Minimizing privilege for building HPC containers

04/15/2021
by   Reid Priedhorsky, et al.
0

HPC centers face increasing demand for software flexibility, and there is growing consensus that Linux containers are a promising solution. However, existing container build solutions require root privileges and cannot be built directly on HPC resources. This limitation is compounded as supercomputer diversity expands and HPC architectures become more dissimilar from commodity computing resources. Our evaluation of available options suggests this problem can best be solved with low-privilege containers. We detail Linux kernel features for varying container privilege and compare two open-source implementations, mostly-unprivileged rootless Podman and fully-unprivileged Charliecloud. Our analysis demonstrates that low-privilege container build on HPC resources works now and will continue to improve, giving normal users a better workflow to securely and correctly build containers. Minimizing privilege in this way can improve HPC user and developer productivity as well as reduce support workload for exascale applications.

READ FULL TEXT

Authors

page 7

12/19/2017

Docker-Enabled Build and Execution Environment (BEE): an Encapsulated Environment Enabling HPC Applications Running Everywhere

Variations in High Performance Computing (HPC) system software configura...
06/26/2021

Exploring Spatial Indexing for Accelerated Feature Retrieval in HPC

Despite the critical role that range queries play in analysis and visual...
12/16/2020

Container Orchestration on HPC Systems

Containerisation demonstrates its efficiency in application deployment i...
10/11/2021

Deploying Containerized QuantEx Quantum Simulation Software on HPC Systems

The simulation of quantum circuits using the tensor network method is ve...
06/18/2018

AccaSim: a Customizable Workload Management Simulator for Job Dispatching Research in HPC Systems

We present AccaSim, a simulator for workload management in HPC systems. ...
08/31/2019

Detecting Covert Cryptomining using HPC

Cybercriminals have been exploiting cryptocurrencies to commit various u...
10/09/2020

Analyzing HPC Support Tickets: Experience and Recommendations

High performance computing (HPC) user support teams are the first line o...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.