Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AML registry + vnet integration #269

Closed
wants to merge 16 commits into from
Closed

AML registry + vnet integration #269

wants to merge 16 commits into from

Conversation

t-young31
Copy link
Member

@t-young31 t-young31 commented Apr 21, 2023
edited
Loading

Resolves #233

See also: https://github.com/UCLH-Foundry/UCLH-Azure-Bootstrap/pull/8

How is this addressed

  • Describe the changes made, and if appropriate, why they are addressed this way
  • Note any pending work (with links to the issues that will address them)
  • Update documentation

Has the CIS document been consulted / updated?

  • Are you adding new resources, or modifying existing ones?

Modifying

  • Have settings been set in line with the CIS recommendations?

Unknown

TODO

  • Test pushing a model
  • AML compute cluster
  • Fix delete
  • Get a guinea pig to try out pushing to a registry without read permissions
  • Fix permissions error for test user with only the custom role
  File "/Users/tom/Desktop/tmp_venv/lib/python3.9/site-packages/azure/ai/ml/_restclient/registry_discovery/operations/_registry_management_non_workspace_operations.py", line 116, in registry_management_non_workspace
    raise HttpResponseError(response=response, error_format=ARMErrorFormat)
azure.core.exceptions.HttpResponseError: Operation returned an invalid status 'User/tenant/subscription is not allowed to access registry xxx'

Questions

  • How does pipeline code get registered with an AML with no public access?

@t-young31
Copy link
Member Author

t-young31 commented Apr 24, 2023
edited
Loading

Tested pushing something to the registry with, using an example env in https://github.com/Azure/azureml-examples

from azure.ai.ml import MLClient, load_registry
from azure.ai.ml.constants._common import LROConfigurations
from azure.identity import DefaultAzureCredential, InteractiveBrowserCredential
import os
from azure.ai.ml.entities import Environment, BuildContext

credential = DefaultAzureCredential()
_ = credential.get_token("https://management.azure.com/.default")

# registry = ml_client.registries.get(name="XXXX")
# print(registry)

env_docker_context = Environment(
    build=BuildContext(path="tmp/azureml-examples/cli/jobs/pipelines-with-components/nyc_taxi_data_regression/env_train"),
    name="SKLearnEnv",
    version=str(1),
    description="Scikit Learn environment",
)
ml_client_registry.environments.create_or_update(env_docker_context)

@t-young31 t-young31 marked this pull request as ready for review April 24, 2023 19:21
@damoodamoo
Copy link
Member

So - due to the timelines for what we're aiming for, we've taken the call to only include the registry, with an Algorithm Steward group having the only access to it. I've taken the registry aspects from this PR here- #284 , and removed the AML workspace from the serve layer for now. When ready, we'll use this branch to bring AML with the private networking back in.

@damoodamoo damoodamoo added the blocked Can't move label Apr 26, 2023
@t-young31
Copy link
Member Author

Not going to be bought in in the near term. Anyone: please feel free to reopen this when ready

@t-young31 t-young31 closed this Apr 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
blocked Can't move
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

AML VNet integration + model registry
2 participants
@t-young31 @damoodamoo