A number of people have requested the ability to run Docker containers on Rosalind but the way Docker is currently implemented causes some security issues for a shared HPC environment. Instead, we have installed Singularity as a module. It has similar functionality but is specifically designed for providing containerised environments for reproducible research in scientific computing environments.
Please note that normal cluster job scheduling still applies to containerised processes. If you are running singularity on Rosalind it should either be in a qrsh shell or via a qsub script. MPI jobs should be invoked by calling
mpirun singularity … in your grid engine script and running the MPI program inside the container.
Singularity is a fairly new project and we haven't thoroughly tested it on Rosalind yet (esp. the MPI support), so consider this a beta service. Please use and test it and report any issues to https://helpdesk.rosalind.compute.ac.uk.
Singularity allows users to run a container without escalating their permissions. The downside of this is that if you want to create or modify a container, you have to do it on a system on which you have root access. The containers are just image files, so you can create one on a local machine where you have the appropriate permissions, then upload the image to Rosalind and run it as your own user.
Note that the cluster kernel doesn't support overlayFS, which means if you want to bind a host directory to a location inside your Singularity container, the mount point must already exist within the container. I’ve created a couple of basic containers (by bootstrapping from docker images) in /opt/apps/general/singularity/images so you can use these to test it out. These images have a bind point for /users and /mnt/lustre and I have edited the Singularity config file to bind these locations automatically. You can try it out with something like:
qrsh module general/singularity/2.2 singularity shell /opt/apps/general/singularity/images/ubuntu-yakkety.img
You’ll get a warning about it not being able to mount the current directory, but you can safely ignore this - it is configured to bind the /users dir and to use the host authentication settings automatically, so you’ll get dropped into your own home directory as your own user.
If you want to create your own containers, docs are here - http://singularity.lbl.gov/user-guide. You'll need to make sure you include mount points for /mnt/lustre and /users.