Run llmstudio docker image as llmstudio user instead of root user

sevaroy · Jun 26, 2023 · af1a8ab · af1a8ab
1 parent e897bea
commit af1a8ab
Show file tree

Hide file tree

Showing 4 changed files with 54 additions and 2 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,4 @@
+.git
+.github
+data
+output
diff --git a/Dockerfile b/Dockerfile
@@ -10,10 +10,33 @@ RUN apt-get update && apt-get install -y \
     && apt install -y python3.10 \
     && apt install -y python3.10-distutils \
     && rm -rf /var/lib/apt/lists/*
+
+# Pick an unusual UID for the llmstudio user.
+# In particular, don't pick 1000, which is the default ubuntu user number.
+# Force ourselves to test with UID mismatches in the common case.
+RUN adduser --uid 1999 llmstudio
+USER llmstudio
+
+# Python virtualenv is installed in /home/llmstudio/.local
+# Application code and data lives in /workspace
+#
+# Make all of the files in the llmstudio directory writable so that the
+# application can install other (non-persisted) new packages and other things
+# if it wants to.  This is really not advisable, though, since it's lost when
+# the container exits.
 WORKDIR /workspace
-RUN curl -sS https://bootstrap.pypa.io/get-pip.py | python3.10
+RUN \
+    curl -sS https://bootstrap.pypa.io/get-pip.py | python3.10 && \
+    chmod -R a+w /home/llmstudio
+COPY Makefile .
+COPY Pipfile .
+COPY Pipfile.lock .
+RUN \
+    make setup && \
+    chmod -R a+w /home/llmstudio
 COPY . .
-RUN make setup
+
+ENV HOME=/home/llmstudio
 ENV H2O_WAVE_MAX_REQUEST_SIZE=25MB
 ENV H2O_WAVE_NO_LOG=True
 ENV H2O_WAVE_PRIVATE_DIR="/download/@/workspace/output/download"

diff --git a/Makefile b/Makefile
@@ -84,6 +84,29 @@ wave-no-reload:
 	H2O_WAVE_PRIVATE_DIR="/download/@$(PWD)/output/download" \
 	$(PIPENV) run wave run --no-reload app
 
+.PHONY: docker-build-nightly
+docker-build-nightly:
+	docker build -t gcr.io/vorvan/h2oai/h2o-llmstudio:nightly .
+
+.PHONY: docker-run-nightly
+docker-run-nightly:
+ifeq (,$(wildcard ./data))
+	mkdir data
+endif
+ifeq (,$(wildcard ./output))
+	mkdir output
+endif
+	docker run \
+		--runtime=nvidia \
+		--shm-size=64g \
+		--init \
+		--rm \
+		-u `id -u`:`id -g` \
+		-p 10101:10101 \
+		-v `pwd`/data:/workspace/data \
+		-v `pwd`/output:/workspace/output \
+		gcr.io/vorvan/h2oai/h2o-llmstudio:nightly
+
 .PHONY: shell
 shell:
 	$(PIPENV) shell
diff --git a/README.md b/README.md
@@ -143,6 +143,7 @@ docker run \
     --shm-size=64g \
     --init \
     --rm \
+    -u `id -u`:`id -g` \
     -p 10101:10101 \
     -v `pwd`/data:/workspace/data \
     -v `pwd`/output:/workspace/output \
@@ -162,6 +163,7 @@ docker run \
     --shm-size=64g \
     --init \
     --rm \
+    -u `id -u`:`id -g` \
     -p 10101:10101 \
     -v `pwd`/data:/workspace/data \
     -v `pwd`/output:/workspace/output \
-Original file line number
+Diff line change
@@ -0,0 +1,4 @@
+    .git
+    .github
+    data
+    output