Singularity
This article explains the purpose and use of Singularity.
Description
Singularity is a container system for isolating software and computing environments from the host system. It allows to package software in highly portable and reproducible environments encapsulating all dependencies, including the operating system.
It has similarities to Docker but it's security model is specifically engineered to be used in HPC environments and easy integration in managed client environments.
A typical use case is to install a specific software with all its dependencies in order to run the application in a batch job on our Slurm cluster. Providing such dependencies on our managed Linux systems would be time consuming in preparation and maintenance. On the other hand such installations can be quickly done with elevated (sudo or root) privileges in a container.
Docker is not secure as it provides a means to gain root access on the host it's running on, therefore we provide Singularity as a secure alternative.
Official documentation
The official documentation for users is a great starting point to get up and running with Singularity.
The analogue of a Docker file, a so-called Singularity recipe or Singularity Definition File is documented in detail section Definition Files.
Concepts
Sandbox: A writeable directory containing the container's directory structure
Singularity Image File (SIF): An immutable container runtime image containing the container's directory structure
SingularityBuilder: A virtual machine to allow Singularity operations with elevated privileges
Image sources
Pre-built SIFs and Docker images are available in the Sylabs Cloud Library or on the Docker hub.
Common use cases
Using a Docker image
The simplest use case is to convert an existing Docker image and run a command inside it. A well made Docker image can be converted without elevated privileges.
Convert a Docker image to a SIF
Directly from Docker Hub:
singularity build lolcow.sif docker://godlovedc/lolcow
Converting a Docker image stored locally as tar file:
singularity build docker-image.sif docker-archive:///path/to/docker-image.tar
Run a command in a SIF
singularity exec lolcow.sif cowsay "Mooh!"
If the command to be executed from the SIF is not found in the SIF's PATH variable, it's path needs to be specified explicitely:
singularity exec lolcow.sif /usr/games/cowsay "Mooh!"
Build your own SIF
A more complex use case is to install software on a specific Linux distribution with all its dependencies. This is easier with elevated privileges, as available step-by-step guides may be followed. To run Singularity operations as root we provide SingularityBuilder .
Create a writeable sandbox
From the Singularity Library:
singularity build --sandbox ubuntu_16.04 library://library/default/ubuntu:16.04
Or from the Docker Hub:
singularity build --sandbox ubuntu docker://ubuntu:16.04
Start a shell in a sandbox
To install the software according to an installation guide or as you see fit, start a shell in your sandbox:
singularity shell ubuntu_16.04
Convert a sandbox to a SIF
After a sandbox is set up and tested it can be converted to a SIF:
singularity build my_image.sif my_sandbox
Convert a SIF to a sandbox
It's also possible to convert a SIF back to a sandbox.:
singularity build --sandbox my_sandbox my_image.sif
Running commands from SIFs
Using GPU resources
For software packaged into a SIF which requires access to the GPU resources of its host, the option --nv can be added:
singularity exec --nv lolcow.sif cowsay "Mooh!"
Accessing storage
A user's home directory is available per default from a SIF. To be able to access additional storage paths they need to be defined by using the option --bind, either by using the same path as on the host:
singularity shell --bind /scratch/$USER lolcow.sif
or specifying a different path in the SIF:
singularity shell --bind /scratch/$USER:/mnt/$USER lolcow.sif