FROM ubuntu:20.04 AS base_image

ENV DEBIAN_FRONTEND=noninteractive \
    LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:/usr/local/lib"

FROM base_image AS ec2

LABEL maintainer="Amazon AI"
LABEL dlc_major_version="1"

# Specify accept-bind-to-port LABEL for inference pipelines to use SAGEMAKER_BIND_TO_PORT
# https://docs.aws.amazon.com/sagemaker/latest/dg/inference-pipeline-real-time.html
LABEL com.amazonaws.sagemaker.capabilities.accept-bind-to-port=true
# Specify multi-models LABEL to indicate container is capable of loading and serving multiple models concurrently
# https://docs.aws.amazon.com/sagemaker/latest/dg/build-multi-model-build-container.html
LABEL com.amazonaws.sagemaker.capabilities.multi-models=true

ARG PYTHON=python3
ARG PYTHON_VERSION=3.10.9
ARG MAMBA_VERSION=22.11.1-4
ARG OPEN_MPI_VERSION=4.1.5
ARG MMS_VERSION=1.1.11

# PyTorch Binaries and versions.
ARG TORCH_URL=https://aws-pytorch-unified-cicd-binaries.s3.us-west-2.amazonaws.com/r2.0.0_inference/cpu_py310/torch-2.0.0%2Bcpu-cp310-cp310-linux_x86_64.whl
ARG TORCHVISION_URL=https://aws-pytorch-unified-cicd-binaries.s3.us-west-2.amazonaws.com/r2.0.0_inference/cpu_py310/torchvision-0.15.1%2Bcpu-cp310-cp310-linux_x86_64.whl
ARG TORCHAUDIO_URL=https://aws-pytorch-unified-cicd-binaries.s3.us-west-2.amazonaws.com/r2.0.0_inference/cpu_py310/torchaudio-2.0.1%2Bcpu-cp310-cp310-linux_x86_64.whl

# HF ARGS
ARG TRANSFORMERS_VERSION
ARG DIFFUSERS_VERSION=0.16.1

# Set Debian interaction
ARG DEBIAN_FRONTEND=noninteractive

# See http://bugs.python.org/issue19846
ENV LANG=C.UTF-8
ENV LD_LIBRARY_PATH="/opt/conda/lib:${LD_LIBRARY_PATH}"
ENV PATH=/opt/conda/bin:$PATH
ENV TEMP=/home/model-server/tmp
# Set MKL_THREADING_LAYER=GNU to prevent issues between torch and numpy/mkl
ENV MKL_THREADING_LAYER=GNU
ENV DLC_CONTAINER_TYPE=inference

RUN apt-get update \
 && apt-get -y upgrade \
 && apt-get install -y --no-install-recommends \
    software-properties-common \
    ca-certificates \
    build-essential \
    openssl \
    openjdk-17-jdk \
    vim \
    wget \
    curl \
    emacs \
    unzip \
    git \
    # libtbb-dev \
    libsndfile1-dev \
    ffmpeg \
    cmake \
    jq \
    libcurl4-openssl-dev \
    libgl1-mesa-glx \
    libglib2.0-0 \
    libsm6 \
    libssl-dev \
    libxext6 \
    libxrender-dev \
    zlib1g-dev \
 && rm -rf /var/lib/apt/lists/* \
 && apt-get clean

# https://github.com/docker-library/openjdk/issues/261 https://github.com/docker-library/openjdk/pull/263/files
RUN keytool -importkeystore -srckeystore /etc/ssl/certs/java/cacerts -destkeystore /etc/ssl/certs/java/cacerts.jks -deststoretype JKS -srcstorepass changeit -deststorepass changeit -noprompt; \
    mv /etc/ssl/certs/java/cacerts.jks /etc/ssl/certs/java/cacerts; \
    /var/lib/dpkg/info/ca-certificates-java.postinst configure;

RUN wget https://download.open-mpi.org/release/open-mpi/v4.1/openmpi-${OPEN_MPI_VERSION}.tar.gz \
 && gunzip -c openmpi-$OPEN_MPI_VERSION.tar.gz | tar xf - \
 && cd openmpi-$OPEN_MPI_VERSION \
 && ./configure --prefix=/home/.openmpi \
 && make all install \
 && cd .. \
 && rm openmpi-$OPEN_MPI_VERSION.tar.gz \
 && rm -rf openmpi-$OPEN_MPI_VERSION

# The ENV variables declared below are changed in the previous section
# Grouping these ENV variables in the first section causes
# ompi_info to fail. This is only observed in CPU containers
ENV PATH="$PATH:/home/.openmpi/bin"
ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/home/.openmpi/lib/"
RUN ompi_info --parsable --all | grep mpi_built_with_cuda_support:value

