gmakstutis/LightRAG
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
LightRAG/starter/README.md
Raphaël MANSUY cf75f71291 ci: fix lint/pre-commit issues and apply autoformat
2025-12-05 14:31:13 +08:00

510 lines
16 KiB
Markdown
Raw Blame History

# LightRAG Multi-Tenant Stack with PostgreSQL
A complete, production-ready multi-tenant RAG (Retrieval-Augmented Generation) system using LightRAG with PostgreSQL as the backend.
## 🚀 Quick Start
```bash
# 1. Initialize environment (first time only)
make setup
# 2. Start all services
make up
# 3. Initialize database schema
make init-db
# 4. View service status
make status
# 5. Access the application
# WebUI: http://localhost:3001
# API Server: http://localhost:8000
# API Docs: http://localhost:8000/docs
## 🔐 Demo credentials (local/dev only)
Use the following defaults when running the stack locally for demonstrations or testing. These come from `starter/env.example` — change them in `.env` for any shared or production deployments.
```
User: lightrag
Password: lightrag_secure_password
Database: lightrag_multitenant
Host: postgres (inside Docker)
Port: 5432 (internal-only; not forwarded to localhost by default)
```
⚠️ Note: These credentials are for development/demos only. Always pick strong, unique passwords for production and avoid committing secrets to source control.
```
## 📋 System Architecture
```
┌─────────────────────────────────────────────────────────────────┐
│ LightRAG Multi-Tenant Stack │
├─────────────────────────────────────────────────────────────────┤
│ │
│ ┌──────────────────────────────────────────────────────────┐ │
│ │ Web UI (React) │ │
│ │ http://localhost:3001 │ │
│ └────────────────────┬─────────────────────────────────────┘ │
│ │ │
│ ┌────────────────────▼─────────────────────────────────────┐ │
│ │ LightRAG API Server (FastAPI) │ │
│ │ http://localhost:8000 │ │
│ │ │ │
│ │ Multi-Tenant Context: (tenant_id, kb_id) │ │
│ │ - Enforces data isolation at API level │ │
│ │ - Routes queries to appropriate backends │ │
│ │ - Manages document processing │ │
│ └────────────────────┬────────────────────────────────────┘ │
│ │ │
│ ┌───────────────┼───────────────┐ │
│ │ │ │ │
│ ┌────▼──────┐ ┌─────▼──────┐ ┌────▼──────┐ │
│ │ PostgreSQL│ │ Redis │ │ Embedding│ │
│ │ Storage │ │ Cache │ │ Service │ │
│ │ │ │ │ │ (Ollama) │ │
│ │ - KV │ │ LLM cache │ │ │ │
│ │ - Documents│ │ Session │ │ bge-m3 │ │
│ │ - Entities│ │ Temporary │ │ │ │
│ │ - Relations│ │ Data │ │ │ │
│ │ - Vectors │ │ │ │ │ │
│ └───────────┘ └────────────┘ └───────────┘ │
│ │
└─────────────────────────────────────────────────────────────────┘
```
## 🎯 Key Features
### Multi-Tenant Data Isolation
- **Composite Key Pattern**: Each resource identified by `(tenant_id, kb_id, resource_id)`
- **Database-Level Enforcement**: Queries automatically scoped to tenant/KB
- **Cross-Tenant Access Prevention**: Impossible to retrieve data from other tenants
- **Complete Isolation**: Works across all 10 storage backends
### Storage Architecture
- **PostgreSQL**: Primary storage with pgvector extension
- Key-Value storage (PGKVStorage)
- Document metadata (PGDocStatusStorage)
- Knowledge graph (PGGraphStorage)
- Vector embeddings (PGVectorStorage)
- **Redis**: Caching and session management
- **Embedding Service**: Ollama (configurable to OpenAI, Jina, etc.)
### Supported Tenants & Knowledge Bases
Default sample data (automatically created):
```
Tenant: 595ea68b-0f3a-4dbe-8a86-9276a1bbd10c
└─ kb-prod (Production KB)
└─ kb-dev (Development KB)
Tenant: 44bf3e0d-d633-4dea-9b74-3e24140cd7e3
└─ kb-main (Main KB)
└─ kb-backup (Backup KB)
```
## 📖 Makefile Commands
### Setup & Configuration
```bash
make help # Show all available commands
make setup # Initialize .env file (first time only)
make init-db # Initialize PostgreSQL database schema
```
### Service Control
```bash
make up # Start all services
make down # Stop all services
make restart # Restart all services
make logs # Stream logs from all services
make logs-api # Stream logs from API only
make logs-db # Stream logs from PostgreSQL only
make logs-webui # Stream logs from WebUI only
make status # Show status of all running services
```
### Database Management
```bash
make db-shell # Connect to PostgreSQL interactive shell
make db-backup # Create database backup
make db-restore # Restore from latest backup
make db-reset # Delete and reinitialize database (⚠️ WARNING)
```
### Health & Testing
```bash
make api-health # Check API health status
make test # Run multi-tenant tests
make test-isolation # Run tenant isolation tests
```
### Cleanup & Maintenance
```bash
make clean # Remove stopped containers and dangling images
make reset # Full system reset (⚠️ WARNING: deletes all data)
make prune # Prune unused Docker resources
```
## 🔧 Configuration
### Environment Variables
Edit `.env` file to configure:
```bash
# LLM Provider (OpenAI, Ollama, Azure, etc.)
LLM_BINDING=openai
LLM_MODEL=gpt-4o
LLM_BINDING_API_KEY=your_api_key_here
# Embedding Service
EMBEDDING_BINDING=ollama
EMBEDDING_MODEL=bge-m3:latest
EMBEDDING_BINDING_HOST=http://localhost:11434
# Database Credentials
POSTGRES_USER=lightrag
POSTGRES_PASSWORD=lightrag_secure_password
# Multi-Tenant Settings
DEFAULT_TENANT=default
DEFAULT_KB=default
# See env.template.example for all available options
```
## 🔐 Security & Multi-Tenant Isolation
### Isolation Guarantees
1. **Database-Level Filtering**: Every query includes `tenant_id` and `kb_id` constraints
2. **Composite Key Constraints**: Prevents accidental ID collisions between tenants
3. **No Application-Level Trust**: Storage layer enforces isolation even if app code has bugs
4. **Audit Trail**: All operations include tenant context for traceability
### Best Practices
**DO:**
- Always pass tenant context to every operation
- Use support module helpers for queries
- Create composite indexes on (tenant_id, kb_id, ...)
- Validate tenant context early in request pipeline
- Log all tenant-related operations
**DON'T:**
- Query without tenant filtering
- Hardcode tenant IDs in application code
- Assume application code enforces isolation
- Skip index creation after migration
- Mix tenants in a single transaction
## 📋 Service Endpoints
| Service | URL | Purpose |
|---------|-----|---------|
| **WebUI** | `http://localhost:3001` | Interactive frontend for document upload, KB visualization, queries |
| **API Server** | `http://localhost:8000` | RESTful API for programmatic access |
| **PostgreSQL** | `internal-only (container network)` | Database backend (not exposed to host by default) |
| **Redis** | `localhost:6379` | Cache backend (internal only) |
| **Health Check** | `http://localhost:8000/health` | API health status |
## 🧪 Testing Multi-Tenant Features
### Run All Multi-Tenant Tests
```bash
make test
```
### Run Specific Test Suites
```bash
# Test tenant isolation
make test-isolation
# Test PostgreSQL backend
pytest tests/test_multi_tenant_backends.py::TestPostgreSQLTenantSupport -v
# Test data integrity
pytest tests/test_multi_tenant_backends.py::TestDataIntegrity -v
```
### Manual Testing
1. **Create document for tenant "595ea68b-0f3a-4dbe-8a86-9276a1bbd10c"**:
```bash
curl -X POST http://localhost:8000/api/v1/insert \
-H "Content-Type: application/json" \
-H "X-Tenant-Id: 595ea68b-0f3a-4dbe-8a86-9276a1bbd10c" \
-H "X-KB-Id: kb-prod" \
-d '{"document": "Sample document"}'
```
2. **Query as "595ea68b-0f3a-4dbe-8a86-9276a1bbd10c"**:
```bash
curl "http://localhost:8000/api/v1/query" \
-H "X-Tenant-Id: 595ea68b-0f3a-4dbe-8a86-9276a1bbd10c" \
-H "X-KB-Id: kb-prod" \
-G --data-urlencode "param=test"
```
3. **Verify isolation** - query with different tenant:
```bash
curl "http://localhost:8000/api/v1/query" \
-H "X-Tenant-Id: 44bf3e0d-d633-4dea-9b74-3e24140cd7e3" \
-H "X-KB-Id: kb-main" \
-G --data-urlencode "param=test"
# Should return different or empty results
```
## 📦 Docker Services
### PostgreSQL (pgvector/pgvector:pg15-latest)
- **Purpose**: Primary data storage with vector support
- **Volume**: `postgres_data` (persists database files)
- **Port**: 5432 (internal), configurable via `POSTGRES_PORT`
- **Health Check**: Every 10 seconds
### Redis (redis:7-alpine)
- **Purpose**: Caching, sessions, temporary data
- **Volume**: `redis_data` (persists snapshot)
- **Port**: 6379 (internal), configurable via `REDIS_PORT`
- **Health Check**: Every 10 seconds
### LightRAG API
- **Port**: 8621 (internal), 8000 (external/host)
- **Volume**: `./data/*` (documents, storage, tiktoken cache)
- **Dependencies**: PostgreSQL, Redis
- **Health Check**: Every 30 seconds
- **Resources**: Limited to 2 CPUs / 4GB RAM
### Web UI
- **Port**: 3000 (internal), 3001 (external/host)
- **Framework**: React + Vite
- **Dependencies**: LightRAG API
- **Health Check**: Every 30 seconds
## 🐛 Troubleshooting
### Services not starting?
```bash
# Check service status
make status
# View detailed logs
make logs
# Check specific service
make logs-api
```
### Database connection error?
```bash
# Verify database is ready
make api-health
# Check PostgreSQL directly
make db-shell
# Reinitialize database
make db-reset
```
### API responding slowly?
```bash
# Check resource usage
docker stats lightrag-api
# View API logs for errors
make logs-api
# Restart API service
docker compose -p lightrag-multitenant restart lightrag-api
```
### Data isolation issues?
```bash
# Check tenant context in logs
make logs | grep -i tenant
# Verify database schema
make db-shell
# \dt (list tables)
# \di (list indexes)
```
## 📂 Directory Structure
```
starter/
├── Makefile # Main command interface
├── docker-compose.yml # Docker services definition
├── env.template.example # Environment variables template
├── init-postgres.sql # PostgreSQL initialization (optional)
├── README.md # This file
├── data/
│ ├── inputs/ # Document input directory
│ ├── rag_storage/ # LightRAG storage
│ └── tiktoken/ # Tiktoken cache
└── backups/ # Database backups (created by make db-backup)
```
## 🔄 Data Migration
### Backup Database
```bash
make db-backup
# Backs up to: ./backups/lightrag_backup_YYYYMMDD_HHMMSS.sql
```
### Restore Database
```bash
make db-restore
# Restores from latest backup in ./backups/
```
### Export Data for Another Tenant
```bash
# Export
make db-shell
\COPY (SELECT * FROM documents WHERE tenant_id='acme-corp') TO 'acme-corp-export.csv' CSV HEADER;
\q
# Import
make db-shell
\COPY documents FROM 'acme-corp-export.csv' CSV HEADER;
\q
```
## 🚀 Production Deployment
For production deployments:
1. **Use strong passwords**: Update `POSTGRES_PASSWORD` and `REDIS_PASSWORD`
2. **Enable SSL**: Uncomment SSL configuration in `.env`
3. **Use external LLM provider**: Configure production API keys
4. **Set up monitoring**: Monitor logs and health endpoints
5. **Regular backups**: Schedule `make db-backup` via cron
6. **Resource limits**: Adjust resource limits in docker-compose.yml
7. **Network isolation**: Use only internal networks, expose via proxy
## 📝 API Usage Examples
### Using Multi-Tenant Context
```python
import requests
BASE_URL = "http://localhost:8000"
# Headers with tenant context
headers = {
"X-Tenant-Id": "acme-corp",
"X-KB-Id": "kb-prod",
"Content-Type": "application/json"
}
# Insert document
response = requests.post(
f"{BASE_URL}/api/v1/insert",
headers=headers,
json={"document": "Company policy document"}
)
# Query with tenant isolation
response = requests.get(
f"{BASE_URL}/api/v1/query",
headers=headers,
params={"param": "policy"},
params={"top_k": 5}
)
# Results are automatically isolated to acme-corp/kb-prod
print(response.json())
```
### Python SDK Example
```python
from lightrag import LightRAG
# Initialize with tenant context
rag = LightRAG(
tenant_id="acme-corp",
kb_id="kb-prod",
storage_type="PostgreSQL",
llm_model_name="gpt-4o",
embedding_model_name="bge-m3:latest"
)
# Insert document (automatically scoped to tenant/kb)
rag.insert("Company documentation", source="internal")
# Query (automatically scoped to tenant/kb)
results = rag.query("What is the company policy?")
print(results)
```
## 📚 Documentation References
- **Multi-Tenant Architecture**: See `docs/0001-multi-tenant-architecture.md`
- **LightRAG Documentation**: https://github.com/HKUDS/LightRAG
- **PostgreSQL Vector Extension**: https://github.com/pgvector/pgvector
- **Docker Compose Documentation**: https://docs.docker.com/compose/
## 🆘 Support & Issues
### Common Issues
**Q: Port already in use?**
```bash
# Change port in .env
WEBUI_PORT=3001
API_PORT=9622
POSTGRES_PORT=5433
```
**Q: Out of memory?**
```bash
# Reduce resource limits in docker-compose.yml or adjust system resources
```
**Q: API not responding?**
```bash
# Check if services are running
make ps
# View logs
make logs
# Restart services
make down && make up
```
**Q: Database errors?**
```bash
# Connect to database shell
make db-shell
# Check table structure
\d documents
# Check indexes
\di
```
## 📄 License
LightRAG is licensed under MIT License. See LICENSE file for details.
## 🙋 Contributing
Contributions are welcome! Please refer to the main LightRAG repository for contribution guidelines.
---
**Last Updated**: November 20, 2025
**Status**: Production Ready
**Version**: 1.0
For more information about multi-tenant features, see the architecture documentation in `docs/0001-multi-tenant-architecture.md`
Reference in a new issue View git blame Copy permalink