摘要
Manjaro Linux上安装Singularity容器,让你轻松获取沙盒制作器皿镜像系统,远程控制和修改器皿镜像系统。Singularity对非root用户友好,速度未经测试,但在某些情况下表现良好。
正文
Manjaro Linux安裝singularity-container
本文关键详细介绍Singularity器皿在Manjaro服务平台的安裝,及其一些普遍的应用情景:获取沙盒制做器皿镜像系统、远程控制制做器皿镜像系统及其改动器皿镜像系统的方式。总而言之Singularity是一个对非root客户十分友善的器皿解决方法,在速率上沒有具体检测过,仅仅在一些情景下能够见到比Docker特性好些一些。并且这一器皿还适用非root的安裝及其非root的操作方法,自然在根据RH的系统软件下有一些默认设置的配备项或是必须用root管理权限去改动后,才可以用非root的帐户应用Singularity器皿,最典型性的就例如要将`/proc/sys/user/max_user_namespaces`这里边的相匹配参数配置为非零,不然应用会出错。
技术性情况
容器化技术性在各种各样生产制造行业早已获得了普遍的运用,这归功于器皿的轻量(对比于vm虚拟机来讲),安全系数(防护弱于vm虚拟机,可是权限管理恰当的状况下还可以觉得是安全性防护的)及其系统软件级虚拟化技术产生的可扩展性(根据NameSpace和cgroup)。尽管如今各网络平台的兼容模式有趋同化的趋势,例如Windows发布了WSL分系统,促使客户在Windows设备上还可以很轻轻松松的构建Linux自然环境。可是器皿仍然维持着它的关注度,这表明它的易用性并并不是一个系统软件部件就可以取代的。前边2~3篇文章内容中大家详细介绍过Docker器皿和Singularity器皿的使用方法,这儿大家再讲下Singularity器皿的非源代码安装方法(Manjaro Linux平台),及其改动静态数据器皿系统镜像的方式。
非源代码安裝Singularity
Arch Linux平台一直能有一些较为迅速的升级,当今CentOS和Manjaro都早已适用了Singularity器皿的立即安裝,而Ubuntu现阶段是还不兼容这类方法的,只有采用源代码安裝。这儿详细介绍Manjaro Linux平台下的安裝计划方案,只必须一行指令:
[dechin-root sgcontainer]# pacman -S singularity-container
已经分析相互依赖...
已经搜索程序包矛盾...
程序包 (1) singularity-container-3.7.2-2
免费下载尺寸: 16.85 MiB
所有安裝尺寸: 107.35 MiB
:: 开展安裝吗? [Y/n] Y
:: 正在获取程序包......
singularity-cont... 16.8 MiB 6.61 MiB/s 00:03 [##################] 100%
(1/1) 已经查验密匙环里的密匙 [##################] 100%
(1/1) 已经查验程序包一致性 [##################] 100%
(1/1) 正在加载程序包文档 [##################] 100%
(1/1) 已经查验文档矛盾 [##################] 100%
(1/1) 已经查验可以用储存空间 [##################] 100%
:: 已经解决程序包的转变...
(1/1) 正在安装 singularity-container [##################] 100%
:: 已经运作事务管理后钩子函数...
(1/1) Arming ConditionNeedsUpdate...
安裝进行后,能够认证一下Singularity的版本号:
[dechin-root sgcontainer]# singularity --version
singularity version 3.7.2
这儿的3.7.2早已是较为初期的版本号了,如今都早已发布了3.8的版本号。现阶段Singularity基本上维持大半个月一个版本号的升级速率,许多CVE基本上能够迅速的处理,这一点十分关键。有关Singularity的整体使用方法能够参照这一官方网的协助指南:
[dechin@dechin-manjaro sgcontainer]$ singularity --help
Linux container platform optimized for High Performance Computing (HPC) and
Enterprise Performance Computing (EPC)
Usage:
singularity [global options...]
Description:
Singularity containers provide an application virtualization layer enabling
mobility of compute via both application and environment portability. With
Singularity one is capable of building a root file system that runs on any
other Linux system where Singularity is installed.
