Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

You can use public images without being authenticated (shifterimg login) in the following cases:

Image sourcePublic imageLogin required
DockerhubYesNo
DockerhubNoYes, dockerhub
C4science registryYes

No

C4science registryNoYes, c4science registry

When using authentication, it's relative to the source you want to use (dockerhub and c4science registry supported) and the authentication is saved per cluster.

You need to ask for an account on the c4science registry

Running a Docker image with Shifter - Step by step

...

  1. Get a docker image from dockerhub for instance

    Code Block
    themeMidnight
    $ docker pull alpine:latest
    $ docker images
    Account on the c4science registry


  2. Request an account
  3. Change your password on https://registry.c4science.ch
    Set up your machine
    • Login on the registry from your local Docker installation (you need an account, see 

      Code Block
      themeMidnight
      $ docker login registry.c4science.ch
      Username (username): username
      Password: 
      Login Succeeded


  4. Upload a Docker image to the registry

    • On the web interface, create a Project on the registry (private or public)
    • Tag the image you want to upload on your local machine and push it to the registry
      NOTE: Do not use the `-` character in the tag name, only letters, numbers and underscore

      Code Block
      themeMidnight
      $ docker tag alpine:latest registry.c4science.ch/yourproject/alpine:latest
      $ docker push registry.c4science.ch/yourproject/alpine:latest


  5. Pull an image on Shifter and specify a user or group ACL

    • From each cluster frontend (i.e.: fidis.epfl.ch), login to the registry, pull the image and check it's was pulled with success.

      Code Block
      themeMidnight
      $ shifterimg login
        default username: <username>
        default password:
      $ shifterimg pull yourproject/alpine:latest
      $ shifterimg images
      tcm        docker     READY    9797e5e798   2018-03-15T16:00:59 yourproject/alpine:latest


    • You can specify one or multiple (separated by a comma) LDAP username and/or group so the image is only available to those people

      Code Block
      themeMidnight
      $ id
      $ shifterimg --group scitas-ge --user aubort,user2 pull yourproject/alpin


    • To update the user/group ACL you can re-run the pull command
    • The images are unique for each cluster (deneb, fidis, helvetios, izar)
    • To view the full info about the images (warning: JSON):

      Code Block
      themeMidnight
      collapsetrue
      $ shifterimg -v images
      Message: {
        "list": [
          {
            "ENTRY": null, 
            "ENV": [
              "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
            ], 
            "WORKDIR": "MISSING", 
            "groupACL": [], 
            "id": "9797e5e798a034d53525968de25bd25c913e7bb17c6d068ebc778cb33e3ff6e5", 
            "itype": "docker", 
            "last_pull": 1536842228.15727, 
            "status": "READY", 
            "status_message": "", 
            "system": "fdata2-int.fidis", 
            "tag": [
              "scitas/alpine:latest"
            ], 
            "userACL": []
          },
      [...]


  6. Run the image

...

FEEDBACK is welcome as this feature is experimental.

Account on the c4science registry

Content by Label
showLabelsfalse
max5
spacescom.atlassian.confluence.content.render.xhtml.model.resource.identifiers.SpaceResourceIdentifier@10918
showSpacefalse
sortmodified
reversetrue
typepage
cqllabel in ("slurm","docker","shifter") and type = "page" and space = "DOC"
labelsslurm shifter docker

...