Hi folks
I am attempting to set up azure blob thr...
# flyte-supportm
millions-queen-16335
04/04/2023, 7:20 AMHi folks
I am attempting to set up azure blob through stow. My values for storage settings looks like so:
Copy code
storage:
type: custom
enableMultiContainer: true
limits:
maxDownloadMBs: 500000
type: custom
bucketName: "{{ .Values.userSettings.azure.containerName }}"
custom:
container: "{{ .Values.userSettings.azure.containerName }}"
enable-multicontainer: true
connection: {}
type: stow
stow:
kind: azure
config:
account: "{{ .Values.userSettings.azure.storageAccountName }}"
key: "{{ .Values.userSettings.azure.storageAccountKey }}" Copy code
Traceback (most recent call last): │
│ File "/opt/venv/bin/pyflyte-execute", line 8, in <module> │
│ sys.exit(execute_task_cmd()) │
│ File "/opt/venv/lib/python3.8/site-packages/click/core.py", line 1130, in __call__ │
│ return self.main(*args, **kwargs) │
│ File "/opt/venv/lib/python3.8/site-packages/click/core.py", line 1055, in main ││ rv = self.invoke(ctx) ││ File "/opt/venv/lib/python3.8/site-packages/click/core.py", line 1404, in invoke ││ return ctx.invoke(self.callback, **ctx.params) ││ File "/opt/venv/lib/python3.8/site-packages/click/core.py", line 760, in invoke ││ return __callback(*args, **kwargs) ││ File "/opt/venv/lib/python3.8/site-packages/flytekit/bin/entrypoint.py", line 470, in execute_task_cmd ││ _execute_task( ││ File "/opt/venv/lib/python3.8/site-packages/flytekit/exceptions/scopes.py", line 160, in system_entry_point ││ return wrapped(*args, **kwargs) ││ File "/opt/venv/lib/python3.8/site-packages/flytekit/bin/entrypoint.py", line 348, in _execute_task ││ _handle_annotated_task(ctx, _task_def, inputs, output_prefix) ││ File "/opt/venv/lib/python3.8/site-packages/flytekit/bin/entrypoint.py", line 291, in _handle_annotated_task ││ _dispatch_execute(ctx, task_def, inputs, output_prefix) ││ File "/opt/venv/lib/python3.8/site-packages/flytekit/bin/entrypoint.py", line 160, in _dispatch_execute ││ ctx.file_access.put_data(ctx.execution_state.engine_dir, output_prefix, is_multipart=True) ││ File "/opt/venv/lib/python3.8/site-packages/flytekit/core/data_persistence.py", line 476, in put_data ││ raise FlyteAssertion( ││ flytekit.exceptions.user.FlyteAssertion: Failed to put data from /tmp/flyte-z58pqpy5/sandbox/local_flytekit/engine_dir to <abfs://flyte-workflows/metadata/propeller/>...
Original exception: No plugin found for matching protocol of path <abfs://flyte-workflows/metadata/propeller/>...millions-queen-16335
04/04/2023, 7:22 AMCalling @incalculable-zebra-90365. It seems you have the closest related issue on github. Maybe you know what's up? 🙂
i
incalculable-zebra-90365
04/04/2023, 9:14 AMHi @millions-queen-16335! your configuration looks fine to me, we're using basically the same (expect you have an extra
type: customlimitsFlyteDirectoryincalculable-zebra-90365
04/04/2023, 9:16 AMI'm not a python/flytekit expert unfortunately, but it looks to me that abfs protocol support was potentially broken over the last few months (we're internally still based on flytekit 1.1.0). These two commits come to mind:
https://github.com/flyteorg/flytekit/commit/6f19d7435b11df6384cf9ed099ad74ce9fbe651f
https://github.com/flyteorg/flytekit/commit/28da983bba36e243bc671f9ba1aa53a0791efd62
Especially the second one (related to https://github.com/flyteorg/flytekit/pull/1526) looks like it might be the culprit since handling was changed quite a bit, but that's still a beta release if I saw that correctly
incalculable-zebra-90365
04/04/2023, 9:17 AMAzure support is still somewhat experimental I believe, we're still working out the fsspec/adlfs issues internally before contributing our changes back upstream, plus documentation on a "proper" Azure setup is still outstanding as well 😅
🙏🏽 1
incalculable-zebra-90365
04/04/2023, 9:17 AMwhich version of flytekit are you running?
m
millions-queen-16335
04/04/2023, 9:27 AMGood observations. Thanks! - I'm running 1.4 and will give 1.1 a go.
