# Application Containers 

Application Containers such as Docker and Singularity are an attractive way to to package software with complex dependencies to be used during workflow execution. Use of containers ensures that your application code always sees the same runtime environment, when a job in your workflow runs on a remote worker node. It minimizes the chances of running into errors related to differing versions of dependant libraries installed on the worker nodes where the jobs of your workflow run. Additonally, use of containers promotes reproducibility as they provide a fully defined and reproducible environment in which your jobs run.

This section of the tutorial will explain how you can specify a **Docker** container in Pegasus, to indicate the container in which the jobs of your workflow run.

## Diamond Workflow with Containers

This notebook will generate the **diamond workflow** that we used in Exercise 1. Instead of executing the executables directly on the worker node, we will specify a **base container image** in which the executables defined in the Transformation Catalog should execute in. 

![Diamond Workflow](../images/diamond.svg)

 
## 1. Docker Container Notes

The Docker image we use for this exercise is a minimal image based on Ubuntu bionic, and includes a python3 install in it.

This image is approximately 100MB in size, and is well suited for use in a tutorial setting. The image can be found on DockerHub [here] (https://hub.docker.com/repository/docker/karanvahi/pegasus-tutorial-minimal).


### Dockerfile

Containers are accompanied by a recipe file that contains instructions on how to build the container. Using the container technology specific build commands, you can then build the container locally and even push to a remote repositing In case of Docker, this recipe file is called a ***Dockerfile*** and images are built using ***docker build*** command. 

The associated Dockerfile is shown below
<br>
```
FROM ubuntu:bionic

RUN groupadd --gid 808 scitech-group
RUN useradd --gid 808 --uid 550 --create-home --password '$6$ouJkMasm5X8E4Aye$QTFH2cHk4b8/TmzAcCxbTz7Y84xyNFs.gqm/HWEykdngmOgELums1qOi3e6r8Z.j7GEA9bObS/2pTN1WArGNf0' scitech


RUN apt-get update && apt-get install -y --no-install-recommends \
    python3 \
    wget \
    && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

# CA certs
RUN mkdir -p /etc/grid-security && \
    cd /etc/grid-security && \
    wget -nv --no-check-certificate https://download.pegasus.isi.edu/containers/certificates.tar.gz && \
    tar xzf certificates.tar.gz && \
    rm -f certificates.tar.gz


```

The first line in the file containers the FROM instruction, which specifies the Base image from which we are building our container image. In this case, we are basing our image on a public Ubuntu bionic image. The subsequent RUN commands in the file indicate the steps/commands to execute to install software, additional libraries etc. Specifically for this image we do

- add a user scitech to the image.
- install python3 that is required 
- wget a command line tool to retrieve data over http
- setup CA certificates in the container image
 
### Building your own container

For this exercise, the container is already built and availble on DockerHub. However, we do include the Dockerfile in this folder, for you to build your own container. 

```bash
$ docker build --tag <username>/pegasus-tutorial-minimal -f Dockerfile.minimal .

[+] Building 1.5s (11/11) FINISHED                                                                                                          
 => [internal] load build definition from Dockerfile.minimal    0.0s
 => => transferring dockerfile: 46B                             0.0s
 => [internal] load .dockerignore                               0.0s
 => => transferring context: 2B                                 0.0s
 => [internal] load metadata for docker.io/library/ubuntu:bionic 1.4s
 => [1/7] FROM docker.io/library /ubuntu:bionic@sha256:478caf1bec1afd54a58435ec681c8755883b7eb843a8630091890130b15a79af                 0.0s
 => CACHED [2/7] RUN groupadd --gid 808 scitech-group            0.0s
 => CACHED [3/7] RUN useradd --gid 808 --uid 550 --create-home --password 'xxx' 0.0s
 => CACHED [4/7] RUN apt-get update && apt-get install -y --no-install-recommends     python3     wget     &&     apt-get clean &&     0.0s
 => CACHED [5/7] RUN mkdir -p /etc/grid-security &&     cd /etc/grid-security &&     wget -nv --no-check-certificate https://download  0.0s
 => CACHED [6/7] RUN echo -e "scitech ALL=(ALL)       NOPASSWD:ALL\n" >> /etc/sudoers      0.0s
 => exporting to image       0.0s
 => => exporting layers        0.0s
 => => writing image sha256:302647114737b17e2d6cc4edb542542f0dca27b5a810c6da957e442e7bb94332                                           0.0s
 => => naming to docker.io/<username>/pegasus-tutorial-minimal                  
```

In the above command replace <username> with your DockerHub user name.
    
