Container-based Virtualization
Containers allow users to deploy complex software environments in a portable package. A container is deployed on a operation system host, and shares the basic functionality (kernel, network, peripherals) with the host, but, OS like functionality like the system libraries and the rest of the OS stack is defined by the container and may be different than the host OS. Thanks to this lightweight design, application performance in the container is comparable to the native host.
Docker is the de-facto standard in containerization, however, it requires elevated priviledges that make it problematic in HPC environments. For that reason, CHPC does not allow Docker. However, there are tools that allow to create and run Docker containers. Our recommended approaches are described in the table below. See our OS-level virtualization (container) policies for details on allowed and restricted container use.
| What we want to do | What tool we recommend | Other tool that can be used |
| Run Docker container from Docker hub or other Docker container repository |
Charliecloud |
|
| Create a Docker container | Charliecloud | |
| Create an Apptainer/Singularity container | Apptainer/Singularity | |
| Create any container (don't care what tool) | Apptainer/Singularity | Charliecloud |
In short, we can use all three tools, Apptainer, Singularity and Charliecloud, to run existing containers. To build containers, one has to either use Apptainer or Charliecloud, both of which allow creation of containers completely in user space. Singularity has more limited container creation functionality in the user space.
Apptainer/Singularity is a complete container solution, which allows both to build and run containers. Its simple interface and good interoperability wth DockerHub containers makes it our choice to run Docker containers. Building a container requires administrator priviledges and as such it is not permitted on CHPC production machines.
Charliecloud also allows to both build and run containters, and does so completely in user space. Because of its interoperability with DockerHub and use of Dockerfiles to build containers, it's an easier tool to use to build Docker-like containers.
Please, see our help page for each tool for details and how to use it.