[lxc-devel] [lxd/master] nvidia: Default to compute,utility

stgraber on Github lxc-bot at linuxcontainers.org
Thu Sep 20 07:50:44 UTC 2018


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 441 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180920/bd8807ea/attachment.bin>
-------------- next part --------------
From 7147ebd7e1c53c362c73009d5ba7914fe3d47bf4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Thu, 20 Sep 2018 09:48:29 +0200
Subject: [PATCH] nvidia: Default to compute,utility
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This matches the behavior prior to the introduction of
nvidia.driver.capabilities.

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 doc/containers.md    | 88 ++++++++++++++++++++++----------------------
 lxd/container_lxc.go |  2 +-
 2 files changed, 45 insertions(+), 45 deletions(-)

diff --git a/doc/containers.md b/doc/containers.md
index e9038a93d6..211c50febb 100644
--- a/doc/containers.md
+++ b/doc/containers.md
@@ -34,50 +34,50 @@ currently supported:
 
 The currently supported keys are:
 
-Key                                     | Type      | Default       | Live update   | API extension                        | Description
-:--                                     | :---      | :------       | :----------   | :------------                        | :----------
-boot.autostart                          | boolean   | -             | n/a           | -                                    | Always start the container when LXD starts (if not set, restore last state)
-boot.autostart.delay                    | integer   | 0             | n/a           | -                                    | Number of seconds to wait after the container started before starting the next one
-boot.autostart.priority                 | integer   | 0             | n/a           | -                                    | What order to start the containers in (starting with highest)
-boot.host\_shutdown\_timeout            | integer   | 30            | yes           | container\_host\_shutdown\_timeout   | Seconds to wait for container to shutdown before it is force stopped
-boot.stop.priority                      | integer   | 0             | n/a           | container\_stop\_priority            | What order to shutdown the containers (starting with highest)
-environment.\*                          | string    | -             | yes (exec)    | -                                    | key/value environment variables to export to the container and set on exec
-limits.cpu                              | string    | - (all)       | yes           | -                                    | Number or range of CPUs to expose to the container
-limits.cpu.allowance                    | string    | 100%          | yes           | -                                    | How much of the CPU can be used. Can be a percentage (e.g. 50%) for a soft limit or hard a chunk of time (25ms/100ms)
-limits.cpu.priority                     | integer   | 10 (maximum)  | yes           | -                                    | CPU scheduling priority compared to other containers sharing the same CPUs (overcommit) (integer between 0 and 10)
-limits.disk.priority                    | integer   | 5 (medium)    | yes           | -                                    | When under load, how much priority to give to the container's I/O requests (integer between 0 and 10)
-limits.kernel.\*                        | string    | -             | no            | kernel\_limits                       | This limits kernel resources per container (e.g. number of open files)
-limits.memory                           | string    | - (all)       | yes           | -                                    | Percentage of the host's memory or fixed value in bytes (supports kB, MB, GB, TB, PB and EB suffixes)
-limits.memory.enforce                   | string    | hard          | yes           | -                                    | If hard, container can't exceed its memory limit. If soft, the container can exceed its memory limit when extra host memory is available.
-limits.memory.swap                      | boolean   | true          | yes           | -                                    | Whether to allow some of the container's memory to be swapped out to disk
-limits.memory.swap.priority             | integer   | 10 (maximum)  | yes           | -                                    | The higher this is set, the least likely the container is to be swapped to disk (integer between 0 and 10)
-limits.network.priority                 | integer   | 0 (minimum)   | yes           | -                                    | When under load, how much priority to give to the container's network requests (integer between 0 and 10)
-limits.processes                        | integer   | - (max)       | yes           | -                                    | Maximum number of processes that can run in the container
-linux.kernel\_modules                   | string    | -             | yes           | -                                    | Comma separated list of kernel modules to load before starting the container
-migration.incremental.memory            | boolean   | false         | yes           | migration\_pre\_copy                 | Incremental memory transfer of the container's memory to reduce downtime.
-migration.incremental.memory.goal       | integer   | 70            | yes           | migration\_pre\_copy                 | Percentage of memory to have in sync before stopping the container.
-migration.incremental.memory.iterations | integer   | 10            | yes           | migration\_pre\_copy                 | Maximum number of transfer operations to go through before stopping the container.
-nvidia.driver.capabilities              | string    | all           | no            | nvidia\_runtime\_config              | What driver capabilities the container needs (sets libnvidia-container NVIDIA\_DRIVER\_CAPABILITIES)
-nvidia.runtime                          | boolean   | false         | no            | nvidia\_runtime                      | Pass the host NVIDIA and CUDA runtime libraries into the container
-nvidia.require.cuda                     | string    | -             | no            | nvidia\_runtime\_config              | Version expression for the required CUDA version (sets libnvidia-container NVIDIA\_REQUIRE\_CUDA)
-nvidia.require.driver                   | string    | -             | no            | nvidia\_runtime\_config              | Version expression for the required driver version (sets libnvidia-container NVIDIA\_REQUIRE\_DRIVER)
-raw.apparmor                            | blob      | -             | yes           | -                                    | Apparmor profile entries to be appended to the generated profile
-raw.idmap                               | blob      | -             | no            | id\_map                              | Raw idmap configuration (e.g. "both 1000 1000")
-raw.lxc                                 | blob      | -             | no            | -                                    | Raw LXC configuration to be appended to the generated one
-raw.seccomp                             | blob      | -             | no            | container\_syscall\_filtering        | Raw Seccomp configuration
-security.devlxd                         | boolean   | true          | no            | restrict\_devlxd                     | Controls the presence of /dev/lxd in the container
-security.devlxd.images                  | boolean   | false         | no            | devlxd\_images                       | Controls the availability of the /1.0/images API over devlxd
-security.idmap.base                     | integer   | -             | no            | id\_map\_base                        | The base host ID to use for the allocation (overrides auto-detection)
-security.idmap.isolated                 | boolean   | false         | no            | id\_map                              | Use an idmap for this container that is unique among containers with isolated set.
-security.idmap.size                     | integer   | -             | no            | id\_map                              | The size of the idmap to use
-security.nesting                        | boolean   | false         | yes           | -                                    | Support running lxd (nested) inside the container
-security.privileged                     | boolean   | false         | no            | -                                    | Runs the container in privileged mode
-security.protection.delete              | boolean   | false         | yes           | container\_protection\_delete        | Prevents the container from being deleted
-security.syscalls.blacklist             | string    | -             | no            | container\_syscall\_filtering        | A '\n' separated list of syscalls to blacklist
-security.syscalls.blacklist\_compat     | boolean   | false         | no            | container\_syscall\_filtering        | On x86\_64 this enables blocking of compat\_\* syscalls, it is a no-op on other arches
-security.syscalls.blacklist\_default    | boolean   | true          | no            | container\_syscall\_filtering        | Enables the default syscall blacklist
-security.syscalls.whitelist             | string    | -             | no            | container\_syscall\_filtering        | A '\n' separated list of syscalls to whitelist (mutually exclusive with security.syscalls.blacklist\*)
-user.\*                                 | string    | -             | n/a           | -                                    | Free form user key/value storage (can be used in search)
+Key                                     | Type      | Default           | Live update   | API extension                        | Description
+:--                                     | :---      | :------           | :----------   | :------------                        | :----------
+boot.autostart                          | boolean   | -                 | n/a           | -                                    | Always start the container when LXD starts (if not set, restore last state)
+boot.autostart.delay                    | integer   | 0                 | n/a           | -                                    | Number of seconds to wait after the container started before starting the next one
+boot.autostart.priority                 | integer   | 0                 | n/a           | -                                    | What order to start the containers in (starting with highest)
+boot.host\_shutdown\_timeout            | integer   | 30                | yes           | container\_host\_shutdown\_timeout   | Seconds to wait for container to shutdown before it is force stopped
+boot.stop.priority                      | integer   | 0                 | n/a           | container\_stop\_priority            | What order to shutdown the containers (starting with highest)
+environment.\*                          | string    | -                 | yes (exec)    | -                                    | key/value environment variables to export to the container and set on exec
+limits.cpu                              | string    | - (all)           | yes           | -                                    | Number or range of CPUs to expose to the container
+limits.cpu.allowance                    | string    | 100%              | yes           | -                                    | How much of the CPU can be used. Can be a percentage (e.g. 50%) for a soft limit or hard a chunk of time (25ms/100ms)
+limits.cpu.priority                     | integer   | 10 (maximum)      | yes           | -                                    | CPU scheduling priority compared to other containers sharing the same CPUs (overcommit) (integer between 0 and 10)
+limits.disk.priority                    | integer   | 5 (medium)        | yes           | -                                    | When under load, how much priority to give to the container's I/O requests (integer between 0 and 10)
+limits.kernel.\*                        | string    | -                 | no            | kernel\_limits                       | This limits kernel resources per container (e.g. number of open files)
+limits.memory                           | string    | - (all)           | yes           | -                                    | Percentage of the host's memory or fixed value in bytes (supports kB, MB, GB, TB, PB and EB suffixes)
+limits.memory.enforce                   | string    | hard              | yes           | -                                    | If hard, container can't exceed its memory limit. If soft, the container can exceed its memory limit when extra host memory is available.
