Skip to content

Commit

Permalink
Add Dockerfiles for Neuron DLC with SDK 2.20.2 (#29)
Browse files Browse the repository at this point in the history
*Issue #, if available:*

*Description of changes:*


By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice.
  • Loading branch information
foolhb authored Nov 22, 2024
1 parent 632831d commit 82606e4
Show file tree
Hide file tree
Showing 7 changed files with 74 additions and 181 deletions.
2 changes: 1 addition & 1 deletion docker/pytorch/inference/1.13.1/Dockerfile.neuron
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ LABEL maintainer="Amazon AI"
LABEL com.amazonaws.sagemaker.capabilities.accept-bind-to-port=true

# Neuron SDK components version numbers
ARG NEURON_FRAMEWORK_VERSION=1.13.1.2.11.7.0
ARG NEURON_FRAMEWORK_VERSION=1.13.1.2.11.13.0
ARG NEURON_CC_VERSION=1.24.0.0
ARG NEURONX_TOOLS_VERSION=2.19.0.0

Expand Down
6 changes: 3 additions & 3 deletions docker/pytorch/inference/1.13.1/Dockerfile.neuronx
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,10 @@ LABEL com.amazonaws.sagemaker.capabilities.accept-bind-to-port=true
# Neuron SDK components version numbers
ARG NEURONX_FRAMEWORK_VERSION=1.13.1.1.16.0
ARG NEURONX_DISTRIBUTED_VERSION=0.9.0
ARG NEURONX_CC_VERSION=2.15.141.0
ARG NEURONX_CC_VERSION=2.15.143.0
ARG NEURONX_TRANSFORMERS_VERSION=0.12.313
ARG NEURONX_COLLECTIVES_LIB_VERSION=2.22.26.0-17a033bc8
ARG NEURONX_RUNTIME_LIB_VERSION=2.22.14.0-6e27b8d5b
ARG NEURONX_COLLECTIVES_LIB_VERSION=2.22.33.0-d2128d1aa
ARG NEURONX_RUNTIME_LIB_VERSION=2.22.19.0-5856c0b42
ARG NEURONX_TOOLS_VERSION=2.19.0.0

ARG PYTHON=python3.10
Expand Down
8 changes: 4 additions & 4 deletions docker/pytorch/inference/2.1.2/Dockerfile.neuronx
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,11 @@ LABEL com.amazonaws.sagemaker.capabilities.accept-bind-to-port=true

# Neuron SDK components version numbers
ARG NEURONX_DISTRIBUTED_VERSION=0.9.0
ARG NEURONX_CC_VERSION=2.15.141.0
ARG NEURONX_FRAMEWORK_VERSION=2.1.2.2.3.1
ARG NEURONX_CC_VERSION=2.15.143.0
ARG NEURONX_FRAMEWORK_VERSION=2.1.2.2.3.2
ARG NEURONX_TRANSFORMERS_VERSION=0.12.313
ARG NEURONX_COLLECTIVES_LIB_VERSION=2.22.26.0-17a033bc8
ARG NEURONX_RUNTIME_LIB_VERSION=2.22.14.0-6e27b8d5b
ARG NEURONX_COLLECTIVES_LIB_VERSION=2.22.33.0-d2128d1aa
ARG NEURONX_RUNTIME_LIB_VERSION=2.22.19.0-5856c0b42
ARG NEURONX_TOOLS_VERSION=2.19.0.0

ARG PYTHON=python3.10
Expand Down
23 changes: 10 additions & 13 deletions docker/pytorch/training/1.13.1/Dockerfile.neuronx
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,10 @@ LABEL dlc_major_version="1"
# Neuron SDK components version numbers
ARG NEURONX_FRAMEWORK_VERSION=1.13.1.1.16.0
ARG NEURONX_DISTRIBUTED_VERSION=0.9.0
ARG NEURONX_DISTRIBUTED_TRAINING_VERSION=1.0.0
ARG NEURONX_CC_VERSION=2.15.141.0
ARG NEURONX_COLLECTIVES_LIB_VERSION=2.22.26.0-17a033bc8
ARG NEURONX_RUNTIME_LIB_VERSION=2.22.14.0-6e27b8d5b
ARG NEURONX_DISTRIBUTED_TRAINING_VERSION=1.0.1
ARG NEURONX_CC_VERSION=2.15.143.0
ARG NEURONX_COLLECTIVES_LIB_VERSION=2.22.33.0-d2128d1aa
ARG NEURONX_RUNTIME_LIB_VERSION=2.22.19.0-5856c0b42
ARG NEURONX_TOOLS_VERSION=2.19.0.0

ARG PYTHON=python3.10
Expand Down Expand Up @@ -162,12 +162,11 @@ RUN git clone https://github.com/NVIDIA/apex.git /root/apex \

#Install dependencies from requirements and extras for SageMaker usecase
RUN wget https://raw.githubusercontent.com/aws-neuron/neuronx-distributed-training/master/requirements.txt \
&& pip install --no-deps --no-cache-dir --no-build-isolation -r requirements.txt /root/apex/dist/apex-0.1-py3-none-any.whl \
&& pip install --force-reinstall "numba==0.57.1" \
"multiprocess==0.70.16" \
"numpy>=1.24.3,<=1.25.2" \
"dill==0.3.8"

&& pip install --no-cache-dir -r requirements.txt /root/apex/dist/apex-0.1-py3-none-any.whl \
&& pip install --force-reinstall "multiprocess==0.70.16" \
"dill==0.3.8" \
"torch==1.13.1"


RUN ${PIP} install --force-reinstall --no-deps neuronx_distributed_training==$NEURONX_DISTRIBUTED_TRAINING_VERSION --extra-index-url https://pip.repos.neuron.amazonaws.com

Expand All @@ -192,9 +191,7 @@ RUN pip install --no-cache-dir -U \
"opencv-python>=4.8.1.78" \
"plotly>=5.11,<6" \
"seaborn>=0.12,<1" \
"numba>=0.56.4,<0.57" \
"shap>=0.41,<1" \
"numpy<1.24,>1.21"
"shap>=0.41,<1"

# EFA Installer does apt get. Make sure to run apt update before that
RUN apt-get update
Expand Down
Original file line number Diff line number Diff line change
@@ -1,84 +1,4 @@
{
"CVE-2023-6730": {
"description": "Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.",
"remediation": {
"recommendation": {
"text": "None Provided"
}
},
"score": 8.8,
"score_details": {
"cvss": {
"adjustments": [],
"score": 8.8,
"scoreSource": "NVD",
"scoringVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"severity": "HIGH",
"source": "NVD",
"source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6730",
"status": "ACTIVE",
"title": "CVE-2023-6730 - transformers, transformers",
"vulnerability_id": "CVE-2023-6730",
"vulnerable_packages": [
{
"epoch": 0,
"filePath": "usr/local/lib/python3.10/site-packages/transformers-4.31.0.dist-info/METADATA",
"name": "transformers",
"packageManager": "PYTHONPKG",
"version": "4.31.0"
},
{
"epoch": 0,
"filePath": "requirements.txt",
"name": "transformers",
"packageManager": "PIP",
"version": "4.31.0"
}
]
},
"CVE-2023-7018": {
"description": "Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.",
"remediation": {
"recommendation": {
"text": "None Provided"
}
},
"score": 7.8,
"score_details": {
"cvss": {
"adjustments": [],
"score": 7.8,
"scoreSource": "NVD",
"scoringVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"severity": "HIGH",
"source": "NVD",
"source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7018",
"status": "ACTIVE",
"title": "CVE-2023-7018 - transformers, transformers",
"vulnerability_id": "CVE-2023-7018",
"vulnerable_packages": [
{
"epoch": 0,
"filePath": "usr/local/lib/python3.10/site-packages/transformers-4.31.0.dist-info/METADATA",
"name": "transformers",
"packageManager": "PYTHONPKG",
"version": "4.31.0"
},
{
"epoch": 0,
"filePath": "requirements.txt",
"name": "transformers",
"packageManager": "PIP",
"version": "4.31.0"
}
]
},
"CVE-2024-31580": {
"description": "PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.",
"remediation": {
Expand Down Expand Up @@ -197,17 +117,17 @@
"vulnerable_packages": [
{
"epoch": 0,
"filePath": "usr/local/lib/python3.10/site-packages/transformers-4.31.0.dist-info/METADATA",
"filePath": "usr/local/lib/python3.10/site-packages/transformers-4.36.0.dist-info/METADATA",
"name": "transformers",
"packageManager": "PYTHONPKG",
"version": "4.31.0"
"version": "4.36.0"
},
{
"epoch": 0,
"filePath": "requirements.txt",
"name": "transformers",
"packageManager": "PIP",
"version": "4.31.0"
"version": "4.36.0"
}
]
},
Expand Down
28 changes: 13 additions & 15 deletions docker/pytorch/training/2.1.2/Dockerfile.neuronx
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,11 @@ LABEL dlc_major_version="1"

