Welcome to the easiest way to get your own hosted private language model running swiftly with Ollama and Open WebUI
With this action, you can easily have your very own Large Language Model (LLM) like OpenAI's GPTChat or Anthropic's Claude. Except that it's entirely yours! You can tune it with your own data, and it's hosted on your own AWS account.
This action is perfect for anyone who wants to try out the latest models, ask questions about documents, or even build Retrieval Augmented Generation (RAG) apps against an LLM you own!
π₯οΈβ¨ Get started below, and you'll be talking with your own hosted LLM in no time!
Supported Cloud Providers:
- AWS
Note: This action is currently in beta. Please report any issues you find by creating an Issue or a Pull Requests
This project is supported by Bitovi DevOps and a proud supporter of Open Source software.
You can get help or ask questions on our Discord channel! Come hang out with us; We love discussing solutions!
Or, you can hire us for training, consulting, development, and deployments (including LLM deployments ;). Set up a free consultation.
This is a list of requirements you'll need to meet in order to use this action.
- An AWS account (yep, that's it!)
You'll need Access Keys from an AWS account
Create .github/workflow/deploy.yaml with the following to build on push.
name: Basic deploy
on:
push:
branches: [ main ]
jobs:
EC2-Deploy:
runs-on: ubuntu-latest
steps:
- id: deploy
name: Deploy
uses: bitovi/[email protected]
with:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID}}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY}}Once deployed, visit the url provided in the workflow output summary.
(todo)
- Action Defaults
- AWS Configuration
- Secrets and Environment Variables
- EC2
- Prometheus
- Stack Management
- Domains
- VPC
The following inputs can be used as step.with keys
| Name | Type | Description | Required | Default |
|---|---|---|---|---|
checkout |
Boolean | Set to false if the code is already checked out. |
false | true |
| Name | Type | Description | Required | Default |
|---|---|---|---|---|
aws_access_key_id |
String | AWS access key ID. | true | |
aws_secret_access_key |
String | AWS secret access key. | true | |
aws_session_token |
String | AWS session token, if you're using temporary credentials. | false | |
aws_default_region |
String | AWS default region. | true | us-east-1 |
aws_resource_identifier |
String | Auto-generated by default so it's unique for org/repo/branch. Set to override with custom naming the unique AWS resource identifier for the deployment. Defaults to ${org}-${repo}-${branch}. |
false | ${GITHUB_ORG_NAME}-${GITHUB_REPO_NAME}-${GITHUB_BRANCH_NAME} |
aws_extra_tags |
JSON | A list of additional tags that will be included on created resources. Example: {"key1": "value1", "key2": "value2"} |
false | {} |
| Name | Type | Description - Check note about environment variables. |
|---|---|---|
env_aws_secret |
String | Secret name to pull env variables from AWS Secret Manager, could be a comma separated list, read in order. Expected JSON content. |
env_repo |
String | File containing environment variables to be used with the app. |
env_ghs |
String | .env file to be used with the app from Github secrets. |
env_ghv |
String | .env file to be used with the app from Github variables. |
| Name | Type | Description |
|---|---|---|
aws_ec2_instance_type |
String | The AWS EC2 instance type. Default is inf1.xlarge. |
aws_ec2_instance_profile |
String | The AWS IAM instance profile to use for the EC2 instance. Use if you want to pass an AWS role with specific permissions granted to the instance. |
aws_ec2_create_keypair_sm |
Boolean | Creates a Secret in AWS secret manager to store a kypair. Default is false. |
aws_ec2_instance_vol_size |
String | Root disk size for the EC2 instance. Default is 10. |
aws_ec2_additional_tags |
JSON | A JSON object of additional tags that will be included on created resources. Example: {"key1": "value1", "key2": "value2"} |
aws_ec2_ami_filter |
String | AMI filter to use when searching for an AMI to use for the EC2 instance. Defaults to ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*. |
infrastructure_only |
Boolean | Set to true to provision infrastructure (with Terraform) but skip the app deployment (with ansible). Default is false. |
| Name | Type | Description |
|---|---|---|
tf_stack_destroy |
Boolean | Set to true to destroy the created AWS infrastructure for this instance. Default is false. |
tf_state_file_name |
String | Change this to be anything you want to. Carefull to be consistent here. A missing file could trigger recreation, or stepping over destruction of non-defined objects. |
tf_state_file_name_append |
String | Append a string to the tf-state-file. Setting this to unique will generate tf-state-aws-unique. Can co-exist with the tf_state_file_name variable. |
tf_state_bucket |
String | AWS S3 bucket to use for Terraform state. Defaults to ${org}-${repo}-{branch}-tf-state-aws. |
tf_state_bucket_destroy |
Boolean | Force purge and deletion of S3 tf_state_bucket defined. Any file contained there will be destroyed. tf_stack_destroy must also be true. |
| Name | Type | Description |
|---|---|---|
aws_domain_name |
String | Define the root domain name for the application. e.g. bitovi.com. If empty, ELB URL will be provided. |
aws_sub_domain |
String | Define the sub-domain part of the URL. Defaults to ${org}-${repo}-{branch}. |
aws_root_domain |
Boolean | Deploy application to root domain. Will create root and www DNS records. Domain must exist in Route53. |
aws_cert_arn |
String | Existing certificate ARN to be used in the ELB. Use if you manage a certificate outside of this action. See https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-list.html for how to find the certificate ARN. |
aws_create_root_cert |
Boolean | Generates and manage the root certificate for the application to be used in the ELB. |
aws_create_sub_cert |
Boolean | Generates and manage the sub-domain certificate for the application to be used in the ELB. |
aws_no_cert |
Boolean | Set this to true if you want not to use a certificate in the ELB. Default is false. |
| Name | Type | Description |
|---|---|---|
aws_vpc_create |
Boolean | Define if a VPC should be created. Default is true. |
aws_vpc_name |
String | Set a specific name for the VPC. |
aws_vpc_cidr_block |
String | Define Base CIDR block which is divided into subnet CIDR blocks. Defaults to 10.0.0.0/16. |
aws_vpc_public_subnets |
String | Comma separated list of public subnets. Defaults to 10.10.110.0/24. |
aws_vpc_private_subnets |
String | Comma separated list of private subnets. If none, none will be created. |
aws_vpc_availability_zones |
String | Comma separated list of availability zones. Defaults to aws_default_region. |
aws_vpc_id |
String | AWS VPC ID. Accepts vpc-### values. |
aws_vpc_subnet_id |
String | Specify a Subnet to be used with the instance. If none provided, one will be picked. |
aws_vpc_additional_tags |
JSON | A JSON object of additional tags that will be included on created resources. Example: {"key1": "value1", "key2": "value2"} |
For envirnoment variables in your app, you can provide:
env_repo- A file in your repo that contains env varsenv_ghv- An entry in Github actions variablesenv_ghs- An entry in Github secretsenv_aws_secret- The path to a JSON format secret in AWS
These environment variables are merged (in the following order) to the .env file and provided to both the Prometheus and Grafana services:
- Terraform passed env vars ( This is not optional nor customizable )
- Repository checked-in env vars - repo_env file as default. (KEY=VALUE style)
- Github Secret - Create a secret named DOT_ENV - (KEY=VALUE style)
- AWS Secret - JSON style like '{"key":"value"}'
Most resources will contain the tag ${GITHUB_ORG_NAME}-${GITHUB_REPO_NAME}-${GITHUB_BRANCH_NAME}, some of them, even the resource name after.
We limit this to a 60 characters string because some AWS resources have a length limit and short it if needed.
We use the kubernetes style for this. For example, kubernetes -> k(# of characters)s -> k8s. And so you might see some compressions are made.
For some specific resources, we have a 32 characters limit. If the identifier length exceeds this number after compression, we remove the middle part and replace it for a hash made up from the string itself.
Buckets names can be made of up to 63 characters. If the length allows us to add -tf-state, we will do so. If not, a simple -tf will be added.
As a default, the application will be deployed and the ELB public URL will be displayed.
If domain_name is defined, we will look up for a certificate with the name of that domain (eg. example.com). We expect that certificate to contain both example.com and *.example.com.
If you wish to set up domain_name and disable the certificate lookup, set up no_cert to true.
Setting create_root_cert to true will create this certificate with both example.com and *.example.com for you, and validate them. (DNS validation).
Setting create_sub_cert to true will create a certificate just for the subdomain, and validate it.
β οΈ Be very careful here! Created certificates are fully managed by Terraform. Therefor they will be destroyed upon stack destruction.
To change a certificate (root_cert, sub_cert, ARN or pre-existing root cert), you must first set the no_cert flag to true, run the action, then set the no_cert flag to false, add the desired settings and excecute the action again. (This will destroy the first certificate.)
This is necessary due to a limitation that prevents certificates from being changed while in use by certain resources.
BitOps allows you to define Infrastructure-as-Code for multiple tools in a central place. This action uses a BitOps Operations Repository to set up the necessary Terraform and Ansible to create infrastructure and deploy to it.
We would love for you to contribute to bitovi/github-actions-deploy-ollama and help make it even better than it is today!
Would you like to see additional features? Create an issue or a Pull Requests.
The scripts and documentation in this project are released under the MIT License.