Apptainer: Difference between revisions

Jump to navigation Jump to search

Apptainer (view source)

Revision as of 16:36, 12 August 2022

320 bytes added ,  2 years ago
no edit summary
No edit summary
Line 38: Line 38:
====<code>sudo</code> Access With Apptainer is NOT Available====
====<code>sudo</code> Access With Apptainer is NOT Available====


Many users ask about this since documentation and web sites do discuss using using <code>sudo</code> with Apptainer/Singularity. A major design aspect of Apptainer is security and know that <code>sudo</code> access is '''NOT''' available on our clusters. Should you require using <code>sudo</code>, consider the following:
Many users ask about this since documentation and web sites do discuss using <code>sudo</code> with Apptainer/Singularity. A major design aspect of Apptainer is security and know that <code>sudo</code> access is '''NOT''' available on our clusters. Should you require using <code>sudo</code>, consider the following:


* Install Linux, Apptainer, and <code>sudo</code> in a virtual machine on a system you control where so you will be able to have <code>sudo</code> access within such. (Some images cannot be successfully built without using sudo.)
* Install Linux, Apptainer, and <code>sudo</code> in a virtual machine on a system you control where so you will be able to have <code>sudo</code> access within such. (Some images cannot be successfully built without using sudo.)
Line 46: Line 46:
====Important Command Line Options====
====Important Command Line Options====


Containers contain software (very likely) installed with a different environment, libraries, and tools than what is installed on a given system. It is, therefore, wise to run software within containers by '''not''' importing any environment settings or software defined outside of the container. By default Apptainer will run adopting the shell environment of the host which can create issues when executing programs within a container. When running Apptainer commands that execute programs installed inside the container, e.g., <code>apptainer run</code>, <code>apptainer shell</code>, <code>apptainer exec</code>, and </code>apptainer instance</code>, do consider using one of these options (with more preference to those options listed above other options):
Software that is run inside a container runs in a different environment, libraries, and tools than what is installed on the host system. It is, therefore, wise to run programs within containers by '''not''' importing any environment settings or software defined outside of the container. By default Apptainer will run adopting the shell environment of the host but this can result in issues when running programs inside the container. To work around this when using <code>apptainer run</code>, <code>apptainer shell</code>, <code>apptainer exec</code>, and </code>apptainer instance</code>, consider using one of these options (with more preference to those options listed above other options):


{| class="wikitable"
{| class="wikitable"
Line 53: Line 53:
! scope="col" |Option !! scope="col" | Description
! scope="col" |Option !! scope="col" | Description
|-
|-
| <code>-C</code> || Isolates the running container from all file systems as well as the parent PID, IPC, and environment.
| <code>-C</code> || Isolates the running container from all file systems as well as the parent PID, IPC, and environment. Using this option will require using bind mounts if access to filesystems outside of the container is needed.
|-
|-
| <code>-c</code> || Isolates the running container from most file systems only using a minimal <code>/dev</code>, an empty <code>/tmp</code> directory, and an empty <code>/home</code> directory.
| <code>-c</code> || Isolates the running container from most file systems only using a minimal <code>/dev</code>, an empty <code>/tmp</code> directory, and an empty <code>/home</code> directory. Using this option will require using bind mounts if access to filesystems outside of the container is needed.
|-
|-
| <code>-e</code> || Cleans (some) shell environment variables before running container commands and applies settings for increased OCI/Docker compatibility. Using this option also implies the use of these options: <code>--containall</code>, <code>--no-init</code>, <code>--no-umask</code>, <code>--writable-tmpfs</code>.
| <code>-e</code> || Cleans (some) shell environment variables before running container commands and applies settings for increased OCI/Docker compatibility. Using this option also implies the use of these options: <code>--containall</code>, <code>--no-init</code>, <code>--no-umask</code>, <code>--writable-tmpfs</code>.
| -
| || When no options are used the environment variables from the parent shell exist as-is inside the container (which can cause issues to occur) and (virtually) all filesystems are also present inside the container.
|}
|}
Not using any of these options will have the convenience of file systems being mounted and shell variables existing inside your container but be aware such can be the source of issues/errors when running software inside your container.


Additionally there is another option, <code>-W</code> or <code>--workdir</code>, one should consider using. On our clusters (and on most Linux systems), the <code>/tmp</code> and similar filesystems use RAM --not disk space-- and jobs are run on our clusters typically with limited RAM requests. This can result in jobs getting killed because they consume too much RAM (relative to what was requested). A suitable work-around for this is to tell Apptainer to use a "workdir" for such filesystems, <code>$HOME</code> (if <code>-c</code> is also used), etc. This is done by passing the <code>-W</code> option followed by a path to a disk space location where Apptainer can read/write temporary files, etc.
Additionally there is another option, <code>-W</code> or <code>--workdir</code>, one should consider using. On our clusters (and on most Linux systems), the <code>/tmp</code> and similar filesystems use RAM --not disk space-- and jobs are run on our clusters typically with limited RAM requests. This can result in jobs getting killed because they consume too much RAM (relative to what was requested). A suitable work-around for this is to tell Apptainer to use a "workdir" for such filesystems, <code>$HOME</code> (if <code>-c</code> is also used), etc. This is done by passing the <code>-W</code> option followed by a path to a disk space location where Apptainer can read/write temporary files, etc.
Line 72: Line 72:
* Ensure the application using the GPU inside the container was properly compiled to use the GPU and its libraries.
* Ensure the application using the GPU inside the container was properly compiled to use the GPU and its libraries.
* When needing to use OpenCL inside the container, besides using the aforementioned options use the following bind mount: <code>--bind /etc/OpenCL</code>.
* When needing to use OpenCL inside the container, besides using the aforementioned options use the following bind mount: <code>--bind /etc/OpenCL</code>.
An example of [[#Using_NVIDIA_GPUs_Within_an_Apptainer_Container|using NVIDIA GPUs within an apptainer container]] appears later on this page.


====Using MPI Programs====
====Using MPI Programs====


If you want to run MPI programs inside a container there are things that need to be done in the host environment in order for such to work. Please see the [[#Running_MPI_Programs_Inside_an_Apptainer Container|Running MPI Programs section below]] for more detail.
If you want to run MPI programs inside a container there are things that need to be done in the host environment in order for such to work. Please see the [[#Running_MPI_Programs_Inside_an_Apptainer Container|Running MPI Programs section below]] for an example of how to run MPI programs inside a container.


===Container-Specific Help: <code>apptainer run-help</code>===
===Container-Specific Help: <code>apptainer run-help</code>===
Preney
cc_staff
156

edits

Retrieved from "https://docs.alliancecan.ca/wiki/Special:MobileDiff/118645"

Navigation menu