Creating a Container Image Using a Dockerfile (TensorFlow)

Prerequisites

Obtain the software packages of the corresponding OS and the Dockerfile and script files required for packaging images by referring to Table 1.

{version} indicates the version number, and {arch} indicates the architecture. In CANN 6.3.RC3, 6.2.RC3, and later versions, the message "Do you accept EULA to install CANN (Y/N)" is added to the software package. In the Dockerfile compilation example, the installation command contains the --quiet parameter, indicating that EULA is signed by default. You can modify the parameter as required.

**Table 1** Required software
Package	Description	How to Obtain
Ascend-cann-toolkit_{version}_linux-{arch}.run	CANN ToolKit package	Link NOTE: The CANN version must be earlier than 8.5.0.
TF Adapter	Framework plugin package.	Link
ARM: tensorflow-{version}-cp3x-cp3xm-linux_aarch64.whl x86_64: tensorflow_cpu-{version}-cp3x-cp3xm-manylinux2010_x86_64.whl	WHL package of the TensorFlow framework.	Link NOTE: For details about the Python versions supported by TensorFlow, visit the TensorFlow official website. If you want to install TensorFlow by compiling the source code, visit TensorFlow official website. TensorFlow 2.6.5 has vulnerabilities. For details about how to handle the vulnerabilities, see corresponding solutions to vulnerabilities.
Dockerfile	Required for creating an image.	For details, see Dockerfile compilation example.
ascend_install.info	Driver installation information file.	Copy the /etc/ascend_install.info file from the host.
version.info	Driver version information file.	Copy the /usr/local/Ascend/driver/version.info file from the host.
prebuild.sh	Script used to prepare for the setup of the training operating environment, for example, configuring the proxy.	For details, see Step 3.
install_ascend_pkgs.sh	Script for installing the Ascend software package.	For details, see Step 4.
postbuild.sh	Script for deleting the installation packages, scripts, and proxy configurations that do not need to be retained in the container.	For details, see Step 5.

To avoid using software packages that have been tampered with during transmission or storage, download their digital signature files for integrity check while downloading the software packages.

After the software package is downloaded from the Support website, verify its PGP digital signature by referring to the OpenPGP Signature Verification Guide. If the verification fails, do not use the software package, and contact Huawei technical support.

The verification is also required before the installation or update of the software package.

Carriers: Visit https://support.huawei.com/carrier/digitalSignatureAction.

Enterprises: Visit https://support.huawei.com/enterprise/en/tool/pgp-verify-TL1000000054.

The following uses Ubuntu 18.04 as an example to describe how to use a Dockerfile to build a container image. Modify the steps as required.

Procedure

Upload the software packages, deep learning framework, host driver installation information file, and driver version information file to the same directory (for example, /home/test) on the server.
- Ascend-cann-toolkit_{version}_linux-{arch}.run
- npu_bridge-{version}-py3-none-manylinux2014_<arch>.whl
- tensorflow-*_{arch}.whl
- ascend_install.info
- version.info
Log in to the server as the root user.
Perform the following steps to prepare the prebuild.sh file:
1. Go to the directory where the software packages are stored and run the following command to create the prebuild.sh file:
```
vi prebuild.sh
```
2. For details about the content to be written, see prebuild.sh compilation example. After writing the content, run the :wq command to save it. The following uses Ubuntu as an example.
Perform the following steps to prepare the install_ascend_pkgs.sh file:
1. Go to the directory where the software packages are stored and run the following command to create the install_ascend_pkgs.sh file:
```
vi install_ascend_pkgs.sh
```
2. For details about the content to be written, see install_ascend_pkgs.sh compilation example. After writing the content, run the :wq command to save it. The following uses Ubuntu as an example.
Perform the following steps to prepare the postbuild.sh file:
1. Go to the directory where the software packages are stored and run the following command to create the postbuild.sh file:
```
vi postbuild.sh
```
2. For details about the content to be written, see postbuild.sh compilation example. After writing the content, run the :wq command to save it. The following uses Ubuntu as an example.
Perform the following steps to create a Dockerfile:
1. Go to the directory where the software packages are stored and run the following command to create a Dockerfile:
```
vi Dockerfile
```
2. For details about the content to be written, see Dockerfile compilation example. After writing the content, run the :wq command to save it. The following uses Ubuntu as an example.
  
