From de7434e2048fbc590a7240e8bb66a820ea5f8799 Mon Sep 17 00:00:00 2001 From: archer <545436317@qq.com> Date: Tue, 31 Mar 2026 20:51:20 +0800 Subject: [PATCH] docker --- deploy/args.json | 3 + deploy/docker/cn/docker-compose.milvus.yml | 83 ++++++++++++++++++ deploy/docker/cn/docker-compose.oceanbase.yml | 86 +++++++++++++++++- deploy/docker/cn/docker-compose.pg.yml | 83 ++++++++++++++++++ deploy/docker/cn/docker-compose.seekdb.yml | 83 ++++++++++++++++++ deploy/docker/cn/docker-compose.zilliz.yml | 83 ++++++++++++++++++ .../docker/global/docker-compose.milvus.yml | 83 ++++++++++++++++++ .../global/docker-compose.oceanbase.yml | 86 +++++++++++++++++- deploy/docker/global/docker-compose.pg.yml | 83 ++++++++++++++++++ .../docker/global/docker-compose.seekdb.yml | 83 ++++++++++++++++++ .../docker/global/docker-compose.ziliiz.yml | 83 ++++++++++++++++++ deploy/templates/docker-compose.prod.copy.yml | 13 +-- deploy/templates/docker-compose.prod.yml | 87 ++++++++++++++++++- .../docs/self-host/upgrading/4-14/41410.mdx | 5 ++ document/data/doc-last-modified.json | 2 +- .../docker/cn/docker-compose.milvus.yml | 83 ++++++++++++++++++ .../docker/cn/docker-compose.oceanbase.yml | 86 +++++++++++++++++- .../deploy/docker/cn/docker-compose.pg.yml | 83 ++++++++++++++++++ .../docker/cn/docker-compose.seekdb.yml | 83 ++++++++++++++++++ .../docker/cn/docker-compose.zilliz.yml | 83 ++++++++++++++++++ .../docker/global/docker-compose.milvus.yml | 83 ++++++++++++++++++ .../global/docker-compose.oceanbase.yml | 86 +++++++++++++++++- .../docker/global/docker-compose.pg.yml | 83 ++++++++++++++++++ .../docker/global/docker-compose.seekdb.yml | 83 ++++++++++++++++++ .../docker/global/docker-compose.ziliiz.yml | 83 ++++++++++++++++++ .../app/detail/Edit/SimpleApp/EditForm.tsx | 2 +- 26 files changed, 1755 insertions(+), 29 deletions(-) diff --git a/deploy/args.json b/deploy/args.json index 30a369dbf1..11ea31c28b 100644 --- a/deploy/args.json +++ b/deploy/args.json @@ -4,6 +4,7 @@ "fastgpt-sandbox": "v4.14.9.5", "fastgpt-mcp_server": "v4.14.9", "fastgpt-plugin": "v0.5.5", + "volume-manager": "v0.0.1", "aiproxy": "v0.3.5", "aiproxy-pg": "0.8.0-pg15", "mongo": "5.0.32", @@ -25,6 +26,7 @@ "fastgpt-plugin": "registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-plugin", "fastgpt-sandbox": "registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-sandbox", "fastgpt-mcp_server": "registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-mcp_server", + "volume-manager": "registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager", "aiproxy": "registry.cn-hangzhou.aliyuncs.com/labring/aiproxy", "aiproxy-pg": "registry.cn-hangzhou.aliyuncs.com/fastgpt/pgvector", "mongo": "registry.cn-hangzhou.aliyuncs.com/fastgpt/mongo", @@ -45,6 +47,7 @@ "fastgpt-plugin": "ghcr.io/labring/fastgpt-plugin", "fastgpt-sandbox": "ghcr.io/labring/fastgpt-sandbox", "fastgpt-mcp_server": "ghcr.io/labring/fastgpt-mcp_server", + "volume-manager": "ghcr.io/labring/fastgpt-agent-volume-manager", "aiproxy": "ghcr.io/labring/aiproxy", "aiproxy-pg": "pgvector/pgvector", "mongo": "mongo", diff --git a/deploy/docker/cn/docker-compose.milvus.yml b/deploy/docker/cn/docker-compose.milvus.yml index 11601b9c64..a6b659bb57 100644 --- a/deploy/docker/cn/docker-compose.milvus.yml +++ b/deploy/docker/cn/docker-compose.milvus.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -234,6 +236,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -342,6 +357,54 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: opensandbox/server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + - SANDBOX_CONFIG_PATH=/etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.1 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + - VM_RUNTIME=docker + - VM_AUTH_TOKEN=*x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + - VM_VOLUME_NAME_PREFIX=fastgpt-session # volume 名称前缀 + - VM_LOG_LEVEL=info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # AI Proxy aiproxy: image: registry.cn-hangzhou.aliyuncs.com/labring/aiproxy:v0.3.5 @@ -394,3 +457,23 @@ networks: aiproxy: vector: +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" diff --git a/deploy/docker/cn/docker-compose.oceanbase.yml b/deploy/docker/cn/docker-compose.oceanbase.yml index e761d9cf53..d428758264 100644 --- a/deploy/docker/cn/docker-compose.oceanbase.yml +++ b/deploy/docker/cn/docker-compose.oceanbase.