M Janczyk: Created page with "'''Apptainer''' (formerly Singularity) is a container runtime designed for HPC systems. It is installed system-wide on NEMO and available without loading a module. == Key properties == * Runs as the invoking user — no root required and no privilege escalation * Uses SIF (Singularity Image Format), a single portable file * Can convert Docker images to SIF at build time * No native Slurm plugin — call `apptainer exec/run` inside your batch script == Image sou..."

2026-05-07T17:14:23Z

Created page with "'''Apptainer''' (formerly Singularity) is a container runtime designed for HPC systems. It is installed system-wide on NEMO and available without loading a module. == Key properties == * Runs as the invoking user — no root required and no privilege escalation * Uses SIF (Singularity Image Format), a single portable file * Can convert Docker images to SIF at build time * No native Slurm plugin — call <tt>apptainer exec/run</tt> inside your batch script == Image sou..."

New page

'''Apptainer''' (formerly Singularity) is a container runtime designed for HPC systems.
It is installed system-wide on NEMO and available without loading a module.

== Key properties ==

* Runs as the invoking user — no root required and no privilege escalation
* Uses SIF (Singularity Image Format), a single portable file
* Can convert Docker images to SIF at build time
* No native Slurm plugin — call <tt>apptainer exec/run</tt> inside your batch script

== Image sources ==

{| class="wikitable"
|-
! Source !! Example
|-
| Apptainer Hub || <tt>apptainer pull hello-world.sif library://lolcow</tt>
|-
| Docker Hub (converted) || <tt>apptainer pull ubuntu.sif docker://ubuntu:24.04</tt>
|-
| Local <tt>.sif</tt> file || copy to <tt>$HOME</tt> or a workspace and use directly
|}

== Image storage ==

SIF files are plain files — store them wherever you like.
To avoid filling your home quota, keep images in a [[Workspaces|workspace]] and use a symlink so your scripts don't need to change:

<pre>
# create a workspace (100 days)
ws_allocate apptainer 100

# create an images directory in the workspace and symlink it from home
ln -s $(ws_find apptainer) ~/images
</pre>

Pull images directly into the workspace:

<pre>
apptainer pull ~/images/ubuntu.sif docker://ubuntu:24.04
apptainer pull ~/images/pytorch.sif docker://nvcr.io/nvidia/pytorch:24.01-py3
</pre>

In batch scripts, reference images via the symlink:

<pre>
IMAGE=$HOME/images/pytorch.sif
</pre>

== Basic commands ==

=== Pull / build an image ===

<pre>
# from Docker Hub → produces ubuntu.sif in ~/images/
apptainer pull ~/images/ubuntu.sif docker://ubuntu:24.04

# from NVIDIA NGC
apptainer pull ~/images/pytorch.sif docker://nvcr.io/nvidia/pytorch:24.01-py3
</pre>

=== Run a command inside a container ===

<pre>
# exec: run a specific command
apptainer exec ubuntu.sif python3 script.py

# run: execute the container's default runscript
apptainer run ubuntu.sif

# shell: interactive shell
apptainer shell ubuntu.sif
</pre>

=== GPU access ===

Pass the <tt>--nv</tt> flag to enable NVIDIA GPU passthrough:

<pre>
apptainer exec --nv pytorch.sif python3 train.py
</pre>

=== Bind-mount paths ===

<tt>/home</tt> and <tt>/work</tt> are available inside the container by default (Apptainer automatically binds a set of paths; check <tt>apptainer config</tt> for the system defaults).

To mount additional directories explicitly:

<pre>
apptainer exec --bind /work/classic/myWs:/data ubuntu.sif bash
</pre>

== Using Apptainer in a Slurm batch job ==

Unlike Enroot/Pyxis there is no Slurm plugin; simply call <tt>apptainer</tt> from your batch script:

CPU job:

<pre lang="bash">
#!/bin/bash
#SBATCH -p cpu
#SBATCH --ntasks=1
#SBATCH --time=01:00:00

IMAGE=$HOME/images/ubuntu.sif

apptainer exec "$IMAGE" python3 /work/classic/myWs/train.py
</pre>

GPU job (use <tt>--nv</tt> to pass through the allocated GPUs):

<pre lang="bash">
#!/bin/bash
#SBATCH -p l40s
#SBATCH --gres=gpu:1
#SBATCH --ntasks=1
#SBATCH --time=01:00:00

IMAGE=$HOME/images/pytorch.sif

apptainer exec --nv "$IMAGE" python3 /work/classic/myWs/train.py
</pre>

== Building images ==

Building a new SIF image from a definition file requires root (or a system that supports fakeroot/user namespaces).
On NEMO you cannot build images directly on the compute nodes.

Recommended workflow:
# Build on a machine where you have root (local workstation, VM, GitHub Actions, …)
# Transfer the <tt>.sif</tt> file to NEMO (e.g. <tt>scp</tt>, <tt>rsync</tt>)
# Run on NEMO as usual

Store images in a workspace (symlinked to <tt>~/images/</tt> as described above) — not in <tt>$TMPDIR</tt>, which is job-local and deleted after the job.

== Tips ==

* Use <tt>apptainer exec --writable-tmpfs</tt> if the container tries to write to its own filesystem (without persisting changes).
* The <tt>--containall</tt> flag gives a fully isolated environment (no automatic bind-mounts); useful for reproducibility tests.
* To check what Apptainer version is installed: <tt>apptainer --version</tt>

NEMO2/Containers/Apptainer - Revision history