windows
windows copied to clipboard
dockur
GPU Passthrough
Hey, would like to know if this container is capable of passing through a gpu to the vm inside the container. I have looked into the upstream docker container qemus/qemu-docker, which seems to have some logic to work with gpu passthrough, though some documentation for this here would be great, if it is possible.
I also tried to connect to the container using virtual machine manager, but unfortunately i wasnt able to connect to it. Any idea why?
To pass-through your Intel iGPU, add the following lines to your compose file:
environment:
GPU: "Y"
devices:
- /dev/dri
However, this feature is mainly so that you can transcode video files in Linux using hardware acceleration. I do not know if it also works as a Display Adaptor (for accelerating the desktop) and I never tried it in Windows, so it might not work at all. But if you want to test it, go ahead!
I don't know what you mean by Virtual Machine Manager? If you mean the package that Synology provides on NAS, then that seems normal, as it only connects to its own VM's, not any random QEMU VM. See also my other project: https://github.com/vdsm/virtual-dsm for running Synology DSM in Docker. If you mean something else, then please provide some more details about what you were trying to do.
I meant this project https://virt-manager.org/ though it requires ssh on the client (in this case the windows-in-docker container) to connect to it.
Also, i dont have an intel gpu, just an amd igpu and an nvidia dgpu. I thought maybe it would be possible to passthrough the nvidia one so it could be used as an output device
You can SSH to the container, if you do something like:
environment:
HOST_PORTS: "22"
ports:
- 22:22
But I have no experience with Virt-Manager, so I cannot say if that works. I assume not, because it seems related to libvirt and virsh. And my container uses QEMU directly, without any help of virsh.
As for the nVidia GPU, I am sure it is possible to do it. But its kinda complicated because it needs two pass through both Docker and QEMU. Unfortunately I don't have any nVidia or AMD gpu myself, so someone else has to submit the code, because I have no way to test it.
Hm, i already tried forwording port 22, but i couldnt connect to the container with ssh. It seems to me like openssh-server is missing, but even then it doesnt work somehow.
If you could give me some information on how i would get started to passthrough an nvidia gpu, i could try it myself and provide the code afterwards
The container forwards all the traffic to the VM, and Windows does not respond on port 22.
So this HOST_PORTS: "22" is really important to prevent the container from forwarding that port to Windows. Just ports: - 22:22 is not enough in this case. You can get a bash shell via Docker into the container, and run something like apt-get install openssh-server if needed. But I am not sure if its worth the effort as most like virt-manager will not be able to find virsh even if port 22 is open.
As for getting the passthrough to work: you can add additional QEMU parameters via the ARGUMENTS= variable. So I would Google for terms like QEMU+NVidia+passthrough and see if you can find the correct parameters. Then put them in ARGUMENTS and see what effect they have until you discover the correct ones.
Any advice on passing through an nvidia gpu?
i can test tommorow but it should be for Unraid
in extra params: --runtime=nvidia
new VariableName: Nvidia GPU UUID and Key: NVIDIA_VISIBLE_DEVICES and Value: all <--- or if you have more than one NVidia GPU the GPU UUID
To pass-through your Intel iGPU, add the following lines to your compose file:
environment: GPU: "Y" devices: - /dev/driHowever, this feature is mainly so that you can transcode video files in Linux using hardware acceleration. I do not know if it also works as a Display Adaptor (for accelerating the desktop) and I never tried it in Windows, so it might not work at all. But if you want to test it, go ahead!
I don't know what you mean by Virtual Machine Manager? If you mean the package that Synology provides on NAS, then that seems normal, as it only connects to its own VM's, not any random QEMU VM. See also my other project: https://github.com/vdsm/virtual-dsm for running Synology DSM in Docker. If you mean something else, then please provide some more details about what you were trying to do.
not working with Unraid.
extra Param: --device='/dev/dri' <--- does not work
AND
new device: /dev/dri/
Any advice on passing through an nvidia gpu?
