使用 Terraform 创建用户管理的笔记本实例

在本教程中,您将学习如何在 Vertex AI 中以服务账号模式创建 Terraform 配置文件并预配用户管理的笔记本实例。

使用以下工具完成本教程中的步骤:

  • Terraform CLI:Terraform 已预安装在 Cloud Shell 中。Terraform 无需单独安装即可使用 Terraform CLI 命令。

  • Cloud Shell Editor:使用 Cloud Shell Editor 创建和管理 Terraform 配置文件,以及管理文件夹结构。

  • Cloud Shell 终端:使用 Cloud Shell 终端运行以下 Terraform CLI 命令,例如 terraform initterraform planterraform applyterraform destroy

准备工作

您需要先设置 Google Cloud 项目和开发环境,然后才能使用 Terraform 为 Vertex AI 资源构建基础架构。本部分还介绍如何启用 Vertex AI API,供 Terraform 用来与项目中的资源进行交互。

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
  2. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  3. Make sure that billing is enabled for your Google Cloud project.

  4. Enable the Vertex AI API.

    Enable the API

  5. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  6. Make sure that billing is enabled for your Google Cloud project.

  7. Enable the Vertex AI API.

    Enable the API

所需的角色

如果您已创建项目,则需要具有项目的 Owner (roles/owner) IAM 角色,该角色可提供所有必需的权限。跳到下一部分。如果您未自行创建项目,请继续阅读本部分。

如需确保您的用户账号具有使用 Terraform 创建 Vertex AI Workbench 用户管理的笔记本实例所需的权限,请让您的管理员为您的用户账号授予项目的以下 IAM 角色:

  • Notebooks Admin (roles/notebooks.admin),用于在 Vertex AI Workbench 中创建和删除实例。
  • Service Account User (roles/iam.serviceAccountUser),用于以服务账号身份运行操作。本教程未指定服务账号,因此用户管理的笔记本实例使用默认 Compute Engine 服务账号。
  • Service Usage Consumer (roles/serviceusage.serviceUsageConsumer),用于检查服务状态和操作,以及使用项目资源的配额和结算功能。

如需详细了解如何授予角色,请参阅管理访问权限

您的管理员还可以通过自定义角色或其他预定义角色向您的用户账号授予所需的权限。

创建文件夹结构和 Terraform 配置文件

  1. In the Google Cloud console, activate Cloud Shell.

    Activate Cloud Shell

    At the bottom of the Google Cloud console, a Cloud Shell session starts and displays a command-line prompt. Cloud Shell is a shell environment with the Google Cloud CLI already installed and with values already set for your current project. It can take a few seconds for the session to initialize.

  1. 在 Cloud Shell 终端中,运行以下命令将主目录设置为活动目录:
    cd
  2. 运行以下命令以创建名为 terraform 的新文件夹:
    mkdir terraform
  3. 启动 Cloud Shell Editor
  4. 浏览器窗格中,右键点击 terraform 文件夹,然后点击新建文件
  5. 输入 main.tf 作为文件名,然后点击确定

在 Terraform 配置文件中定义基础架构

  1. 在 Cloud Shell Editor 中打开 main.tf 文件。

  2. 替换以下 Terraform 配置示例中的 PROJECT_NAMELOCATION 占位符,然后将示例复制到 main.tf 文件:

    resource "google_project_service" "notebooks" {
      provider           = google
      service            = "notebooks.googleapis.com"
      disable_on_destroy = false
    }
    
    resource "google_notebooks_instance" "basic_instance" {
      project      = "PROJECT_ID"
      name         = "notebooks-instance-basic"
      provider     = google
      location     = "LOCATION"
      machine_type = "e2-medium"
    
      vm_image {
        project      = "deeplearning-platform-release"
        image_family = "tf-ent-2-9-cu113-notebooks"
      }
    
      depends_on = [
        google_project_service.notebooks
      ]
    }
    
    • PROJECT_ID:输入 Google Cloud 项目 ID。

    • LOCATION:输入用户管理的笔记本实例的地区和区域。例如 us-west2-b。为获得最佳网络性能,请选择与您的地理位置最近的地区。查看可用的用户管理的笔记本位置

  3. 保存 main.tf 文件。

初始化包含 Terraform 配置文件的工作目录

  1. 如需打开 Cloud Shell 终端,请在 Cloud Shell Editor 的工具栏上,点击打开终端

  2. 在 Cloud Shell 终端中,运行以下命令以将 terraform 文件夹设置为当前工作目录:

    cd ~/terraform
    
  3. 运行以下命令:

    terraform init
    
  4. Terraform 会初始化工作目录。系统会显示以下输出:

    Terraform has been successfully initialized!
    
