VirtualGL in a container

Hello,

I want to use VirtualGL inside a headless container (running on a remote server) and access it via VNC. I installed VirtualGL in a Centos container, configured using ‘/opt/VirtualGL/bin/vglserver_config’ and started a vnc session. Unfortunately, I get an error when trying to start glxgears

$ vglrun glxgears
[VGL] ERROR: Could not open display :0.

I can access the gpu inside the container,

$ nvidia-smi 
Fri Nov 22 05:21:54 2019       
+-----------------------------------------------------------------------------+
| NVIDIA-SMI 440.31       Driver Version: 440.31       CUDA Version: 10.2     |
|-------------------------------+----------------------+----------------------+
| GPU  Name        Persistence-M| Bus-Id        Disp.A | Volatile Uncorr. ECC |
| Fan  Temp  Perf  Pwr:Usage/Cap|         Memory-Usage | GPU-Util  Compute M. |
|===============================+======================+======================|
|   0  Quadro P2000        Off  | 00000000:82:00.0 Off |                  N/A |
| 79%   46C    P0    19W /  75W |      0MiB /  5059MiB |      1%      Default |
+-------------------------------+----------------------+----------------------+
                                                                               
+-----------------------------------------------------------------------------+
| Processes:                                                       GPU Memory |
|  GPU       PID   Type   Process name                             Usage      |
|=============================================================================|
|  No running processes found                                                 |
+-----------------------------------------------------------------------------+

The configuration log is as follows

# /opt/VirtualGL/bin/vglserver_config

1) Configure server for use with VirtualGL
2) Unconfigure server for use with VirtualGL
X) Exit

Choose:
1

Restrict 3D X server access to vglusers group (recommended)?
[Y/n]


Restrict framebuffer device access to vglusers group (recommended)?
[Y/n]


Disable XTEST extension (recommended)?
[Y/n]

... Creating vglusers group ...
groupadd: group 'vglusers' already exists
Could not add vglusers group (probably because it already exists.)
... Creating /etc/opt/VirtualGL/ ...
... Granting read permission to /etc/opt/VirtualGL/ for vglusers group ...
... Modifying /etc/security/console.perms to disable automatic permissions
    for DRI devices ...
... Creating /etc/modprobe.d/virtualgl.conf to set requested permissions for
    /dev/nvidia* ...
... Attempting to remove nvidia module from memory so device permissions
    will be reloaded ...
rmmod: ERROR: Module nvidia is in use by: nvidia_uvm nvidia_modeset
... Granting write permission to /dev/nvidia-uvm /dev/nvidia-uvm-tools /dev/nvidia0 /dev/nvidiactl for vglusers group ...
chmod: changing permissions of '/dev/nvidia-uvm': Read-only file system
chmod: changing permissions of '/dev/nvidia-uvm-tools': Read-only file system
chmod: changing permissions of '/dev/nvidiactl': Read-only file system
chown: changing ownership of '/dev/nvidia-uvm': Read-only file system
chown: changing ownership of '/dev/nvidia-uvm-tools': Read-only file system
chown: changing ownership of '/dev/nvidiactl': Read-only file system
... Granting write permission to /dev/dri/card0 for vglusers group ...
... Modifying /etc/X11/xorg.conf.d/99-virtualgl-dri to enable DRI permissions
    for vglusers group ...
... Modifying /etc/X11/xorg.conf to enable DRI permissions
    for vglusers group ...
... Adding vglgenkey to /etc/gdm/Init/Default script ...
... Creating /usr/share/gdm/greeter/autostart/virtualgl.desktop ...
... Disabling XTEST extension in /etc/gdm/custom.conf ...
... Setting default run level to 5 (enabling graphical login prompt) ...
... Commenting out DisallowTCP line (if it exists) in /etc/gdm/custom.conf ...

Done. You must restart the display manager for the changes to take effect.

IMPORTANT NOTE: Your system uses modprobe.d to set device permissions. You
must execute rmmod nvidia with the display manager stopped in order for the
new device permission settings to become effective.

I dont have any display manager running inside the container. How can i get VirtualGL running in an lxd container?

Thanks

1 Like

I have VirtualGL running on the host which is running lightdm. I checked it using,

$vglconnect -s user@server
$ VGL_LOGO=1 vglrun +v glxinfo|head -10
[VGL] NOTICE: Added /usr/lib to LD_LIBRARY_PATH
[VGL] Shared memory segment ID for vglconfig: 10
[VGL] VirtualGL v2.6.2 64-bit (Build 20190603)
[VGL] Opening connection to 3D X server :0
[VGL] Using Pbuffers for rendering
name of display: localhost:10.0
display: localhost:10  screen: 0
direct rendering: Yes
server glx vendor string: VirtualGL
server glx version string: 1.4
server glx extensions:
    GLX_ARB_create_context, GLX_ARB_create_context_profile, 
    GLX_ARB_create_context_robustness, GLX_ARB_fbconfig_float, 
    GLX_ARB_get_proc_address, GLX_ARB_multisample, GLX_EXT_framebuffer_sRGB,

