这个 Dockerfile 在 /app 下以 root 身份构建一个 python FastAPI 项目,通过诗歌安装系统包、python 库并复制文件,最后创建一个非特权的“llmuser”用户并将 /app 树添加到它:
FROM python:3.11-slim-bookworm as base
RUN apt-get update && \
apt-get install -y iputils-ping curl && \
rm -rf /var/lib/apt/lists/*
RUN pip install --no-cache-dir poetry==1.8.2
FROM base as dependencies
WORKDIR /app
COPY pyproject.toml poetry.lock /app/
RUN poetry install --no-interaction
FROM dependencies as application
WORKDIR /app
COPY llm_fast/*.py llm_fast/
COPY llm_fast/llmlib llm_fast/llmlib/
COPY resources resources/
COPY .env ./
RUN useradd -ms /bin/bash llmuser
RUN chown -R llmuser:llmuser /app
USER llmuser
此镜像构建良好,然后通过以下 docker compose 服务文件启动:
version: "3.8"
services:
llm_fast:
image: llm_fast:v0.4
command: poetry run python -m gunicorn -w 1 -k uvicorn.workers.UvicornWorker -b 0.0.0.0:8086 llm_fast.vectorize:app
ports:
- "8086:8086"
user: "1000:1000"
volumes:
- models_cache:/home/llmuser/.cache
volumes:
models_cache:
用户 1000:1000 是要获取属于 1000:1000 的 /home/llmuser/.cache 卷,以便当应用程序在 llmuser 用户下运行并想要在其中写入内容时可以。
但是我做错了,因为使用此设置,构建运行良好,但是当我尝试使用 docker compose up 运行图像时,我看到(删节的)日志:
bob ~/code/llm_fast [main] $ docker compose up
[+] Running 1/0
✔ Container llm_fast-llm_fast-1 Recreated 0.1s
Attaching to llm_fast-1
llm_fast-1 | Creating virtualenv llm-fast-9TtSrW0h-py3.11 in /home/llmuser/.cache/pypoetry/virtualenvs
llm_fast-1 | usage: .... abridged virtualenv help
llm_fast-1 | virtualenv: error: argument dest: the destination . is not write-able at /home/llmuser/.cache
llm_fast-1 exited with code 2
在您的情况下,
/home/llmuser/.cachemodels_cache因此,您需要创建
/home/llmuser/.cache只需更新 Dockerfile 中的最后一条指令,如下所示:
RUN useradd -ms /bin/bash llmuser
RUN \
chown -R llmuser:llmuser /app \
&& mkdir -p /home/llmuser/.cache \
&& chown -R llmuser:llmuser /home/llmuser/.cache
USER llmuser