Message boards : Theory Application : Feedback on the Theory docker app
Message board moderation
| Author | Message |
|---|---|
 LaurenceSend message Joined: 20 Jun 14 Posts: 431 Credit: 253,259 RAC: 247   |
The Theory Docker app appears to be working well on Windows and Linux, and we are considering moving it from beta to production on Monday. Feel free to post any comments on the beta version and the Docker approach in general here. |
|
Send message Joined: 27 Sep 08 Posts: 910 Credit: 777,363,945 RAC: 179,515   |
Yes seems good. Not sure if Alice connection is needed? https://lhcathome.cern.ch/lhcathome/result.php?resultid=432028757 Not sure if this is even supposed to work but, the container is not pauseable it seems. https://lhcathome.cern.ch/lhcathome/result.php?resultid=432080786 |
|
Send message Joined: 3 Nov 12 Posts: 95 Credit: 188,733,475 RAC: 97,816 
|
Something goes wrong with my Podman https://lhcathome.cern.ch/lhcathome/result.php?resultid=432103857 Mess always begins with : chmod: changing permissions of '/cvmfs': Operation not permitted mkdir: cannot create directory '/cvmfs/cvmfs-config.cern.ch': Permission denied So no cvmfs within containers. Atlas_native runs fine. Is it possible to go with cvmfs of host? |
|
Laurence Send message Joined: 20 Jun 14 Posts: 431 Credit: 253,259 RAC: 247 |
In reply to Saturn911's message of 31 Jan 2026: Something goes wrong with my Podman If you are running CVMFS on the host, check that you have the required repositories for Theory enabled. The default.local file should include: CVMFS_REPOSITORIES="grid,sft,alice" |
|
Send message Joined: 3 Nov 12 Posts: 95 Credit: 188,733,475 RAC: 97,816
|
In reply to Laurence's message of 31 Jan 2026:
Thank you Laurence! Think CVMFS on the host is ok: $ cvmfs_config probe Probing /cvmfs/atlas.cern.ch... OK Probing /cvmfs/atlas-condb.cern.ch... OK Probing /cvmfs/grid.cern.ch... OK Probing /cvmfs/cernvm-prod.cern.ch... OK Probing /cvmfs/sft.cern.ch... OK Probing /cvmfs/sft-nightlies.cern.ch... OK Probing /cvmfs/alice.cern.ch... OK Probing /cvmfs/atlas-nightlies.cern.ch... OK Probing /cvmfs/unpacked.cern.ch... OK Edit: to be shure I gave it another try. Same result https://lhcathome.cern.ch/lhcathome/result.php?resultid=432120894 for my understanding chmod: changing permissions of '/cvmfs': Operation not permitted Does that mean something within the container or a manipulation of CVMFS on the host system? |
|
Laurence Send message Joined: 20 Jun 14 Posts: 431 Credit: 253,259 RAC: 247 |
In reply to Saturn911's message of 31 Jan 2026: In reply to Laurence's message of 31 Jan 2026: It looks like it does not recognize that CVMFS has been mounted on the host and tries to mount it in the container. It will need debugging. I will prepare something for you to test. |
|
Laurence Send message Joined: 20 Jun 14 Posts: 431 Credit: 253,259 RAC: 247 |
To replicate a task outside of boinc, you can do the following: Download the files. wget https://lhcathome.cern.ch/lhcathome/download/input wget https://lhcathome.cern.ch/lhcathome/download/Dockerfile_2025_07_03 -O Dockerfile wget https://lhcathome.cern.ch/lhcathome/download/entrypoint_2025_08_06.sh -O entrypoint.sh Build the image podman build -t theory_image . Run the container podman run --replace --name theory_container --cap-add=SYS_ADMIN --device /dev/fuse -v /cvmfs:/cvmfs:shared -v ./:/boinc_slot_dir:shared -w /boinc_slot_dir theory_image If it fails, you can access the container. podman run -it --replace --name theory_container --cap-add=SYS_ADMIN --device /dev/fuse -v /cvmfs:/cvmfs:shared -v ./:/boinc_slot_dir:shared -w /boinc_slot_dir theory_image /bin/bash |
|
Laurence Send message Joined: 20 Jun 14 Posts: 431 Credit: 253,259 RAC: 247 |
