From 327b8257f83e08aaf4c882ceca6850aa1ff5589a Mon Sep 17 00:00:00 2001 From: Arjun Date: Sun, 29 Dec 2024 14:59:47 +0000 Subject: [PATCH 1/7] Support default root user in podman, fixes #81, #84 --- automation/script/module_misc.py | 3 +++ script/app-mlperf-inference/_cm.yaml | 26 +++++++++++++++++++------ script/build-dockerfile/customize.py | 8 ++++---- script/build-dockerfile/dockerinfo.json | 2 +- script/get-ml-model-rgat/_cm.yaml | 1 - script/run-docker-container/_cm.yaml | 1 + 6 files changed, 29 insertions(+), 12 deletions(-) diff --git a/automation/script/module_misc.py b/automation/script/module_misc.py index cf6e94597..6f6ad0c48 100644 --- a/automation/script/module_misc.py +++ b/automation/script/module_misc.py @@ -1902,6 +1902,9 @@ def docker(i): noregenerate_docker_file = i.get('docker_noregenerate', False) norecreate_docker_image = i.get('docker_norecreate', True) + recreate_docker_image = i.get('docker_recreate', False) + if recreate_docker_image:#force recreate + norecreate_docker_image = False if i.get('docker_skip_build', False): noregenerate_docker_file = True diff --git a/script/app-mlperf-inference/_cm.yaml b/script/app-mlperf-inference/_cm.yaml index 9ba86635c..f8a1be0a8 100644 --- a/script/app-mlperf-inference/_cm.yaml +++ b/script/app-mlperf-inference/_cm.yaml @@ -1775,13 +1775,27 @@ input_description: debug: desc: "Debug MLPerf script" -gui: - title: "CM GUI for the MLPerf inference benchmark" +update_meta_if_env: + - enable_if_env: + CM_CONTAINER_TOOL: + - podman + # podman maps the host userid to the root user inside the container + docker: + use_host_group_id: False + use_host_user_id: False + pass_user_group: False #useful if docker is run by a different user from the one who built it and under the same group + default_env: + CM_DOCKER_USE_DEFAULT_USER: 'yes' + - skip_if_env: + CM_CONTAINER_TOOL: + - podman + docker: + use_host_group_id: True + use_host_user_id: True + pass_user_group: True #useful if docker is run by a different user from the one who built it and under the same group + docker: - use_host_group_id: True - use_host_user_id: True - pass_user_group: True #useful if docker is run by a different user fromt he one who built it and under the same group deps: - tags: get,mlperf,inference,results,dir,local names: @@ -1816,7 +1830,7 @@ docker: skip_run_cmd: 'no' shm_size: '32gb' interactive: True - extra_run_args: ' --dns 8.8.8.8 --dns 8.8.4.4 --ulimit memlock=-1 --cap-add SYS_ADMIN --cap-add SYS_TIME --security-opt apparmor=unconfined --security-opt seccomp=unconfined' + extra_run_args: ' --dns 8.8.8.8 --dns 8.8.4.4 --cap-add SYS_ADMIN --ulimit=host --cap-add SYS_TIME --security-opt apparmor=unconfined --security-opt seccomp=unconfined' os: ubuntu cm_repo: mlcommons@mlperf-automations cm_repo_branch: dev diff --git a/script/build-dockerfile/customize.py b/script/build-dockerfile/customize.py index 8f451ebb6..dcb5f2ea6 100644 --- a/script/build-dockerfile/customize.py +++ b/script/build-dockerfile/customize.py @@ -250,7 +250,7 @@ def preprocess(i): docker_user = get_value(env, config, 'USER', 'CM_DOCKER_USER') docker_group = get_value(env, config, 'GROUP', 