{"id":19612140,"url":"https://github.com/fnndsc/pfcon","last_synced_at":"2026-05-02T01:00:35.825Z","repository":{"id":21369160,"uuid":"92544316","full_name":"FNNDSC/pfcon","owner":"FNNDSC","description":"ChRIS data and compute CONtroller","archived":false,"fork":false,"pushed_at":"2026-05-01T06:38:39.000Z","size":894,"stargazers_count":11,"open_issues_count":6,"forks_count":25,"subscribers_count":13,"default_branch":"master","last_synced_at":"2026-05-01T08:25:55.309Z","etag":null,"topics":["docker","flask","flaskrestful","kubernetes","openshift","pipelines","python3"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/FNNDSC.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2017-05-26T19:58:56.000Z","updated_at":"2026-05-01T06:37:15.000Z","dependencies_parsed_at":"2024-03-01T04:25:55.042Z","dependency_job_id":"0bd98411-4275-42f2-b408-51857b1d7989","html_url":"https://github.com/FNNDSC/pfcon","commit_stats":{"total_commits":291,"total_committers":21,"mean_commits":"13.857142857142858","dds":0.6254295532646048,"last_synced_commit":"b91013ac28c82def0251d9abbd88e0f1613ba2fd"},"previous_names":[],"tags_count":72,"template":false,"template_full_name":null,"purl":"pkg:github/FNNDSC/pfcon","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FNNDSC%2Fpfcon","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FNNDSC%2Fpfcon/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FNNDSC%2Fpfcon/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FNNDSC%2Fpfcon/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/FNNDSC","download_url":"https://codeload.github.com/FNNDSC/pfcon/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FNNDSC%2Fpfcon/sbom","scorecard":{"id":48626,"data":{"date":"2025-08-11","repo":{"name":"github.com/FNNDSC/pfcon","commit":"7a73a17d8632915e84270804eb443e87966b0f22"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.8,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 0/16 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/ci.yml:39"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/FNNDSC/pfcon/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/FNNDSC/pfcon/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/FNNDSC/pfcon/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/FNNDSC/pfcon/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/FNNDSC/pfcon/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/FNNDSC/pfcon/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/FNNDSC/pfcon/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/FNNDSC/pfcon/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/FNNDSC/pfcon/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/FNNDSC/pfcon/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/FNNDSC/pfcon/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/FNNDSC/pfcon/ci.yml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1","Warn: containerImage not pinned by hash: Dockerfile:9","Warn: containerImage not pinned by hash: Dockerfile:15","Warn: containerImage not pinned by hash: Dockerfile:26: pin your Docker image by updating docker.io/library/debian:bookworm-slim to docker.io/library/debian:bookworm-slim@sha256:2424c1850714a4d94666ec928e24d86de958646737b1d113f5b2207be44d37d8","Warn: containerImage not pinned by hash: prod.Dockerfile:4: pin your Docker image by updating docker.io/library/debian:bookworm-slim to docker.io/library/debian:bookworm-slim@sha256:2424c1850714a4d94666ec928e24d86de958646737b1d113f5b2207be44d37d8","Info:   0 out of   3 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   9 third-party GitHubAction dependencies pinned","Info:   1 out of   1 pipCommand dependencies pinned","Info:   0 out of   5 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 21 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-14T23:16:26.231Z","repository_id":21369160,"created_at":"2025-08-14T23:16:26.231Z","updated_at":"2025-08-14T23:16:26.231Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32518744,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-30T13:12:12.517Z","status":"online","status_checked_at":"2026-05-01T02:00:05.856Z","response_time":64,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","flask","flaskrestful","kubernetes","openshift","pipelines","python3"],"created_at":"2024-11-11T10:46:09.518Z","updated_at":"2026-05-02T01:00:35.818Z","avatar_url":"https://github.com/FNNDSC.