-
Notifications
You must be signed in to change notification settings - Fork 13
Singularity
On Linux, Singularity can be used as an alternative to Docker. Using Singularity instead of Docker may be easier or not, depending on your use case. Furthermore, on computing centers Singularity might be the only allowed solution, e.g. due to security issues.
One advantage of Singularity is that it preserves user's identity, contrary to
Docker. In practice, the user's $HOME volume is automatically mounted when
starting a container, and graphics are forwarded.
However, Singularity does not have an ecosystem as rich as Docker, requiring to convert existing Docker image(s) to Singularity one(s). Fortunately, this is usually straightforward.
On Debian and derivatives, the like Ubuntu, Singularity can be installed from
the system package manager as singularity-container. For example,
sudo apt update
sudo apt install singularity-container
Please refer to the online documentation for alternative installation instructions.
Converting a Docker image to a Singularity one can be done with a single command line. For example, a Singularity image of the GRANDLIB development environment is created as
sudo singularity build --sandbox grandenv docker://grandlib/dev:latest
With the --sandbox option, the image is built as a regular folder, named
grandenv in this case. Omitting this option, builds a SIF file
(Singularity Image Format) instead.
In addition, note that root privileges are explicitly invoked (with the sudo
command) when building the Singularity image. However, root privileges are not
needed (nor recommended) at runtime. Only, when building the image.
An interactive shell can be started in an image with the singularity shell
command. For example,
singularity shell grandenv
starts an interactive shell within the previously created GRANDLIB environment. Note that Singularity preserves your identity. That is, you have the exact same rights within the image and outside. In addition, files and directories created from within the image have proper ownership.
If your $HOME volume is properly located, then it is automatically mounted
when starting the Singularity image. Note that at CC-IN2P3 this fails due to non
standard /home location. Then, the -H option can be used in order to
explicitly mount your $HOME volume, e.g. as
singularity shell -H $HOME grandenv
Please refer to the command line --help for additional options.