开发工作站设置
Dev Station Configuration
1. Dev Station Spec
1.1. Hardware/Software Specification
| Component | Model | Vendor | Specifications |
|---|---|---|---|
| CPU | AMD Ryzen™ 7 8845HS | AMD | 3.8-5.1 GHz / 8 Cores |
| Memory | Crucial 96GB DDR5-5600 | Crucial | 48GBx2 SODIMM 1.1V |
| HD | SAMSUNG 990 EVO 2T | SAMSUNG | NVMe / PCIe4.04/5.02 |
| AI Engine | AMD Ryzen™ AI | AMD | 38 TOPS |
| NPU | AMD Ryzen™ AI | AMD | 16 TOPS |
| Host Environment | Proxmox VE 8.3 | Proxmox | QEMU / KVM / LXC |
1.2. Host Domain & Port
| Application | Domain | Port(s) | IP rs network | IP home network |
|---|---|---|---|---|
| PVE | pve.rocksolid.work | 8006 | 172.88.0.2 | 192.168.1.230 |
| OpenWRT/Lede | openwrt.rocksolid.work | 80 | 172.88.0.254 | N/A |
| Ubuntu Dev VM | dev.rocksolid.work | N/A | 172.88.0.11 | 192.168.1.231 |
1.3. Services Domain & Port
| Application | Domain | Port(s) | Features | IP rs_vlan | IP home_vlan |
|---|---|---|---|---|---|
| Unavailable | |||||
| Apache | N/A | 80/443 | Web Proxy | N/A | N/A |
| Metric Services IP: .254 - .250 | |||||
| Portainer | portainer.rocksolid.work | 80/443 | Container Metrics | 192.168.11.254 | 192.168.231.254 |
| MLflow | mlflow.rocksolid.work | 80 | Tracing / Model Registry | 192.168.11.253 | 192.168.231.253 |
| Databases(RDBMS/Geospatial/Vector/KV) IP: .5 - .19 | |||||
| MySQL | mysql.rocksolid.work | 3306 | RDBMS | 192.168.11.5 | 192.168.231.5 |
| Postgis | pg.rocksolid.work | 5432 | RDBMS/Geospatial | 192.168.11.6 | 192.168.231.6 |
| Redis-Stack | redis.rocksolid.work | 6379/8001 | Redis | 192.168.11.7 | 192.168.231.7 |
| Shared Storage Services IP: .20 - .29 | |||||
| Minio | minio.rocksolid.work | 9000/80(9001) | OSS(S3) | 192.168.11.20 | 192.168.231.20 |
| Auth/Security Services IP: .30 - .39 | |||||
| Keycloak | keycloak.rocksolid.work | 48080/8080 | OAuth & SAML | 192.168.11.30 | 192.168.231.30 |
| Casdoor | casdoor.rocksolid.work | 48000/8000 | OAuth & SAML | 192.168.11.31 | 192.168.231.31 |
| App Services & Experiment Services IP: .100 - .199 | |||||
| Python 3.10 | py310.rocksolid.work | 80 | Notebook | 192.168.11.100 | 192.168.231.100 |
| Python 3.12 | py312.rocksolid.work | 80 | Notebook | 192.168.11.101 | 192.168.231.101 |
| Misc Services IP: .200 - .239 | |||||
| ActiveMQ | activemq.rocksolid.work | 61616/61616 | MQ | 192.168.11.200 | 192.168.231.200 |
| PGVector | pgvector.rocksolid.work | 6432/5432 | Vector Search | N/A | N/A |
1.4. App Domain & Port
| Application | Domain | Port(s) | Features |
|---|---|---|---|
| LobeChat | lobe.rocksolid.work | 3210/3210 | Knowledge Base & Agent |
| … | na.rocksolid.work | …/… | … |
2. Setup Scenario
2.1. Docker IP-VLAN Level 3 Setup
Dcoker IP-VLAN will be setup as 192.168.11.0/24
1# Create IP-VLAN L3 for docker environment.
2docker network create \
3 --driver ipvlan \
4 --subnet=192.168.11.0/24 \
5 --gateway=192.168.11.1 \
6 -o parent=ens18 \
7 -o ipvlan_mode=l3 \
8 #-o ipvlan_flag=bridge \
9 #-o com.docker.network.bridge.enable_icc=true \
10 #-o com.docker.network.bridge.enable_ip_masquerade=true \
11 rs_vlan
12
13# iptables config which will allow container access external network, because L3 no MAC address.
14sudo iptables -t nat -A POSTROUTING -s 192.168.11.0/24 -o ens18 -j MASQUERADE
15
16# Run container for testing.
17docker run --net=rs_vlan -it --rm busybox /bin/sh
18docker run --net=rs_vlan -it --rm --ip=172.88.1.128 busybox /bin/sh
1# Create IP-VLAN L3 for docker environment (at home, no depend on OpenWrt which is inside of PVE).
2docker network create \
3 --driver ipvlan \
4 --subnet=192.168.231.0/24 \
5 --gateway=192.168.231.1 \
6 -o parent=ens19 \
7 -o ipvlan_mode=l3 \
8 home_vlan
9
10# iptables config which will allow container access external network, because L3 no MAC address.
11sudo iptables -t nat -A POSTROUTING -s 192.168.231.0/24 -o ens19 -j MASQUERADE
12
13# Run container for testing.
14docker run --net=home_vlan -it --rm --ip=192.168.231.111 busybox /bin/sh
15# ping test inside of busybox container
16ping 192.168.1.3
17ping 8.8.8.8
18
19# Connect exist container and home_vlan
20docker network connect home_vlan mysql-server --ip 192.168.231.5
21docker network connect home_vlan minio --ip 192.168.231.8
DO NOT FORGET ADD STATIC ROUTE on router
图-STATIC-ROUTE
Additional, configure Docker daemon will be accepted instructions from network.
Use the below command to open an override file for docker.service in a text editor.
1# ref: https://docs.docker.com/engine/daemon/remote-access/
2sudo systemctl edit docker.service
Add below configuration items to override docker.service
1# Conmmon .ini style
2[Service]
3ExecStart=
4# ExecStart=/usr/bin/dockerd -H fd:// -H unix:///var/run/docker.sock -H tcp://172.88.0.11:2375 -H tcp://192.168.1.231
5# ExecStart=/usr/bin/dockerd --iptables=false --ipv6=false --ip6tables=false -H fd:// -H unix:///var/run/docker.sock -H tcp://172.88.0.11:2375 -H tcp://192.168.1.231
6ExecStart=/usr/bin/dockerd --ipv6=false --ip6tables=false -H fd:// -H unix:///var/run/docker.sock -H tcp://172.88.0.11:2375 -H tcp://192.168.1.231
Optional Install Portainer Dashboard
1# Create volume
2docker volume create portainer_data
3# Startup container
4docker run -d \
5 --name portainer \
6 -v /var/run/docker.sock:/var/run/docker.sock \
7 -v portainer_data:/data \
8 portainer/portainer-ce:2.27.3
9
10# Attach networks, IP: .254
11docker network connect rs_vlan portainer --ip 192.168.11.254
12docker network connect home_vlan portainer --ip 192.168.231.254
Addtional volume setup
1# Provided share folder on the host machine at /opt/shared,
2# Each containers should attach this folder as a volume for data transfer or data backup,
3# For each containers will create sub folder of share folder which name will be container name,
4# And attach it on to /rocksolid/data inside of container.