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"##################\npfcon |ChRIS logo|\n##################\n\n.. |ChRIS logo| image:: https://github.com/FNNDSC/ChRIS_ultron_backEnd/blob/master/docs/assets/logo_chris.png\n\n.. image:: https://img.shields.io/docker/v/fnndsc/pfcon?sort=semver\n    :alt: Docker Image Version\n    :target: https://hub.docker.com/r/fnndsc/pfcon\n.. image:: https://img.shields.io/github/license/fnndsc/pfcon\n    :alt: MIT License\n    :target: https://github.com/FNNDSC/pfcon/blob/master/LICENSE\n.. image:: https://github.com/fnndsc/pfcon/workflows/CI/badge.svg\n    :alt: Github Actions\n    :target: https://github.com/fnndsc/pfcon/actions\n.. image:: https://img.shields.io/github/last-commit/fnndsc/pfcon.svg\n    :alt: Last Commit  \n    \n\n.. contents:: Table of Contents\n    :depth: 2\n\n\n********\nOverview\n********\n\nThis repository implements a `Flask`_ application called ``pfcon`` -- a controlling service that provides\na unified web API to run containerized jobs on diverse compute environments/schedulers, e.g. Docker, Podman,\nSwarm, Kubernetes and SLURM.\n\n.. _`Flask`: https://flask-restful.readthedocs.io/\n\nPrimarily, ``pfcon`` provides \"compute resource\" services to a ChRIS backend. When ``pfcon`` is deployed\nin the so called \"in-network\" mode it has direct access to the shared ChRIS's storage environment (currently either\nSwift object storage or a POSIX filesystem). This speeds up and makes more efficient the management of data/files\nprovided  to the compute cluster as the input to a scheduled plugin job. Otherwise when ``pfcon`` is not deployed in\n\"in-network\" mode it can accept a zip file (as part of a multipart POST request) containing all the input files\nfor the plugin job. In this case the output data from the job can then be downloaded back as a zip file after the job\nis finished.\n\nAfter submitting a plugin job ``pfcon``'s API can then be used to query and control the following (for example):\n\n- *state*: Is plugin job \u003cjob_id\u003e still running?\n\nCheck out the `Client Request/Response Flow \u003creq_resp_flow.md\u003e`__ document to see the full workflow involved in running a plugin and \nexamples of http calls accepted by ``pfcon`` server.\n\nAdditionally a Python3 client for this server's web API is provided here: https://github.com/FNNDSC/python-pfconclient\n\n\n***********************\nDevelopment and testing\n***********************\n\nPreconditions\n=============\n\nInstall latest docker\n---------------------\n\nTested platforms:\n\n* ``Ubuntu 18.04+ and MAC OS X 10.14+ and Fedora 31+`` `Additional instructions for Fedora \u003chttps://github.com/mairin/ChRIS_store/wiki/Getting-the-ChRIS-Store-to-work-on-Fedora\u003e`_\n* ``Docker 18.06.0+``\n\nNote: On a Linux machine make sure to add your computer user to the ``docker`` group.\nConsult this page: https://docs.docker.com/engine/install/linux-postinstall/\n\nCurrently a ``make.sh`` bash script is provided in the root of the repo to facilitate developing and testing the server under the\ndifferent compute and storage environments. The currently supported storage options are:\n\n- ``swift`` -- \"in-network\" Swift Object Storage\n- ``filesystem`` -- \"in-network\" POSIX filesystem (the most efficient but unlike the others does not support ChRIS link files or multiple input dirs for the job)\n- ``fslink`` -- \"in-network\" POSIX filesystem\n- ``zipfile`` -- \"out-of-network\" zip file as part of a multipart POST request (default)\n\nBelow are some examples of how to start the different dev environments. Consult the header of the ``make.sh`` script for more\ninformation on the different command line flags combinations supported by the script.