@cdpath $ sudo apt install -y nvidia-docker2 Reading package lists. Done Building dependency tree Reading state information. Done E: Unable to locate package nvidia-docker2. The NVIDIA Docker plugin enables deployment of GPU-accelerated applications across any Linux GPU server with NVIDIA Docker support. At NVIDIA, we use containers in a variety of ways including development, testing, benchmarking, and of course in production as the mechanism for deploying deep learning frameworks through the NVIDIA DGX-1’s Cloud.
- Ubuntu Docker Install Nvidia Driver
- Docker Install Nvidia Driver
- Install Nvidia Drivers Docker
- Install Nvidia Driver In Docker
- Docker Install Nvidia Drivers
CUDA on WSL User Guide
The guide for using NVIDIA CUDA on Windows Subsystem for Linux.
Introduction
Windows Subsystem for Linux (WSL) is a Windows 10 feature that enables users to run native Linux command-line tools directly on Windows. WSL is a containerized environment within which users can run Linux native applications from the command line of the Windows 10 shell without requiring the complexity of a dual boot environment. Internally, WSL is tightly integrated with the Microsoft Windows operating system, which allows it to run Linux applications alongside traditional Windows desktop and modern store apps.
With WSL 2 and GPU paravirtualization technology, Microsoft enables developers to run GPU accelerated applications on Windows.
The following document describes a workflow for getting started with running CUDA applications or containers in a WSL 2 environment.Getting Started
Getting started with running CUDA on WSL requires you to complete these steps in order:
Installing Microsoft Windows Insider Program Builds
Install the latest builds from the Microsoft Windows Insider Program
Register for the Microsoft Windows Insider Program.
Install the latest build from the Dev Channel.
Note:Ensure that you install Build version 20145 or higher. We recommend being on WIP OS 21332 and higher with Linux Kernel 5.4.91+ for the best performance.
You can check your build version number by running winver via the Windows Run command.
Installing NVIDIA Drivers
Download the NVIDIA Driver from the download section on the CUDA on WSL page. Choose the appropriate driver depending on the type of NVIDIA GPU in your system - GeForce and Quadro.
Install the driver using the executable. This is the only driver you need to install.
The DirectX WSL driver is installed automatically along with other driver components so no additional action is needed for installation. This driver enables graphics on WSL2.0 by supporting DX12 APIs. TensorFlow with DirectML support on WSL will get NV GPU hardware acceleration for training and inference workloads. There are no present capabilities in WSL, hence the driver is oriented towards compute/machine learning tasks. For some helpful examples, see https://docs.microsoft.com/en-us/windows/win32/direct3d12/gpu-tensorflow-wsl.
Do not install any Linux display driver in WSL. The Windows Display Driver will install both the regular driver components for native Windows and for WSL support.
Note:NVIDIA is aware of a specific installation issue reported on mobile platforms with the WIP driver 465.12 posted on 11/16/2020. A known workaround will be to disable and reenable the GPU adapter from device manager at system start. We are working on a fix for this issue and will have an updated driver soon.
As an alternative, users may opt to roll back to an earlier driver from device manager driver updates.
Installing WSL 2
This section includes details about installing WSL 2, including setting up a Linux distribution of your choice from the Microsoft Store.
- Install WSL 2 by following the instructions in the Microsoft documentation available here.
- Ensure you have the latest kernel by clicking “Check for updates” in the “Windows Update” section of the Settings app. If the right update with the kernel 4.19.121+ is installed, you should be able to see it in the Windows Update history. Alternatively, you can check the version number by running the following command in PowerShell:
- If you don’t see this update, then in the Windows Update Advanced options, make sure to enable recommended Microsoft updates and run the check again:
- If you don’t have the last WSL kernel updated, you will see the following blocking warning upon trying to launch a Linux distribution within WSL 2.
- Launch the Linux distribution and make sure it runs in WSL 2 mode using the following command:
Setting up CUDA Toolkit
It is recommended to use the Linux package manager to install the CUDA for the Linux distributions supported under WSL 2. Follow these instructions to install the CUDA Toolkit.
First, set up the CUDA network repository. The instructions shown here are for Ubuntu 18.04. See the CUDA Linux Installation Guide for more information on other distributions.
Now install CUDA. Note that for WSL 2, you should use the cuda-toolkit-<version> meta-package to avoid installing the NVIDIA driver that is typically bundled with the toolkit. You can also install other components of the toolkit by choosing the right meta-package.
Do not choose the cuda, cuda-11-0, or cuda-drivers meta-packages under WSL 2 since these packages will result in an attempt to install the Linux NVIDIA driver under WSL 2.
Running CUDA Applications
Just run your CUDA app as you would run it under Linux! Once the driver is installed there is nothing more to do to run existing CUDA applications that were built on Linux.
A snippet of running the BlackScholes Linux application from the CUDA samples is shown below.
Build the CUDA samples available under /usr/local/cuda/samples from your installation of the CUDA Toolkit in the previous section. The BlackScholes application is located under /usr/local/cuda/samples/4_Finance/BlackScholes. Alternatively, you can transfer a binary built on Linux to WSL 2!
Setting up to Run Containers
This chapter describes the workflow for setting up the NVIDIA Container Toolkit in preparation for running GPU accelerated containers.
Install Docker
Use the Docker installation script to install Docker for your choice of WSL 2 Linux distribution. Note that NVIDIA Container Toolkit does not yet support Docker Desktop WSL 2 backend.
Install NVIDIA Container Toolkit
Now install the NVIDIA Container Toolkit (previously known as nvidia-docker2). WSL 2 support is available starting with nvidia-docker2 v2.3 and the underlying runtime library (libnvidia-container >= 1.2.0-rc.1).
For brevity, the installation instructions provided here are for Ubuntu 18.04 LTS.
Setup the stable and experimental repositories and the GPG key. The changes to the runtime to support WSL 2 are available in the experimental repository.
Install the NVIDIA runtime packages (and their dependencies) after updating the package listing.
Open a separate WSL 2 window and start the Docker daemon again using the following commands to complete the installation.
Running CUDA Containers
In this section, we will walk through some examples of running GPU containers in a WSL 2 environment.
Simple CUDA Containers
In this example, let’s run an N-body simulation CUDA sample. This example has already been containerized and available from NGC.
From the console, you should see an output as shown below.
Jupyter Notebooks
In this example, let’s run Jupyter notebook.
After the container starts, you can see the following output on the console.
After the URL is available from the console output, input the URL into your browser to start developing with the Jupyter notebook. Ensure that you replace 127.0.0.1 with localhost in the URL when connecting to the Jupyter notebook from the browser.
If you navigate to the Cell menu and select the Run All item, then check the log within the Jupyter notebook WSL 2 container to see the work accelerated by the GPU of your Windows PC.
Deep Learning Framework Containers
In this example, let’s run a TensorFlow container to do a ResNet-50 training run using GPUs using the 20.03 container from NGC. This is done by launching the container and then running the training script from the nvidia-examples directory.
Let's look at another example from Lesson 15 of the Learning TensorFlow tutorial. In this example, the code creates a random matrix with a given size as input and then does a element wise operation on the input tensor.
The example also allows you to observe the speedup when the code is run on the GPU. The source code is shown below.
Save the code as matmul.py on the host's C drive, which is mapped as /mnt/c in WSL 2. Run the code using the same 20.03 TensorFlow container in the previous example. The results of running this script, launched from the mounted drive C, on a GPU and a CPU are shown below. For simplicity the output is reduced.
The same example is now run on the CPU.
Get started quickly with AI training using pre-trained models available from NVIDIA and the NGC catalog. Follow the instructions in this post for more details.
Changelog
- 3/23/2021: Resolved issues with nvidia-smi crashing on some systems.
