Docker: Difference between revisions
(Clarify usage in deployed env) |
|||
(16 intermediate revisions by 5 users not shown) | |||
Line 24: | Line 24: | ||
= Installing Docker from a deployed node = | = Installing Docker from a deployed node = | ||
In addition to the standard environment, g5k-setup-docker works with the environments ''' | In addition to the standard environment, g5k-setup-docker works with the environments '''debian11-nfs''' and '''debian11-big''' (as well as with '''debian10-nfs''' and '''debian10-big'''). | ||
Reserve a node, [[Getting_Started#Deploying_your_nodes_to_get_root_access_and_create_your_own_experimental_environment|deploy an environment]], connect to the node and run the script as root with its full path: | Reserve a node, [[Getting_Started#Deploying_your_nodes_to_get_root_access_and_create_your_own_experimental_environment|deploy an environment]], connect to the node and run the script as root with its full path: | ||
Line 32: | Line 32: | ||
You can also use the <code>-t</code> option to store docker images in <code>/tmp/</code> to have more space, but be aware that everything will be deleted if you reboot the node. | You can also use the <code>-t</code> option to store docker images in <code>/tmp/</code> to have more space, but be aware that everything will be deleted if you reboot the node. | ||
= | = Installing nvidia-docker = | ||
On nodes with one or more GPUs, you may want to use Nvidia's Docker container images (e.g. see [https://www.nvidia.com/en-us/gpu-cloud/containers/]). To do so, you have to install Nvidia's [https://github.com/nvidia/nvidia-docker nvidia-docker]. | |||
To ease this task, Grid'5000 provides a script to automate the installation. Just run : | |||
{{Term|location=node| cmd=<code class="command">g5k-setup-nvidia-docker</code> <code>-t</code>}} | {{Term|location=node| cmd=<code class="command">g5k-setup-nvidia-docker</code> <code>-t</code>}} | ||
Options are the same as the | Options are the same as with the <code>g5k-setup-docker</code> script presented above. Please note that you can use <code>g5k-setup-docker</code> or <code>g5k-setup-nvidia-docker</code>, but not both all together. | ||
You can check that nvidia-docker is working using the following command: | |||
= | {{Term|location=node| cmd=<code class="command">docker run --gpus all ubuntu:22.04 nvidia-smi</code>}} | ||
= | = Using docker-cache.grid5000.fr = | ||
Due do the rate limiting of docker hub you might experience some troubles to fetch images. As a result you can use docker-cache.grid5000.fr which is a registry mirror. | |||
To enable the use of the cache from a Grid'5000 node (as ''root'' or using ''sudo-g5k''), edit <code>/etc/docker/daemon.json</code> with: | |||
To | { | ||
"registry-mirrors": [ | |||
"http://docker-cache.grid5000.fr" | |||
] | |||
} | |||
then restart docker: | |||
systemctl restart docker | |||
'''Note''': This cache is automatically configured by <code>g5k-setup-docker</code>. | |||
= Logging in to dockerhub to bypass rate limiting = | |||
Even with the Grid'5000 docker cache, you can still be rate-limited by the dockerhub. | |||
To bypass the rate-limiting, you can associate the local docker daemon with your dockerhub account: | |||
* '''Generate a read-only token on dockerhub:''' https://hub.docker.com/settings/security?generateToken=true and select the "Public Repo Read-Only" permission | |||
* '''Use the token to login on your Grid'5000 machine:''' | |||
docker login -u yourlogin -p yourtoken | |||
The credentials will be saved in <code>~/.docker/config.json</code>. If you use your regular Grid'5000 account, then it will be saved in your shared NFS home, and it should be used by all your nodes. If you use the root account to SSH on your nodes, then you need to repeat this configuration on each node. | |||
If you | |||
= Avoid network conflict = | = Avoid network conflict = | ||
The default network used by docker is 172.16.0.1/16 which is use internally on Grid'5000 thus this can be a source of conflict. | The default network used by docker is 172.16.0.1/16 which is use internally on Grid'5000 thus this can be a source of conflict. | ||
If you want to avoid any conflict you can set an other network. On | If you want to avoid any conflict you can set an other network. On Debian you will have to edit /etc/default/docker and specify the network you want to use like this: | ||
DOCKER_OPTS="--bip=192.168.42.1/24" | DOCKER_OPTS="--bip=192.168.42.1/24" | ||
then restart the docker daemon. | |||
= Managing Docker images = | |||
One difficult aspect of using Docker is efficient images management, as it is often required to load such images on many nodes simultaneously. | |||
The following strategies are recommended to manage Docker images: | |||
To | == Use docker load/save == | ||
To load and save images quickly, we encourage you to use <code>docker load</code> and <code>docker save</code> commands, with .tar docker images stored in your Grid'5000 home. Users home are NFS mounted, with good network performance. | |||
; Example: | |||
{{Term|location=node1| | |||
cmd=<code class="command">docker pull</code> <code>alpine</code><br> | |||
<code class="command">docker save</code> <code>-o ~/alpine.tar alpine</code><br> | |||
}} | |||
{{Term|location=node2| | |||
cmd=<code class="command">docker load</code> <code>-i ~/alpine.tar</code><br> | |||
<code class="command">docker run</code> <code>-it alpine</code> | |||
}} | |||
== Use a persistent virtual machine to host your registry == | |||
If you want to benefit from a private registry with good network performance, and are ready to manually install your own registry, you can request a [[Persistent_Virtual_Machine|Persistent Virtual Machine]]. You can look at [http://vmware.github.io/harbor/ Harbor] or [http://port.us.org/ Portus] open source projects, in order to install your own registry. | |||
Latest revision as of 08:56, 29 June 2023
Note | |
---|---|
This page is actively maintained by the Grid'5000 team. If you encounter problems, please report them (see the Support page). Additionally, as it is a wiki page, you are free to make minor corrections yourself if needed. If you would like to suggest a more fundamental change, please contact the Grid'5000 team. |
Docker is a software technology that provides operating-system-level virtualization. In this page, we present some tools that are specifically designed to use Docker on Grid'5000.
