deploy/sandbox: pip 镜像源可配 + timeout 60s 兜底 ReadTimeout

- Dockerfile 加 ARG PIP_INDEX_URL/PIP_TRUSTED_HOST,默 PyPI 官方;
  build 时 --build-arg PIP_INDEX_URL=... 切换腾讯云/阿里云/清华源
- pip install --timeout 60s(默 15s 太短,境内抖动易撞)
- RUN.md 镜像构建段加 3 个常用源命令 + 故障兜底加 ReadTimeoutError 行

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
caoqianming 2026-05-26 21:10:50 +08:00
parent 1a950dedb5
commit 55adfa17b4
2 changed files with 25 additions and 1 deletions

11
RUN.md
View File

@ -282,6 +282,16 @@ sudo -u zcbot docker build \
--build-arg HOST_GID=$(id -g zcbot) \
-t zcbot-sandbox:latest .
# 境内访问 PyPI 抖动 / ReadTimeout → 加 --build-arg 切换镜像源:
# 腾讯云内网(腾讯云轻量 / CVM 上免外网带宽):
# --build-arg PIP_INDEX_URL=https://mirrors.cloud.tencent.com/pypi/simple/
# 阿里云:
# --build-arg PIP_INDEX_URL=https://mirrors.aliyun.com/pypi/simple/
# 清华:
# --build-arg PIP_INDEX_URL=https://pypi.tuna.tsinghua.edu.cn/simple/
# 镜像源走 https,通常不需 --trusted-host;若用 http 源加
# --build-arg PIP_TRUSTED_HOST=<host_without_scheme>
# 3) 创建 sandbox 网络(--internal,默认无 outbound)
sudo -u zcbot docker network create --internal zcbot-sandbox-net
# 或 SandboxPool.setup_pool() 自动 ensure
@ -430,6 +440,7 @@ sudo xfs_quota -x -c "limit -p bhard=10g zcbot_<user_uuid>" /opt
| 启动报 `ZCBOT_SANDBOX_BACKEND=docker but sandbox init failed: ...` | docker daemon 没起 / 用户不在 docker group / network create 失败。先跑 `main.py sandbox check` 看哪一项 err |
| `[startup] [warn] fs quota: <fstype> on ...` | workspace 所在 fs 没启 OS 层 quota。dogfood 阶段忽略;外部用户开放前必须升级 xfs prjquota / ext4 project / zfs(详 RUN.md「配额硬化」段) |
| `docker run zcbot-sandbox:latest``Unable to find image` | 镜像没 build。`sudo -u zcbot docker build -f deploy/sandbox/Dockerfile --build-arg HOST_UID=$(id -u zcbot) --build-arg HOST_GID=$(id -g zcbot) -t zcbot-sandbox:latest .` |
| 镜像 build pip 报 `ReadTimeoutError: HTTPSConnectionPool(host='files.pythonhosted.org', ...)` | 境内访问 PyPI 抖动。加 `--build-arg PIP_INDEX_URL=https://mirrors.cloud.tencent.com/pypi/simple/`(腾讯云内网)或阿里云 / 清华源,详 RUN.md「镜像构建」段。Dockerfile 已把 pip timeout 拉到 60s,主因仍是源不通而非超时 |
| Export 报 "无可导出内容" | task 没 messages(只 system 不算);先发条消息再 export |
| `NoSubtaskError: working_dir ... 前缀嵌套` | §7.4 no-subtask:同 user 不允许 working_dir 嵌套(child / parent)。**同项目多对话**用**完全相同**的 working_dir;否则改成 sibling(平级) |
| `main.py web` 启动后 curl 连不上 | 检查 proxy(`HTTP_PROXY` / `HTTPS_PROXY`):本地服务 127.0.0.1,系统 proxy 拦截会 502。临时 `unset HTTP_PROXY HTTPS_PROXY``curl --noproxy '*'`。验通:`curl --noproxy '*' http://127.0.0.1:8765/healthz` |

View File

@ -28,8 +28,21 @@ RUN groupadd -g ${HOST_GID} zcbot && useradd -u ${HOST_UID} -g ${HOST_GID} -m -s
# 装全套 requirements ── 模型在 run_python 里写的脚本可能用 fastapi / sqlalchemy / litellm
# 等,装齐免 "ModuleNotFoundError" 摩擦。镜像偏大(~1G)是接受成本。
#
# pip 源可配(境内访问 files.pythonhosted.org 慢 / ReadTimeout):
# --build-arg PIP_INDEX_URL=https://mirrors.cloud.tencent.com/pypi/simple/ # 腾讯云内网
# --build-arg PIP_INDEX_URL=https://mirrors.aliyun.com/pypi/simple/ # 阿里云
# --build-arg PIP_INDEX_URL=https://pypi.tuna.tsinghua.edu.cn/simple/ # 清华
# 默 PyPI 官方;timeout 拉到 60s 兜底抖动。
ARG PIP_INDEX_URL=https://pypi.org/simple/
ARG PIP_TRUSTED_HOST=
COPY requirements.txt /tmp/requirements.txt
RUN pip install --no-cache-dir -r /tmp/requirements.txt && rm /tmp/requirements.txt
RUN pip install --no-cache-dir \
--index-url ${PIP_INDEX_URL} \
${PIP_TRUSTED_HOST:+--trusted-host ${PIP_TRUSTED_HOST}} \
--timeout 60 \
-r /tmp/requirements.txt \
&& rm /tmp/requirements.txt
COPY deploy/sandbox/init.sh /init.sh
RUN chmod +x /init.sh