gmakstutis/openrag
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

merge fix

Browse source
This commit is contained in:
cristhianzl 2025-09-04 11:50:18 -03:00
commit 0db67b8c6a
8 changed files with 198 additions and 115 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
.env.example
View file

@ -4,8 +4,8 @@ FLOW_ID=1098eea1-6649-4e1d-aed1-b77249fb8dd0
# container startup from this value. Do not commit real secrets. # container startup from this value. Do not commit real secrets.
OPENSEARCH_PASSWORD= OPENSEARCH_PASSWORD=
# make here https://console.cloud.google.com/apis/credentials # make here https://console.cloud.google.com/apis/credentials
GOOGLE_OAUTH_CLIENT_ID=287178119926-8t3co7hgnc5onv55k7hjv46qdcvbddfm.apps.googleusercontent.com GOOGLE_OAUTH_CLIENT_ID=
GOOGLE_OAUTH_CLIENT_SECRET=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 GOOGLE_OAUTH_CLIENT_SECRET=
# Azure app registration credentials for SharePoint/OneDrive # Azure app registration credentials for SharePoint/OneDrive
MICROSOFT_GRAPH_OAUTH_CLIENT_ID= MICROSOFT_GRAPH_OAUTH_CLIENT_ID=
MICROSOFT_GRAPH_OAUTH_CLIENT_SECRET= MICROSOFT_GRAPH_OAUTH_CLIENT_SECRET=
@ -20,6 +20,9 @@ AWS_SECRET_ACCESS_KEY=
# OPTIONAL url for openrag link to langflow in the UI # OPTIONAL url for openrag link to langflow in the UI
LANGFLOW_PUBLIC_URL= LANGFLOW_PUBLIC_URL=
# Change the AUTO_LOGIN=False in .env # Langflow auth
LANGFLOW_SUPERUSER=langflow LANGFLOW_AUTO_LOGIN=False
LANGFLOW_SUPERUSER_PASSWORD=langflow LANGFLOW_SUPERUSER=
LANGFLOW_SUPERUSER_PASSWORD=
LANGFLOW_NEW_USER_IS_ACTIVE=False
LANGFLOW_ENABLE_SUPERUSER_CLI=False