Should I consider which chart version I use for flyte-core deployment as well?
i
incalculable-zebra-90365
04/04/2023, 9:30 AMI'm honestly not sure what version of the rest of the flyte components you'll have to pick in order to be compatible with flytekit 1.1, we're running an internal fork of most components to allow for in-house flyte development before we push changes back upstream, so we're a bit out of sync with the upstream. we're also quite a few months back on updates due to lack of time on my side 😅
incalculable-zebra-90365
04/04/2023, 9:31 AMI think we're roughly based on the 1.1.0 release of flyte (https://github.com/flyteorg/flyte/tree/v1.1.0/charts/flyte-core), although we're using slightly newer versions of flyteadmin/flytepropeller, I would estimate around Q3/Q4 of last year, but cannot put it to an exact version as we're working based on
masterincalculable-zebra-90365
04/04/2023, 9:32 AMwe have internal tasks to update to the latest versions of flyte using the upstream published releases soon, so we'll probably run into a similar issue like you've seen. I assume we'll need to re-add abfs support like I did a while ago (https://github.com/flyteorg/flytekit/pull/1109)
incalculable-zebra-90365
04/04/2023, 9:33 AMno ETA on that from my side though unfortunately 😕 it's on my plate, but so is a lot else unfortunately 😅
m
millions-queen-16335
04/04/2023, 9:36 AMRoger that. I'll give it a jab and report back.
Maybe we should add some docs for experimental AKS/azure blob setup? - Just to indicate the state of maturity and (hopefully) a known path to something that isn't smoking 😄
millions-queen-16335
04/04/2023, 9:37 AMThank you for the good feedback!
i
incalculable-zebra-90365
04/04/2023, 9:37 AMthat's been on my todo list for a while now too (adding some basic docs), but I haven't gotten around to doing so unfortunately 🙈
m
millions-queen-16335
04/04/2023, 12:57 PMChanging to flytekit 1.1 swapped the protocol to HTTPS, but results in response 400.
Copy code
pyflyte run --remote workflows/example.py wf --name 'hello'
File "/home/user/.local/share/virtualenvs/first-attempt-to-flyte-Ae80d762/lib/python3.8/site-packages/flytekit/core/data_persistence.py", line 447, in put_data
raise FlyteAssertion(
flytekit.exceptions.user.FlyteAssertion: Failed to put data from /tmp/tmprmqf8xzd/script_mode.tar.gz to <https://my.blob.core.windows.net/flyte-workflows/flytesnacks/development/FOVDCPZCJ447LTKJTX5HCLBKPA======/scriptmode.tar.gz?se=2023-04-04T13%3A50%3A53Z&sig=V7%2B9c7Y5e4Oc0sf2XbxVXOtWssJIdCmxst4wtWLzzyI%3D&sp=aw&spr=https&sr=b&sv=2019-12-12> (recursive=False).
Original exception: Value error! Received: 400. Request to send data failed.f
freezing-airport-6809
04/04/2023, 1:45 PM
So @incalculable-zebra-90365 @millions-queen-16335 Flyte backend and flytekit are no tightly dependent on a version
freezing-airport-6809
04/04/2023, 1:45 PM
But we have migrated all flytekit storage subsystem to fsspec now
freezing-airport-6809
04/04/2023, 1:45 PM
And worked with fsspec to fix a lot of bugs
freezing-airport-6809
04/04/2023, 1:46 PM
But. Sadly my team has no access to azure and would love help
freezing-airport-6809
04/04/2023, 1:46 PM
The fsspec team is very receptive to us
i
incalculable-zebra-90365
04/04/2023, 1:47 PMthe only bug we encountered with fsspec or adlfs more precisely was fixed by this: https://github.com/fsspec/adlfs/pull/398 unfortunately there's no new tag yet, so it's not fully available. but that should not cause the issue Mathias is seeing
f
freezing-airport-6809
04/04/2023, 1:47 PM
@incalculable-zebra-90365 has been promising me to get azure support upstreamed, but I have not seen anything and this has been months
freezing-airport-6809
04/04/2023, 1:49 PM
Hmm that seems like a ln issue with signed urls
i
incalculable-zebra-90365
04/04/2023, 1:49 PMwe've been waiting for the adlfs fix to finally be merged, had another PR open for a few months before that - without that,
FlyteDirectoryf
freezing-airport-6809
04/04/2023, 1:50 PM
Also @incalculable-zebra-90365 you should get onto flytekit 1.5 beta. Can you help test it.
