本地身份验证示例¶

本节介绍如何在 Driverless AI 中启用本地身份验证。

若要在 Docker 映像中启用身份验证，需指定您想要使用的身份验证环境变量。每个变量必须以 DRIVERLESS_AI_ 开头。以下示例通过环境变量来启动 Driverless AI 从而：

在启动 Driverless AI 时启用本地身份验证

启用 S3 和 HDFS 访问（无身份验证）

              nvidia-docker run \
                  --pid=host \
                  --init \
                  --rm \
                  --shm-size=256m \
                  -p 12345:12345 \
                  -u `id -u`:`id -g` \
                  -e DRIVERLESS_AI_ENABLED_FILE_SYSTEMS="file,s3,hdfs" \
                  -e DRIVERLESS_AI_AUTHENTICATION_METHOD="local" \
                  -e DRIVERLESS_AI_LOCAL_HTPASSWD_FILE="<htpasswd_file_location>" \
                  -v `pwd`/data:/data \
                  -v `pwd`/log:/log \
                  -v `pwd`/license:/license \
                  -v `pwd`/tmp:/tmp \
                  h2oai/dai-centos7-x86_64:1.10.1-cuda11.2.2.xx

本机安装包括 DEB、RPM 和 TAR SH 安装。以下示例展示了启用以下时需在 config.toml 文件中设置的配置选项：

在启动 Driverless AI 时启用本地身份验证
启用 S3 和 HDFS 访问（无身份验证）

导出 Driverless AI config.toml 文件或将其添加至 ~/.bashrc。例如：

# DEB and RPM
export DRIVERLESS_AI_CONFIG_FILE="/etc/dai/config.toml"

# TAR SH
export DRIVERLESS_AI_CONFIG_FILE="/path/to/your/unpacked/dai/directory/config.toml"

打开 config.toml 文件并编辑身份验证变量。安装 RPM 或 DEB 后，可在 etc/dai 文件夹中找到 config.toml 文件。

# File System Support
# file : local file system/server file system
# hdfs : Hadoop file system, remember to configure the hadoop coresite and keytab below
# s3 : Amazon S3, optionally configure secret and access key below
# gcs : Google Cloud Storage, remember to configure gcs_path_to_service_account_json below
# gbq : Google Big Query, remember to configure gcs_path_to_service_account_json below
enabled_file_systems = "file,s3,hdfs"

# authentication_method
# unvalidated : Accepts user id and password, does not validate password
# none : Does not ask for user id or password, authenticated as admin
# pam :  Accepts user id and password, Validates user with operating system
# ldap : Accepts user id and password, Validates against an ldap server, look
# local: Accepts a user id and password, Validated against a htpasswd file provided in local_htpasswd_file
# for additional settings under LDAP settings
authentication_method = "local"

# Local password file
# Generating a htpasswd file: see syntax below
# htpasswd -B "<location_to_place_htpasswd_file>" "<username>"
# note: -B forces use of brcypt, a secure encryption method
local_htpasswd_file = "<htpasswd_file_location>"

启动（或重启）Driverless AI。请注意，用于启动 Driverless AI 的命令将因安装类型而异。

# Linux RPM or DEB with systemd
sudo systemctl start dai

# Linux RPM or DEB without systemd
sudo -H -u dai /opt/h2oai/dai/run-dai.sh

# Linux TAR SH
./run-dai.sh