From 93eea6803c4206a1cdc7956413df746de60583ee Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Wed, 17 Aug 2022 14:29:12 +0300 Subject: Topic: Queries (On preventing SQL Injection). --- .../queries-and-prepared-statements-in-python.gmi | 87 ++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 topics/queries-and-prepared-statements-in-python.gmi (limited to 'topics') diff --git a/topics/queries-and-prepared-statements-in-python.gmi b/topics/queries-and-prepared-statements-in-python.gmi new file mode 100644 index 0000000..ca6510e --- /dev/null +++ b/topics/queries-and-prepared-statements-in-python.gmi @@ -0,0 +1,87 @@ +# Queries and Prepared Statements in Python + +String interpolation when writing queries is a really bad idea; it leads to exposure to SQL Injection attacks. To mitigate against this, we need to write queries using placeholders for values, then passing in the values as arguments to the **execute** function. + +As a demonstration, using some existing code, do not write a query like this: + +> curr.execute( +> """ +> SELECT Strain.Name, Strain.Id FROM Strain, Species +> WHERE Strain.Name IN {} +> and Strain.SpeciesId=Species.Id +> and Species.name = '{}' +> """.format( +> create_in_clause(list(sample_data.keys())), +> *mescape(dataset.group.species))) + +In the query above, we interpolate the values of the 'sample_data.keys()' values and that of the 'dataset.group.species' values. + +The code above can be rewritten to something like: + +> sample_data_keys = tuple(key for key in sample_data.keys()) +> +> curr.execute( +> """ +> SELECT Strain.Name, Strain.Id FROM Strain, Species +> WHERE Strain.Name IN ({}) +> and Strain.SpeciesId=Species.Id +> and Species.name = %s +> """.format(", ".join(sample_data_keys)), +> (sample_data_keys + (dataset.group.species,))) + +In this new query, the IN clause ends up being a string of the form + +> %s, %s, %s, ... + +for the total number of items in the 'sample_data_key' tuple. + +There is one more '%s' placeholder for the 'Species.name' value, so, the final tuple we provide as an argument to execute needs to add the 'dataset.group.species' value. + +**IMPORTANT 01**: the total number of placeholders (%s) must be the same as the total number of arguments passed into the 'execute' function. + +**IMPORTANT 02**: the order of the values must correspond to the order of the placeholders. + +### Aside + +The functions 'create_in_clause' and 'mescape' are defined as below: + +> from MySQLdb import escape_string as escape_ +> +> def create_in_clause(items): +> """Create an in clause for mysql""" +> in_clause = ', '.join("'{}'".format(x) for x in mescape(*items)) +> in_clause = '( {} )'.format(in_clause) +> return in_clause +> +> def mescape(*items): +> """Multiple escape""" +> return [escape_(str(item)).decode('utf8') for item in items] +> +> def escape(string_): +> return escape_(string_).decode('utf8') + + +## Parameter Style + +In the section above, we show the most common parameter style used in most cases. + +If you want to use a mapping object (dict), you have the option of using the '%()s' format for the query. In that case, we could rewrite the query above into something like: + +> sample_data_dict = {f"sample_{idx}: key for idx,key in enumerate(sample_data.keys())} +> +> curr.execute( +> """ +> SELECT Strain.Name, Strain.Id FROM Strain, Species +> WHERE Strain.Name IN ({}) +> and Strain.SpeciesId=Species.Id +> and Species.name = %(species_name)s +> """.format(", ".join([f"%({key})s" for key in sample_data_dict.keys()])), +> {**sample_data_dict, "species_name": dataset.group.species}) + +## Final Note + +While this has dealt mostly with the MySQLdb driver for Python3, the idea is the same for the psycopg2 (PostgreSQL) driver and others (with some minor variation in the details). + +The concept is also similar in many other languages. + +The main takeaway is that you really should not be manually escaping the values - instead, you should let the driver do that for you, by providing placeholders in the query, and the values to use separately. -- cgit v1.2.3 From 5cca46a2eed70cb440aa88bc29b0e321794f70c8 Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Wed, 17 Aug 2022 15:55:35 +0300 Subject: Use pre-formatted text blocks for source code --- .../queries-and-prepared-statements-in-python.gmi | 94 ++++++++++++---------- 1 file changed, 51 insertions(+), 43 deletions(-) (limited to 'topics') diff --git a/topics/queries-and-prepared-statements-in-python.gmi b/topics/queries-and-prepared-statements-in-python.gmi index ca6510e..642ed96 100644 --- a/topics/queries-and-prepared-statements-in-python.gmi +++ b/topics/queries-and-prepared-statements-in-python.gmi @@ -4,30 +4,34 @@ String interpolation when writing queries is a really bad idea; it leads to expo As a demonstration, using some existing code, do not write a query like this: -> curr.execute( -> """ -> SELECT Strain.Name, Strain.Id FROM Strain, Species -> WHERE Strain.Name IN {} -> and Strain.SpeciesId=Species.Id -> and Species.name = '{}' -> """.format( -> create_in_clause(list(sample_data.keys())), -> *mescape(dataset.group.species))) +``` +curr.execute( + """ + SELECT Strain.Name, Strain.Id FROM Strain, Species + WHERE Strain.Name IN {} + and Strain.SpeciesId=Species.Id + and Species.name = '{}' + """.format( + create_in_clause(list(sample_data.keys())), + *mescape(dataset.group.species))) +``` In the query above, we interpolate the values of the 'sample_data.keys()' values and that of the 'dataset.group.species' values. The code above can be rewritten to something like: -> sample_data_keys = tuple(key for key in sample_data.keys()) -> -> curr.execute( -> """ -> SELECT Strain.Name, Strain.Id FROM Strain, Species -> WHERE Strain.Name IN ({}) -> and Strain.SpeciesId=Species.Id -> and Species.name = %s -> """.format(", ".join(sample_data_keys)), -> (sample_data_keys + (dataset.group.species,))) +``` +sample_data_keys = tuple(key for key in sample_data.keys()) + +curr.execute( + """ + SELECT Strain.Name, Strain.Id FROM Strain, Species + WHERE Strain.Name IN ({}) + and Strain.SpeciesId=Species.Id + and Species.name = %s + """.format(", ".join(sample_data_keys)), + (sample_data_keys + (dataset.group.species,))) +``` In this new query, the IN clause ends up being a string of the form @@ -45,20 +49,22 @@ There is one more '%s' placeholder for the 'Species.name' value, so, the final t The functions 'create_in_clause' and 'mescape' are defined as below: -> from MySQLdb import escape_string as escape_ -> -> def create_in_clause(items): -> """Create an in clause for mysql""" -> in_clause = ', '.join("'{}'".format(x) for x in mescape(*items)) -> in_clause = '( {} )'.format(in_clause) -> return in_clause -> -> def mescape(*items): -> """Multiple escape""" -> return [escape_(str(item)).decode('utf8') for item in items] -> -> def escape(string_): -> return escape_(string_).decode('utf8') +``` +from MySQLdb import escape_string as escape_ + +def create_in_clause(items): + """Create an in clause for mysql""" + in_clause = ', '.join("'{}'".format(x) for x in mescape(*items)) + in_clause = '( {} )'.format(in_clause) + return in_clause + +def mescape(*items): + """Multiple escape""" + return [escape_(str(item)).decode('utf8') for item in items] + +def escape(string_): + return escape_(string_).decode('utf8') +``` ## Parameter Style @@ -67,16 +73,18 @@ In the section above, we show the most common parameter style used in most cases If you want to use a mapping object (dict), you have the option of using the '%()s' format for the query. In that case, we could rewrite the query above into something like: -> sample_data_dict = {f"sample_{idx}: key for idx,key in enumerate(sample_data.keys())} -> -> curr.execute( -> """ -> SELECT Strain.Name, Strain.Id FROM Strain, Species -> WHERE Strain.Name IN ({}) -> and Strain.SpeciesId=Species.Id -> and Species.name = %(species_name)s -> """.format(", ".join([f"%({key})s" for key in sample_data_dict.keys()])), -> {**sample_data_dict, "species_name": dataset.group.species}) +``` +sample_data_dict = {f"sample_{idx}: key for idx,key in enumerate(sample_data.keys())} + +curr.execute( + """ + SELECT Strain.Name, Strain.Id FROM Strain, Species + WHERE Strain.Name IN ({}) + and Strain.SpeciesId=Species.Id + and Species.name = %(species_name)s + """.format(", ".join([f"%({key})s" for key in sample_data_dict.keys()])), + {**sample_data_dict, "species_name": dataset.group.species}) +``` ## Final Note -- cgit v1.2.3 From bf2bb362b7127b9580ab2ad2a976747491dde850 Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Fri, 19 Aug 2022 07:20:42 +0300 Subject: Documentation: Setting up local mariadb server for development. --- topics/setting-up-local-development-database.gmi | 76 ++++++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 topics/setting-up-local-development-database.gmi (limited to 'topics') diff --git a/topics/setting-up-local-development-database.gmi b/topics/setting-up-local-development-database.gmi new file mode 100644 index 0000000..ef69326 --- /dev/null +++ b/topics/setting-up-local-development-database.gmi @@ -0,0 +1,76 @@ +# Setting up Local Development Database + +## Introduction + +You need to setup a quick local database for development without needing root permissions and polluting your environment. + +* ${HOME} is the path to your home directory +* An assumption is made that the GeneNetwork2 profile is in ${HOME}/opt/gn_profiles/gn2_latest for the purposes of this documentation. Please replace as appropriate. +* We install the database files under ${HOME}/genenetwork/mariadb. Change as appropriate. + +## Steps + +Step 01: Setup directories + +``` +mkdir -pv ${HOME}/genenetwork/mariadb/var/run +mkdir -pv ${HOME}/genenetwork/mariadb/var/lib/data +mkdir -pv ${HOME}/genenetwork/mariadb/var/lib/mysql +``` + +Setup default my.cnf + +``` +cat < ${HOME}/genenetwork/mariadb/my.cnf +[client-server] +socket=${HOME}/genenetwork/mariadb/var/run/mysqld/mysqld.sock +port=3307 + +[server] +user=$(whoami) +socket=${HOME}/genenetwork/mariadb/var/run/mysqld/mysqld.sock +basedir=${HOME}/opt/gn_profiles/gn2_latest +datadir=${HOME}/genenetwork/mariadb/var/lib/data +ft_min_word_len=3 +EOF +``` + +Install the database + +``` +${HOME}/opt/gn_profiles/gn2_latest/bin/mysql_install_db \ + --defaults-file=${HOME}/genenetwork/mariadb/my.cnf +``` + +Running the daemon: + +``` +${HOME}/opt/gn_profiles/gn2_latest/bin/mysqld_safe \ + --defaults-file=${HOME}/genenetwork/mariadb/my.cnf +``` + +Connect to daemon + +``` +${HOME}/opt/gn_profiles/gn2_latest/bin/mysql \ + --defaults-file=${HOME}/genenetwork/mariadb/my.cnf +``` + +Set up password for user + +``` +MariaDB [(none)]> USE mysql; +MariaDB [mysql]> ALTER USER ''@'localhost' IDENTIFIED BY ''; +MariaDB [mysql]> FLUSH PRIVILEGES; +``` + +Now logout and login again with + +``` +$ ${HOME}/opt/gn_profiles/gn2_latest/bin/mysql \ + --defaults-file=${HOME}/genenetwork/mariadb/my.cnf --password mysql +``` + +enter the newly set password and voila, you are logged in and your user has the password set up. + +Continue to setup other databases as appropriate. -- cgit v1.2.3 From 76831a33264b0cb6bff6f39ccfeb3721ecd61bfb Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Fri, 19 Aug 2022 07:36:41 +0300 Subject: Documentation: Setup new user, and their default database. --- topics/setting-up-local-development-database.gmi | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) (limited to 'topics') diff --git a/topics/setting-up-local-development-database.gmi b/topics/setting-up-local-development-database.gmi index ef69326..c2856a8 100644 --- a/topics/setting-up-local-development-database.gmi +++ b/topics/setting-up-local-development-database.gmi @@ -10,7 +10,7 @@ You need to setup a quick local database for development without needing root pe ## Steps -Step 01: Setup directories +Setup directories ``` mkdir -pv ${HOME}/genenetwork/mariadb/var/run @@ -73,4 +73,20 @@ $ ${HOME}/opt/gn_profiles/gn2_latest/bin/mysql \ enter the newly set password and voila, you are logged in and your user has the password set up. -Continue to setup other databases as appropriate. +Now, setup a new user, say webqtlout, and a default database they can connect to + +``` +MariaDB [mysql]> CREATE DATABASE webqtlout; +MariaDB [mysql]> CREATE USER 'webqtlout'@'localhost' IDENTIFIED BY ''; +MariaDB [mysql]> GRANT ALL PRIVILEGES ON webqtlout.