La commande run permet de lancer le "runscript" se trouvant dans le container Singularity.
$ singularity help runIl existe aussi la command run-help qui permet d'afficher l'aide interne au container (si le mainteneur du container l'a mise) :
Launch a runscript within container
Usage:
singularity run [run options...]
Description:
This command will launch a Singularity container and execute a runscript
if one is defined for that container. The runscript is a metadata file within
the container that contains shell commands. If the file is present (and
executable) then this command will execute that file within the container
automatically. All arguments following the container name will be passed
directly to the runscript.
singularity run accepts the following container formats:
*.sif Singularity Image Format (SIF). Native to Singularity 3.0+
*.sqsh SquashFS format. Native to Singularity 2.4+
*.img ext3 format. Native to Singularity versions < 2.4.
directory/ sandbox format. Directory containing a valid root file
system and optionally Singularity meta-data.
instance://* A local running instance of a container. (See the instance
command group.)
library://* A container hosted on a Library (default
https://cloud.sylabs.io/library)
docker://* A container hosted on Docker Hub
shub://* A container hosted on Singularity Hub
Options:
--add-caps string a comma separated capability list to add
--allow-setuid allow setuid binaries in container (root only)
--app string set an application to run inside a container
--apply-cgroups string apply cgroups from file for container
processes (requires root privileges)
-B, --bind strings a user-bind path specification. spec has
the format src[:dest[:opts]], where src and
dest are outside and inside paths. If dest
is not given, it is set equal to src.
Mount options ('opts') may be specified as
'ro' (read-only) or 'rw' (read/write, which
is the default). Multiple bind paths can be
given by a comma separated list.
-e, --cleanenv clean environment before running container
-c, --contain use minimal /dev and empty other
directories (e.g. /tmp and $HOME) instead
of sharing filesystems from your host
-C, --containall contain not only file systems, but also
PID, IPC, and environment
--dns string list of DNS server separated by commas to
add in resolv.conf
--drop-caps string a comma separated capability list to drop
-h, --help help for run
-H, --home string a home directory specification. spec can
either be a src path or src:dest pair. src
is the source path of the home directory
outside the container and dest overrides
the home directory within the container.
(default "/home/omicuser")
--hostname string set container hostname
-i, --ipc run container in a new IPC namespace
--keep-privs let root user keep privileges in container
-n, --net run container in a new network namespace
(sets up a bridge network interface by default)
--network string specify desired network type separated by
commas, each network will bring up a
dedicated interface inside container
(default "bridge")
--network-args strings specify network arguments to pass to CNI plugins
--no-home do NOT mount users home directory if home
is not the current working directory
--no-init do NOT start shim process with --pid
--no-privs drop all privileges from root user in container
--nv enable experimental Nvidia support
-o, --overlay strings use an overlayFS image for persistent data
storage or as read-only layer of container
-p, --pid run container in a new PID namespace
--pwd string initial working directory for payload
process inside the container
-S, --scratch strings include a scratch directory within the
container that is linked to a temporary dir
(use -W to force location)
--security strings enable security features (SELinux,
Apparmor, Seccomp)
-u, --userns run container in a new user namespace,
allowing Singularity to run completely
unprivileged on recent kernels. This may
not support every feature of Singularity.
--uts run container in a new UTS namespace
-W, --workdir string working directory to be used for /tmp,
/var/tmp and $HOME (if -c/--contain was
also used)
-w, --writable by default all Singularity containers are
available as read only. This option makes
the file system accessible as read/write.
--writable-tmpfs makes the file system accessible as
read-write with non persistent data (with
overlay support only)
Examples:
# Here we see that the runscript prints "Hello world: "
$ singularity exec /tmp/debian.sif cat /singularity
#!/bin/sh
echo "Hello world: "
# It runs with our inputs when we run the image
$ singularity run /tmp/debian.sif one two three
Hello world: one two three
# Note that this does the same thing
$ ./tmp/debian.sif one two three
$ singularity help run-helpNous pouvons tester dans notre cas, suite à la récupération du container singularity-rstudio_latest.sif récupérer préalablement (voir article sur la commande pull : https://astunix.blogspot.com/2018/10/singularity-commande-pull.html):
Display help for container if available
Usage:
singularity run-help
Description:
The 'run-help' command will display a help text file for a container if
available.
Options:
-h, --help help for run-help
Examples:
$ cat my_container.def
Bootstrap: docker
From: busybox
%help
Some help for this container
$ sudo singularity build my_container.sif my_container.def
Using container recipe deffile: my_container.def
[...snip...]
Cleaning up...
$ singularity run-help my_container.sif
Some help for this container
$ singularity run-help singularity-rstudio_latest.sifLançons le runscript du container RStudio server :
This will run RStudio Server
$ singularity -v run singularity-rstudio_latest.sif
VERBOSE: Set messagelevel to: 4
VERBOSE: Container runtime
VERBOSE: Check if we are running as setuid
VERBOSE: Spawn scontainer stage 1
VERBOSE: Get root privileges
VERBOSE: Execute scontainer stage 1
VERBOSE: Get root privileges
VERBOSE: Create mount namespace
VERBOSE: Spawn smaster process
VERBOSE: Spawn scontainer stage 2
VERBOSE: Create mount namespace
VERBOSE: Spawn RPC server
VERBOSE: Execute smaster process
VERBOSE: Found 'bind path' = /etc/localtime, /etc/localtime
VERBOSE: Found 'bind path' = /etc/hosts, /etc/hosts
VERBOSE: Serve RPC requests
VERBOSE: Checking for template passwd file: /usr/local/var/singularity/mnt/session/rootfs/etc/passwd
VERBOSE: Creating passwd content
VERBOSE: Creating template passwd file and appending user data: /usr/local/var/singularity/mnt/session/rootfs/etc/passwd
VERBOSE: Checking for template group file: /usr/local/var/singularity/mnt/session/rootfs/etc/group
VERBOSE: Creating group content
VERBOSE: Execute scontainer stage 2
D'autres applications existent pour cette commande run, nous y reviendrons plus tard.
Aucun commentaire:
Enregistrer un commentaire