Options:
-c, --config string specify a configuration file (for root or
unprivileged installation only) (default
"/etc/singularity/singularity.conf")
-d, --debug print debugging information (highest verbosity)
-h, --help help for singularity
--nocolor print without color output (default False)
-q, --quiet suppress normal output
-s, --silent only print errors
-v, --verbose print additional information
--version version for singularity
Available Commands:
build Build a Singularity image
cache Manage the local cache
capability Manage Linux capabilities for users and groups
config Manage various singularity configuration (root user only)
delete Deletes requested image from the library
exec Run a command within a container
help Help about any command
inspect Show metadata for an image
instance Manage containers running as services
key Manage OpenPGP keys
oci Manage OCI containers
plugin Manage Singularity plugins
pull Pull an image from a URI
push Upload image to the provided URI
remote Manage singularity remote endpoints, keyservers and OCI/Docker registry credentials
run Run the user-defined default command within a container
run-help Show the user-defined help for an image
search Search a Container Library for images
shell Run a shell within a container
sif siFTool is a program for Singularity Image Format (SIF) file manipulation
sign Attach digital signature(s) to an image
test Run the user-defined tests within a container
verify Verify cryptographic signatures attached to an image
version Show the version for Singularity
Examples:
$ singularity help <command> [<subcommand>]
$ singularity help build
$ singularity help instance start
For additional help or support, please visit https://www.sylabs.io/docs/
默认设置的安装路径会在/etc/singularity下转化成一系列的环境变量,如果是手动式编译程序安裝,选用unpriv方式安裝得话能够配备别的的途径(这一点很重要,在沒有root管理权限的账户下安裝和应用器皿的状况下毫无疑问用获得)。
[dechin-manjaro sgcontainer]# ll /etc/singularity/
总使用量 40
-rw-r--r-- 1 root root 0 3月 11 13:45 capability.json
drwxr-xr-x 2 root root 4096 4月 4 21:48 cgroups
-rw-r--r-- 1 root root 1095 3月 11 13:45 ecl.toml
-rw-r--r-- 1 root root 0 3月 11 13:45 global-pgp-public
drwxr-xr-x 2 root root 4096 4月 4 21:48 network
-rw-r--r-- 1 root root 1344 3月 11 13:45 nvliblist.conf
-rw-r--r-- 1 root root 107 3月 11 13:45 remote.yaml
-rw-r--r-- 1 root root 927 3月 11 13:45 rocmliblist.conf
drwxr-xr-x 2 root root 4096 4月 4 21:48 seccomp-profiles
-rw-r--r-- 1 root root 10642 3月 11 13:45 singularity.conf
从dockerhub获取ubuntu镜像系统
最先我们可以在获取的途径前再加上docker的标志符,促使我们可以从dockerhub上边免费下载有关的镜像系统,对与docker镜像系统的适用,也是Singularity器皿的一大优点:
[dechin@dechin-manjaro singularity]$ singularity build --sandbox ubuntu docker://ubuntu
WARNING: 'nodev' mount option set on /tmp, it could be a source of failure during build process
INFO: Starting build...
Getting image source signatures
Copying blob a70d879fa598 done
Copying blob c4394a92d1f8 done
Copying blob 10e6159c56c0 done
Copying config 10bdc2317d done
Writing manifest to image destination
Storing signatures
2021/04/19 16:30:28 info unpack layer: sha256:a70d879fa5984474288d52009479054b8bb2993de2a1859f43b5480600cecb24
2021/04/19 16:30:29 info unpack layer: sha256:c4394a92d1f8760cf7d17fee0bcee732c94c5b858dd8d19c7ff06beecf3b4e83
2021/04/19 16:30:29 info unpack layer: sha256:10e6159c56c084c858f5de2416454ac0a49ddda47b764e4379c5d5a147c9bf5f
INFO: Creating sandbox directory...
