Examples: query, "exact match", wildcard*, wild?ard, wild*rd
Fuzzy search: cake~ (finds cakes, bake)
Term boost: "red velvet"^4, chocolate^2
Field grouping: tags:(+work -"fun-stuff")
Escaping: Escape characters +-&|!(){}[]^"~*?:\ with \, e.g. \+
Range search: properties.timestamp:[1587729413488 TO *] (inclusive), properties.title:{A TO Z}(excluding A and Z)
Combinations: chocolate AND vanilla, chocolate OR vanilla, (chocolate OR vanilla) NOT "vanilla pudding"
Field search: properties.title:"The Title" AND text
Answered
Hi Everyone! I'M Working On A Solution That Uses Clearml Agent Running On An Ec2 Instances. These Instances (And Agents) Are Provisioned Automatically And Listen To A Specific Clearml Queue. Different Users Can Send Jobs To This Queue And Therefore To Th

Hi everyone! I'm working on a solution that uses clearml agent running on an EC2 instances. These instances (and agents) are provisioned automatically and listen to a specific clearml queue. Different users can send jobs to this queue and therefore to the agent on the instance. Do you have any recommendations on how to best manage git credentials for this? Since the agent is not user specific but different users can send jobs to those, it wouldn't make sense to set up a user specific git credentials for the agent. Thank you 🙂

  
  
Posted 4 months ago
Votes Newest

Answers 4


Hi @<1719524650926477312:profile|EncouragingFish95> , I think what you're looking for is the AWS autoscaler - None

None

  
  
Posted 4 months ago

Then you can define the git credentials that can clone these repositories

  
  
Posted 4 months ago

if you are on github.com , you can use Fine tune PAT token to limit access to minimum. Although the token will be tight to an account, it's quite easy to change to another one from another account.

  
  
Posted 4 months ago

He's asking "what git credentials make sense to use for agents" - regardless of autoscaling or not. I had the same question earlier.

tldr: it depends on your security policies.

@<1719524650926477312:profile|EncouragingFish95> - if you have the ability to create a "service account" in your git provider, perhaps at the org-level, I would do that.

My org's cloud git provider does not enable this functionality, and so we have agreed that it is "acceptable" to have the agent's git credentials basically be tied to a token for my account (since I'm effectively administrating our server). Since it's read-only (clearml doesnt push commits), it didn't feel particularly important to have identities correctly tied to the agents.

If it's possible to create a user account that multiple trusted people on your team can administrator, then I would do that. read-only auth keys at the repo-level would work too.

(always consider the risk of "how will my team handle this if I am to suddenly leave" and "to what repos does this token grant access")

  
  
Posted 4 months ago