diff options
| author | Munyoki Kilyungi | 2025-05-06 16:21:30 +0300 |
|---|---|---|
| committer | Munyoki Kilyungi | 2025-05-06 16:26:06 +0300 |
| commit | fb1b688728c3e6f710439538af42eacd5f8396b7 (patch) | |
| tree | 0c4298e94e9a5520f2b0adf59b69b5d32fa3f0cb | |
| parent | 1589d919a0444803a675bbb7cbe23daebe0f3472 (diff) | |
| download | gn-machines-fb1b688728c3e6f710439538af42eacd5f8396b7.tar.gz | |
Explicitly write to gn{2,3,-auth}.conf files.
Make this files editable for local development, instead of interning them at the store.
| -rw-r--r-- | genenetwork-local-container.scm | 202 |
1 files changed, 111 insertions, 91 deletions
diff --git a/genenetwork-local-container.scm b/genenetwork-local-container.scm index 2e3eafb..14403ab 100644 --- a/genenetwork-local-container.scm +++ b/genenetwork-local-container.scm @@ -83,74 +83,86 @@ server described by CONFIG, a <genenetwork-configuration> object." (match-record config <genenetwork-configuration> (gn2-port gn2-secrets gn3-port gn-auth-port genotype-files) - (with-packages (list coreutils git-minimal gunicorn nss-certs) - (with-imported-modules '((guix build utils)) - #~(begin - (use-modules (guix build utils) - (ice-9 match)) - - ;; Override the genenetwork3 used by genenetwork2. - (setenv "GN3_PYTHONPATH" "/genenetwork3") - ;; Set other environment variables required by - ;; genenetwork2. - (setenv "GN2_PROFILE" #$(profile - (content (package->development-manifest genenetwork2)) - (allow-collisions? #t))) - (setenv - "GN2_SETTINGS" - #$(mixed-text-file "gn2.conf" - "GN2_SECRETS=\"" gn2-secrets "\"\n" - "AI_SEARCH_ENABLED=True\n" - "TEST_FEATURE_SWITCH=True\n" - "GN3_LOCAL_URL=\"" - (string-append "http://localhost:" - (number->string gn3-port)) - "\"\n" - "GN_SERVER_URL=\"" - (string-append "http://localhost:" - (number->string gn3-port)) - "/api/\"\n" - "AUTH_SERVER_URL=\"" - (string-append "http://localhost:" - (number->string gn-auth-port)) - "\"\n" - "SQL_URI=\"mysql://webqtlout:webqtlout@localhost/db_webqtl?unix_socket=/run/mysqld/mysqld.sock&charset=utf8\"\n" - "SSL_PRIVATE_KEY=\"/etc/genenetwork/conf/gn2/private.pem\"\n" - "AUTH_SERVER_SSL_PUBLIC_KEY=\"/etc/genenetwork/conf/gn-auth/clients-public-keys/gn-auth.pem\"\n")) + (with-packages + (list coreutils git-minimal gunicorn nss-certs) + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils) + (ice-9 ftw) + (ice-9 match)) - ;; Start genenetwork2. - (with-directory-excursion "/genenetwork2" - (invoke #$(file-append bash "/bin/sh") - "bin/genenetwork2" "gn2/default_settings.py" "-gunicorn-dev"))))))) + ;; Override the genenetwork3 used by genenetwork2. + (setenv "GN3_PYTHONPATH" "/genenetwork3") + (setenv "GN2_PROFILE" #$(profile + (content (package->development-manifest genenetwork2)) + (allow-collisions? #t))) + (unless (file-exists? "/etc/genenetwork/conf/gn2.conf") + (with-output-to-file "/etc/genenetwork/conf/gn2.conf" + (lambda () + (display #$(string-append + "GN2_SECRETS=\"" gn2-secrets "\"\n" + "AI_SEARCH_ENABLED=True\n" + "TEST_FEATURE_SWITCH=True\n" + "GN3_LOCAL_URL=\"http://localhost:" (number->string gn3-port) "\"\n" + "GN_SERVER_URL=\"http://localhost:" (number->string gn3-port) "/api/\"\n" + "AUTH_SERVER_URL=\"http://localhost:" (number->string