 |
 |
Hi Gareth, On 06/12/2018 13:40, Gareth Roy wrote: > Hi, > > So having now fallen down the rabbit hole of singularity again (it's been a while since I dived into the docs), has anyone got experience with Singularity 3.0? > > It appears to be a complete re-write in go and has a number of differences to the 2.X version we've been using on the grid (I'm assuming as it's the commercial offering). Site is here: > > https://www.sylabs.io/docs/ > > rather than: > > https://singularity.lbl.gov/ > > The page which is very shiny, has some slightly disturbing text for the way we use containers on the Grid at the moment, for instance rpm's appear to be only for the pro version as does streamlined/preferred security updates....and the image format has changed again with the selling point that it's a single monolithic entity rather than cached layers or a simple directory - > > "Singularity can take any OCI compatible format and encapsulate it into a “Singularity Image Format” (SIF) package. This package now becomes the runtime format for the container. No more tarballs. No more root owned layers or daemons, this is the runtime executable format!" nothing has changed from this point of view. Even before the rpms circulating weren't produced by the singularity team. WLCG has produced rpms for the past year. The image if you build it like I built it in my other reply is monolythic, it has always been singularity selling point to run as an unprivileged monolitic executable. That is why we adopted it on the grid. If anything the fact that they are more OCI compatible it is a good thing. It means there will be less problems for the users when they build for example on docker and use the image with singularity. > From the docs it looks like you can still us a "sandbox" mode in which the container is in a directory, but this seems to be assumed to be for development etc. I don't think anything has changed much for sandboxing. Though I don't think anyone has tried yet. I'm waiting for some more ironing out of problems after the complete rewrite. cheers alessandra > > Does anyone have any experience with this version, or how compatible it is with how we do things? > > Thanks, > > Gareth > > > > On 06/12/2018, 12:12, "Testbed Support for GridPP member institutes on behalf of Waugh, Ben" <[log in to unmask] on behalf of [log in to unmask]> wrote: > > Hi Chris, > > I went to a talk recently by someone who had been trying out Singularity > and was similarly confused to start with. I think root (or sudo) access > is needed in order to create a container, but that it can then be run > without root access. So a user who is not trusted by you, but has root > access on e.g. their own laptop, can create an image and run it on your > system. > > Cheers, > Ben > > On 06/12/2018 12:04, Chris Brew - UKRI STFC wrote: > > Hi All, > > > > As is often the case, I am confused. Specifically today, I am confused about about Singularity Containers. > > > > A bit of background; I’ve been getting several requests in from different people saying “I want version X.Y.Z of root|Python|gcc|whatever, and your version of CentOS/SL only has A.B.C”. Now there are various ways of satisfying people (/cvmfs/software.cern.ch is a very good resource) but this sounded like an ideal use case for containers. > > > > I’ve gone off and looked at the Singularity documentation and although it makes a big thing of “Untrusted images from untrusted users” all the example commands for building images start with ‘sudo singularity…’ > > > > So, can users build their own images without sudo or is their definition of an “untrusted” user different to mine? > > > > The second related thing I’m confused about is the different image formats, I cannot seem to find a comparison between them with pros and cons. And on that is there a specific issue with images that need loopback devices? > > > > Yours, > > Chris. > > > > -- > > Dr Chris Brew > > Scientific Computing Manager > > Particle Physics Department > > UKRI - STFC - Rutherford Appleton Laboratory > > Harwell Oxford, > > Didcot > > OX11 0QX > > +44 1235 446326 > > > > > > ######################################################################## > > > > To unsubscribe from the TB-SUPPORT list, click the following link: > > https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=TB-SUPPORT&A=1 > > > > -- > Dr Ben Waugh Tel. +44 (0)20 7679 7223 > Computing and IT Manager Internal: 37223 > Dept of Physics and Astronomy > University College London > London WC1E 6BT > > ######################################################################## > > To unsubscribe from the TB-SUPPORT list, click the following link: > https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=TB-SUPPORT&A=1 > > > > ######################################################################## > > To unsubscribe from the TB-SUPPORT list, click the following link: > https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=TB-SUPPORT&A=1 -- Respect is a rational process. \\// For Ur-Fascism, disagreement is treason. (U. Eco) ######################################################################## To unsubscribe from the TB-SUPPORT list, click the following link: https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=TB-SUPPORT&A=1