diff --git a/Dockerfile b/Dockerfile index b66912514..4e45cf9b8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -38,7 +38,8 @@ FROM docker.io/${BASE_IMAGE} AS final ARG LLAMA_SERVER_VARIANT # Create non-root user -RUN groupadd --system modelrunner && useradd --system --gid modelrunner --create-home --home-dir /home/modelrunner modelrunner +RUN groupadd --system modelrunner && useradd --system --gid modelrunner -G video --create-home --home-dir /home/modelrunner modelrunner +# TODO: if the render group ever gets a fixed GID add modelrunner to it COPY scripts/apt-install.sh apt-install.sh @@ -70,13 +71,6 @@ ENV HOME=/home/modelrunner ENV MODELS_PATH=/models ENV LD_LIBRARY_PATH=/app/lib -# Set environment variables for vulkan -ENV VULKAN_SDK=/opt/vulkan -ENV PATH=$VULKAN_SDK/bin:$PATH -ENV LD_LIBRARY_PATH=$VULKAN_SDK/lib:$LD_LIBRARY_PATH -ENV CMAKE_PREFIX_PATH=$VULKAN_SDK:$CMAKE_PREFIX_PATH -ENV PKG_CONFIG_PATH=$VULKAN_SDK/lib/pkgconfig:$PKG_CONFIG_PATH - # Label the image so that it's hidden on cloud engines. LABEL com.docker.desktop.service="model-runner" diff --git a/cmd/cli/pkg/standalone/containers.go b/cmd/cli/pkg/standalone/containers.go index 85b7538e2..d28d6c42a 100644 --- a/cmd/cli/pkg/standalone/containers.go +++ b/cmd/cli/pkg/standalone/containers.go @@ -8,7 +8,9 @@ import ( "fmt" "io" "os" + "os/exec" "path/filepath" + "runtime" "strconv" "strings" "time" @@ -301,6 +303,19 @@ func CreateControllerContainer(ctx context.Context, dockerClient *client.Client, } } + if runtime.GOOS == "linux" { + out, err := exec.CommandContext(ctx, "getent", "group", "render").CombinedOutput() + if err != nil { + return fmt.Errorf("failed to retrieve the GID of 'render': %w", err) + } + tokens := strings.Split(string(out), ":") + gid, err := strconv.Atoi(tokens[2]) + if err != nil { + return fmt.Errorf("failed to parse the GID of 'render': %w", err) + } + hostConfig.GroupAdd = append(hostConfig.GroupAdd, strconv.Itoa(gid)) + } + // Create the container. If we detect that a concurrent installation is in // progress (as indicated by a conflicting container name (which should have // been detected just before installation)), then we'll allow the error to diff --git a/scripts/apt-install.sh b/scripts/apt-install.sh index 34ce7af90..fcfd40c2c 100755 --- a/scripts/apt-install.sh +++ b/scripts/apt-install.sh @@ -6,30 +6,7 @@ main() { apt-get update local packages=("ca-certificates") if [ "$LLAMA_SERVER_VARIANT" = "generic" ] || [ "$LLAMA_SERVER_VARIANT" = "cpu" ]; then - # Install Vulkan SDK - local vulkan_version=1.4.321.1 - local arch - arch=$(uname -m) - apt-get install -y wget xz-utils - wget -qO /tmp/vulkan-sdk.tar.xz https://sdk.lunarg.com/sdk/download/$vulkan_version/linux/vulkan-sdk-linux-"$arch"-$vulkan_version.tar.xz - mkdir -p /opt/vulkan - tar -xf /tmp/vulkan-sdk.tar.xz -C /tmp - - if [ "$arch" != "x86_64" ]; then - # TODO: uninstall build time deps after building the SDK - apt-get install -y libglm-dev cmake libxcb-dri3-0 libxcb-present0 libpciaccess0 \ - libpng-dev libxcb-keysyms1-dev libxcb-dri3-dev libx11-dev g++ gcc \ - libwayland-dev libxrandr-dev libxcb-randr0-dev libxcb-ewmh-dev \ - git python-is-python3 bison libx11-xcb-dev liblz4-dev libzstd-dev \ - ocaml-core ninja-build pkg-config libxml2-dev wayland-protocols python3-jsonschema \ - clang-format qtbase5-dev qt6-base-dev - pushd /tmp/"${vulkan_version}" - # TODO: we don't need the whole SDK to run stuff, so eventually only build necessary targets here - ./vulkansdk --no-deps -j "$(nproc)" - fi - - mv /tmp/"${vulkan_version}"/"$arch"/* /opt/vulkan/ - rm -rf /tmp/* + apt-get install -y libvulkan1 fi apt-get install -y "${packages[@]}" diff --git a/scripts/docker-run.sh b/scripts/docker-run.sh index d42f195fa..361b411d2 100755 --- a/scripts/docker-run.sh +++ b/scripts/docker-run.sh @@ -7,6 +7,7 @@ add_accelerators() { args+=("--device" "$i") fi done + args+=("--group-add" "$(getent group render | cut -d: -f3)") } add_optional_args() {