38,760
edits
Apptainer/en: Difference between revisions
Jump to navigation
Jump to search
Updating to match new version of source page
(Updating to match new version of source page) |
(Updating to match new version of source page) |
||
| Line 72: | Line 72: | ||
|- | |- | ||
| <code>-C</code> || Isolates the running container from all | | <code>-C</code> || Isolates the running container from <b>all filesystems</b> as well as the parent PID, IPC, and environment. Using this option will require [[#Bind_mounts|using bind mounts]] if access to filesystems outside of the container is needed. | ||
|- | |- | ||
| <code>-c</code> || Isolates the running container from most | | <code>-c</code> || Isolates the running container from <b>most filesystems</b> only using a minimal <code>/dev</code>, an empty <code>/tmp</code> directory, and an empty <code>/home</code> directory. Using this option will require [[#Bind_mounts|using bind mounts]] if access to filesystems outside of the container is needed. | ||
|- | |- | ||
| <code>-e</code> || Cleans (some) shell environment variables before running container commands and applies settings for increased OCI/Docker compatibility. Using this option also implies the use of | | <code>-e</code> || Cleans (some) shell environment variables before running container commands and applies settings for increased OCI/Docker compatibility. Using this option also implies the use of options <code>--containall</code>, <code>--no-init</code>, <code>--no-umask</code>, and <code>--writable-tmpfs</code>. | ||
|} | |} | ||
Another important option is the <code>-W</code> or <code>--workdir</code> option. On | Another important option is the <code>-W</code> or <code>--workdir</code> option. On our clusters and on most Linux systems, <code>/tmp</code> and similar filesystems use RAM, not disk space. Since jobs typically run on our clusters with limited RAM amounts, this can result in jobs getting killed because they consume too much RAM relative to what was requested for the job. A suitable workaround for this is to tell Apptainer to use a real disk location for its working directory (<code>workdir</code>). This is done by passing the <code>-W</code> option followed by a path to a disk location where Apptainer can read/write temporary files For example, to run a command called <code>myprogram</code> in an Apptainer container image called <code>myimage.sif</code> with its working directory set to <code>/path/to/a/workdir</code> in the filesystem, you would use | ||
<source lang="console">$ mkdir -p $HOME/aworkdir | <source lang="console">$ mkdir -p $HOME/aworkdir | ||
| Line 85: | Line 85: | ||
where: | where: | ||
* | * <code>workdir</code> can be removed if there are no live containers using it. | ||
* When using Apptainer in an <code>salloc</code>, in an <code>sbatch</code> job, or when using [JupyterHub] on our clusters, use <code>${SLURM_TMPDIR}</code> for the | * When using Apptainer in an <code>salloc</code>, in an <code>sbatch</code> job, or when using [[JupyterHub]] on our clusters, use <code>${SLURM_TMPDIR}</code> for the working directory's location, e.g., <code>-W ${SLURM_TMPDIR}</code>. | ||
** ASIDE: One should <b>not</b> be running programs (including Apptainer) on a login node. Use an interactive <code>salloc</code> job. | ** ASIDE: One should <b>not</b> be running programs (including Apptainer) on a login node. Use an interactive <code>salloc</code> job. | ||
* When using bind mounts, see the [[#Bind_Mounts|section on bind mounts]] below since not all | * When using bind mounts, see the [[#Bind_Mounts|section on bind mounts]] below since not all of our clusters are the same concerning the exact bind mounts needed to access <code>/home</code>, <code>/project</code>, and <code>/scratch</code>. | ||
==Using GPUs== | ==Using GPUs== | ||
| Line 95: | Line 95: | ||
* Ensure that you pass the <code>--nv</code> (for NVIDIA hardware) and <code>--rocm</code> (for AMD hardware) to Apptainer commands. | * Ensure that you pass the <code>--nv</code> (for NVIDIA hardware) and <code>--rocm</code> (for AMD hardware) to Apptainer commands. | ||
** These options will ensure the appropriate <code>/dev</code> entries are bind mounted inside the container. | ** These options will ensure the appropriate <code>/dev</code> entries are bind mounted inside the container. | ||
** These options will locate and bind GPU-related libraries on the host (e.g., so such becomes bind | ** These options will locate and bind GPU-related libraries on the host (e.g., so such becomes bind mounted inside the container) as well as setting the <code>LD_LIBRARY_PATH</code> environment variable to enable the aforementioned libraries will work inside the container. | ||
* Ensure the application using the GPU inside the container was properly compiled to use the GPU and its libraries. | * Ensure the application using the GPU inside the container was properly compiled to use the GPU and its libraries. | ||
* When needing to use OpenCL inside the container, besides using the aforementioned options use the following bind mount: <code>-B /etc/OpenCL</code>. | * When needing to use OpenCL inside the container, besides using the aforementioned options, use the following bind mount: <code>-B /etc/OpenCL</code>. | ||
An example of [[#Using_NVIDIA_GPUs_Within_an_Apptainer_Container|using NVIDIA GPUs within an | An example of [[#Using_NVIDIA_GPUs_Within_an_Apptainer_Container|using NVIDIA GPUs within an Apptainer container]] appears later on this page. | ||
==Using MPI programs== | ==Using MPI programs== | ||