Manjaro Linux安裝singularity-container

本文关键详细介绍Singularity器皿在Manjaro服务平台的安裝,及其一些普遍的应用情景:获取沙盒制做器皿镜像系统、远程控制制做器皿镜像系统及其改动器皿镜像系统的方式。总而言之Singularity是一个对非root客户十分友善的器皿解决方法,在速率上沒有具体检测过,仅仅在一些情景下能够见到比Docker特性好些一些。并且这一器皿还适用非root的安裝及其非root的操作方法,自然在根据RH的系统软件下有一些默认设置的配备项或是必须用root管理权限去改动后,才可以用非root的帐户应用Singularity器皿,最典型性的就例如要将`/proc/sys/user/max_user_namespaces`这里边的相匹配参数配置为非零,不然应用会出错。

技术性情况

容器化技术性在各种各样生产制造行业早已获得了普遍的运用,这归功于器皿的轻量(对比于vm虚拟机来讲),安全系数(防护弱于vm虚拟机,可是权限管理恰当的状况下还可以觉得是安全性防护的)及其系统软件级虚拟化技术产生的可扩展性(根据NameSpace和cgroup)。尽管如今各网络平台的兼容模式有趋同化的趋势,例如Windows发布了WSL分系统,促使客户在Windows设备上还可以很轻轻松松的构建Linux自然环境。可是器皿仍然维持着它的关注度,这表明它的易用性并并不是一个系统软件部件就可以取代的。前边2~3篇文章内容中大家详细介绍过Docker器皿和Singularity器皿的使用方法,这儿大家再讲下Singularity器皿的非源代码安装方法(Manjaro Linux平台),及其改动静态数据器皿系统镜像的方式。

非源代码安裝Singularity

Arch Linux平台一直能有一些较为迅速的升级,当今CentOS和Manjaro都早已适用了Singularity器皿的立即安裝,而Ubuntu现阶段是还不兼容这类方法的,只有采用源代码安裝。这儿详细介绍Manjaro Linux平台下的安裝计划方案,只必须一行指令:

[dechin-root sgcontainer]# pacman -S singularity-container
已经分析相互依赖...
已经搜索程序包矛盾...

程序包 (1) singularity-container-3.7.2-2

免费下载尺寸:   16.85 MiB
所有安裝尺寸:  107.35 MiB

:: 开展安裝吗? [Y/n] Y
:: 正在获取程序包......
 singularity-cont...    16.8 MiB  6.61 MiB/s 00:03 [##################] 100%
(1/1) 已经查验密匙环里的密匙                       [##################] 100%
(1/1) 已经查验程序包一致性                         [##################] 100%
(1/1) 正在加载程序包文档                           [##################] 100%
(1/1) 已经查验文档矛盾                             [##################] 100%
(1/1) 已经查验可以用储存空间                         [##################] 100%
:: 已经解决程序包的转变...
(1/1) 正在安装 singularity-container               [##################] 100%
:: 已经运作事务管理后钩子函数...
(1/1) Arming ConditionNeedsUpdate...

安裝进行后,能够认证一下Singularity的版本号:

[dechin-root sgcontainer]# singularity --version
singularity version 3.7.2

这儿的3.7.2早已是较为初期的版本号了,如今都早已发布了3.8的版本号。现阶段Singularity基本上维持大半个月一个版本号的升级速率,许多CVE基本上能够迅速的处理,这一点十分关键。有关Singularity的整体使用方法能够参照这一官方网的协助指南

[dechin@dechin-manjaro sgcontainer]$ singularity --help

Linux container platfORM optimized for High Performance Computing (HPC) and
Enterprise Performance Computing (EPC)

Usage:
  singularity [global options...]

Description:
  Singularity containers provide an application virtualization layer enabling
  mobility of compute via both application and environment portability. With
  Singularity one is capable of building a root File System that runs on any 
  other Linux system where Singularity is installed.

