original publication

Author: danielschulz

.gitignore

@@ -102,3 +102,22 @@ venv.bak/
 
 # mypy
 .mypy_cache/
+
+
+# password file
+resources/presentation/credentials.txt
+resources/photos/credentials.txt
+
+# IntelliJ IDEA project files
+.idea/*
+
+# for legal licensing reasons only, two images and the source presentation may not be provided in raw format
+code/2-uc-deeplearning-image/2-client-calls/1-requests/kitten.jpg
+code/2-uc-deeplearning-image/2-client-calls/1-requests/cute-chick-with-hairy-pussy.jpg
+resources/presentation/~$DevOps_AiToProduction_DockerizedLeanApproach.pptx
+resources/presentation/DevOps_AiToProduction_DockerizedLeanApproach.pptx
+resources/presentation/20181114_DevOps_AiToProduction_DockerizedLeanApproach.pdf
+
+# extracted git repos
+code/1-uc-structured-data-json/1-server-setup/1-data-to-deploy/raw-binaries/tensorflow_serving_tutorial
+code/2-uc-deeplearning-image/1-server-setup/1-data-to-deploy/raw-binaries/mxnet

README.md

@@ -1,2 +1,64 @@
 # DevOps_AiToProduction_DockerizedLeanApproach
-Delivery Excellence, DevOps: Cloud-native Deployments of Tensorflow Models
+Delivery Excellence, DevOps: Cloud-native Deployments of Data Science Models
+
+## Setup in static code
+Please modify this static git repo's code before using it. For technical and legal reasons, some files are 
+archived in unencrypted and plain 7z archives.
+
+### Extract
+For legal licensing reasons only, two images may not be provided in raw format.
+
+- `code/2-uc-deeplearning-image/2-client-calls/1-requests/kitten.7z` to
+`code/2-uc-deeplearning-image/2-client-calls/1-requests/kitten.jpg` to
+- `code/2-uc-deeplearning-image/2-client-calls/1-requests/cute-chick-with-hairy-pussy.7z` to
+`code/2-uc-deeplearning-image/2-client-calls/1-requests/cute-chick-with-hairy-pussy.jpg`
+- `code/1-uc-structured-data-json/1-server-setup/1-data-to-deploy/raw-binaries/tensorflow_serving_tutorial.7z` to 
+`code/1-uc-structured-data-json/1-server-setup/1-data-to-deploy/raw-binaries/tensorflow_serving_tutorial`
+- `code/2-uc-deeplearning-image/1-server-setup/1-data-to-deploy/raw-binaries/mxnet.7z` to 
+`code/2-uc-deeplearning-image/1-server-setup/1-data-to-deploy/raw-binaries/mxnet`
+
+The extraction keys for the presentation resp. photos may or may not be provided to you for legal reasons. You can find 
+the applicable keys in
+- `resources/presentation/credentials.txt` resp.
+- `resources/photos/credentials.txt` 
+Both latter software archives as git repositories are packaged only for technical reasons and do not need a passphrase 
+to extract them.
+
+
+# Prepare your client's host
+Amend your OS' `hosts` file like shown in `code/0-meta/client-network/amend-hosts-file/example-hosts-file`. 
+Your `hosts` file resides in:
+- Windows: `C:\Windows\System32\drivers\etc\hosts`
+- Linux: `/etc/hosts`
+
+
+# Getting started deploying Docker Containers
+
+## Establish SSH tunnel
+Shown in `code/0-meta/client-network/create-ssh-tunnel/sshConnection.bash`
+
+## Optional: Docker web ui
+Shown in `code/0-meta/server-optional-dockerwebui/deepinfrastructure-docker-webui.bash`
+
+## TensorFlow / Iris model
+
+### Distribute Model data
+Shown in `code/1-uc-structured-data-json/1-server-setup/1-data-to-deploy`
+
+### Start Docker Container
+Shown in `code/1-uc-structured-data-json/1-server-setup/2-bash-commands-to-execute/tf-model-iris.bash`
+
+### Perform client requests
+Requests in `code/1-uc-structured-data-json/2-client-calls/1-requests` and respective responses from `code/1-uc-structured-data-json/2-client-calls/2-example-responses`
+
+
+## MXNet / Deep Learning image classification model
+
+### Distribute Model data
+Shown in `code/2-uc-deeplearning-image/1-server-setup/1-data-to-deploy`
+
+### Start Docker Container
+Shown in `code/2-uc-deeplearning-image/1-server-setup/2-bash-commands-to-execute/mxnet-model-deeplearning.bash`
+
+### Perform client requests
+Requests in `code/2-uc-deeplearning-image/2-client-calls/1-requests` and respective responses from `code/2-uc-deeplearning-image/2-client-calls/2-example-responses`

