Last active
August 3, 2018 20:28
-
-
Save vsoch/ee7406327a5b352f42d61c3dc2e6b997 to your computer and use it in GitHub Desktop.
build a Docker container with Singularity, test what works (and does not!)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM ubuntu:16.04 | |
| # docker build -t oscar-test . | |
| RUN apt-get update && \ | |
| apt-get -y install git \ | |
| build-essential \ | |
| libtool \ | |
| squashfs-tools \ | |
| autotools-dev \ | |
| libarchive-dev \ | |
| automake \ | |
| autoconf \ | |
| debootstrap \ | |
| yum \ | |
| uuid-dev \ | |
| zypper \ | |
| libssl-dev \ | |
| python3-pip \ | |
| automake | |
| RUN git clone https://www.github.com/singularityware/singularity && \ | |
| cd singularity && \ | |
| ./autogen.sh && \ | |
| ./configure --prefix=/usr/local && \ | |
| make && \ | |
| make install | |
| CMD ['singularity'] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| ## CASE 1: Not privileged | |
| # | |
| # Which singularity are we using? | |
| $ docker run -it oscar-test bash | |
| root@f72cae7d5eb0:/# which singularity | |
| /usr/local/bin/singularity | |
| # Does pull work? | |
| root@f72cae7d5eb0:/# singularity pull shub://vsoch/hello-world | |
| Progress |===================================| 100.0% | |
| Done. Container is at: //vsoch-hello-world-master-latest.simg | |
| # What about run? | |
| root@f72cae7d5eb0:/# singularity run vsoch-hello-world-master-latest.simg | |
| Singularity: action-suid (U=0,P=29)> Could not virtualize file system namespace: Operation not permitted | |
| ERROR : Could not virtualize file system namespace: Operation not permitted | |
| Singularity: action-suid (U=0,P=29)> Retval = 255 | |
| ABORT : Retval = 255 | |
| root@f72cae7d5eb0:/# singularity inspect vsoch-hello-world-master-latest.simg | |
| Singularity: mount-suid (U=0,P=38)> Could not virtualize file system namespace: Operation not permitted | |
| ERROR : Could not virtualize file system namespace: Operation not permitted | |
| Singularity: mount-suid (U=0,P=38)> Retval = 255 | |
| ABORT : Retval = 255 | |
| root@f72cae7d5eb0:/# exit | |
| exit | |
| # | |
| ## CASE 2: Privileged | |
| # | |
| $ docker run -it --privileged oscar-test bash | |
| root@9124a76de1e4:/# singularity pull shub://vsoch/hello-world | |
| Progress |===================================| 100.0% | |
| Done. Container is at: //vsoch-hello-world-master-latest.simg | |
| root@9124a76de1e4:/# singularity run vsoch-hello-world-master-latest.simg | |
| Singularity: action-suid (U=0,P=26)> Non existent 'bind path' source: '/etc/localtime' | |
| WARNING: Non existent 'bind path' source: '/etc/localtime' | |
| Singularity: action-suid (U=0,P=26)> USER=root, IMAGE='vsoch-hello-world-master-latest.simg', COMMAND='run' | |
| RaawwWWWWWRRRR!! | |
| # singularity inspect vsoch-hello-world-master-latest.simg | |
| { | |
| "org.label-schema.usage.singularity.deffile.bootstrap": "docker", | |
| "MAINTAINER": "vanessasaur", | |
| "org.label-schema.usage.singularity.deffile": "Singularity", | |
| "org.label-schema.schema-version": "1.0", | |
| "WHATAMI": "dinosaur", | |
| "org.label-schema.usage.singularity.deffile.from": "ubuntu:14.04", | |
| "org.label-schema.build-date": "2017-10-15T12:52:56+00:00", | |
| "org.label-schema.usage.singularity.version": "2.4-feature-squashbuild-secbuild.g780c84d", | |
| "org.label-schema.build-size": "333MB" | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment