Provided by: charliecloud-builders_0.27-1_amd64 
NAME
ch-fromhost - Inject files from the host into an image directory, with various magic
SYNOPSIS
$ ch-fromhost [OPTION ...] [FILE_OPTION ...] IMGDIR
DESCRIPTION
NOTE:
This command is experimental. Features may be incomplete and/or buggy. Please report
any issues you find, so we can fix them!
Inject files from the host into the Charliecloud image directory IMGDIR.
The purpose of this command is to inject files into a container image that are necessary
to run the container on a specific host; e.g., GPU libraries that are tied to a specific
kernel version. It is not a general copy-to-image tool; see further discussion on use
cases below. It should be run after ch-convert and before ch-run. After invocation, the
image is no longer portable to other hosts.
Injection is not atomic; if an error occurs partway through injection, the image is left
in an undefined state. Injection is currently implemented using a simple file copy, but
that may change in the future.
By default, file paths that contain the strings /bin or /sbin are assumed to be
executables and placed in /usr/bin within the container. File paths that contain the
strings /lib or .so are assumed to be shared libraries and are placed in the
first-priority directory reported by ldconfig (see --lib-path below). Other files are
placed in the directory specified by --dest.
If any shared libraries are injected, run ldconfig inside the container (using ch-run -w)
after injection.
OPTIONS
To specify which files to inject
-c, --cmd CMD
Inject files listed in the standard output of command CMD.
-f, --file FILE
Inject files listed in the file FILE.
-p, --path PATH
Inject the file at PATH.
--cray-mpi
Cray-enable MPICH/OpenMPI installed inside the image. See important details
below.
--nvidia
Use nvidia-container-cli list (from libnvidia-container) to find executables and
libraries to inject.
These can be repeated, and at least one must be specified.
To specify the destination within the image
-d, --dest DST
Place files specified later in directory IMGDIR/DST, overriding the inferred
destination, if any. If a file’s destination cannot be inferred and --dest has
not been specified, exit with an error. This can be repeated to place files in
varying destinations.
Additional arguments
--lib-path
Print the guest destination path for shared libraries inferred as described
above.
--no-ldconfig
Don’t run ldconfig even if we appear to have injected shared libraries.
-h, --help
Print help and exit.
-v, --verbose
List the injected files.
--version
Print version and exit.
WHEN TO USE CH-FROMHOST
This command does a lot of heuristic magic; while it can copy arbitrary files into an
image, this usage is discouraged and prone to error. Here are some use cases and the
recommended approach:
1. I have some files on my build host that I want to include in the image. Use the COPY
instruction within your Dockerfile. Note that it’s OK to build an image that meets your
specific needs but isn’t generally portable, e.g., only runs on specific
micro-architectures you’re using.
2. I have an already built image and want to install a program I compiled separately into
the image. Consider whether a building a new derived image with a Dockerfile is
appropriate. Another good option is to bind-mount the directory containing your program
at run time. A less good option is to cp(1) the program into your image, because this
permanently alters the image in a non-reproducible way.
3. I have some shared libraries that I need in the image for functionality or performance,
and they aren’t available in a place where I can use COPY. This is the intended use
case of ch-fromhost. You can use --cmd, --file, and/or --path to put together a custom
solution. But, please consider filing an issue so we can package your functionality
with a tidy option like --cray-mpi or --nvidia.
--CRAY-MPI DEPENDENCIES AND QUIRKS
The implementation of --cray-mpi is messy, foul smelling, and brittle. It replaces or
overrides the MPICH or OpenMPI libraries installed in the container. Users should be aware
of the following.
1. Containers must have the following software installed:
a. Corresponding open source MPI implementation. (MPICH and OpenMPI.)
b. PatchELF with our patches. Use the shrink-soname branch. (MPICH only.)
c. libgfortran.so.3, because Cray’s libmpi.so.12 links to it. (MPICH only.)
2. Applications must be dynamically linked to libmpi.so.12 (not e.g. libmpich.so.12).
a. How to configure MPICH to accomplish this is not yet clear to us;
test/Dockerfile.mpich does it, while the Debian packages do not. (MPICH only.)
3. An ABI compatible module for the given MPI implementation must be loaded when
ch-fromhost is invoked.
a. Load the cray-mpich-abi module. (MPICH only.)
b. We recommend loading the module of a version as close to what is installed in the
image as possible. This OpenMPI install needs to be built such that libmpi contains
all needed plugins (as opposed to them being standalone shared libraries). See
OpenMPI’s documentation for how to do this. (OpenMPI only.)
4. Tested only for C programs compiled with GCC, and it probably won’t work otherwise. If
you’d like to use another compiler or another programming language, please get in touch
so we can implement the necessary support.
Please file a bug if we missed anything above or if you know how to make the code better.
NOTES
Symbolic links are dereferenced, i.e., the files pointed to are injected, not the links
themselves.
As a corollary, do not include symlinks to shared libraries. These will be re-created by
ldconfig.