\n\nLocal Development\n=================\n\nThis project uses a package manager called ``pixi``. For more information,\nread https://github.com/FNNDSC/pfcon/issues/152\n\nDocker-based development environment (default)\n==============================================\n\nStart pfcon's dev server operating in-network with shared ``fslink`` storage\n----------------------------------------------------------------------------\n\n.. code-block:: bash\n\n    $\u003e cd pfcon\n    $\u003e ./make.sh -N -F fslink\n\nRemove pfcon's container\n------------------------\n\n.. code-block:: bash\n\n    $\u003e cd pfcon\n    $\u003e ./unmake.sh -N -F fslink\n\nStart pfcon's dev server operating in-network with shared ``swift`` storage\n---------------------------------------------------------------------------\n\n.. code-block:: bash\n\n    $\u003e cd pfcon\n    $\u003e ./make.sh -N -F swift\n\nRemove pfcon's container\n------------------------\n\n.. code-block:: bash\n\n    $\u003e cd pfcon\n    $\u003e ./unmake.sh -N -F swift\n\nStart pfcon's dev server with ``zipfile`` storage\n-------------------------------------------------\n\n.. code-block:: bash\n\n    $\u003e git clone https://github.com/FNNDSC/pfcon.git\n    $\u003e cd pfcon\n    $\u003e ./make.sh\n\nRemove pfcon's container\n------------------------\n\n.. code-block:: bash\n\n    $\u003e cd pfcon\n    $\u003e ./unmake.sh\n\n\nPodman-based development environment\n====================================\n\nAlternatively Podman can be used with the same above commands. In this case ``pfcon`` must be able to schedule\ncontainers by communicating to the Podman socket:\n\n.. code-block:: bash\n\n    $\u003e systemctl --user start podman.service\n    $\u003e export DOCKER_HOST=\"$(podman info --format '{{ .Host.RemoteSocket.Path }}')\"\n\n\nDocker Swarm-based development environment\n==========================================\n\nStart a local Docker Swarm cluster if not already started\n---------------------------------------------------------\n\n.. code-block:: bash\n\n    $\u003e docker swarm init --advertise-addr 127.0.0.1\n\nStart pfcon's dev server with shared ``fslink`` storage\n-------------------------------------------------------\n\n.. code-block:: bash\n\n    $\u003e git clone https://github.com/FNNDSC/pfcon.git\n    $\u003e cd pfcon\n    $\u003e ./make.sh -N -F fslink -O swarm\n\nRemove pfcon's container\n------------------------\n\n.. code-block:: bash\n\n    $\u003e cd pfcon\n    $\u003e ./unmake.sh -N -F fslink -O swarm\n\nRemove the local Docker Swarm cluster if desired\n------------------------------------------------\n\n.. code-block:: bash\n\n    $\u003e docker swarm leave --force\n\n\nKubernetes-based development environment\n========================================\n\nInstall single-node Kubernetes cluster\n--------------------------------------\n\nOn MAC OS Docker Desktop includes a standalone Kubernetes server and client.\nConsult this page: https://docs.docker.com/desktop/kubernetes/\n\nOn Linux there is a simple MicroK8s installation. Consult this page: https://microk8s.io\n\nThen create the required alias:\n\n.. code-block:: bash\n\n    $\u003e snap alias microk8s.kubectl kubectl\n    $\u003e microk8s.kubectl config view --raw \u003e $HOME/.kube/config\n\n\nStart pfcon's dev server with shared ``fslink`` storage\n-------------------------------------------------------\n\n.. code-block:: bash\n\n    $\u003e git clone https://github.com/FNNDSC/pfcon.git\n    $\u003e cd pfcon\n    $\u003e ./make.sh -N -F fslink -O kubernetes\n\nRemove pfcon's container\n------------------------\n\n.. code-block:: bash\n\n    $\u003e cd pfcon\n    $\u003e ./unmake.sh -N -F fslink -O kubernetes\n\n\n*************\nConfiguration\n*************\n\n``pfcon`` is configured by environment variables.