New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OverlayFS and 2.6.32-573 kernel #747
Comments
ruhroh. @gmkurtzer this probably needs priority attention! |
This is actually working only because you happen to be in a Docker container rather then an image. If you did this in an image, you would get a failure, but when run like this, Docker containers are just directories on the host system, and Singularity will indeed try to create the directory, and it works. The entire overlay workhorse code is wrapped in an You are right that you can use the registry to "fool" singularity into doing something that it wasn't intending which runs into a registry change where we can namespace key/values. |
@gmkurtzer thanks for the explanation. Perhaps it would be useful to make this functionality available to users in the future. |
@gmkurtzer I tried it today on singularity image and is working as well. 😆
Next, I transferred this image to cluster and run with bind and writable:
Sure, it doesn't work without writable. So why is this function disabled completely at build time? |
Are you asking why writable works? I would suggest trying to write to places (that you shouldn't have permission to). I don't think adding writable will kill a shell if you aren't root on a resource, but it will only give you "writable" to those places you have permission to write. |
No, the question is different. Singularity check OverlayFS at compile time and in our scenario is this functionality disabled. So any try to bind folder, that not exist inside the container is forbidden. But when I bypass the check I can use this bind inside Docker and Singularity image. Singularity creates this folder inside the image and then mount them. (if the image is writable) So why is this bind option disabled completely when I don't need OverlayFS for this? |
Hi @hra0031, I think I follow your point, and it is a good question with an unfortunate lack of a good answer. In short, running containers directly via a Docker URI is not the preferred workflow and as a result, the internal code is not optimized for that runtime condition. With that said, this is not a good excuse, so this will be considered a code fix for the next major version. Unfortunately, I can't slip it in as a point release because it will require a significant amount of code changes. To summarize: Creation of bind points should not be blindly skipped if overlay is not supported or enabled. It is quite possible for these bind points to be created if the file system is a non-persistent user owned directory (e.g. as is when invoking an action against a Docker URI). Greg |
@gmkurtzer Any update on creating bind points on the fly when a Docker URI is presented? |
The idea in issue #1207 would solve this problem. |
@dctrud Thank you for the pointer. In theory it is, as two CWL runners (the reference runner and Toil) want to mount in many paths that are not part of user provided Docker containers. Here's a typical
from I can canvass our mailing list to inquire further. How shall they indicate their interest, by 👍 on #1124 ? |
@dctrud Oh, is #1124 only for system wide bind paths, or would it work for the example above? |
@dctrud From my perspective, since |
Hey guys, I think this is solved in the 3.x series since we now support the underlay feature written by @DrDaveD |
@bauerm97 Yes, I think this thread is now obsolete. |
We are using CentOS 6.7/6.9 with kernel 2.6.32-573/2.6.32-696. This kernel doesn't have overlayfs.ko, but this functionality is really handy (we bind /scratch and /apps directories). This functionality is disabled by default because configure.ac don't find kernel module. When I study the source code I found a way to bypass the settings by setting the environment variable
SINGULARITY_OVERLAYFS_ENABLED=1
. In this case,OVERLAYFS_ENABLED
is propagated to the registry and the functionality is enabled.Version of Singularity:
Singularity 2.3/develop
Expected behavior
OverlayFS shouldn't work in that old kernel.
Actual behavior
It is working!
Steps to reproduce behavior
set env SINGULARITY_OVERLAYFS_ENABLED=1
The text was updated successfully, but these errors were encountered: