mirror of
https://github.com/NVIDIA/nvidia-container-toolkit
synced 2024-11-22 00:08:11 +00:00
Add transformer for container roots
This change renames the root transformer to indicate that it operates on host paths and adds a container root transformer for explicitly transforming container roots. The transform.NewRootTransformer constructor still exists, but has been marked as deprecated. Signed-off-by: Evan Lezar <elezar@nvidia.com>
This commit is contained in:
parent
aa72dcde97
commit
879cc99aac
@ -104,7 +104,7 @@ func (m command) run(c *cli.Context, opts *options) error {
|
|||||||
return fmt.Errorf("failed to load CDI specification: %w", err)
|
return fmt.Errorf("failed to load CDI specification: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
err = transform.NewRootTransformer(
|
err = transform.NewHostRootTransformer(
|
||||||
opts.from,
|
opts.from,
|
||||||
opts.to,
|
opts.to,
|
||||||
).Transform(spec.Raw())
|
).Transform(spec.Raw())
|
||||||
|
@ -14,22 +14,23 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
**/
|
**/
|
||||||
|
|
||||||
package transform
|
package noop
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"github.com/NVIDIA/nvidia-container-toolkit/pkg/nvcdi/transform"
|
||||||
"tags.cncf.io/container-device-interface/specs-go"
|
"tags.cncf.io/container-device-interface/specs-go"
|
||||||
)
|
)
|
||||||
|
|
||||||
type noop struct{}
|
type noop struct{}
|
||||||
|
|
||||||
var _ Transformer = (*noop)(nil)
|
var _ transform.Transformer = (*noop)(nil)
|
||||||
|
|
||||||
// NewNoopTransformer returns a no-op transformer
|
// New returns a no-op transformer.
|
||||||
func NewNoopTransformer() Transformer {
|
func New() transform.Transformer {
|
||||||
return noop{}
|
return noop{}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Transform is a no-op
|
// Transform is a no-op for a noop transformer.
|
||||||
func (n noop) Transform(spec *specs.Spec) error {
|
func (n noop) Transform(spec *specs.Spec) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
@ -1,114 +0,0 @@
|
|||||||
/**
|
|
||||||
# Copyright (c) NVIDIA CORPORATION. All rights reserved.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
**/
|
|
||||||
|
|
||||||
package transform
|
|
||||||
|
|
||||||
import (
|
|
||||||
"fmt"
|
|
||||||
"path/filepath"
|
|
||||||
"strings"
|
|
||||||
|
|
||||||
"tags.cncf.io/container-device-interface/specs-go"
|
|
||||||
)
|
|
||||||
|
|
||||||
type rootTransformer struct {
|
|
||||||
root string
|
|
||||||
targetRoot string
|
|
||||||
}
|
|
||||||
|
|
||||||
var _ Transformer = (*rootTransformer)(nil)
|
|
||||||
|
|
||||||
// NewRootTransformer creates a new transformer for modifying
|
|
||||||
// the root for paths in a CDI spec. If both roots are identical,
|
|
||||||
// this tranformer is a no-op.
|
|
||||||
func NewRootTransformer(root string, targetRoot string) Transformer {
|
|
||||||
if root == targetRoot {
|
|
||||||
return NewNoopTransformer()
|
|
||||||
}
|
|
||||||
|
|
||||||
t := rootTransformer{
|
|
||||||
root: root,
|
|
||||||
targetRoot: targetRoot,
|
|
||||||
}
|
|
||||||
return t
|
|
||||||
}
|
|
||||||
|
|
||||||
// Transform replaces the root in a spec with a new root.
|
|
||||||
// It walks the spec and replaces all host paths that start with root with the target root.
|
|
||||||
func (t rootTransformer) Transform(spec *specs.Spec) error {
|
|
||||||
if spec == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, d := range spec.Devices {
|
|
||||||
d := d
|
|
||||||
if err := t.applyToEdits(&d.ContainerEdits); err != nil {
|
|
||||||
return fmt.Errorf("failed to apply root transform to device %s: %w", d.Name, err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if err := t.applyToEdits(&spec.ContainerEdits); err != nil {
|
|
||||||
return fmt.Errorf("failed to apply root transform to spec: %w", err)
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func (t rootTransformer) applyToEdits(edits *specs.ContainerEdits) error {
|
|
||||||
for i, dn := range edits.DeviceNodes {
|
|
||||||
dn.HostPath = t.transformPath(dn.HostPath)
|
|
||||||
edits.DeviceNodes[i] = dn
|
|
||||||
}
|
|
||||||
|
|
||||||
for i, hook := range edits.Hooks {
|
|
||||||
hook.Path = t.transformPath(hook.Path)
|
|
||||||
|
|
||||||
var args []string
|
|
||||||
for _, arg := range hook.Args {
|
|
||||||
if !strings.Contains(arg, "::") {
|
|
||||||
args = append(args, t.transformPath(arg))
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
|
|
||||||
// For the 'create-symlinks' hook, special care is taken for the
|
|
||||||
// '--link' flag argument which takes the form <target>::<link>.
