nvidia-container-toolkit/tools/container
Evan Lezar 00f1d5a627
Only allow host-relative LDConfig paths
This change only allows host-relative LDConfig paths.

An allow-ldconfig-from-container feature flag is added to allow for this
the default behaviour to be changed.

Signed-off-by: Evan Lezar <elezar@nvidia.com>
2024-11-22 14:25:17 +01:00
..
nvidia-toolkit [no-relnote] Add toolkit install unit test 2024-11-05 14:23:35 -08:00
operator avoid using map pointers as maps are always passed by reference 2024-07-02 17:35:44 -07:00
runtime Fallback to file for runtime config 2024-11-08 08:43:09 -08:00
toolkit Only allow host-relative LDConfig paths 2024-11-22 14:25:17 +01:00
container.go Remove support for config overrides 2024-09-27 13:23:35 +02:00
README.md Remove NVIDIA experimental runtime from toolkit container 2023-07-10 11:44:55 +02:00

Introduction

This repository contains tools that allow docker, containerd, or cri-o to be configured to use the NVIDIA Container Toolkit.

Note: These were copied from the container-config repository are being migrated to commands installed with the NVIDIA Container Toolkit.

These will be migrated into an upcoming nvidia-ctk CLI as required.

Docker

After building the docker binary, run:

docker setup \
    --runtime-name NAME \
        /run/nvidia/toolkit

Configure the nvidia-container-runtime as a docker runtime named NAME. If the --runtime-name flag is not specified, this runtime would be called nvidia.

Since --set-as-default is enabled by default, the specified runtime name will also be set as the default docker runtime. This can be disabled by explicityly specifying --set-as-default=false.

The following table describes the behaviour for different --runtime-name and --set-as-default flag combinations.

Flags Installed Runtimes Default Runtime
NONE SPECIFIED nvidia nvidia
--runtime-name nvidia nvidia nvidia
--runtime-name NAME NAME NAME
--set-as-default nvidia nvidia
--set-as-default --runtime-name nvidia nvidia nvidia
--set-as-default --runtime-name NAME NAME NAME
--set-as-default=false nvidia NOT SET
--set-as-default=false --runtime-name NAME NAME NOT SET
--set-as-default=false --runtime-name nvidia nvidia NOT SET

These combinations also hold for the environment variables that map to the command line flags: DOCKER_RUNTIME_NAME, DOCKER_SET_AS_DEFAULT.

Containerd

After running the containerd binary, run:

containerd setup \
    --runtime-class NAME \
        /run/nvidia/toolkit

Configure the nvidia-container-runtime as a runtime class named NAME. If the --runtime-class flag is not specified, this runtime would be called nvidia.

Adding the --set-as-default flag as follows:

containerd setup \
    --runtime-class NAME \
    --set-as-default \
        /run/nvidia/toolkit

will set the runtime class NAME (or nvidia if not specified) as the default runtime class.

The following table describes the behaviour for different --runtime-class and --set-as-default flag combinations.

Flags Installed Runtime Classes Default Runtime Class
NONE SPECIFIED nvidia NOT SET
--runtime-class NAME NAME NOT SET
--runtime-class nvidia nvidia NOT SET
--set-as-default nvidia nvidia
--set-as-default --runtime-class NAME NAME NAME
--set-as-default --runtime-class nvidia nvidia nvidia

These combinations also hold for the environment variables that map to the command line flags.