Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support other OCI image sources in OCI launcher, via temp dir bundle. #1036

Closed
Tracked by #598
dtrudg opened this issue Oct 10, 2022 · 0 comments · Fixed by #1125
Closed
Tracked by #598

Support other OCI image sources in OCI launcher, via temp dir bundle. #1036

dtrudg opened this issue Oct 10, 2022 · 0 comments · Fixed by #1125
Labels
enhancement New feature or request roadmap Features / changes that are scheduled to be implemented
Milestone
SingularityCE 3.11

Comments

@dtrudg
Copy link
Member

dtrudg commented Oct 10, 2022
edited
Loading

In the OCI launcher flow, the launcher should be able to directly run from the following sources:

  • docker:
  • docker-daemon:
  • oci:
  • docker-archive:

This should be accomplished by setting up a temporary OCI bundle directory from the source image, which must be cleaned up when container execution completes.

A naive config.json will need to be setup. There is no support for arguments or options at this stage.
@dtrudg dtrudg mentioned this issue Oct 10, 2022
Closed
17 tasks
@dtrudg dtrudg added this to the SingularityCE 3.11 milestone Oct 10, 2022
@dtrudg dtrudg added enhancement New feature or request roadmap Features / changes that are scheduled to be implemented labels Oct 10, 2022
dtrudg added a commit to dtrudg/singularity that referenced this issue Nov 15, 2022
@dtrudg
feat: run OCI image sources via temporary bundle
7429d88 
When running containers in `--oci` mode, the argument to run is now an
image reference corresponding to a native OCI format handled by
containers/image, i.e.

* docker://
* docker-archive:
* docker-daemon:
* oci-archive:
* oci:

The source image is extracted into a temporary OCI bundle, with a
minimally valid configuration that:

* Runs the process specified by CMD & ENTRYPOINT only.
* Sets the environment specified by the image ENV only.

The approach is very naive - we pull through Singularity's OCI blob
cache into a temporary oci layout dir, before creating the bundle from
it. Auth handling for registries is not yet wired up. There is
duplication of various pieces of code from the build / SIF OCI flows
as these are not easily exposed to the area we are working in.

The intent of the PR, at this stage, is simply to allow e.g.

    singularity run --oci docker://sylabsio/lolcow

Closes sylabs#1036
@dtrudg dtrudg mentioned this issue Nov 15, 2022
Merged
dtrudg added a commit to dtrudg/singularity that referenced this issue Nov 15, 2022
@dtrudg
feat: run OCI image sources via temporary bundle
aced25b 
When running containers in `--oci` mode, the argument to run is now an
image reference corresponding to a native OCI format handled by
containers/image, i.e.

* docker://
* docker-archive:
* docker-daemon:
* oci-archive:
* oci:

The source image is extracted into a temporary OCI bundle, with a
minimally valid configuration that:

* Runs the process specified by CMD & ENTRYPOINT only.
* Sets the environment specified by the image ENV only.

The approach is very naive - we pull through Singularity's OCI blob
cache into a temporary oci layout dir, before creating the bundle from
it. Auth handling for registries is not yet wired up. There is
duplication of various pieces of code from the build / SIF OCI flows
as these are not easily exposed to the area we are working in.

The intent of the PR, at this stage, is simply to allow e.g.

    singularity run --oci docker://sylabsio/lolcow

Closes sylabs#1036
dtrudg added a commit to dtrudg/singularity that referenced this issue Nov 16, 2022
@dtrudg
feat: run OCI image sources via temporary bundle
87e87fa 
When running containers in `--oci` mode, the argument to run is now an
image reference corresponding to a native OCI format handled by
containers/image, i.e.

* docker://
* docker-archive:
* docker-daemon:
* oci-archive:
* oci:

The source image is extracted into a temporary OCI bundle, with a
minimally valid configuration that:

* Runs the process specified by CMD & ENTRYPOINT only.
* Sets the environment specified by the image ENV only.

The approach is very naive - we pull through Singularity's OCI blob
cache into a temporary oci layout dir, before creating the bundle from
it. Auth handling for registries is not yet wired up. There is
duplication of various pieces of code from the build / SIF OCI flows
as these are not easily exposed to the area we are working in.

The intent of the PR, at this stage, is simply to allow e.g.

    singularity run --oci docker://sylabsio/lolcow

Closes sylabs#1036
dtrudg added a commit to dtrudg/singularity that referenced this issue Nov 16, 2022
@dtrudg
feat: run OCI image sources via temporary bundle
ecb1efe 
When running containers in `--oci` mode, the argument to run is now an
image reference corresponding to a native OCI format handled by
containers/image, i.e.

* docker://
* docker-archive:
* docker-daemon:
* oci-archive:
* oci:

The source image is extracted into a temporary OCI bundle, with a
minimally valid configuration that:

* Runs the process specified by CMD & ENTRYPOINT only.
* Sets the environment specified by the image ENV only.

The approach is very naive - we pull through Singularity's OCI blob
cache into a temporary oci layout dir, before creating the bundle from
it. Auth handling for registries is not yet wired up. There is
duplication of various pieces of code from the build / SIF OCI flows
as these are not easily exposed to the area we are working in.

The intent of the PR, at this stage, is simply to allow e.g.

    singularity run --oci docker://sylabsio/lolcow

Closes sylabs#1036
edytuk pushed a commit to vzokay/apptainer that referenced this issue Dec 2, 2022
@dtrudg @edytuk
feat: run OCI image sources via temporary bundle
95e0134 
When running containers in `--oci` mode, the argument to run is now an
image reference corresponding to a native OCI format handled by
containers/image, i.e.

* docker://
* docker-archive:
* docker-daemon:
* oci-archive:
* oci:

The source image is extracted into a temporary OCI bundle, with a
minimally valid configuration that:

* Runs the process specified by CMD & ENTRYPOINT only.
* Sets the environment specified by the image ENV only.

The approach is very naive - we pull through Singularity's OCI blob
cache into a temporary oci layout dir, before creating the bundle from
it. Auth handling for registries is not yet wired up. There is
duplication of various pieces of code from the build / SIF OCI flows
as these are not easily exposed to the area we are working in.

The intent of the PR, at this stage, is simply to allow e.g.

    singularity run --oci docker://sylabsio/lolcow

Closes sylabs/singularity#1036

Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk pushed a commit to vzokay/apptainer that referenced this issue Dec 2, 2022
@dtrudg @edytuk
feat: run OCI image sources via temporary bundle
da50f0e 
When running containers in `--oci` mode, the argument to run is now an
image reference corresponding to a native OCI format handled by
containers/image, i.e.

* docker://
* docker-archive:
* docker-daemon:
* oci-archive:
* oci:

The source image is extracted into a temporary OCI bundle, with a
minimally valid configuration that:

* Runs the process specified by CMD & ENTRYPOINT only.
* Sets the environment specified by the image ENV only.

The approach is very naive - we pull through Singularity's OCI blob
cache into a temporary oci layout dir, before creating the bundle from
it. Auth handling for registries is not yet wired up. There is
duplication of various pieces of code from the build / SIF OCI flows
as these are not easily exposed to the area we are working in.

The intent of the PR, at this stage, is simply to allow e.g.

    singularity run --oci docker://sylabsio/lolcow

Closes sylabs/singularity#1036

Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk pushed a commit to vzokay/apptainer that referenced this issue Dec 5, 2022
@dtrudg @edytuk
feat: run OCI image sources via temporary bundle
578cfd1 
When running containers in `--oci` mode, the argument to run is now an
image reference corresponding to a native OCI format handled by
containers/image, i.e.

* docker://
* docker-archive:
* docker-daemon:
* oci-archive:
* oci:

The source image is extracted into a temporary OCI bundle, with a
minimally valid configuration that:

* Runs the process specified by CMD & ENTRYPOINT only.
* Sets the environment specified by the image ENV only.

The approach is very naive - we pull through Singularity's OCI blob
cache into a temporary oci layout dir, before creating the bundle from
it. Auth handling for registries is not yet wired up. There is
duplication of various pieces of code from the build / SIF OCI flows
as these are not easily exposed to the area we are working in.

