### EFA Cluster launch

This notebook walks through an example of launching an EC2 cluster with EFA to train a deep learning model.

Prior to running this notebook, you'll need to do a few things:

Setup an EFA enabled seecurity group according to [these instructions](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa-start.html#efa-start-security).

Create a placement group in the EC2 console in the availability zone you plan on using.

Build an EFA enabled Docker container from the AWS DLC.

The `p3dn_efa_east1.yaml` file contains a basic cluster setup.

```
ImageId: "ami-0e956fe81fa11d0a9" # The AWS Deep Learning AMI 42.1 This already has all the EFA drivers
InstanceType: "p3dn.24xlarge"
MinCount: 4 # modify these two lines with how many instances you want
MaxCount: 4
KeyName: "jbsnyder-east" # make sure this key is available in your region
IamInstanceProfile:
  Name: "jbsnyder-ec2" # IAM profile for accessing S3 and other services
Placement:
  AvailabilityZone: "us-east-1c"
  GroupName: "jbsnyder-efa" # The placement group you created
Monitoring:
  Enabled: False
NetworkInterfaces: # Enables EFA 
  - SubnetId: "subnet-c24d759e"
    DeviceIndex: 0
    DeleteOnTermination: True
    InterfaceType: "efa"
    Groups:
      - "sg-0b7a6cca873894fff" # The security group you created
BlockDeviceMappings:
  - DeviceName: "/dev/sda1"
    Ebs:
      # SnapshotId: "snap-"
      VolumeSize: 1000 # EBS volume. When reading raw files not tfrecords, like with PT or Dali, might want to use nvme instead
      VolumeType: "gp2"
TagSpecifications:
  - ResourceType: "instance"
    Tags:
      - Key: "Name"
        Value: "jbsnyder-mrcnn" # name that appears in the console
```

Start by reading in the yaml file, creating the ec2 resources, and launching instances.

In [9]:
import os
import boto3
import yaml
import pprint
import subprocess
from time import sleep
from utils.ssh import SSH, create_ssh_comm, setup_container_communication, create_hostfile

config = 'launch_configs/p3dn_efa_east1.yaml'

with open(config) as in_config:
    config = yaml.safe_load(in_config)

In [2]:
# create resources
ec2_session = boto3.Session()
ec2_client = ec2_session.client("ec2")
ec2_resource = ec2_session.resource("ec2")

In [3]:
# launch ec2 instances
response = ec2_client.run_instances(**config)

In [12]:
# grab instance ids from what we just launched
# example
# instances = ['i-0a571527be6a8e5d0', 'i-020b19d914d6c57d6', 'i-03c38a7bf17b1c525', 'i-0a5977d718a7d2e12']
# can also manually feed in a list if instances are already running
instances = [instance['InstanceId'] for instance in response['Instances']]
print(instances)

['i-0a571527be6a8e5d0', 'i-020b19d914d6c57d6', 'i-03c38a7bf17b1c525', 'i-0a5977d718a7d2e12']


In [13]:
# wait for instances to become available
ready = False
while not ready:
    sleep(5)
    # get current instance status
    status = ec2_resource.meta.client.describe_instances(InstanceIds=instances)
    # check that instance is running
    ready = all([i['State']['Name'] == 'running' for i in status['Reservations'][0]['Instances']])
    print(ready)

True


In [14]:
# get ip and dns info
public_ips = [instance['PublicIpAddress'] for instance in status['Reservations'][0]['Instances']]
public_dns = [instance['PublicDnsName'] for instance in status['Reservations'][0]['Instances']]
private_ips = [instance['PrivateIpAddress'] for instance in status['Reservations'][0]['Instances']]

In [62]:
public_dns

['ec2-3-84-122-243.compute-1.amazonaws.com',
 'ec2-54-198-77-29.compute-1.amazonaws.com',
 'ec2-52-91-238-198.compute-1.amazonaws.com',
 'ec2-18-206-184-247.compute-1.amazonaws.com']

In [16]:
# The ssh tool lets you send commands via ssh to all instances simultaneously
ssh_client = utils.SSH(public_ips, '/Users/jbsnyder/.aws/jbsnyder-east.pem')

In [17]:
# first check that instances are up and running
# sometime takes a minute longer after instances are ready for them to be fully accessible
pci = ssh_client.run_on_all('lspci')

In [63]:
# print out the results of the command from the first node in the cluster
# on p3dn this should show a bunch of GPUs
pprint.pprint(pci[0]['stdout'])

('00:00.0 Host bridge: Intel Corporation 440FX - 82441FX PMC [Natoma]\n'
 '00:01.0 ISA bridge: Intel Corporation 82371SB PIIX3 ISA [Natoma/Triton II]\n'
 '00:01.3 Non-VGA unclassified device: Intel Corporation 82371AB/EB/MB PIIX4 '
 'ACPI (rev 08)\n'
 '00:03.0 VGA compatible controller: Amazon.com, Inc. Device 1111\n'
 '00:04.0 Non-Volatile memory controller: Amazon.com, Inc. Device 8061\n'
 '00:05.0 Ethernet controller: Amazon.com, Inc. Elastic Network Adapter (ENA)\n'
 '00:06.0 Ethernet controller: Amazon.com, Inc. Device efa0\n'
 '00:16.0 3D controller: NVIDIA Corporation GV100GL [Tesla V100 SXM2 32GB] '
 '(rev a1)\n'
 '00:17.0 3D controller: NVIDIA Corporation GV100GL [Tesla V100 SXM2 32GB] '
 '(rev a1)\n'
 '00:18.0 3D controller: NVIDIA Corporation GV100GL [Tesla V100 SXM2 32GB] '
 '(rev a1)\n'
 '00:19.0 3D controller: NVIDIA Corporation GV100GL [Tesla V100 SXM2 32GB] '
 '(rev a1)\n'
 '00:1a.0 3D controller: NVIDIA Corporation GV100GL [Tesla V100 SXM2 32GB] '
 '(rev a1)\n'
 '00:1b

Now that instances are up and running, we need to set them up so they can communicate with each other. First, create a hostfile on each instance with ip and GPU info for every instance in the cluster. The `create_hostfile` does this automatically.

The `create_ssh_comm` creates the rsa keys for all nodes to communicate without logging into each other.

Finally, the `setup_container_communication` sets up additional keys to that docker containers on each instance can communicate with docker containers on other instances.

In [19]:
# This 
create_hostfile(ssh_client, private_ips)

In [20]:
create_ssh_comm(ssh_client)

In [21]:
setup_container_communication(ssh_client)

The command below will log each instance into ECR, and download your docker container. Modify region, repo, and image_name as needed. The aws account will be set automatically based on the account you used to create the cluster. Also note, leave the container name as `mpicont`. This actually has nothing to do with MPI directly, but the container communications tools expect to see a container named mpicont, which is how it directs communication to all containers.

In [22]:
docker_pull = '''
AWS_ACCOUNT=`aws sts get-caller-identity --query Account --output text` && \
REGION=us-east-1 && \
IMAGE_NAME=dlc-tf24-efa && \
REPO=jbsnyder && \

CONTAINER_IMAGE=${AWS_ACCOUNT}.dkr.ecr.${REGION}.amazonaws.com/${REPO}:${IMAGE_NAME} && \
CONTAINER_NAME=mpicont && \

docker login --username AWS --password $(aws ecr get-login-password --region ${REGION}) \
${AWS_ACCOUNT}.dkr.ecr.${REGION}.amazonaws.com && \
docker pull ${AWS_ACCOUNT}.dkr.ecr.${REGION}.amazonaws.com/${REPO}:${IMAGE_NAME}
'''
pull_output = ssh_client.run_on_all(docker_pull)

The nccl tests are optional, but useful for testing EFA performance. This command clones the nccl test repo to each instance.

