1. Background

Containers alleviate installation and portability challenges by packaging all the dependencies of an application within a self-sustainable image, a.k.a. a container. Linux container platforms such as Apptainer and Docker allow you to install and use software within self-contained, portable, and reproducible environments. Linux containers allow users to:

• Use software with complicated dependencies and environment requirements
• Run an application container from the Sylabs Container Library or Docker Hub
• Use a package manager (like apt or yum) to install software without changing anything on the host system
• Run an application that was built for a different distribution of Linux than the host OS
• Run the latest released software built for newer Linux OS versions than that present on HPC systems
• Archive an analysis for long-term reproducibility and/or publication

2. What is a Container?

Put simply, a container consists of an entire runtime environment: an application, plus all its dependencies, libraries and other binaries, and configuration files needed to run it, bundled into one package. By containerizing the application platform and its dependencies, differences in OS distributions and underlying infrastructure are abstracted away.

3. Apptainer Containers

Apptainer is a tool for running software containers on HPC systems, similar to Docker. Apptainer is the first containerization technology supported across DSRC HPC resources. In 2021, development of the container technology known as "Singularity" forked resulting in two similar products. Apptainer (https://apptainer.org/) is the new name of the open source branch homed at the Linux Foundation. The other branch is still known as "Singularity" and is developed by Sylabs (https://sylabs.io/). The Apptainer branch is the supported version on DSRC platforms though the basic capabilities of Apptainer and Singularity are still mostly the same and Singularity containers will often run unchanged on Apptainer.

4. Why Apptainer?

Apptainer is a container framework designed to run scientific applications on HPC-backed resources.

Apptainer allows running Docker containers natively and is a replacement for Docker on HPC systems.

Apptainer is built with HPC systems in mind, to solve many problems:

• Security: a user in the container is the same user with the same privileges/permissions as the one running the container, so no privilege escalation is possible
• Ease of deployment: no daemon running as root on each node, a container is simply an executable
• Ability to mount local file systems or do bind mappings to access devices
• Ability to run MPI and GPU HPC workflows with Apptainer containers

5. Accessing Apptainer

In the future, Apptainer will be included in a system's default PATH. For those systems still transitioning to Apptainer, Apptainer is accessed by loading the "apptainer" module:

$ module load apptainer $ which apptainer /usr/bin/apptainer $ apptainer --version apptainer version 1.2.4-1

Apptainer provides a link called “singularity” for backward compatibility with Singularity:

$ singularity --version apptainer version 1.2.4-1

6. Which Systems Support Apptainer

Apptainer is installed on all production allocated HPC systems, restricted systems, and HPC Portal Appliances.

*Note: Apptainer containers are portable across any instruction set-compatible Linux system, like x86 Intel/AMD. You must build different Apptainer containers for Power or Arm processor-based systems.

7. Which Version of Apptainer is Available?

Apptainer version 1.3.x is installed and supported across most production DSRC HPC systems. Version 1.2 may be found on some systems in transition to 1.3.

8. Who Can Use Apptainer Containers?

Any user may execute Apptainer containers on any supported systems. Container images may be placed and run from any system location: $HOME, $WORKDIR, $PROJECTS_HOME, etc.

9. Building Containers

HPCMP HPC systems are able to build Apptainer containers. In addition, containers may be built on other platforms and transferred to a DSRC machine:

• The system named "Builder" at MHPCC is designed to be a container-building platform,
• Your own system (laptop/workstation) where you have Apptainer installed,
• A Portal Appliance.

10. Training is Available on the HPC Training Website

Training related to containers is available in the "Past Training" tab of the HPC Training site (https://centers.hpc.mil/users/HPCTraining.html#past). Search for "Singularity" or "Container" to find courses on general container building and use as well as domain-specific applications of containers.

REQUIRED: You must have an "active" HPCMP account to access the HPC Training System. Some courses to get started with Apptainer/Singularity are:

• Building Singularity Containers for DoD Resources
• Singularity -Use Cases and Implementation
• Building Singularity Containers using System Compilers
• Advanced Singularity Builds and Usage on the DoD HPCs
• Singularity Development Tips
• Building Singularity Containers
• PET Singularity Container Development Practices
• Building a Custom DA Tools Container for Deep Learning

11. Reference Containers and Examples

Reference containers for basic, MPI and GPU based workflows are provided on most systems for user convenience.

Reference containers, instructions, and run scripts are generally located at:

$SAMPLES_HOME/Singularity/examples

The README, in the examples directory, provides a complete description.

12. Public/Community Information Sites

• Apptainer Home
• Apptainer Documentation
• Apptainer on GitHub
• Apptainer 1.3 User Guide
• Apptainer 1.3 Admin Guide
• Docker Hub