diff options
Diffstat (limited to 'issues')
54 files changed, 2186 insertions, 58 deletions
diff --git a/issues/CI-CD/cd-is-slow.gmi b/issues/CI-CD/cd-is-slow.gmi new file mode 100644 index 0000000..9b0e1ee --- /dev/null +++ b/issues/CI-CD/cd-is-slow.gmi @@ -0,0 +1,276 @@ +# CD is slow + +The pages are slow and some are broken. + +We found out that there are quite a full network calls using DNS - and DNS was slow. The configured DNS server was not responding. Using Google's DNS made things go fast again. We will probably introduce dnsmasq in the container to make things even faster. + +# Tags + +* type: bug +* status: in progress +* priority: high +* assigned: pjotrp +* interested: pjotrp, bonfacem +* keywords: deployment, server + +# Tasks + +* [ ] Use dnsmasq caching - it is a guix system service +* [ ] Run less gunicorn processes on CD (2 should do) +* [ ] Increase debugging output for GN2 +* [ ] Fix GN3 hook for github (it is not working) +* [X] gn-guile lacks certificates it can use for sparql + +# Measuring + +bonfacekilz: +I'm currently instrumenting the requests. See what hogs up time. Loading the landing page takes up 32 seconds! + +Something's off. From outside the container: + +``` +123bonfacem@tux02 ~ $ guix shell python-wrapper python-requests -- python time.py +Status: 200 +Time taken: 32.989222288131714 seconds +``` + +From inside the container: + +``` +12025-07-18 14:46:36 INFO:gn2.wqflask:Landing page rendered in 8.12 seconds +``` + +And I see: + +## CD + +``` +> curl -w @- -o /dev/null -s https://cd.genenetwork.org <<EOF +\n +DNS lookup: %{time_namelookup}s\n +Connect time: %{time_connect}s\n +TLS handshake: %{time_appconnect}s\n +Pre-transfer: %{time_pretransfer}s\n +Start transfer: %{time_starttransfer}s\n +Total time: %{time_total}s\n +EOF + +DNS lookup: 8.117543s +Connect time: 8.117757s +TLS handshake: 8.197767s +Pre-transfer: 8.197861s +Start transfer: 33.096467s +Total time: 33.096601s +``` + +## Production +``` +> curl -w @- -o /dev/null -s https://genenetwork.org <<EOF +\n +DNS lookup: %{time_namelookup}s\n +Connect time: %{time_connect}s\n +TLS handshake: %{time_appconnect}s\n +Pre-transfer: %{time_pretransfer}s\n +Start transfer: %{time_starttransfer}s\n +Total time: %{time_total}s\n +EOF + +DNS lookup: 8.075794s +Connect time: 8.076402s +TLS handshake: 8.147322s +Pre-transfer: 8.147370s +Start transfer: 8.797107s +Total time: 8.797299s +``` + +## On tux02 (outside CD container) + +``` +> curl -w @- -o /dev/null -s http://localhost:9092 <<EOF +\n +DNS lookup: %{time_namelookup}s\n +Connect time: %{time_connect}s\n +TLS handshake: %{time_appconnect}s\n +Pre-transfer: %{time_pretransfer}s\n +Start transfer: %{time_starttransfer}s\n +Total time: %{time_total}s\n +EOF + +DNS lookup: 0.000068s +Connect time: 0.000543s +TLS handshake: 0.000000s +Pre-transfer: 0.000606s +Start transfer: 24.851069s +Total time: 24.851166s +``` + +This does not look like an nginx problem (at least on tux02 itself). Also the nginx configuration was not really changed. +The mysql configuration ditto. I can still test both, but it looks like the problem is inside the system container. + +The container logs are at + +``` +root@tux02:/export2/guix-containers/genenetwork-development/var/log/cd# tail -100 genenetwork2.log +``` + +Some interesting errors there that need resolving, such as + +## gn-guile error + +``` +tail gn-guile.log +2025-07-20 04:49:49 X.509 certificate of 'sparql.genenetwork.org' could not be verified: +2025-07-20 04:49:49 signer-not-found invalid +``` + +Guile is not finding the certificates for our virtuoso server. It does work with curl, try + +``` +curl -G https://query.wikidata.org/sparql -H "Accept: application/json; charset=utf-8" --data-urlencode query="SELECT DISTINCT * where { + wd:Q158695 wdt:P225 ?o . +} limit 5" +{ + "head" : { + "vars" : [ "o" ] }, "results" : { "bindings" : [ { "o" : { + "type" : "literal", + "value" : "Arabidopsis thaliana" + } + } ] + } +``` + +Also inside the container: + +``` +curl http://localhost:8091/gene/aliases/Shh +``` + +renders the same error! X.509 certificate of 'query.wikidata.org' could not be verified. so it is a gn-guile issue. + +## GN2 error reporting + +Also there are too many gunicorn processes - and strikingly - no debug output. Also I see a missing robots.txt file (even though LLMs hardly honour them). + +Let's try to get inside the container with nsenter: + +``` +ps xau|grep genenetwork-development-container +root 115940 0.0 0.0 163692 26296 ? Ssl Jul18 0:00 /gnu/store/ylwk2vn18dkzkj0nxq2h4vjzhz17bm7c-guile-3.0.9/bin/guile --no-auto-compile /usr/local/bin/genenetwork-development-container +pgrep -P 115940 +115961 +``` + +Use this child PID and a recent nsenter: + +``` +/gnu/store/w7a3frdmffpw3hvxpvvxwxgzfhyqdm6n-profile/bin/nsenter -m -p -t 115961 /run/current-system/profile/bin/bash -login +``` + +System tools are in '/run/current-system/profile/bin/' + +Make it a one-liner with + +``` +/gnu/store/w7a3frdmffpw3hvxpvvxwxgzfhyqdm6n-profile/bin/nsenter -m -p -t $(pgrep -P `ps xau|grep genenetwork-development-container|awk '{print $2}'|sort -r|head -1`) /run/current-system/profile/bin/bash -login +``` + +Once inside we can pick up curl (I note the system container has full access to the /gnu/store on the host: + +``` +root@tux02 /# /gnu/store/vdaspmq10c3zmqhp38lfqy812w6r4xg3-curl-8.6.0/bin/curl -w @- -o /dev/null -s http://localhost:9092 <<EOF +\n +DNS lookup: %{time_namelookup}s\n +Connect time: %{time_connect}s\n +TLS handshake: %{time_appconnect}s\n +Pre-transfer: %{time_pretransfer}s\n +Start transfer: %{time_starttransfer}s\n +Total time: %{time_total}s\n +EOF + +DNS lookup: 0.000064s +Connect time: 0.000478s +TLS handshake: 0.000000s +Pre-transfer: 0.000551s +Start transfer: 24.792926s +Total time: 24.793015s +``` + +That rules out container and nginx streaming issues. + +So the problem is with GN and its DBs. The gn-machines is used from /home/aruni and it checkout is March. Has CD been slow since then? I don't think so. Also the changes to the actual scripts are even older. Also the guix-bioinformatics repo shows no changes. Remaining culprits I suspect are: + +* [*] MySQL +* [ ] Interaction gn-auth with gn2 +* [ ] Interaction gnqa with gn2 + +Running a standard test on mysql shows it is fine: + +``` +time mysql -u webqtlout -pwebqtlout db_webqtl < $rundir/../shared/sql/test02.sql +Name FullName Name Symbol CAST(ProbeSet."description" AS BINARY) CAST(ProbeSet."Probe_Target_Description" AS BINARY) Chr Mb Mean LRS Locus pValue additive geno_chr geno_mb +HC_M2_0606_P Hippocampus Consortium M430v2 (Jun06) PDNN 1457545_at 9530036O11Rik long non-coding RNA, expressed sequence tag (EST) AK035474 with high bladder expression antisense EST 14 Kb upstream of Shh 5 28.480441 6.7419292929293 15.2845189682605 rsm10000001525 0.055 0.0434848484848485 3 9.671673 +HC_M2_0606_P Hippocampus Consortium M430v2 (Jun06) PDNN 1427571_at Shh sonic hedgehog (hedgehog) last exon 5 28.457886 6.50113131313131 9.58158655605723 rs8253327 0.697 0.0494097096188748 1 191.908118 +HC_M2_0606_P Hippocampus Consortium M430v2 (Jun06) PDNN 1436869_at Shh sonic hedgehog (hedgehog) mid distal 3' UTR 5 28.457155 9.279090909090911 12.7711275309832 rs8253327 0.306 -0.214087568058076 1 191.908118 + +real 0m0.010s +user 0m0.004s +sys 0m0.000s +``` + +# Profiling CD + +Ran a profiler against a traits page. See the following: + +=> /issues/CI-CD/profiling-flask + +## Results/Interpretation + +* By fixing gn-guile and gene-alias resolution, times dropped by ~10s. However, the page takes 37.9s to run. + +* Resolving a DNS takes around 4.585s. We make 7 requests. Totalling to 32.09. Typically, a traits page should take 8.79s. The difference: (- 37.9 32.09) = 5.8s; which explains the slowness: + +``` + ncall tottime percall cumtime percall filename:lineno(function) +---------------------------------------------------------------------------- + 7 0.00002618 3.741e-05 32.09 4.585 socket.py:938(getaddrinfo) +``` + +* The above is consistent all the analysis I've done across all the profile dumps. + +* Testing my theory out: + +``` +@app.route("/test-network") +def test_network(): + start = time.time() + http_url = urljoin( + current_app.config["GN_SERVER_URL"], + "version" + ) + result = requests.get(http_url) + duration = time.time() - start + app.logger.error(f"{http_url}: {duration:.4f}s") + + start = time.time() + local_url = "http://localhost:9093/api/version" + result = requests.get(local_url) + duration = time.time() - start + app.logger.error(f"{local_url}: {duration:.4f}s") + return result.json() +``` + +* Results: + +``` +2025-07-24 10:20:43 [2025-07-24 10:20:43 +0000] [101] [ERROR] https://cd.genenetwork.org/api3/version: 8.1647s +2025-07-24 10:20:43 ERROR:gn2.wqflask:https://cd.genenetwork.org/api3/version: 8.1647s +2025-07-24 10:20:43 [2025-07-24 10:20:43 +0000] [101] [ERROR] result: 1.0 +2025-07-24 10:20:43 ERROR:gn2.wqflask:result: 1.0 +2025-07-24 10:20:43 [2025-07-24 10:20:43 +0000] [101] [ERROR] http://localhost:9093/api/version: 0.0088s +2025-07-24 10:20:43 ERROR:gn2.wqflask:http://localhost:9093/api/version: 0.0088s +2025-07-24 10:20:43 [2025-07-24 10:20:43 +0000] [101] [ERROR] result: 1.0 +``` + +## Possible Mitigations + +* Switch over gn-auth.genenetwork.org to localhost. diff --git a/issues/CI-CD/development-container-checklist.gmi b/issues/CI-CD/development-container-checklist.gmi new file mode 100644 index 0000000..7cf4687 --- /dev/null +++ b/issues/CI-CD/development-container-checklist.gmi @@ -0,0 +1,101 @@ +# Deploying GeneNetwork CD + +## Prerequisites + +Ensure you have `fzf' installed and Guix is set up with your preferred channel configuration. + + +## Step 1: Pull the Latest Profiles + +``` +guix pull -C channels.scm -p ~/.guix-extra-profiles/gn-machines --allow-downgrades +guix pull -C channels.scm -p ~/.guix-extra-profiles/gn-machines-shepherd-upgrade --allow-downgrades +``` + + +## Step 2: Source the Correct Profile + +``` +. ,choose-profile +``` + + +### Contents of `,choose-profile' + +This script lets you interactively select a profile using `fzf': + +``` +#!/bin/env sh + +export GUIX_PROFILE="$(guix package --list-profiles | fzf --multi)" +. "$GUIX_PROFILE/etc/profile" + +hash guix + +echo "Currently using: $GUIX_PROFILE" +``` + + +## Step 3: Verify the Profile + +``` +guix describe +``` + + +## Step 4: Pull the Latest Code + +``` +cd gn-machines +git pull +``` + + +## Step 5: Run the Deployment Script + +``` +./genenetwork-development-deploy.sh +``` + + +## Step 6: Restart the Development Container + +``` +sudo systemctl restart genenetwork-development-container +``` + + +## Step 7: Verify Changes + +Manually confirm that the intended changes were applied correctly. + + +# Accessing the Development Container on tux02 + +To enter the running container shell, ensure you're using the *parent* PID of the `shepherd' process. + + +## Step 1: Identify the Correct PID + +Use this command to locate the correct container parent process: + +``` +ps -u root -f --forest | grep -A4 '/usr/local/bin/genenetwork-development-container' | grep shepherd +``` + + +## Step 2: Enter the Container + +Replace `46804' with your actual parent PID: + +``` +sudo /home/bonfacem/.config/guix/current/bin/guix container exec 46804 \ + /gnu/store/m6c5hgqg569mbcjjbp8l8m7q82ascpdl-bash-5.1.16/bin/bash \ + --init-file /home/bonfacem/.guix-profile/etc/profile --login +``` + + +## Notes + +* Ensure the PID is the container’s *shepherd parent*, not a child process. +* Always double-check your environment and profiles before deploying. diff --git a/issues/CI-CD/failing-services-startup.gmi b/issues/CI-CD/failing-services-startup.gmi new file mode 100644 index 0000000..751e61c --- /dev/null +++ b/issues/CI-CD/failing-services-startup.gmi @@ -0,0 +1,236 @@ +# Failing Services' Startup + +## Tags + +* type: bug +* status: closed, completed +* priority: high +* assigned: fredm, bonfacem +* interested: pjotrp, bonfacem, aruni +* keywords: deployment, CI, CD + +## Description + +Upgrading guix to `34453b97005ff86355399df89c8827c57839d9c7` for CI/CD fails with: + +``` +2025-08-20 16:05:20 Backtrace: +2025-08-20 16:05:20 6 (primitive-load "/gnu/store/xbxd2zihw9dssrhips925gri0yn?") +2025-08-20 16:05:20 In ice-9/eval.scm: +2025-08-20 16:05:20 191:35 5 (_ _) +2025-08-20 16:05:20 In gnu/build/linux-container.scm: +2025-08-20 16:05:20 368:8 4 (call-with-temporary-directory #<procedure 7f014aa3a3f0?>) +2025-08-20 16:05:20 476:16 3 (_ "/tmp/guix-directory.VWRNbv") +2025-08-20 16:05:20 62:6 2 (call-with-clean-exit #<procedure 7f014aa1de80 at gnu/b?>) +2025-08-20 16:05:20 321:20 1 (_) +2025-08-20 16:05:20 In guix/build/syscalls.scm: +2025-08-20 16:05:20 1231:10 0 (_ 268566528) +2025-08-20 16:05:20 +2025-08-20 16:05:20 guix/build/syscalls.scm:1231:10: In procedure unshare: 268566528: Invalid argument +2025-08-20 16:05:20 Backtrace: +2025-08-20 16:05:20 4 (primitive-load "/gnu/store/xbxd2zihw9dssrhips925gri0yn?") +2025-08-20 16:05:20 In ice-9/eval.scm: +2025-08-20 16:05:20 191:35 3 (_ #f) +2025-08-20 16:05:20 In gnu/build/linux-container.scm: +2025-08-20 16:05:20 368:8 2 (call-with-temporary-directory #<procedure 7f014aa3a3f0?