CDI device injection failed: unresolvable CDI devices about moby HOT 5 CLOSED

This error comes from the CDI dependency that's used;

Wondering though; comparing your example with the example from #45134, should the containerEdits be part of the demo1 device? i.e., more like;

cdiVersion: 0.6.0
kind: spidernet.io/test
devices:
  - name: demo1
    containerEdits:
      env:
        - LD="test"

I tried reproduce your issue in a docker-in-docker container;

Creating the CDI directories, and /etc/docker for the daemon config file;

mkdir -p /etc/cdi /var/run/cdi /etc/docker

Configure the daemon;

cat > /etc/docker/daemon.json <<'EOF'
{
  "features": {
     "cdi": true
  }
}
EOF

Create the CDI spec based on your example;

cat > /var/run/cdi/test.yaml <<'EOF'
cdiVersion: 0.6.0
kind: spidernet.io/test
containerEdits:
  env:
  - LD="test"
devices:
  - name: demo1
EOF

Start the daemon;

dockerd

In another shell; run a container;

docker run -it --rm --device spidernet.io/test=demo1 alpine printenv LD

Check the daemon logs, and I see it complains that the spec is invalid;

WARN[2024-03-26T11:39:44.498974429Z] Refreshing the CDI registry generated errors  error="1 error occurred:\n\t* failed to load CDI Spec invalid CDI Spec: failed add device \"demo1\": invalid device, empty device edits\n\n"

That error looks to confirm my suspicion that your CDI spec is incorrect; changing the spec to what I think it should be (see my comment further up);

cat > /var/run/cdi/test.yaml <<'EOF'
cdiVersion: 0.6.0
kind: spidernet.io/test
devices:
  - name: demo1
    containerEdits:
      env:
        - LD="test"
EOF

This time it worked, and the LD env-var is set to "test";

docker run -it --rm --device spidernet.io/test=demo1 alpine printenv LD
"test"

from moby.

Based on the above, I don't think there's a bug at hand here, so I'll go ahead and close this ticket, but feel free to continue the conversation.

from moby.

Thanks @thaJeztah for the details! This should be a bias in my use, perhaps I should go to the CDI community for help.

from moby.

Thanks! Out of curiosity; was your example test.yaml based on an example you found somewhere in documentation (so the documentation being incorrect?) or was this something you wrote yourself?

from moby.

was this something you wrote yourself?

woo, I wrote this myself. when I read the CDI docs on https://github.com/cncf-tags/container-device-interface/blob/main/SPEC.md#oci-edits, I found the containerEdits field is referenced in two places in the specification:

• At the device level, where the edits MUST only be made if the matching device is requested by the container runtime user.
• At the container level, where the edits MUST be made if any of the device defined in the devices field are requested.

So even if I don't have containerEdits configured in devices, but I do have container-level containerEdits configured, the runc will be able to take effect on the container-level containerEdits, But it's not working. maybe I misunderstood something.

from moby.