Apptainer

From UFRC
Revision as of 16:30, 12 February 2024 by Chrisribe (talk | contribs) (example usage suggested that "apptainer run docker://..." will pull and create a .sif file in the pwd, it does not.)
Jump to navigation Jump to search

Description

apptainer website  

Apptainer/Singularity is the most widely used container system for HPC. It is designed to execute applications at bare-metal performance while being secure, portable, and 100% reproducible.

Apptainer is 100% Docker and OCI (Open Containers Initiative) compatible (but easier to use).

Apptainer intuitively allows non-privileged users to run any containerized application.

The single-file SIF container format allows you to reproducibly build, share, and archive your workload from workstations, to HPC, to the edge. Secure

Apptainer runs "rootless" and prohibits privilege escalation within the container; users are the same inside and outside the container.

Apptainer's security architecture allows you to securely leverage GPUs, FPGAs, high-speed networks, and filesystems.

Environment Modules

Run module spider apptainer to find out what environment modules are available for this application.

System Variables

  • HPC_APPTAINER_DIR - installation directory
  • TMPDIR - temporary files directory
    • If users load container runtime on a login node before submitting a job or set TMPDIR before the submission the resulting TMPDIR will be carried into the job overriding HPG's normal mechanisms as usual and the job TMPDIR will be set to /scratch/local/$JOBID. If the container runtime is loaded before the job is submitted and TMPDIR is not set it will be set to $(pwd)/tmp by the module load. Users should not use /tmp when they run analyses on HiPerGator as /tmp is configured to be small and can be easily filled up causing a node to fail. See more at Temporary Directories.


Additional Information

User Documentation

Admin Documentation

HiPerGator usage examples:

Pull a container from Docker Hub

$ apptainer pull docker://godlovedc/lolcow

The above will result in a lolcow_latest.sif container image creation. You can run the default program from that container with

$ apptainer run lolcow_latest.sif

or execute a particular binary of your choosing with

$ apptainer exec lolcow_latest.sif ls

or even create a shell in the software environment provided by the container with

$ apptainer shell lolcow_latest.sif

Alternatively, the image can be run directly using the Docker Hub URL. If it’s the first time you have run or pulled the container it will be downloaded and translated. If you have run or pulled the container before, it will be run from your cache.

$ apptainer run docker://godlovedc/lolcow 

Using "build" instead of "run":

$ apptainer build lolcow.sif docker://godlovedc/lolcow
$ apptainer run lolcow.sif


See User and Admin documentation for more information on how to create and use HPC containers.