This section is incomplete
This documentation section on Container Technologies is still being written and will not be complete until the Comet HPC facility is fully commissioned.
Links to the official Podman documentation material:
Unlike Apptainer, workflow with Podman is much more similar to Docker:
We recommend Podman is used by more experienced users. If you are just starting out with containers then Apptainer has a lower level of complexity for first time users.
Note that this help guide is not intended to be a complete introduction to Podman - this is just a starter for how Podman can be used on Comet. Please consider signing up to a future RSE container technology workshop.
Links TBC
To work correctly on Comet without requiring any additional permissions there is a small amount of configuration each user needs to make before using Podman.
Log in to Comet and run the following:
$ mkdir -p $HOME/.config/containers $ nano $HOME/.config/containers/storage.conf
In the text editor, paste the configuration shown below:
[storage] driver = "overlay" runroot = "/tmp/podman_n1234" graphroot = "/mnt/nfs/home/n1234/podman_images" [storage.options.overlay] force_mask = "0700"
Make sure that you change n1234 to your real University username. This config file tells Podman to store any downloaded or created images in $HOME/podman_images, and also instructs Podman to run your container from /tmp.
$HOME/podman_images
/tmp
This is a mandatory configuration - if you do not set it then you will not be able to use Podman to create or run containers.
Load the Podman module:
$ module load Podman $ podman version Client: Podman Engine Version: 5.5.3-dev API Version: 5.5.3-dev Go Version: go1.23.6 Git Commit: 87c980c6e2a3e2cb3b8ede4152d94ca204bbe483 Built: Fri Jun 27 16:17:49 2025 OS/Arch: linux/amd64$
Download a new image:
$ podman image pull ubuntu Resolved "ubuntu" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf) Trying to pull docker.io/library/ubuntu:latest... Getting image source signatures Copying blob 32f112e3802c done | Copying config 65ae7a6f35 done | Writing manifest to image destination 65ae7a6f3544bd2d2b6d19b13bfc64752d776bc92c510f874188bfd404d205a3 $
Check that the image is in your image store:
$ podman image list REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/library/ubuntu latest 65ae7a6f3544 3 weeks ago 80.6 MB $
Create a container from the image, using the IMAGE_ID shown in podman image list:
podman image list
$ podman create --network slirp4netns --tty --name ubuntu_test_container 65ae7a6f3544 8334ec4230a039c5c4eaf601e9988276511038e685033aff9d10b590099850f9 $
Check that your container is listed and available:
$ podman ps --all CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 8334ec4230a0 docker.io/library/ubuntu:latest /bin/bash 51 seconds ago Created ubuntu_test_container $
Start your container:
$ podman container start ubuntu_test_container ubuntu_test_container $ $ podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 8334ec4230a0 docker.io/library/ubuntu:latest /bin/bash 3 minutes ago Up 3 seconds ubuntu_test_container $
Stop your container:
$ podman container stop ubuntu_test_container ubuntu_test_container $ $ podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES $
You can also run a single command without needing to start the entire container as a running process. This will likely be the most common use case of your Podman containers on Comet:
$ podman container run --network slirp4netns --interactive --tty --name a_new_test_container 65ae7a6f3544 /bin/bash root@b114109ae278:/# whoami root root@b114109ae278:/# cat /etc/os-release PRETTY_NAME="Ubuntu 24.04.2 LTS" NAME="Ubuntu" VERSION_ID="24.04" VERSION="24.04.2 LTS (Noble Numbat)" VERSION_CODENAME=noble ID=ubuntu ID_LIKE=debian HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" UBUNTU_CODENAME=noble LOGO=ubuntu-logo root@b114109ae278:/# exit exit $
In this example we started a new container instance called “a_new_test_container” from the Ubuntu IMAGE_ID 65ae7a6f3544 and got an interactive BASH prompt inside the image. We then checked which user we were (root!) and got the version of Linux we were running in (Ubuntu, not Redhat which Comet uses).
In most cases you probably won't be working interactively in the container itself, instead just running a single command (or script of commands), you can achieve that easily by removing the –interactive and –tty flags, e.g.:
–interactive
–tty
$ podman container run --replace --network slirp4netns --name a_new_test_container 65ae7a6f3544 whoami root $
Note the use of the –replace option; this replaces an existing container of the same name with a new one each time you call create, run or start. Since you may need to run the same container over and over, this is convenient over creating a unique container each time, or using podman container rm on the old one.
