Singularity is a container solution created by necessity for scientific and application driven workloads. The containers can be used to package entire scientific workflows, software and libraries, and even data. You have the possibility to use pre-built containers, create your own containers or even directly run Docker containers.
Using the HPC infrastructure to run singularity containers is a privilege that is currently reserved for shareholder groups. In order to get access, please send us a request for being added to the singularity user group.
You can either download pre-built containers from external sources (for instance container library or Docker hub), or build your own containers on your workstation (creation of containers requires root privileges and can therefore not be done directly on the HPC clusters).
For the development of a workflow within a container, it might be useful to run singularity in a lightweight batch interactive job:
bsub -n 1 -R singularity -R light [LSF options] -Is bash
Where [LSF options] needs to be replaced with options for requesting resources (memory, runtime etc.). Within such an interactive job, you get a shell directly on one of the compute nodes, which allows to run singularity commands interactively. Once the development of the workflow has finished, the containers can also be run in batch mode:
bsub -n 1 -R singularity -R "rusage[mem=2048]" -W 1:00 "singularity run hello-world.simg"
Singularity is using executables that have the setuid bit set, i.e., they are executed with higher privileges than processes without the setuid bit set. This has implications with regards to security. If there is a vulnerability out in the wild, that can use binaries with setuid bit set for privilege escalation, then we will immediately have to disable singularity until there is a patch that can resolve the issue.
For our high-performance clusters, we provide the infrastructure to run singularity containers. We provide help with problems regarding how to run your container on either the Euler or the Leonhard cluster, but we cannot provide support for the software installations inside a container. If you encounter a problem regarding the installation of software inside the container, then please contact the developer that created the container.
If you receive an error message, that you cannot run singularity, then please check first if you are a member of the singularity user group (ID-HPC-SINGULARITY). Please run the command
id | grep ID-HPC-SINGULARITY
on a login node. If you get an empty output
[samapps@eu-login-16-ng ~]$ id | grep ID-HPC-SINGULARITY [samapps@eu-login-16-ng ~]$
then your user account is not a member of the singularity user group. If you are member of a shareholder group and would like to use singularity, then please send us a request for being added to this group.