You can run containers in an M3 cluster, but not through Docker. Instead, use Apptainer (formerly known as Singularity).
Apptainer is similar to Docker but is more suitable for HPC environments out of the box. You can run almost all Docker images without any problems by just using Apptainer. Some differences are mentioned at the end of this documentation.
Here, we will show you the most common commands you need to start using Apptainer.
Read more about Apptainer here.
With Apptainer (formerly Singularity), you can pull Docker Hub images or build an image from a definition file.
Once you've built or pulled a .sif file, you can re-use it many times across multiple scripts or Batch jobs.
To directly pull a Docker image from Docker Hub using Apptainer, follow these examples:
This command pulls the "python:3.9.19-slim" image from Docker Hub and converts/saves it to a Singularity Image Format (SIF) image on the host filesystem.
apptainer pull docker://python:3.9.19-slim
# Please note the 'docker://' at the beginning of the image name.
This command opens an interactive shell within the "python:3.9.19-slim" image.
apptainer shell docker://python:3.9.19-slim
This command runs an Apptainer container using the "python:3.9.19-slim" image from Docker Hub.
apptainer run docker://python:3.9.19-slim
This command runs the python --version command inside the "python:3.9.19-slim" image.
apptainer exec docker://python:3.9.19-slim python --version
This command builds a Singularity format image from the "python:3.9.19-slim" image from Docker Hub and saves it to the local filesystem as python_3.9.19-slim.sif.
apptainer build python_3.9.19-slim.sif docker://python:3.9.19-slim
These commands display help information for Apptainer options and subcommands.
# Shows the general help information for Apptainer.
apptainer help
# Provides help details for the 'run' subcommand in Apptainer.
apptainer help run
A .sif (Singularity Image Format) file is a container image used by Apptainer. Here is how to create one:
Bootstrap: docker
From: ubuntu:22.04
%post
apt-get update && apt-get install -y python3
%runscript
echo "Hello from Apptainer container!"
.sif image:apptainer build my_container.sif container.def
.sif file:# Run the container:
apptainer run my_container.sif
# Shell into it:
apptainer shell my_container.sif
# Execute a command inside:
apptainer exec my_container.sif python3 --version
Apptainer can expose host GPUs to containers so apps like TensorFlow, PyTorch, or CUDA apps can use them.
To enable GPU support when running a container add the --nv flag:
apptainer run --nv my_container.sif
--nv flag, adds required GPU libraries and devices from the host into the container.
It automatically detects and binds:
You can check the presence of GPUs in the container:
apptainer exec --nv my_container.sif nvidia-smi
fakeroot is a feature that lets unprivileged users build or modify Apptainer containers as if they had root privileges, without needing real root access on the system.
It simulates root ownership and allows:
apptainer build --fakeroot my_container.sif container.def
apptainer shell --fakeroot my_container.sif
You can now act like root inside the container (e.g., install software), but you’re not root on the host.
Here’s a brief list of differences that may be helpful if you’re already familiar with Docker containers:
Filesystem Behavior: Docker containers typically use a writable overlay filesystem, allowing changes during runtime. In contrast, Apptainer containers are immutable by default (read-only). However, you can still write data by bind-mounting a directory or using the sandbox mode in Apptainer.
Default Bind Mounts: Unlike Docker, Apptainer automatically bind-mounts several directories from the host, including the home directory, /usr, and /tmp.
Networking: Apptainer uses the host's networking stack by default, whereas Docker isolates the network namespace of each container.