temskiy / krakensdr-containers

Either podman, Docker or Moby would work. Please refer to your Linux distribution documentation for instructions on how to install either of those projects. The author prefers podman for its daemonless and rootless operation, thus you would see it in examples hereafter. Feel free to replace podman with docker, if you prefer Docker or Moby projects.

librtlsdr should be able to directly access KrakenSDR recievers, so we need to blacklist kernel modules that might take over otherwise by

sudo echo "blacklist dvb_usb_rtl28xxu` > /etc/modprobe.d/blacklist-dvb_usb_rtl28xxu.conf

Since for most Linux distros usbcore module is builtin the kernel, we need to modify its parameters via the kernel arguments as

sudo grubby --args=usbcore.usbfs_memory_mb=0 --update-kernel=ALL

sudo echo "YOURUSERNAME -   rtprio  99" > /etc/security/limits.d/98-YOURUSERNAME.conf

sudo echo "kernel.sched_rt_runtime_us=-1" >> /etc/sysctl.d/99-sysctl.conf

If you are planning on using apps remotely, you might need to open ports 8080 and 8081 in the Linux distro firewall on the host machine. Please refer to your distro documentation for specific instructions. For those using firewalld, e.g, Fedora, CentOS Stream, etc., the ports can be opened with the following commands:

sudo firewall-cmd --permanent --zone=public --add-port=8080-8081/tcp
sudo firewall-cmd --reload

sudo reboot

podman build --tag kraken/doa -f ./Dockerfile.doa

podman run -dt --rm --privileged --shm-size=0 --group-add keep-groups -p 8080:8080/tcp -p 8081:8081/tcp kraken/doa

Navigate to localhost:8080 in your favorite browser.

Adjust Kraken's settings to your needs and then press "Save Configuration" button. After that open terminal and execute:

podman ps --format="{{.ID}}" --filter="ancestor=localhost/kraken/doa"

This should output Container ID of the Kraken DoA app, e.g., 107a71d4134f. Now commit (save) changes made in the container to the underlying image via, e.g.,:

podman commit -p 107a71d4134f localhost/kraken/doa

This command will pause the container execution, commit changes and then resume its execution.

The oneliner to save container's changes is

podman commit -p $(podman ps --format="{{.ID}}" --filter="ancestor=localhost/kraken/doa") localhost/kraken/doa

podman stop kraken/doa

A number of Linux distributions provide tuned service and tuned-adm app that can be used to tune various system settings based on either included or custom profiles. If these are avaliable on your host, then please invoke:

sudo tuned-adm profile accelerator-performance
sudo tuned-adm profile accelerator-performance intel-sst

that would disable all CPU power saving technologies and tune your system to increase its responsiveness.

To avoid possible spikes in processing latency, it might be beneficial to set aside certain amount of host memory for the container via the --memory-reservation flag. For example, according to podman stats, DoA app consumes around 600 MB, so it is reasonable to reserve 1 GB of host memory for DoA container via

podman run -dt --rm --privileged --memory-reservation=1g --shm-size=0 --group-add keep-groups -p 8080:8080/tcp -p 8081:8081/tcp kraken/doa

It might be beneficial to restrict Kraken application containers execution to specific CPU cores, e.g., to physical cores in SMT systems, or to prevent non-unifom memory access in multi-CPU configurations. This can be done with so-called cpuset cgroup controller, but it might not be allowed for regular users. One can check it with

cat /sys/fs/cgroup/user.slice/user-*.slice/user@*.service/cgroup.subtree_control

If output contains cpuset among other things, then it is allowed. If not, then additional, distribution-specific configuration should be done. For instance, on stock Fedora 36, one needs to modify /usr/lib/systemd/system/user@.service.d/00-uresourced.conf to make sure its content looks like:

[Unit]
After=uresourced.service

[Service]
Delegate=cpuset cpu io memory

and then restart the system and, in some cases, run

podman system reset

Once all is set, one can use podman's --cpuset-cpus flag to restict execution to specific CPUs, e.g.,

podman run -dt --rm --privileged --memory-reservation=1g --cpuset-cpus=0,1 --shm-size=0 --group-add keep-groups -p 8080:8080/tcp -p 8081:8081/tcp kraken/doa