Expose Host Gpu To Docker Container On Mac

среда 18 мартаadmin

Join GitHub today

GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.

Docker Hub is the world's easiest way to create, manage, and deliver your teams' container applications. Sign up for Docker Hub Browse Popular Images. Is it possible to make the host Mac's GPU available to a Docker container on Docker-for-Mac, i.e., so that it shows up in /dev/gpu.?

Sign up New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Labels

Comments

commented Oct 3, 2016

I'd like to expose a port on my OS X host to a running container. This is necessary in my workflow because I'm using Aptible; the only way to access my private Aptible database is via the aptible db:tunnel command which creates an SSH tunnel and exposes the database via a port on my host. I'd like to access this host port from within a running container.

I've tried network_mode: host to no avail. I've also tried using the various IPs that show up in ip addr.

I'm using 1.12.1.

commented Oct 3, 2016

Here's an example of what I'm attempting to do:

added the status/0-triage label Oct 6, 2016

commented Oct 7, 2016

The IP you are using is the IP of the Docker container (elastalert). You need to get the IP of your host by running ifconfig on the OSX host, and use that IP instead from the container. Basically what you're doing is you are telnet-ing the docker container, which is not listening on port 8000.

commented Oct 8, 2016

Ah, way simpler than I thought; sadly it's not documented anywhere!

Telnetting to the address shown for en0 on the host worked.

closed this Oct 8, 2016
Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment
Estimated reading time: 16 minutes

By default, a container has no resource constraints and can use as much of agiven resource as the host’s kernel scheduler allows. Docker provides waysto control how much memory, or CPU a container can use, setting runtimeconfiguration flags of the docker run command. This section provides detailson when you should set such limits and the possible implications of setting them.

Many of these features require your kernel to support Linux capabilities. Tocheck for support, you can use thedocker info command. If a capabilityis disabled in your kernel, you may see a warning at the end of the output likethe following:

Consult your operating system’s documentation for enabling them.Learn more.

Memory

Understand the risks of running out of memory

It is important not to allow a running container to consume too much of thehost machine’s memory. On Linux hosts, if the kernel detects that there is notenough memory to perform important system functions, it throws an OOME, orOut Of Memory Exception, and starts killing processes to free upmemory. Any process is subject to killing, including Docker and other importantapplications. This can effectively bring the entire system down if the wrongprocess is killed.

Docker attempts to mitigate these risks by adjusting the OOM priority on theDocker daemon so that it is less likely to be killed than other processeson the system. The OOM priority on containers is not adjusted. This makes it morelikely for an individual container to be killed than for the Docker daemonor other system processes to be killed. You should not try to circumventthese safeguards by manually setting --oom-score-adj to an extreme negativenumber on the daemon or a container, or by setting --oom-kill-disable on acontainer.

For more information about the Linux kernel’s OOM management, seeOut of Memory Management.

While the ultimate is the most advanced and complete edition of this software. Which allows you to extract and convert text from an image of a page to editable document very quickly and easily. You can use this software to edit, create, and convert images, PDF files and forms into editable documents easily.Download: / New Stuff:. Kofax omnipage ocr. It comes with numerous ultimate, professional, standard, and editions. Serial Key is the new program that provide you all in one solution.

You can mitigate the risk of system instability due to OOME by:

  • Perform tests to understand the memory requirements of your application beforeplacing it into production.
  • Ensure that your application runs only on hosts with adequate resources.
  • Limit the amount of memory your container can use, as described below.
  • Be mindful when configuring swap on your Docker hosts. Swap is slower andless performant than memory but can provide a buffer against running out ofsystem memory.
  • Consider converting your container to a service,and using service-level constraints and node labels to ensure that theapplication runs only on hosts with enough memory

Limit a container’s access to memory

Docker can enforce hard memory limits, which allow the container to use no morethan a given amount of user or system memory, or soft limits, which allow thecontainer to use as much memory as it needs unless certain conditions are met,such as when the kernel detects low memory or contention on the host machine.Some of these options have different effects when used alone or when more thanone option is set.

Most of these options take a positive integer, followed by a suffix of b, k,m, g, to indicate bytes, kilobytes, megabytes, or gigabytes.

OptionDescription
-m or --memory=The maximum amount of memory the container can use. If you set this option, the minimum allowed value is 4m (4 megabyte).
--memory-swap*The amount of memory this container is allowed to swap to disk. See --memory-swap details.
--memory-swappinessBy default, the host kernel can swap out a percentage of anonymous pages used by a container. You can set --memory-swappiness to a value between 0 and 100, to tune this percentage. See --memory-swappiness details.
--memory-reservationAllows you to specify a soft limit smaller than --memory which is activated when Docker detects contention or low memory on the host machine. If you use --memory-reservation, it must be set lower than --memory for it to take precedence. Because it is a soft limit, it does not guarantee that the container doesn’t exceed the limit.
--kernel-memoryThe maximum amount of kernel memory the container can use. The minimum allowed value is 4m. Because kernel memory cannot be swapped out, a container which is starved of kernel memory may block host machine resources, which can have side effects on the host machine and on other containers. See --kernel-memory details.
--oom-kill-disableBy default, if an out-of-memory (OOM) error occurs, the kernel kills processes in a container. To change this behavior, use the --oom-kill-disable option. Only disable the OOM killer on containers where you have also set the -m/--memory option. If the -m flag is not set, the host can run out of memory and the kernel may need to kill the host system’s processes to free memory.

For more information about cgroups and memory in general, see the documentationfor Memory Resource Controller.

--memory-swap details

--memory-swap is a modifier flag that only has meaning if --memory is alsoset. Using swap allows the container to write excess memory requirements to diskwhen the container has exhausted all the RAM that is available to it. There is aperformance penalty for applications that swap memory to disk often.

Its setting can have complicated effects:

  • If --memory-swap is set to a positive integer, then both --memory and--memory-swap must be set. --memory-swap represents the total amount ofmemory and swap that can be used, and --memory controls the amount used bynon-swap memory. So if --memory='300m' and --memory-swap='1g', thecontainer can use 300m of memory and 700m (1g - 300m) swap.

  • If --memory-swap is set to 0, the setting is ignored, and the value istreated as unset.

  • If --memory-swap is set to the same value as --memory, and --memory isset to a positive integer, the container does not have access to swap.SeePrevent a container from using swap.

  • If --memory-swap is unset, and --memory is set, the container can useas much swap as the --memory setting, if the host container has swapmemory configured. For instance, if --memory='300m' and --memory-swap isnot set, the container can use 600m in total of memory and swap.

  • If --memory-swap is explicitly set to -1, the container is allowed to useunlimited swap, up to the amount available on the host system.

  • Inside the container, tools like free report the host’s available swap, not what’s available inside the container. Don’t rely on the output of free or similar tools to determine whether swap is present.

Prevent a container from using swap

If --memory and --memory-swap are set to the same value, this preventscontainers from using any swap. This is because --memory-swap is the amount ofcombined memory and swap that can be used, while --memory is only the amountof physical memory that can be used.

--memory-swappiness details

  • A value of 0 turns off anonymous page swapping.
  • A value of 100 sets all anonymous pages as swappable.
  • By default, if you do not set --memory-swappiness, the value isinherited from the host machine.

--kernel-memory details

Kernel memory limits are expressed in terms of the overall memory allocated toa container. Consider the following scenarios:

  • Unlimited memory, unlimited kernel memory: This is the defaultbehavior.
  • Unlimited memory, limited kernel memory: This is appropriate when theamount of memory needed by all cgroups is greater than the amount ofmemory that actually exists on the host machine. You can configure thekernel memory to never go over what is available on the host machine,and containers which need more memory need to wait for it.
  • Limited memory, unlimited kernel memory: The overall memory islimited, but the kernel memory is not.
  • Limited memory, limited kernel memory: Limiting both user and kernelmemory can be useful for debugging memory-related problems. If a containeris using an unexpected amount of either type of memory, it runs outof memory without affecting other containers or the host machine. Withinthis setting, if the kernel memory limit is lower than the user memorylimit, running out of kernel memory causes the container to experiencean OOM error. If the kernel memory limit is higher than the user memorylimit, the kernel limit does not cause the container to experience an OOM.

When you turn on any kernel memory limits, the host machine tracks “high watermark” statistics on a per-process basis, so you can track which processes (inthis case, containers) are using excess memory. This can be seen per processby viewing /proc/<PID>/status on the host machine.

CPU

By default, each container’s access to the host machine’s CPU cycles is unlimited.You can set various constraints to limit a given container’s access to the hostmachine’s CPU cycles. Most users use and configure thedefault CFS scheduler. In Docker 1.13and higher, you can also configure therealtime scheduler.

Configure the default CFS scheduler

The CFS is the Linux kernel CPU scheduler for normal Linux processes. Severalruntime flags allow you to configure the amount of access to CPU resources yourcontainer has. When you use these settings, Docker modifies the settings forthe container’s cgroup on the host machine.

