From 683451259467f442b98c8afdb0f59276fc2a8c20 Mon Sep 17 00:00:00 2001 From: Self Denial Date: Sun, 17 Nov 2024 20:12:20 -0700 Subject: [PATCH] refactor: Support running Docker container as root or non-root user This commit introduces flexibility in the Docker setup by allowing the container to run either as the `root` user or a specified non-root user. It updates both the `docker-compose.yml` and `Dockerfile` to include environment variables for setting the user ID, group ID, username, and group name. Additionally, it modifies the entrypoint script to handle these configurations appropriately, ensuring compatibility with different user setups. --- docker-compose.yml | 4 ++++ services/comfy/Dockerfile | 31 +++++++++++++++++++++++++------ services/comfy/entrypoint.sh | 10 +++++----- 3 files changed, 34 insertions(+), 11 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 970b612..2040504 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -45,6 +45,10 @@ services: image: sd-comfy:7 environment: - CLI_ARGS= + - USE_UID=0 + - USE_GID=0 + - USE_USER=root + - USE_GROUP=root comfy-cpu: diff --git a/services/comfy/Dockerfile b/services/comfy/Dockerfile index 12806ad..66c4310 100644 --- a/services/comfy/Dockerfile +++ b/services/comfy/Dockerfile @@ -1,9 +1,13 @@ -FROM pytorch/pytorch:2.3.1-cuda12.1-cudnn8-runtime +FROM pytorch/pytorch:2.5.1-cuda12.4-cudnn9-runtime # Limited system user UID ARG USE_UID=991 # Limited system user GID ARG USE_GID=991 +# System user name +ARG USE_USER=app +# System group name +ARG USE_GROUP=app # Latest tag or bleeding edge commit ARG USE_EDGE=false # ComfyUI-GGUF @@ -21,20 +25,35 @@ ARG USE_INPAINT=false # comfyui-tooling-nodes ARG USE_TOOLING=false +# Support both root and non-root +RUN if [ ${USE_UID} -eq 0 ]; then SET_USER=root; else SET_USER=${USE_USER}; fi +RUN if [ ${USE_GID} -eq 0 ]; then SET_GROUP=root; else SET_GROUP=${USE_GROUP}; fi +ENV USE_USER=${SET_USER} +ENV USE_GROUP=${SET_GROUP} + ENV DEBIAN_FRONTEND=noninteractive PIP_PREFER_BINARY=1 USE_EDGE=$USE_EDGE ENV USE_GGUF=$USE_GGUF USE_XFLUX=$USE_XFLUX ROOT=/stable-diffusion -ENV CACHE=/home/app/.cache USE_CNAUX=$USE_CNAUX USE_KRITA=$USE_KRITA +ENV CACHE=/home/${USE_USER}/.cache USE_CNAUX=$USE_CNAUX USE_KRITA=$USE_KRITA ENV USE_IPAPLUS=$USE_IPAPLUS USE_INPAINT=$USE_INPAINT USE_TOOLING=$USE_TOOLING # User/Group -RUN groupadd -r app -g ${USE_GID} && useradd --no-log-init -m -r -g app app -u ${USE_UID} && \ +RUN if [ ${USE_GID} -ne 0 ]; then \ + groupadd -r ${USE_GROUP} -g ${USE_GID}; \ + fi; \ + if [ ${USE_GID} -ne 0 ]; then \ + useradd --no-log-init -m -r -g ${USE_GROUP} ${USE_USER} -u ${USE_UID}; \ + fi; \ mkdir -p ${ROOT} && chown ${USE_UID}:${USE_GID} ${ROOT} && mkdir -p ${CACHE}/pip && chown -R ${USE_UID}:${USE_GID} ${CACHE} RUN --mount=type=cache,uid=${USE_UID},gid=${USE_GID},target=${CACHE} chown -R ${USE_UID}:${USE_UID} ${CACHE} -RUN apt-get update && apt-get install -y git && (if [ "${USE_XFLUX}" = "true" ] || [ "${USE_KRITA}" = "true" ] || [ "${USE_CNAUX}" = "true" ]; then apt-get install -y libgl1-mesa-glx python3-opencv; fi) && apt-get clean +RUN apt-get update && apt-get install -y git +RUN if [ "${USE_XFLUX}" = "true" ] || [ "${USE_KRITA}" = "true" ] || [ "${USE_CNAUX}" = "true" ]; then \ + apt-get install -y libgl1-mesa-glx python3-opencv; \ + fi +RUN apt-get clean -USER app:app -ENV PATH="${PATH}:/home/app/.local/bin" +USER ${USE_USER}:${USE_GROUP} +ENV PATH="${PATH}:/home/${USE_USER}/.local/bin" RUN --mount=type=cache,uid=${USE_UID},gid=${USE_GID},target=${CACHE} pip --cache-dir=${CACHE}/pip install -U pip diff --git a/services/comfy/entrypoint.sh b/services/comfy/entrypoint.sh index cb520f9..837f174 100755 --- a/services/comfy/entrypoint.sh +++ b/services/comfy/entrypoint.sh @@ -26,7 +26,7 @@ done if [ "${USE_KRITA}" = "true" ]; then if [ "${KRITA_DOWNLOAD_MODELS:-false}" = "true" ]; then - cd "${ROOT}/krita-ai-diffusion/scripts" && python download_models.py --recommended /data && cd .. + cd "${ROOT}/krita-ai-diffusion/scripts" && python download_models.py --verbose --retry-attempts 10 --continue-on-error --recommended /data && cd .. fi [ -d "${ROOT}/models/upscale_models" ] && mv -v "${ROOT}/models/upscale_models" "${ROOT}/models/upscale_models.stock" if [ ! -L "${ROOT}/models/upscale_models" ]; then @@ -42,12 +42,12 @@ if [ "${USE_XFLUX}" = "true" ]; then [ ! -e "${CUSTOM_NODES}/x-flux-comfyui" ] && mv "${ROOT}/x-flux-comfyui" "${CUSTOM_NODES}"/ [ ! -e "/data/models/clip_vision" ] && mkdir -p /data/models/clip_vision [ ! -e "/data/models/clip_vision/model.safetensors" ] && cd /data/models/clip_vision && \ - python -c 'import sys; from urllib.request import urlopen; from pathlib import Path; Path(sys.argv[2]).write_bytes(urlopen("".join([sys.argv[1],sys.argv[2]])).read())' \ - "https://huggingface.co/openai/clip-vit-large-patch14/resolve/main/" "model.safetensors" + python -c 'import sys; from urllib.request import urlopen; from pathlib import Path; Path(sys.argv[2]).write_bytes(urlopen(sys.argv[1]).read())' \ + "https://huggingface.co/openai/clip-vit-large-patch14/resolve/main/model.safetensors" "model.safetensors" [ ! -e "/data/models/xlabs" ] && mkdir -p /data/models/xlabs/{ipadapters,loras,controlnets} [ ! -e "/data/models/xlabs/ipadapters/flux-ip-adapter.safetensors" ] && cd /data/models/xlabs/ipadapters && \ - python -c 'import sys; from urllib.request import urlopen; from pathlib import Path; Path(sys.argv[2]).write_bytes(urlopen("".join([sys.argv[1],sys.argv[2]])).read())' \ - "https://huggingface.co/XLabs-AI/flux-ip-adapter/resolve/main/" "flux-ip-adapter.safetensors" + python -c 'import sys; from urllib.request import urlopen; from pathlib import Path; Path(sys.argv[2]).write_bytes(urlopen(sys.argv[1]).read())' \ + "https://huggingface.co/XLabs-AI/flux-ip-adapter/resolve/main/ip_adapter.safetensors" "flux-ip-adapter.safetensors" [ -d "${ROOT}/models/xlabs" ] && rm -rf "${ROOT}/models/xlabs" [ ! -e "${ROOT}/models/xlabs" ] && cd "${ROOT}/models" && ln -sT /data/models/xlabs xlabs && cd .. fi