'CM_DOCKER_GROUP') - if docker_user: + if docker_user and str(env.get('CM_DOCKER_USE_DEFAULT_USER', '')).lower() not in ["yes", "1", "true"]: f.write('RUN groupadd -g $GID -o ' + docker_group + EOL) @@ -281,8 +281,8 @@ def preprocess(i): docker_use_virtual_python = env.get('CM_DOCKER_USE_VIRTUAL_PYTHON', "yes") if str(docker_use_virtual_python).lower() not in ["no", "0", "false"]: - f.write('RUN {} -m venv /home/cmuser/venv/cm'.format(python) + " " + EOL) - f.write('ENV PATH="/home/cmuser/venv/cm/bin:$PATH"' + EOL) + f.write('RUN {} -m venv $HOME/venv/cm'.format(python) + " " + EOL) + f.write('ENV PATH="$HOME/venv/cm/bin:$PATH"' + EOL) # f.write('RUN . /opt/venv/cm/bin/activate' + EOL) f.write( 'RUN {} -m pip install '.format(python) + @@ -299,7 +299,7 @@ def preprocess(i): f.write(EOL + '# Download CM repo for scripts' + EOL) if use_copy_repo: - docker_repo_dest = "/home/cmuser/CM/repos/mlcommons@mlperf-automations" + docker_repo_dest = "$HOME/CM/repos/mlcommons@mlperf-automations" f.write( f'COPY --chown=cmuser:cm {relative_repo_path} {docker_repo_dest}' + EOL) diff --git a/script/build-dockerfile/dockerinfo.json b/script/build-dockerfile/dockerinfo.json index df9c6c90a..5de5be3b8 100644 --- a/script/build-dockerfile/dockerinfo.json +++ b/script/build-dockerfile/dockerinfo.json @@ -23,7 +23,7 @@ "GID": "", "GROUP": "cm", "SHELL": "[\"/bin/bash\", \"-c\"]", - "WORKDIR": "/home/cmuser", + "WORKDIR": "$HOME", "distros": { "ubuntu": { "package-manager-update-cmd": "apt-get update -y", diff --git a/script/get-ml-model-rgat/_cm.yaml b/script/get-ml-model-rgat/_cm.yaml index 54e5c119c..27a7e39e2 100644 --- a/script/get-ml-model-rgat/_cm.yaml +++ b/script/get-ml-model-rgat/_cm.yaml @@ -7,7 +7,6 @@ docker: fake_run_deps: True env: CM_ML_MODEL: RGAT - CM_ML_MODEL_DATASET: ICBH input_mapping: checkpoint: RGAT_CHECKPOINT_PATH new_env_keys: diff --git a/script/run-docker-container/_cm.yaml b/script/run-docker-container/_cm.yaml index 8a04e5b43..253a48c91 100644 --- a/script/run-docker-container/_cm.yaml +++ b/script/run-docker-container/_cm.yaml @@ -17,6 +17,7 @@ default_env: CM_DOCKER_DETACHED_MODE: 'yes' CM_DOCKER_REUSE_EXISTING_CONTAINER: 'no' CM_DOCKER_PRIVILEGED_MODE: 'no' + CM_PODMAN_MAP_USER_ID: 'no' input_mapping: all_gpus: CM_DOCKER_ADD_ALL_GPUS From 26161e93dca11893dfd63e26db2e02a934a359dd Mon Sep 17 00:00:00 2001 From: mlcommons-bot Date: Sun, 29 Dec 2024 15:00:33 +0000 Subject: [PATCH 2/7] [Automated Commit] Format Codebase --- automation/script/module_misc.py | 2 +- script/build-dockerfile/customize.py | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/automation/script/module_misc.py b/automation/script/module_misc.py index 6f6ad0c48..505af8d8f 100644 --- a/automation/script/module_misc.py +++ b/automation/script/module_misc.py @@ -1903,7 +1903,7 @@ def docker(i): noregenerate_docker_file = i.get('docker_noregenerate', False) norecreate_docker_image = i.get('docker_norecreate', True) recreate_docker_image = i.get('docker_recreate', False) - if recreate_docker_image:#force recreate + if recreate_docker_image: # force recreate norecreate_docker_image = False if