Nexus/Apptainer: Difference between revisions

From UMIACS
Jump to navigation Jump to search
(Created page with "Running containers in a multi-tenant environment has a number of security considerations. While Docker is popular the most typical setups require a daemon that has administra...")
 
(Redirected page to Apptainer)
Tag: New redirect
 
(5 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Running containers in a multi-tenant environment has a number of security considerations.  While Docker is popular the most typical setups require a daemon that has administrative level privileges that makes it not tenable.  There has been a lot of work in this area but ultimately for HPC environments Singularity or as it is now known Apptainer is a solution that enables the capabilities of container workloads in multi-tenant environments.
#REDIRECT [[Apptainer]]
 
The one consideration is that to create an image you need to have administrative rights on the machine.  For this reason you can't directly create Apptainer images on our supported systems.  You can download or pull images from other repositories including the Docker repositories.
 
=Bind Mounts=
Apptainer containers will not automatically mount data from the outside operating system other than your home directory.  Users need to manually bind mounts for other file paths.
 
<code>--bind /fs/nexus-scratch/derek/project1:/mnt</code>
 
In this scenario we are binding the directory outside the container <code>/fs/nexus-scratch/derek/project1</code> to exist in the path <code>/mnt</code> inside the container.
 
=Shared Containers=
 
Portable images called Singularity Image Format or .sif files can be copied and shared.  Nexus maintains some shared containers in <code>/fs/nexus-containers</code>.  These are arranged by the application(s) that are installed.

Latest revision as of 17:47, 13 August 2024

Redirect to:

Retrieved from "https://wiki.umiacs.umd.edu/umiacs/index.php?title=Nexus/Apptainer&oldid=11993"