diff options
-rwxr-xr-x | genenetwork-development-deploy.sh | 1 | ||||
-rw-r--r-- | genenetwork-development.scm | 105 |
2 files changed, 95 insertions, 11 deletions
diff --git a/genenetwork-development-deploy.sh b/genenetwork-development-deploy.sh index 2dc9135..85e0cbd 100755 --- a/genenetwork-development-deploy.sh +++ b/genenetwork-development-deploy.sh @@ -34,6 +34,7 @@ container_script=$(guix system container --network \ --share=/export2/guix-containers/genenetwork-development/var/log/cd=/var/log/cd \ --expose=/export/data/genenetwork \ --share=/export/data/genenetwork-xapian \ + --share=/export/data/genenetwork-sqlite \ --share=/export/genenetwork-database-dump \ --share=/var/run/mysqld=/run/mysqld \ genenetwork-development.scm) diff --git a/genenetwork-development.scm b/genenetwork-development.scm index 6285bbc..0550d5f 100644 --- a/genenetwork-development.scm +++ b/genenetwork-development.scm @@ -31,7 +31,7 @@ ((gnu packages check) #:select (python-pylint)) ((gnu packages ci) #:select (laminar)) ((gnu packages compression) #:select (gzip)) - ((gnu packages databases) #:select (virtuoso-ose)) + ((gnu packages databases) #:select (virtuoso-ose yoyo-migrations)) ((gnu packages gnupg) #:select (guile-gcrypt)) ((gnu packages graphviz) #:select (graphviz)) ((gnu packages guile) #:select (guile-3.0 guile-git guile-zlib)) @@ -119,7 +119,9 @@ be imported into G-expressions." (data-directory genenetwork-data-directory (default "/var/genenetwork")) (xapian-db-path genenetwork-xapian-db-path - (default "/var/genenetwork/xapian"))) + (default "/var/genenetwork/xapian")) + (auth-db-path genenetwork-auth-db-path + (default "/export/data/genenetwork-sqlite/auth.db"))) ;;; @@ -196,6 +198,51 @@ command to be executed." (genenetwork3-tests (list "pytest" "-k" "unit_test") (package->development-manifest genenetwork3))) +(define (genenetwork3-auth-migrations-genenetwork config) + "Return a G-expression that runs the migrations for the +auth(entic|oris)ation database. This is the actual migration run by +the genenetwork user." + (match-record config <genenetwork-configuration> + (auth-db-path) + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + + ;; Initialize an empty database file if it does not + ;; already exist. + (unless (file-exists? #$auth-db-path) + (call-with-output-file #$auth-db-path + (const #t))) + ;; Run migrations. + (invoke #$(file-append yoyo-migrations "/bin/yoyo") + "apply" "--config" + #$(mixed-text-file + "yoyo.ini" + "[DEFAULT]\n" + "sources = genenetwork3/migrations/auth/\n" + "database = sqlite:///" auth-db-path "\n" + "migration_table = _yoyo_migration\n" + "batch_mode = on\n" + "verbosity = 2")))))) + +(define (genenetwork3-auth-migrations-laminar config) + "Return a G-expression that runs the migrations for the +auth(entic|oris)ation database. This is the wrapper script run by the +laminar user." + (match-record config <genenetwork-configuration> + (gn3-repository) + (with-packages (list git-minimal nss-certs) + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + + ;; Clone the latest genenetwork3 repository. + (invoke "git" "clone" "--depth" "1" #$gn3-repository) + ;; Run the actual migrations as the genenetwork user. + (invoke #$sudo "--user=genenetwork" + #$(program-file "genenetwork3-auth-migrations" + (genenetwork3-auth-migrations-genenetwork config)))))))) + (define genenetwork3-pylint (with-imported-modules (source-module-closure '((genenetwork development-helper)) #:select? import-module?) @@ -299,17 +346,14 @@ genenetwork3 source from the latest commit of @var{project}." this-forge-laminar-job genenetwork3-unit-tests #:guix-daemon-uri %guix-daemon-uri)) - ;; If unit tests pass, redeploy genenetwork3 and - ;; trigger genenetwork2 tests. + ;; If unit tests pass, trigger the auth migrations. (after (with-imported-modules '((guix build utils)) #~(begin (use-modules (guix build utils)) + (when (string=? (getenv "RESULT") "success") - (invoke #$sudo - #$(file-append shepherd "/bin/herd") - "restart" "genenetwork3") (invoke #$(file-append laminar "/bin/laminarc") - "queue" "genenetwork2")))))) + "queue" "genenetwork3-auth-migrations")))))) (forge-laminar-job (name "genenetwork3-pylint") (run (derivation-job-gexp @@ -325,6 +369,22 @@ genenetwork3 source from the latest commit of @var{project}." genenetwork3-mypy #:guix-daemon-uri %guix-daemon-uri))) (forge-laminar-job + (name "genenetwork3-auth-migrations") + (run (genenetwork3-auth-migrations-laminar config)) + ;; If migrations run successfully, redeploy + ;; genenetwork3 and trigger genenetwork2 tests. + (after (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + + (when (string=? (getenv "RESULT") "success") + (invoke #$sudo + #$(file-append shepherd "/bin/herd") + "restart" "genenetwork3") + (invoke #$(file-append laminar "/bin/laminarc") + "queue" "genenetwork2"))))) + (trigger? #f)) + (forge-laminar-job (name "genenetwork3-build-xapian-index") (run (build-xapian-index-gexp this-forge-project)) (trigger? #f)))) @@ -390,7 +450,7 @@ server described by CONFIG, a <genenetwork-configuration> object." "Return a G-expression that runs the latest genenetwork3 development server described by CONFIG, a <genenetwork-configuration> object." (match-record config <genenetwork-configuration> - (gn3-repository gn3-port sparql-endpoint data-directory xapian-db-path) + (gn3-repository gn3-port sparql-endpoint data-directory xapian-db-path auth-db-path) (with-manifest (package->development-manifest genenetwork3) (with-packages (list git-minimal nss-certs) (with-imported-modules '((guix build utils)) @@ -416,7 +476,8 @@ server described by CONFIG, a <genenetwork-configuration> object." #$(mixed-text-file "gn3.conf" "SPARQL_ENDPOINT=\"" sparql-endpoint "\"\n" "DATA_DIR=\"" data-directory "\"\n" - "XAPIAN_DB_PATH=\"" xapian-db-path "\"\n")) + "XAPIAN_DB_PATH=\"" xapian-db-path "\"\n" + "AUTH_DB_PATH=\"" auth-db-path "\"\n")) (setenv "HOME" "/tmp") ;; Run genenetwork3. (with-directory-excursion "genenetwork3" @@ -497,6 +558,20 @@ described by CONFIG, a <genenetwork-configuration> object." (home-directory "/var/empty") (shell (file-append shadow "/sbin/nologin"))))) +(define (genenetwork-activation config) + (match-record config <genenetwork-configuration> + (auth-db-path) + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + + (for-each (lambda (file) + (chown file + (passwd:uid (getpw "genenetwork")) + (passwd:gid (getpw "genenetwork")))) + (find-files #$(dirname auth-db-path) + #:directories? #t)))))) + (define genenetwork-service-type (service-type (name 'genenetwork) @@ -504,6 +579,8 @@ described by CONFIG, a <genenetwork-configuration> object." (extensions (list (service-extension account-service-type (const %genenetwork-accounts)) + (service-extension activation-service-type + genenetwork-activation) (service-extension shepherd-root-service-type genenetwork-shepherd-services) (service-extension forge-service-type @@ -943,7 +1020,13 @@ reverse proxy tissue." (file-append shepherd "/bin/herd") " restart genenetwork2, " (file-append shepherd "/bin/herd") " start genenetwork3, " (file-append shepherd "/bin/herd") " stop genenetwork3, " - (file-append shepherd "/bin/herd") " restart genenetwork3\n")) + (file-append shepherd "/bin/herd") " restart genenetwork3\n" + ;; Permit the laminar user to run auth db + ;; migrations as the genenetwork user. + "\nlaminar ALL = (genenetwork) NOPASSWD: " + (program-file "genenetwork3-auth-migrations" + (genenetwork3-auth-migrations-genenetwork (genenetwork-configuration))) + "\n")) (services (cons* (service forge-service-type (forge-configuration (projects (list qc-project |