System Status: All systems are operational • Services are available and operational.
Click for detailed status

Apptainer

Apptainer is an open source container platform designed to be simple, fast, and secure. Many container platforms are available, but Apptainer is designed for ease-of-use on shared systems and in high performance computing (HPC) environments.

Apptainer on Euler

Apptainer on Euler is provided as an OS package. No module needs to be loaded to use it.

Version
1.4

Setup

For security reasons, access to Apptainer on Euler restricted. To request access, run get-access on Euler.

Note: Apptainer relies on executables with the setuid bit, granting them elevated privileges. This introduces potential security risks for Euler. If a vulnerability affecting setuid is discovered, Apptainer access may be suspended until a security update is applied.

To optimize storage usage, set these environment variables:

export APPTAINER_CACHEDIR="$SCRATCH/.apptainer"
export APPTAINER_TMPDIR="${TMPDIR:-/tmp}"

Add these lines to your .bashrc or .bash_profile to make them persistent.

• APPTAINER_CACHEDIR sets the cache directory. Since cached data can be safely deleted, storing it in scratch is a good fit.
• APPTAINER_TMPDIR specifies where temporary files are stored during image builds, using the local temporary directory is therefore a good fit.

Usage

You can obtain containers from public sources such as:

• Sylabs Container Library
• Docker Hub
• NVIDIA containers with Apptainer

If you require a custom container, build it on your local workstation. Container creation requires root privileges and is not permitted directly on Euler. Once built, transfer your container image (.sif file) to Euler for use.

To run a container, use the apptainer exec command:

apptainer exec --bind /path/to/bind:/path/in/container my_container.sif my_command

This binds a local directory to a directory inside the container, allowing you to access files from the host system within the container.

To launch an interactive session within a container, use apptainer shell.

To run a container with GPU support, use the --nv flag.

MPI (Message Passing Interface)

To use MPI in a containers, build MPI inside your Dockerfile and copy it into your container. Make sure to compile with UCX for better performance. See full example: https://gitlab.ethz.ch/hpc-applications/mpi-test.

Import the data for slurm with:

scp -r USER@euler.ethz.ch:/cluster/apps/slurm .

Finally, you can run the container in slurm with the following script. Don't forget to bind the scratch or you could have issues with temporary files:

#!/bin/bash

#SBATCH -n 4 -N 2 --ntasks-per-node=2 -C ib
#SBATCH --time=00:05:00
#SBATCH --exclusive --contiguous

module load openmpi
mpirun -np 4 apptainer exec --bind /scratch:/scratch \
  docker://registry.euler.hpc.ethz.ch/node-testing/mpi-bench:latest /data/mpiBench

Support

We offer support for running Apptainer containers on Euler, including assistance with container execution and integration on the cluster. However, we cannot provide support for the software or applications installed inside the containers. For issues related to installing or using software within a container, please contact the container's developers or maintainers.

Troubleshooting

If you cannot run Apptainer, check if you belong to the ID-HPC-SINGULARITY group:

id | grep ID-HPC-SINGULARITY

If the command returns nothing, you do not have access. To request access, see see section Setup.