Skip to main content
sind
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. sind
  2. /
  3. Container Images
  4. /
  5. Building Images

Building Images

Default image

sind provides a default multi-role image that works for all node types:

ghcr.io/gsi-hpc/sind-node:latest
ghcr.io/gsi-hpc/sind-node:<slurm-version>

This is the default image when defaults.image is not specified.

The default image:

  • Is based on Rocky Linux 10
  • Builds Slurm from source
  • Contains all daemons (slurmctld, slurmd, munge, sshd)
  • Uses systemd as init (PID 1)

sind enables the appropriate Slurm services based on node role at container start.

Building locally

Pre-built images are published to GHCR, so building locally is only needed when modifying the Dockerfile or developing sind itself. The Dockerfile and docker-bake.hcl are in the repository root:

make image

Custom image requirements

Custom images must provide the following:

All roles

  • systemd as init (PID 1)
  • sshd service (enabled) — sind injects authorized_keys at runtime
  • munge service (enabled)
  • Slurm client tools (srun, sbatch, squeue, etc.)

Per-role requirements

Role Additional requirements
controller slurmctld installed, not enabled
worker slurmd installed, not enabled
submitter Slurm client tools only

sind enables Slurm services at container start based on the node’s role. Services must be installed but not enabled in the image.

Container settings

The image should use SIGRTMIN+3 as the stop signal (systemd’s graceful shutdown signal) and declare the shared volumes:

VOLUME ["/etc/slurm", "/etc/munge", "/data"]
STOPSIGNAL SIGRTMIN+3
CMD ["/sbin/init"]

Munge setup

Munge directories must exist with correct ownership and permissions:

RUN mkdir -p /etc/munge /var/lib/munge /var/log/munge /run/munge && \
    chown -R munge:munge /etc/munge /var/lib/munge /var/log/munge /run/munge && \
    chmod 700 /etc/munge /var/lib/munge /var/log/munge /run/munge

SSH setup

SSH host keys should be pre-generated and root login configured:

RUN ssh-keygen -A && \
    sed -i 's/#PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config && \
    sed -i 's/#PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config && \
    mkdir -p /root/.ssh && chmod 700 /root/.ssh

Masked systemd units

For a clean container environment, mask unnecessary systemd units:

RUN systemctl mask \
    dev-hugepages.mount \
    sys-fs-fuse-connections.mount \
    systemd-logind.service \
    getty.target \
    console-getty.service
gdoc_arrow_left_alt Container Images Contributing gdoc_arrow_right_alt