From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id cOuhAh/LzmN45QAAbAwnHQ (envelope-from ) for ; Mon, 23 Jan 2023 18:59:59 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id yLxaAh/LzmMEWwEAauVa8A (envelope-from ) for ; Mon, 23 Jan 2023 18:59:59 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 9D84E37AE0 for ; Mon, 23 Jan 2023 18:59:58 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pK16O-00036v-0f; Mon, 23 Jan 2023 12:59:28 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pK16L-00036U-V5 for help-guix@gnu.org; Mon, 23 Jan 2023 12:59:25 -0500 Received: from koszko.org ([93.95.227.159]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pK16J-0002WJ-FG for help-guix@gnu.org; Mon, 23 Jan 2023 12:59:25 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=koszko.org; s=mail; h=Content-Type:MIME-Version:References:In-Reply-To:Message-ID: Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=fTX8lr5VXuSeedeGzMVQSAQG1xxGF6OWuQW9ZAr0rxI=; b=XFSpb4WLMfJZi3qUk8pRrxHdNX Tdbx4dBpTeyHBJJPL7nqsAdQylGtUDF4ln2Xz0fT7eiwNMyI16/23IzZ+KJ75iX9Fd3xsFc3PQqrG dlxuLSRArvVJYoLpwERlYeRplU1VkSM2ZJGAqAKX968+8tNQgOwtH82F4nHatgM61TjgUKLUDe+Bq yv+VmO8P6x/3Cx132Qr8VPkogw14dtHHEDtYHYbdDJunEXCZGjsX9MI+J+E3DyW1FBD3+GB5+8QyB DultfmDwkHUpSI0S9mqaO8S51Fq81ndDLJGQ3xwJQo5ktqgFGrLiBJdcjnQyJ928oyJrEomcjNGD0 cl4Jvym6wtw2IoTjiSsOpIP5pKsFFURNsafTjyHgOkk3x6TF3BCyLf7YKszyJsHI7n/+lnNKCPFti IhJXrDqScnbkJnRD8GM8SYQnakQNFnd+1mgEnXF5udoAezNTTYWSOaAitttviWuQvdg54Fz6tm66h Uk16Ad+C/jZ65ah8U87mhoEQnuhIZODfAuWJ7w65Njxgbv4v15S61iHpYr+SSEolwjnosvHm4ea57 KOzIzHrfLbgC93sS9M3a/uMhM0nKO54iKCdwCfc++QtzFtPaoqWv5vL8XjJI3ws1iM1isiugAy3jX FxWcauHwqS6wrqfibLvg/wUHHvYBvHEUhphYLcKbg=; Received: from 77-252-46-225.static.ip.netia.com.pl ([77.252.46.225] helo=koszkonutek-tmp.pl.eu.org) by koszko.org with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1pK169-00014a-Uo; Mon, 23 Jan 2023 18:59:14 +0100 Date: Mon, 23 Jan 2023 18:59:11 +0100 To: =?UTF-8?B?UHJ6ZW15c8WCYXcgS2FtacWEc2tp?= Cc: help-guix@gnu.org Subject: Re: declarative containers (was Re: [EXT] Re: Enterprise Guix Hosting?) Message-ID: <20230123185911.3c67de96.koszko@koszko.org> In-Reply-To: <1f6dfa9c-4511-b38b-b544-b1a135f02ddb@pm.me> References: <8735dzqhge.fsf@beadling.co.uk> <47774701-8E8E-4185-9DB9-7E5D7F91ACD2@yasuaki.com> <87lerbxxfs.fsf@elephly.net> <878rn4syql.fsf@elephly.net> <878rmx3939.fsf@gnu.org> <87wn5dgt7m.fsf@xelera.eu> <1f6dfa9c-4511-b38b-b544-b1a135f02ddb@pm.me> X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.33; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/Fo4Ctd4XSAa_c+Zc2l+1BkE"; protocol="application/pgp-signature"; micalg=pgp-sha256 Received-SPF: pass client-ip=93.95.227.159; envelope-from=koszko@koszko.org; helo=koszko.org X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Wojtek Kosior From: Wojtek Kosior via Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: help-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=koszko.org header.s=mail header.b=XFSpb4WL; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Seal: i=1; s=key1; d=yhetil.org; t=1674496798; a=rsa-sha256; cv=none; b=qf2bHATDVQM8BE+rY7NEKkPfn1AG2/vLuzD1L+ajkJf8WdZihAfqfeYcSJ4bjV9jH3yGZt qo3YXkpw8pO75VPGSR1yGhCv6riWo6jVOWJyXiiO0UQ/0aL1f2thW4LEaD7uUlpUmt9j/8 4gzRWsB0sFFeoBwsiS2l5sor4Jh5nKawELGDsRumjYqeBD1G6SqXAiO0Gg8pYTij9o7WIF Jq5kJ4wNAlTobfY8cYPHuEa2a3OicesQUOEpGAFtzFPZZpwkHBzg1vlJjQrneycUsPduIm Y+7Ibel6ntJQLAP26hYdiFkjfITkykEkfFS8hLLa0I1IIdnzdJsxfQGBO7s7mw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1674496798; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=fTX8lr5VXuSeedeGzMVQSAQG1xxGF6OWuQW9ZAr0rxI=; b=XEVLbzFCiu3McSFo/AFPUsHLguGsNUEHCpbK3Q7CGhslICTwdQ9EHlRVd1S1SqQIKmZ7mR KzFiNfAKZTbO5nZcLaYu3U++b4xVpYlTLqmffa3vYJzryhKTDBVvzdmY0/dkkiGUKD9+Ta H/J09UrRYSoxR7v/73+GVa8cUh3drzDi3syuBqHmxrI0oAUIMSJAc+w8EaoWxd6ToWA7bG /qkmYRbAZ4clgLniwP4MI/KorJYfzfIGqvcu9FL5ubf1lkcdMOKRqI6IaxZlnbE14lZDxX bELBssM86Xxct1QbzejeWmCoHDNJGA0RDTO8vgcrxscdq58KOS/jyvK8lM3dWg== X-Spam-Score: -6.59 X-Migadu-Queue-Id: 9D84E37AE0 X-Migadu-Scanner: scn0.migadu.com Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=koszko.org header.s=mail header.b=XFSpb4WL; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org X-Migadu-Spam-Score: -6.59 X-TUID: YYH6pnvRZtwY --Sig_/Fo4Ctd4XSAa_c+Zc2l+1BkE Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Witaj, Przemku! I don't have anything with Postgres at hand but I do have a container definition with services that use Flask[1] :) I also didn't see any convincing examples of WSGI/CGI applications in Guix so I figured out a working solution by myself. Here[2] is the definition of one of my WSGI packages (which is later imported by code in [1]). My Guix code got quite complex by now. I explain the crucial parts below. 