code/0-meta/client-network/amend-hosts-file/example-hosts-file

@@ -0,0 +1,40 @@
+
+# a default on any Linux or Windows might be
+# IPv4
+127.0.0.1    localhost.localdomain localhost
+
+
+# amendments
+# you may use those FQDNs from the client (e.g. your local notebook) or 
+# server (e.g. in a remote Bash session) to access your local SSH tunnel trough it. 
+# 
+# Obviously you access your local network interfaces (127.0.0.1) and by proxy your 
+# SSH tunnel, which is listening on this network interface 
+# on specific ports (e.g. "127.0.0.1:2308" for port 2308 on localhost).
+#
+# All FQDNs are convenience only and might be replaced with the associated IP 
+# respectively -- the amendments are hence optional for the code to work
+
+
+# the IP and logical FQDN name for Hypervisor, VM or the remote Linux server
+# TODO: CHANGE ME
+10.2.3.4     host.docker.devops.svc.cluster.local
+
+
+# this FQDN will be used to access the Docker web ui through my browser
+127.0.0.1    webui.docker.devops.svc.cluster.local
+
+# Only for specific development reasons, I have connected my client's local IDE on Windows
+# to my server's Docker Daemon -- this lets me interact with my cluster as if it were local.
+#
+# I must admit, the IDE integration has flaws; additionally the Docker Daemon on the server 
+# needs to listen to this network's interface: I used localhost on the server, so the 
+# Docker Daemon is never exposed to outside access -- it will only be accessible through 
+# my SSH tunnel.
+127.0.0.1    daemon.docker.devops.svc.cluster.local
+
+# my convenient access URI for ReST calls to the structured data (JSON)
+127.0.0.1    iris.devops.svc.cluster.local
+
+# my convenient access URI for ReST calls to the Deep Learning path (image)
+127.0.0.1    deeplearning.devops.svc.cluster.local

code/0-meta/client-network/create-ssh-tunnel/sshConnection.bash

@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+
+
+# 1st SSH session aka the SSH tunnel
+ssh \
+    -L webui.docker.devops.svc.cluster.local:1206:127.0.0.1:1206 \
+    -L daemon.docker.devops.svc.cluster.local:1906:127.0.0.1:1906 \
+    -L iris.devops.svc.cluster.local:2008:127.0.0.1:2008 \
+    -L deeplearning.devops.svc.cluster.local:2308:127.0.0.1:2308 \
+    root@host.docker.devops.svc.cluster.local \
+    -i /c/Apps/Current/Keys/ssh-key-8k
+
+
+# ssh \
+#     # Docker administrative UI (1206) & Daemon port (1906)
+#     # my server's Docker Web UI listens on its port 1206 on localhost (IPv4) resp. 127.0.0.1
+#     # my server's Docker Daemon listens on its port 1906 on localhost (IPv4) resp. 127.0.0.1
+#     -L webui.docker.devops.svc.cluster.local:1206:127.0.0.1:1206 \
+#     -L daemon.docker.devops.svc.cluster.local:1906:127.0.0.1:1906 \
+#     # 2 ReST API ports
+#     -L iris.devops.svc.cluster.local:2008:127.0.0.1:2008 \
+#     -L deeplearning.devops.svc.cluster.local:2308:127.0.0.1:2308 \
+#     # node identity for login
+#     root@host.docker.devops.svc.cluster.local \
+#     # secret to login with -- my private OpenSSH keyfile
+#     -i /c/Apps/Current/Keys/ssh-key-8k
+#
+#
+# line-wise pattern: [local IP/FQDN]:[local port]:[remote IP/FQDN]:[remote port]
+# e.g. "deeplearning.devops.svc.cluster.local:2308:cloud.docker.devops.svc.cluster.local:2908"
+#   - local FQDN: "deeplearning.devops.svc.cluster.local"
+#     explanation: the SSH tunnel listens locally for all incoming request on this client's FQDN,
+#     which translates into an IP (localhost, 127.0.0.1)
+#   - local port: "2308"
+#     explanation: the SSH tunnel listens locally for all incoming request on this client's port
+#   - remote FQDN: "cloud.docker.devops.svc.cluster.local"
+#     explanation: the SSH tunnel forwards all incoming request to this
+#   - remote port: "2908"
+#     explanation: the SSH tunnel forwards all incoming request to this
+#
+# Only for simplicity, all local ports on the SSH tunnel forward to the exact same ports remotely
+# on the server. You may change all ports provided. As long as the chains will be kept
+# aligned (not broken), everything will keep on working as before.
+# The latter are the Docker Container's host ports all on the localhost network
+# interface respectively. So all Containers will only be accessible through the SSH tunnel and from
+# calls performed by the server itself. No inbound traffic may access them due to the
+# "natural firewall" (sic) on Linux -- no IPtables, etc. needed.
+
+
+# 2nd, 3rd, 4th, etc. SSH session
+# establish more SSH sessions wo/ any port forwards as all those ports above will be already blocked
+# more SSH sessions "only" help for convenience to work in multiple contexts/in directories at the same time
+ssh \
+    root@host.docker.devops.svc.cluster.local \
+    -i /c/Apps/Current/Keys/ssh-key-8k