Supports lots of cool things
Streaming files and directories
Multi list maps
Better caching on map tasks
Pyflyte run multi file etc
i
incalculable-zebra-90365
04/04/2023, 1:51 PMI'd love to, there's been people requesting an update to a newer version anyways, unfortunately my time is quite limited atm. but that's a different topic/not related to Mathias' issue
incalculable-zebra-90365
04/04/2023, 1:53 PMto rule out an invalid azure blob storage configuration: did you test the account/key in e.g. azure storage explorer to make sure the credentials work @millions-queen-16335? are they IP restricted by any chance?
m
millions-queen-16335
04/04/2023, 2:28 PMI tired a bad key, which causes pods to fail at startup.
I just tried degrading to flyte-core 1.1.0 as well, same issue, but I also note that when running pyflyte run --remote, I get the respose 400 on HTTPS error, however when I package and register and execute the workflow on flyte, it throws the plugin (for abfs) error.
millions-queen-16335
04/04/2023, 2:29 PMI'll check out storage explorer
millions-queen-16335
04/04/2023, 2:36 PMI see inputs and user_inputs files. So something is in fact working! (still on 1.1.0 for both core and kit)
millions-queen-16335
04/04/2023, 2:49 PMFlyte reports (same as in OP):
Copy code
Original exception: No plugin found for matching protocol of path abfs://...awqq2pc7mkjlnmql7vcf/n0/data/0f
freezing-airport-6809
04/04/2023, 2:51 PM
Ohh ya you have to install 2 additional dependencies
freezing-airport-6809
04/04/2023, 2:52 PM
Flytekitplugins-data-fsspec
freezing-airport-6809
04/04/2023, 2:52 PM
And abfs
m
millions-queen-16335
04/04/2023, 2:53 PMI see. In the package image?
i
incalculable-zebra-90365
04/04/2023, 2:53 PMadlfs, not abfs, right? 🤔 at least that's what we've been using so far to handle the azure blob storage protocol
incalculable-zebra-90365
04/04/2023, 2:54 PMwe're installing these two in the projects that use flytekit itself, yeah
incalculable-zebra-90365
04/04/2023, 2:55 PMso in the same image your code is running in
m
millions-queen-16335
04/04/2023, 2:58 PMRoger
millions-queen-16335
04/04/2023, 3:06 PM Copy code
Original exception: unable to connect to account for Must provide either a connection_string or account_name with credentials!!millions-queen-16335
04/04/2023, 4:08 PMNo luck so far. I'm shutting down for the day. It feels like we are getting close though! 🙂
millions-queen-16335
04/05/2023, 9:42 AMOk. - So the backend uses stow as configured through chart values and flytekit uses fsspec. This explains why I see files correctly written as well as an error about credentials.
fsspec/adbl want an account-name and key, which it will attempt to collect in various ways. - the credentials as far as I can gather, is also unrelated to the stow config.
Do you recommend/prefer a way to offer the azure name and key to fsspec?
f
freezing-airport-6809
04/05/2023, 1:10 PM
Ohh we recommend using serviceaccount to get the role
On AWS we use eks serviceaccount for Iam role,
On gcp workload identity
On azure @incalculable-zebra-90365
i
incalculable-zebra-90365
04/05/2023, 1:13 PMAzure has pod identity (still in preview, as usual on Azure, but already being superseded 😄) and workload identity (also preview, but the new way to do things), however we have not used them in combination with Flyte yet, so I don't have any experience in that regard unfortunately
incalculable-zebra-90365
04/05/2023, 1:16 PMmounting service principal credentials might work as well if fsspec has an Azure implementation using MSAL (which most libraries built for Azure do) since that can read credential files mounted in a well-known location as well, however you'd probably have to mount that to every point executed by flyte, which is a bit cumbersome, so pod/workload identities are probably the preferred way to do that
f
freezing-airport-6809
04/05/2023, 1:29 PM
It should not be cumbersome - you can use default pod templates for this right
i
incalculable-zebra-90365
04/05/2023, 1:30 PMoh good point, fair enough, completely forgot about that. so yeah, if fsspec supports that (I'd have to check, don't know off the top of my head), you could also try mounting a secret with the service principal credentials to your pod and it might be able to pick it up and authenticate using that
incalculable-zebra-90365
04/05/2023, 1:31 PMworkload identity would be the "cleaner" way probably, but that for sure is a bit annoying to configure in Azure, not as straight-forward as in AWS unfortunately
m
millions-queen-16335
04/11/2023, 11:50 AMfsspc+adlfs does indeed implement MSAL through the azure-identity package.
