Centre de Calcul de l Institut National de Physique Nucléaire et de Physique des Particules. Singularity overview. Vanessa HAMAR

Similar documents
Singularity tests at CC-IN2P3 for Atlas

Singularity: Containers for High-Performance Computing. Grigory Shamov Nov 21, 2017

Singularity tests. ADC TIM at CERN 21 Sep E. Vamvakopoulos

STATUS OF PLANS TO USE CONTAINERS IN THE WORLDWIDE LHC COMPUTING GRID

Docker for HPC? Yes, Singularity! Josef Hrabal

Singularity in CMS. Over a million containers served

Singularity: container formats

Presented By: Gregory M. Kurtzer HPC Systems Architect Lawrence Berkeley National Laboratory CONTAINERS IN HPC WITH SINGULARITY

Opportunities for container environments on Cray XC30 with GPU devices

Shifter at CSCS Docker Containers for HPC

Andrej Filipčič

Global Software Distribution with CernVM-FS

CONTAINERIZING JOBS ON THE ACCRE CLUSTER WITH SINGULARITY

BEST PRACTICES FOR DOCKER

A Container On a Virtual Machine On an HPC? Presentation to HPC Advisory Council. Perth, July 31-Aug 01, 2017

Improving User Accounting and Isolation with Linux Kernel Features. Brian Bockelman Condor Week 2011

Graham vs legacy systems

BEST PRACTICES FOR DOCKER

Bright Cluster Manager: Using the NVIDIA NGC Deep Learning Containers

HPC Middle East. KFUPM HPC Workshop April Mohamed Mekias HPC Solutions Consultant. Agenda

TENSORRT 3.0. DU _v3.0 February Installation Guide

Automatic Dependency Management for Scientific Applications on Clusters. Ben Tovar*, Nicholas Hazekamp, Nathaniel Kremer-Herman, Douglas Thain

ViryaOS RFC: Secure Containers for Embedded and IoT. A proposal for a new Xen Project sub-project

Quelling the Clamor for Containers. Vanessa Borcherding Director, Scientific Computing Unit Weill Cornell Medicine

An Introduction to the SPEC High Performance Group and their Benchmark Suites

Introduction to Containers

NVIDIA DGX SYSTEMS PURPOSE-BUILT FOR AI

TENSORRT 4.0 RELEASE CANDIDATE (RC)

NVIDIA GPU CLOUD DEEP LEARNING FRAMEWORKS

PREPARING TO USE CONTAINERS

irods usage at CC-IN2P3 Jean-Yves Nief

DGX-1 DOCKER USER GUIDE Josh Park Senior Solutions Architect Contents created by Jack Han Solutions Architect

Shifter: Fast and consistent HPC workflows using containers

Shifter and Singularity on Blue Waters

CUDNN. DU _v07 December Installation Guide

CERN openlab & IBM Research Workshop Trip Report

Continuous Integration and Deployment (CI/CD)

Singularity - Containers for Scientific Computing ZID Workshop. Innsbruck Nov 2018

High Performance Containers. Convergence of Hyperscale, Big Data and Big Compute

Introduction to Containers. Martin Čuma Center for High Performance Computing University of Utah

What s new in HTCondor? What s coming? HTCondor Week 2018 Madison, WI -- May 22, 2018

Democratizing Machine Learning on Kubernetes

Using DC/OS for Continuous Delivery

Singularity. Containers for Science

Cloud du CCIN2P3 pour l' ATLAS VO

TENSORRT. RN _v01 January Release Notes

Using Docker in High Performance Computing in OpenPOWER Environment

RMA PROCESS. vr384 October RMA Process

An introduction to Docker

SCITAS. Scientific IT and Application support unit at EPFL. created in February today : 5 system engineers + 6 application experts SCITAS

Introduction to Containers. Martin Čuma Center for High Performance Computing University of Utah