+limits.memory.swap                      | boolean   | true              | yes           | -                                    | Whether to allow some of the container's memory to be swapped out to disk
+limits.memory.swap.priority             | integer   | 10 (maximum)      | yes           | -                                    | The higher this is set, the least likely the container is to be swapped to disk (integer between 0 and 10)
+limits.network.priority                 | integer   | 0 (minimum)       | yes           | -                                    | When under load, how much priority to give to the container's network requests (integer between 0 and 10)
+limits.processes                        | integer   | - (max)           | yes           | -                                    | Maximum number of processes that can run in the container
+linux.kernel\_modules                   | string    | -                 | yes           | -                                    | Comma separated list of kernel modules to load before starting the container
+migration.incremental.memory            | boolean   | false             | yes           | migration\_pre\_copy                 | Incremental memory transfer of the container's memory to reduce downtime.
+migration.incremental.memory.goal       | integer   | 70                | yes           | migration\_pre\_copy                 | Percentage of memory to have in sync before stopping the container.
+migration.incremental.memory.iterations | integer   | 10                | yes           | migration\_pre\_copy                 | Maximum number of transfer operations to go through before stopping the container.
+nvidia.driver.capabilities              | string    | compute,utility   | no            | nvidia\_runtime\_config              | What driver capabilities the container needs (sets libnvidia-container NVIDIA\_DRIVER\_CAPABILITIES)
+nvidia.runtime                          | boolean   | false             | no            | nvidia\_runtime                      | Pass the host NVIDIA and CUDA runtime libraries into the container
+nvidia.require.cuda                     | string    | -                 | no            | nvidia\_runtime\_config              | Version expression for the required CUDA version (sets libnvidia-container NVIDIA\_REQUIRE\_CUDA)
+nvidia.require.driver                   | string    | -                 | no            | nvidia\_runtime\_config              | Version expression for the required driver version (sets libnvidia-container NVIDIA\_REQUIRE\_DRIVER)
+raw.apparmor                            | blob      | -                 | yes           | -                                    | Apparmor profile entries to be appended to the generated profile
+raw.idmap                               | blob      | -                 | no            | id\_map                              | Raw idmap configuration (e.g. "both 1000 1000")
+raw.lxc                                 | blob      | -                 | no            | -                                    | Raw LXC configuration to be appended to the generated one
+raw.seccomp                             | blob      | -                 | no            | container\_syscall\_filtering        | Raw Seccomp configuration
+security.devlxd                         | boolean   | true              | no            | restrict\_devlxd                     | Controls the presence of /dev/lxd in the container
+security.devlxd.images                  | boolean   | false             | no            | devlxd\_images                       | Controls the availability of the /1.0/images API over devlxd
+security.idmap.base                     | integer   | -                 | no            | id\_map\_base                        | The base host ID to use for the allocation (overrides auto-detection)
+security.idmap.isolated                 | boolean   | false             | no            | id\_map                              | Use an idmap for this container that is unique among containers with isolated set.
+security.idmap.size                     | integer   | -                 | no            | id\_map                              | The size of the idmap to use
+security.nesting                        | boolean   | false             | yes           | -                                    | Support running lxd (nested) inside the container
+security.privileged                     | boolean   | false             | no            | -                                    | Runs the container in privileged mode
+security.protection.delete              | boolean   | false             | yes           | container\_protection\_delete        | Prevents the container from being deleted
+security.syscalls.blacklist             | string    | -                 | no            | container\_syscall\_filtering        | A '\n' separated list of syscalls to blacklist
+security.syscalls.blacklist\_compat     | boolean   | false             | no            | container\_syscall\_filtering        | On x86\_64 this enables blocking of compat\_\* syscalls, it is a no-op on other arches
+security.syscalls.blacklist\_default    | boolean   | true              | no            | container\_syscall\_filtering        | Enables the default syscall blacklist
+security.syscalls.whitelist             | string    | -                 | no            | container\_syscall\_filtering        | A '\n' separated list of syscalls to whitelist (mutually exclusive with security.syscalls.blacklist\*)
+user.\*                                 | string    | -                 | n/a           | -                                    | Free form user key/value storage (can be used in search)
 
 The following volatile keys are currently internally used by LXD:
 
diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index 728dd15dcf..1f4cc0677a 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -1231,7 +1231,7 @@ func (c *containerLXC) initLXC(config bool) error {
 
 		nvidiaDriver := c.expandedConfig["nvidia.driver.capabilities"]
 		if nvidiaDriver == "" {
-			err = lxcSetConfigItem(cc, "lxc.environment", "NVIDIA_DRIVER_CAPABILITIES=all")
+			err = lxcSetConfigItem(cc, "lxc.environment", "NVIDIA_DRIVER_CAPABILITIES=compute,utility")
 			if err != nil {
 				return err
 			}


More information about the lxc-devel mailing list