|
|
||||||
// Both paths, the target and link paths, are transformed.
|
|
||||||
split := strings.Split(arg, "::")
|
|
||||||
if len(split) != 2 {
|
|
||||||
return fmt.Errorf("unexpected number of '::' separators in hook argument")
|
|
||||||
}
|
|
||||||
split[0] = t.transformPath(split[0])
|
|
||||||
split[1] = t.transformPath(split[1])
|
|
||||||
args = append(args, strings.Join(split, "::"))
|
|
||||||
}
|
|
||||||
hook.Args = args
|
|
||||||
edits.Hooks[i] = hook
|
|
||||||
}
|
|
||||||
|
|
||||||
for i, mount := range edits.Mounts {
|
|
||||||
mount.HostPath = t.transformPath(mount.HostPath)
|
|
||||||
edits.Mounts[i] = mount
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func (t rootTransformer) transformPath(path string) string {
|
|
||||||
if !strings.HasPrefix(path, t.root) {
|
|
||||||
return path
|
|
||||||
}
|
|
||||||
|
|
||||||
return filepath.Join(t.targetRoot, strings.TrimPrefix(path, t.root))
|
|
||||||
}
|
|
38
pkg/nvcdi/transform/root/builder.go
Normal file
38
pkg/nvcdi/transform/root/builder.go
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
/**
|
||||||
|
# Copyright 2023 NVIDIA CORPORATION
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
**/
|
||||||
|
|
||||||
|
package root
|
||||||
|
|
||||||
|
import (
|
||||||
|
"github.com/NVIDIA/nvidia-container-toolkit/pkg/nvcdi/transform"
|
||||||
|
"github.com/NVIDIA/nvidia-container-toolkit/pkg/nvcdi/transform/noop"
|
||||||
|
)
|
||||||
|
|
||||||
|
type builder struct {
|
||||||
|
transformer
|
||||||
|
relativeTo string
|
||||||
|
}
|
||||||
|
|
||||||
|
func (b *builder) build() transform.Transformer {
|
||||||
|
if b.root == b.targetRoot {
|
||||||
|
return noop.New()
|
||||||
|
}
|
||||||
|
|
||||||
|
if b.relativeTo == "container" {
|
||||||
|
return containerRootTransformer(b.transformer)
|
||||||
|
}
|
||||||
|
return hostRootTransformer(b.transformer)
|
||||||
|
}
|
112
pkg/nvcdi/transform/root/container-root.go
Normal file
112
pkg/nvcdi/transform/root/container-root.go
Normal file
@ -0,0 +1,112 @@
|
|||||||
|
/**
|
||||||
|
# Copyright (c) NVIDIA CORPORATION. All rights reserved.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
**/
|
||||||
|
|
||||||
|
package root
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
"github.com/NVIDIA/nvidia-container-toolkit/pkg/nvcdi/transform"
|
||||||
|
"tags.cncf.io/container-device-interface/specs-go"
|
||||||
|
)
|
||||||
|
|
||||||
|
// containerRootTransformer transforms the roots of container paths in a CDI spec.
|
||||||
|
type containerRootTransformer transformer
|
||||||
|
|
||||||
|
var _ transform.Transformer = (*containerRootTransformer)(nil)
|
||||||
|
|
||||||
|
// Transform replaces the root in a spec with a new root.
|
||||||
|
// It walks the spec and replaces all container paths that start with root with the target root.
|
||||||
|
func (t containerRootTransformer) Transform(spec *specs.Spec) error {
|
||||||
|
if spec == nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, d := range spec.Devices {
|
||||||
|
d := d
|
||||||
|
if err := t.applyToEdits(&d.ContainerEdits); err != nil {
|
||||||
|
return fmt.Errorf("failed to apply root transform to device %s: %w", d.Name, err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := t.applyToEdits(&spec.ContainerEdits); err != nil {
|
||||||
|
return fmt.Errorf("failed to apply root transform to spec: %w", err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (t containerRootTransformer) applyToEdits(edits *specs.ContainerEdits) error {
|
||||||
|
for i, dn := range edits.DeviceNodes {
|
||||||
|
edits.DeviceNodes[i] = t.transformDeviceNode(dn)
|
||||||
|
}
|
||||||
|
|
||||||
|
for i, hook := range edits.Hooks {
|
||||||
|
edits.Hooks[i] = t.transformHook(hook)
|
||||||
|
}
|
||||||
|
|
||||||
|
for i, mount := range edits.Mounts {
|
||||||
|
edits.Mounts[i] = t.transformMount(mount)
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (t containerRootTransformer) transformDeviceNode(dn *specs.DeviceNode) *specs.DeviceNode {
|
||||||
|
dn.Path = t.transformPath(dn.Path)
|
||||||
|
|
||||||
|
return dn
|
||||||
|
}
|
||||||
|
|
||||||
|
func (t containerRootTransformer) transformHook(hook *specs.Hook) *specs.Hook {
|
||||||
|
// The Path in the startContainer hook MUST resolve in the container namespace.
|
||||||
|
if hook.HookName == "startContainer" {
|
||||||
|
hook.Path = t.transformPath(hook.Path)
|
||||||
|
}
|
||||||
|
|
||||||
|
// The createContainer and startContainer hooks MUST execute in the container namespace.
|
||||||
|
if hook.HookName != "createContainer" && hook.HookName != "startContainer" {
|
||||||
|
return hook
|
||||||
|
}
|
||||||
|
|
||||||
|
var args []string
|
||||||
|
for _, arg := range hook.Args {
|
||||||
|
if !strings.Contains(arg, "::") {
|
||||||
|
args = append(args, t.transformPath(arg))
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
// For the 'create-symlinks' hook, special care is taken for the
|
||||||
|
// '--link' flag argument which takes the form <target>::<link>.
|
||||||
|
// Both paths, the target and link paths, are transformed.
|
||||||
|
split := strings.SplitN(arg, "::", 2)
|
||||||
|
split[0] = t.transformPath(split[0])
|
||||||
|
split[1] = t.transformPath(split[1])
|
||||||
|
args = append(args, strings.Join(split, "::"))
|
||||||
|
}
|
||||||
|
hook.Args = args
|
||||||
|
|
||||||
|
return hook
|
||||||
|
}
|
||||||
|
|
||||||
|
func (t containerRootTransformer) transformMount(mount *specs.Mount) *specs.Mount {
|
||||||
|
mount.ContainerPath = t.transformPath(mount.ContainerPath)
|
||||||
|
return mount
|
||||||
|
}
|
||||||
|
|
||||||
|
func (t containerRootTransformer) transformPath(path string) string {
|
||||||
|
return (transformer)(t).transformPath(path)
|
||||||
|
}
|
342
pkg/nvcdi/transform/root/container-root_test.go
Normal file
342
pkg/nvcdi/transform/root/container-root_test.go
Normal file
@ -0,0 +1,342 @@
|
|||||||
|
/**
|
||||||
|
# Copyright (c) NVIDIA CORPORATION. All rights reserved.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
**/
|
||||||
|
|
||||||
|
package root
|
||||||
|
|
||||||
|
import (
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/stretchr/testify/require"
|
||||||
|
"tags.cncf.io/container-device-interface/specs-go"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestContainerRootTransformer(t *testing.T) {
|
||||||
|
testCases := []struct {
|
||||||
|
description string
|
||||||
|
root string
|
||||||
|
targetRoot string
|
||||||
|
spec *specs.Spec
|
||||||
|
expectedSpec *specs.Spec
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
description: "nil spec",
|
||||||
|
root: "/root",
|
||||||
|
targetRoot: "/target-root",
|
||||||
|
spec: nil,
|
||||||
|
expectedSpec: nil,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
description: "empty spec",
|
||||||
|
root: "/root",
|
||||||
|
targetRoot: "/target-root",
|
||||||
|
spec: &specs.Spec{},
|
||||||
|
expectedSpec: &specs.Spec{},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
description: "device nodes",
|
||||||
|
root: "/root",
|
||||||
|
targetRoot: "/target-root",
|
||||||
|
spec: &specs.Spec{
|
||||||
|
ContainerEdits: specs.ContainerEdits{
|
||||||
|
DeviceNodes: []*specs.DeviceNode{
|
||||||
|
{HostPath: "/root/dev/nvidia0", Path: "/root/dev/nvidia0"},
|
||||||
|
{HostPath: "/target-root/dev/nvidia1", Path: "/target-root/dev/nvidia1"},
|
||||||
|
{HostPath: "/different-root/dev/nvidia2", Path: "/different-root/dev/nvidia2"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
expectedSpec: &specs.Spec{
|
||||||
|
ContainerEdits: specs.ContainerEdits{
|
||||||
|
DeviceNodes: []*specs.DeviceNode{
|
||||||
|
{HostPath: "/root/dev/nvidia0", Path: "/target-root/dev/nvidia0"},
|
||||||
|
{HostPath: "/target-root/dev/nvidia1", Path: "/target-root/dev/nvidia1"},
|
||||||
|
{HostPath: "/different-root/dev/nvidia2", Path: "/different-root/dev/nvidia2"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
description: "mounts",
|
||||||
|
root: "/root",
|
||||||
|
targetRoot: "/target-root",
|
||||||
|
spec: &specs.Spec{
|
||||||
|
ContainerEdits: specs.ContainerEdits{
|
||||||
|
Mounts: []*specs.Mount{
|
||||||
|
{HostPath: "/root/lib/lib1.so", ContainerPath: "/root/lib/lib1.so"},
|
||||||
|
{HostPath: "/target-root/lib/lib2.so", ContainerPath: "/target-root/lib/lib2.so"},
|
||||||