* TO 'webqtlout'@'localhost'; +``` + +Now logout, and log back in as the new webqtlout user: + +``` +/home/frederick/opt/gn_profiles/gn2_latest/bin/mysql \ + --defaults-file=/home/frederick/genenetwork/mariadb/my.cnf \ + --user=webqtlout --host=localhost --password webqtlout +``` + +and enter the password you provided. -- cgit v1.2.3 From 8e35edfd729eb0d6c8258e2a6bf2f0aa8b26cc15 Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Fri, 19 Aug 2022 08:30:09 +0300 Subject: Documentation: Setup small database --- topics/setting-up-local-development-database.gmi | 66 +++++++++++++++++++++++- 1 file changed, 65 insertions(+), 1 deletion(-) (limited to 'topics') diff --git a/topics/setting-up-local-development-database.gmi b/topics/setting-up-local-development-database.gmi index c2856a8..3c6c291 100644 --- a/topics/setting-up-local-development-database.gmi +++ b/topics/setting-up-local-development-database.gmi @@ -8,7 +8,7 @@ You need to setup a quick local database for development without needing root pe * An assumption is made that the GeneNetwork2 profile is in ${HOME}/opt/gn_profiles/gn2_latest for the purposes of this documentation. Please replace as appropriate. * We install the database files under ${HOME}/genenetwork/mariadb. Change as appropriate. -## Steps +## Setup Database Server Setup directories @@ -90,3 +90,67 @@ Now logout, and log back in as the new webqtlout user: ``` and enter the password you provided. + + +## Setting up the Small Database + +Download the database from + +=> http://ipfs.genenetwork.org/ipfs/QmRUmYu6ogxEdzZeE8PuXMGCDa8M3y2uFcfo4zqQRbpxtk + +Say you downloaded the file in ${HOME}/Downloads, you can now add the database to your server. + +First stop the server: + +``` +$ ps aux | grep mysqld # get the process ids +$ kill -s SIGTERM +``` + +Now extract the database archive in the mysql data directory: + +``` +$ cd ${HOME}/genenetwork/mariadb/var/lib/data +$ p7zip -k -d ${HOME}/Downloads/db_webqtl_s.7z +``` + +Now restart the server: + +``` +${HOME}/opt/gn_profiles/gn2_latest/bin/mysqld_safe \ + --defaults-file=${HOME}/genenetwork/mariadb/my.cnf +``` + +Then update the databases + +``` +$ /home/frederick/opt/gn_profiles/gn2_latest/bin/mysql_upgrade \ + --defaults-file=/home/frederick/genenetwork/mariadb/my.cnf \ + --user=frederick --password --force +``` + +and login as the administrative user: + +``` +$ /home/frederick/opt/gn_profiles/gn2_latest/bin/mysql \ + --defaults-file=/home/frederick/genenetwork/mariadb/my.cnf \ + --user=$(whoami) --password +``` + +and grant the privileges to your normal user: + +``` +MariaDB [mysql]> GRANT ALL PRIVILEGES ON db_webqtl_s.* TO 'webqtlout'@'localhost'; +``` + +now logout as the administrative user and log back in as the normal user + +``` +/home/frederick/opt/gn_profiles/gn2_latest/bin/mysql \ + --defaults-file=/home/frederick/genenetwork/mariadb/my.cnf \ + --user=webqtlout --host=localhost --password db_webqtlout_s + +MariaDB [db_webqtlout_s]> SELECT * FROM ProbeSetData LIMIT 20; +``` + +verify you see some data. -- cgit v1.2.3 From 7cb0678f263326983a24b97d366d6b2ef67ce58b Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Mon, 22 Aug 2022 07:38:57 +0300 Subject: Use ${HOME} for documentation. --- topics/setting-up-local-development-database.gmi | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'topics') diff --git a/topics/setting-up-local-development-database.gmi b/topics/setting-up-local-development-database.gmi index 3c6c291..9d55d33 100644 --- a/topics/setting-up-local-development-database.gmi +++ b/topics/setting-up-local-development-database.gmi @@ -84,8 +84,8 @@ MariaDB [mysql]> GRANT ALL PRIVILEGES ON webqtlout.* TO 'webqtlout'@'localhost'; Now logout, and log back in as the new webqtlout user: ``` -/home/frederick/opt/gn_profiles/gn2_latest/bin/mysql \ - --defaults-file=/home/frederick/genenetwork/mariadb/my.cnf \ +${HOME}/opt/gn_profiles/gn2_latest/bin/mysql \ + --defaults-file=${HOME}/genenetwork/mariadb/my.cnf \ --user=webqtlout --host=localhost --password webqtlout ``` @@ -124,16 +124,16 @@ ${HOME}/opt/gn_profiles/gn2_latest/bin/mysqld_safe \ Then update the databases ``` -$ /home/frederick/opt/gn_profiles/gn2_latest/bin/mysql_upgrade \ - --defaults-file=/home/frederick/genenetwork/mariadb/my.cnf \ +$ ${HOME}/opt/gn_profiles/gn2_latest/bin/mysql_upgrade \ + --defaults-file=${HOME}/genenetwork/mariadb/my.cnf \ --user=frederick --password --force ``` and login as the administrative user: ``` -$ /home/frederick/opt/gn_profiles/gn2_latest/bin/mysql \ - --defaults-file=/home/frederick/genenetwork/mariadb/my.cnf \ +$ ${HOME}/opt/gn_profiles/gn2_latest/bin/mysql \ + --defaults-file=${HOME}/genenetwork/mariadb/my.cnf \ --user=$(whoami) --password ``` @@ -146,8 +146,8 @@ MariaDB [mysql]> GRANT ALL PRIVILEGES ON db_webqtl_s.