此页面由 Cloud Translation API 翻译。

为作业指定网络

本文档介绍了如何为运行作业的虚拟机指定网络。

您可以通过指定具有所需访问权限的网络来控制运行作业的虚拟机的连接。例如，您可以指定一个网络访问所需资源或限制访问权限以提高安全性。或者，如果您没有任何网络要求不想为作业配置网络，则跳过为作业指定网络，请改用默认网络配置。

如需详细了解网络概念以及何时配置网络，请参阅批量网络概览。

准备工作

如果您以前没有使用过 Batch，请参阅 Batch 使用入门并通过填写针对项目和用户的前提条件。
如需获得创建在特定网络上运行的作业所需的权限，请让您的管理员为您授予以下 IAM 角色：
- 项目的 Batch Job Editor (roles/batch.jobsEditor)
- Service Account User (roles/iam.serviceAccountUser) 服务账号用户针对作业的服务账号，该账号默认为默认 Compute Engine 服务账号
- 如需识别网络和子网，请执行以下操作： Compute Network Viewer (roles/compute.networkViewer) 针对项目
如需详细了解如何授予角色，请参阅管理对项目、文件夹和组织的访问权限。

您也可以通过自定义角色或其他预定义角色来获取所需的权限。
确定要为作业使用的网络。您为作业指定的网络必须满足以下要求：
- 该网络是与作业位于同一项目中的 Virtual Private Cloud (VPC) 网络，或者是托管作业项目或与作业项目共享的共享 VPC 网络。
- 该网络在您要运行作业的位置包含一个子网。
- 该影音平台允许访问您的作业所需的资源。例如，如果您的需要虚拟机之间进行通信，例如使用 MPI 库的作业，紧密耦合的任务之间进行通信 - 请确保网络它具有一条允许作业虚拟机之间建立连接的防火墙规则。
  
  了解如何针对常见用例配置 VPC 防火墙规则。
如需了解详情，请参阅创建和管理 VPC 网络。
如果您希望在某个共享 VPC 网络的子网上运行作业，由另一个项目托管，批处理服务代理必须获得相应权限才能使用该子网。
为了确保项目的 Batch 服务代理具有必需的拥有创建在共享 VPC 网络的子网上运行的作业的权限，请让管理员向项目的 Batch 服务代理授予共享 VPC 子网的 Compute Network User (roles/compute.networkUser) IAM 角色。

注意：如果您向 Batch 服务代理授予计算网络用户 (roles/compute.networkUser) 共享 VPC 子网上的 IAM 角色，允许项目中允许创建的所有主账号使用此共享 VPC 子网执行此操作的批量作业。

如需了解详情，请参阅为服务账号设置共享 VPC 文档。

创建在特定网络上运行的作业

在创建作业时为其指定网络。具体而言，您需要指定一个 VPC 网络您要运行此作业的子网。

如果您想在创建此作业时使用虚拟机实例模板，则必须在虚拟机实例模板中指定网络。否则，请按照以下步骤使用 gcloud CLI 或 Batch API 为作业指定网络。

gcloud

要使用 gcloud CLI，请选择以下选项之一：

使用 gcloud 标志为作业指定网络
使用 JSON 字段指定作业的影音平台

使用 gcloud 标志指定作业的网络

如需创建作业并使用 gcloud 标志指定作业的网络，请执行以下操作：请完成以下步骤：

创建一个 JSON 文件，用于指定作业的配置详细信息。

例如，如需创建基本的脚本作业，您可以使用下列内容。

{
  "taskGroups": [
    {
      "taskSpec": {
        "runnables": [
          {
            "script": {
              "text": "echo Hello world! This is task ${BATCH_TASK_INDEX}. This job has a total of ${BATCH_TASK_COUNT} tasks."
            }
          }
        ]
      },
      "taskCount": 3
    }
  ],
  "logsPolicy": {
    "destination": "CLOUD_LOGGING"
  }
}