gn-auth-port) "\"\n" + "SQL_URI=\"mysql://webqtlout:webqtlout@localhost/db_webqtl?unix_socket=/run/mysqld/mysqld.sock&charset=utf8\"\n" + "SSL_PRIVATE_KEY=\"/etc/genenetwork/conf/gn2/private.pem\"\n" + "AUTH_SERVER_SSL_PUBLIC_KEY=\"/etc/genenetwork/conf/gn-auth/clients-public-keys/gn-auth.pem\"\n")) + ;; We actually set here twice so that we can refer to it + ;; when running things manually. + (display "GN2_PROFILE=\"") + (display #$(file-append (profile + (content (package->development-manifest genenetwork2)) + (allow-collisions? #t)) + "\"\n"))))) + (setenv "GN2_SETTINGS" "/etc/genenetwork/conf/gn2.conf") + ;; Start genenetwork2. + (with-directory-excursion "/genenetwork2" + (invoke #$(file-append bash "/bin/sh") + "bin/genenetwork2" "gn2/default_settings.py" "-gunicorn-dev"))))))) (define (genenetwork3-gexp config) "Return a G-expression that runs the latest genenetwork3 development server described by CONFIG, a <genenetwork-configuration> object." (match-record config <genenetwork-configuration> - (gn3-port gn3-secrets sparql-endpoint data-directory xapian-db-path auth-db-path llm-db-path) + (gn3-port gn3-secrets gn-auth-port sparql-endpoint data-directory xapian-db-path auth-db-path llm-db-path) (with-manifest (package->development-manifest genenetwork3) (with-imported-modules '((guix build utils)) #~(begin - (use-modules (guix build utils) - (ice-9 match)) - + (use-modules (guix build utils)) ;; Configure genenetwork3. - (setenv "GN3_CONF" - #$(mixed-text-file "gn3.conf" - "SPARQL_ENDPOINT=\"" sparql-endpoint "\"\n" - "DATA_DIR=\"" data-directory "\"\n" - "AUTH_SERVER_URL=\"http://localhost:8084/\"\n" - "XAPIAN_DB_PATH=\"" xapian-db-path "\"\n" - "AUTH_DB=\"" auth-db-path "\"\n" - "LLM_DB_PATH=\"" llm-db-path "\"\n")) - (setenv "GN3_SECRETS" #$gn3-secrets) - (setenv "HOME" "/tmp") - (setenv "SQL_URI" "mysql://webqtlout:webqtlout@localhost/db_webqtl?unix_socket=/run/mysqld/mysqld.sock") (setenv "RSCRIPT" #$(file-append (profile (content (package->development-manifest genenetwork3)) (allow-collisions? #t)) "/bin/Rscript")) + (unless (file-exists? "/etc/genenetwork/conf/gn3.conf") + (with-output-to-file "/etc/genenetwork/conf/gn3.conf" + (lambda () + (display #$(string-append + "SPARQL_ENDPOINT=\"" sparql-endpoint "\"\n" + "DATA_DIR=\"" data-directory "\"\n" + "AUTH_SERVER_URL=\"http://localhost:8084/\"\n" + "XAPIAN_DB_PATH=\"" xapian-db-path "\"\n" + "AUTH_DB=\"" auth-db-path "\"\n" + "LLM_DB_PATH=\"" llm-db-path "\"\n")) + (display "GN3_PROFILE=\"") + (display #$(file-append (profile + (content (package->development-manifest genenetwork3)) + (allow-collisions? #t)) + "\"\n")) + (display "R_SCRIPT=\"") + (display #$(file-append + (profile + (content (package->development-manifest genenetwork3)) + (allow-collisions? #t)) + "/bin/Rscript\"\n"))))) + (setenv "GN3_CONF" "/etc/genenetwork/conf/gn3.conf") + (setenv "GN3_SECRETS" #$gn3-secrets) + (setenv "HOME" "/tmp") + (setenv "SQL_URI" "mysql://webqtlout:webqtlout@localhost/db_webqtl?unix_socket=/run/mysqld/mysqld.sock") + (setenv "FLASK_ENV" "development") (setenv "FLASK_DEBUG" "1") ;; Run genenetwork3. @@ -168,18 +180,24 @@ server described by CONFIG, a <genenetwork-configuration> object." (with-packages (list git-minimal nss-certs) (with-imported-modules '((guix build utils)) #~(begin - (use-modules (guix build utils) - (ice-9 match)) + (use-modules (guix build utils)) ;; Configure