Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVMFS container publishing/conversion system #56

Open
rptaylor opened this issue Feb 2, 2021 · 4 comments
Open

CVMFS container publishing/conversion system #56

rptaylor opened this issue Feb 2, 2021 · 4 comments
Assignees
@rptaylor
Labels
enhancement New feature or request

Comments

@rptaylor
Copy link
Contributor

rptaylor commented Feb 2, 2021

We could deploy an automated container publishing/conversion system , called DUCC.

Some info:

Basically takes a list of images in any external registry (Dockerhub, whatever) as input, and produces Singularity sandbox images on a CVMFS repo as output (as well as layers related to OCI format on CVMFS, which can be used by containerd and Docker, which is useful for Kubernetes).

I set up a PoC a couple years ago but haven't touched it recently. We could discuss whether it would be useful to have this as a production service.
@mboisson
Copy link
Member

This has the backing of the RSNT (meeting 20200212).

@mboisson mboisson added the enhancement New feature or request label Feb 12, 2021
@mboisson
Copy link
Member

Following discussions, the CVMFS team will setup a repository for this as well as a VM to automatically populate the repository with container images. Once the mechanism is in place, the RSNT will work on the policy and mechanism to dictate which image gets pushed to CVMFS, probably through a list in a git repository and some mechanism around merge requests.

@mboisson
Copy link
Member

Notes from the meeting :

- Companion tool to CVMFS
- Can run on a cron job
- Takes a list of images (dockerhub, gitlab, etc.), transforms them to singularity
- Can be versioned
- Example : `ls /cvmfs/unpacked.cern.ch/registry.hub.docker.com/atlas/  -l` 
- A VM would have publishing access to a separate repository. We would make a merge request to update the list of images to publish
- Paul: Does removing an image from the list remove it from CVMFS ?
- RT: no but there is a ducc garbage-collection command to remove layers not referenced by images in the current list anymore. Could automate with cron if needed.
- Paul: How do we make them usable by users, and how do we track usage ?
- RT: Singularity wrapper could be good idea to track
- Doug: Is there a way to put this in the hands of the users ? 
-- Maxime/Paul: Staff should have vetting. Some images could be private, some images could be too big, etc. 
-- RT: Could allow users to submit git issue or MR if you want (for RSNT approval)

@mboisson mboisson mentioned this issue Oct 18, 2022
Closed
6 tasks
@rptaylor
Copy link
Contributor Author

For this we will have to wait until ~ CVMFS 2.11 for the Container Tools to support publishing via a gateway.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rptaylor rptaylor

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rptaylor @mboisson