本地身份验证示例

本节介绍如何在 Driverless AI 中启用本地身份验证。

Docker 映像安装

本机安装

若要在 Docker 映像中启用身份验证,需指定您想要使用的身份验证环境变量。每个变量必须以 DRIVERLESS_AI_ 开头。以下示例通过环境变量来启动 Driverless AI 从而:

  • 在启动 Driverless AI 时启用本地身份验证

  • 启用 S3 和 HDFS 访问(无身份验证)

nvidia-docker run \
  --pid=host \
  --init \
  --rm \
  --shm-size=256m \
  -p 12345:12345 \
  -u `id -u`:`id -g` \
  -e DRIVERLESS_AI_ENABLED_FILE_SYSTEMS="file,s3,hdfs" \
  -e DRIVERLESS_AI_AUTHENTICATION_METHOD="local" \
  -e DRIVERLESS_AI_LOCAL_HTPASSWD_FILE="<htpasswd_file_location>" \
  -v `pwd`/data:/data \
  -v `pwd`/log:/log \
  -v `pwd`/license:/license \
  -v `pwd`/tmp:/tmp \
  h2oai/dai-centos7-x86_64:1.9.2.1-cuda10.0.xx

本机安装包括 DEB、RPM 和 TAR SH 安装。以下示例展示了启用以下时需在 config.toml 文件中设置的配置选项:

  • 在启动 Driverless AI 时启用本地身份验证

  • 启用 S3 和 HDFS 访问(无身份验证)

  1. 导出 Driverless AI config.toml 文件或将其添加至 ~/.bashrc。例如:

# DEB and RPM
export DRIVERLESS_AI_CONFIG_FILE="/etc/dai/config.toml"

# TAR SH
export DRIVERLESS_AI_CONFIG_FILE="/path/to/your/unpacked/dai/directory/config.toml"

  1. 打开 config.toml 文件并编辑身份验证变量。安装 RPM 或 DEB 后,可在 etc/dai 文件夹中找到 config.toml 文件。

# File System Support
# file : local file system/server file system
# hdfs : Hadoop file system, remember to configure the hadoop coresite and keytab below
# s3 : Amazon S3, optionally configure secret and access key below
# gcs : Google Cloud Storage, remember to configure gcs_path_to_service_account_json below
# gbq : Google Big Query, remember to configure gcs_path_to_service_account_json below
enabled_file_systems = "file,s3,hdfs"

# authentication_method
# unvalidated : Accepts user id and password, does not validate password
# none : Does not ask for user id or password, authenticated as admin
# pam :  Accepts user id and password, Validates user with operating system
# ldap : Accepts user id and password, Validates against an ldap server, look
# local: Accepts a user id and password, Validated against a htpasswd file provided in local_htpasswd_file
# for additional settings under LDAP settings
authentication_method = "local"

# Local password file
# Generating a htpasswd file: see syntax below
# htpasswd -B "<location_to_place_htpasswd_file>" "<username>"
# note: -B forces use of brcypt, a secure encryption method
local_htpasswd_file = "<htpasswd_file_location>"

  1. 启动(或重启)Driverless AI。请注意,用于启动 Driverless AI 的命令将因安装类型而异。

# Linux RPM or DEB with systemd
sudo systemctl start dai

# Linux RPM or DEB without systemd
sudo -H -u dai /opt/h2oai/dai/run-dai.sh

# Linux TAR SH
./run-dai.sh