koomie
commented
6 years ago Thank you for the submission. The TSC has recommended acceptance of Charliecloud with the packaging and testing collateral to rely on user namespaces and not a setuid binary.
Closed reidpr closed 6 years ago
koomie
commented
6 years ago Thank you for the submission. The TSC has recommended acceptance of Charliecloud with the packaging and testing collateral to rely on user namespaces and not a setuid binary.
Software Name
Charliecloud
Public URL
https://hpc.github.io/charliecloud/
Technical Overview
Charliecloud provides user-defined software stacks (UDSS) for high-performance computing (HPC) centers. This “bring your own software stack” functionality addresses needs such as:
Charliecloud uses Linux user namespaces to run containers with no privileged operations or daemons and minimal configuration changes on center resources. This simple approach avoids most security risks while maintaining access to the performance and functionality already on offer.
Container images can be built using Docker or anything else that can generate a standard Linux filesystem tree.
Because user namespaces are available only in newer kernel versions, an experimental setuid mode is also provided to let sites evaluate Charliecloud even if they do not have user namespace-capable kernels readily available.
Further information:
Charliecloud introduces new functionality to OpenHPC by providing a lightweight option for running containers.
Latest stable version number
The latest version is 0.2.2, but we keep GitHub master stable. 0.2.3 or higher will certainly be available by the time this would be included.
Open-source license type
Apache 2
Relationship to component?
If other, please describe: Project lead (BDFL)
Build system
If other, please describe: manually maintained Makefiles (they are short)
Does the current build system support staged path installations? For example:
make install DESTIR=/tmp/foo(or equivalent)Does component run in user space or are administrative credentials required?
Admin privileges are required for some (but not all) container build procedures, e.g. Docker. However, this takes place on non-HPC center resources. HPC resources don't run any privileged code.
Does component require post-installation configuration.
If component is selected, are you willing and able to collaborate with OpenHPC maintainers during the integration process?
Does the component include test collateral (e.g. regression/verification tests) in the publicly shipped source?
If yes, please briefly describe the intent and location of the tests.
We have regression tests to verify the functionality and security of Charliecloud itself and demonstrate that all the example applications work. It's roughly
cd test && make test-all.See https://hpc.github.io/charliecloud/install.html#test-charliecloud for further details.
Does the component have additional software dependencies (beyond compilers/MPI) that are not part of standard Linux distributions?
If yes, please list the dependencies and associated licenses.
Charliecloud requires either (1) a kernel with user namespaces enabled or (2) willingness to install a setuid-root binary. Appropriate kernels are in most current distributions, but RHEL/CentOS 7 lags. RHEL/CentOS 7.4 has the necessary support in the stock kernel but requires configuration into a "technology preview" support level. One can also install third-party kernels (e.g. from ElRepo) for RHEL/CentOS 7.x.
Does the component include online or installable documentation?
If available online, please provide URL.
https://hpc.github.io/charliecloud
[Optional]: Would you like to receive additional review feedback by email?
- [x] yes - [ ] no