search

NERSC / podman-hpc

Other
34 stars 5 forks source link

Running a container as non-root and running into file permissions issues when on an interactive node #70

Closed etpalmer63 closed 1 year ago

etpalmer63 commented 1 year ago

Hi,

I'm trying to setup a container to run an application that has embedded OpenMPI 3.1 commands. Because this OpenMPI version requires mpirun to be run as non-root or requires a command line flag (which I am unable to add), I have been trying to build the container, provide the proper permissions and then run it as a non-root user but this fails due to file permissions.

On a Perlmutter login node, if I launch the container with:

epalmer@perlmutter:login25:/pscratch/sd/e/epalmer> $ podman-hpc run --rm -it --volume=/pscratch/sd/e/epalmer/orca_4_2_1_linux_x86-64_openmpi314:/orca --workdir=/orca --userns=keep-id localhost/epalmer:openmpi-316v3
epalmer@046a14b4ff90:~$

It works. But when I use the same command in an interactive node, it fails. 

epalmer@nid004212:/pscratch/sd/e/epalmer> podman-hpc run --rm -it --volume=/pscratch/sd/e/epalmer/orca_4_2_1_linux_x86-64_openmpi314:/orca --workdir=/orca --userns=keep-id localhost/epalmer:openmpi-316v3
Error: creating container storage: error during chown: storage-chown-by-maps: lgetxattr dev/full: permission denied: exit status 1

Here is the Dockerfile:

FROM ubuntu:20.04

ENV DEBIAN_FRONTEND noninteractive

RUN apt-get update && apt-get install -y build-essential apt-utils ssh gfortran

RUN cd / && wget https://www.open-mpi.org/software/ompi/v3.1/downloads/openmpi-3.1.6.tar.bz2 \
    && tar -xvjf openmpi-3.1.6.tar.bz2 && cd openmpi-3.1.6 \
    && ./configure --prefix=/usr --disable-builtin-atomics && make -j8 && make -i install \
    && rm -rf /openmpi-3.1.6 && rm -rf openmpi-3.1.6.tar.bz2

RUN chmod -R 777 /usr

RUN echo "--mca plm ^slurm" > /usr/etc/openmpi-mca-params.conf

If there is any other information that would be helpful, please let me know.

Thank you!

Erik

etpalmer63 commented 1 year ago

For NERSC people there is also a Slack chain here: https://nersc.slack.com/archives/C01AB3ADFKR/p1684960950455339

lastephey commented 1 year ago

Thanks Erik. Should hopefully be addressed by https://github.com/NERSC/podman-hpc/pull/71 🤞