Skip to content

feat: add public mode configuration to TUI installer #7638

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
devyubin wants to merge 14 commits into
base: main
Choose a base branch
from
Open

feat: add public mode configuration to TUI installer #7638

devyubin wants to merge 14 commits into from
+143 −8

Conversation

@devyubin
Copy link
Contributor

@devyubin devyubin commented Dec 30, 2025
edited
Loading

resolves #7637 (BA-3596)

Checklist: (if applicable)

  • Milestone metadata specifying the target backport version
  • Mention to the original issue
  • Installer updates including:
    • Fixtures for db schema changes
    • New mandatory config options
  • Update of end-to-end CLI integration tests in ai.backend.test
  • API server-client counterparts (e.g., manager API -> client SDK)
  • Test case(s) to:
    • Demonstrate the difference of before/after
    • Demonstrate the flow of abstract/conceptual models with a concrete implementation
  • Documentation
    • Contents in the docs directory
    • docstrings in public interfaces and type annotations

@devyubin devyubin self-assigned this Dec 30, 2025
@github-actions github-actions bot added the size:XL 500~ LoC label Dec 30, 2025
@devyubin devyubin added the comp:installer Related to Installer label Dec 30, 2025
github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 30, 2025
View reviewed changes
src/ai/backend/install/context.py
appproxy_itable["url"] = f"https://{public_facing_address}:{advertised_port}"
else:
appproxy_itable["url"] = (
f"http://{service.appproxy_coordinator_addr.face.host}:{service.appproxy_coordinator_addr.face.port}"

Check warning

Code scanning / devskim

An HTTP-based URL without TLS was detected. Warning

Insecure URL
@devyubin devyubin requested a review from Yaminyam December 30, 2025 03:51
@github-actions github-actions bot added size:S 10~30 LoC and removed size:XL 500~ LoC labels Dec 30, 2025
@github-actions github-actions bot added size:L 100~500 LoC and removed size:S 10~30 LoC labels Dec 30, 2025
@HyeockJinKim HyeockJinKim force-pushed the main branch 2 times, most recently from 9552aac to 4af738e Compare December 31, 2025 15:41
@devyubin devyubin marked this pull request as ready for review January 7, 2026 02:42
Copilot AI review requested due to automatic review settings January 7, 2026 02:43
Copilot AI reviewed Jan 7, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds public mode configuration support to the TUI installer, enabling Backend.AI to be deployed with TLS and wildcard domain support for public-facing installations. The changes introduce new CLI options and configuration logic to handle both local development and public deployment scenarios.

  • Adds four new CLI options: --public-mode, --fqdn-prefix, --tls-advertised, and --advertised-port
  • Enhances SetupLog widget to support non-interactive mode with stdout output
  • Updates webserver and appproxy configuration generation to support public mode with custom domains

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
src/ai/backend/install/widgets.py Adds non-interactive mode support to SetupLog, enabling output to stdout via Rich Console
src/ai/backend/install/types.py Adds public mode fields to CliArgs and InstallVariable, with properties for generating domain names from FQDN prefix
src/ai/backend/install/context.py Updates webserver and appproxy configuration logic to handle public mode, TLS settings, and domain-based routing
src/ai/backend/install/cli.py Defines four new CLI options for controlling public mode configuration
src/ai/backend/install/app.py Passes non_interactive flag to SetupLog instances and initializes InstallVariable with new public mode fields

