[WIP] dockerfile for UBI-9 with vllm-rhai#258
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a build script and a multi-stage Dockerfile to create a vLLM CPU image based on UBI 9, including RHSM registration and system dependency management. Key feedback includes correcting the LD_PRELOAD path and moving its declaration to avoid pre-installation errors, removing the 'v' prefix from the VLLM_VERSION build argument, and addressing security concerns regarding the use of --network host and piping curl to sh. Additionally, it is recommended to implement a final runtime stage to reduce image size and security surface by excluding build-time dependencies.
There was a problem hiding this comment.
Pull request overview
This PR replaces manual UBI9 build instructions with an initial Docker-based flow for building a CPU vLLM image using Red Hat UBI9/RHAI package sources and RHSM credentials.
Changes:
- Adds a UBI9-based CPU Dockerfile that installs system dependencies, creates a uv virtualenv, and installs vLLM.
- Adds a helper build script and RHSM environment placeholder.
- Removes the previous manual UBI9 build instructions document.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
docker/vllm-cpu.Dockerfile |
Defines the new UBI9 CPU vLLM image build. |
docker/build_cpu_image.sh |
Adds a helper script for building the CPU Docker image with BuildKit secrets. |
docker/rhsm.env |
Adds placeholder RHSM credential variables for the build secret. |
docker/vllm_ubi9_building_instructions.md |
Removes the old manual UBI9 build guide. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
As a pending issue, @dtrifiro would suggest to use another base image for vllm-cpu build as discussed in slack. This need to be further pushed by Liming Tsai. |
| RUN --mount=type=secret,id=rhsm \ | ||
| --mount=type=cache,target=/var/cache/dnf,sharing=locked \ | ||
| bash -euo pipefail -c '\ | ||
| source /run/secrets/rhsm; \ | ||
| cleanup() { \ | ||
| subscription-manager unregister >/dev/null 2>&1 || true; \ | ||
| subscription-manager clean >/dev/null 2>&1 || true; \ | ||
| }; \ | ||
| trap cleanup EXIT; \ | ||
| subscription-manager register \ | ||
| --username "$RHSM_USER" \ | ||
| --password "$RHSM_PASS" \ | ||
| --auto-attach; \ | ||
| subscription-manager repos \ | ||
| --enable codeready-builder-for-rhel-9-x86_64-rpms; \ | ||
| yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm; \ | ||
| /usr/bin/crb enable; \ | ||
| yum makecache; \ | ||
| yum install -y --setopt=install_weak_deps=False \ | ||
| python3 \ | ||
| python3-devel \ | ||
| zeromq \ | ||
| bzip2 \ | ||
| cpio \ | ||
| elfutils-debuginfod-client \ | ||
| ffmpeg-free \ | ||
| fftw \ | ||
| file \ | ||
| freetype \ | ||
| gcc \ | ||
| gcc-c++ \ | ||
| gdal-libs \ | ||
| gdb \ | ||
| geos \ | ||
| git-core \ | ||
| glibc-langpack-en \ | ||
| glog \ | ||
| gmp \ | ||
| gzip \ | ||
| hdf5 \ | ||
| jemalloc \ | ||
| jq \ | ||
| krb5-libs \ | ||
| lcms2 \ | ||
| libaio \ | ||
| libev \ | ||
| libjpeg \ | ||
| libmpc \ | ||
| libomp \ | ||
| libpng \ | ||
| libpq \ | ||
| libqhull_r \ | ||
| libsndfile \ | ||
| libtiff \ | ||
| libunwind \ | ||
| libva \ | ||
| libwebp \ | ||
| libxml2 \ | ||
| libxslt \ | ||
| libzip \ | ||
| libzstd \ | ||
| loguru \ | ||
| lz4 \ | ||
| make \ | ||
| mariadb-connector-c \ | ||
| mpfr \ | ||
| netcdf \ | ||
| numactl \ | ||
| nvtop \ | ||
| openblas openblas-openmp openblas-openmp64 openblas-serial openblas-serial64 openblas-threads openblas-threads64 \ | ||
| openjpeg2 \ | ||
| openmpi \ | ||
| proj \ | ||
| protobuf \ | ||
| qpdf \ | ||
| re2 \ | ||
| snappy \ | ||
| spatialindex \ | ||
| tbb \ | ||
| tesseract \ | ||
| thrift \ | ||
| unixODBC \ | ||
| utf8proc \ | ||
| wget \ | ||
| xz \ | ||
| xz-libs \ | ||
| zlib \ | ||
| zstd; \ | ||
| yum clean all' | ||
|
|
||
| WORKDIR /workspace |
There was a problem hiding this comment.
We should be able to get rid of most of these installs once we switch to the rhai base image
|
|
||
| WORKDIR /workspace | ||
|
|
||
| RUN curl -LsSf https://astral.sh/uv/install.sh | sh |
There was a problem hiding this comment.
uv should be already available in the rhai base image, so we should also be able to remove this step
|
|
||
| ENV UV_HTTP_TIMEOUT=500 | ||
|
|
||
| ENV LD_PRELOAD="/opt/venv/lib/libiomp5.so" |
There was a problem hiding this comment.
Not sure if this will be available in the rhai image
There was a problem hiding this comment.
Ok, this is copied from vllm's cpu dockerfile. Will check later!
| ENV VLLM_LOGGING_LEVEL=DEBUG | ||
|
|
||
| ARG VLLM_VERSION | ||
| RUN uv pip install --torch-backend=cpu vllm==${VLLM_VERSION} |
There was a problem hiding this comment.
| RUN uv pip install --torch-backend=cpu vllm==${VLLM_VERSION} | |
| RUN uv pip install vllm==${VLLM_VERSION} |
shouldn't need to set the torch backend when using the rhai index
No description provided.