After running the above command, you have the container locally built on your machine. You can check the size of the image by running the following command
    
```bash
$  docker image ls <username>i/pegasus-tutorial-minimal  
REPOSITORY                           TAG       IMAGE ID       CREATED        SIZE
<username>/pegasus-tutorial-minimal   latest    302647114737   24 hours ago   94.6MB    
```

### Pushing your container to Docker Hub

Docker Hub is an online repository where users push and share their container images. You can specify container images in a Docker Hub for your workflow to use for running jobs. Below is a brief series of steps that you need to do to push your built image to a repostory. Complete instructions can be found [here](https://docs.docker.com/docker-hub/repos/). 

1. Create a repository with the same name in the web interface by logging on to Docker Hub. In this case, you will create an empty public repository with the name ***pegasus-tutorial-minimal***.

2. Login to Docker Hub on the command line
  ```bash
  $ docker login
    Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
    Username: <username>   
    Password: 
    Login Succeeded
  ```
    
3. Once logged in you can push the locally built container using docker push command
    ```bash
    $ docker push <username>/pegasus-tutorial-minimal
    Using default tag: latest
The push refers to repository [docker.io/karanvahi/pegasus-tutorial-minimal]
5f70bf18a086: Mounted from localstack/localstack 
57efc43f999d: Pushed 
49a250fa7278: Pushed 
e78401c15cc7: Pushed 
137e6caf5967: Pushed 
5edeecf7c3a8: Pushed 
95129a5fe07e: Mounted from library/ubuntu 
latest: digest: sha256:4ee35dc2b527759d574d36339f5bb8fa26fb57d31213de0ac01cad56b8a9b444 size: 1779

    ```
 
**Note:** In the above commands replace <username> with your Docker Hub username.

## 2. Import Python API, Setup Logging and  Replica Catalog

The steps to import the python API, setup logging and configuring the Replica Catalog is exactly the same as Exercise 1. We 

In [None]:
from Pegasus.api import *
from pathlib import Path

import logging

logging.basicConfig(level=logging.DEBUG)

# --- Properties ---------------------------------------------------------------
props = Properties()
props["pegasus.monitord.encoding"] = "json"                                                                    
props["pegasus.catalog.workflow.amqp.url"] = "amqp://friend:donatedata@msgs.pegasus.isi.edu:5672/prod/workflows"
props["pegasus.mode"] = "tutorial" # speeds up tutorial workflows - remove for production ones
props.write() # written to ./pegasus.properties 

with open("f.a", "w") as f:
    f.write("This is the contents of the input file for the diamond workflow!")
    
# --- Replicas -----------------------------------------------------------------
fa = File("f.a").add_metadata(creator="ryan")
rc = ReplicaCatalog()\
    .add_replica("local", fa, Path(".").resolve() / "f.a")\
    .write() # written to ./replicas.yml 

Lets crosscheck to see if the Replica Catalog file is created correctly

In [None]:
!cat replicas.yml

## 3. Transformation Catalog: Specify the Container for the jobs

Users have the option of either using a different container for each executable or same container for all executables. When using containers with Pegasus you have two options

1. The container has your executables pre installed. In that case in your transformation catalog, you specify the PFN as the path in the container where your executable is accessible

2. The other case, is you are using a generic baseline container and want to let Pegasus stage your executables in at runtime. To do that you can mark the executable as **stageable** (is_stageable as True) and Pegasus will stage the executable into the container, as part of executable staging.

In the example below, we are indicating that the preprocess, findrange and analyze executables need a container named *base_container* to run. However, we are going to let Pegasus stage them into container when your workflow runs from their location on site `condorpool` .

In [None]:
# --- Container ----------------------------------------------------------

base_container = Container(
                  "base-container",
                  Container.DOCKER,
                  image="docker://karanvahi/pegasus-tutorial-minimal"
    
                  # comment out the location below (and comment the above location) 
                  # if you run into docker rate pull limits. Do this if your  
                  # workflow fails on the first try with stage-in jobs fail 
                  # with error like ERROR: toomanyrequests: Too Many Requests. OR
                  # You have reached your pull rate limit. You may increase 
                  # the limit by authenticating and upgrading: 
                  # ttps://www.docker.com/increase-rate-limits. 
                  # You must authenticate your pull requests.
                  #
                  # This is why Pegasus supports tar files of containers, 
                  # and also ensures the pull from a docker hub happens only 
                  # once per workflow
    
                  #image="http://download.pegasus.isi.edu/pegasus/tutorial/pegasus-tutorial-minimal.tar.gz"
               )

# --- Transformations ----------------------------------------------------------
preprocess = Transformation(
                "preprocess",
                site="condorpool",
                pfn="/usr/bin/pegasus-keg",
                is_stageable=True,
                container=base_container,
                arch=Arch.X86_64,
                os_type=OS.LINUX
            ).add_profiles(Namespace.CONDOR, request_disk="120MB")

findrange = Transformation(
                "findrange",
                site="condorpool",
                pfn="/usr/bin/pegasus-keg",
                is_stageable=True,
                container=base_container,
                arch=Arch.X86_64,
                os_type=OS.LINUX
            ).add_profiles(Namespace.CONDOR, request_disk="120MB")

analyze = Transformation(
                "analyze",
                site="condorpool",
                pfn="/usr/bin/pegasus-keg",
                is_stageable=True,
                container=base_container,
                arch=Arch.X86_64,
                os_type=OS.LINUX
            ).add_profiles(Namespace.CONDOR, request_disk="120MB")

tc = TransformationCatalog()\
    .add_containers(base_container)\
    .add_transformations(preprocess, findrange, analyze)\
    .write() # ./written to ./transformations.yml

In [None]:
!cat transformations.yml

As you can see above, the container is listed once, and multiple transformations can refer to the same container.