I am now able to run the init example workflow on flyte without errors. - I see no "output" files on blob. I expected the output to be stored like the input, but can't spot it in azure storage explorer.
Thank you for your help this far. - I think the remaining work on my end will be to implement workload identities in a nice manner and document the setup. Hopefully we will be able to share a getting started preview on AKS 🙂
millions-queen-16335
04/11/2023, 12:04 PMOh, I need to mention that:
pyflyte register workflowspyflyte run --remote workflows/example.py wf --name mynamepyflyte register workflows --non-fastrun --remotemillions-queen-16335
04/12/2023, 8:25 AMSome AKS/azure blob observations regarding 1.5
The functioning setup with flytekit 1.4.2, flytekitplugins-data-fsspec 1.4.2 and adlfs is not mirrored in the current fsspc implementation in flytekit 1.5. It seems the packages and plugins are there, but not used the same way. I get error:
No plugin found for matching protocol of path abfs://...b
billions-mechanic-13717
04/12/2023, 1:53 PMHey, yep I am getting similar error Received 400: Request to send data ... failed when running
pyflyte run --remotebillions-mechanic-13717
04/12/2023, 2:10 PM@millions-queen-16335 I am pretty new to flyte... were you able to run a workflow otherwise? I did try minio instead of azure blob storage which I can start up a pod, but getting "Flytekit.exceptions.user.FlyteAssertion: Failed to get data from s3://my-s3-bucket/Original exception: Unable to locate credentials"
m
millions-queen-16335
04/12/2023, 2:10 PMI investigated if flytekit just needs some configuration locally, for targeting azure blob storage via fsspec and abfs//, but I have not found the "missing link"
f
freezing-airport-6809
04/12/2023, 2:11 PM
Thank you for raising this, we should not need data plugin anymore
freezing-airport-6809
04/12/2023, 2:11 PM
Cc @thankful-minister-83577 - but we do not have any azure experience
freezing-airport-6809
04/12/2023, 2:11 PM
If you folks can help fix 🙏
m
millions-queen-16335
04/12/2023, 2:15 PM@billions-mechanic-13717You can see a working storage setup towards azure blob in OP. It is fairly basic on the azure side of things.
You may also need to config propeller to point raw data (different from meta data) to this blob storage: https://github.com/flyteorg/flyte/blob/master/charts/flyte-core/values-eks.yaml#L228 should be abfs://{{ .Values.userSettings.bucketName }}/ in the AKS/Azure blob scenario.
So, the abfs// protocol name points flytekit towards the sfspc/adlf data layer plugin, which attempt to auth via azure identity/defaultcredentials. As a test I just added the storage account name and key to a custom contaniers env vars, but there is a nicer solution.
👍 1
millions-queen-16335
04/12/2023, 2:21 PMAt this point I only experience problems with fast registration via pyflyte. I have not spotted the issue yet.
👍 1
t
thankful-minister-83577
04/17/2023, 6:55 PM
hey @millions-queen-16335 do you have a sec to help me understand this?
thankful-minister-83577
04/17/2023, 6:57 PM
the correct string to use is
abfsadlfsthankful-minister-83577
04/17/2023, 6:58 PM
and that should work
thankful-minister-83577
04/17/2023, 6:58 PM
Copy code
(flytekit) ytong@Yees-MBP:~/go/src/github.com/flyteorg/flytekit [flyte-sandbox] (master) $ ipython
Python 3.10.8 (main, Oct 13 2022, 09:48:40) [Clang 14.0.0 (clang-1400.0.29.102)]
Type 'copyright', 'credits' or 'license' for more information
IPython 8.11.0 -- An enhanced Interactive Python. Type '?' for help.
In [1]: from flytekit.core.context_manager import FlyteContextManager
In [2]: ctx = FlyteContextManager.current_context()
In [3]: ctx.file_access.get_filesystem("abfs")
---------------------------------------------------------------------------
ValueError Traceback (most recent call last)
File ~/envs/flytekit/lib/python3.10/site-packages/adlfs/spec.py:447, in AzureBlobFileSystem.do_connect(self)
446 else:
--> 447 raise ValueError(
448 "Must provide either a connection_string or account_name with credentials!!"
449 )
451 except RuntimeError:m
millions-queen-16335
04/18/2023, 12:59 PMIt looks to me like you set it up correctly, but fsspec/adfls unsuccessfully looks for account_name and creds in the container. How you choose to pass these credentials is up to you: https://github.com/fsspec/adlfs#setting-credentials
194 Views