In reply to Saturn911's message of 31 Jan 2026:
From the task output: stderr from container: Got a proxy from the local environment Will use it for CVMFS and Frontier Using custom CVMFS. This correspond to the following lines in the code. https://github.com/lfield/lhcathome/blob/main/Theory/entrypoint.sh#L398 https://github.com/lfield/lhcathome/blob/main/Theory/entrypoint.sh#L388 https://github.com/lfield/lhcathome/blob/main/Theory/entrypoint.sh#L747 It tries to mount CVMFS in the container as the if statement fails since it can't find /cvmfs/cvmfs-config.cern.ch/etc. It looks like you are using a local proxy. You might want to stop using the local proxy this to see if it works. |
|
Send message Joined: 3 Nov 12 Posts: 95 Credit: 188,733,475 RAC: 97,816
|
First some words to my system Boinc runs as a service. This means without login shell and without password. CVMFS is mountet by systemd automounter. Now tried your test in my home directory I made a new directory "Dockertest" Download your files with wget Build the image... without problems. But now run the container podman run --replace --name... simply results in bin/sh: line 1: ./entrypoint.sh: Permission denied but then podman run -it --replace --name... starts the container and I can cd to CVMFS and navigate within LHC server |
|
Send message Joined: 3 Nov 12 Posts: 95 Credit: 188,733,475 RAC: 97,816
|
Removed local proxy settings from containers.conf and default.local rebooted same result: https://lhcathome.cern.ch/lhcathome/result.php?resultid=432119583 |
|
Laurence Send message Joined: 20 Jun 14 Posts: 431 Credit: 253,259 RAC: 247 |
In reply to Saturn911's message of 2 Feb 2026:
You just have to make entrypoint.sh executable after downloading it. chmod a+x entrypoint.sh |
|
Laurence Send message Joined: 20 Jun 14 Posts: 431 Credit: 253,259 RAC: 247 |
The test is to see if /cvmfs/cvmfs-config.cern.ch/etc exists.Try running: podman run --replace --name theory_container --cap-add=SYS_ADMIN --device /dev/fuse -v /cvmfs:/cvmfs:shared -v ./:/boinc_slot_dir:shared -w /boinc_slot_dir theory_image ls /cvmfs/cvmfs-config.cern.ch/etc Here is what my cvmfs configuration, /etc/cvmfs/default.local, contains CVMFS_REPOSITORIES="atlas,atlas-condb,grid,cernvm-prod,sft,alice" Maybe you are missing cernvm-prod |
|
Send message Joined: 3 Nov 12 Posts: 95 Credit: 188,733,475 RAC: 97,816
|
A try without linking CVMFS to the container (remove the */cvmfs:/cvmfs:shared -v* part) looks much better to me. How to continue?
Dockertest]$ podman run -it --replace --name theory_container --cap-add=SYS_ADMIN --device /dev/fuse -v ./:/boinc_slot_dir:shared -w /boinc_slot_dir theory_image /bin/bash
[root@4ce229e151d8 boinc_slot_dir]# ls
Dockerfile entrypoint.sh input shared
[root@4ce229e151d8 boinc_slot_dir]# sh entrypoint.sh
Could not find a local HTTP proxy
CVMFS and Frontier will have to use DIRECT connections
This makes the application less efficient
It also puts higher load on the project servers
Setting up a local HTTP proxy is highly recommended
Advice can be found in the project forum
Using custom CVMFS.
Probing CVMFS repositories ...
Probing /cvmfs/alice.cern.ch... OK
Probing /cvmfs/cvmfs-config.cern.ch... OK
Probing /cvmfs/grid.cern.ch... OK
Probing /cvmfs/sft.cern.ch... OK
Excerpt from "cvmfs_config stat":
VERSION HOST PROXY
2.13.3.0 http://s1cern-cvmfs.openhtc.io DIRECT
******************************************************************
IMPORTANT HINT(S)!
******************************************************************
CVMFS server: http://s1cern-cvmfs.openhtc.io
CVMFS proxy: DIRECT
No local HTTP proxy found.
With this setup concurrently running containers can't share
a common CVMFS cache. A local HTTP proxy is therefore
highly recommended.
