Skip to content

Instantly share code, notes, and snippets.

@theonlyfoxy

theonlyfoxy/vscode-devcontainer-podman-nvidia-silverblue.md

Last active April 3, 2024 03:38
Show Gist options
  • Save theonlyfoxy/d7a3d8e90493a00faaef1cbd782da196 to your computer and use it in GitHub Desktop.
Save theonlyfoxy/d7a3d8e90493a00faaef1cbd782da196 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
vscode-devcontainer-podman-nvidia-silverblue.md

Using VSCode Flatpak to launch DevContainers Using Podman with Support for Nvidia CUDA and VSCode's "Container Features" In SilverBlue.

Note: This Setup Works for Machine Learning and GPU Acceleration in Containers

Setup

Make Sure you have rebased to UBlue-Nvidia.

Install Visual Studio Code

Install Visual Studio Code and a Podman tool

~ flatpak --user install flathub com.visualstudio.code

Override Flatpak to allow /tmp access

*Required for Container Build.

flatpak override --user --filesystem=/tmp com.visualstudio.code

NVIDIA CDI Generation

*Required for CUDA Support.

sudo nvidia-ctk cdi generate --output=/etc/cdi/nvidia.yaml
sudo chmod a+r /etc/cdi/nvidia.yaml

Podman Access inside Flatpak

Being in a Flatpak, we will need access to host's podman (or docker) to be able to use the containers. Place this in your ~/.local/bin/podman-host

#!/bin/bash
# Privileged and Security-Opt Disable are needed for SELinux 
# to allow Workspace Read-Write Permission and Building DevContainer Features.

set -x
if [ "$1" == "exec" ]; then
  # Remove 'exec' from $@
  shift
  script='
    result_command="podman exec"
    for i in $(printenv | grep "=" | grep -Ev " |\"" |
        grep -Ev "^(HOST|HOSTNAME|HOME|PATH|SHELL|USER|_)"); do
      result_command=$result_command --env="$i"
    done
    exec ${result_command} "$@"
  '
  exec flatpak-spawn --host sh -c "$script" - "$@"
elif [[ "$1" == "run"* ]]; then
  # Remove 'run' from $@
  shift
  #exec flatpak-spawn --host podman run --privileged "$@"
  exec flatpak-spawn --host podman run --runtime crun --hooks-dir "" --device nvidia.com/gpu=all --privileged "$@"
elif [[ "$1" == "start"* ]]; then
  # Remove 'start' from $@
  shift
  exec flatpak-spawn --host podman start --runtime crun --hooks-dir "" "$@"
elif [[ "$1" == "buildx" && "$2" == "build" ]]; then
  # Remove 'buildx build' from $@
  shift 2
  exec flatpak-spawn --host podman build --security-opt label=disable "$@"
else
  exec flatpak-spawn --host podman "$@"
fi

and make it executable: chmod +x ~/.local/bin/podman-host.

Open VSCode settings (Ctrl+,) and head to Remote>Containers>Docker Path and set it to the path of podman-exec, like in the example

image

This will give a way to execute host's container manager from within the flatpak app.

Podman Short-Name Conflict

Place this in your ~/.config/containers/registries.conf

unqualified-search-registries = [ "docker.io", "quay.io", "registry.fedoraproject.org", "registry.access.redhat.com"]
short-name-mode="disabled"

Finalizing

Your devcontainers configurations should work out of the box without any modification now!

Note

For some official VSCode devcontainers, you may need to append additional config.

{
"remoteUser": "root",
"containerUser": "vscode",
}

Bonus

Here is a fully functional devcontainer example. It includes USB-Passthrough, GPU-Passthrough, X11 Integration, VNC Integration and set of extensions for Embedded Development.

Troubleshoot

...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment