Collecting data within a Docker The following information assumes the reader is knowledgeable regarding Docker containers. For further information about Docker use in general, see the Docker documentation.
Enable Docker Collection
When starting the Docker to perform a Nsight Systems collection,
additional steps are required to enable the perf_event_open
system call. This
is required in order to utilize the Linux kernel’s perf subsystem which provides
sampling information to Nsight Systems.
There are two ways to enable the perf_event_open
syscall. You can enable it by
using the --privileged=true switch or you can enable it by setting the seccomp
security profile if your system meets the requirements.
Secure computing mode (seccomp) is a feature of the Linux kernel that can be used to restrict an application's access. This feature is available only if the kernel is enabled with seccomp support. To check for seccomp support:
$ grep CONFIG_SECCOMP= /boot/config-$(uname -r)
The official Docker documentation says, "Seccomp profiles require seccomp 2.2.1 which is not available on Ubuntu 14.04, Debian Wheezy, or Debian Jessie. To use seccomp on these distributions, you must download the latest static Linux binaries (rather than packages)."
Download the default seccomp profile file, default.json, relevant to your Docker
version. If perf_event_open
is already listed in the file as guarded by
CAP_SYS_ADMIN
, then remove the perf_event_open
line. Add the following lines
under "syscalls" and save the resulting file as default_with_perf.json
.
{ "name": "perf_event_open", "action": "SCMP_ACT_ALLOW", "args": [] },
Then you will be able to use the following switch when starting the Docker to apply the new seccomp profile.
--security-opt seccomp=default_with_perf.json
Launch Docker Collection
Here is an example command that has been used to launch a Docker for testing with Nsight Systems:
sudo nvidia-docker run --network=host --security-opt seccomp=default_with_perf.json --rm -ti caffe-demo2 bash
There is a known issue where Docker collections terminate prematurely with older versions of the driver and the CUDA toolkit. If collection is ending unexpectedly, please update to the latest versions.
After the Docker has been started, use the Nsight Systems CLI to launch a collection within the Docker. The resulting .qdstrm file can be imported into the Nsight Systems host like any other CLI result.
Copyright (c) 2012-2019, NVIDIA Corporation. All rights reserved.