i.get('docker_skip_build', False): diff --git a/script/build-dockerfile/customize.py b/script/build-dockerfile/customize.py index dcb5f2ea6..d7dc981f0 100644 --- a/script/build-dockerfile/customize.py +++ b/script/build-dockerfile/customize.py @@ -250,7 +250,8 @@ def preprocess(i): docker_user = get_value(env, config, 'USER', 'CM_DOCKER_USER') docker_group = get_value(env, config, 'GROUP', 'CM_DOCKER_GROUP') - if docker_user and str(env.get('CM_DOCKER_USE_DEFAULT_USER', '')).lower() not in ["yes", "1", "true"]: + if docker_user and str(env.get('CM_DOCKER_USE_DEFAULT_USER', '')).lower() not in [ + "yes", "1", "true"]: f.write('RUN groupadd -g $GID -o ' + docker_group + EOL) From d1beb680e8188ff7bdf0b83d4e5ebdebeccdd13e Mon Sep 17 00:00:00 2001 From: Arjun Suresh Date: Sun, 29 Dec 2024 21:33:05 +0530 Subject: [PATCH 3/7] Fix dockerfile WORKDIR --- script/build-dockerfile/customize.py | 4 +++- script/build-dockerfile/dockerinfo.json | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/script/build-dockerfile/customize.py b/script/build-dockerfile/customize.py index d7dc981f0..a85d8cff6 100644 --- a/script/build-dockerfile/customize.py +++ b/script/build-dockerfile/customize.py @@ -273,8 +273,10 @@ def preprocess(i): for docker_env_key in dockerfile_env: dockerfile_env_input_string = dockerfile_env_input_string + " --env." + \ docker_env_key + "=" + str(dockerfile_env[docker_env_key]) + workdir = get_value(env, config, 'WORKDIR', 'CM_DOCKER_WORKDIR') - if workdir: + if workdir and ("/home/cmuser" not in workdir or str(env.get('CM_DOCKER_USE_DEFAULT_USER', '')).lower() not in [ + "yes", "1", "true"]): f.write('WORKDIR ' + workdir + EOL) f.write(EOL + '# Install python packages' + EOL) diff --git a/script/build-dockerfile/dockerinfo.json b/script/build-dockerfile/dockerinfo.json index 5de5be3b8..df9c6c90a 100644 --- a/script/build-dockerfile/dockerinfo.json +++ b/script/build-dockerfile/dockerinfo.json @@ -23,7 +23,7 @@ "GID": "", "GROUP": "cm", "SHELL": "[\"/bin/bash\", \"-c\"]", - "WORKDIR": "$HOME", + "WORKDIR": "/home/cmuser", "distros": { "ubuntu": { "package-manager-update-cmd": "apt-get update -y", From 553c24aae4eb3f4ce3df7e0ee4cfac8561979c7b Mon Sep 17 00:00:00 2001 From: Arjun Date: Sun, 29 Dec 2024 16:05:11 +0000 Subject: [PATCH 4/7] Fixes for podman in build-dockerfile --- script/build-dockerfile/_cm.yaml | 5 +++++ script/build-dockerfile/customize.py | 6 ++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/script/build-dockerfile/_cm.yaml b/script/build-dockerfile/_cm.yaml index f54d3a216..9f91c0775 100644 --- a/script/build-dockerfile/_cm.yaml +++ b/script/build-dockerfile/_cm.yaml @@ -57,6 +57,11 @@ input_mapping: new_env_keys: - CM_DOCKERFILE_* +deps: + - tags: get,docker + names: + - docker + post_deps: - enable_if_env: CM_BUILD_DOCKER_IMAGE: diff --git a/script/build-dockerfile/customize.py b/script/build-dockerfile/customize.py index a85d8cff6..d10415340 100644 --- a/script/build-dockerfile/customize.py +++ b/script/build-dockerfile/customize.py @@ -250,8 +250,10 @@ def preprocess(i): docker_user = get_value(env, config, 'USER', 'CM_DOCKER_USER') docker_group = get_value(env, config, 'GROUP', 