 It's time for the next lightning talk. Ephraim is talking about reproducible containers in the HPC context. Thank you. Okay. So yes, I came into this really more from the sysadmin side. I like making things build. I guess I work with the scientists and so they have their software and they need to put it out there for the papers for other things that they can go and point to and say, here it is, here you can see my results. So I was home working and so we got a new app that we were gonna go and host on the website who is being moved from old one to new one. So the old website was running on CentOS 5 with PHP 5.3, with Python 2.7 and another Python from the user's home directory and Octave also from 2010 and just everything was from 2010. Just looking and thinking. Well tested. Well tested, of course. And it also accepts arbitrary files, upload whatever you want to it. Clearly exactly what we want running. So actually what about it using Geeks? So with Geeks, you tell it exactly what packages go into building each package. So you get the reproducibility in that. It works also when you have a collection of packages, every time you install it you get the exact same packages you don't have craft from installing and removing packages and it also extends into a whole operating system or in this case into a container. You tell the container I want, you tell Geeks I want exactly this inside the container and that's it, that's exactly what you have inside. So for the web app we have all of our old software here and I guess going back to the container, one of the scripts I hadn't actually patched all the way, just missing, remove, arm dirt, just, I didn't tell it where to find it, I didn't put it in the container, it just wasn't there. So yeah, so had old versions of Graphis, of Octave, all of this coming down to our final package. So with Geeks it was easy to go ahead and to create the old versions of the packages. We started with the version of Graphis that was already in Geeks. We changed a couple of things mostly downgrading the inputs to older versions of them. Octave was basically the same thing, we took Octave, Q-Hull had moved around since then, GNU-Lib had moved around since then, so just some changes here and there to make everything actually build with older versions of everything. And then for the actual container, and pretty much this was the entire config file for the container, to find the operating system, bootloader doesn't matter, it's a container, there's no firmware, no packages, just the actual service itself and the DHCP client so it can actually find the network that you give it. So the service gets fed a service type, a service configuration which in our case was, can't see the mouse. So here we just have the actual package that I built at the end. I told it that it was going to be in the serve HTTP directory with that port. Our little activation script here really just says, before you start, go ahead and run these actions so it was, if the directory exists, delete it, then recreate it, copy the stuff over and it wants to write to the directory so go ahead and make that available. And the whole thing was just behind engine X so with the system management, with the config for engine X, it was really just, listen on the port that we had on the previous slide using the root that we had on the previous slide from the configuration, then the service type down here is the one that we actually passed to the operating system config to make the container. We said, when you activation service type, when you start, run the script, you're using engine X with the config that we have and by the way, don't make sure that PHP FPM is running. Building the container was, you just, was the system container command, you feed it the actual container file and same serve HTTP folder directory that we had from before. It was actually mounted in the home directory but we pulled the container, put it in that spot, I wanted the logs and give it the networking and then actually we're running on top of Debian so it was just use system D to launch it. So we have the same command as before, we have full path to Geeks but Geeks system container, full path to the container itself, the same two shares, you need the path and give it the networking and then just go ahead and launch it. The whole thing runs under the BNW user so everything, so went in, all the random files being uploaded were also owned by it and as far as updating this every now and then just ran Geeks pull which pulled in new versions of, not of say Graphis or Octave but new versions of PHP, new versions of engine X, all the other packages that I didn't have to go in downgrade and then restarting the service just goes and rebuilds the container itself and it's there and available. From the Debian, from the Debian host that this all was running on, we just went and said point engine X at port, it was 8880 and we got it from the outside. So then at a certain point in the future when it does go and crash and have to go and rebuild the software, we have another command I haven't listed here, Geeks system list generations, that system, you can list the generations from Geeks pull, so it's Geeks pull list generations, you go back to the previous generation when it did work, restart the container again and you're back up and running while you figure out just what changed this time. So with that we went and we're hosting the old web app using new technology or newer technology, newer versions of everything and everything seems to be working. Thank you, again we have time for one question. Thank you, what's the outlook for you? How will you go about updating now that you have it on the known state so that you can move ahead, what are you planning? Right, okay, I'll have to repeat the question. Okay, I'll do it anyway just in case. So the question was how do we update the state? The actual package that we were given doesn't really get updated, it was more of making sure that there weren't anything left behind from previous times we'd restarted it. As far as the actual packages that we used to build everything, I had to downgrade GCC to GCC5, so that was one of the things that as we moved forward I had to add that in to make sure that it worked again. Yeah, I guess the rest of the dependency graph of everything that was running more or less because it's on top of Geeks, keeps everything else up to date and then I'm just locking these versions in at their old versions. All right, thank you, Ephraim. That concludes our lightning talk, yeah, please applaud.