MAKING CONTAINERS EASIER WITH HPC CONTAINER MAKER. Scott McMillan September 2018

Scientific Filesystem. Vanessa Sochat

Allowing Users to Run Services at the OLCF with Kubernetes

NSIGHT ECLIPSE EDITION

S INSIDE NVIDIA GPU CLOUD DEEP LEARNING FRAMEWORK CONTAINERS

Improving the Productivity of Scalable Application Development with TotalView May 18th, 2010

DGX UPDATE. Customer Presentation Deck May 8, 2017

NGC CONTAINER. DU _v02 November User Guide

A Hands on Introduction to Docker

IBM Deep Learning Solutions

Docker A FRAMEWORK FOR DATA INTENSIVE COMPUTING

Running Applications on The Sheffield University HPC Clusters

TEN LAYERS OF CONTAINER SECURITY

/ Cloud Computing. Recitation 5 September 27 th, 2016

IN2P3-CC cloud computing (IAAS) status FJPPL Feb 9-11th 2016

Bright Cluster Manager Advanced HPC cluster management made easy. Martijn de Vries CTO Bright Computing

Confinement (Running Untrusted Programs)

Deployment Patterns using Docker and Chef

Unzip command in unix

Virtualization of the ATLAS Tier-2/3 environment on the HPC cluster NEMO

Bright Cluster Manager

LSST software stack and deployment on other architectures. William O Mullane for Andy Connolly with material from Owen Boberg

NVIDIA COLLECTIVE COMMUNICATION LIBRARY (NCCL)

Using the SDACK Architecture to Build a Big Data Product. Yu-hsin Yeh (Evans Ye) Apache Big Data NA 2016 Vancouver

Guillimin HPC Users Meeting

irods usage at CC-IN2P3: a long history

Securing Microservices Containerized Security in AWS

Employing HPC DEEP-EST for HEP Data Analysis. Viktor Khristenko (CERN, DEEP-EST), Maria Girone (CERN)

State of Containers. Convergence of Big Data, AI and HPC

Science-as-a-Service

Docker task in HPC Pack

Introduction to the SHARCNET Environment May-25 Pre-(summer)school webinar Speaker: Alex Razoumov University of Ontario Institute of Technology

Genomics on Cisco Metacloud + SwiftStack

TECHNICAL BRIEF. Scheduling and Orchestration of Heterogeneous Docker-Based IT Landscapes. January 2017 Version 2.0 For Public Use

Who is Docker and how he can help us? Heino Talvik

Deep Learning Frameworks with Spark and GPUs

Microsoft vision for a new era

How to run applications on Aziz supercomputer. Mohammad Rafi System Administrator Fujitsu Technology Solutions

HTCondor: Virtualization (without Virtual Machines)

Introduction to High-Performance Computing

Scientific data processing at global scale The LHC Computing Grid. fabio hernandez

A curated Domain centric shared Docker registry linked to the Galaxy toolshed

Supporting GPUs in Docker Containers on Apache Mesos

XC Series Shifter User Guide (CLE 6.0.UP02) S-2571

Exploring cloud storage for scien3fic research

Scientific Software Development with Eclipse

TESLA V100 PERFORMANCE GUIDE. Life Sciences Applications

The BioHPC Nucleus Cluster & Future Developments

/ Cloud Computing. Recitation 5 September 26 th, 2017

Transcription:

Centre de Calcul de l Institut National de Physique Nucléaire et de Physique des Particules Singularity overview Vanessa HAMAR

Disclaimer } The information in this presentation was compiled from different Web sites, mainly Docker, Singularity, OSG and WLCG s sites. FJPPL Japan-France workshop on computing technologies 13/02/2018 2

Overview } Why containers? } Containers comparison } Singularity Definition Roles } Versions } Use cases } Image distribution } Security } Singularity at CC } Conclusions } Some links FJPPL Japan-France workshop on computing technologies 13/02/2018 3

Why containers? } Containers are a solution to the problem of how to get software to run reliably when moved from one computing environment to another. This could be from a developer's laptop to a test environment, from a staging environment into production and perhaps from a physical machine in a data center to a virtual machine in a private or public cloud. * *cio.com FJPPL Japan-France workshop on computing technologies 13/02/2018 4

