Docker and NVIDIA-docker on your workstation: Using Graphical Applications
Written on March 21, 2017 by Dr Donald Kinghorn
This is my fourth post about "Docker and NVIDIA-Docker on your Workstation". In this post I will go through how to attach your X server display to a Docker container so that you can run application that have GUIs or other graphical display output.
It is assumed that you have already installed the host OS, Docker-Engine, and NVIDIA-Docker as described in the "installation post". I also highly recommend that you have setup Docker to use Kernel User-Namespaces.
Here is a list of the first three posts in this series for reference,
I recommend that you do not use X-Window with your Docker containers unless you have configured Docker with User-Namespaces as I have outlined in previous posts. If you do this then you are using X-Window with Docker as your normal log-in user account rather than as root.
How to Run a GUI application from a Docker Container
The most common use of Docker is for servers and other "command-line" applications. What if you want to run an application that needs your desktop display? You can do this. The relevant Docker command flags are,
The flag -v /tmp/.X11-unix:/tmp/.X11-unix gives the container access to your X socket and -e DISPLAY=$DISPLAY sets the DISPLAY environment variable in the container the same as that of your desktop.
Note: You can add sound capability to a container with --device /dev/snd
Security: I believe that using X-Window with Docker in this way is as secure as if you were running any X-Window application with your normal user account. The reason for this is, if you are running Docker configured with User-Namespaces the way I have outlined then you are running with your normal user account from the perspective of the host!
Example: Compile and run CUDA nbody with OpenGL display output
This example is the kind of thing that I really wanted to be able to do easily with a Docker container. I'll start with the default NVIDIA CUDA 8 image and add the "freeglut3-dev" package to pull the needed dependencies into the container. Then compile nbody in the container and run it with openGL display output.
I have created a directory docker/cuda8 in my home directory and added put the CUDA "samples" source there. I will use this directory in the container.
Start the container
cdto the nbody source directory and try to runmake
No GL lib and a lot of other missing libs so lets install "freeglut3-dev" which will pull the dependencies we need.
Note: That will add a lot of packages to the image! They will add as a new "layer". We will save this modified container to a new image later.
Try
makeagain
Now run
nbody
You should be greeted with something like this;
That is screenshot of the running nbody application using the GPU for CUDA acceleration and using your X display to show the openGL output. ... From a Docker container!
How to Save a Modified Container to a new Image
We just made a significant modification to the container we started from the default NVIDIA cuda8-dev image. This will persist as long as we don't remove the container. You can exit from the container and then re-start it and all of your changes will still be there. However, adding the openGL support to the container is a useful thing so saving that as a new image so you (and others) could create new containers from it is a reasonable thing to do.
There are a couple of ways to save your modified container as a new image. I'll show you how to use commit. In a later post I'll go through how to create a Dockerfile and use that to build a new image with the same changes that we apply in the container.
Using docker commit
If you are still connected to the modified container go ahead and exit, then run docker ps -a which will output something like,
Make note of the container ID. In this case it is 9fc3da506758. To save this as a new image do,
That will output a sha256 ID for the new image and save it to your image directory with the new name. Do docker images and you should see your saved image. For example,
Note You can add tags then you commit an image. I could have used something like docker commit 9fc3da506758 cuda8-dev:opengl. Tags are usually used for versioning but you can use naming schemes to suit your taste.
Note You only need to use enough characters from the ID hash to uniquely identify the container or image. For example using 9fc for the example container above would be sufficient.
You can now remove the old modified container with docker rm 9fc You can verify that the container was remove with docker ps -a
To start a new container with the new image we committed do
That is just scratching the surface of what you can do! It is possible to run many GUI applications including application that use GPU compute acceleration.
I think it is good to keep something in mind when you start playing around with running GUI applications with Docker -- Just because you can do something doesn't mean that you should do it! You could get carried away trying to run all of your normal desktop application in containers, but why would you want to do that? The idea here is to have a good "Single-User-Docker-Workstation" that you can use wisely to manage application environments that could be problematic or complex to setup otherwise.
Happy computing --dbk