gn-auth. - (setenv "GN_AUTH_CONF" - #$(mixed-text-file - "gn-auth.conf" + (unless (file-exists? "/etc/genenetwork/conf/gn-auth.conf") + (with-output-to-file "/etc/genenetwork/conf/gn-auth.conf" + (lambda () + (display #$(string-append "LOGLEVEL=\"DEBUG\"\n" "SQL_URI=\"mysql://webqtlout:webqtlout@localhost/db_webqtl?unix_socket=/run/mysqld/mysqld.sock\"\n" "AUTH_DB=\"" auth-db-path "\"\n" "GN_AUTH_SECRETS=\"" gn-auth-secrets "\"\n" "CLIENTS_SSL_PUBLIC_KEYS_DIR=\"/etc/genenetwork/conf/gn-auth/clients-public-keys/\"\n" "SSL_PRIVATE_KEY=\"/etc/genenetwork/conf/gn-auth/private.pem\"\n")) + (display "GN_AUTH_PROFILE=\"") + (display #$(file-append (profile + (content (package->development-manifest gn-auth)) + (allow-collisions? #t)) + "\"\n"))))) + (setenv "GN_AUTH_CONF" "/etc/genenetwork/conf/gn-auth.conf") (setenv "HOME" "/tmp") (setenv "AUTHLIB_INSECURE_TRANSPORT" "true") ;; Run gn-auth. @@ -190,40 +208,42 @@ server described by CONFIG, a <genenetwork-configuration> object." "gn_auth.wsgi:app")))))))) (define (genenetwork-activation config) - (match-record config <genenetwork-configuration> - (gn2-secrets gn3-secrets auth-db-path gn-auth-secrets gn-doc-git-checkout) + (match-record + config <genenetwork-configuration> + (gn2-secrets gn3-secrets gn3-port gn-auth-port auth-db-path gn-auth-secrets gn-doc-git-checkout) (with-imported-modules '((guix build utils)) - #~(begin - (use-modules (guix build utils)) - ;; Set ownership of files. - (for-each (lambda (file) - (when (eq? (stat:type (stat file)) 'directory) - (chmod file #o755)) - (chown file - (passwd:uid (getpw "genenetwork")) - (passwd:gid (getpw "genenetwork")))) - (append - '("/etc/genenetwork/conf" "/genenetwork2/flask_session") - (find-files #$(dirname gn-auth-secrets) - #:directories? #t) - (find-files #$(dirname gn2-secrets) - #:directories? #t) - (find-files #$(dirname gn3-secrets) - #:directories? #t) - (find-files #$(dirname auth-db-path) - #:directories? #t) - (find-files #$(dirname gn-doc-git-checkout) - #:directories? #t))) - ;; Prevent other users from reading secret files. - (for-each (lambda (file) - (chmod file #o600)) - (append - (find-files #$gn-auth-secrets - #:directories? #f) - (find-files #$gn2-secrets - #:directories? #f) - (find-files #$gn3-secrets - #:directories? #f))))))) + #~(begin + (use-modules (guix build utils) + (ice-9 ftw)) + ;; Set ownership of files. + (for-each (lambda (file) + (when (eq? (stat:type (stat file)) 'directory) + (chmod file #o755)) + (chown file + (passwd:uid (getpw "genenetwork")) + (passwd:gid (getpw "genenetwork")))) + (append + '("/etc/genenetwork/conf" "/genenetwork2/flask_session") + (find-files #$(dirname gn-auth-secrets) + #:directories? #t) + (find-files #$(dirname gn2-secrets) + #:directories? #t) + (find-files #$(dirname gn3-secrets) + #:directories? #t) + (find-files #$(dirname auth-db-path) + #:directories? #t) + (find-files #$(dirname gn-doc-git-checkout) + #:directories? #t))) + ;; Prevent other users from reading secret files. + (for-each (lambda (file) + (chmod file #o600)) + (append + (find-files #$gn-auth-secrets + #:directories? #f) + (find-files #$gn2-secrets + #:directories? #f) + (find-files #$gn3-secrets + #:directories? #f))))))) (define (gn-guile-gexp gn-guile-port) (with-imported-modules '((guix build utils)) |