i can test tommorow but it should be for Unraid
in extra params: --runtime=nvidia
new VariableName: Nvidia GPU UUID and Key: NVIDIA_VISIBLE_DEVICES and Value: all <--- or if you have more than one NVidia GPU the GPU UUID
I think this only passes the nvidia gpu capabilities to the container, not to the vm, but i might be wrong
Any advice on passing through an nvidia gpu?
i can test tommorow but it should be for Unraid in extra params: --runtime=nvidia new VariableName: Nvidia GPU UUID and Key: NVIDIA_VISIBLE_DEVICES and Value: all <--- or if you have more than one NVidia GPU the GPU UUID
I think this only passes the nvidia gpu capabilities to the container, not to the vm, but i might be wrong
That's correct. Tried this now and my VM does not see the GPU. It works fine for containers like Plex etc, so it must be something in the "link" between the docker-container and vm.
To pass-through your Intel iGPU, add the following lines to your compose file:
environment: GPU: "Y" devices: - /dev/driHowever, this feature is mainly so that you can transcode video files in Linux using hardware acceleration. I do not know if it also works as a Display Adaptor (for accelerating the desktop) and I never tried it in Windows, so it might not work at all. But if you want to test it, go ahead! I don't know what you mean by Virtual Machine Manager? If you mean the package that Synology provides on NAS, then that seems normal, as it only connects to its own VM's, not any random QEMU VM. See also my other project: https://github.com/vdsm/virtual-dsm for running Synology DSM in Docker. If you mean something else, then please provide some more details about what you were trying to do.
not working with Unraid.
extra Param: --device='/dev/dri' <--- does not work
AND
new device: /dev/dri/
Almost there (nor not).
Using unraid with a Intel iGPU (13g Intel UDH770), modifying the template to include 2 new entries (device and variable).
Apparently, everything is detected and drivers installed.
Inside the VM nothing is detected or showing indications
Can you help with the next step (if possible) ?
It totally depends on what you are trying to achieve. In the screenshot I see the GPU adapter in Windows device manager, so that means it works and everything is okay.
Its a virtual graphic cards that can be used for hardware acceleration when encoding video formats for example, or running certain calculations. All these tasks will be performed by your Intel GPU through this virtual device.
But if your goal is to use the HDMI display out to connect a monitor, I do not think this graphics card is fit for that purpose. So it all depends on what you are trying to do?
It totally depends on what you are trying to achieve. In the screenshot I see the GPU adapter in Windows device manager, so that means it works and everything is okay.
Its a virtual graphic cards that can be used for hardware acceleration when encoding video formats for example, or running certain calculations. All these tasks will be performed by your Intel GPU through this virtual device.
But if your goal is to use the HDMI display out to connect a monitor, I do not think this graphics card is fit for that purpose. So it all depends on what you are trying to do?
i gues.. he is right.. iam in steam link right now... downloading a small game and test it out.. Intel IGPU 13700k. I test it with Pacify it should run fine.
i stream from my Unraid server to my Iphone 15pro max over wifi 5
so No the Game needs a DirectX Device which is not installed :D
@domrockt Its possible that this "GPU DOD" device has no DirectX. QEMU supports many different video devices, and this device is for transcoding videos, so obviously we need to tell QEMU to create a different device that is more suitable for gaming.
I will see if I can fix it, but its a bit low on my priority-list so if somebody else has the time to figure out how to do it in QEMU it would be appreciated.
@domrockt Its possible that this "GPU DOD" device has no DirectX. QEMU supports many different video devices, and this device is for transcoding videos, so obviously we need to tell QEMU to create a different device that is more suitable for gaming.
I will see if I can fix it, but its a bit low on my priority-list so if somebody else has the time to figure out how to do it in QEMU it would be appreciated.
i gues this one https://github.com/virtio-win/kvm-guest-drivers-windows but ths is my wits end :D for now.
It totally depends on what you are trying to achieve. In the screenshot I see the GPU adapter in Windows device manager, so that means it works and everything is okay.
Its a virtual graphic cards that can be used for hardware acceleration when encoding video formats for example, or running certain calculations. All these tasks will be performed by your Intel GPU through this virtual device.
But if your goal is to use the HDMI display out to connect a monitor, I do not think this graphics card is fit for that purpose. So it all depends on what you are trying to do?
