount "container:cvmfs2 pilot.eessi-hpc.org /cvmfs_ro/pilot.eessi-hpc.org" -f fuse-overlay/ + +``` +Inside the container: ``` -singularity shell -S /var/run/cvmfs -B /tmp/cvmfs_cache:/var/lib/cvmfs --fusemount "container:cvmfs2 cvmfs-config.eessi-hpc.org /cvmfs/cvmfs-config.eessi-hpc.org" --fusemount "container:cvmfs2 pilot.eessi-hpc.org /cvmfs_ro/pilot.eessi-hpc.org" --fusemount "container:fuse-overlayfs -o lowerdir=/cvmfs_ro/pilot.eessi-hpc.org -o upperdir=/tmp/overlay/upper -o workdir=/tmp/overlay/work /cvmfs/pilot.eessi-hpc.org" fuse-overlay/ +fuse-overlayfs -o lowerdir=/cvmfs_ro/pilot.eessi-hpc.org -o upperdir=/tmp/overlay/upper -o workdir=/tmp/overlay/work /cvmfs/pilot.eessi-hpc.org ``` diff --git a/singularity_cvmfs_overlay/fuse-overlay.def b/singularity_cvmfs_overlay/fuse-overlay.def index e3d9df31..7e69bc2d 100644 --- a/singularity_cvmfs_overlay/fuse-overlay.def +++ b/singularity_cvmfs_overlay/fuse-overlay.def @@ -1,22 +1,26 @@ BootStrap: docker -From: centos:7 +From: debian:10 %post - yum update -y - yum install -y epel-release - yum install -y http://cvmrepo.web.cern.ch/cvmrepo/yum/cvmfs-release-latest.noarch.rpm - yum install -y cvmfs cvmfs-config-default cvmfs-fuse3 - yum install -y /root/cvmfs-config-eessi-0.1-1.noarch.rpm - yum install -y fuse-overlayfs + apt-get update -y + apt-get install -y wget + apt-get install -y lsb-release + wget https://ecsft.cern.ch/dist/cvmfs/cvmfs-release/cvmfs-release-latest_all.deb + dpkg -i cvmfs-release-latest_all.deb + rm -f cvmfs-release-latest_all.deb + apt-get update -y + apt-get install -y cvmfs cvmfs-config-default cvmfs-fuse3 + dpkg -i /root/cvmfs-config-eessi-0.1-all.deb + apt-get install -y fuse-overlayfs cat << EOF > /etc/cvmfs/default.local CVMFS_QUOTA_LIMIT=10000 CVMFS_HTTP_PROXY="DIRECT" EOF - mkdir -p /cvmfs/pilot.eessi-hpc.org +# mkdir -p /cvmfs/pilot.eessi-hpc.org %environment export LC_ALL=C %files - cvmfs-config-eessi-0.1-1.noarch.rpm /root + cvmfs-config-eessi-0.1-all.deb /root From e1d611d2ee8bf4014cfa8ab14e8204ed76411cee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bob=20Dr=C3=B6ge?= Date: Thu, 10 Sep 2020 12:03:53 +0200 Subject: [PATCH 09/13] CVMFS Squid proxy as Singularity container --- containers/EESSI-squid-proxy.def | 49 ++++++++++++++++++++++++++++++++ containers/README.md | 30 +++++++++++++++++++ 2 files changed, 79 insertions(+) create mode 100644 containers/EESSI-squid-proxy.def create mode 100644 containers/README.md diff --git a/containers/EESSI-squid-proxy.def b/containers/EESSI-squid-proxy.def new file mode 100644 index 00000000..7d02f16a --- /dev/null +++ b/containers/EESSI-squid-proxy.def @@ -0,0 +1,49 @@ +BootStrap: docker +From: centos:7 + +%post + yum update -y + yum install -y squid which + +%environment + export LC_ALL=C + +%runscript + if [[ ${1:0:1} = '-' ]]; then + EXTRA_ARGS="$@" + set -- + elif [[ ${1} == squid || ${1} == $(which squid) ]]; then + EXTRA_ARGS="${@:2}" + set -- + fi + + if [[ -z ${1} ]]; then + if [[ ! -d /var/spool/squid/00 ]]; then + echo "Initializing cache..." + $(which squid) -N -f /etc/squid/squid.conf -z + fi + echo "Starting squid..." + exec $(which squid) -f /etc/squid/squid.conf -NYCd 1 ${EXTRA_ARGS} + else + exec "$@" + fi + +%startscript + if [[ ${1:0:1} = '-' ]]; then + EXTRA_ARGS="$@" + set -- + elif [[ ${1} == squid || ${1} == $(which squid) ]]; then + EXTRA_ARGS="${@:2}" + set -- + fi + + if [[ -z ${1} ]]; then + if [[ ! -d /var/spool/squid/00 ]]; then + echo "Initializing cache..." + $(which squid) -N -f /etc/squid/squid.conf -z + fi + echo "Starting squid..." + exec $(which squid) -f /etc/squid/squid.conf -NYCd 1 ${EXTRA_ARGS} + else + exec "$@" + fi diff --git a/containers/README.md b/containers/README.md new file mode 100644 index 00000000..6e1b1804 --- /dev/null +++ b/containers/README.md @@ -0,0 +1,30 @@ +## Squid proxy Singularity container + +Build the container using: +``` +sudo singularity build EESSI-squid-proxy.sif EESSI-squid-proxy.def +``` + +Make some directories on the host for storing the cache, logs, and PID file: +``` +cd /somewhere +mkdir logs cache run +``` + +Prepare a Squid configuration file, for instance based on our template: +https://github.com/EESSI/filesystem-layer/blob/master/templates/eessi_localproxy_squid.conf.j2 + +Run the container interactively: +``` +singularity run -B ./log:/var/log/squid -B ./cache:/var/spool/squid -B run:/var/run -B eessi_localproxy_squid.conf:/etc/squid/squid.conf EESSI-squid-proxy.sif +``` + +Or start it as an instance: +``` +singularity instance start -B ./log:/var/log/squid -B ./cache:/var/spool/squid -B run:/var/run -B eessi_localproxy_squid.conf:/etc/squid/squid.conf EESSI-squid-proxy.sif cvmfs_proxy +``` + +The last argument defines the name for this instance, which can be used to connect a shell (`singularity shell instance://cvmfs_proxy`) or stop the instance: +``` +singularity instance stop cvmfs_proxy +``` From ebc40900ff16b654ad63dc66062b5daec0769cd6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bob=20Dr=C3=B6ge?= Date: Thu, 10 Sep 2020 12:20:04 +0200 Subject: [PATCH 10/13] Update README.md --- containers/README.md | 33 +++++++++++++++++++++++---------- 1 file changed, 23 insertions(+), 10 deletions(-) diff --git a/containers/README.md b/containers/README.md index 6e1b1804..f096f397 100644 --- a/containers/README.md +++ b/containers/README.md @@ -1,25 +1,33 @@ -## Squid proxy Singularity container +# Containers +This directory contains several Dockerfiles and Singularity definition files for different components, +e.g. CVMFS clients and Squid proxies. -Build the container using: +## EESSI-squid-proxy.def: Singularity definition file for Squid proxy + +This definition file allows you to build a Singularity container that can be used for running a Squid proxy. + +### Build +You can build the container using: ``` sudo singularity build EESSI-squid-proxy.sif EESSI-squid-proxy.def ``` - +### Configure Make some directories on the host for storing the cache, logs, and PID file: ``` -cd /somewhere -mkdir logs cache run +mkdir -p /tmp/$USER/{var-log-squid,var-run,var-spool-squid,home} ``` -Prepare a Squid configuration file, for instance based on our template: -https://github.com/EESSI/filesystem-layer/blob/master/templates/eessi_localproxy_squid.conf.j2 +Prepare a Squid configuration file, for instance based on our [Ansible template file](https://github.com/EESSI/filesystem-layer/blob/master/templates/eessi_localproxy_squid.conf.j2). Make sure that the ACLs and port number are configured correctly. -Run the container interactively: +Set the following environment variables to the correct local directories and configuration file: ``` -singularity run -B ./log:/var/log/squid -B ./cache:/var/spool/squid -B run:/var/run -B eessi_localproxy_squid.conf:/etc/squid/squid.conf EESSI-squid-proxy.sif +export SINGULARITY_BIND="eessi_localproxy_squid.conf:/etc/squid/squid.conf,/tmp/$USER/var-run:/var/run,/tmp/$USER/var-log-squid:/var/log/squid,/tmp/$USER/var-spool-squid:/var/spool/squid" +export SINGULARITY_HOME="/tmp/$USER/home:/home/$USER" ``` -Or