Warm tip: This article is reproduced from serverfault.com, please click
continuous-integration docker gitlab-ci virtualization singularity-container

docker-使用GitLab CI构建奇异容器

(docker - Build Singularity container using GitLab CI)

发布于 2020-11-26 03:49:34

我想在GitLab CI中建立一个奇异的图像。不幸的是,官方的容器失败了:

Running with gitlab-runner 13.5.0 (ece86343) on gitlab-ci d6913e69
Preparing the "docker" executor
Using Docker executor with image quay.io/singularity/singularity:v3.7.0 ...
Pulling docker image quay.io/singularity/singularity:v3.7.0 ...
Using docker image sha256:46d3827bfb2f5088e2960dd7103986adf90f2e5b4cbea9eeb0b0eacfe10e3420 for quay.io/singularity/singularity:v3.7.0 with digest quay.io/singularity/singularity@sha256:def886335e36f47854c121be0ce0c70b2ff06d9381fe8b3d1894fee689615624 ...
Preparing environment
Running on runner-d6913e69-project-2906-concurrent-0 via <gitlab.url>...
Getting source from Git repository
Fetching changes with git depth set to 50...
Reinitialized existing Git repository in <repo-path>
Checking out 708cc829 as master...
Skipping Git submodules setup
Executing "step_script" stage of the job script
Error: unknown command "sh" for "singularity"

刚开始时,使用这样的工作:

build-singularity:
  image: quay.io/singularity/singularity:v3.7.0
  stage: singularity
  script:
    - build reproduction/pipeline/semrepro-singularity/semrepro-singularity.sif reproduction/pipeline/semrepro-singularity/semrepro-singularity.def
  only:
    changes:
      - reproduction/pipeline/semrepro-singularity/semrepro-singularity.def
      - reproduction/pipeline/semrepro-singularity/assets/mirrorlist
      - .gitlab/ci/build-semrepo-singularity.yml
  artifacts:
    paths:
      - reproduction/pipeline/semrepro-singularity/semrepro-singularity.sif
    expire_in: 1 hour
  interruptible: true

对我来说,好像GitLab正在尝试使用不存在的shell?他们应该如何工作?官方示例中,他们使用的是Docker映像的特殊版本,称为-gitlab,但不幸的是,该版本不再可用。有任何想法吗?我无法想象不可能在CI中建立奇异容器吗?在此先多谢!

编辑:根据@tsnowlan的答案,覆盖入口点可解决上述问题。但是,现在构建因以下原因而失败:

singularity build semrepro-singularity.sif semrepro-singularity.def
INFO:    Starting build...
INFO:    Downloading library image
84.1MiB / 84.1MiB [========================================] 100 % 28.7 MiB/s 0s
ERROR:   unpackSIF failed: root filesystem extraction failed: extract command failed: ERROR  : Failed to create user namespace: not allowed to create user namespace: exit status 1
FATAL:   While performing build: packer failed to pack: root filesystem extraction failed: extract command failed: ERROR  : Failed to create user namespace: not allowed to create user namespace: exit status 1
Cleaning up file based variables
ERROR: Job failed: exit code 1

有任何想法吗?

Questioner
LukeLR
Viewed
12
分享
tsnowlan 2020-12-02 01:10:48

你需要稍微调整一下它,使其与gitlab CI配合使用。我发现最简单的方法是破坏docker入口点,并使脚本步骤成为完整的奇点构建命令。我们正在使用它来构建v3.6.4的奇点图像,但它也应与v3.7.0一起使用。

例如,

build-singularity:
  image: 
    name: quay.io/singularity/singularity:v3.7.0
    entrypoint: [""]
  stage: singularity
  script:
    - singularity build reproduction/pipeline/semrepro-singularity/semrepro-singularity.sif reproduction/pipeline/semrepro-singularity/semrepro-singularity.def
  ...

编辑:使用的gitlab-runner也必须已privileged启用。这是gitlab.com共享运行程序的默认设置,但是如果使用自己的运行程序,则需要确保在其配置中进行了设置。

LukeLR 2020-12-01 16:23:51

非常感谢!确实,这解决了建筑甚至无法开始的最初问题!但是,它遇到了另一个我在尝试制作自制docker映像时遇到的问题。我以为这可能是我的自定义Docker问题的问题,但显然不是。构建失败,并显示ERROR: unpackSIF failed: root filesystem extraction failed: extract command failed: ERROR : Failed to create user namespace: not allowed to create user namespace有任何想法吗?

