华为云AI开发平台ModelArtsTFServing框架迁移到推理自定义引擎_云淘科技
背景说明
TensorFlow Serving是一个灵活、高性能的机器学习模型部署系统,提供模型版本管理、服务回滚等能力。通过配置模型路径、模型端口、模型名称等参数,原生TFServing镜像可以快速启动提供服务,并支持gRPC和HTTP Restful API的访问方式。
当从TFServing迁移到使用ModelArts推理的AI应用管理和服务管理时,需要对原生TFServing镜像的构建方式做一定的改造,以使用ModelArts推理平台的模型版本管理能力和动态加载模型的部署能力。本案例将一步一步指导用户完成原生TFServing镜像到ModelArts推理自定义引擎的改造。自定义引擎的镜像制作完成后,即可以通过AI应用导入对模型版本进行管理,并基于AI应用进行部署和管理服务。
适配和改造的主要工作项如下:
图1 改造工作项
增加用户ma-user
通过增加nginx代理,支持https协议
修改模型默认路径,支持MA推理模型动态加载
操作步骤
增加用户ma-user
基于原生”tensorflow/serving:2.8.0″镜像构建,镜像中100的用户组默认已存在,Dockerfile中执行如下命令增加用户ma-user。
RUN useradd -d /home/ma-user -m -u 1000 -g 100 -s /bin/bash ma-user
通过增加nginx代理,支持https协议
协议转换为https之后,对外暴露的端口从tfserving的8501变为8080。
Dockerfile中执行如下命令完成nginx的安装和配置。
RUN apt-get update && apt-get -y --no-install-recommends install nginx && apt-get clean
RUN mkdir /home/mind && \
mkdir -p /etc/nginx/keys && \
mkfifo /etc/nginx/keys/fifo && \
chown -R ma-user:100 /home/mind && \
rm -rf /etc/nginx/conf.d/default.conf && \
chown -R ma-user:100 /etc/nginx/ && \
chown -R ma-user:100 /var/log/nginx && \
chown -R ma-user:100 /var/lib/nginx && \
sed -i "s#/var/run/nginx.pid#/home/ma-user/nginx.pid#g" /etc/init.d/nginx
ADD nginx /etc/nginx
ADD run.sh /home/mind/
ENTRYPOINT []
CMD /bin/bash /home/mind/run.sh
准备nginx目录如下:
nginx
├──nginx.conf
└──conf.d
├── modelarts-model-server.conf
准备nginx.conf文件内容如下:
user ma-user 100;
worker_processes 2;
pid /home/ma-user/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
types_hash_max_size 2048;
fastcgi_hide_header X-Powered-By;
port_in_redirect off;
server_tokens off;
client_body_timeout 65s;
client_header_timeout 65s;
keepalive_timeout 65s;
send_timeout 65s;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/modelarts-model-server.conf;
}
准备modelarts-model-server.conf配置文件内容如下:
server {
client_max_body_size 15M;
large_client_header_buffers 4 64k;
client_header_buffer_size 1k;
client_body_buffer_size 16k;
ssl_certificate /etc/nginx/ssl/server/server.crt;
ssl_password_file /etc/nginx/keys/fifo;
ssl_certificate_key /etc/nginx/ssl/server/server.key;
# setting for mutual ssl with client
##
# header Settings
##
add_header X-XSS-Protection "1; mode=block";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
add_header Content-Security-Policy "default-src 'self'";
add_header Cache-Control "max-age=0, no-cache, no-store, must-revalidate";
add_header Pragma "no-cache";
add_header Expires "-1";
server_tokens off;
port_in_redirect off;
fastcgi_hide_header X-Powered-By;
ssl_session_timeout 2m;
##
# SSL Settings
##
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256;
listen 0.0.0.0:8080 ssl;
error_page 502 503 /503.html;
location /503.html {
return 503 '{"error_code": "ModelArts.4503","error_msg": "Failed to connect to backend service, please confirm your service is connectable. "}';
}
location / {
# limit_req zone=mylimit;
# limit_req_status 429;
proxy_pass http://127.0.0.1:8501;
}
}
准备启动脚本。
启动前先创建ssl证书,然后启动TFServing的启动脚本。
启动脚本run.sh示例代码如下:
#!/bin/bash
mkdir -p /etc/nginx/ssl/server && cd /etc/nginx/ssl/server
cipherText=$(openssl rand -base64 32)
openssl genrsa -aes256 -passout pass:"${cipherText}" -out server.key 2048
openssl rsa -in server.key -passin pass:"${cipherText}" -pubout -out rsa_public.key
openssl req -new -key server.key -passin pass:"${cipherText}" -out server.csr -subj "/C=CN/ST=GD/L=SZ/O=Huawei/OU=ops/CN=*.huawei.com"
openssl genrsa -out ca.key 2048
openssl req -new -x509 -days 3650 -key ca.key -out ca-crt.pem -subj "/C=CN/ST=GD/L=SZ/O=Huawei/OU=dev/CN=ca"
openssl x509 -req -days 3650 -in server.csr -CA ca-crt.pem -CAkey ca.key -CAcreateserial -out server.crt
service nginx start &
echo ${cipherText} > /etc/nginx/keys/fifo
unset cipherText
sh /usr/bin/tf_serving_entrypoint.sh
修改模型默认路径,支持MA推理模型动态加载
Dockerfile中执行如下命令修改默认的模型路径。
ENV MODEL_BASE_PATH /home/mind ENV MODEL_NAME model
完整的Dockerfile参考
FROM tensorflow/serving:2.8.0
RUN useradd -d /home/ma-user -m -u 1000 -g 100 -s /bin/bash ma-user
RUN apt-get update && apt-get -y --no-install-recommends install nginx && apt-get clean
RUN mkdir /home/mind && \
mkdir -p /etc/nginx/keys && \
mkfifo /etc/nginx/keys/fifo && \
chown -R ma-user:100 /home/mind && \
rm -rf /etc/nginx/conf.d/default.conf && \
chown -R ma-user:100 /etc/nginx/ && \
chown -R ma-user:100 /var/log/nginx && \
chown -R ma-user:100 /var/lib/nginx && \
sed -i "s#/var/run/nginx.pid#/home/ma-user/nginx.pid#g" /etc/init.d/nginx
ADD nginx /etc/nginx
ADD run.sh /home/mind/
ENV MODEL_BASE_PATH /home/mind
ENV MODEL_NAME model
ENTRYPOINT []
CMD /bin/bash /home/mind/run.sh
父主题: 推理部署
同意关联代理商云淘科技,购买华为云产品更优惠(QQ 78315851)
内容没看懂? 不太想学习?想快速解决? 有偿解决: 联系专家
