Rearranging content to prioritize _using_ pre-built containers before

_building_ containers.  This follows a general shift in priority within
Singularity and associated docs and ecosystem. It is now relatively
common to find "consumers" of containers who never build a container
themselves. I think the flow of the class is better too.

Author: GodloveD

00-installation/README.md

@@ -70,33 +70,13 @@ Typing `singularity help <command>` will give you more detailed information abou
 You can test your installation like so:
 
 ```
-$ singularity run docker://godlovedc/lolcow
+$ singularity run library://godlovedc/funny/lolcow
 ```
 
 You should see something like the following.
 
 ```
- INFO:    Converting OCI blobs to SIF format
- INFO:    Starting build...
- Getting image source signatures
- Copying blob 9fb6c798fa41 done
- Copying blob 3b61febd4aef done
- Copying blob 9d99b9777eb0 done
- Copying blob d010c8cf75d7 done
- Copying blob 7fac07fb303e done
- Copying blob 8e860504ff1e done
- Copying config 73d5b1025f done
- Writing manifest to image destination
- Storing signatures
- 2020/02/25 23:58:06  info unpack layer: sha256:9fb6c798fa41e509b58bccc5c29654c3ff4648b608f5daa67c1aab6a7d02c118
- 2020/02/25 23:58:06  warn rootless{dev/agpgart} creating empty file in place of device 10:175
- [snip...]
- 2020/02/25 23:58:09  info unpack layer: sha256:3b61febd4aefe982e0cb9c696d415137384d1a01052b50a85aae46439e15e49a
- 2020/02/25 23:58:09  info unpack layer: sha256:9d99b9777eb02b8943c0e72d7a7baec5c782f8fd976825c9d3fb48b3101aacc2
- 2020/02/25 23:58:09  info unpack layer: sha256:d010c8cf75d7eb5d2504d5ffa0d19696e8d745a457dd8d28ec6dd41d3763617e
- 2020/02/25 23:58:09  info unpack layer: sha256:7fac07fb303e0589b9c23e6f49d5dc1ff9d6f3c8c88cabe768b430bdb47f03a9
- 2020/02/25 23:58:09  info unpack layer: sha256:8e860504ff1ee5dc7953672d128ce1e4aa4d8e3716eb39fe710b849c64b20945
- INFO:    Creating SIF file...
+INFO:    Downloading library image
  _______________________________________
 / Excellent day for putting Slinkies on \
 \ an escalator.                         /
@@ -110,6 +90,6 @@ You should see something like the following.
 
 Your cow will likely say something different (and be more colorful), but as long as you see a cow your installation is working properly.  
 
-This command downloads, converts, and runs a container from [Docker Hub](https://hub.docker.com/r/godlovedc/lolcow/). You will see a lot of warnings that have to do with the fact that you've created this container without using root privileges. Pay them no mind. 
+This command downloads and "runs" a container from [Singularity Container Library](https://cloud.sylabs.io/library). (We'll be talking more about what it means to "run" a container later on in the class.) 
 
-In the next exercise, we will learn how to build a similar container from scratch.
+In a following exercise, we will learn how to build a similar container from scratch. But right now, we are going to use this container to execute a bunch of basic commands and just get a feel for what it's like to use Singularity.  

01-basic-usage/README.md

@@ -0,0 +1,257 @@
+# Downloading and interacting with containers
+
+This section will be useful for container consumers. (i.e. those who really just want to use containers somebody else built.) The next chapter will explore topics more geared toward container producers (i.e. those who want/need to build containers from scratch).  
+
+You can find pre-built containers in lots of places. Singularity can convert and run containers in many different formats, including those built by Docker.
+
+In this class, we'll be using containers from:
+
+- [The Singularity Container Library](https://cloud.sylabs.io/library), developed and maintained by [Sylabs](https://sylabs.io/)
+- [Docker Hub](https://hub.docker.com/), developed and maintained by [Docker](https://www.docker.com/)
+
+There are lots of other places to find pre-build containers too. Here are some of the more popular ones:
+
+- [Singularity Hub](https://singularity-hub.org/), an early collaboration between Stanford University and the Singularity community
+- [Quay.io](quay.io), developed and maintained by Red Hat
+- [NGC](https://ngc.nvidia.com/catalog/all?orderBy=modifiedDESC&pageNumber=3&query=&quickFilter=&filters=), developed and maintained by NVIDIA
+- [BioContainers](https://biocontainers.pro/#/registry), develped and maintained by the Bioconda group
+- Cloud providers like Amazon AWS, Microsoft Azure, and Google cloud also have container registries that can work with Singularity
+
+## Downloading containers
+
+In the last section, we validated our Singularity installation by "running" a container from the Container Library. Let's download that container using the `pull` command.
+
+```
+$ singularity pull library://godlovedc/funny/lolcow
+```
+
+You'll see a warning about running `singularity verify` to make sure that the container is trusted. We'll talk more about that later.  
+
+For now, notice that you have a new file in your current working directory called `lolcow_latest.sif`
+
+```
+$ ls lolcow_latest.sif
+lolcow_latest.sif
+```
+
+This is your container. Or more precisely, it is a Singularity Image Format (SIF) file containing an image of a root level filesystem. This image is mounted to your host filesystem (in a new "mount namespace") and then entered when you run a Singularity command.   
+
+Note that you can download the Docker version of this same container from Docker Hub with the following command:
+
+```
+$ singularity pull docker://godlovedc/lolcow
+```
+
+Doing so may produce an error if the container already exists.  
+
+## Entering containers with `shell`
+
+Now let's enter our new container and look around. We can do so with the `shell` command.
+
+```
+$ singularity shell lolcow_latest.sif
+```
+
+Depending on the environment of your host system you may see your shell prompt change. Let's look at what OS is running inside the container.
+
+```
+$ cat /etc/os-release
+NAME="Ubuntu"
+VERSION="16.04.5 LTS (Xenial Xerus)"
+ID=ubuntu
+ID_LIKE=debian
+PRETTY_NAME="Ubuntu 16.04.5 LTS"
+VERSION_ID="16.04"
+HOME_URL="http://www.ubuntu.com/"
+SUPPORT_URL="http://help.ubuntu.com/"
+BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
+VERSION_CODENAME=xenial
+UBUNTU_CODENAME=xenial
+```
+
+No matter what OS is running on your host, your container is running Ubuntu 16.04 (Xenial Xerus)!
+
+
+Let's try a few more commands:
+
+```
+Singularity> whoami
+dave
+
+Singularity> hostname
+hal-9000
+```
+
+This is one of the core features of Singularity that makes it so attractive from a security and usability standpoint.  The user remains the same inside and outside of the container. 
+
+Regardless of whether or not the program `cowsay` is installed on your host system, you have access to it now because it is installed inside of the container:
+
+```
+Singularity> which cowsay
+/usr/games/cowsay
+
+Singularity> cowsay moo
+ _____
+< moo >
+ -----
+        \   ^__^
+         \  (oo)\_______
+            (__)\       )\/\
+                ||----w |
+                ||     ||
+```
+
+We'll be getting a lot of mileage out of this silly little program as we explore Linux containers.  
+
+This is the command that is executed when the container actually "runs":
+
+```
+Singularity> fortune | cowsay | lolcat
+ ____________________________________
+/ A horse! A horse! My kingdom for a \
+| horse!                             |
+|                                    |
+\ -- Wm. Shakespeare, "Richard III"  /
+ ------------------------------------
+        \   ^__^
+         \  (oo)\_______
+            (__)\       )\/\
+                ||----w |
+                ||     ||
+```
+
+More on "running" the container in a minute. For now, don't forget to `exit` the container when you are finished playing!
+
+```
+Singularity> exit
+exit
+```
+
+## Executing containerized commands with `exec`
+
+Using the `exec` command, we can run commands within the container from the host system.  
+
+```
+$ singularity exec lolcow_latest.sif cowsay 'How did you get out of the container?'
+ _______________________________________
+< How did you get out of the container? >
+ ---------------------------------------
+        \   ^__^
+         \  (oo)\_______
+            (__)\       )\/\
+                ||----w |
+                ||     ||
+```
+
+In this example, singularity entered the container, ran the `cowsay` command with supplied arguments, displayed the standard output on our host system terminal, and then exited. 
+
+## "Running" a container with (and without) `run`
+
+As mentioned several times you can "run" a container like so:
+
+```
+$ singularity run lolcow_latest.sif
+ _________________________________________
+/ Q: How many Bell Labs Vice Presidents   \
+| does it take to change a light bulb? A: |
+| That's proprietary information. Answer  |
+| available from AT&T on payment of       |
+\ license fee (binary only).              /
+ -----------------------------------------
+        \   ^__^
+         \  (oo)\_______
+            (__)\       )\/\
+                ||----w |
+                ||     ||
+```
+
+So what actually happens when you run a container? There is a special file within the container called a `runscript` that is executed when a container is run. You can see this (and other meta-data about the container) using the inspect command.  
+
+```
+$ singularity inspect --runscript lolcow_latest.sif
+#!/bin/sh
+
+    fortune | cowsay | lolcat
+```
+