- NVIDIA Driver for Windows 10: 470.14
- WIP build: 21332, WSL Linux kernel 5.4.91
- 3/9/2021
- WIP OS 21313+ and Linux kernel 5.4.91
- Do not use WIP OS 21327
- 1/28/2021: CUDA Toolkit 11.2 support, nvidia-smi, NVML support and critical performance improvements. The following software versions are supported with this preview release for WSL 2:
- NVIDIA Driver for Windows 10: 465.42
- Recommended WIP build: 21292
- 12/16/2020: Support for 3060Ti. Fix for installation problems observed in notebooks. The following software versions are supported with this preview release for WSL 2:
- NVIDIA Driver for Windows 10: 465.21
- 11/16/2020: The following software versions are supported with this preview release for WSL 2:
- NVIDIA Driver for Windows 10: 465.12
- 9/23/2020: The following software versions are supported with this preview release for WSL 2:
- 9/2/2020: The following software versions are supported with this preview release for WSL 2:
- NVIDIA Driver for Windows 10: 460.15
6/19/2020: Updated driver release to address cache coherency issues on some CPU systems, including AMD Ryzen.
The following software versions are supported with this preview release for WSL 2:- NVIDIA Driver for Windows 10: 455.41
6/17/2020: Initial Version.
The following software versions are supported with this preview release for WSL 2:- NVIDIA Driver for Windows 10: 455.38
- NVIDIA Container Toolkit: nvidia-docker2 (2.3) and libnvidia-container (>= 1.2.0-rc.1)
7.1. New Features
The following new features are included in this release:
- CUDA Toolkit 11.2 support
- Critical performance improvements
- nvidia-smi packaged
- Full NVML support
- IPC support
7.2. Resolved Issues
The following issues are resolved in this release:- Fixed nvidia-smi issues on some systems.
7.3. Known Limitations
The following features are not supported in this release:
- Note that NVIDIA Container Toolkit does not yet support Docker Desktop WSL 2 backend. Use Docker-CE for Linux instead inside your WSL 2 Linux distribution.
- nvidia-smi is now supported but in order to use it, please copy it to /usr/bin and set appropriate permissions with the below commands: We will soon provide a better user experience when there is OS support.
- CUDA debugging or profiling tools are not supported in WSL 2. This capability will be added in a future release.
- cumemmap IPC with fd is now supported. Other Legacy IPC APIs are not yet supported.
- Unified Memory is limited to the same feature set as on native Windows systems.
- With the NVIDIA Container Toolkit for Docker 19.03, only --gpus all is supported. This means that on multi-GPU systems it is not possible to filter for specific GPU devices by using specific index numbers to enumerate GPUs.
- When installing CUDA using the package manager, do not use the cuda, cuda-11-0, or cuda-drivers meta-packages under WSL 2. These packages have dependencies on the NVIDIA driver and the package manager will attempt to install the NVIDIA Linux driver which may result in issues. The NVIDIA Windows 10 driver should be the only driver present in the system.
- When running the NGC Deep Learning (DL) Framework GPU containers in WSL 2, you may encounter a message: Note that this message is an incorrect warning for WSL 2 and will be fixed in future releases of the DL Framework containers to correctly detect the NVIDIA GPUs. The DL Framework containers will still continue to be accelerated using CUDA on WSL 2.
7.4. Known Issues
The following are known issues in this release:
- CUDA on WSL2 is not to be used with the latest Microsoft Windows 10 Insider Preview Build 20226 due to known issues. Please use newer builds >= 20236 or revert to the older build 20221 to use CUDA on WSL2.
- Warning: Please do not update to WIP OS 21327 if you would like to use WSL with GPU support.
Troubleshooting
Here is a collection of potential errors that you may encounter when using CUDA on WSL 2:
Container Runtime Initialization Errors
- In some cases, when running a Docker container, you may encounter nvidia-container-cli : initialization error:
- This usually indicates that the right Microsoft Windows Insider Preview Builds, WSL 2, NVIDIA drivers and NVIDIA Container Toolkit may not be installed correctly. Use the dxdiag tools from the Run dialog and provide the diagnostic logs to NVIDIA. You can also use the CUDA on WSL 2 Forums to get in touch with NVIDIA product and engineering teams for help.
Notices
Notice
This document is provided for information purposes only and shall not be regarded as a warranty of a certain functionality, condition, or quality of a product. NVIDIA Corporation (“NVIDIA”) makes no representations or warranties, expressed or implied, as to the accuracy or completeness of the information contained in this document and assumes no responsibility for any errors contained herein. NVIDIA shall have no liability for the consequences or use of such information or for any infringement of patents or other rights of third parties that may result from its use. This document is not a commitment to develop, release, or deliver any Material (defined below), code, or functionality.
