2

目标

目的是创建一个安装一些包的奇异容器,然后从 git repo 克隆一个自定义包并制作它。用户需要获得使用自定义包的权限,理想情况下它将位于奇异用户的主目录中,但这似乎比我预期的要困难。

奇点几乎总是以外壳的形式启动,它包含一组麻烦的自定义包,并以可重复、可共享的方式从它们生成结果。

问题

克隆 git repo 似乎很好,但我可以把它放在用户甚至可以看到它的唯一地方/github_repo,它始终归 root 所有。

我无法将它获取到用户的主目录,因为在%post变量期间$HOME似乎没有指向用户的主目录,它指向/root,然后创建的对象属于 root。事实上,虽然/home确实存在,但它是空的,似乎用户还不存在。

我试过克隆/github_repo然后添加

chown -R $USER /github_repo
chmod -R 766 /github_repo

%post. 容器可以构建和运行,以及何时运行;

$ ls -lh /github_repo
ls: cannot access '/github_repo': Permission denied
total 0
d????????? ? ? ? ?           ? CorrectNameOfGithubFolder
-????????? ? ? ? ?           ? CorrectNameOfGithubFile

所以它可以看到文件和文件夹的名称,但看不到它们的权限?我什至不知道这是可能的。如果我不搞乱其中的权限,%post那么它就是root拥有的一个完全正常的文件。

食谱

这是我到目前为止所拥有的,您应该会发现它可以构建并运行。如果你想运行它,将 recipy 保存为 example.def 然后执行

sudo singularity build example.sif example.def
singularity run --containall example.sif

然后尝试

$ ls -lh /packages

例子.def


BootStrap: docker
From: ubuntu:18.04
    
# commands on the host system
%setup
    # make print colour #
    GREEN='\033[0;32m'
    NOCOLOUR='\033[0m'
    echo "${GREEN}~~~ Getting modified packages from github ~~~ ${NOCOLOUR}"
    export PACKAGES_TMP=/tmp/packages
    rm -fr $PACKAGES_TMP
    mkdir -p $PACKAGES_TMP
    git clone https://github.com/rootpy/rootpy-tutorials.git $PACKAGES_TMP
    cp -R ${PACKAGES_TMP} ${SINGULARITY_ROOTFS}

# get files from the host (but we dont need any)
%files

# what is done when the container is built
%post
    # make print colour #
    GREEN='\033[0;32m'
    NOCOLOUR='\033[0m'
    # start
    echo "${GREEN}~~~ install apt packages ~~~ ${NOCOLOUR}"
    apt -y update
    # for fetching from repos if needed
    apt -y install git
    # for getting anything else from the net
    apt -y install wget
    # text editors
    apt -y install vim-tiny
    apt -y install nano
    # for making downloaded packages
    apt -y install make

    echo "${GREEN}~~~ Set up a .bashrc ~~~ ${NOCOLOUR}"
    BASHRC=/home/.bashrc
    touch $BASHRC
    echo "alias vim=vim.tiny\n" >> $BASHRC
    # will be called in run

    ## Not working???
    ## the /home/ directory appears empty
    # echo "${GREEN}~~~ Move packages to home dir ~~~ ${NOCOLOUR}"
    MY_HOME=$(ls -l /home/)
    echo in post home is $MY_HOME
    touch ~/test
    touch $HOME/test
    mkdir $HOME/test_dir
    # PACKAGES=$MY_HOME/packages/
    # mv /packages $PACKAGES
    
    echo "${GREEN}~~~ Give the user permission and control ~~~ ${NOCOLOUR}"
    # this bit does odd things
    PACKAGES=/packages
    chown -R $USER $PACKAGES
    chmod -R 766 $PACKAGES

    echo "${GREEN}~~~ Making the packages ~~~ ${NOCOLOUR}"
    # need to implement


# enviroment variabels instide the container
# sourced at run time not build time
%environment
    export PACKAGES=/packages/
    export BASHRC=/home/.bashrc


# this is executed when the contain is launched with
# singularity run example.sif
%runscript
    MY_HOME=$(ls -l /home/)
    echo at run home is $MY_HOME
    touch ~/runtest1
    touch $HOME/runtest2
    mkdir $HOME/runtest_dir
    ls -lh /
    ls -lh $HOME
    ls -lh $HOME/runtest_dir/
    # source the .bashrc
    echo $BASHRC
    /bin/bash --rcfile $BASHRC
    

# this would be executed just after build
%test
    echo I havent written any tests

# metadata
%labels
    Author ClumsyCat
    Version v1.0

%help
    to build me
    > sudo singularity build example.sif example.def
    to run me do
    > singularity run --containall --bind /my/out/dir/ example.sif
        the "--containall" flag prevents interactions with your system
        the "--bind /my/out/dir/" mounts a directory in your system
        this allows scripts in that directory to be accessed from the image
        and results from the image to persist in the directory
        It also allows the run script to call .bashrc
4

1 回答 1

2

这里发生了一些事情。

  1. 除非在主机系统上有您真正需要的东西,否则不要使用%setup. 它在主机操作系统上以 root 身份运行,并且很容易以您意想不到的方式破坏事物。
  2. 默认情况下,singularity 会将正在运行的用户挂载$HOME到容器中,因此您放入的任何内容都/home/...将被覆盖,除非用户使用--no-home. 出于这个原因,最佳实践建议不要安装到 $HOME
  3. 引用 $USER 时的所有步骤%post都将其设置为 root,因为它是运行时的用户(sudo singularity build ...),所以它实际上在做任何事情
  4. chmod -R 664- 这是破坏你的目录。您需要执行位才能实际访问目录,而不仅仅是读取

我已经调整了您的示例定义文件,以便按照您的意愿工作。评论解释了原因。

BootStrap: docker
From: ubuntu:18.04

%post
    # make print colour #
    GREEN='\033[0;32m'
    NOCOLOUR='\033[0m'
    PACKAGES=/packages

    # give all files 774 and directories 775 by default
    umask 002

    # start
    echo "${GREEN}~~~ install apt packages ~~~ ${NOCOLOUR}"
    # install everything at once and use apt-get for non-interactive installs
    apt-get -y update && apt-get install -y git wget vim-tiny nano make

    # create a symlink to vim instead of an alias
    ln -s $(which vim.tiny) /usr/local/bin/vim

    echo "${GREEN}~~~ Getting modified packages from github ~~~ ${NOCOLOUR}"
    # git clone in %post instead of %setup
    mkdir $PACKAGES
    cd $PACKAGES
    git clone https://github.com/rootpy/rootpy-tutorials.git

    echo "${GREEN}~~~ Making the packages ~~~ ${NOCOLOUR}"
    # need to implement
    echo do something here

%environment
    export PACKAGES=/packages

%runscript
    echo I am $(whoami)
    echo

    cd $PACKAGES
    echo I am in $PWD
    ls -la --color=auto
    echo

    echo vim is: $(which vim)

运行singularity run --containall example.sif给出:

I am tsnowlan

I am in /packages
total 0
drwxrwxr-x 3 root     root      39 May 28 12:23 .
drwxr-xr-x 1 tsnowlan tsnowlan  60 May 28 12:24 ..
drwxrwxr-x 6 root     root     117 May 28 12:23 rootpy-tutorials

vim is: /usr/local/bin/vim
于 2019-05-28T12:30:19.613 回答