There are two alternate approaches for nVidia GPU libraries:
1. Link libnvidia-containers into ch-run and call the library functions directly.
However, this would mean that Charliecloud would either (a) need to be compiled
differently on machines with and without nVidia GPUs or (b) have
libnvidia-containers available even on machines without nVidia GPUs. Neither of
these is consistent with Charliecloud’s philosophies of simplicity and minimal
dependencies.
2. Use nvidia-container-cli configure to do the injecting. This would require that
containers have a half-started state, where the namespaces are active and everything
is mounted but pivot_root(2) has not been performed. This is not feasible because
Charliecloud has no notion of a half-started container.
Further, while these alternate approaches would simplify or eliminate this script for
nVidia GPUs, they would not solve the problem for other situations.
BUGS
File paths may not contain colons or newlines.
ldconfig tends to print stat errors; these are typically non-fatal and occur when trying
to probe common library paths. See issue #732.
EXAMPLES
Place shared library /usr/lib64/libfoo.so at path /usr/lib/libfoo.so (assuming /usr/lib is
the first directory searched by the dynamic loader in the image), within the image
/var/tmp/baz and executable /bin/bar at path /usr/bin/bar. Then, create appropriate
symlinks to libfoo and update the ld.so cache.
$ cat qux.txt
/bin/bar
/usr/lib64/libfoo.so
$ ch-fromhost --file qux.txt /var/tmp/baz
Same as above:
$ ch-fromhost --cmd 'cat qux.txt' /var/tmp/baz
Same as above:
$ ch-fromhost --path /bin/bar --path /usr/lib64/libfoo.so /var/tmp/baz
Same as above, but place the files into /corge instead (and the shared library will not be
found by ldconfig):
$ ch-fromhost --dest /corge --file qux.txt /var/tmp/baz
Same as above, and also place file /etc/quux at /etc/quux within the container:
$ ch-fromhost --file qux.txt --dest /etc --path /etc/quux /var/tmp/baz
Inject the executables and libraries recommended by nVidia into the image, and then run
ldconfig:
$ ch-fromhost --nvidia /var/tmp/baz
asking ldconfig for shared library destination
/sbin/ldconfig: Can't stat /libx32: No such file or directory
/sbin/ldconfig: Can't stat /usr/libx32: No such file or directory
shared library destination: /usr/lib64//bind9-export
injecting into image: /var/tmp/baz
/usr/bin/nvidia-smi -> /usr/bin (inferred)
/usr/bin/nvidia-debugdump -> /usr/bin (inferred)
/usr/bin/nvidia-persistenced -> /usr/bin (inferred)
/usr/bin/nvidia-cuda-mps-control -> /usr/bin (inferred)
/usr/bin/nvidia-cuda-mps-server -> /usr/bin (inferred)
/usr/lib64/libnvidia-ml.so.460.32.03 -> /usr/lib64//bind9-export (inferred)
/usr/lib64/libnvidia-cfg.so.460.32.03 -> /usr/lib64//bind9-export (inferred)
[...]
/usr/lib64/libGLESv2_nvidia.so.460.32.03 -> /usr/lib64//bind9-export (inferred)
/usr/lib64/libGLESv1_CM_nvidia.so.460.32.03 -> /usr/lib64//bind9-export (inferred)
running ldconfig
Inject the Cray-enabled MPI libraries into the image, and then run ldconfig:
$ ch-fromhost --cray-mpi /var/tmp/baz
asking ldconfig for shared library destination
/sbin/ldconfig: Can't stat /libx32: No such file or directory
/sbin/ldconfig: Can't stat /usr/libx32: No such file or directory
shared library destination: /usr/lib64//bind9-export
found shared library: /usr/lib64/liblustreapi.so.1
found shared library: /opt/cray/xpmem/default/lib64/libxpmem.so.0
[...]
injecting into image: /var/tmp/baz
rm -f /var/tmp/openmpi/usr/lib64//bind9-export/libopen-rte.so.40
rm -f /var/tmp/openmpi/usr/lib64/bind9-export/libopen-rte.so.40
[...]
mkdir -p /var/tmp/openmpi/var/opt/cray/alps/spool
mkdir -p /var/tmp/openmpi/etc/opt/cray/wlm_detect
[...]
/usr/lib64/liblustreapi.so.1 -> /usr/lib64//bind9-export (inferred)
/opt/cray/xpmem/default/lib64/libxpmem.so.0 -> /usr/lib64//bind9-export (inferred)
[...]
/etc/opt/cray/wlm_detect/active_wlm -> /etc/opt/cray/wlm_detect
running ldconfig
ACKNOWLEDGEMENTS
This command was inspired by the similar Shifter feature that allows Shifter containers to
use the Cray Aries network. We particularly appreciate the help provided by Shane Canon
and Doug Jacobsen during our implementation of --cray-mpi.
We appreciate the advice of Ryan Olson at nVidia on implementing --nvidia.
REPORTING BUGS
If Charliecloud was obtained from your Linux distribution, use your distribution’s bug
reporting procedures.
Otherwise, report bugs to: https://github.com/hpc/charliecloud/issues
SEE ALSO
charliecloud(7)
Full documentation at: <https://hpc.github.io/charliecloud>
COPYRIGHT
2014–2022, Triad National Security, LLC and others