  You can also run the docker pull ubuntu:18.04 command to obtain the ubuntu:18.04 image from Docker Hub.
Go to the directory where the software packages are stored and run the following command to create a container image. Do not omit the period (.) at the end of the command.
```
docker build -t Image name_System architecture:Image tag .
```
The following table describes the command parameters.

Table 2 Command parameters
Parameter

Description

-t

Image name.

Image name_System architecture:Image tag

Image name and tag. Change them based on the actual situation.
Example:
```
docker build -t test_train_arm64:v1.0 .
```
If Successfully built xxx is displayed, the image has been created.

**Table 2** Command parameters
Parameter	Description
-t	Image name.
Image name_System architecture:Image tag	Image name and tag. Change them based on the actual situation.

After the image is created, run the following command to view the image information:

docker images

Command output:

REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
test_train_arm64          v1.0                d82746acd7f0        27 minutes ago      749MB

Run the following command to access the container:

docker run -it Image name_System architecture:Image tag bash

Example:

docker run -it test_train_arm64:v1.0 bash

Run the following command to obtain the freeze_graph.py file:

find /usr/local/ -name "freeze_graph.py"

Command output:

/usr/local/lib/python3.7/dist-packages/tensorflow_core/python/tools/freeze_graph.py

Run the following command to modify the file in the image:

vi /usr/local/lib/python3.7/dist-packages/tensorflow_core/python/tools/freeze_graph.py

Add the following content:

from npu_bridge.estimator import npu_ops
from npu_bridge.estimator.npu.npu_config import NPURunConfig
from npu_bridge.estimator.npu.npu_estimator import NPUEstimator
from npu_bridge.estimator.npu.npu_optimizer import allreduce
from npu_bridge.estimator.npu.npu_optimizer import NPUDistributedOptimizer
from npu_bridge.hccl import hccl_ops

Run the :wq command to save the configuration and exit.

Run the exit command to exit the container.
Run the following command to save the current image:
```
docker commit containerid Image name_System architecture:Image tag
```
Example:
```
docker commit 032953231d61 test_train_arm64:v2.0
```
In the preceding example, the value of containerid is 032953231d61.

Compilation Examples

Compilation example of prebuild.sh

Compilation example of prebuild.sh for the Ubuntu ARM OS

#!/bin/bash
#--------------------------------------------------------------------------------
# Use the bash syntax to write script code and prepare for the installation, for example, configuring the proxy.
# This script will be executed before the formal creation process is started.
#
# Note: After this script is executed, it will not be automatically cleared. If it does not need to be retained in the image, clear it from the postbuild.sh script.
#--------------------------------------------------------------------------------
# DNS settings. If the DNS settings are not required, delete them.
tee /etc/resolv.conf <<- EOF
nameserver xxx.xxx.xxx.xxx # IP address of the DNS server. You can enter multiple IP addresses as required.
nameserver xxx.xxx.xxx.xxx
nameserver xxx.xxx.xxx.xxx
EOF
# APT proxy settings
tee /etc/apt/apt.conf.d/80proxy <<- EOF
Acquire::http::Proxy "http://xxx.xxx.xxx.xxx:xxx";  # IP address and port number of the HTTP proxy server.
Acquire::https::Proxy "http://xxx.xxx.xxx.xxx:xxx";  # IP address and port number of the HTTPS proxy server.
EOF
chmod 777 -R /tmp
rm /var/lib/apt/lists/*
# APT mirror settings (The following uses Ubuntu 18.04 Arm as an example. Set the information as required.)
tee /etc/apt/sources.list <<- EOF
deb http://mirrors.aliyun.com/ubuntu-ports/ bionic main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu-ports/ bionic main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu-ports/ bionic-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu-ports/ bionic-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu-ports/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu-ports/ bionic-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu-ports/ bionic-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu-ports/ bionic-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu-ports/ bionic-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu-ports/ bionic-backports main restricted universe multiverse
EOF

Compilation example of prebuild.sh for the Ubuntu x86_64 OS

#!/bin/bash
#--------------------------------------------------------------------------------