使用 gcloud batch jobs submit 命令创建作业。要指定作业的网络，请添加 --network 和 --subnetwork 标志。
```
gcloud batch jobs submit JOB_NAME \
    --location LOCATION \
    --config JSON_CONFIGURATION_FILE \
    --network projects/HOST_PROJECT_ID/global/networks/NETWORK \
    --subnetwork projects/HOST_PROJECT_ID/regions/REGION/subnetworks/SUBNET
```
替换以下内容：
- JOB_NAME：此作业的名称。
- LOCATION：此招聘信息的位置。
- JSON_CONFIGURATION_FILE：包含作业配置详细信息的 JSON 文件的路径。
- HOST_PROJECT_ID：您指定的网络对应的项目的项目 ID：
  - 如果您使用的是共享 VPC 网络，请指定主机项目。
  - 否则，请指定当前项目。
- NETWORK：当前项目中的 VPC 网络或共享 VPC 网络由当前项目托管或与当前项目共享的项目。
- REGION：作业所用子网和虚拟机所在的区域：
  - 如果您添加 allowedLocations 字段来指定作业虚拟机的允许位置，则必须在此处指定相同的区域。
  - 否则，该区域必须与您为作业选择的位置 (LOCATION) 相同。
- SUBNET：属于 VPC 网络且与作业所用的虚拟机位于同一区域的子网的名称。

使用 JSON 字段指定作业的影音平台

如需创建作业并使用 JSON 配置文件中的字段指定作业的影音平台，请完成以下步骤：

创建一个 JSON 文件，用于指定作业的配置详细信息。如需为作业指定网络，请添加 network 和 subnetwork 字段。

例如，要创建一个在创建包含以下内容的 JSON 文件。

{
  "taskGroups": [
    {
      "taskSpec": {
        "runnables": [
          {
            "script": {
              "text": "echo Hello world! This is task ${BATCH_TASK_INDEX}. This job has a total of ${BATCH_TASK_COUNT} tasks."
            }
          }
        ]
      },
      "taskCount": 3
    }
  ],
  "allocationPolicy": {
    "network": {
      "networkInterfaces": [
        {
          "network": "projects/HOST_PROJECT_ID/global/networks/NETWORK",
          "subnetwork": "projects/HOST_PROJECT_ID/regions/REGION/subnetworks/SUBNET"
        }
      ]
    }
  },
  "logsPolicy": {
    "destination": "CLOUD_LOGGING"
  }
}

替换以下内容：

HOST_PROJECT_ID：您指定的网络对应的项目的项目 ID：
- 如果您使用的是共享 VPC 网络，请指定主机项目。
- 否则，请指定当前项目。
NETWORK：当前项目中的 VPC 网络或共享 VPC 网络由当前项目托管或与当前项目共享的项目。
REGION：作业所用子网和虚拟机所在的区域：
- 如果您添加 allowedLocations 字段来指定作业虚拟机的允许位置，则必须在此处指定相同的区域。
- 否则，区域必须与您为作业选择的位置 (LOCATION).
SUBNET：子网，属于该 VPC 网络与作业的虚拟机数量。

使用 gcloud batch jobs submit 命令创建作业。
```
gcloud batch jobs submit JOB_NAME \
    --location LOCATION \
    --config JSON_CONFIGURATION_FILE
```
替换以下内容：
- JOB_NAME：此作业的名称。
- LOCATION：此作业的位置。
- JSON_CONFIGURATION_FILE：包含作业配置详情的 JSON 文件。

Java


import com.google.cloud.batch.v1.AllocationPolicy;
import com.google.cloud.batch.v1.BatchServiceClient;
import com.google.cloud.batch.v1.CreateJobRequest;
import com.google.cloud.batch.v1.Job;
import com.google.cloud.batch.v1.LogsPolicy;
import com.google.cloud.batch.v1.LogsPolicy.Destination;
import com.google.cloud.batch.v1.Runnable;
import com.google.cloud.batch.v1.Runnable.Script;
import com.google.cloud.batch.v1.TaskGroup;
import com.google.cloud.batch.v1.TaskSpec;
import com.google.protobuf.Duration;
import java.io.IOException;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;

public class CreateBatchCustomNetwork {

  public static void main(String[] args)
      throws IOException, ExecutionException, InterruptedException, TimeoutException {
    // TODO(developer): Replace these variables before running the sample.
    // Project ID or project number of the Google Cloud project you want to use.
    String projectId = "YOUR_PROJECT_ID";
    // Name of the region you want to use to run the job. Regions that are
    // available for Batch are listed on: https://cloud.google.com/batch/docs/get-started#locations
    String region = "europe-central2";
    // The name of the job that will be created.
    // It needs to be unique for each project and region pair.
    String jobName = "JOB_NAME";
    // The name of a VPC network in the current project or a Shared VPC network that is hosted by
    // or shared with the current project.

    String network = String.format("global/networks/%s", "test-network");
    // The name of a subnet that is part of the VPC network and is located
    // in the same region as the VMs for the job.
    String subnet = String.format("regions/%s/subnetworks/%s", region, "subnet");

    createBatchCustomNetwork(projectId, region, jobName, network, subnet);
  }

  // Create a job that runs on a specific network.
  public static Job createBatchCustomNetwork(String projectId, String region, String jobName,
                                             String network,  String subnet)
      throws IOException, ExecutionException, InterruptedException, TimeoutException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests.
    try (BatchServiceClient batchServiceClient = BatchServiceClient.create()) {
      // Define what will be done as part of the job.
      Runnable runnable =
          Runnable.newBuilder()
              .setScript(
                  Script.newBuilder()
                      .setText(
                          "echo Hello world! This is task ${BATCH_TASK_INDEX}. "
                              + "This job has a total of ${BATCH_TASK_COUNT} tasks.")
                      // You can also run a script from a file. Just remember, that needs to be a
                      // script that's already on the VM that will be running the job.
                      // Using setText() and setPath() is mutually exclusive.
                      // .setPath("/tmp/test.sh")
                      .build())
              .build();

      TaskSpec task = TaskSpec.newBuilder()
          // Jobs can be divided into tasks. In this case, we have only one task.
          .addRunnables(runnable)
          .setMaxRetryCount(2)
          .setMaxRunDuration(Duration.newBuilder().setSeconds(3600).build())
          .build();

      // Tasks are grouped inside a job using TaskGroups.
      // Currently, it's possible to have only one task group.
      TaskGroup taskGroup = TaskGroup.newBuilder()
          .setTaskCount(3)
          .setParallelism(1)
          .setTaskSpec(task)
          .build();

      // Specifies a VPC network and a subnet for Allocation Policy
      AllocationPolicy.NetworkPolicy networkPolicy =
          AllocationPolicy.NetworkPolicy.newBuilder()
              .addNetworkInterfaces(AllocationPolicy.NetworkInterface.newBuilder()
                  .setNetwork(network) // Set the network name
                  .setSubnetwork(subnet) // Set the subnet name
                  .setNoExternalIpAddress(true) // Blocks external access for all VMs
                  .build())
              .build();

      // Policies are used to define on what kind of virtual machines the tasks will run on.
      // In this case, we tell the system to use "e2-standard-4" machine type.
      // Read more about machine types here: https://cloud.google.com/compute/docs/machine-types
      AllocationPolicy.InstancePolicy instancePolicy =
          AllocationPolicy.InstancePolicy.newBuilder().setMachineType("e2-standard-4")
              .build();

      AllocationPolicy allocationPolicy =
          AllocationPolicy.newBuilder()
              .addInstances(AllocationPolicy.InstancePolicyOrTemplate.newBuilder()
              .setPolicy(instancePolicy).build())
              .setNetwork(networkPolicy)
              .build();

      Job job =
          Job.newBuilder()
              .addTaskGroups(taskGroup)
              .setAllocationPolicy(allocationPolicy)
              // We use Cloud Logging as it's an out of the box available option.
              .setLogsPolicy(
                  LogsPolicy.newBuilder().setDestination(Destination.CLOUD_LOGGING))
              .build();

      CreateJobRequest createJobRequest =
          CreateJobRequest.newBuilder()
              // The job's parent is the region in which the job will run for the specific project.
              .setParent(String.format("projects/%s/locations/%s", projectId, region))
              .setJob(job)
              .setJobId(jobName)
              .build();

      Job result =
          batchServiceClient
              .createJobCallable()
              .futureCall(createJobRequest)
              .get(5, TimeUnit.MINUTES);

      System.out.printf("Successfully created the job: %s", result.getName());

      return result;
    }
  }
}

Node.js

// Imports the Batch library
const batchLib = require('@google-cloud/batch');
const batch = batchLib.protos.google.cloud.batch.v1;

// Instantiates a client
const batchClient = new batchLib.v1.BatchServiceClient();