code/0-meta/server-optional-dockerwebui/deepinfrastructure-docker-webui.bash

@@ -0,0 +1,51 @@
+#!/usr/bin/env bash
+
+
+# Docker Daemon control via web ui
+# - webui.docker.devops.svc.cluster.local:1206
+# - bind to localhost (IPv4) resp. 127.0.0.1 network interface --
+#     will only be accessible from server and through SSH tunnel;
+#     not even firewall-relevant network traffic from outside needs to be managed for it
+# - only map the Docker Daemon's TCP socket inside the Container Jail for it to speak to the Docker Daemon from with
+# - no user data mapping through Docker Volumes needed here -- might be better to add in production environments
+# - gets 128 MiB of RAM wo/ Swap and 8.125% of one CPU core
+docker run \
+    -d \
+    --name daniel-docker-daemon-ui \
+    -h 127.0.0.1 \
+    -p 1206:9000 \
+    -v /var/run/docker.sock:/var/run/docker.sock \
+    --memory="128m" --memory-swap="128m" \
+    --cpus=".08125" \
+    portainer/portainer
+
+# inspect Docker Containers 2 secs after starting -- the last command is a comment for the Bash history to reveal it
+# later on in case you need to step into the Container for debugging reasons
+sleep 2 && docker ps -a | grep daniel-docker-daemon-ui && docker ps -a
+# docker exec -it daniel-mxnet-server-deeplearning bash
+
+
+
+# Query the deployed service -- from server itself
+time curl -X GET \
+    http://localhost:1206 \
+    -H 'cache-control: no-cache' \
+    && echo $?
+
+
+
+
+# Query the deployed service -- from remote client
+time curl -X GET \
+    http://webui.docker.devops.svc.cluster.local:1206 \
+    -H 'cache-control: no-cache' \
+    && echo $?
+
+
+
+
+# UNDEPLOY --
+# WARNING: removes all runtime information again; persistent data (Volumes and Images) will remain untouched
+# remove Docker Container
+docker rm -f daniel-docker-daemon-ui
+docker ps -a

code/0-meta/server-optional-dockerwebui/example-responses/client-2-server-request-w-response.txt

@@ -0,0 +1,81 @@
+$ time curl -X GET \
+>     http://webui.docker.devops.svc.cluster.local:1206 \
+>     -H 'cache-control: no-cache' \
+>     && echo $?
+  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
+                                 Dload  Upload   Total   Spent    Left  Speed
+100  2804  100  2804    0     0  30150      0 --:--:-- --:--:-- --:--:-- 30150<!DOCTYPE html>
+<html lang="en" ng-app="portainer">
+<head>
+  <meta charset="utf-8">
+  <title>Portainer</title>
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <meta name="description" content="">
+  <meta name="author" content="Portainer.io">
+
+  <link rel="stylesheet" href="css/app.7d725f5a.css">
+
+  <!-- HTML5 shim, for IE6-8 support of HTML5 elements -->
+  <!--[if lt IE 9]>
+  <script src="//html5shim.googlecode.com/svn/trunk/html5.js"></script>
+  <![endif]-->
+
+  <script src="js/app.b6e7ddde.js"></script>
+
+  <!-- Fav and touch icons -->
+  <link rel="apple-touch-icon" sizes="180x180" href="ico/apple-touch-icon.png">
+  <link rel="icon" type="image/png" sizes="32x32" href="ico/favicon-32x32.png">
+  <link rel="icon" type="image/png" sizes="16x16" href="ico/favicon-16x16.png">
+  <link rel="manifest" href="ico/manifest.json">
+  <link rel="mask-icon" href="ico/safari-pinned-tab.svg" color="#5bbad5">
+  <link rel="shortcut icon" href="ico/favicon.ico">
+  <meta name="msapplication-config" content="ico/browserconfig.xml">
+  <meta name="theme-color" content="#ffffff">
+</head>
+
+<body ng-controller="MainController">
+  <div id="page-wrapper" ng-class="{
+    open: toggle && ['portainer.auth', 'portainer.updatePassword', 'portainer.init.admin', 'portainer.init.endpoint'].indexOf($state.current.name) === -1,
+    nopadding: ['portainer.auth', 'portainer.updatePassword', 'portainer.init.admin', 'portainer.init.endpoint'].indexOf($state.current.name) > -1 || applicationState.loading
+  }"
+  ng-cloak>
+    <div id="sideview" ui-view="sidebar" ng-if="!applicationState.loading"></div>
+
+    <div id="content-wrapper">
+      <div class="page-content">
+
+        <div class="page-wrapper" ng-if="applicationState.loading">
+          <!-- loading box -->
+          <div class="container simple-box">
+            <div class="col-md-6 col-md-offset-3 col-sm-6 col-sm-offset-3">
+              <!-- loading box logo -->
+              <div class="row">
+                <img ng-if="logo" ng-src="{{ logo }}" class="simple-box-logo">
+                <img ng-if="!logo" src="images/logo_alt.png" class="simple-box-logo" alt="Portainer">
+              </div>
+              <!-- !loading box logo -->
+              <!-- panel -->
+              <div class="row" style="text-align: center">
+                Connecting to the Docker endpoint...
+                <i class="fa fa-cog fa-spin" style="margin-left: 5px"></i>
+              </div>
+              <!-- !panel -->
+            </div>
+          </div>
+          <!-- !loading box -->
+        </div>
+
+        <!-- Main Content -->
+        <div id="view" ui-view="content" ng-if="!applicationState.loading"></div>
+
+      </div><!-- End Page Content -->
+    </div><!-- End Content Wrapper -->
+  </div><!-- End Page Wrapper -->
+</body>
+</html>
+
+
+real    0m0.915s
+user    0m0.062s
+sys     0m0.078s
+0

