From 65c5a1708b7ad9e2be34aaab0fe21510a45de7ba Mon Sep 17 00:00:00 2001
From: Quentin McGaw <quentin.mcgaw@gmail.com>
Date: Tue, 30 Jul 2024 17:59:38 +0200
Subject: [PATCH] chore(docker): dockerfiles improvements and fixes (#1792)

* `UID` and `GID` build arguments for `worker` user

* `POETRY_EXTRAS` build argument with default values

* Copy `Makefile` for `make ingest` command

* Do NOT copy markdown files
I doubt anyone reads a markdown file within a Docker image

* Fix PYTHONPATH value

* Set home directory to `/home/worker` when creating user

* Combine `ENV` instructions together

* Define environment variables with their defaults
- For documentation purposes
- Reflect defaults set in settings-docker.yml

* `PGPT_EMBEDDING_MODE` to define embedding mode

* Remove ineffective `python3 -m pipx ensurepath`

* Use `&&` instead of `;` to chain commands to detect failure better

* Add `--no-root` flag to poetry install commands

* Set PGPT_PROFILES to docker

* chore: remove envs

* chore: update to use ollama in docker-compose

* chore: don't copy makefile

* chore: don't copy fern

* fix: tiktoken cache

* fix: docker compose port

* fix: ffmpy dependency (#2020)

* fix: ffmpy dependency

* fix: block ffmpy to commit sha

* feat(llm): autopull ollama models (#2019)

* chore: update ollama (llm)

* feat: allow to autopull ollama models

* fix: mypy

* chore: install always ollama client

* refactor: check connection and pull ollama method to utils

* docs: update ollama config with autopulling info

...

* chore: autopull ollama models

* chore: add GID/UID comment

...

---------

Co-authored-by: Javier Martinez <javiermartinezalvarez98@gmail.com>
---
 Dockerfile.external  | 32 +++++++++++++++++++++-----------
 Dockerfile.local     | 30 ++++++++++++++++++++----------
 docker-compose.yaml  |  7 +++++--
 settings-docker.yaml |  3 ++-
 4 files changed, 48 insertions(+), 24 deletions(-)

diff --git a/Dockerfile.external b/Dockerfile.external
index 3e2530e..80ffde3 100644
--- a/Dockerfile.external
+++ b/Dockerfile.external
@@ -2,7 +2,6 @@ FROM python:3.11.6-slim-bookworm as base
 
 # Install poetry
 RUN pip install pipx
-RUN python3 -m pipx ensurepath
 RUN pipx install poetry
 ENV PATH="/root/.local/bin:$PATH"
 ENV PATH=".venv/bin/:$PATH"
@@ -14,27 +13,38 @@ FROM base as dependencies
 WORKDIR /home/worker/app
 COPY pyproject.toml poetry.lock ./
 
-RUN poetry install --extras "ui vector-stores-qdrant llms-ollama embeddings-ollama"
+ARG POETRY_EXTRAS="ui vector-stores-qdrant llms-ollama embeddings-ollama"
+RUN poetry install --no-root --extras "${POETRY_EXTRAS}"
 
 FROM base as app
-
 ENV PYTHONUNBUFFERED=1
 ENV PORT=8080
+ENV APP_ENV=prod
+ENV PYTHONPATH="$PYTHONPATH:/home/worker/app/private_gpt/"
 EXPOSE 8080
 
 # Prepare a non-root user
-RUN adduser --system worker
+# More info about how to configure UIDs and GIDs in Docker:
+# https://github.com/systemd/systemd/blob/main/docs/UIDS-GIDS.md
+
+# Define the User ID (UID) for the non-root user
+# UID 100 is chosen to avoid conflicts with existing system users
+ARG UID=100
+
+# Define the Group ID (GID) for the non-root user
+# GID 65534 is often used for the 'nogroup' or 'nobody' group
+ARG GID=65534
+
+RUN adduser --system --gid ${GID} --uid ${UID} --home /home/worker worker
 WORKDIR /home/worker/app
 
-RUN mkdir local_data; chown worker local_data
-RUN mkdir models; chown worker models
+RUN chown worker /home/worker/app
+RUN mkdir local_data && chown worker local_data
+RUN mkdir models && chown worker models
 COPY --chown=worker --from=dependencies /home/worker/app/.venv/ .venv
 COPY --chown=worker private_gpt/ private_gpt
-COPY --chown=worker fern/ fern
-COPY --chown=worker *.yaml *.md ./
+COPY --chown=worker *.yaml .
 COPY --chown=worker scripts/ scripts
 
-ENV PYTHONPATH="$PYTHONPATH:/private_gpt/"
-
 USER worker
-ENTRYPOINT python -m private_gpt
\ No newline at end of file
+ENTRYPOINT python -m private_gpt
diff --git a/Dockerfile.local b/Dockerfile.local
index 980a9b0..8ee9f1e 100644
--- a/Dockerfile.local
+++ b/Dockerfile.local
@@ -4,7 +4,6 @@ FROM python:3.11.6-slim-bookworm as base
 
 # Install poetry
 RUN pip install pipx
-RUN python3 -m pipx ensurepath
 RUN pipx install poetry
 ENV PATH="/root/.local/bin:$PATH"
 ENV PATH=".venv/bin/:$PATH"
@@ -24,28 +23,39 @@ FROM base as dependencies
 WORKDIR /home/worker/app
 COPY pyproject.toml poetry.lock ./
 
-RUN poetry install --extras "ui embeddings-huggingface llms-llama-cpp vector-stores-qdrant"
+ARG POETRY_EXTRAS="ui embeddings-huggingface llms-llama-cpp vector-stores-qdrant"
+RUN poetry install --no-root --extras "${POETRY_EXTRAS}"
 
 FROM base as app
 
 ENV PYTHONUNBUFFERED=1
 ENV PORT=8080
+ENV APP_ENV=prod
+ENV PYTHONPATH="$PYTHONPATH:/home/worker/app/private_gpt/"
 EXPOSE 8080
 
 # Prepare a non-root user
-RUN adduser --group worker
-RUN adduser --system --ingroup worker worker
+# More info about how to configure UIDs and GIDs in Docker:
+# https://github.com/systemd/systemd/blob/main/docs/UIDS-GIDS.md
+
+# Define the User ID (UID) for the non-root user
+# UID 100 is chosen to avoid conflicts with existing system users
+ARG UID=100
+
+# Define the Group ID (GID) for the non-root user
+# GID 65534 is often used for the 'nogroup' or 'nobody' group
+ARG GID=65534
+
+RUN adduser --system --gid ${GID} --uid ${UID} --home /home/worker worker
 WORKDIR /home/worker/app
 
-RUN mkdir local_data; chown worker local_data
-RUN mkdir models; chown worker models
+RUN chown worker /home/worker/app
+RUN mkdir local_data && chown worker local_data
+RUN mkdir models && chown worker models
 COPY --chown=worker --from=dependencies /home/worker/app/.venv/ .venv
 COPY --chown=worker private_gpt/ private_gpt
-COPY --chown=worker fern/ fern
-COPY --chown=worker *.yaml *.md ./
+COPY --chown=worker *.yaml ./
 COPY --chown=worker scripts/ scripts
 
-ENV PYTHONPATH="$PYTHONPATH:/private_gpt/"
-
 USER worker
 ENTRYPOINT python -m private_gpt
\ No newline at end of file
diff --git a/docker-compose.yaml b/docker-compose.yaml
index f12e1da..517af65 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -5,12 +5,15 @@ services:
     volumes:
       - ./local_data/:/home/worker/app/local_data
     ports:
-      - 8001:8080
+      - 8001:8001
     environment:
-      PORT: 8080
+      PORT: 8001
       PGPT_PROFILES: docker
       PGPT_MODE: ollama
+      PGPT_EMBED_MODE: ollama
   ollama:
     image: ollama/ollama:latest
+    ports:
+      - 11434:11434
     volumes:
       - ./models:/root/.ollama
diff --git a/settings-docker.yaml b/settings-docker.yaml
index d8037fa..59d5f16 100644
--- a/settings-docker.yaml
+++ b/settings-docker.yaml
@@ -6,7 +6,7 @@ llm:
   mode: ${PGPT_MODE:mock}
 
 embedding:
-  mode: ${PGPT_MODE:sagemaker}
+  mode: ${PGPT_EMBED_MODE:mock}
 
 llamacpp:
   llm_hf_repo_id: ${PGPT_HF_REPO_ID:TheBloke/Mistral-7B-Instruct-v0.1-GGUF}
@@ -30,6 +30,7 @@ ollama:
   repeat_last_n: ${PGPT_OLLAMA_REPEAT_LAST_N:64}
   repeat_penalty: ${PGPT_OLLAMA_REPEAT_PENALTY:1.2}
   request_timeout: ${PGPT_OLLAMA_REQUEST_TIMEOUT:600.0}
+  autopull_models: ${PGPT_OLLAMA_AUTOPULL_MODELS:true}
 
 ui:
   enabled: true