Apptainer

logo glicid

1. Introduction

Containers in HPC provide a lightweight alternative to virtual machines, offering near-native performance by sharing the host OS kernel. They simplify deployment, reduce storage needs, and eliminate repetitive installation or rebuilding across systems. Most importantly, containers enhance portability and reproducibility, enabling consistent software environments and reliable repetition of scientific experiments across platforms.

2. Apptainer: A Secure Alternative to Docker

Docker is not suitable for HPC due to its focus on isolation and reliance on a root-privileged daemon, which poses security risks in multi-tenant environments. For this reason, Docker is not supported on the GLiCID cluster. Instead, Apptainer—a secure, HPC-oriented alternative that evolved from Singularity—has been adopted. Apptainer supports GPUs, MPI applications, and remains fully compatible with Docker images.

3. Popular Container Registries:

  • Docker Hub

  • Singularity Container Hub

  • Quay.io

  • GitHub Container Registry

  • Amazon Elastic Container Registry (ECR)

  • Google Container Registry (GCR)

  • Microsoft Azure Container Registry (ACR)

  • IBM Cloud Container Registry

  • GitLab Container Registry

4. Apptainer on GLiCID

module load apptainer

This action loads the Apptainer module, allowing you to commence downloading, interacting, and building containers.

5. Apptainer Command Line Interface

Apptainer offers a convenient command-line interface (CLI) for container operations. Execute single-line commands to search, build, or run containers. Verify the version of the Apptainer or Singularity command in use with the following --version option:

apptainer --version

For this demonstration, we are using 1.1.6 version.

You can check the available options and subcommands using --help:

apptainer --help

It will give the description of the apptainer and various options using apptainer. There are lots of different options but in this tutorial, we will focus on shell, run, exec, build, and sign and verify.

6. Downloading and Interacting with Containers

Downloading an image from the container library is straightforward. To download the 'alpine' image from Sylabs Cloud, you can search image you want to download directly from the terminal. For example, to download alpine container image, run:

apptainer search alpine

This command can take around a minute to search for the given image from the Sylabs Cloud and you should see an output something like this:

Found 55 container images for amd64 matching "centos7":

	library://bethard/clulab/hpc-ml-centos7-python3.7-transformers4.6.0:latest

	library://cchu/centos/centos79-openmpi:latest

	library://farim1/library/centos77_mpi.sif:latest

	library://gmk/default/centos7-devel:latest

	library://godloved/secure/centos7:20200514.0.0

Now, to download any one of them run:

apptainer pull library://godloved/secure/centos7:20200514.0.0

The image will be downloaded and saved locally as a .sif file.

6.1. Using Docker images with Apptainer

Docker Hub is one of the largest libraries for container images, and any image hosted on the hub can be easily downloaded. Fortunately, Apptainer is also compatible with Docker images and can be downloaded using the docker:// URL as reference. First, visit Docker Hub to search for the Docker container image you need and copy the image name from the Docker Hub page. For example to download centos7, run:

apptainer pull docker://centos:centos7

After downloading, interact with the container using run, shell, and exec commands.

6.2. Python Image

If you don’t have Python on your PC, you can download the official Python image from the Docker Hub by running:

apptainer pull docker://python

A file with .sif extension will be downloaded. To use it, you can simply shell into the Python image using:

apptainer shell python_latest.sif

6.3. GLiCID Tutorial

There is a tutorial here aims to run a deep learning algorithm on GLICID computing clusters using your own Dockerfile.

For more information, please visit Apptainer Documentation.