Run CVMFS in a seperate container #617
Description
Currently, we need to run the Galaxy Docker image with --privilege to get CVMFS integration.
If we could reuse a the upstream CVMFS container and bind mount a deployment of this into the Galaxy Docker image we don't need priv mode.
docker pull registry.cern.ch/cvmfs/service:latest
docker run --rm -d \
-e CVMFS_CLIENT_PROFILE=single \
-e CVMFS_REPOSITORIES=sft.cern.ch \
--cap-add SYS_ADMIN \
--device /dev/fuse \
--volume /cvmfs:/cvmfs:shared \
--name cvmfs-service registry.cern.ch/cvmfs/service:latest
docker run -v /cvmfs:/cvmfs ... quay.io/bgruening/galaxy
Such a setting would also be useful for other use-cases I think.
Thanks to @natefoo for the idea!