Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: glibc extension #473

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: glibc extension #473

wants to merge 1 commit into from
+42 −9

Conversation

jfroy
Copy link

@jfroy jfroy commented Sep 18, 2024

This PR adds a glibc extension. The intention is to replace the nvidia extensions entirely and only provide the glibc components required by the nvidia gpu-operator and its components (e.g. the nvidia container toolkit).

The extension is pretty much copied from the package that is in the nvidia extensions, with one major modification: a symbolic link to ldconfig is installed at /sbin/ldconfig. This change allows the nvidia gpu-operator to work without modification*. This change does require a patch to the extension validation logic, which is provided in separate PRs.

@jfroy jfroy changed the title glibc extension feat: glibc extension Sep 18, 2024
@frezbo
Copy link
Member

frezbo commented Sep 18, 2024

This PR adds a glibc extension. The intention is to replace the nvidia extensions entirely and only provide the glibc components required by the nvidia gpu-operator and its components (e.g. the nvidia container toolkit).

The extension is pretty much copied from the package that is in the nvidia extensions, with one major modification: a symbolic link to ldconfig is installed at /sbin/ldconfig. This change allows the nvidia gpu-operator to work without modification*. This change does require a patch to the extension validation logic, which is provided in separate PRs.

* A patch to the nvidia container toolkit is required to replace the shell script wrappers with a Go wrapper. See [Replace shell wrapper with a Go wrapper NVIDIA/nvidia-container-toolkit#700](https://github.com/NVIDIA/nvidia-container-toolkit/pull/700).

This is really cool and looking forward to actually not having to maintain patches or wrappers. What i still don't understand is about kernel modules, would SideroLabs be still shipping them as extensions (I believe that's the case since only machined in talos can load modules)?

frezbo
frezbo reviewed Sep 18, 2024
View reviewed changes
README.md Outdated Show resolved Hide resolved
@jfroy jfroy mentioned this pull request Sep 18, 2024
Open
@jfroy
Copy link
Author

jfroy commented Sep 18, 2024

This PR adds a glibc extension. The intention is to replace the nvidia extensions entirely and only provide the glibc components required by the nvidia gpu-operator and its components (e.g. the nvidia container toolkit).
The extension is pretty much copied from the package that is in the nvidia extensions, with one major modification: a symbolic link to ldconfig is installed at /sbin/ldconfig. This change allows the nvidia gpu-operator to work without modification*. This change does require a patch to the extension validation logic, which is provided in separate PRs.

* A patch to the nvidia container toolkit is required to replace the shell script wrappers with a Go wrapper. See [Replace shell wrapper with a Go wrapper NVIDIA/nvidia-container-toolkit#700](https://github.com/NVIDIA/nvidia-container-toolkit/pull/700).

This is really cool and looking forward to actually not having to maintain patches or wrappers. What i still don't understand is about kernel modules, would SideroLabs be still shipping them as extensions (I believe that's the case since only machined in talos can load modules)?

I am sending more PRs, but this is one of the major changes from an architecture POV: the gpu-operator would be allowed to load and unload kernel modules, which means enabling module unloading in the kernel (see siderolabs/pkgs#1031) and not removing SYS_MODULE from containers (see siderolabs/talos#9339).

Another important note is that only CDI mode (see https://docs.nvidia.com/datacenter/cloud-native/gpu-operator/latest/cdi.html) works on Talos with this patch. The "legacy" runtime hook require more libraries to be present on the system, whereas the CDI hook is a pure Go program that only requires the glibc dynamic loader and /sbin/ldconfig.

@frezbo
Copy link
Member

frezbo commented Sep 18, 2024

Another important note is that only CDI mode (see https://docs.nvidia.com/datacenter/cloud-native/gpu-operator/latest/cdi.html) works on Talos with this patch. The "legacy" runtime hook require more libraries to be present on the system, whereas the CDI hook is a pure Go program that only requires the glibc dynamic loader and /sbin/ldconfig.

We're open to moving to using CDI 👍

@jfroy
Copy link
Author

jfroy commented Sep 18, 2024

See siderolabs/talos#9339 for main discussion on loading kernel modules.

@jfroy jfroy force-pushed the glibc branch 3 times, most recently from d94cf22 to b4de00e Compare September 21, 2024 06:21
@jfroy
Copy link
Author

jfroy commented Sep 21, 2024

Patch has been updated to rework the glibc subtree to look like a merged /usr root.

@jfroy
feat: glibc extension
b59787e 
The extension is mostly copied from the package that is in the nvidia
toolkit extensions, but with a few notable changes.

- A symbolic link to `ldconfig` is installed at `/sbin/ldconfig`. This
allows the nvidia gpu-operator to work without modification. A patch to
the extension validation logic is required to allow the new path.
- The `/usr/local/glibc` subtree is now structured as a [merged `/usr`
root](https://systemd.io/THE_CASE_FOR_THE_USR_MERGE/). This improves
compatbility with ld-linux.so.2 for library discovery.

Signed-off-by: Jean-Francois Roy <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@frezbo frezbo frezbo left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jfroy @frezbo