Singularity

Singularity is now available and supported on the Research cluster

Why Singularity?

Originally developed for microservices, containers have become useful for a diverse set of disciplines and HPC is no exception. In a discipline where applications need to be installed quickly to push research as well as shared for collaboration and results verification, containers have come forward to fulfill this critical role. The most well know container runtime is Docker. However, Docker has several characteristics that cause concerns for use in a multi-tenet research environment. To address these concerns, Singularity “shifts security to the left,” that is, focuses on security sooner in the development cycle, producing a more security-focused foundation. A few advantages of the Singularity are:

  • Inability to escalate permissions in the Singularity container.
  • Designed for multi-tenet environments.
  • Singularity images are single files, opposed to multi-layered.
  • Support for MPI and GPUs
  • Can natively translate and run Docker containers.

Using Singularity on HPC

Singularity has been packaged as a module on HPC and can be accessed by loading the module:

module load singularity

Obtaining an Image

The next step is obtaining an image, which can be done in one of two ways: pulling an existing image or building a new image. Images can be pulled from various sources, but the two primary container repositories are Docker Hub and the Singularity Library.

Pulling an Image from Docker Hub (https://hub.docker.com/)

To pull from the Docker Hub, issue the following command while on the interactive node:

singularity pull lolcow.sif docker://godlovedc/lolcow

Doing so will generate a Singularity image file (SIF) in the current directory.

Pulling an Image from the Singularity Library (https://cloud.sylabs.io/library)

To pull from the Singularity Library, issue the following command from the interactive node:

singularity pull library://sylabsed/examples/lolcow:1.0

Building an Image

Due to the requirement for escalated permissions, Singularity images cannot be built in the HPC environment. Instead, images must be built on a Linux machine to which escalated access is available or on Sylab’s Remote Builder (https://cloud.sylabs.io/builder).

For more information on creating and building Singularity images, please consult the following resources:

https://sylabs.io/guides/3.8/user-guide/build_a_container.html

Running a Singularity Image

singularity run <SIF file>

Executes the SIF and runs the contents of .singularity.d/runscript in the container.

singularity exec <SIF file> [arguments]

Executes the program installed in the container and passes the args.

singularity shell <SIF file>

Opens a shell prompt into the container. (Note: Never use singularity shell in a compute job.)

Sample Compute Job

STEP 1: Create a Directory to Hold Singularity Images

mkdir ~/singularity-containers

STEP 2: Pull the lolcow Image from Docker Hub

$ cd ~/singularity-containers 
$ singularity pull lolcow.sif docker://godlovedc/lolcow

STEP 3: Create the Job Submission Script, submit.sh

#!/bin/bash

#SBATCH --job-name=lolcow
#SBATCH --partition=Orion
#SBATCH --nodes=1
#SBATCH --ntasks-per-node=1
#SBATCH --time=5:00

SINGULARITY_CONTAINER_HOME=$HOME/singularity-containers

module load singularity

singularity-run $SINGULARITY_CONTAINER_HOME/lolcow.sif

Step 4: Submit the Job

JOBID=$(sbatch --parsable submit.sh)

Step 5: Examine the Results

cat slurm-$JOBID.out

Additional Resources