In [41]:
nccl_test = '''
cd && \
git clone https://github.com/NVIDIA/nccl-tests.git
'''
nccl_output = ssh_client.run_on_all(nccl_test)

The next few commands are specific to mask rcnn. This downloads the data from S3 to the local EBS volume. At his point it might be useful to mount nvme if you're dealing with small files.

In [34]:
download_data = '''
cd && \
mkdir ~/data && \
cd data && \
aws s3 cp --recursive s3://jbsnyder-iad/data/coco/coco_tfrecord/ coco/ && \
aws s3 cp --recursive s3://jbsnyder-iad/data/coco/weights/ weights/
'''
download_output = ssh_client.run_on_all(download_data)

This grabs the model repo from github.

In [24]:
import getpass

In [69]:
password = getpass.getpass()
username = 'johnbensnyder'
clone_model_repo = '''
cd && \
git clone -b sagemaker_cv https://username:{0}@github.com/johnbensnyder/sagemaker_det
'''.format(password)
repo_output = ssh_client.run_on_all(clone_model_repo)
del password
del clone_model_repo

Launch the docker container on each node. Modify the lines

```
-v ~/nccl-tests:/nccl-tests \
-v ~/data:/data \
-v ~/sagemaker_det:/model \
```

to whatever directories you want to mount in your container.

Make sure to keep `-v /home/ubuntu/ssh_container:/root/.ssh \` `CONTAINER_NAME=mpicont && \` and `--device=/dev/infiniband/uverbs0 \` as is.

In [43]:
docker_launch = '''
AWS_ACCOUNT=`aws sts get-caller-identity --query Account --output text` && \
REGION=us-east-1 && \
IMAGE_NAME=dlc-tf24-efa && \
REPO=jbsnyder && \

CONTAINER_IMAGE=${AWS_ACCOUNT}.dkr.ecr.${REGION}.amazonaws.com/${REPO}:${IMAGE_NAME} && \
CONTAINER_NAME=mpicont && \

docker run --rm -it -d --gpus all \
                    --name $CONTAINER_NAME \
                    --net=host --uts=host --ipc=host \
                    --ulimit stack=67108864 --ulimit memlock=-1 \
                    --security-opt seccomp=unconfined \
                    -v /home/ubuntu/ssh_container:/root/.ssh \
                    -v ~/nccl-tests:/nccl-tests \
                    -v ~/data:/data \
                    -v ~/sagemaker_det:/model \
                    --device=/dev/infiniband/uverbs0 \
                    $CONTAINER_IMAGE
'''
launch_output = ssh_client.run_on_all(docker_launch)

Since this is the base DLC without my model modifications, need to install some packages

In [52]:
pip_install = '''
docker exec mpicont /bin/bash -c "pip install yacs tensorflow_addons cython numba tqdm tensorflow_datasets pybind11"
'''
pip_output = ssh_client.run_on_all(pip_install)

coco_tools = '''
docker exec mpicont /bin/bash -c \
"git clone https://github.com/johnbensnyder/cocoapi && \
	cd cocoapi/PythonAPI && \
	pip install -v --no-cache-dir -e ."
'''
coco_output = ssh_client.run_on_all(coco_tools)

open_cv = '''
docker exec mpicont /bin/bash -c "pip install pip install opencv-python==3.4.11.45"
'''
cv_output = ssh_client.run_on_all(open_cv)

lib_so = '''
docker exec mpicont /bin/bash -c \
"apt-get update && \
apt-get install ffmpeg libsm6 libxext6  -y"
'''
lob_so_output = ssh_client.run_on_all(lib_so)

At this point it's probably easiest to ssh into one of the nodes in order to launch training. You can use the public DNS from earlier in this notebook.

