SingularityCWLDockerTranslator
The Singularity CWLDockerTranslator instantiates a SingularityConnector instance with the given configuration for every CWL DockerRequirement specification in the selected subworkflow.
properties |
||
addCaps |
A comma-separated capability list to add |
|
type |
string |
|
allowSetuid |
Allow setuid binaries in container (root only) |
|
type |
boolean |
|
applyCgroups |
Apply cgroups from file for container processes (root only) |
|
type |
string |
|
bind |
A user-bind path specification, in the format src[:dest[:opts]] |
|
type |
string[] |
|
blkioWeight |
Block IO relative weight in range 10-1000, 0 to disable |
|
type |
integer |
|
blkioWeightDevice |
Device specific block IO relative weight |
|
type |
string[] |
|
boot |
Execute /sbin/init to boot container (root only) |
|
type |
boolean |
|
cleanenv |
Clean environment before running container |
|
type |
boolean |
|
command |
Command to run when deploying the container |
|
type |
string[] |
|
compat |
Apply settings for increased OCI/Docker compatibility. Infers –containall, –no-init, –no-umask, –no-eval, –writable-tmpfs. |
|
type |
boolean |
|
contain |
Use minimal /dev and empty other directories (e.g. /tmp and $HOME) instead of sharing filesystems from your host |
|
type |
boolean |
|
containall |
Contain not only file systems, but also PID, IPC, and environment |
|
type |
boolean |
|
cpuShares |
CPU shares for container (default -1) |
|
type |
integer |
|
cpus |
Number of CPUs available to container |
|
type |
string |
|
cpusetCpus |
List of host CPUs available to container |
|
type |
string |
|
cpusetMems |
List of host memory nodes available to container |
|
type |
string |
|
disableCache |
Don’t use cache and don’t create cache |
|
type |
boolean |
|
dns |
List of DNS server separated by commas to add in resolv.conf |
|
type |
string |
|
dockerHost |
Specify a custom Docker daemon host |
|
type |
string |
|
dropCaps |
A comma-separated capability list to drop |
|
type |
string |
|
env |
Pass environment variable to contained process |
|
type |
string[] |
|
envFile |
Pass environment variables from file to contained process |
|
type |
string |
|
fakeroot |
Run container in new user namespace as uid 0 |
|
type |
boolean |
|
fusemount |
A FUSE filesystem mount specification of the form ‘<type>:<fuse command> <mountpoint>’ |
|
type |
string[] |
|
home |
A home directory specification, in the format src[:dest] |
|
type |
string |
|
hostname |
Set container hostname |
|
type |
string |
|
instanceName |
When referencing an external environment, the name of the existing instance must be specified |
|
type |
string |
|
ipc |
Run container in a new IPC namespace |
|
type |
boolean |
|
keepPrivs |
Let root user keep privileges in container (root only) |
|
type |
boolean |
|
memory |
Memory limit in bytes |
|
type |
string |
|
memoryReservation |
Memory soft limit in bytes |
|
type |
string |
|
memorySwap |
Swap limit, use -1 for unlimited swap |
|
type |
string |
|
mount |
A mount specification (e.g., type=bind,source=/opt,destination=/hostopt) |
|
type |
string[] |
|
net |
Run container in a new network namespace (sets up a bridge network interface by default) |
|
type |
boolean |
|
network |
Specify desired network type separated by commas, each network will bring up a dedicated interface inside container |
|
type |
string |
|
default |
bridge |
|
networkArgs |
Specify network arguments to pass to CNI plugins |
|
type |
string[] |
|
noEval |
Do not shell evaluate env vars or OCI container CMD/ENTRYPOINT/ARGS |
|
type |
boolean |
|
noHome |
Do not mount users home directory if /home is not the current working directory |
|
type |
boolean |
|
noHttps |
Use HTTP instead of HTTPS for docker:// oras:// and library://<hostname>/… URIs |
|
type |
boolean |
|
noInit |
Do not start shim processes with –pid |
|
type |
boolean |
|
noMount |
Disable one or more mount xxx options set in singularity.conf |
|
type |
string[] |
|
noPrivs |
Drop all privileges from root user in container |
|
type |
boolean |
|
noUmask |
Do not propagate umask to the container. Set default 0022 umask |
|
type |
boolean |
|
nv |
Enable experimental NVIDIA support |
|
type |
boolean |
|
nvccli |
Use nvidia-container-cli for GPU setup |
|
type |
boolean |
|
oomKillDisable |
Disable out-of-memory killer |
|
type |
boolean |
|
overlay |
Use an overlayFS image for persistent data storage or as read-only layer of container |
|
type |
string[] |
|
pemPath |
Enter a path to a PEM formatted RSA key for an encrypted container |
|
type |
string |
|
pidFile |
Write instance PID to the file with the given name |
|
type |
string |
|
pidsLimit |
Limit number of container PIDs, use -1 for unlimited |
|
type |
integer |
|
rocm |
Enable experimental ROCM support |
|
type |
boolean |
|
scratch |
Include a scratch directory within the container that is linked to a temporary dir |
|
type |
string[] |
|
security |
Enable security features (SELinux, Apparmor, Seccomp) |
|
type |
string[] |
|
transferBufferSize |
Buffer size allocated for local and remote data transfers |
|
type |
integer |
|
minimum |
1 |
|
default |
65536 |
|
userns |
Run container in a new user namespace, allowing Singularity to run completely unprivileged on recent kernels. This disables some features of Singularity, for example it only works with sandbox images |
|
type |
boolean |
|
uts |
Run container in a new UTS namespace |
|
type |
boolean |
|
workdir |
Working directory to be used for /tmp, /var/tmp and $HOME (if –contain was also used) |
|
type |
string |
|
writable |
By default all Singularity containers are available as read only. This option makes the file system accessible as read/write |
|
type |
boolean |
|
writableTmpfs |
Makes the file system accessible as read/write with non persistent data (with overlay support only) |
|
type |
boolean |
|