1apptainer(1) apptainer(1)
2
6 apptainer-instance-start - Start a named instance of the given con‐
7 tainer image
8
12 apptainer instance start [start options...] [startscript args...]
13
17 The instance start command allows you to create a new named instance
18 from an
19 existing container image that will begin running in the background.
20 If a
21 startscript is defined in the container metadata the commands in that
22 script
23 will be executed with the instance start command as well. You can op‐
24 tionally
25 pass arguments to startscript.
26 apptainer instance start accepts the following container formats
29 *.sif Singularity Image Format (SIF). Native to Singular‐
32 ity
33 (3.0+) and Apptainer (v1.0.0+)
34 *.sqsh SquashFS format. Native to Singularity 2.4+
37 *.img ext3 format. Native to Singularity versions < 2.4.
40 directory/ sandbox format. Directory containing a valid root
43 file
44 system and optionally Apptainer meta-data.
45 instance://* A local running instance of a container. (See the
48 instance
49 command group.)
50 library://* A SIF container hosted on a Library (no default)
53 docker://* A Docker/OCI container hosted on Docker Hub or an‐
56 other
57 OCI registry.
58 shub://* A container hosted on Singularity Hub.
61 oras://* A SIF container hosted on an OCI registry that sup‐
64 ports
65 the OCI Registry As Storage (ORAS) specification.
66
70 --add-caps="" a comma separated capability list to add
71 --allow-setuid[=false] allow setuid binaries in container (root
74 only)
75 --app="" set an application to run inside a container
78 --apply-cgroups="" apply cgroups from file for container processes
81 (root only)
82 -B, --bind=[] a user-bind path specification. spec has the format
85 src[:dest[:opts]], where src and dest are outside and inside paths. If
86 dest is not given, it is set equal to src. Mount options ('opts') may
87 be specified as 'ro' (read-only) or 'rw' (read/write, which is the de‐
88 fault). Multiple bind paths can be given by a comma separated list.
89 --blkio-weight=0 Block IO relative weight in range 10-1000, 0 to
92 disable
93 --blkio-weight-device=[] Device specific block IO relative weight
96 --boot[=false] execute /sbin/init to boot container (root only)
99 -e, --cleanenv[=false] clean environment before running container
102 --compat[=false] apply settings for increased OCI/Docker compati‐
105 bility. Infers --containall, --no-init, --no-umask, --no-eval,
106 --writable-tmpfs.
107 -c, --contain[=false] use minimal /dev and empty other directories
110 (e.g. /tmp and $HOME) instead of sharing filesystems from your host
111 -C, --containall[=false] contain not only file systems, but also
114 PID, IPC, and environment
115 --cpu-shares=-1 CPU shares for container
118 --cpus="" Number of CPUs available to container
121 --cpuset-cpus="" List of host CPUs available to container
124 --cpuset-mems="" List of host memory nodes available to container
127 --disable-cache[=false] do not use or create cache
130 --dmtcp-launch="" checkpoint for dmtcp to save container process
133 state to (experimental)
134 --dmtcp-restart="" checkpoint for dmtcp to use to restart con‐
137 tainer process (experimental)
138 --dns="" list of DNS server separated by commas to add in re‐
141 solv.conf
142 --docker-host="" specify a custom Docker daemon host
145 --docker-login[=false] login to a Docker Repository interactively
148 --drop-caps="" a comma separated capability list to drop
151 --env=[] pass environment variable to contained process
154 --env-file="" pass environment variables from file to contained
157 process
158 -f, --fakeroot[=false] run container with the appearance of run‐
161 ning as root
162 --fusemount=[] A FUSE filesystem mount specification of the form
165 ': ' - where is 'container' or 'host', specifying where the mount will
166 be performed ('container-daemon' or 'host-daemon' will run the FUSE
167 process detached). is the path to the FUSE executable, plus options
168 for the mount. is the location in the container to which the FUSE
169 mount will be attached. E.g. 'container:sshfs 10.0.0.1:/ /sshfs'. Im‐
170 plies --pid.
171 -h, --help[=false] help for start
174 -H, --home="/builddir" a home directory specification. spec can
177 either be a src path or src:dest pair. src is the source path of the
178 home directory outside the container and dest overrides the home direc‐
179 tory within the container.
180 --hostname="" set container hostname
183 -i, --ipc[=false] run container in a new IPC namespace
186 --keep-privs[=false] let root user keep privileges in container
189 (root only)
190 --memory="" Memory limit in bytes
193 --memory-reservation="" Memory soft limit in bytes
196 --memory-swap="" Swap limit, use -1 for unlimited swap
199 --mount=[] a mount specification e.g. 'type=bind,source=/opt,des‐
202 tination=/hostopt'.
203 -n, --net[=false] run container in a new network namespace (sets
206 up a bridge network interface by default)
207 --network="" specify desired network type separated by commas,
210 each network will bring up a dedicated interface inside container
211 --network-args=[] specify network arguments to pass to CNI plugins
214 --no-eval[=false] do not shell evaluate env vars or OCI container
217 CMD/ENTRYPOINT/ARGS
218 --no-home[=false] do NOT mount users home directory if /home is
221 not the current working directory
222 --no-https[=false] use http instead of https for docker:// oras://
225 and library:///... URIs
226 --no-init[=false] do NOT start shim process with --pid
229 --no-mount=[] disable one or more 'mount xxx' options set in app‐
232 tainer.conf and/or specify absolute destination path to disable a bind
233 path entry, or 'bind-paths' to disable all bind path entries.
234 --no-privs[=false] drop all privileges from root user in con‐
237 tainer)
238 --no-umask[=false] do not propagate umask to the container, set
241 default 0022 umask
242 --nv[=false] enable Nvidia support
245 --nvccli[=false] use nvidia-container-cli for GPU setup (experi‐
248 mental)
249 --oom-kill-disable[=false] Disable OOM killer
252 -o, --overlay=[] use an overlayFS image for persistent data stor‐
255 age or as read-only layer of container
256 --passphrase[=false] prompt for an encryption passphrase
259 --pem-path="" enter an path to a PEM formatted RSA key for an en‐
262 crypted container
263 --pid-file="" write instance PID to the file with the given name
266 --pids-limit=0 Limit number of container PIDs, use -1 for unlim‐
269 ited
270 --rocm[=false] enable experimental Rocm support
273 -S, --scratch=[] include a scratch directory within the container
276 that is linked to a temporary dir (use -W to force location)
277 --security=[] enable security features (SELinux, Apparmor, Sec‐
280 comp)
281 --underlay[=false] use underlay
284 --unsquash[=false] Convert SIF file to temporary sandbox before
287 running
288 -u, --userns[=false] run container in a new user namespace
291 --uts[=false] run container in a new UTS namespace
294 -W, --workdir="" working directory to be used for /tmp, /var/tmp
297 and $HOME (if -c/--contain was also used)
298 -w, --writable[=false] by default all Apptainer containers are
301 available as read only. This option makes the file system accessible as
302 read/write.
303 --writable-tmpfs[=false] makes the file system accessible as read-
306 write with non persistent data (with overlay support only)
307
311 $ apptainer instance start /tmp/my-sql.sif mysql
312 $ apptainer shell instance://mysql
314 Apptainer my-sql.sif> pwd
315 /home/mibauer/mysql
316 Apptainer my-sql.sif> ps
317 PID TTY TIME CMD
318 1 pts/0 00:00:00 appinit
319 2 pts/0 00:00:00 bash
320 3 pts/0 00:00:00 ps
321 Apptainer my-sql.sif>
322 $ apptainer instance stop /tmp/my-sql.sif mysql
324 Stopping /tmp/my-sql.sif mysql
325
330 apptainer-instance(1)
331
335 22-Nov-2023 Auto generated by spf13/cobra
336Auto generated by spf13/cobra Nov 2023 apptainer(1)