diff options
| author | Frederick Muriuki Muriithi | 2024-11-04 10:13:01 -0600 |
|---|---|---|
| committer | Frederick Muriuki Muriithi | 2024-11-12 14:04:25 -0600 |
| commit | c8279d33273156eceb00518a714d23450d6bb76f (patch) | |
| tree | cb30c5b02f496d4c359075d368eb93073657a4f3 | |
| parent | c7b87ce1e37b9e8d9bd75160851a29ef612dbba3 (diff) | |
| download | gn-machines-c8279d33273156eceb00518a714d23450d6bb76f.tar.gz | |
Define REQUESTS_CA_BUNDLE envvar for python-requests
Define the `REQUESTS_CA_BUNDLE` for all applications that make use of
python's requests library. The library needs to know the location of
valid CA certificates in order to work as expected.
Expose the CA certificates bundles by adding them to the applications'
environments using the mappings objects.
| -rw-r--r-- | genenetwork/services/genenetwork.scm | 50 |
1 files changed, 42 insertions, 8 deletions
diff --git a/genenetwork/services/genenetwork.scm b/genenetwork/services/genenetwork.scm index 6905686..b4c0806 100644 --- a/genenetwork/services/genenetwork.scm +++ b/genenetwork/services/genenetwork.scm @@ -305,6 +305,7 @@ object." (gn2-profile (profile (content (package->development-manifest genenetwork2)) (allow-collisions? #t))) + (gn2-ca-bundle (file-append gn2-profile "/etc/ssl/certs/ca-certificates.crt")) (gn2-conf (computed-file "gn2.conf" (configuration-file-gexp `(("GN2_SECRETS" ,(string-append gn2-secrets "/gn2-secrets.py")) @@ -319,6 +320,10 @@ object." ("PLINK_COMMAND" ,(file-append gn2-profile "/bin/plink2")) ("SQL_URI" ,sql-uri) ("AI_SEARCH_ENABLED" "True"))))) + (gn3-profile (profile + (content (package->development-manifest genenetwork3)) + (allow-collisions? #t))) + (gn3-ca-bundle (file-append gn3-profile "/etc/ssl/certs/ca-certificates.crt")) (gn3-conf (computed-file "gn3.conf" (configuration-file-gexp `(("AUTH_DB" ,auth-db) @@ -330,6 +335,10 @@ object." ("GENOTYPE_FILES" ,genotype-files) ("REAPER_COMMAND" ,(file-append gn2-profile "/bin/qtlreaper")) ("LLM_DB_PATH" ,llm-db-path))))) + (gn-auth-profile (profile + (content (package->development-manifest gn-auth)) + (allow-collisions? #t))) + (gn-auth-ca-bundle (file-append gn-auth-profile "/etc/ssl/certs/ca-certificates.crt")) (gn-auth-conf (computed-file "gn-auth.conf" (configuration-file-gexp `(("GN_AUTH_SECRETS" ,(string-append gn-auth-secrets "/gn-auth-secrets.py")) @@ -357,7 +366,10 @@ object." (value gn2-conf)) (environment-variable (name "HOME") - (value "/tmp")))) + (value "/tmp")) + (environment-variable + (name "REQUESTS_CA_BUNDLE") + (value gn2-ca-bundle)))) (mappings (list database-mapping (file-system-mapping (source genotype-files) @@ -378,7 +390,10 @@ object." (file-system-mapping (source gn2-secrets) (target source) - (writable? #t)))) + (writable? #t)) + (file-system-mapping + (source gn2-ca-bundle) + (target source)))) (extra-cli-arguments (list "--log-level" (string-upcase (symbol->string log-level))))) @@ -405,7 +420,10 @@ object." (value gn3-secrets)) (environment-variable (name "HOME") - (value "/tmp")))) + (value "/tmp")) + (environment-variable + (name "REQUESTS_CA_BUNDLE") + (value gn3-ca-bundle)))) (mappings (list database-mapping (file-system-mapping (source gn3-conf) @@ -432,7 +450,10 @@ object." (file-system-mapping (source llm-db-path) (target source) - (writable? #t)))) + (writable? #t)) + (file-system-mapping + (source gn3-ca-bundle) + (target source)))) (extra-cli-arguments (list "--log-level" (string-upcase (symbol->string log-level))))) @@ -452,7 +473,10 @@ object." (value "/tmp")) (environment-variable (name "AUTHLIB_INSECURE_TRANSPORT") - (value "true")))) + (value "true")) + (environment-variable + (name "REQUESTS_CA_BUNDLE") + (value gn-auth-ca-bundle)))) (mappings (list database-mapping (file-system-mapping (source gn-auth-conf) @@ -464,7 +488,10 @@ object." (file-system-mapping (source gn-auth-secrets) (target source) - (writable? #t))))))))) + (writable? #t)) + (file-system-mapping + (source gn-auth-ca-bundle) + (target source))))))))) (define (genenetwork-nginx-server-blocks config) "Return a list of @code{<nginx-server-configuration>} records specifying @@ -570,7 +597,8 @@ a @code{<genenetwork-configuration>} record." ("GN2_SERVER_URL" ,gn2-server-url))))) (gn-uploader-profile (profile (content (package->development-manifest gn-uploader)) - (allow-collisions? #t)))) + (allow-collisions? #t))) + (gn-uploader-ca-bundle (file-append gn-uploader-profile "/etc/ssl/certs/ca-certificates.crt"))) (list (gunicorn-app (name "gn-uploader") (package gn-uploader) @@ -587,7 +615,10 @@ a @code{<genenetwork-configuration>} record." (value "/tmp")) (environment-variable (name "GN_UPLOADER_ENVIRONMENT") - (value gn-uploader-profile)))) + (value gn-uploader-profile)) + (environment-variable + (name "REQUESTS_CA_BUNDLE") + (value gn-uploader-ca-bundle)))) (mappings (list database-mapping (file-system-mapping (source gn-uploader-conf) @@ -601,6 +632,9 @@ a @code{<genenetwork-configuration>} record." (writable? #t)) (file-system-mapping (source gn-uploader-profile) + (target source)) + (file-system-mapping + (source gn-uploader-ca-bundle) (target source)))) (extra-cli-arguments (list "--log-level" |