It's not possible to use any type of acceleration (ex: youtube, decode/encode files, ... ) inside the VM, and zero activity detected by host side.
Apparently, the VM is working the same way... and nothing is different with or without iGPU passthrough.
I know for certain that it works in Linux guests, as I use the same code in my other project ( https://github.com/vdsm/virtual-dsm ) where the GPU is used for accelerating facial recognition in photos, etc.
I never tried it in a Windows guest, so its possible that it does not work there (or needs special drivers to be installed). I created this container only one day ago, and even much less advanced features (like an audio device for sound) are not even implemented yet. So its better to focus first on getting the basics finished, and the very complicated/advanced stuff like GPU acceleration will be one of the last things on the list, sorry.
I know for certain that it works in Linux guests, as I use the same code in my other project ( https://github.com/vdsm/virtual-dsm ) where the GPU is used for accelerating facial recognition in photos, etc.
I never tried it in a Windows guest, so its possible that it does not work there (or needs special drivers to be installed). I created this container only one day ago, and even much less advanced features (like an audio device for sound) are not even implemented yet. So its better to focus first on getting the basics finished, and the very complicated/advanced stuff like GPU acceleration will be one of the last things on the list, sorry.
I also use passthrough in several other containers (plex, jellyfin, frigate,...). Being able to achieve in this container can be big/great thing (applications design to only work with windows) . Sharing the iGPU with containers and not dedicating to a single VM can be a very economical, versatile and power efficient approach.
Looking forward to hearing from you in the future on this matter.
Despite this "issue", thanks for your hard work. 👍
I know for certain that it works in Linux guests, as I use the same code in my other project ( https://github.com/vdsm/virtual-dsm ) where the GPU is used for accelerating facial recognition in photos, etc.
I never tried it in a Windows guest, so its possible that it does not work there (or needs special drivers to be installed). I created this container only one day ago, and even much less advanced features (like an audio device for sound) are not even implemented yet. So its better to focus first on getting the basics finished, and the very complicated/advanced stuff like GPU acceleration will be one of the last things on the list, sorry.
Is definitely reasonable. Appreciate your hard work
I did some investigation and it seems its possible to have DirectX in a Windows Guest by using the virtio-gpu-gl display device and the experimental drivers from this topic: https://github.com/virtio-win/kvm-guest-drivers-windows/pull/943 .
The other option is PCI passthrough, but it is less nice in the sense that it requires exclusive access to the device, so you cannot use the same device for multiple containers. And its very complicated to support, because depending on the generation of the iGPU you will need to use different methods, for example SR-IOV for very recent Intel XE graphics, iGVT-g for others, etc. It will be impossible to add a short and universal set of instructions that will work for most graphics card to the FAQ.
If you use windows 7 as the guest and rdp into the container from a windows 7 machine that has aero enabled, you get aero glass effects in the vm, not sure if it accelerates anything else other than the desktop experience though
I have to say that i was intrigued by the idea to run this container as a windows game streaming server and pass my Nvidia GPU through to the VM.... but looking through this and the qemus/qemu-docker project i understand that it would be a huge project :)
I'll probably find some other use case for this tho :D
So using this project as game streaming server is not possible? Is there any other alternative game streaming that is hosted in docker?
Not that I know of, my plan was to have a windows VM on my server that could run all the games my linux PC can't, but Nvidia and docker is not a fun project :-/ I don't know how to pass an Nvidia card through to a container without an extra nvidia-toolkit container as a layer in-between.
At least that's my guess :-) I could look in to it a bit more, if the container can access the GPU qemu should be able to use it with some modification I guess
@kieeps - Maybe I can be of help... :) I got the NVIDIA-Toolkit running on my server, so I can use some AI-Stuff. Maybe you checkout the docs for that see https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/install-guide.html so you don't need an extra container inbetween. If you could check that out, that would be great, cause I am considering to do the same, but I am busy tonight with another project... :)
@tarunx - Maybe try out using KasmVNC - they have a SteamContainer so it might be possible...