start it as an instance: +### Run + +Now start the container as a Singularity instance (which will run it like a service in the background): ``` singularity instance start -B ./log:/var/log/squid -B ./cache:/var/spool/squid -B run:/var/run -B eessi_localproxy_squid.conf:/etc/squid/squid.conf EESSI-squid-proxy.sif cvmfs_proxy ``` @@ -28,3 +36,8 @@ The last argument defines the name for this instance, which can be used to conne ``` singularity instance stop cvmfs_proxy ``` + +If you want to interactively start the proxy, you can still do this using: +``` +singularity run EESSI-squid-proxy.sif +``` From b1456626dbb199dd7ef2f896e809767e7a7bde8f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bob=20Dr=C3=B6ge?= Date: Thu, 10 Sep 2020 12:20:42 +0200 Subject: [PATCH 11/13] Update README.md --- containers/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/README.md b/containers/README.md index f096f397..046b333d 100644 --- a/containers/README.md +++ b/containers/README.md @@ -29,7 +29,7 @@ export SINGULARITY_HOME="/tmp/$USER/home:/home/$USER" Now start the container as a Singularity instance (which will run it like a service in the background): ``` -singularity instance start -B ./log:/var/log/squid -B ./cache:/var/spool/squid -B run:/var/run -B eessi_localproxy_squid.conf:/etc/squid/squid.conf EESSI-squid-proxy.sif cvmfs_proxy +singularity instance start EESSI-squid-proxy.sif cvmfs_proxy ``` The last argument defines the name for this instance, which can be used to connect a shell (`singularity shell instance://cvmfs_proxy`) or stop the instance: From d1507555aabe7edd61575e18859145b35b2fd1b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bob=20Dr=C3=B6ge?= Date: Thu, 10 Sep 2020 12:23:02 +0200 Subject: [PATCH 12/13] Remove stuff that shouldn't be here... --- singularity_cvmfs_overlay/.gitignore | 1 - singularity_cvmfs_overlay/README.md | 28 ------------------ .../cvmfs-config-eessi-0.1-all.deb | Bin 1416 -> 0 bytes singularity_cvmfs_overlay/fuse-overlay.def | 26 ---------------- 4 files changed, 55 deletions(-) delete mode 100644 singularity_cvmfs_overlay/.gitignore delete mode 100644 singularity_cvmfs_overlay/README.md delete mode 100644 singularity_cvmfs_overlay/cvmfs-config-eessi-0.1-all.deb delete mode 100644 singularity_cvmfs_overlay/fuse-overlay.def diff --git a/singularity_cvmfs_overlay/.gitignore b/singularity_cvmfs_overlay/.gitignore deleted file mode 100644 index 6e91d7ef..00000000 --- a/singularity_cvmfs_overlay/.gitignore +++ /dev/null @@ -1 +0,0 @@ -*.sif diff --git a/singularity_cvmfs_overlay/README.md b/singularity_cvmfs_overlay/README.md deleted file mode 100644 index f1e93d09..00000000 --- a/singularity_cvmfs_overlay/README.md +++ /dev/null @@ -1,28 +0,0 @@ -On the host: -``` -# Build the container -sudo singularity build fuse-overlay.sif fuse-overlay.def -# Make `upper` and `work` directories for the overlay; they should be shared with the container (/tmp is mounted automatically) -mkdir -p /tmp/overlay/{upper,work} -singularity shell -S /var/run/cvmfs -B /tmp/cvmfs_cache:/var/lib/cvmfs --fusemount "container:cvmfs2 cvmfs-config.eessi-hpc.org /cvmfs/cvmfs-config.eessi-hpc.org" --fusemount "container:cvmfs2 pilot.eessi-hpc.org /cvmfs_ro/pilot.eessi-hpc.org" --fusemount "container:fuse-overlayfs -o lowerdir=/cvmfs_ro/pilot.eessi-hpc.org -o upperdir=/tmp/overlay/upper -o workdir=/tmp/overlay/work /cvmfs/pilot.eessi-hpc.org" ./fuse-overlay.sif -``` - -Now you should be able to make files in `/cvmfs/pilot.eessi-hpc.org`, and they will appear