Merge pull request #82 from i-VRESSE/deployments

Deployments

.gitignore

@@ -3,7 +3,7 @@ node_modules
 /.cache
 /build
 /public/build
-.env
+/.env
 .vscode/
 
 # openapi-generator-cli bookkeeping
@@ -18,3 +18,4 @@ node_modules
 /public_key.pem
 
 Caddyfile
+/deploy/cns

README.md

@@ -76,12 +76,6 @@ npm run setup
 
 (You can reset database with `npx prisma migrate reset`.)
 
-The database setup should be run only once for a fresh database.
-Whenever you change the `prisma/schema.prisma` file you need to
-
-1. Use [prisma migrate](https://www.prisma.io/docs/concepts/components/prisma-migrate) to generate a migration and to update the database.
-2. Run `npx prisma generate` to generate the prisma client.
-
 Start [remix](https://remix.run) development server from your terminal with:
 
 ```sh
@@ -92,6 +86,12 @@ This will refresh & rebuild assets on file changes.
 
 ## Other development commands
 
+The database setup should be run only once for a fresh database.
+Whenever you change the `prisma/schema.prisma` file you need to
+
+1. Use [prisma migrate](https://www.prisma.io/docs/concepts/components/prisma-migrate) to generate a migration and to update the database.
+2. Run `npx prisma generate` to generate the prisma client.
+
 To format according to [prettier](https://prettier.io) run
 
