RetroSearch Browse

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://docs.databricks.com/aws/en/compute/custom-containers below:

Customize containers with Databricks Container Service

Databricks Container Services lets you specify a Docker image when you create compute. Some example use cases include:

Library customization: you have full control over the system libraries you want installed.
Golden container environment: your Docker image is a locked down environment that will never change.
Docker CI/CD integration: you can integrate Databricks with your Docker CI/CD pipelines.

You can also use Docker images to create custom deep learning environments on compute with GPU devices. For additional information about using GPU compute with Databricks Container Services, see Databricks Container Services on GPU compute.

For tasks to be executed each time the container starts, use an init script.

Requirementsâ

Your Databricks workspace must have Databricks Container Services enabled.
Your machine must be running a recent Docker daemon (one that is tested and works with Client/Server Version 18.03.0-ce) and the docker command must be available on your PATH.

Limitationsâ

Databricks Container Services is not supported on compute using standard access mode (formerly shared access mode).
Databricks Runtime for Machine Learning does not support Databricks Container Services.
To access Volumes on Databricks Container Services, add the following configuration to the compute's Spark config field: spark.databricks.unityCatalog.volumes.enabled true.
To access federated Hive metastores on Databricks Container Services, add the following configuration to the compute's Spark config field: spark.databricks.unityCatalog.hms.federation.enabled true.
172.17.0.0/16 is the default IP range used by Docker. To prevent connectivity issues due to an IP conflict, avoid setting up resources in this subnet.

Databricks Container Services is not supported on AWS Graviton instance types.

Step 1: Build your baseâ

Databricks recommends that you build your Docker base from a base that Databricks has built and tested. It is also possible to build your Docker base from scratch. This section describes the two options.

Option 1. Use a base built by Databricksâ

This example uses the 17.x tag for an image that will target a compute with Databricks Runtime 17.0 LTS and above:

Bash

FROM databricksruntime/standard:17.x
...

To specify additional Python libraries, such as the latest version of pandas and urllib, use the container-specific version of pip. For the databricksruntime/standard:17.x container, include the following:

Bash

RUN /databricks/python3/bin/pip install pandas
RUN /databricks/python3/bin/pip install urllib3

Base images are hosted on Docker Hub at https://hub.docker.com/u/databricksruntime. The Dockerfiles used to generate these bases are at https://github.com/databricks/containers.

note

Docker Hub hosted images with Tags with â-LTSâ suffix will be patched. All other images are examples and are not patched regularly.

note

The base images databricksruntime/standard and databricksruntime/minimal are not to be confused with the unrelated databricks-standard and databricks-minimal environments included in the no longer available Databricks Runtime with Conda (Beta).

Option 2. Build your own Docker baseâ

You can also build your Docker base from scratch. The Docker image must meet these requirements:

JDK 8u191 as Java on the system PATH
bash
iproute2 (ubuntu iproute)
coreutils (ubuntu coreutils)
procps (ubuntu procps)
sudo (ubuntu sudo)
Ubuntu Linux

To build your own image from scratch, you must create the virtual environment. You must also include packages that are built into Databricks compute, such as Python and R. To get started, you can use the appropriate base image:

For R: databricksruntime/rbase
For Python: databricksruntime/python
For the minimal image built by Databricks: databricksruntime/minimal

You can also refer to the example Dockerfiles in GitHub.

warning

Test your custom container image thoroughly on a Databricks compute. Your container may work on a local or build machine, but when your container is launched on Databricks the compute launch may fail, certain features may become disabled, or your container may stop working, even silently. In worst-case scenarios, it could corrupt your data or accidentally expose your data to external parties.

Step 2: Push your base imageâ

Push your custom base image to a Docker registry. This process is supported using the following registries:

Docker Hub with no auth or basic auth.
Azure Container Registry with basic auth.

Amazon Elastic Container Registry (Amazon ECR) with IAM (with the exception of Commercial Cloud Services (C2S)).

Other Docker registries that support no auth or basic auth are also expected to work.

note

If you use Docker Hub for your Docker registry, be sure to check that rate limits accommodate the amount of compute that you expect to launch in a six-hour period. These rate limits are different for anonymous users, authenticated users without a paid subscription, and paid subscriptions. See the Docker documentation for details. If this limit is exceeded, you will get a â429 Too Many Requestsâ response.

Step 3: Launch your computeâ

You can launch your compute using the UI or the API.

Launch your compute using the UIâ

On the Create compute page, specify a Databricks Runtime Version that supports Databricks Container Services.
Under Advanced, select the Docker tab.
Select Use your own Docker container.
In the Docker Image URL field, enter your custom Docker image.

