Stable Diffusion Example (#25)

Author: lucasmelogithub

examples/gen-ai-stable-diffusion/README.md

@@ -0,0 +1,158 @@
+<p align="center">
+  <img src="https://github.com/intel/terraform-intel-aws-vm/blob/main/images/logo-classicblue-800px.png?raw=true" alt="Intel Logo" width="250"/>
+</p>
+
+# Intel® Optimized Cloud Modules for Terraform
+
+© Copyright 2023, Intel Corporation
+
+## AWS M7i EC2 Instance with 4th Generation Intel® Xeon® Scalable Processor (Sapphire Rapids) & Intel® Cloud Optimized Recipe for Stable Diffusion
+
+This demo will showcase Intel® OpenVino Optimized Stable Diffusion CPU inference using 4th Gen Xeon Scalable Processors with Intel® AMS on AWS.
+
+## Architecture Diagram
+
+<p align="center">
+  <img src="https://github.com/intel/terraform-intel-aws-vm/blob/main/images/gen-ai-stable-diffusion.png?raw=true" alt="stable-diffusion" width="750"/>
+</p>
+
+## IMPORTANT:Modify variables.tf and add your public to cidr_blocks = "0.0.0.0/0". 
+
+Use https://www.ipchicken.com/ to find your Public IP address
+
+
+## Usage - Modify variables.tf and main.tf as needed
+
+**variables.tf**
+
+If needed, modify the region to target a specific AWS Region
+
+```hcl
+...
+
+  default = [
+    {
+      from_port   = 22
+      to_port     = 22
+      protocol    = "tcp"
+      cidr_blocks = "192.0.0.0/8" 
+      
+    },
+
+variable "region" {
+  description = "Target AWS region to deploy EC2 in."
+  type        = string
+  default     = "us-east-1"
+}
+
+...
+```
+
+**main.tf**
+
+If needed, modify main.tf
+
+```hcl
+...
+
+module "ec2-vm" {
+  source            = "intel/aws-vm/intel"
+  key_name          = aws_key_pair.TF_key.key_name
+  instance_type     = "m7i.4xlarge"
+  availability_zone = "us-east-1a"
+  ami               = data.aws_ami.ubuntu-linux-2204.id
+  user_data         = data.cloudinit_config.ansible.rendered
+
+  root_block_device = [{
+    volume_size = "100"
+  }]
+
+  tags = {
+    Name     = "stable-diffusion-test-vm-${random_id.rid.dec}"
+    Owner    = "OwnerName-${random_id.rid.dec}",
+    Duration = "2"
+  }
+}
+
+...
+```
+
+## Running the Demo using AWS CloudShell
+
+1. Open your AWS account and click the Cloudshell prompt (terminal button on top right of page)
+
+2. Install Terraform
+
+```bash
+git clone https://github.com/tfutils/tfenv.git ~/.tfenv
+mkdir ~/bin
+ln -s ~/.tfenv/bin/* ~/bin/
+tfenv install 1.6.0
+tfenv use 1.6.0
+```
+
+3. Clone, if needed modify files, and run Terraform 
+
+```bash
+git clone https://github.com/intel/terraform-intel-aws-vm.git
+cd terraform-intel-aws-vm/examples/gen-ai-stable-diffusion
+# Make any necessary modifications to variables.tf and main.tf before running the Terraform commands below
+terraform init 
+terraform apply
+```
+
+
+```bash
+WAIT ~3 MINUTES
+```
+
+4. After the Terraform module successfully creates the EC2 instance, **wait ~3 minutes** for the recipe to download/install pre-requisites and Stable Diffusion before continuing.
+
+5. Navigate to the folder from where you ran **'terraform apply'**. Terraform created a **tfkey.private** key. 
+
+2. Change the tfkey.private permissions 
+
+    ```bash
+    chmod 400 tfkey.private
+    ```
+
+3. SSH into your new Virtual Machine
+
+    ```bash
+    ssh ubuntu@<Public_IP_Address_EC2_Instance> -i tfkey.private
+    ```
+
+3. Once you are logged into the EC2 instance, run the command
+
+    ```bash
+    source /usr/local/bin/run_demo.sh
+    ```
+
+4. The application will download the Stable Diffusion Model and optimized it using Intel® OpenVino
+
+5. When the application is ready, on your computer open a browser and **Browse to http://<VM_PLUBLIC_IP>:5000**
+
+6. OPTIONAL - You can also start the default not-optimized demo by running.   **Browse to port 5001 instead http://<VM_PLUBLIC_IP>:5001**
+
+    ```bash
+    source /usr/local/bin/not_optimized_run_demo.sh
+    ```
+
+7. You can now generate images by entering prompts
+
+8. To delete the demo, exit the VM instance by pressing Ctrl-C to break out of Stable Diffusion
+
+```bash
+terraform destroy  
+```
+
+## If not using the AWS Cloud Shell
+
+
+1. Install AWS CLI and run ``` aws configure``` to configure your AWS credentials
+
+2. Follow the same steps to run terraform, provision, ssh, and start the demo from your local workstation/laptop
+
+## Considerations
+
+- The AWS region where this example is run should have a default VPC

examples/gen-ai-stable-diffusion/cloud_init.yml

@@ -0,0 +1,15 @@
+#cloud-config
+package_update: true
+package_upgrade: true
+
+package:
+  - git
+
+ansible:
+  install_method: distro
+  package_name: ansible
+  pull:
+    url: "https://github.com/intel/optimized-cloud-recipes.git"
+    playbook_name: "recipes/ai-stable_diffusion-amx-ubuntu/recipe.yml"
+
+    

examples/gen-ai-stable-diffusion/main.tf

@@ -0,0 +1,97 @@
+# Provision EC2 Instance on Icelake on Amazon Linux OS in default vpc. It is configured to create the EC2 in
+# US-East-1 region. The region is provided in variables.tf in this example folder.
+
+# This example also create an EC2 key pair. Associate the public key with the EC2 instance. Create the private key
+# in the local system where terraform apply is done. Create a new scurity group to open up the SSH port 
+# 22 to a specific IP CIDR block
+
+######### PLEASE NOTE TO CHANGE THE IP CIDR BLOCK TO ALLOW SSH FROM YOUR OWN ALLOWED IP ADDRESS FOR SSH #########
+
+data "cloudinit_config" "ansible" {
+  gzip          = true
+  base64_encode = true
+
+  part {
+    filename     = "cloud_init"
+    content_type = "text/cloud-config"
+    content = templatefile(
+      "cloud_init.yml",
+      {}
+    )
+  }
+}
+
+data "aws_ami" "ubuntu-linux-2204" {
+  most_recent = true
+  owners      = ["099720109477"] # Canonical
+  filter {
+    name   = "name"
+    values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"]
+  }
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+}
+
+resource "random_id" "rid" {
+  byte_length = 5
+}
+
+# RSA key of size 4096 bits
+resource "tls_private_key" "rsa" {
+  algorithm = "RSA"
+  rsa_bits  = 4096
+}
+
+resource "aws_key_pair" "TF_key" {
+  key_name   = "TF_key-${random_id.rid.dec}"
+  public_key = tls_private_key.rsa.public_key_openssh
+}
+
+resource "local_file" "TF_private_key" {
+  content  = tls_private_key.rsa.private_key_pem
+  filename = "tfkey.private"
+}
+resource "aws_security_group" "ssh_security_group" {
+  description = "security group to configure ports for ssh"
+  name_prefix = "ssh_security_group"
+}
+
+# Modify the `ingress_rules` variable in the variables.tf file to allow the required ports for your CIDR ranges
+resource "aws_security_group_rule" "ingress_rules" {
+  count             = length(var.ingress_rules)
+  type              = "ingress"
+  security_group_id = aws_security_group.ssh_security_group.id
+  from_port         = var.ingress_rules[count.index].from_port
+  to_port           = var.ingress_rules[count.index].to_port
+  protocol          = var.ingress_rules[count.index].protocol
+  cidr_blocks       = [var.ingress_rules[count.index].cidr_blocks]
+}
+
+resource "aws_network_interface_sg_attachment" "sg_attachment" {
+  count = length(module.ec2-vm)
+  security_group_id    = aws_security_group.ssh_security_group.id
+  network_interface_id = module.ec2-vm[count.index].primary_network_interface_id
+}
+
+# Modify the `vm_count` variable in the variables.tf file to create the required number of EC2 instances
+module "ec2-vm" {
+  count = var.vm_count
+  source            = "intel/aws-vm/intel"
+  key_name          = aws_key_pair.TF_key.key_name
+  instance_type     = "m7i.8xlarge"
+  availability_zone = "us-east-1c"
+  ami               = data.aws_ami.ubuntu-linux-2204.id
+  user_data         = data.cloudinit_config.ansible.rendered
+
+  root_block_device = [{
+    volume_size = "100"
+  }]
+
+  tags = {
+    Name     = "stable-diffusion-vm-${count.index}-${random_id.rid.dec}"
+    Owner    = "OwnerName-${random_id.rid.dec}",
+    Duration = "2"
+  }
+}

