Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to deploy a 'Compute Instance' User Resource to a Workspace AML Service #4151

Open
dram1964 opened this issue Nov 20, 2024 · 10 comments
Labels
bug Something isn't working

Comments

@dram1964
Copy link

Deployment of AML Compute Instance fails

When adding a Compute Instance to a TRE Workspace AML Service, the deployment fails with the following error:
desired number of dedicated nodes could not be allocated. This error has been happening consistently for the past
two days. Have not tried it before then with this version of the TRE.

This error occurs when deploying via:

  1. the TRE UI using the 'aml_compute' user-resource template and
  2. Logging into the AML Workspace from a workspace VM and trying to create new compute instance

Steps to reproduce

  1. Create New Workspace and User
  2. Add User to 'Workspace Owners'
  3. Add User to 'Workspace Researchers'
  4. Login to TRE UI with User account
  5. Add Virtual Desktops (Guacamole) Service to Workspace
  6. Add a User Resource (VM) to Virtual Desktops Service
  7. Add Azure ML Service to Workspace ('expose externally' = False)
  8. Add a Compute instance User Resource to AML Service

Additional Steps taken

  1. Grant User 'Network Contributor' on the TRE Workspace VNet
  2. Grant User 'AzureML Compute Operator' on the Workspace AML Workspace

Additional Info

  • there is sufficient quota for the selected compute-size in my deployment region
  • I have tried a number of different compute sizes
  • I have confirmed that there are free IP addresses in the AML Subnet.
  • all resources are deployed to the UK South Region.

Azure TRE release version: v0.19.1
tre-workspace-base: 1.5.7
tre-service-azureml: 0.8.11
tre-user-resource-aml-compute-instance: 0.5.7
deployment location: UKSouth

@dram1964 dram1964 added the bug Something isn't working label Nov 20, 2024
@tim-allen-ck
Copy link
Collaborator

Hi @dram1964, can you create an AML in the portal manually?

@dram1964
Copy link
Author

Hi @tim-allen-ck - logged-in as the Global Admin for the tenant, I've created an AML workspace with basic settings (public access) in the UK South region and added a compute which completed in 5 minutes or so. My efforts via the TRE usually take around 30 minutes before they report a failure.

I could try to repeat the exercise using an adjusted version of the terraform code from the AML workspace service if that would be useful. Should I use the same credentials as I have in the TRE code?

@dram1964
Copy link
Author

Interesting development - Decided to re-deploy the AML Service into a workspace, this time with expose externally set to True. When I tried to add a compute instance from the user resource template it succeeded, and I can connect and run code on it.

@tim-allen-ck
Copy link
Collaborator

Could potentially be something to do with private endpoints within the vnet?

@marrobi
Copy link
Member

marrobi commented Nov 26, 2024

@dram1964 did you get any further with this? If it is compute size, it doesn't really make sense that it works in one network configuration, but not the other. As @tim-allen-ck says if can deploy the instance through the AML studio it would be useful to identify if the issue is the templates in this project, or a subscription/quota issue.

@dram1964
Copy link
Author

@marrobi , @tim-allen-ck: I couldn't see any quota issues with private endpoints in the subscription/region (25/65,000). I've destroyed my original TRE deployment, and created a new one (without my custom templates) in the same subscription/region: but I'm still having the same issue.

@marrobi
Copy link
Member

marrobi commented Nov 26, 2024

Have you tried to create the compute instance via the AML studio?

@dram1964
Copy link
Author

Only on a Workspace that had public access. A private AML workspace looked a bit complicated on the Portal - seems I need to create a VNet beforehand to then create private endpoints. I can give a go though.

@dram1964
Copy link
Author

Just a quick update: thought I'd try a re-deployment of the TRE in the westeurope region: but the same error occurs when trying to deploy the compute instance.

So I'm going to manually deploy a private AML instance and see how that goes. I'm going to use the terraform quickstart template rather than attempt this in the portal.

@dram1964
Copy link
Author

I've setup a AML workspace with public_network_access_enabled = false, and successfully deployed a compute instance using this code.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

3 participants