Model Registry as a Service (MRaaS)

This repository contains the source code and relevent documentation for the Model Registry as a Service (MRaaS). The MRaaS allows users to manage artifacts, and metadata associated to a registered machine learning (ML) model. This service also retreives project and model data from a specified Intel® Geti™ server instance. The model registry acts as a storage resource that holds a model’s metadata and artifacts for easy retrieval by an application or service. Without the service, tracking models deployed to an edge environment would be more difficult and the likelihood models are served with applications or services instead of managed independently is higher. The model registry service is intended to improve the management and utilization of ML models on the edge.

Table of Contents

• Introduction

• Requirements

  • Software

• Setup

  • Local Development

  • Production

• Configuration

  • Required Variables

  • Example .env file

• Usage

• Testing

• License

• Contact

Requirements

This microservice requires the following to run:

Software:

Operating System:

• Linux (tested on Debian 12)

Programming Language:

• Python 3.9

Dependencies:

• geti-sdk (1.5.8)

• mlflow (2.7.1)

• psycopg2-binary (2.9.7)

• boto3 (1.28.44)

• minio (7.1.16)

• fastapi (0.104.1)

• uvicorn (0.24.0.post1)

• python-multipart (0.0.6)

• pydantic (2.3.0)

• pydantic_core (2.6.3)

Data management solutions:

• PostgreSQL (13.0)

• MinIO (2020-12-12T08-39-07Z)

Development and Deployment resources

• Docker and Docker Compose

• A code editor or IDE supporting Python

Setup

Local Development

Steps based on Linux

1. Clone repository .. code-block:

   git clone https://github.com/intel-innersource/applications.services.esh.model-registry-as-a-service.git
   

2. Install Python 3.9 .. code-block:

   sudo apt-get install python3.9
   

3. Create virtual environment ``` cd applications.services.esh.model-registry-as-a-service

virtualenv -p /usr/bin/python3.9 myenv

3. **Activate virtual environment**

source myenv/bin/activate

4. **Install dependencies**

pip install -r requirements.txt

5. **Configure environment variables**
    * Update the environment variables with missing values
    * Update `DEV_MODE=true` to enable non-encrypted connection between services
    * Update the following environment variables in the `.env` file in the project's root directory to enable access to a Geti server workspace's projects and models:
        * `GETI_HOST`: The url for a Geti Server instance
        * `GETI_TOKEN`: Your access token for a Geti Server instance
6. **Run the microservice**

cd app/ python main.py

### Production
1. Configure environment variables
    * Update environment variables as needed
        *  See [Local Development > 5. Configure environment variables](#local-development) for details
    * Update the `DEV_MODE=false` to enable SSL for the model registry and an encrypted connection between services
1. Create certificates and keys

./ssl_certs_setup.sh
```

1. Build Docker image(s) .. code-block:

   docker compose build
   

2. Create SSL certificates and keys for SSL and encrypted communication .. code-block:

   ./ssl_certs_setup.sh
   

3. Create and start Docker containers .. code-block:

   docker compose up -d
   

Configuration

This microservice uses environment variables for configuration.

Required Variables:

• DEV_MODE: Set to true for development mode. Security and encryption are disabled in this mode. Otherwise, false for production mode. Security and encryption are enabled in this mode.

• MINIO_ACCESS_KEY: Your access key for a MinIO object storage server

• MINIO_SECRET_KEY: Your secret key for a MinIO object storage server

• PKG_SRC: The url where the nightly packages are released

• USER_PASSWORD: The password used for root or admin accounts

• EII_USER_NAME: The user name for the user within the Docker container

• EII_UID: The ID for the user within the Docker container

• GETI_HOST: The url for a Geti Server instance

• GETI_TOKEN: Your access token for a Geti Server instance

• GETI_VERIFY_CERT: Set to 0 to disable certificate validation; Otherwise 1 to enable certificate validation

• MRAAS_PSQL_HOSTNAME: The host name for the PostgreSQL service

• MRAAS_PSQL_USER: The user name for the PostgreSQL database

• MRAAS_PSQL_PASSWORD: The password associated to the MRAAS_PSQL_USER

• MRAAS_PSQL_DATABASE: The name of the PostgreSQL database

• MRAAS_PSQL_PORT: The listening port for PostgreSQL server

• MRAAS_MINIO_BUCKET_NAME: The name of the bucket where model artifacts are stored in MinIO Object Storage

• MRAAS_MINIO_HOSTNAME: The host name for the MinIO service

• MRAAS_MINIO_SERVER_PORT: The server port for the MinIO service

• MRAAS_VERSION: The version of the MRaaS

• MRAAS_MIN_LOG_LEVEL: The minimum threshold for log message

  • The support values are NOTSET, DEBUG, INFO, WARNING, ERROR, and CRITICAL

  • These levels are listed from least to most severe

• MRAAS_SERVER_PORT: The server port for the MRaaS

• MRAAS_DEBUGPY_PORT: The Debugpy port for the MRaaS

• MRAAS_MLFLOW_S3_ENDPOINT_URL: The S3 endpoint URL to use for artifact operations

Example .env file:

# -------------------------------------------
# MRaaS environment variables

DEV_MODE=true

# DEB pacakges source location
PKG_SRC=http://eii-nightly-devops.iind.intel.com/latest

USER_PASSWORD=

# Docker security
EII_USER_NAME=eiiuser
EII_UID=1999

# Intel Geti Server details
GETI_HOST=
GETI_TOKEN=
GETI_VERIFY_CERT=0

#PostgreSQL service & client adapter
MRAAS_PSQL_HOSTNAME=mraas_postgres
MRAAS_PSQL_USER=
MRAAS_PSQL_PASSWORD=
MRAAS_PSQL_DATABASE=model_registry_db
MRAAS_PSQL_PORT=5432

# MinIO service & client
MRAAS_MINIO_ACCESS_KEY=
MRAAS_MINIO_SECRET_KEY=
MRAAS_MINIO_BUCKET_NAME=model-registry
MRAAS_MINIO_HOSTNAME=mraas_minio
MRAAS_MINIO_SERVER_PORT=8000

# Model Registry service
MRAAS_VERSION=1.0
MRAAS_MIN_LOG_LEVEL=INFO
MRAAS_SERVER_PORT=5002
MRAAS_DEBUGPY_PORT=5678

# MLflow
MRAAS_MLFLOW_S3_ENDPOINT_URL=http://127.0.0.1:8000

Usage

You can interact with the model registry through its REST API.

After successfully launching the service, documentation describing each API endpoint can be found at http://{ip-address}:{MRAAS_SERVER_PORT}/docs

Note: All API endpoints requires authentication to access. Please follow the steps below to obtain a JSON Web Token (JWT). The JWT is used as a Bearer token when making a request:

1. Login: Make a POST request to the /login endpoint with your username and password. The supported user names are admin and root. The password is the same as the USER_PASSWORD environment variable set in the .env file

2. Receive JWT: The successful response from the /login endpoint will include an access token in the Response body.

3. Include Token in Requests: For subsequent API calls, include the obtained Bearer token in the Authorization header of your requests.

Example:

Authorization: Bearer <your_token_here>

Testing

pytest is used to test the core functionality of individual modules and functions.

Prerequiste: Install pytest and other relevant dependencies

source myenv/bin/activate

pip install -r tests/requirements-tests.txt

1. Run tests

   • pytest --cov=app tests/ - Generate a code coverage report for all tests

   • pytest --cov=app --cov-report html - Generate a HTML report of the code coverage

   • pytest tests/unit_tests/file.py - Run the tests in a specific file

   • pytest tests/unit_tests/test_main.py::test_function_name - Run a specific test function

License

• Proprietary

Contact

• Elroy Ashtian (elroy.ashtian@intel.com)