Hi,

singularity needs sudo powers to build an image is you want to write in it. If you have available images in the registries you can build them as a local user. The example below is given on the docs with sudo, but it runs and executes even without sudo. It warns you that it might miss some functionality if you then try to run it as root. Of course I didn't add any software to the image either, if a user wants to customize using for example apt-get or yum or they want a writable image, they will need sudo, but if they only want to use the software they will not. Below I run the image as it is but I could have executed a shell in it and bind a directory where my scripts are and pronto I have an environment with python installed that i can use to develop my code, when I exit the image my code will still be on the host. This is for example how we are testing ATLAS GPU workflows which require python3 in Manchester ATM. If instead of lolcow I access docker://python:3.6-alpine3.7 I can then work with python3 in a very light weight environment

aforti@vm26>singularity build alpine-python.simg docker://python:3.6-alpine3.7
Docker image path: index.docker.io/library/python:3.6-alpine3.7
Cache folder set to /home/aforti/.singularity/docker  <-- caches tarfiles for the next time even if you don't build the image but exec from local file system next time it will not access the registry
[5/5] |===================================| 100.0%
[.......]
aforti@vm26>singularity exec -C alpine-python.simg sh
Singularity> which python3
/usr/local/bin/python3
Singularity> python3
Python 3.6.7 (default, Nov 16 2018, 06:56:26)
[GCC 6.4.0] on linux
>>> print("Hello World!")
Hello World!

so suddenly I don't have to ask admin to install python3..... and I can even chose the os and the python version. It really depends what you want to do with an image and how you are going to use the images and how much customisation you need.

packed images like the one I created below will need to use loop devices, some sites forbid that (RAL for example). But you can also get away with executing an image from a registry at runtime and that will not use loop devices. Or if you want something more permanent you can unpack the image as a directory and that will not require loop devices either but will use much more space because by default singularity packed images use squashfs.

 cheers
alessandra

aforti@vm26>singularity build lolcow.simg docker://godlovedc/lolcow
Docker image path: index.docker.io/godlovedc/lolcow:latest
Cache folder set to /home/aforti/.singularity/docker
[6/6] |===================================| 100.0%
Importing: base Singularity environment
Exploding layer: sha256:9fb6c798fa41e509b58bccc5c29654c3ff4648b608f5daa67c1aab6a7d02c118.tar.gz
Exploding layer: sha256:3b61febd4aefe982e0cb9c696d415137384d1a01052b50a85aae46439e15e49a.tar.gz
Exploding layer: sha256:9d99b9777eb02b8943c0e72d7a7baec5c782f8fd976825c9d3fb48b3101aacc2.tar.gz
Exploding layer: sha256:d010c8cf75d7eb5d2504d5ffa0d19696e8d745a457dd8d28ec6dd41d3763617e.tar.gz  <-- tarfiles
Exploding layer: sha256:7fac07fb303e0589b9c23e6f49d5dc1ff9d6f3c8c88cabe768b430bdb47f03a9.tar.gz
Exploding layer: sha256:8e860504ff1ee5dc7953672d128ce1e4aa4d8e3716eb39fe710b849c64b20945.tar.gz
Exploding layer: sha256:736a219344fbca3099ce5bd1d2dbfea74b22b830bac0e85ecca812c2983390cd.tar.gz
WARNING: Building container as an unprivileged user. If you run this container as root
WARNING: it may be missing some functionality.
Building Singularity image...
Singularity container built: lolcow.simg
Cleaning up...
aforti@vm26>singularity run lolcow.simg
 ________________________________
< You will get what you deserve. >
 --------------------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||



On 06/12/2018 12:03, Chris Brew - UKRI STFC wrote:
[log in to unmask]"> 
Hi All,

As is often the case, I am confused. Specifically today, I am confused about about Singularity Containers.

A bit of background; I’ve been getting several requests in from different people saying “I want version X.Y.Z of root|Python|gcc|whatever, and your version of CentOS/SL only has A.B.C”. Now there are various ways of satisfying people (/cvmfs/software.cern.ch is a very good resource) but this sounded like an ideal use case for containers.

I’ve gone off and looked at the Singularity documentation and although it makes a big thing of “Untrusted images from untrusted users” all the example commands for building images start with ‘sudo singularity…’

So, can users build their own images without sudo or is their definition of an “untrusted” user different to mine?

The second related thing I’m confused about is the different image formats, I cannot seem to find a comparison between them with pros and cons. And on that is there a specific issue with images that need loopback devices?

Yours,
Chris.

--
Dr Chris Brew
Scientific Computing Manager
Particle Physics Department
UKRI - STFC - Rutherford Appleton Laboratory
Harwell Oxford,
Didcot
OX11 0QX
+44 1235 446326


########################################################################

To unsubscribe from the TB-SUPPORT list, click the following link:
https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=TB-SUPPORT&A=1


-- 
Respect is a rational process. \\//
For Ur-Fascism, disagreement is treason. (U. Eco)

To unsubscribe from the TB-SUPPORT list, click the following link:
https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=TB-SUPPORT&A=1