INFO: Build complete: ubuntu
如果是应用build方式,会在当今途径下转化成一个刚刚取名好的文件夹名称,这一文件夹名称中包括全部系统软件虚拟化技术所必须的文档:
[dechin@dechin-manjaro singularity]$ ll
总使用量 4
drwxr-xr-x 18 dechin dechin 4096 4月 19 16:30 ubuntu
我们可以立即在这个途径往下拉起刚刚转化成的文件目录,将其做为一个系统镜像来应用:
[dechin@dechin-manjaro singularity]$ singularity shell -w ubuntu
WARNING: Skipping mount /etc/localtime [binds]: /etc/localtime doesn't exist in container
Singularity> cp -a /etc/apt/sources.list /etc/apt/sources.list.bak
Singularity> sed -i "s@http://.*archive.ubuntu.com@http://repo.huaweicloud.com@g" /etc/apt/sources.list
Singularity> sed -i "s@http://.*security.ubuntu.com@http://repo.huaweicloud.com@g" /etc/apt/sources.list
Singularity> apt-get update
Get:1 http://repo.huaweicloud.com/ubuntu focal InRelease [265 kB]
Get:2 http://repo.huaweicloud.com/ubuntu focal-updates InRelease [114 kB]
Get:3 http://repo.huaweicloud.com/ubuntu focal-backports InRelease [101 kB]
Get:4 http://repo.huaweicloud.com/ubuntu focal-security InRelease [109 kB]
Get:5 http://repo.huaweicloud.com/ubuntu focal/restricted amd64 Packages [33.4 kB]
Get:6 http://repo.huaweicloud.com/ubuntu focal/universe amd64 Packages [11.3 MB]
Get:7 http://repo.huaweicloud.com/ubuntu focal/multiverse amd64 Packages [177 kB]
Get:8 http://repo.huaweicloud.com/ubuntu focal/main amd64 Packages [1275 kB]
Get:9 http://repo.huaweicloud.com/ubuntu focal-updates/restricted amd64 Packages [271 kB]
Get:10 http://repo.huaweicloud.com/ubuntu focal-updates/multiverse amd64 Packages [29.6 kB]
Get:11 http://repo.huaweicloud.com/ubuntu focal-updates/universe amd64 Packages [950 kB]
Get:11 http://repo.huaweicloud.com/ubuntu focal-updates/universe amd64 Packages [950 kB]
Get:13 http://repo.huaweicloud.com/ubuntu focal-backports/universe amd64 Packages [4305 B]
Get:14 http://repo.huaweicloud.com/ubuntu focal-security/main amd64 Packages [773 kB]
Get:15 http://repo.huaweicloud.com/ubuntu focal-security/universe amd64 Packages [683 kB]
Get:16 http://repo.huaweicloud.com/ubuntu focal-security/restricted amd64 Packages [239 kB]
Get:17 http://repo.huaweicloud.com/ubuntu focal-security/multiverse amd64 Packages [21.6 kB]
Fetched 3260 kB in 2s (1626 kB/s)
Reading package lists... Done
这儿再加上-w的目地是为了更好地在这种文档沙盒中维持改动的配备和內容,由于较为靠谱的操作方法是将这一文档沙盒制做成一个sif的系统镜像之后应用,因此这一步等同于或是在为制做当地订制化的镜像系统做准备。这时大家进到器皿的shell以后,能够查询当今的系统版本:
Singularity> cat /etc/issue
Ubuntu 20.04.2 LTS \n \l
大家发觉获取器皿时默认设置从库上获取了全新的Ubuntu 20.04的版本号。
从dockerhub获取centos镜像系统
相近的方式,我们可以从dockerhub上获取一个centos的镜像系统:
[dechin@dechin-manjaro singularity]$ singularity build --sandbox centos76 docker://centos:7.6.1810
WARNING: 'nodev' mount option set on /tmp, it could be a source of failure during build process
INFO: Starting build...
