search

Hydrospheredata / hydro-serving

MLOps Platform
http://docs.hydrosphere.io
Apache License 2.0
271 stars 42 forks source link

Internet Access within Application #243

Closed albertnanda closed 5 years ago

albertnanda commented 5 years ago

Hi,

I have created a service which will takes an url as input and use requests(python) to get the content. However, there seems to be a problem with name resolution. Here is the error message from runtime: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution'. I am using the standard hydrosphere runtime.

Thanks, AN

tidylobster commented 5 years ago

Hi, @albertnanda

By default, running application containers do not have access to the Internet. You have to supply everything along with the model when first uploading it.

albertnanda commented 5 years ago

Hi @tidylobster,

Can I configure it? I am trying to create a service which needs access to internet.

KineticCookie commented 5 years ago

Hi @albertnanda It depends on your infrastructure. If you deployed hydro-serving using our docker-compose file, you could change the network definition there to get access to external resources. https://github.com/Hydrospheredata/hydro-serving/blob/2727c1b8b80a29ef2eeb7ed4904a784729165bce/docker-compose.yml#L78-L87

albertnanda commented 5 years ago

@tidylobster .. should this work? networks: hydronet: name: demo_hydronet driver: bridge

extnet: driver: bridge

tidylobster commented 5 years ago

@albertnanda It's enough to just throw away internal: true parameter, which isolates the network. Bear in mind though, all of your services will be available from the outside in that configuration.

albertnanda commented 5 years ago

@tidylobster : This is my config file: networks: hydronet: name: demo_hydronet

internal: true

ipam:
  config:
    - subnet: 172.16.0.0/24

extnet: driver: bridge

After updating docker-compose.yml, I did: 1. docker stop $(docker ps -aq) 2. docker rm $(docker ps -aq) 3. docker rmi $(docker images -aq) 4. docker-compose up -d 5. hs upload My application can't still access internet. I did docker exec -it /bin/bash Output of /etc/resolve.conf: nameserver 127.0.0.11 options ndots:0

tidylobster commented 5 years ago

Probably, you haven't recreated networks to align with the new configuration. Check that demo_hydronet network doesn't have internal flag set to true

$ docker network inspect demo_hydronet | grep -i internal
albertnanda commented 5 years ago

@tidylobster My bad, you are right, I did - docker network rm $(docker network ls -q) and then deleted everything.. docker-compose up -d. It's working now. Thanks a lot. I do have one question, how can i make only one service access internet, instead of all the services. Is there a way to do it?

KineticCookie commented 5 years ago

Unfortunately no - manager creates all containers within a defined network.

albertnanda commented 5 years ago

@KineticCookie Even with custom runtimes? Can I create a custom runtime and maybe copy config or something?

KineticCookie commented 5 years ago

Runtime is basically a code with dependencies to lauch your models. Networking and other settings are defined in the infrastructure level, and can only be changed on deploy.

However you could try to create new network with internet access and connect desired container to in manually (https://docs.docker.com/engine/reference/commandline/network_connect/), but we didn't test such use cases and we can't guarantee that it will work.

albertnanda commented 5 years ago

@KineticCookie Think this is a dead end for me. Can you please plan to add this as a feature in your next version?