Options:
  -c, --config string   specify a configuration file (for root or
                        unprivileged installation only) (default
                        "/etc/singularity/singularity.conf")
  -d, --deBUG           print debugging information (highest verbosity)
  -h, --help            help for singularity
      --nocolor         print without color output (default False)
  -q, --quiet           suppress normal output
  -s, --silent          only print errors
  -v, --verbose         print additional information
      --version         version for singularity

Available Commands:
  build       Build a Singularity image
  cache       Manage the local cache
  capability  Manage Linux capabilities for users and groups
  config      Manage various singularity configuration (root user only)
  delete      Deletes requested image from the library
  exec        Run a command within a container
  help        Help about any command
  inspect     Show Metadata for an image
  instance    Manage containers running as services
  key         Manage OpenPGP keys
  oci         Manage OCI containers
  plugin      Manage Singularity plugins
  pull        Pull an image from a URI
  push        Upload image to the provided URI
  Remote      Manage singularity remote endpoints, keyservers and OCI/Docker registry credentials
  run         Run the user-defined default command within a container
  run-help    Show the user-defined help for an image
  search      Search a Container Library for images
  shell       Run a shell within a container
  sif         siftool is a program for Singularity Image Format (SIF) file manipulation
  sign        Attach diGital signature(s) to an image
  test        Run the user-defined tests within a container
  verify      Verify cryptoGraphic signatures attached to an image
  version     Show the version for Singularity

Examples:
  $ singularity help <command> [<subcommand>]
  $ singularity help build
  $ singularity help instance start


For additional help or support, please visit https://www.sylabs.io/docs/

默认设置的安装路径会在/etc/singularity下转化成一系列的环境变量,如果是手动式编译程序安裝,选用unpriv方式安裝得话能够配备别的的途径(这一点很重要,在沒有root管理权限的账户下安裝和应用器皿的状况下毫无疑问用获得)。

[dechin-manjaro sgcontainer]# ll /etc/singularity/
总使用量 40
-rw-r--r-- 1 root root     0  3月 11 13:45 capability.json
drwxr-xr-x 2 root root  4096  4月  4 21:48 cgroups
-rw-r--r-- 1 root root  1095  3月 11 13:45 ecl.toml
-rw-r--r-- 1 root root     0  3月 11 13:45 global-pgp-public
drwxr-xr-x 2 root root  4096  4月  4 21:48 NETwork
-rw-r--r-- 1 root root  1344  3月 11 13:45 nvliblist.conf
-rw-r--r-- 1 root root   107  3月 11 13:45 remote.yaml
-rw-r--r-- 1 root root   927  3月 11 13:45 rocmliblist.conf
drwxr-xr-x 2 root root  4096  4月  4 21:48 seccomp-profiles
-rw-r--r-- 1 root root 10642  3月 11 13:45 singularity.conf

从dockerhub获取ubuntu镜像系统

最先我们可以在获取的途径前再加上docker的标志符,促使我们可以从dockerhub上边免费下载有关的镜像系统,对与docker镜像系统的适用,也是Singularity器皿的一大优点:

[dechin@dechin-manjaro singularity]$ singularity build --sandbox ubuntu docker://ubuntu
WARNING: 'Nodev' mount option set on /tmp, it could be a source of failure during build process
INFO:    Starting build...
Getting image source signatures
Copying blob a70d879fa598 done  
Copying blob c4394a92d1f8 done  
Copying blob 10e6159c56c0 done  
Copying config 10bdc2317d done  
Writing manifest to image destination
Storing signatures
2021/04/19 16:30:28  info unpack layer: sha256:a70d879fa5984474288d52009479054b8bb2993de2a1859f43b5480600cecb24
2021/04/19 16:30:29  info unpack layer: sha256:c4394a92d1f8760cf7d17fee0bcee732c94c5b858dd8d19c7ff06beecf3b4e83
2021/04/19 16:30:29  info unpack layer: sha256:10e6159c56c084c858f5de2416454ac0a49ddda47b764e4379c5d5a147c9bf5f
INFO:    Creating sandbox directory...
INFO:    Build complete: ubuntu

如果是应用build方式,会在当今途径下转化成一个刚刚取名好的文件夹名称,这一文件夹名称中包括全部系统软件虚拟化技术所必须的文档:

[dechin@dechin-manjaro singularity]$ ll
总使用量 4
drwxr-xr-x 18 dechin dechin 4096  4月 19 16:30 ubuntu

我们可以立即在这个途径往下拉起刚刚转化成的文件目录,将其做为一个系统镜像来应用:

[dechin@dechin-manjaro singularity]$ singularity shell -w ubuntu
WARNING: Skipping mount /etc/localtime [binds]: /etc/localtime doesn't exist in container
Singularity> cp -a /etc/apt/sources.list /etc/apt/sources.list.bak
Singularity> sed -i "s@http://.*arcHive.ubuntu.com@http://repo.HUAWEIcloud.com@g" /etc/apt/sources.list
Singularity> sed -i "s@http://.*Security.ubuntu.com@http://repo.huaweicloud.com@g" /etc/apt/sources.list
Singularity> apt-get update
Get:1 http://repo.huaweicloud.com/ubuntu Focal InRelease [265 kB]
Get:2 http://repo.huaweicloud.com/ubuntu focal-updates InRelease [114 kB]
Get:3 http://repo.huaweicloud.com/ubuntu focal-backports InRelease [101 kB]
Get:4 http://repo.huaweicloud.com/ubuntu focal-security InRelease [109 kB]
Get:5 http://repo.huaweicloud.com/ubuntu focal/restricted amd64 Packages [33.4 kB]
Get:6 http://repo.huaweicloud.com/ubuntu focal/universe amd64 Packages [11.3 MB]
Get:7 http://repo.huaweicloud.com/ubuntu focal/multiverse amd64 Packages [177 kB]
Get:8 http://repo.huaweicloud.com/ubuntu focal/main amd64 Packages [1275 kB]
Get:9 http://repo.huaweicloud.com/ubuntu focal-updates/restricted amd64 Packages [271 kB]
Get:10 http://repo.huaweicloud.com/ubuntu focal-updates/multiverse amd64 Packages [29.6 kB]
Get:11 http://repo.huaweicloud.com/ubuntu focal-updates/universe amd64 Packages [950 kB]
Get:11 http://repo.huaweicloud.com/ubuntu focal-updates/universe amd64 Packages [950 kB]
Get:13 http://repo.huaweicloud.com/ubuntu focal-backports/universe amd64 Packages [4305 B]
Get:14 http://repo.huaweicloud.com/ubuntu focal-security/main amd64 Packages [773 kB]
Get:15 http://repo.huaweicloud.com/ubuntu focal-security/universe amd64 Packages [683 kB]
Get:16 http://repo.huaweicloud.com/ubuntu focal-security/restricted amd64 Packages [239 kB]
Get:17 http://repo.huaweicloud.com/ubuntu focal-security/multiverse amd64 Packages [21.6 kB]
Fetched 3260 kB in 2s (1626 kB/s)    
Reading package lists... Done

这儿再加上-w的目地是为了更好地在这种文档沙盒中维持改动的配备和內容,由于较为靠谱的操作方法是将这一文档沙盒制做成一个sif的系统镜像之后应用,因此这一步等同于或是在为制做当地订制化的镜像系统做准备。这时大家进到器皿的shell以后,能够查询当今的系统版本:

Singularity> cat /etc/issue
Ubuntu 20.04.2 LTS \n \l

大家发觉获取器皿时默认设置从库上获取了全新的Ubuntu 20.04的版本号。

从dockerhub获取centos镜像系统

相近的方式,我们可以从dockerhub上获取一个centos的镜像系统:

[dechin@dechin-manjaro singularity]$ singularity build --sandbox centos76 docker://centos:7.6.1810
WARNING: 'nodev' mount option set on /tmp, it could be a source of failure during build process
INFO:    Starting build...
Getting image source signatures
Copying blob ac9208207ada done  
Copying config 5f85193732 done  
Writing manifest to image destination
Storing signatures
2021/04/19 17:24:49  info unpack layer: sha256:ac9208207adaac3a48e54a4dc6b49c69e78c3072d6b3add7efdabf814db2133b
2021/04/19 17:24:50  warn rootless{usr/bin/ping} ignoring (usually) harmless EPERM on setxattr "security.capability"
2021/04/19 17:24:51  warn rootless{usr/sbin/arping} ignoring (usually) harmless EPERM on setxattr "security.capability"
2021/04/19 17:24:51  warn rootless{usr/sbin/clockdiff} ignoring (usually) harmless EPERM on setxattr "security.capability"
WARNING: Permission handling has changed in Singularity 3.5 for improved OCI compatibility
WARNING: The sandbox will contain files/dirs that cannot be removed until permissions Are modified
WARNING: Use 'chmod -R u rwX' to set permissions that allow removal
WARNING: Use the '--fix-perms' option to 'singularity build' to modify permissions at build time
WARNING: You can provide feedback about tHIS change at https://GitHub.com/sylabs/singularity/issues/4671
INFO:    Creating sandbox directory...
INFO:    Build complete: centos76

一样的也会在当今途径下转化成一个系统软件文件夹名称:

[dechin@dechin-manjaro singularity]$ ll
总使用量 8
drwxr-xr-x 17 dechin dechin 4096  4月 19 17:24 centos76
drwxr-xr-x 18 dechin dechin 4096  4月 19 16:30 ubuntu

大家还可以进到到沙盒中查询系统软件的版本号:

[dechin@dechin-manjaro singularity]$ singularity shell -w centos76  
Singularity> cat /etc/redhat-release 
CentOS Linux release 7.6.1810 (Core) 

装包系统镜像

这儿大家以ubuntu镜像系统为例子,在获取了ubuntu的镜像系统做为沙盒,而且改动完相对应的配备以后,能够运作以下命令来装包系统镜像:

$ sudo singularity build ubuntu.sif ubuntu/
[sudo] dechin 的登陆密码: 
INFO:    Starting build...
INFO:    Creating SIF file...
INFO:    Build complete: ubuntu.sif

装包进行后,拉起器皿的方法就不会再是根据文件夹名称的名称来拉上,只是根据镜像系统名来拉上:

$ singularity shell ubuntu.sif 
Singularity> cat /etc/issue
Ubuntu 20.04.2 LTS \n \l

Singularity> exit
exit

那样,大家就可以很便捷的制做了一个可移动的Ubuntu系统软件。

获得MindSpore的Docker镜像系统

文章开头讲到Singularity是兼容Docker器皿的镜像系统的,恰好近期在检测华为公司MindSpore架构的GPU版本号,而我们在DockerHub上又发觉了MindSpore的官方网镜像系统的全新1.2.0版本号,那麼大家就可以根据singularity pull的命令立即从远程控制库房建立一个当地的sif系统镜像(这类方式跟上边的沙盒制做镜像系统的方式有所区别,步骤更简易可是改动就较为不便):

[dechin@dechin-manjaro ~]$ singularity pull docker://mindspore/mindspore-gpu:1.2.0
INFO:    Converting OCI blobs to SIF format
WARNING: 'nodev' mount option set on /tmp, it could be a source of failure during build process
INFO:    Starting build...
Getting image source signatures
Copying blob 48c41c211021 done  
Copying config c3868774fb done  
Writing manifest to image destination
Storing signatures
2021/05/29 10:20:52  info unpack layer: sha256:5353957e2ca61685e6024b440372c34e3b9e1d27ab564a9c8330e9ab8350894a
2021/05/29 10:21:33  warn xattr{/tmp/build-temp-665547475/rootfs/etc/gshadow} destination filesystem does not support xattrs, further warnings will be suppressed
2021/05/29 10:21:42  info unpack layer: sha256:bc3e02707e81c51c3b7cede72d41fdaaa153bc3bf4cb7c2ef053376d47f473aa
INFO:    Creating SIF file...