Getting image source signatures
Copying blob ac9208207ada done
Copying config 5f85193732 done
Writing manifest to image destination
Storing signatures
2021/04/19 17:24:49 info unpack layer: sha256:ac9208207adaac3a48e54a4dc6b49c69e78c3072d6b3add7efdabf814db2133b
2021/04/19 17:24:50 warn rootless{usr/bin/ping} ignoring (usually) harmless EPERM on setxattr "security.capability"
2021/04/19 17:24:51 warn rootless{usr/sbin/arping} ignoring (usually) harmless EPERM on setxattr "security.capability"
2021/04/19 17:24:51 warn rootless{usr/sbin/clockdiff} ignoring (usually) harmless EPERM on setxattr "security.capability"
WARNING: Permission handling has changed in Singularity 3.5 for improved OCI compatibility
WARNING: The sandbox will contain files/dirs that cannot be removed until permissions are modified
WARNING: Use 'chmod -R u rwX' to set permissions that allow removal
WARNING: Use the '--fix-perms' option to 'singularity build' to modify permissions at build time
WARNING: You can provide feedback about this change at https://GitHub.com/sylabs/singularity/issues/4671
INFO: Creating sandbox directory...
INFO: Build complete: centos76
一样的也会在当今途径下转化成一个系统软件文件夹名称:
[dechin@dechin-manjaro singularity]$ ll
总使用量 8
drwxr-xr-x 17 dechin dechin 4096 4月 19 17:24 centos76
drwxr-xr-x 18 dechin dechin 4096 4月 19 16:30 ubuntu
大家还可以进到到沙盒中查询系统软件的版本号:
[dechin@dechin-manjaro singularity]$ singularity shell -w centos76
Singularity> cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core)
装包系统镜像
这儿大家以ubuntu镜像系统为例子,在获取了ubuntu的镜像系统做为沙盒,而且改动完相对应的配备以后,能够运作以下命令来装包系统镜像:
$ sudo singularity build ubuntu.sif ubuntu/
[sudo] dechin 的登陆密码:
INFO: Starting build...
INFO: Creating SIF file...
INFO: Build complete: ubuntu.sif
装包进行后,拉起器皿的方法就不会再是根据文件夹名称的名称来拉上,只是根据镜像系统名来拉上:
$ singularity shell ubuntu.sif
Singularity> cat /etc/issue
Ubuntu 20.04.2 LTS \n \l
Singularity> exit
exit
那样,大家就可以很便捷的制做了一个可移动的Ubuntu系统软件。
获得MindSpore的Docker镜像系统
文章开头讲到Singularity是兼容Docker器皿的镜像系统的,恰好近期在检测华为公司MindSpore架构的GPU版本号,而我们在DockerHub上又发觉了MindSpore的官方网镜像系统的全新1.2.0版本号,那麼大家就可以根据singularity pull的命令立即从远程控制库房建立一个当地的sif系统镜像(这类方式跟上边的沙盒制做镜像系统的方式有所区别,步骤更简易可是改动就较为不便):
[dechin@dechin-manjaro ~]$ singularity pull docker://mindspore/mindspore-gpu:1.2.0
INFO: Converting OCI blobs to SIF format
WARNING: 'nodev' mount option set on /tmp, it could be a source of failure during build process
INFO: Starting build...
Getting image source signatures
Copying blob 48c41c211021 done
Copying config c3868774fb done
Writing manifest to image destination
Storing signatures
2021/05/29 10:20:52 info unpack layer: sha256:5353957e2ca61685e6024b440372c34e3b9e1d27ab564a9c8330e9ab8350894a
2021/05/29 10:21:33 warn xattr{/tmp/build-temp-665547475/rootfs/etc/gshadow} destination filesystem does not support xattrs, further warnings will be suppressed
2021/05/29 10:21:42 info unpack layer: sha256:bc3e02707e81c51c3b7cede72d41fdaaa153bc3bf4cb7c2ef053376d47f473aa
INFO: Creating SIF file...