'CM_DOCKER_GROUP') - if docker_user and str(env.get('CM_DOCKER_USE_DEFAULT_USER', '')).lower() not in [ - "yes", "1", "true"]: + if env.get('CM_CONTAINER_TOOL', '') == 'podman' and env.get('CM_DOCKER_USE_DEFAULT_USER', '') == '': + env['CM_DOCKER_USE_DEFAULT_USER'] = 'yes' + + if docker_user and str(env.get('CM_DOCKER_USE_DEFAULT_USER', '')).lower() not in ["yes", "1", "true"]: f.write('RUN groupadd -g $GID -o ' + docker_group + EOL) From 19258addfd8f4fbcc05cf6aafac1da30cf55072c Mon Sep 17 00:00:00 2001 From: mlcommons-bot Date: Sun, 29 Dec 2024 16:05:48 +0000 Subject: [PATCH 5/7] [Automated Commit] Format Codebase --- script/build-dockerfile/customize.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/script/build-dockerfile/customize.py b/script/build-dockerfile/customize.py index d10415340..6991692c5 100644 --- a/script/build-dockerfile/customize.py +++ b/script/build-dockerfile/customize.py @@ -250,10 +250,12 @@ def preprocess(i): docker_user = get_value(env, config, 'USER', 'CM_DOCKER_USER') docker_group = get_value(env, config, 'GROUP', 'CM_DOCKER_GROUP') - if env.get('CM_CONTAINER_TOOL', '') == 'podman' and env.get('CM_DOCKER_USE_DEFAULT_USER', '') == '': + if env.get('CM_CONTAINER_TOOL', '') == 'podman' and env.get( + 'CM_DOCKER_USE_DEFAULT_USER', '') == '': env['CM_DOCKER_USE_DEFAULT_USER'] = 'yes' - if docker_user and str(env.get('CM_DOCKER_USE_DEFAULT_USER', '')).lower() not in ["yes", "1", "true"]: + if docker_user and str(env.get('CM_DOCKER_USE_DEFAULT_USER', '')).lower() not in [ + "yes", "1", "true"]: f.write('RUN groupadd -g $GID -o ' + docker_group + EOL) From 42c3a90d600163b238df23434af6b09b5a4a650e Mon Sep 17 00:00:00 2001 From: Arjun Suresh Date: Sun, 29 Dec 2024 21:37:18 +0530 Subject: [PATCH 6/7] Fix dockerfile WORKDIR --- script/build-dockerfile/customize.py | 1 + 1 file changed, 1 insertion(+) diff --git a/script/build-dockerfile/customize.py b/script/build-dockerfile/customize.py index 6991692c5..98c404b2f 100644 --- a/script/build-dockerfile/customize.py +++ b/script/build-dockerfile/customize.py @@ -291,6 +291,7 @@ def preprocess(i): f.write('RUN {} -m venv $HOME/venv/cm'.format(python) + " " + EOL) f.write('ENV PATH="$HOME/venv/cm/bin:$PATH"' + EOL) # f.write('RUN . /opt/venv/cm/bin/activate' + EOL) + f.write( 'RUN {} -m pip install '.format(python) + " ".join( From 9a5240f1e3b643e3274ff46bbc263dda896eda40 Mon Sep 17 00:00:00 2001 From: Arjun Suresh Date: Sun, 29 Dec 2024 21:46:12 +0530 Subject: [PATCH 7/7] Explicitly set user home in dockerfile --- script/build-dockerfile/customize.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/script/build-dockerfile/customize.py b/script/build-dockerfile/customize.py index 98c404b2f..d6dbd061e 100644 --- a/script/build-dockerfile/customize.py +++ b/script/build-dockerfile/customize.py @@ -271,6 +271,10 @@ def preprocess(i): ' ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers' + EOL) f.write('USER ' + docker_user + ":" + docker_group + EOL) + f.write('ENV HOME=/home/cmuser' + EOL) + + else: + f.write('ENV HOME=/root' + EOL) dockerfile_env = env.get('CM_DOCKERFILE_ENV', {}) dockerfile_env_input_string = ""