NVIDIA reserves the right to make corrections, modifications, enhancements, improvements, and any other changes to this document, at any time without notice.
Customer should obtain the latest relevant information before placing orders and should verify that such information is current and complete.
NVIDIA products are sold subject to the NVIDIA standard terms and conditions of sale supplied at the time of order acknowledgement, unless otherwise agreed in an individual sales agreement signed by authorized representatives of NVIDIA and customer (“Terms of Sale”). NVIDIA hereby expressly objects to applying any customer general terms and conditions with regards to the purchase of the NVIDIA product referenced in this document. No contractual obligations are formed either directly or indirectly by this document.
NVIDIA products are not designed, authorized, or warranted to be suitable for use in medical, military, aircraft, space, or life support equipment, nor in applications where failure or malfunction of the NVIDIA product can reasonably be expected to result in personal injury, death, or property or environmental damage. NVIDIA accepts no liability for inclusion and/or use of NVIDIA products in such equipment or applications and therefore such inclusion and/or use is at customer’s own risk.
NVIDIA makes no representation or warranty that products based on this document will be suitable for any specified use. Testing of all parameters of each product is not necessarily performed by NVIDIA. It is customer’s sole responsibility to evaluate and determine the applicability of any information contained in this document, ensure the product is suitable and fit for the application planned by customer, and perform the necessary testing for the application in order to avoid a default of the application or the product. Weaknesses in customer’s product designs may affect the quality and reliability of the NVIDIA product and may result in additional or different conditions and/or requirements beyond those contained in this document. NVIDIA accepts no liability related to any default, damage, costs, or problem which may be based on or attributable to: (i) the use of the NVIDIA product in any manner that is contrary to this document or (ii) customer product designs.
No license, either expressed or implied, is granted under any NVIDIA patent right, copyright, or other NVIDIA intellectual property right under this document. Information published by NVIDIA regarding third-party products or services does not constitute a license from NVIDIA to use such products or services or a warranty or endorsement thereof. Use of such information may require a license from a third party under the patents or other intellectual property rights of the third party, or a license from NVIDIA under the patents or other intellectual property rights of NVIDIA.
Reproduction of information in this document is permissible only if approved in advance by NVIDIA in writing, reproduced without alteration and in full compliance with all applicable export laws and regulations, and accompanied by all associated conditions, limitations, and notices.
THIS DOCUMENT AND ALL NVIDIA DESIGN SPECIFICATIONS, REFERENCE BOARDS, FILES, DRAWINGS, DIAGNOSTICS, LISTS, AND OTHER DOCUMENTS (TOGETHER AND SEPARATELY, “MATERIALS”) ARE BEING PROVIDED “AS IS.” NVIDIA MAKES NO WARRANTIES, EXPRESSED, IMPLIED, STATUTORY, OR OTHERWISE WITH RESPECT TO THE MATERIALS, AND EXPRESSLY DISCLAIMS ALL IMPLIED WARRANTIES OF NONINFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE. TO THE EXTENT NOT PROHIBITED BY LAW, IN NO EVENT WILL NVIDIA BE LIABLE FOR ANY DAMAGES, INCLUDING WITHOUT LIMITATION ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF ANY USE OF THIS DOCUMENT, EVEN IF NVIDIA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Notwithstanding any damages that customer might incur for any reason whatsoever, NVIDIA’s aggregate and cumulative liability towards customer for the products described herein shall be limited in accordance with the Terms of Sale for the product.
VESA DisplayPort
DisplayPort and DisplayPort Compliance Logo, DisplayPort Compliance Logo for Dual-mode Sources, and DisplayPort Compliance Logo for Active Cables are trademarks owned by the Video Electronics Standards Association in the United States and other countries.
HDMI
HDMI, the HDMI logo, and High-Definition Multimedia Interface are trademarks or registered trademarks of HDMI Licensing LLC.
OpenCL
OpenCL is a trademark of Apple Inc. used under license to the Khronos Group Inc.
