search

rocker-org / rocker-versioned2

Run current & prior versions of R using docker. rocker/r-ver, rocker/rstudio, rocker/shiny, rocker/tidyverse, and so on.
https://rocker-project.org
GNU General Public License v2.0
409 stars 173 forks source link

Running the rstudio image in Openshift #747

Open priggad opened 8 months ago

priggad commented 8 months ago

Container image name

rocker/rstudio:4.3.2

Container image digest

ca8f94e1c482afe7c72c9904b4bdf79b6fdf2edf44a5c30b53469bb5f390e38f

What operating system related to this question?

Linux

System information

Openshift version: 4.13.27. OS version: Red Hat Enterprise Linux CoreOS 413.92.202312131705-0. Container runtime version: CRI-O 1.26.4-5.1.rhaos4.13.git969e013.el9

Question

Hi, I'm trying to run the rstudio container image on Openshift and get the following error: s6-overlay-preinit: fatal: unable to mkdir /var/run/s6: Permission denied Do you have support/any advise for running on Openshift?

A similar issue has been raised previously (https://github.com/rocker-org/rocker/issues/295) but it isn't clear to me that this was resolved?

eitsupi commented 8 months ago

I don't know about openshift but https://rocker-project.org/use/rootless-podman.html and https://rocker-project.org/use/singularity.html may help for rootless usage.

priggad commented 7 months ago

@eitsupi thank you for the response. I have been able to run the image as expected with podman on my local machine which is great. When I try to deploy a container to openshift using the same image I get the above permission error which I believe relates to the random UID assigned by openshift to run the container. I raised the question in the hope that either somebody had already found a way to around this problem or that the image could be updated to account for the constraints in an openshift environment.

vipulg13 commented 3 months ago

i am facing a similar issue. The workaround is to handle this at openshift SCC level, however, this makes the environment less secure, which is not a nice thing. It would be great to having a solution at build level itself.

nathanweeks commented 1 month ago

I don't know about openshift but https://rocker-project.org/use/rootless-podman.html and https://rocker-project.org/use/singularity.html may help for rootless usage.

The security constraints imposed by OpenShift are similar to what unprivileged users on a typical HPC cluster would be subject to, and the approach for running Rocker RStudio Server with SingularityCE/Apptainer (invoking rserver directly) can be used with OpenShift, though it's a bit clunky:

https://nerc-project.github.io/nerc-docs/openshift/applications/creating-your-own-developer-catalog-service/

Alternatively, there is some recent support for RStudio Server in Red Hat OpenShift AI (if your institution has paid for Red Hat OpenShift AI):

https://docs.redhat.com/en/documentation/red_hat_openshift_ai_cloud_service/1/html-single/getting_started_with_red_hat_openshift_ai_cloud_service/index#building-the-rstudio-server-workbench-images_get-started