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -211,6 +213,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -319,6 +334,54 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: opensandbox/server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + - SANDBOX_CONFIG_PATH=/etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.1 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + - VM_RUNTIME=docker + - VM_AUTH_TOKEN=*x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + - VM_VOLUME_NAME_PREFIX=fastgpt-session # volume 名称前缀 + - VM_LOG_LEVEL=info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # AI Proxy aiproxy: image: registry.cn-hangzhou.aliyuncs.com/labring/aiproxy:v0.3.5 @@ -370,9 +433,24 @@ networks: fastgpt: aiproxy: vector: + configs: - init_sql: - name: init_sql + opensandbox-config: content: | - ALTER SYSTEM SET ob_vector_memory_limit_percentage = 30; - + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" diff --git a/deploy/docker/cn/docker-compose.pg.yml b/deploy/docker/cn/docker-compose.pg.yml index af370d0c64..5a6003378a 100644 --- a/deploy/docker/cn/docker-compose.pg.yml +++ b/deploy/docker/cn/docker-compose.pg.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -192,6 +194,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -300,6 +315,54 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: opensandbox/server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + - SANDBOX_CONFIG_PATH=/etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.1 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + - VM_RUNTIME=docker + - VM_AUTH_TOKEN=*x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + - VM_VOLUME_NAME_PREFIX=fastgpt-session # volume 名称前缀 + - VM_LOG_LEVEL=info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # AI Proxy aiproxy: image: registry.cn-hangzhou.aliyuncs.com/labring/aiproxy:v0.3.5 @@ -352,3 +415,23 @@ networks: aiproxy: vector: +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" diff --git a/deploy/docker/cn/docker-compose.seekdb.yml b/deploy/docker/cn/docker-compose.seekdb.yml index 8a4a9aa12d..d259d7ff11 100644 --- a/deploy/docker/cn/docker-compose.seekdb.yml +++ b/deploy/docker/cn/docker-compose.seekdb.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -198,6 +200,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -306,6 +321,54 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: opensandbox/server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + - SANDBOX_CONFIG_PATH=/etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.1 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + - VM_RUNTIME=docker + - VM_AUTH_TOKEN=*x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + - VM_VOLUME_NAME_PREFIX=fastgpt-session # volume 名称前缀 + - VM_LOG_LEVEL=info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # AI Proxy aiproxy: image: registry.cn-hangzhou.aliyuncs.com/labring/aiproxy:v0.3.5 @@ -358,3 +421,23 @@ networks: aiproxy: vector: +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" diff --git a/deploy/docker/cn/docker-compose.zilliz.yml b/deploy/docker/cn/docker-compose.zilliz.yml index 55c4330f07..c284593cd9 100644 --- a/deploy/docker/cn/docker-compose.zilliz.yml +++ b/deploy/docker/cn/docker-compose.zilliz.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -176,6 +178,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -284,6 +299,54 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: opensandbox/server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + - SANDBOX_CONFIG_PATH=/etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.1 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + - VM_RUNTIME=docker + - VM_AUTH_TOKEN=*x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + - VM_VOLUME_NAME_PREFIX=fastgpt-session # volume 名称前缀 + - VM_LOG_LEVEL=info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # AI Proxy aiproxy: image: registry.cn-hangzhou.aliyuncs.com/labring/aiproxy:v0.3.5 @@ -336,3 +399,23 @@ networks: aiproxy: vector: +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" diff --git a/deploy/docker/global/docker-compose.milvus.yml b/deploy/docker/global/docker-compose.milvus.yml index 4c7b2da454..b7d5896cba 100644 --- a/deploy/docker/global/docker-compose.milvus.yml +++ b/deploy/docker/global/docker-compose.milvus.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -234,6 +236,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -342,6 +357,54 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: opensandbox/server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + - SANDBOX_CONFIG_PATH=/etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.1 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + - VM_RUNTIME=docker + - VM_AUTH_TOKEN=*x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + - VM_VOLUME_NAME_PREFIX=fastgpt-session # volume 名称前缀 + - VM_LOG_LEVEL=info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # AI Proxy aiproxy: image: ghcr.io/labring/aiproxy:v0.3.5 @@ -394,3 +457,23 @@ networks: aiproxy: vector: +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" diff --git a/deploy/docker/global/docker-compose.oceanbase.yml b/deploy/docker/global/docker-compose.oceanbase.yml index 9ef2bc2356..bc3e43a4c0 100644 --- a/deploy/docker/global/docker-compose.oceanbase.yml +++ b/deploy/docker/global/docker-compose.oceanbase.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -211,6 +213,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -319,6 +334,54 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: opensandbox/server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + - SANDBOX_CONFIG_PATH=/etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.1 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + - VM_RUNTIME=docker + - VM_AUTH_TOKEN=*x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + - VM_VOLUME_NAME_PREFIX=fastgpt-session # volume 名称前缀 + - VM_LOG_LEVEL=info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # AI Proxy aiproxy: image: ghcr.io/labring/aiproxy:v0.3.5 @@ -370,9 +433,24 @@ networks: fastgpt: aiproxy: vector: + configs: - init_sql: - name: init_sql + opensandbox-config: content: | - ALTER SYSTEM SET ob_vector_memory_limit_percentage = 30; - + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" diff --git a/deploy/docker/global/docker-compose.pg.yml b/deploy/docker/global/docker-compose.pg.yml index 630a8c93ba..1d7c1fd3ad 100644 --- a/deploy/docker/global/docker-compose.pg.yml +++ b/deploy/docker/global/docker-compose.pg.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -192,6 +194,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -300,6 +315,54 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: opensandbox/server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + - SANDBOX_CONFIG_PATH=/etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.1 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + - VM_RUNTIME=docker + - VM_AUTH_TOKEN=*x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + - VM_VOLUME_NAME_PREFIX=fastgpt-session # volume 名称前缀 + - VM_LOG_LEVEL=info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # AI Proxy aiproxy: image: ghcr.io/labring/aiproxy:v0.3.5 @@ -352,3 +415,23 @@ networks: aiproxy: vector: +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" diff --git a/deploy/docker/global/docker-compose.seekdb.yml b/deploy/docker/global/docker-compose.seekdb.yml index 02b593350c..257620abb5 100644 --- a/deploy/docker/global/docker-compose.seekdb.yml +++ b/deploy/docker/global/docker-compose.seekdb.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -198,6 +200,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -306,6 +321,54 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: opensandbox/server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + - SANDBOX_CONFIG_PATH=/etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.1 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + - VM_RUNTIME=docker + - VM_AUTH_TOKEN=*x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + - VM_VOLUME_NAME_PREFIX=fastgpt-session # volume 名称前缀 + - VM_LOG_LEVEL=info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # AI Proxy aiproxy: image: ghcr.io/labring/aiproxy:v0.3.5 @@ -358,3 +421,23 @@ networks: aiproxy: vector: +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" diff --git a/deploy/docker/global/docker-compose.ziliiz.yml b/deploy/docker/global/docker-compose.ziliiz.yml index 100fb24c85..4c6f3d3e75 100644 --- a/deploy/docker/global/docker-compose.ziliiz.yml +++ b/deploy/docker/global/docker-compose.ziliiz.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -176,6 +178,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -284,6 +299,54 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: opensandbox/server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + - SANDBOX_CONFIG_PATH=/etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.1 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + - VM_RUNTIME=docker + - VM_AUTH_TOKEN=*x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + - VM_VOLUME_NAME_PREFIX=fastgpt-session # volume 名称前缀 + - VM_LOG_LEVEL=info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # AI Proxy aiproxy: image: ghcr.io/labring/aiproxy:v0.3.5 @@ -336,3 +399,23 @@ networks: aiproxy: vector: +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" diff --git a/deploy/templates/docker-compose.prod.copy.yml b/deploy/templates/docker-compose.prod.copy.yml index 98b3e8efa0..01f7607e07 100644 --- a/deploy/templates/docker-compose.prod.copy.yml +++ b/deploy/templates/docker-compose.prod.copy.yml @@ -304,7 +304,6 @@ networks: ${{vec.extra}} configs: - # opensandbox config opensandbox-config: content: | [server] @@ -314,17 +313,13 @@ configs: [runtime] type = "docker" - execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.7" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" [egress] image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" [docker] network_mode = "bridge" - host_ip = "host.docker.internal" - drop_capabilities = ["AUDIT_WRITE", "MKNOD", "NET_ADMIN", "NET_RAW", "SYS_ADMIN", "SYS_MODULE", "SYS_PTRACE", "SYS_TIME", "SYS_TTY_CONFIG"] - no_new_privileges = true - pids_limit = 512 - - [ingress] - mode = "direct" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" \ No newline at end of file diff --git a/deploy/templates/docker-compose.prod.yml b/deploy/templates/docker-compose.prod.yml index 0c9461c500..d6c94f8a2c 100644 --- a/deploy/templates/docker-compose.prod.yml +++ b/deploy/templates/docker-compose.prod.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -132,7 +134,7 @@ ${{vec.db}} fastgpt: container_name: fastgpt - image: ${{fastgpt.image}}:${{fastgpt.tag}} # git + image: ${{fastgpt.image}}:${{fastgpt.tag}} ports: - 3000:3000 networks: @@ -175,6 +177,19 @@ ${{vec.db}} # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -283,6 +298,54 @@ ${{vec.db}} interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: opensandbox/server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + - SANDBOX_CONFIG_PATH=/etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: ${{volume-manager.image}}:${{volume-manager.tag}} + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + - VM_RUNTIME=docker + - VM_AUTH_TOKEN=*x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + - VM_VOLUME_NAME_PREFIX=fastgpt-session # volume 名称前缀 + - VM_LOG_LEVEL=info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # AI Proxy aiproxy: image: ${{aiproxy.image}}:${{aiproxy.tag}} @@ -334,4 +397,24 @@ networks: fastgpt: aiproxy: vector: -${{vec.extra}} + +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" diff --git a/document/content/docs/self-host/upgrading/4-14/41410.mdx b/document/content/docs/self-host/upgrading/4-14/41410.mdx index fad9102123..999cb23ba4 100644 --- a/document/content/docs/self-host/upgrading/4-14/41410.mdx +++ b/document/content/docs/self-host/upgrading/4-14/41410.mdx @@ -8,6 +8,11 @@ description: 'FastGPT V4.14.10 更新说明' 1. 代码沙盒镜像名变更: `{{hub}}/fastgpt-sandbox` -> `{{hub}}/fastgpt-code-sandbox` 2. 系统工具部分头像,移除了 icon,都转用图片链接,如果丢失了头像,可以重新更新一次系统工具(卸载再安装,或者直接导入 pkg 覆盖) +## 升级指南 + +### 1. 增加沙盒配置 + + ## 🚀 新增内容 1. 增加 OpenSandbox docker 部署方案及适配,并支持通过挂载 volumn 进行数据持久化。 diff --git a/document/data/doc-last-modified.json b/document/data/doc-last-modified.json index c4031f0c0c..27b5d629f9 100644 --- a/document/data/doc-last-modified.json +++ b/document/data/doc-last-modified.json @@ -220,7 +220,7 @@ "document/content/docs/self-host/upgrading/4-14/4140.mdx": "2026-03-03T17:39:47+08:00", "document/content/docs/self-host/upgrading/4-14/4141.en.mdx": "2026-03-03T17:39:47+08:00", "document/content/docs/self-host/upgrading/4-14/4141.mdx": "2026-03-03T17:39:47+08:00", - "document/content/docs/self-host/upgrading/4-14/41410.mdx": "2026-03-30T22:11:30+08:00", + "document/content/docs/self-host/upgrading/4-14/41410.mdx": "2026-03-31T17:02:56+08:00", "document/content/docs/self-host/upgrading/4-14/4142.en.mdx": "2026-03-03T17:39:47+08:00", "document/content/docs/self-host/upgrading/4-14/4142.mdx": "2026-03-03T17:39:47+08:00", "document/content/docs/self-host/upgrading/4-14/4143.en.mdx": "2026-03-03T17:39:47+08:00", diff --git a/document/public/deploy/docker/cn/docker-compose.milvus.yml b/document/public/deploy/docker/cn/docker-compose.milvus.yml index 11601b9c64..a6b659bb57 100644 --- a/document/public/deploy/docker/cn/docker-compose.milvus.yml +++ b/document/public/deploy/docker/cn/docker-compose.milvus.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -234,6 +236,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -342,6 +357,54 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: opensandbox/server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + - SANDBOX_CONFIG_PATH=/etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.1 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + - VM_RUNTIME=docker + - VM_AUTH_TOKEN=*x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + - VM_VOLUME_NAME_PREFIX=fastgpt-session # volume 名称前缀 + - VM_LOG_LEVEL=info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # AI Proxy aiproxy: image: registry.cn-hangzhou.aliyuncs.com/labring/aiproxy:v0.3.5 @@ -394,3 +457,23 @@ networks: aiproxy: vector: +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" diff --git a/document/public/deploy/docker/cn/docker-compose.oceanbase.yml b/document/public/deploy/docker/cn/docker-compose.oceanbase.yml index e761d9cf53..d428758264 100644 --- a/document/public/deploy/docker/cn/docker-compose.oceanbase.yml +++ b/document/public/deploy/docker/cn/docker-compose.oceanbase.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -211,6 +213,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -319,6 +334,54 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: opensandbox/server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + - SANDBOX_CONFIG_PATH=/etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.1 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + - VM_RUNTIME=docker + - VM_AUTH_TOKEN=*x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + - VM_VOLUME_NAME_PREFIX=fastgpt-session # volume 名称前缀 + - VM_LOG_LEVEL=info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # AI Proxy aiproxy: image: registry.cn-hangzhou.aliyuncs.com/labring/aiproxy:v0.3.5 @@ -370,9 +433,24 @@ networks: fastgpt: aiproxy: vector: + configs: - init_sql: - name: init_sql + opensandbox-config: content: | - ALTER SYSTEM SET ob_vector_memory_limit_percentage = 30; - + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" diff --git a/document/public/deploy/docker/cn/docker-compose.pg.yml b/document/public/deploy/docker/cn/docker-compose.pg.yml index af370d0c64..5a6003378a 100644 --- a/document/public/deploy/docker/cn/docker-compose.pg.yml +++ b/document/public/deploy/docker/cn/docker-compose.pg.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -192,6 +194,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -300,6 +315,54 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: opensandbox/server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + - SANDBOX_CONFIG_PATH=/etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.1 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + - VM_RUNTIME=docker + - VM_AUTH_TOKEN=*x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + - VM_VOLUME_NAME_PREFIX=fastgpt-session # volume 名称前缀 + - VM_LOG_LEVEL=info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # AI Proxy aiproxy: image: registry.cn-hangzhou.aliyuncs.com/labring/aiproxy:v0.3.5 @@ -352,3 +415,23 @@ networks: aiproxy: vector: +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" diff --git a/document/public/deploy/docker/cn/docker-compose.seekdb.yml b/document/public/deploy/docker/cn/docker-compose.seekdb.yml index 8a4a9aa12d..d259d7ff11 100644 --- a/document/public/deploy/docker/cn/docker-compose.seekdb.yml +++ b/document/public/deploy/docker/cn/docker-compose.seekdb.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -198,6 +200,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -306,6 +321,54 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: opensandbox/server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + - SANDBOX_CONFIG_PATH=/etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.1 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + - VM_RUNTIME=docker + - VM_AUTH_TOKEN=*x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + - VM_VOLUME_NAME_PREFIX=fastgpt-session # volume 名称前缀 + - VM_LOG_LEVEL=info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # AI Proxy aiproxy: image: registry.cn-hangzhou.aliyuncs.com/labring/aiproxy:v0.3.5 @@ -358,3 +421,23 @@ networks: aiproxy: vector: +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" diff --git a/document/public/deploy/docker/cn/docker-compose.zilliz.yml b/document/public/deploy/docker/cn/docker-compose.zilliz.yml index 55c4330f07..c284593cd9 100644 --- a/document/public/deploy/docker/cn/docker-compose.zilliz.yml +++ b/document/public/deploy/docker/cn/docker-compose.zilliz.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -176,6 +178,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -284,6 +299,54 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: opensandbox/server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + - SANDBOX_CONFIG_PATH=/etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.0.1 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + - VM_RUNTIME=docker + - VM_AUTH_TOKEN=*x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + - VM_VOLUME_NAME_PREFIX=fastgpt-session # volume 名称前缀 + - VM_LOG_LEVEL=info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # AI Proxy aiproxy: image: registry.cn-hangzhou.aliyuncs.com/labring/aiproxy:v0.3.5 @@ -336,3 +399,23 @@ networks: aiproxy: vector: +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" diff --git a/document/public/deploy/docker/global/docker-compose.milvus.yml b/document/public/deploy/docker/global/docker-compose.milvus.yml index 4c7b2da454..b7d5896cba 100644 --- a/document/public/deploy/docker/global/docker-compose.milvus.yml +++ b/document/public/deploy/docker/global/docker-compose.milvus.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -234,6 +236,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -342,6 +357,54 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: opensandbox/server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + - SANDBOX_CONFIG_PATH=/etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.1 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + - VM_RUNTIME=docker + - VM_AUTH_TOKEN=*x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + - VM_VOLUME_NAME_PREFIX=fastgpt-session # volume 名称前缀 + - VM_LOG_LEVEL=info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # AI Proxy aiproxy: image: ghcr.io/labring/aiproxy:v0.3.5 @@ -394,3 +457,23 @@ networks: aiproxy: vector: +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" diff --git a/document/public/deploy/docker/global/docker-compose.oceanbase.yml b/document/public/deploy/docker/global/docker-compose.oceanbase.yml index 9ef2bc2356..bc3e43a4c0 100644 --- a/document/public/deploy/docker/global/docker-compose.oceanbase.yml +++ b/document/public/deploy/docker/global/docker-compose.oceanbase.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -211,6 +213,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -319,6 +334,54 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: opensandbox/server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + - SANDBOX_CONFIG_PATH=/etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.1 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + - VM_RUNTIME=docker + - VM_AUTH_TOKEN=*x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + - VM_VOLUME_NAME_PREFIX=fastgpt-session # volume 名称前缀 + - VM_LOG_LEVEL=info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # AI Proxy aiproxy: image: ghcr.io/labring/aiproxy:v0.3.5 @@ -370,9 +433,24 @@ networks: fastgpt: aiproxy: vector: + configs: - init_sql: - name: init_sql + opensandbox-config: content: | - ALTER SYSTEM SET ob_vector_memory_limit_percentage = 30; - + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" diff --git a/document/public/deploy/docker/global/docker-compose.pg.yml b/document/public/deploy/docker/global/docker-compose.pg.yml index 630a8c93ba..1d7c1fd3ad 100644 --- a/document/public/deploy/docker/global/docker-compose.pg.yml +++ b/document/public/deploy/docker/global/docker-compose.pg.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -192,6 +194,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -300,6 +315,54 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: opensandbox/server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + - SANDBOX_CONFIG_PATH=/etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.1 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + - VM_RUNTIME=docker + - VM_AUTH_TOKEN=*x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + - VM_VOLUME_NAME_PREFIX=fastgpt-session # volume 名称前缀 + - VM_LOG_LEVEL=info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # AI Proxy aiproxy: image: ghcr.io/labring/aiproxy:v0.3.5 @@ -352,3 +415,23 @@ networks: aiproxy: vector: +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" diff --git a/document/public/deploy/docker/global/docker-compose.seekdb.yml b/document/public/deploy/docker/global/docker-compose.seekdb.yml index 02b593350c..257620abb5 100644 --- a/document/public/deploy/docker/global/docker-compose.seekdb.yml +++ b/document/public/deploy/docker/global/docker-compose.seekdb.