 ```sh
@@ -135,7 +135,7 @@ Then run the app in production mode:
 npm start
 ```
 
-The web application can be run inside a Docker container together with all its dependent containers, see [docs/docker.md](docs/docker.md).
+Other deployments with containers are explained in [deploy/README.md](deploy/README.md).
 
 ## Stack
 

app/session.server.ts

@@ -1,3 +1,4 @@
+import { readFileSync } from "node:fs";
 import { createCookieSessionStorage } from "@remix-run/node";
 import { createThemeSessionResolver } from "remix-themes";
 
@@ -10,7 +11,12 @@ export const sessionStorage = createCookieSessionStorage({
     path: "/",
     sameSite: "lax",
     maxAge: 604_800, // one week
-    secrets: [process.env.SESSION_SECRET || "somebadsecret"],
+    secrets: [
+      process.env.SESSION_SECRET ||
+        (process.env.SESSION_SECRET_FILE &&
+          readFileSync(process.env.SESSION_SECRET_FILE).toString()) ||
+        "somebadsecret",
+    ],
     secure: process.env.NODE_ENV === "production",
   },
 });

Dockerfile → deploy/Dockerfile

@@ -1,9 +1,13 @@
+# Docker file for haddock3-webapp
+
 # base node image
-FROM node:18-bullseye-slim as base
+FROM node:18-bookworm-slim as base
 
 # set for base and all layer that inherit from it
 ENV NODE_ENV production
 
+RUN apt update && apt install -y libssl3
+
 # Install all node_modules, including dev dependencies
 FROM base as deps
 
@@ -46,7 +50,13 @@ COPY --from=production-deps /myapp/node_modules /myapp/node_modules
 
 COPY --from=build /myapp/node_modules/.prisma /myapp/node_modules/.prisma
 COPY --from=build /myapp/build /myapp/build
+COPY --from=build /myapp/prisma /myapp/prisma
 COPY --from=build /myapp/public /myapp/public
+
 COPY --from=build /myapp/package.json /myapp/package.json
 
-ENTRYPOINT [ "npm", "run", "start" ]
+COPY --from=ghcr.io/ufoscout/docker-compose-wait:latest /wait /wait
+
+ENTRYPOINT [ "npm", "run", "start" ]
+
+HEALTHCHECK --interval=30s --timeout=5s CMD curl --fail http://localhost:8080/ || exit 1

deploy/Dockerfile.bartenderhaddock3

@@ -0,0 +1,77 @@
+# Dockerfile for bartender web service with haddock3, lightdock, gdock executables.
+FROM python:3.9-slim-bookworm
+
+ARG HADDOCK3_VERSION=main
+ARG BARTENDER_VERSION=main
+ARG GDOCK_VERSION=master
+ARG LIGHTDOCK_VERSION=0.9.4
+
+COPY --from=ghcr.io/ufoscout/docker-compose-wait:latest /wait /wait
+
+# Common dependencies =================================================================================================
+
+ENV DEBIAN_FRONTEND=noninteractive
+RUN apt-get update && \
+  apt-get install -y --no-install-recommends \
+  build-essential git ca-certificates curl libgfortran5 \
+  wget \
+  &&  \
+  apt-get clean && rm -rf /var/lib/apt/lists/* \
+  && \
+  pip install --upgrade pip
+
+# haddock3 ============================================================================================================
+WORKDIR /opt/haddock3
+RUN git clone --recursive https://github.com/haddocking/haddock3.git . && git checkout ${HADDOCK3_VERSION}
+WORKDIR /opt/haddock3/src/fcc/src
+RUN make
+WORKDIR /opt/haddock3
+RUN pip install -r requirements.txt && python setup.py develop
+COPY ./cns /opt/haddock3/bin/cns
+WORKDIR /
+ENV PYTHONPATH=/opt/haddock3/src
+
+# lightdock ==========================================================================================================
+
+RUN pip install lightdock==${LIGHTDOCK_VERSION}
+
+# gdock =============================================================================================================
+
+WORKDIR /opt/gdock
+RUN git clone https://github.com/gdocking/gdock.git . && git checkout ${GDOCK_VERSION}
+RUN python setup.py develop
+RUN bash install.sh /opt/gdock
+ENV GDOCK_PATH=/opt/gdock
+
+# bartender ==========================================================================================================
+
+WORKDIR /opt/bartender
+RUN git clone https://github.com/i-VRESSE/bartender.git . && git checkout ${BARTENDER_VERSION}
+RUN pip install .
+
+CMD ["/usr/local/bin/bartender", "serve"]
+
+HEALTHCHECK --interval=30s --timeout=5s CMD curl --fail http://localhost:8000/api/health || exit 1
+
+# non-root user ======================================================================================================
+
+ARG USERNAME=bartender
+ARG USER_UID=1000
+ARG USER_GID=$USER_UID
+
+# Create the user
+RUN groupadd --gid $USER_GID $USERNAME \
+    && useradd --uid $USER_UID --gid $USER_GID -m $USERNAME \
+    #
+    # [Optional] Add sudo support. Omit if you don't need to install software after connecting.
+    && apt-get update \
+    && apt-get install -y sudo \
+    && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \
+    && chmod 0440 /etc/sudoers.d/$USERNAME
+
+RUN mkdir /jobs && chown -R $USERNAME:$USERNAME /jobs
+
+# All commands from here on will be run as the bartender user and not as root.
+USER ${USERNAME}
+
+RUN mkdir /home/bartender/.ssh && chmod 700 /home/bartender/.ssh

deploy/Dockerfile.openssl

@@ -0,0 +1,7 @@
+FROM alpine:3.19
+
+RUN apk add --no-cache openssl
+
+CMD (test -e private_key.pem || openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:2048) && \
+    (test -e public_key.pem || openssl rsa -pubout -in private_key.pem -out public_key.pem) && \
+    (test -e session.secret || openssl rand -hex 32 > session.secret)

deploy/README.md

@@ -0,0 +1,22 @@
+# Deployments
+
+> [!NOTE]
+> All deployment methods require the `cns` executable to available in this directory.
