Skip to main content

Docker, Podman, and OCI

Docker and Podman are two leading Container Engines used to build, manage, and run containers. These are self-contained environments that package code and its dependencies for consistent execution across systems. While most introductory materials use Docker, JLab has adopted Podman as the preferred backend due to its enhanced security model and daemonless architecture.

Why docker is Aliased to podman at JLab

While Docker has become the standard term associated with container technology, JLab uses podman under the hood. podman is a drop-in replacement for docker that:

  • Requires no daemon (more secure in multi-user systems),
  • Can run rootless (safer for shared environments),
  • Is fully compliant with the Open Container Initiative.

To minimize confusion and maximize compatibility with tutorials, scripts, and examples, the docker command is aliased to podman on JLab machines.

docker --version
Emulate Docker CLI using podman.  Create /etc/containers/nodocker to quiet msg.
podman version 5.2.2

⚠️ docker and podman are maintained by CST for the interctive farm and batch farm systems. For the counting house machines, contact your Compute Coordinator for support.

Emulating docker with podman helps new users follow Docker-based workflows while benefiting from a secure, JLab-supported backend.

Container Orchestration Tools

A common tool used to Orchestrate multi-container workflows isdocker-compose. docker-compose is not available at JLab. You can use podman-compose, which supports the same command line options as docker.

Docker Compose (Not Support)

  • docker-compose --version
  • Use podman-compose in place of docker-compose for local orchestration of multi-container workflows
  • docker-compose is best suited for local development, but is interoperable with podman-compose.

⚠️ This documentation is focused on running containers and considerations for scientific workflows. Orchestrating containers is left to the advanced user.

What Is the Open Container Initiative (OCI)?

If you have used containers for any length of time, you have most likely heard of the Open Container Initiative (OCI). The OCI is a set of open industry standards for container runtimes and image formats. Established by the Linux Foundation, OCI ensures:

  • Interoperability across container engines (Docker, Podman, containerd)
  • Predictable behavior across tools and environments
  • Long-term stability of container specifications

This means a container image built at Jefferson Lab can run seamlessly in cloud environments or on collaborators’ systems that follow the same standards.

Broader Context: Containers in Scientific and Cloud Ecosystems

Containers have become foundational in both cloud computing and scientific infrastructure because they enable:

  • Rapid and consistent software deployment
  • Easy scaling and orchestration (e.g., via Kubernetes)
  • Portable execution across diverse compute platforms

For JLab users, this translates to:

  • Greater control over their software environments
  • Fewer dependency and version conflicts
  • Easier sharing and publication of analysis environments