Docker容器，用于计算引擎上的google cloudML - 验证安装桶 [英] Docker container for google cloudML on compute engine - authenticating for mounting bucket

问题描述

我一直在使用谷歌的机器学习平台， cloudML 。

I have been working with google's machine learning platform, cloudML.

大图：
我试图找出最干净的方式让他们的码头工作人员环境在Google计算实例上运行，可以访问cloudML API和我的存储桶。

Big picture: I'm trying to figure out the cleanest way to get their docker environment up and running on google compute instances, have access to the cloudML API and my storage bucket.

从本地开始，我已配置我的服务帐户

Starting locally, I have my service account configured

C:\Program Files (x86)\Google\Cloud SDK>gcloud config list
Your active configuration is: [service]

[compute]
region = us-central1
zone = us-central1-a
[core]
account = 773889352370-compute@developer.gserviceaccount.com
disable_usage_reporting = False
project = api-project-773889352370

我用google容器图像系列引导计算实例

I boot a compute instance with the google container image family

gcloud compute instances create gci --image-family gci-stable --image-project google-containers --scopes 773889352370-compute@developer.gserviceaccount.com="https://www.googleapis.com/auth/cloud-platform"

编辑：需要明确设置与cloudML通信的范围。

Need to explicitly set scope for communicating with cloudML.

我可以将ssh插入到该实例中（用于调试）

I can then ssh into that instance (for debugging)

gcloud compute ssh benweinstein2010@gci 

On the compute instance, I can pull the cloudML docker from GCR and run it

docker pull gcr.io/cloud-datalab/datalab:local
docker run -it --rm  -p "127.0.0.1:8080:8080" \
  --entrypoint=/bin/bash \
  gcr.io/cloud-datalab/datalab:local

我可以确认我有权访问我所需的桶。没有证书问题在那里

I can confirm I have access to my desired bucket. No credential problems there

root@cd6cc28a1c8a:/# gsutil ls gs://api-project-773889352370-ml
gs://api-project-773889352370-ml/Ben/
gs://api-project-773889352370-ml/Cameras/
gs://api-project-773889352370-ml/MeerkatReader/
gs://api-project-773889352370-ml/Prediction/
gs://api-project-773889352370-ml/TrainingData/
gs://api-project-773889352370-ml/cloudmldist/

但是当我尝试安装存储桶时

But when I try to mount the bucket

root@139e775fcf6b:~# gcsfuse api-project-773889352370-ml /mnt/gcs-bucket
Using mount point: /mnt/gcs-bucket
Opening GCS connection...
Opening bucket...
Mounting file system...
daemonize.Run: readFromProcess: sub-process: mountWithArgs: mountWithConn: Mount: mount: running fusermount: exit status 1

stderr:
fusermount: failed to open /dev/fuse: Operation not permitted

必须是我需要激活我的服务帐户内的码头集装箱？我已经有类似的（未解决的问题其他地方）

It must be that I am required to activate my service account from within the docker container? I have had similar (unsolved issues elsewhere)

gcloud auth activate-service-account

我可以通过docker一个凭据.json文件，但我不知道在哪里/如果gcloud ssh将这些文件传递给我的实例？

I could pass docker a credentials .json file, but i'm not sure where/if gcloud ssh passes those files to my instance?

我可以更广泛地访问云平台，例如我可以向cloudML API发布请求。

I have access to cloud platform more broadly, for example I can post a request to the cloudML API.

gcloud beta ml predict --model ${MODEL_NAME} --json-instances images/request.json > images/${outfile}

成功。所以有些凭据正在被传递。我想我可以把它传递给计算引擎，然后从计算引擎到Docker实例？感觉我没有按照预期使用这些工具。我认为gcloud会在本地验证后处理这个问题。

which succeeds. So some credentials are being passed.I guess I could pass it to compute engine, and then from the compute engine to the docker instance? It feels like i'm not using the tools as intended. I thought gcloud would handle this once I authenticated locally.

推荐答案

这是一个docker问题，而不是gcloud权限问题。 Docker需要以--privileile运行以允许保险丝挂载。

This was a docker issue, not a gcloud permissions issue. Docker needs to be run as --privileged to allow fuse to mount.

这篇关于Docker容器，用于计算引擎上的google cloudML - 验证安装桶的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！