Add init container to handle imex nodes config mount #1010
Conversation
elezar
force-pushed
the
add-imex-init-container
branch
from
179e7fa to
5b20d46
Compare
deployments/helm/nvidia-device-plugin/templates/daemonset-gfd.yml
Outdated
Show resolved
Hide resolved
deployments/helm/nvidia-device-plugin/templates/daemonset-gfd.yml
Outdated
Show resolved
Hide resolved
elezar
force-pushed
the
add-imex-init-container
branch
2 times, most recently
from
d35857d to
affb6fe
Compare
deployments/helm/nvidia-device-plugin/templates/daemonset-gfd.yml
Outdated
Show resolved
Hide resolved
| volumeMounts: | ||
| - name: config | ||
| mountPath: /config | ||
| mountPropagation: Bidirectional |
There was a problem hiding this comment.
Why does this need to be bidirectional? At worst I think we only need HostToContainer -- but I'm curious if we even care about future mounts in either direction?
There was a problem hiding this comment.
The issue I was seeing was that the mount made in the init container was not visible to other containers using the empty volume. Maybe there is a better way to ensure that the mounts are shared than propagating this back to the empty volume on the host.
There was a problem hiding this comment.
OK, yeah, that makes sense. The init container creates the mount, but if this mount is not reflected back on the host, then when it exits, the mount will be removed and never visible to the app container when it eventually starts up. Let's leave it this way for now and think a bit more about this for future releases.
There was a problem hiding this comment.
The one issue that I did see was that the mount was not cleaned up. What is the best practice for doing this? (we don't do this for MPS either ... )
There was a problem hiding this comment.
Where does it live after the pod has been shut down? I would assume the shutdown of the pod and the removal of the temporary space for the mounted volume would have cleaned it up.
There was a problem hiding this comment.
Do they hang terminating forever, or are they terminated / cleaned up after the "standard" 30s timeout?
There was a problem hiding this comment.
Should we just go back to a copying approach instead of a mounting? It means we will require a restart of the plugin if the config file changes on the host, but this is probably OK for this first iteration.
There was a problem hiding this comment.
It's longer than 30s. I have one that's in terminating for more than 6 hours.
It could be that using the mounting logic that we have for the mps daemon doesn't have this issue since there is more complex logic being applied?
There was a problem hiding this comment.
For what it's worth, I'm happy to resort to copying and require a restart, alternatively we can do something like:
diff --git a/deployments/helm/nvidia-device-plugin/templates/daemonset-gfd.yml b/deployments/helm/nvidia-device-plugin/templates/daemonset-gfd.yml
index cb3f9d36..fd1ffb8a 100644
--- a/deployments/helm/nvidia-device-plugin/templates/daemonset-gfd.yml
+++ b/deployments/helm/nvidia-device-plugin/templates/daemonset-gfd.yml
@@ -214,6 +214,9 @@ spec:
{{- end }}
- name: config
mountPath: /config
+ - name: driver-root-etc
+ mountPath: /driver-root/etc
+ readOnly: true
{{- with .Values.resources }}
resources:
{{- toYaml . | nindent 10 }}
@@ -225,9 +228,9 @@ spec:
- name: host-sys
hostPath:
path: "/sys"
- - name: driver-root
+ - name: driver-root-etc
hostPath:
- path: {{ clean ( join "/" ( list "/" .Values.nvidiaDriverRoot ) ) | quote }}
+ path: {{ clean ( join "/" ( list "/" .Values.nvidiaDriverRoot "etc" ) ) | quote }}
{{- if $options.hasConfigMap }}
- name: available-configs
configMap:
but this doesn't address the operator case?
There was a problem hiding this comment.
It could work in the operator case if we updated both the host-root and drive-root mounts to /etc --> /host/etc and /run/nvidia/driver/etc --> /driver-root/etc respectively.
deployments/helm/nvidia-device-plugin/templates/daemonset-gfd.yml
Outdated
Show resolved
Hide resolved
elezar
force-pushed
the
add-imex-init-container
branch
from
affb6fe to
c655aa3
Compare
deployments/helm/nvidia-device-plugin/templates/daemonset-gfd.yml
Outdated
Show resolved
Hide resolved
elezar
force-pushed
the
add-imex-init-container
branch
from
c655aa3 to
3c38cec
Compare
| command: | ||
| - "/bin/bash" | ||
| - "-c" | ||
| - | |
There was a problem hiding this comment.
nit: Can you make this:
| command: | |
| - "/bin/bash" | |
| - "-c" | |
| - | | |
| command: ["/bin/bash", "-c"] | |
| args: | |
| - | |
| echo "Copying IMEX nodes config" | ||
| mkdir -p /config/etc/nvidia-imex | ||
| cp /driver-root/etc/nvidia-imex/nodes_config.cfg /config/etc/nvidia-imex/nodes_config.cfg |
There was a problem hiding this comment.
Can we make /etc/nvidia-imex/nodes_config.cfg a local envvar to this script instead of repeating it everywhere.
internal/lm/imex.go
Outdated
|
|
||
| // imexNodesConfigFilePathSearchRoots returns a list of roots to search for the IMEX nodes config file. | ||
| func imexNodesConfigFilePathSearchRoots(config *spec.Config) []string { | ||
| // By default se search / and /config for config files. |
There was a problem hiding this comment.
| // By default se search / and /config for config files. | |
| // By default, search / and /config for config files. |
elezar
force-pushed
the
add-imex-init-container
branch
from
3c38cec to
62ebcc2
Compare
deployments/helm/nvidia-device-plugin/templates/daemonset-gfd.yml
Outdated
Show resolved
Hide resolved
elezar
force-pushed
the
add-imex-init-container
branch
from
62ebcc2 to
c816dc7
Compare
This change adds an init container to GFD that checks whether the /driver-root/etc/nvidia-imex/nodes_config.cfg file exits and copies it to /config/etc/nvidia-imex/nodes_config.cfg (where /config is a shared volume used by the containers in the GFD pod. This allows the main GFD container access to this file -- used for generating IMEX domain labels -- without requiring continuouse. access to the driver root. Note that since the file is copied, a change in this config file requires a restart of the GFD pod. Signed-off-by: Evan Lezar <elezar@nvidia.com>
This change removes the IMEX nodes config option. Instead, the path to the
config file /etc/nvidia-imex/nodes_config.cfg is assumed with the following
roots being searched for this file: /, /config, ${DRIVER_ROOT_CTR_PATH}.
Signed-off-by: Evan Lezar <elezar@nvidia.com>
elezar
force-pushed
the
add-imex-init-container
branch
from
c816dc7 to
7fc6642
Compare
|
Just a thought (not blocking) , it feels a bit much to have a file with the path below: Since The |
It's done the way it is so that the filepath is the same for all search directores whether in |
4 participants
This change adds an init container to GFD that checks whether the
/driver-root/etc/nvidia-imex/nodes_config.cfgfile exits and copies it to/config/etc/nvidia-imex/nodes_config.cfg(where/configis a shared volume). This allows the main GFD container access to this config without requiring that the whole driver root be mounted.The ability to set the IMEX nodes config path through the
GFD_IMEX_NODES_CONFIG_FILEenvvar has also been removed, instead relying on searching the following[/, /config, ${DRIVER_ROOT_CTR_PATH}]for the hardcoded path:/etc/nvidia-imex/nodes_config.cfg.Testing
Using
kind.No imex file:
Deploy GFD:
Confirm that the folder is not present in the container:
Create the folder on the node:
Delelete the GFD pod.
File is available in the main container: