Skip to content

Commit

Permalink
Infrastructure required to run coqui locally
Browse files Browse the repository at this point in the history
  • Loading branch information
@seplee
seplee committed Apr 7, 2024
1 parent 99f22ce commit 66893e4
Show file tree
Hide file tree
Showing 5 changed files with 86 additions and 39 deletions.
68 changes: 56 additions & 12 deletions _infrastructure/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,6 @@ locals {

secret_arn = "arn:aws:secretsmanager:us-east-2:310753928788:secret:drive-gooder-secrets-5lmhvt"

# use list after tutorial
container_port_http = 80
container_port_https = 443
}

Expand All @@ -41,28 +39,73 @@ locals {
# }


## Route53

resource "aws_route53_zone" "this" {
name = "drive-gooder.com"
}

resource "aws_route53_record" "root" {
zone_id = aws_route53_zone.this.id
name = aws_route53_zone.this.name
type = "A"
}
# the above outputs both zone id: .zone_id and record id: .id
## ACM

resource "aws_acm_certificate" "root_cert" {
domain_name = aws_route53_zone.this.name
validation_method = "DNS"

lifecycle {
create_before_destroy = true
}
}

resource "aws_acm_certificate_validation" "root_validation" {
certificate_arn = aws_acm_certificate.root_cert.arn
validation_record_fqdns = [for record in aws_route53_record.root_validations : record.fqdn]
}

resource "aws_route53_record" "root_validations" {
for_each = {
for dvo in aws_acm_certificate.root_cert.domain_validation_options : dvo.domain_name => {
name = dvo.resource_record_name
record = dvo.resource_record_value
type = dvo.resource_record_type
zone_id = data.aws_route53_zone.main.zone_id
}
}

allow_overwrite = true
name = each.value.name
records = [each.value.record]
ttl = 60
type = each.value.type
zone_id = each.value.zone_id
}


## AppRunner
resource "aws_apprunner_service" "this" {
service_name = "drive-gooder"
source_configuration {
image_repository {
image_configuration {
port = "80"
port = local.container_port_https
runtime_environment_variables = {
OPENAI_API_KEY="replace me"
SUMMARIZE_MODEL="hosted_openai"
SPEECH_TO_TEXT_MODEL="hosted_openai"
QUESTION_MODEL="hosted_openai"
TEXT_TO_SPEECH_MODEL="local_coqui"
GOOGLE_CLIENT_ID="73232257368-9v4kp1o2c5tptr5h13h6k5tql6483kc6.apps.googleusercontent.com"
GOOGLE_CLIENT_SECRET="replace-me"
ROOT_URI="https://localhost/"
}}
get the arns from secret manager
runtime_environment_secrets = {
GOOGLE_CLIENT_SECRET="arn:aws:secretsmanager:us-east-2:310753928788:secret:drive-gooder-secrets-5lmhvt:GOOGLE_CLIENT_SECRET::"
OPENAI_API_KEY="arn:aws:secretsmanager:us-east-2:310753928788:secret:drive-gooder-secrets-5lmhvt:OPENAI_API_KEY::"
}
# get the arns from secret manager
# runtime_environment_secrets = {
# GOOGLE_CLIENT_SECRET=
# OPENAI_API_KEY=
# }
}
image_identifier = local.container_image
image_repository_type = "ECR"
Expand All @@ -71,7 +114,7 @@ resource "aws_apprunner_service" "this" {
authentication_configuration {
access_role_arn = aws_iam_role.ecrAccessorRole.arn
}
}

# what is instance_configuration?
instance_configuration {
# instance_role_arn = aws_iam_role.secret_reader.arn
Expand All @@ -89,7 +132,8 @@ resource "aws_apprunner_service" "this" {
# }
health_check_configuration {
# change drive-gooder healthcheck endpoint to return a 200 instead of a 301
path = "/api"
path = "/nginx-healthcheck"
protocol = "HTTP"
}
}

Expand Down
42 changes: 21 additions & 21 deletions api/cloud/BaseImage.Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,18 @@

FROM python:3.10-slim-bullseye AS base

RUN apt-get clean \
&& apt-get -y update
RUN apt clean \
&& apt -y update

RUN apt-get -y install nginx \
&& apt-get -y install python3-dev \
&& apt-get install -y curl \
&& apt-get -y install build-essential \
&& apt-get -y install libpq-dev \
&& apt-get -y install ffmpeg \
&& apt-get -y install espeak \
&& apt-get -y install -y openssh-server \
&& apt-get install sudo
RUN apt install -y --no-install-recommends nginx \
&& apt install -y --no-install-recommends python3-dev \
&& apt install -y --no-install-recommends curl \
&& apt install -y --no-install-recommends build-essential \
&& apt install -y --no-install-recommends libpq-dev \
&& apt install -y --no-install-recommends ffmpeg \
&& apt install -y --no-install-recommends espeak \
&& apt install -y --no-install-recommends openssh-server \
&& apt install -y --no-install-recommends sudo
# need sudo to securely switch to appUser

# Don't buffer `stdout`:
Expand All @@ -21,7 +21,7 @@ ENV PYTHONUNBUFFERED=1
ENV PYTHONDONTWRITEBYTECODE=1
WORKDIR "/app"

RUN groupadd --gid 1010 socketWriters \
RUN groupadd --gid 1010 socketWriters \
&& usermod -a -G socketWriters www-data \
&& pwd=$(cat /proc/sys/kernel/random/uuid) \
&& echo "$pwd" > password \
Expand All @@ -37,19 +37,19 @@ RUN groupadd --gid 1010 socketWriters \
&& sed -i '1s;^;source ./.venv/bin/activate\n;' /home/appUser/.bashrc &&\
# Create the .local and share directories if useradd does not make them
if [ ! -d "/home/appUser/.local" ]; then \
mkdir -p "/home/appUser/.local/share/tts" \
mkdir -p "/home/appUser/.local/share/tts" \
# coqui seems to use both tts and tts-caches
mkdir -p "/home/appUser/.local/share/tts-cache" \
chown -R appUser "/home/appUser/" \
&& mkdir -p "/home/appUser/.local/share/tts-cache" \
&& chown -R appUser "/home/appUser/"; \
fi \
# make appUser owner of /app. This operation takes a long time
&& chown -R appUser /app

USER appUser
RUN pip install --upgrade pip
RUN pip install poetry && poetry config virtualenvs.in-project true
ENV PATH="${PATH}:/home/appUser/.local/bin"
RUN pip install --upgrade pip \
&& pip install poetry \
&& poetry config virtualenvs.in-project true
COPY poetry.lock pyproject.toml ./
# below line to sate coqui tts
# RUN pip wheel --no-cache-dir --use-pep517 "sudachipy (==0.6.8)"

RUN poetry install
RUN poetry install --no-interaction --no-root
USER root
8 changes: 4 additions & 4 deletions api/cloud/Final.Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
ARG WORKDIR="/app"

FROM halzinnia/drive-gooder-base:v0.0.3
FROM halzinnia/drive-gooder-base:v0.0.5arm

ARG WORKDIR
WORKDIR ${WORKDIR}
Expand All @@ -13,17 +13,17 @@ RUN mkdir /etc/nginx/certs \
rsa:4096 -keyout key.pem -out cert.pem \
-sha256 -days 365 -nodes -subj "/C=US/ST=IN/L=Indianapolis/O=BTYT/OU=clowns/CN=drive-gooder"

COPY ./cloud/nginx.conf /etc/nginx
COPY ./cloud/nginx.conf /etc/nginx/nginx.conf

# We're trying this int he BaseImage now:
# We're trying this in the BaseImage now:
# setup appUser, uid 1007 and gid 1010 (socketwriters group)
# COPY cloud/appUser.sh ./
# RUN chmod +x appUser.sh \
# && ./appUser.sh

COPY --chown=1007:1010 backend backend
COPY --chown=1007:1010 /build frontend
COPY --chown=1007:1010 cloud/start.sh cloud/uwsgi.ini cloud/appUserStart.sh ./
COPY --chown=1007:1010 cloud/uwsgi.ini cloud/start.sh cloud/appUserStart.sh ./
RUN chmod +x start.sh appUserStart.sh

# add a dev ssh key
Expand Down
6 changes: 5 additions & 1 deletion api/cloud/nginx.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,14 +36,18 @@ http {

server {
listen 443 ssl;
listen 80;
server_name localhost;

proxy_ssl_server_name on;
ssl_certificate /etc/nginx/certs/cert.pem;
ssl_certificate_key /etc/nginx/certs/key.pem;
access_log /var/log/nginx/data-access.log combined;


location /nginx-healthcheck {
return 200;
}

location /api {
proxy_pass http://localhost:5003/api;
proxy_set_header Host $http_host;
Expand Down
1 change: 0 additions & 1 deletion api/cloud/start.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,5 +6,4 @@ nginx -t
service nginx start

# appUser runs app
head -n 3 /home/appUser/.bashrc
su appUser -c "bash appUserStart.sh"

0 comments on commit 66893e4

Please sign in to comment.