* TO 'webqtlout'@'localhost now logout as the administrative user and log back in as the normal user ``` -/home/frederick/opt/gn_profiles/gn2_latest/bin/mysql \ - --defaults-file=/home/frederick/genenetwork/mariadb/my.cnf \ +${HOME}/opt/gn_profiles/gn2_latest/bin/mysql \ + --defaults-file=${HOME}/genenetwork/mariadb/my.cnf \ --user=webqtlout --host=localhost --password db_webqtlout_s MariaDB [db_webqtlout_s]> SELECT * FROM ProbeSetData LIMIT 20; -- cgit v1.2.3 From 7e4b91fd0a314f90b21c2b62c32717949716ac49 Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Mon, 22 Aug 2022 07:39:23 +0300 Subject: Add notes on connecting via TCP ports, rather than Unix Sockets --- topics/setting-up-local-development-database.gmi | 30 ++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'topics') diff --git a/topics/setting-up-local-development-database.gmi b/topics/setting-up-local-development-database.gmi index 9d55d33..ef2d31e 100644 --- a/topics/setting-up-local-development-database.gmi +++ b/topics/setting-up-local-development-database.gmi @@ -154,3 +154,33 @@ MariaDB [db_webqtlout_s]> SELECT * FROM ProbeSetData LIMIT 20; ``` verify you see some data. + +### A Note on Connection to the Server + +So far, we have been connecting to the server by specifying --defaults-file option, e.g. + +``` +${HOME}/opt/gn_profiles/gn2_latest/bin/mysql \ + --defaults-file=${HOME}/genenetwork/mariadb/my.cnf \ + --user=webqtlout --host=localhost --password db_webqtlout_s +``` + +which allows connection via the unix socket. + +We could drop that specification and connect via the port with: + +``` +${HOME}/opt/gn_profiles/gn2_latest/bin/mysql \ + --user=webqtlout --host=127.0.0.1 --port=3307 --password db_webqtlout_s +``` + +In this version, the host specification was changed from +``` +--host=localhost +``` +to +``` +--host=127.0.0.1 +``` + +^^^whereas, the --defaults-file file specification was dropped and a new --port specification was added. -- cgit v1.2.3 From 62d21d2d4c48fe1bb40c8c00d545751596274747 Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Mon, 22 Aug 2022 07:42:04 +0300 Subject: Add some emphasis --- topics/setting-up-local-development-database.gmi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'topics') diff --git a/topics/setting-up-local-development-database.gmi b/topics/setting-up-local-development-database.gmi index ef2d31e..67dd88d 100644 --- a/topics/setting-up-local-development-database.gmi +++ b/topics/setting-up-local-development-database.gmi @@ -183,4 +183,4 @@ to --host=127.0.0.1 ``` -^^^whereas, the --defaults-file file specification was dropped and a new --port specification was added. +whereas, the **--defaults-file** file specification was dropped and a new **--port** specification was added. -- cgit v1.2.3 From 195ffe2217e9a3b67d08255718f21097b73a49d8 Mon Sep 17 00:00:00 2001 From: Arun Isaac Date: Mon, 22 Aug 2022 22:48:51 +0530 Subject: Document connecting to UTHSC VPN. --- topics/uthsc-vpn-with-free-software.gmi | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 topics/uthsc-vpn-with-free-software.gmi (limited to 'topics') diff --git a/topics/uthsc-vpn-with-free-software.gmi b/topics/uthsc-vpn-with-free-software.gmi new file mode 100644 index 0000000..f7f9fe0 --- /dev/null +++ b/topics/uthsc-vpn-with-free-software.gmi @@ -0,0 +1,27 @@ +# UTHSC VPN with free software + +It is possible to connect to the UTHSC VPN using only free software. For this, you need the openconnect-sso package. openconnect-sso is a wrapper around openconnect that handles the web-based single sign-on and runs openconnect with the right arguments. +=> https://github.com/vlaci/openconnect-sso/ openconnect-sso +=> https://www.infradead.org/openconnect/ openconnect + +To connect, run openconnect-sso as follows and enter your password when prompted. A browser window will pop up for you to complete the Duo authentication. Once done, you will be connected to the VPN. +``` +$ openconnect-sso --server uthscvpn1.uthsc.edu --user your-netid --authgroup uthsc +``` + +## Avoid tunneling all your network traffic through the VPN (aka Split Tunneling) + +openconnect, by default, tunnels all your traffic through the VPN. This is not good for your privacy. It is better to tunnel only the traffic destined to the specific hosts that you want to access. This can be done using the vpn-slice script. +=> https://github.com/dlenski/vpn-slice/ vpn-slice + +For example, to connect to the UTHSC VPN but only access the hosts tux01 and tux02e through the VPN, run the following command. +``` +$ openconnect-sso --server uthscvpn1.uthsc.edu --user your-netid --authgroup uthsc -- --script 'vpn-slice tux01 tux02e' +``` +The vpn-slice script looks up the hostnames tux01 and tux02e on the VPN DNS and adds /etc/hosts entries and routes to your system. vpn-slice can also set up more complicated routes. To learn more, read the vpn-slice documentation. + +## Acknowledgement + +Many thanks to Pjotr Prins and Erik Garrison without whose earlier work this guide would not be possible. +=> https://github.com/pjotrp/linux-at-university-of-tennessee +=> https://github.com/ekg/openconnect-sso-docker -- cgit v1.2.3 From ddd3d8782536eb2ff020c82590c75a48c4943233 Mon Sep 17 00:00:00 2001 From: Arun Isaac Date: Tue, 23 Aug 2022 16:06:11 +0530 Subject: Capitalize authgroup openconnect-sso argument. --- topics/uthsc-vpn-with-free-software.gmi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'topics') diff --git a/topics/uthsc-vpn-with-free-software.gmi b/topics/uthsc-vpn-with-free-software.gmi index f7f9fe0..05f389b 100644 --- a/topics/uthsc-vpn-with-free-software.gmi +++ b/topics/uthsc-vpn-with-free-software.gmi @@ -6,7 +6,7 @@ It is possible to connect to the UTHSC VPN using only free software. For this, y To connect, run openconnect-sso as follows and enter your password when prompted. A browser window will pop up for you to complete the Duo authentication. Once done, you will be connected to the VPN. ``` -$ openconnect-sso --server uthscvpn1.uthsc.edu --user your-netid --authgroup uthsc +$ openconnect-sso --server