environments ai ml automl dnn forecasting gpu - Azure/azureml-assets GitHub Wiki

ai-ml-automl-dnn-forecasting-gpu

Overview

An environment used by Azure ML AutoML for training models.

Version: 47

Tags

OS : Ubuntu20.04 Training Preview OpenMpi : 4.1.0 Python : 3.9

View in Studio: https://ml.azure.com/registries/azureml/environments/ai-ml-automl-dnn-forecasting-gpu/version/47

Docker image: mcr.microsoft.com/azureml/curated/ai-ml-automl-dnn-forecasting-gpu:47

Docker build context

Dockerfile

FROM mcr.microsoft.com/azureml/openmpi5.0-cuda12.4-ubuntu22.04:20260614.v1

ENV AZUREML_CONDA_ENVIRONMENT_PATH=/azureml-envs/azureml-automl-dnn-forecasting-gpu
# Prepend path to AzureML conda environment
ENV PATH=$AZUREML_CONDA_ENVIRONMENT_PATH/bin:$PATH

COPY --from=mcr.microsoft.com/azureml/mlflow-ubuntu20.04-py38-cpu-inference:20250506.v1 /var/mlflow_resources/ /var/mlflow_resources/

ENV MLFLOW_MODEL_FOLDER="mlflow-model"
# ENV AML_APP_ROOT="/var/mlflow_resources"
# ENV AZUREML_ENTRY_SCRIPT="mlflow_score_script.py"

ENV ENABLE_METADATA=true

# System package security upgrades.
# USN-8222-1: openssh-{client,server,sftp-server} 1:8.9p1-3ubuntu0.14 -> 1:8.9p1-3ubuntu0.15
# USN-8227-1: curl/libcurl4/libcurl3-gnutls 7.81.0-1ubuntu1.23 -> 7.81.0-1ubuntu1.24
# USN-8229-1: sed 4.8-1ubuntu2 -> 4.8-1ubuntu2.1
# USN-8233-1: libnghttp2-14 1.43.0-1ubuntu0.2 -> 1.43.0-1ubuntu0.3
# Parent: ubuntu 22.04 jammy base image (mcr.microsoft.com/azureml/openmpi5.0-cuda12.4-ubuntu22.04).
# `apt-get -y upgrade` alone has been observed to leave the held openssh version in
# place when an older base layer is cached, so reinstall the openssh-* packages
# explicitly to force pickup of the patched version (same pattern used in
# assets/training/aoai/proxy_components/environments/context/Dockerfile,
# assets/training/automl/environments/ai-ml-automl/context/Dockerfile and
# assets/training/automl/environments/ai-ml-automl-dnn-gpu/context/Dockerfile).
# curl/sed/nghttp2 USNs are picked up by the standard `apt-get upgrade` from
# jammy-updates; no reinstall needed for them.
RUN apt-get update && \
    DEBIAN_FRONTEND=noninteractive apt-get -y upgrade && \
    apt-get install --reinstall -y openssh-client openssh-server openssh-sftp-server && \
    apt-get clean && rm -rf /var/lib/apt/lists/*

RUN apt-get update && \
    apt-get install -y --no-install-recommends \
        cmake \
        libboost-dev \
        libboost-system-dev \
        libboost-filesystem-dev && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

# Upgrade pip in the base miniconda (/opt/miniconda) to fix CVE-2026-6357 / GHSA-jp4c-xjxw-mgf9.
# The base miniconda ships with the parent image (mcr.microsoft.com/azureml/openmpi5.0-cuda12.4-ubuntu22.04)
# and is independent of the conda env created below at $AZUREML_CONDA_ENVIRONMENT_PATH.
# Pinning 'pip>=26.1' inside the env (line below) does not patch /opt/miniconda's pip, which is
# still flagged by SCA scanners. No parent-package upgrade is possible because pip is the package
# itself; the only fix is upgrading pip directly to >= 26.1.
RUN /opt/miniconda/bin/pip install --no-cache-dir --upgrade 'pip>=26.1'

# begin conda create
# Create conda environment (minimal — packages installed via pip to avoid solver OOM)
RUN conda create -p $AZUREML_CONDA_ENVIRONMENT_PATH \
    python=3.10 \
    -c conda-forge && \
    conda clean -a -y

# Install scientific packages + pip/setuptools/wheel via pip (avoids conda solver OOM)
# Pin setuptools below 82 so pkg_resources remains available for AzureML packages.
RUN conda run -p $AZUREML_CONDA_ENVIRONMENT_PATH pip install --no-cache-dir \
    'numpy>=1.23.5,<1.24' \
    'scikit-learn==1.5.1' \
    'pandas>=1.5.3,<1.6' \
    'scipy==1.10.1' \
    'psutil>=5.2.2,<6.0.0' \
    'pip>=26.1' \
    'setuptools==81.0.0' \
    'wheel>=0.46.2'
# end conda create

# begin pip install
# Install pip dependencies
# GitPython>=3.1.41 is required for https://github.com/advisories/GHSA-2mqj-m65w-jghx and is not available in conda
RUN pip install --no-cache-dir \
                # begin pypi dependencies
                azureml-core==1.61.0.post4 \
                azureml-mlflow==1.62.0.post3 \
                azureml-defaults==1.62.0 \
                azureml-telemetry==1.62.0 \
                azureml-interpret==1.62.0 \
                azureml-responsibleai==1.62.0 \
                azureml-automl-core==1.62.0.post3 \
                azureml-automl-runtime==1.62.0.post1 \
                azureml-dataset-runtime==1.62.0 \
                'azure-identity>=1.25.1' \
                'inference-schema' \
                'xgboost==3.2.0' \
                'GitPython>=3.1.41' \
                'https://aka.ms/automl-resources/packages/en_core_web_sm-3.7.1.tar.gz' \
                'py-cpuinfo==5.0.0' 
                # end pypi dependencies

# Install packages with torch packages separately to reduce layer size
RUN pip install --no-cache-dir \
                azureml-train-automl==1.62.0 \
                azureml-train-automl-client==1.62.0 \
                azureml-train-automl-runtime==1.62.0 \
                azureml-contrib-automl-dnn-forecasting==1.62.0

# end pip install

# Fix vulnerabilities - overrides needed because parent packages cap vulnerable versions
# distributed>=2026.1.0: CVE-2026-23528 (via azureml-train-automl-runtime -> dask[complete])
# cryptography>=46.0.5: CVE-2026-26007 (via azureml-mlflow, azure-identity, azureml-core -> msal/pyopenssl)
# mlflow-skinny>=2.16.0: security fixes (via azureml-mlflow, azureml-contrib-automl-dnn-forecasting)
# protobuf>=5.29.6: CVE-2026-0994 (via mlflow-skinny, azureml-automl-runtime -> onnx/onnxruntime)
# pillow>=12.1.1: CVE-2026-25990 (via matplotlib, bokeh, tensorboard)
# bokeh>=3.8.2: GHSA-793v-589g-574v CSWSH (overrides azureml-train-automl-runtime's bokeh<3.0.0 cap)
# onnx>=1.21.0: GHSA-3r9x-f23j-gc73, GHSA-p433-9wv8-28xj, GHSA-q56x-g2fj-4rj6, GHSA-538c-55jv-c5g9,
#   GHSA-cmw6-hcpp-c6jp, GHSA-hqmj-h5c6-369m (via azureml-automl-runtime -> onnxconverter-common/skl2onnx)
RUN pip install --upgrade 'distributed>=2026.1.0' 'cryptography>=46.0.5' 'mlflow-skinny>=2.16.0' \
                          'protobuf>=5.29.6' 'pillow>=12.1.1' \
                          'bokeh>=3.8.2' \
                          'onnx>=1.21.0'  # onnx: parent azureml packages cap at <1.18; override for 6 GHSAs
RUN pip install --no-cache-dir torch==2.8.0

RUN /bin/bash -c "source activate $AZUREML_CONDA_ENVIRONMENT_PATH && \
 export CUDACXX=/usr/local/cuda/bin/nvcc && \
 export HOROVOD_BUILD_CUDA_CC_LIST='60,61,70,75,80,86,89,90' && \
 HOROVOD_WITHOUT_TENSORFLOW=1 \
 HOROVOD_WITH_PYTORCH=1 \
 HOROVOD_CUDA_HOME=/usr/local/cuda \
 CMAKE_LIBRARY_PATH=/usr/local/cuda/targets/x86_64-linux/lib:/usr/local/cuda-12.6/targets/x86_64-linux/lib \
 pip install --no-cache-dir --no-build-isolation \
 git+https://github.com/horovod/horovod@3a31d933a13c7c885b8a673f4172b17914ad334d"

RUN rm -rf /opt/miniconda/pkgs/
⚠️ **GitHub.com Fallback** ⚠️