Trademarks
NVIDIA and the NVIDIA logo are trademarks or registered trademarks of NVIDIA Corporation in the U.S. and other countries. Other company and product names may be trademarks of the respective companies with which they are associated.
Copyright
© 2007-2021 NVIDIA Corporation. All rights reserved.
This product includes software developed by the Syncro Soft SRL (http://www.sync.ro/).
Docker is a utility to pack, ship and run any application as a lightweight container.
Installation
Install the docker package or, for the development version, the docker-gitAUR package. Next start and enable docker.service
and verify operation:
Note that starting the docker service may fail if you have an active VPN connection due to IP conflicts between the VPN and Docker's bridge and overlay networks. If this is the case, try disconnecting the VPN before starting the docker service. You may reconnect the VPN immediately afterwards. You can also try to deconflict the networks (see solutions [1] or [2]).
Next, verify that you can run containers. The following command downloads the latest Arch Linux image and uses it to run a Hello World program within a container:
If you want to be able to run the docker
CLI command as a non-root user, add your user to the docker
user group, re-login, and restart docker.service
.
docker
group is root equivalent because they can use the docker run --privileged
command to start containers with root privileges. For more information see [3] and [4].Usage
Docker consists of multiple parts:
- The Docker daemon (sometimes also called the Docker Engine), which is a process which runs as
docker.service
. It serves the Docker API and manages Docker containers. - The
docker
CLI command, which allows users to interact with the Docker API via the command line and control the Docker daemon. - Docker containers, which are namespaced processes that are started and managed by the Docker daemon as requested through the Docker API.
Typically, users use Docker by running docker
CLI commands, which in turn request the Docker daemon to perform actions which in turn result in management of Docker containers. Understanding the relationship between the client (docker
), server (docker.service
) and containers is important to successfully administering Docker.
Note that if the Docker daemon stops or restarts, all currently running Docker containers are also stopped or restarted.
Also note that it is possible to send requests to the Docker API and control the Docker daemon without the use of the docker
CLI command. See the Docker API developer documentation for more information.
See the Docker Getting Started guide for more usage documentation.
Configuration
The Docker daemon can be configured either through a configuration file at /etc/docker/daemon.json
or by adding command line flags to the docker.service
systemd unit. According to the Docker official documentation, the configuration file approach is preferred. If you wish to use the command line flags instead, use systemd drop-in files to override the ExecStart
directive in docker.service
.
For more information about options in daemon.json
see dockerd documentation.
Storage driver
The storage driver controls how images and containers are stored and managed on your Docker host. The default overlay2
driver has good performance and is a good choice for all modern Linux kernels and filesystems. There are a few legacy drivers such as devicemapper
and aufs
which were intended for compatibility with older Linux kernels, but these have no advantages over overlay2
on Arch Linux.
Users of btrfs or ZFS may use the btrfs
or zfs
drivers, each of which take advantage of the unique features of these filesystems. See the btrfs driver and zfs driver documentation for more information and step-by-step instructions.
Daemon socket
By default, the Docker daemon serves the Docker API using a Unix socket at /var/run/docker.sock
. This is an appropriate option for most use cases.
It is possible to configure the Daemon to additionally listen on a TCP socket, which can allow remote Docker API access from other computers. This can be useful for allowing docker
commands on a host machine to access the Docker daemon on a Linux virtual machine, such as an Arch virtual machine on a Windows or macOS system.
Note that the default docker.service
file sets the -H
flag by default, and Docker will not start if an option is present in both the flags and /etc/docker/daemon.json
file. Therefore, the simplest way to change the socket settings is with a drop-in file, such as the following which adds a TCP socket on port 4243:
Reload the systemd daemon and restartdocker.service
to apply changes.
HTTP Proxies
There are two parts to configuring Docker to use an HTTP proxy: Configuring the Docker daemon and configuring Docker containers.
Docker daemon proxy configuration
See Docker documentation on configuring a systemd drop-in unit to configure HTTP proxies.
Docker container proxy configuration
See Docker documentation on configuring proxies for information on how to automatically configure proxies for all containers created using the docker
CLI.
