This folder contains base code to create NVIDIA FLARE federated learning networks, each containing a set of clients, a server and an API. fl-api-base and fl-base are base services used by the provisioning command to build up on. fl-base can be used to test applications locally, but is a single container that does not constitute a fully working FL network.
This diagram provides an overview of the services:
The net_project.yml file is a template that will define the services available within the network. Modify this file if
you want to:
- Incorporate further services (e.g. >2 clients)
- Modify GPU resources for the services
- Modify default ports [etc.]
You can run make nvflare-provision NET_NUMBER=${NET_NUMBER} to create a network: this will create an instance of the
services defined in net_project.yml, substituting the naming by net-${NET_NUMBER}.
You can also pass FL_PORT if you do not want to use the default (which will be the same for each created net).
This will run the nvflare provision Python command. It is part of the make nvflare-provision command, and will
create the services that are defined in the net-specific yml file.
It will initially create these services in the workspace/prod_XX folder, with default names.
Inside of these services, you should have at least a local and startup folder. The startup folder contains the
scripts to start and stop the services (start.sh, stop_fl.sh etc.), as well as configuration files
(fed_[service_name].json), and signature and certificate files.
Once these service files are created, the signature and certificate files will link them together and make them not
re-usable.
After this command is run, the make command will take care of moving every service into the fl_services folder, under
net-${NET_NUMBER}. Additionally, files that are not created by the nvflare provision command yet are crucial to run
the services (e.g. Python API files for the Admin API) will be added from fl-base (for client and server) and
fl-api-base (for API).
Once your network is provisioned, you can test it works by running
make up NET_NUMBER=<NET_NUMBER>To onboard a new client, the procedure would involve:
- Run Python
nvflare provisionon the same network-specific yml file that was used to create the FL network, but adding the new client on the yml file. - Extract the client's folder from the workspace (deleting everything else), restructure it to match every other client's and remove everything else that was created and left in the workspace (server, admin, other clients).
- Replace the
rootCA.pemfrom the client'sstartupfolder by the server'sfl-server/startup/rootCA.pemof the network the client belongs to.
This should ensure that the client stays part of the network, without re-creating the other services or altering signed files.
There is a helper Makefile target to help with this process:
bash provision_client.sh <NET_NUMBER>