Containers Brief comparison } Docker: DevOps, microservices. Enterprise applications. Developers/DevOps } Shifter: Use the large number of docker apps. Provides a way to run them in HPC after a conversion process. It also strip out all the requirements of root so that they are runnable as user process. Scientific Application Users } Singularity: Application portability (single image file, contain all dependencies) Reproducibility, run cross platform, provide support for legacy OS and apps. Scientific Application Users http://geekyap.blogspot.fr/2016/11/docker-vs-singularity-vs-shifter-in-hpc.html FJPPL Japan-France workshop on computing technologies 13/02/2018 5

Singularity Singularity is a container solution created by necessity for scientific and application driven workloads. Containers for Science FJPPL Japan-France workshop on computing technologies 13/02/2018 6

Singularity } Singularity enables users: To have full control of their environment To package: entire scientific workflows software and libraries and even data. To use the resources of the host were they are running the container: HPC interconnects Resource managers File systems GPUs and/or accelerators, etc. This means that: Users do not have to ask to cluster administrators to install anything for them - they can put it in a Singularity container and run. No scheduler changes necessary FJPPL Japan-France workshop on computing technologies 13/02/2018 7

Singularity } Singularity does this by enabling: Encapsulation of the environment Containers are image based No user contextual changes or root escalation allowed No root owned daemon processes A user inside a Singularity container is the same user as outside the container FJPPL Japan-France workshop on computing technologies 13/02/2018 8

Singularity } Network is transparent to the process. } cgroups are not touched by Singularity, all is managed by the batch system. } Support for MPI (OpenMPI, MPICH, IntelMPI) FJPPL Japan-France workshop on computing technologies 13/02/2018 9

Singularity } Singularity has two primary roles: Container Image Generator Container Runtime As root As user Users can make and customize containers locally, and then run them on shared resource FJPPL Japan-France workshop on computing technologies 13/02/2018 10

Singularity } Image formats: squashfs: is a compressed read-only file system that is widely used for things like live CDs/USBs and cell phone OS s ext3: (also called writable) a writable image file containing an ext3 file system directory: (also called sandbox) standard Unix directory containing a root container image tar.gz: zlib compressed tar archive tar.bz2: bzip2 compressed tar archive tar: uncompressed tar archive Default container format: Squashfs >= version 2.4 Ext3 < 2.4 FJPPL Japan-France workshop on computing technologies 13/02/2018 11

Singularity Bind directories } Singularity allows you to map directories on your host system to directories inside your container using bind mounts. System defined bind points: The system administrator has the ability to define what bind points User defined bind points: If the system administrator has enabled user control of binds, users will be able to request their own bind points within your container. } Option enable overlay = yes directories can be created inside the container to be bind. FJPPL Japan-France workshop on computing technologies 13/02/2018 12

Singularity Package version Repository Version Epel 2.2.1 WLCG 2.4.2 OSG 2.4.2 Singularity 2.4.2 2.4.2 Standard Container Integration Format FJPPL Japan-France workshop on computing technologies 13/02/2018 13

Use cases LSST - Deep Learning Challenges at CC Context LSST (Large Survey Synoptic Telescope) project members will have to deal with tons of data and want to explore deep learning solutions to automatically process images for what they call deblending (i.e separate astronomical objects from the sky background). Deep learning challenges such as Kaggle (www.kaggle.com) are now popular on the internet. A Challenge is made of a given problem to resolve, for example, «I want to know if this is a cat or a dog on this image» and a dataset to help the machine to learn. Challengers have to analyze the problem and propose a model to train. A CNRS team developed RAMP, a deep learning challenge platform. Challengers submit their codes that are processed on RAMP backend. There are two phases of submission, and between them, each team can view the other teams code and adapt is own code with others ideas. This synergy gives better results. At the end of the process the score is computed. The team with the highest score wins. Project from CC side (cf. workflow schema) We have to connect to the RAMP platform and grab new submissions, then send submission code to the gpu batch farm. After batch is complete, results must be parsed and inserted to the RAMP platform database. Why Singularity here? Gpus are Nvidia Tesla K80. Nvidia provide updates for GPU libraries (Cuda, CuDNN) Machine learning frameworks versions need to match gpu libraries versions Example : Tensorflow 1.5, a famous Deep Learning framework requires CUDA Toolkit 8.0 and cudnn v6.0 for gpu support Moreover, each RAMP challenge requires a particular python development environment (different modules or versions of modules) The advantage of using Singularity is obvious! FJPPL Japan-France workshop on computing technologies 13/02/2018 14

Use cases } A local user needs to execute OpenMP code in Debian and our WNs are SL6 or CentOS7. } ATLAS and CMS are also testing singularity in order to run SL6 containers in CentOS7. FJPPL Japan-France workshop on computing technologies 13/02/2018 15

Singularity Image distribution } From Brian Bockelman, pre-gdb, July 2017 presentation: Given our heavy investment in CVMFS, it seems very natural to leverage it for image distribution. Given CVMFS implementation details, images should be distributed as flat directories - Cache will work at the individual file level. Flat directories work with non-setuid mode; single-image formats don t. } The OSG has now also installed unprivileged singularity 2.3.1 in cvmfs: /cvmfs/oasis.opensciencegrid.org/mis/singularity/el[67]-x86_64/bin/singularity FJPPL Japan-France workshop on computing technologies 13/02/2018 16

Singularity - Security } User Namespace: Singularity supports the user namespace natively and can run completely unprivileged ( rootless ) since version 2.2 (October 2016) but features are severely limited. } SetUID: This is the default usage model for Singularity because it gives the most flexibility in terms of supported features and legacy compliance. It is also the most risky from a security perspective. For that reason, Singularity has been developed with transparency in mind. OSG-SEC-2017-10-27 Linux kernel vulnerability affecting Singularity. This vulnerability, can be exploited to cause a denial-of-service (DoS) condition or to execute arbitrary code FJPPL Japan-France workshop on computing technologies 13/02/2018 17

Commands } Invoking a container Executing a command: singularity exec /cvmfs/singularity.in2p3.fr/images/cc/official/centos/x86_64/7/7.4/ ls Interactive container: singularity shell /cvmfs/singularity.in2p3.fr/images/cc/official/centos/x86_64/7/7.4/ singularity shell --bind /sps/hep/phenix:/srv /cvmfs/singularity.in2p3.fr/images/cc/official/sl/x86_64/6/6.9/ } Submitting a job in the computing cluster A simple script: mon_job_singularity.sh #!/bin/bash singularity exec /cvmfs/singularity.in2p3.fr/images/cc/official/sl/x86_64/6/6.9/ $HOME/my_script.sh Normal submission: qsub -q long -l os=cl7 mon_job_singularity.sh FJPPL Japan-France workshop on computing technologies 13/02/2018 18

Singularity at CC } Version installed in user interfaces and worker nodes: 2.4.2 from WLCG repository } Image distribution /cvmfs/singularity.in2p3.fr Images as directories and bootstrap files for Debian SL6 CentOS7 Ubuntu } Configuration options: SetUID Overlay FJPPL Japan-France workshop on computing technologies 13/02/2018 19

Conclusions } A very nice idea J } A new project - evolving fast Some backward compatibility problems Some bugs can be found } Waiting information about version and configuration parameters from experiments. } We need to do more tests. FJPPL Japan-France workshop on computing technologies 13/02/2018 20

Thanks to: } Benoit Delaunay } Bertrand Rigaud } Emmanouil Vamvakopoulos } Pascal Calvat } Rachid Lemrani } Sebastien Gadrat } Yvan Calas FJPPL Japan-France workshop on computing technologies 13/02/2018 21

Questions FJPPL Japan-France workshop on computing technologies 13/02/2018 22

Where to find information } Links: Singularity - User guide HPC Containers singularity Docker vs Singularity vs Shifter } Mailing lists: wlcg-containers (WLCG container working group) wlcg-containers@cern.ch Singularity singularity@lbl.gov } Groups Conteneurs IN2P3 FJPPL Japan-France workshop on computing technologies 13/02/2018 23

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback