From 64e2b9002403118399d6616e602ed1c5626d6c90 Mon Sep 17 00:00:00 2001 From: hiondal Date: Sun, 15 Jun 2025 16:36:44 +0000 Subject: [PATCH] release --- vector/deployment/container/Dockerfile-base | 166 ++++++++++++-------- 1 file changed, 101 insertions(+), 65 deletions(-) diff --git a/vector/deployment/container/Dockerfile-base b/vector/deployment/container/Dockerfile-base index 6d33c1a..35d1163 100644 --- a/vector/deployment/container/Dockerfile-base +++ b/vector/deployment/container/Dockerfile-base @@ -1,59 +1,19 @@ # deployment/container/Dockerfile-base -# 최적화된 Vector DB API Base Image - setup.sh 기반 + Multi-stage Build +# Poetry 기반 Vector DB API Base Image - 홈 디렉토리 사용 (안전한 방식) -# ============================================================================= -# Build Stage - setup.sh로 의존성 설치 -# ============================================================================= -FROM python:3.11-slim AS builder - -# 환경 변수 설정 -ENV PYTHONDONTWRITEBYTECODE=1 \ - PYTHONUNBUFFERED=1 \ - DEBIAN_FRONTEND=noninteractive - -# 빌드 도구 설치 -RUN apt-get update && apt-get install -y --no-install-recommends \ - build-essential \ - gcc \ - g++ \ - python3-dev \ - curl \ - sudo \ - bc \ - lsb-release \ - && rm -rf /var/lib/apt/lists/* - -# Build Stage용 appuser 생성 -RUN groupadd -r appuser && \ - useradd -r -g appuser -d /home/appuser -s /bin/bash appuser && \ - mkdir -p /home/appuser && \ - chown -R appuser:appuser /home/appuser && \ - echo "appuser ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers - -# setup.sh 복사 및 실행 -WORKDIR /home/appuser -COPY --chown=appuser:appuser setup.sh ./ -RUN chmod +x setup.sh - -# appuser로 전환하여 setup.sh 실행 -USER appuser -RUN ./setup.sh - -# ============================================================================= -# Runtime Stage - 설치된 환경만 복사 (빌드 도구 제거) -# ============================================================================= FROM python:3.11-slim # 메타데이터 -LABEL maintainer="admin@example.com" \ - description="Vector DB API Base - setup.sh + Multi-stage Optimized" \ - version="setup-multistage-v1.0" +LABEL description="Vector DB API Base Image with Poetry - Home Directory" +LABEL version="poetry-home-v1.0" +LABEL maintainer="admin@example.com" -# 환경 변수 설정 +# 환경 변수 설정 - Poetry 가상환경을 홈 디렉토리로 이동 ENV PYTHONDONTWRITEBYTECODE=1 \ PYTHONUNBUFFERED=1 \ DEBIAN_FRONTEND=noninteractive \ - HOME=/home/appuser \ + PIP_NO_CACHE_DIR=1 \ + PIP_DISABLE_PIP_VERSION_CHECK=1 \ POETRY_NO_INTERACTION=1 \ POETRY_VENV_IN_PROJECT=false \ POETRY_VIRTUALENVS_CREATE=true \ @@ -61,43 +21,119 @@ ENV PYTHONDONTWRITEBYTECODE=1 \ POETRY_CACHE_DIR=/home/appuser/.cache/pypoetry/cache \ HF_HUB_CACHE=/home/appuser/.cache/huggingface \ TRANSFORMERS_CACHE=/home/appuser/.cache/transformers \ - SENTENCE_TRANSFORMERS_HOME=/home/appuser/.cache/sentence_transformers \ - PATH="/home/appuser/.local/bin:$PATH" + SENTENCE_TRANSFORMERS_HOME=/home/appuser/.cache/sentence_transformers -# 런타임에 필요한 최소한의 패키지만 설치 +# 🔧 시스템 패키지 설치 RUN apt-get update && apt-get install -y --no-install-recommends \ + build-essential \ + gcc \ + g++ \ + python3-dev \ curl \ + wget \ ca-certificates \ + git \ + sudo \ + lsb-release \ bc \ + python3.11 \ + python3.11-venv \ + python3.11-dev \ + python3.11-distutils \ && rm -rf /var/lib/apt/lists/* \ && apt-get clean -# Runtime Stage용 appuser 생성 +# 📦 pip 업그레이드 +RUN python3.11 -m pip install --no-cache-dir --upgrade pip setuptools wheel + +# 👤 비root 사용자 생성 (Poetry 설치 전에) RUN groupadd -r appuser && \ useradd -r -g appuser -d /home/appuser -s /bin/bash appuser && \ - mkdir -p /home/appuser/.cache && \ + mkdir -p /home/appuser && \ chown -R appuser:appuser /home/appuser -# Build Stage에서 설치된 전체 환경 복사 -COPY --from=builder --chown=appuser:appuser /home/appuser/.local /home/appuser/.local -COPY --from=builder --chown=appuser:appuser /home/appuser/.cache /home/appuser/.cache -COPY --from=builder --chown=appuser:appuser /home/appuser/pyproject.toml /home/appuser/pyproject.toml -COPY --from=builder --chown=appuser:appuser /home/appuser/poetry.lock /home/appuser/poetry.lock +# 🔧 Poetry 가상환경 디렉토리 생성 (홈 디렉토리 사용) +RUN mkdir -p /home/appuser/.cache/pypoetry/venvs \ + /home/appuser/.cache/pypoetry/cache && \ + chown -R appuser:appuser /home/appuser/.cache && \ + chmod -R 755 /home/appuser/.cache -# 작업 디렉토리 설정 -WORKDIR /home/appuser +# 🐍 Poetry를 appuser로 설치 +USER appuser +ENV PATH="/home/appuser/.local/bin:$PATH" + +# appuser 홈 디렉토리에 Poetry 설치 +RUN curl -sSL https://install.python-poetry.org | python3.11 - + +# Poetry 실행 권한 및 심볼릭 링크 (root 권한 필요) +USER root +RUN chmod +x /home/appuser/.local/bin/poetry && \ + ln -sf /home/appuser/.local/bin/poetry /usr/local/bin/poetry && \ + chown appuser:appuser /home/appuser/.local/bin/poetry + +# appuser로 다시 전환 USER appuser -# Poetry 환경 확인 -RUN poetry --version && poetry env info +# 🔧 Poetry 설정 - 가상환경을 홈 디렉토리로 이동 +RUN poetry config virtualenvs.in-project false && \ + poetry config virtualenvs.create true && \ + poetry config virtualenvs.path /home/appuser/.cache/pypoetry/venvs && \ + poetry config cache-dir /home/appuser/.cache/pypoetry/cache -# 포트 노출 +# Poetry 버전 확인 및 설정 검증 +RUN poetry --version && \ + poetry config --list && \ + ls -la /home/appuser/.local/bin/poetry && \ + which poetry + +# 🏗️ 작업 디렉토리 설정 (홈 디렉토리 사용) +WORKDIR /home/appuser + +# 애플리케이션 디렉토리 생성 +USER root +RUN mkdir -p /home/appuser/app && \ + chown -R appuser:appuser /home/appuser + +# 📋 Poetry 설치 스크립트 복사 및 권한 설정 +COPY setup.sh /home/appuser/setup.sh +RUN chmod +x /home/appuser/setup.sh && \ + chown appuser:appuser /home/appuser/setup.sh + +# appuser로 전환하여 Poetry 환경 설정 +USER appuser + +# 🚀 Poetry 환경 설정 및 의존성 설치 +RUN cd /home/appuser && \ + export DEBIAN_FRONTEND=noninteractive && \ + ./setup.sh --skip-poetry-install --skip-python311-check --force-reinstall + +# 🗂️ 필요한 디렉토리 생성 및 권한 설정 +USER root +RUN mkdir -p /home/appuser/.cache/huggingface \ + /home/appuser/.cache/transformers \ + /home/appuser/.cache/sentence_transformers \ + /home/appuser/vectordb \ + /home/appuser/data \ + /home/appuser/logs && \ + chmod -R 755 /home/appuser/.cache /home/appuser/vectordb /home/appuser/data /home/appuser/logs && \ + chown -R appuser:appuser /home/appuser && \ + # Poetry 가상환경 디렉토리 권한 재확인 + chown -R appuser:appuser /home/appuser/.cache && \ + chmod -R 755 /home/appuser/.cache + +# 🧹 캐시 정리 +RUN rm -rf /tmp/* /var/tmp/* + +# 🚀 포트 노출 EXPOSE 8000 -# 헬스체크 +# 🏥 간단한 헬스체크 (appuser 권한으로 실행) HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \ - CMD poetry run python -c "import fastapi; print('OK')" || exit 1 + CMD su -c "poetry --version && poetry config virtualenvs.path" appuser || exit 1 -# 기본 명령어 +# 👤 최종 사용자 설정 +USER appuser + +# 🎯 기본 명령어 CMD ["poetry", "--version"]