Installing Docker from a node in the standard environment
You can install and use Docker from a node with the standard environment by following these instructions:
- Reserve a node
See Getting_Started for more reservation options.
- Install Docker from the standard environment
The script g5k-setup-docker, available from the standard environment, installs Docker locally and makes Docker commands available without user needing to log out (by giving read write permissions to the file /var/run/docker.sock)
The -t
option allows to use /tmp/
to store docker images, which is useful because /tmp/
has more disk space available. Technically speaking, it does a bind mount of /tmp/docker
on /var/lib/docker
.
- Run Docker
You can now check that Docker is up and running
Installing Docker from a deployed node
In addition to the standard environment, g5k-setup-docker works with the environments debian11-nfs and debian11-big (as well as with debian10-nfs and debian10-big).
Reserve a node, deploy an environment, connect to the node and run the script as root with its full path:
You can also use the -t
option to store docker images in /tmp/
to have more space, but be aware that everything will be deleted if you reboot the node.
Installing nvidia-docker
On nodes with one or more GPUs, you may want to use Nvidia's Docker container images (e.g. see [1]). To do so, you have to install Nvidia's nvidia-docker.
To ease this task, Grid'5000 provides a script to automate the installation. Just run :
Options are the same as with the g5k-setup-docker
script presented above. Please note that you can use g5k-setup-docker
or g5k-setup-nvidia-docker
, but not both all together.
You can check that nvidia-docker is working using the following command:
Using docker-cache.grid5000.fr
Due do the rate limiting of docker hub you might experience some troubles to fetch images. As a result you can use docker-cache.grid5000.fr which is a registry mirror.
To enable the use of the cache from a Grid'5000 node (as root or using sudo-g5k), edit /etc/docker/daemon.json
with:
{ "registry-mirrors": [ "http://docker-cache.grid5000.fr" ] }
then restart docker:
systemctl restart docker
Note: This cache is automatically configured by g5k-setup-docker
.
Logging in to dockerhub to bypass rate limiting
Even with the Grid'5000 docker cache, you can still be rate-limited by the dockerhub.
To bypass the rate-limiting, you can associate the local docker daemon with your dockerhub account:
- Generate a read-only token on dockerhub: https://hub.docker.com/settings/security?generateToken=true and select the "Public Repo Read-Only" permission
- Use the token to login on your Grid'5000 machine:
docker login -u yourlogin -p yourtoken
The credentials will be saved in ~/.docker/config.json
. If you use your regular Grid'5000 account, then it will be saved in your shared NFS home, and it should be used by all your nodes. If you use the root account to SSH on your nodes, then you need to repeat this configuration on each node.
Avoid network conflict
The default network used by docker is 172.16.0.1/16 which is use internally on Grid'5000 thus this can be a source of conflict.
If you want to avoid any conflict you can set an other network. On Debian you will have to edit /etc/default/docker and specify the network you want to use like this:
DOCKER_OPTS="--bip=192.168.42.1/24"
then restart the docker daemon.
Managing Docker images
One difficult aspect of using Docker is efficient images management, as it is often required to load such images on many nodes simultaneously. The following strategies are recommended to manage Docker images:
Use docker load/save
To load and save images quickly, we encourage you to use docker load
and docker save
commands, with .tar docker images stored in your Grid'5000 home. Users home are NFS mounted, with good network performance.
- Example
Use a persistent virtual machine to host your registry
If you want to benefit from a private registry with good network performance, and are ready to manually install your own registry, you can request a Persistent Virtual Machine. You can look at Harbor or Portus open source projects, in order to install your own registry.