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -198,6 +200,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -306,6 +321,54 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: opensandbox/server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + - SANDBOX_CONFIG_PATH=/etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.1 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + - VM_RUNTIME=docker + - VM_AUTH_TOKEN=*x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + - VM_VOLUME_NAME_PREFIX=fastgpt-session # volume 名称前缀 + - VM_LOG_LEVEL=info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # AI Proxy aiproxy: image: ghcr.io/labring/aiproxy:v0.3.5 @@ -358,3 +421,23 @@ networks: aiproxy: vector: +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" diff --git a/document/public/deploy/docker/global/docker-compose.ziliiz.yml b/document/public/deploy/docker/global/docker-compose.ziliiz.yml index 100fb24c85..4c6f3d3e75 100644 --- a/document/public/deploy/docker/global/docker-compose.ziliiz.yml +++ b/document/public/deploy/docker/global/docker-compose.ziliiz.yml @@ -11,6 +11,8 @@ x-system-key: &x-system-key 'fastgpt-xxx' x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 @@ -176,6 +178,19 @@ services: # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token + # ==================== Agent sandbox 配置 ==================== + AGENT_SANDBOX_PROVIDER: opensandbox + # OpenSandbox 配置(PROVIDER: opensandbox 时生效) + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: latest + # Volume 持久化配置(opensandbox provider 下可选) + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3001 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client @@ -284,6 +299,54 @@ services: interval: 30s timeout: 20s retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: opensandbox/server:v0.1.9 + container_name: opensandbox-server + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + - SANDBOX_CONFIG_PATH=/etc/opensandbox/config.toml + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] + interval: 10s + timeout: 5s + retries: 5 + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + volume-manager: + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.0.1 + container_name: volume-manager + restart: always + networks: + - fastgpt + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) + environment: + - VM_RUNTIME=docker + - VM_AUTH_TOKEN=*x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + - VM_VOLUME_NAME_PREFIX=fastgpt-session # volume 名称前缀 + - VM_LOG_LEVEL=info + healthcheck: + test: + [ + 'CMD', + 'bun', + '-e', + "fetch('http://localhost:3001/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" + ] + interval: 10s + timeout: 5s + retries: 5 + # AI Proxy aiproxy: image: ghcr.io/labring/aiproxy:v0.3.5 @@ -336,3 +399,23 @@ networks: aiproxy: vector: +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + + [runtime] + type = "docker" + execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6" + + [egress] + image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1" + + [docker] + network_mode = "bridge" + # 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname + # macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100) + host_ip = "host.docker.internal" diff --git a/projects/app/src/pageComponents/app/detail/Edit/SimpleApp/EditForm.tsx b/projects/app/src/pageComponents/app/detail/Edit/SimpleApp/EditForm.tsx index afda98eaa5..d38dd4a76b 100644 --- a/projects/app/src/pageComponents/app/detail/Edit/SimpleApp/EditForm.tsx +++ b/projects/app/src/pageComponents/app/detail/Edit/SimpleApp/EditForm.tsx @@ -74,7 +74,7 @@ const EditForm = ({ const { defaultModels, feConfigs } = useSystemStore(); const showSandbox = feConfigs.show_agent_sandbox; const { teamPlanStatus } = useUserStore(); - const enableSandbox = teamPlanStatus?.standard?.enableSandbox; + const enableSandbox = !teamPlanStatus || !!teamPlanStatus?.standard?.enableSandbox; const { appDetail } = useContextSelector(AppContext, (v) => v); const selectDatasets = useMemo(() => appForm?.dataset?.datasets, [appForm]); const [, startTst] = useTransition();