Comments (4)
See also #1 , but the TLDR of Singularity is:
- Too complicated and huge (more than 10x enroot)
- Mostly a wrapper on top of existing cloud-native techs nowadays (might as well use runc or podman for better support)
- Not extensible
- No support for accelerators (GPUs/HCAs)
- Not a great track record (3 rewrites, several security breaches...)
- Awkward security model with setuid binaries
- Missing features (no bundles, no SLURM plugin, slow pulls, can't install packages unprivileged...)
from enroot.
Hello. One of the developers of Singularity here. I'm going to avoid arguing over the subjective points here, but I want to clarify some specific functionality that Singularity does have.
Mostly a wrapper on top of existing cloud-native techs nowadays (might as well use runc or podman for better support)
It's true we do use various OCI related libraries to support interaction docker/OCI formats etc. However the engine is independent, and Singularity has, amongst other things, its own single-file image format with embedded signing, validation, encryption etc. Users may find these advantageous.
No support for accelerators (GPUs/HCAs)
We have long had an --nv
flag to support binding in of NVIDIA libraries for GPU containers, and this e.g. allows direct use of NVIDIAs dockerhub and NGC containers. We also have a corresponding --rocm
flag.
Missing features (no bundles, no SLURM plugin, slow pulls, can't install packages unprivileged...)
The bundle idea is interesting. Singularity can be installed completely unprivileged, and we have a --fakeroot
mode leveraging unprivileged user namespaces that allows building containers, installing packages in containers etc. without privilege. There is no SLURM plugin as running a container is as simple as running singularity run mycontainer.sif
or ./mycontainer.sif
like any other program in a batch script. We welcome feedback on circumstances where a plugin provides benefits.
Thanks!
from enroot.
thx for clarification!
from enroot.
It's true we do use various OCI related libraries to support interaction docker/OCI formats etc. However the engine is independent, and Singularity has, amongst other things, its own single-file image format with embedded signing, validation, encryption etc. Users may find these advantageous.
Interesting that you mention SIF, because this is actually a good example of what we didn't want. This is a non-standard format and it is not really justified. You can easily do this with plain squashfs (e.g. GPG, signify, fs-crypt, dm-crypt, etc) and you're not constrained by the ciphers or the tools that singularity offers.
We have long had an
--nv
flag to support binding in of NVIDIA libraries for GPU containers
While this is true, --nv
is not officially supported by our container team as it doesn't rely on libnvidia-container
to configure the container. As a result there are several issues that can occur while running GPU workloads in production.
Singularity can be installed completely unprivileged, and we have a
--fakeroot
mode leveraging unprivileged user namespaces that allows building containers, installing packages in containers etc. without privilege.
This is using setuid/setgid maps, so it is using a setuid binary and therefore is privileged.
Also setuid/setgid maps are unpractical at scale.
There is no SLURM plugin as running a container is as simple as running
singularity run mycontainer.sif
or./mycontainer.sif
like any other program in a batch script.
You can also do srun enroot start ...
but this is very different that what the plugin does. There are a lot of considerations when integrating with SLURM (ease of use, entrypoints, MPI, image cache, etc).
from enroot.
Related Issues (20)
- GHCR support HOT 1
- ssh to localhost fails with "Connection closed by 127.0.0.1 port 4444" HOT 1
- Wrong number of nproc, when running PyTorch container with cpus-per-task set HOT 3
- issues with root file system inside the enroot container HOT 1
- enroot-switchroot: failed to execute: /bin/sh: No such file or directory HOT 2
- Enabling the creation of TUN devices HOT 1
- too many open files HOT 1
- Squashfs support in --container-mount HOT 2
- Cannot compile from source HOT 1
- How to start an enroot to support fuse?
- Exposes api outside of enroot container
- Severe performance implication by setting global OMP_NUM_THREADS=1 HOT 5
- Driver compatibility issues when reusing a container HOT 4
- enroot import - Cannot write: no space left on device HOT 3
- cgroups are mounted twice HOT 3
- Fix for AWS ECR issue not released? HOT 5
- Enroot not following /etc/enroot/enroot.conf HOT 2
- Shadow hook segmentation faults when starting recent images HOT 15
- Seeing an issue with libnvidia-ml.so HOT 1
- Question about data access. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from enroot.