-
Notifications
You must be signed in to change notification settings - Fork 532
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Provisioner] Update ports for UP cluster (#2485)
* AWS is working * GCP finished. TODO: find a way to write cluster yaml in backends_utils * simplify ports when repr * generate new sg for aws * fix aws new sg no permission for ssh, format * remove finished TODO * write cluster config in backend_utils; deprecate code in config.py * remove redundant * minor * format * nit * nit * Azure finished * fix * lint * change port type to List[str] * add cli option * minor * add doc * add doc * add ports doc * Update docs/source/reference/yaml-spec.rst Co-authored-by: Romil Bhardwaj <[email protected]> * add port doc * apply suggestions from code review * Apply suggestions from code review Co-authored-by: Zhanghao Wu <[email protected]> * fix * upd docs * apply suggestions from code review * change api to all ports, fix bug, check ports in resource_utils * minor * gracefully handle gcp ports * Update docs/source/reference/yaml-spec.rst Co-authored-by: Zhanghao Wu <[email protected]> * upd doc * remove ports argument & move ports-specific variable to make_deploy_variables * restore ToProvisionConfig * remove new provisioner api check * add checking for whether need open ports * nits & ffix multi-node cluster in aws * add backward compatibility for gcp ports * merge get_vpc_name and create_or_update_firewall_rule * fix __setstate__ * get rid of DEFAULT_AWS_SG_NAME and fix a bug * nits * nits * constant for aws default sg * move ports delta calculation into _update_after_cluster_provisioned * move sg / firewall name generation into make_deploy_variables * nit * fix * nits * update doc * fix a bug * Apply suggestions from code review Co-authored-by: Romil Bhardwaj <[email protected]> * add minimal rule for aws * add minimal for gcp * fix --------- Co-authored-by: Romil Bhardwaj <[email protected]> Co-authored-by: Zhanghao Wu <[email protected]>
- Loading branch information
1 parent
6f9ad6b
commit e5e400b
Showing
36 changed files
with
891 additions
and
295 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
.. _ports: | ||
|
||
Opening Ports | ||
============= | ||
|
||
At times, it might be crucial to expose specific ports on your cluster to the public internet. For example: | ||
|
||
- **Exposing Development Tools**: If you're working with tools like Jupyter Notebook or ray, you'll need to expose its port to access the interface / dashboard from your browser. | ||
- **Creating Web Services**: Whether you're setting up a web server, database, or another service, they all communicate via specific ports that need to be accessible. | ||
- **Collaborative Tools**: Some tools and platforms may require port openings to enable collaboration with teammates or to integrate with other services. | ||
|
||
Opening Ports for SkyPilot cluster | ||
---------------------------------- | ||
|
||
To open a port on a SkyPilot cluster, specify :code:`ports` in the :code:`resources` section of your task. For example, here is a YAML configuration to expose a Jupyter Lab server: | ||
|
||
.. code-block:: yaml | ||
# jupyter_lab.yaml | ||
resources: | ||
ports: 8888 | ||
setup: pip install jupyter | ||
run: jupyter lab --port 8888 --no-browser --ip=0.0.0.0 | ||
In this example, the :code:`run` command will start the Jupyter Lab server on port 8888. By specifying :code:`ports: 8888`, SkyPilot will expose port 8888 on the cluster, making the jupyter server publicly accessible. To launch and access the server, run: | ||
|
||
.. code-block:: bash | ||
$ sky launch -c jupyter jupyter_lab.yaml | ||
and look in for the logs for some output like: | ||
|
||
.. code-block:: bash | ||
Jupyter Server 2.7.0 is running at: | ||
http://127.0.0.1:8888/lab?token=<token> | ||
To get the public IP address of the head node of the cluster, run :code:`sky status --ip jupyter`: | ||
|
||
.. code-block:: bash | ||
$ sky status --ip jupyter | ||
35.223.97.21 | ||
In the jupyter server URL, replace :code:`127.0.0.1` with the public IP from :code:`sky status --ip jupyter` and open the URL in your browser. | ||
|
||
If you want to expose multiple ports, you can specify a list of ports or port ranges in the :code:`resources` section: | ||
|
||
.. code-block:: yaml | ||
resources: | ||
ports: | ||
- 8888 | ||
- 10020-10040 | ||
- 20000-20010 | ||
SkyPilot also support opening ports through the CLI: | ||
|
||
.. code-block:: bash | ||
$ sky launch -c jupyter --ports 8888 jupyter_lab.yaml | ||
Security and Lifecycle Considerations | ||
------------------------------------- | ||
|
||
Before you start opening ports, there are a few things you need to bear in mind: | ||
|
||
- **Public Accessibility**: Ports you open are exposed to the public internet. It means anyone who knows your VM's IP address and the opened port can access your service. Ensure you use security measures, like authentication mechanisms, to protect your services. | ||
- **Lifecycle Management**: All opened ports are kept open, even after individual tasks have finished. The only instance when ports are automatically closed is during cluster shutdown. At shutdown, all ports that were opened during the cluster's lifespan are closed. Simultaneously, all corresponding firewall rules and security groups associated with these ports are also cleaned up. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.