Hi,
So having now fallen down the rabbit hole of singularity again (it's been a while since I dived into the docs), has anyone got experience with Singularity 3.0?
It appears to be a complete re-write in go and has a number of differences to the 2.X version we've been using on the grid (I'm assuming as it's the commercial offering). Site is here:
https://www.sylabs.io/docs/
rather than:
https://singularity.lbl.gov/
The page which is very shiny, has some slightly disturbing text for the way we use containers on the Grid at the moment, for instance rpm's appear to be only for the pro version as does streamlined/preferred security updates....and the image format has changed again with the selling point that it's a single monolithic entity rather than cached layers or a simple directory -
"Singularity can take any OCI compatible format and encapsulate it into a “Singularity Image Format” (SIF) package. This package now becomes the runtime format for the container. No more tarballs. No more root owned layers or daemons, this is the runtime executable format!"
From the docs it looks like you can still us a "sandbox" mode in which the container is in a directory, but this seems to be assumed to be for development etc.
Does anyone have any experience with this version, or how compatible it is with how we do things?
Thanks,
Gareth
On 06/12/2018, 12:12, "Testbed Support for GridPP member institutes on behalf of Waugh, Ben" <[log in to unmask] on behalf of [log in to unmask]> wrote:
Hi Chris,
I went to a talk recently by someone who had been trying out Singularity
and was similarly confused to start with. I think root (or sudo) access
is needed in order to create a container, but that it can then be run
without root access. So a user who is not trusted by you, but has root
access on e.g. their own laptop, can create an image and run it on your
system.
Cheers,
Ben
On 06/12/2018 12:04, Chris Brew - UKRI STFC wrote:
> Hi All,
>
> As is often the case, I am confused. Specifically today, I am confused about about Singularity Containers.
>
> A bit of background; I’ve been getting several requests in from different people saying “I want version X.Y.Z of root|Python|gcc|whatever, and your version of CentOS/SL only has A.B.C”. Now there are various ways of satisfying people (/cvmfs/software.cern.ch is a very good resource) but this sounded like an ideal use case for containers.
>
> I’ve gone off and looked at the Singularity documentation and although it makes a big thing of “Untrusted images from untrusted users” all the example commands for building images start with ‘sudo singularity…’
>
> So, can users build their own images without sudo or is their definition of an “untrusted” user different to mine?
>
> The second related thing I’m confused about is the different image formats, I cannot seem to find a comparison between them with pros and cons. And on that is there a specific issue with images that need loopback devices?
>
> Yours,
> Chris.
>
> --
> Dr Chris Brew
> Scientific Computing Manager
> Particle Physics Department
> UKRI - STFC - Rutherford Appleton Laboratory
> Harwell Oxford,
> Didcot
> OX11 0QX
> +44 1235 446326
>
>
> ########################################################################
>
> To unsubscribe from the TB-SUPPORT list, click the following link:
> https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=TB-SUPPORT&A=1
>
--
Dr Ben Waugh Tel. +44 (0)20 7679 7223
Computing and IT Manager Internal: 37223
Dept of Physics and Astronomy
University College London
London WC1E 6BT
########################################################################
To unsubscribe from the TB-SUPPORT list, click the following link:
https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=TB-SUPPORT&A=1
########################################################################
To unsubscribe from the TB-SUPPORT list, click the following link:
https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=TB-SUPPORT&A=1