>) +2025-08-20 16:05:20 485:7 1 (_ "/tmp/guix-directory.VWRNbv") +2025-08-20 16:05:20 In unknown file: +2025-08-20 16:05:20 0 (waitpid #f #<undefined>) +2025-08-20 16:05:20 +2025-08-20 16:05:20 ERROR: In procedure waitpid: +2025-08-20 16:05:20 Wrong type (expecting exact integer): #f +``` + +Failing services: + +* genenetwork3: consistently +* genenetwork2: consistently +* gn-auth: intermittently + +## Troubleshooting Notes + +### Unable to run genenetwork2 in a shell container with the "-C" flag + +With the following channels: + +``` +$ guix describe +Generation 3 Aug 28 2025 03:56:44 (current) + gn-bioinformatics cffafde + repository URL: file:///home/bonfacem/guix-bioinformatics/ + branch: master + commit: cffafde125f3e711418d3ebb62eacd48a3efa8cf + guix-forge 3c8dc85 + repository URL: https://git.genenetwork.org/guix-forge/ + branch: main + commit: 3c8dc85a584c98bc90088ec1c85933d4d10e7383 + guix-past b14d7f9 + repository URL: https://codeberg.org/guix-science/guix-past + branch: master + commit: b14d7f997ae8eec788a7c16a7252460cba3aaef8 + guix 34453b9 + repository URL: https://codeberg.org/guix/guix + branch: master + commit: 34453b97005ff86355399df89c8827c57839d9c7 +``` + +Running: + +``` +$ guix shell -C genenetwork2 +``` + +Produces: + +``` +guix shell: error: unshare: 268566528: Invalid argument +Backtrace: + 16 (primitive-load "/export3/local/home/bonfacem/.guix-ext…") +In guix/ui.scm: + 2399:7 15 (run-guix . _) + 2362:10 14 (run-guix-command _ . _) +In ice-9/boot-9.scm: + 1752:10 13 (with-exception-handler _ _ #:unwind? _ # _) +In guix/status.scm: + 842:4 12 (call-with-status-report _ _) +In guix/store.scm: + 703:3 11 (_) +In ice-9/boot-9.scm: + 1752:10 10 (with-exception-handler _ _ #:unwind? _ # _) +In guix/store.scm: + 690:37 9 (thunk) + 1331:8 8 (call-with-build-handler _ _) + 1331:8 7 (call-with-build-handler #<procedure 7fc86bb50de0 at g…> …) +In guix/scripts/environment.scm: + 1205:11 6 (proc _) +In guix/store.scm: + 2212:25 5 (run-with-store #<store-connection 256.100 7fc87a46d820> …) +In guix/scripts/environment.scm: + 911:8 4 (_ _) +In gnu/build/linux-container.scm: + 485:7 3 (call-with-container _ _ #:namespaces _ #:host-uids _ # …) +In unknown file: + 2 (waitpid #f #<undefined>) +In ice-9/boot-9.scm: + 1685:16 1 (raise-exception _ #:continuable? _) + 1685:16 0 (raise-exception _ #:continuable? _) + +ice-9/boot-9.scm:1685:16: In procedure raise-exception: +Wrong type (expecting exact integer): #f +``` + +This is fixed by increasing the value of respawn-delay (default is 0.5s) to 5s. + + +### Unable to write to a temporary directory and issues with running git inside the g-exp + +Stack trace: +``` +2025-09-03 12:23:32 In ice-9/eval.scm: +2025-09-03 12:23:32 191:35 3 (_ #f) +2025-09-03 12:23:32 In gnu/build/linux-container.scm: +2025-09-03 12:23:32 368:8 2 (call-with-temporary-directory #<procedure 7f012241d3f0?>) +2025-09-03 12:23:32 485:7 1 (_ "/tmp/guix-directory.Bl6jtx") +2025-09-03 12:23:32 In unknown file: +2025-09-03 12:23:32 0 (waitpid #f #<undefined>) +2025-09-03 12:23:32 + +``` + +Cryptic message. Running the g-exps as a program shows: + +``` +Receiving objects: 100% (698/698), 16.18 MiB | 30.29 MiB/s, done. +Resolving deltas: 100% (49/49), done. +================================================== +error: cannot run less: No such file or directory +fatal: unable to execute pager 'less' +Backtrace: + 5 (primitive-load "/gnu/store/c9bvy90s5mglp6xdfkc1s4qkzj8?") +In ice-9/eval.scm: + 619:8 4 (_ #f) +In ice-9/boot-9.scm: + 142:2 3 (dynamic-wind #<procedure 7fa954b25880 at ice-9/eval.s?> ?) + 142:2 2 (dynamic-wind #<procedure 7fa94b7970c0 at ice-9/eval.s?> ?) +In ice-9/eval.scm: + 619:8 1 (_ #(#(#<directory (guile-user) 7fa954b03c80>))) +In guix/build/utils.scm: + 822:6 0 (invoke "git" "log" "--max-count" "1") + +guix/build/utils.scm:822:6: In procedure invoke: +ERROR: + 1. &invoke-error: + program: "git" + arguments: ("log" "--max-count" "1") + exit-status: 128 + term-signal: #f + stop-signal: #f +``` + +Fixed by adding "less" to the with-packages form and setting: + +``` +(setenv "TERM" "xterm-256color") + +``` + +### gn-auth: sqlite3.OperationalError: unable to open database file + +Despite having all file perms correctly set with 0644, we see: + +``` +Traceback (most recent call last): + File "/gnu/store/ag1m9bv22iwm3sq87xly35y138l6kzd7-profile/lib/python3.11/site-packages/flask/app.py", line 917, in full_dispatch_request + rv = self.dispatch_request() + ^^^^^^^^^^^^^^^^^^^^^^^ + File "/gnu/store/ag1m9bv22iwm3sq87xly35y138l6kzd7-profile/lib/python3.11/site-packages/flask/app.py", line 902, in dispatch_request + return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args) # type: ignore[no-any-return] + ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + File "/export/data/repositories/gn-auth/gn_auth/auth/authentication/oauth2/views.py", line 102, in authorise + return with_db_connection(__authorise__) + ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + File "/export/data/repositories/gn-auth/gn_auth/auth/db/sqlite3.py", line 63, in with_db_connection + return func(conn) + ^^^^^^^^^^ + File "/export/data/repositories/gn-auth/gn_auth/auth/authentication/oauth2/views.py", line 90, in __authorise__ + return server.create_authorization_response(request=request, grant_user=user) + ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + File "/gnu/store/ag1m9bv22iwm3sq87xly35y138l6kzd7-profile/lib/python3.11/site-packages/authlib/oauth2/rfc6749/authorization_server.py", line 297, in create_authorization_response + args = grant.create_authorization_response(redirect_uri, grant_user) + ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + File "/export/data/repositories/gn-auth/gn_auth/auth/authentication/oauth2/grants/authorisation_code_grant.py", line 31, in create_authorization_response + response = super().create_authorization_response( + ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + File "/gnu/store/ag1m9bv22iwm3sq87xly35y138l6kzd7-profile/lib/python3.11/site-packages/authlib/oauth2/rfc6749/grants/authorization_code.py", line 158, in create_authorization_response + self.save_authorization_code(code, self.request) + File "/export/data/repositories/gn-auth/gn_auth/auth/authentication/oauth2/grants/authorisation_code_grant.py", line 45, in save_authorization_code + return __save_authorization_code__( + ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + File "/export/data/repositories/gn-auth/gn_auth/auth/authentication/oauth2/grants/authorisation_code_grant.py", line 106, in __save_authorization_code__ + return with_db_connection(lambda conn: save_authorisation_code(conn, code)) + ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + File "/export/data/repositories/gn-auth/gn_auth/auth/db/sqlite3.py", line 63, in with_db_connection + return func(conn) + ^^^^^^^^^^ + File "/export/data/repositories/gn-auth/gn_auth/auth/authentication/oauth2/grants/authorisation_code_grant.py", line 106, in <lambda> + return with_db_connection(lambda conn: save_authorisation_code(conn, code)) + ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + File "/export/data/repositories/gn-auth/gn_auth/auth/authentication/oauth2/models/authorization_code.py", line 92, in save_authorisation_code + cursor.execute( +sqlite3.OperationalError: unable to open database file +``` + +Fixed above by correctly mapping: + +``` +- (source auth-db-path) ++ (source (dirname auth-db-path)) +``` + +in the relevant g-exp, and making sure that the parent directory is set to #o775 (rwx for both user/group). + +## Also See + +=> https://issues.guix.gnu.org/78356 Broken system and home containers +=> https://codeberg.org/guix/guix/src/commit/34453b97005ff86355399df89c8827c57839d9c7/guix/build/syscalls.scm#L1218-L1233 How "unshare" is defined +=> https://codeberg.org/guix/guix/src/commit/34453b97005ff86355399df89c8827c57839d9c7/gnu/build/linux-container.scm#L321 Where `unshare` is called diff --git a/issues/CI-CD/profiling-flask.gmi b/issues/CI-CD/profiling-flask.gmi new file mode 100644 index 0000000..2d0c539 --- /dev/null +++ b/issues/CI-CD/profiling-flask.gmi @@ -0,0 +1,33 @@ +# Profiling GN + +Use this simple structure: + +``` +from werkzeug.middleware.profiler import ProfilerMiddleware + + +app = Flask(__name__) +app.config["PROFILE"] = True +app.wsgi_app = ProfilerMiddleware( + app.wsgi_app, + restrictions=[40, "main"], + profile_dir="profiler_dump", + filename_format="{time:.0f}-{method}-{path}-{elapsed:.0f}ms.prof", +) +``` + + +You can use gprof2dot to visualise the profile + +``` +guix shell gprof2dot -- gprof2dot -f pstats 1753202013-GET-show_trait-37931ms.prof > 1753202013-GET-show_trait-37931ms.prof.dot +guix shell xdot -- xdot 1753202013-GET-show_trait-37931ms.prof.dot +``` + +Or snakeviz to visualize it: + + +``` +scp genenetwork:/home/bonfacem/profiling/1753202013-GET-show_trait-37931ms.prof /tmp/test +snakeviz 1753202013-GET-show_trait-37931ms.prof +``` diff --git a/issues/CI-CD/troubleshooting-within-the-development-container.gmi b/issues/CI-CD/troubleshooting-within-the-development-container.gmi new file mode 100644 index 0000000..3aa8c3b --- /dev/null +++ b/issues/CI-CD/troubleshooting-within-the-development-container.gmi @@ -0,0 +1,46 @@ +# Troubleshooting inside the GN dev container +* type: systems, debugging, container +* keywords: container, troubleshooting, logs, webhooks + +You need to find the development container so that you can begin troubleshooting: + +``` +ps -u root -f --forest | grep -A4 '/usr/local/bin/genenetwork-development-container' | grep shepherd +``` + +Example output: + +``` +root 16182 16162 0 03:57 ? 00:00:04 \_ /gnu/store/n87px1cazqkav83npg80ccp1n777j08s-guile-3.0.9/bin/guile --no-auto-compile /gnu/store/b4n5ax7l1ccia7sr123fqcjqi4vy03pv-shepherd-1.0.2/bin/shepherd --config /gnu/store/5ahb3745wlpa5mjsbk8j6frn78khvzzw-shepherd.conf +``` + +Get into the container: + +``` +# Use the correct pid and guix/bash path. + +sudo /home/bonfacem/.config/guix/current/bin/guix container exec 16182 /gnu/store/m6c5hgqg569mbcjjbp8l8m7q82ascpdl-bash-5.1.16/bin/bash --init-file /home/bonfacem/.guix-profile/etc/profile --login +``` + +All the gn related logs can be found in "/var/log/cd": + +``` +genenetwork2.log +genenetwork3.log +gn-auth.log +gn-guile.log +``` + +All the nginx log are in "/var/log/nginx" + +Sometimes, it's useful to trigger webhooks while troubleshooting. Here are all the relevant webhooks: + +``` +/gn-guile +/genenetwork2 +/genenetwork3 +/gn-libs +/gn-auth +``` + +Inside the container, we have "coreutils-minimal", and "curl" that you can use to troubleshoot. diff --git a/issues/acme-error.gmi b/issues/acme-error.gmi new file mode 100644 index 0000000..b31d04b --- /dev/null +++ b/issues/acme-error.gmi @@ -0,0 +1,106 @@ +# uACME Error: "urn:ietf:params:acme:error:unauthorized" + +## Tags + +* status: closed, completed +* priority: high +* type: bug +* assigned: fredm +* keywords: uacme, certificates, "urn:ietf:params:acme:error:unauthorized" + +## Description + +Sometimes, when we attempt to request TLS certificates from Let's Encrypt using uacme, we run into an error of the following form: + +``` +uacme: polling challenge status at https://acme-v02.api.letsencrypt.org/acme/chall/2399017717/599167439271/jFB2Pg +uacme: challenge https://acme-v02.api.letsencrypt.org/acme/chall/2399017717/599167439271/jFB2Pg failed with status invalid +uacme: the server reported the following error: +{ + "type": "urn:ietf:params:acme:error:unauthorized", + "detail": "128.xxx.xxx.xxx: Invalid response from http://sparql.genenetwork.org/.well-known/acme-challenge/N-P-mhiK04c-Iophbem4iFYsaB +yeaxeSyXHSijx3e6k: 404", + "status": 403 +} +uacme: running /gnu/store/zwqavgjqyk0f0krv8ndwhv3767f6cnx1-uacme-hook failed http-01 sparql.genenetwork.org N-P-mhiK04c-Iophbem4iFYsaBy +eaxeSyXHSijx3e6k N-P-mhiK04c-Iophbem4iFYsaByeaxeSyXHSijx3e6k.9dRdXFhCbqeDGWYndRd_hTh920rplmy-ef-_aLgjJJE +uacme: failed to authorize order at https://acme-v02.api.letsencrypt.org/acme/order/2399017717/438986245271 + +``` + +From the above error, we note that the request for the "/.well-known/..." path fails with a 404 code: Why. + +Let's try figuring it out; connect to the running container: + +``` +$ sudo guix container exec 89086 /run/current-system/profile/bin/bash --login +root@sparql /# cd /var/run/acme/acme-challenge/ +root@sparql /var/run/acme/acme-challenge# while true; do ls; sleep 0.5; clear; done +``` + +In a separate terminal, connect to the same container and run `/usr/bin/acme renew`. + +The loop we created to list what files are created in the challenge directory outputs the file + +``` +root@sparql /var/run/acme/acme-challenge# while true; do ls; sleep 0.5; clear; done +Rm7qCec3naVvqPldGSGI9W4i9AceW0X3MUNSAbC7SVE +Rm7qCec3naVvqPldGSGI9W4i9AceW0X3MUNSAbC7SVE +⋮ +``` + +but we are still getting the same error: + +``` +uacme: challenge https://acme-v02.api.letsencrypt.org/acme/chall/2399017717/599184604221/7mTNdA failed with status invalid +uacme: the server reported the following error: +{ + "type": "urn:ietf:params:acme:error:unauthorized", + "detail": "128.169.5.101: Invalid response from http://sparql.genenetwork.org/.well-known/acme-challenge/Rm7qCec3naVvqPldGSGI9W4i9AceW0X3MUNSAbC7SVE: 404", + "status": 403 +} +uacme: running /gnu/store/zwqavgjqyk0f0krv8ndwhv3767f6cnx1-uacme-hook failed http-01 sparql.genenetwork.org Rm7qCec3naVvqPldGSGI9W4i9AceW0X3MUNSAbC7SVE Rm7qCec3naVvqPldGSGI9W4i9AceW0X3MUNSAbC7SVE.9dRdXFhCbqeDGWYndRd_hTh920rplmy-ef-_aLgjJJE +uacme: failed to authorize order at https://acme-v02.api.letsencrypt.org/acme/order/2399017717/438997397751 +``` + +meaning that somehow, nginx is not able to serve up this file. + +## Discovered Cause: 2025-10-20 + +There are 2 layers of nginx, the host nginx, and the internal/container nginx. + +The host nginx was proxying directly to the virtuoso http server rather than proxying to nte internal/container nginx. This led to the failure because the internal/container nginx handles the TLS/SSL certificates for the site. The host nginx should have offloaded the handling of the TLS/SSL certificates to the internal/container nginx, but since it was not going through the internal nginx, that led to the failure. + +A simile of the error condition and the solution are in the sections below: + +### Error Condition: Wrong proxying + +In host's "nginx.conf": +``` +⋮ + proxy_pass http://localhost:<virtuoso-http-server-port>; +⋮ +``` + +In internal/container "nginx.conf": +``` +⋮ + proxy_pass http://localhost:<virtuoso-http-server-port>; +⋮ +``` + +### Solution/Fix + +In host's "nginx.conf": +``` +⋮ + proxy_pass http://localhost:<container-nginx-http-port>; +⋮ +``` + +In internal/container "nginx.conf": +``` +⋮ + proxy_pass http://localhost:<virtuoso-http-server-port>; +⋮ +``` diff --git a/issues/auth/masquarade-as-bug.gmi b/issues/auth/masquarade-as-bug.gmi index 12c2c5f..36fe34a 100644 --- a/issues/auth/masquarade-as-bug.gmi +++ b/issues/auth/masquarade-as-bug.gmi @@ -2,6 +2,7 @@ * assigned: fredm * tags: critical +* status: closed, completed Right now you can't masquared as another user. Here's the trace: diff --git a/issues/correlation-timing-out.gmi b/issues/correlation-timing-out.gmi index 419524d..bed8692 100644 --- a/issues/correlation-timing-out.gmi +++ b/issues/correlation-timing-out.gmi @@ -5,7 +5,7 @@ * assigned: fredm, zsloan, alexm * type: bug * priority: high -* status: ongoing +* status: closed, completed * keywords: correlations ## Description @@ -17,3 +17,7 @@ Do correlations against the same dataset This might be the same issue as the one in => /issues/correlation-missing-file correlation-missing-file.gmi but I'm not sure. + +## Close as completed + +This is fixed. diff --git a/issues/fix-spam-entries-in-gn-auth-production.gmi b/issues/fix-spam-entries-in-gn-auth-production.gmi index db88eec..5ef7a42 100644 --- a/issues/fix-spam-entries-in-gn-auth-production.gmi +++ b/issues/fix-spam-entries-in-gn-auth-production.gmi @@ -2,6 +2,7 @@ # Tags +* status: closed, completed * assigned: fredm * keywords: auth @@ -13,4 +14,8 @@ We have spam entries in gn-auth in production in the groups table: b59229de-2fce-4a3d-82f1-d9eeee9b7009|Business For Sale Adelaide|{"group_description": "Welcome to Business2Sell, the ultimate online platform for those seeking affordable business opportunities in Adelaide. As a trusted first-party provider, we offer the ideal marketplace for buying or selling businesses across the country. Whether you're an aspiring entrepreneur looking for your next venture or a business owner ready to sell, Business2Sell provides the perfect platform for you. Our user-friendly interface and extensive listings make it effortless to discover a wide range of businesses, all within your budget. Join our vibrant community of buyers and sellers today, and let us help you achieve your business goals in Adelaide with ease and confidence.\r\nhttps://www.business2sell.com.au/businesses/sa/adelaide"} ``` +## Close as completed +We added email verification when registering, which should help reduce the success of these automated bots. + +We also added tooling to help with users and groups management, which is helping clean up these spam data. diff --git a/issues/genenetwork/guix-bioinformatics-remove-guix-rust-past-crates-channel.gmi b/issues/genenetwork/guix-bioinformatics-remove-guix-rust-past-crates-channel.gmi new file mode 100644 index 0000000..b804e10 --- /dev/null +++ b/issues/genenetwork/guix-bioinformatics-remove-guix-rust-past-crates-channel.gmi @@ -0,0 +1,23 @@ +# guix-bioinformatics: Remove `guix-rust-past-crates` channel + +## Tags + +* assigned: alexm, bonfacem +* interested: fredm +* priority: normal +* status: open +* type: bug +* keywords: guix-bioinformatics, guix-rust-past-crates, guix, rust, crates + +## Description + +GNU Guix recently changed[1] the way it handles packaging of rust packages. + +The old rust packages got moved to the "guix-rust-past-crates" to help avoid huge breakages for systems depending on the older packaging system. "guix-bioinformatics" used a number of rust packages, defined in the old form, and we needed a quick fix, thus the introduction of the "guix-rust-past-crates" channel as a dependency. + +We need to move away from depending on this channel, by updating all the rust crates we use to the new packaging model. + + +## Footnotes + +=> https://guix.gnu.org/en/blog/2025/a-new-rust-packaging-model/ [1] diff --git a/issues/genenetwork/markdown-editing-service-not-deployed.gmi b/issues/genenetwork/markdown-editing-service-not-deployed.gmi index e7a1717..9d72e4e 100644 --- a/issues/genenetwork/markdown-editing-service-not-deployed.gmi +++ b/issues/genenetwork/markdown-editing-service-not-deployed.gmi @@ -3,7 +3,7 @@ ## Tags * type: bug -* status: open +* status: closed, completed, fixed * assigned: fredm * priority: critical * keywords: production, container, tux04 @@ -32,3 +32,8 @@ If you do an edit and refresh the page, it will show up in the system, but it wi Set `CGIT_REPO_PATH="https://git.genenetwork.org/gn-guile"` which seems to allow the commit to work, but we do not actually get the changes pushed to the remote in any useful sense. It seems to me, that we need to configure the environment in such a way that it will be able to push the changes to remote. + + +## Close as Completed + +The markdown editing service is deployed and configured correctly. diff --git a/issues/genenetwork/genenetwork2_configurations.gmi b/issues/genenetwork2/genenetwork2_configurations.gmi index 7d08db0..4ba0a89 100644 --- a/issues/genenetwork/genenetwork2_configurations.gmi +++ b/issues/genenetwork2/genenetwork2_configurations.gmi @@ -4,7 +4,7 @@ * assigned: fredm * priority: normal -* status: open +* status: closed, obsoleted * keywords: configuration, config, gn2, genenetwork, genenetwork2 * type: bug @@ -72,3 +72,10 @@ For `wqflask/run_gunicorn.py`, the route can remain as is, since this is an entr ### Non-Executable Configuration Files Eschew executable formats (*.py) for configuration files and prefer non-executable formats e.g. *.cfg, *.json, *.conf etc + + +## Closed as obsoleted + +I am closing this issue as obsoleted, since a lot of things have changed since this issue was set up. The `bin/genenetwork2` script no longer exists and most of the paths mentioned have changed. + +The configuration issue(s) mentioned above still abound, but the changes will have to be incremental to avoid breaking the system. diff --git a/issues/genenetwork2/handle-oauth-errors-better.gmi b/issues/genenetwork2/handle-oauth-errors-better.gmi index 462ded5..77ad7ad 100644 --- a/issues/genenetwork2/handle-oauth-errors-better.gmi +++ b/issues/genenetwork2/handle-oauth-errors-better.gmi @@ -3,7 +3,7 @@ ## Tags * type: bug -* status: open +* status: closed, completed * priority: high * assigned: fredm * interested: zachs, robw @@ -15,3 +15,7 @@ When a session expires, for whatever reason, a notification is displayed to the => ./session_expiry_oauth_error.png The message is a little jarring to the end user. Make it gentler, and probably more informative, so the user is not as surprised. + +## Close as complete + +This should be fixed at this point. Closing this as complete. diff --git a/issues/genenetwork2/mapping-error.gmi b/issues/genenetwork2/mapping-error.gmi index 2e28491..7e7d0a7 100644 --- a/issues/genenetwork2/mapping-error.gmi +++ b/issues/genenetwork2/mapping-error.gmi @@ -3,7 +3,7 @@ ## Tags * type: bug -* status: open +* status: closed * priority: medium * assigned: zachs, fredm, flisso * keywords: gn2, genenetwork2, genenetwork 2, mapping @@ -49,3 +49,18 @@ TypeError: 'NoneType' object is not iterable ### Updates This is likely just because the genotype file doesn't exist in the necessary format (BIMBAM). We probably need to convert the R/qtl2 genotypes to BIMBAM. + +## Stalled + +This is currently stalled, until we can upload genotypes via the uploader. + + +## Notes + +### 2025-12-31 + +I am closing this issue as WONTFIX because of the following reasons: + +- Better fix is to prevent mapping in the first place, if no genotypes exist for the given trait(s) +- Issue relies on non-implemented feature (Genotypes upload) to fix it +- Issue does not exist on production diff --git a/issues/genenetwork2/mechanical-rob-add-partial-correlations-tests.gmi b/issues/genenetwork2/mechanical-rob-add-partial-correlations-tests.gmi new file mode 100644 index 0000000..e38f653 --- /dev/null +++ b/issues/genenetwork2/mechanical-rob-add-partial-correlations-tests.gmi @@ -0,0 +1,22 @@ +# mechanical-rob: Add Partial Correlations Tests + +## Tags + +* assigned: fredm +* priority: medium +* status: open +* keywords: genenetwork2, gn2, mechanical-rob, partial correlations, tests, regression +* type: enhancement + +## Description + +Add regression tests to verify that the partial correlations feature still works +as expected. + +### TODOS + +- [-] Tests for "entry-point" page +- [x] Tests for partial correlation using Pearson's R against select traits +- [ ] Tests for partial correlation using Spearman's Rho against select traits +- [ ] Tests for partial correlation using Pearson's R against an entire dataset +- [ ] Tests for partial correlation using Spearman's Rho against an entire dataset diff --git a/issues/genenetwork2/refresh-token-failure.gmi b/issues/genenetwork2/refresh-token-failure.gmi index dd33341..c488820 100644 --- a/issues/genenetwork2/refresh-token-failure.gmi +++ b/issues/genenetwork2/refresh-token-failure.gmi @@ -2,7 +2,7 @@ ## Tags -* status: open +* status: closed, obsoleted * priority: high * type: bug * assigned: fredm, zsloan, zachs @@ -106,3 +106,6 @@ The following commits were done as part of the troubleshooting: => https://git.genenetwork.org/guix-bioinformatics/commit/?id=955e4ce9370be9811262d7c73fa5398385cc04d8 +# Closed as Obsolete + +We no longer rely on refresh tokens. This issue is no longer present. diff --git a/issues/genenetwork2/remove-bin-genenetwork2-script.gmi b/issues/genenetwork2/remove-bin-genenetwork2-script.gmi new file mode 100644 index 0000000..da11be7 --- /dev/null +++ b/issues/genenetwork2/remove-bin-genenetwork2-script.gmi @@ -0,0 +1,114 @@ +# Remove `bin/genenetwork2` Script + +## Tags + +* type: improvement +* status: closed, completed +* priority: medium +* assigned: fredm, bonfacem, alexm, zachs +* interested: pjotrp, aruni +* keywords: gn2, bin/genenetwork2, startup script + +## Description + +The `bin/genenetwork2` script was used for a really long time to launch Genenetwork2, and has served that purpose with honour and dedication. We applaud that. + +It is, however, time to retire the script, since at this point in time, it serves more to obfuscate the startup that as a helpful tool. + +On production, we have all but abandoned the use of the script, and we need to do the same for CI/CD, and eventually, development. + +This issue tracks the process, and problems that come up during the move to retire the script. + +### Process + +* [x] Identify how to run unit tests without the script +* [x] Document how to run unit tests without the script +* [x] Identify how to run mechanical-rob tests without the script +* [x] Document how to run mechanical-rob tests without the script +* [x] Update CI/CD definitions to get rid of the references to the script +* [x] Delete the script from the repository + +### Setup + +First, we need to setup the following mandatory environment variables: + +* GN2_PROFILE +* GN2_SETTINGS +* JS_GUIX_PATH +* GEMMA_COMMAND +* PLINK_COMMAND +* GEMMA_WRAPPER_COMMAND +* REQUESTS_CA_BUNDLE + +Within a guix shell, you could do that with something like: + +``` +export GN2_PROFILE="${GUIX_ENVIRONMENT}" +export GN2_SETTINGS="/home/frederick/genenetwork/gn2_settings.conf" +export JS_GUIX_PATH="${GN2_PROFILE}/share/genenetwork2/javascript" +export GEMMA_COMMAND="${GN2_PROFILE}/bin/gemma" +export PLINK_COMMAND="${GN2_PROFILE}/bin/plink2" +export GEMMA_WRAPPER_COMMAND="${GN2_PROFILE}/bin/gemma-wrapper" +export REQUESTS_CA_BUNDLE="${GUIX_ENVIRONMENT}/etc/ssl/certs/ca-certificates.crt" +``` + +Note that, you can define all the variables derived from "GN2_PROFILE" in your settings file, if such a settings file is computed. + +### Running Unit Tests + +To run unit tests, run pytest at the root of the repository. + +``` +$ cd /path/to/genenetwork2 +$ pytest +``` + +### Running "mechanical-rob" Tests + +At the root of the repository, run something like: + +``` +python test/requests/test-website.py --all http://localhost:5033 +``` + +Change the port, as appropriate. + + +### Launching Application + +In addition to the minimum set of envvars defined in the "Setup" section above, we need the following variables defined to get the application to launch: + +* FLASK_APP + +In a guix shell, you could do: + +``` +export FLASK_APP="gn2.wsgi" +``` + +Now you can launch the application with flask with something like: + +``` +flask run --port=5033 --with-threads +``` + +or with green unicorn with something like: + +``` +gunicorn --reload \ + --workers 3 \ + --timeout 1200 \ + --log-level="debug" \ + --keep-alive 6000 \ + --max-requests 10 \ + --bind="127.0.0.1:5033" \ + --max-requests-jitter 5 \ + gn2.wsgi:application +``` + +You can change the gunicorn setting to fit your scenario. + + +## Close as completed + +The script has been deleted. diff --git a/issues/genenetwork3/broken-aliases.gmi b/issues/genenetwork3/broken-aliases.gmi index 5735a1c..2bfbdae 100644 --- a/issues/genenetwork3/broken-aliases.gmi +++ b/issues/genenetwork3/broken-aliases.gmi @@ -5,23 +5,184 @@ * type: bug * status: open * priority: high -* assigned: fredm +* assigned: pjotrp * interested: pjotrp * keywords: aliases, aliases server +## Tasks + +* [X] Rewrite server in gn-guile +* [X] Fix menu search +* [X] Fix global search aliases +* [ ] Deploy and test aliases in GN2 ## Repository => https://github.com/genenetwork/gn3 +moved to + +gn-guile repo. + ## Bug Report ### Actual * Go to https://genenetwork.org/gn3/gene/aliases2/Shh,Brca2 -* Not that an exception is raised, with a "404 Not Found" message +* Note that