archai/docker
Gustavo Rosa 7f8ed162b0 chore(docker): Adds a Dockerfile with DeepSpeed and Flash-Attention. 2023-03-20 09:55:03 -03:00
..
Dockerfile
Dockerfile.flash
README.md
build_image.sh
run_container.sh
run_container_with_gvisor.sh

README.md

Using Docker to Run Archai

This folder contains tools for creating development and production environments that are secure and isolated from the host system, including Docker and gVisor.

Docker

The Dockerfile can be used to build a development environment for running experiments. The build_image.sh and run_container.sh scripts can be used to build the Docker image and run the container, respectively:

bash build_image.sh
bash run_container.sh

Docker and gVisor for Enhanced Security

gVisor is a runtime that provides an additional layer of security for containers by intercepting and monitoring runtime instructions before they reach the host system. Its primary goal is to enable the execution of untrusted workloads without compromising the security of other workloads or the underlying infrastructure.

To install the latest release of gVisor and use it as a Docker runtime:

Download and install gVisor:

(
  set -e
  ARCH=$(uname -m)
  URL=https://storage.googleapis.com/gvisor/releases/release/latest/${ARCH}
  wget ${URL}/runsc ${URL}/runsc.sha512 ${URL}/containerd-shim-runsc-v1 ${URL}/containerd-shim-runsc-v1.sha512
  sha512sum -c runsc.sha512 -c containerd-shim-runsc-v1.sha512
  rm -f *.sha512
  chmod a+rx runsc containerd-shim-runsc-v1
  sudo mv runsc containerd-shim-runsc-v1 /usr/local/bin
)

Set gVisor as the Docker runtime:

sudo /usr/local/bin/runsc install
sudo systemctl restart docker

To run the container with Docker and gVisor:

bash run_container_with_gvisor.sh