Configuring DNS
See Docker's DNS documentation for the documented behavior of DNS within Docker containers and information on customizing DNS configuration. In most cases, the resolvers configured on the host are also configured in the container.
Most DNS resolvers hosted on 127.0.0.0/8
are not supported due to conflicts between the container and host network namespaces. Such resolvers are removed from the container's /etc/resolv.conf. If this would result in an empty /etc/resolv.conf
, Google DNS is used instead.
Additionally, a special case is handled if 127.0.0.53
is the only configured nameserver. In this case, Docker assumes the resolver is systemd-resolved and uses the upstream DNS resolvers from /run/systemd/resolve/resolv.conf
.
If you are using a service such as dnsmasq to provide a local resolver, consider adding a virtual interface with a link local IP address in the 169.254.0.0/16
block for dnsmasq to bind to instead of 127.0.0.1
to avoid the network namespace conflict.
Images location
By default, docker images are located at /var/lib/docker
. They can be moved to other partitions, e.g. if you wish to use a dedicated partition or disk for your images. In this example, we will move the images to /mnt/docker
.
First, stopdocker.service
, which will also stop all currently running containers and unmount any running images. You may then move the images from /var/lib/docker
to the target destination, e.g. cp -r /var/lib/docker /mnt/docker
.
Configure data-root
in /etc/docker/daemon.json
:
Restart docker.service
to apply changes.
Insecure registries
If you decide to use a self signed certificate for your private registries, Docker will refuse to use it until you declare that you trust it. For example, to allow images from a registry hosted at myregistry.example.com:8443
, configure insecure-registries
in the /etc/docker/daemon.json
file:
Restart docker.service
to apply changes.
IPv6
In order to enable IPv6 support in Docker, you will need to do a few things. See [5] and [6] for details.
Firstly, enable the ipv6
setting in /etc/docker/daemon.json
and set a specific IPv6 subnet. In this case, we will use the private fd00::/80
subnet. Make sure to use a subnet at least 80 bits as this allows a container's IPv6 to end with the container's MAC address which allows you to mitigate NDP neighbor cache invalidation issues.
Restartdocker.service
to apply changes.
Finally, to let containers access the host network, you need to resolve routing issues arising from the usage of a private IPv6 subnet. Add the IPv6 NAT in order to actually get some traffic:
Now Docker should be properly IPv6 enabled. To test it, you can run:
If you use firewalld, you can add the rule like this:
If you use ufw, you need to first enable ipv6 forwarding following Uncomplicated Firewall#Forward policy. Next you need to edit /etc/default/ufw
and uncomment the following lines
Then you can add the iptables rule:
It should be noted that, for docker containers created with docker-compose, you may need to set enable_ipv6: true
in the networks
part for the corresponding network. Besides, you may need to configure the IPv6 subnet. See [7] for details.
User namespace isolation
By default, processes in Docker containers run within the same user namespace as the main dockerd
daemon, i.e. containers are not isolated by the user_namespaces(7) feature. This allows the process within the container to access configured resources on the host according to Users and groups#Permissions and ownership. This maximizes compatibility, but poses a security risk if a container privilege escalation or breakout vulnerability is discovered that allows the container to access unintended resources on the host. (One such vulnerability was published and patched in February 2019.)
The impact of such a vulnerability can be reduced by enabling user namespace isolation. This runs each container in a separate user namespace and maps the UIDs and GIDs inside that user namespace to a different (typically unprivileged) UID/GID range on the host. Note that in the Docker implementation, user namespaces for all containers are mapped to the same UID/GID range on the host, otherwise sharing volumes between multiple containers would not be possible.
Note:- The main
dockerd
daemon still runs asroot
on the host. Running Docker in rootless mode is a different feature. - Processes in the container are started as the user defined in the USER directive in the Dockerfile used to build the image of the container.
- Enabling user namespace isolation has several limitations. Also, Kubernetes currently does not work with this feature.
- Enabling user namespace isolation effectively masks existing image and container layers, as well as other Docker objects in
/var/lib/docker/
, because Docker needs to adjust the ownership of these resources. The upstream documentation recommends to enable this feature on a new Docker installation rather than an existing one.
