-
Notifications
You must be signed in to change notification settings - Fork 38
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for predefined hooks #203
Comments
I’m working on CDI for Charliecloud, a lightweight, fully-unprivileged container implementation for HPC applications (hpc/charliecloud#1902). (In fact, it looks like @elezar was already helpful in some offline correspondence.) This would also be useful for us. In fact, regardless of what the standard says, I anticipate not running I would be happy to provide a draft PR for folks to look at. |
@reidpr we did discuss this in our latest working group meeting (notes here) and will most likely not be implementing this as part of the spec for the time being. One of the primary concerns is that even for "basic standard" tasks the applicable interfaces may not be applicable. Take a hook that "updates the ldcache" as an example. In the case of the NVIDIA Container Toolkit -- which implements this as the If we need to capture this logic in some kind of binary, this still needs to be available on the host and would complicate CDI spec consumption since we would have to distribute this binary somehow. Our current strategy for how to handle this would be to provide better documentation and examples for what these hooks do so that their behaviour can be replicated across various environments. This does place the burden on the hook vendors to provide this documentation though and cannot necessarily be enforced by the spec. One question I have is whether there is some middle ground where we don't implement the hooks in the spec, but more strictly prescribe their behaviour? That is to say that as a vendor, NVIDIA would still distribute the |
I can see that as a concern. At the same time, I do think it is a narrowly prescribed set of activities. I originally thought 3, now there is a variant on 1, so total of 4. Would we want to implement the truly standard ones, i.e. chmod and symlinks? |
For clarification, the |
Thank you @elezar.
I see your point. I wasn’t in that discussion obviously, but in my view that type of logic belongs more in the container implementation rather than vendor hooks. However you’ve been thinking about this longer than me. I have a couple follow-ups. Can you clarify the reasoning on why NVIDIA (or HPE, or ...) should be figuring out host What if the host does not have
Good point. Do these containers need Is it reasonably common to have containers without an
I could work with this. I really like the declarative aspect of CDI. Strictly prescribed hooks would be consistent with that, though (in my view) in kind of a roundabout way. |
Are these meetings open to the public? It sounds like something I’d be interested in helping with. |
Yes, the meetings are public. All the required details should be in the linked document. Ideally they are recorded too, but there is sometimes some lag between when these are available on YouTube. |
This issue is stale because it has been open 90 days with no activity. This issue will be closed in 30 days unless new comments are made or the stale label is removed. |
I will comment to keep it open. |
I have created #225 as an initial attempt to capture the intent of the "predefined" hooks. |
Cool, thank you @elezar . What do we think about |
This issue is stale because it has been open 90 days with no activity. This issue will be closed in 30 days unless new comments are made or the stale label is removed. To skip these checks, apply the "lifecycle/frozen" label. |
Not stale. |
The chmod hook was added to our tooling as a workaround for a particular runc bug. I don't think we should formalize this and rather focus on the remaining hooks. |
I have been working with the NVIDIA container toolkit which generates a CDI yaml file, including hooks. The hooks all call
nvidia-ctk
to do 3 things:These are pretty basic standard activities. It seems like it would make sense to have
containerEdits
within the spec capable of handling these. The spec includes container edit things likemounts
,env
,deviceNodes
,additionalGIDs
, and of coursehooks
. I think that creating symlinks, changing permissions on dir/file, and maybe updating ldcache (I am mixed on that one) are the kinds of capabilities that would fit as first-class citizens withincontainerEdits
.Thoughts?
The text was updated successfully, but these errors were encountered: