-
Notifications
You must be signed in to change notification settings - Fork 182
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Process writes to host home directory which is mounted in the container #734
Comments
My analysis here would be that when running docker with the |
Does the allow to specify a custom location for the folder `.local`? IMO
would be the best solution.
…On Thu, Sep 3, 2020 at 3:35 PM Pontus Frehult ***@***.***> wrote:
My analysis here would be that when running docker with the -u $(id
-u):$(id -g), there is no user information available inside the
container, so $HOME will likely be set to /, and anything that relies on
creating stuff there should fail (this should also happen with Docker on
Linux as far as I can understand).
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#734 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAGHOSHUTGMK6SEKUNF7W43SD6LSHANCNFSM4QUYPFPA>
.
|
IMHO having the host home mounted and set as |
I also think pointing Configuring tools seems reliant on additional testing and seems an unnecessary introduction of disparities between various runtime environments (docker, singularity, conda). As mentioned, tools reading rec files can break reproducibility in a way that seems difficult to handle well in testing. |
This looks very similar to an issue mentioned on Slack by @maxibor @skrakau - did you try creating an empty directory in the container and then setting the
If this is a general solution for this problem then we could add this to the nf-core base docker image that all other custom images are built from and it should work for everyone. Maybe. Might cause other problems. |
For consistency (with respect to not reading random configuration files), it's probably desirable to have docker and singularity behave similarly (ignore bound directories/set up home). That likely means a static solution runs into issues with read-only mounts for other engines (e.g. singularity). I'm not sure if we could set something up that will be sourced by the called process, but don't immediately see a solution to do it for docker. |
Hi, within the
epitopeprediction
pipeline, the toolmhcflurry
tries to create a folder within theHOME
directory to store some downloaded data:With the
Docker
profile on Mac this causes apermission denied
error, becausemhcflurry
tries to create the folder/.local
(I am not sure, why in this case it does not use the home directory, @apeltzer mentioned it could be a Mac specific problem). In the past, for some pipelines the same problem was addressed by uncommenting thedocker.runOptions = '-u \$(id -u):\$(id -g)'
line in thenextflow.config
(Add docker.runOptions to avoid memory swap error #351, [FIX] mhcflurry /.local permission error mhcquant#104). By this, the commands will be executed as root again, preventing this particularpermission denied
error, but maybe also giving raise to other errors again (Add docker.runOptions to avoid memory swap error #351). (Another solution for this particular problem is Fix mhcflurry docker permission problem epitopeprediction#52)With Singularity the folder
.local
is created in the actual hostHOME
directory, and everything seems smooth on the first view.However, the fact that the host
HOME
directory is included into the container, allowing tools to actually write to and read from it, potentially unnoticed, is from a reproducibility perspective not ideal and should probably be avoided.See also a longer discussion by @lkuchenb, @drpatelh, @pontus and @pditommaso about this topic on the slack help channel.
The text was updated successfully, but these errors were encountered: