-

Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.

Untuk informasi selengkapnya, lihat .

Prasyarat

  1. export SOURCE_DOMAIN_ID="domain-id"
export AWS_REGION="region"

export TARGET_EFS=$(aws efs create-file-system --performance-mode generalPurpose --throughput-mode bursting --encrypted --region $REGION | jq -r '.FileSystemId')

echo "Target EFS volume Created: $TARGET_EFS"

  2. export SOURCE_EFS=$(aws sagemaker describe-domain --domain-id $SOURCE_DOMAIN_ID | jq -r '.HomeEfsFileSystemId')
export VPC_ID=$(aws sagemaker describe-domain --domain-id $SOURCE_DOMAIN_ID | jq -r '.VpcId')

echo "EFS managed by SageMaker: $SOURCE_EFS | VPC: $VPC_ID"

  3. export EFS_VPC_ID=$(aws efs describe-mount-targets --file-system-id $SOURCE_EFS | jq -r ".MountTargets[0].VpcId")
export EFS_AZ_NAME=$(aws efs describe-mount-targets --file-system-id $SOURCE_EFS | jq -r ".MountTargets[0].AvailabilityZoneName")
export EFS_AZ_ID=$(aws efs describe-mount-targets --file-system-id $SOURCE_EFS | jq -r ".MountTargets[0].AvailabilityZoneId")
export EFS_SUBNET_ID=$(aws efs describe-mount-targets --file-system-id $SOURCE_EFS | jq -r ".MountTargets[0].SubnetId")
export EFS_MOUNT_TARG_ID=$(aws efs describe-mount-targets --file-system-id $SOURCE_EFS | jq -r ".MountTargets[0].MountTargetId")
export EFS_SG_IDS=$(aws efs describe-mount-target-security-groups --mount-target-id $EFS_MOUNT_TARG_ID | jq -r '.SecurityGroups[]')

aws efs create-mount-target \
--file-system-id $TARGET_EFS \
--subnet-id $EFS_SUBNET_ID \
--security-groups $EFS_SG_IDS

  4. export SOURCE_EFS_ARN=$(aws efs describe-file-systems --file-system-id $SOURCE_EFS | jq -r ".FileSystems[0].FileSystemArn")
export TARGET_EFS_ARN=$(aws efs describe-file-systems --file-system-id $TARGET_EFS | jq -r ".FileSystems[0].FileSystemArn")
export EFS_SUBNET_ID_ARN=$(aws ec2 describe-subnets --subnet-ids $EFS_SUBNET_ID | jq -r ".Subnets[0].SubnetArn")
export ACCOUNT_ID=$(aws ec2 describe-security-groups --group-id $EFS_SG_IDS | jq -r ".SecurityGroups[0].OwnerId")
export EFS_SG_ID_ARN=arn:aws:ec2:$REGION:$ACCOUNT_ID:security-group/$EFS_SG_IDS

export SOURCE_LOCATION_ARN=$(aws datasync create-location-efs --subdirectory "/" --efs-filesystem-arn $SOURCE_EFS_ARN --ec2-config SubnetArn=$EFS_SUBNET_ID_ARN,SecurityGroupArns=$EFS_SG_ID_ARN --region $REGION | jq -r ".LocationArn")
export DESTINATION_LOCATION_ARN=$(aws datasync create-location-efs --subdirectory "/" --efs-filesystem-arn $TARGET_EFS_ARN --ec2-config SubnetArn=$EFS_SUBNET_ID_ARN,SecurityGroupArns=$EFS_SG_ID_ARN --region $REGION | jq -r ".LocationArn")

      2. Pilih Grup Keamanan.

      3. d-xxxxxxx

        • security-group-for-inbound-nfs-domain-id

        • security-group-for-outbound-nfs-domain-id

        • Protokol: TCP

      8. Pilih Simpan aturan.

        • Protokol: TCP

      12. Pilih Simpan aturan.

        • Protokol: TCP

        export INBOUND_SG_ID=$(aws ec2 describe-security-groups --filters "Name=group-name,Values=security-group-for-inbound-nfs-$SOURCE_DOMAIN_ID" | jq -r ".SecurityGroups[0].GroupId")
export OUTBOUND_SG_ID=$(aws ec2 describe-security-groups --filters "Name=group-name,Values=security-group-for-outbound-nfs-$SOURCE_DOMAIN_ID" | jq -r ".SecurityGroups[0].GroupId")

echo "Outbound SG ID: $OUTBOUND_SG_ID | Inbound SG ID: $INBOUND_SG_ID"
aws ec2 authorize-security-group-egress \
--group-id $INBOUND_SG_ID \
--protocol tcp --port 2049 \
--source-group $OUTBOUND_SG_ID

aws ec2 authorize-security-group-ingress \
--group-id $OUTBOUND_SG_ID \
--protocol tcp --port 2049 \
--source-group $INBOUND_SG_ID

