Implementing Docker Group using Centrify

Why Privilege Access For Docker Container?

Taken from Centrify HOWTO: Secure container/docker environments by managing privileges for admins and users

“To perform any docker operation, you need to either be root or part of a local group, ‘docker’, on your Linux machine. Why is that? Because access into a docker container is via a UNIX socket and any socket related operations require the user to have privileged access. ‘Docker’ group membership is sufficient for all container operations, exception is starting the docker daemon itself, which must always run as the root user.”

Step 1:

We need to create a group called Docker and put in the necessary members

Step 2: Verify the permission of the Linux Server

# ls -lZ /var/run/docker.sock
srw-rw----. root root system_u:object_r:container_var_run_t:s0 /var/run/docker.sock
# getenforce
Permissive

Step 3: Change Owner of the Docker

# chown root:docker /var/run/docker.sock

Step 4: Test the change permission issues

[user1@node1 ~]$ docker search openfoam
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
docker.io docker.io/openfoamplus/of_v30plus_rhel66 Offical image of OpenFOAM+ (v3.0+) provide... 8
docker.io docker.io/openfoamplus/of_v1606plus_centos66 Offical image of OpenFOAM+ (v1606+) provid... 6
docker.io docker.io/openfoam/openfoam5-paraview54 Image of OpenFOAM v5 and ParaView 5.4.0 on... 5
docker.io docker.io/openfoam/openfoam6-paraview56 Image of OpenFOAM v6 and ParaView 5.6.0 on... 5
docker.io docker.io/openfoamplus/of_v1612plus_centos66 Offical image of OpenFOAM+ (v1612+) provid... 5
docker.io docker.io/openfoam/openfoam7-paraview56 Image of OpenFOAM v7 and ParaView 5.6.0 on... 4
docker.io docker.io/openfoamplus/of_v1706_centos73 Offical image of OpenFOAM(v1706) provided ... 4
docker.io docker.io/openfoamplus/of_v1712_centos73 Offical docker image of OpenFOAM(v1712) pr... 4
docker.io docker.io/openfoam/openfoam6-paraview54 Image of OpenFOAM v6 and ParaView 5.4.0 on... 3
docker.io docker.io/openfoamplus/of_v1812_centos73 Offical docker image of OpenFOAM(v1806) pr... 3
docker.io docker.io/openfoamplus/of_v1806_centos73 Offical docker image of OpenFOAM(v1806) pr... 2
docker.io docker.io/openfoamplus/of_v1906_centos73 Official docker image of OpenFOAM(v1906 ve... 2
docker.io docker.io/dicehub/openfoam OpenFOAM image for use in DICE (Dynamic In... 1
docker.io docker.io/openfoam/openfoam-dev-graphical-apps OpenFOAM-dev on Ubuntu 16.04 using the ope... 1
docker.io docker.io/openfoam/openfoam-dev-paraview54 OpenFOAM-dev and ParaView 5.4.0 on Ubuntu ... 1
docker.io docker.io/openfoam/openfoam-dev-paraview56 Image of OpenFOAM-dev and ParaView 5.6.0 o... 1
docker.io docker.io/openfoam/openfoam4-paraview50 Image of OpenFOAM v4 and ParaView 5.0.1 on... 1
docker.io docker.io/openfoam/openfoam5-graphical-apps Image of OpenFOAM v5 on Ubuntu 16.04 from ... 1
docker.io docker.io/openfoam/openfoam6-graphical-apps Image of OpenFOAM v6 on Ubuntu 18.04 from ... 1
docker.io docker.io/unifem/openfoam-ccx Docker Image for OpenFOAM and Calculix 1 [OK]
docker.io docker.io/nerdalize/openfoam This image makes it easy to run OpenFOAM o... 0 [OK]
docker.io docker.io/openfoam/openfoam-dev-paraview50 OpenFOAM-dev and ParaView 5.0.1 on Ubuntu ... 0
docker.io docker.io/parallelworks/openfoam OpenFOAM 0
docker.io docker.io/parallelworks/openfoam240_pvpython OpenFOAM240 with Python Paraview 0
docker.io docker.io/parallelworks/openfoam4 OpenFOAM Base Container 0

References:

  1. HOWTO: Secure container/docker environments by managing privileges for admins and users
  2. How to fix docker: Got permission denied while trying to connect to the Docker daemon socket

Installing Docker on CentOS 7

 

Point 1: Install the Dependencies

# yum install yum-utils device-mapper-persistent-data lvm2
  • yum-utils ->Include yum-config-manager
  • device-mapper-persistent-data and lvm2 -> Device Mapper Storage Drivers

Point 2: Add Docker Repository to CentOS

# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

Point 3: Install Docker on CentOS

# yum install docker

Point 4: Manage Docker Service (Start, Enable and Check Status)

# systemctl start docker
# systemctl enable docker
# systemctl status docker 0

Point 5: Installing specific version of docker

# yum list docker-ce --showduplicates
docker-ce.x86_64 17.03.0.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.03.1.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.03.2.ce-1.el7.centos docker-ce-stable
.....
.....
.....
.....
.....
docker-ce.x86_64 18.06.0.ce-3.el7 docker-ce-stable
docker-ce.x86_64 18.06.1.ce-3.el7 docker-ce-stable
docker-ce.x86_64 18.06.2.ce-3.el7 docker-ce-stable
docker-ce.x86_64 18.06.3.ce-3.el7 docker-ce-stable

Point 5b:

# yum install docker-ce-18.06.3.ce

References:

  1. How to Install Docker on CentOS 7

Compile StringTie on CentOS 7.6

StringTie is a fast and highly efficient assembler of RNA-Seq alignments into potential transcripts.

