Singularity is now available and supported on the Research cluster
Originally developed for microservices, containers have become useful for a diverse set of disciplines and HPC is no exception. In a discipline where applications need to be installed quickly to push research as well as shared for collaboration and results verification, containers have come forward to fulfill this critical role. The most well know container runtime is Docker. However, Docker has several characteristics that cause concerns for use in a multi-tenet research environment. To address these concerns, Singularity “shifts security to the left,” that is, focuses on security sooner in the development cycle, producing a more security-focused foundation. A few advantages of the Singularity are:
- Inability to escalate permissions in the Singularity container.
- Designed for multi-tenet environments.
- Singularity images are single files, opposed to multi-layered.
- Support for MPI and GPUs
- Can natively translate and run Docker containers.
Using Singularity on HPC
Singularity has been packaged as a module on HPC and can be accessed by loading the module:
module load singularity
Obtaining an Image
The next step is obtaining an image, which can be done in one of two ways: pulling an existing image or building a new image. Images can be pulled from various sources, but the two primary container repositories are Docker Hub and the Singularity Library.
Pulling an Image from Docker Hub (https://hub.docker.com/)
To pull from the Docker Hub, issue the following command while on the interactive node:
singularity pull lolcow.sif docker://godlovedc/lolcow
Doing so will generate a Singularity image file (SIF) in the current directory.
Pulling an Image from the Singularity Library (https://cloud.sylabs.io/library)
To pull from the Singularity Library, issue the following command from the interactive node:
singularity pull library://sylabsed/examples/lolcow:1.0
Building an Image
Due to the requirement for escalated permissions, Singularity images cannot be built in the HPC environment. Instead, images must be built on a Linux machine to which escalated access is available or on Sylab’s Remote Builder (https://cloud.sylabs.io/builder).
For more information on creating and building Singularity images, please consult the following resources:
Running a Singularity Image
singularity run <SIF file>
Executes the SIF and runs the contents of .singularity.d/runscript in the container.
singularity exec <SIF file> [arguments]
Executes the program installed in the container and passes the args.
singularity shell <SIF file>
Opens a shell prompt into the container. (Note: Never use singularity shell in a compute job.)
Sample Compute Job
STEP 1: Create a Directory to Hold Singularity Images
STEP 2: Pull the lolcow Image from Docker Hub
$ cd ~/singularity-containers $ singularity pull lolcow.sif docker://godlovedc/lolcow
STEP 3: Create the Job Submission Script, submit.sh
#!/bin/bash #SBATCH --job-name=lolcow #SBATCH --partition=Orion #SBATCH --nodes=1 #SBATCH --ntasks-per-node=1 #SBATCH --time=5:00 SINGULARITY_CONTAINER_HOME=/users/$USER/singularity-containers/ module load singularity singularity run $SINGULARITY_CONTAINER_HOME/lolcow.sif
Step 4: Submit the Job
JOBID=$(sbatch --parsable submit.sh)
Step 5: Examine the Results