aboutsummaryrefslogtreecommitdiff
path: root/genenetwork/services
diff options
context:
space:
mode:
authorArun Isaac2024-02-29 19:39:48 +0000
committerArun Isaac2024-03-01 11:16:12 +0000
commitc032c737b5d2d791d388618e3c79403d3a16fe21 (patch)
tree1c785464c7d80584453e5937eb0cf65ec08db684 /genenetwork/services
parentbb39c3b5800953197cc6ffa3f99273b537d347a3 (diff)
downloadgn-machines-c032c737b5d2d791d388618e3c79403d3a16fe21.tar.gz
Add gn-auth to production genenetwork service.
* genenetwork/services/genenetwork.scm: Import gn-auth from (gn packages genenetwork). * genenetwork/services/genenetwork.scm (<genenetwork-configuration>)[gn-auth, gn-auth-port, gn-auth-secrets]: New fields. * genenetwork/services/genenetwork.scm (genenetwork-gunicorn-apps): Add gn-auth gunicorn app.
Diffstat (limited to 'genenetwork/services')
-rw-r--r--genenetwork/services/genenetwork.scm48
1 files changed, 43 insertions, 5 deletions
diff --git a/genenetwork/services/genenetwork.scm b/genenetwork/services/genenetwork.scm
index ce930c0..f5d1e01 100644
--- a/genenetwork/services/genenetwork.scm
+++ b/genenetwork/services/genenetwork.scm
@@ -18,7 +18,7 @@
;;; <https://www.gnu.org/licenses/>.
(define-module (genenetwork services genenetwork)
- #:use-module ((gn packages genenetwork) #:select (genenetwork2 genenetwork3))
+ #:use-module ((gn packages genenetwork) #:select (genenetwork2 genenetwork3 gn-auth))
#:use-module ((gnu packages admin) #:select (shadow))
#:use-module (gnu services)
#:use-module (gnu services web)
@@ -57,12 +57,16 @@
(default genenetwork2))
(genenetwork3 genenetwork-configuration-genenetwork3
(default genenetwork3))
+ (gn-auth genenetwork-configuration-gn-auth
+ (default gn-auth))
(server-name genenetwork-configuration-server-name
(default "genenetwork.org"))
(gn2-port genenetwork-configuration-gn2-port
(default 8082))
(gn3-port genenetwork-configuration-gn3-port
(default 8083))
+ (gn-auth-port genenetwork-configuration-gn-auth-port
+ (default 8084))
(sql-uri genenetwork-configuration-sql-uri
(default "mysql://username:password@localhost/database"))
(auth-db genenetwork-configuration-auth-db
@@ -78,7 +82,9 @@
(gn2-secrets genenetwork-configuration-gn2-secrets
(default "/etc/genenetwork/gn2-secrets.py"))
(gn3-secrets genenetwork-configuration-gn3-secrets
- (default "/etc/genenetwork/gn3-secrets.py")))
+ (default "/etc/genenetwork/gn3-secrets.py"))
+ (gn-auth-secrets genenetwork-configuration-gn-auth-secrets
+ (default "/etc/genenetwork/gn-auth-secrets.py")))
(define %genenetwork-accounts
(list (user-group
@@ -135,7 +141,7 @@ G-expressions or numbers."
described by @var{config}, a @code{<genenetwork-configuration>}
object."
(match-record config <genenetwork-configuration>
- (genenetwork2 genenetwork3 server-name gn2-port gn3-port sql-uri auth-db xapian-db genotype-files sparql-endpoint gn3-data-directory gn2-secrets gn3-secrets)
+ (genenetwork2 genenetwork3 gn-auth server-name gn2-port gn3-port gn-auth-port sql-uri auth-db xapian-db genotype-files sparql-endpoint gn3-data-directory gn2-secrets gn3-secrets gn-auth-secrets)
;; If we mapped only the mysqld.sock socket file, it would break
;; when the external mysqld server is restarted.
(let* ((database-mapping (file-system-mapping
@@ -163,7 +169,11 @@ object."
("DATA_DIR" ,gn3-data-directory)
("SPARQL_ENDPOINT" ,sparql-endpoint)
("SQL_URI" ,sql-uri)
- ("XAPIAN_DB_PATH" ,xapian-db))))))
+ ("XAPIAN_DB_PATH" ,xapian-db)))))
+ (gn-auth-conf (computed-file "gn-auth.conf"
+ (configuration-file-gexp
+ `(("AUTH_DB" ,auth-db)
+ ("GN_AUTH_SECRETS" ,gn-auth-secrets))))))
(list (gunicorn-app
(name "genenetwork2")
(package genenetwork2)
@@ -231,7 +241,35 @@ object."
(file-system-mapping
(source auth-db)
(target source)
- (writable? #t)))))))))
+ (writable? #t)))))
+ (gunicorn-app
+ (name "gn-auth")
+ (package gn-auth)
+ (sockets (list (forge-ip-socket
+ (port gn-auth-port))))
+ (wsgi-app-module "gn_auth:create_app()")
+ (workers 20)
+ (environment-variables
+ (list (environment-variable
+ (name "GN_AUTH_CONF")
+ (value gn-auth-conf))
+ (environment-variable
+ (name "HOME")
+ (value "/tmp"))
+ (environment-variable
+ (name "AUTHLIB_INSECURE_TRANSPORT")
+ (value "true"))))
+ (mappings (list database-mapping
+ (file-system-mapping
+ (source gn-auth-conf)
+ (target source))
+ (file-system-mapping
+ (source auth-db)
+ (target source)
+ (writable? #t))
+ (file-system-mapping
+ (source gn-auth-secrets)
+ (target source)))))))))
(define (genenetwork-nginx-server-block config)
"Return an @code{<nginx-server-configuration>} record specifying