Ephemeral Writable Container


This feature is still considered experimental.

The CernVM-FS ephemeral writable container can provide a short-lived shell with writable access to a regular, read-only CernVM-FS repository. A writable CernVM-FS mountpoint is normally a functionality that only publisher nodes provide. With the ephemeral writable container, this capability becomes available to every regular client.

The ephemeral writable container requires the cvmfs-server package to be installed. Provided that the target repository is already mounted, a writable shell is opened with

cvmfs_server enter <repository name> [-- <command>]

Changes to the writable mountpoint are only stored locally. The changes are discarded when the shell is closed. In a future release it will be possible to publish changes directly to a gateway.

Repository changes in the writable shell can be shown with

cvmfs_server diff --worktree

Before closing the shell, changes can be manually copied to a publisher node for publication. This helps with building and deploying non-relocatable packages to CernVM-FS.

The ephemeral writable container uses Linux user namespaces and fuse-overlayfs in order to construct the writable repository mountpoint. Therefore, it requires a recent enough kernel. The vanilla kernel >= 4.18 and the EL 8 kernel are known to work.

The container creates a session directory in $HOME/.cvmfs to store temporary files and changes to the repository. By default, the session directory is removed when exiting the shell. It can be preserved with the --keep-session parameter. If only the logs should be preserved, use the --keep-logs parameter instead.

If necessary, the container can be opened as fake root user using the root option.

Note that by default a dedicated CernVM-FS cache directory is created for the lifetime of the ephemeral container. It can be desirable to use a shared cache directory across several invocations of the cvmfs_server enter command. To do so, use the --cvmfs-config <config file> parameter and set CVMFS_CACHE_BASE=/common/path in the passed configuration file.