199
.github/workflows/build-multiarch.yml vendored
View file

@ -6,115 +6,126 @@ on:
jobs: jobs:
build: build:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- platform: linux/amd64 # backend
- image: backend
file: ./Dockerfile.backend
tag: phact/openrag-backend
platform: linux/amd64
arch: amd64
runs-on: ubuntu-latest runs-on: ubuntu-latest
arch-suffix: amd64 - image: backend
- platform: linux/arm64 file: ./Dockerfile.backend
runs-on: self-hosted tag: phact/openrag-backend
arch-suffix: arm64 platform: linux/arm64
arch: arm64
runs-on: self-hosted
# frontend
- image: frontend
file: ./Dockerfile.frontend
tag: phact/openrag-frontend
platform: linux/amd64
arch: amd64
runs-on: ubuntu-latest
- image: frontend
file: ./Dockerfile.frontend
tag: phact/openrag-frontend
platform: linux/arm64
arch: arm64
runs-on: self-hosted
# opensearch
- image: opensearch
file: ./Dockerfile
tag: phact/openrag-opensearch
platform: linux/amd64
arch: amd64
runs-on: ubuntu-latest
- image: opensearch
file: ./Dockerfile
tag: phact/openrag-opensearch
platform: linux/arm64
arch: arm64
runs-on: self-hosted
runs-on: ${{ matrix.runs-on }} runs-on: ${{ matrix.runs-on }}
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Extract version from pyproject.toml - name: Extract version from pyproject.toml
id: version id: version
run: | run: |
VERSION=$(grep '^version = ' pyproject.toml | cut -d '"' -f 2) VERSION=$(grep '^version = ' pyproject.toml | cut -d '"' -f 2)
echo "version=$VERSION" >> $GITHUB_OUTPUT echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "Version: $VERSION" echo "Version: $VERSION"
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub - name: Login to Docker Hub
if: github.event_name != 'pull_request' if: github.event_name != 'pull_request'
uses: docker/login-action@v3 uses: docker/login-action@v3
with: with:
username: ${{ secrets.DOCKER_USERNAME }} username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }} password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and push backend - name: Build and push ${{ matrix.image }} (${{ matrix.arch }})
uses: docker/build-push-action@v5 uses: docker/build-push-action@v5
with: with:
context: . context: .
file: ./Dockerfile.backend file: ${{ matrix.file }}
platforms: ${{ matrix.platform }} platforms: ${{ matrix.platform }}
push: ${{ github.event_name != 'pull_request' }} push: ${{ github.event_name != 'pull_request' }}
tags: phact/openrag-backend:${{ steps.version.outputs.version }}-${{ matrix.arch-suffix }} tags: ${{ matrix.tag }}:${{ steps.version.outputs.version }}-${{ matrix.arch }}
cache-from: type=gha cache-from: type=gha,scope=${{ matrix.image }}-${{ matrix.arch }}
cache-to: type=gha,mode=max cache-to: type=gha,mode=max,scope=${{ matrix.image }}-${{ matrix.arch }}
- name: Build and push frontend
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile.frontend
platforms: ${{ matrix.platform }}
push: ${{ github.event_name != 'pull_request' }}
tags: phact/openrag-frontend:${{ steps.version.outputs.version }}-${{ matrix.arch-suffix }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Build and push OpenSearch
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile
platforms: ${{ matrix.platform }}
push: ${{ github.event_name != 'pull_request' }}
tags: phact/openrag-opensearch:${{ steps.version.outputs.version }}-${{ matrix.arch-suffix }}
cache-from: type=gha
cache-to: type=gha,mode=max
manifest: manifest:
needs: build needs: build
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: github.event_name != 'pull_request' if: github.event_name != 'pull_request'
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Extract version from pyproject.toml - name: Extract version from pyproject.toml
id: version id: version
run: | run: |
VERSION=$(grep '^version = ' pyproject.toml | cut -d '"' -f 2) VERSION=$(grep '^version = ' pyproject.toml | cut -d '"' -f 2)
echo "version=$VERSION" >> $GITHUB_OUTPUT echo "version=$VERSION" >> $GITHUB_OUTPUT
- name: Login to Docker Hub - name: Login to Docker Hub
uses: docker/login-action@v3 uses: docker/login-action@v3
with: with:
username: ${{ secrets.DOCKER_USERNAME }} username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }} password: ${{ secrets.DOCKER_PASSWORD }}
- name: Create and push multi-arch manifests - name: Create and push multi-arch manifests
run: | run: |
VERSION=${{ steps.version.outputs.version }} VERSION=${{ steps.version.outputs.version }}
# Backend manifest docker buildx imagetools create -t phact/openrag-backend:$VERSION \
docker buildx imagetools create -t phact/openrag-backend:$VERSION \ phact/openrag-backend:$VERSION-amd64 \
phact/openrag-backend:$VERSION-amd64 \ phact/openrag-backend:$VERSION-arm64
phact/openrag-backend:$VERSION-arm64 docker buildx imagetools create -t phact/openrag-backend:latest \
docker buildx imagetools create -t phact/openrag-backend:latest \ phact/openrag-backend:$VERSION-amd64 \
phact/openrag-backend:$VERSION-amd64 \ phact/openrag-backend:$VERSION-arm64
phact/openrag-backend:$VERSION-arm64
docker buildx imagetools create -t phact/openrag-frontend:$VERSION \
# Frontend manifest phact/openrag-frontend:$VERSION-amd64 \
docker buildx imagetools create -t phact/openrag-frontend:$VERSION \ phact/openrag-frontend:$VERSION-arm64
phact/openrag-frontend:$VERSION-amd64 \ docker buildx imagetools create -t phact/openrag-frontend:latest \
phact/openrag-frontend:$VERSION-arm64 phact/openrag-frontend:$VERSION-amd64 \
docker buildx imagetools create -t phact/openrag-frontend:latest \ phact/openrag-frontend:$VERSION-arm64
phact/openrag-frontend:$VERSION-amd64 \
phact/openrag-frontend:$VERSION-arm64 docker buildx imagetools create -t phact/openrag-opensearch:$VERSION \
phact/openrag-opensearch:$VERSION-amd64 \
# OpenSearch manifest phact/openrag-opensearch:$VERSION-arm64
docker buildx imagetools create -t phact/openrag-opensearch:$VERSION \ docker buildx imagetools create -t phact/openrag-opensearch:latest \
phact/openrag-opensearch:$VERSION-amd64 \ phact/openrag-opensearch:$VERSION-amd64 \
phact/openrag-opensearch:$VERSION-arm64 phact/openrag-opensearch:$VERSION-arm64
docker buildx imagetools create -t phact/openrag-opensearch:latest \
phact/openrag-opensearch:$VERSION-amd64 \
phact/openrag-opensearch:$VERSION-arm64

9
Dockerfile
View file

@ -33,6 +33,10 @@ RUN echo "asprof \$@" >> /usr/share/opensearch/profile.sh
RUN chmod 777 /usr/share/opensearch/profile.sh RUN chmod 777 /usr/share/opensearch/profile.sh
# Copy OIDC and DLS security configuration (as root)
COPY securityconfig/ /usr/share/opensearch/securityconfig/
RUN chown -R opensearch:opensearch /usr/share/opensearch/securityconfig/
USER opensearch USER opensearch
RUN opensearch-plugin remove opensearch-neural-search RUN opensearch-plugin remove opensearch-neural-search
@ -46,16 +50,13 @@ RUN echo y | opensearch-plugin install repository-gcs
RUN echo y | opensearch-plugin install repository-azure RUN echo y | opensearch-plugin install repository-azure
RUN echo y | opensearch-plugin install repository-s3 RUN echo y | opensearch-plugin install repository-s3
# Copy OIDC and DLS security configuration
COPY securityconfig/ /usr/share/opensearch/securityconfig/
# Create a script to apply security configuration after OpenSearch starts # Create a script to apply security configuration after OpenSearch starts
RUN echo '#!/bin/bash' > /usr/share/opensearch/setup-security.sh && \ RUN echo '#!/bin/bash' > /usr/share/opensearch/setup-security.sh && \
echo 'echo "Waiting for OpenSearch to start..."' >> /usr/share/opensearch/setup-security.sh && \ echo 'echo "Waiting for OpenSearch to start..."' >> /usr/share/opensearch/setup-security.sh && \
echo 'until curl -s -k -u admin:${OPENSEARCH_INITIAL_ADMIN_PASSWORD} https://localhost:9200; do sleep 1; done' >> /usr/share/opensearch/setup-security.sh && \ echo 'until curl -s -k -u admin:${OPENSEARCH_INITIAL_ADMIN_PASSWORD} https://localhost:9200; do sleep 1; done' >> /usr/share/opensearch/setup-security.sh && \
echo 'echo "Generating admin hash from OPENSEARCH_INITIAL_ADMIN_PASSWORD..."' >> /usr/share/opensearch/setup-security.sh && \ echo 'echo "Generating admin hash from OPENSEARCH_INITIAL_ADMIN_PASSWORD..."' >> /usr/share/opensearch/setup-security.sh && \
echo 'if [ -z "${OPENSEARCH_INITIAL_ADMIN_PASSWORD}" ]; then echo "[ERROR] OPENSEARCH_INITIAL_ADMIN_PASSWORD not set"; exit 1; fi' >> /usr/share/opensearch/setup-security.sh && \ echo 'if [ -z "${OPENSEARCH_INITIAL_ADMIN_PASSWORD}" ]; then echo "[ERROR] OPENSEARCH_INITIAL_ADMIN_PASSWORD not set"; exit 1; fi' >> /usr/share/opensearch/setup-security.sh && \
echo 'HASH=$(/usr/share/opensearch/plugins/opensearch-security/tools/hash.sh -p "${OPENSEARCH_INITIAL_ADMIN_PASSWORD}" | sed -n '\''s/^hash: //p'\'')' >> /usr/share/opensearch/setup-security.sh && \ echo 'HASH=$(/usr/share/opensearch/plugins/opensearch-security/tools/hash.sh -p "${OPENSEARCH_INITIAL_ADMIN_PASSWORD}")' >> /usr/share/opensearch/setup-security.sh && \
echo 'if [ -z "$HASH" ]; then echo "[ERROR] Failed to generate admin hash"; exit 1; fi' >> /usr/share/opensearch/setup-security.sh && \ echo 'if [ -z "$HASH" ]; then echo "[ERROR] Failed to generate admin hash"; exit 1; fi' >> /usr/share/opensearch/setup-security.sh && \
echo 'sed -i "s|^ hash: \".*\"| hash: \"$HASH\"|" /usr/share/opensearch/securityconfig/internal_users.yml' >> /usr/share/opensearch/setup-security.sh && \ echo 'sed -i "s|^ hash: \".*\"| hash: \"$HASH\"|" /usr/share/opensearch/securityconfig/internal_users.yml' >> /usr/share/opensearch/setup-security.sh && \
echo 'echo "Updated internal_users.yml with runtime-generated admin hash"' >> /usr/share/opensearch/setup-security.sh && \ echo 'echo "Updated internal_users.yml with runtime-generated admin hash"' >> /usr/share/opensearch/setup-security.sh && \

2
docker-compose-cpu.yml
View file

@ -101,3 +101,5 @@ services:
- LANGFLOW_AUTO_LOGIN=${LANGFLOW_AUTO_LOGIN} - LANGFLOW_AUTO_LOGIN=${LANGFLOW_AUTO_LOGIN}
- LANGFLOW_SUPERUSER=${LANGFLOW_SUPERUSER} - LANGFLOW_SUPERUSER=${LANGFLOW_SUPERUSER}
- LANGFLOW_SUPERUSER_PASSWORD=${LANGFLOW_SUPERUSER_PASSWORD} - LANGFLOW_SUPERUSER_PASSWORD=${LANGFLOW_SUPERUSER_PASSWORD}
- LANGFLOW_NEW_USER_IS_ACTIVE=${LANGFLOW_NEW_USER_IS_ACTIVE}
- LANGFLOW_ENABLE_SUPERUSER_CLI=${LANGFLOW_ENABLE_SUPERUSER_CLI}

2
docker-compose.yml
View file

@ -102,3 +102,5 @@ services:
- LANGFLOW_AUTO_LOGIN=${LANGFLOW_AUTO_LOGIN} - LANGFLOW_AUTO_LOGIN=${LANGFLOW_AUTO_LOGIN}
- LANGFLOW_SUPERUSER=${LANGFLOW_SUPERUSER} - LANGFLOW_SUPERUSER=${LANGFLOW_SUPERUSER}
- LANGFLOW_SUPERUSER_PASSWORD=${LANGFLOW_SUPERUSER_PASSWORD} - LANGFLOW_SUPERUSER_PASSWORD=${LANGFLOW_SUPERUSER_PASSWORD}
- LANGFLOW_NEW_USER_IS_ACTIVE=${LANGFLOW_NEW_USER_IS_ACTIVE}
- LANGFLOW_ENABLE_SUPERUSER_CLI=${LANGFLOW_ENABLE_SUPERUSER_CLI}

15
src/tui/managers/env_manager.py
View file

@ -40,6 +40,11 @@ class EnvConfig:
aws_secret_access_key: str = "" aws_secret_access_key: str = ""
langflow_public_url: str = "" langflow_public_url: str = ""
# Langflow auth settings
langflow_auto_login: str = "False"
langflow_new_user_is_active: str = "False"
langflow_enable_superuser_cli: str = "False"
# Document paths (comma-separated) # Document paths (comma-separated)
openrag_documents_paths: str = "./documents" openrag_documents_paths: str = "./documents"
@ -98,6 +103,9 @@ class EnvManager:
'AWS_SECRET_ACCESS_KEY': 'aws_secret_access_key', 'AWS_SECRET_ACCESS_KEY': 'aws_secret_access_key',
'LANGFLOW_PUBLIC_URL': 'langflow_public_url', 'LANGFLOW_PUBLIC_URL': 'langflow_public_url',
'OPENRAG_DOCUMENTS_PATHS': 'openrag_documents_paths', 'OPENRAG_DOCUMENTS_PATHS': 'openrag_documents_paths',
'LANGFLOW_AUTO_LOGIN': 'langflow_auto_login',
'LANGFLOW_NEW_USER_IS_ACTIVE': 'langflow_new_user_is_active',
'LANGFLOW_ENABLE_SUPERUSER_CLI': 'langflow_enable_superuser_cli',
} }
if key in attr_map: if key in attr_map:
@ -193,6 +201,13 @@ class EnvManager:
f.write(f"OPENRAG_DOCUMENTS_PATHS={self.config.openrag_documents_paths}\n") f.write(f"OPENRAG_DOCUMENTS_PATHS={self.config.openrag_documents_paths}\n")
f.write("\n") f.write("\n")
# Langflow auth settings
f.write("# Langflow auth settings\n")
f.write(f"LANGFLOW_AUTO_LOGIN={self.config.langflow_auto_login}\n")
f.write(f"LANGFLOW_NEW_USER_IS_ACTIVE={self.config.langflow_new_user_is_active}\n")
f.write(f"LANGFLOW_ENABLE_SUPERUSER_CLI={self.config.langflow_enable_superuser_cli}\n")
f.write("\n")
# OAuth settings # OAuth settings
if self.config.google_oauth_client_id or self.config.google_oauth_client_secret: if self.config.google_oauth_client_id or self.config.google_oauth_client_secret:
f.write("# Google OAuth settings\n") f.write("# Google OAuth settings\n")

