From 89d213dfa0b9aecbde0be3e6e255c19852ff09e3 Mon Sep 17 00:00:00 2001 From: Andrew Owen Date: Mon, 27 Apr 2026 14:28:32 -0500 Subject: [PATCH 1/2] Adding apptainer-in-apptainer recipe --- software/Apptainer/README.md | 31 +++++++ .../apptainer-in-apptainer/README.md | 81 +++++++++++++++++++ .../apptainer-in-apptainer/minimal-rocky.def | 22 +++++ .../apptainer-in-apptainer/minimal-ubuntu.def | 20 +++++ .../apptainer-in-apptainer/nice-rocky.def | 33 ++++++++ .../apptainer-in-apptainer/nice-ubuntu.def | 28 +++++++ 6 files changed, 215 insertions(+) create mode 100644 software/Apptainer/README.md create mode 100644 software/Apptainer/apptainer-in-apptainer/README.md create mode 100644 software/Apptainer/apptainer-in-apptainer/minimal-rocky.def create mode 100644 software/Apptainer/apptainer-in-apptainer/minimal-ubuntu.def create mode 100644 software/Apptainer/apptainer-in-apptainer/nice-rocky.def create mode 100644 software/Apptainer/apptainer-in-apptainer/nice-ubuntu.def diff --git a/software/Apptainer/README.md b/software/Apptainer/README.md new file mode 100644 index 0000000..c1b9bfe --- /dev/null +++ b/software/Apptainer/README.md @@ -0,0 +1,31 @@ + + +# Apptainer + +Container definition files for installing Apptainer. +**This is intended for "nested" containers.** + +> [!IMPORTANT] +> You do not need to do this for the "normal" use of Apptainer containers on CHTC. +> This is explicitly for the case where you need to be able to launch an Apptainer container ***from inside another container***! + +## About nested containers + +Normal execution of a container on CHTC has the correct permissions set automatically for everything to work as expected. +But those permissions do not extend into launching a container from inside of an already running container. +The result is usually some form of "permission denied" error. + diff --git a/software/Apptainer/apptainer-in-apptainer/README.md b/software/Apptainer/apptainer-in-apptainer/README.md new file mode 100644 index 0000000..214ea6c --- /dev/null +++ b/software/Apptainer/apptainer-in-apptainer/README.md @@ -0,0 +1,81 @@ + + +# Apptainer-in-Apptainer + +This recipe provides the definition file for the "parent" Apptainer container, +which has the ability to launch a "child" Apptainer container inside of it. + +## Bare minimum setup + +These images have the bare minimum required in order to use Apptainer inside of Apptainer. + +* [minimal-ubuntu.def](minimal-ubuntu.def) +* [minimal-rocky.def](minimal-rocky.def) + +## With "nice to have" packages + +These images have what is required to use Apptainer inside of Apptainer, +as well as some additional "common" programs that are useful to have. +For a full list of additional packages, see the definition file. + +* [nice-ubuntu.def](nice-ubuntu.def) +* [nice-rocky.def](nice-rocky.def) + +## [minimal-ubuntu.def](minimal-ubuntu.def) + +| | | | +| ---: | :--- | :--- | +| *Type* | **Apptainer** | | +| *OS* | Ubuntu 24.04 (Debian) | | +| *Base image* | **ubuntu:24.04** | *DockerHub* | +| *Updated* | 2026-04-27 | *Andrew Owen* | +| *Last tested on HTC* | 2026-04-27 | *Andrew Owen* | +| *Last tested on HPC* | - | - | + +## [minimal-rocky.def](minimal-rocky.def) + +| | | | +| ---: | :--- | :--- | +| *Type* | **Apptainer** | | +| *OS* | Rocky 9 (RHEL) | | +| *Base image* | **rockylinux:9** | *DockerHub* | +| *Updated* | 2026-04-27 | *Andrew Owen* | +| *Last tested on HTC* | 2026-04-27 | *Andrew Owen* | +| *Last tested on HPC* | - | - | + +## [nice-ubuntu.def](nice-ubuntu.def) + +| | | | +| ---: | :--- | :--- | +| *Type* | **Apptainer** | | +| *OS* | Ubuntu 24.04 (Debian) | | +| *Base image* | **ubuntu:24.04** | *DockerHub* | +| *Updated* | 2026-04-27 | *Andrew Owen* | +| *Last tested on HTC* | 2026-04-27 | *Andrew Owen* | +| *Last tested on HPC* | - | - | + +## [nice-rocky.def](nice-rocky.def) + +| | | | +| ---: | :--- | :--- | +| *Type* | **Apptainer** | | +| *OS* | Rocky 9 (RHEL) | | +| *Base image* | **rockylinux:9** | *DockerHub* | +| *Updated* | 2026-04-27 | *Andrew Owen* | +| *Last tested on HTC* | 2026-04-27 | *Andrew Owen* | +| *Last tested on HPC* | - | - | + diff --git a/software/Apptainer/apptainer-in-apptainer/minimal-rocky.def b/software/Apptainer/apptainer-in-apptainer/minimal-rocky.def new file mode 100644 index 0000000..9fbe622 --- /dev/null +++ b/software/Apptainer/apptainer-in-apptainer/minimal-rocky.def @@ -0,0 +1,22 @@ +Bootstrap: docker +From: rockylinux:9 + +%post + # base dnf/yum setup + dnf -y update && \ + dnf -y install yum-utils && \ + dnf -y config-manager --set-enabled crb && \ + dnf -y install epel-release + + dnf -y install --allowerasing \ + cpio \ + git \ + rpm + + # Installing unprivileged apptainer inside of the container + # adapted from https://apptainer.org/docs/admin/1.4/installation.html#install-unprivileged-from-pre-built-binaries + mkdir -p /opt + curl -s https://raw.githubusercontent.com/apptainer/apptainer/main/tools/install-unprivileged.sh | bash -s - /opt/apptainer + +%environment + export PATH="/opt/apptainer/bin:${PATH}" diff --git a/software/Apptainer/apptainer-in-apptainer/minimal-ubuntu.def b/software/Apptainer/apptainer-in-apptainer/minimal-ubuntu.def new file mode 100644 index 0000000..8b0fe4f --- /dev/null +++ b/software/Apptainer/apptainer-in-apptainer/minimal-ubuntu.def @@ -0,0 +1,20 @@ +Bootstrap: docker +From: ubuntu:24.04 + +%post + export DEBIAN_FRONTEND=noninteractive + apt update -y + apt install -y \ + bash \ + cpio \ + curl \ + git \ + rpm2cpio + + # Installing unprivileged apptainer inside of the container + # adapted from https://apptainer.org/docs/admin/1.4/installation.html#install-unprivileged-from-pre-built-binaries + mkdir -p /opt + curl -s https://raw.githubusercontent.com/apptainer/apptainer/main/tools/install-unprivileged.sh | bash -s - /opt/apptainer + +%environment + export PATH=/opt/apptainer/bin:$PATH diff --git a/software/Apptainer/apptainer-in-apptainer/nice-rocky.def b/software/Apptainer/apptainer-in-apptainer/nice-rocky.def new file mode 100644 index 0000000..9b26cf7 --- /dev/null +++ b/software/Apptainer/apptainer-in-apptainer/nice-rocky.def @@ -0,0 +1,33 @@ +Bootstrap: docker +From: rockylinux:9 + +%post + # base dnf/yum setup + dnf -y update && \ + dnf -y install yum-utils && \ + dnf -y config-manager --set-enabled crb && \ + dnf -y install epel-release + + # well rounded basic system to support a wide range of user jobs + dnf -y groupinstall "Development Tools" "Scientific Support" + + dnf -y install --allowerasing \ + cpio \ + git \ + nano \ + python3 \ + python3-pip \ + python3-devel \ + rpm \ + tree \ + unzip \ + vim \ + wget + + # Installing unprivileged apptainer inside of the container + # adapted from https://apptainer.org/docs/admin/1.4/installation.html#install-unprivileged-from-pre-built-binaries + mkdir -p /opt + curl -s https://raw.githubusercontent.com/apptainer/apptainer/main/tools/install-unprivileged.sh | bash -s - /opt/apptainer + +%environment + export PATH="/opt/apptainer/bin:${PATH}" diff --git a/software/Apptainer/apptainer-in-apptainer/nice-ubuntu.def b/software/Apptainer/apptainer-in-apptainer/nice-ubuntu.def new file mode 100644 index 0000000..d94e29a --- /dev/null +++ b/software/Apptainer/apptainer-in-apptainer/nice-ubuntu.def @@ -0,0 +1,28 @@ +Bootstrap: docker +From: ubuntu:24.04 + +%post + export DEBIAN_FRONTEND=noninteractive + apt update -y + apt install -y \ + bash \ + cpio \ + curl \ + git \ + nano \ + python3 \ + python3-pip \ + rpm2cpio \ + tar \ + tree \ + unzip \ + vim \ + wget + + # Installing unprivileged apptainer inside of the container + # adapted from https://apptainer.org/docs/admin/1.4/installation.html#install-unprivileged-from-pre-built-binaries + mkdir -p /opt + curl -s https://raw.githubusercontent.com/apptainer/apptainer/main/tools/install-unprivileged.sh | bash -s - /opt/apptainer + +%environment + export PATH=/opt/apptainer/bin:$PATH From d6d19d7ce9e5107f324cc21469e255e2aaf13c9f Mon Sep 17 00:00:00 2001 From: Andrew Owen Date: Mon, 27 Apr 2026 15:16:49 -0500 Subject: [PATCH 2/2] Add unsquash option --- software/Apptainer/apptainer-in-apptainer/README.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/software/Apptainer/apptainer-in-apptainer/README.md b/software/Apptainer/apptainer-in-apptainer/README.md index 214ea6c..d5119b0 100644 --- a/software/Apptainer/apptainer-in-apptainer/README.md +++ b/software/Apptainer/apptainer-in-apptainer/README.md @@ -19,6 +19,15 @@ This recipe provides the definition file for the "parent" Apptainer container, which has the ability to launch a "child" Apptainer container inside of it. +# Launching inner container + +To run the inner container, you need to use the `--unsquash` argument with your `apptainer` command. +For example, + +``` +apptainer exec --unsquash my_inner_container.sif inner_script.sh +``` + ## Bare minimum setup These images have the bare minimum required in order to use Apptainer inside of Apptainer.