-
Notifications
You must be signed in to change notification settings - Fork 3.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Singularity contains built from bioconda have broken /etc/resolv.conf #11583
Comments
|
This still might be the busybox issue, e.g.,
|
I think this is a
Apologies for the long-winded path to |
Can you just use a different container that doesn't have a busybox base? What about:
|
Not to say that is the "best" one, just a randomly chosen one off Docker Hub that minimally has an associated repository and build recipe :) https://hub.docker.com/r/inutano/sra-toolkit/~/dockerfile/ |
The base container question is deeper than I can answer - perhaps @bgruening or @jmchilton can advise? |
The base image was chosen to have a minimal as possible container that still has libc included and not some libc derivative. |
@bgruening very often |
Maybe a different base could be considered for the tools that rely on webby places? |
Another place where we have encountered issues with busybox-base-imaged biocontainers breaking singularity is that the /var/tmp -> /tmp symlink causes issues when "mount tmp = yes" in singularity.conf; specifically, the host /tmp is mounted at container /tmp, then the host /var/tmp ends up being mounted over the container /tmp... So both the container /tmp and /var/tmp are host /var/tmp. Things like Open-MPI and PMIX put, e.g., unix domain sockets in /tmp, so this breaks containers that want to use MPI. However... the busybox base image used for biocontainers is quite old (almost 5 years!):
Newer busybox images don't have a /var/tmp -> /tmp symlink, and so shouldn't break Singularity in this regard (and could be beneficial to use for other reasons, such as hundreds of bug fixes and enhancements). Could the base busybox image for biocontainers be updated, at least going forward for newly-created biocontainers images? |
It tried this one year ago and it broke so many workflows from users. But I should probably try now again. The problem is glibc or the variants. I see that there is now a proper glibc variant, I will give this a try. |
You could try doing a PR to update the base image first here (or better, create a new tag and preserve the older one) and then the container here can be rebuilt. I can't really tell which is the correct base image (the tags don't line up) but probably someone knows. You could also just build a different samtools image. |
@vsoch these are not the base images for the automatically created containers. For this we used a busybox image with a static compiled bash - to please some workflow engines. @nathanweeks I created a new version here. Would be great if you can test this image: But this was the easy part, testing a sufficient amount of package builds before we put this into production is the harder part. @nathanweeks are you familiar with the way how we build those containers? Could you help with this? |
@bgruening can you make the base recipes available to the users so they know what they are dealing with? |
They are here: https://github.com/bgruening/docker-busybox-bash |
cool thanks! And it looks like you have an updated image to test. Is there a way (in the future) for the user to be able to find this repo (or will it eventually be in the biocontainers repo?) |
@bgruening : is it the |
@vsoch is it not linked on the dockerhub page? We should add it to some documentation if not. @nathanweeks yes exactly. That should still work I hope: https://galaxy-lib.readthedocs.io/en/latest/topics/mulled.html?highlight=mulled#building-docker-containers-for-local-conda-packages You should be able to specify the base image via command line args. If not this should get you started: galaxyproject/galaxy-lib#148 Sorry, in a train with terrible internet. |
Omg it's easter!! :D I totally forgot. I'm going to paint some tiny avocados like eggs this weekend :) Happy Easter! |
@bgruening : When attempting to build a container image for a bioconda package that requires perl (maker), the following error was emitted during the mulled-build stage:
Possibly related?: docker-library/busybox#46 |
FWIW, I tried alpine:3.9.3 + libc6-dev, and while it has libdl.so.2, it's missing a number of glibc-related symbols:
|
Oh fun, this reminds me on my tries from last year :( |
@nathanweeks let me know if there is any busybox container which we can use. |
alpine + alpine-pkg-glibc might be close enough. I substituted bgruening/busybox-bash:0.2 with an image created from the following Dockerfile, and the result was almost enough to run maker (which failed for other reasons):
The resulting docker image clocks in at 9.66MB (compared to 6.65MB for bgruening/busybox-bash:0.2), though adding bash increases the size about 40% (!) to 13.7MB. Still fairly minimal compared to other images like debian:9.8-slim (55.3MB). Of course, this would need more testing. |
@nathanweeks I push 0.3 which is doing a very similar thing than what you mentioned, indeed this is what miniconda is now switching to as well. Maybe we can give the 0.3 a try ...? |
@bgruening : Out of the box, However, it looks like the glibc libraries are in a conda-specific location. Committing the stopped container resulting from mulled-build into a new image, shelling into a container from that image, and poking around, it looks like the glibc libraries are in a conda-specific location. Setting LD_LIBRARY_PATH, I was able to at least get perl to work:
However, maker (a perl script) itself segfaulted:
|
@pvanheus does Singularity 3 help here? We have rebuild all containers with Singularity 3 in the last weeks. |
@bgruening the problem persists:
|
Hi! Has this problem evolved in any way? I have similar issues with:
although there is no /tmp/resolv.conf.
thanks! |
Thanks @mbargull the |
Happy to hear that works for you!
Right, overriding the |
@mbargull downstream of this I discovered that some tools (e.g. R ones) write to /tmp - and then setting |
I started using biocontainer images for a snakemake pipeline and it seems that all of them give a similar warning: Do we have any updates on the issue? |
@fgypas : it seems recent Biocontainers images use an updated base image (I'm guessing this one is now the default, but I don't know that for a fact---can anyone confirm or refute?) that is not affected by this issue. e.g.:
|
Yes, we now use
-- the content is not very important since the bind mounted one gets used, but just wanted to record it here.) |
So what I am using at the moment are the following images:
Does that mean that I can find similar versions of the tools with the latest base image, or should I use the latest (updated versions of the tools)? |
Thanks for the update @mbargull ! Any chance those images could be published under a repo name we can track, such as |
I think this one can now be closed, please reopen if this is still an issue. |
@pcm32 hi I am encountering the same issue. Can you please explain a bit more on how to use this command. Sorry for my ignorance, how do I use it as a singularity command? I am using the following command to run nf-core/scrnaseq pipeline which uses one of the python image from galaxy and I get the following error.
Thanks in advance. Nurun |
@nfancy , not sure how you would do it on nextflow, but I presume there must be somewhere there where you can specify the singularity binary, then you could create a bash script that wraps the singularity call and adds the requirement to mount the resolv.conf file in the appropiate place inside the container. Then tell nextflow to call that as a singularity binary and it should work. Or maybe you can tell nextflow what additional files should be mounted on singularity. They key is to provision the resolv.conf file from the host machine in the required place inside the container. |
@nfancy Regarding the /etc/resolv.conf warning: I've seen this error in old container images that were built before the Biocontainers base image update mentioned in #11583 (comment). I don't have practical experience with Nextflow; does your workflow define an old container image(s)? The "FATAL" error looks like it could be a site-specific Singularity configuration issue; I'd suggest reaching out to your local sysadmin and/or Nextflow experts for guidance. This issue could be related. |
with apptainer I can not access the network (bioconda/bioconda-recipes#11583) in this container. hope bumping solves this.
with apptainer I can not access the network (bioconda/bioconda-recipes#11583) in this container. hope bumping solves this.
A test with a container built using
singularity build
from the Docker images onquay.io
using Singularity 2.5.2.This is mentioned by @vsoch as a Weirdo File. It is not clear where the link to
../tmp/resolv.conf
comes from.The text was updated successfully, but these errors were encountered: