From 081e2865c3354415fbcb186e562060d6ac2885f1 Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Fri, 8 Mar 2024 04:27:21 +0300 Subject: Add gn-uploader service. * genenetwork/services/genenetwork.scm (): New type. (gn-uploader-activation, gn-uploader-gunicorn-app, gn-uploader-nginx-server-block): New functions. (gn-uploader-service-type): New variable. * uploader.scm, uploader-deploy.sh: New files. Signed-off-by: Arun Isaac --- genenetwork/services/genenetwork.scm | 105 ++++++++++++++++++++++++++++++++++- 1 file changed, 103 insertions(+), 2 deletions(-) (limited to 'genenetwork/services/genenetwork.scm') diff --git a/genenetwork/services/genenetwork.scm b/genenetwork/services/genenetwork.scm index cdb7ff4..0382d01 100644 --- a/genenetwork/services/genenetwork.scm +++ b/genenetwork/services/genenetwork.scm @@ -1,5 +1,6 @@ ;;; genenetwork-machines --- Guix configuration for genenetwork machines ;;; Copyright © 2024 Arun Isaac +;;; Copyright © 2024 Frederick M. Muriithi ;;; ;;; This file is part of genenetwork-machines. ;;; @@ -18,7 +19,7 @@ ;;; . (define-module (genenetwork services genenetwork) - #:use-module ((gn packages genenetwork) #:select (genenetwork2 genenetwork3 gn-auth)) + #:use-module ((gn packages genenetwork) #:select (genenetwork2 genenetwork3 gn-auth gn-uploader)) #:use-module ((gnu packages admin) #:select (shadow)) #:use-module (gnu services) #:use-module (gnu services web) @@ -48,7 +49,13 @@ genenetwork-configuration-sparql-endpoint genenetwork-configuration-gn3-data-directory genenetwork-configuration-gn2-secrets - genenetwork-configuration-gn3-secrets)) + genenetwork-configuration-gn3-secrets + gn-uploader-service-type + gn-uploader-configuration + gn-uploader-configuration? + gn-uploader-configuration-server-name + gn-uploader-configuration-port + gn-uploader-configuration-secrets)) (define-record-type* genenetwork-configuration make-genenetwork-configuration @@ -88,6 +95,22 @@ (gn-auth-secrets genenetwork-configuration-gn-auth-secrets (default "/etc/genenetwork/gn-auth-secrets.py"))) +(define-record-type* + gn-uploader-configuration make-gn-uploader-configuration + gn-uploader-configuration? + (gn-uploader gn-uploader-configuration-gn-uploader + (default gn-uploader)) + (server-name gn-uploader-server-name + (default "upload.genenetwork.org")) + (port gn-uploader-configuration-port + (default 8085)) + (sql-uri gn-uploader-configuration-sql-uri + (default "mysql://username:password@localhost/database")) + (data-directory gn-uploader-configuration-data-directory + (default "/var/genenetwork")) + (secrets gn-uploader-configuration-secrets + (default "/etc/genenetwork/gn-uploader-secrets.py"))) + (define %genenetwork-accounts (list (user-group (name "genenetwork") @@ -334,3 +357,81 @@ a @code{} record." (service-extension forge-nginx-service-type genenetwork-nginx-server-blocks))) (default-value (genenetwork-configuration)))) + +(define (gn-uploader-activation config) + (match-record config + (secrets) + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + ;; Let service user own their own secrets files. + (chown #$secrets + (passwd:uid (getpw "gunicorn-gn-uploader")) + (passwd:gid (getpw "gunicorn-gn-uploader"))) + ;; Set owner-only permissions on secrets files. + (for-each (lambda (file) + (chmod file #o600)) + (list #$secrets)))))) + +(define (gn-uploader-gunicorn-app config) + (match-record config + (gn-uploader sql-uri port data-directory secrets) + ;; If we mapped only the mysqld.sock socket file, it would break + ;; when the external mysqld server is restarted. + (let ((database-mapping (file-system-mapping + (source "/run/mysqld") + (target source) + (writable? #t))) + (gn-uploader-conf (computed-file "gn-uploader.conf" + (configuration-file-gexp + `(("QCAPP_SECRETS" ,secrets) + ("SQL_URI" ,sql-uri)))))) + (list (gunicorn-app + (name "gn-uploader") + (package gn-uploader) + (sockets (list (forge-ip-socket + (port port)))) + (wsgi-app-module "qc_app:create_app()") + (workers 20) + (environment-variables + (list (environment-variable + (name "QCAPP_CONF") + (value gn-uploader-conf)) + (environment-variable + (name "HOME") + (value "/tmp")))) + (mappings (list database-mapping + (file-system-mapping + (source gn-uploader-conf) + (target source)) + (file-system-mapping + (source secrets) + (target source)) + (file-system-mapping + (source data-directory) + (target source))))))))) + +(define (gn-uploader-nginx-server-block config) + (match-record config + (server-name port) + (list (nginx-server-configuration + (server-name (list server-name)) + (locations + (list (nginx-location-configuration + (uri "/") + (body (list (string-append "proxy_pass http://localhost:" + (number->string port) ";") + "proxy_set_header Host $host;"))))))))) + +(define gn-uploader-service-type + (service-type + (name 'gn-uploader) + (description "GeneNetwork data uploader service.") + (extensions + (list (service-extension activation-service-type + gn-uploader-activation) + (service-extension gunicorn-service-type + gn-uploader-gunicorn-app) + (service-extension forge-nginx-service-type + gn-uploader-nginx-server-block))) + (default-value (genenetwork-configuration)))) -- cgit v1.2.3