1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
# Login issues with gn-auth
# Tags
* assigned: fredm
* priority: critical
# Issues
## With registration we get a JSON error
On CD we get an error during registration of a new user using a strong password:
```
GeneNetwork 2.11-rc2 http://cd.genenetwork.org/oauth2/user/register ( 7:33PM UTC Mar 01, 2024)
Traceback (most recent call last):
File "/gnu/store/jh0b8nzrs7rh55axdwmz8i1lavni52c5-profile/lib/python3.10/site-packages/requests/models.py", line 971, in json
return complexjson.loads(self.text, **kwargs)
File "/gnu/store/jh0b8nzrs7rh55axdwmz8i1lavni52c5-profile/lib/python3.10/site-packages/simplejson/__init__.py", line 525, in loads
return _default_decoder.decode(s)
File "/gnu/store/jh0b8nzrs7rh55axdwmz8i1lavni52c5-profile/lib/python3.10/site-packages/simplejson/decoder.py", line 370, in decode
obj, end = self.raw_decode(s)
File "/gnu/store/jh0b8nzrs7rh55axdwmz8i1lavni52c5-profile/lib/python3.10/site-packages/simplejson/decoder.py", line 400, in raw_decode
return self.scan_once(s, idx=_w(s, idx).end())
simplejson.errors.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
```
## Troubleshooting
From the logs:
```
2024-03-02 01:53:52 rv = self.handle_user_exception(e)
2024-03-02 01:53:52 File "/gnu/store/w836rzklz9rigr0kjqw5px0ip1933l3y-profile/lib/python3.10/site-packages/flask/app.py", line 1523, in full_dispatch_request
2024-03-02 01:53:52 rv = self.dispatch_request()
2024-03-02 01:53:52 File "/gnu/store/w836rzklz9rigr0kjqw5px0ip1933l3y-profile/lib/python3.10/site-packages/flask/app.py", line 1509, in dispatch_request
2024-03-02 01:53:52 return self.ensure_sync(self.view_functions[rule.endpoint])(**req.view_args)
2024-03-02 01:53:52 File "/gn-auth/gn_auth/auth/authorisation/users/views.py", line 106, in register_user
2024-03-02 01:53:52 cursor, save_user(
2024-03-02 01:53:52 File "/gn-auth/gn_auth/auth/authentication/users.py", line 83, in save_user
2024-03-02 01:53:52 cursor.execute("INSERT INTO users VALUES (?, ?, ?)",
2024-03-02 01:53:52 sqlite3.OperationalError: attempt to write a readonly database
```
Looks like the container cannot write to the database.
My current hypothesis is that `/export/data/genenetwork-sqlite` has been "taken over" by the new https://test1-auth.genenetwork.org and now https://auth-cd.genenetwork.org cannot write to the database file.
Possible confirmation of the hypothesis:
The cd container is built with the following options:
```
container_script=$(guix system container --network \
︙
--share=/export/data/genenetwork-xapian \
--share=/export/data/genenetwork-sqlite \
︙
```
meanwhile the test1 container is built with:
```
container_script=$(guix system container \
︙
--expose=/export/data/genenetwork-xapian \
--share=/export/data/genenetwork-sqlite \
︙
```
`--share` option allows read-write access within the container, while `--expose` just allows read access. From the snippets above, we see that the "genenetwork-sqlite" folder should (ideally) be writable from both systems.
When you list the files:
```
fredm@tux02:/home/git/public$ ls -al /export/data/genenetwork-sqlite
total 23764
drwxr-xr-x 2 guixbuilder11 983 4096 Nov 3 04:20 .
drwxr-xr-x 7 root root 4096 Jul 29 2023 ..
-rw-r--r-- 1 guixbuilder11 983 24322048 Feb 28 04:05 auth.db
fredm@tux02:/home/git/public$ ls -al /export/data/
total 28
drwxr-xr-x 7 root root 4096 Jul 29 2023 .
drwxr-xr-x 12 root root 4096 Jan 9 15:24 ..
drwxr-xr-x 5 root root 4096 Feb 9 09:29 genenetwork
drwxr-xr-x 2 guixbuilder11 983 4096 Nov 3 04:20 genenetwork-sqlite
drwxrwxrwx 2 root root 4096 Jan 22 07:00 genenetwork-virtuoso
drwxr-xr-x 3 guixbuilder17 977 4096 Dec 19 07:37 genenetwork-xapian
drwxr-xr-x 2 wrk root 4096 Jul 29 2023 wrk
```
you see that the genenetwork-sqlite and genenetwork-xapian directories are owned by different users (and groups for that matter), which might explain why after the test1 system was built, the cd system could no longer write to the db file.
----
Testing the hypothesis: Hypothesis confirmed.
Rebuilding the container changed ownership from:
```
drwxr-xr-x 2 guixbuilder11 983 4096 Nov 3 04:20 genenetwork-sqlite
```
to
```
drwxr-xr-x 2 guixbuilder13 981 4096 Nov 3 04:20 genenetwork-sqlite
```
Attempting to register a user again was also successful.
The lines that do the file ownership/permission changes are:
=> https://git.genenetwork.org/gn-machines/tree/genenetwork-development.scm?id=3baf150595f0b7d7061a119f1c52d1dbea328e83#n697
=> https://git.genenetwork.org/gn-machines/tree/genenetwork/services/genenetwork.scm?id=3baf150595f0b7d7061a119f1c52d1dbea328e83#n110
## Proposed Solution
Figure out how to make the authorisation database file be accessible from multiple containers with read-write permissions.
|