Some attributes to keep an eye out for
- *name*  the name assigned to the container that is used as a reference handle when describing executables in Transformation

- *type*  type of Container. Usually is Dokcer or Singularity

- *image* - URL to image in a docker|singularity hub or URL to an existing docker image exported as a tar file or singularity image.  

## 4. Create the Workflow

In [None]:
# --- Workflow -----------------------------------------------------------------
wf = Workflow("blackdiamond")

fb1 = File("f.b1")
fb2 = File("f.b2")
job_preprocess = Job(preprocess)\
                    .add_args("-a", "preprocess", "-T", "3", "-i", fa, "-o", fb1, fb2)\
                    .add_inputs(fa)\
                    .add_outputs(fb1, fb2)

fc1 = File("f.c1")
job_findrange_1 = Job(findrange)\
                    .add_args("-a", "findrange", "-T", "3", "-i", fb1, "-o", fc1)\
                    .add_inputs(fb1)\
                    .add_outputs(fc1)

fc2 = File("f.c2")
job_findrange_2 = Job(findrange)\
                    .add_args("-a", "findrange", "-T", "3", "-i", fb2, "-o", fc2)\
                    .add_inputs(fb2)\
                    .add_outputs(fc2)

fd = File("f.d")
job_analyze = Job(analyze)\
                .add_args("-a", "analyze", "-T", "3", "-i", fc1, fc2, "-o", fd)\
                .add_inputs(fc1, fc2)\
                .add_outputs(fd)

wf.add_jobs(job_preprocess, job_findrange_1, job_findrange_2, job_analyze)

In [None]:
try:
    wf.write()
    wf.graph(include_files=True, label="xform-id", output="graph.png")
except PegasusClientError as e:
    print(e)

In [None]:
# view rendered workflow
from IPython.display import Image
Image(filename='graph.png')

## 5. Run the Workflow

When working in Python, we can just use the reference do the `Workflow` object, you can plan, run, and monitor the workflow directly. These are wrappers around Pegasus CLI tools, and as such, the same arguments may be passed to them. 

**Note that the Pegasus binaries must be added to your PATH for this to work.**

Please wait for the progress bar to indicate that the workflow has finished.

In [None]:
try:
    wf.plan(submit=True)\
        .wait()
except PegasusClientError as e:
    print(e)


Note the line in the output that starts with pegasus-status, contains the command you can use to monitor the status of the workflow. We will cover this command line tool in the next couple of notbooks. The path it contains is the path to the submit directory where all of the files required to submit and monitor the workflow are stored. For now we will just continue to use the Python `Workflow` object.

## 6. Statistics

In [None]:
try:
    wf.statistics()
except PegasusClientError as e:
    print(e)

## 7. Container Setup on a Worker Node

Now that we have been able to run the workflow succesfully, lets look beneath the covers to see how a job that has to run in a container gets setup on a worker node. The container setup for a job happens within PegasusLite, a light-weight Pegasus remote execution engine which wraps the user task on the remote worker node when a job is scheduled to the node. 

PegasusLite is responsible for figuring out the appropriate job directory in which the job executes, staging-in datasets that a job requires, launching the job, staging-out data, and cleaning up the job directory.

![Container Setup in PegasusLite](../images/container-host.png)

To see how Pegasus handled the container in this case, let’s look at some plumbing for one of the `analyze` job. The HTCondor submit file can be seen with:

```bash
$ cat `find scitech/pegasus/blackdiamond/run0001 -name analyze_ID0000004.sub`
```

Look  at the transfer_input_files attribute line, and specifically for the `base-container` file. It is transferred together with all the other inputs for the job.


transfer_input_files = analyze,f.c2,f.c1,**base-container**,..

Looking at the corresponding .sh file we can see how Pegasus executed the container by invoking `docker run` on a script written out at runtime.

In [None]:
!cat `find scitech/pegasus/blackdiamond/run0001 -name analyze_ID0000004.sub`

## 8. What's Next?

Next Notebook is `05-Summary`, that summarizes what we have learnt so far.
To continue learning about advanced topics please open the notebook in `06-Advanced-Topics/` to learn about application checkpointing.