Singularity¶

Singularity to Apptainer renaming¶

Singularity has been renamed to Apptainer in 2022 due to legal constraints. In general, just the name has changed and all options are the same. Replacing the command singularity with apptainer should work on updated systems. Pulling remote Container Images to local Directories

Introduction¶

While Apptainer can pull directly from a remote container repository like Dockerhub, it is advisable to pull an container image into a local directory and run Apptainer directly on it. Background is, that Apptainer pulls on demand a remote image into the local cache directory, which is normally under $HOME/.apptainer - since this is on AFS parallel access can be quite slow. So explicitly pulling a container onto DUST as a faster, scalable file system will be more performant for batch jobs etc. (plus your $HOME dir don't get filled up with container files - see Apptainer Cache and TMP Directories how to put the tmp/cache dirs somewhere else) Putting a container on a DUST path

To build a local container image on DUST from a remote hub, run something like

> apptainer build --sandbox /nfs/dust/your/path/on/dust/container.d/name.d docker://gitlab-registry.cern.ch/group/some-container:latest

with the '–sandbox' flag this will create a container image on DUST, i.e., an expanded directory tree instead of a single file blob (might be advantageous if you want to play around in the directory from the outside or for performance reasons as the DUST filesystem can balance individual files instead of a large file blob)

If you notice problems with mounting the container image directory (might happen for some network file system constellations), you can try to re-build the container image without the --sandbox flag. In that case you will get a compressed single image file.

If the image build fails due to missing free space, it might be that for large cotnainers there is not enough space in your Apptainer temp directory - that is by default in your $HOME directory. In that case, follow the Apptainer: Image Cache documentation on how to move Apptainer's temporary and cache directories.

To run the local container just point Apptainer to the directory, e.g.,

> apptainer shell/exec/run/... {–-contain} /nfs/dust/your/path/on/dust/container.d/name.d

CERN gitlab Credentials for connecting to a Dockerhub or a Apptainerhub requiring authentication

If a container hub requires an authentication, you can either hard-code them in your container recipe (see below) or export them as environment variables, so that Apptainer knows whom it represents

export APPTAINER_DOCKER_USERNAME=yourusername
export APPTAINER_DOCKER_PASSWORD=yourpassword

Bootstrapping a new container

To bootstrap a container from CERN's gitlab instance as base for building an own container, add to your Apptainer recipe the gitlab endpoint with the right project (here: maxcw) and ContainerName:Version

> cat Apptainer

Bootstrap: docker
From: docker://gitlab-registry.cern.ch/maxcw/dockerhandons:latest
Username: YOURCERNUERNAME
Password: YOURCERNPASSWORD

...your Apptainer recipe additions here

which you can build into your own container

> sudo apptainer build --sandbox MyGitlabTest.d Apptainer
Building into existing container: test
...
Docker image path: gitlab-registry.cern.ch/maxcw/dockerhandons:latest
Cache folder set to /root/.apptainer/docker
[5/5] |===================================| 100.0%
Exploding layer: sha256:7ab860fcccec4790c06571131eed7a3a29f3d46e271a20ed4861025f3ab9c58b.tar.gz
...
Cleaning up...

> apptainer shell MyGitlabTest.d
Apptainer MyGitlabTest :~> ...

Running a remote container

To jump directly into a container from a remote repository, you can give the address as the name, e.g.,

> apptainer shell --bind /cvmfs:/cvmfs --scratch /var/tmp,/tmp docker://gitlab-registry.cern.ch/maxcw/dockerhandons:latest

(the images you are pulling this way end up cached locally under ${HOME}/.apptainer - if you pull a lot containers, watch out for the sizes of locally cached files)

If you are using a container regularly, it might be better to bootstrap the container image first to have it accessible somewhere in your local environment.