Last week, Singularity – the fast-growing HPC container technology whose development has been spearheaded by Gregory Kurtzer at Lawrence Berkeley National Lab – took a step ‘out of the lab’ with formation of SingularityWare LLC by Kurtzer. In this Q&A interview with HPCwire, Kurtzer discusses Singularity’s history, adoption and technology trends, and what the organizational change means for Singularity and its growing user base. Singularity remains firmly in the open domain says Kurtzer.
Container technology, of course, isn’t new. Docker containers and its ecosystem of tools have stormed through the enterprise computing environment. Enhanced application portability, reproducibility, and collaborative development efforts are among the many attractions. HPC was late to this party, or perhaps more accurately Docker was less than ideal for HPC. For example, security issues and inability to run well in closely-coupled computing environments were prominent stumbling blocks.
Singularity was developed specifically to solve those problems and to accommodate HPC needs and it has enjoyed surprisingly rapid adoption. Kurtzer started working on the project in November of 2015 and release 1.0 was roughly one year ago in April 2016; the latest release, 2.2.1, was issued in February 2017.
Kurtzer says that Open Science Grid has already served roughly 20 million containers in Singularity. A listing of existing Singularity users and the computational resources being used is available for download at the Singularity web site (still hosted at LBNL, at least for the moment). Some of the institutions working with Singularity include: TACC, San Diego Supercomputer Center, GSI Helmholtz Center for Heavy Ion Research, NIH, Stanford University, and LBNL. There is also a small scattering of commercial users.
More than many, Kurtzer in his role as HPC systems architect and technical lead of the HPC group at LBNL has had a close eye on efforts to adapt containers for use in HPC. Incidentally, he will remain a scientific advisor for LBNL but become CEO of SingularityWare, which is being funded by another start-up, RStor. Parsing the SingularityWare-RStor relationship seems a little fuzzy at present but these are early days. Kurtzer informed the community of the new changes under the heading ‘Big Singularity Announcement‘ last Friday.
HPCwire: Container use – mostly Docker – grew rapidly in the enterprise/commercial space; what did you see as the need and role for container technology in HPC at the start of the Singularity project?
Greg Kurtzer: This occurred in chronologic steps. First the problem to solve was, how do we support Docker on our HPC resources. Scientists were asking for it, begging for it in fact, yet no HPC centers were able to install Docker on their traditional HPC systems. After dedicating some time to this, talking to many other resource providers, and integrators, and becoming very frustrated at the inherent incompatibilities. Then I had the novel idea of talking to the scientists. Learning from them what they need. Understanding what problems Docker was solving for them and how best to address that.
These problems that Docker solved for scientists really boiled down to: software environment reproducibility, environment mobility/agility, the ability to leverage the work of their peers, control of their own software stack, and the ability to do all of the above intuitively. But in HPC and on supercomputers, Docker has been deemed a non-starter due to its usage model. For example it would allow users to control a root owned damon process, without appropriate precautions in place to securely access and control data or limit escalation of user contexts. Nor is it generally compatible with resource manager workflows or compatible with MPI workloads, among lots of other factors. So while Docker was working fine for scientists using loosely coupled or non-parallel applications on private resources just fine, it is a dead end path for anyone requiring to scale up to supercomputers.
Singularity approached this from the perspective of, what problems do we really need to solve for science and compute, and what was found is that there is a much more appropriate manner to solve these problems than shoe-horning Docker, a solution designed for enterprise micro-service virtualization, onto scientific computing.
HPCwire: Can you give a few numbers to illustrate Singularity’s growth? Roughly how many users does Singularity have today, what’s been the rate of growth, and what segments (academia, labs, etc.) have been the most active and why? What does the typical user(s) look like?
Kurtzer: This is really hard to keep track of. I had someone recently come up to me and say “In less than a year, Singularity went from being unheard of to a standard component on every HPC resource I have access to!”. I had no response, but was jumping up and down excitedly … on the inside.
Along the effort of trying to keep up, I created a Google form that allows people to self register their system. On this voluntary registry you will find some of the largest public HPC resources in the world. One of them, at any given moment, is running 2000 Singularity containers at a time. The OSG (Open Science Grid) has served up well over twenty million containers with Singularity! I can go on, but the gist is that Singularity has been adopted faster than I could keep up with development, support and maintenance.
HPCwire: What have been the dominant use cases (research, development/prototyping, production, etc.) and how do you see that changing over time? Could you briefly cite a couple of examples of Singularity users and what they are using it for?
Kurtzer: I can elaborate on a couple of very general usage examples:
A scientist has a workload where the dependencies and environment is difficult to (re)create or includes some binary components specific to a particular distribution or flavor of Linux. Singularity will allow this scientist to build a container that properly addresses the dependencies. Once this has been done, that container can be copied to any system (private/local, HPC, or cloud) that the scientist has access to and run that container; assuming of course that Singularity has been installed on that host.
Cloud computing resources are becoming more common, a single Singularity container image can include all of the dependencies necessary to bring that workload from site to site and cloud to center. A result of the image being a single file makes it very easy to “carry around” an image that has all of the applications, tools and environment you may need.
Not all scientific workflows are public, many scientific libraries, programs and data are controlled (export, classified, trade secrets, etc.) which makes managing the visibility and access to these containers critical. Singularity’s use of single file images, like any file on a local file system, abide by standard POSIX permissions, makes Singularity a very capable technology for this use-case.
HPCwire: Maybe we should briefly describe what Singularity is and its underlying technology. What are the key features today, what feature gaps have been identified, and what’s the technology roadmap going forward? I realize the latter may not yet be fleshed out. How do Power- and ARM-based systems fit into the plans?
Kurtzer: Singularity is a container platform designed to support containers utilizing a single image file which allows users to have full control of where and how their containers are accessed and used. Embedded in the container image file is the entire encapsulation of the contained environment, and running any program, script, workflow, or accessing any data within, is as easy as running any command line program. Singularity can also deal with other container formats like Squash FS based containers and Docker containers, but these other formats are less optimal as general purpose Singularity containers.
Comparing to Docker and other enterprise container systems, these focus on the necessity for full process isolation and strive to give the illusion of sole occupancy on the physical host. For scientific compute, the goal is almost 180 degrees opposite. We want to leverage the host’s resources as directly and efficiently as possible. That may include file systems, interconnects and GPUs. Isolation from these services becomes a detriment in terms of our needs.
I have already ported Singularity to Power and it worked “out of the box” on ARM, but I don’t have much access to these architectures, so I don’t test much on them.
HPCwire: How should we relate Singularity to Docker? Are they competitive or likely to bump against each other in the HPC community?
Kurtzer: Traditionally, HPC is referring to a subset of use cases, where the applications are very tightly coupled, based on MPI (or PVM), and they require non-commodity internets for decent performance, and can scale to gigantic extreme scales. While this form of scientific computing is relatively small compared to the overall range of scientific computing in general (e.g. the long tails), large centers have to build computing resources capable of supporting this highest uncommon denominator of computing. As a result, for a container system to run on this resource it must be compatible with this architecture.
Docker is designed for micro-service virtualization. While some of the enterprise feature sets as I mentioned previously fit the scientific uses, Docker is not designed or compatible with the general multi-tenant shared compute architectures traditionally implemented on traditional HPC that I described above. For this reason, in HPC, I see no competition, as Docker just isn’t an option.
But outside of the traditional HPC, as we look more to the generalized scientific application stack, we do see that Docker is being used for local private use-cases. Here scientists now have options, with neither tool being “wrong” when it works. Singularity as a result is building in native compatibility with Docker; for example, in Singularity, you can run a container directly or bootstrap a new container image from a remote Docker registry, without having any Docker bits installed on your host.
Thus commands like:
$ singularity shell –nv docker://tensorflow/tensorflow:latest-gpu would work exactly as expected.
BTW, the above command demonstrates how to run GPU enabled Tensorflow utilizing Singularity’s native Nvidia GPU support, without having Tensorflow installed on the host. After installing Singularity (at present from the ‘development’ GitHub branch), it takes approx 30 seconds to start running programs like this.
HPCwire: Given the move to a for-profit organization, what are the expansion plans for Singularity’s user base/target market?
Kurtzer: While being funded primarily by the government, Singularity had limitations in terms of funding, partners, support and growth. Now that we have a sustainable funding and growth model, it is all about building the team, and developing new features! Some of these features will include support for backgrounded processes (daemons), trusted computing, integration with cloud orchestration platforms like Kubernetes and Mesos, as well as optimization for object stores. We will hopefully expand our use base even more by addressing more of the scientific use cases – e.g. the above command with Nvidia/Cuda support is an example of that – and the “target market” and project goals and direction, will remain the same.
HPCwire: Many job schedulers (e.g. Univa) and “cloud orchestrators” (e.g. Cycle Computing) have worked to become “container” friendly; do you expect the same will happen for Singularity?
Well, Singularity is job scheduler neutral. Any user can add Singularity container commands into their own batch scripts (as long as Singularity is installed) thus all resource managers are supported. As far as orchestration systems outside of traditional HPC, yes! We are recruiting people right now to help with that.
HPCwire: What does moving Singularity into SingularityWare mean for you personally?
Kurtzer: My previous capacity at LBNL was HPC systems architect and technical lead of the HPC group. After I developed Singularity, my “day job” did not vanish, so Singularity has been a side project that I’ve been working on primarily in the evenings and weekends. Working with RStor to create SingularityWare, LLC., has enabled me to focus my time and efforts to Singularity development and building the community and project by making it my primary effort.
HPCwire: As a for profit entity, SingularityWare’s goals and aspirations are presumably somewhat different?
Kurtzer: SingularityWare, LLC, is a hosting platform for Singularity (and Warewulf) rather than a for profit entity. As with any thriving project, it is important not to change anything, but only add value. This means there will be no changes in the existing support, development, contributions or release models that people have become accustomed to. Additionally, because there is no part of the fiscal sustainability model that relies on commercial support contracts, services, consulting or paid licenses, means that there is no pressure to “sell” Singularity.
Of course, if you find that you need more support services than what is currently provided via the open source community, then our door is always open. This is also the same now for technology partnerships.
HPCwire: Perhaps review the changes along the lines of how users will/can receive support, what (products) to expect from SingularityWare, and how community contributions will be handled?
Kurtzer: Given that RStor is funding my time (and others) for Singularity development, I would raise my hand, on behalf of my team at RStor as a provider of support and services for Singularity. As far as community contributions, all commits originating from RStor will assign copyright to SingularityWare, LLC. Contributions from other sources will be maintained and accepted exactly as they do now.
HPCwire: So what’s your new title and are you building a staff at SingularityWare?
Kurtzer: At RStor, my title is “Senior Architect” and YES, I am looking to hire developers! C programmers, Python, and Go developers please send me your resumes ASAP! I am also interested in working with academia and helping them receive funding for interns, grads and postdocs to contribute to Singularity. With regard to SingularityWare, LLC… I suppose I have the fancy title of CEO of a one person company.
HPCwire: I couldn’t find much online about RStor. What does partner/support mean here? What’s the relationship between the two. Will you have a position at RStor?
Kurtzer: To reiterate above, my primary responsibility at RStor is development and leadership of Singularity to which they are providing me a team. But given that they are doing some fantastic stuff, I find myself drawn to be part of helping to make sure their storage platform is highly optimized for the use-cases that hit home personally for me (e.g. Research Data Management – RDM).
This is one of the reasons I decided on this path; an appropriate RDM solution is severely lacking in the scientific industry. When I learned what RStor was planning on doing I became very excited with their direction and was impressed by their leadership and vision. I saw that RDM became easily tangible thanks to the technologies they are creating and if you couple RDM with Singularity single image file based containerization, you end up with the holy grail of reproducible and agile computing.
HPCwire: What haven’t I asked that I should? Please add what you think is important.
Kurtzer: Warewulf is another project that I lead and it is a widely utilized cluster management and provisioning system. Warewulf has been around for 15+ years and currently the basis of provisioning for OpenHPC. I have giant grand visions and have had many discussions with Intel, other national labs, and other corporates about how to make Warewulf exascale ready. I also have commitment from RStor to facilitate this as well.