Hello everyone,
I hope everyone is doing well. So I am trying to use docker to run commercial cfd program like ansys, starccm+, simulia xflow, etc. Because in theory I wanted to run a rolling release or newest release distro for all my dev tools and other opensource tools but still have a enviornment (like centos) that is supported by commercial programs. Now unfortunately they require license server daemon (flexlm for ansys fluent and rlm for xflow) and it can’t be run without systemd and dbus. Now I have gotten it to kind of work in fedora 33 using moby engine, but when I try to copy the container to opensuse or ubuntu and it throws more errors. Now I hear that using systemd isn’t really the docker way, but I am wondering if there is a cleaner way to only allow me to run specific systemd daemons and not all 200 daemons? Because I definitely feel that it only works on Fedora because fedora and centos use the same systemd.
Here is my setting files and my scripts.
My dockerfile (copied from the dockerhub):
FROM centos:centos7.8.2003
ENV container docker
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == \
systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*;\
rm -f /etc/systemd/system/*.wants/*;\
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*;\
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME [ "/sys/fs/cgroup" ]
CMD ["/usr/sbin/init"]
Then I launch into the container and install all pre-requisites and docker commit it.
Then when I want to use my program, I start the container using this script:
#!/bin/bash
xhost +local:root
docker network ls | grep hostonly > /dev/null 2>&1
if [ $? -ne 0 ]; then
echo Create host-only network for docker
docker network create -d bridge --internal hostonly
fi
#user should be a member of video and render to get full access to gpu
# export XAUTH_PROTO=$(xauth list | grep \hostname -s` | grep :0 |tail -1 |cut -d' ' -f3)`)
# export XAUTH_KEY=$(xauth list | grep \hostname -s` | grep :0 |tail -1 |cut -d' ' -f5)`)
#Do xauth list | grep unix:0
#inside docker shell xauth add :0 MIT-MAGIC... digest..
IMAGE=c7-coreplus:ver2
# --volume="/opt:/opt" \
GIDS=( $(id -G) ) #All of my groups
unset GIDS[0] #remove primary group
for g in "${GIDS[@]}"
do
G+=" --group-add=$g"
done
#RM=""
RM=" --rm "
U=""
#U=" --user $(id -u):$(id -g) $G"
VOLS=' --volume=/etc/group:/etc/group:ro '
VOLS+='--volume=/etc/passwd:/etc/passwd:ro '
VOLS+='--volume=/etc/shadow:/etc/shadow:ro '
VOLS+='--volume=/etc/sudoers.d:/etc/sudoers.d:ro '
VOLS+='--volume=/tmp/.X11-unix:/tmp/.X11-unix:rw '
VOLS+="--volume=/home:/home "
VOLS+='--volume=/opt:/opt '
VOLS+='--volume=/run/media/fedora-vm:/mnt '
VOLS+="--device=/dev/dri "
VOLS+="--device=/dev/vga_arbiter "
NVS=( $(ls /dev/nvidia* 2>/dev/null) )
for N in "${NVS[@]}"
do
VOLS+="--device=$N "
done
#SEC=' --security-opt=label=disable --security-opt=seccomp=unconfined '
SEC=''
NET='--network=host '
docker run $RM -it --cap-add=SYS_ADMIN -v /sys/fs/cgroup:/sys/fs/cgroup:ro $U --env="DISPLAY" $VOLS -w="/home/${USER}" --ipc="host" $NET -w="/home/$USER" --hostname="localhost" --name="CentOS7" ${IMAGE} /usr/sbin/init
# EOF
Then connect to shell using docker exec and then I just cd into my host opt directory and launch licensing and then the program and it launches on my host display with host resources and host hardware acceleration.