What is a container
A container is a standard unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another. A container image is a lightweight, standalone, executable package of software that includes everything needed to run an application: code, runtime, system tools, system libraries and settings.
Containers package together a program and all of its dependencies, so that if you have the container you can use it on any Linux system with the container system software installed. It doesn't matter whether the system runs Ubuntu, RedHat or CentOS Linux - if the container system is available then the program runs identically on each, inside its container. This is great for distributing complex software with a lot of dependencies, and ensuring you can reproduce experiments exactly. If you still have the container you know you can reproduce your work. Also since the container runs as a process on the host machine, it can be run very easily in a SLURM job.
A short helpful video describing the benefits of containers for researchers can be viewed on the Australian Research Data Commons YouTube Channel.
Docker vs Singularity
Docker is the most popular and widely used container system in the industry. But Singularity was built keeping HPC in mind, i.e a shared environment. Singularity is designed so that you can use it within SLURM jobs and it does not violate security constraints on the cluster. Though, since Docker is very popular and a lot of people were already using the Docker for their softwares, Singularity maintained a compatibility for Docker images. We'll be seeing this compatibility later in the notebook. Both Singularity and Docker maintain a hub where you can keep your docker remotely, and pull them from anywhere. Here is a link for both the hubs:
Singularity is already available on Cheaha. To check all available version on Cheaha by running the command below:
module avail Singularity
Basic singularity command line functions
To check the basic functions or command line options provided run help on the singularity.
To check more information about a particular parameter, use help in conjunction with that parameter
singularity pull help
Download an Image
Singularity/2.6.1-GCC-5.4.0-2.26 singularity pull shub://vsoch/hello-world singularity run -B $USER_DATA $SINGULARITY_CACHEDIR/vsoch-hello-world-master-latest.simg
Note: We have defined
SINGULARITY_CACHEDIR environment variable, so the image will be download to this location:
There are few ways to run the container:
It will run the pre-defined script inside the container.
singularity run -B $USER_DATA $SINGULARITY_CACHEDIR/vsoch-hello-world-master-latest.simg
It will `exec` the command you give inside the container context.
singularity exec -B $USER_DATA $SINGULARITY_CACHEDIR/vsoch-hello-world-master-latest.simg cat /etc/os-release
It will give you a shell within container context.
singularity shell -B $USER_DATA $SINGULARITY_CACHEDIR/vsoch-hello-world-master-latest.simg
Namespace resolution within the container
Now, let's list the content of your
/data/user/$USER directory by running it from within the container. We'll use exec parameter for this.
singularity exec $SINGULARITY_CACHEDIR/vsoch-hello-world-master-latest.simg ls $USER_DATA > ls: cannot access /data/user/louistw: No such file or directory
Hmmm, an error. Remember your singularity container image doesn't know about the directories on your host machine. It by default (in most containers) binds your HOME and tmp directory.
Now, all our raw data is generally in our
/data/user/$USER locations, so we really need to access that location if our container has to be useful. Thankfully, you can explicitly tell singularity to bind a host directory to your container image. Singularity provides you with a parameter (-B) to bind path from your host machine to the container. Try the same command again, but with the bind parameter:
singularity exec -B $USER_DATA $SINGULARITY_CACHEDIR/vsoch-hello-world-master-latest.simg ls $USER_DATA
Now like mentioned earlier during the security considerations of Singularity in a HPC environment, all the sigularity runs adhere to the user level permissions, from the host system. So I would get a permission denied error if I try to list directories to which I don't have access. In this example William's directory contents.
singularity exec -B $USER_DATA $SINGULARITY_CACHEDIR/vsoch-hello-world-master-latest.simg ls /data/user/wsmonroe > ls: cannot access /data/user/wsmonroe: No such file or directory
Example Job Script with containers
Using Singularity container with SLURM job script is very easy, as the containers run as a process on the host machine, just like any other command in a batch script. You just need to load Singularity in your job script and run the command via a singularity process. Here's an example job script below:
#!/bin/bash # #SBATCH --job-name=test-singularity #SBATCH --output=res.out #SBATCH --error=res.err # # Number of tasks needed for this job. Generally, used with MPI jobs #SBATCH --ntasks=1 #SBATCH --partition=express # # Time format = HH:MM:SS, DD-HH:MM:SS #SBATCH --time=10:00 # # Number of CPUs allocated to each task. #SBATCH --cpus-per-task=1 # # Mimimum memory required per allocated CPU in MegaBytes. #SBATCH --mem-per-cpu=100 # # Send mail to the email address when the job fails #SBATCH --mail-type=FAIL #SBATCH --mail-user=$USER@uab.edu #Set your environment here module load Singularity/2.6.1-GCC-5.4.0-2.26 #Run your singularity or any other commands here singularity exec -B $USER_DATA $SINGULARITY_CACHEDIR/vsoch-hello-world-master-latest.simg cat /etc/os-release