[template] needed for Singularity

[vsoch]

As discussed in #4 , a Singularity ready template would be desired ! Specifically, this can also build a Docker container, but with intention to import into Singularity. I summarized the issue (and current workaround) in the issue above as follows:

• Docker lets you write anywhere. This means that putting stuffs in /home/username is a reasonable solution for any future Docker usage.
• Singularity conversion maintains actual user ownership, so this location doesn't have write access and the notebook won't work
• There is a workaround to allow for using the container and writing notebooks to the $PWD the notebook is started in -
  • bind the files that need write (/home/userhome/.local) to the user's actual home .local (./home/<username/.local)
  • set the container --home to be the actual user home (it was getting overridden by $HOME set in the container)
  • but the previous notebooks from repo2binder are still in /home/username and thus not writable!

What is needed is a builder template for Singularity that takes these things into account. Possibly creating / using a location with read/write permissions for all?

[betatim]

Don't know much about singularity, so maybe this is a red herring:

By default repo2docker will use the UID and user name of the user that is executing repo2docker to decide where to place the files. So on my laptop things end up in /home/thead with the permissions and ownership setup to match those from the host system. Would this help here? As in is the host user allowed to write to /home/$USER?

[vsoch]

The repo2docker (general) strategy to define a home folder for the user that originally created it makes a lot of sense! However, the continuous builder that we have now sets (artificially) the username in the container to be just "username" - and this is because the end of the line user cannot be predicted (e.g., if I build a container with /home/vanessa it wouldn't correspond with some other user /home/thead ! So we set the username to be username and the files wind up in /home/username. This is again not an issue for Docker - you shell in as root user, you can read/write all-the-things!

Now a bit about Singularity containers - they are (currently) really the only way to bring containers to HPC, which is what is traditionally available on shared cluster resources in academic environments. For Singularity, the /home/username is fine, but given that it's not the user's home, the user of the container doesn't have write permission there. If the notebook is there, they can't edit it. So the fix for a Singularity container could be as simple as changing permissions there for world read/write, or putting the venv and notebooks in a location that is expected to have the correct permissions, or some kind of (less ideal) situation like copying files from there to their actual user home or tmp (in some generated repo2docker folder) so that there is writable. I'm guessing that might have issue for the venv if there are paths written there (I think there are) but it could work with the notebooks. Does this make sense?