+
+## Methods
+
+- [Haddock3 webapp with single worker and docker compose](arq/README.md)
+- [Haddock3 webapp with remote slurm cluster and docker compose](remoteslurm/README.md)
+- [Haddock3 webapp with containerized slurm cluster and docker compose](containerslurm/README.md)
+
+## Versions
+
+The webapp version is what is currently checked out.
+
+Versions of bartender, haddock3, gdock and lightdock are defined in the start of the [./Dockerfile.bartenderhaddock3](./Dockerfile.bartenderhaddock3) file.
+A version can be a git tag, branch or commit hash.
+They can be overwritten during build with
+
+```shell
+docker compose -f <docker compose file> build --build-arg HADDOCK3_VERSION=v3.0.0-beta.5
+```

deploy/arq/.env

@@ -0,0 +1,5 @@
+# In the docker-compose.yml the session, database and bartender are configured.
+# Here you can configure the haddock3 webapp for haddock3 and social logins
+# See https://github.com/i-VRESSE/haddock3-webapp/blob/main/docs/rewrite.md
+# and https://github.com/i-VRESSE/haddock3-webapp/blob/main/docs/auth.md#social-logins
+# respectively for more information.

deploy/arq/README.md

@@ -0,0 +1,17 @@
+# Haddock3 webapp with single worker
+
+```shell
+# Must be in root of repo
+cd ../..
+# Need cns executable in deploy directory, so it can be copied into the Docker image
+cp <cns executable> deploy/cns
+docker compose -f deploy/arq/docker-compose.yml up --build
+```
+
+The haddock3 webapp should be running on http://localhost:8080
+
+Next steps are to go to http://localhost:8080/register to register as admin, give your self an expertise level at http://localhost:8080/admin/users and finally submit a job.
+
+## Configuration
+
+The webapp can be configured using a [.env](.env).

deploy/arq/bartender-config.yaml

@@ -0,0 +1,124 @@
+# This file is the configuration file for the bartender service.
+# This configuration works for the webapp and the docker compose deployment.
+job_root_dir: /jobs
+destination_picker: bartender.picker:pick_first
+applications:
+  haddock3:
+    command_template: haddock3 workflow.cfg
+    upload_needs:
+      - workflow.cfg
+  runimport:
+    summary: Import a HADDOCK3 run.
+    description: >
+      Upload an archive of haddock3 output.
+      The archive should have run dir as root.
+      The run should have haddock3-clean and haddock3-analyse executed on it.
+    command_template: mkdir -p output && mv * output || true
+destinations:
+  local:
+    scheduler:
+      type: arq
+      redis_dsn: redis://redis:6379
+      max_jobs: 1
+      job_timeout: PT12H # 12 hours
+    filesystem:
+      type: local
+interactive_applications:
+  rescore:
+    command_template: >
+      haddock3-re score
+      --w_elec {{w_elec|q}} --w_vdw {{w_vdw|q}} --w_desolv {{w_desolv|q}} --w_bsa {{w_bsa|q}} --w_air {{w_air|q}}
+      {{ capri_dir|q }}
+      &&
+      haddock3-analyse  --is_cleaned True --inter True -m {{ module_nr|q }} -r output/
+    description: Rescore a HADDOCK run with different weights.
+    input_schema:
+      additionalProperties: false
+      properties:
+        module_nr:
+          type: number
+        capri_dir:
+          type: string
+        w_air:
+          type: number
+        w_bsa:
+          type: number
+        w_desolv:
+          type: number
+        w_elec:
+          type: number
+        w_vdw:
+          type: number
+      required:
+        - module_nr
+        - capri_dir
+        - w_elec
+        - w_vdw
+        - w_desolv
+        - w_bsa
+        - w_air
+      type: object
+  reclustrmsd:
+    command_template: >
+      haddock3-re clustrmsd
+      {% if criterion == 'maxclust' -%}
+      --n_clusters {{n_clusters|q}}
+      {% else -%}
+      --clust_cutoff {{clust_cutoff|q}}
+      {% endif -%}
+      {% if min_population -%}
+      --min_population {{min_population|q}}
+      {% endif -%}
+      {{clustrmsd_dir|q}}
+      &&
+      haddock3-analyse --is_cleaned True --inter True -m {{ module_nr|q }} -r output/
+    description: Recluster a HADDOCK run with RSMD and different parameters.
+    input_schema:
+      additionalProperties: false
+      properties:
+        module_nr:
+          type: number
+        clustrmsd_dir:
+          type: string
+        criterion:
+          type: string
+          enum: [maxclust, distance]
+        clust_cutoff:
+          type: number
+        n_clusters:
+          type: number
+        min_population:
+          type: number
+      required:
+        - module_nr
+        - criterion
+        - clustrmsd_dir
+      type: object
+  reclustfcc:
+    command_template: >
+      haddock3-re clustfcc
+      --clust_cutoff {{clust_cutoff|q}} --strictness {{strictness|q}} --min_population {{min_population|q}}
+      {{clustfcc_dir|q}}
+      &&
+      haddock3-analyse --is_cleaned True --inter True -m {{ module_nr|q }} -r output/
+    description: Recluster a HADDOCK run with FCC and different parameters.
+    input_schema:
+      additionalProperties: false
+      properties:
+        module_nr:
+          type: number
+        clustfcc_dir:
+          type: string
+        clust_cutoff:
+          type: number
+        strictness:
+          type: number
+        min_population:
+          type: number
+      required:
+        - module_nr
+        - clustfcc_dir
+        - clust_cutoff
+        - strictness
+        - min_population
+      type: object