From c032c737b5d2d791d388618e3c79403d3a16fe21 Mon Sep 17 00:00:00 2001 From: Arun Isaac Date: Thu, 29 Feb 2024 19:39:48 +0000 Subject: Add gn-auth to production genenetwork service. * genenetwork/services/genenetwork.scm: Import gn-auth from (gn packages genenetwork). * genenetwork/services/genenetwork.scm ()[gn-auth, gn-auth-port, gn-auth-secrets]: New fields. * genenetwork/services/genenetwork.scm (genenetwork-gunicorn-apps): Add gn-auth gunicorn app. --- genenetwork/services/genenetwork.scm | 48 ++++++++++++++++++++++++++++++++---- 1 file changed, 43 insertions(+), 5 deletions(-) (limited to 'genenetwork') diff --git a/genenetwork/services/genenetwork.scm b/genenetwork/services/genenetwork.scm index ce930c0..f5d1e01 100644 --- a/genenetwork/services/genenetwork.scm +++ b/genenetwork/services/genenetwork.scm @@ -18,7 +18,7 @@ ;;; . (define-module (genenetwork services genenetwork) - #:use-module ((gn packages genenetwork) #:select (genenetwork2 genenetwork3)) + #:use-module ((gn packages genenetwork) #:select (genenetwork2 genenetwork3 gn-auth)) #:use-module ((gnu packages admin) #:select (shadow)) #:use-module (gnu services) #:use-module (gnu services web) @@ -57,12 +57,16 @@ (default genenetwork2)) (genenetwork3 genenetwork-configuration-genenetwork3 (default genenetwork3)) + (gn-auth genenetwork-configuration-gn-auth + (default gn-auth)) (server-name genenetwork-configuration-server-name (default "genenetwork.org")) (gn2-port genenetwork-configuration-gn2-port (default 8082)) (gn3-port genenetwork-configuration-gn3-port (default 8083)) + (gn-auth-port genenetwork-configuration-gn-auth-port + (default 8084)) (sql-uri genenetwork-configuration-sql-uri (default "mysql://username:password@localhost/database")) (auth-db genenetwork-configuration-auth-db @@ -78,7 +82,9 @@ (gn2-secrets genenetwork-configuration-gn2-secrets (default "/etc/genenetwork/gn2-secrets.py")) (gn3-secrets genenetwork-configuration-gn3-secrets - (default "/etc/genenetwork/gn3-secrets.py"))) + (default "/etc/genenetwork/gn3-secrets.py")) + (gn-auth-secrets genenetwork-configuration-gn-auth-secrets + (default "/etc/genenetwork/gn-auth-secrets.py"))) (define %genenetwork-accounts (list (user-group @@ -135,7 +141,7 @@ G-expressions or numbers." described by @var{config}, a @code{} object." (match-record config - (genenetwork2 genenetwork3 server-name gn2-port gn3-port sql-uri auth-db xapian-db genotype-files sparql-endpoint gn3-data-directory gn2-secrets gn3-secrets) + (genenetwork2 genenetwork3 gn-auth server-name gn2-port gn3-port gn-auth-port sql-uri auth-db xapian-db genotype-files sparql-endpoint gn3-data-directory gn2-secrets gn3-secrets gn-auth-secrets) ;; If we mapped only the mysqld.sock socket file, it would break ;; when the external mysqld server is restarted. (let* ((database-mapping (file-system-mapping @@ -163,7 +169,11 @@ object." ("DATA_DIR" ,gn3-data-directory) ("SPARQL_ENDPOINT" ,sparql-endpoint) ("SQL_URI" ,sql-uri) - ("XAPIAN_DB_PATH" ,xapian-db)))))) + ("XAPIAN_DB_PATH" ,xapian-db))))) + (gn-auth-conf (computed-file "gn-auth.conf" + (configuration-file-gexp + `(("AUTH_DB" ,auth-db) + ("GN_AUTH_SECRETS" ,gn-auth-secrets)))))) (list (gunicorn-app (name "genenetwork2") (package genenetwork2) @@ -231,7 +241,35 @@ object." (file-system-mapping (source auth-db) (target source) - (writable? #t))))))))) + (writable? #t))))) + (gunicorn-app + (name "gn-auth") + (package gn-auth) + (sockets (list (forge-ip-socket + (port gn-auth-port)))) + (wsgi-app-module "gn_auth:create_app()") + (workers 20) + (environment-variables + (list (environment-variable + (name "GN_AUTH_CONF") + (value gn-auth-conf)) + (environment-variable + (name "HOME") + (value "/tmp")) + (environment-variable + (name "AUTHLIB_INSECURE_TRANSPORT") + (value "true")))) + (mappings (list database-mapping + (file-system-mapping + (source gn-auth-conf) + (target source)) + (file-system-mapping + (source auth-db) + (target source) + (writable? #t)) + (file-system-mapping + (source gn-auth-secrets) + (target source))))))))) (define (genenetwork-nginx-server-block config) "Return an @code{} record specifying -- cgit v1.2.3