You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
SingularityCE 3.11 is was released in February 2023.
3.11 Features
Monitor CDI / Intermediate nvidia library GPU setup support
NVIDIA's GPU library support for containers is moving toward the upcoming CDI (container device interface) standard. There may be an intermediate strategy with a revised nvidia-container-cli. Track these changes to support current generations of NVIDIA container setup libraries / utilities. As of Nov, no action needed for 3.11.
Continue Removal of Code Supporting Legacy Distros Removal of Code Supporting Legacy Distros (3.10 tasks) #82
SingulartyCE contains various workarounds for RHEL6 / 2.6 kernel, old versions of invoked external programs etc. Special cases supporting these distributions can be removed gradually through 3.10 and beyond. This will reduce code and testing complexity. Completed for 3.11
Support for Dockerfile USER Support for Dockerfile USER (--oci mode) #77
SingularityCE has a 'fakeroot engine' that is able to configure a container run so that subuid/subgid configuration is used. This type of functionality opens the possibiity of carrying through USER specifications from Docker containers, so that their payload can run as the expected username. Updated - this will now be addressed via native OCI image execution.
Experimental support for run/shell/exec of native OCI containers via OCI engine
Support execution of OCI images, in OCI native on-disk format, via runc OCI engine - but with the familiar Singularity CLI. Merged.
Target support for the following subset of options/flags in 3.11.
--fakeroot
Bind mounts
Namespace requests
--env / --envfile / SINGULARITYENV_
--apply-cgroups / resource limit flags.
--rocm / --nv (binding method)
No handling of --network, --security options etc.
Instance Stats - Enable monitoring of instance resource usage via cgroups. Initial work by vsoch has been done at Add/container stats #784. Remaining tasks to make this more broadly applicable at Updates for instance stats #785 Merged.
proot facilitated non-root builds - When a user does not have a subuid/subgid mapping, allow a singularity build to run unprivileged with proot providing root user emulation. Merged.
Support for kernel unprivileged overlay mount - use overlay instead of underlay, allow writable-tmpfs, directory overlay unprivileged, where unpriv overlay supported by the kernel. Merged.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
SingularityCE 3.11 is was released in February 2023.
3.11 Features
Monitor CDI / Intermediate nvidia library GPU setup supportAs of Nov, no action needed for 3.11.NVIDIA's GPU library support for containers is moving toward the upcoming CDI (container device interface) standard. There may be an intermediate strategy with a revised
nvidia-container-cli. Track these changes to support current generations of NVIDIA container setup libraries / utilities.Continue Removal of Code Supporting Legacy Distros
Removal of Code Supporting Legacy Distros (3.10 tasks) #82Completed for 3.11SingulartyCE contains various workarounds for RHEL6 / 2.6 kernel, old versions of invoked external programs etc. Special cases supporting these distributions can be removed gradually through 3.10 and beyond. This will reduce code and testing complexity.
Support for Dockerfile USER
Support for Dockerfile USER (--oci mode) #77SingularityCE has a 'fakeroot engine' that is able to configure a container run so that subuid/subgid configuration is used. This type of functionality opens the possibiity of carrying through
USERspecifications from Docker containers, so that their payload can run as the expected username. Updated - this will now be addressed via native OCI image execution.Experimental support for run/shell/exec of native OCI containers via OCI engineMerged.Support execution of OCI images, in OCI native on-disk format, via runc OCI engine - but with the familiar Singularity CLI.
Target support for the following subset of options/flags in 3.11.
--fakeroot--env / --envfile / SINGULARITYENV_--apply-cgroups/ resource limit flags.--rocm / --nv(binding method)No handling of
--network,--securityoptions etc.Instance Stats - Enable monitoring of instance resource usage via cgroups. Initial work by vsoch has been done at Add/container stats #784. Remaining tasks to make this more broadly applicable at Updates for instance stats #785Merged.PEM / x509 signing & verification - Allow containers to be signed and verified using PEM keypairs, and x509 certificates. See Support sign/verify with X.509 certificates #1095Merged.proot facilitated non-root builds - When a user does not have a subuid/subgid mapping, allow aMerged.singularity buildto run unprivileged withprootproviding root user emulation.Support for kernel unprivileged overlay mount - use overlay instead of underlay, allow writable-tmpfs, directory overlay unprivileged, where unpriv overlay supported by the kernel.Merged.Beta Was this translation helpful? Give feedback.
All reactions