in the `upper` directory. -Note that it currently only seems to work with old versions of fuse-overlayfs (up to 0.4.1). - - -## Alternative approach - -The following method works with newer versions of fuse-overlayfs as well, but does require the -f (fakeroot) option for Singularity. -For this to work you need user namespaces on the host machine. - -On the host: -``` -sudo singularity build --sandbox fuse-overlay fuse-overlay.def -singularity shell -S /var/run/cvmfs -B /tmp/cvmfs_cache:/var/lib/cvmfs --fusemount "container:cvmfs2 cvmfs-config.eessi-hpc.org /cvmfs/cvmfs-config.eessi-hpc.org" --fusemount "container:cvmfs2 pilot.eessi-hpc.org /cvmfs_ro/pilot.eessi-hpc.org" -f fuse-overlay/ - -``` -Inside the container: -``` -fuse-overlayfs -o lowerdir=/cvmfs_ro/pilot.eessi-hpc.org -o upperdir=/tmp/overlay/upper -o workdir=/tmp/overlay/work /cvmfs/pilot.eessi-hpc.org -``` diff --git a/singularity_cvmfs_overlay/cvmfs-config-eessi-0.1-all.deb b/singularity_cvmfs_overlay/cvmfs-config-eessi-0.1-all.deb deleted file mode 100644 index 02430337fbce8ac5e5cd295454dad12d635549a9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1416 zcmY$iNi0gvu;WTeP0CEn(@o0EODw8XP*5;5wKO&~GdDFeQ&2Df@?oT*fq|KciGl(U zK|unSk)8opa(-S(QGSkINn(*+MHONF#vnt$Ac5=yl%1z?9m0n*eC!#Y$M3P6c zrk3%I)ahBTRsDX;uSlP=gzs$U4(a)P|^J4j1-=25l@c+N= z))V);TONJ7AJpI18twH#yV}EO#*+w-`>E>hv(xOXXKsGlXpsHCCv>~o&ZnhoOEcK6 zFh{tFc63=;9+|gFwEg}0FSYqD^+$8J&uf}xQ9Q>%>D#r-DQwOsHJzJF|3guNDCk%sqf!z}65$a73~NGhYGDD1X$1xJI9bnz9480bZVCe9 zgjpR=oMdG1Ouj4iS?&12&5J`5Rh91O*4^S*6D8PUF>j*^`v=v44pFy<)7BU7TT|FR z<>9i77k9$e>j(X=TIDCz#=`JFI3z>YYtghT1rK9u?v+Kad-UV;mklf3-IrY3by#Dn z{w=S}vhXa+MQ#eBVTx||7f*TV;c8oSVR0sFi}O~e$X!2{t2wAfS+6=4%`M`gc;wU1 ziw}~rvs~TQzVe*$ZC#pnU{NLKlXqNJYuZj+dKzG77CT|*w}X<;-yQDXpH>|rAiYgd zWa2Tu>ih!H*kiRhhA}_u?lx?A#qnUqfqPB=#Gjr@_|dq{??#&w^OV50H%Gw-g`w!vAx8DB2ESgXa#xcnz;;S`48W6R&f9JyU7Kk>ipmkl2enExoB znw7csfuVr-yR`1USw&y;_*^%&X(pL6xbQxYojzv|Ys8LOS*7NYjb-2EN(Jg-9nDf3 zXEz((l@7YKn_E>-y7Oa`cnVx?^uD45J{o2fzdA09vZOX{B`z&R)NpZuumH?*88GHgI9aElV&0_pD zWuAvcb%#i>c%R&%Lit}D3x8YbB)gvPHse25@c;hvhR|o}P7(I=k^-AzrPkOToj0#T zPouPZ=D(uF>n3krI`Pev{*5>DX1OstY`!0K{KBbj)A(z4`_nC3{=As|rC!0DM>e_T zyuYyc8o{E)jX%GY?tkh~k`P|w7`1!f6V{|O16jk*KV4Rf9L;o;4m;1&6>9m!>1^mC zkCT&L_I=b7HdQJP-lUKdo!6JbdT`$qc^==(d(y9cKVzN~_{L9KT**m%B5U=rYc+xE zk8!o0IsL3DV(xPp4X^dj{^zzurQN*L`LX`A@&x(rIfm1CYz6EOPh^Onk#EUWHcwtK z(7$8qi8ZgD^Y84K>z8?pUJraqe~ZCT>#JuR8qCdaay~@Fx2|y9LS_7! /etc/cvmfs/default.local -CVMFS_QUOTA_LIMIT=10000 -CVMFS_HTTP_PROXY="DIRECT" -EOF -# mkdir -p /cvmfs/pilot.eessi-hpc.org - -%environment - export LC_ALL=C - -%files - cvmfs-config-eessi-0.1-all.deb /root From d23d031da484eed8d98159b62c11db3893c67ae6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bob=20Dr=C3=B6ge?= Date: Thu, 10 Sep 2020 12:27:03 +0200 Subject: [PATCH 13/13] Small fix in README --- containers/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/README.md b/containers/README.md index 046b333d..1317095b 100644 --- a/containers/README.md +++ b/containers/README.md @@ -32,7 +32,7 @@ Now start the container as a Singularity instance (which will run it like a serv singularity instance start EESSI-squid-proxy.sif cvmfs_proxy ``` -The last argument defines the name for this instance, which can be used to connect a shell (`singularity shell instance://cvmfs_proxy`) or stop the instance: +The last argument defines the name for this instance, which can be used to connect a shell (`singularity shell instance://cvmfs_proxy`) or to stop the instance: ``` singularity instance stop cvmfs_proxy ```