Singularity 是一个用于HPC(高性能计算)的容器系统,以安全为主,并兼容Docker。
No Docker
Docker 不适合 HPC 环境,原因如下:
- 资源限制问题:Slurm 利用 cgroups 实现资源分配,Docker 通过
Docker Daemon
无法实现
- 权限问题:
Docker Daemon
使用 root 用户启动,HPC 场景期望使用普通用户运行容器
Singularity 的优势
相对于 Docker,Singularity 优势:
- 依赖简单:Singularity 所有依赖均在镜像中
- 和现有系统无缝整合:系统用户权限、网络等均直接继承宿主机,并且无需进入镜像执行命令,可以直接在外部调用镜像内的命令,像执行一个本地安装的指令一样
- 无 Daemon 进程:
Singularity
提供的完全是一个运行时的环境,不使用时不需要单独的进程,不占用任何资源
- 实现轻量级的容器云
Singularity 的缺点
- 缺少网络虚拟化
- 没有 Docker 受众广
- 技术文档少
安装
yum install -y singularity
$ sudo yum -y update && sudo yum install -y rpm-build wget
$ sudo yum install -y golang libseccomp-devel cryptsetup
$ wget https://github.com/hpcng/singularity/releases/download/v3.8.0/singularity-3.8.0.tar.gz
# 加压后修改 singularity.spec,在 `export GOPATH` 下添加 goproxy
$ rpmbuild -tb singularity-3.8.0.tar.gz
$ ls ~/rpmbuild/RPMS/x86_64/
singularity-3.8.0-1.el7.x86_64.rpm singularity-debuginfo-3.8.0-1.el7.x86_64.rpm
$ sudo rpm -ivh ~/rpmbuild/RPMS/x86_64/singularity-3.8.0-1.el7.x86_64.rpm
Go Module代理仓库服务
help
$ singularity
Usage:
singularity [global options...] <command>
Available Commands:
build Build a Singularity image
cache Manage the local cache
capability Manage Linux capabilities for users and groups
config Manage various singularity configuration (root user only)
delete Deletes requested image from the library
exec Run a command within a container
inspect Show metadata for an image
instance Manage containers running as services
key Manage OpenPGP keys
oci Manage OCI containers
overlay Manage an EXT3 writable overlay image
plugin Manage Singularity plugins
pull Pull an image from a URI
push Upload image to the provided URI
remote Manage singularity remote endpoints, keyservers and OCI/Docker registry credentials
run Run the user-defined default command within a container
run-help Show the user-defined help for an image
search Search a Container Library for images
shell Run a shell within a container
sif siftool is a program for Singularity Image Format (SIF) file manipulation
sign Attach digital signature(s) to an image
test Run the user-defined tests within a container
verify Verify cryptographic signatures attached to an image
version Show the version for Singularity
Run 'singularity --help' for more detailed usage information.
配置文件
- /etc/singularity/singularity.conf
image
Singularity
镜像文件(Singularity Image File, sif
)是一种内容只读的文件格式,其文件内容不能被修改。
Definition File
Singularity
文件类似与 Docker
中的 Dockerfile
,通过 镜像定义文件(Definition File)
定制镜像的内容
cat << EOF >> Singularity
Bootstrap: docker
From: ubuntu
%help
help info for Ubuntu
%post
apt-get -y update
apt-get -y install vim sudo
%environment
export AAA=aaa
%startscript
/usr/bin/abc --start
%runscript
echo "Hello World"
EOF
参数说明:
- Bootstrap:
- shub : images hosted on Singularity Hub
- docker : images hosted on Docker Hub
- localimage : images saved on your machine
- yum : yum based systems such as CentOS and Scientific Linux
- library :
- help : 帮助
- startscript : 指定容器启动时运行的命令
- runscript : 指定容器执行时运行的命令
构建镜像
sudo singularity build ubuntu-1.simg Singularity
sudo singularity run ubuntu.simg
sudo singularity instance list
下载镜像
Singularity
可以从 Singularity Hub
(以 shub://
开头)或者 Docker Hub
(以 docker://
开头)来获取镜像
# 从 Singularity Hub build 镜像
singularity -d build lolcow.simg shub://GodloveD/lolcow