uthscvpn1.uthsc.edu --user your-netid --authgroup UTHSC ``` ## Avoid tunneling all your network traffic through the VPN (aka Split Tunneling) @@ -16,7 +16,7 @@ openconnect, by default, tunnels all your traffic through the VPN. This is not g For example, to connect to the UTHSC VPN but only access the hosts tux01 and tux02e through the VPN, run the following command. ``` -$ openconnect-sso --server uthscvpn1.uthsc.edu --user your-netid --authgroup uthsc -- --script 'vpn-slice tux01 tux02e' +$ openconnect-sso --server uthscvpn1.uthsc.edu --user your-netid --authgroup UTHSC -- --script 'vpn-slice tux01 tux02e' ``` The vpn-slice script looks up the hostnames tux01 and tux02e on the VPN DNS and adds /etc/hosts entries and routes to your system. vpn-slice can also set up more complicated routes. To learn more, read the vpn-slice documentation. -- cgit v1.2.3 From 4a59004bad69ea1bd2cadcf1e2c3446ccbd85be8 Mon Sep 17 00:00:00 2001 From: Munyoki Kilyungi Date: Tue, 23 Aug 2022 21:37:49 +0300 Subject: Add a design-doc for better logging --- topics/better-logging.gmi | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 topics/better-logging.gmi (limited to 'topics') diff --git a/topics/better-logging.gmi b/topics/better-logging.gmi new file mode 100644 index 0000000..4c216aa --- /dev/null +++ b/topics/better-logging.gmi @@ -0,0 +1,38 @@ +# Improving Logging in GN2 + +## What Are We Trying To Solve? + +We prioritise maintaining user functionality over speed in GN [with time this speed will be improved]. As such we should be pay more attention at not breaking any currently working GN2 functionality. And when/if we do, trouble-shooting should be easy. On this front, one way is to stream-line logging in both GN2/GN3 and make it more script friendly - only report when something fails, not to instrument variables - and in so doing make the process of monitoring easier. + +## Goals + +- Remove noise from GN2. + +- Separate logging into different files: error logs, info logs. Add this somewhere with Flask itself instead of re-directing STDOUT to a file. + +### Non-goals + +- Logging in GN3. + +- Parsing logs to extract goals. + +- Getting rid of "gn.db" global object and in so doing removing "MySqlAlchemy" [that we really shouldn't be using]. + +- Adding log messages to existing functions. + +## Actual Design + +- Configure logger to separate logs into different files: + - INFO file - contains initial bootstrap messages and instrumentation we may have to do. + - ERROR file - contains real errors. + +- Have those settings - the different log files - be part of GN2 start-up script. + +- For error messages, use the following format for different error messages: + - "DATABASE: " + - "REDIS: " + - "COMPUTATION: " + - "API: " + - "MISC: " + +- Have time-stamped logs by month. E.g. "genenetwork2-08-2022.error.log" and "genenetwork2-08-2022.info.log". This way in future, we can actually run an analysis on what breaks often in GN2. -- cgit v1.2.3 From cfdcd069af40a0cc55014c4ba8c154b41d8cce87 Mon Sep 17 00:00:00 2001 From: Munyoki Kilyungi Date: Tue, 23 Aug 2022 22:14:25 +0300 Subject: Fix sub-lists in "better-logging" --- topics/better-logging.gmi | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'topics') diff --git a/topics/better-logging.gmi b/topics/better-logging.gmi index 4c216aa..9ca8e42 100644 --- a/topics/better-logging.gmi +++ b/topics/better-logging.gmi @@ -23,16 +23,23 @@ We prioritise maintaining user functionality over speed in GN [with time this sp ## Actual Design - Configure logger to separate logs into different files: + - INFO file - contains initial bootstrap messages and instrumentation we may have to do. + - ERROR file - contains real errors. - Have those settings - the different log files - be part of GN2 start-up script. - For error messages, use the following format for different error messages: + - "DATABASE: " + - "REDIS: " + - "COMPUTATION: " + - "API: " + - "MISC: " - Have time-stamped logs by month. E.g. "genenetwork2-08-2022.error.log" and "genenetwork2-08-2022.info.log". This way in future, we can actually run an analysis on what breaks often in GN2. -- cgit v1.2.3 From 6eae4be03f06c29ceb9f167d6b95653378f39087 Mon Sep 17 00:00:00 2001 From: Munyoki Kilyungi Date: Tue, 23 Aug 2022 23:15:34 +0300 Subject: Update better-logging topic --- topics/better-logging.gmi | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'topics') diff --git a/topics/better-logging.gmi b/topics/better-logging.gmi index 9ca8e42..ea9fd26 100644 --- a/topics/better-logging.gmi +++ b/topics/better-logging.gmi @@ -6,6 +6,8 @@ We prioritise maintaining user functionality over speed in GN [with time this sp ## Goals +- Have script-friendly error/info logs. + - Remove noise from GN2. - Separate logging into different files: error logs, info logs. Add this somewhere with Flask itself instead of re-directing STDOUT to a file. @@ -43,3 +45,5 @@ We prioritise maintaining user functionality over speed in GN [with time this sp - "MISC: " - Have time-stamped logs by month. E.g. "genenetwork2-08-2022.error.log" and "genenetwork2-08-2022.info.log". This way in future, we can actually run an analysis on what breaks often in GN2. + +- Get rid of "utility.logger" module and replace it with Flask's or Python's in-built logging. -- cgit v1.2.3 From c7a3db98d06d2088ed8fb6656587600a406e8d8f Mon Sep 17 00:00:00 2001 From: Arun Isaac Date: Thu, 25 Aug 2022 00:09:23 +0530 Subject: Remove --user argument from openconnect-sso invocation. --- topics/uthsc-vpn-with-free-software.gmi | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'topics') diff --git a/topics/uthsc-vpn-with-free-software.gmi b/topics/uthsc-vpn-with-free-software.gmi index 05f389b..6131004 100644 --- a/topics/uthsc-vpn-with-free-software.gmi +++ b/topics/uthsc-vpn-with-free-software.gmi @@ -4,9 +4,9 @@ It is possible to connect to the UTHSC VPN using only free software. For this, y => https://github.com/vlaci/openconnect-sso/ openconnect-sso => https://www.infradead.org/openconnect/ openconnect -To connect, run openconnect-sso as follows and enter your password when prompted. A browser window will pop up for you to complete the Duo authentication. Once done, you will be connected to the VPN. +To connect, run openconnect-sso as follows. A browser window will pop up for you to complete the Duo authentication. Once done, you will be connected to the VPN. ``` -$ openconnect-sso --server uthscvpn1.uthsc.edu --user your-netid --authgroup UTHSC +$ openconnect-sso --server uthscvpn1.uthsc.edu --authgroup UTHSC ``` ## Avoid tunneling all your network traffic through the VPN (aka Split Tunneling) @@ -16,7 +16,7 @@ openconnect, by default, tunnels all your traffic through the VPN. This is not g For example, to connect to the UTHSC VPN but only access the hosts tux01 and tux02e through the VPN, run the following command. ``` -$ openconnect-sso --server uthscvpn1.uthsc.edu --user your-netid --authgroup UTHSC -- --script 'vpn-slice tux01 tux02e' +$ openconnect-sso --server uthscvpn1.uthsc.edu --authgroup UTHSC -- --script 'vpn-slice tux01 tux02e' ``` The vpn-slice script looks up the hostnames tux01 and tux02e on the VPN DNS and adds /etc/hosts entries and routes to your system. vpn-slice can also set up more complicated routes. To learn more, read the vpn-slice documentation. -- cgit v1.2.3 From e7fa0bb076aa30f86e228c05f73a134bb7f1d636 Mon Sep 17 00:00:00 2001 From: Arun Isaac Date: Thu, 25 Aug 2022 00:09:49 +0530 Subject: Add note about sudo use with openconnect-sso. --- topics/uthsc-vpn-with-free-software.gmi | 1 + 1 file changed, 1 insertion(+) (limited to 'topics') diff --git a/topics/uthsc-vpn-with-free-software.gmi b/topics/uthsc-vpn-with-free-software.gmi index 6131004..abb7e4a 100644 --- a/topics/uthsc-vpn-with-free-software.gmi +++ b/topics/uthsc-vpn-with-free-software.gmi @@ -8,6 +8,7 @@ To connect, run openconnect-sso as follows. A browser window will pop up for you ``` $ openconnect-sso --server uthscvpn1.uthsc.edu --authgroup UTHSC ``` +Note that openconnect-sso should be run as a regular user, not as root. After passing Duo authentication, openconnect-sso will try to gain root priviliges to set up the network routes. At that point, it will prompt you for your password using sudo. ## Avoid tunneling all your network traffic through the VPN (aka Split Tunneling) -- cgit v1.2.3 From 9e44dd42b15cc40fe788adbf6ff78c0da4ee9448 Mon Sep 17 00:00:00 2001 From: Arun Isaac Date: Thu, 25 Aug 2022 00:10:03 +0530 Subject: Add note about vpn-slice packaging status in Guix. --- topics/uthsc-vpn-with-free-software.gmi | 3 +++ 1 file changed, 3 insertions(+) (limited to 'topics') diff --git a/topics/uthsc-vpn-with-free-software.gmi b/topics/uthsc-vpn-with-free-software.gmi index abb7e4a..8faaffb 100644 --- a/topics/uthsc-vpn-with-free-software.gmi +++ b/topics/uthsc-vpn-with-free-software.gmi @@ -21,6 +21,9 @@ $ openconnect-sso --server uthscvpn1.uthsc.edu --authgroup UTHSC -- --script 'vp ``` The vpn-slice script looks up the hostnames tux01 and tux02e on the VPN DNS and adds /etc/hosts entries and routes to your system. vpn-slice can also set up more complicated routes. To learn more, read the vpn-slice documentation. +Note that the vpn-slice package is not yet packaged for Guix. However, there is a pending patch at +=> https://issues.guix.gnu.org/57351 Guix issue tracking vpn-splice packaging + ## Acknowledgement Many thanks to Pjotr Prins and Erik Garrison without whose earlier work this guide would not be possible. -- cgit v1.2.3 From 033cc2228d9277c4dd42e8d9160b7d2966dc2bc7 Mon Sep 17 00:00:00 2001 From: Arun Isaac Date: Thu, 25 Aug 2022 00:13:53 +0530 Subject: Document qtwebengine workaround for openconnect-sso. --- topics/uthsc-vpn-with-free-software.gmi | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'topics') diff --git a/topics/uthsc-vpn-with-free-software.gmi b/topics/uthsc-vpn-with-free-software.gmi index 8faaffb..ca0d8df 100644 --- a/topics/uthsc-vpn-with-free-software.gmi +++ b/topics/uthsc-vpn-with-free-software.gmi @@ -24,6 +24,15 @@ The vpn-slice script looks up the hostnames tux01 and tux02e on the VPN DNS and Note that the vpn-slice package is not yet packaged for Guix. However, there is a pending patch at => https://issues.guix.gnu.org/57351 Guix issue tracking vpn-splice packaging +## qtwebengine text rendering bug + +There is currently a bug in Guix with qtwebengine text rendering. +=> https://issues.guix.gnu.org/52672 +This causes text to not render in the Duo authentication browser window. Until this bug is fixed, work around it by setting the following environment variable. +``` +export QTWEBENGINE_CHROMIUM_FLAGS=--disable-seccomp-filter-sandbox +``` + ## Acknowledgement Many thanks to Pjotr Prins and Erik Garrison without whose earlier work this guide would not be possible. -- cgit v1.2.3 From 574900c30dc5576d04c5306187df4fe2e1785ef0 Mon Sep 17 00:00:00 2001 From: Arun Isaac Date: Thu, 25 Aug 2022 11:39:50 +0530 Subject: Use exceptions to indicate errors. --- topics/use-exceptions-to-indicate-errors.gmi | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 topics/use-exceptions-to-indicate-errors.gmi (limited to 'topics') diff --git a/topics/use-exceptions-to-indicate-errors.gmi b/topics/use-exceptions-to-indicate-errors.gmi new file mode 100644 index 0000000..e302dd3 --- /dev/null +++ b/topics/use-exceptions-to-indicate-errors.gmi @@ -0,0 +1,16 @@ +# Use exceptions to indicate errors + +Often, we indicate that a function has encountered an error by returning a None value. Here's why this is a bad idea and why you should use exceptions instead. + +When