WML Accelerator can be deployed in Docker
containers in a Kubernetes-managed cluster of IBM®
Power® Systems servers with GPUs. To deploy your containers, you
need to use IBM Cloud Private, version 3.1 or later to install
the WML Accelerator using an archive that can be downloaded
from IBM Passport Advantage after you procure the necessary licenses.
If you want to deploy WML Accelerator to a cluster of
IBM
Power Systems servers with GPUs, use the Installing WML Accelerator stand-alone process.
- Do not install Anaconda Distribution in the docker
containers that are part of a deployment on IBM Cloud Private because it is already installed as
part of PowerAI.
- Do not change any Spark instance group configuration parameters, such as
creating consumers or resource groups, changing plan configurations, adding packages from a
repository, or changing the Jupyter notebook configuration from the IBM Spectrum
Conductor user interface because these
are preconfigured through Helm charts when the product is deployed on IBM Cloud Private.
- The Notebook user interface is not supported in ingress proxy
mode
- The IBM Spectrum
Conductor user interface is not
supported in ingress proxy mode if authentication and authorization are enabled for the Spark instance group.
To install WML Accelerator with IBM Cloud Private, complete the following steps:
- Install Docker version 1.13.1 or later,
published by Red Hat Enterprise Linux (RHEL). Configure the storage driver for docker engine to be
device_mapper in direct_lvm mode. For more information, see
Use the Device Mapper storage driver.
- Prepare GPU worker nodes for deployments. See the Configuring a GPU worker node topic.
- Install IBM Cloud Private. For more information, see the
Installing IBM Cloud Private topic.
- Disable NFS version 4 on all the nodes by editing the /etc/sysconfig/nfs
file and adding this line: RPCNFSDARGS="--no-nfs-version 4". Restart the NFS
service.
To verify that NFS version 3 is active in all the nodes, run this command: rpcinfo -u
localhost nfs.
- Download the WML Accelerator PPA file from IBM Passport
Advantage.
- To make the WML Accelerator Docker image available in
IBM Cloud Private, see topic cloudctl catalog load-archive --archive TGZ_ARCHIVE
[--registry REGISTRY] [--repo HELM_REPO_NAME].
- WML Accelerator Docker image is now visible in the
IBM Cloud Private administration console. Go to . Change the scope of the image to global.
- Go to IBM Cloud Private administration console, go to and click Sync Repositories.
- WML Accelerator Helm chart is now listed in the
IBM Cloud Private administration console. Go to catalog and
search for ibm-powerai-enterprise-prod.
- Review the WML Accelerator Helm chart readme file for
WML Accelerator carefully. It documents prerequisites,
requirements, and limitations of WML Accelerator in IBM Cloud Private.
- Create Persistent volumes as instructed in the Helm chart readme file.
On the NFS server, ensure that the NFS volumes have the no_root_squash flag
set in /etc/exports; for example, /var/nfs
*(rw,no_root_squash,no_subtree_check).
- Optionally create a custom pod security policy. For instructions, review the
"PodSecurityPolicy Requirements" section in the WML Accelerator Helm chart readme file.
- Create the required secrets and service accounts as instructed in
the Helm chart readme file.
- Click Configure and enter information for the Helm Release name and the
Namespace fields. The default user name is admin and the default password is
admin. For more information, see Namespaces. Optionally specify a custom SSL certificate
By default, a self signed
certificate is generated, however, you can provide your own certificate that is signed by an
appropriate authority. To use your own certificate, follow these steps:
- Ensure that you have your certificate private key and PEM encoded certificate as two separate
files. These should be provided by your certificate authority; however, you can generate these
yourself. For example:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/tls.key -out
/tmp/tls.crt -subj "/CN=test.com"
Note: /tmp/tls.key
and /tmp/tls.crt are used in the remaining examples.
- Create a kubernetes secret using these files. For
example:
kubectl -n <NAMESPACE> create secret tls tls-secret --key=/tmp/tls.key
--cert=/tmp/tls.crt
- Set the cluster.tlsCertificateSecretName name in your
values.yaml (or in the user interface under Custom TLS
Certificate) to match then name you used above (in this case,
tls-secret).
Important: The names must match
exactly.
- Deploy the Helm chart.
If you later want to change the certificate, update the secret (kubectl edit secret
tls-secret) with the new certificate, and restart the -ingress pod.
- Click Install.
The proxy for accessing the cluster management console is by default, set to
IngressProxy and the base port set to 30745.
The
IngressProxy base port number and ASCD debug port is unique to each deployment. To check the deployment status, go to , search by Helm release name and its current
status as Deployed.
For information about accessing WML Accelerator user interface, go to , search for the helm release and click for details.
To access WML Accelerator user interface, you need to
complete some postinstallation configuration steps:
- Configure your client DNS server to resolve deployment name to any public
IP of the Kubernetes cluster. Configure the host mapping in the client host/etc/hosts for a UNIX OS or /etc/hosts counterpart for Windows OS.
For instance, replacing the x.x.x.x with any public IP of the Kubernetes
cluster.
$ cat /etc/hosts
x.x.x.x deployment name
For
example, for a Helm release name by powerai-enterprise and base port to its default
30745 (in step 14),
the host file has an entry similar to: powerai-enterprise-paiemaster
- Access the cluster by browser with the URL: https://deployment
name:base-port/platform, where deployment name matches the
Helm release deployment name and baseport matches the base port that is provided
during the deployment.
For example, for a Helm release name of powerai-enterprise
and base port as default 30745 (in step 14), the URL to access will be https://powerai-enterprise-paiemaster:30745/platform
- If you are using the default self-signed certificate, refer to steps 3 and onward in Locating the cluster management console.