OptionDescription
--cpus=<value>Specify how much of the available CPU resources a container can use. For instance, if the host machine has two CPUs and you set --cpus='1.5', the container is guaranteed at most one and a half of the CPUs. This is the equivalent of setting --cpu-period='100000' and --cpu-quota='150000'. Available in Docker 1.13 and higher.
--cpu-period=<value>Specify the CPU CFS scheduler period, which is used alongside --cpu-quota. Defaults to 100 micro-seconds. Most users do not change this from the default. If you use Docker 1.13 or higher, use --cpus instead.
--cpu-quota=<value>Impose a CPU CFS quota on the container. The number of microseconds per --cpu-period that the container is limited to before throttled. As such acting as the effective ceiling. If you use Docker 1.13 or higher, use --cpus instead.
--cpuset-cpusLimit the specific CPUs or cores a container can use. A comma-separated list or hyphen-separated range of CPUs a container can use, if you have more than one CPU. The first CPU is numbered 0. A valid value might be 0-3 (to use the first, second, third, and fourth CPU) or 1,3 (to use the second and fourth CPU).
--cpu-sharesSet this flag to a value greater or less than the default of 1024 to increase or reduce the container’s weight, and give it access to a greater or lesser proportion of the host machine’s CPU cycles. This is only enforced when CPU cycles are constrained. When plenty of CPU cycles are available, all containers use as much CPU as they need. In that way, this is a soft limit. --cpu-shares does not prevent containers from being scheduled in swarm mode. It prioritizes container CPU resources for the available CPU cycles. It does not guarantee or reserve any specific CPU access.

If you have 1 CPU, each of the following commands guarantees the container atmost 50% of the CPU every second.

Docker 1.13 and higher:

Docker 1.12 and lower:

Configure the realtime scheduler

In Docker 1.13 and higher, you can configure your container to use therealtime scheduler, for tasks which cannot use the CFS scheduler. Engenius wireless 11n drivers for mac. You need tomake sure the host machine’s kernel is configured correctlybefore you can configure the Docker daemon orconfigure individual containers.

Warning:CPU scheduling and prioritization are advanced kernel-levelfeatures. Most users do not need to change these values from their defaults.Setting these values incorrectly can cause your host system to become unstableor unusable.

Configure the host machine’s kernel

Verify that CONFIG_RT_GROUP_SCHED is enabled in the Linux kernel by runningzcat /proc/config.gz grep CONFIG_RT_GROUP_SCHED or by checking for theexistence of the file /sys/fs/cgroup/cpu.rt_runtime_us. For guidance onconfiguring the kernel realtime scheduler, consult the documentation for youroperating system.

Configure the Docker daemon

To run containers using the realtime scheduler, run the Docker daemon withthe --cpu-rt-runtime flag set to the maximum number of microseconds reservedfor realtime tasks per runtime period. For instance, with the default period of1000000 microseconds (1 second), setting --cpu-rt-runtime=950000 ensures thatcontainers using the realtime scheduler can run for 950000 microseconds for every1000000-microsecond period, leaving at least 50000 microseconds available fornon-realtime tasks. To make this configuration permanent on systems which usesystemd, see Control and configure Docker with systemd.

Configure individual containers

You can pass several flags to control a container’s CPU priority when youstart the container using docker run. Consult your operating system’sdocumentation or the ulimit command for information on appropriate values.

OptionDescription
--cap-add=sys_niceGrants the container the CAP_SYS_NICE capability, which allows the container to raise process nice values, set real-time scheduling policies, set CPU affinity, and other operations.
--cpu-rt-runtime=<value>The maximum number of microseconds the container can run at realtime priority within the Docker daemon’s realtime scheduler period. You also need the --cap-add=sys_nice flag.
--ulimit rtprio=<value>The maximum realtime priority allowed for the container. You also need the --cap-add=sys_nice flag.

The following example command sets each of these three flags on a debian:jessiecontainer.

If the kernel or Docker daemon is not configured correctly, an error occurs.

GPU

Access an NVIDIA GPU

Prerequisites

Visit the official NVIDIA drivers pageto download and install the proper drivers. Reboot your system once you havedone so.

Verify that your GPU is running and accessible.

Install nvidia-container-runtime

Follow the instructions at (https://nvidia.github.io/nvidia-container-runtime/)and then run this command:

Ensure the nvidia-container-runtime-hook is accessible from $PATH.

Restart the Docker daemon.

Expose GPUs for use

Include the --gpus flag when you start a container to access GPU resources.Specify how many GPUs to use. For example:

Exposes all available GPUs and returns a result akin to the following:

Use the device option to specify GPUs. For example:

Exposes that specific GPU.

Exposes the first and third GPUs.

Note: NVIDIA GPUs can only be accessed by systems running a single engine.

Set NVIDIA capabilities

You can set capabilities manually. For example, on Ubuntu you can run thefollowing:

This enables the utility driver capability which adds the nvidia-smi tool tothe container.

Capabilities as well as other configurations can be set in images viaenvironment variables. More information on valid variables can be found at thenvidia-container-runtimeGitHub page. These variables can be set in a Dockerfile.

You can also utitize CUDA images which sets these variables automatically. Seethe CUDA images GitHub pagefor more information.

docker, daemon, configuration, runtime