NEMO2/Containers/Apptainer
Apptainer (formerly Singularity) is a container runtime designed for HPC systems. It is installed system-wide on NEMO and available without loading a module.
Key properties
- Runs as the invoking user — no root required and no privilege escalation
- Uses SIF (Singularity Image Format), a single portable file
- Can convert Docker images to SIF at build time
- No native Slurm plugin — call apptainer exec/run inside your batch script
Image sources
| Source | Example |
|---|---|
| Apptainer Hub | apptainer pull hello-world.sif library://lolcow |
| Docker Hub (converted) | apptainer pull ubuntu.sif docker://ubuntu:24.04 |
| Local .sif file | copy to $HOME or a workspace and use directly |
Image storage
SIF files are plain files — store them wherever you like. To avoid filling your home quota, keep images in a workspace and use a symlink so your scripts don't need to change:
# create a workspace (100 days) ws_allocate apptainer 100 # create an images directory in the workspace and symlink it from home ln -s $(ws_find apptainer) ~/images
Pull images directly into the workspace:
apptainer pull ~/images/ubuntu.sif docker://ubuntu:24.04 apptainer pull ~/images/pytorch.sif docker://nvcr.io/nvidia/pytorch:24.01-py3
In batch scripts, reference images via the symlink:
IMAGE=$HOME/images/pytorch.sif
Basic commands
Pull / build an image
# from Docker Hub → produces ubuntu.sif in ~/images/ apptainer pull ~/images/ubuntu.sif docker://ubuntu:24.04 # from NVIDIA NGC apptainer pull ~/images/pytorch.sif docker://nvcr.io/nvidia/pytorch:24.01-py3
Run a command inside a container
# exec: run a specific command apptainer exec ubuntu.sif python3 script.py # run: execute the container's default runscript apptainer run ubuntu.sif # shell: interactive shell apptainer shell ubuntu.sif
GPU access
Pass the --nv flag to enable NVIDIA GPU passthrough:
apptainer exec --nv pytorch.sif python3 train.py
Bind-mount paths
/home and /work are available inside the container by default (Apptainer automatically binds a set of paths; check apptainer config for the system defaults).
To mount additional directories explicitly:
apptainer exec --bind /work/classic/myWs:/data ubuntu.sif bash
Using Apptainer in a Slurm batch job
Unlike Enroot/Pyxis there is no Slurm plugin; simply call apptainer from your batch script:
CPU job:
#!/bin/bash
#SBATCH -p cpu
#SBATCH --ntasks=1
#SBATCH --time=01:00:00
IMAGE=$HOME/images/ubuntu.sif
apptainer exec "$IMAGE" python3 /work/classic/myWs/train.py
GPU job (use --nv to pass through the allocated GPUs):
#!/bin/bash
#SBATCH -p l40s
#SBATCH --gres=gpu:1
#SBATCH --ntasks=1
#SBATCH --time=01:00:00
IMAGE=$HOME/images/pytorch.sif
apptainer exec --nv "$IMAGE" python3 /work/classic/myWs/train.py
Building images
Building a new SIF image from a definition file requires root (or a system that supports fakeroot/user namespaces). On NEMO you cannot build images directly on the compute nodes.
Recommended workflow:
- Build on a machine where you have root (local workstation, VM, GitHub Actions, …)
- Transfer the .sif file to NEMO (e.g. scp, rsync)
- Run on NEMO as usual
Store images in a workspace (symlinked to ~/images/ as described above) — not in $TMPDIR, which is job-local and deleted after the job.
Tips
- Use apptainer exec --writable-tmpfs if the container tries to write to its own filesystem (without persisting changes).
- The --containall flag gives a fully isolated environment (no automatic bind-mounts); useful for reproducibility tests.
- To check what Apptainer version is installed: apptainer --version