meta data for this page
  •  

This is an old revision of the document!

Google Coral USB in LXC

to Frigate container

Google Coral

After power-up Google Coral is in boot mode: 

Bus 002 Device 005: ID 1a6e:089a Global Unichip Corp.

It needs software to run. So host or LXC must upload firmware. After successfull init Google Coral changes its USB id to: 

Bus 002 Device 006: ID 18d1:9302 Google Inc.

Frigate contains Coral firmware and if access from LXC to USB dev is given it can init Google Coral upon startup.

docker-compose

docker-compose.yml
    devices:
      - /dev/bus/usb:/dev/bus/usb # Passes the USB Coral, needs to be modified for other versions
      - /dev/dri/renderD128:/dev/dri/renderD128 # For intel hwaccel, needs to be updated for your hardware

LXC config

/etc/pve/lxc/307.conf
features: nesting=1
unprivileged: 1
lxc.cgroup2.devices.allow: c 226:128 rwm # iGPU
lxc.cgroup2.devices.allow: c 189:* rwm # USB Coral TPU
lxc.mount.entry: /dev/bus/usb/002 dev/bus/usb/002 none bind,optional,create=dir,mode=664 # USB Coral TPU
lxc.mount.entry: /dev/dri/renderD128 dev/dri/renderD128 none bind,optional,create=file 0,0 # iGPU (u=root g=render)
lxc.hook.pre-start: sh -c "chown 100000:111000 /dev/dri/renderD128" # create a host gid for lxc_gpu_shares
lxc.hook.pre-start: sh -c "chown -R 100000:111002 /dev/bus/usb/002" # create a host gid for lxc_usb2_shares

In LXC shell: 

groupadd -g 11000 lxc_gpu_shares
groupadd -g 11002 lxc_usb2_shares
usermod -aG lxc_gpu_shares,lxc_usb2_shares root

Issue:

  • lxc.hook changes permission only once just before LXC starts. LXC must be restarted to trigger lxc.hook Drawback:
    • Any further host USB reconnects / udevadm reload cause USB permisions change to default.
    • any reinit of Coral device cause of the same device to appear on the same bus with new device ID, and new default permissions.

Fix for issue:

  • Remove LXC config lines: lxc.hook.pre-start:
  • use udev to always set correct permissions:

On Proxmox host:

/etc/udev/rules.d/71-coral.rules
SUBSYSTEMS=="usb", ATTRS{idVendor}=="1a6e", ATTRS{idProduct}=="089a", MODE="0664", OWNER="100000", GROUP="111002"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="9302", MODE="0664", OWNER="100000", GROUP="111002"
/etc/udev/rules.d/99-igpu.rules
KERNEL=="renderD128", MODE="0664", OWNER="100000", GROUP="111000"
udevadm control --reload-rules && udevadm trigger

references