Online Elastic Algorithm Service (EAS) services of Platform for AI (PAI) are deployed in resource groups, including public and dedicated resource groups. After you configure network connectivity for a resource group, clients can access online EAS services that are deployed in the group and the online EAS services can access other cloud services that reside in the same virtual private cloud (VPC) as the resource group. This topic describes how to configure network connectivity for resource groups.
Prerequisites
Your account has the permissions to use EAS. For more information, see Grant the permissions that are required to use EAS.
A VPC, a vSwitch, and a security group are created. For more information, see Create and manage a VPC and Create a security group.
Configure network connectivity for a resource group
You need to enable the VPC direct connection feature to configure network connectivity. To enable the feature for a resource group, specify the vSwitch and the security group of the VPC that you want to connect in the EAS service configuration. After you enable the feature, the Elastic Compute Service (ECS) instances that reside in the VPC can access EAS services that are deployed in the public or dedicated resource group by using the elastic network interface (ENI). The EAS services can also access other cloud services that reside in the VPC. You can use one of the following methods to enable the VPC direct connection feature.
Enable VPC direct connection in the console
Enable the VPC direct connection feature when you deploy an EAS service:
In the VPC Settings section, configure the VPC, vSwitch, and Security Group Name parameters to enable VPC direct connection for the EAS service that is deployed in the resource group. For more information, see Model service deployment by using the PAI console.
After you deploy the EAS service, perform the following steps to enable VPC direct connection:
On the Elastic Algorithm Service (EAS) page, click the name of the service that you want to manage.
On the Service Details tab, click Configure Direct Connection.
In the Configure Direct Connection dialog box, configure the VPC, vSwitch, and Security Group Name parameters and click OK.
If the instances in your dedicated resource group use the ARM architecture, such as Yitian compute-optimized and YiTian general-purpose instance families, perform the following steps to turn on VPC direct connection:
Method 1:
On the Resource Group tab, find the resource group for which you want to enable the feature and turn on VPC Direct Connection in the VPC Direct Connection column.
In the Enable VPC Direct Connection dialog box, configure the VPC, vSwitch, and Security Group Name parameters and click OK.
Method 2:
On the Resource Group tab, click the name of the resource group that you want to view.
Turn on VPC Direct Connection.
In the Enable VPC Direct Connection dialog box, configure the VPC, vSwitch, and Security Group Name parameters and click OK.
Enable VPC direct connection by using the EASCMD client
For information about how to use the EASCMD client, see Download the EASCMD client and complete identity authentication.
Enable VPC direct connection when you deploy the EAS service. The following section shows a sample JSON configuration file. For more information, see the "Create a service" section in the Run commands to use the EASCMD client topic.
{ "metadata": { "name": "service_name", "instance": 1, "enable_webservice": true }, "cloud": { "computing": { "instance_type": "ml.gu7i.c16m60.1-gu30", "instances": null }, "networking": { "vswitch_id": "vsw-bp17jg7wr6s3pzbfe****", "security_group_id": "sg-bp14zqduxqm04qg7****", "vpc_id": "vpc-bp1s37ltnbvxgcqfc****" } }, "containers": [ { "image": "eas-registry-vpc.cn-hangzhou.cr.aliyuncs.com/pai-eas/chat-llm-webui:2.0", "script": "python webui/webui_server.py --port=8000 --model-path=meta-llama/Llama-2-7b-chat-hf", "port": 8000 } ] }
The following table describes the parameters in the preceding code.
Parameter
Description
vswitch_id
The ID of the vSwitch to which your client connects. An ENI is created for the vSwitch. Make sure that the vSwitch has sufficient idle IP addresses. Otherwise, EAS instances cannot be created.
security_group_id
The ID of the security group to which the ECS instance that hosts your client belongs.
vpc_id
The VPC ID of the client.
Enable VPC direct connection after you deploy the service.
Run the following command in the directory in which the JSON file is stored. The following sample command uses Windows 64.
eascmdwin64.exe modify <service_name> -s <network_cfg.json>
The following table describes the parameters in the preceding command.
Parameter
Description
<service_name>
The name of the service.
<network_cfg.json>
The network configuration file. Sample content:
{ "cloud": { "networking": { "security_group_id": "sg-7xvj6jjk0pcac7ou****", "vswitch_id": "vsw-7xvm8aelsg03f8cwq****", "vpc_id": "vpc-bp1s37ltnbvxgcqfc****" } } }
Enable VPC direct connection for dedicated resource groups that consist of instances that use the ARM architecture. For more information, see the "Enable a direct connection to a resource group" section in the Run commands to use the EASCMD client topic.
References
By default, EAS services are not connected to the Internet. If you want your EAS service to access the Internet or other cloud services for which access control is configured, see Configure Internet access and a whitelist.