<div dir="ltr">Hey Michael,<div><br></div><div>I obviously haven't been keeping up with any security concerns over the use of Singularity. In a 2-3 sentence nutshell, what are they? </div><div><br></div><div>I've been annoyed by NVIDIA's docker distribution for DGX-1 & friends.</div><div><br></div><div>We've been setting up an ersatz-secure SIngularity environment for use of mid-range DUA data like dbGaP.</div><div><br></div><div>Regards,</div><div>Sam</div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Sep 19, 2019 at 4:38 PM Michael Jennings <<a href="mailto:mej@lanl.gov">mej@lanl.gov</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Friday, 20 September 2019, at 00:03:28 (+0430),<br>
Mahmood Naderan wrote:<br>
<br>
> For the replies. Matlab was an example. I would also like to create<br>
> to containers for OpenFoam with different versions. Then a user can<br>
> choose what he actually wants.<br>
<br>
All modern container runtimes support the OCI standard container<br>
format originally authored by Docker, Inc. and contributed to the Open<br>
Container Initiative (OCI) as the starting point for their standard.<br>
So your best bet would be to go to Docker Hub (<a href="http://hub.docker.com" rel="noreferrer" target="_blank">hub.docker.com</a>) and<br>
search for the applications you're interested in, or (in the case of<br>
commercial software) ask your vendor if they supply containers for<br>
their packages and under what terms.<br>
<br>
If you're comfortable with building as root, you can likely build your<br>
own containers without too much trouble, but in order to build<br>
containers without privilege, you'll need very recent Podman/Buildah<br>
(or current Charliecloud plus Spokeo and umoci, if your Dockerfile is<br>
supported by ch-grow).<br>
<br>
> I would also like to know, if the technologies you mentioned can be<br>
> deployed in multinode clusters. Currently, we use Rocks 7. Should I<br>
> install singularity (or others) on all nodes or just the frontend?<br>
> And then, can users use "srun" or "salloc" for interactively login<br>
> to a node and run the container or not?<br>
<br>
Most folks invoke the container runtime using srun, either in their<br>
job script or as part of an interactive session. There are several<br>
examples in the Charliecloud docs, for example, here:<br>
<a href="https://hpc.github.io/charliecloud/tutorial.html#your-first-single-node-multi-process-jobs" rel="noreferrer" target="_blank">https://hpc.github.io/charliecloud/tutorial.html#your-first-single-node-multi-process-jobs</a><br>
<br>
But yes, you will likely need the container runtime installed on every<br>
node. Most large HPC centers use Slurm, so you should have no problem<br>
getting any or all of them to integrate well with your existing Slurm<br>
installation. :-)<br>
<br>
That said, I *do* recommend watching at least that last video before<br>
you make your final decision on runtime. With containers, as with any<br>
technology, you're far more likely to get factual information from<br>
folks who aren't trying to sell something! ;-)<br>
<br>
Having personally deployed, tested, and evaluated over a dozen<br>
different container solutions -- including every major HPC container<br>
system as well as implementing a few of my own -- I can tell you with<br>
absolute certainty that there's no single right answer to "What<br>
container system should I use?" There are several correct answers<br>
depending on your use case and security & UX requirements.<br>
<br>
Michael<br>
<br>
-- <br>
Michael E. Jennings <<a href="mailto:mej@lanl.gov" target="_blank">mej@lanl.gov</a>><br>
HPC Systems Team, Los Alamos National Laboratory<br>
Bldg. 03-2327, Rm. 2341 W: +1 (505) 606-0605<br>
<br>
</blockquote></div>