# Use the bash syntax to write script code and prepare for the installation, for example, configuring the proxy.
# This script will be executed before the formal creation process is started.
#
# Note: After this script is executed, it will not be automatically cleared. If it does not need to be retained in the image, clear it from the postbuild.sh script.
#--------------------------------------------------------------------------------
# APT proxy settings
tee /etc/apt/apt.conf.d/80proxy <<- EOF
Acquire::http::Proxy "http://xxx.xxx.xxx.xxx:xxx";    # IP address and port number of the HTTP proxy server.
Acquire::https::Proxy "http://xxx.xxx.xxx.xxx:xxx";   # IP address and port number of the HTTPS proxy server.
EOF

#APT mirror settings (The following uses Ubuntu 18.04 x86_64 as an example. Set the information as required.)
tee /etc/apt/sources.list <<- EOF
deb http://mirrors.ustc.edu.cn/ubuntu/ bionic main multiverse restricted universe
deb http://mirrors.ustc.edu.cn/ubuntu/ bionic-backports main multiverse restricted universe
deb http://mirrors.ustc.edu.cn/ubuntu/ bionic-proposed main multiverse restricted universe
deb http://mirrors.ustc.edu.cn/ubuntu/ bionic-security main multiverse restricted universe
deb http://mirrors.ustc.edu.cn/ubuntu/ bionic-updates main multiverse restricted universe
deb-src http://mirrors.ustc.edu.cn/ubuntu/ bionic main multiverse restricted universe
deb-src http://mirrors.ustc.edu.cn/ubuntu/ bionic-backports main multiverse restricted universe
deb-src http://mirrors.ustc.edu.cn/ubuntu/ bionic-proposed main multiverse restricted universe
deb-src http://mirrors.ustc.edu.cn/ubuntu/ bionic-security main multiverse restricted universe
deb-src http://mirrors.ustc.edu.cn/ubuntu/ bionic-updates main multiverse restricted universe
EOF

Compilation example of install_ascend_pkgs.sh

#!/bin/bash
#--------------------------------------------------------------------------------
# Use the bash syntax to write script code and install the Ascend software package.
#
# Note: After this script is executed, it will not be automatically cleared. If it does not need to be retained in the image, clear it from the postbuild.sh script.
#--------------------------------------------------------------------------------
# Copy the /etc/ascend_install.info file on the host to the current directory before creating the container image.
cp ascend_install.info /etc/
# Copy the /usr/local/Ascend/driver/version.info file on the host to the current directory before creating the container image.
mkdir -p /usr/local/Ascend/driver/
cp version.info /usr/local/Ascend/driver/
 
# Ascend-cann-toolkit_{version}_linux-{arch}.run
chmod +x Ascend-cann-toolkit_{version}_linux-{arch}.run
./Ascend-cann-toolkit_{version}_linux-{arch}.run --install --quiet 
# npu_bridge-{version}-py3-none-manylinux2014_<arch>.whl
chmod +x npu_bridge-{version}-py3-none-manylinux2014_<arch>.whl
./npu_bridge-{version}-py3-none-manylinux2014_<arch>.whl  --install --quiet
 
# After the toolkit package is installed, clear the following files. During container startup, the toolkit package is mounted by Ascend Docker Runtime.
rm -f version.info
rm -rf /usr/local/Ascend/driver/

If the following information is displayed during image creation, delete parameter --install-path following Ascend-cann-xxx.run (except the first installed Ascend-cann-xxx.run package):

Information displayed:

[toolkit] [20210316-02:39:37] [ERROR] /etc/Ascend/ascend_cann_install.info exists ! 'install-path' parameter are not supported.

Possible causes:
After the first CANN package is installed, the installation path is recorded in the /etc/Ascend/ascend_cann_install.info file. If this file exists, it will be automatically installed in the path recorded in this file when other CANN packages are installed. In this case, the --install-path parameter is not supported.

Compilation example of postbuild.sh (Ubuntu)

#!/bin/bash
#--------------------------------------------------------------------------------
# Use the bash syntax to write the script code and delete the installation packages, scripts, and proxy configurations that do not need to be retained in the container.
# This script will be run after the formal creation process ends.
#
# Note: After this script terminates, it is automatically cleared and will not be left in the image. The script and Working Dir are stored in /root.
#--------------------------------------------------------------------------------

rm -f ascend_install.info
rm -f prebuild.sh
rm -f install_ascend_pkgs.sh
rm -f Dockerfile
rm -f Ascend-cann-toolkit_{version}_linux-{arch}.run
rm -f npu_bridge-{version}-py3-none-manylinux2014_<arch>.whl
# ARM environment
rm -f tensorflow-1.15.0-cp3x-cp3xm-linux_{arch}.whl
# If the offline package is used for installation in the x86_64 environment, comment out the previous line and delete the comment tag (#) from the next line.
# rm -f tensorflow_cpu-1.15.0-cp3x-cp3xm-manylinux2010_x86_64.whl
rm -f /etc/apt/apt.conf.d/80proxy
 
# Delete if not required
tee /etc/resolv.conf <<- EOF
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "systemd-resolve --status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
 
options edns0
 
nameserver xxx.xxx.xxx.xxx
nameserver xxx.xxx.xxx.xxx
EOF

Dockerfile compilation sample

Dockerfile example of Python 3.7 for the Ubuntu ARM OS

FROM Ubuntu:18.04

ARG TF_PKG=tensorflow-1.15.0-cp3x-cp3xm-linux_aarch64.whl
ARG HOST_ASCEND_BASE=/usr/local/Ascend
ARG TOOLKIT_PATH=/usr/local/Ascend/toolkit/latest
ARG TF_Adapter_PATH=/usr/local/Ascend/tfadapter/latest
ARG INSTALL_ASCEND_PKGS_SH=install_ascend_pkgs.sh
ARG PREBUILD_SH=prebuild.sh
ARG POSTBUILD_SH=postbuild.sh
WORKDIR /tmp
COPY . ./

# Trigger prebuild.sh.
RUN bash -c "test -f $PREBUILD_SH && bash $PREBUILD_SH || true"

ENV http_proxy http://xxx.xxx.xxx.xxx:xxx
ENV https_proxy http://xxx.xxx.xxx.xxx:xxx

# System packages
RUN apt update && \
    apt install --no-install-recommends \
        python3.7 python3.7-dev \
        curl g++ pkg-config unzip \
        libblas3 liblapack3 liblapack-dev \
        libblas-dev gfortran libhdf5-dev \
        libffi-dev libicu60 libxml2 -y

# Create a Python soft link.
RUN ln -s /usr/bin/python3.7 /usr/bin/python
# Configure the Python pip mirror.
RUN mkdir -p ~/.pip \
&& echo '[global] \n\
index-url=https://pypi.doubanio.com/simple/\n\
trusted-host=pypi.doubanio.com' >> ~/.pip/pip.conf

# pip3.7
RUN curl -k https://bootstrap.pypa.io/get-pip.py -o get-pip.py && \
    cd /tmp && \
    apt-get download python3-distutils && \
    dpkg-deb -x python3-distutils_*.deb / && \
    rm python3-distutils_*.deb && \
    cd - && \
    python3.7 get-pip.py && \
    rm get-pip.py

# Create the HwHiAiUser user and owner. The values of UID and GID must be the same as those on the physical machine to avoid generating ownerless files. In the example, the user and the corresponding group are automatically created. The values of UID and GID are both 1000.
RUN useradd -d /home/HwHiAiUser -u 1000 -m -s /bin/bash HwHiAiUser

# Change the value of PYTHONPATH as required.
ENV PYTHONPATH=/usr/local/python3.7.5/lib/python3.7/site-packages:$PYTHONPATH

# Python packages
RUN pip3.7 install numpy && \
    pip3.7 install decorator && \
    pip3.7 install sympy==1.4 && \
    pip3.7 install cffi && \
    pip3.7 install pyyaml && \
    pip3.7 install pathlib2 && \
    pip3.7 install grpcio && \
    pip3.7 install grpcio-tools && \
    pip3.7 install protobuf && \
    pip3.7 install scipy && \
    pip3.7 install requests && \
    pip3.7 install attrs && \
    pip3.7 install psutil && \
    pip3.7 install absl-py