5# Example for postgis
6-v /opt/shared/data/postgis:/rocksolid/data
2.2. Fundamental Service Container(s) Setup
MySQL
1# Create container
2docker run -d \
3 --name mysql \
4 --env MYSQL_ROOT_PASSWORD="6yhn*IK<" \
5 --env MYSQL_ROOT_HOST=% \
6 -v /opt/shared/data/mysql:/rocksolid/data \
7 mysql/mysql-server:8.0.15
8
9# Attach networks, IP: .5
10docker network connect rs_vlan mysql --ip 192.168.11.5
11docker network connect home_vlan mysql --ip 192.168.231.5
Postgis
1# Create container
2docker run -d \
3 --name postgis \
4 -e POSTGRES_PASSWORD="6yhn*IK<" \
5 -v /opt/shared/data/postgis:/rocksolid/data \
6 postgis/postgis:16-3.5
7
8# Attach networks, IP: .6
9docker network connect rs_vlan postgis --ip 192.168.11.6
10docker network connect home_vlan postgis --ip 192.168.231.6
Redis Stack
1# Create container
2docker run -d \
3 --name redis \
4 -v /opt/shared/data/redis:/rocksolid/data \
5 redis/redis-stack:6.2.6-v9
6
7# Attach networks, IP: .7
8docker network connect rs_vlan redis --ip 192.168.11.7
9docker network connect home_vlan redis --ip 192.168.231.7
ActiveMQ
1docker run -d \
2 --name activemq \
3 -v /opt/shared/data/activemq:/rocksolid/data \
4 apache/activemq-classic:5.18.7
5
6# Attach networks, IP: .200
7docker network connect rs_vlan activemq --ip 192.168.11.200
8docker network connect home_vlan activemq --ip 192.168.231.200
ActiveMQ Ports
- ActiveMQ WebConsole on
8161- ActiveMQ JMX MBean server on
1099- ActiveMQ tcp connector on
61616- ActiveMQ AMQP connector on
5672- ActiveMQ STOMP connector on
61613- ActiveMQ MQTT connector on
1883- ActiveMQ WS connector on
61614
ActiveMQ Environment Variables
| Environment Variable | Description |
|---|---|
ACTIVEMQ_CONNECTION_USER | Username to access transport connector on the broker (JMS, …). If not set, no user and password are required |
ACTIVEMQ_CONNECTION_PASSWORD | Password to access transport connector on the broker (JMS, …). It should be used with ACTIVEMQ_CONNECTION_USER. |
ACTIVEMQ_JMX_USER | Username to access the JMX MBean server of the broker. If set, ActiveMQ accepts remote JMX connection, else, only local connection are allowed. |
ACTIVEMQ_JMX_PASSWORD | Password to access the JMX MBean server of the broker. It should be used with ACTIVEMQ_JMX_USER/ |
ACTIVEMQ_WEB_USER | Username to access the ActiveMQ WebConsole. |
ACTIVEMQ_WEB_PASSWORD | Password to access the ActiveMQ WebConsole. |
Minio
1docker run -d \
2 --name minio \
3 -e MINIO_ROOT_USER="root" \
4 -e MINIO_ROOT_PASSWORD="6yhn*IK<" \
5 -v /opt/shared/data/minio:/rocksolid/data \
6 minio/minio:RELEASE.2025-04-03T14-56-28Z server /data --console-address ":80"
7
8# Attach networks, IP: .20
9docker network connect rs_vlan minio --ip 192.168.11.20
10docker network connect home_vlan minio --ip 192.168.231.20
2.3. ML Service Container(s) Setup
Jupyterlab Based On Micromamba
Dockerfile-micromamba
1# Base micromamba image
2FROM mambaorg/micromamba:2.0.8-cuda12.2.2-ubuntu22.04
3
4ARG ROCKSOLID_USER=rocksolid
5ARG ROCKSOLID_UID=1000
6ARG ROCKSOLID_GID=100
7
8USER root
9
10RUN usermod "--login=${ROCKSOLID_USER}" "--home=/home/${ROCKSOLID_USER}" --move-home "-u ${ROCKSOLID_UID}" "${MAMBA_USER}" && \
11 groupmod "--new-name=${ROCKSOLID_USER}" --non-unique "-g ${ROCKSOLID_GID}" "${MAMBA_USER}" && \
12 # Update the expected value of MAMBA_USER for the
13 # _entrypoint.sh consistency check.