Docker image URL examples:
Select the authentication type. You can use secrets to store username and password authentication values. See Docker image authentication.

Launch your compute using the APIâ

Generate an API token.

Use the Databricks CLI to launch a compute with your custom Docker base.

Bash

databricks clusters create \
--cluster-name <cluster-name> \
--node-type-id i3.xlarge \
--json '{
  "num_workers": 0,
  "docker_image": {
    "url": "databricksruntime/standard:latest",
    "basic_auth": {
      "username": "<docker-registry-username>",
      "password": "<docker-registry-password>"
    }
  },
  "spark_version": "16.4.x-scala2.12",
  "aws_attributes": {
    "availability": "ON_DEMAND",
    "instance_profile_arn": "arn:aws:iam::<aws-account-number>:instance-profile/<iam-role-name>"
  }
}'

Docker image authenticationâ

Authentication requirements depend on your Docker image type. You can also use secrets to store authentication usernames and passwords. See Use secrets for authentication.

For public Docker images, you do not need to include authentication information. In the UI, set Authentication to Default. For the API call, do not include the basic_auth fields.
For private Docker images, authenticate using a service principal ID and password (or applicable secrets) as the username and password.
For Azure Container Registry, authenticate using a service principal ID and password (or applicable secrets) as the username and password. See Azure Container Registry service principal authentication documentation for information about creating the service principal.

For Amazon ECR images, do not include authentication information. Instead, launch your compute with an instance profile that includes permissions to pull Docker images from the Docker repository where the image resides. To do this, follow steps 3 and 4 of the process for setting up secure access to S3 buckets using instance profiles.

Here is an example of an IAM role with permission to pull any image. The repository is specified by <arn-of-repository>.

JSON

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["ecr:GetAuthorizationToken"],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "ecr:BatchCheckLayerAvailability",
        "ecr:GetDownloadUrlForLayer",
        "ecr:GetrepositoryPolicy",
        "ecr:DescribeRepositories",
        "ecr:ListImages",
        "ecr:DescribeImages",
        "ecr:BatchGetImage"
      ],
      "Resource": ["<arn-of-repository>"]
    }
  ]
}

If the Amazon ECR image resides in a different AWS account than the Databricks compute, use an ECR repository policy in addition to the compute instance profile to grant the compute access. Here is an example of an ECR repository policy. The IAM role assumed by the compute's instance profile is specified by <arn-of-IAM-role>.

JSON

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowCrossAccountPush",
      "Effect": "Allow",
      "Principal": {
        "AWS": "<arn-of-IAM-role>"
      },
      "Action": [
        "ecr:BatchCheckLayerAvailability",
        "ecr:BatchGetImage",
        "ecr:DescribeImages",
        "ecr:DescribeRepositories",
        "ecr:GetDownloadUrlForLayer",
        "ecr:GetrepositoryPolicy",
        "ecr:ListImages"
      ]
    }
  ]
}

Use secrets for authenticationâ

Databricks Container Service supports using secrets for authentication. When creating your compute resource in the UI, use the Authentication field to select Username and password, then instead of entering your plain text username or password, enter your secrets using the {{secrets/<scope-name>/<dcs-secret>}} format. If you use the API, enter the secrets in the basic_auth fields.

For information on creating secrets, see Secret management.

Use an init scriptâ

Databricks Container Services enable customers to include init scripts in the Docker container. In most cases, you should avoid init scripts and instead make customizations through Docker directly (using the Dockerfile). However, certain tasks must be executed when the container starts, instead of when the container is built. Use an init script for these tasks.

For example, suppose you want to run a security daemon inside a custom container. Install and build the daemon in the Docker image through your image building pipeline. Then, add an init script that starts the daemon. In this example, the init script would include a line like systemctl start my-daemon.

In the API, you can specify init scripts as part of the compute spec as follows. For more information, see the Clusters API.

Bash

"init_scripts": [
    {
        "file": {
            "destination": "file:/my/local/file.sh"
        }
    }
]

For Databricks Container Services images, you can also store init scripts in cloud storage.

The following steps take place when you launch a compute that uses Databricks Container Services:

VMs are acquired from the cloud provider.
The custom Docker image is downloaded from your repo.
Databricks creates a Docker container from the image.
Databricks Runtime code is copied into the Docker container.
The init scripts are executed. See What are init scripts?.

Databricks ignores the Docker CMD and ENTRYPOINT primitives.

Enable Container Servicesâ

To use custom containers on your compute, a workspace admin must enable Databricks Container Services.

Workspace admins can enable Databricks Container Service using the Databricks CLI. In a JSON request body, specify enableDcs to true, as in the following example:

Bash

databricks workspace-conf set-status \
--json '{"enableDcs": "true"}'

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4