|
{HostPath: "/different-root/lib/lib3.so", ContainerPath: "/different-root/lib/lib3.so"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
expectedSpec: &specs.Spec{
|
||||||
|
ContainerEdits: specs.ContainerEdits{
|
||||||
|
Mounts: []*specs.Mount{
|
||||||
|
{HostPath: "/root/lib/lib1.so", ContainerPath: "/target-root/lib/lib1.so"},
|
||||||
|
{HostPath: "/target-root/lib/lib2.so", ContainerPath: "/target-root/lib/lib2.so"},
|
||||||
|
{HostPath: "/different-root/lib/lib3.so", ContainerPath: "/different-root/lib/lib3.so"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
description: "hooks",
|
||||||
|
root: "/root",
|
||||||
|
targetRoot: "/target-root",
|
||||||
|
spec: &specs.Spec{
|
||||||
|
ContainerEdits: specs.ContainerEdits{
|
||||||
|
Hooks: []*specs.Hook{
|
||||||
|
{
|
||||||
|
HookName: "createContainer",
|
||||||
|
Path: "/root/usr/bin/nvidia-ctk",
|
||||||
|
Args: []string{
|
||||||
|
"--link",
|
||||||
|
"/root/path/to/target::/root/path/to/link",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
HookName: "createContainer",
|
||||||
|
Path: "/target-root/usr/bin/nvidia-ctk",
|
||||||
|
Args: []string{
|
||||||
|
"--link",
|
||||||
|
"/target-root/path/to/target::/target-root/path/to/link",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
HookName: "createContainer",
|
||||||
|
Path: "/different-root/usr/bin/nvidia-ctk",
|
||||||
|
Args: []string{
|
||||||
|
"--link",
|
||||||
|
"/different-root/path/to/target::/different-root/path/to/link",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
expectedSpec: &specs.Spec{
|
||||||
|
ContainerEdits: specs.ContainerEdits{
|
||||||
|
Hooks: []*specs.Hook{
|
||||||
|
{
|
||||||
|
HookName: "createContainer",
|
||||||
|
Path: "/root/usr/bin/nvidia-ctk",
|
||||||
|
Args: []string{
|
||||||
|
"--link",
|
||||||
|
"/target-root/path/to/target::/target-root/path/to/link",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
HookName: "createContainer",
|
||||||
|
Path: "/target-root/usr/bin/nvidia-ctk",
|
||||||
|
Args: []string{
|
||||||
|
"--link",
|
||||||
|
"/target-root/path/to/target::/target-root/path/to/link",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
HookName: "createContainer",
|
||||||
|
Path: "/different-root/usr/bin/nvidia-ctk",
|
||||||
|
Args: []string{
|
||||||
|
"--link",
|
||||||
|
"/different-root/path/to/target::/different-root/path/to/link",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
description: "update ldcache hooks",
|
||||||
|
root: "/root",
|
||||||
|
targetRoot: "/target-root",
|
||||||
|
spec: &specs.Spec{
|
||||||
|
ContainerEdits: specs.ContainerEdits{
|
||||||
|
Hooks: []*specs.Hook{
|
||||||
|
{
|
||||||
|
HookName: "createContainer",
|
||||||
|
Path: "/root/usr/bin/nvidia-ctk",
|
||||||
|
Args: []string{
|
||||||
|
"nvidia-ctk", "hook", "update-ldcache",
|
||||||
|
"--folder",
|
||||||
|
"/root/path/to/target",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
HookName: "createContainer",
|
||||||
|
Path: "/target-root/usr/bin/nvidia-ctk",
|
||||||
|
Args: []string{
|
||||||
|
"nvidia-ctk", "hook", "update-ldcache",
|
||||||
|
"--folder",
|
||||||
|
"/target-root/path/to/target",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
HookName: "createContainer",
|
||||||
|
Path: "/different-root/usr/bin/nvidia-ctk",
|
||||||
|
Args: []string{
|
||||||
|
"nvidia-ctk", "hook", "update-ldcache",
|
||||||
|
"--folder",
|
||||||
|
"/different-root/path/to/target",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
expectedSpec: &specs.Spec{
|
||||||
|
ContainerEdits: specs.ContainerEdits{
|
||||||
|
Hooks: []*specs.Hook{
|
||||||
|
{
|
||||||
|
HookName: "createContainer",
|
||||||
|
Path: "/root/usr/bin/nvidia-ctk",
|
||||||
|
Args: []string{
|
||||||
|
"nvidia-ctk", "hook", "update-ldcache",
|
||||||
|
"--folder",
|
||||||
|
"/target-root/path/to/target",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
HookName: "createContainer",
|
||||||
|
Path: "/target-root/usr/bin/nvidia-ctk",
|
||||||
|
Args: []string{
|
||||||
|
"nvidia-ctk", "hook", "update-ldcache",
|
||||||
|
"--folder",
|
||||||
|
"/target-root/path/to/target",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
HookName: "createContainer",
|
||||||
|
Path: "/different-root/usr/bin/nvidia-ctk",
|
||||||
|
Args: []string{
|
||||||
|
"nvidia-ctk", "hook", "update-ldcache",
|
||||||
|
"--folder",
|
||||||
|
"/different-root/path/to/target",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
description: "startContainer hook updates path and arguments",
|
||||||
|
root: "/root",
|
||||||
|
targetRoot: "/target-root",
|
||||||
|
spec: &specs.Spec{
|
||||||
|
ContainerEdits: specs.ContainerEdits{
|
||||||
|
Hooks: []*specs.Hook{
|
||||||
|
{
|
||||||
|
HookName: "startContainer",
|
||||||
|
Path: "/root/usr/bin/nvidia-ctk",
|
||||||
|
Args: []string{
|
||||||
|
"--link",
|
||||||
|
"/root/path/to/target::/root/path/to/link",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
expectedSpec: &specs.Spec{
|
||||||
|
ContainerEdits: specs.ContainerEdits{
|
||||||
|
Hooks: []*specs.Hook{
|
||||||
|
{
|
||||||
|
HookName: "startContainer",
|
||||||
|
Path: "/target-root/usr/bin/nvidia-ctk",
|
||||||
|
Args: []string{
|
||||||
|
"--link",
|
||||||
|
"/target-root/path/to/target::/target-root/path/to/link",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
description: "createContainer hook skips path but updates arguments",
|
||||||
|
root: "/root",
|
||||||
|
targetRoot: "/target-root",
|
||||||
|
spec: &specs.Spec{
|
||||||
|
ContainerEdits: specs.ContainerEdits{
|
||||||
|
Hooks: []*specs.Hook{
|
||||||
|
{
|
||||||
|
HookName: "createContainer",
|
||||||
|
Path: "/root/usr/bin/nvidia-ctk",
|
||||||
|
Args: []string{
|
||||||
|
"--link",
|
||||||
|
"/root/path/to/target::/root/path/to/link",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
expectedSpec: &specs.Spec{
|
||||||
|
ContainerEdits: specs.ContainerEdits{
|
||||||
|
Hooks: []*specs.Hook{
|
||||||
|
{
|
||||||
|
HookName: "createContainer",
|
||||||
|
Path: "/root/usr/bin/nvidia-ctk",
|
||||||
|
Args: []string{
|
||||||
|
"--link",
|
||||||
|
"/target-root/path/to/target::/target-root/path/to/link",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
description: "createRuntime hook skips path and arguments",
|
||||||
|
root: "/root",
|
||||||
|
targetRoot: "/target-root",
|
||||||
|
spec: &specs.Spec{
|
||||||
|
ContainerEdits: specs.ContainerEdits{
|
||||||
|
Hooks: []*specs.Hook{
|
||||||
|
{
|
||||||
|
HookName: "createRuntime",
|
||||||
|
Path: "/root/usr/bin/nvidia-ctk",
|
||||||
|
Args: []string{
|
||||||
|
"--link",
|
||||||
|
"/root/path/to/target::/root/path/to/link",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
expectedSpec: &specs.Spec{
|
||||||
|
ContainerEdits: specs.ContainerEdits{
|
||||||
|
Hooks: []*specs.Hook{
|
||||||
|
{
|
||||||
|
HookName: "createRuntime",
|
||||||
|
Path: "/root/usr/bin/nvidia-ctk",
|
||||||
|
Args: []string{
|
||||||
|
"--link",
|
||||||
|
"/root/path/to/target::/root/path/to/link",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, tc := range testCases {
|
||||||
|
t.Run(tc.description, func(t *testing.T) {
|
||||||
|
err := New(
|
||||||
|
WithRoot(tc.root),
|
||||||
|
WithTargetRoot(tc.targetRoot),
|
||||||
|
WithRelativeTo("container"),
|
||||||
|
).Transform(tc.spec)
|
||||||
|
require.NoError(t, err)
|
||||||
|
require.Equal(t, tc.spec, tc.expectedSpec)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
115
pkg/nvcdi/transform/root/host-root.go
Normal file
115
pkg/nvcdi/transform/root/host-root.go
Normal file
@ -0,0 +1,115 @@
|
|||||||
|
/**
|
||||||
|
# Copyright (c) NVIDIA CORPORATION. All rights reserved.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
**/
|
||||||
|
|
||||||
|
package root
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
"github.com/NVIDIA/nvidia-container-toolkit/pkg/nvcdi/transform"
|
||||||
|
"tags.cncf.io/container-device-interface/specs-go"
|
||||||
|
)
|
||||||
|
|
||||||
|
// hostRootTransformer transforms the roots of host paths in a CDI spec.
|
||||||
|
type hostRootTransformer transformer
|
||||||
|
|
||||||
|
var _ transform.Transformer = (*hostRootTransformer)(nil)
|
||||||
|
|
||||||
|
// Transform replaces the root in a spec with a new root.
|
||||||
|
// It walks the spec and replaces all host paths that start with root with the target root.
|
||||||
|
func (t hostRootTransformer) Transform(spec *specs.Spec) error {
|
||||||
|
if spec == nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, d := range spec.Devices {
|
||||||
|
d := d
|
||||||
|
if err := t.applyToEdits(&d.ContainerEdits); err != nil {
|
||||||
|
return fmt.Errorf("failed to apply root transform to device %s: %w", d.Name, err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := t.applyToEdits(&spec.ContainerEdits); err != nil {
|
||||||
|
return fmt.Errorf("failed to apply root transform to spec: %w", err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (t hostRootTransformer) applyToEdits(edits *specs.ContainerEdits) error {
|
||||||
|
for i, dn := range edits.DeviceNodes {
|
||||||
|
edits.DeviceNodes[i] = t.transformDeviceNode(dn)
|
||||||
|
}
|
||||||
|
|
||||||
|
for i, hook := range edits.Hooks {
|
||||||
|
edits.Hooks[i] = t.transformHook(hook)
|
||||||
|
}
|
||||||
|
|
||||||
|
for i, mount := range edits.Mounts {
|
||||||
|
edits.Mounts[i] = t.transformMount(mount)
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (t hostRootTransformer) transformDeviceNode(dn *specs.DeviceNode) *specs.DeviceNode {
|
||||||
|
if dn.HostPath == "" {
|
||||||
|
dn.HostPath = dn.Path
|
||||||
|
}
|
||||||
|
dn.HostPath = t.transformPath(dn.HostPath)
|
||||||
|
|
||||||
|
return dn
|
||||||
|
}
|
||||||
|
|
||||||
|
func (t hostRootTransformer) transformHook(hook *specs.Hook) *specs.Hook {
|
||||||
|
// The Path in the startContainer hook MUST resolve in the container namespace.
|
||||||
|
if hook.HookName != "startContainer" {
|
||||||
|
hook.Path = t.transformPath(hook.Path)
|
||||||
|
}
|
||||||
|
|
||||||
|
// The createContainer and startContainer hooks MUST execute in the container namespace.
|
||||||
|
if hook.HookName == "createContainer" || hook.HookName == "startContainer" {
|
||||||
|
return hook
|
||||||
|
}
|
||||||
|
|
||||||
|
var args []string
|
||||||
|
for _, arg := range hook.Args {
|
||||||
|
if !strings.Contains(arg, "::") {
|
||||||
|
args = append(args, t.transformPath(arg))
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
// For the 'create-symlinks' hook, special care is taken for the
|
||||||
|
// '--link' flag argument which takes the form <target>::<link>.
|
||||||
|
// Both paths, the target and link paths, are transformed.