45
src/tui/screens/config.py
View file

@ -282,6 +282,47 @@ class ConfigScreen(Screen):
self.inputs["openrag_documents_paths"] = input_widget self.inputs["openrag_documents_paths"] = input_widget
yield Static(" ") yield Static(" ")
# Langflow Auth Settings
yield Static("Langflow Auth Settings", classes="tab-header")
yield Static(" ")
# Langflow Auto Login
yield Label("Langflow Auto Login")
current_value = getattr(self.env_manager.config, "langflow_auto_login", "False")
input_widget = Input(
placeholder="False",
value=current_value,
id="input-langflow_auto_login"
)
yield input_widget
self.inputs["langflow_auto_login"] = input_widget
yield Static(" ")
# Langflow New User Is Active
yield Label("Langflow New User Is Active")
current_value = getattr(self.env_manager.config, "langflow_new_user_is_active", "False")
input_widget = Input(
placeholder="False",
value=current_value,
id="input-langflow_new_user_is_active"
)
yield input_widget
self.inputs["langflow_new_user_is_active"] = input_widget
yield Static(" ")
# Langflow Enable Superuser CLI
yield Label("Langflow Enable Superuser CLI")
current_value = getattr(self.env_manager.config, "langflow_enable_superuser_cli", "False")
input_widget = Input(
placeholder="False",
value=current_value,
id="input-langflow_enable_superuser_cli"
)
yield input_widget
self.inputs["langflow_enable_superuser_cli"] = input_widget
yield Static(" ")
yield Static(" ")
# Langflow Secret Key removed from UI; generated automatically on save # Langflow Secret Key removed from UI; generated automatically on save
# Add optional fields only in full mode # Add optional fields only in full mode
@ -379,7 +420,7 @@ class ConfigScreen(Screen):
new_value = getattr(self.env_manager.config, field_name) new_value = getattr(self.env_manager.config, field_name)
input_widget.value = new_value input_widget.value = new_value
self.notify("Generated secure passwords", severity="info") self.notify("Generated secure passwords", severity="information")
def action_save(self) -> None: def action_save(self) -> None:
"""Save the configuration.""" """Save the configuration."""
@ -398,7 +439,7 @@ class ConfigScreen(Screen):
# Save to file # Save to file
if self.env_manager.save_env_file(): if self.env_manager.save_env_file():
self.notify("Configuration saved successfully!", severity="success") self.notify("Configuration saved successfully!", severity="information")
# Switch to monitor screen # Switch to monitor screen
from .monitor import MonitorScreen from .monitor import MonitorScreen
self.app.push_screen(MonitorScreen()) self.app.push_screen(MonitorScreen())

28
src/tui/screens/monitor.py
View file

@ -166,10 +166,22 @@ class MonitorScreen(Screen):
return return
services = await self.container_manager.get_service_status(force_refresh=True) services = await self.container_manager.get_service_status(force_refresh=True)
# Fetch image info independent of service state # Collect images actually reported by running/stopped containers so names match runtime
project_images = await self.container_manager.get_project_images_info() images_set = set()
digest_map = {img: dig for img, dig in project_images} for svc in services.values():
images = [img for img, _ in project_images] img = (svc.image or "").strip()
if img and img != "N/A":
images_set.add(img)
# Ensure compose-declared images are also shown (e.g., langflow when stopped)
try:
for img in self.container_manager._parse_compose_images(): # best-effort, no YAML dep
if img:
images_set.add(img)
except Exception:
pass
images = list(images_set)
# Lookup digests/IDs for these image names
digest_map = await self.container_manager.get_images_digests(images)
# Clear existing rows # Clear existing rows
self.services_table.clear() self.services_table.clear()
@ -188,13 +200,9 @@ class MonitorScreen(Screen):
service_info.image or "N/A", service_info.image or "N/A",
digest_map.get(service_info.image or "", "-") digest_map.get(service_info.image or "", "-")
) )
# Populate images table (unique images) # Populate images table (unique images as reported by runtime)
if self.images_table: if self.images_table:
seen=set() for image in sorted(images):
for image in images:
if not image or image in seen:
continue
seen.add(image)
self.images_table.add_row(image, digest_map.get(image, "-")) self.images_table.add_row(image, digest_map.get(image, "-"))
# Update controls based on overall state # Update controls based on overall state
self._update_controls(list(services.values())) self._update_controls(list(services.values()))