Guix for HPC

Table of content

This short tutorial summarizes the steps to install Guix on a Linux distribution using systemd as an init system and the additional steps that make it suitable to use in a HPC context.

Install Guix using the provided script.

Download the script and run it as the superuser.

  cd /tmp
  wget https://guix.gnu.org/install.sh -O guix-install.sh
  chmod +x guix-install.sh
  sudo ./guix-install.sh

You can safely answer yes to all the questions asked by the script.

Tip

If you wish to do the installation manually, the steps are provided in the documentation.

Configure additional Guix channels

Per-user channel configuration in Guix is defined in the file channels.scm, located in $HOME/.config/guix.

The Guix-Science channel contains scientific software that is too specific to be included in Guix.

It has a non-free counterpart containing package definition of proprietary software (e.g. CUDA toolkit) and free software which depends on proprietary software (e.g. packages with CUDA support).

Since the Guix-Science-nonfree channel depends on the Guix-Science channel, it can be a good starting point, provided that you don't mind having access to non-free software.

In this case, the following channels.scm file could be used:

  (append
    (list
      (channel
        (name 'guix-science-nonfree)
        (url "https://codeberg.org/guix-science/guix-science-nonfree.git")
        (introduction
         (make-channel-introduction
          "58661b110325fd5d9b40e6f0177cc486a615817e"
          (openpgp-fingerprint
           "CA4F 8CF4 37D7 478F DA05  5FD4 4213 7701 1A37 8446")))))
    %default-channels)

Tip

The content of the channels.scm file is Scheme code (it is actually a list of channel objects). The %default-channels variable is a list containing the Guix channel and should be used as a base to generate a list of channels.

If you'd like to have the Guix-Science channel without any proprietary software definition, you could use the following channels.scm file:

  (append
   (list (channel
          (name 'guix-science)
          (url "https://codeberg.org/guix-science/guix-science.git")
          (branch "master")
          (introduction
           (make-channel-introduction
              "b1fe5aaff3ab48e798a4cce02f0212bc91f423dc"
              (openpgp-fingerprint
               "CA4F 8CF4 37D7 478F DA05  5FD4 4213 7701 1A37 8446")))))
   %default-channels)

Get the latest version of the package definitions

In a shell, launch the following command:

  $ guix pull

This will take some time as this command updates the available channels and builds up the package definitions.

Add the Guix HPC substitute server

In order to avoid building the packages defined in the Guix HPC channels, it is possible to configure the guix-daemon to connect to Guix HPC substitute server which serves precompiled binaries of the software packaged in various channels, including the Guix-Science channels, and is located at https://guix.bordeaux.inria.fr.

This requires two steps: modifying the guix-daemon configuration and adding the new substitute server key to Guix.

Configure the guix-daemon

If you are using Guix System, please refer to the official documentation is available here.

The following instructions apply when Guix is installed on a foreign distribution using systemd.

In order to add a new substitute server, the guix-daemon must be specified the full list of substitute servers, through the --substitute-urls switch. In our case the full list is 'https://guix.bordeaux.inria.fr https://ci.guix.gnu.org https://bordeaux.guix.gnu.org'.

The guix-daemon.service file (generally located in /etc/systemd/system or in /lib/systemd/system/) should be manually edited to add the above-mentioned flag:

  ExecStart=[...]/guix-daemon [...] --substitute-urls='https://guix.bordeaux.inria.fr https://ci.guix.gnu.org https://bordeaux.guix.gnu.org'

The guix-daemon service then needs to be restarted:

  # Reload the configuration.
  sudo systemctl daemon-reload
  # Restart the deamon.
  sudo systemctl restart guix-daemon.service

Authenticate the new substitute server

In order to accept substitutes from the Guix HPC substitute server, its key must be authorized:

  # Download the server key.
  wget https://guix.bordeaux.inria.fr/signing-key.pub
  # Add the key to Guix configuration.
  sudo guix archive --authorize < signing-key.pub
  # Optionally remove the key file.
  rm signing-key.pub

Check that everything is working properly

Run for instance the following command, which instantiates a dynamic environment containing the hello-mpi package defined in the Guix-Science channel and runs it:

  guix shell hello-mpi -- hello-mpi

Tips and Tricks

Error with guix shell ā€“container

Due to user namespaces set up, using guix shell with the --container or -C option may fail with an error like: 

$ guix shell --container coreutils  
guix shell: error: clone: 2114060305: Invalid argument

User namespaces are crucial for achieving process and resource isolation and are indispensable for containerization. For security concern they are disabled by default on certain Debian and Ubuntu distributions, so that non-root users are not allowed to create or handle user namespaces, and the setting of the user.max_user_namespaces to 0 causes the guix shell --container to fail.

To enable the user namespaces temporarily run:

  sudo sysctl user.max_user_namespaces = 1024

For the change to be persistent after reboot:

  echo "user.max_user_namespaces = 1024" | sudo tee /etc/sysctl.d/local.conf
  sudo service procps force-reload
  sudo sysctl --system

In the above settings, the parameter is set to 1024. Note that any non-zero integer would be relevant. An alternative method for enabling the user namespaces, which is specific to Debian and Ubuntu distributions, is to set kernel.unprivileged_userns_clone=1.