14 echo "${ROCKSOLID_USER}" > "/etc/arg_mamba_user" && \
15 :
16ENV MAMBA_USER=$ROCKSOLID_USER
17ENV USER=$ROCKSOLID_USER
18
19RUN apt-get update && apt-get upgrade -y && \
20 apt-get install -y --no-install-recommends sudo wget curl unzip git build-essential nano less ssh openssh-server net-tools iputils-ping && \
21 # We just install tzdata below but leave default time zone as UTC. This helps packages like Pandas to function correctly.
22 DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends tzdata krb5-user libkrb5-dev libsasl2-dev libsasl2-modules && \
23 chmod g+w /etc/passwd && \
24 echo "ALL ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers && \
25 touch /etc/krb5.conf.lock && chown ${ROCKSOLID_USER}:${MAMBA_USER} /etc/krb5.conf* && \
26 apt clean
27
28USER $MAMBA_USER
29
30WORKDIR "/home/${ROCKSOLID_USER}"
31
32COPY global-gitconfig /home/${ROCKSOLID_USER}/.gitconfig
33
34ENV SHELL=/bin/bash
35ENV EDITOR="nano"
Build Command
1# Execute the command in the directory where the "Dockerfile-micromamba" file is located.
2docker build -t rocksolid/micromamba:2.0.8-cuda12.2.2-ubuntu22.04 -f ./Dockerfile-micromamba .
Startup Container
1# Below container(s) also belong to the rs_vlan(Docker IP-VLAN Level 3);
2# The volume "python" will be used to share storage data files between these containers;
3# Example for Python 3.10 environment including jupyter-lab, which is service at port 80.
4docker run -d \
5 --name py310-micromamba \
6 -v /opt/shared/data/python:/rocksolid/data \
7 rocksolid/micromamba:2.0.8-cuda12.2.2-ubuntu22.04 /bin/bash -c "\
8 micromamba install -y -n base -c conda-forge \
9 python=3.10 \
10 jupyterlab \
11 ipywidgets \
12 jupyterlab-lsp \
13 python-lsp-server && \
14 jupyter-lab --notebook-dir /home/rocksolid \
15 --no-browser \
16 --ip=0.0.0.0 \
17 --port=80"
18
19# Attach networks, IP: .100
20docker network connect rs_vlan py310-micromamba --ip 192.168.11.100
21docker network connect home_vlan py310-micromamba --ip 192.168.231.100
22
23# Example for Python 3.12 environment including jupyter-lab, which is service at port 80.
24docker run -d \
25 --name py312-micromamba \
26 -v /opt/shared/data/python:/rocksolid/data \
27 rocksolid/micromamba:2.0.8-cuda12.2.2-ubuntu22.04 /bin/bash -c "\
28 micromamba install -y -n base -c conda-forge \
29 python=3.12 \
30 jupyterlab \
31 ipywidgets \
32 jupyterlab-lsp \
33 python-lsp-server && \
34 jupyter-lab --notebook-dir /home/rocksolid \
35 --no-browser \
36 --ip=0.0.0.0 \
37 --port=80"
38
39# Attach networks, IP: .101
40docker network connect rs_vlan py312-micromamba --ip 192.168.11.101
41docker network connect home_vlan py312-micromamba --ip 192.168.231.101
MLflow Service
1docker run -d \
2 --name mlflow \
3 -v /opt/shared/data/mlflow:/rocksolid/data \
4 ghcr.io/mlflow/mlflow:v2.21.3 mlflow server --host 0.0.0.0 --port 80
5
6# Attach networks, IP: .253
7docker network connect rs_vlan mlflow --ip 192.168.11.253
8docker network connect home_vlan mlflow --ip 192.168.231.253
2.4. LLM & Knowledge Base Service Container(s) Setup (TODO)
2.5. Remote Development Container(s) Setup (TODO)
作者|Author: RockSolid
发表日期|Publish Date: Mar 7, 2025
修改日期|Modified Date: Mar 7, 2025
版权许可|Copyright License: CC BY-NC-ND 3.0 CN