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

src/ai/backend/install/context.py
Comment on lines +799 to 812
data["proxy_worker"]["api_advertised_addr"] = { # type: ignore[index]
"host": public_facing_address,
"port": service.appproxy_worker_addr.bind.port,
}
data["proxy_worker"]["api_bind_addr"] = { # type: ignore[index]
"host": service.appproxy_worker_addr.bind.host,
"port": service.appproxy_worker_addr.bind.port,
}
data["proxy_worker"]["port_proxy"]["bind_port"] = service.appproxy_worker_addr.bind.port # type: ignore[index]
data["proxy_worker"]["port_proxy"]["bind_host"] = service.appproxy_worker_addr.bind.host # type: ignore[index]
data["proxy_worker"]["port_proxy"]["bind_host"] = "0.0.0.0" # type: ignore[index]
data["proxy_worker"]["port_proxy"]["advertised_host"] = public_facing_address # type: ignore[index]
data["secrets"]["api_secret"] = service.appproxy_api_secret # type: ignore[index]
data["secrets"]["jwt_secret"] = service.appproxy_jwt_secret # type: ignore[index]
data["permit_hash"]["permit_hash_secret"] = service.appproxy_permit_hash_secret # type: ignore[index]
Copy link

Copilot AI Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The configuration set on lines 799-812 is redundant and will be immediately overwritten by the if/else block starting at line 814. In the public_mode branch (lines 814-835), these same fields are reassigned with different values, and in the else branch (lines 836-850), they are set again. This creates unnecessary code duplication and potential confusion. Consider removing lines 799-812 and ensuring all necessary configuration is set within the if/else branches.

Copilot uses AI. Check for mistakes.
Copy link
Contributor Author

@devyubin devyubin Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The settings in the else block appear identical to the defaults above, but they're not redundant. they overwrite the TOML template's placeholder values with runtime variables like public_facing_address and service.appproxy_worker_addr. This is necessary because the template file contains static defaults, not the actual runtime configuration values.

src/ai/backend/install/context.py
f"http://{service.appproxy_coordinator_addr.face.host}:{service.appproxy_coordinator_addr.face.port}"
)
if public_mode:
appproxy_itable["url"] = f"https://{public_facing_address}:{advertised_port}"
Copy link

Copilot AI Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When public_mode is enabled, the webserver configuration uses public_facing_address directly (line 615), but the appproxy configuration uses the apphub_address and app_address properties which incorporate the fqdn_prefix (lines 778, 817, 819). This inconsistency could lead to misconfiguration when fqdn_prefix is provided. Consider using the appropriate property instead of public_facing_address directly to ensure consistent domain usage across all components.

Suggested change
appproxy_itable["url"] = f"https://{public_facing_address}:{advertised_port}"
appproxy_host = service.apphub_address.face.host
appproxy_itable["url"] = f"https://{appproxy_host}:{advertised_port}"

Copilot uses AI. Check for mistakes.
src/ai/backend/install/context.py
wildcard_table["domain"] = wildcard_domain
bind_addr_table = tomlkit.inline_table()
bind_addr_table["host"] = "0.0.0.0"
bind_addr_table["port"] = 10250
Copy link

Copilot AI Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The bind port for wildcard_domain is hardcoded to 10250. Consider whether this should be configurable or at least documented why this specific port is used. If this port conflicts with other services or needs to be different in certain deployments, it could cause issues.

Suggested change
bind_addr_table["port"] = 10250
bind_addr_table["port"] = service.appproxy_worker_addr.bind.port

Copilot uses AI. Check for mistakes.
src/ai/backend/install/widgets.py Outdated
self._stdout_console.print_exception()
else:
self._stdout_console.print(content)
except Exception:
Copy link

Copilot AI Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

'except' clause does nothing but pass and there is no explanatory comment.

Copilot uses AI. Check for mistakes.
Copy link
Contributor Author

@devyubin devyubin Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stdout output failure is intentionally silenced to prevent it from interrupting the installation process. The primary goal is completing the installation; logging is secondary.

@devyubin devyubin requested a review from HyeockJinKim January 7, 2026 03:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Yaminyam Yaminyam Awaiting requested review from Yaminyam

@HyeockJinKim HyeockJinKim Awaiting requested review from HyeockJinKim

Assignees

@devyubin devyubin

Labels

comp:installer Related to Installer size:L 100~500 LoC

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add Public Mode Configuration Support to TUI Installer

2 participants

@devyubin