FROM ubuntu:20.04 AS base_image

ENV DEBIAN_FRONTEND=noninteractive \
    LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:/usr/local/lib"

FROM base_image AS ec2

LABEL maintainer="Amazon AI"
LABEL dlc_major_version="1"

# Specify accept-bind-to-port LABEL for inference pipelines to use SAGEMAKER_BIND_TO_PORT
# https://docs.aws.amazon.com/sagemaker/latest/dg/inference-pipeline-real-time.html
LABEL com.amazonaws.sagemaker.capabilities.accept-bind-to-port=true
# Specify multi-models LABEL to indicate container is capable of loading and serving multiple models concurrently
# https://docs.aws.amazon.com/sagemaker/latest/dg/build-multi-model-build-container.html
LABEL com.amazonaws.sagemaker.capabilities.multi-models=true

ARG PYTHON=python3
ARG PYTHON_VERSION=3.9.13
ARG MAMBA_VERSION=22.9.0-1
ARG OPEN_MPI_VERSION=4.1.4
ARG MMS_VERSION=1.1.11

# HF ARGS
ARG TORCH_URL=https://aws-pytorch-unified-cicd-binaries.s3.us-west-2.amazonaws.com/r1.13.1_ec2/20221217-194030/54406b8eed7fbd61be629cb06229dfb7b6b2954e/torch-1.13.1%2Bcpu-cp39-cp39-linux_x86_64.whl
ARG TORCHVISION_VERSION=0.14.1+cpu
ARG TORCHAUDIO_VERSION=0.13.1+cpu
ARG TRANSFORMERS_VERSION
ARG DIFFUSERS_VERSION=0.16.1

# Set Debian interaction
ARG DEBIAN_FRONTEND=noninteractive

# See http://bugs.python.org/issue19846
ENV LANG=C.UTF-8
ENV LD_LIBRARY_PATH="/opt/conda/lib:${LD_LIBRARY_PATH}"
ENV PATH=/opt/conda/bin:$PATH
ENV TEMP=/home/model-server/tmp
# Set MKL_THREADING_LAYER=GNU to prevent issues between torch and numpy/mkl
ENV MKL_THREADING_LAYER=GNU
ENV DLC_CONTAINER_TYPE=inference

RUN apt-get update \
 # TODO: Remove systemd upgrade once it is updated in base image
 && apt-get -y upgrade --only-upgrade systemd openssl cryptsetup \
 && apt-get install -y --no-install-recommends \
    software-properties-common \
    ca-certificates \
    build-essential \
    openssl \
    openjdk-11-jdk \
    vim \
    wget \
    curl \
    emacs \
    unzip \
    git \
    libsndfile1-dev \
    ffmpeg \
    cmake \
    jq \
    libcurl4-openssl-dev \
    libgl1-mesa-glx \
    libglib2.0-0 \
    libsm6 \
    libssl-dev \
    libxext6 \
    libxrender-dev \
    zlib1g-dev \
 && rm -rf /var/lib/apt/lists/* \
 && apt-get clean

# https://github.com/docker-library/openjdk/issues/261 https://github.com/docker-library/openjdk/pull/263/files
RUN keytool -importkeystore -srckeystore /etc/ssl/certs/java/cacerts -destkeystore /etc/ssl/certs/java/cacerts.jks -deststoretype JKS -srcstorepass changeit -deststorepass changeit -noprompt; \
    mv /etc/ssl/certs/java/cacerts.jks /etc/ssl/certs/java/cacerts; \
    /var/lib/dpkg/info/ca-certificates-java.postinst configure;

RUN wget https://download.open-mpi.org/release/open-mpi/v4.1/openmpi-${OPEN_MPI_VERSION}.tar.gz \
 && gunzip -c openmpi-$OPEN_MPI_VERSION.tar.gz | tar xf - \
 && cd openmpi-$OPEN_MPI_VERSION \
 && ./configure --prefix=/home/.openmpi \
 && make all install \
 && cd .. \
 && rm openmpi-$OPEN_MPI_VERSION.tar.gz \
 && rm -rf openmpi-$OPEN_MPI_VERSION

# The ENV variables declared below are changed in the previous section
# Grouping these ENV variables in the first section causes
# ompi_info to fail. This is only observed in CPU containers
ENV PATH="$PATH:/home/.openmpi/bin"
ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/home/.openmpi/lib/"
RUN ompi_info --parsable --all | grep mpi_built_with_cuda_support:value