Configure userns-remap
in /etc/docker/daemon.json
. default
is a special value that will automatically create a user and group named dockremap
for use with remapping.
Configure /etc/subuid
and /etc/subgid
with a username/group name, starting UID/GID and UID/GID range size to allocate to the remap user and group. This example allocates a range of 65536 UIDs and GIDs starting at 165536 to the dockremap
user and group.
Restart docker.service
to apply changes.
After applying this change, all containers will run in an isolated user namespace by default. The remapping may be partially disabled on specific containers passing the --userns=host
flag to the docker
command. See [8] for details.
Docker rootless
Install the docker-rootless-extras-binAUR package to run docker in rootless mode (that is, as a regular user instead of as root).
Configure /etc/subuid
and /etc/subgid
with a username/group name, starting UID/GID and UID/GID range size to allocate to the remap user and group.
Enable the socket (this will result in docker being started using systemd's socket activation):
Finally set docker socket environment variable:
Images
Arch Linux
The following command pulls the archlinux x86_64 image. This is a stripped down version of Arch core without network, etc.
See also README.md.
For a full Arch base, clone the repo from above and build your own image.
Make sure that the devtools, fakechroot and fakeroot packages are installed.
To build the base image:
Alpine Linux
Alpine Linux is a popular choice for small container images, especially for software compiled as static binaries. The following command pulls the latest Alpine Linux image:
Alpine Linux uses the musl libc implementation instead of the glibc libc implementation used by most Linux distributions. Because Arch Linux uses glibc, there are a number of functional differences between an Arch Linux host and an Alpine Linux container that can impact the performance and correctness of software. A list of these differences is documented here.
Note that dynamically linked software built on Arch Linux (or any other system using glibc) may have bugs and performance problems when run on Alpine Linux (or any other system using a different libc). See [9], [10] and [11] for examples.
Ubuntu Docker Install Nvidia Driver
CentOS
The following command pulls the latest centos image:
See the Docker Hub page for a full list of available tags for each CentOS release.
Debian
The following command pulls the latest debian image:
See the Docker Hub page for a full list of available tags, including both standard and slim versions for each Debian release.
Distroless
Google maintains distroless images for several popular programming languages such as Java, Python, Go, Node.js, .NET Core and Rust. These images contain only the programming language runtime without any OS related files, resulting in very small images for packaging software.
See the GitHub README for a list of images and instructions on their use.
Run GPU accelerated Docker containers with NVIDIA GPUs
With NVIDIA Container Toolkit (recommended)
Starting from Docker version 19.03, NVIDIA GPUs are natively supported as Docker devices. NVIDIA Container Toolkit is the recommended way of running containers that leverage NVIDIA GPUs.
Install the nvidia-container-toolkitAUR package. Next, restart docker. You can now run containers that make use of NVIDIA GPUs using the --gpus
option:
Specify how many GPUs are enabled inside a container:
Specify which GPUs to use:
or
Specify a capability (graphics, compute, ...) for the container (though this is rarely if ever used this way):
For more information see README.md and Wiki.
With NVIDIA Container Runtime
Install the nvidia-container-runtimeAUR package. Next, register the NVIDIA runtime by editing /etc/docker/daemon.json
and then restart docker.
The runtime can also be registered via a command line option to dockerd:
Afterwards GPU accelerated containers can be started with
or (required Docker version 19.03 or higher)
See also README.md.
With nvidia-docker (deprecated)
nvidia-docker is a wrapper around NVIDIA Container Runtime which registers the NVIDIA runtime by default and provides the nvidia-docker command.
To use nvidia-docker, install the nvidia-dockerAUR package and then restart docker. Containers with NVIDIA GPU support can then be run using any of the following methods:
or (required Docker version 19.03 or higher)
Arch Linux image with CUDA
You can use the following Dockerfile
to build a custom Arch Linux image with CUDA. It uses the Dockerfile frontend syntax 1.2 to cache pacman packages on the host. The DOCKER_BUILDKIT=1
environment variable must be set on the client before building the Docker image.
