help-guix
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Introducing Guix to HPC at my institution


From: Sébastien Lerique
Subject: Introducing Guix to HPC at my institution
Date: Mon, 29 Mar 2021 09:45:13 +0900

Dear all,

(I am reposting a question I asked on the guix-science list -- with a broader audience here I hope someone has an answer :) )

I am interested in introducing Guix to the HPC cluster at my institution, and it turns out they have user namespaces activated \o/. So I'm looking into getting things running as an unpriviliged user, to show other people how useful Guix can be (before approaching higher levels in the administration). Is it possible to install guix without being root?

I tried a few things, based on the following notes:

https://hpc.guix.info/blog/2017/09/reproducibility-and-root-privileges/
https://hpc.guix.info/blog/2017/10/using-guix-without-being-root/
http://issues.guix.gnu.org/34494

I am now following Guix's binary installation inside a user namespace. After decompressing the binary distribution of guix inside `~/local-guix`, my naïve next step was `unshare -mrf chroot ~/local-guix gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0.16/bin/bash`. Then after setting $GUIX_PROFILE and sourcing `/root/.config/guix/current`, running `guix` warns with:

GC Warning: pthread_getattr_np or pthread_attr_getstack failed for main thread
GC Warning: Couldn't read /proc/stat

So my very limited knowledge of linux namespaces is hindering my next steps :). A few questions:

1. Should I do anything about the first warning? About the second warning: should I be binding `/proc` somehow?

2. Is it possible to create build users inside the user-namespaced chroot?

3. Last but not least: if I can create build users inside the chroot (question 2.), I suppose I can then run guix-daemon properly. How would I go about sharing this setup with other users on the cluster? Ideally I would like to have a non-priviliged build daemon that other users can call on. (Is there such a thing as kernel group namespaces?)

Is this the right way to go for running guix without being root, or is there a better way?

Thanks for any guidance you might provide!
Best,
Sébastien



reply via email to

[Prev in Thread] Current Thread [Next in Thread]