Linux ip-172-26-7-228 5.4.0-1103-aws #111~18.04.1-Ubuntu SMP Tue May 23 20:04:10 UTC 2023 x86_64
Your IP : 18.222.161.57
#! /bin/bash
#
# Copyright (c) 2017, 2018 NVIDIA CORPORATION.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
set -eu
# NVIDIA_VISIBLE_DEVICES="" *or* NVIDIA_VISIBLE_DEVICES="void"
# GPU support was explicitly disabled, exit early.
if [ -z "${NVIDIA_VISIBLE_DEVICES-x}" ] || [ "${NVIDIA_VISIBLE_DEVICES:-}" = "void" ]; then
exit 0
fi
# https://github.com/nvidia/nvidia-container-runtime#cuda_version
if [ -n "${CUDA_VERSION:-}" ] && [ -z "${NVIDIA_REQUIRE_CUDA:-}" ]; then
# Legacy CUDA image: default to all devices and all driver capabilities.
if [ -z "${NVIDIA_VISIBLE_DEVICES+x}" ]; then
NVIDIA_VISIBLE_DEVICES="all"
fi
if [ -z "${NVIDIA_DRIVER_CAPABILITIES:-}" ]; then
NVIDIA_DRIVER_CAPABILITIES="all"
fi
if [[ "${CUDA_VERSION}" =~ ^[0-9]+\.[0-9]+ ]]; then
NVIDIA_REQUIRE_CUDA="cuda>=${BASH_REMATCH[0]}"
fi
else
# NVIDIA_VISIBLE_DEVICES unset and it's not a legacy CUDA image.
# This is not a GPU image, exit early.
if [ -z "${NVIDIA_VISIBLE_DEVICES+x}" ]; then
exit 0
fi
fi
export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin
if ! which nvidia-container-cli >/dev/null; then
echo "ERROR: Missing tool nvidia-container-cli, see https://github.com/NVIDIA/libnvidia-container" >&2
exit 1
fi
in_userns() {
[ -e /proc/self/uid_map ] || { echo no; return; }
while read line; do
fields=$(echo $line | awk '{ print $1 " " $2 " " $3 }')
[ "$fields" = "0 0 4294967295" ] && { echo no; return; } || true
echo $fields | grep -q " 0 1$" && { echo userns-root; return; } || true
done < /proc/self/uid_map
[ "$(cat /proc/self/uid_map)" = "$(cat /proc/1/uid_map)" ] && \
{ echo userns-root; return; }
echo yes
}
get_ldconfig() {
which "ldconfig.real" || which "ldconfig"
return $?
}
capability_to_cli() {
case "$1" in
compute) echo "--compute";;
compat32) echo "--compat32";;
display) echo "--display";;
graphics) echo "--graphics";;
utility) echo "--utility";;
video) echo "--video";;
*) exit 1;;
esac
return
}
# Same behavior as strconv.ParseBool in golang
parse_bool() {
case "$1" in
1|t|T|TRUE|true|True) echo "true";;
0|f|F|FALSE|false|False) echo "false";;
*) exit 1;;
esac
return
}
usage() {
cat <<EOF
nvidia-container-cli hook for LXC
Special arguments:
[ -h | --help ]: Print this help message and exit.
Optional arguments:
[ --no-load-kmods ]: Do not try to load the NVIDIA kernel modules.
[ --disable-require ]: Disable all the constraints of the form NVIDIA_REQUIRE_*.
[ --debug <path> ]: The path to the log file.
[ --ldcache <path> ]: The path to the host system's DSO cache.
[ --root <path> ]: The path to the driver root directory.
[ --ldconfig <path> ]: The path to the ldconfig binary, use a '@' prefix for a host path.
EOF
return 0
}
options=$(getopt -o h -l help,no-load-kmods,disable-require,debug:,ldcache:,root:,ldconfig: -- "$@")
if [ $? -ne 0 ]; then
usage
exit 1
fi
eval set -- "$options"
CLI_LOAD_KMODS="true"
CLI_DISABLE_REQUIRE="false"
CLI_DEBUG=
CLI_LDCACHE=
CLI_ROOT=
CLI_LDCONFIG=
while :; do
case "$1" in
--help) usage && exit 1;;
--no-load-kmods) CLI_LOAD_KMODS="false"; shift 1;;
--disable-require) CLI_DISABLE_REQUIRE="true"; shift 1;;
--debug) CLI_DEBUG=$2; shift 2;;
--ldcache) CLI_LDCACHE=$2; shift 2;;
--root) CLI_ROOT=$2; shift 2;;
--ldconfig) CLI_LDCONFIG=$2; shift 2;;
--) shift 1; break;;
*) break;;
esac
done
HOOK_SECTION=
HOOK_TYPE=
case "${LXC_HOOK_VERSION:-0}" in
0) HOOK_SECTION="${2:-}"; HOOK_TYPE="${3:-}";;
1) HOOK_SECTION="${LXC_HOOK_SECTION:-}"; HOOK_TYPE="${LXC_HOOK_TYPE:-}";;
*) echo "ERROR: Unsupported hook version: ${LXC_HOOK_VERSION}." >&2; exit 1;;
esac
if [ "${HOOK_SECTION}" != "lxc" ]; then
echo "ERROR: Not running through LXC." >&2
exit 1
fi
if [ "${HOOK_TYPE}" != "mount" ]; then
echo "ERROR: This hook must be used as a \"mount\" hook." >&2
exit 1
fi
USERNS=$(in_userns)
