开发工作站设置

Dev Station Configuration

1. Dev Station Spec

1.1. Hardware/Software Specification

Component	Model	Vendor	Specifications
CPU	AMD Ryzen™ 7 8845HS	AMD	3.8-5.1 GHz / 8 Cores
Memory	Crucial 96GB DDR5-5600	Crucial	48GBx2 SODIMM 1.1V
HD	SAMSUNG 990 EVO 2T	SAMSUNG	NVMe / PCIe4.04/5.02
AI Engine	AMD Ryzen™ AI	AMD	38 TOPS
NPU	AMD Ryzen™ AI	AMD	16 TOPS

Host Environment	Proxmox VE 8.3	Proxmox	QEMU / KVM / LXC

1.2. Host Domain & Port

Application	Domain	Port(s)	IP
PVE	pve.rocksolid.work	N/A	172.88.0.2
OpenWRT/Lede	openwrt.rocksolid.work	N/A	172.88.0.254
Ubuntu	ubuntu.rocksolid.work	N/A	172.88.0.11

1.3. Services Domain & Port

Application	Domain	Port(s)	Features
Apache	N/A, ONLY Work as Web proxy	80/443	Proxy
MLflow	mlflow.rocksolid.work	65000	Tracing / Model Registry
MySQL	mysql.rocksolid.work	3306	RDBMS
Minio	minio.rocksolid.work	9000/9090	OSS(S3)
PostgreSQL	minio.rocksolid.work	5432/5432	RDBMS
PGVector	minio.rocksolid.work	6432/5432	Vector Search
Keycloak	keycloak.rocksolid.work	48080/8080	OAuth & SAML
Casdoor	casdoor.rocksolid.work	48000/8000	OAuth & SAML
ActiveMQ	activemq.rocksolid.work	61616/61616	MQ
Redis-Stack	redis.rocksolid.work	6379/6379	Redis

Application	Domain	Port(s)	Features
LobeChat	lobe.rocksolid.work	3210/3210	Knowledge Base & Agent
…	na.rocksolid.work	…/…	…

2. Setup Scenario

2.1 Docker IP-VLAN Level 3 Setup

Dcoker IP-VLAN will be setup as 192.168.11.0/24

 1# Create IP-VLAN for docker environment.
 2docker network create \
 3    --driver ipvlan \
 4    --subnet=192.168.11.0/24 \
 5    --gateway=192.168.11.1 \
 6    -o parent=ens18 \
 7    -o ipvlan_mode=l3 \
 8    #-o ipvlan_flag=bridge \
 9    #-o com.docker.network.bridge.enable_icc=true \
10    #-o com.docker.network.bridge.enable_ip_masquerade=true \
11    rs_vlan
12
13# Run container for testing.
14docker run --net=rs_vlan -it --rm busybox /bin/sh
15docker run --net=rs_vlan -it --rm --ip=172.88.1.128 busybox /bin/sh

Optional Install Portainer Dashboard

 1# Create volume
 2docker volume create portainer_data
 3# Startup container
 4docker run -d \
 5           --name portainer \
 6           -v /var/run/docker.sock:/var/run/docker.sock \
 7           -v portainer_data:/data \
 8           --net=rs_vlan \
 9           --ip=192.168.11.254 \
10           portainer/portainer-ce:2.27.3

2.2. Fundamental Service Container(s) Setup

2.2.1. MySQL

1docker run -d \
2           --name mysql-server \
3           --env MYSQL_ROOT_PASSWORD="6yhn*IK<" \
4           --env MYSQL_ROOT_HOST=% \
5           --net=rs_vlan \
6           --ip=192.168.11.5 \
7           mysql/mysql-server:8.0.15

2.2.2. Redis Stack

1docker run -d \
2           --name redis-stack \
3           --net=rs_vlan \
4           --ip=192.168.11.6 \
5           redis/redis-stack:6.2.6-v9

2.2.3. ActiveMQ

1docker run -d \
2           --name activemq \
3           --net=rs_vlan \
4           --ip=192.168.11.7 \
5           apache/activemq-classic:5.18.7

ActiveMQ Ports

ActiveMQ WebConsole on 8161
ActiveMQ JMX MBean server on 1099
ActiveMQ tcp connector on 61616
ActiveMQ AMQP connector on 5672
ActiveMQ STOMP connector on 61613
ActiveMQ MQTT connector on 1883
ActiveMQ WS connector on 61614

ActiveMQ Environment Variables

Environment Variable	Description
`ACTIVEMQ_CONNECTION_USER`	Username to access transport connector on the broker (JMS, …). If not set, no user and password are required
`ACTIVEMQ_CONNECTION_PASSWORD`	Password to access transport connector on the broker (JMS, …). It should be used with `ACTIVEMQ_CONNECTION_USER`.
`ACTIVEMQ_JMX_USER`	Username to access the JMX MBean server of the broker. If set, ActiveMQ accepts remote JMX connection, else, only local connection are allowed.
`ACTIVEMQ_JMX_PASSWORD`	Password to access the JMX MBean server of the broker. It should be used with `ACTIVEMQ_JMX_USER`/
`ACTIVEMQ_WEB_USER`	Username to access the ActiveMQ WebConsole.
`ACTIVEMQ_WEB_PASSWORD`	Password to access the ActiveMQ WebConsole.

