A container model for resource provision at a WLCG Tier-2

Containers are more and more becoming prevalent in Industry as the standard method of software deployment. They have many benefits for shipping software by encapsulating dependencies and turning complex software deployments into single portable units. Similar to Virtual Machines, but with a lower overall resource requirement, greater flexibility and more transparency they are a compelling choice for software deployment. The use of containers is becoming attractive to WLCG experiments as a means to encapsulate their payloads, ensure that userland environments are consistent and to segregate running jobs from one another to improve isolation. Technologies such as Docker and Singularity are already being used and tested by larger WLCG experiments along with CERN IT. Our purpose in this paper is to explore the use of containers at a medium to large WLCG Tier-2 as a method of reducing the manpower required to run such a site. By examining the requirements of WLCG payloads (such as the availability of CVMFS, Trust Anchors or VOMS information) a model of a contained compute platform is developed and presented. Along with providing compute it standardised monitoring solutions can be bundled to provide a complete toolbox for local System Administrators to provide resources quickly and securely.