More info how to configure a local HTTP proxy:
https://lhcathome.cern.ch/lhcathome/forum_thread.php?id=5473
https://lhcathome.cern.ch/lhcathome/forum_thread.php?id=5474
******************************************************************
Environment HTTP proxy: not set
job: htmld=/var/www/lighttpd
job: unpack exitcode=0
job: run exitcode=1
job: diskusage=2832
job: logsize=12 k
job: times=
0m0.004s 0m0.004s
0m9.188s 0m1.284s
job: cpuusage=10
===> [runRivet] Mon Feb 2 15:51:58 UTC 2026 [boinc pp z1j 8000 70 - pythia8 8.245 tune-monash13 100000 748]
Job Finished
Filesystem Used Use% Mounted on
cvmfs2 201K 1% /cvmfs/cvmfs-config.cern.ch
cvmfs2 22M 1% /cvmfs/alice.cern.ch
cvmfs2 17M 1% /cvmfs/grid.cern.ch
cvmfs2 452M 12% /cvmfs/sft.cern.ch
total 490M 4% -
boinc_shutdown called with exit code 0
|
|
Send message Joined: 3 Nov 12 Posts: 95 Credit: 188,733,475 RAC: 97,816
|
Here my listing: CVMFS_REPOSITORIES="atlas,atlas-condb,grid,cernvm-prod,sft,sft-nightlies,alice,atlas-nightlies,unpacked" Think it's ok |
|
Laurence Send message Joined: 20 Jun 14 Posts: 431 Credit: 253,259 RAC: 247 |
In reply to Saturn911's message of 2 Feb 2026: A try without linking CVMFS to the container (remove the */cvmfs:/cvmfs:shared -v* part) looks much better to me. What is the result of this command. podman run --replace --name theory_container --cap-add=SYS_ADMIN --device /dev/fuse -v /cvmfs:/cvmfs:shared -v ./:/boinc_slot_dir:shared -w /boinc_slot_dir theory_image ls /cvmfs/cvmfs-config.cern.ch/etc |
|
Send message Joined: 3 Nov 12 Posts: 95 Credit: 188,733,475 RAC: 97,816
|
In reply to Laurence's message of 2 Feb 2026: The test is to see if /cvmfs/cvmfs-config.cern.ch/etc exists.Try running: result: ls: cannot access '/cvmfs/cvmfs-config.cern.ch/etc': No such file or directory Edit This is because of the message of the failing tasks: program: podman chmod: changing permissions of '/cvmfs': Operation not permitted mkdir: cannot create directory '/cvmfs/cvmfs-config.cern.ch': Permission denied chown: cannot access '/cvmfs/cvmfs-config.cern.ch': No such file or directory Impossible to chmod, so impossible to mkdir! |
|
Send message Joined: 3 Nov 12 Posts: 95 Credit: 188,733,475 RAC: 97,816
|
found some explication: https://blog.mousetech.com/podman-and-chmod-frustrated/ but no solution :-( or is "cvmfs-config.cern.ch" a place i need to mount like E.g. "grid.cern.ch" in CVMFS of the host? |
|
Laurence Send message Joined: 20 Jun 14 Posts: 431 Credit: 253,259 RAC: 247 |
In reply to Saturn911's message of 2 Feb 2026: In reply to Laurence's message of 2 Feb 2026: The task is failing as it is trying to mount CVMFS inside the container when we have already bind mounted it from the host. It is trying to mount it inside as /cvmfs/cvmfs-config.cern.ch/etc does not exist. Please can you check if it is available on you host. ls /cvmfs/cvmfs-config.cern.ch/etc We can also check if other repositories are available in the container. podman run --replace --name theory_container --cap-add=SYS_ADMIN --device /dev/fuse -v /cvmfs:/cvmfs:shared -v ./:/boinc_slot_dir:shared -w /boinc_slot_dir theory_image ls /cvmfs/grid.cern.ch If you want to poke around inside the container, just run bash. podman run --replace --name theory_container --cap-add=SYS_ADMIN --device /dev/fuse -v /cvmfs:/cvmfs:shared -v ./:/boinc_slot_dir:shared -w /boinc_slot_dir theory_image /bin/bash When running a command like this, entrypoint.sh is not executed. |
|
Send message Joined: 3 Nov 12 Posts: 95 Credit: 188,733,475 RAC: 97,816
|
In reply to Saturn911's message of 2 Feb 2026:
You are right; the hole cvmfs-config.cern.ch is missing. This is a new mountpoint never used before. Will add it to automounter to get it from cern-servers. Can do this tomorrow in the evening. |
|
Send message Joined: 2 May 07 Posts: 2285 Credit: 178,823,324 RAC: 773
|
https://lhcathome.cern.ch/lhcathome/workunit.php?wuid=238881616 Have some Task finishing, but atm without squid. |
©2026 CERN