System Information:

  • CentOS 7.6
  • GNU-4.8.5

The installation instruction can be found in the site

$ git clone https://github.com/gpertea/stringtie
$ cd stringtie
$ make release

Conduct Tests

$ ./run_tests.sh
..Downloading test data..
..unpacking test data..
Test 1: Short reads
OK.
Test 2: Short reads and super-reads
OK.
Test 3: Long reads
OK.
Test 4: Long reads with annotation guides
OK.

Compiling BoltzTraP-1.2.5 with GNU

BoltzmannTransportProperties (BoltzTraP) can be obtained from http://www.icams.de/boltztrap

Point 1: Got to boltztrap src directory

$ cd $HOME/boltztrap-1.2.5/src

Point 2: Edit the Makefile

# gfortran
SHELL = /bin/sh
FC = gfortran
LIBS = -llapack -lblas

# generic
LINKER  =       $(FC)
LFLAGS  = -g #-pg
FGEN =
DESTDIR = .

EXECNAME = BoltzTraP

###############################################################################
FFLAGS = $(FGEN) $(FOPT)
EXEC = $(DESTDIR)/$(EXECNAME)

#..............................................................................
#
#  Object files common to both REAL and COMPLEX type subroutines
#
OBJS = gmlib2.o reallocate.o \
     m_bandstructure.o m_input.o m_fermimod.o \
     m_interfaces.o \
     latgen2.o generic_field.o gtfnam.o gen_lattpoints.o \
     BoltzTraP.o crystal_band.o wien_band.o phon_band.o generic_band.o pw_interface.o \
     add_inv.o bandana.o stern1.o kdelta.o fite4.o sortag.o gplbands.o \
     dos.o ifflim.o setfft.o c3fft.o boseintegrals.o fermiintegrals.o bands.o kcomp.o \
     bz.o fermisurface.o setfft2.o write_dx_fs.o write_dx_bz.o write_cube_fs.o \
     dos_histogram.o dos_tetra.o noculc.o dosvv.o readvv.o \
     phonondrag.o
#OBJS = \
#        reallocate.o defs.o modules.o broad.o add_inv.o \
#        c3fft.o gtfnam.o ifflim.o mknam.o read_energy.o \
#        transport.o stern.o kdelta.o gen_lattpoints.o fite4.o setfft.o \
#        starfkt2.o dos.o

$(EXEC): $(OBJS)
        $(LINKER) $(LFLAGS) -o $(EXEC) $(OBJS) $(LDFLAGS) $(LIBS) $(LFLAGS)


clean:
        rm -f *.o *.mod *.pc *.pcl *~

.SUFFIXES: .F90 .o
.F90.o:
        $(FC) $(FFLAGS) -c $<

3. Make Install

$ make

You should see a BoltzTraP executable in the src directory

Unable to use “-v” variable in PBS Professional 19.2.5

I was not able to use the “-v file=test.m” in the latest version of PBS Professional 19.2.5

I was using the following commands and the qsub command did not work. It used to work in earlier version of PBS Professional

$ qsub gpu.pbs -v file=test.m
usage: qsub [-a date_time] [-A account_string] [-c interval]
[-C directive_prefix] [-e path] [-f ] [-h ] [-I [-X]] [-j oe|eo] [-J X-Y[:Z]]
[-k keep] [-l resource_list] [-m mail_options] [-M user_list]
[-N jobname] [-o path] [-p priority] [-P project] [-q queue] [-r y|n]
[-R o|e|oe] [-S path] [-u user_list] [-W otherattributes=value...]
[-S path] [-u user_list] [-W otherattributes=value...]
[-v variable_list] [-V ] [-z] [script | -- command [arg1 ...]]
qsub --version

The solution is that by design the job script has to be the last argument. Please change the commands accordingly.

$ qsub -v file=test.m gpu.pbs

Intel® Math Kernel Library Link Line Advisor

The Intel® Math Kernel Library (Intel® MKL) is designed to run on multiple processors and operating systems. It is also compatible with several compilers and third party libraries, and provides different interfaces to the functionality. To support these different environments, tools, and interfaces Intel MKL provides mutliple libraries from which to choose.

 

For more information to generate the libraries  Intel® Math Kernel Library Link Line Advisor

 

Configure PBS not to accept jobs that will run into Scheduled Down-Time

Step 1: Go to /pbs/pbs_home/sched_priv and edit the file dedicated_time

# vim /pbs/pbs_home/sched_priv/dedicated_time

Edit the Start and End Date Time in the given format

# FORMAT: FROM TO
# ---- --
# MM/DD/YYYY HH:MM MM/DD/YYYY HH:MM
For example

01/08/2020 08:00 01/08/2020 20:00

Step 2: Reload the pbs configuration by sending a SIGHUP

# ps -eaf | grep -i pbs_sched
# kill -HUP 438652

Step 3: Submit a job that cross over the scheduled date and time, you should see

$ qstat -asn1
55445.hpc-mn1 user1 q32 MPI2 -- 3 96 -- 120:0 Q -- --Not Running: Job would cross dedicated time boundary
55454.hpc-mn1 user2 q32 MPI -- 1 4 -- 120:0 Q -- --Not Running: Job would cross dedicated time boundary
55455.hpc-mn1 user1 q32 MPI -- 1 4 -- 120:0 Q -- --Not Running: Job would cross dedicated time boundary
.....
.....