# Neuron SDK components version numbers
ARG NEURONX_DISTRIBUTED_VERSION=0.9.0
ARG NEURONX_DISTRIBUTED_TRAINING_VERSION=1.0.0
ARG NEURONX_CC_VERSION=2.15.141.0
ARG NEURONX_FRAMEWORK_VERSION=2.1.2.2.3.1
ARG NEURONX_COLLECTIVES_LIB_VERSION=2.22.26.0-17a033bc8
ARG NEURONX_RUNTIME_LIB_VERSION=2.22.14.0-6e27b8d5b
ARG NEURONX_DISTRIBUTED_TRAINING_VERSION=1.0.1
ARG NEURONX_CC_VERSION=2.15.143.0
ARG NEURONX_FRAMEWORK_VERSION=2.1.2.2.3.2
ARG NEURONX_COLLECTIVES_LIB_VERSION=2.22.33.0-d2128d1aa
ARG NEURONX_RUNTIME_LIB_VERSION=2.22.19.0-5856c0b42
ARG NEURONX_TOOLS_VERSION=2.19.0.0

ARG PYTHON=python3.10
Expand Down Expand Up @@ -146,8 +146,9 @@ RUN ${PIP} config set global.extra-index-url https://pip.repos.neuron.amazonaws.
RUN ${PIP} install --force-reinstall --no-deps neuronx_distributed==$NEURONX_DISTRIBUTED_VERSION --extra-index-url https://pip.repos.neuron.amazonaws.com

## Installation for Neuronx Distributed Training framework
# Install Cython
RUN pip install --no-cache-dir Cython
# Install Cython & wheel
RUN ${PIP} install --no-cache-dir Cython \
&& ${PIP} install --no-cache-dir wheel

# Copy the apex_setup.py file
COPY apex_setup.py /root/apex_setup.py
Expand All @@ -161,11 +162,10 @@ RUN git clone https://github.com/NVIDIA/apex.git /root/apex \

#Install dependencies from requirements and extras for SageMaker usecase
RUN wget https://raw.githubusercontent.com/aws-neuron/neuronx-distributed-training/master/requirements.txt \
&& pip install --no-deps --no-cache-dir --no-build-isolation -r requirements.txt /root/apex/dist/apex-0.1-py3-none-any.whl \
&& pip install --force-reinstall "numba==0.57.1" \
"multiprocess==0.70.16" \
"numpy>=1.24.3,<=1.25.2" \
"dill==0.3.8"
&& ${PIP} install --no-cache-dir -r requirements.txt /root/apex/dist/apex-0.1-py3-none-any.whl \
&& ${PIP} install --force-reinstall "multiprocess==0.70.16" \
"dill==0.3.8" \
"torch==2.1.2"


RUN ${PIP} install --force-reinstall --no-deps neuronx_distributed_training==$NEURONX_DISTRIBUTED_TRAINING_VERSION --extra-index-url https://pip.repos.neuron.amazonaws.com
Expand All @@ -191,9 +191,7 @@ RUN pip install --no-cache-dir -U \
"opencv-python>=4.8.1.78" \
"plotly>=5.11,<6" \
"seaborn>=0.12,<1" \
"numba>=0.56.4,<0.57" \
"shap>=0.41,<1" \
"numpy<1.24,>1.21"
"shap>=0.41,<1"

