From f4e326b8af3792d2cdded1ac487140c7bad28d33 Mon Sep 17 00:00:00 2001 From: Marco Mambelli Date: Fri, 1 Mar 2024 01:43:52 -0600 Subject: [PATCH] Added answers to students questions - 2024-03-01 --- _episodes/02-running-containers.md | 3 ++- _episodes/04-building-containers.md | 15 ++++++++++++++- _episodes/08-instances.md | 14 ++++++++++++-- 3 files changed, 28 insertions(+), 4 deletions(-) diff --git a/_episodes/02-running-containers.md b/_episodes/02-running-containers.md index 13b53ec..d9c6ece 100644 --- a/_episodes/02-running-containers.md +++ b/_episodes/02-running-containers.md @@ -264,8 +264,9 @@ with Apptainer available. > > ## Solution > > > > ```bash -> > apptainer exec docker://rootproject/root python3 +> > apptainer exec --cleanenv docker://rootproject/root python3 > > ``` +> > `--cleanenv` is optional but makes the command more robust (see Episode 4) > > > > ~~~ > > INFO: Using cached SIF image diff --git a/_episodes/04-building-containers.md b/_episodes/04-building-containers.md index ef92fea..4d8fbe0 100644 --- a/_episodes/04-building-containers.md +++ b/_episodes/04-building-containers.md @@ -54,15 +54,28 @@ apptainer build --sandbox myAlma9 docker://almalinux:9 The container name is `myAlma9`, and it has been initialized from the [official Docker image](https://hub.docker.com/_/almalinux) of AlmaLinux9. To initialize an interactive session use the `shell` command. And to write files within the sandbox directory use the `--writable` option. +The `--cleanenv` option is added to make sure that the host environment is not affecting the container. Finally, the installation of new components will require superuser access inside the container, so use also the `--fakeroot` option, unless you are already root also outside. ```bash -apptainer shell --writable --fakeroot myAlma9 +apptainer shell --cleanenv --writable --fakeroot myAlma9 Apptainer> whoami ``` ~~~ root ~~~ {: .output} +`--cleanenv` clears the environment. It has been added to make sure that the eventual setting of +Variables like PYTHONPATH or PYTHONHOME can affect the Python execution inside the container. +A corrupted Python environment could cause errors like "ModuleNotFoundError: No module named 'encodings'" +> ## Apptainer environment +> [Environment variables in Linux](https://www.geeksforgeeks.org/environment-variables-in-linux-unix/) +> are dynamic values that can affect programs and containers. +> Apptainer by default preserves most of the outside environment inside the container +> but has many options to control that. +> You can clear the environment with the `--cleanenv` option, you can set variables with `--env`. +> See the [Apptianer manual](https://apptainer.org/docs/user/main/environment_and_metadata.html)) +> for more options and details. +{: .callout} Depending on the Apptainer/Singularity installation (privileged or unprivileged) and the version, you may have some requirements, like the `fakeroot` utility or `newuidmap` and `newgidmap`. If you get an error when using `--fakeroot` have a look at the [fakeroot documentation](https://apptainer.org/docs/user/main/fakeroot.html). > ## `--fakeroot` is not root diff --git a/_episodes/08-instances.md b/_episodes/08-instances.md index 6a26bf8..0b7f58b 100644 --- a/_episodes/08-instances.md +++ b/_episodes/08-instances.md @@ -130,11 +130,13 @@ apptainer build --fakeroot basicServer.sif basicServer.def Now, let's start an instance named `myWebService` with the image that we just built ```bash -apptainer instance start --no-mount tmp basicServer.sif myWebService +apptainer instance start --no-mount tmp --cleanenv basicServer.sif myWebService ``` Reminder from the previous chapter: with `--no-mount tmp` we are asking Apptainer to NOT bind `/tmp` from the host to the instance (it is mounted by default), we use instead an isolated `/tmp` inside the instance where index.html has been copied. +And with `--cleanenv` we clear the environment. + You can confirm in the terminal that the web service is up using `curl` as ```bash @@ -217,7 +219,8 @@ Save the definition file as `jupyterWithROOT.def`, and let's build an image call ```bash apptainer build --fakeroot jupyterWithROOT.sif jupyterWithROOT.def ``` -Now, start an instance named `mynotebook` with our brand-new image +Now, start an instance named `mynotebook` with our brand-new image. +Consider using `--cleanenv` if needed. ```bash apptainer instance start jupyterWithROOT.sif mynotebook ``` @@ -243,6 +246,13 @@ http://localhost:8850/?token=12asldc9b2084f9b664b39a6246022312bc9c605b :: /home/ ~~~ {: .output} +> ## Notebook starting on a different port! +> If the chosen port for the Notebook (8850 stated in the SIF file) is not available, +> the notebook will not error out, but will start and use the first available port after that. +> E.g. if you did not terminate the web server from the previous example, +> The above command "jupyter notebook list" will show you the correct port. +{: .callout} + Open the URL with the token (from http to the first space), and you will be able to see the Jupyter interface. Try to open a new notebook and write in a cell to confirm that ROOT is available: ```python