Dockstore-cli: Support Podman (alternatrive Docker) or workaround?

junaruga · September 5, 2022, 6:15pm

My environment is Fedora 36. In the Red Hat (RPM-based) Linux distributions such as Fedora, CentOS stream, and RHEL, the Podman is encouraged rather than Docker. Most of the Podman commands are common with the Docker.

$ dockstore tool launch --local-entry hello.wdl --json hello.inputs.json
20:00:30.838 [main] ERROR io.dockstore.client.cli.ArgumentUtility - Current version : 1.12.0-rc.0
20:00:30.841 [main] ERROR io.dockstore.client.cli.ArgumentUtility - Latest version : 1.12.0
20:00:30.841 [main] ERROR io.dockstore.client.cli.ArgumentUtility - You do not have the most recent stable release of Dockstore.
Please upgrade with the following command:
   dockstore --upgrade
WARNING: Docker is not running. If this tool uses Docker, it will fail.
...

Does the Dockstore CLI work with the Podman without Docker? Or is there a workaround such as below?

$ cd /usr/local/bin
$ sudo ln -s $(which podman) docker

dyuen · September 6, 2022, 2:11pm

Hi,
We have not experimented much with podman, we have experimented with rootless Docker and Singularity ( Docker Alternatives — Dockstore documentation ).

For what it’s worth, the message above is just a warning ( dockstore-cli/AbstractEntryClient.java at 1.12.0 · dockstore/dockstore-cli · GitHub ) and should not stop execution of the tool. Did the tool execution fail in the end?

The Dockstore CLI is integrated with Cromwell for WDL and cwlrunner for CWL. It looks like you’re running with WDL, so it looks there are a couple attempts to run Cromwell with Podman here. cromwell + podman · Issue #6660 · broadinstitute/cromwell · GitHub

Let us know how well it works!

junaruga · September 6, 2022, 4:43pm

@dyuen thanks for your inputs!

Unfortunately the dockstore tool launch failed, and here is the full log when running dockstore tool launch ... on my local with the podman and symbolic linked docker.

dockstore tool launch \
	--local-entry "bio-diversity-genomics-garg.wdl" \
	--json "bio-diversity-genomics-garg.inputs.json"
...
Executing: java -jar /home/jaruga/.dockstore/libraries/cromwell-77.jar run --inputs /tmp/foo6508558916161670147json /home/jaruga/git/GargGroup/BioDivGenomics/bio-diversity-genomics-garg.wdl
...
18:25:53.276 [main] ERROR io.dockstore.common.Utilities - problems running command: java -jar /home/jaruga/.dockstore/libraries/cromwell-77.jar run --inputs /tmp/foo6508558916161670147json /home/jaruga/git/GargGroup/BioDivGenomics/bio-diversity-genomics-garg.wdl
org.apache.commons.exec.ExecuteException: Process exited with an error: 1 (Exit value: 1)
	at org.apache.commons.exec.DefaultExecutor.executeInternal(DefaultExecutor.java:404)
	at org.apache.commons.exec.DefaultExecutor.access$200(DefaultExecutor.java:48)
	at org.apache.commons.exec.DefaultExecutor$1.run(DefaultExecutor.java:200)
	at java.base/java.lang.Thread.run(Thread.java:833)
...

The ticket cromwell + podman · Issue #6660 · broadinstitute/cromwell · GitHub says java -jar cromwell-75.jar server but the dockstore tool launch executes the java -jar cronwell-NN.jar run’.

Perhaps, I might need to adjust the executed podman’s security setting like the rootless docker. Docker Alternatives — Dockstore documentation

junaruga · September 6, 2022, 9:17pm

I was able to run with the podman (and the docker symbolic link) when disabling SE Linux. The cause was not the podman but the enabled SE Linux

So, below is the temporary workaround.

$ sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      33

$ sudo setenforce 0

$ sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      33

The detail of the SE Linux is The `dockstore tool launch` failed with a WDL to run a docker container on Docker on Fedora 36 - #2 by junaruga .