labring
diff --git a/‎deploy/args.json‎
Lines changed: 12 additions & 3 deletions b/‎deploy/args.json‎
Lines changed: 12 additions & 3 deletions
diff --git a/‎deploy/docker/cn/docker-compose.milvus.yml‎
Lines changed: 51 additions & 0 deletions b/‎deploy/docker/cn/docker-compose.milvus.yml‎
Lines changed: 51 additions & 0 deletions
diff --git a/‎deploy/docker/cn/docker-compose.oceanbase.yml‎
Lines changed: 51 additions & 1 deletion b/‎deploy/docker/cn/docker-compose.oceanbase.yml‎
Lines changed: 51 additions & 1 deletion
diff --git a/‎deploy/docker/cn/docker-compose.pg.yml‎
Lines changed: 51 additions & 0 deletions b/‎deploy/docker/cn/docker-compose.pg.yml‎
Lines changed: 51 additions & 0 deletions
diff --git a/‎deploy/docker/cn/docker-compose.seekdb.yml‎
Lines changed: 51 additions & 0 deletions b/‎deploy/docker/cn/docker-compose.seekdb.yml‎
Lines changed: 51 additions & 0 deletions
@@ -14,7 +14,10 @@
     "milvus-etcd": "v3.5.5",
     "milvus-standalone": "v2.4.3",
     "oceanbase": "4.3.5-lts",
-    "seekdb": "1.0.1.0-100000392025122619"
+    "seekdb": "1.0.1.0-100000392025122619",
+    "opensandbox-server": "v0.1.7",
+    "opensandbox-execd": "v1.0.7",
+    "opensandbox-egress": "v1.0.1"
   },
   "images": {
     "cn": {
@@ -32,7 +35,10 @@
       "milvus-etcd": "quay.io/coreos/etcd",
       "milvus-standalone": "milvusdb/milvus",
       "oceanbase": "oceanbase/oceanbase-ce",
-      "seekdb": "oceanbase/seekdb"
+      "seekdb": "oceanbase/seekdb",
+      "opensandbox-server": "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/server",
+      "opensandbox-execd": "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd",
+      "opensandbox-egress": "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress"
     },
     "global": {
       "fastgpt": "ghcr.io/labring/fastgpt",
@@ -49,7 +55,10 @@
       "milvus-etcd": "quay.io/coreos/etcd",
       "milvus-standalone": "milvusdb/milvus",
       "oceanbase": "oceanbase/oceanbase-ce",
-      "seekdb": "oceanbase/seekdb"
+      "seekdb": "oceanbase/seekdb",
+      "opensandbox-server": "opensandbox/server",
+      "opensandbox-execd": "opensandbox/execd",
+      "opensandbox-egress": "opensandbox/egress"
     }
   }
 }
@@ -183,17 +183,41 @@ services:
       timeout: 20s
       retries: 3
 
+  opensandbox-server:
+    image: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/server:v0.1.7
+    container_name: opensandbox-server
+    restart: always
+    networks:
+      - fastgpt
+    extra_hosts:
+      - 'host.docker.internal:host-gateway' # Enable access to host machine
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    configs:
+      - source: opensandbox-config
+        target: /etc/opensandbox/config.toml
+    environment:
+      - SANDBOX_CONFIG_PATH=/etc/opensandbox/config.toml
+    healthcheck:
+      test: ['CMD', 'curl', '-f', 'http://localhost:8090/health']
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
   fastgpt:
     container_name: fastgpt
     image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt:v4.14.8 # git
     ports:
       - 3000:3000
     networks:
       - fastgpt
+    extra_hosts:
+      - 'host.docker.internal:host-gateway' # Enable access to host machine
     depends_on:
       - mongo
       - sandbox
       - vectorDB
+      - opensandbox-server
     restart: always
     environment:
       <<: [*x-share-db-config, *x-vec-config, *x-log-config]
@@ -215,6 +239,8 @@ services:
       PLUGIN_TOKEN: *x-plugin-auth-token
       # sandbox 地址
       CODE_SANDBOX_URL: http://sandbox:3000
+      # opensandbox server 地址
+      OPENSANDBOX_SERVER_URL: http://opensandbox-server:8090
       # AI Proxy 的地址，如果配了该地址，优先使用
       AIPROXY_API_ENDPOINT: http://aiproxy:3000
       # AI Proxy 的 Admin Token，与 AI Proxy 中的环境变量 ADMIN_KEY
@@ -335,3 +361,28 @@ networks:
   aiproxy:
   vector:
 
+configs:
+  # opensandbox config
+  opensandbox-config:
+    content: |
+      [server]
+      host = "0.0.0.0"
+      port = 8090
+      log_level = "INFO"
+
+      [runtime]
+      type = "docker"
+      execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.7"
+
+      [egress]
+      image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1"
+
+      [docker]
+      network_mode = "bridge"
+      host_ip = "host.docker.internal"
+      drop_capabilities = ["AUDIT_WRITE", "MKNOD", "NET_ADMIN", "NET_RAW", "SYS_ADMIN", "SYS_MODULE", "SYS_PTRACE", "SYS_TIME", "SYS_TTY_CONFIG"]
+      no_new_privileges = true
+      pids_limit = 512
+
+      [ingress]
+      mode = "direct"
@@ -160,17 +160,41 @@ services:
       timeout: 20s
       retries: 3
 
+  opensandbox-server:
+    image: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/server:v0.1.7
+    container_name: opensandbox-server
+    restart: always
+    networks:
+      - fastgpt
+    extra_hosts:
+      - 'host.docker.internal:host-gateway' # Enable access to host machine
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    configs:
+      - source: opensandbox-config
+        target: /etc/opensandbox/config.toml
+    environment:
+      - SANDBOX_CONFIG_PATH=/etc/opensandbox/config.toml
+    healthcheck:
+      test: ['CMD', 'curl', '-f', 'http://localhost:8090/health']
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
   fastgpt:
     container_name: fastgpt
     image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt:v4.14.8 # git
     ports:
       - 3000:3000
     networks:
       - fastgpt
+    extra_hosts:
+      - 'host.docker.internal:host-gateway' # Enable access to host machine
     depends_on:
       - mongo
       - sandbox
       - vectorDB
+      - opensandbox-server
     restart: always
     environment:
       <<: [*x-share-db-config, *x-vec-config, *x-log-config]
@@ -192,6 +216,8 @@ services:
       PLUGIN_TOKEN: *x-plugin-auth-token
       # sandbox 地址
       CODE_SANDBOX_URL: http://sandbox:3000
+      # opensandbox server 地址
+      OPENSANDBOX_SERVER_URL: http://opensandbox-server:8090
       # AI Proxy 的地址，如果配了该地址，优先使用
       AIPROXY_API_ENDPOINT: http://aiproxy:3000
       # AI Proxy 的 Admin Token，与 AI Proxy 中的环境变量 ADMIN_KEY
@@ -316,4 +342,28 @@ configs:
     name: init_sql
     content: |
       ALTER SYSTEM SET ob_vector_memory_limit_percentage = 30;
-    
+  # opensandbox config
+  opensandbox-config:
+    content: |
+      [server]
+      host = "0.0.0.0"
+      port = 8090
+      log_level = "INFO"
+
+      [runtime]
+      type = "docker"
+      execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.7"
+
+      [egress]
+      image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1"
+
+      [docker]
+      network_mode = "bridge"
+      host_ip = "host.docker.internal"
+      drop_capabilities = ["AUDIT_WRITE", "MKNOD", "NET_ADMIN", "NET_RAW", "SYS_ADMIN", "SYS_MODULE", "SYS_PTRACE", "SYS_TIME", "SYS_TTY_CONFIG"]
+      no_new_privileges = true
+      pids_limit = 512
+
+      [ingress]
+      mode = "direct"
+
@@ -141,17 +141,41 @@ services:
       timeout: 20s
       retries: 3
 
