Apptainer (Singularity)
Introduction
Apptainer is a container technology, also known as light virtualization (as the performances overhead compared to bare metal is close to zero), orginally developped for the HPC by the Laurence Berkeley National Laboratory, U.S.A.
The software website is https://apptainer.org{:target="_blank"}.
It is a recent, rapidly developing product with an important growing users community. The side effect of this interest is that features are quickly evolving.
Use of Apptainer at MUST
Apptainer is provided at MUST on all the interactive machines as well as on all the worker nodes.
Version availability
The LHC experiments use apptainer. Therefore MUST decided to follow the versions required by the experiments.
You can get the current version with the following command :
$ apptainer version
Images repository
MUST provides an images repository (see Use and images management policy for more details), and images for the major versions of the following GNU/Linux distributions: CentOS, Ubuntu, Fedora and Debian.
$ /containers/apptainer/os
centos debian fedora ubuntu
These images are provided more as an example. You mostly need need to customized them for your needs.
Images build
Image can now be build on the UI servers.
To build an image, you will need to write a definition file (a receipe).
For example, an definition file noble.def for Ubuntu Noble :
Bootstrap: docker
From: ubuntu:noble
%post
apt-get update
apt-get -y install gcc gfortran g++ bc bison build-essential ccache curl flex git gnupg gperf imagemagick liblz4-tool libncurses-dev lib32ncurses-dev lib32readline-dev lib32z1-dev libsdl1.2-dev libssl-dev libxml2 libxml2-utils lzop pngcrush rsync schedtool squashfs-tools xsltproc zip zlib1g-dev openjdk-8-jdk python3
apt-get clean
After that, you need to build your image:
$ apptainer build noble.sif noble.def
You will find all you need to write your definition file here : https://apptainer.org/docs/user/main/definition_files.html
Invoking a container
One can run a script or a command within an image as follows:
$ apptainer exec /containers/apptainer/os/ubuntu/noble.sif ls /
Here we invoke a container in which we issue the command ls, whose result will be shown on the screen. Once the command is executed, the container is destroyed.
For more details, please refer to the official documentation Apptainer exec.
In the next examples, we invoke a container in which we request a shell.
In this case, we now have the specific OS environment of the chosen image.
$ apptainer shell /containers/apptainer/os/ubuntu/noble.sif
Apptainer> cat /etc/os-release
PRETTY_NAME="Ubuntu 24.04 LTS"
(...)
It is possible that WARNINGs are displayed during the container invocation. This usually comes from image configuration incoherencies or more often from errors while importing the shell preferences within the container. However this does not prevent the container to run.
With Apptainer, during the container invocation, we need to declare all the external mount points we want to find inside the container itself.
For instance, we may want to have access to the /lapp_data or /uds_data storage. To do so, we usually use the bind option as follow:
--bind <filesystem to mount>
Example :
$ ls /uds_data
autre-labo edytem irege lahc leca lmops Scratch
carrtel glearn isterre lama listic locie symme
$ apptainer shell --bind /uds_data /containers/apptainer/os/ubuntu/noble.sif
$ ls /uds_data
autre-labo edytem irege lahc leca lmops Scratch
carrtel glearn isterre lama lisic locie symme
More than one filesystems may be mounted inside the container:
$ apptainer shell --bind /lapp_data --bind /grid_sw /containers/apptainer/os/ubuntu/noble.sif
On the contrary to the default Apptainer configuration, the user $HOME is not automatically mounted within the container on a Worker Node.
Like said above, the $HOME mount is not done anymore within the container at MUST. If one wants / has to access it, one would have to use the '--bind' or '-B' option in order to mount it within the container.
Submitting a job into the computing cluster
The first method shown above may be followed to submit a job into the computing cluster, in other words one may request to execute a script inside the container.
For instance, here is the script my_job.sh I want to run (note that the idea is to run "cat /etc/os-release" inside a Ubuntu container):
#!/bin/bash
apptainer exec /containers/apptainer/os/ubuntu/noble.sif cat /etc/os-release
The condor submit file my_job.submit :
universe=vanilla
executable=my_job.sh
request_cpus = 1
request_memory = 2G
queue
Submit the job :
condor_submit my_job.submit
Another useful Apptainer command to run script within a container is run, please refer to the official documentation for details apptainer run.
For more detailed information, please have a look to the official documentation which can be found [here](https://apptainer.org/docs/user/main), or open a ticket to the User Support (see contact).
Use and images management policy
MUST is providing images for the major release versions of the following GNU/Linux distributions: CentOS, Ubuntu, Fedora and Debian.
These images have been tested and are available from MUSTFS:
$ ls /container/apptainer/os/
centos/ debian/ fedora/ ubuntu/
The users Support can help you to solve any problem you may encounter when using one of these images.
You are allowed to create and import your own images. In order to minimize the performances penalties when running large size images, it is recommended to store them in a storage which exhibits good I/O performances.
To import your images inside the repository, please contact the users support (see contact).
MUST cannot guarantee that these non official images will smoothly run on MUST computer clusters. However our experts will do their best to provide support and help you solving your problems.
Another type of image that would be interesting to use is Docker images. Apptainer can indeed invoke Docker images and convert them into apptainer images if needed.