Skip to content

Using Containers in HPC with Apptainer (formerly Singularity)

Quick Start

After having successfully installed Apptainer on your system the initial step is to run your first container.

apptainer run docker://ghcr.io/apptainer/lolcow

Output

INFO:    Converting OCI blobs to SIF format
INFO:    Starting build...
Getting image source signatures
Copying blob 16ec32c2132b done   | 
Copying blob 5ca731fc36c2 done   | 
Copying config fd0daa4d89 done   | 
Writing manifest to image destination
2024/06/06 16:43:00  info unpack layer: sha256:16ec32c2132b43494832a05f2b02f7a822479f8250c173d0ab27b3de78b2f058
2024/06/06 16:43:03  info unpack layer: sha256:5ca731fc36c28789c5ddc3216563e8bfca2ab3ea10347e07554ebba1c953242e
INFO:    Creating SIF file...
 ______________________________
< Thu Jun 6 16:43:10 CEST 2024 >
 ------------------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

The leading docker:// part instructs Apptainer to look for the image in Docker Hub. With a leading library:// in the image name Apptainer looks for the image in the Singularity Cloud Library. This is the equivalent to Docker Hub in the Apptainer world.

Let's try another example by running an Ubuntu image using Apptainer. Therefore, let us use the

apptainer run docker://ubuntu:24.04

Output

INFO:    Converting OCI blobs to SIF format
INFO:    Starting build...
Getting image source signatures
Copying blob 00d679a470c4 done   | 
Copying config 17c0145030 done   | 
Writing manifest to image destination
2024/06/06 16:43:51  info unpack layer: sha256:00d679a470c495ef7d52e70bcd7a008f4983530b67653e63e9d3cd27fade63d7
INFO:    Creating SIF file...

Using this command we are presented a shell inside the Ubuntu Apptainer container. We could also pull a similar Ubuntu image library/default/ubuntu:24.04 from the Singularity Cloud Library:

apptainer run library://ubuntu:22.04

Output

INFO:    Downloading library image
28.4MiB / 28.4MiB [============================================================] 100 % 5.6 MiB/s 0s
Singularity>

In the following we will keep using Docker Hub for images.

Once inside the container, you are the same user as you are on the host system.

Apptainer> whoami
christianhueser

Apptainer automatically makes your home directory (/home/$USER) available in the container. Unlike with Podman, it is not necessary to explicitly mount the directories. They are made available by default.

With Apptainer, you can easily reuse existing images from Docker Hub and run them as an Apptainer container. Let us run the python:3.12 Docker Hub image as an Apptainer container. Therefore, we pull the image first.

apptainer pull docker://python:3.12

Output

INFO:    Converting OCI blobs to SIF format
INFO:    Starting build...
Getting image source signatures
Copying blob 891494355808 done   | 
Copying blob d46a03def8d9 done   | 
Copying blob bf2c3e352f3d done   | 
Copying blob c6cf28de8a06 done   | 
Copying blob 6582c62583ef done   | 
Copying blob a99509a32390 done   | 
Copying blob 4429b810e09e done   | 
Copying blob 2a4ca5af09fa done   | 
Copying config cababb8bc7 done   | 
Writing manifest to image destination
2024/06/06 16:45:43  info unpack layer: sha256:c6cf28de8a067787ee0d08f8b01d7f1566a508b56f6e549687b41dfd375f12c7
2024/06/06 16:45:47  info unpack layer: sha256:891494355808bdd3db5552f0d3723fd0fa826675f774853796fafa221d850d42
2024/06/06 16:45:48  info unpack layer: sha256:6582c62583ef22717db8d306b1d6a0c288089ff607d9c0d2d81c4f8973cbfee3
2024/06/06 16:45:53  info unpack layer: sha256:bf2c3e352f3d2eed4eda4feeed44a1022a881058df20ac0584db70c138b041e2
2024/06/06 16:46:04  info unpack layer: sha256:a99509a323905a80628005e4f3bc26ac15ebaf3ffdb08a9646a7f2d110ab38f9
2024/06/06 16:46:04  info unpack layer: sha256:d46a03def8d9bd846f37fee0edc9fcb7400d68166e99f039cd87b99948af6005
2024/06/06 16:46:05  info unpack layer: sha256:4429b810e09ef699c3034e49b60f85add3610968983af403fb3181255a5b639f
2024/06/06 16:46:06  info unpack layer: sha256:2a4ca5af09fa6cc704c04ba61e304cbf3d0fb2c55f52bf8c8dcba14651216c17
INFO:    Creating SIF file...

This command downloads the image from Docker Hub (docker://) and converts it into the Apptainer specific image format called SIF file. A file called python_3.12.sif was created in your current directory. Run it as shown below.

apptainer run python_3.12.sif

Output

Python 3.12.3 (main, May 14 2024, 07:23:41) [GCC 12.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>>

Apptainer Definition Files

As demonstrated in the Podman build lesson we want to build our first custom Apptainer image as well. Therefore, we need to create the Apptainer definition file, i.e. the equivalent to Dockerfile. We will recreate the lolcow image used for the first run command in this episode. Therefore, we create a file called lolcow.def using the editor of your choice. This file contains the construction manual for the Apptainer image.

Bootstrap: docker
From: ubuntu:24.04

%post
  apt-get -qy update
  apt-get -qy install fortune cowsay lolcat

%environment
  export LC_ALL=C
  export PATH=/usr/games:$PATH

%runscript
  fortune | cowsay | lolcat

Build the image using the apptainer build command.

apptainer build lolcow.sif lolcow.def

Output

INFO:    Starting build...
Getting image source signatures
Copying blob 00d679a470c4 skipped: already exists  
Copying config 17c0145030 done   | 
Writing manifest to image destination
2024/06/06 16:48:03  info unpack layer: sha256:00d679a470c495ef7d52e70bcd7a008f4983530b67653e63e9d3cd27fade63d7
INFO:    Running post scriptlet
+ apt-get -qy update
[...]
+ apt-get -qy install fortune cowsay lolcat
[...]
INFO:    Adding environment to container
INFO:    Adding runscript
INFO:    Creating SIF file...
INFO:    Build complete: lolcow.sif

This command creates the file lolcow.sif. It is run using the apptainer run command.

apptainer run lolcow.sif

Output

 _________________________________________
/ Of course you have a purpose -- to find \
\ a purpose.                              /
 -----------------------------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

Let's take apart the Apptainer definition file.

Each Apptainer definition file needs to start with the header part consisting of at least the Bootstrap keyword. In our example we use the docker bootstrap agent telling Apptainer to get the image from a Docker registry. This agent needs to be combined with the From keyword to let Apptainer know, which base image to use.

Bootstrap: docker
From: ubuntu:24.04

Usage of Other Registries

If you want to use another registry, e.g. the Helmholtz Codebase GitLab Container Registry, it is easily possible. Specify the full name of the image according to the GitLab Container Registry naming convention as described in the documentation.

Generic example:

Bootstrap: docker
From: <registry URL>/<namespace>/<project>/<image>

Helmholtz Codebase GitLab example:

Bootstrap: docker
From: hcr.helmholtz.cloud/hueser93/my-helloworld-image-project

apptainer remote login -u hueser93 docker://hcr.helmholtz.cloud

apptainer build hello.sif hello.def

apptainer run hello.sif

A list of preferred bootstrap agents is available here.

Sections

The main content of the definition file is broken into sections. In our example we used three different sections:

  • %post
    • In this section you can download files from the internet with tools like git, wget or pip,
    • You can install new software and libraries,
    • Create configuration files,
    • Create files and directories, etc.
  • %environment
    • This section allows you to define environment variables which are set at runtime.
    • These variables are not set at build time, when running the apptainer build command.
  • %runscript
    • The commands specified in this section are executed when the container image is run. (apptainer run)

Please refer to the official documentation for a complete list of available sections and their usage.

Apptainer vs. Podman

Podman Apptainer
Isolation from host Shares little by default. Isolation not the primary focus. By default shares most everything.
Supported Host Operating Systems (OS) Windows, Mac, Linux Linux
Data Persistence No host filesystem available by default. Writable bind-mounts of the user home directory are automatically created.
Primary target group Developers, DevOps Scientific Application Users/Developers
HPC Not suitable for HPC: requires elevated permissions Integrates well with MPI, GPUs, Infiniband and Schedulers (e.g. SLURM)
Ecosystem Larger ecosystem; more sophisticated registries and preconfigured images Smaller ecosystem; is able to use Docker images.