Volumes for tasks in SONM
TL;DR. SONM 0.3.3 introduces Samba/CIFS volumes to be used in tasks. Volume options are set up in task.yaml.
The Christmas MVP RC1 release could run random docker containers using resources acquired in the SONM marketplace. Docker allows SONM to run any Linux-based software, thus implementing a crucial building block for the first decentralized fog IaaS.
For security reasons Docker containers are run in SONM in non-privileged mode to enable basic security. The non-privileged mode applies many security restrictions so that each task has far fewer features than an ordinary Linux virtual machine.
One of these restricted features is the ability to mount external filesystems inside Docker containers. We could just enable this ability for SONM tasks, but it’s obviously not a Docker-way.
Docker is known to provide a useful toolset to build huge applications with a set of well-known components. Docker impressively separates the code to be run in a service, network and filesystem connectivity. For example, you could be on the same web server Docker image with static pages allocated on the local or network storage.
These options are controlled by Docker volumes. The user just defines which filesystems should be mounted inside Docker container, and the mountpoints. One application could be to define Docker volume for local /backup folders mounted to /backup inside containers. The container software will read and write files outside the container.
This is great in general, but SONM consumers don’t have access to the SONM Worker filesystem. Using local Docker volumes makes no sense and produces security issues: imagine if someone could mount root filesystem inside arbitrary Docker container. That’s why all Docker volumes are disabled by SONM, and only a few of them will be enabled in the future. The first one, implemented in the MVP 0.3.3 release is Samba/CIFS.
Samba/CIFS is a set of protocols that allows network sharing of files. It was primarily implemented by Microsoft in their Windows products but was adopted to Linux with open source implementations. This allows users to share folders in Windows, and these folders can be accessed by SONM task. Linux and Mac OS X also has implementations of Samba/CIFS servers.
Enable Samba/CIFS volumes on SONM Worker
Ensure CIFS libraries are installed on worker
Ensure CIFS plugin is enabled in worker.yaml (/etc/sonm/worker-default.yaml)
Share files with Samba/CIFS (outside SONM)
Run Samba/CIFS server in docker container:
Adjust task.yaml to use Samba/CIFS volume in SONM task
Setup task.container.volumes configuration:
Buy resources & run SONM task
Don’t forget approve tokens. All prices are in SNM now, not in 10–18 SNM
Create BID order
Check if order is executed
Check if deal is approved
Check if SONM task used volume
Get task status
Hope you’ll like this feature,we’ll be implementing demo use cases shortly.