Singularity enables users to have full control of their environment. A non-privileged user can "swap out" the operating system on the host for one they control. So if the host system is running RHEL6 but your application runs in Ubuntu/RHEL7, you can create an Ubuntu/RHEL7 image, install your applications into that image, copy the image to another host, and run your application on that host in it’s native Ubuntu/RHEL7 environment.
Singularity also allows you to leverage the resources of whatever host you are on. This includes HPC interconnects, resource managers, file systems, GPUs and/or accelerators, etc. Singularity does this by enabling several key facets:
- Encapsulation of the environment
- Containers are image based
- No user contextual changes or root escalation allowed
- No root owned daemon processes
This documentation is for Singularity version 2.4 and newer.
Using Docker Images¶
Singularity can import, bootstrap, and even run Docker images directly from Docker Hub. You can easily run RHEL7 container like this:
hra0031@login4:~$ cat /etc/redhat-release CentOS release 6.9 (Final) hra0031@login4:~$ ml Singularity hra0031@login4:~$ singularity shell docker://centos:latest Docker image path: index.docker.io/library/centos:latest Cache folder set to /home/hra0031/.singularity/docker [1/1] |===================================| 100.0% Creating container runtime... Singularity: Invoking an interactive shell within container... Singularity centos:latest:~> cat /etc/redhat-release CentOS Linux release 7.4.1708 (Core)
In this case, image is downloaded from Docker Hub, extracted to a temporary directory and Singularity interactive shell is invoked. This procedure can take a lot of time, especially with large images.
Importing Docker Image¶
Singularity containers can be in three different formats:
- read-only squashfs (default) - best for production
- writable ext3 (--writable option)
- writable (ch)root directory (--sandbox option) - best for development
Squashfs and (ch)root directory images can be built from Docker source directly on the cluster, no root privileges are needed. It is strongly recomended to create native Singularity image to speed up the launch of the container.
hra0031@login4:~$ ml Singularity hra0031@login4:~$ singularity build ubuntu.img docker://ubuntu:latest Docker image path: index.docker.io/library/ubuntu:latest Cache folder set to /home/hra0031/.singularity/docker Importing: base Singularity environment Importing: /home/hra0031/.singularity/docker/sha256:50aff78429b146489e8a6cb9334d93a6d81d5de2edc4fbf5e2d4d9253625753e.tar.gz Importing: /home/hra0031/.singularity/docker/sha256:f6d82e297bce031a3de1fa8c1587535e34579abce09a61e37f5a225a8667422f.tar.gz Importing: /home/hra0031/.singularity/docker/sha256:275abb2c8a6f1ce8e67a388a11f3cc014e98b36ff993a6ed1cc7cd6ecb4dd61b.tar.gz Importing: /home/hra0031/.singularity/docker/sha256:9f15a39356d6fc1df0a77012bf1aa2150b683e46be39d1c51bc7a320f913e322.tar.gz Importing: /home/hra0031/.singularity/docker/sha256:fc0342a94c89e477c821328ccb542e6fb86ce4ef4ebbf1098e85669e051ef0dd.tar.gz Importing: /home/hra0031/.singularity/metadata/sha256:c6a9ef4b9995d615851d7786fbc2fe72f72321bee1a87d66919b881a0336525a.tar.gz WARNING: Building container as an unprivileged user. If you run this container as root WARNING: it may be missing some functionality. Building Singularity image... Singularity container built: ubuntu.img Cleaning up...
Launching the Container¶
The interactive shell can be invoked by the
singularity shell command. This is useful for development purposes. Use the
-w | --writable option to make changes inside the container permanent.
hra0031@login4:~$ singularity shell -w ubuntu.img Singularity: Invoking an interactive shell within container... Singularity ubuntu.img:~> cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=16.04 DISTRIB_CODENAME=xenial DISTRIB_DESCRIPTION="Ubuntu 16.04.3 LTS"
A command can be run inside the container (without interactive shell) by invoking
singularity exec command.
hra0031@login4:~$ singularity exec ubuntu.img cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=16.04 DISTRIB_CODENAME=xenial DISTRIB_DESCRIPTION="Ubuntu 16.04.3 LTS"
Singularity image can contain a runscript. This script is executed inside the container after the
singularity run command is used. The runscript is mostly used to run an application for which the container is built. In the following example it is
fortune | cowsay command.
hra0031@login4:~$ singularity run ubuntu.img ___________________ < Are you a turtle? > ------------------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || ||
Accessing /HOME and /SCRATCH Within Container¶
User home directory is mounted inside the container automatically. If you need access to /SCRATCH storage for your computation, this must be mounted by
-B | --bind option.
The mounted folder has to exist inside the container or the container image has to be writable!
hra0031@login4:~$ singularity shell -B /scratch -w ubuntu.img Singularity: Invoking an interactive shell within container... Singularity ubuntu.img:~> ls /scratch ddn sys temp work
Comprehensive documentation can be found at the Singularity website.