Reference card
udocker is user oriented tool to enable pulling and execution of docker containers were docker is unavailable or cannot be used safely.
1. Configuration
The configuration of udocker has the following hierarchy:
- The default configuration options are set in the
conf
dictionary in theConfig
class. - If a configuration file is present, it will override 1.
- If environment variables are set they will override 2.
- The presence of general udocker command line options, will override 3. .
2. Configuration files
The configuration files allow overriding of the udocker Config
class
conf
dictionary. Example of the udocker.conf
syntax:
[DEFAULT]
dockerio_registry_url = https://myregistry.mydomain:5000
http_insecure = True
verbose_level = 5
udocker loads the following configuration files if they are present:
/etc/udocker.conf
$HOME/.udocker/udocker.conf
: overrides the options set in 1.$UDOCKER_DIR/udocker.conf
(if different from the above): overrides the options set in 2.- Configuration file set with the general CLI option
--config=
: overrides the options set in 3.
3. Environment variables
UDOCKER_DIR
: root directory of udocker usually $HOME/.udockerUDOCKER_BIN
: location of udocker related executablesUDOCKER_LIB
: location of udocker related librariesUDOCKER_DOC
: location of documentation and licensesUDOCKER_CONTAINERS
: location of container directory trees (not images)UDOCKER_TMP
: location of temporary directoryUDOCKER_KEYSTORE
: location of keystore for repository login/logoutUDOCKER_TARBALL
: location of installation tarball (file of URL)UDOCKER_LOGLEVEL
: logging levelUDOCKER_REGISTRY
: override default registry default is Docker Hub.UDOCKER_INDEX
: override default index default is Docker Hub.UDOCKER_DEFAULT_EXECUTION_MODE
: change default execution modeUDOCKER_USE_CURL_EXECUTABLE
: pathname for curl executableUDOCKER_USE_PROOT_EXECUTABLE
: change pathname for proot executableUDOCKER_USE_RUNC_EXECUTABLE
: change pathname for runc executableUDOCKER_USE_SINGULARITY_EXECUTABLE
: change pathname for singularity executableUDOCKER_FAKECHROOT_SO
: change pathname for fakechroot sharable libraryUDOCKER_FAKECHROOT_EXPAND_SYMLINKS
: translate symbolic links in Fn modesUDOCKER_NOSYSCONF
: prevent loading of udocker system wide configuration
4. Verbosity
The verbosity level of udocker can be enforced. Removing banners and most
messages can be achieved by executing with UDOCKER_LOGLEVEL=2
:
UDOCKER_LOGLEVEL
: set verbosity level from 0 to 5 (MIN to MAX verbosity)
Optionally invoke udocker with --quiet
or -q
to decrease verbosity.
udocker --quiet run <container>
5. Security
udocker does not require any type of privileges nor the deployment of services by system administrators. It can be downloaded and executed entirely by the end user. udocker runs under the identity of the user invoking it.
Most udocker execution modes do not provide process isolation features such as docker. Due to the lack of isolation udocker must not be run by privileged users.
6. Troubleshooting
Invoke udocker with -D
for debugging.
udocker -D run <container>
7. Documentation
For Python 3: