├── .github └── workflows │ ├── banned_file_changes_pr.yml │ ├── cla.yml │ ├── license_audit.yml │ ├── release-zip-file.yml │ ├── repolinter.yml │ └── sonarcloud.yml ├── .gitignore ├── CONTRIBUTING.md ├── LICENSE.txt ├── README.md ├── SECURITY.md ├── generate-keys.sh ├── images ├── architecture.drawio.png ├── bloom-webui.jpg ├── dreambooth-webui.png ├── huggingface-token.png ├── setup-sd-model.png └── stable-diffusion-webui.jpg ├── license_policy.yml ├── main.tf ├── provider.tf ├── release_files.json ├── repolinter.json ├── setup-instance.sh ├── sonar-project.properties ├── terraform.tfvars └── variables.tf /.github/workflows/banned_file_changes_pr.yml: -------------------------------------------------------------------------------- 1 | name: Banned file changes (PR) 2 | on: 3 | # pull_request: 4 | # branches: [ "**/*" ] 5 | pull_request_target: 6 | 7 | jobs: 8 | check_for_banned_file_changes: 9 | name: Look for unsupported (banned) file modifications on PRs 10 | runs-on: ubuntu-latest 11 | steps: 12 | - name: 'Get number of git commits' 13 | uses: oracle-devrel/action-git-num-commits@v0.1-alpha6 14 | id: num_commits 15 | with: 16 | pull_url: ${{ github.event.pull_request.url }} 17 | - name: 'Checkout repo' 18 | uses: actions/checkout@v2 19 | with: 20 | ref: ${{ github.event.pull_request.head.ref }} 21 | repository: ${{ github.event.pull_request.head.repo.full_name }} 22 | fetch-depth: ${{ steps.num_commits.outputs.fetch_depth }} 23 | - name: Get file changes 24 | uses: oracle-devrel/action-git-files-changed@v0.1-alpha2 25 | id: files 26 | with: 27 | pull_url: ${{ github.event.pull_request.url }} 28 | - name: Look for changes to .github 29 | if: contains(steps.files.outputs.all_files_changed, '.github') 30 | run: | 31 | echo 'Changes to files in .github are not allowed.' 32 | - name: Comment if .github changed 33 | if: contains(steps.files.outputs.all_files_changed, '.github') 34 | uses: mshick/add-pr-comment@v1 35 | with: 36 | message: | 37 | :no_entry: **Banned Files Modified** 38 | Changes to files in `.github` are not permitted. Please revert your changes and re-submit a new PR. Simply changing the file back to its original state and re-committing won't work (you must revert the changes made to it). 39 | repo-token: ${{ secrets.GITHUB_TOKEN }} 40 | - name: Look for changes to license_policy.yml 41 | if: contains(steps.files.outputs.all_files_changed, '"license_policy.yml"') 42 | run: | 43 | echo 'Changes to license_policy.yml are not allowed.' 44 | - name: Comment if license_policy.yml changed 45 | if: contains(steps.files.outputs.all_files_changed, '"license_policy.yml"') 46 | uses: mshick/add-pr-comment@v1 47 | with: 48 | message: | 49 | :no_entry: **Banned Files Modified** 50 | Changes to `license_policy.yml` are not permitted. Please revert your changes and re-submit a new PR. Simply changing the file back to its original state and re-committing won't work (you must revert the changes made to it). 51 | repo-token: ${{ secrets.GITHUB_TOKEN }} 52 | - name: Look for changes to repolinter.json 53 | if: contains(steps.files.outputs.all_files_changed, '"repolinter.json"') 54 | uses: mshick/add-pr-comment@v1 55 | with: 56 | message: | 57 | :no_entry: **Banned Files Modified** 58 | Changes to `repolinter.json` are not permitted. Please revert your changes and re-submit a new PR. Simply changing the file back to its original state and re-committing won't work (you must revert the changes made to it). 59 | repo-token: ${{ secrets.GITHUB_TOKEN }} 60 | - name: Comment if repolinter.json changed 61 | if: contains(steps.files.outputs.all_files_changed, '"repolinter.json"') 62 | run: | 63 | echo 'Changes to repolinter.json are not allowed.' 64 | - name: Look for changes to sonar-project.properties 65 | if: contains(steps.files.outputs.all_files_changed, '"sonar-project.properties"') 66 | uses: mshick/add-pr-comment@v1 67 | with: 68 | message: | 69 | :no_entry: **Banned Files Modified** 70 | Changes to `sonar-project.properties` are not permitted. Please revert your changes and re-submit a new PR. Simply changing the file back to its original state and re-committing won't work (you must revert the changes made to it). 71 | repo-token: ${{ secrets.GITHUB_TOKEN }} 72 | - name: Comment if sonar-project.properties changed 73 | if: contains(steps.files.outputs.all_files_changed, '"sonar-project.properties"') 74 | run: | 75 | echo 'Changes to sonar-project.properties are not allowed.' 76 | - name: Fail on banned file changes 77 | if: contains(steps.files.outputs.all_files_changed, '.github') || contains(steps.files.outputs.all_files_changed, '"license_policy.yml"') || contains(steps.files.outputs.all_files_changed, '"repolinter.json"') || contains(steps.files.outputs.all_files_changed, '"sonar-project.properties"') 78 | run: | 79 | exit 1 -------------------------------------------------------------------------------- /.github/workflows/cla.yml: -------------------------------------------------------------------------------- 1 | name: "CLA Assistant" 2 | on: 3 | issue_comment: 4 | types: [created] 5 | pull_request_target: 6 | types: [opened,closed,synchronize] 7 | 8 | jobs: 9 | CLAssistant: 10 | runs-on: ubuntu-latest 11 | steps: 12 | - name: "CLA Assistant" 13 | if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target' 14 | # Beta Release 15 | uses: cla-assistant/github-action@v2.1.2-beta 16 | env: 17 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 18 | # the below token should have repo scope and must be manually added by you in the repository's secret 19 | PERSONAL_ACCESS_TOKEN : ${{ secrets.PERSONAL_ACCESS_TOKEN }} 20 | with: 21 | # for per-repo CLA-acceptance: 22 | # path-to-signatures: 'signatures/oca-20210504/${{ github.repository }}' 23 | # for per-GHO CLA-acceptance: 24 | path-to-signatures: 'signatures/oca-20210504/oracledevrel' 25 | path-to-document: 'https://github.com/oracledevrel/devrel-oca-mgmt/blob/main/oca-20210504.md' # e.g. a CLA or a DCO document 26 | # branch should not be protected 27 | branch: 'main' 28 | allowlist: bot* 29 | 30 | #below are the optional inputs - If the optional inputs are not given, then default values will be taken 31 | remote-organization-name: "oracledevrel" # enter the remote organization name where the signatures should be stored (Default is storing the signatures in the same repository) 32 | remote-repository-name: "devrel-oca-mgmt" # enter the remote repository name where the signatures should be stored (Default is storing the signatures in the same repository) 33 | #create-file-commit-message: 'For example: Creating file for storing CLA Signatures' 34 | #signed-commit-message: 'For example: $contributorName has signed the CLA in #$pullRequestNo' 35 | #custom-notsigned-prcomment: 'pull request comment with Introductory message to ask new contributors to sign' 36 | #custom-pr-sign-comment: 'The signature to be committed in order to sign the CLA' 37 | #custom-allsigned-prcomment: 'pull request comment when all contributors has signed, defaults to **CLA Assistant Lite bot** All Contributors have signed the CLA.' 38 | #lock-pullrequest-aftermerge: false - if you don't want this bot to automatically lock the pull request after merging (default - true) 39 | #use-dco-flag: true - If you are using DCO instead of CLA 40 | -------------------------------------------------------------------------------- /.github/workflows/license_audit.yml: -------------------------------------------------------------------------------- 1 | name: Audit licenses 2 | on: 3 | pull_request_target: 4 | 5 | jobs: 6 | run_scancode_toolkit: 7 | name: Get inventory of licenses used in project 8 | runs-on: ubuntu-latest 9 | container: 10 | image: ghcr.io/oracledevrel/scancode-toolkit:v21.3.31 11 | credentials: 12 | username: ${{ github.actor }} 13 | password: ${{ secrets.GHCR_PAT }} 14 | steps: 15 | - name: 'Checkout repo' 16 | uses: actions/checkout@v2 17 | with: 18 | ref: ${{ github.event.pull_request.head.ref }} 19 | repository: ${{ github.event.pull_request.head.repo.full_name }} 20 | - name: Run Scancode-toolkit 21 | run: | 22 | scancode -l --ignore licenses.json --ignore .github/**/* --ignore license_policy.yml --license-policy license_policy.yml --only-findings --summary --json-pp licenses.json * 23 | echo "\n\nHere is the licenses.json:\n" 24 | echo $(cat licenses.json) 25 | - name: Look for non-approved licenses 26 | uses: oracle-devrel/action-license-audit@1.0.2 27 | id: analysis 28 | with: 29 | licenses_file: '/github/workspace/licenses.json' 30 | - name: Analysis results 31 | run: echo "${{ steps.analysis.outputs.unapproved_licenses }}" 32 | - name: Comment if analysis finds unapproved licenses 33 | if: steps.analysis.outputs.unapproved_licenses == 'true' 34 | uses: mshick/add-pr-comment@v1 35 | with: 36 | message: | 37 | :no_entry: **License Inspection** 38 | Requires manual inspection. There are some licenses which dictate further analysis and review. 39 | repo-token: ${{ secrets.GITHUB_TOKEN }} 40 | - name: Halt pipeline on unapproved licenses 41 | if: steps.analysis.outputs.unapproved_licenses == 'true' 42 | run: exit 1 43 | -------------------------------------------------------------------------------- /.github/workflows/release-zip-file.yml: -------------------------------------------------------------------------------- 1 | name: Release ZIP file packaging 2 | 3 | on: 4 | release: 5 | types: [published] 6 | 7 | jobs: 8 | create_zip: 9 | runs-on: ubuntu-latest 10 | steps: 11 | - name: 'Checkout repo' 12 | uses: actions/checkout@v2 13 | - name: 'Make (and upload) ZIP file(s)' 14 | uses: oracle-devrel/action-release-zip-maker@v0.5 15 | id: zip_maker 16 | with: 17 | github_token: ${{ secrets.GITHUB_TOKEN }} 18 | -------------------------------------------------------------------------------- /.github/workflows/repolinter.yml: -------------------------------------------------------------------------------- 1 | name: Repolinter 2 | on: 3 | pull_request_target: 4 | jobs: 5 | run_repolinter: 6 | name: Run Repolinter on pull request 7 | runs-on: ubuntu-latest 8 | container: 9 | image: ghcr.io/oracledevrel/repolinter:v0.11.1 10 | credentials: 11 | username: ${{ github.actor }} 12 | password: ${{ secrets.GHCR_PAT }} 13 | steps: 14 | - name: 'Checkout repo' 15 | uses: actions/checkout@v2 16 | with: 17 | ref: ${{ github.event.pull_request.head.ref }} 18 | repository: ${{ github.event.pull_request.head.repo.full_name }} 19 | - name: Run Repolinter 20 | run: | 21 | set +e 22 | bundle exec /app/bin/repolinter.js lint --format json --rulesetFile repolinter.json . > repolinter_results.json 23 | echo "\n\nHere is the repolinter_results.json:\n" 24 | echo $(cat repolinter_results.json) 25 | exit 0 26 | - name: Analyze the Repolinter results 27 | uses: oracle-devrel/action-repolinter-audit@v0.1-alpha2 28 | id: analysis 29 | with: 30 | json_results_file: '/github/workspace/repolinter_results.json' 31 | - name: Overall analysis results 32 | run: | 33 | echo "Passed: ${{ steps.analysis.outputs.passed }}" 34 | echo "Errored: ${{ steps.analysis.outputs.errored }}" 35 | - name: Comment if analysis finds missing disclaimer 36 | if: steps.analysis.outputs.disclaimer_found == 'false' 37 | uses: mshick/add-pr-comment@v1 38 | with: 39 | message: | 40 | :no_entry: **FAILURE: Missing Disclaimer** 41 | The standard Oracle Disclaimer seems to be missing from the readme. Please add it: 42 | 43 | ORACLE AND ITS AFFILIATES DO NOT PROVIDE ANY WARRANTY WHATSOEVER, EXPRESS OR IMPLIED, FOR ANY SOFTWARE, MATERIAL OR CONTENT OF ANY KIND CONTAINED OR PRODUCED WITHIN THIS REPOSITORY, AND IN PARTICULAR SPECIFICALLY DISCLAIM ANY AND ALL IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE. FURTHERMORE, ORACLE AND ITS AFFILIATES DO NOT REPRESENT THAT ANY CUSTOMARY SECURITY REVIEW HAS BEEN PERFORMED WITH RESPECT TO ANY SOFTWARE, MATERIAL OR CONTENT CONTAINED OR PRODUCED WITHIN THIS REPOSITORY. IN ADDITION, AND WITHOUT LIMITING THE FOREGOING, THIRD PARTIES MAY HAVE POSTED SOFTWARE, MATERIAL OR CONTENT TO THIS REPOSITORY WITHOUT ANY REVIEW. USE AT YOUR OWN RISK. 44 | 45 | Details: 46 | ${{ steps.analysis.outputs.disclaimer_details }} 47 | repo-token: ${{ secrets.GITHUB_TOKEN }} 48 | - name: Comment if analysis finds missing readme 49 | if: steps.analysis.outputs.readme_file_found == 'false' 50 | uses: mshick/add-pr-comment@v1 51 | with: 52 | message: | 53 | :no_entry: **FAILURE: Missing README** 54 | The README file seems to be missing. Please add it. 55 | 56 | Details: 57 | ${{ steps.analysis.outputs.readme_file_details }} 58 | repo-token: ${{ secrets.GITHUB_TOKEN }} 59 | - name: Comment if analysis finds missing license 60 | if: steps.analysis.outputs.license_file_found == 'false' 61 | uses: mshick/add-pr-comment@v1 62 | with: 63 | message: | 64 | :no_entry: **FAILURE: Missing LICENSE** 65 | The LICENSE file seems to be missing. Please add it. 66 | 67 | Details: 68 | ${{ steps.analysis.outputs.license_file_details }} 69 | repo-token: ${{ secrets.GITHUB_TOKEN }} 70 | - name: Comment if analysis finds copyright notice missing 71 | if: steps.analysis.outputs.copyright_found == 'false' 72 | uses: mshick/add-pr-comment@v1 73 | with: 74 | message: | 75 | :warning: **WARNING: Missing Copyright Notice(s)** 76 | It's a good idea to have copyright notices at the top of each file. It looks like at least one file was missing this (though it might be further down in the file - this might be a false-positive). 77 | 78 | Details: 79 | ${{ steps.analysis.outputs.copyright_details }} 80 | repo-token: ${{ secrets.GITHUB_TOKEN }} 81 | - name: Halt pipeline if README is missing 82 | if: steps.analysis.outputs.readme_file_found == 'false' 83 | run: exit 1 84 | - name: Halt pipeline if LICENSE is missing 85 | if: steps.analysis.outputs.license_file_found == 'false' 86 | run: exit 1 87 | - name: Halt pipeline if disclaimer is missing 88 | if: steps.analysis.outputs.disclaimer_found == 'false' 89 | run: exit 1 90 | -------------------------------------------------------------------------------- /.github/workflows/sonarcloud.yml: -------------------------------------------------------------------------------- 1 | name: SonarCloud Scan 2 | on: 3 | pull_request_target: 4 | jobs: 5 | sonarcloud: 6 | name: SonarCloud 7 | runs-on: ubuntu-latest 8 | steps: 9 | - name: Checkout repo 10 | uses: actions/checkout@v2 11 | with: 12 | ref: ${{ github.event.pull_request.head.ref }} 13 | repository: ${{ github.event.pull_request.head.repo.full_name }} 14 | fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis 15 | - name: SonarCloud Scan 16 | uses: SonarSource/sonarcloud-github-action@master 17 | env: 18 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any 19 | SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # General 2 | .DS_Store 3 | .AppleDouble 4 | .LSOverride 5 | 6 | # Icon must end with two \r 7 | Icon 8 | 9 | 10 | # Thumbnails 11 | ._* 12 | 13 | # Files that might appear in the root of a volume 14 | .DocumentRevisions-V100 15 | .fseventsd 16 | .Spotlight-V100 17 | .TemporaryItems 18 | .Trashes 19 | .VolumeIcon.icns 20 | .com.apple.timemachine.donotpresent 21 | 22 | # Directories potentially created on remote AFP share 23 | .AppleDB 24 | .AppleDesktop 25 | Network Trash Folder 26 | Temporary Items 27 | .apdisk 28 | 29 | # ignore common security keys 30 | .key 31 | .crt 32 | .csr 33 | .pem -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing to this repository 2 | 3 | We welcome your contributions! There are multiple ways to contribute. 4 | 5 | ## Opening issues 6 | 7 | For bugs or enhancement requests, please file a GitHub issue unless it's 8 | security related. When filing a bug remember that the better written the bug is, 9 | the more likely it is to be fixed. If you think you've found a security 10 | vulnerability, do not raise a GitHub issue and follow the instructions in our 11 | [security policy](./SECURITY.md). 12 | 13 | ## Contributing code 14 | 15 | We welcome your code contributions. Before submitting code via a pull request, 16 | you will need to have signed the [Oracle Contributor Agreement][OCA] (OCA) and 17 | your commits need to include the following line using the name and e-mail 18 | address you used to sign the OCA: 19 | 20 | ```text 21 | Signed-off-by: Your Name 22 | ``` 23 | 24 | This can be automatically added to pull requests by committing with `--sign-off` 25 | or `-s`, e.g. 26 | 27 | ```text 28 | git commit --signoff 29 | ``` 30 | 31 | Only pull requests from committers that can be verified as having signed the OCA 32 | can be accepted. 33 | 34 | ## Pull request process 35 | 36 | 1. Ensure there is an issue created to track and discuss the fix or enhancement 37 | you intend to submit. 38 | 1. Fork this repository. 39 | 1. Create a branch in your fork to implement the changes. We recommend using 40 | the issue number as part of your branch name, e.g. `1234-fixes`. 41 | 1. Ensure that any documentation is updated with the changes that are required 42 | by your change. 43 | 1. Ensure that any samples are updated if the base image has been changed. 44 | 1. Submit the pull request. *Do not leave the pull request blank*. Explain exactly 45 | what your changes are meant to do and provide simple steps on how to validate. 46 | your changes. Ensure that you reference the issue you created as well. 47 | 1. We will assign the pull request to 2-3 people for review before it is merged. 48 | 49 | ## Code of conduct 50 | 51 | Follow the [Golden Rule](https://en.wikipedia.org/wiki/Golden_Rule). If you'd 52 | like more specific guidelines, see the [Contributor Covenant Code of Conduct][COC]. 53 | 54 | [OCA]: https://oca.opensource.oracle.com 55 | [COC]: https://www.contributor-covenant.org/version/1/4/code-of-conduct/ 56 | -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) 2024 Oracle and/or its affiliates. 2 | 3 | The Universal Permissive License (UPL), Version 1.0 4 | 5 | Subject to the condition set forth below, permission is hereby granted to any 6 | person obtaining a copy of this software, associated documentation and/or data 7 | (collectively the "Software"), free of charge and under any and all copyright 8 | rights in the Software, and any and all patent rights owned or freely 9 | licensable by each licensor hereunder covering either (i) the unmodified 10 | Software as contributed to or provided by such licensor, or (ii) the Larger 11 | Works (as defined below), to deal in both 12 | 13 | (a) the Software, and 14 | (b) any piece of software and/or hardware listed in the lrgrwrks.txt file if 15 | one is included with the Software (each a "Larger Work" to which the Software 16 | is contributed by such licensors), 17 | 18 | without restriction, including without limitation the rights to copy, create 19 | derivative works of, display, perform, and distribute the Software and make, 20 | use, sell, offer for sale, import, export, have made, and have sold the 21 | Software and the Larger Work(s), and to sublicense the foregoing rights on 22 | either these or other terms. 23 | 24 | This license is subject to the following condition: 25 | The above copyright notice and either this complete permission notice or at 26 | a minimum a reference to the UPL must be included in all copies or 27 | substantial portions of the Software. 28 | 29 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 30 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 31 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 32 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 33 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 34 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 35 | SOFTWARE. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # oci-generative-ai 2 | 3 | [![License: UPL](https://img.shields.io/badge/license-UPL-green)](https://img.shields.io/badge/license-UPL-green) [![Quality gate](https://sonarcloud.io/api/project_badges/quality_gate?project=oracle-devrel_oci-generative-ai)](https://sonarcloud.io/dashboard?id=oracle-devrel_oci-generative-ai) 4 | 5 | ## Introduction 6 | Terraform script to start a **stable-diffusion, bloom and dreambooth** in compute instance using a nvidia GPU in OCI. 7 | 8 | **Stable Diffusion** is a state of the art text-to-image model that generates images from text. 9 | 10 | **Bloom** is a open-science, open-access multilingual large language model (LLM), with 176 billion parameters, and was trained using the NVIDIA AI platform, with text generation in 46 languages 11 | 12 | **Dreambooth** allow to fine-tune a stable diffusion model with your own data. 13 | 14 | ## Prerequisites 15 | - Terraform 16 | - ssh-keygen 17 | - Huggingface account 18 | 19 | ## Configuration 20 | 21 | 1. Follow the instructions to add the authentication to your tenant https://medium.com/@carlgira/install-oci-cli-and-configure-a-default-profile-802cc61abd4f. 22 | 23 | 2. Clone this repository 24 | 25 | 3. Set three variables in your path. 26 | - The tenancy OCID, 27 | - The comparment OCID where the instance will be created. 28 | - The "Region Identifier" of region of your tenancy. https://docs.oracle.com/en-us/iaas/Content/General/Concepts/regions.htm 29 | 30 | ``` 31 | export TF_VAR_tenancy_ocid='' 32 | export TF_VAR_compartment_ocid='' 33 | export TF_VAR_region='' 34 | ``` 35 | 36 | 4. Execute the script generate-keys.sh to generate private key to access the instance 37 | ``` 38 | sh generate-keys.sh 39 | ``` 40 | 41 | ## Build 42 | To build simply execute the next commands. 43 | ``` 44 | terraform init 45 | terraform plan 46 | terraform apply 47 | ``` 48 | 49 | **After applying, the service will be ready in about 25 minutes** (it will install OS dependencies, nvidia drivers, and install stable-diffusion-web-ui, bloom-web-ui and dreambooth-webui. 50 | 51 | ## Post configuration 52 | To test the app it's necessary to create a ssh tunel to the port 7860 (stable-diffusion-webui), 5000 (bloom) and 3000 (dreambooth). (the output of the terraform script will give the ssh full command so you only need to copy and paste) 53 | 54 | ``` 55 | ssh -i server.key -L 7860:localhost:7860 -L 5000:localhost:5000 -L 3000:localhost:3000 ubuntu@ 56 | ``` 57 | 58 | The last step of the setup is to download the stable-diffusion model, for that, is necessary to have a huggingface account, create a token and accept to the conditions to use stable-diffusion. 59 | 60 | 1. Go to https://huggingface.co and create an account. 61 | 2. Go to https://huggingface.co/runwayml/stable-diffusion-v1-5 and accept the terms and conditions. 62 | 3. Create an "Access token". 63 | - Open your **Profile** 64 | - Go to **Settings** 65 | - Open **Access Token** and create a token with the role **"write"** 66 | 67 | 68 | 69 | Once the account is created, go to http://localhost:3000 (with the ssh tunnel opened) and put the credentials to download the stable diffusion model. 70 | 71 | 72 | 73 | This is going to take 5 minutes, after that time, you are ready to go to test everything. 74 | 75 | ## Test 76 | Make sure to have the ssh tunnel open to test the three apps. 77 | 78 | ### Bloom 79 | Open the URL http://localhost:5000, in the text box, write wharever question come to mind, ask for a story or create a dialog. 80 | 81 | 82 | 83 | ### Stable diffusion 84 | Open the URL http://localhost:7860, in the top text area write and idea, and stable diffusion will try to draw it on screen. 85 | 86 | 87 | 88 | Use https://lexica.art/ for examples of promts that you can use. 89 | 90 | Prompts examples: 91 | 92 | 93 | > epic battle scene humans versus zombies, post apocalyptic, humanities last stand post human, Epic Background, highly detailed, sharp focus, 8k, 35mm, cinematic lighting 94 | 95 | 96 | > a cowboy riding a tardigrade , made by Stanley Artgerm Lau, WLOP, Rossdraws, ArtStation, CGSociety, concept art, cgsociety, octane render, trending on artstation, artstationHD, artstationHQ, unreal engine, 4k, 8k, 97 | 98 | 99 | ### Dreambooth 100 | Open http://localhost:3000, it has several inputs, but most of them you can leave the default value and the page helps you on how to fill everything. 101 | 102 | Most of the time you only need two inputs: the **instance name** as a unique label to identify the thing or person you want to to train the model, and a **zip file** with the set of images you are going to use. (copy the that label somewhere because you are going to needed for later) 103 | 104 | Make sure that your images comply with this conditions: 105 | - All images must be 512 x 512 106 | - Make sure you are alone in the pictures 107 | - Have different clothing 108 | - Different facial expressions 109 | - Different backgrounds 110 | - Different angles 111 | - Only zip the images, *do not use folders*. 112 | - 3–5 images of full body 113 | - 5–7 images of half body 114 | - 10–15 close images of your face 115 | 116 | 117 | 118 | If everything is ok, you will see a countdown of the time it will take the training. That page will redirect you directly to the stable-diffusion-webui and you can start testing. 119 | 120 | Some prompts that you can use using the unique label you pass during training could be: 121 | 122 | > photo of <your-label> as a funko 123 | 124 | 125 | > photo of <your-label> as a character of game of thrones 126 | 127 | 128 | > portrait of <your-label> with fully armored norse valkyrie, brass plated, symmetric golden wings, divine vibes, sky background, sharp focus, highly detailed, cinematic lighting, studio quality, smooth render, unreal engine 5 rendered, octane, rendered, by artgerm, greg rutkowski, alphonse mucha 129 | 130 | ## Clean 131 | To delete the instance execute. 132 | ``` 133 | terraform destroy 134 | ``` 135 | 136 | ## Notes/Issues 137 | 1. If one is the three apps (stable-diffusion-webui, bloom-webui, dreambooth-webui) is down, you can check the logs and the state of each service, with the commands. 138 | 139 | ``` 140 | systemctl status stabble-diffusion 141 | systemctl status dreambooth 142 | systemctl status bloom-webui 143 | ``` 144 | 145 | You can try to start the service by. 146 | ``` 147 | sudo systemctl start 148 | ``` 149 | 150 | 2. Once the training has started in dreambooth, you can check that is really working by running. 151 | ``` 152 | ps -ef | grep acc 153 | ``` 154 | It should appear 3 processes using the "accelerate" binary. 155 | 156 | 3. Error ***Error: 404-NotAuthorizedOrNotFound, shape VM.GPU2.1 not found***. 157 | This could be happening because in your availability domain (AD) there is no a VM.GPU2.1 shape available. The script use by default the first AD, but maybe you have to change this manually. 158 | 159 | Get the list of AD of your tenancy 160 | ``` 161 | oci iam availability-domain list 162 | ``` 163 | 164 | In the main.tf file, change the index number from "0" to other of the ADs of your region. (in the case that your region has more than one AD) 165 | ``` 166 | availability_domain = data.oci_identity_availability_domains.ADs.availability_domains[0].name 167 | ``` 168 | This error can also happen if in your region there is no VM.GPU2.1, in that case you have to change the region var before executing the scripts. 169 | ``` 170 | export TF_VAR_region='' 171 | ``` 172 | 173 | ## URLs 174 | - The stable-diffusion-webui project https://github.com/AUTOMATIC1111/stable-diffusion-webui 175 | - The bloom-webui https://github.com/carlgira/bloom-webui 176 | - The dreambooth-webui https://github.com/carlgira/dreambooth-webui 177 | - DotCSV explanation https://www.youtube.com/watch?v=rgKBjRLvjLs 178 | 179 | ## Contributing 180 | This project is open source. Please submit your contributions by forking this repository and submitting a pull request! Oracle appreciates any contributions that are made by the open source community. 181 | 182 | ## License 183 | Copyright (c) 2024 Oracle and/or its affiliates. 184 | 185 | Licensed under the Universal Permissive License (UPL), Version 1.0. 186 | 187 | See [LICENSE](LICENSE.txt) for more details. 188 | 189 | ORACLE AND ITS AFFILIATES DO NOT PROVIDE ANY WARRANTY WHATSOEVER, EXPRESS OR IMPLIED, FOR ANY SOFTWARE, MATERIAL OR CONTENT OF ANY KIND CONTAINED OR PRODUCED WITHIN THIS REPOSITORY, AND IN PARTICULAR SPECIFICALLY DISCLAIM ANY AND ALL IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE. FURTHERMORE, ORACLE AND ITS AFFILIATES DO NOT REPRESENT THAT ANY CUSTOMARY SECURITY REVIEW HAS BEEN PERFORMED WITH RESPECT TO ANY SOFTWARE, MATERIAL OR CONTENT CONTAINED OR PRODUCED WITHIN THIS REPOSITORY. IN ADDITION, AND WITHOUT LIMITING THE FOREGOING, THIRD PARTIES MAY HAVE POSTED SOFTWARE, MATERIAL OR CONTENT TO THIS REPOSITORY WITHOUT ANY REVIEW. USE AT YOUR OWN RISK. -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Reporting security vulnerabilities 2 | 3 | Oracle values the independent security research community and believes that 4 | responsible disclosure of security vulnerabilities helps us ensure the security 5 | and privacy of all our users. 6 | 7 | Please do NOT raise a GitHub Issue to report a security vulnerability. If you 8 | believe you have found a security vulnerability, please submit a report to 9 | [secalert_us@oracle.com][1] preferably with a proof of concept. Please review 10 | some additional information on [how to report security vulnerabilities to Oracle][2]. 11 | We encourage people who contact Oracle Security to use email encryption using 12 | [our encryption key][3]. 13 | 14 | We ask that you do not use other channels or contact the project maintainers 15 | directly. 16 | 17 | Non-vulnerability related security issues including ideas for new or improved 18 | security features are welcome on GitHub Issues. 19 | 20 | ## Security updates, alerts and bulletins 21 | 22 | Security updates will be released on a regular cadence. Many of our projects 23 | will typically release security fixes in conjunction with the 24 | Oracle Critical Patch Update program. Additional 25 | information, including past advisories, is available on our [security alerts][4] 26 | page. 27 | 28 | ## Security-related information 29 | 30 | We will provide security related information such as a threat model, considerations 31 | for secure use, or any known security issues in our documentation. Please note 32 | that labs and sample code are intended to demonstrate a concept and may not be 33 | sufficiently hardened for production use. 34 | 35 | [1]: mailto:secalert_us@oracle.com 36 | [2]: https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html 37 | [3]: https://www.oracle.com/security-alerts/encryptionkey.html 38 | [4]: https://www.oracle.com/security-alerts/ 39 | -------------------------------------------------------------------------------- /generate-keys.sh: -------------------------------------------------------------------------------- 1 | # Generate private key witn 2048 bits no password using ssh-keygen 2 | ssh-keygen -t rsa -b 2048 -N "" -f server.key 3 | -------------------------------------------------------------------------------- /images/architecture.drawio.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oracle-devrel/oci-generative-ai/9332181b18163ad9ec25bbf70636777e900d3671/images/architecture.drawio.png -------------------------------------------------------------------------------- /images/bloom-webui.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oracle-devrel/oci-generative-ai/9332181b18163ad9ec25bbf70636777e900d3671/images/bloom-webui.jpg -------------------------------------------------------------------------------- /images/dreambooth-webui.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oracle-devrel/oci-generative-ai/9332181b18163ad9ec25bbf70636777e900d3671/images/dreambooth-webui.png -------------------------------------------------------------------------------- /images/huggingface-token.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oracle-devrel/oci-generative-ai/9332181b18163ad9ec25bbf70636777e900d3671/images/huggingface-token.png -------------------------------------------------------------------------------- /images/setup-sd-model.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oracle-devrel/oci-generative-ai/9332181b18163ad9ec25bbf70636777e900d3671/images/setup-sd-model.png -------------------------------------------------------------------------------- /images/stable-diffusion-webui.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oracle-devrel/oci-generative-ai/9332181b18163ad9ec25bbf70636777e900d3671/images/stable-diffusion-webui.jpg -------------------------------------------------------------------------------- /license_policy.yml: -------------------------------------------------------------------------------- 1 | license_policies: 2 | - license_key: upl-1.0 3 | label: Approved License 4 | color_code: '#00800' 5 | icon: icon-ok-circle 6 | - license_key: bsd-simplified 7 | label: Approved License 8 | color_code: '#00800' 9 | icon: icon-ok-circle 10 | - license_key: bsd-new 11 | label: Approved License 12 | color_code: '#00800' 13 | icon: icon-ok-circle 14 | - license_key: mit 15 | label: Approved License 16 | color_code: '#00800' 17 | icon: icon-ok-circle 18 | - license_key: apache-1.1 19 | label: Approved License 20 | color_code: '#00800' 21 | icon: icon-ok-circle 22 | - license_key: apache-2.0 23 | label: Approved License 24 | color_code: '#00800' 25 | icon: icon-ok-circle 26 | -------------------------------------------------------------------------------- /main.tf: -------------------------------------------------------------------------------- 1 | # Create datasource of images from the image list 2 | data "oci_core_images" "images" { 3 | compartment_id = var.compartment_ocid 4 | operating_system = "Canonical Ubuntu" 5 | filter { 6 | name = "display_name" 7 | values = ["^Canonical-Ubuntu-22.04-([\\.0-9-]+)$"] 8 | regex = true 9 | } 10 | } 11 | 12 | # Create a compute instance with a public IP address using oci provider 13 | resource "oci_core_instance" "instance" { 14 | availability_domain = data.oci_identity_availability_domains.ADs.availability_domains[0].name 15 | compartment_id = var.compartment_ocid 16 | display_name = var.instance_name 17 | shape = var.instance_shape 18 | 19 | 20 | 21 | source_details { 22 | source_type = "image" 23 | source_id = data.oci_core_images.images.images[0].id 24 | boot_volume_size_in_gbs = 100 25 | } 26 | 27 | create_vnic_details { 28 | assign_public_ip = "true" 29 | subnet_id = oci_core_subnet.subnet.id 30 | } 31 | # Add private key 32 | metadata = { 33 | ssh_authorized_keys = file(var.ssh_public_key_path) 34 | user_data = base64encode(file("setup-instance.sh")) 35 | } 36 | } 37 | 38 | # Create datasource for availability domains 39 | data "oci_identity_availability_domains" "ADs" { 40 | compartment_id = var.compartment_ocid 41 | } 42 | 43 | # Create internet gateway 44 | resource "oci_core_internet_gateway" "internet_gateway" { 45 | compartment_id = var.compartment_ocid 46 | vcn_id = oci_core_virtual_network.generative_ai_vcn.id 47 | display_name = "generative-ai-internet-gateway" 48 | } 49 | 50 | # Create route table 51 | resource "oci_core_route_table" "generative_ai_route_table" { 52 | compartment_id = var.compartment_ocid 53 | vcn_id = oci_core_virtual_network.generative_ai_vcn.id 54 | display_name = "generative-ai-route-table" 55 | route_rules { 56 | destination = "0.0.0.0/0" 57 | network_entity_id = oci_core_internet_gateway.internet_gateway.id 58 | } 59 | } 60 | 61 | # Create security list with ingress and egress rules 62 | resource "oci_core_security_list" "generative_ai_security_list" { 63 | compartment_id = var.compartment_ocid 64 | vcn_id = oci_core_virtual_network.generative_ai_vcn.id 65 | display_name = "generative-ai-security-list" 66 | 67 | egress_security_rules { 68 | destination = "0.0.0.0/0" 69 | protocol = "all" 70 | description = "Allow all outbound traffic" 71 | } 72 | 73 | ingress_security_rules { 74 | protocol = "all" 75 | source = "0.0.0.0/0" 76 | description = "Allow all inbound traffic" 77 | } 78 | 79 | # ingress rule for ssh 80 | ingress_security_rules { 81 | protocol = "6" # tcp 82 | source = "0.0.0.0/0" 83 | description = "Allow ssh" 84 | tcp_options { 85 | max = 22 86 | min = 22 87 | } 88 | } 89 | } 90 | 91 | # Create a subnet 92 | resource "oci_core_subnet" "subnet" { 93 | cidr_block = var.subnet_cidr 94 | compartment_id = var.compartment_ocid 95 | display_name = "generative-ai-subnet" 96 | vcn_id = oci_core_virtual_network.generative_ai_vcn.id 97 | route_table_id = oci_core_route_table.generative_ai_route_table.id 98 | security_list_ids = ["${oci_core_security_list.generative_ai_security_list.id}"] 99 | dhcp_options_id = oci_core_virtual_network.generative_ai_vcn.default_dhcp_options_id 100 | } 101 | 102 | # Create a virtual network 103 | resource "oci_core_virtual_network" "generative_ai_vcn" { 104 | cidr_block = var.vcn_cidr 105 | compartment_id = var.compartment_ocid 106 | display_name = "generative-ai-vcn" 107 | } 108 | 109 | output "instance_public_ip" { 110 | value = < 117 | ssh -i server.key -L 7860:localhost:7860 -L 5000:localhost:5000 -L 3000:localhost:3000 ubuntu@${oci_core_instance.instance.public_ip} 118 | 119 | Setup and dreambooth => http://localhost:3000 120 | 121 | stable diffusion => http://localhost:7860 122 | 123 | bloom => http://localhost:5000 124 | 125 | EOF 126 | } -------------------------------------------------------------------------------- /provider.tf: -------------------------------------------------------------------------------- 1 | provider "oci" { 2 | region = var.region 3 | } -------------------------------------------------------------------------------- /release_files.json: -------------------------------------------------------------------------------- 1 | // see https://github.com/oracle-devrel/action-release-zip-maker for docs 2 | [ 3 | ] 4 | -------------------------------------------------------------------------------- /repolinter.