summaryrefslogtreecommitdiff
path: root/issues
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2023-06-09 10:02:33 +0300
committerFrederick Muriuki Muriithi2023-06-09 10:02:33 +0300
commit404da7e72e9e68c7fceb24517cc051555d249457 (patch)
tree539b7bf9a9b28fd9638c59c98b6b50867bca2c92 /issues
parent221d85090ce73bee99f51bf2fccca4adbb669a47 (diff)
downloadgn-gemtext-404da7e72e9e68c7fceb24517cc051555d249457.tar.gz
Update issue on configs
Diffstat (limited to 'issues')
-rw-r--r--issues/CI-CD/configurations.gmi39
1 files changed, 13 insertions, 26 deletions
diff --git a/issues/CI-CD/configurations.gmi b/issues/CI-CD/configurations.gmi
index 556b6f1..54cea47 100644
--- a/issues/CI-CD/configurations.gmi
+++ b/issues/CI-CD/configurations.gmi
@@ -19,35 +19,22 @@ There are configurations that change depending on the environment that one runs
Some of these, e.g. `OAUTH2_CLIENT_SECRET` are sensitive data that should not be exposed to the public.
-I propose, therefore that we provide, say, a
-```
-... --share=/path/to/configs/directory/
-```
-from where the applications in the container can read their configurations from. The config file(s) in the directory can then contain relevant settings for the environment where the container is run.
+------------------------------
-The applications (gn2, gn3, qc-app, etc) can then be pointed to the relevant config files in their g-exps: e.g.
-
-Instead of
-=> https://github.com/genenetwork/genenetwork-machines/blob/67d3f5dc46422c6b1812547109680c147fdde341/genenetwork-development.scm#L317-L318 using the defaults that are overridden
-we could have the code do something like:
+We could have different values for the configurations depending on the host saved, say at the top of "genenetwork-machines/genenetwork-development.scm", in some hash table or association list indexed into using the host.
+The values for the host can be retrieved with something like:
```
-...
-
-(define %configs-dir "/export/data/configs")
-
-...
-
- (with-directory-excursion "genenetwork2"
- (invoke #$(file-append bash "/bin/sh")
- "bin/genenetwork2"
- #$(file-append %configs-dir "/gn2_config.conf")
- "-gunicorn-prod"))
+(define (hostnames-all-fqdns)
+ "Retrieve all the hostnames defined in /etc/hosts"
+ (sethostent)
+ (let hnames ((hostobj (gethostent)) (thehosts (list)))
+ (if (not (eq? hostobj #f))
+ (hnames (gethostent) (append thehosts (list (hostent:name hostobj))))
+ thehosts)))
```
-where file `/export/data/configs/gn2_config.conf` holds the configurations for the application in the environment where the guix system container is run.
+and at least one of the values other than "localhost" is used to determine the configuration values to load from the storage for that host.
-Something similar can be done for GN3, where `GN3_CONF` can be set to something like:
+The secrets (e.g. SECRET_KEY, OAUTH_CLIENT_ID, OAUTH_CLIENT_SECRET, etc) can be encrypted and stored in some secrets management system (e.g. Pass [https://www.passwordstore.org/] etc.) setup in each relevant host: better yet, have all configurations (secret or otherwise) encrypted and stored in such a secrets management system and fetch them from there. This reduces the mental overhead of dealing with multiple places to fetch the configs.
-```
-#$(file-append %configs-dir "/gn3_config.conf")
-```
+From these, the CI/CD system can them build and intern the configurations into the store with guix functions like "plain-file", "local-file", etc.