passing a GPU through to Qemu is quite the process, in a container just adds an extra layer of issues. Typically you have to enable vfio_pci and iommu for your cpu type in the kernel modules. Then you use options to pass it through to Qemu. You can remotely connect to a running qemu instance (virt-manager is typically what people use)
then add in Docker/Podman and its a whole other thing. I bet someone has done it, but it doesn't sound easy necessarily. What I did was install Nix on a remote machine and followed this guide https://alexbakker.me/post/nixos-pci-passthrough-qemu-vfio.html and there are a lot of articles about the options that qemu needs. Im curious to see if someone tries this on top of Docker/Podman
I already have my GPU passthrough enabled, is there an argument that I can pass to allow the windows guest to use the passthrough gpu?
So I tried to follow the instructions here for the nvidia container toolkit and here for the docker-compose for GPU support -- no cigar yet.
I'm going to keep trying.
I am also trying to use Portainer to see if that may help me take some of the heavy lifting off from me.
I have already successfully passed through my 3090 from my Proxmox host to an Ubuntu 20.04 LXC container, and I was able to install the Linux NVIDIA drivers with the --no-kernel-module option (for said unprivileged LXC container), as verified by the output of nivdia-smi.
Now I am trying to pass it into Docker/Portainer, and then into the VM.
Will report back if I found a recipe/process that works.
edit The three issues that I am running into now are:
-
When I try to add it into the docker-compose.yml file in Portainer, it will deploy the VM, but the GPU won't show up.
-
If I try to bring up the VM via "normal" docker-compose, i.e. NOT through Portainer, I get this error message:
ERROR: The Compose file './docker-compose.yml' is invalid because:
services.win11.deploy.resources.reservations value Additional properties are not allowed ('devices' was unexpected)
- If I take the lines back out that calls for the GPU device, try to edit the container from within Portainer, and then try to add it back in via the Portainer GUI, I get this error message (from Portainer) instead:
invalid CapDrop: capability not supported by your kernel or not available in the current environment: "CAP_MAC_ADMIN"
And the interesting about the last error message from Portainer is that the capability "MAC_ADMIN" is neither added nor enabled via the Portainer GUI, so I am not really sure why it thinks that it is asking for it, where it would then cause it to fail.
So no luck with Nvidia passthrough.
I've also tried changing the docker-compose.yml version number to something higher than version 3, (e.g. version 3.7) and it still gave me the same error message.
edit #2 I uninstalled the docker-compose package from the Ubuntu 20.04 repository and installed it with this command instead, from the Docker documentation page:
curl -SL https://github.com/docker/compose/releases/download/v2.24.7/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
It's re-downloading the Windows 11 installer ISO image now.
edit #3 No luck.
It recognises my docker-compose.yml file, but will not attach my 3090 to the VM.
If I run the example from here, it will run nvidia-smi. So that tells me that the GPU passthrough is working to at least a Ubuntu container, just not the Windows VM.
The 3090 never shows up in Device Manager.
@alpha754293 - I don't know if you have tried this, but I found that passing through a singular GPU sometimes has it's drawbacks that in docker can't really work with it for whatever reason. I'm using the following snippet (and the analog docker run-partial) for my AI-related containers and those seem to get the passthrough and it works pretty well:
deploy:
resources:
reservations:
devices:
- driver: nvidia
count: all
capabilities: [gpu]
And for docker run I use --gpu all (see https://stackoverflow.com/questions/70761192/docker-compose-equivalent-of-docker-run-gpu-all-option )
So maybe passing "all" GPUs might help.
Plus - as far as I understand how the image works, it utilizes QEMU inside the container to actually start Windows in a virtual environment. So maybe the way to go is actually sort of two-staged.
Stage 1: Pass the GPU to the container and get it work there with drivers. <-- this one should be easy (except for the drivers...)
Stage 2: Pass the GPU inside the Stage1-container to QEMU - sort if treating the container as "bare metal" and trying to get it to run from there.
I think that might be a way to go.
Edit: Since you work with Portainer already, maybe check out KasmWorkspaces. Basically they are containers with a VNC-Connection to a desktop-environment, plus - they already have passthrough-container-images. Maybe using one of them as a base could be an idea for the Stage1-container. :)