# Ascend packages
RUN umask 0022 && bash $INSTALL_ASCEND_PKGS_SH

RUN umask 0022 && pip3.7 install $TF_PKG

# Create /lib64/ld-linux-aarch64.so.1.
RUN umask 0022 && \
    if [ ! -d "/lib64" ]; \
    then \
        mkdir /lib64 && ln -sf /lib/ld-linux-aarch64.so.1 /lib64/ld-linux-aarch64.so.1; \
    fi

ENV http_proxy ""
ENV https_proxy ""

# Trigger postbuild.sh.
RUN bash -c "test -f $POSTBUILD_SH && bash $POSTBUILD_SH || true" && \
    rm $POSTBUILD_SH

Dockerfile example for the Ubuntu x86_64 OS

FROM Ubuntu:18.04
# The following lines are used for online download and installation during image compilation, which are mutually exclusive with the .whl configuration.
ARG TF_PKG=tensorflow-cpu==1.15.0
# Use the offline x86_64 TensorFlow package, comment out the upper line, and delete the comment tag (#) from the lower line.
#ARG TF_PKG=tensorflow_cpu-1.15.0-cp3x-cp3xm-manylinux2010_x86_64.whl
ARG HOST_ASCEND_BASE=/usr/local/Ascend
ARG TOOLKIT_PATH=/usr/local/Ascend/toolkit/latest
ARG TF_PLUGIN_PATH=/usr/local/Ascend/tfadapter/latest
ARG INSTALL_ASCEND_PKGS_SH=install_ascend_pkgs.sh
ARG PREBUILD_SH=prebuild.sh
ARG POSTBUILD_SH=postbuild.sh
WORKDIR /tmp
COPY . ./

# Trigger prebuild.sh.
RUN bash -c "test -f $PREBUILD_SH && bash $PREBUILD_SH || true"

ENV http_proxy http://xxx.xxx.xxx.xxx:xxx
ENV https_proxy http://xxx.xxx.xxx.xxx:xxx

# System packages
RUN apt update && \
    apt install --no-install-recommends \
        python3.7 python3.7-dev \
        curl g++ pkg-config unzip \
        libblas3 liblapack3 liblapack-dev \
        libblas-dev gfortran libhdf5-dev \
        libffi-dev libicu60 libxml2 -y

# Create a Python soft link.
RUN ln -s /usr/bin/python3.7 /usr/bin/python

# Configure the Python pip mirror.
RUN mkdir -p ~/.pip \
&& echo '[global] \n\
index-url=https://pypi.doubanio.com/simple/\n\
trusted-host=pypi.doubanio.com' >> ~/.pip/pip.conf

# pip3.7
RUN curl -k https://bootstrap.pypa.io/get-pip.py -o get-pip.py && \
    cd /tmp && \
    apt-get download python3-distutils && \
    dpkg-deb -x python3-distutils_*.deb / && \
    rm python3-distutils_*.deb && \
    cd - && \
    python3.7 get-pip.py && \
    rm get-pip.py

# Create the HwHiAiUser user and owner. The values of UID and GID must be the same as those on the physical machine to avoid generating ownerless files. In the example, the user and the corresponding group are automatically created. The values of UID and GID are both 1000.
RUN useradd -d /home/HwHiAiUser -u 1000 -m -s /bin/bash HwHiAiUser

# Change the value of PYTHONPATH as required.
ENV PYTHONPATH=/usr/local/python3.7.5/lib/python3.7/site-packages:$PYTHONPATH

# Python packages
RUN pip3.7 install numpy && \
    pip3.7 install decorator && \
    pip3.7 install sympy==1.4 && \
    pip3.7 install cffi==1.12.3 && \
    pip3.7 install pyyaml && \
    pip3.7 install pathlib2 && \
    pip3.7 install grpcio && \
    pip3.7 install grpcio-tools && \
    pip3.7 install protobuf && \
    pip3.7 install scipy && \
    pip3.7 install requests && \
    pip3.7 install attrs && \
    pip3.7 install psutil && \
    pip3.7 install absl-py

# Ascend packages
RUN umask 0022 && bash $INSTALL_ASCEND_PKGS_SH

RUN pip3.7 install $TF_PKG

ENV http_proxy ""
ENV https_proxy ""

# Trigger postbuild.sh.
RUN bash -c "test -f $POSTBUILD_SH && bash $POSTBUILD_SH || true" && \
    rm $POSTBUILD_SH

Parent topic: Creating an Image