/**
 * TODO(developer): Update these variables before running the sample.
 */
// Project ID or project number of the Google Cloud project you want to use.
const projectId = await batchClient.getProjectId();
// Name of the region you want to use to run the job. Regions that are
// available for Batch are listed on: https://cloud.google.com/batch/docs/get-started#locations
const region = 'europe-central2';
// The name of the job that will be created.
// It needs to be unique for each project and region pair.
const jobName = 'example-job';
// The name of a VPC network in the current project or a Shared VPC network that is hosted by
// or shared with the current project.
const network = 'global/networks/test-network';
// The name of a subnetwork that is part of the VPC network and is located
// in the same region as the VMs for the job.
const subnetwork = `regions/${region}/subnetworks/subnet`;

// Define what will be done as part of the job.
const runnable = new batch.Runnable({
  script: new batch.Runnable.Script({
    commands: ['-c', 'echo Hello world! This is task ${BATCH_TASK_INDEX}.'],
  }),
});

// Specify what resources are requested by each task.
const computeResource = new batch.ComputeResource({
  // In milliseconds per cpu-second. This means the task requires 50% of a single CPUs.
  cpuMilli: 500,
  // In MiB.
  memoryMib: 16,
});

const task = new batch.TaskSpec({
  runnables: [runnable],
  computeResource,
  maxRetryCount: 2,
  maxRunDuration: {seconds: 3600},
});

// Tasks are grouped inside a job using TaskGroups.
const group = new batch.TaskGroup({
  taskCount: 3,
  taskSpec: task,
});

// Specify VPC network and a subnet for Allocation Policy
const networkPolicy = new batch.AllocationPolicy.NetworkPolicy({
  networkInterfaces: [
    new batch.AllocationPolicy.NetworkInterface({
      // Set the network name
      network,
      // Set the subnetwork name
      subnetwork,
      // Blocks external access for all VMs
      noExternalIpAddress: true,
    }),
  ],
});

// Policies are used to define on what kind of virtual machines the tasks will run on.
// In this case, we tell the system to use "e2-standard-4" machine type.
// Read more about machine types here: https://cloud.google.com/compute/docs/machine-types
const instancePolicy = new batch.AllocationPolicy.InstancePolicy({
  machineType: 'e2-standard-4',
});

const allocationPolicy = new batch.AllocationPolicy.InstancePolicyOrTemplate({
  policy: instancePolicy,
  network: networkPolicy,
});

const job = new batch.Job({
  name: jobName,
  taskGroups: [group],
  labels: {env: 'testing', type: 'script'},
  allocationPolicy,
  // We use Cloud Logging as it's an option available out of the box
  logsPolicy: new batch.LogsPolicy({
    destination: batch.LogsPolicy.Destination.CLOUD_LOGGING,
  }),
});

// The job's parent is the project and region in which the job will run
const parent = `projects/${projectId}/locations/${region}`;

async function callCreateBatchCustomNetwork() {
  // Construct request
  const request = {
    parent,
    jobId: jobName,
    job,
  };

  // Run request
  const [response] = await batchClient.createJob(request);
  console.log(JSON.stringify(response));
}

await callCreateBatchCustomNetwork();

Python

from google.cloud import batch_v1


def create_with_custom_network(
    project_id: str,
    region: str,
    network_name: str,
    subnet_name: str,
    job_name: str,
) -> batch_v1.Job:
    """Create a Batch job that runs on a specific network and subnet.

    Args:
        project_id: project ID or project number of the Cloud project you want to use.
        region: name of the region you want to use to run the job. Regions that are
            available for Batch are listed on: https://cloud.google.com/batch/docs/locations
        network_name: The name of a VPC network in the current project or a Shared VPC network.
        subnet_name: Name of the subnetwork to be used within the specified region.
        job_name: the name of the job that will be created.
            It needs to be unique for each project and region pair.
    Returns:
        A job object representing the job created.
    """

    client = batch_v1.BatchServiceClient()

    # Define what will be done as part of the job.
    runnable = batch_v1.Runnable()
    runnable.script = batch_v1.Runnable.Script()
    runnable.script.text = "echo Hello world! This is task ${BATCH_TASK_INDEX}. This job has a total of ${BATCH_TASK_COUNT} tasks."