an exception is raised, with a "404 Not Found" message ### Expected * We expected a list of aliases to be returned for the given symbols as is done in https://fallback.genenetwork.org/gn3/gene/aliases2/Shh,Brca2 +## Resolution + +Actually the server is up, but it is not part of the main deployment because it is written in Racket - and we don't have much support in Guix. I wrote the code the days after my bike accident: + +=> https://github.com/genenetwork/gn3/blob/master/gn3/web/wikidata.rkt + +and it is probably easiest to move it to gn-guile. Guile is another Scheme after all ;). Only fitting I spent days in hospital only recently (for a different reason). gn-guile already has its own web server and provides a REST API for our markdown editor, for example. On tux04 it responds with + +``` +curl http://127.0.0.1:8091/version +"4.0.0" +``` + +What we want is to add the aliases server that should respond to + +``` +curl http://localhost:8000/gene/aliases/Shh # direct on tux01 +["9530036O11Rik","Dsh","Hhg1","Hx","Hxl3","M100081","ShhNC","ShhNC"] +curl https://genenetwork.org/gn3/gene/aliases2/Shh,Brca2 +[["Shh",["9530036O11Rik","Dsh","Hhg1","Hx","Hxl3","M100081","ShhNC","ShhNC"]],["Brca2",["Fancd1","RAB163"]]] +``` + +Note this is used by search functionality in GN, as well as the gene aliases list on the mapping page. In principle we cache it for the duration of the running server so as not to overload wikidata. No one uses aliases2, that I can tell, so we only implement the first 'aliases'. + +Note the wikidata interface has been stable all this time. That is good. + +Turns out we already use wikidata in the gn-guile implementation for fetching the wikidata id for a species (as part of metadata retrieval). I wrote that about two years ago as part of the REST API expansion. + +Unfortunately + +``` +(sparql-scm (wd-sparql-endpoint-url) (wikidata-gene-alias "Q24420953")) +``` + +throws a 403 forbidden error. + +This however works: + +``` +scheme@(gn db sparql) [15]> (sparql-wd-species-info "Q83310") +;;; ("https://query.wikidata.org/sparql?query=%0ASELECT%20DISTINCT%20%3Ftaxon%20%3Fncbi%20%3Fdescr%20where%20%7B%0A%20%20%20%20wd%3AQ83310%20wdt%3AP225%20%3Ftaxon%20%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20wdt%3AP685%20%3Fncbi%20%3B%0A%20%20%20%20%20%20schema%3Adescription%20%3Fdescr%20.%0A%20%20%20%20%3Fspecies%20wdt%3AP685%20%3Fncbi%20.%0A%20%20%20%20FILTER%20%28lang%28%3Fdescr%29%3D%27en%27%29%0A%7D%20limit%205%0A%0A") +$11 = "?taxon\t?ncbi\t?descr\n\"Mus musculus\"\t\"10090\"\t\"species of mammal\"@en\n" +``` + +(if you can see the mouse ;). + +Ah, this works + +``` +scheme@(gn db sparql) [17]> (sparql-tsv (wd-sparql-endpoint-url) (wikidata-query-geneids "Shh" )) +;;; ("https://query.wikidata.org/sparql?query=SELECT%20DISTINCT%20%3Fwikidata_id%0A%20%20%20%20%20%20%20%20%20%20%20%20WHERE%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3Fwikidata_id%20wdt%3AP31%20wd%3AQ7187%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20wdt%3AP703%20%3Fspecies%20.%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20VALUES%20%28%3Fspecies%29%20%7B%20%28wd%3AQ15978631%20%29%20%28%20wd%3AQ83310%20%29%20%28%20wd%3AQ184224%20%29%20%7D%20.%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3Fwikidata_id%20rdfs%3Alabel%20%22Shh%22%40en%20.%0A%20%20%20%20%20%20%20%20%7D%0A") +$12 = "?wikidata_id\n<http://www.wikidata.org/entity/Q14860079>\n<http://www.wikidata.org/entity/Q24420953>\n" +``` + +But this does not + +``` +scheme@(gn db sparql) [17]> (sparql-scm (wd-sparql-endpoint-url) (wikidata-query-geneids "Shh" )) +ice-9/boot-9.scm:1685:16: In procedure raise-exception: +In procedure utf8->string: Wrong type argument in position 1 (expecting bytevector): "<html>\r\n<head><title>403 Forbidden</title></head>\r\n<body>\r\n<center><h1>403 Forbidden</h1></center>\r\n<hr><center>nginx/1.18.0</center>\r\n</body>\r\n</html>\r\n" +``` + +Going via tsv does work + +``` +scheme@(gn db sparql) [18]> (tsv->scm (sparql-tsv (wd-sparql-endpoint-url) (wikidata-query-geneids "Shh" ))) + +;;; ("https://query.wikidata.org/sparql?query=SELECT%20DISTINCT%20%3Fwikidata_id%0A%20%20%20%20%20%20%20%20%20%20%20%20WHERE%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3Fwikidata_id%20wdt%3AP31%20wd%3AQ7187%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20wdt%3AP703%20%3Fspecies%20.%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20VALUES%20%28%3Fspecies%29%20%7B%20%28wd%3AQ15978631%20%29%20%28%20wd%3AQ83310%20%29%20%28%20wd%3AQ184224%20%29%20%7D%20.%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3Fwikidata_id%20rdfs%3Alabel%20%22Shh%22%40en%20.%0A%20%20%20%20%20%20%20%20%7D%0A") +$13 = ("?wikidata_id") +$14 = (("<http://www.wikidata.org/entity/Q14860079>") ("<http://www.wikidata.org/entity/Q24420953>")) +``` + +that is nice enough. + +We now got a working alias server that is part of gn-guile. E.g. + +``` +curl http://127.0.0.1:8091/gene/aliases/Brca2 +["breast cancer 2","breast cancer 2, early onset","Fancd1","RAB163","BRCA2, DNA repair associated"] +``` + +it is part of gn-guile. gn-guile also has the 'commit/' handler by Alex, documented as +'curl -X POST http://127.0.0.1:8091/commit' in git-markdown-editor.md. Let's see how that is wired up. The web interface is at, for example, +https://genenetwork.org/editor/edit?file-path=general/help/facilities.md. Part of gn2's + +``` +gn2/wqflask/views.py +398:@app.route("/editor/edit", methods=["GET"]) +408:@app.route("/editor/settings", methods=["GET"]) +414:@app.route("/editor/commit", methods=["GET", "POST"]) +``` + +which has the code + +``` +@app.route("/editor/edit", methods=["GET"]) +@require_oauth2 +def edit_gn_doc_file(): + file_path = urllib.parse.urlencode( + {"file_path": request.args.get("file-path", "")}) + response = requests.get(f"http://localhost:8091/edit?{file_path}") + response.raise_for_status() + return render_template("gn_editor.html", **response.json()) +``` + +Running over localhost. This is unfortunately hard coded, and we should change that! In guix system +configuration it is already a variable as 'genenetwork-configuration-gn-guile-port 8091'. gn-guile should also be visible from outside, so that is a separate configuration. + +Also I note that the mapping page does three requests to wikidata (for mouse, rat and human). That could really be one. + +# Search + +Aliases are also used in search. You can tell when GN search renders too few results that aliases are not used. When aliases work we expect to list '2310010I16Rik' with + +=> https://genenetwork.org/search?species=mouse&group=BXD&type=Hippocampus+mRNA&dataset=HC_M2_0606_P&search_terms_or=sh*&search_terms_and=&FormID=searchResult + +Sheepdog tests for that and it has been failing for a while. + +Global search finds way more results, but also lacks that alias! Meanwhile GN1 does find that alias for record 1431728_at. GN2 finds it with hippocampus mRNA + +=> https://genenetwork.org/search?species=mouse&group=BXD&type=Hippocampus+mRNA&dataset=HC_M2_0606_P&search_terms_or=1431728_at%0D%0A&search_terms_and=&accession_id=None&FormID=searchResult + +in standard search. +But neither 1431728_at or '2310010I16Rik' has a hit in *global* search and the result for Ssh should include the record in both search systems. + +# Deploy + +We introduced a new environment variable that does not show up on CD, part of the mapping page: + +=> + +In the logs on /export2: + +``` +root@tux02:/export2/guix-containers/genenetwork-development/var/log/cd# tail -100 genenetwork2.log +2025-07-20 04:19:43 File "/genenetwork2/gn2/base/trait.py", line 157, in wikidata_alias_fmt +2025-07-20 04:19:43 GN_GUILE_SERVER_URL + "gene/aliases/" + self.symbol.upper()) +2025-07-20 04:19:43 NameError: name 'GN_GUILE_SERVER_URL' is not defined +``` + +One thing I ran into is http://genenetwork.org/gn3-proxy/ - what is that for? + +## Deploy Updates: 2025-08-15 +=> https://git.genenetwork.org/guix-bioinformatics/commit/?id=269f99f1e1f0c253ecdd99f04bc7c6697012b0aa Update commit of gn-guile used on production + +This does not fix the issue on https://gn2-fred.genenetwork.org/show_trait?trait_id=1427571_at&dataset=HC_M2_0606_P, instead we get + +``` +fredm@tux04:~$ curl http://localhost:8091/gene/aliases/Brca2 +Resource not found: /gene/aliases/Brca2 +``` diff --git a/issues/genenetwork/genenetwork3_configuration.gmi b/issues/genenetwork3/genenetwork3_configuration.gmi index fcab572..cdd7c15 100644 --- a/issues/genenetwork/genenetwork3_configuration.gmi +++ b/issues/genenetwork3/genenetwork3_configuration.gmi @@ -1,10 +1,10 @@ -# Genenetwork2 Configurations +# Genenetwork3 Configurations ## Tags * assigned: fredm * priority: normal -* status: open +* status: closed, completed * keywords: configuration, config, gn2, genenetwork, genenetwork2 * type: bug @@ -13,3 +13,7 @@ The configuration file should only ever contain settings, and no code. Remove all code from the default settings file. Eschew executable formats (*.py) for configuration files and prefer non-executable formats e.g. *.cfg, *.json, *.conf etc + +## Closed as Completed + +See commit https://github.com/genenetwork/genenetwork3/commit/977efbb54da284fb3e8476f200206d00cb8e64cd diff --git a/issues/genenetwork3/rqtl2-mapping-error.gmi b/issues/genenetwork3/rqtl2-mapping-error.gmi index 480c7c6..b43d66f 100644 --- a/issues/genenetwork3/rqtl2-mapping-error.gmi +++ b/issues/genenetwork3/rqtl2-mapping-error.gmi @@ -3,7 +3,7 @@ ## Tags * type: bug -* status: open +* status: closed, completed * priority: high * assigned: alexm, zachs, fredm * keywords: R/qtl2, R/qtl2 Maps, gn3, genetwork3, genenetwork 3 @@ -40,3 +40,7 @@ This might imply a code issue: Perhaps * the wrong path value is passed The same error occurs on https://cd.genenetwork.org but does not seem to prevent CD from running the mapping to completion. Maybe something is missing on production — what, though? + +## Closed as Completed + +This seems fixed now. diff --git a/issues/genetics/speeding-up-gemma.gmi b/issues/genetics/speeding-up-gemma.gmi new file mode 100644 index 0000000..91bab17 --- /dev/null +++ b/issues/genetics/speeding-up-gemma.gmi @@ -0,0 +1,492 @@ +# Speeding up GEMMA + +GEMMA is slow, but usually fast enough. Earlier I wrote gemma-wrapper to speed things up. In genenetwork.org, by using gemma-wrapper with LOCO, most traits are mapped in a few seconds on a a large server (30 individuals x 200K markers). By expanding makers to over 1 million, however, runtimes degrade to 6 minutes. Increasing the number of individuals to 1000 may slow mapping down to hour(s). As we are running 'precompute' on 13K traits - and soon maybe millions - it would be beneficial to reduce runtimes again. + +One thing to look at is Sen's bulklmm. It can do phenotypes in parallel, provided there is no missing data. This is perfect for permutations which we'll also do. For multiple phenotypes it is a bit tricky however, because you'll have to mix and match experiments to show the same individuals (read samples). + +So the approach is to first analyze steps in GEMMA and see where it is particularly inefficient. Maybe we can do something about that. I note I started the pangemma effort (and mgamma effort before). The idea is to use a propagator network for incremental improvements and also to introduce a new build system and testing framework. In parallel we'll try to scale out on HPC using Arun's ravanan software. + +There is no such thing as a free lunch. So, let's dive in. + +# Description + +# Tags + +* assigned: pjotrp +* type: feature +* priority: high + +# Tasks + +* [X] Try gzipped version +* [X] Run without debug +* [ ] Use lmdb for genotypes +* - [X] convert genotypes to lmdb +* - [X] replace GEMMA ReadGenotypes +* - [X] replace reading genotypes in AnalyzeBimbam +* - [+] Apply similar SNP filtering as the original +* - [X] Add SNP info tho Geno file +* - [X] Try different geno encodings +* - [+] Fix support for NAs - also in compute +* [X] Use lmdb for SNPs (probably part of Geno file) +* [X] Match output +* [ ] Write lmdb for output with filter +* [X] Optimize openblas for target architecture +* [ ] Use profiler +* [ ] Hash genotypes? Try buf.hash or xxhash +* [ ] Skip highly correlated markers with backtracking +* [ ] Perhaps try a faster malloc library for GEMMA +* [ ] Fix sqrt(NaN) when running big file example with -debug +* [ ] Fix/check assumption that geno is between 0 and 2 +* [ ] Try 64-bit integer index for lmdb +* [ ] Other improvements... + +# Summary + +Convert a geno file to mdb with + +``` +./bin/anno2mdb.rb mouse_hs1940.anno.txt +./bin/geno2mdb.rb mouse_hs1940.geno.txt --anno mouse_hs1940.anno.txt.mdb --eval Gf # convert to floating point +real 0m14.042s +user 0m12.639s +sys 0m0.402s +``` + +``` +../bin/anno2mdb.rb snps-matched.txt +../bin/geno2mdb.rb pangenome-13M-genotypes.txt --geno-json bxd_inds.list.json --anno snps-matched.txt.mdb --eval Gf +../bin/geno2mdb.rb pangenome-13M-genotypes.txt --geno-json bxd_inds.list.json --anno snps-matched.txt.mdb --eval Gb +``` + +even with floats a 30G pangenome genotype file got reduced to 12G. A quick full run of the mdb version takes 6 minutes. That is a massive 3x speedup. It also used less RAM (because it is one process instead of 20) and had a 40x core usage, much of it in the Linux kernel: + +``` +/bin/time -v ./build/bin/Release/gemma -k tmp/93f6b39ec06c09fb9ba9ca628b5fb990921b6c60.11.cXX.txt.cXX.txt -p tmp/pheno.json.txt -g pangenome-13M-genotypes.txt.mdb -lmm 9 -maf 0.1 -n 2 -debug +LD_LIBRARY_PATH=$GUIX_ENVIRONMENT/lib /bin/time -v ./build/bin/Release/gemma -k tmp/93f6b39ec06c09fb9ba9ca628b5fb990921b6c60.3.cXX.txt.cXX.txt -p tmp/pheno.json.txt -g tmp/pangenome-13M-genotypes.txt.mdb -lmm 9 -maf 0.1 -n 2 -no-check +real 5m47.587s +user 39m33.796s +sys 