–replace
create
run
start
podman container rm
Check the documentation for Podman to be sure of the meaning behind this: podman-create, podman-run, and podman-start.
If you are finished with the container, you can remove it:
$ podman container rm a_new_test_container a_new_test_container $ $ podman ps --all CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES $
TBD
#!/bin/bash #SBATCH --partition=default_free #SBATCH -c 1 #SBATCH -t 00:05:00 module load Podman ########################################### echo "Starting Podman image on $HOSTNAME..." echo "Job completed!" ###########################################
Submit as:
$ sbatch podman.sh Submitted batch job 11123455 $
Check the output:
$ cat slurm-11123455.out Starting Podman image on compute029... Job completed! $
Use the –mount parameter to add a Comet directory or filesystem within the container.
–mount
To make your own $HOME directory available as /my_home within the container:
$HOME
/my_home
$ podman run --network slirp4netns --mount=type=bind,source=$HOME,destination=/my_home --name a_new_test_container 65ae7a6f3544 ls -l / total 100 lrwxrwxrwx 1 root root 7 Apr 22 2024 bin -> usr/bin drwxr-xr-x 2 root root 4096 Apr 22 2024 boot drwxr-xr-x 5 root root 340 Aug 7 21:07 dev drwxr-xr-x 32 root root 4096 Aug 7 21:07 etc drwxr-xr-x 3 root root 4096 Jul 14 14:14 home lrwxrwxrwx 1 root root 7 Apr 22 2024 lib -> usr/lib lrwxrwxrwx 1 root root 9 Apr 22 2024 lib64 -> usr/lib64 drwxr-xr-x 2 root root 4096 Jul 14 14:08 media drwxr-xr-x 2 root root 4096 Jul 14 14:08 mnt drwx------ 31 root root 4096 Aug 7 20:17 my_home drwxr-xr-x 2 root root 4096 Jul 14 14:08 opt dr-xr-xr-x 1015 nobody nogroup 0 Aug 7 21:07 proc drwx------ 2 root root 4096 Jul 14 14:14 root drwxr-xr-x 5 root root 4096 Aug 7 21:07 run lrwxrwxrwx 1 root root 8 Apr 22 2024 sbin -> usr/sbin drwxr-xr-x 2 root root 4096 Jul 14 14:08 srv dr-xr-xr-x 13 nobody nogroup 0 Aug 7 21:07 sys drwxrwxrwt 2 root root 4096 Jul 14 14:14 tmp drwxr-xr-x 12 root root 4096 Jul 14 14:08 usr drwxr-xr-x 11 root root 4096 Jul 14 14:14 var
Any files created in the mounted /my_home directory during the run of the container will be owned by you:
$ podman run --network slirp4netns --mount=type=bind,source=$HOME,destination=/my_home --name a_new_test_container 65ae7a6f3544 touch /my_home/hello_podman $ ls -l $HOME/hello_podman -rw-r--r-- 1 n1234 cometloginaccess 0 Aug 7 22:12 /mnt/nfs/home/n1234/hello_podman $
TBC
You need to set a few key options to get Podman to store and work with images correctly on Comet.
As mentioned in Before You Start you must always have a storage.conf file created. If you want to work with downloaded images in your own personal $HOME directory, then save the file below as $HOME/.config/containers/storage.conf.
storage.conf
$HOME/.config/containers/storage.conf
The graphroot directive is where Podman will store any images you download or create; it is safe to set this to your $HOME directory as suggested, or even an area in a project folder under /nobackup.
graphroot
/nobackup
Note that the runroot directive must always point to the /tmp directory - this is where Podman will run your container, and it is only supported from a local filesystem; do not change this to $HOME or /nobackup.
runroot
Change the username n1234 to your real University username.
The runroot option must always point to a local, physical filesystem. You must not change this to $HOME or /nobackup.
The most common error Error: creating container storage: the container name “a_new_test_container” is already in use by … means that you have tried to run or exec a new container with the same name as one which already exists. Try running podman ps –all to get a full list of all your existing containers; each new container must have a unique name.
Error: creating container storage: the container name “a_new_test_container” is already in use by …
podman ps –all
If you have not added the $HOME mount to your container, then any files you create inside the container will be part of the container overlay filesystem, and instead spread out over the directory you set for runroot in $HOME/.config/containers/storage.conf.
It is highly recommended that you mount $HOME to your container and explicitly save any files you create during running the container to a sub-directory of that path.
Back to Advanced Software Index
Table of Contents
Main Content Sections
Documentation Tools