Merge pull request #108547 from cpcloud/podman-nvidia

2024-10-31 22:51:22 +00:00 · 2021-01-09 10:37:29 +00:00 · 2021-01-09 10:37:29 +00:00 · ce9a7356a3
commit ce9a7356a3
parent f1a316b4fc 7115e5ac8d
3 changed files with 71 additions and 16 deletions
--- a/nixos/modules/virtualisation/podman.nix
+++ b/nixos/modules/virtualisation/podman.nix
@ -1,6 +1,8 @@
 { config, lib, pkgs, utils, ... }:
 let
  cfg = config.virtualisation.podman;
+  toml = pkgs.formats.toml { };
+  nvidia-docker = pkgs.nvidia-docker.override { containerRuntimePath = "${pkgs.runc}/bin/runc"; };

  inherit (lib) mkOption types;

@ -53,6 +55,14 @@ in
      '';
    };

+    enableNvidia = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Enable use of NVidia GPUs from within podman containers.
+      '';
+    };
+
    extraPackages = mkOption {
      type = with types; listOf package;
      default = [ ];
@ -78,21 +88,37 @@ in

  };

-  config = lib.mkIf cfg.enable {
-
+  config = lib.mkIf cfg.enable (lib.mkMerge [
+    {
      environment.systemPackages = [ cfg.package ]
        ++ lib.optional cfg.dockerCompat dockerCompat;

      environment.etc."cni/net.d/87-podman-bridge.conflist".source = utils.copyFile "${pkgs.podman-unwrapped.src}/cni/87-podman-bridge.conflist";

-    # Enable common /etc/containers configuration
-    virtualisation.containers.enable = true;
-
-    assertions = [{
-      assertion = cfg.dockerCompat -> !config.virtualisation.docker.enable;
-      message = "Option dockerCompat conflicts with docker";
-    }];
-
+      virtualisation.containers = {
+        enable = true; # Enable common /etc/containers configuration
+        containersConf.extraConfig = lib.optionalString cfg.enableNvidia
+          (builtins.readFile (toml.generate "podman.nvidia.containers.conf" {
+            engine = {
+              conmon_env_vars = [ "PATH=${lib.makeBinPath [ nvidia-docker ]}" ];
+              runtimes.nvidia = [ "${nvidia-docker}/bin/nvidia-container-runtime" ];
+            };
+          }));
      };

+      assertions = [
+        {
+          assertion = cfg.dockerCompat -> !config.virtualisation.docker.enable;
+          message = "Option dockerCompat conflicts with docker";
+        }
+        {
+          assertion = cfg.enableNvidia -> !config.virtualisation.docker.enableNvidia;
+          message = "Option enableNvidia conflicts with docker.enableNvidia";
+        }
+      ];
+    }
+    (lib.mkIf cfg.enableNvidia {
+      environment.etc."nvidia-container-runtime/config.toml".source = "${nvidia-docker}/etc/podman-config.toml";
+    })
+  ]);
 }
--- a/pkgs/applications/virtualization/nvidia-docker/default.nix
+++ b/pkgs/applications/virtualization/nvidia-docker/default.nix
@ -6,15 +6,23 @@
 , makeWrapper
 , buildGoModule
 , buildGoPackage
-, git
 , glibc
+, docker
+, linkFarm
+, containerRuntimePath ? "${docker}/libexec/docker/runc"
 }:

 with lib; let
  libnvidia-container = callPackage ./libnvc.nix { };
+  isolatedContainerRuntimePath = linkFarm "isolated_container_runtime_path" [
+    {
+      name = "runc";
+      path = containerRuntimePath;
+    }
+  ];

  nvidia-container-runtime = buildGoPackage rec {
-    pname = "nvidia-container-toolkit";
+    pname = "nvidia-container-runtime";
    version = "3.4.0";
    src = fetchFromGitHub {
      owner = "NVIDIA";
@ -74,10 +82,18 @@ stdenv.mkDerivation rec {
  installPhase = ''
    mkdir -p $out/{bin,etc}
    cp -r bin $out
+
    wrapProgram $out/bin/nvidia-container-cli \
      --prefix LD_LIBRARY_PATH : /run/opengl-driver/lib:/run/opengl-driver-32/lib
+
+    # nvidia-container-runtime invokes docker-runc or runc if that isn't available on PATH
+    wrapProgram $out/bin/nvidia-container-runtime --prefix PATH : ${isolatedContainerRuntimePath}
+
    cp ${./config.toml} $out/etc/config.toml
    substituteInPlace $out/etc/config.toml --subst-var-by glibcbin ${lib.getBin glibc}
+
+    cp ${./podman-config.toml} $out/etc/podman-config.toml
+    substituteInPlace $out/etc/podman-config.toml --subst-var-by glibcbin ${lib.getBin glibc}
  '';

  meta = {
--- a/pkgs/applications/virtualization/nvidia-docker/podman-config.toml
+++ b/pkgs/applications/virtualization/nvidia-docker/podman-config.toml
@ -0,0 +1,13 @@
+disable-require = true
+#swarm-resource = "DOCKER_RESOURCE_GPU"
+
+[nvidia-container-cli]
+#root = "/run/nvidia/driver"
+#path = "/usr/bin/nvidia-container-cli"
+environment = []
+#debug = "/var/log/nvidia-container-runtime-hook.log"
+ldcache = "/tmp/ld.so.cache"
+load-kmods = true
+no-cgroups = true
+#user = "root:video"
+ldconfig = "@@glibcbin@/bin/ldconfig"