211m1.143s + +Command being timed: "./build/bin/Release/gemma -k tmp/93f6b39ec06c09fb9ba9ca628b5fb990921b6c60.3.cXX.txt.cXX.txt -p tmp/pheno.json.txt -g tmp/pangenome-13M-genotypes.txt.mdb -lmm 9 -maf 0.1 -n 2 -no-check" + User time (seconds): 2169.77 + System time (seconds): 11919.04 + Percent of CPU this job got: 3919% + Elapsed (wall clock) time (h:mm:ss or m:ss): 5:59.48 + Maximum resident set size (kbytes): 13377040 +``` + +as we only read the genotype file once it shows how much is IO bound! Moving to lmdb was the right choice to speed up pangemma. + +Old gemma does: + +``` + Command being timed: "/bin/gemma -k 93f6b39ec06c09fb9ba9ca628b5fb990921b6c60.11.cXX.txt.cXX.txt -p pheno.json.txt -g pangenome-13M-genotypes.txt.gz -a snps-matched.txt -lmm 9 -maf 0.1 -n 2 -no-check" + User time (seconds): 2017.25 + System time (seconds): 62.21 + Percent of CPU this job got: 240% + Elapsed (wall clock) time (h:mm:ss or m:ss): 14:24.17 + Maximum resident set size (kbytes): 9736884 +``` + +So we are at 3x speed. + +With Gb byte encoding the file got further reduced from 13Gb to 4Gb. + +What is more exciting is that LOCO now runs in 30s - compared to gemma's earlier 6 minutes, so that is at 10x speed, using about 1/3 of RAM. Note the CPU usage: + +``` + Command being timed: "./build/bin/Release/gemma -k tmp/93f6b39ec06c09fb9ba9ca628b5fb990921b6c60.3.cXX.txt.cXX.txt -p tmp/pheno.json.txt -g tmp/pangenome-13M-genotypes.txt-Gb.mdb -loco 2 -lmm 9 -maf 0.1 -n 2 -no-check" User time (seconds): 177.81 + System time (seconds): 934.92 + Percent of CPU this job got: 3391% + Elapsed (wall clock) time (h:mm:ss or m:ss): 0:32.80 + Maximum resident set size (kbytes): 4326308 +``` + +it looks like disk IO is no longer the bottleneck. The Gb version is much smaller than Gf, but runtime is only slightly better. So it is time for the profiler to find how we can make use of the other cores! But, for now, I am going to focus on getting the pipeline set up with ravanan. + +# Analysis + +As a test case we'll take on of the runs: + +``` +time -v /bin/gemma -loco 11 -k /export2/data/wrk/services/gemma-wrapper/tmp/tmp/panlmm/93f6b39ec06c09fb9ba9ca628b5fb990921b6c60.11.cXX.txt.cXX.txt -o 680029457111fdd460990f95853131c87ea20c57.11.assoc.txt -p pheno.json.txt -g pangenome-13M-genotypes.txt -a snps-matched.txt -lmm 9 -maf 0.1 -n 2 -outdir /export2/data/wrk/services/gemma-wrapper/tmp/tmp/panlmm/d20251111-588798-f81icw +``` + +which I simplify to + +``` +/bin/time -v /bin/gemma -loco 11 -k 93f6b39ec06c09fb9ba9ca628b5fb990921b6c60.11.cXX.txt.cXX.txt -p pheno.json.txt -g pangenome-13M-genotypes.txt -a snps-matched.txt -lmm 9 -maf 0.1 -n 2 -debug +Reading Files ... +number of total individuals = 143 +number of analyzed individuals = 20 +number of total SNPs/var = 13209385 +number of SNPS for K = 12376792 +number of SNPS for GWAS = 832593 +number of analyzed SNPs = 13111938 +``` + +The timer says: + +``` +User time (seconds): 365.33 +System time (seconds): 16.59 +Percent of CPU this job got: 128% +Elapsed (wall clock) time (h:mm:ss or m:ss): 4:57.01 +Average shared text size (kbytes): 0 +Average unshared data size (kbytes): 0 +Average stack size (kbytes): 0 +Average total size (kbytes): 0 +Maximum resident set size (kbytes): 11073412 +Average resident set size (kbytes): 0 +Major (requiring I/O) page faults: 0 +Minor (reclaiming a frame) page faults: 5756557 +Voluntary context switches: 1365 +nInvoluntary context switches: 478 +Swaps: 0 +File system inputs: 0 +File system outputs: 143704 +Socket messages sent: 0 +Socket messages received: 0 +Signals delivered: 0 +Page size (bytes): 4096 +Exit status: 0 +``` + +The genotype file is unzipped at 30G. Let's try running the gzipped version (which will be beneficial on a compute cluster anyhow) which comes in at 9.2G. We know that Gemma is not the most efficient when it comes to IO. So testing is crucial. +Critically the run gets slower: + +``` +Percent of CPU this job got: 118% +Elapsed (wall clock) time (h:mm:ss or m:ss): 7:43.56 +``` + +The problem is that unzip runs on a single thread in GEMMA, so it is actually slower that the gigantic raw text file. + +## Running without debug + +Without the debug swith gemma runs at the same speed with 128% CPU. That won't help much. + +## Optimizing GEMMA+OpenBLAS+GSL + +Compiling with optimization can be low hanging fruit - despite the fact that we seem to be IO bound at 128% CPU. Still, aggressive compiler optimizations may make a difference. The current build reads: + +``` +GEMMA Version = 0.98.6 (2022-08-05) +Build profile = /gnu/store/8rvid272yb53bgascf5c468z0jhsyflj-profile +GCC version = 14.3.0 +GSL Version = 2.8 +OpenBlas = OpenBLAS 0.3.30 - OpenBLAS 0.3.30 DYNAMIC_ARCH NO_AFFINITY Cooperlake MAX_THREADS=128 +arch = Cooperlake +threads = 96 +parallel type = threaded +``` + +this uses the gemma-gn2 package in + +=> https://git.genenetwork.org/guix-bioinformatics/tree/gn/packages/gemma.scm#n27 + +which is currently not built with arch optimizations (even though Cooperlake suggests differently). Another potential optimization is to use a fast malloc library. We do, however, already compile with a recent gcc, thanks to Guix. No need to improve on that. + +## Introduce lmdb for genotypes + +Rather than focussing on gzip, another potential improvement is to use lmdb with mmap. We am not going to upgrade the original gemma code (which is in maintenance mode). We are going to upgrade the new pangemma project instead: + +=> https://git.genenetwork.org/pangemma/ + +Reason being that this is our experimental project. + +So I just managed to build pangemma/gemma in Guix. Next step is to introduce lmdb genotypes. Genotypes come essentially as a matrix of markers x individuals. In the case of GN geno files and BIMBAM files they are simply stored as tab delimited values and/or probabilities. This happens in + +``` +src/param.cpp +1261:void PARAM::ReadGenotypes(gsl_matrix *UtX, gsl_matrix *K, const bool calc_K) { +1280:void PARAM::ReadGenotypes(vector<vector<unsigned char>> &Xt, gsl_matrix *K, +``` + +calling into + +``` +gemma_io.cpp +644:bool ReadFile_geno(const string &file_geno, const set<string> &setSnps, +1752:bool ReadFile_geno(const string file_geno, vector<int> &indicator_idv, +1857:bool ReadFile_geno(const string &file_geno, vector<int> &indicator_idv, +``` + +which are called from gemma.cpp. Also lmm.cpp reads the geno file in the AnalyzeBimbam function (see file_geno): + +``` +src/lmm.cpp +61: file_geno = cPar.file_geno; +1664: debug_msg(file_geno); +1665: auto infilen = file_geno.c_str(); +2291: cout << "error reading genotype file:" << file_geno << endl; +``` + +Note that also SNPs are read from a file (see file_snps). We already have an lmdb version for that! + +So, reading genotypes happens in multiple places. In fact, it is read 1x for computing K and 2x for GWA. And it is worth than this because LOCO runs GWA 20x rereading the same files. Reading it once using lmdb should speed things up. + +We'll start with the 30G 143samples.percentile.bimbam.bimbam-reduced2 file. To convert this file into lmdb we only do this once. We want to track both column and row names in the same lmdb and we will use a meta JSON record for that. On the command line we'll state wether the genotypes are stored as char or int. Floats will be packed into either of those. We'll expirement a bit to see what the default should be. A genotype is usually a number/character or a probability. In the latter case we don't have to have high precison and can choose to store an index into a range of values. We can also opt for Float16 or something more ad hoc because we don't have to store the exponent. + +But let's start with a standard float here, to keep things simple. To write the first version of code I'll use a byte conversion: + +``` +./bin/geno2mdb.rb BXD.geno.bimbam --eval '{"0"=>0,"1"=>1,"2"=>2,"NA"=>-1}' --pack 'C*' --geno-json BXD.geno.json +``` + +The lmdb file contains a metadata record that looks like: + +``` +{ + "type": "gemma-geno", + "version": 1, + "eval": "G0-2", + "key-format": "string", + "rec-format": "C*", + "geno": { + "type": "gn-geno-to-gemma", + "genofile": "BXD.geno", + "samples": [ + "BXD1", + "BXD2", + "BXD5", +etc. +``` + +i.e. it is a self-contained, efficient, genotype format. There is also another trick, we can use Plink-style compression with + +``` +./bin/geno2mdb.rb BXD.geno.bimbam --eval '{"0"=>0,"1"=>1,"2"=>2,"NA"=>4}' --geno-json BXD.geno.json --gpack 'l.each_slice(4).map { |slice| slice.map.with_index.sum {|val,i| val << (i*2) } }.pack("C*")' +``` + +reducing the original uncompressed BIMBAM from 9.9Mb to 2.7Mb. This is still a lot larger than the gzip compressed BIMBAM, but as I pointed out earlier the uncompressed version is faster by a wide margin. Compressing the lmdb file gets it in range of the compressed BIMBAM btw. So that is always an option. + +Next we create a floating point version. That reduces the file to 30% with + +``` +geno2mdb.rb fp.bimbam --geval 'g.to_f' --pack 'F*' --geno-json bxd_inds.list.json +``` + +and if we compress the probabilities into a byte reduces the file to 10%: + +``` +geno2mdb.rb fp.bimbam --geval '(g.to_f*255.0).to_i' --pack 'C*' --geno-json bxd_inds.list.json +``` + +And now the compressed version is also 4x smaller. We'll have to run gemma at scale to see what the impact is, but an uncompressed 10x reduction schould have an impact on the IO bottle neck. Note how easy it is to try these things with my little Ruby script. + +=> https://github.com/genetics-statistics/gemma-wrapper/blob/master/bin/geno2mdb.rb + +## Use lmdb genotypes from pangemma + +Rather than writing new code in C++ I proceeded embedding guile in pangemma. If it turns out to be a performance problem we can always fall back to C. Here we show a simple test witten in guile that gets called from main.cpp: + +=> https://git.genenetwork.org/pangemma/commit/?id=5b6b5e2ad97b4733125c0845cfae007e8094a687 + +## Some analysis of GEMMA + +GEMMA::BatchRun reads files and executes (b gemma.cpp:1657) +cPar.ReadFiles() + ReadFile_anno + ReadFile_pheno + ReadFile_geno (gemma_io.cpp:652) - first read to fetch SNPs info, num (ns_tset) and total SNPs (ns_total). + - it also does some checks + Note: These can all be handled by the lmdb files. So it saves one run. + +Summary of Mutated Outputs: +* indicator_snp: Binary indicators for which SNPs passed filtering +* snpInfo: Complete metadata for all SNPs in the file +* ns_test: Count of SNPs passing filters +checkpoint("read-geno-file",file_geno); + +Next start LMM9 gemma.cpp:2571 + ReadFile_kin + EigenDecomp_Zeroed + 2713 CalcUtX(U, W, UtW); + 2714 CalcUtX(U, Y, UtY); + CalcLambda + CalcLmmVgVeBeta + CalcPve + cPar.PrintSummary() + debug_msg("fit LMM (one phenotype)"); + cLmm.AnalyzeBimbam lmm.cpp:1665 and + LMM::Analyze lmm.cpp:1704 + + +Based on LLM code analysis, here's what gets mutated in the 'LMM' and Param class: + +### By 'ReadFile_geno': +This is a **standalone function** (not a member of LMM), but it mutates LMM members when passed as parameters: + +1. **'indicator_snp'** - cleared and populated with 0/1 filter flags +2. **'snpInfo'** - cleared and populated with SNP metadata +3. **'ns_test'** - set to count of SNPs that passed all filters + +### By 'LMM::AnalyzeBimbam': +(which calls 'LMM::Analyze') + +**Directly mutated in 'LMM::Analyze':** + +1. **'sumStat'** - PRIMARY OUTPUT + - Cleared at start (implied) + - Populated with one SUMSTAT entry per analyzed SNP + - Contains: beta, se, lambda_remle, lambda_mle, p_wald, p_lrt, p_score, logl_H1 + +2. **'time_UtX'** - timing accumulator + - '+= time_spent_on_matrix_multiplication' + +3. **'time_opt'** - timing accumulator + - '+= time_spent_on_optimization' + +**Read but NOT mutated:** +- 'indicator_snp' - read to determine which SNPs to process +- 'indicator_idv' - read to determine which individuals to include +- 'ni_total', 'ni_test' - used for loop bounds and assertions +- 'n_cvt' - number of covariates, used in calculations +- 'l_mle_null', 'l_min', 'l_max', 'n_region', 'logl_mle_H0' - analysis parameters +- 'a_mode' - determines which statistical tests to run +- 'd_pace' - controls progress bar display + +### Summary Table: + +| Member Variable | Mutated By | Purpose | +|----------------|------------|---------| +| 'indicator_snp' | 'ReadFile_geno' | Which SNPs passed filters | +| 'snpInfo' | 'ReadFile_geno' | SNP metadata (chr, pos, alleles, etc.) | +| 'ns_test' | 'ReadFile_geno' | Count of SNPs to analyze | +| 'sumStat' | 'Analyze' | **Main output**: Statistical results per SNP | +| 'time_UtX' | 'Analyze' | Performance profiling | +| 'time_opt' | 'Analyze' | Performance profiling | + +The key output is **'sumStat'** which contains all the association test results. + +PARAM variables directly mutated by these functions: + + indicator_snp (by ReadFile_geno) + snpInfo (by ReadFile_geno) + ns_test (by ReadFile_geno) + +LMM variables mutated: + + indicator_snp (by ReadFile_geno if passed LMM's copy) + snpInfo (by ReadFile_geno if passed LMM's copy) + ns_test (by ReadFile_geno if passed LMM's copy) + sumStat (by Analyze - this is LMM-only, not in PARAM) + time_UtX, time_opt (by Analyze) + +The actual analysis results (sumStat) exist only in LMM, not in PARAM. + +## Coding for lmdb support + +From above it should be clear that, if we have the genotypes and snp annotations in lmdb, we can skip reading the genotype file the first time. We can also rewrite the 'analyze' functions to fetch this information on the fly. + +Note that OpenBLAS will have to run single threaded when introducing SNP-based threads. + +## Fine grained multithreading + +From above it can be concluded that we can batch process SNPs in parallel. The only output is sumStat and that is written at once at the end. So, if we can collect the sumStat data without collision it should just work. + +Interestingly both Guile and C++ have recently introduced fibers. Boost.Fiber looks pretty clean: + +``` +#include <boost/fiber/all.hpp> +#include <vector> +#include <iostream> + +namespace fibers = boost::fibers; + +// Worker fiber +void compute_worker(int start, int end, + fibers::buffered_channel<int>& channel) { + for (int i = start; i < end; ++i) { + channel.push(i * i); + } +} + +void parallel_compute_fibers() { + fibers::buffered_channel<int> channel(100); + + // Spawn fibers + fibers::fiber f1([&]() { + compute_worker(0, 100, channel); + channel.close(); // Signal completion + }); + + fibers::fiber f2([&]() { + compute_worker(100, 200, channel); + }); + + // Collect results + std::vector<int> results; + int value; + while (fibers::channel_op_status::success == channel.pop(value)) { + results.push_back(value); + } + + f1.join(); + f2.join(); + + std::cout << "Total results: " << results.size() << std::endl; +} +``` + +Compare that with guile: + +``` +(use-modules (fibers) + (fibers channels)) + +;; Worker that streams individual results +(define (compute-worker-streaming start end result-channel) + (let loop ((i start)) + (when (< i end) + (put-message result-channel (* i i)) + (loop (+ i 1)))) + ;; Send completion signal + (put-message result-channel 'done)) + +;; Collector fiber +(define (result-collector result-channel num-workers) + (let loop ((results '()) + (done-count 0)) + (if (= done-count num-workers) + (reverse results) + (let ((msg (get-message result-channel))) + (if (eq? msg 'done) + (loop results (+ done-count 1)) + (loop (cons msg results) done-count)))))) + +(define (parallel-compute-streaming) + (run-fibers + (lambda () + (let ((result-channel (make-channel))) + + ;; Spawn workers + (spawn-fiber + (lambda () (compute-worker-streaming 0 100 result-channel))) + (spawn-fiber + (lambda () (compute-worker-streaming 100 200 result-channel))) + + ;; Collect results + (result-collector result-channel 2))))) +``` + +The Boost fiber is a relatively mature library now, with about 8+ years of development and real-world usage. +Interestingly Boost.fibers has work stealing built in. We can look at that later: + +=> https://www.boost.org/doc/libs/1_66_0/libs/fiber/doc/html/fiber/worker.html + +What about LOCO? Actually we can use the same fiber strategy for each chromosome as a per CHR process. We can set the number of threads differently based on chromosome SNP num, so all chromosomes take (about) the same time. Later, we can bring LOCO into one process with the advantage that the genotype data is only read once. In both cases the kinship matrices are in RAM anyway. + +# Reducing the size of the genotype file + +The first version of lmdb genotypes used simple floats. That reduced the pangenome text version from 30Gb to 12Gb with about a 3x speedup of gemma. Next I tried byte representation of the genotypes. + +# Optimizing SNP handling + +GEMMA originally used a separate SNP annotation file which proves inefficient. Now we transform the geno information to lmdb, we might as well include chr+pos. We'll make the key out of that and add a table with marker annotation. + +# Optimizing the index + +I opted for using a CHR+POS index (byte+long value). There are a few things to consider. There may be duplicates and there may be missing values. Also LMDB likes and integer index. The built-in dubsort does not work, so we need to create a unique pos for every variant. I'll do that by adding the line number. diff --git a/issues/gn-auth/email_verification.gmi b/issues/gn-auth/email_verification.gmi index fff3d54..07e2b04 100644 --- a/issues/gn-auth/email_verification.gmi +++ b/issues/gn-auth/email_verification.gmi @@ -12,7 +12,7 @@ When setting up e-mail verification, the following configurations should be set for gn-auth: -SMTP_HOST = "smtp.uthsc.edu" +SMTP_HOST = "smtp.uthsc" SMTP_PORT = 25 (not 587, which is what we first tried) SMTP_TIMEOUT = 200 # seconds diff --git a/issues/gn-auth/fix-refresh-token.gmi b/issues/gn-auth/fix-refresh-token.gmi index 1a6a825..222b731 100644 --- a/issues/gn-auth/fix-refresh-token.gmi +++ b/issues/gn-auth/fix-refresh-token.gmi @@ -2,7 +2,7 @@ ## Tags -* status: open +* status: closed, obsolete * priority: high * assigned: fredm * type: feature-request, bug @@ -51,3 +51,8 @@ This actually kills 2 birds with the one stone: * Get the refresh token from the cookies rather than from the body * Maybe: make refreshing the access token unaware of threads/workers + + +## Close as Obsolete + +We no longer do refresh tokens at all, they were a pain to look into, so I simply removed them from the system. diff --git a/issues/gn-auth/pass-on-unknown-get-parameters.gmi b/issues/gn-auth/pass-on-unknown-get-parameters.gmi new file mode 100644 index 0000000..a349800 --- /dev/null +++ b/issues/gn-auth/pass-on-unknown-get-parameters.gmi @@ -0,0 +1,17 @@ +# Pass on Unknown GET Parameters + +## Tags + +* status: open +* priority: medium +* type: feature-request, enhancement +* assigned: fredm, zsloan +* keywords: gn-auth, authorisation + +## Description + +A developer or user could be needing to access some feature hidden behind some flag (so called, "feature flags"). Some of these flags are set using known (to the application and developer/user) GET parameters. + +If the user provides these get parameters before login, then go through the login process, the unknown GET parameters are dropped silently, and the user has to them manually set them up again. This, while not a big deal, is annoying and wastes a few seconds each time. + +This feature request proposes to pass any unknown GET parameters untouched through the authentication/authorisation server and back to the authenticating client during the login process, to mitigate this small annoyance. diff --git a/issues/gn-auth/rework-view-resource-page.gmi b/issues/gn-auth/rework-view-resource-page.gmi new file mode 100644 index 0000000..2d6e145 --- /dev/null +++ b/issues/gn-auth/rework-view-resource-page.gmi @@ -0,0 +1,22 @@ +# Rework "View-Resource" Page + +## Tags + +* status: closed, completed +* priority: medium +* type: enhancement +* assigned: fredm, zsloan +* keywords: gn-auth, resource, resources, view resource + +## Description + +The view resource page ('/oauth2/resource/<uuid>/view') was built with only Genotype, Phenotype, and mRNA resources in mind. + +We have since moved on, and added more types of resources (group, system, inbredset-group, etc). This leads to the page breaking for these other types of resources. + +We need to update the UI and route to ensure the page renders correctly for each type, or at the very least, redirects to the correct page (e.g. in the case of groups, which have a separate "view group" page). + + +## Close as complete + +This is fixed now. diff --git a/issues/gn-guile/activations-on-production-not-running-as-expected.gmi b/issues/gn-guile/activations-on-production-not-running-as-expected.gmi new file mode 100644 index 0000000..be9cc00 --- /dev/null +++ b/issues/gn-guile/activations-on-production-not-running-as-expected.gmi @@ -0,0 +1,57 @@ +# gn-guile: Activations on Production not Running as Expected + +## Tags + +* status: closed, completed, fixed +* priority: high +* type: bug +* assigned: bonfacem, fredm, aruni +* keywords: gn-guile, deployment, activation-service-type + +## Description + +With the recent changes to guix's `least-authority-wrapper` we can no longer write to the root filesystem ("/"). That is not much of a problem. + +So I tried adding `#:directory (dirname gn-doc-git-checkout)` to the `make-forkexec-constructor` for the `gn-guile-shepherd-service` and that actually changes the working directory of the process, as I would expect. + +In `genenetwork-activation` I add: + +``` + ;; setup correct ownership for gn-docs + (for-each (lambda (file) + (chown file + (passwd:uid (getpw "genenetwork")) + (passwd:gid (getpw "genenetwork")))) + (find-files #$(dirname gn-doc-git-checkout) + #:directories? #t)) +``` + +which, ideally, should change ownership of the parent directory of the bare git checkout for "gn-docs" when we build/start the container. This does not happen — the directory is still owned by root. + +My thinking goes, the "genenetwork" user[1] is not yet created at the point when the activation[2] is run, leading to the service failing to start. + +The reason I think this, is because, when I do: + +``` +fredm@tux04:/...$ sudo guix container exec <container-pid> /run/current-system/profile/bin/bash --login +root@genenetwork-gn2-fred /# chown -R genenetwork:genenetwork /var/lib/genenetwork/ +root@genenetwork-gn2-fred /# chown -R genenetwork:genenetwork /var/lib/genenetwork/ +``` + +The bound directory's permissions change, and we can now enable and start the service: + +``` +root@genenetwork-gn2-fred /# herd enable gn-guile +root@genenetwork-gn2-fred /# herd start gn-guile +``` + +which starts the service as expected. We can also simply restart the entire container at this point, and it works too. + +## Footnotes + +=> https://git.genenetwork.org/gn-machines/tree/genenetwork/services/genenetwork.scm?id=e425671e69a321a032134fafee974442e8c1ce6f#n167 [1] "genenetwork" user declaration +=> https://git.genenetwork.org/gn-machines/tree/genenetwork/services/genenetwork.scm?id=e425671e69a321a032134fafee974442e8c1ce6f#n680 [2] Activation of services (see also the account-service-type being extended with the "genenetwork" user). + +## Close as Fixed + +This issue is fixed, with newer Guix and changes that @bonz did to the gn-machines repo. diff --git a/issues/gn-libs/jobs-allow-job-cascades.gmi b/issues/gn-libs/jobs-allow-job-cascades.gmi new file mode 100644 index 0000000..f659f32 --- /dev/null +++ b/issues/gn-libs/jobs-allow-job-cascades.gmi @@ -0,0 +1,26 @@ +# Jobs: Allow Job Cascades + +## Tags + +* status: open +* priority: medium +* type: enhancement +* assigned: fredm, zsloan +* keywords: gn-libs, genenetwork, async jobs, asynchronous jobs, background jobs + +## Description + +Some jobs could require more than a single command/script to be run to complete. + +Rather than refactoring/rewriting the entire "async jobs" feature, I propose adding a way to note who started a job, i.e. +* the user, OR +* another job + +This could be tracked in an extra field in the database, say "started_by" which can have values of the form +* "user:<user-id>" +* "job:<job-id>" +where the parts in the angle bracket (i.e. "<user-id>" and "<job-id>") are replaced by actual ids. + +## Related Issues + +=> /issues/gn-libs/jobs-track-who-jobs-belong-to diff --git a/issues/gn-libs/jobs-track-who-jobs-belong-to.gmi b/issues/gn-libs/jobs-track-who-jobs-belong-to.gmi new file mode 100644 index 0000000..00eaf21 --- /dev/null +++ b/issues/gn-libs/jobs-track-who-jobs-belong-to.gmi @@ -0,0 +1,23 @@ +# Jobs: Track Who Jobs Belong To + +## Tags + +* status: open +* priority: medium +* type: enhancement +* assigned: fredm, zsloan +* keywords: gn-libs, genenetwork, async jobs, asynchronous jobs, background jobs + +## Description + +Some features in Genenetwork require long-running processes to be triggered and run in the background. We have a way to trigger such background processes, but there is no way of tracking who started what job, and therefore, no real way for a user to list only their jobs. + +This issue will track the introduction of such tracking. This will enable the building new job-related functionality such as a user being able to: +* list their past, unexpired jobs +* delete past jobs +* possibly rerun jobs that failed but are recoverable +* see currently running jobs, and their status + +## Related Issues + +=> /issues/gn-libs/jobs-allow-job-cascades diff --git a/issues/gn-uploader/AuthorisationError-gn-uploader.gmi b/issues/gn-uploader/AuthorisationError-gn-uploader.gmi index 50a236d..262ad19 100644 --- a/issues/gn-uploader/AuthorisationError-gn-uploader.gmi +++ b/issues/gn-uploader/AuthorisationError-gn-uploader.gmi @@ -2,7 +2,7 @@ ## Tags * assigned: fredm -* status: open +* status: closed, obsoleted * priority: critical * type: error * key words: authorisation, permission @@ -64,3 +64,7 @@ Genetic type: intercross And when pressed the `Create Population` icon, it led to the error above. +## Closed as Obsolete + +* The service this was happening on (https://staging-uploader.genenenetwork.org) is no longer running +* Most of the authorisation issues are resolved in newer code diff --git a/issues/export-uploaded-data-to-RDF-store.gmi b/issues/gn-uploader/export-uploaded-data-to-RDF-store.gmi index c39edec..3ef05cd 100644 --- a/issues/export-uploaded-data-to-RDF-store.gmi +++ b/issues/gn-uploader/export-uploaded-data-to-RDF-store.gmi @@ -6,7 +6,7 @@ * priority: medium * type: feature-request * status: open -* keywords: API, data upload +* keywords: API, data upload, gn-uploader ## Description @@ -73,10 +73,16 @@ The metadata is useful for searching for the data. The "metadata->rdf" project[4 * [ ] How do we handle this? +## Related Issues and Topics + +=> https://issues.genenetwork.org/topics/next-gen-databases/design-doc +=> https://issues.genenetwork.org/topics/lmms/rqtl2/using-rqtl2-lmdb-adapter +=> https://issues.genenetwork.org/issues/dump-sample-data-to-lmdb +=> https://issues.genenetwork.org/topics/database/genotype-database ## Footnotes -=> https://gitlab.com/fredmanglis/gnqc_py 1: QC/Data upload project repository +=> https://git.genenetwork.org/gn-uploader/ 1: QC/Data upload project (gn-uploader) repository => https://github.com/genenetwork/genenetwork3/pull/130 2: Munyoki's Pull request => https://github.com/BonfaceKilz/gn-dataset-dump 3: Dataset -> LMDB export repository -=> https://github.com/genenetwork/dump-genenetwork-database 4: Metadata -> RDF export repository +=> https://git.genenetwork.org/gn-transform-databases/ 4: Metadata -> RDF export repository diff --git a/issues/gn-uploader/guix-build-gn-uploader-error.gmi b/issues/gn-uploader/guix-build-gn-uploader-error.gmi index 44a5c4b..aeb6308 100644 --- a/issues/gn-uploader/guix-build-gn-uploader-error.gmi +++ b/issues/gn-uploader/guix-build-gn-uploader-error.gmi @@ -86,7 +86,7 @@ Filesystem Size Used Avail Use% Mounted on so we know that's not a problem. -A similar thing had shown up on space.uthsc.edu. +A similar thing had shown up on our space server. ### More Troubleshooting Efforts diff --git a/issues/gn-uploader/handling-tissues-in-uploader.gmi b/issues/gn-uploader/handling-tissues-in-uploader.gmi index 826af15..0c43040 100644 --- a/issues/gn-uploader/handling-tissues-in-uploader.gmi +++ b/issues/gn-uploader/handling-tissues-in-uploader.gmi @@ -2,11 +2,11 @@ ## Tags -* status: open +* status: closed, wontfix * priority: high * assigned: fredm * type: feature-request -* keywords: gn-uploader, tissues +* keywords: gn-uploader, tissues, archived ## Description @@ -112,3 +112,9 @@ ALTER TABLE Tissue MODIFY Id INT(5) UNIQUE NOT NULL; * [1] https://gn1.genenetwork.org/webqtl/main.py?FormID=schemaShowPage#ProbeFreeze * [2] https://gn1.genenetwork.org/webqtl/main.py?FormID=schemaShowPage#Tissue + +## Closed as WONTFIX + +I am closing this issue because it was created (2024-03-28) while I had a fundamental misunderstanding of the way data is laid out in the database. + +The information on the schema/layout of the tables is still useful, but chances are, we'll look at the tables themselves anyway should we need to figure out the schema. diff --git a/issues/gn-uploader/link-authentication-authorisation.gmi b/issues/gn-uploader/link-authentication-authorisation.gmi index 90b8e5e..b64f887 100644 --- a/issues/gn-uploader/link-authentication-authorisation.gmi +++ b/issues/gn-uploader/link-authentication-authorisation.gmi @@ -2,7 +2,7 @@ ## Tags -* status: open +* status: closed, completed * assigned: fredm * priority: critical * type: feature request, feature-request @@ -13,3 +13,9 @@ The last chain in the link to the uploads is the authentication/authorisation. Once the user uploads their data, they need access to it. The auth system, by default, will deny anyone/everyone access to any data that is not linked to a resource and which no user has any roles allowing them access to the data. We, currently, assign such data to the user manually, but that is not a sustainable way of working, especially as the uploader is exposed to more and more users. + +### Close as Completed + +The current iteration of the uploader does actually take into account the user that is uploading the data, granting them ownership of the uploaded data. By default, the data is not public, and is only accessible to the user who uploaded it. + +The user who uploads the data (and therefore own it) can later grant access to other users of the system. diff --git a/issues/gn-uploader/probeset-not-applicable-to-all-data.gmi b/issues/gn-uploader/probeset-not-applicable-to-all-data.gmi index 1841d36..af3b274 100644 --- a/issues/gn-uploader/probeset-not-applicable-to-all-data.gmi +++ b/issues/gn-uploader/probeset-not-applicable-to-all-data.gmi @@ -4,7 +4,7 @@ * type: bug * assigned: fredm -* status: open +* status: closed * priority: high * keywords: gn-uploader, uploader, ProbeSet @@ -20,3 +20,10 @@ applicable to our data, I don't think. ``` It seems like some of the data does not require a ProbeSet, and in that case, it should be possible to add it without one. + + +## Notes + +This "bug" is obsoleted by the fact that the implementation leading to it was entirely wrong. + +The feature that was leading to this bug no longer exists, and will have to be re-implemented from scratch with the involvement of @acenteno. diff --git a/issues/gn-uploader/provide-page-for-uploaded-data.gmi b/issues/gn-uploader/provide-page-for-uploaded-data.gmi index 60b154b..5ab7f80 100644 --- a/issues/gn-uploader/provide-page-for-uploaded-data.gmi +++ b/issues/gn-uploader/provide-page-for-uploaded-data.gmi @@ -2,7 +2,7 @@ ## Tags -* status: open +* status: closed, completed * assigned: fredm * priority: medium * type: feature, feature request, feature-request @@ -20,3 +20,8 @@ Once a user has uploaded their data, provide them with a landing page/dashboard Depends on => /issues/gn-uploader/link-authentication-authorisation + + +## Close as complete + +Current uploader directs user to a view of the data they uploader on GN2. This is complete. diff --git a/issues/gn-uploader/replace-redis-with-sqlite3.gmi b/issues/gn-uploader/replace-redis-with-sqlite3.gmi index 3e5020a..d3f94f0 100644 --- a/issues/gn-uploader/replace-redis-with-sqlite3.gmi +++ b/issues/gn-uploader/replace-redis-with-sqlite3.gmi @@ -15,3 +15,15 @@ We currently (as of 2024-06-27) use Redis for tracking any asynchronous jobs (e. A lot of what we use redis for, we can do in one of the many SQL databases (we'll probably use SQLite3 anyway), which are more standardised, and easier to migrate data from and to. It has the added advantage that we can open multiple connections to the database, enabling the different processes to update the status and metadata of the same job consistently. Changes done here can then be migrated to the other systems, i.e. GN2, GN3, and gn-auth, as necessary. + +### 2025-12-31: Progress Update + +Initial basic implementation can be found in: + +=> https://git.genenetwork.org/gn-libs/tree/gn_libs/jobs +=> https://git.genenetwork.org/gn-uploader/commit/?id=774a0af9db439f50421a47249c57e5a0a6932301 +=> https://git.genenetwork.org/gn-uploader/commit/?id=589ab74731aed62b1e1b3901d25a95fc73614f57 + +and others. + +More work needs to be done to clean-up some minor annoyances. diff --git a/issues/gn-uploader/samplelist-details.gmi b/issues/gn-uploader/samplelist-details.gmi deleted file mode 100644 index 2e64d8a..0000000 --- a/issues/gn-uploader/samplelist-details.gmi +++ /dev/null @@ -1,17 +0,0 @@ -# Explanation of how Sample Lists are handled in GN2 (and may be handled moving forward) - -## Tags - -* status: open -* assigned: fredm, zsloan -* priority: medium -* type: documentation -* keywords: strains, gn-uploader - -## Description - -Regarding the order of samples/strains, it can basically be whatever we decide it is. It just needs to stay consistent (like if there are multiple genotype files). It only really affects how the strains are displayed, and any other genotype files we use for mapping needs to share the same order. - -I think this is the case regardless of whether it's strains or individuals (and both the code and files make no distinction). Sometimes it just logically makes sense to sort them in a particular way for display purposes (like BXD1, BXD2, etc), but technically everything would still work the same if you swapped those columns across all genotype files. Users would be confused about why BXD2 is before BXD1, but everything would still work and all calculations would give the same results. - -zsloan's proposal for handling sample lists in the future is to just store them in a JSON file in the genotype_files/genotype directory. diff --git a/issues/gn-volt-genofiles-parsing-integration.gmi b/issues/gn-volt-genofiles-parsing-integration.gmi index 8d3d149..e1b0162 100644 --- a/issues/gn-volt-genofiles-parsing-integration.gmi +++ b/issues/gn-volt-genofiles-parsing-integration.gmi @@ -5,7 +5,7 @@ * assigned: alexm, * type: improvement * priority: high -* status: in progress +* status: stalled, closed. ## Notes diff --git a/issues/gnqa/implement-no-login-requirement-for-gnqa.gmi b/issues/gnqa/implement-no-login-requirement-for-gnqa.gmi index 9dcef53..5b0a1ff 100644 --- a/issues/gnqa/implement-no-login-requirement-for-gnqa.gmi +++ b/issues/gnqa/implement-no-login-requirement-for-gnqa.gmi @@ -3,7 +3,7 @@ ## Tags * type: feature -* status: progress +* status: completed, closed * priority: medium * assigned: alexm, * keywords: gnqa, user experience, authentication, login, llm @@ -15,6 +15,6 @@ This feature will allow usage of LLM/GNQA features without requiring user authen ## Tasks * [x] If logged in: perform AI search with zero penalty -* [ ] Add caching lifetime to save on token usage -* [ ] Routes: check for referrer headers — if the previous search was not from the homepage, perform AI search -* [ ] If global search returns more than *n* results (*n = number*), perform an AI search +* [x] Add caching lifetime to save on token usage +* [x] Routes: check for referrer headers — if the previous search was not from the homepage, perform AI search +* [x] If global search returns more than *n* results (*n = number*), perform an AI search diff --git a/issues/gnqa/merge-gnqa-to-production.gmi b/issues/gnqa/merge-gnqa-to-production.gmi index 3d34bb1..6e5f119 100644 --- a/issues/gnqa/merge-gnqa-to-production.gmi +++ b/issues/gnqa/merge-gnqa-to-production.gmi @@ -4,6 +4,7 @@ * assigned: alexm, * keywords: production, GNQA, integration +* status: closed, completed ## Description @@ -12,5 +13,5 @@ be pushed to production. We need to allow only logged-in users to access the ser ## Tasks -* [] Integrate GN-auth for the service -* [] Push production to the current commit \ No newline at end of file +* [x] Integrate GN-auth for the service +* [x] Push production to the current commit \ No newline at end of file diff --git a/issues/gnqna/query-bug-DatabaseError.gmi b/issues/gnqna/query-bug-DatabaseError.gmi new file mode 100644 index 0000000..b8c1cfc --- /dev/null +++ b/issues/gnqna/query-bug-DatabaseError.gmi @@ -0,0 +1,37 @@ +# Query Bug: DatabaseError + +## Tags + +* assigned: fredm, bonfacem +* priority: high +* status: open +* type: bug +* keywords: gnqna + +## Descriptions + +* Go to https://genenetwork.org/gnqna +* Type in a query +* Press "Enter" +* Observe the error "DatabaseError" with a status code of 500. + +Expected: Query returns a result. + + +## Troubleshooting: 2025-10-27 + +* GNQNA's deployment is not part of the gn-machine's definitions! + +## Troubleshooting: 2025-12-31 + +If a user **IS NOT** logged in, the system responds with: + +``` +Search_Query: +Status_Code: 500 +Error/Reason: Login/Verification required to make this request +``` + +On the other hand, if a user is logged in, a query returns a result. + +We, therefore, probably need to notify the user that they need to be logged in to use this service. diff --git a/issues/guix-bioinformatics/guix-updates.gmi b/issues/guix-bioinformatics/guix-updates.gmi new file mode 100644 index 0000000..9c65fb9 --- /dev/null +++ b/issues/guix-bioinformatics/guix-updates.gmi @@ -0,0 +1,18 @@ +# Planned Guix Updates + +## Tags + +* status: open +* priority: medium +* type: enhancement +* assigned: fredm, bonfacem +* keywords: guix-bioinformatics, guix +* interested: pjotrp, aruni + +## Description + +The following outlines issues around the next upgrade: + +* Update pinned guix commit to the latest and see whether inferior profiles for the laminar user are properly created. +* Rust packages (new package build system) we need to think about. + diff --git a/issues/guix-bioinformatics/pin-channels-commits.gmi b/issues/guix-bioinformatics/pin-channels-commits.gmi new file mode 100644 index 0000000..216dd24 --- /dev/null +++ b/issues/guix-bioinformatics/pin-channels-commits.gmi @@ -0,0 +1,39 @@ +# Pin Channel Commits; Decouple from Guix + +## Tags + +* status: closed +* priority: medium +* type: enhancement +* assigned: fredm, bonfacem, aruni +* keywords: guix-bioinformatics, guix +* interested: pjotrp, aruni + +## Description + +Changes in upstream Guix often lead to deployment issues, due to breakages caused by changes in how GNU Guix does things. This interrupts our day-to-day operations, leading us to scramble to fix the breakages and make the builds sane again. + +In order to avoid these breakages in the future, we'll need to actually pin the commit(s) for all the channels we depend on, to avoid surprises down the line. + +### Channel Dependencies + +We depend on the following channels in guix-bioinformatics: + +* guix: Mainline Guix channel +* guix-past: Channel for old packages, no longer maintained on guix mainline +* guix-rust-past-crates: Channel for rust packages using the old packaging form +* guix-forge: Manages building containers and whatnot. The dependence is implicit here, but it is one of the main causes of breakages + +### Tasks + +* [x] Pin guix channel +* [x] Pin guix-past +* [x] Pin guix-rust-past-crates channel +* [x] Pin guix-forge channel +* [ ] Move packages from (gn packages bioinformatics) to upstream (gnu packages bioinformatics) + +### Solution + +To allow guix-bioinformatics to continue improving, while preventing random breakages, we stopped depending on guix-bioinformatics directly, rather, we changed our main channel to gn-machines, and there, we pinned the version of guix-bioinformatics we depend on. + +This allows us to continue updating our packages while keeping the channel dependencies relatively stable. diff --git a/issues/guix-ci-tests.gmi b/issues/guix-ci-tests.gmi new file mode 100644 index 0000000..ce56705 --- /dev/null +++ b/issues/guix-ci-tests.gmi @@ -0,0 +1,47 @@ +# Guix CI failure: guix-past build breaks due to missing (libchop) + +# Tags + +* assigned: bonfacem +* type: bug, infrastructure +* priority: high + +# Notes + +After fixing a permissions issue in the Laminar CI environment (/var/guix/profiles/per-user/laminar): + +``` +[laminar] Executing cfg/jobs/gn-libs.run Backtrace: 9 (primitive-load "/var/lib/laminar/cfg/jobs/gn-libs.run") In ice-9/boot-9.scm: 152:2 8 (with-fluid* _ _ _) In ice-9/eval.scm: 202:51 7 (_ #(#(#<directory (guile-user) 7fce0bc71c80> #<pro?> ?))) 293:34 6 (_ #(#(#<directory (guile-user) 7fce0bc71c80> #<pro?> ?))) In guix/inferior.scm: 1006:4 5 (inferior-for-channels _ #:cache-directory _ #:ttl _) In ice-9/boot-9.scm: 1752:10 4 (with-exception-handler _ _ #:unwind? _ # _) In guix/store.scm: 690:37 3 (thunk) 1331:8 2 (call-with-build-handler #<procedure 7fce00e9f0c0 at g?> ?) In guix/inferior.scm: 951:2 1 (cached-channel-instance #<store-connection 256.100 7f?> ?) In ice-9/boot-9.scm: 1685:16 0 (raise-exception _ #:continuable? _) ice-9/boot-9.scm:1685:16: In procedure raise-exception: In procedure mkdir: Permission denied: "/var/guix/profiles/per-user/laminar" +``` + +... by (inside the container) running: + +``` +mkdir -p /var/guix/profiles/per-user/laminar +chown -R laminar:laminar /var/guix/profiles/per-user/laminar +``` + +... the CI progressed further but now fails when attempting to build guix-past. The failure is caused by an unbound variable error for the module (libchop), indicating a mismatch or missing dependency in the pinned Guix channels. + +Error Log: + +``` +(exception unbound-variable (value #f) + (value "Unbound variable: ~S") + (value (libchop)) (value #f)) + +builder for /gnu/store/gx57wj08yv0x0g1r8rbnwcp2fc58lqvx-guix-past.drv +failed to produce output path +/gnu/store/n3q0sgqwm9mwvna5215npwmdfigfyr9f-guix-past + +cannot build derivation +/gnu/store/3fwagz1p9vv3h020lwb2ab52f6wj6z1g-profile.drv: +1 dependencies couldn't be built +``` + +# Resolution + +* Inside genenetwork-development.scm, manually create `/var/guix/profiles/per-user/laminar` if it doesn't exist. +* Update the relevant .guix-channel file to match channels in guix-bioinformatics. + +* closed diff --git a/issues/implement-gn-markdown-editor.gmi b/issues/implement-gn-markdown-editor.gmi index 7d7d08f..a0d386b 100644 --- a/issues/implement-gn-markdown-editor.gmi +++ b/issues/implement-gn-markdown-editor.gmi @@ -13,7 +13,7 @@ Example of similar implementation * assigned: alexm * type: enhancement -* status: IN PROGRESS +* status: done, completed. * keywords: markdown,editor @@ -23,7 +23,7 @@ Example of similar implementation * [x] add live preview for page markdown on edit -* [] authentication(WIP) +* [x] authentication * [x] commit changes to github repo diff --git a/issues/implement_xapian_to_text_transformer.gmi b/issues/implement_xapian_to_text_transformer.gmi index a3c3dc8..192491a 100644 --- a/issues/implement_xapian_to_text_transformer.gmi +++ b/issues/implement_xapian_to_text_transformer.gmi @@ -4,7 +4,7 @@ * assigned: alexm, jnduli * keywords: llm, genenetwork2, xapian, transform * type: feature -* status: in-progress +* status: closed, completed ## Description: diff --git a/issues/prevent-weak-passwords.gmi b/issues/prevent-weak-passwords.gmi index 8e8ca2f..957a170 100644 --- a/issues/prevent-weak-passwords.gmi +++ b/issues/prevent-weak-passwords.gmi @@ -19,3 +19,11 @@ There was a request made to prevent weak passwords. Use existing libraries to check and prevent weak passwords. + +## Notes + +### 2025-12-31: Look Into Libraries + +=> https://pypi.org/project/password-strength/ password-strength + +The library above seems promising. Unfortunately, we'd have to write a guix definition for it. diff --git a/issues/provide-link-to-register-user-in-sign-in-page.gmi b/issues/provide-link-to-register-user-in-sign-in-page.gmi index 24d7c21..b9e6a4d 100644 --- a/issues/provide-link-to-register-user-in-sign-in-page.gmi +++ b/issues/provide-link-to-register-user-in-sign-in-page.gmi @@ -3,7 +3,7 @@ ## Tags * type: bug -* status: open +* status: closed * assigned: fredm * priority: medium * keywords: register user, gn-auth, genenetwork @@ -16,3 +16,8 @@ Provide a link allowing a user to register with the system on the sign-in page. We are now using OAuth2 to enable sign-in, which means that the user is redirected from the service they were in to the authorisation service to sign-in. The service should retain a note of the service which the user came from, and redirect back to it on successful registration. + + +### Close as Completed + +@zachs seems to have fixed this. diff --git a/issues/quality-control/r-qtl2-features.gmi b/issues/quality-control/r-qtl2-features.gmi index eac53c4..bcc5d71 100644 --- a/issues/quality-control/r-qtl2-features.gmi +++ b/issues/quality-control/r-qtl2-features.gmi @@ -3,7 +3,7 @@ ## Tags * type: listing -* status: open +* status: closed, completed * assigned: fredm * priority: high * keywords: listing, bug, feature @@ -12,5 +12,9 @@ This is a listing of non-critical features and bugs that do not currently have a dedicated issue, and need to be handled some time in the future. -* [feature] "Undo Transpose": Files marked as '*_transposed: true' will have the transposition undone to ease processing down the line. +* Closed, completed: [feature] "Undo Transpose": Files marked as '*_transposed: true' will have the transposition undone to ease processing down the line. * … + +### Close as completed + +Actually open dedicated issues for bugs and features rather than collecting them here. diff --git a/issues/systems/apps.gmi b/issues/systems/apps.gmi index b9d4155..e374250 100644 --- a/issues/systems/apps.gmi +++ b/issues/systems/apps.gmi @@ -194,14 +194,32 @@ Package definition is at Container is at -=> https://git.genenetwork.org/guix-bioinformatics/tree/gn/services/bxd-power-container.scm +=> https://git.genenetwork.org/gn-machines/tree/gn/services/mouse-longevity.scm + +gaeta:~/iwrk/deploy/gn-machines$ guix system container -L . -L ~/guix-bioinformatics --verbosity=3 test-r-container.scm -L ~/iwrk/deploy/guix-forge/guix +forge/nginx.scm:145:40: error: acme-service-type: unbound variable +hint: Did you forget `(use-modules (forge acme))'? + ## jumpshiny Jumpshiny is hosted on balg01. Scripts are in tux02 git. +=> git.genenetwork.org:/home/git/shared/source/jumpshiny + ``` root@balg01:/home/j*/gn-machines# . /usr/local/guix-profiles/guix-pull/etc/profile guix system container --network -L . -L ../guix-forge/guix/ -L ../guix-bioinformatics/ -L ../guix-past/modules/ --substitute-urls='https://ci.guix.gnu.org https://bordeaux.guix.gnu.org https://cuirass.genenetwork.org' test-r-container.scm -L ../guix-forge/guix/gnu/store/xyks73sf6pk78rvrwf45ik181v0zw8rx-run-container /gnu/store/6y65x5jk3lxy4yckssnl32yayjx9nwl5-run-container ``` + +Currently: + +Jumpshiny: as aijun, cd services/jumpshiny and ./.guix-run + + +## JUMPsem_web + +Another shiny app to run on balg01. + +Jumpshiny: as aijun, cd services/jumpsem and ./.guix-run diff --git a/issues/systems/octopus.gmi b/issues/systems/octopus.gmi index c510fd9..3a6d317 100644 --- a/issues/systems/octopus.gmi +++ b/issues/systems/octopus.gmi @@ -1,6 +1,9 @@ # Octopus sysmaintenance -Reopened tasks because of new sheepdog layout and add new machines to Octopus and get fiber optic network going with @andreag. See also +Reopened tasks because of new sheepdog layout and add new machines to Octopus and get fiber optic network going with @andreag. +IT recently upgraded the network switch, so we should have great interconnect between all nodes. We also need to work on user management and network storage. + +See also => ../../topics/systemtopics/systems/hpcs/hpc/octopus-maintenance @@ -14,7 +17,7 @@ Reopened tasks because of new sheepdog layout and add new machines to Octopus an # Tasks -* [ ] add lizardfs to nodes +* [X] add lizardfs to nodes * [ ] add PBS to nodes * [ ] use fiber optic network * [ ] install sheepdog @@ -36,6 +39,17 @@ default via 172.23.16.1 dev ens1f0np0 # Current topology +vim /etc/ssh/sshd_config +systemctl reload ssh + +The routing should be as on octopus01 + +``` +default via 172.23.16.1 dev eno1 +172.23.16.0/21 dev ens1f0np0 proto kernel scope link src 172.23.18.221 +172.23.16.0/21 dev eno1 proto kernel scope link src 172.23.18.188 +``` + ``` ip a ip route @@ -44,3 +58,9 @@ ip route - Octopus01 uses eno1 172.23.18.188/21 gateway 172.23.16.1 (eno1: Link is up at 1000 Mbps) - Octopus02 uses eno1 172.23.17.63/21 gateway 172.23.16.1 (eno1: Link is up at 1000 Mbps) 172.23.x.x + +# Work + +* After the switch upgrade penguin2 NFS is not visible for octopus01. I disabled the mount in fstab +* On octopus01 disabled unattended upgrade script - we don't want kernel updates on this machine(!) +* Updated IP addresses in sshd_config diff --git a/issues/systems/t02-crash.gmi b/issues/systems/t02-crash.gmi new file mode 100644 index 0000000..bf0c5d5 --- /dev/null +++ b/issues/systems/t02-crash.gmi @@ -0,0 +1,47 @@ +## Postmortem tux02 crash + +I'll take a look at tux02 - it rebooted last night and I need to start some services. It rebooted at CDT Aug 07 19:29:14 tux02 kernel: Linux version ... We have two out of memory messages before that: + +``` +Aug 7 18:45:27 tux02 kernel: [13521994.665636] Out of memory: Kill process 30165 (guix) score 759 or sacrifice child +Aug 7 18:45:27 tux02 kernel: [13521994.758974] Killed process 30165 (guix) total-vm:498873224kB, anon-rss:223599272kB, file-rss:4kB, shmem-rss:0kB +``` + +My mosh clapped out before that + +``` +wrk pts/96 mosh [128868] Thu Aug 7 18:53 - down (00:00) +``` + +Someone killed the development container before that + +``` +Aug 7 18:06:32 tux02 systemd[1]: genenetwork-development-container.service: Killing process 86832 (20qjyhd7n9n62fa) with signal SIGKILL. +``` + +and + +``` +Aug 7 13:28:26 tux02 kernel: [13502972.611421] oom_reaper: reaped process 25224 (guix), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB +Aug 7 18:16:00 tux02 kernel: [13520227.160945] oom_reaper: reaped process 128091 (guix), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB +``` + +Guix builds running out of RAM... My conclusion is that someone has been doing some heavy lifting. Probably Fred. I'll ask him to use a different machine that is not shared by many people. First I need to bring up some processes. The shepherd had not started, so: + +``` +systemctl status user-shepherd.service +``` + +most services started now. I need to check in half an hour. + +BNW is the one that does not start up automatically. + +``` +su shepherd +herd status +herd stop bnw +herd status bnw +tail -f /home/shepherd/logs/bnw.log +``` + +Shows a process is blocking the port. Kill as root, after making sure herd status shows it as stopped. diff --git a/issues/systems/tux02-production.gmi b/issues/systems/tux02-production.gmi index 7de911f..d811c5e 100644 --- a/issues/systems/tux02-production.gmi +++ b/issues/systems/tux02-production.gmi @@ -14,9 +14,9 @@ We are going to move production to tux02 - tux01 will be the staging machine. Th * [X] update guix guix-1.3.0-9.f743f20 * [X] set up nginx (Debian) -* [X] test ipmi console (172.23.30.40) +* [X] test ipmi console * [X] test ports (nginx) -* [?] set up network for external tux02e.uthsc.edu (128.169.4.52) +* [?] set up network for external tux02 * [X] set up deployment evironment * [X] sheepdog copy database backup from tux01 on a daily basis using ibackup user * [X] same for GN2 production environment diff --git a/issues/systems/tux04-disk-issues.gmi b/issues/systems/tux04-disk-issues.gmi index bc6e1db..3df0a03 100644 --- a/issues/systems/tux04-disk-issues.gmi +++ b/issues/systems/tux04-disk-issues.gmi @@ -378,3 +378,46 @@ The code where it segfaulted is online at: => https://github.com/tianocore/edk2/blame/master/MdePkg/Library/BasePciSegmentLibPci/PciSegmentLib.c and has to do with PCI registers and that can actually be caused by the new PCIe card we hosted. + +# Sept 2025 + +We moved production away from tux04, so now we should be able to work on this machine. + + +## System crash on tux04 + +And tux04 is down *again*. Wow, glad we moved off! I want to fix that machine and we had to move production off! I left the terminal open and the last message is: + +``` +tux04:~$ [SMM] APIC 0x00 S00:C00:T00 > ASSERT [AmdPlatformRasRsSmm] u:\EDK2\MdePkg\Library\BasePciSegmentLibPci\PciSegmentLib.c(766): ((Address) & (0xfffffffff0000000ULL | (3))) == 0 +!!!! X64 Exception Type - 03(#BP - Breakpoint) CPU Apic ID - 00000000 !!!! +RIP - 0000000076DA4343, CS - 0000000000000038, RFLAGS - 0000000000000002 +RAX - 0000000000000010, RCX - 00000000770D5B58, RDX - 00000000000002F8 +RBX - 0000000000000000, RSP - 0000000077773278, RBP - 0000000000000000 +RSI - 0000000000000000, RDI - 00000000777733E0 +R8 - 00000000777731F8, R9 - 0000000000000000, R10 - 0000000000000000 +R11 - 00000000000000A0, R12 - 0000000000000000, R13 - 0000000000000000 +R14 - FFFFFFFFAC41A118, R15 - 000000000005B000 +DS - 0000000000000020, ES - 0000000000000020, FS - 0000000000000020 +GS - 0000000000000020, SS - 0000000000000020 +CR0 - 0000000080010033, CR2 - 00007F67F5268030, CR3 - 0000000077749000 +CR4 - 0000000000001668, CR8 - 0000000000000001 +DR0 - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000 +DR3 - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400 +GDTR - 000000007773C000 000000000000004F, LDTR - 0000000000000000 +IDTR - 0000000077761000 00000000000001FF, TR - 0000000000000040 +FXSAVE_STATE - 0000000077772ED0 +!!!! Find image based on IP(0x76DA4343) u:\Build_Genoa\DellBrazosPkg\DEBUG_MYTOOLS\X64\DellPkgs\DellChipsetPkgs\AmdGenoaModulePkg\Override\AmdCpmPkg\Features\PlatformRas\Rs\Smm\AmdPlatformRasRsSmm\DEBUG\AmdPlatformRasRsSmm.pdb (ImageBase=0000000076D3E000, EntryPoint=0000000076D3E6C0) !!!! +``` + +and the racadm system log says + +``` +Record: 362 +Date/Time: 09/11/2025 21:47:02 +Source: system +Severity: Critical +Description: A high-severity issue has occurred at the Power-On Self-Test (POST) phase which has resulted in the system BIOS to abruptly stop functioning. +``` + +I have seen that before and it is definitely a hardware/driver issue on the Dell itself. I'll work on tha later. Luckily it always reboots. |