search

TKWS239 / mlflow-ldap

MLflow ldap and audit log integration
Apache License 2.0
6 stars 0 forks source link

Issue with MLFlow 2.14 bitnami container #1

Closed chriskeAlerant closed 2 months ago

chriskeAlerant commented 3 months ago

Hi there!

First of all, thank you for your work!

I tried to use your solution with MLFlow 2.14 (in a bitnami based container), but unfortunately I'm getting this error message:

mlflow@mlflow-tracking-6c676df748-b6dsf:/bitnami/mlflow$ cat audit.log Creating initial MLflow database tables... Updating database tables This feature is still experimental and may change in a future release without warning This feature is still experimental and may change in a future release without warning This feature is still experimental and may change in a future release without warning Created admin user 'user'. It is recommended that you set a new password as soon as possible on /api/2.0/mlflow/users/update-password. This feature is still experimental and may change in a future release without warning Exception on / [GET] Traceback (most recent call last): File "/opt/bitnami/python/lib/python3.10/site-packages/flask/app.py", line 1473, in wsgi_app response = self.full_dispatch_request() File "/opt/bitnami/python/lib/python3.10/site-packages/flask/app.py", line 882, in full_dispatch_request rv = self.handle_user_exception(e) File "/opt/bitnami/python/lib/python3.10/site-packages/flask/app.py", line 878, in full_dispatch_request rv = self.preprocess_request() File "/opt/bitnami/python/lib/python3.10/site-packages/flask/app.py", line 1253, in preprocess_request rv = self.ensure_sync(before_func)() File "/opt/bitnami/python/lib/python3.10/site-packages/mlflow/server/handlers.py", line 561, in wrapper return func(*args, kwargs) File "/opt/bitnami/python/lib/python3.10/site-packages/mlflow/server/auth/init.py", line 465, in _before_request authorization = authenticate_request() File "/opt/bitnami/python/lib/python3.10/site-packages/mlflow/server/auth/init.py", line 429, in authenticate_request auth_func = get_auth_func(auth_config.authorization_function) File "/opt/bitnami/python/lib/python3.10/site-packages/mlflow/server/auth/init.py", line 442, in get_auth_func module = importlib.import_module(mod_name) File "/opt/bitnami/python/lib/python3.10/importlib/init.py", line 126, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "", line 1050, in _gcd_import File "", line 1027, in _find_and_load File "", line 1004, in _find_and_load_unlocked ModuleNotFoundError: No module named 'mlflow.ldap'** {"datetime": "2024/07/08 20:51", "user_ip": "127.0.0.1", "user_name": null, "request": "/login", "resources": "null", "run_uuid": "null", "experiment_id": "null", "method": "GET", "response_status": "500 INTERNAL SERV ER ERROR"} {"datetime": "2024/07/08 20:51", "user_ip": "127.0.0.1", "user_name": null, "request": "/favicon.ico", "resources": "null", "run_uuid": "null", "experiment_id": "null", "method": "GET", "response_status": "404 NOT FOU ND"}

I did everything as you instructed, but I think something is changed in MLFlow. As you can see, the python path is different than yours in the example, but I modified it: /opt/bitnami/python/lib/python3.10/site-packages/mlflow/ldap_auth.py

Can you help fixing this issue?

Thanks!

TKWS239 commented 3 months ago

Hi, thanks for letting me know the issues. I just have a quick look on the MLflow offical source code. Some codes have been changed for server/init.py.

Once I confirmed the root cause, I will upload the latest code regarding the update on MLflow side.

If you want to use the ldap asap, u can downgrade the mlflow version to 2.12-2.13. Thank you!

chriskeAlerant commented 3 months ago

Thank you very much!

chriskeAlerant commented 3 months ago

Hello again!

I made some tests with 2.12 and 2.13 and I didn't succeeded. So I thought that maybe the issue is with the container itself somehow. Becuase of that, I tried your solution with this docker compose pack:

https://github.com/sachua/mlflow-docker-compose/tree/master

I modified it, so it can uses your ldap.py and the basic auth config. At first try it was able to find your ldap module, but I've got this error:

024/07/09 07:50:33 ERROR mlflow.server: Exception on / [GET] Traceback (most recent call last): File "/usr/local/lib/python3.10/site-packages/flask/app.py", line 1473, in wsgi_app response = self.full_dispatch_request() File "/usr/local/lib/python3.10/site-packages/flask/app.py", line 882, in full_dispatch_request rv = self.handle_user_exception(e) File "/usr/local/lib/python3.10/site-packages/flask/app.py", line 878, in full_dispatch_request rv = self.preprocess_request() File "/usr/local/lib/python3.10/site-packages/flask/app.py", line 1253, in preprocess_request rv = self.ensure_sync(before_func)() File "/usr/local/lib/python3.10/site-packages/mlflow/server/handlers.py", line 494, in wrapper return func(*args, kwargs) File "/usr/local/lib/python3.10/site-packages/mlflow/server/auth/init.py", line 459, in _before_request authorization = authenticate_request() File "/usr/local/lib/python3.10/site-packages/mlflow/server/auth/init.py", line 426, in authenticate_request return auth_func() TypeError: ldap_auth() missing 4 required positional arguments: 'ldap_host', 'domain', 'username', and 'password'**

I checked the init.py in the original authentication code, and I figured out that the original code should call your module's authenticate_request method, not ldap_auth directly. So is modified the basic_auth.ini to this:

[mlflow] default_permission = READ database_uri = sqlite:///basic_auth.db admin_username = admin admin_password = password authorization_function = mlflow.ldap:authenticate_request

With this modification it's working with the latest version 2.14.2 :)

So, the conclusion is that somehow the bitnami container can't find the ldap module (as I posted in my first comment). Unforunately I'm not a python expert to figure this out. Do you have any ideas why is this happening?

Thanks in advance!

TKWS239 commented 2 months ago

before launch the mlflow server, you need to configure the environment variable in order to enable the mlflow connect your ad server.

export MLFLOW_AUTH_CONFIG_PATH=$BASE_DIR/basic_auth.ini export ldap_host=your_ldap_server_address export domain=your_ad_domain export log_file=your_log_file_name

chriskeAlerant commented 2 months ago

thanks! I just figured out that it was a file permission error in the container. Thanks for your help! It is verified now, that your solution is working with the bitnami container. The only change it needed was this one in the basic_auth.ini :

authorization_function = mlflow.ldap:authenticate_request

thanks for the support and your work!

TKWS239 commented 2 months ago

@chriskeAlerant Bug fixed and compatible with 2.14.2 now. Also, can star the project as well? Thanks for the bug reporting!