we return None values to indicate errors, we have to take care to check the return value of every function call and propagate errors higher and higher up the function call stack until we reach a point where the error is handled. This clutters up the code, and is one reason why writing correct code in languages like C that don't have exceptions is a pain. + +With exceptions, we only have to create an exception handler (try/except block in Python) at the highest level. Any exception raised by functions below that level are automatically passed on to the except block with no additional programmer effort. + +Here's an example where we run mapping, and if there's an error, we return an error page. Else, we return the results page. Notice that we do not check the return value template_vars. +``` +try: + template_vars = run_mapping.RunMapping(start_vars, temp_uuid) + return render_template("mapping_results.html", **template_vars) +except: + return render_template("mapping_error.html") +``` -- cgit v1.2.3 From 4bc1c4c4c7563d51b1258409de0d6663dfa5c726 Mon Sep 17 00:00:00 2001 From: Arun Isaac Date: Thu, 25 Aug 2022 11:40:08 +0530 Subject: Collect coding standards documents. --- topics/coding-guidelines.gmi | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 topics/coding-guidelines.gmi (limited to 'topics') diff --git a/topics/coding-guidelines.gmi b/topics/coding-guidelines.gmi new file mode 100644 index 0000000..47cb697 --- /dev/null +++ b/topics/coding-guidelines.gmi @@ -0,0 +1,8 @@ +# Coding guidelines + +We aim to adhere to the following coding guidelines. + +=> /topics/use-exceptions-to-indicate-errors Exceptions, not None return values +=> /topics/better-logging Log messages + +This document is an index of other documents describing coding guidelines. Add more here as you write/discover them. -- cgit v1.2.3 From 185ab8cc3e621f3257b525a8ca5ae7a2281d055e Mon Sep 17 00:00:00 2001 From: Munyoki Kilyungi Date: Mon, 29 Aug 2022 12:32:05 +0300 Subject: Update topic on better logging. * topics/better-logging.gmi: Update design-doc. --- topics/better-logging.gmi | 44 +++++++++++--------------------------------- 1 file changed, 11 insertions(+), 33 deletions(-) (limited to 'topics') diff --git a/topics/better-logging.gmi b/topics/better-logging.gmi index ea9fd26..8de3fb3 100644 --- a/topics/better-logging.gmi +++ b/topics/better-logging.gmi @@ -6,44 +6,22 @@ We prioritise maintaining user functionality over speed in GN [with time this sp ## Goals -- Have script-friendly error/info logs. - -- Remove noise from GN2. - -- Separate logging into different files: error logs, info logs. Add this somewhere with Flask itself instead of re-directing STDOUT to a file. +* Have script-friendly error/info logs. +* Remove noise from GN2. +* Separate logging into different files: error logs, info logs. Add this somewhere with Flask itself instead of re-directing STDOUT to a file. ### Non-goals -- Logging in GN3. - -- Parsing logs to extract goals. - -- Getting rid of "gn.db" global object and in so doing removing "MySqlAlchemy" [that we really shouldn't be using]. - -- Adding log messages to existing functions. +* Logging in GN3. +* Parsing logs to extract goals. +* Getting rid of "gn.db" global object and in so doing removing "MySqlAlchemy" [that we really shouldn't be using]. +* Adding log messages to existing functions. ## Actual Design -- Configure logger to separate logs into different files: - - - INFO file - contains initial bootstrap messages and instrumentation we may have to do. - - - ERROR file - contains real errors. - -- Have those settings - the different log files - be part of GN2 start-up script. - -- For error messages, use the following format for different error messages: - - - "DATABASE: " - - - "REDIS: " - - - "COMPUTATION: " - - - "API: " - - - "MISC: " +* Get rid of "utility.logger" module and replace it with Flask's or Python's in-built logging. +* Configure the logging system to automatically add the module name, line number, time-stamps etc. -- Have time-stamped logs by month. E.g. "genenetwork2-08-2022.error.log" and "genenetwork2-08-2022.info.log". This way in future, we can actually run an analysis on what breaks often in GN2. +## Resources -- Get rid of "utility.logger" module and replace it with Flask's or Python's in-built logging. +=> https://realpython.com/python-logging/ Logging in Python -- cgit v1.2.3 From c0e505604a56a86d9c9e78f0823de95e0bcfb40b Mon Sep 17 00:00:00 2001 From: Arun Isaac Date: Wed, 31 Aug 2022 18:47:08 +0530 Subject: Remove note about vpn-slice packaging status. --- topics/uthsc-vpn-with-free-software.gmi | 3 --- 1 file changed, 3 deletions(-) (limited to 'topics') diff --git a/topics/uthsc-vpn-with-free-software.gmi b/topics/uthsc-vpn-with-free-software.gmi index ca0d8df..1593c3a 100644 --- a/topics/uthsc-vpn-with-free-software.gmi +++ b/topics/uthsc-vpn-with-free-software.gmi @@ -21,9 +21,6 @@ $ openconnect-sso --server uthscvpn1.uthsc.edu --authgroup UTHSC -- --script 'vp ``` The vpn-slice script looks up the hostnames tux01 and tux02e on the VPN DNS and adds /etc/hosts entries and routes to your system. vpn-slice can also set up more complicated routes. To learn more, read the vpn-slice documentation. -Note that the vpn-slice package is not yet packaged for Guix. However, there is a pending patch at -=> https://issues.guix.gnu.org/57351 Guix issue tracking vpn-splice packaging - ## qtwebengine text rendering bug There is currently a bug in Guix with qtwebengine text rendering. -- cgit v1.2.3 From 795ba2ffb5ed5150004785768b8b8c479b24b197 Mon Sep 17 00:00:00 2001 From: Pjotr Prins Date: Fri, 2 Sep 2022 07:22:08 -0500 Subject: Collapsed P2 resolving --- topics/systems/migrate-p2.gmi | 12 ++++++++++++ topics/systems/orchestration.gmi | 31 +++++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+) create mode 100644 topics/systems/migrate-p2.gmi create mode 100644 topics/systems/orchestration.gmi (limited to 'topics') diff --git a/topics/systems/migrate-p2.gmi b/topics/systems/migrate-p2.gmi new file mode 100644 index 0000000..c7fcb90 --- /dev/null +++ b/topics/systems/migrate-p2.gmi @@ -0,0 +1,12 @@ +* Penguin2 crash + +This week the boot partition of P2 crashed. We have a few lessons here, not least having a fallback for all services ;) + +* Tasks + +- [ ] setup space.uthsc.edu for GN2 development +- [ ] update DNS to tux02 128.169.4.52 and space 128.169.5.175 +- [ ] move CI/CD to tux02 + + +* Notes diff --git a/topics/systems/orchestration.gmi b/topics/systems/orchestration.gmi new file mode 100644 index 0000000..336dbbd --- /dev/null +++ b/topics/systems/orchestration.gmi @@ -0,0 +1,31 @@ +* Orchestration and fallbacks + +After the Penguin2 crash in Aug. 2022 it has become increasingly clear how hard it is to deploy GeneNetwork. GNU Guix helps a great deal with dependencies, but it does not handle orchestration between machines/services well. Also we need to look at the future. + +What is GN today in terms of services + + 1. Main GN2 server (Python, 20+ processes, 3+ instances: depends on all below) + 2. Matching GN3 server and REST endpoint (Python: less dependencies) + 3. Mariadb + 4. redis + 5. virtuoso + 6. GN-proxy (Racket, authentication handler: redis, mariadb) + 7. Alias proxy (Racket, gene aliases wikidata) + 8. Jupyter R and Julia notebooks + 9. BNW server (Octave) +10. UCSC browser +11. GN1 instances (older python, 12 instances in principle, 2 running today) +12. Access to HPC for GEMMA (coming) +13. Backup services +14. monitoring services + +I am still missing a few! All run by a man and his diligent dog. + +For the future the orchestration needs to be more robust and resilient. This means: + + 1. A fallback for every service on a separate machine + 2. Improved privacy protection for (future) human data + 3. Separate servers serving different data sources + 4. Partial synchronization between data sources + +The only way we *can* scale is by adding machines. But the system is not yet ready for that. Also getting rid of monolithic primary databases in favor of files helps synchronization. -- cgit v1.2.3 From c216fc75dbffe3e9ace4369a59256f0c93f72368 Mon Sep 17 00:00:00 2001 From: Pjotr Prins Date: Sat, 3 Sep 2022 04:42:45 -0500 Subject: orchestration: adding services --- topics/systems/orchestration.gmi | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'topics') diff --git a/topics/systems/orchestration.gmi b/topics/systems/orchestration.gmi index 336dbbd..4f4c877 100644 --- a/topics/systems/orchestration.gmi +++ b/topics/systems/orchestration.gmi @@ -16,8 +16,11 @@ What is GN today in terms of services 10. UCSC browser 11. GN1 instances (older python, 12 instances in principle, 2 running today) 12. Access to HPC for GEMMA (coming) -13. Backup services -14. monitoring services +13. Backup services (sheepdog, rsync, borg) +14. monitoring services (incl. systemd, gunicorn, shepherd, sheepdog) +15. mail server +16. https certificates +17. http(s) proxy (nginx) I am still missing a few! All run by a man and his diligent dog. -- cgit v1.2.3 From cfe8b6a84d55949e13c92c622053d6b83468e681 Mon Sep 17 00:00:00 2001 From: Pjotr Prins Date: Sat, 3 Sep 2022 10:47:07 -0500 Subject: DNS update --- topics/systems/dns-changes.gmi | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) (limited to 'topics') diff --git a/topics/systems/dns-changes.gmi b/topics/systems/dns-changes.gmi index 7c42589..a535cab 100644 --- a/topics/systems/dns-changes.gmi +++ b/topics/systems/dns-changes.gmi @@ -9,15 +9,22 @@ We are moving thing to a new DNS hosting service. We have accounts on both. To m * Sign in to your GoDaddy account. * Export the DNS record to a file * Print the DNS settings to a PDF -* Start a transfer from DNSsimple to get an auth code +* On GoDaddy disable WHOIS privacy protection (on the domains table) +* On GoDaddy start a transfer from DNSsimple to get an auth code + Click your username at the top right of the page. + Select My Products. + Click Manage next to the relevant domain. + Scroll down to Additional Settings. + Click Get authorization code. Note: If you have more than 6 domains in your account, click Email my code - + Set transfer on DNSsimple - tick DNS box - + Check DNS on switch - it may not be completely automatic - + Cherk record on DNSsimple - + Check transfer with `dig systemsgenetics.org NS` * On DNSimple add the authorisation code under Tamara -* Import DNS settings on DNSimple + + Set transfer on DNSimple - tick DNS box + + Check the `DNS on' switch - it may not be completely automatic + + Cherk record on DNSimple + + Check transfer with `dig systemsgenetics.org NS` +* Import DNS settings on DNSimple (cut-N-paste) + + Edit delegation - make sure the delegation box is set +=> https://support.dnsimple.com/articles/delegating-dnsimple-registered +* Test + + dig systemsgenetics.org [NS] + + dig systemsgenetics.org @ns1.dnsimple.com NS + + whois systemsgenetics.org -- cgit v1.2.3 From f52cfbb325ad28cd743ea94b83859977f0063230 Mon Sep 17 00:00:00 2001 From: Pjotr Prins Date: Mon, 5 Sep 2022 08:57:16 -0500 Subject: orchestration --- topics/systems/orchestration.gmi | 1 + 1 file changed, 1 insertion(+) (limited to 'topics') diff --git a/topics/systems/orchestration.gmi b/topics/systems/orchestration.gmi index 4f4c877..5e0a298 100644 --- a/topics/systems/orchestration.gmi +++ b/topics/systems/orchestration.gmi @@ -21,6 +21,7 @@ What is GN today in terms of services 15. mail server 16. https certificates 17. http(s) proxy (nginx) +18. CI/CD server (with github webhooks) I am still missing a few! All run by a man and his diligent dog. -- cgit v1.2.3