Reputation
Badges 1
10 × Eureka!Ok for GCP Auto Scaler it is even more complicated to get Google Cloud Storage Write Access. It seems that VMs are started with the default access scope . This means that the VM will only have read access to GCS but is unable to write. I think the only way to change this is on VM creation.
I tried starting a VM manually, same image and service account, installed clearml-agent manually and conncted it to my workspace. everything was working fine. I really need help as the GCP Auto Scaler is setting the wrong scope on VM creation:
Could not find the source code for the GCP autoscaler, but am very confident that this is the issue. Can you please help @channel
Hi Jake, thank you for your response. Good to know that credentials_json
supports direct decoding. This should be mentioned at the storage documentation .
For GCP Autoscaler, i think that the "Service Account Email" provided for each instance configuration should restrict access based on IAM rules. Right now the scope will not allow the user to add additional permissions to this service account.
i.e. If you select another "Service...
Am I missing something or should it generally work this way? Or should I set agent.google.storage {}?
If you refer to the storage section, I did. But it is not very clear where google.storage
should be added. Its obvious to add this in the sdk section. Not sure if I need to do more in the agent section. Please see my configuration above.
A working workaround is this: agent.extra_docker_arguments: ["-v","/home/cboden/clearml_service.json:/root/clearml_service.json","-e","GOOGLE_APPLICATION_CREDENTIALS=/root/clearml_service.json",]
Error:
2024-02-26 09:11:43,799 - clearml.storage - ERROR - Failed uploading: 403 POST
: {
"error": {
"code": 403,
"message": "Access denied.",
"errors": [
{
"message": "Access denied.",
"domain": "global",
"reason": "forbidden"
}
]
}
}
Same task with same credentials is working fine on local agent in docker mode but not with GCP Auto Scaler
Now I tried to setup GCP Auto Scaler. No easy way to get Google Cloud Storage working with it. I think it would be good if the service account file gets be mounted automatically for agent in docker mode.
I really like ClearML and the dokumentation is good to get started, but I feel a lot of things was try and error if I want to do something more than the early basics. I still think it is a great tool but lacks on some detail in the documentations. Some examples:
- How to add Google service a...
Yes if I run the experiment directly via sdk, the cloud access is working fine
Can you please help how to deal with this?