Preparing for Using Docker Containers
www.nvidia.com
NVIDIA DGX-1 DU-08033-001 _v13.1|23
1.
Open the docker-override.conf file for editing.
$ sudo vi /etc/systemd/system/docker.service.d/docker-override.conf
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H fd:// -s overlay2 --disable-legacy-
registry=false
LimitMEMLOCK=infinity
LimitSTACK=67108864
2.
Make the changes indicated in bold below, setting the correct bridge IP address and
IP address ranges for your network. Consult your IT administrator for the correct
addresses.
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H fd:// -s overlay2 --bip=192.168.127.1/24
--fixed-cidr=192.168.127.128/25
--disable-legacy-registry=false
LimitMEMLOCK=infinity
LimitSTACK=67108864
Save and close the /etc/systemd/system/docker.service.d/docker-
override.conf file when done.
3.
Reload the systemctl daemon.
$ sudo systemctl daemon-reload
4.
Restart Docker.
$ sudo systemctl restart docker
3.3.Letting Users Issue Docker Commands
To prevent the docker daemon from running without protection against escalation of
privileges, the NVIDIA Docker software requires sudo privileges to run containers.
You can grant the required privileges to users who will run containers on the DGX-1 in
one of the following ways:
‣
Add each user as an administrator user with sudo privileges.
‣
Add each user as a standard user without sudo privileges and then add the user to
the docker group.
This section provides instructions for adding users to the docker group.
WARNING: Only add users to the docker group whom you would trust with root
privilege. These instructions make it more convenient for users to access Docker
containers; however, the resulting docker group is equivalent to the root user,
because once a user is able to send commands to the Docker engine, they are able to
escalate privilege and run root level operations. This may violate your organization's
security policies. See the Docker Daemon Attack Surface for information on how this
To Next Page
Loading...
Need help?
General
