singularity support in the glidein

Question

singularity support in the glidein

Opened this issue 7 years ago · 9 comments

Singularity would allow us to convert between OS types. There are hooks in condor 8.6 to support jobs requesting singularity. Figure out how to make this work.

Answer 1 · 2017-05-03T19:54:39.000Z

This how-to provides a fairly good overview. Note that Singularity does not like the automounter, so if you eval $(/cvmfs/icecube.opensciencegrid.org/py2-v2/setup.sh) inside the container on a system that uses autofs to mount CVFMS repos, you'll get

sh: /cvmfs/icecube.opensciencegrid.org/py2-v2/setup.sh: Too many levels of symbolic links

A bad workaround is to cat the setup script on the host immediately before entering the container to force the repo to mount.

Answer 2 · 2017-05-03T20:12:14.000Z

We probably need to only enable this on appropriate kernels anyway, so I'd just not enable Singularity on systems that don't support automouting correctly (and use automounting).

Note that if it's already mounted, that should be fine. Since part of the glidein setup is to check for cvmfs, this might work fine for us.

Answer 3 · 2017-05-03T20:24:22.000Z

Does the slot have to be able to run Singularity containers as jobs, or is it enough to run the glidein inside a container to paper over a weird site OS? In the latter case, it should just be a fairly simple change to glidein_start.sh, but that would also preclude power users from running their own containers.

Answer 4 · 2017-05-03T20:55:02.000Z

We probably want both?

Running the entire glidein inside singularity allows us to get around strange issues of the local OS.

Running the individual jobs in singularity is more optimal for the user, since they can specify the OS they want at late binding.

Answer 5 · 2019-03-01T20:33:49.000Z

Another thing to add here is that we might want to add a custom classad for people to run their own containers

Answer 6 · 2019-03-01T21:25:23.000Z

Note that running singularity inside singularity doesn't work with kernels that don't support user namespaces. This is sadly most computers out there, since they've default disabled it on newer kernels because of security fears.

If we're forced to start the glidein inside a container, we might not be able to support custom user containers.

Answer 7 · 2019-03-01T21:31:31.000Z

I guess you mean OSG having singularity inside singularity?

Answer 8 · 2019-03-01T21:32:57.000Z

Or the example of Cori, or Cedar, where we need to run a centos7 singularity image just to start the glidein. Then you can't let the user job specify an additional container.

Answer 9 · 2019-06-27T18:35:24.000Z

Running the entire glidein inside singularity now works. Thanks to @jamierajewski