On 06/12/2018 14:03, Alessandra Forti wrote:
> Hi Gareth,
>
> On 06/12/2018 13:40, Gareth Roy wrote:
>> Hi,
>>
>> So having now fallen down the rabbit hole of singularity again (it's
>> been a while since I dived into the docs), has anyone got experience
>> with Singularity 3.0?
>>
>> It appears to be a complete re-write in go and has a number of
>> differences to the 2.X version we've been using on the grid (I'm
>> assuming as it's the commercial offering). Site is here:
>>
>> https://www.sylabs.io/docs/
>>
>> rather than:
>>
>> https://singularity.lbl.gov/
>>
>> The page which is very shiny, has some slightly disturbing text for
>> the way we use containers on the Grid at the moment, for instance
>> rpm's appear to be only for the pro version as does
>> streamlined/preferred security updates....and the image format has
>> changed again with the selling point that it's a single monolithic
>> entity rather than cached layers or a simple directory -
>>
>> "Singularity can take any OCI compatible format and encapsulate it
>> into a “Singularity Image Format” (SIF) package. This package now
>> becomes the runtime format for the container. No more tarballs. No
>> more root owned layers or daemons, this is the runtime executable
>> format!"
> nothing has changed from this point of view. Even before the rpms
> circulating weren't produced by the singularity team. WLCG has
> produced rpms for the past year. The image if you build it like I
> built it in my other reply is monolythic, it has always been
> singularity selling point to run as an unprivileged monolitic
> executable. That is why we adopted it on the grid.
or unpacked in CVMFS as it happens.
>
> If anything the fact that they are more OCI compatible it is a good
> thing. It means there will be less problems for the users when they
> build for example on docker and use the image with singularity.
>> From the docs it looks like you can still us a "sandbox" mode in
>> which the container is in a directory, but this seems to be assumed
>> to be for development etc.
> I don't think anything has changed much for sandboxing. Though I don't
> think anyone has tried yet. I'm waiting for some more ironing out of
> problems after the complete rewrite.
>
> cheers
> alessandra
>>
>> Does anyone have any experience with this version, or how compatible
>> it is with how we do things?
>>
>> Thanks,
>>
>> Gareth
>>
>>
>>
>> On 06/12/2018, 12:12, "Testbed Support for GridPP member institutes
>> on behalf of Waugh, Ben" <[log in to unmask] on behalf of
>> [log in to unmask]> wrote:
>>
>> Hi Chris,
>> I went to a talk recently by someone who had been trying
>> out Singularity
>> and was similarly confused to start with. I think root (or sudo)
>> access
>> is needed in order to create a container, but that it can then
>> be run
>> without root access. So a user who is not trusted by you, but
>> has root
>> access on e.g. their own laptop, can create an image and run it
>> on your
>> system.
>> Cheers,
>> Ben
>> On 06/12/2018 12:04, Chris Brew - UKRI STFC wrote:
>> > Hi All,
>> >
>> > As is often the case, I am confused. Specifically today, I am
>> confused about about Singularity Containers.
>> >
>> > A bit of background; I’ve been getting several requests in
>> from different people saying “I want version X.Y.Z of
>> root|Python|gcc|whatever, and your version of CentOS/SL only has
>> A.B.C”. Now there are various ways of satisfying people
>> (/cvmfs/software.cern.ch is a very good resource) but this sounded
>> like an ideal use case for containers.
>> >
>> > I’ve gone off and looked at the Singularity documentation and
>> although it makes a big thing of “Untrusted images from untrusted
>> users” all the example commands for building images start with ‘sudo
>> singularity…’
>> >
>> > So, can users build their own images without sudo or is their
>> definition of an “untrusted” user different to mine?
>> >
>> > The second related thing I’m confused about is the different
>> image formats, I cannot seem to find a comparison between them with
>> pros and cons. And on that is there a specific issue with images that
>> need loopback devices?
>> >
>> > Yours,
>> > Chris.
>> >
>> > --
>> > Dr Chris Brew
>> > Scientific Computing Manager
>> > Particle Physics Department
>> > UKRI - STFC - Rutherford Appleton Laboratory
>> > Harwell Oxford,
>> > Didcot
>> > OX11 0QX
>> > +44 1235 446326
>> >
>> >
>> >
>> ########################################################################
>> >
>> > To unsubscribe from the TB-SUPPORT list, click the following
>> link:
>> > https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=TB-SUPPORT&A=1
>> >
>> --
>> Dr Ben Waugh Tel. +44 (0)20
>> 7679 7223
>> Computing and IT Manager Internal: 37223
>> Dept of Physics and Astronomy
>> University College London
>> London WC1E 6BT
>> ########################################################################
>> To unsubscribe from the TB-SUPPORT list, click the
>> following link:
>> https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=TB-SUPPORT&A=1
>>
>>
>> ########################################################################
>>
>> To unsubscribe from the TB-SUPPORT list, click the following link:
>> https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=TB-SUPPORT&A=1
>
--
Respect is a rational process. \\//
For Ur-Fascism, disagreement is treason. (U. Eco)
########################################################################
To unsubscribe from the TB-SUPPORT list, click the following link:
https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=TB-SUPPORT&A=1
|