sylabs / singularity-admindocs Goto Github PK
View Code? Open in Web Editor NEWAdmin documentation for SingularityCE
Home Page: https://sylabs.io/docs/
License: BSD 3-Clause "New" or "Revised" License
Admin documentation for SingularityCE
Home Page: https://sylabs.io/docs/
License: BSD 3-Clause "New" or "Revised" License
We should reflect sylabs/singularity#366 in the install docs here.
E.g.
Native mode uses same SIF format as Singularity 3.x
Singularity 3.x cannot run OCI-SIF produced by Singularity 4.x
docs.sylabs.io/guides/3.11/admin-guide/installation.html
An up-to-date (in service) virtual machine image with a supported OS
The virtual machine is based on the now EOL Ubuntu 18.04 Bionic
https://sylabs.io/guides/3.8/admin-guide/installation.html#installation-on-linux
BASH Snippet
export VERSION=3.8.0 && # adjust this as necessary \
wget https://github.com/sylabs/singularity/releases/download/v${VERSION}/singularity-ce-${VERSION}.tar.gz && \
tar -xzf singularity-ce-${VERSION}.tar.gz && \
cd singularity-ce-{$VERSION}
has a typo in the last line. It should be
cd singularity-ce-"${VERSION}"
To use Vagrant on Mac
https://docs.sylabs.io/guides/3.10/admin-guide/installation.html#mac
Installing SingularityCE on Macbook PRO (2017) using the command:
$ /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
$ brew install --cask virtualbox vagrant vagrant-manager
Running on MacOS Ventura, the command indicates Ruby Homebrew installer has been disabled
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
Error: The Ruby Homebrew installer is now disabled and has been rewritten in
Bash. Please migrate to the following command:
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
The updated command was successful
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)
In the security discussion, cleary document the posture of OCI mode.
As title.
Ensure it is documented under what circumstances SingularityCE will us kernel unprivileged overlay, and under what circumstances fuse-overlayfs is required.
The singularity.conf
directives are all listed as capitalized, but they are specified in lower case in the config file.
Many distributions do not provide sqfstar or tar2sqfs, required for OCI-mode. Provide instructions of how to obtain them.
Ensure the suffix is used consistently so there is clear differentiation.
As a major update, there should be a top-level section that gives a quick overview of the most important changes, from an admin perspective.
--sif-fuse
flag, and sif fuse
directive in singularity.conf
are deprecated. The flag and directive were used to enable experimental mounting of SIF/SquashFS container images with FUSE in prior versions of Singularity. From 4.1, FUSE mounts are used automatically when kernel mounts are disabled / not available.remote add --insecure may be used to configure endpoints that are only accessible via http.
Dear all,
I am not able to connect to internet from inside the container, I tried different tools and container and always same. if I "ping google.com" always is bad request which means no internet. I have tried to bind the /etc/resolv.conf but still not working.
Any help is highly appreciated!
The --apply-cgroups flag can be used to apply cgroups resource and device restrictions on a system using the v2 unified cgroups hierarchy. The resource restrictions must still be specified in the v1 / OCI format, which will be translated into v2 cgroups resource restrictions, and eBPF device restrictions.
After the main
branch has been branched to 4.0
, bump versions etc. in config.py and replacements.py
Document requirements for singularity-buildkitd Dockerfile builds.
Review the entire admin quickstart. Verify / update install instructions, update OCI compatibility notes. Verify other sections are accurate.
In the configuration files -> capabilities.json section, document that OCI mode has different default capabilities and cap addition / dropping behaviour.
Document the user namespace, uid mapping, runc/crun, and other binary requirements of OCI mode.
Note in configfiles.rst the scope of the ECL restrictions to SIF only...
The execution control list that can be used to restrict the execution
of SIF files by signing key is defined here. You can authorize the
containers by validating both the location of the SIF file in the
filesystem and by checking against a list of signing entities.
.. warning::
The ECL configuration applies to SIF container images only. To lock
down execution fully you should disable execution of other
container types (squashfs/extfs/dir) via the ``singularity.conf``
file ``allow container`` settings.
Singularity Desktop for Mac is no longer updated. Provide instructions for vagrant on Mac.
EL6 and Ubuntu 16.04 references should be removed as these are EOL, unsupported distros.
--keep-layers
flag, for the pull
and run/shell/exec/instance start
commands, allows individual layers to be preserved when an OCI-SIF image is created from an OCI source. Multi layer OCI-SIF images can be run with SingularityCE 4.1 and later.Example log-plugin rewritten as a CLI callback that can log all commands executed, instead of only container execution, and has access to command arguments.
Some functionality is limited in OCI mode, depending on the underlying distribution, version of crun / runc etc.
We should identify and document the limitations, at least across:
Verify / update full installation instructions.
We should try to provide something better for Mac, if we can. See #60
Paths for cryptsetup, go, ldconfig, mksquashfs, nvidia-container-cli, unsquashfs are now found at build time by mconfig and written into singularity.conf. The path to these executables can be overridden by changing the value in singularity.conf. If the path is not set in singularity.conf then the the executable will be found by searching $PATH.
When calling ldconfig to find GPU libraries, singularity will not fall back to /sbin/ldconfig if the ldconfig on $PATH errors. If installing in a Guix/Nix on environment on top of a standard host distribution you must set ldconfig path = /sbin/ldconfig to use the host distribution ldconfig to find GPU libraries.
The experimental --nvccli flag will use nvidia-container-cli to setup the container for Nvidia GPU operation. SingularityCE will not bind GPU libraries itself. Environment variables that are used with Nvidia's docker-nvidia runtime to configure GPU visibility / driver capabilities & requirements are parsed by the --nvccli flag from the environment of the calling user. By default, the compute and utility GPU capabilities are configured. The use nvidia-container-cli option in singularity.conf can be set to yes to always use nvidia-container-cli when supported. Note that in a setuid install, nvidia-container-cli will be run as root with required ambient capabilities. --nvccli is not currently supported in the hybrid fakeroot (setuid install + --fakeroot) workflow. Please see documentation for more details.
Document requirements and admin configuration
singularity.conf
, or cannot besingularity.conf
, or cannot beA declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.