code/0-meta/server-optional-dockerwebui/example-responses/server-2-server-request-w-response.txt

@@ -0,0 +1,78 @@
+# time curl -X GET \
+>     http://localhost:1206 \
+>     -H 'cache-control: no-cache' \
+>     && echo $?
+<!DOCTYPE html>
+<html lang="en" ng-app="portainer">
+<head>
+  <meta charset="utf-8">
+  <title>Portainer</title>
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <meta name="description" content="">
+  <meta name="author" content="Portainer.io">
+
+  <link rel="stylesheet" href="css/app.7d725f5a.css">
+
+  <!-- HTML5 shim, for IE6-8 support of HTML5 elements -->
+  <!--[if lt IE 9]>
+  <script src="//html5shim.googlecode.com/svn/trunk/html5.js"></script>
+  <![endif]-->
+
+  <script src="js/app.b6e7ddde.js"></script>
+
+  <!-- Fav and touch icons -->
+  <link rel="apple-touch-icon" sizes="180x180" href="ico/apple-touch-icon.png">
+  <link rel="icon" type="image/png" sizes="32x32" href="ico/favicon-32x32.png">
+  <link rel="icon" type="image/png" sizes="16x16" href="ico/favicon-16x16.png">
+  <link rel="manifest" href="ico/manifest.json">
+  <link rel="mask-icon" href="ico/safari-pinned-tab.svg" color="#5bbad5">
+  <link rel="shortcut icon" href="ico/favicon.ico">
+  <meta name="msapplication-config" content="ico/browserconfig.xml">
+  <meta name="theme-color" content="#ffffff">
+</head>
+
+<body ng-controller="MainController">
+  <div id="page-wrapper" ng-class="{
+    open: toggle && ['portainer.auth', 'portainer.updatePassword', 'portainer.init.admin', 'portainer.init.endpoint'].indexOf($state.current.name) === -1,
+    nopadding: ['portainer.auth', 'portainer.updatePassword', 'portainer.init.admin', 'portainer.init.endpoint'].indexOf($state.current.name) > -1 || applicationState.loading
+  }"
+  ng-cloak>
+    <div id="sideview" ui-view="sidebar" ng-if="!applicationState.loading"></div>
+
+    <div id="content-wrapper">
+      <div class="page-content">
+
+        <div class="page-wrapper" ng-if="applicationState.loading">
+          <!-- loading box -->
+          <div class="container simple-box">
+            <div class="col-md-6 col-md-offset-3 col-sm-6 col-sm-offset-3">
+              <!-- loading box logo -->
+              <div class="row">
+                <img ng-if="logo" ng-src="{{ logo }}" class="simple-box-logo">
+                <img ng-if="!logo" src="images/logo_alt.png" class="simple-box-logo" alt="Portainer">
+              </div>
+              <!-- !loading box logo -->
+              <!-- panel -->
+              <div class="row" style="text-align: center">
+                Connecting to the Docker endpoint...
+                <i class="fa fa-cog fa-spin" style="margin-left: 5px"></i>
+              </div>
+              <!-- !panel -->
+            </div>
+          </div>
+          <!-- !loading box -->
+        </div>
+
+        <!-- Main Content -->
+        <div id="view" ui-view="content" ng-if="!applicationState.loading"></div>
+
+      </div><!-- End Page Content -->
+    </div><!-- End Content Wrapper -->
+  </div><!-- End Page Wrapper -->
+</body>
+</html>
+
+real    0m0.648s
+user    0m0.005s
+sys     0m0.009s
+0