tsnowlan 2020-12-01 16:26:41

我忘了须藤。使用它,它应该工作

tsnowlan 2020-12-01 16:27:29

等待,不,它应该以root用户身份运行。真奇怪

tsnowlan 2020-12-01 16:44:24

啊哈,是的,我想就是这样。我们运行与一起运行的自己的gitlab-runners --privileged虽然看起来共享跑步者也应该如此:docs.gitlab.com/13.6/ee/user/gitlab_com/…

tsnowlan 2020-12-01 17:08:03

嗯,如果您在托管实例上运行,那么您将不走运,直到他们在运行器上启用特权模式为止。对于docker-in-docker或singularity-in-docker来说这是一个艰巨的要求

热门帖子

1
求推荐硬路由(1000 内)
2
学英语的朋友们可以来看看 https://langplayground.top/
3
华中科大的计算机技术的在职硕士,职场认可度如何?
4
十兆宽带 100 块钱一个月我是活在 80 年代吗?
5
关于高质量 屏幕共享的问题
6
我是真的受不了打小报告的三八了!
7
怎么管理自己的文件体系
8
[开发者自荐] AirBattery: 在 Mac 端获取所有设备的电量并显示在 Dock 或状态栏上
9
南京移动 IPV6 被停
10
WireGuard 跨国组网失败后,一个新工具的诞生

热门github

1
Implementation of paper - YOLOv9: Learning What You Want to Learn Using Programmable Gradient Information (翻译:论文实现——YOLOv9: Learning What You Want to Learn using Programmable Gradient Information(利用可编程梯度信息学习您想学的内容))
2
A Windows and Office activator using HWID / Ohook / KMS38 / Online KMS activation methods, with a focus on open-source code and fewer antivirus detections. (翻译:使用 HWID / KMS38 / Online KMS 激活方法激活 Microsoft 产品的脚本集合,重点是开源代码、较少的防病毒检测和用户友好性。)
3
Get up and running with Llama 2, Mistral, Gemma, and other large language models. (翻译:启动并运行 Llama 2、Mistral、Gemma 和其他大型语言模型。)
4
该项目可以让你通过订阅的方式使用Cloudflare WARP+,自动获取流量。This project enables you to use Cloudflare WARP+ through subscription, automatically acquiring traffic.
5
Multi functional app to find duplicates, empty folders, similar images etc. (翻译:多功能应用程序可查找重复项、空文件夹、相似图像等。)
6
Xray panel supporting multi-protocol multi-user expire day & traffic & ip limit (Vmess & Vless & Trojan & ShadowSocks & Wireguard) (翻译:Xray面板支持多协议多用户到期日&流量&IP限制(Vmess & Vless & Trojan & ShadowSocks & Wireguard)
7
The Free Software Media System (翻译:Jellyfin 是一个免费软件媒体系统,可让您控制管理和流式传输您的媒体。它是专有 Emby 和 Plex 的替代方案,通过多个应用程序从专用服务器向最终用户设备提供媒体。)
8
lightweight, standalone C++ inference engine for Google's Gemma models. (翻译:适用于 Google Gemma 模型的轻量级独立 C++ 推理引擎。)
9
📚 Freely available programming books (翻译:📚 免费提供的编程书籍)
10
A collective list of free APIs (翻译:免费 API 的集合列表)
11
1️⃣🐝🏎️ The One Billion Row Challenge -- A fun exploration of how quickly 1B rows from a text file can be aggregated with Java (翻译:十亿行挑战 —— 使用 Java 对文本文件中的 10 亿行数据进行聚合的有趣探索)
12
🎓 Path to a free self-taught education in Computer Science! (翻译:🎓计算机科学免费自学教程!)
13
Curso para aprender el lenguaje de programación Python desde cero y para principiantes. 75 clases, 37 horas en vídeo, código, proyectos y grupo de chat. Fundamentos, frontend, backend, testing, IA... (翻译:从零开始学习 Python 编程语言的课程,适合初学者)
14
This repository contains System Design resources which are useful while preparing for interviews and learning Distributed Systems (翻译:该存储库包含系统设计资源,在准备面试和学习分布式系统时非常有用)
15
Mamba is a new state space model architecture showing promising performance on information-dense data such as language modeling, where previous subquadratic models fall short of Transformers. It is based on the line of progress on structured state space models, with an efficient hardware-aware design and implementation in the spirit of FlashAttention. (翻译:Mamba 是一种新的状态空间模型架构,在信息密集型数据(例如语言建模)上显示出良好的性能,而之前的二次模型在 Transformers 方面存在不足。它基于结构化状态空间模型的进展,并本着FlashAttention的精神进行高效的硬件感知设计和实现。)