1apptainer(1) apptainer(1)
2
6 apptainer-instance-start - Start a named instance of the given con‐
7 tainer image
8
12 apptainer instance start [start options...] [startscript args...]
13
17 The instance start command allows you to create a new named instance
18 from an
19 existing container image that will begin running in the background.
20 If a
21 startscript is defined in the container metadata the commands in that
22 script
23 will be executed with the instance start command as well. You can op‐
24 tionally
25 pass arguments to startscript
26 apptainer instance start accepts the following container formats
29 *.sif Singularity Image Format (SIF). Native to Singular‐
32 ity (3.0+) and Apptainer (v1.0.0+)
33 *.sqsh SquashFS format. Native to Singularity 2.4+
36 *.img ext3 format. Native to Singularity versions < 2.4.
39 directory/ sandbox format. Directory containing a valid root
42 file
43 system and optionally Apptainer meta-data.
44 instance://* A local running instance of a container. (See the
47 instance
48 command group.)
49 library://* A SIF container hosted on a Library (no default)
52 docker://* A Docker/OCI container hosted on Docker Hub or an‐
55 other
56 OCI registry.
57 shub://* A container hosted on Singularity Hub.
60 oras://* A SIF container hosted on an OCI registry that sup‐
63 ports
64 the OCI Registry As Storage (ORAS) specification.
65
69 --add-caps="" a comma separated capability list to add
70 --allow-setuid[=false] allow setuid binaries in container (root
73 only)
74 --apply-cgroups="" apply cgroups from file for container processes
77 (root only)
78 -B, --bind=[] a user-bind path specification. spec has the format
81 src[:dest[:opts]], where src and dest are outside and inside paths. If
82 dest is not given, it is set equal to src. Mount options ('opts') may
83 be specified as 'ro' (read-only) or 'rw' (read/write, which is the de‐
84 fault). Multiple bind paths can be given by a comma separated list.
85 --boot[=false] execute /sbin/init to boot container (root only)
88 -e, --cleanenv[=false] clean environment before running container
91 --compat[=false] apply settings for increased OCI/Docker compati‐
94 bility. Infers --containall, --no-init, --no-umask, --writable-tmpfs.
95 -c, --contain[=false] use minimal /dev and empty other directories
98 (e.g. /tmp and $HOME) instead of sharing filesystems from your host
99 -C, --containall[=false] contain not only file systems, but also
102 PID, IPC, and environment
103 --disable-cache[=false] dont use cache, and dont create cache
106 --dmtcp-launch="" checkpoint for dmtcp to save container process
109 state to (experimental)
110 --dmtcp-restart="" checkpoint for dmtcp to use to restart con‐
113 tainer process (experimental)
114 --dns="" list of DNS server separated by commas to add in re‐
117 solv.conf
118 --docker-login[=false] login to a Docker Repository interactively
121 --drop-caps="" a comma separated capability list to drop
124 --env=[] pass environment variable to contained process
127 --env-file="" pass environment variables from file to contained
130 process
131 -f, --fakeroot[=false] run container in new user namespace as uid
134 0
135 --fusemount=[] A FUSE filesystem mount specification of the form
138 ': ' - where is 'container' or 'host', specifying where the mount will
139 be performed ('container-daemon' or 'host-daemon' will run the FUSE
140 process detached). is the path to the FUSE executable, plus options
141 for the mount. is the location in the container to which the FUSE
142 mount will be attached. E.g. 'container:sshfs 10.0.0.1:/ /sshfs'. Im‐
143 plies --pid.
144 -h, --help[=false] help for start
147 -H, --home="/builddir" a home directory specification. spec can
150 either be a src path or src:dest pair. src is the source path of the
151 home directory outside the container and dest overrides the home direc‐
152 tory within the container.
153 --hostname="" set container hostname
156 -i, --ipc[=false] run container in a new IPC namespace
159 --keep-privs[=false] let root user keep privileges in container
162 (root only)
163 --mount=[] a mount specification e.g. 'type=bind,source=/opt,des‐
166 tination=/hostopt'.
167 -n, --net[=false] run container in a new network namespace (sets
170 up a bridge network interface by default)
171 --network="bridge" specify desired network type separated by com‐
174 mas, each network will bring up a dedicated interface inside container
175 --network-args=[] specify network arguments to pass to CNI plugins
178 --no-home[=false] do NOT mount users home directory if /home is
181 not the current working directory
182 --no-https[=false] use http instead of https for docker:// oras://
185 and library:///... URIs
186 --no-init[=false] do NOT start shim process with --pid
189 --no-mount=[] disable one or more mount xxx options set in app‐
192 tainer.conf
193 --no-privs[=false] drop all privileges from root user in con‐
196 tainer)
197 --no-umask[=false] do not propagate umask to the container, set
200 default 0022 umask
201 --nv[=false] enable Nvidia support
204 --nvccli[=false] use nvidia-container-cli for GPU setup (experi‐
207 mental)
208 -o, --overlay=[] use an overlayFS image for persistent data stor‐
211 age or as read-only layer of container
212 --passphrase[=false] prompt for an encryption passphrase
215 --pem-path="" enter an path to a PEM formatted RSA key for an en‐
218 crypted container
219 --pid-file="" write instance PID to the file with the given name
222 --rocm[=false] enable experimental Rocm support
225 -S, --scratch=[] include a scratch directory within the container
228 that is linked to a temporary dir (use -W to force location)
229 --security=[] enable security features (SELinux, Apparmor, Sec‐
232 comp)
233 -u, --userns[=false] run container in a new user namespace, allow‐
236 ing Apptainer to run completely unprivileged on recent kernels. This
237 disables some features of Apptainer, for example it only works with
238 sandbox images.
239 --uts[=false] run container in a new UTS namespace
242 -W, --workdir="" working directory to be used for /tmp, /var/tmp
245 and $HOME (if -c/--contain was also used)
246 -w, --writable[=false] by default all Apptainer containers are
249 available as read only. This option makes the file system accessible as
250 read/write.
251 --writable-tmpfs[=false] makes the file system accessible as read-
254 write with non persistent data (with overlay support only)
255
259 $ apptainer instance start /tmp/my-sql.sif mysql
260 $ apptainer shell instance://mysql
262 Apptainer my-sql.sif> pwd
263 /home/mibauer/mysql
264 Apptainer my-sql.sif> ps
265 PID TTY TIME CMD
266 1 pts/0 00:00:00 sinit
267 2 pts/0 00:00:00 bash
268 3 pts/0 00:00:00 ps
269 Apptainer my-sql.sif>
270 $ apptainer instance stop /tmp/my-sql.sif mysql
272 Stopping /tmp/my-sql.sif mysql
273
278 apptainer-instance(1)
279
283 22-Jun-2022 Auto generated by spf13/cobra
284Auto generated by spf13/cobra Jun 2022 apptainer(1)