等候一段时间后,运作进行,能够在当今途径下查询到一个sif文档:
[dechin@dechin-manjaro ~]$ ll | grep mindspore
-rwxr-xr-x 1 dechin dechin 2382344192 5月 29 10:23 mindspore-gpu_1.2.0.sif
改动sif系统镜像
倘若我们都是一个非root的真实身份,而且沒有sudo管理权限,那麼大家只有根据--writable-tmpfs这类方式来改动sif系统镜像的內容,例如这儿大家试着在sif文档中安裝一个numba的python库:
dechin@ubuntu2004:~/projects/numba-gpu$ singularity shell --nv --writable-tmpfs /home/dechin/tools/singularity/mindspore-gpu_1.2.0.sif
Singularity> python -m pip show numba
Singularity>
上边的命令中有一个附加的--nv的字段名,这一字段名是用以开启CUDA的适用的,在GPU情景下能应用到。而我们在pip show中现在是沒有见到numba这一库的,大家立即在器皿的shell中运作安裝命令(必须再加上–user选择项,不然无法安装取得成功):
Singularity> python -m pip install numba --user
Collecting numba
Requirement already satisfied: setuptools in /usr/local/python-3.7.5/lib/python3.7/site-packages (from numba) (41.2.0)
Collecting llvmlite<0.37,>=0.36.0rc1 (from numba)
Using cached https://files.pythonhosted.org/packages/54/25/6b4015e6b0c3be2efa6870cf2cf2bd969dd0e5f937476fc13c102209df32/llvmlite-0.36.0-cp37-cp34m-manylinux2010_x86_64.whl
Requirement already satisfied: numpy>=1.15 in /usr/local/python-3.7.5/lib/python3.7/site-packages (from numba) (1.20.2)
Installing collected packages: llvmlite, numba
Successfully installed llvmlite-0.36.0 numba-0.53.1
到这儿大家还没有撤出当今shell,那麼numba是早已安裝成功了,可以用一个numba的GPU实例测试一下:
# test-numba-gpu.py
from numba import cuda
def cpu_print(N):
for i in range(0, N):
print(i)
@cuda.jit
def gpu_print(N):
idx = cuda.threadIdx.x cuda.blockIdx.x * cuda.blockDim.x
if (idx < N):
print(idx)
def main():
print("gpu print:")
gpu_print[2,4](8)
cuda.synchronize()
print("cpu print:")
cpu_print(8)
if __name__ == "__main__":
main()
运作結果以下所显示:
Singularity> python test-numba-gpu.py
gpu print:
0
1
2
3
4
5
6
7
cpu print:
0
1
2
3
4
5
6
7
Singularity> exit
exit
那麼大家如今撤出这一sif的shell,再再次拉起(此次沒有加上可改动字段名):
dechin@ubuntu2004:~/projects/numba-gpu$ singularity shell --nv /home/dechin/tools/singularity/mindspore-gpu_1.2.0.sif
Singularity> python -m pip show numba
Name: numba
Version: 0.53.1
Summary: compiling Python code using LLVM
Home-page: https://numba.pydata.org
Author: Anaconda, Inc.
Author-email: numba-users@continuum.io
License: BSD
Location: /home/dechin/.local/lib/python3.7/site-packages
Requires: llvmlite, setuptools, numpy
Required-by:
Singularity> exit
exit
而大家现在在sif系统镜像中是能够见到刚刚新安裝的numba库的,表明刚刚的改动被储存了出来。
汇总概述
本文关键详细介绍Singularity器皿在Manjaro服务平台的安裝,及其一些普遍的应用情景:获取沙盒制做器皿镜像系统、远程控制制做器皿镜像系统及其改动器皿镜像系统的方式。总而言之Singularity是一个对非root客户十分友善的器皿解决方法,在速率上沒有具体检测过,仅仅在一些情景下能够见到比Docker特性好些一些。并且这一器皿还适用非root的安裝及其非root的操作方法,自然在根据RH的系统软件下有一些默认设置的配备项或是必须用root管理权限去改动后,才可以用非root的帐户应用Singularity器皿,最典型性的就例如要将/proc/sys/user/max_user_namespaces这里边的相匹配参数配置为非零,不然使用会出错。
版权声明
文中先发连接为:https://www.cnblogs.com/dechinphy/p/sg.html
创作者ID:DechinPhy
大量原著小说文章内容请参照:https://www.cnblogs.com/dechinphy/
打赏主播专用型连接:https://www.cnblogs.com/dechinphy/gallery/image/379634.html
腾讯云服务栏目同歩:https://cloud.tencent.com/developer/column/91958
关注不迷路
扫码下方二维码,关注宇凡盒子公众号,免费获取最新技术内幕!
评论0