\nRefer to the source code in ``pfcon/config.py`` for exactly how it works.\n\n\nHow Storage Works\n=================\n\n``pfcon`` manages data in a directory known as \"storeBase\".\nThe \"storeBase\" is a storage space visible to every node in your compute cluster.\n\nFor single-machine deployments using Docker and Podman, the best solution is to use a local volume mounted\nby ``pfcon`` at the location given by the ``STOREBASE_MOUNT`` env variable.\n``pfcon`` should be configured with ``COMPUTE_VOLUME_TYPE=docker_local_volume``, ``VOLUME_NAME=...``.\n\nOn Kubernetes, a single PersistentVolumeClaim should be used. It is mounted by ``pfcon`` at the location\ngiven by the ``STOREBASE_MOUNT`` env variable.\n``pfcon`` should be configured with ``COMPUTE_VOLUME_TYPE=kubernetes_pvc``, ``VOLUME_NAME=...``.\n\nSLURM has no concept of volumes, though SLURM clusters typically use a NFS share mounted to the same path\non every node.\n``pfcon`` should be configured with ``COMPUTE_VOLUME_TYPE=host``, ``STOREBASE=...``, specify the share mount point\nas ``STOREBASE``.\n\n\n``Swarm`` v.s. ``Docker``\n=========================\n\nOriginally, ``pfcon`` interfaced with the Docker Swarm API for the sake of supporting multi-node clusters.\nHowever, more often than not, ``pfcon`` is run on a single-machine. Such is the case for developer\nenvironments, \"host\" compute resources for our single-machine production deployments of CUBE,\nand production deployments of CUBE on our Power9 supercomputers. ``Swarm`` mode is mostly an annoyance\nand its multi-node ability is poorly tested. Furthermore, multi-node functionality is\nbetter provided by ``CONTAINER_ENV=kubernetes``.\n\n\nPodman Support\n==============\n\n``CONTAINER_ENV=docker`` is compatible with Podman.\n\nPodman version 3 or 4 are known to work.\n\nRootless Podman\n---------------\n\nConfigure the user to be able to set resource limits.\n\nhttps://github.com/containers/podman/blob/main/troubleshooting.md#symptom-23\n\n\nEnvironment Variables\n=====================\n\n============================== ===========================================================\nEnvironment Variable           Description\n============================== ===========================================================\n``SECRET_KEY``                 `Flask secret key`_\n``PFCON_USER``                  ``pfcon`` auth user\n``PFCON_PASSWORD``              ``pfcon`` auth user's password\n``PFCON_INNETWORK``             (bool) whether the server was deployed \"in-network\" mode\n``PFCON_OP_IMAGE``              container image for the data operation (copy, upload, delete) container in \"in-network\" mode\n``STORAGE_ENV``                 one of: \"swift\", \"filesystem\", \"fslink\", \"zipfile\"\n``CONTAINER_ENV``               one of: \"swarm\", \"kubernetes\", \"cromwell\", \"docker\"\n``COMPUTE_VOLUME_TYPE``         | one of: \"host\", \"docker_local_volume\", \"kubernetes_pvc\"\n``STOREBASE``                   where job data is stored, valid when ``COMPUTE_VOLUME_TYPE=host``, conflicts with ``VOLUME_NAME``\n``VOLUME_NAME``                 name of data volume, valid when ``COMPUTE_VOLUME_TYPE=docker_local_volume`` or ``COMPUTE_VOLUME_TYPE=kubernetes_pvc``\n``PFCON_SELECTOR``              label on the pfcon container, may be specified for pfcon to self-discover ``VOLUME_NAME`` (default: ``org.chrisproject.role=pfcon``\n``CONTAINER_USER``              Set job container user in the form ``UID:GID``, may be a range for random values\n``ENABLE_HOME_WORKAROUND``      If set to \"yes\" then set job environment variable ``HOME=/tmp``\n``SHM_SIZE``                    Size of ``/dev/shm`` in mebibytes. (Supported only in Docker, Podman, and Kubernetes.)