A great question I thought worth sharing:
My PI suggested that I build my application in a Docker container. I did so successfully, and went to run it on our HPC cluster. I was told by User Support that I can’t run Docker on the cluster and must use Singularity. Is there a simple way, or at least user-level instructions, to do this in general?
You would first want to make sure that your cluster supports Singularity, meaning that it’s installed:
which singularity
should return a path. If not, you should check your cluster’s documentation to see if it might be loaded as a module. Once you have confirmed that you have it, since you’ll be pulling a container it’s important to not be on a login node. Grab a development or interactive node, either one of the following:
sdev # this works on Stanford Sherlock with SLURM
or
srun --pty bash
(And add whatever other arguments you want to srun)
Once you have a node, then Singularity provides an easy way to pull directly from Docker Hub. Do that:
$ singularity pull docker://vanessa/salad
The container is now a binary file (a squashfs read only file called a SIF) on your file system and you can run it as you please:
singularity run salad_latest.sif
./salad_latest.sif
singularity shell salad_latest.sif
singularity inspect salad_latest.sif
singularity exec salad_latest.sif echo "hello!"
There are a few important points to make. The user that you are outside the container is the same as within, so if the Docker container is built with content in root’s home (/root) or needing a root permission, you won’t be able to do this. If you find you are running into trouble, take a look at the Dockerfile and see if you can figure out why. If it comes down to permissions, you can push your own container to Docker Hub to pull as you just did above. For more details, see the sylabs docs. Happy containering!
Wanted to to add one thing to @vsoch 's excellent answer, local docker builds!
With recent singularity v3 versions you can build directly from a local docker daemon. If I had a docker container image tagged as my_container:latest on my local computer with something like:
singularity build my_container.sif docker-daemon://my_container:latest
If you happen to have a docker container build locally but don’t want to push to a registry it is a nice option. Once you build your container you can transfer the my_container.sif file to the cluster of choice.
I apologize for linking to external content - we’re evaluating how to best use Ask.CI in our documentation ecosystem - but I thought our HOWTO on using Docker/Singularity at the Ohio Supercomputer Center might be a nice supplement to @vsoch’s answer.