# Install CondaForge miniconda
# Note: SSD Verification disabled as it breaks installs due to downgrading from py3.10 to py3.9
RUN curl -L -o ~/mambaforge.sh https://github.com/conda-forge/miniforge/releases/download/${MAMBA_VERSION}/Mambaforge-${MAMBA_VERSION}-Linux-x86_64.sh \
 && chmod +x ~/mambaforge.sh \
 && ~/mambaforge.sh -b -p /opt/conda \
 && rm ~/mambaforge.sh \
 && /opt/conda/bin/conda config --set ssl_verify False \
 && /opt/conda/bin/conda update -y conda \
 && /opt/conda/bin/conda install -c conda-forge \
    python=${PYTHON_VERSION} \
    cython \
    mkl \
    mkl-include \
    botocore \
    parso \
    typing \
    h5py \
    requests \
    # Below 2 are included in miniconda base, but not mamba so need to install
    conda-content-trust \
    charset-normalizer \
 && /opt/conda/bin/conda clean -ya

# symlink pip for OS use
RUN pip install --upgrade pip --trusted-host pypi.org --trusted-host files.pythonhosted.org \
 && ln -s /opt/conda/bin/pip /usr/local/bin/pip3

# Ensure PyTorch did not get installed from Conda
RUN pip uninstall -y torch torchvision torchaudio multi-model-server

# Install AWS-PyTorch, and other torch packages
RUN pip install --no-cache-dir --extra-index-url https://download.pytorch.org/whl/cpu -U \
    "cryptography>=38.0.0" \
    enum-compat==0.0.3 \
    packaging \
    "Pillow>=9.0.0" \
    ${TORCH_URL} \
    ${TORCHVISION_URL} \
    ${TORCHAUDIO_URL}

# add necessary certificate for aws sdk cpp download
RUN mkdir -p /etc/pki/tls/certs && cp /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt

WORKDIR /

RUN pip install --no-cache-dir \
    multi-model-server==$MMS_VERSION \
    sagemaker-inference

RUN useradd -m model-server \
 && mkdir -p /home/model-server/tmp /opt/ml/model \
 && chown -R model-server /home/model-server /opt/ml/model

COPY mms-entrypoint.py /usr/local/bin/dockerd-entrypoint.py
COPY config.properties /etc/sagemaker-mms.properties

RUN chmod +x /usr/local/bin/dockerd-entrypoint.py

COPY deep_learning_container.py /usr/local/bin/deep_learning_container.py

RUN chmod +x /usr/local/bin/deep_learning_container.py

#################################
# Hugging Face specific section #
#################################

RUN curl -o /license.txt  https://aws-dlc-licenses.s3.amazonaws.com/pytorch-2.0/license.txt

# install Hugging Face libraries and its dependencies
RUN pip install --no-cache-dir \
    transformers[sentencepiece,audio,vision]==${TRANSFORMERS_VERSION} \
    diffusers==${DIFFUSERS_VERSION} \
    "accelerate>=0.11.0" \
    "protobuf>=3.19.5,<=3.20.2" \
    "sagemaker-huggingface-inference-toolkit<3"

# Install IPEx and its dependencies
# from source is mandatory for cutomized AWS PyTorch binaries: https://github.com/intel/intel-extension-for-pytorch/issues/317
RUN pip install --no-cache-dir intel-openmp tbb
RUN cd /opt/ && mkdir -p ipex \
    cd /opt/ipex && \
    wget https://raw.githubusercontent.com/intel/intel-extension-for-pytorch/v2.0.100%2Bcpu/scripts/compile_bundle.sh && \
    bash compile_bundle.sh && \
    rm -rf /opt/ipex

# IPEx installation installs the numpy==1.25.1. That causes a pip check failure due to incompatibility with numba.
# Re-installing numpy after IPEx installation to get the appropriate numpy version and fix pip checks.
RUN pip install --no-cache-dir  "numpy<1.25"

RUN HOME_DIR=/root \
 && curl -o ${HOME_DIR}/oss_compliance.zip https://aws-dlinfra-utilities.s3.amazonaws.com/oss_compliance.zip \
 && unzip ${HOME_DIR}/oss_compliance.zip -d ${HOME_DIR}/ \
 && cp ${HOME_DIR}/oss_compliance/test/testOSSCompliance /usr/local/bin/testOSSCompliance \
 && chmod +x /usr/local/bin/testOSSCompliance \
 && chmod +x ${HOME_DIR}/oss_compliance/generate_oss_compliance.sh \
 && ${HOME_DIR}/oss_compliance/generate_oss_compliance.sh ${HOME_DIR} ${PYTHON} \
 && rm -rf ${HOME_DIR}/oss_compliance*

# Removing the cache as it is needed for security verification
RUN rm -iRf /root/.cache

EXPOSE 8080 8081
ENTRYPOINT ["python", "/usr/local/bin/dockerd-entrypoint.py"]
CMD ["serve"]