pkg/api: honor cdi devices from the hostconfig

giuseppe · giuseppe · commit 18e29076f72b · 2025-01-31T15:26:09.000+01:00
pass down the devices specifies in the resources block so that CDI devices in the compose file are honored. Tested manually with the following compose file: services: testgpupodman_count: image: ubuntu:latest command: ["nvidia-smi"] profiles: [gpu] deploy: resources: reservations: devices: - driver: nvidia count: 1 capabilities: [gpu] testgpupodman_deviceid: image: docker.io/ubuntu:latest command: ["nvidia-smi"] deploy: resources: reservations: devices: - driver: cdi device_ids: ['nvidia.com/gpu=all'] capabilities: [gpu] Closes: #19338 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
diff --git a/pkg/api/handlers/compat/containers_create.go b/pkg/api/handlers/compat/containers_create.go
@@ -163,6 +163,11 @@ func cliOpts(cc handlers.CreateContainerConfig, rtc *config.Config) (*entities.C
 	for _, dev := range cc.HostConfig.Devices {
 		devices = append(devices, fmt.Sprintf("%s:%s:%s", dev.PathOnHost, dev.PathInContainer, dev.CgroupPermissions))
 	}
+	for _, r := range cc.HostConfig.Resources.DeviceRequests {
+		if r.Driver == "cdi" {
+			devices = append(devices, r.DeviceIDs...)
+		}
+	}
 
 	// iterate blkreaddevicebps
 	readBps := make([]string, 0, len(cc.HostConfig.BlkioDeviceReadBps))
diff --git a/test/compose/cdi_device/README.md b/test/compose/cdi_device/README.md
@@ -0,0 +1,9 @@
+cdi devices
+===========
+
+This test copies a CDI device file on a tmpfs mounted on /etc/cdi, then checks that the CDI device in the compose file is present in a container.  The test is skipped when running as rootless.
+
+Validation
+------------
+
+* The CDI device is present in the container.
diff --git a/test/compose/cdi_device/device.json b/test/compose/cdi_device/device.json
@@ -0,0 +1,14 @@
+{
+  "cdiVersion": "0.3.0",
+  "kind": "vendor.com/device",
+  "devices": [
+    {
+      "name": "myKmsg",
+      "containerEdits": {
+        "mounts": [
+          {"hostPath": "/dev/kmsg", "containerPath": "/dev/kmsg1", "options": ["rw", "rprivate", "rbind"]}
+        ]
+      }
+    }
+  ]
+}
diff --git a/test/compose/cdi_device/docker-compose.yml b/test/compose/cdi_device/docker-compose.yml
@@ -0,0 +1,15 @@
+services:
+  test:
+    image: alpine
+    command: ["top"]
+    volumes:
+      - /dev:/dev-host
+    security_opt:
+      - label=disable
+    deploy:
+      resources:
+        reservations:
+          devices:
+          - driver: cdi
+            device_ids: ['vendor.com/device=myKmsg']
+            capabilities: []
diff --git a/test/compose/cdi_device/setup.sh b/test/compose/cdi_device/setup.sh
@@ -0,0 +1,9 @@
+if is_rootless; then
+    reason=" - can't write to /etc/cdi"
+    _show_ok skip "$testname # skip$reason"
+    exit 0
+fi
+
+mkdir -p /etc/cdi
+mount -t tmpfs tmpfs /etc/cdi
+cp device.json /etc/cdi
diff --git a/test/compose/cdi_device/teardown.sh b/test/compose/cdi_device/teardown.sh
@@ -0,0 +1,3 @@
+if ! is_rootless; then
+    umount -l /etc/cdi
+fi
diff --git a/test/compose/cdi_device/tests.sh b/test/compose/cdi_device/tests.sh
@@ -0,0 +1,11 @@
+# -*- bash -*-
+
+ctr_name="cdi_device-test-1"
+
+podman exec "$ctr_name" sh -c 'stat -c "%t:%T" /dev-host/kmsg'
+
+expected=$output
+
+podman exec "$ctr_name" sh -c 'stat -c "%t:%T" /dev/kmsg1'
+
+is "$output" "$expected" "$testname : device /dev/kmsg1 has the same rdev as /dev/kmsg on the host"

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+if ! is_rootless; then`
	`2`	`+ umount -l /etc/cdi`
	`3`	`+fi`