      2. export SOURCE_EFS_MOUNT_TARGET=$(aws efs describe-mount-targets --file-system-id $SOURCE_EFS | jq -r ".MountTargets[0].MountTargetId")
export TARGET_EFS_MOUNT_TARGET=$(aws efs describe-mount-targets --file-system-id $TARGET_EFS | jq -r ".MountTargets[0].MountTargetId")

aws efs modify-mount-target-security-groups \
--mount-target-id $SOURCE_EFS_MOUNT_TARGET \
--security-groups $INBOUND_SG_ID $OUTBOUND_SG_ID

aws efs modify-mount-target-security-groups \
--mount-target-id $TARGET_EFS_MOUNT_TARGET \
--security-groups $INBOUND_SG_ID $OUTBOUND_SG_ID

  6. export EXTRA_XFER_OPTIONS='VerifyMode=ONLY_FILES_TRANSFERRED,OverwriteMode=ALWAYS,Atime=NONE,Mtime=NONE,Uid=NONE,Gid=NONE,PreserveDeletedFiles=REMOVE,PreserveDevices=NONE,PosixPermissions=NONE,TaskQueueing=ENABLED,TransferMode=CHANGED,SecurityDescriptorCopyFlags=NONE,ObjectTags=NONE'
export DATASYNC_TASK_ARN=$(aws datasync create-task --source-location-arn $SOURCE_LOCATION_ARN --destination-location-arn $DESTINATION_LOCATION_ARN --name "SMEFS_to_CustomEFS_Sync" --region $REGION --options $EXTRA_XFER_OPTIONS | jq -r ".TaskArn")

  7. aws datasync start-task-execution --task-arn $DATASYNC_TASK_ARN

  8. aws sagemaker update-domain --domain-id $SOURCE_DOMAIN_ID \
--default-user-settings '{"CustomFileSystemConfigs": [{"EFSFileSystemConfig": {"FileSystemId": "'"$TARGET_EFS"'", "FileSystemPath": "/"}}]}'

  9. aws sagemaker list-user-profiles --domain-id $SOURCE_DOMAIN_ID | jq -r '.UserProfiles[] | "\(.UserProfileName)"' | while read user; do
export uid=$(aws sagemaker describe-user-profile --domain-id $SOURCE_DOMAIN_ID --user-profile-name $user | jq -r ".HomeEfsFileSystemUid")
echo "$user $uid"
aws sagemaker update-user-profile --domain-id $SOURCE_DOMAIN_ID --user-profile-name $user --user-settings '{"CustomFileSystemConfigs": [{"EFSFileSystemConfig":{"FileSystemId": "'"$TARGET_EFS"'", "FileSystemPath": "'"/$uid/"'"}}]}'
done

  10. Untuk informasi selengkapnya, lihat atau .

catatan

  1. timestamp=$(date +%Y%m%d%H%M%S)
export SOURCE_DOMAIN_ID="domain-id"
export AWS_REGION="region"
export ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
export EFS_ID=$(aws sagemaker describe-domain --domain-id $SOURCE_DOMAIN_ID | jq -r '.HomeEfsFileSystemId')

  2. export BUCKET_NAME=s3-bucket-name
export S3_DESTINATION_PATH=studio-new

  3. export TRUST_POLICY=$(cat <<EOF
{
    "Version": "2012-10-17",		 	 	 
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "datasync.amazonaws.com"
            },
            "Action": "sts:AssumeRole",
            "Condition": {
                "StringEquals": {
                    "aws:SourceAccount": "$ACCOUNT_ID"
                },
                "ArnLike": {
                    "aws:SourceArn": "arn:aws:datasync:$REGION:$ACCOUNT_ID:*"
                }
            }
        }
    ]
}
EOF
)

  4. export timestamp=$(date +%Y%m%d%H%M%S)
export ROLE_NAME="DataSyncS3Role-$timestamp"

aws iam create-role --role-name $ROLE_NAME --assume-role-policy-document "$TRUST_POLICY"
aws iam attach-role-policy --role-name $ROLE_NAME --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess
echo "Attached IAM Policy AmazonS3FullAccess"
aws iam attach-role-policy --role-name $ROLE_NAME --policy-arn arn:aws:iam::aws:policy/AmazonSageMakerFullAccess
echo "Attached IAM Policy AmazonSageMakerFullAccess"
export ROLE_ARN=$(aws iam get-role --role-name $ROLE_NAME --query 'Role.Arn' --output text)
echo "Created IAM Role $ROLE_ARN"

  5. export EFS_ARN=$(aws efs describe-file-systems --file-system-id $EFS_ID | jq -r '.FileSystems[0].FileSystemArn' )
export EFS_SUBNET_ID=$(aws efs describe-mount-targets --file-system-id $EFS_ID | jq -r '.MountTargets[0].SubnetId')
export EFS_VPC_ID=$(aws efs describe-mount-targets --file-system-id $EFS_ID | jq -r '.MountTargets[0].VpcId')
export MOUNT_TARGET_ID=$(aws efs describe-mount-targets --file-system-id $EFS_ID | jq -r '.MountTargets[0].MountTargetId ')
export EFS_SECURITY_GROUP_ID=$(aws efs describe-mount-target-security-groups --mount-target-id $MOUNT_TARGET_ID | jq -r '.SecurityGroups[0]')
export EFS_SUBNET_ARN=$(aws ec2 describe-subnets --subnet-ids $EFS_SUBNET_ID | jq -r '.Subnets[0].SubnetArn')
echo "Subnet ID: $EFS_SUBNET_ID"
echo "Security Group ID: $EFS_SECURITY_GROUP_ID"
echo "Subnet ARN: $EFS_SUBNET_ARN"

timestamp=$(date +%Y%m%d%H%M%S)
sg_name="datasync-sg-$timestamp"
export DATASYNC_SG_ID=$(aws ec2 create-security-group --vpc-id $EFS_VPC_ID --group-name $sg_name --description "DataSync SG" --output text --query 'GroupId')
aws ec2 authorize-security-group-egress --group-id $DATASYNC_SG_ID --protocol tcp --port 2049 --source-group $EFS_SECURITY_GROUP_ID
aws ec2 authorize-security-group-ingress --group-id $EFS_SECURITY_GROUP_ID --protocol tcp --port 2049 --source-group $DATASYNC_SG_ID
export DATASYNC_SG_ARN="arn:aws:ec2:$REGION:$ACCOUNT_ID:security-group/$DATASYNC_SG_ID"
echo "Security Group ARN: $DATASYNC_SG_ARN"

  6. export SOURCE_ARN=$(aws datasync create-location-efs --efs-filesystem-arn $EFS_ARN --ec2-config "{\"SubnetArn\": \"$EFS_SUBNET_ARN\", \"SecurityGroupArns\": [\"$DATASYNC_SG_ARN\"]}" | jq -r '.LocationArn')
echo "Source Location ARN: $SOURCE_ARN"

  7. export BUCKET_ARN="arn:aws:s3:::$BUCKET_NAME"
export DESTINATION_ARN=$(aws datasync create-location-s3 --s3-bucket-arn $BUCKET_ARN --s3-config "{\"BucketAccessRoleArn\": \"$ROLE_ARN\"}" --subdirectory $S3_DESTINATION_PATH | jq -r '.LocationArn')
echo "Destination Location ARN: $DESTINATION_ARN"

  8. export TASK_ARN=$(aws datasync create-task --source-location-arn $SOURCE_ARN --destination-location-arn $DESTINATION_ARN | jq -r '.TaskArn')
echo "DataSync Task: $TASK_ARN"

  9. aws datasync start-task-execution --task-arn $TASK_ARN

  10. export TASK_EXEC_ARN=datasync-task-arn
echo "Task execution ARN: $TASK_EXEC_ARN"
export STATUS=$(aws datasync describe-task-execution --task-execution-arn $TASK_EXEC_ARN | jq -r '.Status')
echo "Execution status: $STATUS"
while [ "$STATUS" = "QUEUED" ] || [ "$STATUS" = "LAUNCHING" ] || [ "$STATUS" = "PREPARING" ] || [ "$STATUS" = "TRANSFERRING" ] || [ "$STATUS" = "VERIFYING" ]; do
    STATUS=$(aws datasync describe-task-execution --task-execution-arn $TASK_EXEC_ARN | jq -r '.Status')
    if [ $? -ne 0 ]; then
        echo "Error Running DataSync Task"
        exit 1
    fi
    echo "Execution status: $STATUS"
    sleep 30
done

  11. aws datasync delete-task --task-arn $TASK_ARN
echo "Deleted task $TASK_ARN"
aws datasync delete-location --location-arn $SOURCE_ARN
echo "Deleted location source $SOURCE_ARN"
aws datasync delete-location --location-arn $DESTINATION_ARN
echo "Deleted location source $DESTINATION_ARN"
aws iam detach-role-policy --role-name $ROLE_NAME --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess
aws iam detach-role-policy --role-name $ROLE_NAME --policy-arn arn:aws:iam::aws:policy/AmazonSageMakerFullAccess
aws iam delete-role --role-name $ROLE_NAME
echo "Deleted IAM Role $ROLE_NAME"
echo "Wait 5 minutes for the elastic network interface to detach..."
start_time=$(date +%s)
while [[ $(($(date +%s) - start_time)) -lt 300 ]]; do
    sleep 1
done
aws ec2 revoke-security-group-ingress --group-id $EFS_SECURITY_GROUP_ID --protocol tcp --port 2049 --source-group $DATASYNC_SG_ID
echo "Revoked Ingress from $EFS_SECURITY_GROUP_ID"
aws ec2 revoke-security-group-egress --group-id $DATASYNC_SG_ID --protocol tcp --port 2049 --source-group $EFS_SECURITY_GROUP_ID
echo "Revoked Egress from $DATASYNC_SG_ID"
aws ec2 delete-security-group --group-id $DATASYNC_SG_ID
echo "Deleted DataSync SG $DATASYNC_SG_ID"

  12. #!/bin/bash
set -eo pipefail

sudo apt-get install -y jq

# Studio Variables
DOMAIN_ID=$(cat /opt/ml/metadata/resource-metadata.json | jq -r '.DomainId')
SPACE_NAME=$(cat /opt/ml/metadata/resource-metadata.json | jq -r '.SpaceName')
USER_PROFILE_NAME=$(aws sagemaker describe-space --domain-id=$DOMAIN_ID --space-name=$SPACE_NAME | jq -r '.OwnershipSettings.OwnerUserProfileName')

# S3 bucket to copy from
BUCKET=s3-bucket-name
# Subfolder in bucket to copy
PREFIX=studio-new

# Getting HomeEfsFileSystemUid for the current user-profile
EFS_FOLDER_ID=$(aws sagemaker describe-user-profile --domain-id $DOMAIN_ID --user-profile-name $USER_PROFILE_NAME | jq -r '.HomeEfsFileSystemUid')

# Local destination directory
DEST=./studio-classic-efs-backup
mkdir -p $DEST

echo "Bucket: s3://$BUCKET/$PREFIX/$EFS_FOLDER_ID/"
echo "Destination $DEST/"
echo "Excluding .*"
echo "Excluding .*/*"

aws s3 cp s3://$BUCKET/$PREFIX/$EFS_FOLDER_ID/ $DEST/ \
    --exclude ".*" \
    --exclude "**/.*" \
    --recursive

  13. export LCC_SCRIPT_NAME='studio-classic-sync'
export SCRIPT_FILE_NAME='on-start.sh'
export SCRIPT_TYPE='JupyterLab-or-CodeEditor'
LCC_CONTENT=`openssl base64 -A -in ${SCRIPT_FILE_NAME}`

  15. aws sagemaker create-studio-lifecycle-config \
    --studio-lifecycle-config-name $LCC_SCRIPT_NAME \
    --studio-lifecycle-config-content $LCC_CONTENT \
    --studio-lifecycle-config-app-type $SCRIPT_TYPE

  16. aws sagemaker update-domain \
    --domain-id $SOURCE_DOMAIN_ID \
    --default-user-settings '
        {"JupyterLabAppSettings":
            {"LifecycleConfigArns":
                [
                    "lifecycle-config-arn"
                ]
            }
        }'

  17. Untuk informasi selengkapnya, lihat atau .

Untuk informasi selengkapnya, lihat .

Prasyarat

  6. Pelajari selengkapnya.

    Awas

catatan

  4. aws s3 sync . s3://{bucket-name}/{folder}/ --exclude "*.*" --include "*.flow"

    aws s3 sync . s3://{bucket-name}/{folder}/ --exclude "*.*" --include "*.flow" --sse-kms-key-id {your-key-id}

    4. find . -not -path "*/.*" -name "*.flow" -print0 | xargs -0 zip my_archive.zip

  8. catatan