等候一段时间后,运作进行,能够在当今途径下查询到一个sif文档:

[dechin@dechin-manjaro ~]$ ll | grep mindspore
-rwxr-xr-x  1 dechin dechin 2382344192  5月 29 10:23 mindspore-gpu_1.2.0.sif

改动sif系统镜像

倘若我们都是一个非root的真实身份,而且沒有sudo管理权限,那麼大家只有根据--writable-tmpfs这类方式来改动sif系统镜像的內容,例如这儿大家试着在sif文档中安裝一个numbaPython库:

dechin@ubuntu2004:~/projects/numba-gpu$ singularity shell --nv --writable-tmpfs /home/dechin/tools/singularity/mindspore-gpu_1.2.0.sif 
Singularity> python -m pip show numba
Singularity>

上边的命令中有一个附加的--nv的字段名,这一字段名是用以开启CUDA的适用的,在GPU情景下能应用到。而我们在pip show中现在是沒有见到numba这一库的,大家立即在器皿的shell中运作安裝命令(必须再加上--user选择项,不然无法安装取得成功):

Singularity> python -m pip install numba --user
Collecting numba
Requirement already satisfied: setuptools in /usr/local/python-3.7.5/lib/python3.7/site-packages (from numba) (41.2.0)
Collecting llvmlite<0.37,>=0.36.0rc1 (from numba)
  Using cached https://files.pythonhosted.org/packages/54/25/6b4015e6b0c3be2efa6870cf2cf2bd969dd0e5f937476fc13c102209df32/llvmlite-0.36.0-cp37-cp34m-manylinux2010_x86_64.whl
Requirement already satisfied: NumPy>=1.15 in /usr/local/python-3.7.5/lib/python3.7/site-packages (from numba) (1.20.2)
Installing collected packages: llvmlite, numba
Successfully installed llvmlite-0.36.0 numba-0.53.1

到这儿大家还没有撤出当今shell,那麼numba是早已安裝成功了,可以用一个numba的GPU实例测试一下:

# test-numba-gpu.py

from numba Import cuda
def CPU_print(N):
    for i in range(0, N):
        print(i)
@cuda.JIT
def gpu_print(N):
    idx = cuda.threadIdx.x   cuda.blockIdx.x * cuda.blockDim.x 
    if (idx < N):
        print(idx)
def main():
    print("gpu print:")
    gpu_print[2,4](8)
    cuda.synchronize()
    print("cpu print:")
    cpu_print(8)
if __name__ == "__main__":
    main()

运作結果以下所显示:

Singularity> python test-numba-gpu.py 
gpu print:
0
1
2
3
4
5
6
7
cpu print:
0
1
2
3
4
5
6
7
Singularity> exit 
exit

那麼大家如今撤出这一sif的shell,再再次拉起(此次沒有加上可改动字段名):

dechin@ubuntu2004:~/projects/numba-gpu$ singularity shell --nv /home/dechin/tools/singularity/mindspore-gpu_1.2.0.sif 
Singularity> python -m pip show numba
Name: numba
Version: 0.53.1
Summary: compiling Python code using LLVM
Home-page: https://numba.pydata.org
Author: Anaconda, Inc.
Author-email: numba-users@continuum.io
License: BSD
Location: /home/dechin/.local/lib/python3.7/site-packages
Requires: llvmlite, setuptools, numpy
Required-by: 
Singularity> exit  
exit

而大家现在在sif系统镜像中是能够见到刚刚新安裝的numba库的,表明刚刚的改动被储存了出来。

汇总概述

本文关键详细介绍Singularity器皿在Manjaro服务平台的安裝,及其一些普遍的应用情景:获取沙盒制做器皿镜像系统、远程控制制做器皿镜像系统及其改动器皿镜像系统的方式。总而言之Singularity是一个对非root客户十分友善的器皿解决方法,在速率上沒有具体检测过,仅仅在一些情景下能够见到比Docker特性好些一些。并且这一器皿还适用非root的安裝及其非root的操作方法,自然在根据RH的系统软件下有一些默认设置的配备项或是必须用root管理权限去改动后,才可以用非root的帐户应用Singularity器皿,最典型性的就例如要将/proc/sys/user/max_user_namespaces这里边的相匹配参数配置为非零,不然使用会出错。

版权声明

文中先发连接为:https://www.cnblogs.com/dechinphy/p/sg.html

创作者ID:DechinPhy

大量原著小说文章内容请参照:https://www.cnblogs.com/dechinphy/

打赏主播专用型连接:https://www.cnblogs.com/dechinphy/gallery/image/379634.html

腾讯云服务栏目同歩:https://cloud.tencent.com/Developer/column/91958

评论(0条)

刀客源码 匿名评论