SDCC support container usage on various SDCC computing nodes. A docker registry was setup for users to store and use docker images . SDCC users should be able to pull/push images there from SDCC networks and BNL campus network.
A pull through cache registry is also available for users to access public dockerhub images from SDCC computer nodes.
Pull through cache registry for docker hub: (public image only)
The pull through cache registry hostname is dockerhub.sdcc.bnl.gov
The URL for pull through cache registry is dockerhub.sdcc.bnl.gov/namespace/image.tag
If people normally use
docker pull image:tag
docker pull namespace:tag
singularity pull docker://namespace/image:tag
The images then can be accessed via:
docker pull dockerhub.sdcc.bnl.gov/library/image:tag
docker pull dockerhub.sdcc.bnl.gov/namespace/image:tag
singularity pull docker://dockerhub.sdcc.bnl.gov/library/image:tag
docker default to use "library" as namespace.
examples:
docker pull dockerhub.sdcc.bnl.gov/library/centos7:latest
docker pull dockerhub.sdcc.bnl.gov/tensorflow/tensorflow:latest-gpu-jupyter
singularity pull docker://dockerhub.sdcc.bnl.gov/library/ubuntu:lastest
singularity pull docker://dockerhub.sdcc.bnl.gov/tensorflow/tensorflow:latest
Private registry ( SDCC account needed)
You can use your campus workstation , laptop to push docker images in this private registry.
Most of SDCC servers are not docker enable for users due to security reason.
The images stored in the registry can be accessed from computers on BNL campus network and SDCC network.
The repo management for the registry is at https://registry.sdcc.bnl.gov
You can login with SDCC account from BNL campus and SDCC network.
After login you can create teams , add member to teams, create namespace , set access visibility of namespace.
User can create teams , team owner can add team member of different roles. Team owner can add namespace and set access property(visibility) to be private(need authentication) or public.
By default every user has a private namespace same as your userID.
We strongly recommend creating an application token so when you push/pull images, you only use token instead of SDCC password as docker command save password in clear text by default on your workstation. You can create application token through profile by click the icon or your user name on top right corner. Then in middle section you can click "create" button to create up to 5 application tokens. We suggest have your screen capture tool ready as the new created token only appear 5 seconds and there is no way to retrieve later. However you can always create more and delete if you missed.
The URL for the repo image: registry.scc.bnl.gov/namespace/image:tag
To push an image to the repo you need first use "docker login registry.sdcc.bnl.gov". We suggest use application token instead of SDCC password or configure credential helper.
example:
$ docker login -u zhihua registry.sdcc.bnl.gov
Password:
WARNING! Your password will be stored unencrypted in /home/zdong/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
$ docker tag 42b97d3c2ae9 registry.sdcc.bnl.gov/zhihua/bzbox:latest
$ docker push registry.sdcc.bnl.gov/zhihua/bzbox:latest
The push refers to repository [registry.sdcc.bnl.gov/zhihua/bzbox]
0fd05bf2930d: Pushed
latest: digest: sha256:b862520da7361ea093806d292ce355188ae83f21e8e3b2a3ce4dbdba0a230f83 size: 527
To use your stored image on SDCC or campus computer:
#if the namespace is private need docker login
docker login registry.sdcc.bnl.gov
docker pull registry.sdcc.bnl.gov/namespace/image.tag
singularity pull --docker-login docker://registry.sdcc.bnl.gov/namespace/image:tag
#optionally singularity can set Environment Variable to avoid be prompted for password
export SINGULARITY_DOCKER_USERNAME=YourUserID
export SINGULARITY_DOCKER_PASSWORD=YourTokenOrPasswd
singularity run docker://registry.sdcc.bnl.gov/namespace/image:tag
Example singularity use on Institutional cluster:
[zdong@icsubmit01 ]$ export SINGULARITY_DOCKER_USERNAME=zhihua
[zdong@icsubmit01 ]$ export SINGULARITY_DOCKER_PASSWORD=`cat ~/p/k1.txt`
[zdong@icsubmit01 ]$ srun -N1 -n1 -t 5:00 -p debug --gres=gpu:2 --pty singularity run --nv docker://registry.sdcc.bnl.gov/zhihua/my-tf1
INFO: Using cached SIF image
________ _______________
___ __/__________________________________ ____/__ /________ __
__ / _ _ \_ __ \_ ___/ __ \_ ___/_ /_ __ /_ __ \_ | /| / /
_ / / __/ / / /(__ )/ /_/ / / _ __/ _ / / /_/ /_ |/ |/ /
/_/ \___//_/ /_//____/ \____//_/ /_/ /_/ \____/____/|__/
You are running this container as user with ID 6996 and group 6996,
which should map to the ID and group for your user on the Docker host. Great!
tf-docker ~> nvidia-smi
Wed Sep 8 16:19:29 2021
+-----------------------------------------------------------------------------+
| NVIDIA-SMI 455.32.00 Driver Version: 455.32.00 CUDA Version: 11.1 |
|-------------------------------+----------------------+----------------------+
| GPU Name Persistence-M| Bus-Id Disp.A | Volatile Uncorr. ECC |
| Fan Temp Perf Pwr:Usage/Cap| Memory-Usage | GPU-Util Compute M. |
| | | MIG M. |
|===============================+======================+======================|
| 0 Tesla K80 Off | 00000000:8A:00.0 Off | 0 |
| N/A 24C P8 27W / 149W | 0MiB / 11441MiB | 0% Default |
| | | N/A |
+-------------------------------+----------------------+----------------------+
| 1 Tesla K80 Off | 00000000:8B:00.0 Off | 0 |
| N/A 23C P8 30W / 149W | 0MiB / 11441MiB | 0% Default |
| | | N/A |
+-------------------------------+----------------------+----------------------+
+-----------------------------------------------------------------------------+
| Processes: |
| GPU GI CI PID Type Process name GPU Memory |
| ID ID Usage |
|=============================================================================|
| No running processes found |
+-----------------------------------------------------------------------------+
tf-docker ~>