    # Jobs can be divided into tasks. In this case, we have only one task.
    task = batch_v1.TaskSpec()
    task.runnables = [runnable]

    # We can specify what resources are requested by each task.
    resources = batch_v1.ComputeResource()
    resources.cpu_milli = 2000  # in milliseconds per cpu-second. This means the task requires 2 whole CPUs.
    resources.memory_mib = 16  # in MiB
    task.compute_resource = resources

    task.max_retry_count = 2
    task.max_run_duration = "3600s"

    # Tasks are grouped inside a job using TaskGroups.
    # Currently, it's possible to have only one task group.
    group = batch_v1.TaskGroup()
    group.task_count = 3
    group.task_spec = task

    # Policies are used to define on what kind of virtual machines the tasks will run on.
    # In this case, we tell the system to use "e2-standard-4" machine type.
    # Read more about machine types here: https://cloud.google.com/compute/docs/machine-types
    policy = batch_v1.AllocationPolicy.InstancePolicy()
    policy.machine_type = "e2-standard-4"
    instances = batch_v1.AllocationPolicy.InstancePolicyOrTemplate()
    instances.policy = policy
    allocation_policy = batch_v1.AllocationPolicy()
    allocation_policy.instances = [instances]

    # Create a NetworkInterface object to specify network settings for the job
    network_interface = batch_v1.AllocationPolicy.NetworkInterface()
    # Set the network to the specified network name within the project
    network_interface.network = f"projects/{project_id}/global/networks/{network_name}"
    # Set the subnetwork to the specified subnetwork within the region
    network_interface.subnetwork = (
        f"projects/{project_id}/regions/{region}/subnetworks/{subnet_name}"
    )
    allocation_policy.network.network_interfaces = [network_interface]

    job = batch_v1.Job()
    job.task_groups = [group]
    job.allocation_policy = allocation_policy
    # We use Cloud Logging as it's an out of the box available option
    job.logs_policy = batch_v1.LogsPolicy()
    job.logs_policy.destination = batch_v1.LogsPolicy.Destination.CLOUD_LOGGING

    create_request = batch_v1.CreateJobRequest()
    create_request.job = job
    create_request.job_id = job_name
    # The job's parent is the region in which the job will run
    create_request.parent = f"projects/{project_id}/locations/{region}"
    return client.create_job(create_request)

API

要使用 Batch API 创建作业，请使用 jobs.create 方法并指定作业的配置详情。如需为作业指定网络，请添加 network 和 subnetwork 字段。

例如，要创建一个在网络，请发出以下 POST 请求：

POST https://batch.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/jobs?job_id=JOB_NAME

{
  "taskGroups": [
    {
      "taskSpec": {
        "runnables": [
          {
            "script": {
              "text": "echo Hello world! This is task ${BATCH_TASK_INDEX}. This job has a total of ${BATCH_TASK_COUNT} tasks."
            }
          }
        ]
      },
      "taskCount": 3
    }
  ],
  "allocationPolicy": {
    "network": {
      "networkInterfaces": [
        {
          "network": "projects/HOST_PROJECT_ID/global/networks/NETWORK",
          "subnetwork": "projects/HOST_PROJECT_ID/regions/REGION/subnetworks/SUBNET"
        }
      ]
    }
  },
  "logsPolicy": {
    "destination": "CLOUD_LOGGING"
  }
}

替换以下内容：

PROJECT_ID：您的项目的项目 ID。
LOCATION：此作业的位置。
JOB_NAME：此作业的名称。
HOST_PROJECT_ID：项目 ID （针对您指定的网络）：
- 如果您使用的是共享 VPC 网络，请指定主机项目。
- 否则，请指定当前项目 (PROJECT_ID)。
NETWORK：当前项目中的 VPC 网络或共享 VPC 网络由当前项目托管或与当前项目共享的项目。
REGION：子网和虚拟机所在的区域位于：
- 如果您将 allowedLocations 字段为作业指定允许的虚拟机位置，必须指定同一区域。
- 否则，该区域必须与您为作业选择的位置 (LOCATION) 相同。
SUBNET：子网，属于该 VPC 网络与作业的虚拟机数量。

后续步骤

如果您在创建或运行作业时遇到问题，请参阅问题排查。
详细了解网络。
详细了解如何创建作业。
了解如何查看作业和任务。