Revision as of 14:48, 13 April 2018

questions and comments should go to Zhiwen Zhao zwzhao at jlab.org

singularity

• general
  • website http://singularity.lbl.gov
  • hub https://singularity-hub.org
  • talk "Singularity: Containers for Science, Reproducibility, and HPC" https://youtu.be/DA87Ba2dpNM

• warning
  • if you are running singularity-2.4.x on a centos7.2 host, you could have kernel panic if you use ROOT TMD5 and load your host dir

• installation
  • refer to installation instruction and the latest version is recommend.
  • singularity-2.4.x can run singularity-2.3.x images and has many new features and we should use it instead of 2.3.x whenever possible
  • On redhat-kind linux, build an rpm first and install it. at least "squashfs-tools,automake,rpm-build,libtool" are needed to build it.
  • On windows and Mac, the official way just running a small linux virtual machine with virtualbox, but the virtual machine is not good for graphic application. The better alternative is to use a good but not so small linux virtual machine. If you have one already, use it. If not, see below to download an existing one.

• singularity at jlab as 2018/03/13
  • jlab farm and ifarm has singularity-2.3.1 installed as default, it's too old, don't use it.
  • other version is installed by "module", check what's available at /usr/local/singularity/ and try to use the latest one. for example, load by "module load singularity-2.4.4" to use it, or stop using it by "module rm singularity-2.4.4"
  • use ifarm1401 which auto bind "/u /w /group /work /cache /volatile /scratch" into any container by default

• test singularity
  • cd some_where_with_enough_space
  • "setenv http_proxy http://jprox.jlab.org:8082" "setenv https_proxy http://jprox.jlab.org:8082" if you are on jlab ifarm
  • setenv SINGULARITY_CACHEDIR ./ (change cache dir from default ~/.singularity, MUST do at jlab ifarm with very limited space at home)
  • singularity pull docker://godlovedc/lolcow
  • singularity run lolcow.img
  • setenv PYTHONHTTPSVERIFY 0 (sometime needed to bypass singularity hub certificate check)
  • singularity pull shub://GodloveD/lolcow
  • singularity run GodloveD-lolcow-master-latest.simg

docker

• at linux in general
  • attach your home dir to the /home dir in container with option "-v ${HOME}:/home/${USER}"
  • use graphic in container with host's Xwindows like this "sudo docker run -it -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix --ipc=host container_name"
  • use graphic in container with container's Xwindows
    • install x11docker
      • wget https://raw.githubusercontent.com/mviereck/x11docker/master/x11docker -O /tmp/x11docker
      • sudo bash /tmp/x11docker --update
      • rm /tmp/x11docker
      • install xorg-x11-server-Xephyr by yum or xserver-xephyr by apt-get
    • make sure the container image has fluxbox and xterm installled
    • x11docker --desktop --homedir ${HOME} container_name fluxbox
    • right click on the fluxbox window and open xterm
• at centos
  • install the new version 17.* from docker repo, not old 1.* from centos extras repo
  • you have to run start docker daemon first [see how to start and auto start it https://docs.docker.com/config/daemon/systemd/], then run "sudo docker run hello-world" to test
  • if your host is within jlab network but not jlab level1 or level2 linux, mostly likely you will encounter error like "x509: certificate signed by unknown authority" because jlab gateway hijack site certificate with its own. We can solve this by mimic a jlab maintained system as follows
    • do "yum install jlabca", if it fixed the problem, ignore steps below
    • copy all files under /etc/pki/ca-trust/source/anchors/ from a jlab system like ifarm to your system
    • run "update-ca-trust","service docker stop","service docker start" as root
    • refer to https://github.com/moby/moby/issues/8849 for some discussion
  • images are at /var/lib/docker/overlay2
• at windows
  • docker for windows requires latest window 10 pro 64bit and hyper-V on relative new CPU. docker will enable hyper-V which is disabled by default. Then your virtualbox and vmware (maybe) will stop working by crashing your windows, refer to https://docs.docker.com/docker-for-windows/install/#what-to-know-before-you-install
  • images as one file at "C:\Users\Public\Documents\Hyper-V\Virtual hard disks\"
• at Mac
  • need OSX Yosemite 10.10.3 or above
  • virtualbox can work on the same machine where docker is installed
• release space by https://stackoverflow.com/questions/44288901/how-to-force-docker-to-release-storage-space-after-manual-delete-of-file-in-volu

a good linux virtual machine to run singularity and docker

• a good linux virtual machine to run singularity and docker, centos7 made with virtualbox
  • download and install virtualbox https://www.virtualbox.org/wiki/Downloads
  • It's nice, but not a must, to run singularity image in shared folder because it keeps the virtual machine size small. Vmware's shared folder doesn't work for this, but virtualbox does
  • download the machine at http://webhome.phy.duke.edu/~zz81/package/CentOS7_20180303.ova (a centos7 64bit with latest update on 20180303 and singularity-2.4.2 and latest docker installed)
  • import the virtual machine into virtualbox refer to [https://askubuntu.com/questions/588426/how-to-export-and-import-virtualbox-vm-images
  • boot up the linux virtual machine and login with user name "user" without password, just you know root password is "111111"
  • use the installed singularity and docker, or update docker by yum or singularity by compile from source if you want
  • set up a shared folder with name "share" in the machine setting and put any singularity images into the shared folder on host
  • mount the shared folder "sudo mount -t vboxsf -o uid=$uid,gid=$gid share share" and use /home/user/share" as your working dir