Patching Fat Containers for Production Workflows¶
Introduction¶
ATLAS production workflows use containerized software releases to run in standalone mode — without access to CVMFS or external network connectivity — on GRID sites and HPCs. These software images are "fat," meaning they include collection of data files and the conditions database package (DBRelease). Images can be patched as needed, such as by adding additional data files.
Procedure¶
The Podman configuration for adding data files to existing images is available in the GitLab infrastructure repository. It contains a Dockerfile, documentation in a README.md file, and the Bash script image_addGroupData.sh, which automates the patching process (instructions are included in the script's header).
Tip
Always review and update the script before use.
Note
Containers include the /release_setup.sh file to configure the runtime environment. Ensure that this file is up to date in each container. The latest version is available in the GitLab infrastructure repository docker/athena area.
Warning
The /release_setup.sh script is designed to work with a single installed GCC version. Patching may result in additional GCC versions being installed. In such cases, either update /release_setup.sh to explicitly set the desired GCC version, or ensure that only one GCC version remains installed. (additional details can be found in ATLINFR-5775)
Following the latest patching request ATLINFR-5710 the following releases were patched in March 2025 and pushed into the CERN's Harbor Registry atlas project:
| Original Image | Project | Update Description | Patched Image | Image Architecture(s) |
|---|---|---|---|---|
| 24.0.42.sw23-0 | AthSimulation | LArG4ShowerLibData/MC23_v2 data | 24.0.42.sw23-1 | x86_64, aarch64 |
| 23.0.31.sw22-0 | AthSimulation | LArG4ShowerLibData/MC23_v2 data | 23.0.31.sw22-1 | x86_64, aarch64 |
| 23.0.19.sw20-0 | AthSimulation | LArG4ShowerLibData/MC23_v2 data | 23.0.19.sw20-1 | x86_64 |
| 21.0.129.sw17-0 | Athena | LArG4ShowerLibData/MC16_v1 data | 21.0.129.sw17-1 | x86_64 |
On-demand Jenkins job¶
The Jenkins job for patching fat release containers is available on the ATLAS Nightlies Jenkins server. This on-demand job follows the procedure described in the previous section. It builds patched container images by adding new GroupData files (while preserving existing ones), and/or updating the DBRelease version (removing the previous one).
Before each run, update the job parameters and configuration as follows:
-
Executor label: Specify the build node name (see instructions in the configuration)
-
Project: Select either Athena or AthSimulation
-
Platform: Use the standard ATLAS format, e.g., x86_64-el9-gcc13-opt The job supports containers built on CentOS7 and EL9 platforms, for aarch64 and x86_64 architectures
-
Stable release: The release name used to build the original container, e.g., 23.0.42
-
SW tag of the original container: The workflow tag of the original container, e.g., sw20
-
SW tag of the patched container: The workflow tag of the new patched container
-
Version of the original container: Typically a single digit
-
Version of the patched container: Typically a single digit
-
DBRelease: The release to include in the patch, e.g., 300.0.9. Leave empty if no DBRelease update is required
-
Data file list: Files to add to the patch (defined in the top section of the job shell script. Edit it as needed). Leave empty to skip file additions
The job includes simple sanity checks. If successful, the patched release images is pushed into the CERN's Harbor Registry atlas project
Further Information¶
- For an overview of ATLAS software containerization, including its motivation, integration, and testing within distributed computing systems, refer to the CHEP-2021 paper "Containerization in ATLAS Software Development and Data Production"
- Overview of containers in the ATLAS Nightly System