CentOS8をインストールしたマシンでNvidiaを使用できるコンテナを動かそうとしている。CentOSではPodman推奨らしいが、ドキュメントが少ない。Dockerを使用してみる。構築関連の記事はUbuntu+Dockerが多いのでこの構成にしておけばよかったかと、少し後悔している。Dockerは動作したが、GPUまでは使用できていない。これはGPUが古いので引っ張ってくるイメージが対応していない、Dockerファイルをきちんと書かなくては動作させられない、などが原因として考えられるが、未解決。ちゃんとDockerを勉強しなくてはいけない。
Docker環境の構築
dnfでのインストールには、リポジトリの追加が必要。インストール後はsystemctlに追加する
123 dnf repolist
124 sudo dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
125 sudo dnf install docker-ce docker-ce-cli containerd.io
128 sudo systemctl start docker
129 sudo systemctl status docker
130 sudo systemctl enable docker
131 docker --version
コマンドdocker --versionで確認すると、Docker version 19.03.13, build 4484c46d9d
Podman環境の構築
「RHEL 8(正確にはRHEL 7.6以降)にはDockerが含まれず、サポートの対象からも外れたらしい。本番でRHEL上でコンテナを動かすときは、OpenShift前提のはずで、Dockerのように豊富な機能なくてもいいから、軽量なものに変えました、と言うことかな。あとはセキュリティ面もDockerより改善されているらしい。」
137 sudo systemctl disable docker
139 sudo systemctl stop docker
142 sudo dnf install podman --allowerasing
ImagePullができて、起動したのちに疎通するかを試す
[user@localhost ~]$ sudo podman pull centos
Trying to pull registry.access.redhat.com/centos...
name unknown: Repo not found
Trying to pull registry.redhat.io/centos...
unable to retrieve auth token: invalid username/password: unauthorized: Please login to the Red Hat Registry using your Customer Portal credentials. Further instructions can be found here: https://access.redhat.com/RegistryAuthentication
Trying to pull docker.io/library/centos...
Getting image source signatures
Copying blob 3c72a8ed6814 done
Copying config 0d120b6cca done
Writing manifest to image destination
Storing signatures
0d120b6ccaa8c5e149176798b3501d4dd1885f961922497cd0abef155c869566
[user@localhost ~]$ sudo podman run centos /bin/echo "Welcome to the Podman World"
Welcome to the Podman World
[user@localhost ~]$ history 5
146 sudo podman pull centos
147 podman run centos /bin/echo "Welcome to the Podman World" # ※動作不可
149 sudo podman run centos /bin/echo "Welcome to the Podman World"
150 history 5
[user@localhost ~]$
OK.
(参考)
nvidia-container-toolkitインストール
NVIDIA Container Toolkit インストールをした。Podman環境の構築をしてしまっているため、この構築済み競合を無視するallowerasingが必要。
167 sudo dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
168 sudo dnf repolist -v
170 distribution=$(. /etc/os-release;echo $ID$VERSION_ID) && curl -s -L https://nvidia.github.io/nvidia-docker/$distribution/nvidia-docker.repo | sudo tee /etc/yum.repos.d/nvidia-docker.repo # Setup the stable repository and the GPG key
172 sudo dnf install nvidia-docker2 --allowerasing
(参考)
SElinuxを一時的に無効化して使用してみていたら実行OK。いくつかのバージョンをnvidia/cuda:*.*-baseを、今回Podman runで試してみたが、最新バージョンは実行できないモノもある。GPUの古さが問題か?深追いしていない。
| ver. |
run |
| nvidia/cuda:11.0-base |
OCI runtime error |
| nvidia/cuda:10.0-base |
OCI runtime error |
| nvidia/cuda:9.0-base |
ok |
| nvidia/cuda:9.1-base |
ok |
| nvidia/cuda:9.2-base |
OCI runtime error |
実行結果は以下。
[user@localhost ~]$ sudo podman run -it -e NVIDIA_VISIBLE_DEVICES=all nvidia/cuda:9.1-base bash
root@828545e2e1d1:/# nvidia-smi
Tue Nov 10 14:40:18 2020
+-----------------------------------------------------------------------------+
| NVIDIA-SMI 390.138 Driver Version: 390.138 |
|-------------------------------+----------------------+----------------------+
| GPU Name Persistence-M| Bus-Id Disp.A | Volatile Uncorr. ECC |
| Fan Temp Perf Pwr:Usage/Cap| Memory-Usage | GPU-Util Compute M. |
|===============================+======================+======================|
| 0 GeForce GTX 580 Off | 00000000:03:00.0 N/A | N/A |
| 41% 47C P12 N/A / N/A | 188MiB / 1474MiB | N/A Default |
+-------------------------------+----------------------+----------------------+
+-----------------------------------------------------------------------------+
| Processes: GPU Memory |
| GPU PID Type Process name Usage |
|=============================================================================|
| 0 Not Supported |
+-----------------------------------------------------------------------------+
root@828545e2e1d1:/# exit
exit
[user@localhost ~]$
参考
SElinuxの無効化
コンフィグファイルを修正して、再起動して、Getenforceで実行状況を確認する。
353 sudo cp /etc/selinux/config /etc/selinux/config.201112
356 sudo ls /etc/selinux/
357 sudo vim /etc/selinux/config
358 sudo reboot
359 sudo getenforce
360 getenforce
/etc/selinux/config記載内容は以下
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
#SELINUX=enforcing
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
Docker環境の構築
sudo dnf install nvidia-docker2 --allowerasingで前回は構築したが、Dockerの公式版に従ってインストールをする。Podmanと共存できないので、こちらは一旦削除する。
[user@localhost ~]$ sudo dnf remove podman
~~~
完了しました!
