aboutsummaryrefslogtreecommitdiff
path: root/README.org
blob: 2eb45ddaaca353e911ef2e7056b395ecc55215bd (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
This repository houses Guix configuration for GeneNetwork machines and
containers.

* GeneNetwork development container

The GeneNetwork development container is run on /penguin2/. It runs
continuous integration and continuous deployment services for
genenetwork2, genenetwork3 and several other associated projects.

To build and install the container, you will need the
[[https://gitlab.com/genenetwork/guix-bioinformatics][guix-bioinformatics]] and [[https://git.systemreboot.net/guix-forge/][guix-forge]] channels. Once these channels are
pulled and available, on /penguin2/, run
#+BEGIN_SRC shell
$ ./genenetwork-development-deploy.sh
#+END_SRC

/penguin2/ is configured with a systemd service to run this
container. Restart it.
#+BEGIN_SRC shell
$ sudo systemctl restart genenetwork-development-container
#+END_SRC

* Virtuoso container for tux01 production

The virtuoso container is run on /tux01/ production. It runs virtuoso
alone.

To build and install the container, you will need the
guix-bioinformatics channel. Once guix-bioinformatics is pulled and
available, on /tux01/, run
#+begin_src shell
  $ ./virtuoso-deploy.sh
#+end_src

/tux01/ is configured with a systemd service to run this
container. Restart it.
#+begin_src shell
  $ sudo systemctl restart virtuoso-container
#+end_src

* Secure virtuoso authentication

In containers containing virtuoso instances, it is important to secure
authentication by changing default user passwords and disabling
unnecessary users. See [[https://issues.genenetwork.org/topics/systems/virtuoso][virtuoso gemtext documentation]] on passwords for
more details.

* Getting a Shell into the Container

When you start the container, you can get a shell into the container using the
~nsenter~ command. You will need the process ID of the container, which your
can get with something like:

#+BEGIN_SRC sh
  ps -e | grep shepherd
#+END_SRC

That will give you output of the form:

#+BEGIN_EXAMPLE
  11869 pts/3    00:00:00 shepherd
#+END_EXAMPLE

From the guix [/operating-system/ Reference](https://guix.gnu.org/manual/en/html_node/operating_002dsystem-Reference.html)
under the *packages* option, the list of packages installed under the global
profile are found in */run/current-system/profile*, for example:

#+BEGIN_SRC sh
  /run/current-system/profile/ls /gnu/store
#+END_SRC

to list the files under */gnu/store*

With that knowledge, we can now get a shell using ~nsenter~ as follows:

#+BEGIN_SRC sh
  sudo nsenter -a -t 11869 /run/current-system/profile/bin/bash \
       --init-file /run/current-system/profile/etc/profile
#+END_SRC

which will give you a bash shell with the ~PATH~ environment variable setup
correctly to give you access to all packages in the global profile.