Skip to content

Singularity Container

Singularity enables users to have full control of their environment. A non-privileged user can "swap out" the operating system on the host for one they control. So if the host system is running RHEL6 but your application runs in Ubuntu/RHEL7, you can create an Ubuntu/RHEL7 image, install your applications into that image, copy the image to another host, and run your application on that host in it’s native Ubuntu/RHEL7 environment.

Singularity also allows you to leverage the resources of whatever host you are on. This includes HPC interconnects, resource managers, file systems, GPUs and/or accelerators, etc. Singularity does this by enabling several key facets:

  • Encapsulation of the environment
  • Containers are image based
  • No user contextual changes or root escalation allowed
  • No root owned daemon processes

This documentation is for Singularity version 2.4 and newer.

Using Docker Images

Singularity can import, bootstrap, and even run Docker images directly from Docker Hub. You can easily run RHEL7 container like this:

hra0031@login4:~$ cat /etc/redhat-release
CentOS release 6.9 (Final)
hra0031@login4:~$ ml Singularity
hra0031@login4:~$ singularity shell docker://centos:latest
Docker image path: index.docker.io/library/centos:latest
Cache folder set to /home/hra0031/.singularity/docker
[1/1] |===================================| 100.0%
Creating container runtime...
Singularity: Invoking an interactive shell within container...

Singularity centos:latest:~> cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)

In this case, image is downloaded from Docker Hub, extracted to a temporary directory and Singularity interactive shell is invoked. This procedure can take a lot of time, especially with large images.

Importing Docker Image

Singularity containers can be in three different formats:

  • read-only squashfs (default) - best for production
  • writable ext3 (--writable option)
  • writable (ch)root directory (--sandbox option) - best for development

Squashfs and (ch)root directory images can be built from Docker source directly on the cluster, no root privileges are needed. It is strongly recomended to create native Singularity image to speed up the launch of the container.

hra0031@login4:~$ ml Singularity
hra0031@login4:~$ singularity build ubuntu.img docker://ubuntu:latest
Docker image path: index.docker.io/library/ubuntu:latest
Cache folder set to /home/hra0031/.singularity/docker
Importing: base Singularity environment
Importing: /home/hra0031/.singularity/docker/sha256:50aff78429b146489e8a6cb9334d93a6d81d5de2edc4fbf5e2d4d9253625753e.tar.gz
Importing: /home/hra0031/.singularity/docker/sha256:f6d82e297bce031a3de1fa8c1587535e34579abce09a61e37f5a225a8667422f.tar.gz
Importing: /home/hra0031/.singularity/docker/sha256:275abb2c8a6f1ce8e67a388a11f3cc014e98b36ff993a6ed1cc7cd6ecb4dd61b.tar.gz
Importing: /home/hra0031/.singularity/docker/sha256:9f15a39356d6fc1df0a77012bf1aa2150b683e46be39d1c51bc7a320f913e322.tar.gz
Importing: /home/hra0031/.singularity/docker/sha256:fc0342a94c89e477c821328ccb542e6fb86ce4ef4ebbf1098e85669e051ef0dd.tar.gz
Importing: /home/hra0031/.singularity/metadata/sha256:c6a9ef4b9995d615851d7786fbc2fe72f72321bee1a87d66919b881a0336525a.tar.gz
WARNING: Building container as an unprivileged user. If you run this container as root
WARNING: it may be missing some functionality.
Building Singularity image...
Singularity container built: ubuntu.img
Cleaning up...

Launching the Container

The interactive shell can be invoked by the singularity shell command. This is useful for development purposes. Use the -w | --writable option to make changes inside the container permanent.

hra0031@login4:~$ singularity shell -w ubuntu.img
Singularity: Invoking an interactive shell within container...

Singularity ubuntu.img:~> cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.3 LTS"

A command can be run inside the container (without interactive shell) by invoking singularity exec command.

hra0031@login4:~$ singularity exec ubuntu.img cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.3 LTS"

Singularity image can contain a runscript. This script is executed inside the container after the singularity run command is used. The runscript is mostly used to run an application for which the container is built. In the following example it is fortune | cowsay command.

hra0031@login4:~$ singularity run ubuntu.img
 ___________________
< Are you a turtle? >
 -------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

Accessing /HOME and /SCRATCH Within Container

User home directory is mounted inside the container automatically. If you need access to /SCRATCH storage for your computation, this must be mounted by -B | --bind option.

Warning

The mounted folder has to exist inside the container or the container image has to be writable!

hra0031@login4:~$ singularity shell -B /scratch -w ubuntu.img
Singularity: Invoking an interactive shell within container...

Singularity ubuntu.img:~> ls /scratch
ddn  sys  temp  work

Comprehensive documentation can be found at the Singularity website.

Comments