Second Idea: Addition of Singularity Template #16
Conversation
.circleci/README.md
Outdated
| |`DOCKER_TAG`|A custom tag for the deployed image.|no|the first 10 characters of the commit.| | ||
|
|
||
|
|
||
| ## config.singularity |
There was a problem hiding this comment.
should be config.singularity.yml?
There was a problem hiding this comment.
I wasn't putting the extension, but I can add it.
|
|
||
| ## Where do I define the variables? | ||
| For each set of variables, some you can define in the config.yml, in the `environment` | ||
| section for a workflow step, for example, here is setting the variable `TIMEZONE` |
There was a problem hiding this comment.
For my education: do we have to set a timezone or is it an example of how to set a variable? (and why LA?)
There was a problem hiding this comment.
You don't have to set a timezone (although I've seen it frequently so it must be useful?) and no reason in particular for LA, if you want to find a different one you like I'm happy to change it :)
There was a problem hiding this comment.
Maybe we add a comment saying "this isn't strictly necessary"? Just to help people who are trying to take these examples and applying them to their setup. Otherwise you end up with cargo cult kind of things like "Yeah, you gotta run this in the LA timezone because otherwise it gets out of sync with the fizzbuzz-shizzle" :)
.circleci/README.md
Outdated
|
|
||
| This configuration is equivalent to the default config.yml, with the additional change in permissions of the | ||
| repo2docker folder to allow for the user to write given export into a Singularity container. If you want your | ||
| container notebooks to be usable on a shared resource, you should choose this configuration. Note that the |
There was a problem hiding this comment.
a supercomputer cluster with multiple users (HPC)
.circleci/README.md
Outdated
| |---|---|---|---| | ||
| |`CONTAINER_NAME`|The name of the Docker Hub container to deploy|no|`<ORG>/<REPO>`| | ||
| |`DOCKER_TAG`|A custom tag for the deployed image.|no|the first 10 characters of the commit.| | ||
| |`NOTEBOOK_PERMISSION`|The permission to (recursively) give the notebook, to allow write.|no|777| |
There was a problem hiding this comment.
Should we remove NOTEBOOK_ from the permission and username variable? Neither really have anything to do with the fact that we use notebooks. As in we'd still have to set them if we were using RStudio or OpenRefine.
Maybe | PERMISSION | The permissions to (recursively) set on the repository contents copied into the container |?
There was a problem hiding this comment.
However the NOTEBOOK is relevant - these variables specifically change just the folder for the notebook housing and permission for it. The NOTEBOOK also serves as a namespace, so there is less liklihood of conflict with some other user specific variable. If you want to think of a different prefix to replace this, I'm happy to change it. I think notebook is more appropriate than something like container, because it is truly just a username for the notebook, and permission for the notebook folder. That may be different outside of using repo2docker, but right now that's all this recipe does, and so the variable names are clear.
There was a problem hiding this comment.
Maybe REPO2DOCKER_ as prefix? There doesn't have to be a notebook in the repository and this would set the permissions on all things that are copied over right?
There was a problem hiding this comment.
yes I like that too.
Yes that's correct. We are changing the permission of the user "joyvan's" folder in $HOME:
docker exec repo2docker chmod -R ${REPO2DOCKER_PERMISSION} "/home/${REPO2DOCKER_USERNAME}"and we have to do this for Singularity, otherwise the notebooks aren't usable for the general user.
.circleci/README.md
Outdated
| |`CONTAINER_NAME`|The name of the Docker Hub container to deploy|no|`<ORG>/<REPO>`| | ||
| |`DOCKER_TAG`|A custom tag for the deployed image.|no|the first 10 characters of the commit.| | ||
| |`NOTEBOOK_PERMISSION`|The permission to (recursively) give the notebook, to allow write.|no|777| | ||
| |`NOTEBOOK_USERNAME`|The username (to derive the home directory) to build the notebook and virtual environment. (e.g., `/home/joyvan`|no|`joyvan`| |
There was a problem hiding this comment.
-> "The username used inside the container"
There was a problem hiding this comment.
In Singularity world, this is just the notebook username (the user remains him/herself when in use).
There was a problem hiding this comment.
What do you mean with the notebook username? I was assuming that inside the container there is a user that owns the files copied over from the repository and that this variable sets that username. (and that for singularity the username that owns the files has to match the username of the person executing the container)
There was a problem hiding this comment.
The container is going to be sitting on a shared HPC resource, and more than one user could use it. The username is the name of the folder, and the name of the --username arg given for the container. If it's not general (or assumes use by any user) the container doesn't have much purpose for reproducibility (e.g., sharing with others).
| @@ -168,6 +168,9 @@ jobs: | |||
| if [[ -n "$DOCKER_PASS" ]]; then | |||
| docker login -u $DOCKER_USER -p $DOCKER_PASS | |||
| docker push ${CONTAINER_NAME}:${DOCKER_TAG} | |||
| echo "Tagging latest image..." | |||
| docker tag ${CONTAINER_NAME}:${DOCKER_TAG} ${CONTAINER_NAME}:latest | |||
| docker push ${CONTAINER_NAME}:latest | |||
There was a problem hiding this comment.
The purist in me is a bit hesitant to make a "latest" tag standard. It gives people a way to not explicitly define which tag/version they want. Which means it becomes a nightmare to try and work out what they actually used later on.
It is super convenient to have latest, but for your long term health it isn't so smart. A bit like eating only cake for breakfast is super cool :-/
There was a problem hiding this comment.
It's not standard, but it's provided because people want and expect it. if I had a dollar for every time someone posted an issue because they claimed the endpoint didn't work (and had just misspelled the tag). I'm all for encouraging reproducibility, but making it really hard to use a tool I don't think is the right way to do it.
.circleci/config.singularity.yml
Outdated
| docker tag ${CONTAINER_NAME}:${DOCKER_TAG} ${CONTAINER_NAME}:latest | ||
| docker push ${CONTAINER_NAME}:latest | ||
| fi | ||
| workflows: |
There was a problem hiding this comment.
We have a lot of shared steps between config.yaml and config.singularity.yml. Is there a way to avoid that or automatically check that they are the same (except for where they are meant to be different)? Wondering what we can do to stop the two (or later more) versions from drifting apart.
Would it be better to make one big config.yaml with several different workflows and tell users to pick one workflow?
Only questions, no solutions :(
There was a problem hiding this comment.
Yes I've already developed this, but it will be done in a separate PR.
|
|
||
| |Variable|Description|Required|Default| | ||
| |---|---|---|---| | ||
| |`CONTAINER_NAME`|The name of the Docker Hub container to deploy|no|`<ORG>/<REPO>`| |
There was a problem hiding this comment.
Can we call it "image_name" since it's the name of the image, not the container?
This is a second effort to add Singularity support, to come after #9. Instead of having the permission change be default, we instead provide a second template, and give the user complete control over the username of the build (in the case that they want to generate a container for their userspace only) OR the value of the permissions to be different from the default. Specifically, this PR does the following:
git add *and then also include various files that wouldn't be desired, and this will help with that :)