I have a GCP AI notebook instance. Anyone with admin access to notebook in my project can open notebook and read, modify or delete any folder/file which is created by me or any other user in my team. Is there a way to create a private repository like /home/user, like we could've done if we used JupyterHub installed on a VM?
Implementing your requirement is not feasible with AI Notebooks. AI Notebooks is intended for a rapid prototyping and development environment that can be easily managed, and advanced multi-user scenarios fall outside its intended purpose.
The Python Kernel in AI Notebooks always runs under the Linux user "Jupyter" regardless of what GCP user accesses the notebook. Anyone who has editor permissions to your Google Cloud project can see each other's work through the Jupyter UI.
In order to isolate the user's work, the recommended option is to set up individual notebook instances for each user. Please find the 'Single User' option.
It’s not feasible to combine multiple instances to a master instance in AI Notebooks. So, the recommended ways to give each user a Notebook instance and share any source code via GIT or other repository system. Please find Save a Notebook to GitHub doc for more information.
You probably created a Notebook using Service Account mode. You can provide access to single users only via single-user mode
Example:
proxy-mode=mail,proxy-user-mail=user#domain.com
Related
Is there anyway I convert/add Jupyter Lab to an existing VM. This VM was created under Compute -> Compute Engine -> VM Instances. When I go to AI Platforms -> Notebooks, I do not see this instance, so I'm assuming it is not setup to use Jupyter Lab. However, the settings on this VM should be more than sufficient to run Jupyter Lab, so I was hoping to add this functionality. Thank you.
The purpose of AI Platform Notebooks is to be a managed service for Jupyter Notebook. Please have a look at the documentation AI Platform Notebooks:
Managed JupyterLab notebook instances
AI Platform Notebooks is a managed service that offers an integrated
and secure JupyterLab environment for data scientists and machine
learning developers to experiment, develop, and deploy models into
production. Users can create instances running JupyterLab that come
pre-installed with the latest data science and machine learning
frameworks in a single click.
Also, if you check managed VM you'll found the description of the image:
Google, Deep Learning Image: Container Base, m50, A Debian based image with Docker and NVIDIA-Docker support for custom containers with Deep Learning Image integration.
and this image is different from the image you have on your VM.
As result, unfortunately, you're not able to use your existing VM for such purposes.
You can try to file a feature request at Google Issue Tracker if you really want to be able to do it.
It probably is a silly question. In my project we'll be using Dataflow and Cloud composer. For that I had asked permission to create a VM instance in the GCP project to keep the both the Dataflow and Cloud composer python program. But the client asked me the reason of creation of a VM instance and told me that you can execute the Dataflow without the VM instance.
Is that possible? If yes how to achieve it? Can anyone please explain it? It'll be really helpful to me.
You can run Dataflow pipelines or manage Composer environments in you own computer once your credentials are authenticated and you have both the Google SDK and Dataflow Python library installed. However, this depends on how you want to manage your resources. I prefer to use a VM instance to have all the resources I use in the cloud where it is easier to set up VPC networks including different services. Also, saving data from a VM instance into GCS buckets is usually faster than from an on-premise computer/server.
I am still new in AWS sagemaker. Working on a architecture where we would have an AWS sagemaker notebook. There would be multiple users, I want that students don`t see each other work. would I need to do that in terminal? or we can do that in notebook itself?
The simplest way is to create a small notebook instance for each student. This way you can have the needed isolation and also the responsibility of each student for their notebook to stop them when they are not in use.
The smallest instance type costs $0.0464 per hour. If you have it running 24/7 it costs about $30 per month. But if the students are responsible and stop their instances when they are not using them, it can be about $1 for 20 hours of work.
If you want to enable isolation to the notebooks, you can use the ability to presign the URL that is used to open the Jupyter interface. See here on the way to use the CLI to create the URL: https://docs.aws.amazon.com/cli/latest/reference/sagemaker/create-presigned-notebook-instance-url.html. It is also supported in other SDK.
create-presigned-notebook-instance-url
--notebook-instance-name <student-instance-name>
--session-expiration-duration-in-seconds 3600
You can integrate it into the internal portal that you have in your institute.
I know there is a good tutorial on how to create jupyter notebooks on AWS sagemaker "the easy way".
Do you know if it is possible to allow 10 students to create jupyter-notebooks who do not have an AWS accounts, and also allow them to edit jupyter-notebooks?
Enabling multiple users to leverage the same notebook (in this case, without authentication) will involve managing your Security Groups to enable open access. You can filter, allowing access for a known IP address range, if your students are accessing it from a classroom or campus, for example.
Tips for this are available in this answer and this page from the documentation, diving into network configurations for SageMaker hosted notebook instances.
As for enabling students to spin up their own notebooks, I'm not sure if it's possible to enable completely unauthenticated AWS-level resource provisioning -- however once you've spun up a single managed notebook instance yourself, students can create their own notebooks directly from the browser in Jupyter, once they've navigated to the publicly available IP. You may need to attach a new SageMaker IAM role that enables notebook creation (amongst other things, depending on the workload requirements). Depending on the computational needs (number, duration, and types of concurrent workloads), there will be different optimal setups of number of managed instances and instance type to prevent computational bottlenecking.
I have hired a google cloud window server 2012 machine for one of my developer in remote location to develop.
Since he is different timezone so I want him to start/stop the instance but I don't want to give him owner or any other permissions which enables him to download the code.
To fully protect the code I want him to give Editor role on the project but then he is unable to start the instance.
Can somebody please suggest how to achieve it where I can safeguard my code as well and he can start/stop the instance in his timezone for development?