aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2024-04-22 14:41:40 +0300
committerFrederick Muriuki Muriithi2024-04-26 08:12:07 +0300
commit4694b99dd0ce0a1de0360e8008290a88f919ae23 (patch)
tree91c5a0f9683cc47731d6612662e1000067af0458
parent2a3242331f0bca32ae7450fb2d77af0021edf3b2 (diff)
downloadgn-machines-4694b99dd0ce0a1de0360e8008290a88f919ae23.tar.gz
Set up SSL keys for CI/CD for gn2 and gn-auth
-rw-r--r--genenetwork-development.scm48
1 files changed, 29 insertions, 19 deletions
diff --git a/genenetwork-development.scm b/genenetwork-development.scm
index f770f97..a624819 100644
--- a/genenetwork-development.scm
+++ b/genenetwork-development.scm
@@ -126,11 +126,11 @@ be imported into G-expressions."
(gn-auth-port genenetwork-configuration-gn-auth-port
(default 8084))
(gn2-secrets genenetwork-configuration-gn2-secrets
- (default "/etc/genenetwork/gn2-secrets.py"))
+ (default "/etc/genenetwork"))
(gn3-secrets genenetwork-configuration-gn3-secrets
(default "/etc/genenetwork/gn3-secrets.py"))
(gn-auth-secrets genenetwork-configuration-gn-auth-secrets
- (default "/etc/genenetwork/gn-auth-secrets.py"))
+ (default "/etc/genenetwork"))
(genotype-files genenetwork-configuration-genotype-files
(default "/var/genenetwork/genotype-files"))
(sparql-endpoint genenetwork-configuration-sparql-endpoint
@@ -477,15 +477,17 @@ server described by CONFIG, a <genenetwork-configuration> object."
(setenv
"GN2_SETTINGS"
- #$(mixed-text-file "gn2-staging.conf"
- "GN2_SECRETS=\"" gn2-secrets "\"\n"
+ #$(mixed-text-file "gn2.conf"
+ "GN2_SECRETS=\"" gn2-secrets "/gn2-secrets.py\"\n"
"GN3_LOCAL_URL=\""
(string-append "http://localhost:"
(number->string gn3-port))
"\"\n"
"GN_SERVER_URL=\"https://cd.genenetwork.org/api3/\"\n"
"AUTH_SERVER_URL=\"https://auth-cd.genenetwork.org/\"\n"
- "SQL_URI=\"mysql://webqtlout:webqtlout@localhost/db_webqtl\"\n"))
+ "SQL_URI=\"mysql://webqtlout:webqtlout@localhost/db_webqtl\"\n"
+ "SSL_PRIVATE_KEY=\"" gn2-secrets "/gn2-ssl-private-key.pem\"\n"
+ "AUTH_SERVER_SSL_PUBLIC_KEY=\"" gn2-secrets "/gn-auth-ssl-public-key.pem\"\n"))
;; Start genenetwork2.
(with-directory-excursion "genenetwork2"
@@ -566,8 +568,10 @@ server described by CONFIG, a <genenetwork-configuration> object."
;; Configure gn-auth.
(setenv "GN_AUTH_CONF"
#$(mixed-text-file "gn-auth.conf"
- "AUTH_DB=\"" auth-db-path "\"\n"))
- (setenv "GN_AUTH_SECRETS" #$gn-auth-secrets)
+ "AUTH_DB=\"" auth-db-path "\"\n"
+ "GN_AUTH_SECRETS=\"" gn-auth-secrets "/gn-auth-secrets.py\"\n"
+ "CLIENTS_SSL_PUBLIC_KEYS_DIR=\"" gn-auth-secrets "/clients-public-keys\"\n"
+ "SSL_PRIVATE_KEY=\"" gn-auth-secrets "/gn-auth-ssl-private-key.pem\"\n"))
(setenv "HOME" "/tmp")
(setenv "AUTHLIB_INSECURE_TRANSPORT" "true")
;; Run gn-auth.
@@ -582,7 +586,7 @@ server described by CONFIG, a <genenetwork-configuration> object."
"Return shepherd services to run the genenetwork development server
described by CONFIG, a <genenetwork-configuration> object."
(match-record config <genenetwork-configuration>
- (gn2-port gn3-port gn-auth-port genotype-files data-directory xapian-db-path auth-db-path)
+ (gn2-port gn3-port gn-auth-port genotype-files data-directory xapian-db-path gn2-secrets auth-db-path gn-auth-secrets)
(list (shepherd-service
(documentation "Run GeneNetwork 2 development server.")
(provision '(genenetwork2))
@@ -604,7 +608,7 @@ described by CONFIG, a <genenetwork-configuration> object."
(target source)
(writable? #t))
(file-system-mapping
- (source "/etc/genenetwork/conf/gn2")
+ (source gn2-secrets)
(target source)
(writable? #t)))
#:namespaces (delq 'net %namespaces))
@@ -673,7 +677,7 @@ described by CONFIG, a <genenetwork-configuration> object."
(target source)
(writable? #t))
(file-system-mapping
- (source "/etc/genenetwork/conf/gn-auth")
+ (source gn-auth-secrets)
(target source)
(writable? #t)))
#:namespaces (delq 'net %namespaces))
@@ -697,7 +701,7 @@ described by CONFIG, a <genenetwork-configuration> object."
(define (genenetwork-activation config)
(match-record config <genenetwork-configuration>
- (gn2-secrets gn3-secrets auth-db-path)
+ (gn2-secrets gn3-secrets auth-db-path gn-auth-secrets)
(with-imported-modules '((guix build utils))
#~(begin
(use-modules (guix build utils))
@@ -707,15 +711,21 @@ described by CONFIG, a <genenetwork-configuration> object."
(chown file
(passwd:uid (getpw "genenetwork"))
(passwd:gid (getpw "genenetwork"))))
- (cons* #$gn2-secrets
- #$gn3-secrets
- (find-files #$(dirname auth-db-path)
- #:directories? #t)))
+ (cons* #$gn3-secrets
+ (append (find-files #$gn2-secrets
+ #:directories? #t)
+ (find-files #$(dirname auth-db-path)
+ #:directories? #t)
+ (find-files #$gn-auth-secrets
+ #:directories? #t))))
;; Prevent other users from reading secret files.
(for-each (lambda (file)
(chmod file #o600))
- (list #$gn2-secrets
- #$gn3-secrets))))))
+ (append (list #$gn3-secrets)
+ (find-files #$gn2-secrets
+ #:directories? #f)
+ (find-files #$gn-auth-secrets
+ #:directories? #f)))))))
(define genenetwork-service-type
(service-type
@@ -1170,9 +1180,9 @@ gn-auth."
(gn2-port %genenetwork2-port)
(gn3-port %genenetwork3-port)
(gn-auth-port %gn-auth-port)
- (gn2-secrets "/etc/genenetwork/conf/gn2/secrets.py")
+ (gn2-secrets "/etc/genenetwork/conf/gn2")
(gn3-secrets "/etc/genenetwork/conf/gn3/secrets.py")
- (gn-auth-secrets "/etc/genenetwork/conf/gn-auth/secrets.py")
+ (gn-auth-secrets "/etc/genenetwork/conf/gn-auth")
(genotype-files "/export/data/genenetwork/genotype_files")
(sparql-endpoint (string-append "http://localhost:"
(number->string %virtuoso-sparql-port)