The intent of the PR, at this stage, is simply to allow e.g.

    singularity run --oci docker://sylabsio/lolcow

Closes sylabs/singularity#1036

Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk pushed a commit to vzokay/apptainer that referenced this issue Feb 9, 2023
@dtrudg @edytuk
feat: run OCI image sources via temporary bundle
45c87c0 
When running containers in `--oci` mode, the argument to run is now an
image reference corresponding to a native OCI format handled by
containers/image, i.e.

* docker://
* docker-archive:
* docker-daemon:
* oci-archive:
* oci:

The source image is extracted into a temporary OCI bundle, with a
minimally valid configuration that:

* Runs the process specified by CMD & ENTRYPOINT only.
* Sets the environment specified by the image ENV only.

The approach is very naive - we pull through Singularity's OCI blob
cache into a temporary oci layout dir, before creating the bundle from
it. Auth handling for registries is not yet wired up. There is
duplication of various pieces of code from the build / SIF OCI flows
as these are not easily exposed to the area we are working in.

The intent of the PR, at this stage, is simply to allow e.g.

    singularity run --oci docker://sylabsio/lolcow

Closes sylabs/singularity#1036

Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk pushed a commit to vzokay/apptainer that referenced this issue Feb 23, 2023
@dtrudg @edytuk
feat: run OCI image sources via temporary bundle
167e72d 
When running containers in `--oci` mode, the argument to run is now an
image reference corresponding to a native OCI format handled by
containers/image, i.e.

* docker://
* docker-archive:
* docker-daemon:
* oci-archive:
* oci:

The source image is extracted into a temporary OCI bundle, with a
minimally valid configuration that:

* Runs the process specified by CMD & ENTRYPOINT only.
* Sets the environment specified by the image ENV only.

The approach is very naive - we pull through Singularity's OCI blob
cache into a temporary oci layout dir, before creating the bundle from
it. Auth handling for registries is not yet wired up. There is
duplication of various pieces of code from the build / SIF OCI flows
as these are not easily exposed to the area we are working in.

The intent of the PR, at this stage, is simply to allow e.g.

    singularity run --oci docker://sylabsio/lolcow

Closes sylabs/singularity#1036

Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk pushed a commit to vzokay/apptainer that referenced this issue Mar 31, 2023
@dtrudg @edytuk
feat: run OCI image sources via temporary bundle
d4b344f 
When running containers in `--oci` mode, the argument to run is now an
image reference corresponding to a native OCI format handled by
containers/image, i.e.

* docker://
* docker-archive:
* docker-daemon:
* oci-archive:
* oci:

The source image is extracted into a temporary OCI bundle, with a
minimally valid configuration that:

* Runs the process specified by CMD & ENTRYPOINT only.
* Sets the environment specified by the image ENV only.

The approach is very naive - we pull through Singularity's OCI blob
cache into a temporary oci layout dir, before creating the bundle from
it. Auth handling for registries is not yet wired up. There is
duplication of various pieces of code from the build / SIF OCI flows
as these are not easily exposed to the area we are working in.

The intent of the PR, at this stage, is simply to allow e.g.

    singularity run --oci docker://sylabsio/lolcow

Closes sylabs/singularity#1036

Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk pushed a commit to vzokay/apptainer that referenced this issue May 24, 2023
@dtrudg @edytuk
feat: run OCI image sources via temporary bundle
f676faa 
When running containers in `--oci` mode, the argument to run is now an
image reference corresponding to a native OCI format handled by
containers/image, i.e.

* docker://
* docker-archive:
* docker-daemon:
* oci-archive:
* oci:

The source image is extracted into a temporary OCI bundle, with a
minimally valid configuration that:

* Runs the process specified by CMD & ENTRYPOINT only.
* Sets the environment specified by the image ENV only.

The approach is very naive - we pull through Singularity's OCI blob
cache into a temporary oci layout dir, before creating the bundle from
it. Auth handling for registries is not yet wired up. There is
duplication of various pieces of code from the build / SIF OCI flows
as these are not easily exposed to the area we are working in.

