-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dockerized chroma arguments customization #1658
Dockerized chroma arguments customization #1658
Conversation
Reviewer ChecklistPlease leverage this checklist to ensure your code review is thorough before approving Testing, Bugs, Errors, Logs, Documentation
System Compatibility
Quality
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good -- I agree with Hammad that we should leave the ports in docker-compose.yml
as 8000
. I suspect that's the reason for the failing tests too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey @MrZoidberg, thanks for this PR, but we need to step back and think through some of the ramifications of doing the suggested changes.
bin/docker_entrypoint.sh
Outdated
export IS_PERSISTENT=1 | ||
export CHROMA_SERVER_NOFILE=65535 | ||
exec uvicorn chromadb.app:app --workers 1 --host 0.0.0.0 --port 8000 --proxy-headers --log-config chromadb/log_config.yml --timeout-keep-alive 30 | ||
echo "Starting server with args: ${@}" | ||
exec uvicorn chromadb.app:app ${@} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@MrZoidberg, I don't think we should proceed with this change. The main reason for this is that not having sensible defaults (which by the way can be exposed via ENV vars), will result in a broken docker image where people will not be able to do:
docker run -d --rm --name chromadb -p 8000:8000 chromadb/chroma:latest
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ENTRYPOINT is the process that's executed inside the container. CMD is the default set of arguments that are supplied to the ENTRYPOINT process.
By stripping executable out of CMD I think you're making container a bit more secure as it's harder to ovveride executable.
I made this change because in the current Chroma docker you CANNOT override the port easily.
With this change both commands works (build with docker build -t server .
):
docker run -it --rm --name chromadb -p 8000:8000 server
--> results in chroma running on port 8000docker run -it --rm --name chromadb -p 8002:8002 server --workers 1 --host 0.0.0.0 --port 8002 --proxy-headers --log-config chromadb/log_config.yml --timeout-keep-alive 30
--> results in chroma running on port 80002
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can revert this change if that's the preference, so the default CMD
in Dockerfile
would be uvicorn chromadb.app:app --workers 1 --host 0.0.0.0 --port 8000 --proxy-headers --log-config chromadb/log_config.yml --timeout-keep-alive 30
and in docker_entrypoint.sh
line 10 would be exec ${@}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@MrZoidberg, thanks for the explanation. I think reconfigurability is important to accommodate more use cases like yours. Security is also important. Overall, I agree with your reasoning on this. Do you think it merits investigating env vars instead of actual unicorn params? Or perhaps a mix of both.
Here's my reasoning on this:
- Exposing uvicorn params is great for power users who know their stuff, but not so great for users who don't necessarily know a thing about uvicorn, and they shouldn't be forced to learn it to be able to configure a port
- Exposing env vars for common config params, great for less advanced users, limiting for users that want more control over uvicorn
Conclusion - let's meet in the middle - env vars in the Dockerfile
with sensible defaults. Those same vars can be added to the default CMD
wdyt?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@tazarov it this something you described?
note: expose doesn't do anything and to my knowledge can't be set dynamically other than using build-time ARG.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ENV only sets sensible defaults. If the user sets -e CHROMA_HOST_PORT=8002
, then the ENV will be overwritten by whatever the user sets.
Your suggestion is spot on with what I was thinking.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok will check to make sure it's working with defaults and custom values
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done with updates
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@MrZoidberg, thank you for all the efforts and for sticking with me through this. I think the PR looks excellent and serves your and, I hope, countless other users' use cases without compromising on usability and security and not negatively impacting existing DX.
@beggers have a look, but I think this is good to go after the tests pass.
@tazarov I roll-backed |
@MrZoidberg, the test are failing as the new Docker image does not expect uvicorn command but only params: Can you also update those two files, to align with the
|
@tazarov done |
@MrZoidberg, thank you. I still feel uneasy about whether the changes in Docker can cause troubles for user deployments. Here is my reasoning: Today, Chroma is used across 100s of thousands of deployments varying from public to private. It is not unreasonable to think that some of those deployments will have their own docker-compose files with the So, let's step back for a second and re-evaluate. I have this idea to keep the backward compatibility; We can check if the first argument passed to The test result would be that running docker-compose with the new I would also suggest adding a deprecation warning in the event @MrZoidberg, what do you think? |
@tazarov a bit busy. I can do that surely. Plz note that currently custom CMD in docker-compose just don't work at all - that's the first I checked when I faced the problem with port. Will do this change in upcoming days. |
changed docker_entrypoint.sh to eval argument with env variables.
…that it should not be used.
d716ab6
to
bd0780a
Compare
This reverts commit a6c7488.
@tazarov hi, I've updated the docker entrypoint script to work with args that start with |
@MrZoidberg, thanks for all your patience and persistence with this. Let me run some local tests, and then I think we should be good to go. |
Test the following:
All seems to be working fine. The warning is raised as expected when |
Thanks. Waiting for the merge and gonna replace my custom-build image with the official one. |
Thank you @MrZoidberg! |
## Description of changes *Summarize the changes made by this PR.* - New functionality - Added an ability to customize the default arguments that are passed from `docker run` or `docker compose` `command` field to `uvicorn chromadb.app:app`. I needed it to be able to customize the port because in certain scenarios it cannot be change (i.e. ECS where internal port is proxies as is). The default arguments are not changed: `--workers 1 --host 0.0.0.0 --port 8000 --proxy-headers --log-config chromadb/log_config.yml --timeout-keep-alive 30` - Added ENV variables for basic customization with default values: ``` CHROMA_HOST_ADDR="0.0.0.0" CHROMA_HOST_PORT=8000 CHROMA_WORKERS=1 CHROMA_LOG_CONFIG="chromadb/log_config.yml" CHROMA_TIMEOUT_KEEP_ALIVE=30 ``` ## Test plan *How are these changes tested?* - Tested locally using `docker build` and `docker run` commands - Tested customization in `docker-compose` - now it works as expected. ## Documentation Changes *Are all docstrings for user-facing APIs updated if required? Do we need to make documentation changes in the [docs repository](https://github.com/chroma-core/docs)?* TODO: Deployment docs needs to be updated to cover container arguments customization.
Description of changes
Summarize the changes made by this PR.
docker run
ordocker compose
command
field touvicorn chromadb.app:app
. I needed it to be able to customize the port because in certain scenarios it cannot be change (i.e. ECS where internal port is proxies as is). The default arguments are not changed:--workers 1 --host 0.0.0.0 --port 8000 --proxy-headers --log-config chromadb/log_config.yml --timeout-keep-alive 30
Test plan
How are these changes tested?
docker build
anddocker run
commandsdocker-compose
- now it works as expected.Documentation Changes
Are all docstrings for user-facing APIs updated if required? Do we need to make documentation changes in the docs repository?
TODO: Deployment docs needs to be updated to cover container arguments customization.