\n``JOB_LABELS``                  CSV list of key=value pairs, labels to apply to container jobs\n``JOB_LOGS_TAIL``               (int) maximum size of job logs\n``IGNORE_LIMITS``               If set to \"yes\" then do not set resource limits on container jobs (for making things work without effort)\n``REMOVE_JOBS``                 If set to \"no\" then pfcon will not delete jobs (for debugging)\n============================== ===========================================================\n\n.. _`Flask secret key`: https://flask.palletsprojects.com/en/2.1.x/config/#SECRET_KEY\n\n\n``COMPUTE_VOLUME_TYPE=host``\n----------------------------\n\nWhen ``COMPUTE_VOLUME_TYPE=host``, then specify ``STOREBASE`` as a mount point path on the host(s).\n\n``COMPUTE_VOLUME_TYPE=docker_local_volume``\n-------------------------------------------\n\nFor single-machine instances, use a Docker/Podman local volume as the \"storeBase.\"\nThe volume should exist prior to the start of ``pfcon``. It can be identified one of two ways:\n\n- Manually, by passing the volume name to the variable ``VOLUME_NAME``\n- Automatically: ``pfcon`` inspects a container with the label ``org.chrisproject.role=pfcon``\n  and selects the mountpoint of the bind to the ``STOREBASE_MOUNT`` env variable\n\n``COMPUTE_VOLUME_TYPE=kubernetes_pvc``\n--------------------------------------\n\nWhen ``COMPUTE_VOLUME_TYPE=kubernetes_pvc``, then ``VOLUME_NAME`` must be the name of a\n``PersistentVolumeClaim`` configured as ``ReadWriteMany``.\n\nIn cases where the volume is only writable to a specific UNIX user,\nsuch as a NFS-backed volume, ``CONTAINER_USER`` can be used as a workaround.\n\nKubernetes-Specific Options\n===========================\n\nApplicable when ``CONTAINER_ENV=kubernetes``\n\n============================== ===========================================================\nEnvironment Variable           Description\n============================== ===========================================================\n``JOB_NAMESPACE``              Kubernetes namespace for created jobs\n``NODE_SELECTOR``              Pod ``nodeSelector``\n============================== ===========================================================\n\n\nSLURM-Specific Options\n======================\n\nApplicable when ``CONTAINER_ENV=cromwell``\n\n============================== ===========================================================\nEnvironment Variable           Description\n============================== ===========================================================\n``CROMWELL_URL``               Cromwell URL\n``TIMELIMIT_MINUTES``          SLURM job time limit\n============================== ===========================================================\n\nFor how it works, see https://github.com/FNNDSC/pman/wiki/Cromwell\n\n\nContainer User Security\n=======================\n\nSetting an arbitrary container user, e.g. with ``CONTAINER_USER=123456:123456``,\nincreases security but will cause (unsafely written) ChRIS plugins to fail.\nIn some cases, ``ENABLE_HOME_WORKAROUND=yes`` can get the plugin to work without having to change its code.\n\nIt is possible to use a random container user with ``CONTAINER_USER=1000000000-2147483647:1000000000-2147483647``\nhowever considering that ``pfcon``'s UID never changes, this will cause everything to break.\n\n\nMissing Features\n================\n\n``pfcon``'s configuration has gotten messy over the years because it attempts to provide an interface\nacross vastly different systems. Some mixing-and-matching of options are unsupported:\n\n- ``IGNORE_LIMITS=yes`` only works with ``CONTAINER_ENV=docker`` (or podman).\n- ``JOB_LABELS=...`` only works with ``CONTAINER_ENV=docker`` (or podman) and ``CONTAINER_ENV=kubernetes``.\n- ``CONTAINER_USER`` does not work with ``CONTAINER_ENV=cromwell``\n- ``CONTAINER_ENV=cromwell`` does not forward environment variables.\n- ``COMPUTE_VOLUME_TYPE=host`` is not supported for Kubernetes\n\n\nTODO\n====\n\n- [ ] Dev environment and testing for Kubernetes and SLURM.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffnndsc%2Fpfcon","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffnndsc%2Fpfcon","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffnndsc%2Fpfcon/lists"}