`ssh -i {your key} ubuntu@{public_dns for one of your nodes}`

You can then launch training with something like

```
docker exec mpicont /bin/bash -c \
"cd /model/tensorflow/tools && \
/opt/amazon/openmpi/bin/mpirun --allow-run-as-root \
-x LD_LIBRARY_PATH=/opt/amazon/efa/lib:/usr/local/lib:/nccl/build/lib:/aws-ofi-nccl/install/lib:$LD_LIBRARY_PATH \
-x NCCL_DEBUG=INFO \
-x RDMAV_FORK_SAFE=1 \
-x FI_PROVIDER="efa" \
--hostfile /root/.ssh/hosts \
--mca plm_rsh_no_tree_spawn 1 -bind-to none -map-by slot -mca pml ob1 \
--mca btl_vader_single_copy_mechanism none \
--mca oob_tcp_if_include ens5 \
--mca btl_tcp_if_include ens5 \
--oversubscribe \
python train.py --config configs/efa_mrcnn.yaml"
```

This is using mpirun, but other distributed strategies like torch.distributed will also work. the `-x LD_LIBRARY_PATH` add all the efa and nccl driver files to the path. `RDMAV_FORK_SAFE=1` is necessary to use nccl with EFA. `FI_PROVIDER="efa"` actually enables EFA. You can also switch off EFA by setting `FI_PROVIDER="ena"`. Note that running commands in this way sometimes means if you stop training early the docker container doesn't get the signal to stop. To prevent this, you can log in to the containeer interactively using `docker exec -it mpicont /bin/bash` then run

```
cd /model/tensorflow/tools && \
/opt/amazon/openmpi/bin/mpirun --allow-run-as-root \
-x LD_LIBRARY_PATH=/opt/amazon/efa/lib:/usr/local/lib:/nccl/build/lib:/aws-ofi-nccl/install/lib:$LD_LIBRARY_PATH \
-x NCCL_DEBUG=INFO \
-x RDMAV_FORK_SAFE=1 \
-x FI_PROVIDER="efa" \
--hostfile /root/.ssh/hosts \
--mca plm_rsh_no_tree_spawn 1 -bind-to none -map-by slot -mca pml ob1 \
--mca btl_vader_single_copy_mechanism none \
--mca oob_tcp_if_include ens5 \
--mca btl_tcp_if_include ens5 \
--oversubscribe \
python train.py --config configs/efa_mrcnn.yaml
```

Or some other command to launch training.

Once you're done, you can stop your cluster with

`ec2_client.stop_instances(InstanceIds=instances)`

0r terminate it entirely with

`ec2_client.terminate_instances(InstanceIds=instances)`

In [70]:
ec2_client.terminate_instances(InstanceIds=instances)

{'TerminatingInstances': [{'CurrentState': {'Code': 32,
    'Name': 'shutting-down'},
   'InstanceId': 'i-0a571527be6a8e5d0',
   'PreviousState': {'Code': 16, 'Name': 'running'}},
  {'CurrentState': {'Code': 32, 'Name': 'shutting-down'},
   'InstanceId': 'i-020b19d914d6c57d6',
   'PreviousState': {'Code': 16, 'Name': 'running'}},
  {'CurrentState': {'Code': 32, 'Name': 'shutting-down'},
   'InstanceId': 'i-03c38a7bf17b1c525',
   'PreviousState': {'Code': 16, 'Name': 'running'}},
  {'CurrentState': {'Code': 32, 'Name': 'shutting-down'},
   'InstanceId': 'i-0a5977d718a7d2e12',
   'PreviousState': {'Code': 16, 'Name': 'running'}}],
 'ResponseMetadata': {'RequestId': 'e74f120f-24db-4cd7-b81d-ca48e990b82b',
  'HTTPStatusCode': 200,
  'HTTPHeaders': {'x-amzn-requestid': 'e74f120f-24db-4cd7-b81d-ca48e990b82b',
   'cache-control': 'no-cache, no-store',
   'strict-transport-security': 'max-age=31536000; includeSubDomains',
   'content-type': 'text/xml;charset=UTF-8',
   'transfer-encoding': 'ch