# Install CondaForge miniconda
# Note: SSD Verification disabled as it breaks installs due to downgrading from py3.10 to py3.9
RUN curl -L -o ~/mambaforge.sh https://github.com/conda-forge/miniforge/releases/download/${MAMBA_VERSION}/Mambaforge-${MAMBA_VERSION}-Linux-x86_64.sh \
 && chmod +x ~/mambaforge.sh \
 && ~/mambaforge.sh -b -p /opt/conda \
 && rm ~/mambaforge.sh \
 && /opt/conda/bin/conda config --set ssl_verify False \
 && /opt/conda/bin/conda update -y conda \
 && /opt/conda/bin/conda install -c conda-forge \
    python=${PYTHON_VERSION} \
    cython \
    mkl \
    mkl-include \
    botocore \
    parso \
    typing \
    h5py \
    requests \
    # Below 2 are included in miniconda base, but not mamba so need to install
    conda-content-trust \
    charset-normalizer \
 && /opt/conda/bin/conda clean -ya

# symlink pip for OS use
RUN pip install --upgrade pip --trusted-host pypi.org --trusted-host files.pythonhosted.org \
 && ln -s /opt/conda/bin/pip /usr/local/bin/pip3

# Ensure PyTorch did not get installed from Conda
RUN pip uninstall -y torch torchvision torchaudio multi-model-server

# Install AWS-PyTorch, and other torch packages
RUN pip install --no-cache-dir --extra-index-url https://download.pytorch.org/whl/cpu -U \
    "cryptography>3.2" \
    enum-compat==0.0.3 \
    packaging \
    "Pillow>=9.0.0" \
    ${TORCH_URL} \
    torchvision==${TORCHVISION_VERSION} \
    torchaudio==${TORCHAUDIO_VERSION}

# add necessary certificate for aws sdk cpp download
RUN mkdir -p /etc/pki/tls/certs && cp /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt

WORKDIR /

RUN pip install --no-cache-dir \
    multi-model-server==$MMS_VERSION \
    sagemaker-inference

RUN useradd -m model-server \
 && mkdir -p /home/model-server/tmp /opt/ml/model \
 && chown -R model-server /home/model-server /opt/ml/model

COPY mms-entrypoint.py /usr/local/bin/dockerd-entrypoint.py
COPY config.properties /etc/sagemaker-mms.properties

RUN chmod +x /usr/local/bin/dockerd-entrypoint.py

COPY deep_learning_container.py /usr/local/bin/deep_learning_container.py

RUN chmod +x /usr/local/bin/deep_learning_container.py

#################################
# Hugging Face specific section #
#################################

RUN curl https://aws-dlc-licenses.s3.amazonaws.com/pytorch-1.13/license.txt -o /license.txt

# install Hugging Face libraries and its dependencies
RUN pip install --no-cache-dir \
    transformers[sentencepiece,audio,vision]==${TRANSFORMERS_VERSION} \
    diffusers==${DIFFUSERS_VERSION} \
    "accelerate>=0.11.0" \
    "protobuf>=3.19.5,<=3.20.2" \
    numpy>=1.21.5 \
    "sagemaker-huggingface-inference-toolkit<3" \
    intel_extension_for_pytorch==1.13.100   # IPEx versioning is MAJOR.MINOR.PATCH * 100 (1.13.1 -> 1.13.100)

RUN HOME_DIR=/root \
 && curl -o ${HOME_DIR}/oss_compliance.zip https://aws-dlinfra-utilities.s3.amazonaws.com/oss_compliance.zip \
 && unzip ${HOME_DIR}/oss_compliance.zip -d ${HOME_DIR}/ \
 && cp ${HOME_DIR}/oss_compliance/test/testOSSCompliance /usr/local/bin/testOSSCompliance \
 && chmod +x /usr/local/bin/testOSSCompliance \
 && chmod +x ${HOME_DIR}/oss_compliance/generate_oss_compliance.sh \
 && ${HOME_DIR}/oss_compliance/generate_oss_compliance.sh ${HOME_DIR} ${PYTHON} \
 && rm -rf ${HOME_DIR}/oss_compliance*

# Removing the cache as it is needed for security verification
RUN rm -iRf /root/.cache

EXPOSE 8080 8081
ENTRYPOINT ["python", "/usr/local/bin/dockerd-entrypoint.py"]
CMD ["serve"]