The container is defined as:

lxc config show plex
architecture: x86_64
config:
  image.architecture: amd64
  image.description: Archlinux current amd64 (20190914_04:18)
  image.os: Archlinux
  image.release: current
  image.serial: "20190914_04:18"
  image.type: squashfs
  nvidia.runtime: "true"
  raw.idmap: |
    uid 816 816
    gid 816 816
  volatile.eth0.name: eth0
  volatile.idmap.base: "0"
  volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":816},{"Isuid":true,"Isgid":false,"Hostid":816,"Nsid":816,"Maprange":1},{"Isuid":true,"Isgid":false,"Hostid":1000817,"Nsid":817,"Maprange":999999183},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":816},{"Isuid":false,"Isgid":true,"Hostid":816,"Nsid":816,"Maprange":1},{"Isuid":false,"Isgid":true,"Hostid":1000817,"Nsid":817,"Maprange":999999183}]'
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":816},{"Isuid":true,"Isgid":false,"Hostid":816,"Nsid":816,"Maprange":1},{"Isuid":true,"Isgid":false,"Hostid":1000817,"Nsid":817,"Maprange":999999183},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":816},{"Isuid":false,"Isgid":true,"Hostid":816,"Nsid":816,"Maprange":1},{"Isuid":false,"Isgid":true,"Hostid":1000817,"Nsid":817,"Maprange":999999183}]'
  volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":816},{"Isuid":true,"Isgid":false,"Hostid":816,"Nsid":816,"Maprange":1},{"Isuid":true,"Isgid":false,"Hostid":1000817,"Nsid":817,"Maprange":999999183},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":816},{"Isuid":false,"Isgid":true,"Hostid":816,"Nsid":816,"Maprange":1},{"Isuid":false,"Isgid":true,"Hostid":1000817,"Nsid":817,"Maprange":999999183}]'
  volatile.last_state.power: STOPPED
devices:
  gpu:
    type: gpu
ephemeral: false
profiles:
- default
stateful: false
description: ""

Unfortunately, it does not start with nvidia.runtime: “true” anymore. It used to start before i had setup VirtualGL. On turning off the nvidia.runtime, the container does show the output of nvidia-smi.

I started from scratch and setup a new container whose config looks like so,

$ lxc config show sim1
architecture: x86_64
config:
  environment.DISPLAY: :0
  image.architecture: amd64
  image.description: Archlinux current amd64 (20191208_04:18)
  image.os: Archlinux
  image.release: current
  image.serial: "20191208_04:18"
  image.type: squashfs
  raw.idmap: |
    uid 1001 1001
    gid 100 100
    gid 1002 1002
  security.privileged: "true"
  volatile.base_image: bc145aae1ed946126064bf95758a31a3ae9672327643b4bed026a25c6c82eeef
  volatile.eth0.name: eth0
  volatile.idmap.base: "0"
  volatile.idmap.current: '[]'
  volatile.idmap.next: '[]'
  volatile.last_state.idmap: '[]'
  volatile.last_state.power: RUNNING
devices:
  Xauthority:
    path: /home/user/.Xauthority
    source: /home/user/.Xauthority
    type: disk
  eth0:
    nictype: bridged
    parent: vlan300br
    type: nic
  mygpu:
    productid: 1d01
    type: gpu
    vendorid: 10de
  vglxauthkey:
    path: /etc/opt/VirtualGL
    source: /etc/opt/VirtualGL
    type: disk
  x11:
    path: /mnt/x11
    source: /tmp/.X11-unix
    type: disk
ephemeral: false
profiles:
- default
stateful: false
description: ""

I have the /tmp/.X11-unix/X0 and /home/use/.Xauthority matching the host,

$ ls -la /tmp/.X11-unix/X0 
srwxrwxrwx 1 root root 0 Dec  8 21:21 /tmp/.X11-unix/X0
$ lxc exec sim1 -- ls -la /tmp/.X11-unix/X0 
srwxrwxrwx 1 root root 0 Dec  8 21:21 /tmp/.X11-unix/X0


$ lxc exec sim1 -- ls -la /home/user/.Xauthority 
-rw------- 0 user users 488 Dec  8 21:25 /home/user/.Xauthority
$ ls -la /home/user/.Xauthority 
-rw------- 1 user users 488 Dec  8 22:04 /home/user/.Xauthority

However if i try to connect via ssh or vglconnect my xauth is not accepted.

$ vglconnect -s user@172.16.3.131

VirtualGL Client 64-bit v2.5.2 (Build 20191122)
vglclient is already running on this X display and accepting SSL
   connections on port 4243.
vglclient is already running on this X display and accepting unencrypted
   connections on port 4242.

Making preliminary SSH connection to find a free port on the server ...
Making final SSH connection ...
/usr/bin/xauth:  unable to rename authority file /home/user/.Xauthority, use /home/user/.Xauthority-n

$ ssh -X -Y  user@172.16.3.131
Last login: Sun Dec  8 22:05:08 2019 from 172.16.1.28
/usr/bin/xauth:  unable to rename authority file /home/user/.Xauthority, use /home/user/.Xauthority-n

How can i make the container accept my xauth?