diff options
author | Vanessasaurus <814322+vsoch@users.noreply.github.com> | 2021-06-17 18:15:22 -0600 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-06-17 17:15:22 -0700 |
commit | e7ac422982c70887a5039f994f77f79fc595eaa5 (patch) | |
tree | 1fda98ba22000474ad4c54c644a58c67fcfa4ca2 /share | |
parent | e916b699eef9a1ce264699e6bf314fc98566f4e1 (diff) | |
download | spack-e7ac422982c70887a5039f994f77f79fc595eaa5.tar.gz spack-e7ac422982c70887a5039f994f77f79fc595eaa5.tar.bz2 spack-e7ac422982c70887a5039f994f77f79fc595eaa5.tar.xz spack-e7ac422982c70887a5039f994f77f79fc595eaa5.zip |
Adding support for spack monitor with containerize (#23777)
This should get us most of the way there to support using monitor during a spack container build, for both Singularity and Docker. Some quick notes:
### Docker
Docker works by way of BUILDKIT and being able to specify --secret. What this means is that you can prefix a line with a mount of type secret as follows:
```bash
# Install the software, remove unnecessary deps
RUN --mount=type=secret,id=su --mount=type=secret,id=st cd /opt/spack-environment && spack env activate . && export SPACKMON_USER=$(cat /run/secrets/su) && export SPACKMON_TOKEN=$(cat /run/secrets/st) && spack install --monitor --fail-fast && spack gc -y
```
Where the id for one or more secrets corresponds to the file mounted at `/run/secrets/<name>`. So, for example, to build this container with su (spackmon user) and sv (spackmon token) defined I would export them on my host and do:
```bash
$ DOCKER_BUILDKIT=1 docker build --network="host" --secret id=st,env=SPACKMON_TOKEN --secret id=su,env=SPACKMON_USER -t spack/container .
```
And when we add `env` to the secret definition that tells the build to look for the secret with id "st" in the environment variable `SPACKMON_TOKEN` for example.
If the user is building locally with a local spack monitor, we also need to set the `--network` to be the host, otherwise you can't connect to it (a la isolation of course.)
## Singularity
Singularity doesn't have as nice an ability to clearly specify secrets, so (hoping this eventually gets implemented) what I'm doing now is providing the user instructions to write the credentials to a file, add it to the container to source, and remove when done.
## Tags
Note that the tags PR https://github.com/spack/spack/pull/23712 will need to be merged before `--monitor-tags` will actually work because I'm checking for the attribute (that doesn't exist yet):
```bash
"tags": getattr(args, "monitor_tags", None)
```
So when that PR is merged to update the argument group, it will work here, and I can either update the PR here to not check if the attribute is there (it will be) or open another one in the case this PR is already merged.
Finally, I added a bunch of documetation for how to use monitor with containerize. I say "mostly working" because I can't do a full test run with this new version until the container base is built with the updated spack (the request to the monitor server for an env install was missing so I had to add it here).
Signed-off-by: vsoch <vsoch@users.noreply.github.com>
Co-authored-by: vsoch <vsoch@users.noreply.github.com>
Diffstat (limited to 'share')
-rwxr-xr-x | share/spack/spack-completion.bash | 2 | ||||
-rw-r--r-- | share/spack/templates/container/Dockerfile | 2 | ||||
-rw-r--r-- | share/spack/templates/container/singularity.def | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/share/spack/spack-completion.bash b/share/spack/spack-completion.bash index 8b41436283..26dd77aeed 100755 --- a/share/spack/spack-completion.bash +++ b/share/spack/spack-completion.bash @@ -703,7 +703,7 @@ _spack_config_revert() { } _spack_containerize() { - SPACK_COMPREPLY="-h --help" + SPACK_COMPREPLY="-h --help --monitor --monitor-save-local --monitor-no-auth --monitor-tags --monitor-keep-going --monitor-host --monitor-prefix" } _spack_create() { diff --git a/share/spack/templates/container/Dockerfile b/share/spack/templates/container/Dockerfile index 3623a7ba0b..875702979d 100644 --- a/share/spack/templates/container/Dockerfile +++ b/share/spack/templates/container/Dockerfile @@ -14,7 +14,7 @@ RUN mkdir {{ paths.environment }} \ {{ manifest }} > {{ paths.environment }}/spack.yaml # Install the software, remove unnecessary deps -RUN cd {{ paths.environment }} && spack env activate . && spack install --fail-fast && spack gc -y +RUN {% if monitor.enabled %}--mount=type=secret,id=su --mount=type=secret,id=st{% endif %} cd {{ paths.environment }} && spack env activate . {% if not monitor.disable_auth %}&& export SPACKMON_USER=$(cat /run/secrets/su) && export SPACKMON_TOKEN=$(cat /run/secrets/st) {% endif %}&& spack install {% if monitor.enabled %}--monitor {% if monitor.prefix %}--monitor-prefix {{ monitor.prefix }} {% endif %}{% if monitor.tags %}--monitor-tags {{ monitor.tags }} {% endif %}{% if monitor.keep_going %}--monitor-keep-going {% endif %}{% if monitor.host %}--monitor-host {{ monitor.host }} {% endif %}{% if monitor.disable_auth %}--monitor-disable-auth {% endif %}{% endif %}--fail-fast && spack gc -y {% if strip %} # Strip all the binaries diff --git a/share/spack/templates/container/singularity.def b/share/spack/templates/container/singularity.def index 33d775b024..de0392b718 100644 --- a/share/spack/templates/container/singularity.def +++ b/share/spack/templates/container/singularity.def @@ -21,7 +21,7 @@ EOF # Install all the required software . /opt/spack/share/spack/setup-env.sh spack env activate . - spack install --fail-fast + spack install {% if monitor.enabled %}--monitor {% if monitor.prefix %}--monitor-prefix {{ monitor.prefix }} {% endif %}{% if monitor.tags %}--monitor-tags {{ monitor.tags }} {% endif %}{% if monitor.keep_going %}--monitor-keep-going {% endif %}{% if monitor.host %}--monitor-host {{ monitor.host }} {% endif %}{% if monitor.disable_auth %}--monitor-disable-auth {% endif %}{% endif %}--fail-fast spack gc -y spack env deactivate spack env activate --sh -d . >> {{ paths.environment }}/environment_modifications.sh |