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://raw.githubusercontent.com/todogroup/repolinter/master/rulesets/schema.json", 3 | "version": 2, 4 | "axioms": {}, 5 | "rules": { 6 | "readme-file-exists" : { 7 | "level": "error", 8 | "rule": { 9 | "type": "file-existence", 10 | "options": { 11 | "globsAny": ["README*"] 12 | } 13 | } 14 | }, 15 | "disclaimer-present" : { 16 | "level": "error", 17 | "rule": { 18 | "type": "file-contents", 19 | "options": { 20 | "globsAll": ["README*"], 21 | "noCase": true, 22 | "fail-on-non-existent": true, 23 | "content": "ORACLE AND ITS AFFILIATES DO NOT PROVIDE ANY WARRANTY WHATSOEVER, EXPRESS OR IMPLIED, FOR ANY SOFTWARE, MATERIAL OR CONTENT OF ANY KIND" 24 | } 25 | } 26 | }, 27 | "license-file-exists" : { 28 | "level": "error", 29 | "rule": { 30 | "type": "file-existence", 31 | "options": { 32 | "globsAny": ["LICENSE*"] 33 | } 34 | } 35 | }, 36 | "copyright-notice-present" : { 37 | "level": "warning", 38 | "rule": { 39 | "type": "file-starts-with", 40 | "options": { 41 | "globsAll": ["**/*"], 42 | "skip-binary-files": true, 43 | "skip-paths-matching": { 44 | "extensions": ["yaml","yml","md","json","xml","tpl","ipynb","pickle","joblib","properties"], 45 | "patterns": ["\\.github"], 46 | "flags": "" 47 | }, 48 | "lineCount": 2, 49 | "patterns": [ 50 | "Copyright \\([cC]\\) [12][90]\\d\\d(\\-[12][90]\\d\\d)? Oracle and/or its affiliates\\." 51 | ], 52 | "succeed-on-non-exist": true 53 | } 54 | } 55 | } 56 | } 57 | } 58 | -------------------------------------------------------------------------------- /setup-instance.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | main_function() { 4 | USER='ubuntu' 5 | apt update -y 6 | apt install wget git git-lfs python3 python3-pip python3-venv unzip -y 7 | apt install ffmpeg libsm6 libxext6 p7zip-full rapidjson-dev libarchive-dev zlib1g-dev -y 8 | 9 | # Install cuda 10 | wget -O /etc/apt/preferences.d/cuda-repository-pin-600 https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64/cuda-ubuntu2204.pin 11 | apt-key adv --fetch-keys https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64/3bf863cc.pub 12 | add-apt-repository "deb http://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64/ /" -y 13 | apt update -y 14 | apt install cuda-11-8 -y 15 | sudo -c "echo 'export PATH=/usr/local/cuda/bin:$PATH' >> ~/.bashrc" $USER 16 | 17 | # Stable diffusion service 18 | cat <> /etc/systemd/system/stable-diffusion.service 19 | [Unit] 20 | Description=systemd service start stable-diffusion 21 | 22 | [Service] 23 | ExecStart=/bin/bash /home/$USER/stable-diffusion-webui/webui.sh 24 | User=$USER 25 | 26 | [Install] 27 | WantedBy=multi-user.target 28 | EOT 29 | 30 | su -c "git clone https://github.com/AUTOMATIC1111/stable-diffusion-webui.git /home/$USER/stable-diffusion-webui" $USER 31 | su -c "cd /home/$USER/stable-diffusion-webui; git checkout 9bbe1e3" $USER 32 | 33 | # Bloom service 34 | cat <> /etc/systemd/system/bloom.service 35 | [Unit] 36 | Description=systemd service start bloom 37 | 38 | [Service] 39 | ExecStart=/bin/bash /home/$USER/bloom-webui/start.sh 40 | User=$USER 41 | 42 | [Install] 43 | WantedBy=multi-user.target 44 | EOT 45 | 46 | su -c "git clone https://github.com/carlgira/bloom-webui.git /home/$USER/bloom-webui" $USER 47 | su -c "cd /home/$USER/bloom-webui; git checkout f21a51d" $USER 48 | 49 | # Dreambooth service 50 | 51 | cat <> /etc/systemd/system/dreambooth.service 52 | [Unit] 53 | Description=systemd service start dreambooth 54 | 55 | [Service] 56 | ExecStart=/bin/bash /home/$USER/dreambooth-webui/start.sh 57 | User=$USER 58 | 59 | [Install] 60 | WantedBy=multi-user.target 61 | EOT 62 | 63 | su -c "git clone https://github.com/carlgira/dreambooth-webui.git /home/$USER/dreambooth-webui" $USER 64 | su -c "cd /home/$USER/dreambooth-webui; git checkout f21a51d" $USER 65 | 66 | systemctl daemon-reload 67 | systemctl enable stable-diffusion.service 68 | systemctl enable bloom.service 69 | systemctl enable dreambooth.service 70 | systemctl start stable-diffusion.service bloom.service dreambooth.service bloom.service 71 | } 72 | 73 | main_function 2>&1 >> /var/log/startup.log 74 | -------------------------------------------------------------------------------- /sonar-project.properties: -------------------------------------------------------------------------------- 1 | sonar.projectKey=oracle-devrel_oci-generative-ai 2 | sonar.organization=oracle-devrel 3 | 4 | # This is the name and version displayed in the SonarCloud UI. 5 | #sonar.projectName=test 6 | #sonar.projectVersion=1.0 7 | 8 | # Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows. 9 | #sonar.sources=. 10 | 11 | # Encoding of the source code. Default is default system encoding 12 | #sonar.sourceEncoding=UTF-8 -------------------------------------------------------------------------------- /terraform.tfvars: -------------------------------------------------------------------------------- 1 | instance_name = "generative-ai" 2 | instance_shape = "VM.GPU2.1" 3 | ssh_public_key_path = "server.key.pub" 4 | subnet_cidr = "10.0.0.0/24" 5 | vcn_cidr = "10.0.0.0/16" 6 | region = "eu-frankfurt-1" 7 | -------------------------------------------------------------------------------- /variables.tf: -------------------------------------------------------------------------------- 1 | variable "compartment_ocid" { 2 | description = "" 3 | } 4 | 5 | 6 | variable "instance_name" { 7 | description = "" 8 | } 9 | 10 | variable "instance_shape" { 11 | description = "" 12 | } 13 | 14 | variable "region" { 15 | description = "" 16 | } 17 | 18 | variable "ssh_public_key_path" { 19 | description = "" 20 | } 21 | 22 | variable "subnet_cidr" { 23 | description = "" 24 | } 25 | 26 | variable "vcn_cidr" { 27 | description = "" 28 | } 29 | --------------------------------------------------------------------------------