Container Login

Published

August 12, 2024

Abstract

The Virgo cluster uses a configuration extension for OpenSSH to enable users to directly login into a containerized environment. This allows direct access to a variation of different software environment on the cluster.

Overview

Containerized application environments are called Virtual Application Environment (VAE) and provide a pre-build selection of software. Typically users will directly login into a VAE by selecting an appropriate submit node for example vae24.hpc.gsi.de. This section provides information for users to deviate from the pre-configured VAEs and configure login to a custom build container. This is useful for users to pre-configure their own software environment ant automate the login configuration to access it.

Usage

Containerized login is configured by environment variable, for example:

# specify the path to your container image on the Virgo cluster
export APPTAINER_CONTAINER=/absolute/path/container.sif

# login to the cluster and propagate the environment variable
ssh -o SendEnv=APPTAINER_CONTAINER virgo.hpc.gsi.de

Users need to make sure to propagate the APPTAINER_CONTAINER environment variable to the server using the SendEnv configuration option (from the ssh_config manual):

SendEnv

Specifies what variables from the local environ(7) should be sent to the server. […] Variables are specified by name, which may contain wildcard characters. Multiple environment variables may be separated by whitespace or spread across multiple SendEnv directives. The default is not to send any environment variables.

Configuration

For convenience add a configuration similar to the following to your SSH configuration:

cat >> ~/.ssh/config <EOF
Host *.hpc.gsi.de
        SendEnv APPTAINER_CONTAINER
EOF

The APPTAINER_CONTAINER environment variable supports following values other then an absolute path to a container image:

# disables container launch
1APPTAINER_CONTAINER=none

# unset, empty or blank
2APPTAINER_CONTAINER=

# selection menu
3APPTAINER_CONTAINER=menu

1: This forces VAE submit nodes to disable containerized login. Effectively allowing the user bare-metal login on submit nodes like vae*.hpc.gsi.de.
2: Unset, empty of blank will launch the default configuration set on the submit node.
3: Presents the user an interactive selection menu with a list of pre-configured VAEs.

--- title: Container Login date: 2024/08/12 date-modifed: 2024/08/12 abstract: > The Virgo cluster uses a configuration extension for OpenSSH to enable users to directly login into a containerized environment. This allows direct access to a variation of different software environment on the cluster. --- ### Overview Containerized application environments are called [Virtual Application Environment][U8w1m] (VAE) and provide a pre-build selection of software. Typically users will directly login into a VAE by selecting an appropriate [submit node][OhjPZ] for example `vae24.hpc.gsi.de`. This section provides information for users to deviate from the pre-configured VAEs and configure login to a [custom build container][jlj88]. This is useful for users to pre-configure their own software environment ant automate the login configuration to access it. [U8w1m]: ../overview/software.html#vae [OhjPZ]: submit-nodes.html [jlj88]: ../containers/build.html ### Usage Containerized login is configured by environment variable, for example: ```bash # specify the path to your container image on the Virgo cluster export APPTAINER_CONTAINER=/absolute/path/container.sif # login to the cluster and propagate the environment variable ssh -o SendEnv=APPTAINER_CONTAINER virgo.hpc.gsi.de ``` Users need to make sure to **propagate the `APPTAINER_CONTAINER` environment variable to the server** using the `SendEnv` configuration option (from the `ssh_config` manual): > **SendEnv** > > Specifies what variables from the local environ(7) should be sent to the > server. [...] Variables are specified by name, which may contain wildcard > characters. Multiple environment variables may be separated by whitespace > or spread across multiple `SendEnv` directives. The default is not > to send any environment variables. ### Configuration For convenience add a configuration similar to the following to your SSH configuration: ```bash cat >> ~/.ssh/config <EOF Host *.hpc.gsi.de SendEnv APPTAINER_CONTAINER EOF ``` The `APPTAINER_CONTAINER` environment variable supports following values other then an absolute path to a container image: ```bash # disables container launch APPTAINER_CONTAINER=none #<1> # unset, empty or blank APPTAINER_CONTAINER= #<2> # selection menu APPTAINER_CONTAINER=menu #<3> ``` 1. This forces VAE submit nodes to disable containerized login. Effectively allowing the user bare-metal login on submit nodes like `vae*.hpc.gsi.de`. 2. Unset, empty of blank will launch the default configuration set on the submit node. 3. Presents the user an interactive selection menu with a list of pre-configured VAEs.