2.2.4. Minio

1docker run -d \
2           --name minio \
3           -e "MINIO_ROOT_USER=root" \
4           -e "MINIO_ROOT_PASSWORD=6yhn*IK<" \
5           --net=rs_vlan \
6           --ip=192.168.11.8 \
7           minio/minio:RELEASE.2025-04-03T14-56-28Z server /data --console-address ":80"

2.3. ML Service Container(s) Setup

2.3.1. Jupyterlab Based On Micromamba

Dockerfile-micromamba

 1# Base micromamba image
 2FROM mambaorg/micromamba:2.0.8-cuda12.2.2-ubuntu22.04
 3
 4ARG ROCKSOLID_USER=rocksolid
 5ARG ROCKSOLID_UID=1000
 6ARG ROCKSOLID_GID=100
 7
 8USER root
 9
10RUN usermod "--login=${ROCKSOLID_USER}" "--home=/home/${ROCKSOLID_USER}" --move-home "-u ${ROCKSOLID_UID}" "${MAMBA_USER}" && \
11    groupmod "--new-name=${ROCKSOLID_USER}" --non-unique "-g ${ROCKSOLID_GID}" "${MAMBA_USER}" && \
12    # Update the expected value of MAMBA_USER for the
13    # _entrypoint.sh consistency check.
14    echo "${ROCKSOLID_USER}" > "/etc/arg_mamba_user" && \
15    :
16ENV MAMBA_USER=$ROCKSOLID_USER
17ENV USER=$ROCKSOLID_USER
18
19RUN apt-get update && apt-get upgrade -y && \
20    apt-get install -y --no-install-recommends sudo wget curl unzip git build-essential nano less ssh openssh-server net-tools iputils-ping && \
21    # We just install tzdata below but leave default time zone as UTC. This helps packages like Pandas to function correctly.
22    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends tzdata krb5-user libkrb5-dev libsasl2-dev libsasl2-modules && \
23    chmod g+w /etc/passwd && \
24    echo "ALL    ALL=(ALL)    NOPASSWD:    ALL" >> /etc/sudoers && \
25    touch /etc/krb5.conf.lock && chown ${ROCKSOLID_USER}:${MAMBA_USER} /etc/krb5.conf* && \
26    apt clean
27
28USER $MAMBA_USER
29
30WORKDIR "/home/${ROCKSOLID_USER}"
31
32COPY global-gitconfig /home/${ROCKSOLID_USER}/.gitconfig
33
34ENV SHELL=/bin/bash
35ENV EDITOR="nano"

Build Command

1# Execute the command in the directory where the "Dockerfile-micromamba" file is located.
2docker build -t rocksolid/micromamba:2.0.8-cuda12.2.2-ubuntu22.04 -f ./Dockerfile-micromamba .

Startup Container

 1# Below container(s) also belong to the rs_vlan(Docker IP-VLAN Level 3);
 2# The volume "nfs-shared" will be used to share storage data files between these containers;
 3# Python 3.10 environment including jupyter-lab, which is service at port 80.
 4docker run -d \
 5           --name python3.10-micromamba \
 6           -v /opt/nfs-shared:/opt/nfs-shared \
 7           --net=rs_vlan \
 8           --ip=192.168.11.9 \
 9           rocksolid/micromamba:2.0.8-cuda12.2.2-ubuntu22.04 /bin/bash -c "\
10           micromamba install -y -n base -c conda-forge \
11                      python=3.10 \
12                      jupyterlab \
13                      ipywidgets \
14                      jupyterlab-lsp \
15                      python-lsp-server && \
16           jupyter-lab --notebook-dir /opt/nfs-shared \
17                       --no-browser \
18                       --ip=0.0.0.0 \
19                       --port=80"
20
21# Python 3.12 environment including jupyter-lab, which is service at port 80.
22docker run -d \
23           --name python3.10-micromamba \
24           -v /opt/nfs-shared:/opt/nfs-shared \
25           --net=rs_vlan \
26           --ip=192.168.11.10 \
27           rocksolid/micromamba:2.0.8-cuda12.2.2-ubuntu22.04 /bin/bash -c "\
28           micromamba install -y -n base -c conda-forge \
29                      python=3.12 \
30                      jupyterlab \
31                      ipywidgets \
32                      jupyterlab-lsp \
33                      python-lsp-server && \
34           jupyter-lab --notebook-dir /opt/nfs-shared \
35                       --no-browser \
36                       --ip=0.0.0.0 \
37                       --port=80"

2.3.2. MLflow Service

1docker run -d \
2           --name mlflow \
3           --net=rs_vlan \
4           --ip=192.168.11.11 \
5           ghcr.io/mlflow/mlflow:v2.21.3 mlflow server --host 0.0.0.0 --port 80

2.4. LLM & Knowledge Base Service Container(s) Setup (TODO)

2.5. Remote Development Container(s) Setup (TODO)

作者|Author: RockSolid

发表日期|Publish Date: Mar 7, 2025

修改日期|Modified Date: Mar 7, 2025