16 oct. 2018

[Singularity] commande run et run-help

La commande run permet de lancer le "runscript" se trouvant dans le container Singularity.
$ singularity help run
Launch a runscript within container
Usage:
  singularity run [run options...]
Description:
  This command will launch a Singularity container and execute a runscript
  if one is defined for that container. The runscript is a metadata file within
  the container that contains shell commands. If the file is present (and
  executable) then this command will execute that file within the container
  automatically. All arguments following the container name will be passed
  directly to the runscript.
  singularity run accepts the following container formats:
  *.sif               Singularity Image Format (SIF). Native to Singularity 3.0+

  *.sqsh              SquashFS format.  Native to Singularity 2.4+
  *.img               ext3 format. Native to Singularity versions < 2.4.
  directory/          sandbox format. Directory containing a valid root file
                      system and optionally Singularity meta-data.
  instance://*        A local running instance of a container. (See the instance
                      command group.)
  library://*         A container hosted on a Library (default
                      https://cloud.sylabs.io/library)
  docker://*          A container hosted on Docker Hub
  shub://*            A container hosted on Singularity Hub
Options:
      --add-caps string        a comma separated capability list to add
      --allow-setuid           allow setuid binaries in container (root only)
      --app string             set an application to run inside a container
      --apply-cgroups string   apply cgroups from file for container
                               processes (requires root privileges)
  -B, --bind strings           a user-bind path specification.  spec has
                               the format src[:dest[:opts]], where src and
                               dest are outside and inside paths.  If dest
                               is not given, it is set equal to src.
                               Mount options ('opts') may be specified as
                               'ro' (read-only) or 'rw' (read/write, which
                               is the default). Multiple bind paths can be
                               given by a comma separated list.
  -e, --cleanenv               clean environment before running container
  -c, --contain                use minimal /dev and empty other
                               directories (e.g. /tmp and $HOME) instead
                               of sharing filesystems from your host
  -C, --containall             contain not only file systems, but also
                               PID, IPC, and environment
      --dns string             list of DNS server separated by commas to
                               add in resolv.conf
      --drop-caps string       a comma separated capability list to drop
  -h, --help                   help for run
  -H, --home string            a home directory specification.  spec can
                               either be a src path or src:dest pair.  src
                               is the source path of the home directory
                               outside the container and dest overrides
                               the home directory within the container.
                               (default "/home/omicuser")
      --hostname string        set container hostname
  -i, --ipc                    run container in a new IPC namespace
      --keep-privs             let root user keep privileges in container
  -n, --net                    run container in a new network namespace
                               (sets up a bridge network interface by default)
      --network string         specify desired network type separated by
                               commas, each network will bring up a
                               dedicated interface inside container
                               (default "bridge")
      --network-args strings   specify network arguments to pass to CNI plugins
      --no-home                do NOT mount users home directory if home
                               is not the current working directory
      --no-init                do NOT start shim process with --pid
      --no-privs               drop all privileges from root user in container
      --nv                     enable experimental Nvidia support
  -o, --overlay strings        use an overlayFS image for persistent data
                               storage or as read-only layer of container
  -p, --pid                    run container in a new PID namespace
      --pwd string             initial working directory for payload
                               process inside the container
  -S, --scratch strings        include a scratch directory within the
                               container that is linked to a temporary dir
                               (use -W to force location)
      --security strings       enable security features (SELinux,
                               Apparmor, Seccomp)
  -u, --userns                 run container in a new user namespace,
                               allowing Singularity to run completely
                               unprivileged on recent kernels. This may
                               not support every feature of Singularity.
      --uts                    run container in a new UTS namespace
  -W, --workdir string         working directory to be used for /tmp,
                               /var/tmp and $HOME (if -c/--contain was
                               also used)
  -w, --writable               by default all Singularity containers are
                               available as read only. This option makes
                               the file system accessible as read/write.
      --writable-tmpfs         makes the file system accessible as
                               read-write with non persistent data (with
                               overlay support only)

Examples:
  # Here we see that the runscript prints "Hello world: "
  $ singularity exec /tmp/debian.sif cat /singularity
  #!/bin/sh
  echo "Hello world: "
  # It runs with our inputs when we run the image
  $ singularity run /tmp/debian.sif one two three
  Hello world: one two three
  # Note that this does the same thing
  $ ./tmp/debian.sif one two three
Il existe aussi la command run-help qui permet d'afficher l'aide interne au container (si le mainteneur du container l'a mise) :
$ singularity help run-help
Display help for container if available
Usage:
  singularity run-help
Description:
  The 'run-help' command will display a help text file for a container if
  available.
Options:
  -h, --help   help for run-help

Examples:
  $ cat my_container.def
  Bootstrap: docker
  From: busybox
  %help
      Some help for this container
  $ sudo singularity build my_container.sif my_container.def
  Using container recipe deffile: my_container.def
  [...snip...]
  Cleaning up...
  $ singularity run-help my_container.sif
    Some help for this container
Nous pouvons tester dans notre cas, suite à la récupération du container singularity-rstudio_latest.sif récupérer préalablement (voir article sur la commande pull : https://astunix.blogspot.com/2018/10/singularity-commande-pull.html):
$ singularity run-help singularity-rstudio_latest.sif

  This will run RStudio Server
Lançons le runscript du container RStudio server :
$ singularity -v run singularity-rstudio_latest.sif
VERBOSE: Set messagelevel to: 4
VERBOSE: Container runtime
VERBOSE: Check if we are running as setuid
VERBOSE: Spawn scontainer stage 1
VERBOSE: Get root privileges
VERBOSE: Execute scontainer stage 1
VERBOSE: Get root privileges
VERBOSE: Create mount namespace
VERBOSE: Spawn smaster process
VERBOSE: Spawn scontainer stage 2
VERBOSE: Create mount namespace
VERBOSE: Spawn RPC server
VERBOSE: Execute smaster process
VERBOSE: Found 'bind path' = /etc/localtime, /etc/localtime
VERBOSE: Found 'bind path' = /etc/hosts, /etc/hosts
VERBOSE: Serve RPC requests
VERBOSE: Checking for template passwd file: /usr/local/var/singularity/mnt/session/rootfs/etc/passwd
VERBOSE: Creating passwd content
VERBOSE: Creating template passwd file and appending user data: /usr/local/var/singularity/mnt/session/rootfs/etc/passwd
VERBOSE: Checking for template group file: /usr/local/var/singularity/mnt/session/rootfs/etc/group
VERBOSE: Creating group content
VERBOSE: Execute scontainer stage 2

D'autres applications existent pour cette commande run, nous y reviendrons plus tard.

Aucun commentaire:

Enregistrer un commentaire

Différences majeures entre Red Hat 6, 7, 8 et 9

Quelles sont les différences majeures entre RHEL 6, 7, 8 et 9 ? Système de fichiers RHEL 6: Par défaut : ext4. Autres : ext2, ext3 supportés...