3 Configure the Private AI Services Container
There are several different configurations with which the container can be installed, demonstrated in the following tutorials using scripts that are included in the container image.
The configuration tutorials are ordered from least to most complex. The simplest configurations are recommended as a starting point before trying out the more complex configurations. For security reasons, it is strongly recommended to use TLS 1.3 with an API Key for production deployments.
The configuration tutorials use bash scripts that are described in the following table, which are included in the container image as of version 25.1.2.0.0. These scripts simplify the configuration process for both the secure and non-secure modes of running the container.
| Script Name | Purpose |
|---|---|
| quickStart.sh |
This script automates the container setup and calls the other dependent scripts. It can be modified to use the paths that are needed for the different directories. |
| secretsSetup.sh |
This script sets up secrets and certificates needed to launch the container and stores them in a user-specified folder. If the folder does not already exist, it will be created by the script. You can pass a subject distinguished name (DN) as a string and a password as a file in order to avoid user input during execution of the script. |
| configSetup.sh |
You provide directories with models, secrets, and the configuration file, and the script copies them to another user-specified folder. If the directory does not already exist, it will be created. The owner is changed to the host UID of the specified container UID in order to permit logging by the container. A folder for log files is also created. |
| containerSetup.sh |
You provide the directory with the copied files, which can be
generated by |
| util.sh |
This is a helper script with common functions that are called by the other scripts. |
To use the scripts, you must first copy them from an image. The following
commands will copy the scripts to the current directory. Note that you need to replace
<image version> with the version of the image that you are using in
each of the commands (as an explicit version number, such as 25.1.2.0.0,
not as latest).
IMAGEID=`podman create container-registry.oracle.com/database/private-ai:<image version>`podman cp $IMAGEID:/privateai/scripts/privateai-setup-<image version>.zip .The scripts are designed to allow the container admins to quickly and easily set up a Private AI Services Container. Before you begin, verify that you have the following software installed and have followed the installation steps at Install the Private AI Services Container:
- Oracle Linux 8.6+, 9, or 10
- OpenSSL with TLS 1.3 support
- Podman 4.9.4+
- PrivateAI image loaded on podman
Note:
The install scripts require the sudo privilege to run correctly.The included tutorials using HTTP use localhost, as both the
client and container run on the same host machine. The IP address or hostname where the
container is running can also be used if desired. When the HTTP client is running on a
different machine than the container, either the IP address or the hostname of the container
must be specified.
There are a number of APIs that you can use to get information about the container. For example, you can verify that the container is running, get a list of currently deployed models, and get information about metrics exposed by the application. For more information, see Private AI Services Container API Reference.
- Install with HTTP and Default Models
This is the simplest configuration. The API Key and SSL are not used. The default embedding models are used with the HTTP port 8080. - Install with HTTP with Models and Advanced Options
This tutorial is a superset of the HTTP with Configuration File tutorial that allows you to define vector embedding models that do not ship with the container. For a more advanced configuration, you can optionally choose to specify the HTTP port, container version, and or container name. - Install with Self-Signed SSL Certificates
This configuration is a superset of the configuration using HTTP with a configuration file that uses SSL with self-signed digital certificates. - Install with HTTP/SSL with Models and Advanced Options
This configuration combines an SSL configuration with additional embedding models and the configuration file. For a more advanced configuration, you can optionally choose to specify the HTTP port, container version, and or container name. - Use the OpenAI Python SDK Client with HTTP or HTTP/SSL
The OpenAI Python client works with the container when using HTTP or HTTP/SSL. You just need to specify the correct HTTP endpoint, along with a valid API KEY when using HTTP/SSL.