Useful tips
To grab the IP address of a running container:
For each running container, the name and corresponding IP address can be listed for use in /etc/hosts
:
Remove Docker and images
In case you want to remove Docker entirely you can do this by following the steps below:
Check for running containers:
List all containers running on the host for deletion:
Stop a running container:
Killing still running containers:
Docker Install Nvidia Driver
Delete containers listed by ID:
List all Docker images:
Delete images by ID:
Delete all images, containers, volumes, and networks that are not associated with a container (dangling):
To additionally remove any stopped containers and all unused images (not just dangling ones), add the -a flag to the command:
Delete all Docker data (purge directory):
Troubleshooting
docker0 Bridge gets no IP / no internet access in containers when using systemd-networkd
Docker attempts to enables IP forwarding globally, but by default systemd-networkd overrides the global sysctl setting for each defined network profile. Set IPForward=yes
in the network profile. See Internet sharing#Enable packet forwarding for details.
When systemd-networkd tries to manage the network interfaces created by Docker, this can lead to connectivity issues. Try disabling management of those interfaces. I.e. networkctl list
should report unmanaged
in the SETUP column for all networks created by Docker.
- You may need to restart
docker.service
each time you restartsystemd-networkd.service
oriptables.service
. - Also be aware that nftables may block docker connections by default. Use
nft list ruleset
to check for blocking rules.nft flush chain inet filter forward
removes all forwarding rules temporarily. Edit/etc/nftables.conf
to make changes permanent. Remember to restartnftables.service
to reload rules from the config file. See [12] for details about nftables support in Docker.
Default number of allowed processes/threads too low
If you run into error messages like
then you might need to adjust the number of processes allowed by systemd. The default is 500 (see system.conf
), which is pretty small for running several docker containers. Edit the docker.service
with the following snippet:
Install Nvidia Drivers Docker
Error initializing graphdriver: devmapper
If systemctl fails to start docker and provides an error:
Then, try the following steps to resolve the error. Stop the service, back up /var/lib/docker/
(if desired), remove the contents of /var/lib/docker/
, and try to start the service. See the open GitHub issue for details.
Failed to create some/path/to/file: No space left on device
If you are getting an error message like this:
when building or running a Docker image, even though you do have enough disk space available, make sure:
- Tmpfs is disabled or has enough memory allocation. Docker might be trying to write files into
/tmp
but fails due to restrictions in memory usage and not disk space. - If you are using XFS, you might want to remove the
noquota
mount option from the relevant entries in/etc/fstab
(usually where/tmp
and/or/var/lib/docker
reside). Refer to Disk quota for more information, especially if you plan on using and resizingoverlay2
Docker storage driver. - XFS quota mount options (
uquota
,gquota
,prjquota
, etc.) fail during re-mount of the file system. To enable quota for root file system, the mount option must be passed to initramfs as a kernel parameterrootflags=
. Subsequently, it should not be listed among mount options in/etc/fstab
for the root (/
) filesystem.
Docker-machine fails to create virtual machines using the virtualbox driver
In case docker-machine fails to create the VM's using the virtualbox driver, with the following:
Install Nvidia Driver In Docker
Simply reload the virtualbox via CLI with vboxreload
.
Starting Docker breaks KVM bridged networking
This is a known issue. You can use the following workaround:
Docker Install Nvidia Drivers
If there is already a network bridge configured for KVM, this may be fixable by telling docker about it. See [14] where docker configuration is modified as:
Be sure to replace existing_bridge_name
with the actual name of your network bridge.
Image pulls from Docker Hub are rate limited
Beginning on November 1st 2020, rate limiting is enabled for downloads from Docker Hub from anonymous and free accounts. See the rate limit documentation for more information.
Unauthenticated rate limits are tracked by source IP. Authenticated rate limits are tracked by account.
If you need to exceed the rate limits, you can either sign up for a paid plan or mirror the images you need to a different image registry. You can host your own registry or use a cloud hosted registry such as Amazon ECR, Google Container Registry, Azure Container Registry or Quay Container Registry.
To mirror an image, use the pull
, tag
and push
subcommands of the Docker CLI. For example, to mirror the 1.19.3
tag of the Nginx image to a registry hosted at cr.example.com
:
You can then pull or run the image from the mirror:
See also
- Are Docker containers really secure? — opensource.com