There are quite a lot of options for running containers on the grid. I've tried to write a description below. A short version is probably something like: "If you can build a docker version of the software, you can unpack that onto CVMFS and run it with singularity on the grid; there are also other possible approaches that can work."
Singularity works in a very similar way to docker, but with some tweaks to make it more suited to a grid environment. With docker you need a daemon running on the node and there are some security issues with it on multi-user machines. Singularity gets around this by doing everything in one binary without the daemon, otherwise "singularity exec" and "docker exec" are pretty similar.
The usual system would be to either:I would try to avoid building anything in the jobs themselves: Any software or images should be pre-built and then just run by the job. The whole point of using the containers is to get the same environment everywhere so that recreating things at a different site isn't needed.
Running with DIRAC doesn't make much difference to the container set-up. You just have to make sure you do all of the DIRAC operations (any downloading/uploading files) outside of the container. The usual workflow would be to have a job script that looks like:
The only real complexity in the above is finding the singularity binary in the first place: We're in a transitional period at the moment where some sites have singularity installed and some expect users to find it on CVMFS instead. A snippet of script like this is probably what you'd need:
SINGULARITY_OPTS=""
if [ `sysctl -n user.max_user_namespaces` -gt 100 ]; then
# Use CVMFS version of singularity
SINGULARITY="/cvmfs/oasis.opensciencegrid.org/mis/singularity/current/bin/singularity"
SINGULARTY_OPTS="--userns"
else
# Use version found on $PATH if it's there
SINGULARITY=singularity
fi
# You almost certainly want -B /cvmfs to get CVMFS inside the container at
# the very least!
$SINGULARITY -d exec $SINGULARITY_OPTS [your other options go here]