summaryrefslogtreecommitdiff
path: root/issues/gn-auth/registration.gmi
blob: 6558a6d9f78b8ce3df3e7138faace698a68a1fa7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
# Login issues with gn-auth

# Tags

* assigned: fredm
* priority: critical

# Issues

## With registration we get a JSON error

On CD we get an error during registration of a new user using a strong password:

```
      GeneNetwork 2.11-rc2  http://cd.genenetwork.org/oauth2/user/register ( 7:33PM UTC Mar 01, 2024)
Traceback (most recent call last):
  File "/gnu/store/jh0b8nzrs7rh55axdwmz8i1lavni52c5-profile/lib/python3.10/site-packages/requests/models.py", line 971, in json
    return complexjson.loads(self.text, **kwargs)
  File "/gnu/store/jh0b8nzrs7rh55axdwmz8i1lavni52c5-profile/lib/python3.10/site-packages/simplejson/__init__.py", line 525, in loads
    return _default_decoder.decode(s)
  File "/gnu/store/jh0b8nzrs7rh55axdwmz8i1lavni52c5-profile/lib/python3.10/site-packages/simplejson/decoder.py", line 370, in decode
    obj, end = self.raw_decode(s)
  File "/gnu/store/jh0b8nzrs7rh55axdwmz8i1lavni52c5-profile/lib/python3.10/site-packages/simplejson/decoder.py", line 400, in raw_decode
    return self.scan_once(s, idx=_w(s, idx).end())
simplejson.errors.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
```

## Troubleshooting

From the logs:

```
2024-03-02 01:53:52     rv = self.handle_user_exception(e)
2024-03-02 01:53:52   File "/gnu/store/w836rzklz9rigr0kjqw5px0ip1933l3y-profile/lib/python3.10/site-packages/flask/app.py", line 1523, in full_dispatch_request
2024-03-02 01:53:52     rv = self.dispatch_request()
2024-03-02 01:53:52   File "/gnu/store/w836rzklz9rigr0kjqw5px0ip1933l3y-profile/lib/python3.10/site-packages/flask/app.py", line 1509, in dispatch_request
2024-03-02 01:53:52     return self.ensure_sync(self.view_functions[rule.endpoint])(**req.view_args)
2024-03-02 01:53:52   File "/gn-auth/gn_auth/auth/authorisation/users/views.py", line 106, in register_user
2024-03-02 01:53:52     cursor, save_user(
2024-03-02 01:53:52   File "/gn-auth/gn_auth/auth/authentication/users.py", line 83, in save_user
2024-03-02 01:53:52     cursor.execute("INSERT INTO users VALUES (?, ?, ?)",
2024-03-02 01:53:52 sqlite3.OperationalError: attempt to write a readonly database
```

Looks like the container cannot write to the database.


My current hypothesis is that `/export/data/genenetwork-sqlite` has been "taken over" by the new https://test1-auth.genenetwork.org and now https://auth-cd.genenetwork.org cannot write to the database file.

Possible confirmation of the hypothesis:

The cd container is built with the following options:

```
container_script=$(guix system container --network \
			︙
                        --share=/export/data/genenetwork-xapian \
                        --share=/export/data/genenetwork-sqlite \
			︙
```

meanwhile the test1 container is built with:

```
container_script=$(guix system container \
			︙
                        --expose=/export/data/genenetwork-xapian \
                        --share=/export/data/genenetwork-sqlite \
			︙
```

`--share` option allows read-write access within the container, while `--expose` just allows read access. From the snippets above, we see that the "genenetwork-sqlite" folder should (ideally) be writable from both systems.

When you list the files:

```
fredm@tux02:/home/git/public$ ls -al /export/data/genenetwork-sqlite
total 23764
drwxr-xr-x 2 guixbuilder11  983     4096 Nov  3 04:20 .
drwxr-xr-x 7 root          root     4096 Jul 29  2023 ..
-rw-r--r-- 1 guixbuilder11  983 24322048 Feb 28 04:05 auth.db
fredm@tux02:/home/git/public$ ls -al /export/data/
total 28
drwxr-xr-x  7 root          root 4096 Jul 29  2023 .
drwxr-xr-x 12 root          root 4096 Jan  9 15:24 ..
drwxr-xr-x  5 root          root 4096 Feb  9 09:29 genenetwork
drwxr-xr-x  2 guixbuilder11  983 4096 Nov  3 04:20 genenetwork-sqlite
drwxrwxrwx  2 root          root 4096 Jan 22 07:00 genenetwork-virtuoso
drwxr-xr-x  3 guixbuilder17  977 4096 Dec 19 07:37 genenetwork-xapian
drwxr-xr-x  2 wrk           root 4096 Jul 29  2023 wrk
```

you see that the genenetwork-sqlite and genenetwork-xapian directories are owned by different users (and groups for that matter), which might explain why after the test1 system was built, the cd system could no longer write to the db file.

----

Testing the hypothesis: Hypothesis confirmed.

Rebuilding the container changed ownership from:
```
drwxr-xr-x  2 guixbuilder11  983 4096 Nov  3 04:20 genenetwork-sqlite
```
to
```
drwxr-xr-x  2 guixbuilder13  981 4096 Nov  3 04:20 genenetwork-sqlite
```

Attempting to register a user again was also successful.


The lines that do the file ownership/permission changes are:
=> https://git.genenetwork.org/gn-machines/tree/genenetwork-development.scm?id=3baf150595f0b7d7061a119f1c52d1dbea328e83#n697
=> https://git.genenetwork.org/gn-machines/tree/genenetwork/services/genenetwork.scm?id=3baf150595f0b7d7061a119f1c52d1dbea328e83#n110

## Proposed Solution

Figure out how to make the authorisation database file be accessible from multiple containers with read-write permissions.