Open
Description
I'm creating workspaces using infrastructure automation.
That means I create the workspace, keyvault, container registry, and storage account independently and pass them as inputs when creating the workspace resource. (code below)
In contrast to workspaces created through the Azure Portal, in this workspace I cannot run data profile jobs. This is true for both standard compute VMs and training clusters.
The data profile job fails with the error below:
AzureMLCompute job failed.
FailedPullingImage: Unable to pull docker image
imageName: mlresgistry47995d33.azurecr.io/azureml/azureml_83cea8d8015ba343d5ee43f9b331c069
err: Run docker command to pull public image failed with error: Error response from daemon: Get https://mlresgistry47995d33.azurecr.io/v2/azureml/azureml_83cea8d8015ba343d5ee43f9b331c069/manifests/latest: unauthorized: authentication required, visit https://aka.ms/acr/authorization for more information.
.
Reason: Error response from daemon: Get https://mlresgistry47995d33.azurecr.io/v2/azureml/azureml_83cea8d8015ba343d5ee43f9b331c069/manifests/latest: unauthorized: authentication required, visit https://aka.ms/acr/authorization for more information.
Info: Failed to prepare an environment for the job execution: Job environment preparation failed on 10.0.0.6 with err exit status 1.
Pulumi resource creation for reference:
var storageAccount = new StorageAccount("sa", new StorageAccountArgs
{
ResourceGroupName = rg.Name,
Sku = new SkuArgs
{
Name = SkuName.Standard_LRS
},
Kind = Kind.StorageV2,
Tags = tags
});
this.PrimaryStorageKey = Output.Tuple(rg.Name, storageAccount.Name).Apply(names =>
Output.CreateSecret(GetStorageAccountPrimaryKey(names.Item1, names.Item2)));
var appInsights = new AzureNative.Insights.Component("MLAppInsights", new AzureNative.Insights.ComponentArgs
{
ApplicationType = "web",
Kind = "web",
ResourceGroupName = rg.Name,
Tags = tags
});
var containerRegistry = new AzureNative.ContainerRegistry.Registry("MLResgistry", new AzureNative.ContainerRegistry.RegistryArgs
{
Sku = new AzureNative.ContainerRegistry.Inputs.SkuArgs
{
Name = "standard",
},
AdminUserEnabled = true,
ResourceGroupName = rg.Name,
Tags = tags
});
var keyVault = new AzureNative.KeyVault.Vault("MLKV", new AzureNative.KeyVault.VaultArgs
{
ResourceGroupName = rg.Name,
Tags = tags,
Properties = new AzureNative.KeyVault.Inputs.VaultPropertiesArgs
{
TenantId = config.Require("tenantId"),
EnabledForDeployment = true,
EnabledForDiskEncryption = true,
EnabledForTemplateDeployment = true,
AccessPolicies =
{
new AzureNative.KeyVault.Inputs.AccessPolicyEntryArgs
{
ObjectId = Output.Create(AzureNative.Authorization.GetClientConfig.InvokeAsync()).Apply(_ => _.ObjectId),
Permissions = new AzureNative.KeyVault.Inputs.PermissionsArgs
{
Certificates =
{
"all"
},
Keys =
{
"all"
},
Secrets =
{
"all"
},
},
TenantId = config.Require("tenantId"),
},
},
Sku = new AzureNative.KeyVault.Inputs.SkuArgs
{
Name = AzureNative.KeyVault.SkuName.Standard,
Family = AzureNative.KeyVault.SkuFamily.A
}
},
});
var workspace = new AzureNative.MachineLearningServices.Workspace("workspace", new AzureNative.MachineLearningServices.WorkspaceArgs
{
ApplicationInsights = appInsights.Id,
ContainerRegistry = containerRegistry.Id,
Description = "Azure ML Workspace",
FriendlyName = "Dev ML",
HbiWorkspace = false,
Identity = new AzureNative.MachineLearningServices.Inputs.IdentityArgs
{
Type = AzureNative.MachineLearningServices.ResourceIdentityType.SystemAssigned,
},
KeyVault = keyVault.Id,
ResourceGroupName = rg.Name,
Sku = new AzureNative.MachineLearningServices.Inputs.SkuArgs
{
Name = "Basic",
Tier = "Basic",
},
StorageAccount = storageAccount.Id,
WorkspaceName = "MyNewWorkspace",
});