    You may now begin working with Terraform. Try running "terraform plan" to see
    any changes that are required for your infrastructure. All Terraform commands
    should now work.
    
    If you ever set or change modules or backend configuration for Terraform,
    rerun this command to reinitialize your working directory. If you forget, other
    commands will detect it and remind you to do so if necessary.

预览基于 Terraform 配置的执行计划

Terraform 执行计划指示 Terraform 计划对 Vertex AI 基础架构和服务进行的更改。

运行以下命令以查看 Terraform 执行计划。

terraform plan

如果系统提示您授权 Cloud Shell,请点击授权。 Cloud Shell 在授权时默认使用用户的凭据。

您将会看到如下所示的输出:

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following
symbols:
  + create

Terraform will perform the following actions:

  # google_notebooks_instance.basic_instance will be created
  + resource "google_notebooks_instance" "basic_instance" {
      + create_time     = (known after apply)
      + id              = (known after apply)
      + labels          = (known after apply)
      + location        = "us-west2-b"
      + machine_type    = "e2-medium"
      + name            = "notebooks-instance-basic"
      + network         = (known after apply)
      + project         = "my_project"
      + proxy_uri       = (known after apply)
      + service_account = (known after apply)
      + state           = (known after apply)
      + subnet          = (known after apply)
      + update_time     = (known after apply)

      + shielded_instance_config {
          + enable_integrity_monitoring = (known after apply)
          + enable_secure_boot          = (known after apply)
          + enable_vtpm                 = (known after apply)
        }

      + vm_image {
          + image_family = "tf-ent-2-9-cu113-notebooks"
          + project      = "deeplearning-platform-release"
        }
    }

  # google_project_service.notebooks will be created
  + resource "google_project_service" "notebooks" {
      + disable_on_destroy = false
      + id                 = (known after apply)
      + project            = (known after apply)
      + service            = "notebooks.googleapis.com"
    }

Plan: 2 to add, 0 to change, 0 to destroy.
  • my_project 表示您指定的 Google Cloud 项目 ID。

  • us-west2-b 表示您指定的用户管理的笔记本实例的地区和区域。

应用执行计划中建议的更改

  1. 运行以下命令将执行计划中的更改应用于 Vertex AI 基础架构并创建用户管理的笔记本实例:

    terraform apply
    
  2. 您将会看到如下所示的输出:

    Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following
    symbols:
      + create
    
    Terraform will perform the following actions:
    
      # google_notebooks_instance.basic_instance will be created
      + resource "google_notebooks_instance" "basic_instance" {
          + create_time     = (known after apply)
          + id              = (known after apply)
          + labels          = (known after apply)
          + location        = "us-west2-b"
          + machine_type    = "e2-medium"
          + name            = "notebooks-instance-basic"
          + network         = (known after apply)
          + project         = "my_project"
          + proxy_uri       = (known after apply)
          + service_account = (known after apply)
          + state           = (known after apply)
          + subnet          = (known after apply)
          + update_time     = (known after apply)
    
          + shielded_instance_config {
              + enable_integrity_monitoring = (known after apply)
              + enable_secure_boot          = (known after apply)
              + enable_vtpm                 = (known after apply)
            }
    
          + vm_image {
              + image_family = "tf-ent-2-9-cu113-notebooks"
              + project      = "deeplearning-platform-release"
            }
        }
    
      # google_project_service.notebooks will be created
      + resource "google_project_service" "notebooks" {
          + disable_on_destroy = false
          + id                 = (known after apply)
          + project            = (known after apply)
          + service            = "notebooks.googleapis.com"
        }
    
    Plan: 2 to add, 0 to change, 0 to destroy.
    
    Do you want to perform these actions?
      Terraform will perform the actions described above.
      Only 'yes' will be accepted to approve.
    
      Enter a value:
    
    • my_project 表示您指定的 Google Cloud 项目 ID。

    • us-west2-b 表示您指定的用户管理的笔记本实例的地区和区域。

  3. 输入 yes 并按 Enter 键。您将会看到如下所示的输出:

    Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
    

查看用户管理的笔记本实例

在 Google Cloud 控制台中,打开用户管理的笔记本页面。

进入“用户管理的笔记本”

表中列出了名为“notebooks-instance-basic”的新笔记本。请注意,运行 terraform apply 后,新的用户管理的笔记本实例可能需要几分钟时间才能完成预配。

清理您的项目

清理您在本教程中创建的 Google Cloud 资源。 请按照以下步骤操作,以避免部分资源产生意外费用。

  1. 在 Cloud Shell 终端中,运行以下命令以将 terraform 文件夹设置为当前工作目录:

    cd ~/terraform
    
  2. 如需删除根据 Terraform 配置创建的 Vertex AI 资源,请运行以下命令:

    terraform destroy
    
  3. 您将会看到如下所示的输出:

    Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
      - destroy
    
    Terraform will perform the following actions:
    
      # google_notebooks_instance.basic_instance will be destroyed
      - resource "google_notebooks_instance" "basic_instance" {
          - create_time            = "2022-12-01T21:14:05.065893475Z" -> null
          - id                     = "projects/my_project/locations/us-west2-b/instances/notebooks-instance-basic" -> null
          - install_gpu_driver     = false -> null
          - labels                 = {
              - "goog-caip-notebook" = ""
            } -> null
          - location               = "us-west2-b" -> null
          - machine_type           = "e2-medium" -> null
          - name                   = "notebooks-instance-basic" -> null
          - network                = "https://www.googleapis.com/compute/v1/projects/my_project/global/networks/default" -> null
          - no_proxy_access        = false -> null
          - no_public_ip           = false -> null
          - project                = "my_project" -> null
          - service_account        = "329223940713-compute@developer.gserviceaccount.com" -> null
          - service_account_scopes = [] -> null
          - state                  = "PROVISIONING" -> null
          - subnet                 = "https://www.googleapis.com/compute/v1/projects/my_project/regions/us-west2/subnetworks/default" -> null
          - tags                   = [] -> null
          - update_time            = "2022-12-01T21:14:19.048432376Z" -> null
    
          - shielded_instance_config {
              - enable_integrity_monitoring = true -> null
              - enable_secure_boot          = false -> null
              - enable_vtpm                 = true -> null
            }
    
          - vm_image {
              - image_family = "tf-ent-2-9-cu113-notebooks" -> null
              - project      = "deeplearning-platform-release" -> null
            }
        }
    
      # google_project_service.notebooks will be destroyed
      - resource "google_project_service" "notebooks" {
          - disable_on_destroy = false -> null
          - id                 = "my_project/notebooks.googleapis.com" -> null
          - project            = "my_project" -> null
          - service            = "notebooks.googleapis.com" -> null
        }
    
    Plan: 0 to add, 0 to change, 2 to destroy.
    
    Do you really want to destroy all resources?
      Terraform will destroy all your managed infrastructure, as shown above.
      There is no undo. Only 'yes' will be accepted to confirm.
    
      Enter a value:
    
    • my_project 表示您指定的 Google Cloud 项目 ID。

    • us-west2-b 表示您指定的用户管理的笔记本实例的地区和区域。

  4. 输入 yes 并按 Enter 键。您将会看到如下所示的输出:

    Destroy complete! Resources: 2 destroyed.
    
  5. 如需验证用户管理的笔记本实例已删除,请转到用户管理的笔记本页面。

    进入“用户管理的笔记本”

  6. 启动 Cloud Shell Editor

  7. 如需删除 terraform 文件夹及其内容,请右键点击浏览器窗格中的 terraform 文件夹,然后点击删除

  8. 出现提示时,点击确定以确认删除。

在 Vertex AI 中使用 Terraform 的更多方法

本教程介绍了如何通过仅创建一个配置文件并基于一个 Terraform 资源预配基础架构来使用 Terraform。您还可以通过以下方式使用 Terraform:

  • 将多个 Terraform 资源添加到同一个 Terraform 配置文件。如需查看 Vertex AI 的 Terraform 资源列表,请参阅适用于 Vertex AI 的 Terraform 资源

  • 创建由多个文件夹和 Terraform 配置文件组成的目录结构。例如,您可以为每个类型的 Terraform 资源创建单独的文件夹和 Terraform 配置文件。

后续步骤