Containers allow users to deploy complex software environments in a portable package. A container is deployed on a operation system host, and shares the basic functionality (kernel, network, peripherals) with the host, but, OS like functionality like the system libraries and the rest of the OS stack is defined by the container and may be different than the host OS. Thanks to this lightweight design, application performance in the container is comparable to the native host.
Docker is the de-facto standard in containerization, however, it requires elevated priviledges that make it problematic in HPC environments. For that reason, CHPC does not allow Docker. However, there are tools that allow to create and run Docker containers. Our recommended approaches are described in the table below. See our OS-level virtualization (container) policies for details on allowed and restricted container use.
|What we want to do||What tool we recommend||Other tool that can be used|
|Run Docker container from Docker hub
or other Docker container repository
|Create a Docker container||Charliecloud|
|Create a Singularity container||Singularity|
|Create any container (don't care what tool)||Singularity|
In short, we can use all three tools, udocker, Singularity and Charliecloud, to run existing containers. To build containers, one has to either use Singularity or Charliecloud, and have to do it either on a machine where one has administrator rights, or on a special server that we provide for container building.
Singularity is a complete container solution, which allows both to build and run containers. Its simple interface and good interoperability wth DockerHub containers makes it our choice to run Docker containers. Building a container requires administrator priviledges and as such it is not permitted on CHPC production machines.
udocker is a lightweight Docker runtime, which allows to run and modify (to certain extent) Docker containers. It is also easy to use and is implemented completely user space implementation, which provides a good alternative to Singularity in running DockerHub containers. However, we have seen some DockerHub containers that don't run with udocker but do with Singularity.
Charliecloud also allows to both build and run containters, but it's leveraging Docker to build the containers, and requires both administrator priviledges and functioning Docker installation to build the containers. Therefore we also don't allow container building with Charliecloud on CHPC production machines.
Please, see our help page for each tool for details and how to use it.