# Singularity: software carpentry

[link](https://carpentries-incubator.github.io/singularity-introduction/01-singularity-gettingstarted/index.html)

Singularity is a container platform. Singularity is particularly well-suited to running on distributed, High Performance Computing (HPC) infrastructure, as well as a Linux laptop or desktop.

#### Problems with Docker
System administrators will not, generally, install Docker on shared computing platforms such as lab desktops, research clusters or HPC platforms because the design of Docker presents potential security issues for shared platforms with multiple users. Singularity, on the other hand, can be run by end-users entirely within “user space”, that is, no special administrative privileges need to be assigned to a user in order for them to run and interact with containers on a platform where Singularity has been installed.

```sh
[s.1915438@sl2 ~]$ module avail singularity
singularity        singularity/2.6.1  singularity/3.3.0  singularity/3.6.3  singularity/3.8.5  
[s.1915438@sl2 ~]$ module avail singularity/3.8.5
[s.1915438@sl2 ~]$ singularity --version
singularity version 3.8.5
```

# Images and containers
* Images: A template virtual environment
* Container: virtual environment that is based on an image. It may be possible to start multiple container instances from an image. 

# Pulling image
command: `singularity pull`

```sh
[s.1915438@sl2 test]$ singularity pull hello-world.sif shub://vsoch/hello-world
INFO:    Downloading shub image
59.8MiB / 59.8MiB [==============================================================================] 100 % 12.2 MiB/s 0s
[s.1915438@sl2 test]$ ls
hello-world.sif
[s.1915438@sl2 test]$ 
```

We pulled this image from [Singularity Hub Archive](https://singularityhub.github.io/singularityhub-archive/).

# Running an image
command: `singularity run`

```sh
[s.1915438@sl2 test]$ singularity run hello-world.sif 
RaawwWWWWWRRRR!! Avocado!
```

We just ran the default script of the Singularity image. We can inspect the image's run script using `singularity inspect -r`.

```sh
[s.1915438@sl2 test]$ singularity inspect -r hello-world.sif 
#!/bin/sh 

exec /bin/bash /rawr.sh
```
# Singularity's image cache
Contrary to Docker, Singularity stores a copy of pulled images in a cache on the local disk. If we delete a an image and repull it, if the version is same, it will pull from the local cache. However, this feature is only available in newer versions of Singularity (~3.5).

```sh
[s.1915438@sl2 test]$ singularity cache list
There are 1 container file(s) using 59.75 MiB and 0 oci blob file(s) using 0.00 KiB of space
Total space used: 59.75 MiB
[s.1915438@sl2 test]$ singularity cache list -v
NAME                     DATE CREATED           SIZE             TYPE
3bac21df631874e3cbb3f0   2022-06-27 10:17:55    59.75 MiB        shub

There are 1 container file(s) using 59.75 MiB and 0 oci blob file(s) using 0.00 KiB of space
Total space used: 59.75 MiB
```

The images cache can be cleaned using `singularity cache clean`. By default the cache is stored at `$HOME/.singularity/cache`.

```sh
[s.1915438@sl2 test]$ ls $HOME/.singularity/cache
library  net  oci-tmp  oras  shub
```

# Running specific command with a Singularity container
command: `singularity exec`

This command overrides the commands in the default script. 

Example 1:

```sh
[s.1915438@sl2 test]$ singularity exec hello-world.sif /bin/bash /rawr.sh
RaawwWWWWWRRRR!! Avocado!
```

Example 2:
```sh
[s.1915438@sl2 test]$ singularity exec hello-world.sif /bin/echo Hello World
Hello World
```

Example 3:
```sh
[s.1915438@sl2 test]$ singularity exec hello-world.sif /bin/date
Mon Jun 27 10:22:29 BST 2022
```

Example 4:
```sh
[s.1915438@sl2 test]$ singularity exec hello-world.sif ls /
apps  bin  boot  dev  environment  etc	home  lib  lib64  media  mnt  opt  proc  rawr.sh  root	run  sbin  scratch  singularity  srv  sys  tmp	usr  var
```

Example 5:
```sh
[s.1915438@sl2 test]$ singularity exec hello-world.sif /rawr.sh
RaawwWWWWWRRRR!! Avocado!
```

# Singularity container: interactive shell
command: `singularity shell`

```sh
[s.1915438@sl2 test]$ singularity shell hello-world.sif 
Singularity> ls    
hello-world.sif
Singularity> whoami
s.1915438
Singularity> pwd
/scratch/s.1915438/Singularity/examples/test
Singularity> uname -n
sl2
Singularity> ls /
apps  bin  boot  dev  environment  etc	home  lib  lib64  media  mnt  opt  proc  rawr.sh  root	run  sbin  scratch  singularity  srv  sys  tmp	usr  var
Singularity> exit
[s.1915438@sl2 test]$ 
```

This interactive is very different from Docker's interactive shell. Here we can't access the container as a seperate virtualised envoronment/ OS. In docker interactive shell we are the superuser. Here in Singularity can only access those files as the current user can access. So, if we type `ls` we see the `vsoch-hello-world-master-latest.simg`. `ls /` gives us the `rawr.sh` in the root directory. As always use `exit` or ctrl + D to exit the shell.

Similarly, when we type `whoami` we get the current username on the host system. It grabs the userdata from `/etc/passwd` and `/etc/group`.

A link to know more: https://www.intel.com/content/dam/www/public/us/en/documents/presentation/hpc-containers-singularity-advanced.pdf 

**So, we can't run commands from within the singularity container that is denied on the host system. Thus we don't need superuser permission.**