The intent of the PR, at this stage, is simply to allow e.g.

    singularity run --oci docker://sylabsio/lolcow

Closes sylabs/singularity#1036

Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk pushed a commit to vzokay/apptainer that referenced this issue May 24, 2023
@dtrudg @edytuk
feat: run OCI image sources via temporary bundle
ebd3c2a 
When running containers in `--oci` mode, the argument to run is now an
image reference corresponding to a native OCI format handled by
containers/image, i.e.

* docker://
* docker-archive:
* docker-daemon:
* oci-archive:
* oci:

The source image is extracted into a temporary OCI bundle, with a
minimally valid configuration that:

* Runs the process specified by CMD & ENTRYPOINT only.
* Sets the environment specified by the image ENV only.

The approach is very naive - we pull through Singularity's OCI blob
cache into a temporary oci layout dir, before creating the bundle from
it. Auth handling for registries is not yet wired up. There is
duplication of various pieces of code from the build / SIF OCI flows
as these are not easily exposed to the area we are working in.

The intent of the PR, at this stage, is simply to allow e.g.

    singularity run --oci docker://sylabsio/lolcow

Closes sylabs/singularity#1036

Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk pushed a commit to vzokay/apptainer that referenced this issue Jun 14, 2023
@dtrudg @edytuk
feat: run OCI image sources via temporary bundle
f04cc7f 
When running containers in `--oci` mode, the argument to run is now an
image reference corresponding to a native OCI format handled by
containers/image, i.e.

* docker://
* docker-archive:
* docker-daemon:
* oci-archive:
* oci:

The source image is extracted into a temporary OCI bundle, with a
minimally valid configuration that:

* Runs the process specified by CMD & ENTRYPOINT only.
* Sets the environment specified by the image ENV only.

The approach is very naive - we pull through Singularity's OCI blob
cache into a temporary oci layout dir, before creating the bundle from
it. Auth handling for registries is not yet wired up. There is
duplication of various pieces of code from the build / SIF OCI flows
as these are not easily exposed to the area we are working in.

The intent of the PR, at this stage, is simply to allow e.g.

    singularity run --oci docker://sylabsio/lolcow

Closes sylabs/singularity#1036

Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk pushed a commit to vzokay/apptainer that referenced this issue Jun 14, 2023
@dtrudg @edytuk
feat: run OCI image sources via temporary bundle
7fada0e 
When running containers in `--oci` mode, the argument to run is now an
image reference corresponding to a native OCI format handled by
containers/image, i.e.

* docker://
* docker-archive:
* docker-daemon:
* oci-archive:
* oci:

The source image is extracted into a temporary OCI bundle, with a
minimally valid configuration that:

* Runs the process specified by CMD & ENTRYPOINT only.
* Sets the environment specified by the image ENV only.

The approach is very naive - we pull through Singularity's OCI blob
cache into a temporary oci layout dir, before creating the bundle from
it. Auth handling for registries is not yet wired up. There is
duplication of various pieces of code from the build / SIF OCI flows
as these are not easily exposed to the area we are working in.

The intent of the PR, at this stage, is simply to allow e.g.

    singularity run --oci docker://sylabsio/lolcow

Closes sylabs/singularity#1036

Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk pushed a commit to vzokay/apptainer that referenced this issue Jun 16, 2023
@dtrudg @edytuk
feat: run OCI image sources via temporary bundle
8f70aa9 
When running containers in `--oci` mode, the argument to run is now an
image reference corresponding to a native OCI format handled by
containers/image, i.e.

* docker://
* docker-archive:
* docker-daemon:
* oci-archive:
* oci:

The source image is extracted into a temporary OCI bundle, with a
minimally valid configuration that:

* Runs the process specified by CMD & ENTRYPOINT only.
* Sets the environment specified by the image ENV only.

The approach is very naive - we pull through Singularity's OCI blob
cache into a temporary oci layout dir, before creating the bundle from
it. Auth handling for registries is not yet wired up. There is
duplication of various pieces of code from the build / SIF OCI flows
as these are not easily exposed to the area we are working in.

The intent of the PR, at this stage, is simply to allow e.g.

    singularity run --oci docker://sylabsio/lolcow

Closes sylabs/singularity#1036

Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk pushed a commit to vzokay/apptainer that referenced this issue Jul 4, 2023
@dtrudg @edytuk
feat: run OCI image sources via temporary bundle
7daac21 
When running containers in `--oci` mode, the argument to run is now an
image reference corresponding to a native OCI format handled by
containers/image, i.e.

* docker://
* docker-archive:
* docker-daemon:
* oci-archive:
* oci:

The source image is extracted into a temporary OCI bundle, with a
minimally valid configuration that:

* Runs the process specified by CMD & ENTRYPOINT only.
* Sets the environment specified by the image ENV only.

The approach is very naive - we pull through Singularity's OCI blob
cache into a temporary oci layout dir, before creating the bundle from
it. Auth handling for registries is not yet wired up. There is
duplication of various pieces of code from the build / SIF OCI flows
as these are not easily exposed to the area we are working in.

The intent of the PR, at this stage, is simply to allow e.g.

    singularity run --oci docker://sylabsio/lolcow

Closes sylabs/singularity#1036

Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk pushed a commit to vzokay/apptainer that referenced this issue Jul 11, 2023
@dtrudg @edytuk
feat: run OCI image sources via temporary bundle
9a2b1fb 
When running containers in `--oci` mode, the argument to run is now an
image reference corresponding to a native OCI format handled by
containers/image, i.e.

* docker://
* docker-archive:
* docker-daemon:
* oci-archive:
* oci:

The source image is extracted into a temporary OCI bundle, with a
minimally valid configuration that:

* Runs the process specified by CMD & ENTRYPOINT only.
* Sets the environment specified by the image ENV only.

The approach is very naive - we pull through Singularity's OCI blob
cache into a temporary oci layout dir, before creating the bundle from
it. Auth handling for registries is not yet wired up. There is
duplication of various pieces of code from the build / SIF OCI flows
as these are not easily exposed to the area we are working in.

The intent of the PR, at this stage, is simply to allow e.g.

    singularity run --oci docker://sylabsio/lolcow

Closes sylabs/singularity#1036

Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk pushed a commit to vzokay/apptainer that referenced this issue Jul 21, 2023
@dtrudg @edytuk
feat: run OCI image sources via temporary bundle
49a0835 
When running containers in `--oci` mode, the argument to run is now an
image reference corresponding to a native OCI format handled by
containers/image, i.e.

* docker://
* docker-archive:
* docker-daemon:
* oci-archive:
* oci:

The source image is extracted into a temporary OCI bundle, with a
minimally valid configuration that:

* Runs the process specified by CMD & ENTRYPOINT only.
* Sets the environment specified by the image ENV only.

The approach is very naive - we pull through Singularity's OCI blob
cache into a temporary oci layout dir, before creating the bundle from
it. Auth handling for registries is not yet wired up. There is
duplication of various pieces of code from the build / SIF OCI flows
as these are not easily exposed to the area we are working in.

The intent of the PR, at this stage, is simply to allow e.g.

    singularity run --oci docker://sylabsio/lolcow

Closes sylabs/singularity#1036

Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
edytuk pushed a commit to vzokay/apptainer that referenced this issue Jul 24, 2023
@dtrudg @edytuk
feat: run OCI image sources via temporary bundle
85e31bd 
When running containers in `--oci` mode, the argument to run is now an
image reference corresponding to a native OCI format handled by
containers/image, i.e.

* docker://
* docker-archive:
* docker-daemon:
* oci-archive:
* oci:

The source image is extracted into a temporary OCI bundle, with a
minimally valid configuration that:

* Runs the process specified by CMD & ENTRYPOINT only.
* Sets the environment specified by the image ENV only.

The approach is very naive - we pull through Singularity's OCI blob
cache into a temporary oci layout dir, before creating the bundle from
it. Auth handling for registries is not yet wired up. There is
duplication of various pieces of code from the build / SIF OCI flows
as these are not easily exposed to the area we are working in.

The intent of the PR, at this stage, is simply to allow e.g.

    singularity run --oci docker://sylabsio/lolcow

Closes sylabs/singularity#1036

Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request roadmap Features / changes that are scheduled to be implemented
Projects
None yet
Milestone
SingularityCE 3.11
Development

Successfully merging a pull request may close this issue.

feat: run OCI image sources via temporary bundle dtrudg/singularity
1 participant
@dtrudg