Blue Ridge Rootless AI Stack for Enterprise Linux ================================================ Purpose ------- This file contains a practical rootless AI stack installer for RHEL-family Enterprise Linux systems. It is designed for personal infrastructure labs, consultants, and small businesses that want to test local AI safely without turning a simple host into a fragile science project. The stack uses: - Rootless Podman - Ollama - Ollama UI - Mistral as the primary model - qwen2.5:1.5b as a lightweight backup model - A user-level systemd service for reboot survival - Persistent Podman volumes for model and UI data Words of Wisdom --------------- Local AI is most useful when it is treated like infrastructure, not magic. For a personal or SMB RHEL-family system, the goal should not be to replace judgment or automate every business process on day one. The better first step is to create a safe, private environment where you can explore how AI might improve real workflows: drafting documentation, summarizing notes, building checklists, reviewing logs, creating first-pass scripts, explaining technical concepts, or turning scattered operational knowledge into repeatable procedures. Rootless containers are a smart place to begin because they keep the experiment contained. You can test, break, rebuild, document, and improve the stack without giving every process root-level reach across the host. That matters in small environments where the same machine may also be used for monitoring, remote access, internal tools, or lab workloads. Start with a clear boundary: - Do not feed sensitive client data into a model until you understand where data is stored and how it is handled. - Keep the first deployment local and simple. - Document the host, ports, volumes, models, and service commands. - Monitor CPU, memory, disk growth, and model behavior. - Treat prompts, outputs, and workflows as operational artifacts worth refining. The sky is the limit, but the runway is discipline. AI becomes valuable when it is paired with clean systems, clear process, and a practical understanding of the work people are already doing. The only thing holding you back is your own creativity, but the thing that keeps it useful is structure. Installer --------- Copy and run the following on a RHEL-family Enterprise Linux host with Podman installed. cat > ~/install-ai-stack-ollama-ui.sh <<'EOF' #!/usr/bin/env bash set -euo pipefail STACK_NAME="ai-stack" OLLAMA_CONTAINER="ai-ollama" UI_CONTAINER="ollama-ui" SERVICE_DIR="$HOME/.config/systemd/user" SERVICE_FILE="$SERVICE_DIR/ai-stack.service" PRIMARY_MODEL="mistral" BACKUP_MODEL="qwen2.5:1.5b" WEB_PORT="3000" OLLAMA_PORT="11434" echo "============================================================" echo " Blue Ridge AI Stack Installer" echo " Rootless Podman + Ollama + Ollama UI" echo " Primary model: $PRIMARY_MODEL" echo " Backup model: $BACKUP_MODEL" echo "============================================================" echo mkdir -p "$SERVICE_DIR" echo "===== 1/9 Checking tools =====" if ! command -v podman >/dev/null 2>&1; then echo "ERROR: podman is not installed." exit 1 fi if ! command -v systemctl >/dev/null 2>&1; then echo "ERROR: systemctl is not available." exit 1 fi if ! command -v curl >/dev/null 2>&1; then echo "ERROR: curl is not installed." exit 1 fi echo "Podman: $(podman --version)" echo echo "===== 2/9 Stopping old AI stack if present =====" systemctl --user stop ai-stack.service 2>/dev/null || true podman pod rm -f "$STACK_NAME" 2>/dev/null || true podman rm -f tiny-ollama-chat ai-webui "$UI_CONTAINER" "$OLLAMA_CONTAINER" 2>/dev/null || true echo "Old stack removed if it existed." echo echo "===== 3/9 Creating persistent volumes =====" podman volume exists ollama-data || podman volume create ollama-data >/dev/null podman volume exists ollama-ui-data || podman volume create ollama-ui-data >/dev/null echo "Volumes ready:" podman volume ls | grep -E 'ollama-data|ollama-ui-data' || true echo echo "===== 4/9 Writing reboot-safe user systemd service =====" cat > "$SERVICE_FILE" </dev/null 2>&1 && systemctl is-active --quiet firewalld; then sudo firewall-cmd --permanent --add-port="$WEB_PORT/tcp" >/dev/null || true sudo firewall-cmd --permanent --add-port="$OLLAMA_PORT/tcp" >/dev/null || true sudo firewall-cmd --reload >/dev/null || true echo "Firewall ports open:" sudo firewall-cmd --list-ports else echo "firewalld is not active or firewall-cmd is unavailable. Skipping firewall step." fi echo echo "===== 8/9 Waiting for Ollama API =====" for i in {1..90}; do if curl -fsS "http://127.0.0.1:$OLLAMA_PORT" >/dev/null 2>&1; then echo "Ollama is responding." break fi if [[ "$i" -eq 90 ]]; then echo "ERROR: Ollama did not become ready in time." echo echo "Try:" echo " journalctl --user -u ai-stack.service -n 100 --no-pager" echo " podman ps -a" exit 1 fi sleep 2 done echo echo "===== 9/9 Pulling models =====" echo "Pulling primary model: $PRIMARY_MODEL" podman exec "$OLLAMA_CONTAINER" ollama pull "$PRIMARY_MODEL" echo echo "Pulling backup model: $BACKUP_MODEL" podman exec "$OLLAMA_CONTAINER" ollama pull "$BACKUP_MODEL" echo echo "Installed models:" podman exec "$OLLAMA_CONTAINER" ollama list echo HOST_IP="$(hostname -I | awk '{print $1}')" echo "============================================================" echo " AI stack ready" echo "============================================================" echo "Ollama UI: http://$HOST_IP:$WEB_PORT" echo "Ollama API: http://$HOST_IP:$OLLAMA_PORT" echo echo "Primary model: $PRIMARY_MODEL" echo "Backup model: $BACKUP_MODEL" echo echo "Useful commands:" echo " systemctl --user status ai-stack.service" echo " systemctl --user restart ai-stack.service" echo " journalctl --user -u ai-stack.service -f" echo " podman ps --format 'table {{.Names}}\t{{.Status}}\t{{.Ports}}'" echo " podman exec -it $OLLAMA_CONTAINER ollama list" echo " podman exec -it $OLLAMA_CONTAINER ollama run $PRIMARY_MODEL" echo " podman exec -it $OLLAMA_CONTAINER ollama run $BACKUP_MODEL" echo echo "Current containers:" podman ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" EOF chmod +x ~/install-ai-stack-ollama-ui.sh ~/install-ai-stack-ollama-ui.sh Post-Install Checks ------------------- Check service status: systemctl --user status ai-stack.service Follow logs: journalctl --user -u ai-stack.service -f List containers: podman ps --format 'table {{.Names}}\t{{.Status}}\t{{.Ports}}' Run the primary model from the terminal: podman exec -it ai-ollama ollama run mistral Operational Notes ----------------- This installer opens both the web UI port and the Ollama API port when firewalld is active. For a private lab that may be fine, but for a business or client environment, think carefully before exposing port 11434 beyond the trusted LAN. Prefer VPN, Tailscale, Cloudflare Access, SSH tunnels, or another controlled access layer when possible. Model storage can grow quickly. Keep an eye on Podman volume usage and host disk capacity. This is a test and exploration stack, not a complete production AI governance program. Before using it with client data, private business records, regulated information, or confidential documents, define a clear policy for what data may be used, who may access the service, and how outputs should be reviewed.