+In this case the `runscript` consists of three simple commands with the output of each command piped to the subsequent command. 
+
+Because Singularity containers have pre-defined actions that they must carry out when run, they are actually executable. Note the default permissions when you download or build a container:
+
+```
+$ ls -l lolcow_latest.sif
+-rwxr-xr-x 1 student student 93574075 Feb 28 23:02 lolcow_latest.sif
+```
+
+This allows you to run execute a container like so:
+
+```
+$ ./lolcow_latest.sif
+ ________________________________________
+/ It is by the fortune of God that, in   \
+| this country, we have three benefits:  |
+| freedom of speech, freedom of thought, |
+| and the wisdom never to use either.    |
+|                                        |
+\ -- Mark Twain                          /
+ ----------------------------------------
+        \   ^__^
+         \  (oo)\_______
+            (__)\       )\/\
+                ||----w |
+                ||     ||
+```
+As we shall see later, this nifty trick can makes it easy to forget your applications are containerized and just run them like any old program.  
+
+## Pipes and redirection
+
+Singularity does not try to isolate your container completely from the host system.  This allows you to do some interesting things. For instance, you can use pipes and redirection to blur the lines between the container and the host system.  
+
+```
+$ singularity exec lolcow_latest.sif cowsay moo > cowsaid
+
+$ cat cowsaid
+ _____
+< moo >
+ -----
+        \   ^__^
+         \  (oo)\_______
+            (__)\       )\/\
+                ||----w |
+                ||     ||
+```
+
+We created a file called `cowsaid` in the current working directory with the output of a command that was executed within the container.  >_shock and awe_
+
+We can also pipe things _into_ the container (and that is very tricky).
+
+```
+$ cat cowsaid | singularity exec lolcow_latest.sif cowsay -n
+ ______________________________
+/  _____                       \
+| < moo >                      |
+|  -----                       |
+|         \   ^__^             |
+|          \  (oo)\_______     |
+|             (__)\       )\/\ |
+|                 ||----w |    |
+\                 ||     ||    /
+ ------------------------------
+        \   ^__^
+         \  (oo)\_______
+            (__)\       )\/\
+                ||----w |
+                ||     ||
+```
+
+We've created a meta-cow (a cow that talks about cows). ;-P
+
+So pipes and redirects work as expected between a container and the host system. If, however, you need to pipe the output of one command in your container to another command in your container, things are slightly more complicated. Pipes and redirects are shell constructs, so if you don't want your host shell to interpret them, you have to hide them from it.
+
+```
+$ singularity exec lolcow_latest.sif sh -c "fortune | cowsay | lolcat"
+```
+
+The above invokes a new shell, but inside the container, and tells it to run the single command line `fortune | cowsay | lolcat`.
+
+That covers the basics on how to download and use pre-built containers!  In the next section we'll start learning how to build your own containers.

01-building/README.md 02-building/README.md01-building/README.md renamed to 02-building/README.md

@@ -57,42 +57,15 @@ But if you want to shell into a container and tinker with it (like we will do he
 
 When your build finishes, you will have a basic Debian container saved in a local directory called `lolcow`.
 
-## Using `shell` to explore and modify containers
+## Using `shell --writable` to explore and modify containers
 
 Now let's enter our new container and look around.  
 
 ```
 $ singularity shell lolcow
 ```
 
-Depending on the environment on your host system you may see your prompt change. Let's look at what OS is running inside the container.
-
-```
-Singularity lolcow:~> cat /etc/os-release
-PRETTY_NAME="Debian GNU/Linux 10 (buster)"
-NAME="Debian GNU/Linux"
-VERSION_ID="10"
-VERSION="10 (buster)"
-VERSION_CODENAME=buster
-ID=debian
-HOME_URL="https://www.debian.org/"
-SUPPORT_URL="https://www.debian.org/support"
-BUG_REPORT_URL="https://bugs.debian.org/"
-```
-
-No matter what OS is running on your host, your container is running Debian Stable!
-
-Let's try a few more commands:
-
-```
-Singularity> whoami
-dave
-
-Singularity> hostname
-hal-9000
-```
-
-This is one of the core features of Singularity that makes it so attractive from a security and usability standpoint.  The user remains the same inside and outside of the container. 
+Depending on the environment on your host system you may see your prompt change. 
 
 Let's try installing some software. I used the programs `fortune`, `cowsay`, and `lolcat` to produce the container that we saw in the first demo.