Per-user packages

[achimnol]

There are many customer requests to preserve the home directory contents, mainly user-installed packages.

The problem is, since our home directories are bind-mounted from each agent's scratch directory, they are not present in Docker images even we perform docker commit against running sessions. The technical reasons to use scratch directories are: 1) better I/O performance, 2) agent customization of home directory before starting containers, and 3) enforcement of quota limits.

Another problem is that some customer sites do not allow use of per-user vfolders due to their organizational policy, though we are offering auto-mounts of dot-prefixed per-user vfolders (e.g., .local and .ssh) if present to all sessions (#57) as an alternative to the above problem.

This issue tackles the first problem: per-user packages.

It is difficult not to use the scratch directories because #98 and many other Backend.AI features (lablup/backend.ai-manager#211, #77, ...) rely on pre-population of the scratch (=home) directory before container starting.

Automatically mapping .local vfolder for each user and each kernel image may be a technically viable solution as @inureyes proposed, but this can be quickly bloated when users import custom images frequently and images are updated frequently, and also it violates the limitation imposed by the second problem since there is no way to restrict filesystem access by the purpose (e.g., installation of packages).

Let's discuss ideas for making user-install packages persistent across different sessions.

┆Issue is synchronized with this Asana task by Unito

[achimnol]

@inureyes' 2nd idea:

• Let's extend auto-mounting of dot-prefixed vfolders to group vfolders. For instance, when each group has a vfolder named .local and a user spawns a new container in this group, create a user-specific directory under the group .local vfolder and mount that directory (instead of the vfolder's root) into /home/work/.local of the container.
  • This way, administrators can inspect and control the usage of this vfolder just like other group vfolder.
  • We can satisfy the restriction policy for personal vfolders still.
  • If there are both group and user vfolders in the same name, the user vfolder has precedence. (Note that this feature will be mainly used by customer sites with the user vfolder restriction policy)

[achimnol]

After resolving the vfolder issue, we need the followings in the docs/manuals:

• How to install per-user deb/rpm packages
• How to use linuxbrew
• How to use conda as a user-specific package manager

[achimnol]

For now, let's just auto-mount an auto-created sub-directory for the user ID in the group-level dot-prefixed vfolders when there is no corresponding user-level dot-prefixed vfolders.

e.g., When there is a group vfolder .local whose real path is /mnt/vfroot/vhost/abcdef, create a subdirectory /mnt/vfroot/vhost/abcdef/username and mount it as /home/work/.local.

[achimnol]

Tracked by OP#106

[achimnol]

Resolved with lablup/backend.ai-manager#224.