# EFA Installer does apt get. Make sure to run apt update before that
RUN apt-get update
Expand Down
102 changes: 40 additions & 62 deletions docker/pytorch/training/2.1.2/Dockerfile.neuronx.cve_allowlist.json
Original file line number Diff line number Diff line change
@@ -1,81 +1,34 @@
{
"CVE-2023-6730": {
"description": "Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.",
"CVE-2022-40897": {
"description": "Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.",
"remediation": {
"recommendation": {
"text": "None Provided"
}
},
"score": 8.8,
"score": 5.9,
"score_details": {
"cvss": {
"adjustments": [],
"score": 8.8,
"score": 5.9,
"scoreSource": "NVD",
"scoringVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"scoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"severity": "HIGH",
"severity": "MEDIUM",
"source": "NVD",
"source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6730",
"source_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40897",
"status": "ACTIVE",
"title": "CVE-2023-6730 - transformers, transformers",
"vulnerability_id": "CVE-2023-6730",
"title": "CVE-2022-40897 - setuptools",
"vulnerability_id": "CVE-2022-40897",
"vulnerable_packages": [
{
"epoch": 0,
"filePath": "usr/local/lib/python3.10/site-packages/transformers-4.31.0.dist-info/METADATA",
"name": "transformers",
"packageManager": "PYTHONPKG",
"version": "4.31.0"
},
{
"epoch": 0,
"filePath": "requirements.txt",
"name": "transformers",
"packageManager": "PIP",
"version": "4.31.0"
}
]
},
"CVE-2023-7018": {
"description": "Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.",
"remediation": {
"recommendation": {
"text": "None Provided"
}
},
"score": 7.8,
"score_details": {
"cvss": {
"adjustments": [],
"score": 7.8,
"scoreSource": "NVD",
"scoringVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"severity": "HIGH",
"source": "NVD",
"source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7018",
"status": "ACTIVE",
"title": "CVE-2023-7018 - transformers, transformers",
"vulnerability_id": "CVE-2023-7018",
"vulnerable_packages": [
{
"epoch": 0,
"filePath": "usr/local/lib/python3.10/site-packages/transformers-4.31.0.dist-info/METADATA",
"name": "transformers",
"filePath": "usr/local/lib/python3.10/site-packages/setuptools-59.5.0.dist-info/METADATA",
"name": "setuptools",
"packageManager": "PYTHONPKG",
"version": "4.31.0"
},
{
"epoch": 0,
"filePath": "requirements.txt",
"name": "transformers",
"packageManager": "PIP",
"version": "4.31.0"
"version": "59.5.0"
}
]
},
Expand Down Expand Up @@ -197,17 +150,17 @@
"vulnerable_packages": [
{
"epoch": 0,
"filePath": "usr/local/lib/python3.10/site-packages/transformers-4.31.0.dist-info/METADATA",
"filePath": "usr/local/lib/python3.10/site-packages/transformers-4.36.0.dist-info/METADATA",
"name": "transformers",
"packageManager": "PYTHONPKG",
"version": "4.31.0"
"version": "4.36.0"
},
{
"epoch": 0,
"filePath": "requirements.txt",
"name": "transformers",
"packageManager": "PIP",
"version": "4.31.0"
"version": "4.36.0"
}
]
},
Expand Down Expand Up @@ -282,5 +235,30 @@
"version": "1.8.6"
}
]
},
"CVE-2024-6345": {
"description": "A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.",
"remediation": {
"recommendation": {
"text": "None Provided"
}
},
"score": 0.0,
"score_details": {},
"severity": "UNTRIAGED",
"source": "NVD",
"source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345",
"status": "ACTIVE",
"title": "CVE-2024-6345 - setuptools",
"vulnerability_id": "CVE-2024-6345",
"vulnerable_packages": [
{
"epoch": 0,
"filePath": "usr/local/lib/python3.10/site-packages/setuptools-59.5.0.dist-info/METADATA",
"name": "setuptools",
"packageManager": "PYTHONPKG",
"version": "59.5.0"
}
]
}
}

0 comments on commit 82606e4

Please sign in to comment.