arivis AI: Machine Learning and Deep Learning
      Back to home
      1. arivis Knowledge Hub
      2. Vision4D / arivis Pro
      3. arivis AI: Machine Learning and Deep Learning

      Installing Docker Engine on AWS

      Guidance on installing a standalone Docker Engine for Instance segmentation in the Amazon Cloud environment.

      TL;DR


      arivis Pro instance segmentation is typically performed on a local workstation using Docker Desktop.  This process is discussed in the KB article here:


      https://kb.arivis.com/installing-docker-for-ai-instance-segmentation


      Docker Desktop is not licensed or intended for multi-session use.  On a server environment, the Docker Engine must be used.

      Introduction

      The Docker Engine can be installed as a standalone instance, to be shared remotely as a service.

      From arivis Cloud, the segmentation container is Linux based, so for both reduced costs and ease of implementation, we would recommend a Linux based distribution to host the Docker Engine.

      Here is an overview of the required steps when creating the virtual machine on AWS.

      1.     Selecting size and Image

      From the EC2 Dashboard, look for the Launch instance dialog:

      Label our instance:

      We will use Ubuntu as it’s a very well used OS. Select an AMI with NVIDIA drivers contained, here the Deep Learning Base image is selected as it contains NVIDIA drivers and toolkit:

      azon.com/dlami/latest/devguide/gpu.html

      Only certain AWS instance types have GPU. A recommended list can be found on the website:


      https://docs.aws.amazon.com/dlami/latest/devguide/gpu.html


      For this example, we’ll use a g4dn instance type:

      Create your Key pair to access the instance. The .pem should be downloaded in your browser, save this as we will need it to connect to the instance:

      Create your network. You may want to switch SSH traffic from Anywhere to your specific IP. Extra inbound rules can be added to the security group later if needed:

      Configure your storage. Be aware that most image models are at least 5GB in size.

      Adding the NVIDIA OSS image will have added an extra volume:

      You can now Launch the instance.

      When started, using the keypair .pem and the default user, ssh into the instance using it's public IP address:

      ssh -i arivisEC2.pem ubuntu@<ip address>

      2.     Install Docker Engine

      Install | Docker Docs

      Set up Docker's apt repository:

      # Add Docker's official GPG key:

      sudo apt-get update
      sudo apt-get install ca-certificates curl
      sudo install -m 0755 -d /etc/apt/keyrings
      sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
      sudo chmod a+r /etc/apt/keyrings/docker.asc

      # Add the repository to Apt sources:
      echo \
      "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
      $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
      sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
      sudo apt-get update

      Install the Docker packages:

      sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

      3.     Enable Docker Remote access

      Configure remote access for Docker daemon | Docker Docs

      WARNING: Opening TCP to the Docker Engine is a security risk. Connection to the containers can provide root access. Ensure that necessary firewall restrictions are in place to allow only expected clients. Within Cloud environments external access is typically blocked by default but access from other machines within the virtual network need to be considered.

      Edit the systemctl service override:

      sudo systemctl edit docker.service

      The Docker instructions specify using 127.0.0.1, which will only bind to the localhost interface. To permit external connections, 0.0.0.0 will listen on all interfaces, you can modify this to a specific interface IP as required.

      WARNING: Only use 0.0.0.0 if access is controlled at the firewall level. Listening on all interfaces can be very dangerous if the machine is available to the public.  Binding to the specific interface IP of the intended traffic is a preferred configuration.

      Add these lines between the top comments:

      [Service]
      ExecStart=
      ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:2375

      Save the file (CTRL+X) and reload the systemctl configuration

      sudo systemctl daemon-reload

      Restart Docker

      sudo systemctl restart docker.service

      Within AWS the VM Security Group settings must receive a new port rule to allow 2375 from any specific clients that need to connect. Also a port range for the containers is required (if 10 containers may run in parallel, use 5000-5009):

      4.     Configure arivis Pro to use Remote Docker Engine

      Obtain your access token from arivis Cloud, use your server IP in the Remote URL:

       

      Last updated: 2025.02.18

      Code snippets were used from the links provided at the time of writing.  Please check the contained links for updates to any presented commands.