# 从 Docker Hub build 镜像
singularity -d build lolcow.simg docker://godlovedc/lolcow
singularity -d build centos.simg docker://centos
singularity -d build ubuntu.simg docker://ubuntu
使用
# 搜索镜像
sudo singularity search ubuntu
# 获取预编译镜像,完成后会在本地目录生成文件 <image-name>_<tag>.sif
sudo singularity pull centos
sudo singularity pull docker://centos
# build 镜像,会在本地目录 build 出镜像
$ singularity -d build lolcow.simg shub://GodloveD/lolcow
# 以交互模式运行容器
$ singularity shell lolcow.simg
Singularity> pwd
/root
# 执行并退出
sudo singularity exec ubuntu.simg bash -c "pwd && id"
# 运行容器
sudo sudo singularity run ubuntu.simg
# 后边运行容器实例
sudo singularity instance start ubuntu.simg test1
# 查看运行的容器实例
sudo singularity instance list
# 实例内执行命令
sudo singularity exec instance://test1 pwd
# 使用 shell 命令连接容器
$ sudo singularity shell instance://test1
Singularity>
# 停止实例
sudo singularity instance stop test1
# 绑定目录 -B,类似于 docker 的 -v 参数
sudo singularity shell -B /opt:/opt ubuntu.simg
# 使用沙盒创建镜像
$ mkdir ubuntu
$ sudo singularity -d build --sandbox ubuntu/ docker://ubuntu
$ ls ubuntu
bin dev etc lib lib64 media opt root sbin srv tmp var
boot environment home lib32 libx32 mnt proc run singularity sys usr
# 运行并修改容器
$ sudo singularity run --writable ubuntu/
Singularity> apt-get update
Singularity> apt install -y vim
# 基于上述目录制作镜像
$ sudo singularity build ubuntu-2.simg ubuntu/
INFO: Starting build...
INFO: Creating SIF file...
INFO: Build complete: ubuntu-2.simg
# 测试
$ sudo singularity shell ubuntu-2.simg
Singularity> which vim
/usr/bin/vim
# 查看镜像
$ singularity inspect ./ubuntu.simg
org.label-schema.build-arch: amd64
org.label-schema.build-date: Monday_12_July_2021_4:18:21_EDT
org.label-schema.schema-version: 1.0
org.label-schema.usage.singularity.deffile.bootstrap: docker
org.label-schema.usage.singularity.deffile.from: ubuntu
org.label-schema.usage.singularity.version: 3.8.0-1.el7
# 运行图形镜像,使用 sandbox 制作 centos 图形镜像
## 步骤1
$ sudo singularity -d build --sandbox centos/ docker://centos:7 # 使用 docker 的镜像,-d 表示 debug
$ sudo singularity build --sandbox centos/ centos.simg # 使用本地的镜像
## 步骤2,交互模式运行容器,并按照图形界面
$ sudo singularity shell --writable centos/
Singularity> yum groupinstall -y "GNOME Desktop"
## 步骤3,启动容器内图形界面 gedit
sudo singularity exec centos/ gedit
与 slurm 结合
参考:Slurm 使用教程
#!/bin/bash
singularity exec ubuntu_latest.sif bash
srun -p demo01 -w node01 --pty test.sh
$ su - xiexianbin
$ singularity exec ubuntu_latest.sif bash
Singularity> whoami
xiexianbin
Singularity> cat /etc/debian_version
bullseye/sid
- Singularity 支持MPI和slurm作业提交
mpirun –np 2 singularity exec test.sif hostname
srun -N 2 -p normal --exclusive singularity exec test.sif
持久化
Singularity 容器退出时,所有修改均丢失,可以通 Overlay 实现文件持久化
Singularity 的 Overlay 其实就是一个目录或文件系统,使用 --overlay
指定,支持如下命令:
- run
- exec
- shell
- instance start
$ sudo singularity pull centos
$ sudo mkdir demo_overlay
$ sudo singularity shell --overlay demo_overlay centos_latest.sif
Singularity> yum install -y vim
Singularity> which vim
/usr/bin/vim
# 再次执行,查看 vim 存在
$ sudo singularity shell --overlay demo_overlay centos_latest.sif
Singularity> which vim
/usr/bin/vim
# 新启动该镜像容器,查看 vim 不存在
$ sudo singularity shell centos_latest.sif
说明:
- Singlarity 不能基于 Overlay 目录创建镜像
Singularity vs Docker vs OpenStack
http://geekyap.blogspot.com/2016/11/docker-vs-singularity-vs-shifter-in-hpc.html
扩展