|
||||||
|
split := strings.SplitN(arg, "::", 2)
|
||||||
|
split[0] = t.transformPath(split[0])
|
||||||
|
split[1] = t.transformPath(split[1])
|
||||||
|
args = append(args, strings.Join(split, "::"))
|
||||||
|
}
|
||||||
|
hook.Args = args
|
||||||
|
|
||||||
|
return hook
|
||||||
|
}
|
||||||
|
|
||||||
|
func (t hostRootTransformer) transformMount(mount *specs.Mount) *specs.Mount {
|
||||||
|
mount.HostPath = t.transformPath(mount.HostPath)
|
||||||
|
return mount
|
||||||
|
}
|
||||||
|
|
||||||
|
func (t hostRootTransformer) transformPath(path string) string {
|
||||||
|
return (transformer)(t).transformPath(path)
|
||||||
|
}
|
@ -14,7 +14,7 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
**/
|
**/
|
||||||
|
|
||||||
package transform
|
package root
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"testing"
|
"testing"
|
||||||
@ -23,7 +23,7 @@ import (
|
|||||||
"tags.cncf.io/container-device-interface/specs-go"
|
"tags.cncf.io/container-device-interface/specs-go"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestRootTransformer(t *testing.T) {
|
func TestHostRootTransformer(t *testing.T) {
|
||||||
testCases := []struct {
|
testCases := []struct {
|
||||||
description string
|
description string
|
||||||
root string
|
root string
|
||||||
@ -150,11 +150,113 @@ func TestRootTransformer(t *testing.T) {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
description: "createContainer hook skips arguments",
|
||||||
|
root: "/root",
|
||||||
|
targetRoot: "/target-root",
|
||||||
|
spec: &specs.Spec{
|
||||||
|
ContainerEdits: specs.ContainerEdits{
|
||||||
|
Hooks: []*specs.Hook{
|
||||||
|
{
|
||||||
|
HookName: "createContainer",
|
||||||
|
Path: "/root/usr/bin/nvidia-ctk",
|
||||||
|
Args: []string{
|
||||||
|
"--link",
|
||||||
|
"/root/path/to/target::/root/path/to/link",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
expectedSpec: &specs.Spec{
|
||||||
|
ContainerEdits: specs.ContainerEdits{
|
||||||
|
Hooks: []*specs.Hook{
|
||||||
|
{
|
||||||
|
HookName: "createContainer",
|
||||||
|
Path: "/target-root/usr/bin/nvidia-ctk",
|
||||||
|
Args: []string{
|
||||||
|
"--link",
|
||||||
|
"/root/path/to/target::/root/path/to/link",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
description: "startContainer hook skips path and arguments",
|
||||||
|
root: "/root",
|
||||||
|
targetRoot: "/target-root",
|
||||||
|
spec: &specs.Spec{
|
||||||
|
ContainerEdits: specs.ContainerEdits{
|
||||||
|
Hooks: []*specs.Hook{
|
||||||
|
{
|
||||||
|
HookName: "startContainer",
|
||||||
|
Path: "/root/usr/bin/nvidia-ctk",
|
||||||
|
Args: []string{
|
||||||
|
"--link",
|
||||||
|
"/root/path/to/target::/root/path/to/link",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
expectedSpec: &specs.Spec{
|
||||||
|
ContainerEdits: specs.ContainerEdits{
|
||||||
|
Hooks: []*specs.Hook{
|
||||||
|
{
|
||||||
|
HookName: "startContainer",
|
||||||
|
Path: "/root/usr/bin/nvidia-ctk",
|
||||||
|
Args: []string{
|
||||||
|
"--link",
|
||||||
|
"/root/path/to/target::/root/path/to/link",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
description: "createRuntime hook updates path and arguments",
|
||||||
|
root: "/root",
|
||||||
|
targetRoot: "/target-root",
|
||||||
|
spec: &specs.Spec{
|
||||||
|
ContainerEdits: specs.ContainerEdits{
|
||||||
|
Hooks: []*specs.Hook{
|
||||||
|
{
|
||||||
|
HookName: "createRuntime",
|
||||||
|
Path: "/root/usr/bin/nvidia-ctk",
|
||||||
|
Args: []string{
|
||||||
|
"--link",
|
||||||
|
"/root/path/to/target::/root/path/to/link",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
expectedSpec: &specs.Spec{
|
||||||
|
ContainerEdits: specs.ContainerEdits{
|
||||||
|
Hooks: []*specs.Hook{
|
||||||
|
{
|
||||||
|
HookName: "createRuntime",
|
||||||
|
Path: "/target-root/usr/bin/nvidia-ctk",
|
||||||
|
Args: []string{
|
||||||
|
"--link",
|
||||||
|
"/target-root/path/to/target::/target-root/path/to/link",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, tc := range testCases {
|
for _, tc := range testCases {
|
||||||
t.Run(tc.description, func(t *testing.T) {
|
t.Run(tc.description, func(t *testing.T) {
|
||||||
err := NewRootTransformer(tc.root, tc.targetRoot).Transform(tc.spec)
|
err := New(
|
||||||
|
WithRoot(tc.root),
|
||||||
|
WithTargetRoot(tc.targetRoot),
|
||||||
|
).Transform(tc.spec)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
require.Equal(t, tc.spec, tc.expectedSpec)
|
require.Equal(t, tc.spec, tc.expectedSpec)
|
||||||
})
|
})
|
41
pkg/nvcdi/transform/root/options.go
Normal file
41
pkg/nvcdi/transform/root/options.go
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
/**
|
||||||
|
# Copyright 2023 NVIDIA CORPORATION
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
**/
|
||||||
|
|
||||||
|
package root
|
||||||
|
|
||||||
|
// Option defines a functional option for configuring a transormer.