[user@localhost ~]$
[user@localhost ~]$ curl -fsSL https://get.docker.com -o get-docker.sh
[user@localhost ~]$ ls get-docker.sh
get-docker.sh
[user@localhost ~]$ sudo sh get-docker.sh
# Executing docker install script, commit: 26ff363bcf3b3f5a00498ac43694bf1c7d9ce16c
Warning: the "docker" command appears to already exist on this system.
If you already have Docker installed, this script can cause trouble, which is
why we're displaying this warning and provide the opportunity to cancel the
installation.
If you installed the current Docker package using this script and are using it
again to update Docker, you can safely ignore this message.
You may press Ctrl+C now to abort this script.
+ sleep 20
+ sh -c 'yum install -y -q yum-utils'
+ sh -c 'yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo'
repo の追加: https://download.docker.com/linux/centos/docker-ce.repo
+ '[' stable '!=' stable ']'
+ sh -c 'yum makecache'
CentOS-8 - AppStream 7.7 kB/s | 4.3 kB 00:00
CentOS-8 - Base 11 kB/s | 3.9 kB 00:00
CentOS-8 - Extras 3.6 kB/s | 1.5 kB 00:00
Docker CE Stable - x86_64 54 kB/s | 3.5 kB 00:00
libnvidia-container 3.4 kB/s | 488 B 00:00
nvidia-container-runtime 3.4 kB/s | 488 B 00:00
nvidia-docker 3.4 kB/s | 488 B 00:00
メタデータキャッシュを作成しました。
+ '[' -n '' ']'
+ sh -c 'yum install -y -q docker-ce'
If you would like to use Docker as a non-root user, you should now consider
adding your user to the "docker" group with something like:
sudo usermod -aG docker your-user
Remember that you will have to log out and back in for this to take effect!
WARNING: Adding a user to the "docker" group will grant the ability to run
containers which can be used to obtain root privileges on the
docker host.
Refer to https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface
for more information.
[user@localhost ~]$ docker --version
Docker version 19.03.13, build 4484c46d9d
[user@localhost ~]$ which docker
/usr/bin/docker
[user@localhost ~]$
インストールされているバージョンの確認をして、Systemctlで実行管理する。Dockerコンテナを引っ張ってきて、実行できるかを確認する。
[user@localhost ~]$ sudo dnf list docker-ce --showduplicates | sort -r
利用可能なパッケージ
メタデータの期限切れの最終確認: 0:07:49 時間前の 2020年11月12日 11時47分42秒 に実施しました。
インストール済みパッケージ
docker-ce.x86_64 3:19.03.13-3.el8 docker-ce-stable
docker-ce.x86_64 3:19.03.13-3.el8 @docker-ce-stable
[user@localhost ~]$ sudo systemctl start docker
[user@localhost ~]$ sudo systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor pre>
Active: active (running) since Thu 2020-11-12 11:55:58 JST; 11s ago
Docs: https://docs.docker.com
Main PID: 9812 (dockerd)
Tasks: 18
Memory: 47.9M
CGroup: /system.slice/docker.service
└─9812 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/contai>
~~
[user@localhost ~]$ sudo docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
0e03bdcc26d7: Pull complete
Digest: sha256:8c5aeeb6a5f3ba4883347d3747a7249f491766ca1caa47e5da5dfcf6b9b717c0
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
[user@localhost ~]$
参考 Install Docker Engine on CentOS(docs.docker.com)
Tensorflowのドキュメントのトレース
dockerでGPUディープラーニング(TensorFlow+Keras)を構築した(Note)(2020/02/25 22:32)のトレースをしたらうまく動いた模様。sudo docker run --runtime=nvidia --rm nvidia/cuda:9.0-cudnn7-devel nvcc --versionは古い構文なので不可。sudo docker run --gpus all --rm nvidia/cuda:9.0-cudnn7-devel nvcc --versionに修正すると実行できた。
[user@localhost ~]$ sudo docker run --gpus all --rm nvidia/cuda:9.0-cudnn7-devel nvcc --version
Unable to find image 'nvidia/cuda:9.0-cudnn7-devel' locally
9.0-cudnn7-devel: Pulling from nvidia/cuda
4f53fa4d2cf0: Already exists
6af7c939e38e: Already exists
903d0ffd64f6: Already exists
04feeed388b7: Already exists
552e6aef918c: Already exists
3b5947c788de: Already exists
d50221725eb7: Already exists
937587988e20: Pull complete
3cb9f162e631: Pull complete
38db361bb434: Pull complete
Digest: sha256:08a0aa4694949f23cf28b5052289603a6c38c035f184d509a36bf44fcf0ff4b9
Status: Downloaded newer image for nvidia/cuda:9.0-cudnn7-devel
nvcc: NVIDIA (R) Cuda compiler driver
Copyright (c) 2005-2017 NVIDIA Corporation
Built on Fri_Sep__1_21:08:03_CDT_2017
Cuda compilation tools, release 9.0, V9.0.176
[user@localhost ~]$ history 10
~~
508 sudo docker run --runtime=nvidia --rm nvidia/cuda:9.0-cudnn7-devel nvcc --version
509 sudo docker run --gpus all --rm nvidia/cuda:9.0-cudnn7-devel nvcc --version
~~
[user@localhost ~]$
(ここまで)