if [ "${USERNS}" != "yes" ]; then
# This is a limitation of libnvidia-container.
echo "FIXME: This hook currently only works in unprivileged mode." >&2
exit 1
fi
if [ "${USERNS}" = "yes" ]; then
CLI_LOAD_KMODS="false"
if ! grep -q nvidia_uvm /proc/modules; then
echo "WARN: Kernel module nvidia_uvm is not loaded, nvidia-container-cli might fail. Make sure the NVIDIA device driver is installed and loaded." >&2
fi
fi
# https://github.com/nvidia/nvidia-container-runtime#nvidia_disable_require
if [ -n "${NVIDIA_DISABLE_REQUIRE:-}" ]; then
if [ "$(parse_bool "${NVIDIA_DISABLE_REQUIRE}")" = "true" ]; then
CLI_DISABLE_REQUIRE="true"
fi
fi
if [ -z "${CLI_DEBUG}" ]; then
if [ "${LXC_LOG_LEVEL}" = "DEBUG" ] || [ "${LXC_LOG_LEVEL}" = "TRACE" ]; then
rootfs_path="${LXC_ROOTFS_PATH#*:}"
hookdir="${rootfs_path/%rootfs/hook}"
if mkdir -p "${hookdir}"; then
CLI_DEBUG="${hookdir}/nvidia.log"
fi
fi
fi
# A '@' prefix means a host path.
if [ -z "${CLI_LDCONFIG}" ]; then
if host_ldconfig=$(get_ldconfig); then
CLI_LDCONFIG="@${host_ldconfig}"
fi
fi
# https://github.com/nvidia/nvidia-container-runtime#nvidia_visible_devices
CLI_DEVICES="${NVIDIA_VISIBLE_DEVICES}"
# https://github.com/nvidia/nvidia-container-runtime#nvidia_driver_capabilities
CLI_CAPABILITIES=
if [ -n "${NVIDIA_DRIVER_CAPABILITIES:-}" ]; then
CLI_CAPABILITIES="${NVIDIA_DRIVER_CAPABILITIES//,/ }"
fi
# https://github.com/nvidia/nvidia-container-runtime#nvidia_require_
CLI_REQUIREMENTS=
for req in $(compgen -e "NVIDIA_REQUIRE_"); do
CLI_REQUIREMENTS="${CLI_REQUIREMENTS} ${!req}"
done
if [ "${CLI_CAPABILITIES}" = "all" ]; then
CLI_CAPABILITIES="compute compat32 display graphics utility video"
fi
if [ -z "${CLI_CAPABILITIES}" ]; then
CLI_CAPABILITIES="utility"
fi
global_args=("")
configure_args=("")
if [ -n "${CLI_DEBUG}" ]; then
echo "INFO: Writing nvidia-container-cli log at ${CLI_DEBUG}." >&2
global_args+=("--debug=${CLI_DEBUG}")
fi
if [ "${CLI_LOAD_KMODS}" = "true" ]; then
global_args+=(--load-kmods)
fi
if [ "${USERNS}" = "yes" ]; then
global_args+=(--user)
configure_args+=(--no-cgroups)
fi
if [ -n "${CLI_LDCACHE}" ]; then
global_args+=(--ldcache="${CLI_LDCACHE}")
fi
if [ -n "${CLI_ROOT}" ]; then
global_args+=(--root="${CLI_ROOT}")
fi
if [ -n "${CLI_LDCONFIG}" ]; then
configure_args+=(--ldconfig="${CLI_LDCONFIG}")
fi
if [ -n "${CLI_DEVICES}" ] && [ "${CLI_DEVICES}" != "none" ]; then
configure_args+=(--device="${CLI_DEVICES}")
fi
for cap in ${CLI_CAPABILITIES}; do
if arg=$(capability_to_cli "${cap}"); then
configure_args+=("${arg}")
else
echo "ERROR: Unknown driver capability \"${cap}\"." >&2
exit 1
fi
done
if [ "${CLI_DISABLE_REQUIRE}" = "false" ]; then
for req in ${CLI_REQUIREMENTS}; do
configure_args+=(--require="${req}")
done
fi
if [ -d "/sys/kernel/security/apparmor" ]; then
# Try to transition to the unconfined AppArmor profile.
echo "changeprofile unconfined" > /proc/self/attr/current || true
fi
set -x
exec nvidia-container-cli ${global_args[@]} configure ${configure_args[@]} "${LXC_ROOTFS_MOUNT}"
|