|
||||||
|
type Option func(*builder)
|
||||||
|
|
||||||
|
// WithRoot sets the (from) root for the root transformer.
|
||||||
|
func WithRoot(root string) Option {
|
||||||
|
return func(b *builder) {
|
||||||
|
b.root = root
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// WithTargetRoot sets the (to) target root for the root transformer.
|
||||||
|
func WithTargetRoot(root string) Option {
|
||||||
|
return func(b *builder) {
|
||||||
|
b.targetRoot = root
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// WithRelativeTo sets whether the specified root is relative to the host or container.
|
||||||
|
func WithRelativeTo(relativeTo string) Option {
|
||||||
|
return func(b *builder) {
|
||||||
|
b.relativeTo = relativeTo
|
||||||
|
}
|
||||||
|
}
|
47
pkg/nvcdi/transform/root/root.go
Normal file
47
pkg/nvcdi/transform/root/root.go
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
/**
|
||||||
|
# Copyright 2023 NVIDIA CORPORATION
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
**/
|
||||||
|
|
||||||
|
package root
|
||||||
|
|
||||||
|
import (
|
||||||
|
"path/filepath"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
"github.com/NVIDIA/nvidia-container-toolkit/pkg/nvcdi/transform"
|
||||||
|
)
|
||||||
|
|
||||||
|
// transformer transforms roots of paths.
|
||||||
|
type transformer struct {
|
||||||
|
root string
|
||||||
|
targetRoot string
|
||||||
|
}
|
||||||
|
|
||||||
|
// New creates a root transformer using the specified options.
|
||||||
|
func New(opts ...Option) transform.Transformer {
|
||||||
|
b := &builder{}
|
||||||
|
for _, opt := range opts {
|
||||||
|
opt(b)
|
||||||
|
}
|
||||||
|
return b.build()
|
||||||
|
}
|
||||||
|
|
||||||
|
func (t transformer) transformPath(path string) string {
|
||||||
|
if !strings.HasPrefix(path, t.root) {
|
||||||
|
return path
|
||||||
|
}
|
||||||
|
|
||||||
|
return filepath.Join(t.targetRoot, strings.TrimPrefix(path, t.root))
|
||||||
|
}
|
@ -26,7 +26,7 @@ import (
|
|||||||
"github.com/NVIDIA/nvidia-container-toolkit/internal/config"
|
"github.com/NVIDIA/nvidia-container-toolkit/internal/config"
|
||||||
"github.com/NVIDIA/nvidia-container-toolkit/internal/system/nvdevices"
|
"github.com/NVIDIA/nvidia-container-toolkit/internal/system/nvdevices"
|
||||||
"github.com/NVIDIA/nvidia-container-toolkit/pkg/nvcdi"
|
"github.com/NVIDIA/nvidia-container-toolkit/pkg/nvcdi"
|
||||||
"github.com/NVIDIA/nvidia-container-toolkit/pkg/nvcdi/transform"
|
transformroot "github.com/NVIDIA/nvidia-container-toolkit/pkg/nvcdi/transform/root"
|
||||||
toml "github.com/pelletier/go-toml"
|
toml "github.com/pelletier/go-toml"
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
"github.com/urfave/cli/v2"
|
"github.com/urfave/cli/v2"
|
||||||
@ -712,9 +712,9 @@ func generateCDISpec(opts *options, nvidiaCTKPath string) error {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to genereate CDI spec for management containers: %v", err)
|
return fmt.Errorf("failed to genereate CDI spec for management containers: %v", err)
|
||||||
}
|
}
|
||||||
err = transform.NewRootTransformer(
|
err = transformroot.New(
|
||||||
opts.DriverRootCtrPath,
|
transformroot.WithRoot(opts.DriverRootCtrPath),
|
||||||
opts.DriverRoot,
|
transformroot.WithTargetRoot(opts.DriverRoot),
|
||||||
).Transform(spec.Raw())
|
).Transform(spec.Raw())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to transform driver root in CDI spec: %v", err)
|
return fmt.Errorf("failed to transform driver root in CDI spec: %v", err)
|
||||||
|
Loading…
Reference in New Issue
Block a user