examples/gen-ai-stable-diffusion/outputs.tf

@@ -0,0 +1,113 @@
+output "id" {
+  description = "The ID of the instance"
+  value       = try(module.ec2-vm.id, module.ec2-vm.id, "")
+}
+
+output "arn" {
+  description = "The ARN of the instance"
+  value       = try(module.ec2-vm.arn, "")
+}
+
+output "capacity_reservation_specification" {
+  description = "Capacity reservation specification of the instance"
+  value       = try(module.ec2-vm.capacity_reservation_specification, "")
+}
+
+output "instance_state" {
+  description = "The state of the instance. One of: `pending`, `running`, `shutting-down`, `terminated`, `stopping`, `stopped`"
+  value       = try(module.ec2-vm.instance_state, "")
+}
+
+output "outpost_arn" {
+  description = "The ARN of the Outpost the instance is assigned to"
+  value       = try(module.ec2-vm.outpost_arn, "")
+}
+
+output "password_data" {
+  description = "Base-64 encoded encrypted password data for the instance. Useful for getting the administrator password for instances running Microsoft Windows. This attribute is only exported if `get_password_data` is true"
+  value       = try(module.ec2-vm.password_data, "")
+}
+
+output "primary_network_interface_id" {
+  description = "The ID of the instance's primary network interface"
+  value       = try(module.ec2-vm.primary_network_interface_id, "")
+}
+
+output "private_dns" {
+  description = "The private DNS name assigned to the instance. Can only be used inside the Amazon EC2, and only available if you've enabled DNS hostnames for your VPC"
+  value       = try(module.ec2-vm.private_dns, "")
+}
+
+output "public_dns" {
+  description = "The public DNS name assigned to the instance. For EC2-VPC, this is only available if you've enabled DNS hostnames for your VPC"
+  value       = try(module.ec2-vm.public_dns, "")
+}
+
+output "public_ip" {
+  description = "The public IP address assigned to the instance, if applicable. NOTE: If you are using an aws_eip with your instance, you should refer to the EIP's address directly and not use `public_ip` as this field will change after the EIP is attached"
+  value       = try(module.ec2-vm.public_ip, "")
+}
+
+output "private_ip" {
+  description = "The private IP address assigned to the instance."
+  value       = try(module.ec2-vm.private_ip, "")
+}
+
+output "ipv6_addresses" {
+  description = "The IPv6 address assigned to the instance, if applicable."
+  value       = try(module.ec2-vm.ipv6_addresses, [])
+}
+
+output "tags_all" {
+  description = "A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block"
+  value       = try(module.ec2-vm.tags_all, {})
+}
+
+output "spot_bid_status" {
+  description = "The current bid status of the Spot Instance Request"
+  value       = try(module.ec2-vm.spot_bid_status, "")
+}
+
+output "spot_request_state" {
+  description = "The current request state of the Spot Instance Request"
+  value       = try(module.ec2-vm.spot_request_state, "")
+}
+
+output "spot_instance_id" {
+  description = "The Instance ID (if any) that is currently fulfilling the Spot Instance request"
+  value       = try(module.ec2-vm.spot_instance_id, "")
+}
+
+################################################################################
+# IAM Role / Instance Profile
+################################################################################
+
+output "iam_role_name" {
+  description = "The name of the IAM role"
+  value       = try(module.ec2-vm.aws_iam_role.name, null)
+}
+
+output "iam_role_arn" {
+  description = "The Amazon Resource Name (ARN) specifying the IAM role"
+  value       = try(module.ec2-vm.aws_iam_role.arn, null)
+}
+
+output "iam_role_unique_id" {
+  description = "Stable and unique string identifying the IAM role"
+  value       = try(module.ec2-vm.aws_iam_role.unique_id, null)
+}
+
+output "iam_instance_profile_arn" {
+  description = "ARN assigned by AWS to the instance profile"
+  value       = try(module.ec2-vm.aws_iam_instance_profile.arn, null)
+}
+
+output "iam_instance_profile_id" {
+  description = "Instance profile's ID"
+  value       = try(module.ec2-vm.aws_iam_instance_profile.id, null)
+}
+
+output "iam_instance_profile_unique" {
+  description = "Stable and unique string identifying the IAM instance profile"
+  value       = try(module.ec2-vm.aws_iam_instance_profile.unique_id, null)
+}

examples/gen-ai-stable-diffusion/providers.tf

@@ -0,0 +1,4 @@
+provider "aws" {
+  # Environment Variables used for Authentication
+  region = var.region
+}