On Mon, Aug 21, 2023 at 02:17:48PM +0800, Ian Kent wrote: > > We're doing this all the time. We're using singularity vs docker, which > > likely makes a difference, but instead of binding various paths, we only > > bind the root path in direct map. e.g. bind a root of /nfs where all the > > paths in the direct map start with /nfs and the accesses inside the > > container trigger things from the main OS. > > > > Unfortunately it means you have to mount the entire direct map tree and > > not only specific paths, but that works for our use case. > > Do you mean the entire tree? Yes. e.g. if we have a direct map where all the paths start with /nfs, we simply bind /nfs into the container and it works from inside the container, just like outside. Note that the paths are visible the same inside and out no matter where the mount is triggered. > The autofs trigger mounts for direct mounts get mounted regardless of > this. True, the fs type of autofs is fully mounted in the containers and outside. But the triggering of the nfs (or other) FS type that wakes up automount and causes the actual nfs (or other) mount to happen works just fine. For us, using singularity. > > I have worked with peers that tried mounting several specific paths in > > the map, and they've run into a lot of issues. Both that it mounts like > > you mention, but also they apparently have issues where it can time out > > and be umounted, and then accesses from inside the container after that > > don't trigger it to mount again. > > That's because the expire check cannot check propagated mount expiry. > I have had a lot of trouble with this over a long time. I assumed as much, which is why our group's solution was to simply mount the entire direct map base path instead of trying to target specific paths in said map. In one specific solution where we wanted different mounts based on different job requirements, we had to create different direct maps with different base paths to bind into the container depending on which subset of the map we wanted to see. > I do have kernel changes for it but they too are very likely going to > be controversial when I post them, we will have to see ... > > > Ian > > > > > -- Mike Marion-Unix SysAdmin/Sr. Staff IT Engineer-http://www.qualcomm.com
