Dockerfiles for CMSSW
There are different sets of Dockerfiles in this repository:
- standalone images
- cc7-cvmfs-based images
- slc6-cvmfs-based images
- cc7-cms images
- slc6-cms images
- slc5-cms images
The non-standalone images need a network connection, and can be slow, since CMSSW is loaded via the network. The advantage is that they are much smaller (few hundreds of MB) while the standalone images contain the full CMSSW release (>= 15 GB).
The images are based on different sets of CERN Linux distributions:
Change to the directory containing the Dockerfile
s and execute one of the following commands. Makefile
s are available to build the images. For properly tagging the containers and the docker_push
to work you need to docker login
to the container registry of your preference and pass additional parameters to the make docker_push
command. The current default for the standalone images at the moment is:
DOCKER_IMAGE ?= clelange/cmssw
CERN_IMAGE ?= gitlab-registry.cern.ch/clange/cmssw-docker/cmssw_$(BASE_VERSION)
where $(BASE_VERSION)
is extracted automatically from the CMSSW release version, e.g. 5_3_32
for CMSSW_5_3_32
.
Examples are given for different CMSSW_VERSION
and SCRAM_ARCH
:
Production releases:
make CMSSW_VERSION=CMSSW_9_2_1 SCRAM_ARCH=slc6_amd64_gcc530
make docker_push CMSSW_VERSION=CMSSW_9_2_1 SCRAM_ARCH=slc6_amd64_gcc530
Patch releases work in the same way:
make CMSSW_VERSION=CMSSW_7_1_25_patch5 SCRAM_ARCH=slc6_amd64_gcc481
make docker_push CMSSW_VERSION=CMSSW_7_1_25_patch5 SCRAM_ARCH=slc6_amd64_gcc481
Releases for other Linux distribution than SLC6 (here e.g. SLC5):
make CMSSW_VERSION=CMSSW_4_2_8 SCRAM_ARCH=slc5_amd64_gcc434 BASEIMAGE=clelange/slc5-cms:latest
make docker_push CMSSW_VERSION=CMSSW_4_2_8 SCRAM_ARCH=slc5_amd64_gcc434 BASEIMAGE=clelange/slc5-cms:latest
Since these containers load CMSSW via the network, any CMSSW version can be set up.
make
make docker_push
These images do not know about CMSSW, they are only an SLC5/SLC6/CC7 image with some additional packages installed. More information on Linux@CERN see the CERN IT Linux webpage. CVMFS needs to be mounted as volume (see below):
make
make docker_push
All images are available in docker hub as well as in the CERN GitLab container registry. In order to use these images, the run commands below need to be changed replacing clelange
by gitlab-registry.cern.ch/clange/cmssw-docker
. For the standalone images the image name needs to be adjust as well, see example below.
Currently supported for automatic CMSSW setup are bash
and zsh
.
bash
:
docker run --rm -it clelange/cmssw:9_2_1 /bin/bash
zsh
:
docker run --rm -it clelange/cmssw:9_2_1 /bin/zsh
Example for CERN GitLab container registry:
docker run --rm -it gitlab-registry.cern.ch/clange/cmssw-docker/cmssw_9_2_1 /bin/zsh
Setting up CVMFS uses fuse
, which needs special rights from docker:
docker run --rm --cap-add SYS_ADMIN --device /dev/fuse -it clelange/slc6-cmssw-cvmfs /bin/bash
Alternatively, one can also just use --privileged
instead of --cap-add SYS_ADMIN --device /dev/fuse
, see the Docker run reference.
If you get an error similar to:
/bin/sh: error while loading shared libraries: libtinfo.so.5: failed to map segment from shared object: Permission denied
you need to turn off SElinux security policy enforcing:
sudo setenforce 0
This can be changed permanently by editing /etc/selinux/config
, setting SELINUX
to permissive
or disabled
.
On a machine that has /cvmfs
mounted (and available to the docker process):
docker run --rm -it -v /cvmfs:/cvmfs clelange/slc6-cms /bin/zsh
On CERN OpenStack (see OpenStack CVMFS documentation):
docker run --rm -it --volume-driver cvmfs -v cms.cern.ch:/cvmfs/cms.cern.ch clelange/cms-slc6 /bin/zsh
and for the CMS OpenData extend this to:
docker run --rm -it --volume-driver cvmfs -v cms.cern.ch:/cvmfs/cms.cern.ch -v cms-opendata-conddb.cern.ch:/cvmfs/cms-opendata-conddb.cern.ch clelange/cms-slc6 /bin/zsh
If you would like to be able to get a voms/grid proxy, mount your .globus
directory by adding -v ~/.globus:/home/cmsusr/.globus
to your docker run
command.
To test if everything is working, start a container, set up the desired CMSSW release (in case of non-standalone images), download the GenXSecAnalyzer, and run it on a file:
cmsrel CMSSW_5_3_32
cd CMSSW_5_3_32/src
cmsenv
curl -O https://raw.githubusercontent.com/syuvivida/generator/master/cross_section/runJob/ana.py
cmsRun ana.py inputFiles="root://eospublic.cern.ch//eos/opendata/cms/MonteCarlo2011/Summer11LegDR/SMHiggsToZZTo4L_M-125_7TeV-powheg15-JHUgenV3-pythia6/AODSIM/PU_S13_START53_LV6-v1/20000/F8DC5130-4E92-E411-BDCA-E0CB4E29C4BB.root" maxEvents=-1
# With a grid proxy mounted:
cmsRun ana.py inputFiles="/store/mc/RunIIFall17MiniAOD/BulkGravToWW_narrow_M-2000_13TeV-madgraph/MINIAODSIM/94X_mc2017_realistic_v10-v1/70000/DC096708-7BEB-E711-9D6F-C45444922AFC.root " maxEvents=-1