Install Determined on GCP¶
This document describes how to deploy a Determined cluster on Google
Cloud Platform (GCP). We provide the determined-deploy
package for
easy creation and deployment of these resources in GCP. The
determined-deploy
package uses Terraform
to automatically deploy and configure a Determined cluster in GCP.
Alternatively, if you already have a process for setting up
infrastructure with Terraform, you can use our Terraform modules
rather than determined-deploy
.
For more information about using Determined on GCP, see the Determined on GCP topic guide.
Requirements¶
Project¶
To get started on GCP, you will need to create a project.
The following GCP APIs must be enabled on your GCP project:
Credentials¶
The determined-deploy
package requires credentials in order to
create resources in GCP. There are two ways to provide these
credentials:
Use gcloud to authenticate your user account:
gcloud auth application-default login
This command will open a login page in your browser where you can sign in to the Google account that has access to your project. Ensure your user account has
Owner
access to the project you want to deploy your cluster in.
Resource Quotas¶
The default GCP Resource Quotas for GPUs are relatively low; you may wish to request a quota increase.
Deploying A Cluster¶
We recommend creating a new directory and running the commands below inside that directory.
Note
The deployment process will create Terraform state and variables files in the directory where it is run. The state file keeps track of deployed resources and their state and is used to update or delete the cluster in the future. The variables files includes all Terraform variables used for deployment (e.g., service account keypath, cluster ID, GCP region and zone).
Any future update or deletion commands should be run inside the same
directory so determined-deploy
can read the state and variables
files. If either of these files is deleted, it will be difficult to
manage the deployment afterward. Storing these files in a safe
location is strongly recommended.
To deploy the cluster, run:
det-deploy gcp up --cluster-id CLUSTER_ID --project-id PROJECT_ID
CLUSTER_ID
is an arbitrary unique ID for the new cluster. We
recommend choosing a cluster ID that is memorable and helps identify
what the cluster is being used for.
The deployment process may take 5-10 minutes. When it completes, summary information about the newly deployed cluster will be printed, including the URL of the Determined master.
Required Arguments:¶
Argument |
Description |
Default Value |
---|---|---|
|
A string appended to resources to uniquely identify the cluster. |
required |
|
The project to deploy the cluster in. |
required |
Optional Arguments:¶
Argument |
Description |
Default Value |
---|---|---|
|
The path to the service account JSON key file if using a service account. Including this flag will supersede default Google Cloud user credentials. |
none |
|
Whether to use preemptible agent instances. |
False |
|
The type of GPU to use for the agent instances. Ensure
|
nvidia-tesla-k80 |
|
The number of GPUs on each agent instance. Between 1 and 8
(more GPUs require a more powerful |
8 |
|
Maximum number of dynamic agent instances at one time. |
5 |
|
Number of static agent instances. |
0 |
|
The length of time to wait before idle dynamic agents will be automatically terminated. |
10m |
|
The network to create (ensure there isn’t a network with the same name already in the project, otherwise the deployment will fail). |
det-default- |
|
The region to deploy the cluster in. |
us-west1 |
|
The zone to deploy the cluster in. |
|
|
Instance type to use for the master instance. |
n1-standard-2 |
|
Instance type to use for the agent instances. |
n1-standard-32 |
|
Minimum CPU platform for the master instance. |
Intel Skylake |
|
Minimum CPU platform for the agent instances. Ensure the
platform is compatible with your selected |
Intel Broadwell |
|
Directory used to store cluster metadata. The same directory cannot be used for multiple clusters at the same time. |
Current working directory |
The following gcloud
commands will help to validate your
configuration, including resource availability in your desired region
and zone:
# Validate that the GCP Project ID exists.
gcloud projects list
# Verify that the environment_image is listed.
gcloud compute images list --filter=name:<environment_image>
# Check that a zone is available in the configured region.
gcloud compute zones list --filter=region:<region>
# List the available machine types (for master_machine_type and agent_machine_type) in the configured zone.
gcloud compute machine-types list --filter=zone:<zone>
# List the valid gpu_type values for the configured zone.
gcloud compute accelerator-types list --filter=zone:<zone>
Updating A Cluster¶
If you need to make changes to your cluster, you can rerun det-deploy
gcp up [args]
in the same directory and your cluster will be updated.
The det-deploy
tool will only replace resources that need to be
replaced based on the changes you’ve made in the updated execution.
Note
If you’d like to change the region
of a deployment after it has
already been deployed, we recommend deleting the cluster first, then
redeploying the cluster with the new region
.
Destroying A Cluster¶
To bring down the cluster, run the following in the same directory where
you ran det-deploy gcp up
:
det-deploy gcp down
det-deploy
will use the .tfstate
and terraform.tfvars.json
files in the current directory to determine which resources to destroy.
If you deployed with a service account JSON key file, the same
credentials file will be used for deprovisioning. Otherwise, default
Google Cloud credentials are used.
Appendix¶
Using Service Account Credentials¶
For more security controls, you can create a service account or select an existing service account from the service account key page in the Google Cloud Console and ensure it has the following IAM roles:
Cloud SQL Admin
Compute Admin
Compute Network Admin
Security Admin
Service Account Admin
Service Account User
Service Networking Admin
Storage Admin
Roles provide the service account permissions to create specific resources in your project. You can add roles to service accounts following this guide.
Once you have a service account with the appropriate roles, go to the
service account key page in the Google Cloud Console
and create a JSON key file. Save it to a location you’ll remember; we’ll
refer to the path to this key file as the keypath
, which is an
optional argument you can supply when using determined-deploy
. Once
you have the keypath
you can use it to deploy a GCP cluster by
continuing the installation section.