+  opensandbox-server:
+    image: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/server:v0.1.7
+    container_name: opensandbox-server
+    restart: always
+    networks:
+      - fastgpt
+    extra_hosts:
+      - 'host.docker.internal:host-gateway' # Enable access to host machine
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    configs:
+      - source: opensandbox-config
+        target: /etc/opensandbox/config.toml
+    environment:
+      - SANDBOX_CONFIG_PATH=/etc/opensandbox/config.toml
+    healthcheck:
+      test: ['CMD', 'curl', '-f', 'http://localhost:8090/health']
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
   fastgpt:
     container_name: fastgpt
     image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt:v4.14.8 # git
     ports:
       - 3000:3000
     networks:
       - fastgpt
+    extra_hosts:
+      - 'host.docker.internal:host-gateway' # Enable access to host machine
     depends_on:
       - mongo
       - sandbox
       - vectorDB
+      - opensandbox-server
     restart: always
     environment:
       <<: [*x-share-db-config, *x-vec-config, *x-log-config]
@@ -173,6 +197,8 @@ services:
       PLUGIN_TOKEN: *x-plugin-auth-token
       # sandbox 地址
       CODE_SANDBOX_URL: http://sandbox:3000
+      # opensandbox server 地址
+      OPENSANDBOX_SERVER_URL: http://opensandbox-server:8090
       # AI Proxy 的地址，如果配了该地址，优先使用
       AIPROXY_API_ENDPOINT: http://aiproxy:3000
       # AI Proxy 的 Admin Token，与 AI Proxy 中的环境变量 ADMIN_KEY
@@ -293,3 +319,28 @@ networks:
   aiproxy:
   vector:
 
+configs:
+  # opensandbox config
+  opensandbox-config:
+    content: |
+      [server]
+      host = "0.0.0.0"
+      port = 8090
+      log_level = "INFO"
+
+      [runtime]
+      type = "docker"
+      execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.7"
+
+      [egress]
+      image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1"
+
+      [docker]
+      network_mode = "bridge"
+      host_ip = "host.docker.internal"
+      drop_capabilities = ["AUDIT_WRITE", "MKNOD", "NET_ADMIN", "NET_RAW", "SYS_ADMIN", "SYS_MODULE", "SYS_PTRACE", "SYS_TIME", "SYS_TTY_CONFIG"]
+      no_new_privileges = true
+      pids_limit = 512
+
+      [ingress]
+      mode = "direct"
@@ -147,17 +147,41 @@ services:
       timeout: 20s
       retries: 3
 
+  opensandbox-server:
+    image: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/server:v0.1.7
+    container_name: opensandbox-server
+    restart: always
+    networks:
+      - fastgpt
+    extra_hosts:
+      - 'host.docker.internal:host-gateway' # Enable access to host machine
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    configs:
+      - source: opensandbox-config
+        target: /etc/opensandbox/config.toml
+    environment:
+      - SANDBOX_CONFIG_PATH=/etc/opensandbox/config.toml
+    healthcheck:
+      test: ['CMD', 'curl', '-f', 'http://localhost:8090/health']
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
   fastgpt:
     container_name: fastgpt
     image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt:v4.14.8 # git
     ports:
       - 3000:3000
     networks:
       - fastgpt
+    extra_hosts:
+      - 'host.docker.internal:host-gateway' # Enable access to host machine
     depends_on:
       - mongo
       - sandbox
       - vectorDB
+      - opensandbox-server
     restart: always
     environment:
       <<: [*x-share-db-config, *x-vec-config, *x-log-config]
@@ -179,6 +203,8 @@ services:
       PLUGIN_TOKEN: *x-plugin-auth-token
       # sandbox 地址
       CODE_SANDBOX_URL: http://sandbox:3000
+      # opensandbox server 地址
+      OPENSANDBOX_SERVER_URL: http://opensandbox-server:8090
       # AI Proxy 的地址，如果配了该地址，优先使用
       AIPROXY_API_ENDPOINT: http://aiproxy:3000
       # AI Proxy 的 Admin Token，与 AI Proxy 中的环境变量 ADMIN_KEY
@@ -299,3 +325,28 @@ networks:
   aiproxy:
   vector:
 
+configs:
+  # opensandbox config
+  opensandbox-config:
+    content: |
+      [server]
+      host = "0.0.0.0"
+      port = 8090
+      log_level = "INFO"
+
+      [runtime]
+      type = "docker"
+      execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.7"
+
+      [egress]
+      image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1"
+
+      [docker]
+      network_mode = "bridge"
+      host_ip = "host.docker.internal"
+      drop_capabilities = ["AUDIT_WRITE", "MKNOD", "NET_ADMIN", "NET_RAW", "SYS_ADMIN", "SYS_MODULE", "SYS_PTRACE", "SYS_TIME", "SYS_TTY_CONFIG"]
+      no_new_privileges = true
+      pids_limit = 512
+
+      [ingress]
+      mode = "direct"