Run Flower on Azure¶
Note
There are many ways to deploy Flower on Microsoft Azure. The instructions provided in this guide is just a basic walkthrough, step-by-step guide on how to quickly setup and run a Flower application on a Federated Learning environment on Microsoft Azure.
In this how-to guide, we want to create a Federated Learning environment on Microsoft Azure using three Virtual Machines (VMs). From the three machines, one machine will be used as the Federation server and two as the Federation clients. Our goal is to create a Flower federation on Microsoft Azure where we can run Flower apps from our local machine, e.g., laptop.
On the Federation server VM we will deploy the long-running Flower server
(SuperLink
) and on the two Federation client VMs we will deploy the long-running
Flower client (SuperNode
). For more details For more details regarding the
SuperLink
and SuperNode
concepts, please see the Flower Architecture .
Azure VMs¶
First we need to create the three VMs configure their Python environments, and inbound networking rules to allow cross-VM communication.
VM Create¶
Assuming we are already inside the Microsoft Azure portal, we navigate to the Create
page and we select Azure virtual machine
. In the new page, for each VM we edit the
properties as follows:
Virtual machine name |
for server machine we can use |
Image |
in this guide, we use |
Size |
in this guide, we use |
Tip
For resource group, we can create a new group and assign it to all VMs.
When each VM instance has been created the portal will allow you to download the public
key (.pem) of each instance. Make sure you save this key in safe place and change its
permissions to user read only, i.e., run the chmod 400 <PATH_TO_PEM_FILE>
command
for every .pem file.
Once all three VMs are created then navigate to the overview page where all three VMs
are listed and open every other VM, and copy its Public IP address. Using the Public IP
address and the public key (after changing the permissions), login to the instances from
our local machine by running the following command (by default Azure creates the
azureuser
):
ssh -i <PATH_TO_PEM_FILE> azureuser@<PUBLIC_IP>
VM Networking¶
During the execution of the Flower application, the server VM (SuperLink
) will be
responsible to orchestrate the execution of the application across the client VMs
(SuperNode
). When the SuperLink server starts, by default, it listens to the
following ports: {9092, 9093}
. Port 9092 is used to communicate with the
Federation clients (SuperNode
) and port 9093
to receive and execute Flower
applications.
Therefore, to enable this communication we need to allow inbound traffic to the server
VM instance. To achieve this, we need to navigate to the Networking page of the server
VM in the Microsoft Azure portal. There, we will click the Add inbound port rule
. In
the new window that appears, we edit the rule properties as follows:
The rest of the fields can be left at their default values.
Source |
|
Source IP addresses/CIDR ranges |
add client VMs' Public IP (separated by comma) |
Destination |
|
Service |
|
Destination port ranges |
|
Protocol |
|
Finally, we need to also open port 9093 to allow receiving and executing incoming
application requests. To enable this we just need to repeat the steps above, i.e.,
create a new inbound rule, where for port range we assign port 9093. If we already know
the Public IP from which our local machine (e.g., laptop) will be submitting
applications to the Azure cluster, then we just need to specify the Source IP
address/CIDR range. However, if we want to keep the port widely open we simply need to
change source to Any
.
To be more precise, if we know the Public IP of our machine, then we make the following changes:
Source IP addresses/CIDR ranges |
add machine's Public IP |
Destination port ranges |
|
Otherwise, we change the properties as follows:
Source |
|
Destination port ranges |
|
Flower Environment¶
Assuming we have been able to login to each VM, and create a Python environment with
Flower and all its dependencies installed (pip install flwr
), we can create a Flower
application by running the flwr new
command. The console will then prompt us to give
a name to the project, e.g., flwr_azure_test
, the name of the author and select the
type of the Flower Framework we want to run, e.g., numpy
.
Note
An alternative approach would be to use Docker in each VM, with each image containing the necessary environment and dependencies. For more details please refer to the Run Flower using Docker guide.
Server Initialization¶
After configuring the Flower application environment, we proceed by starting the Flower
long-running processes (i.e., SuperLink
and SuperNode
) at each VM instance. In
particular, we need to run the following commands, first in the server (SuperLink
)
and then at each client (SuperNode
).
Note
To enable authentication and encrypted communication during the execution lifecycle of the Flower application, please have a look at the following resources: Authenticate Supernodes, Enable TLS Connections
# Server VM (SuperLink)
flower-superlink --insecure
# Client-1 VM (SuperNode-1)
flower-supernode \
--insecure \
--clientappio-api-address="0.0.0.0:9094" \ # SuperNode listening port
--superlink="SUPERLINK_PUBLIC_IP:9092" # SuperLink public ip and port
# Client-2 VM (SuperNode-2)
flower-supernode \
--insecure \
--clientappio-api-address="0.0.0.0:9095" \ # SuperNode listening port
--superlink="SUPERLINK_PUBLIC_IP:9092" # SuperLink public ip and port
Run Flower App¶
Finally, after all running Flower processes have been initialized on the Microsoft Azure
cluster, in our local machine, we first need to install Flower and can create a project
with a similar structure as the one we have in the server and the clients, or copy the
project structure from one of them. Once we have the project locally, we can open the
pyproject.toml
file, and then add the following sections:
[tool.flwr.federations]
default = "my-federation" # replaced the default value with "my-federation"
[tool.flwr.federations.my-federation] # replaced name with "my-federation"
address = "SUPERLINK_PUBLIC_IP:9093" # Address of the SuperLink Exec API
insecure = true
Then from our local machine we need to run flwr run . my-federation
.
下一步工作¶
Warning
This guide is not suitable for production environments due to missing authentication and TLS security.
To enable authentication and establish secure connections, please refer to the following resources: Authenticate Supernodes, Enable TLS Connections