1. I packaged my Flask apps so that each of them has a valid WSGI script in the store. That's tricky because such WSGI script is going to be executed by some HTTP server (Apache in my case) which by default does not know about the extra Guix stuff that needs to be put in the GUIX_PYTHONPATH. There might be different approaches to this problem but I solved it by embedding GUIX_PYTHONPATH in the very WSGI script. Below I'm quoting the relevant part of my package definition from [2]. (arguments `(#:phases (modify-phases %standard-phases (add-after 'unpack 'replace-wsgi.py (lambda* (#:key inputs outputs #:allow-other-keys) ;; In the wsgi.py file, embed the PYTHONPATH containing both t= he ;; dependencies and the python modules of this package. This w= ill ;; make them available at runtime. (let ((pythonpath (string-append (getenv "GUIX_PYTHONPATH") ":" (site-packages inputs outputs)))) (substitute* "wsgi.py" (("^from .* import .*" import-line) (string-append "# Make Guix-installed dependencies visible to Python.\n" "import sys\n" "sys.path.extend('" pythonpath "'.split(':'))\n" "\n" import-line)))))) (add-after 'install 'install-wsgi-script (lambda* (#:key inputs outputs #:allow-other-keys) (let* ((out (assoc-ref outputs "out")) (share-dir (string-append out "/share/koszko-org-websit= e"))) (mkdir-p share-dir) (copy-file "wsgi.py" (string-append share-dir "/wsgi.py"))))= )))) 2. In the operating system (well, container...) declaration I make use of `file-append` from `(guix gexp)` to construct the WSGI script paths for use in HTTP server configuration. In a simplified setting it could look more of less like (define %my-store-file-object (file-append package "/share/koszko-org-website/wsgi.py")) 3. I ungexp such objects wherever in the configuration I need the actual WSGI script path. In [1] I used Apache and wrote my own helper functions and structures to complement its minimal configuration system that Guix provides. If (like probably most Guix users out there) you are instead using the better-supported Nginx, it should be easier and there's no need for you to look into my helper functions. If for some awkward reason you want to use Apache like I do, feel free to adapt my code from [1]. It might all be a bit overwhelming at first but once you get the grasp of gexps (described in Guix manual) it gets pretty approachable :) Feel free to ask again in case I missed some important detail. Pozderki, Wojtek [1] https://git.koszko.org/koszko-org-server/plain/container.scm [2] https://git.koszko.org/koszko-org-website/plain/guix-module-dir/koszko-= org-website.scm -- (sig_start) website: https://koszko.org/koszko.html PGP: https://koszko.org/key.gpg fingerprint: E972 7060 E3C5 637C 8A4F 4B42 4BC5 221C 5A79 FD1A =E2=99=A5 R29kIGlzIHRoZXJlIGFuZCBsb3ZlcyBtZQ=3D=3D | =C3=B7 c2luIHNlcGFyYXR= lZCBtZSBmcm9tIEhpbQ=3D=3D =E2=9C=9D YnV0IEplc3VzIGRpZWQgdG8gc2F2ZSBtZQ=3D=3D | ? U2hhbGwgSSBiZWNvbWUg= SGlzIGZyaWVuZD8=3D -- (sig_end) On Mon, 23 Jan 2023 16:48:17 +0000 Przemys=C5=82aw Kami=C5=84ski wrote: > On 23.01.2023 16:34, Giovanni Biscuolo wrote: > > Hello everybody, > >=20 > > (this is an old thread started on help-guix [1]) > >=20 > > Ludovic Court=C3=A8s writes: > > =20 > >> "Thompson, David" skribis: > >> =20 > >>> On Wed, Aug 31, 2022 at 2:40 AM Ricardo Wurmus w= rote: =20 > >>>> > >>>> Another thing that seems to be missing is a way to supervise and man= age > >>>> running containers. I use a shepherd instance for this with > >>>> container-specific actions like this: =20 > >=20 > > [...] > > =20 > >>> Hey that's a real nice starting point for a container management tool! > >>> So maybe there should be a system service to manage containers and > >>> then a 'docker compose'-like tool for declaratively specifying > >>> containers and their network bridging configuration that is a client > >>> of the service? =20 > >> > >> Agreed! We could turn Ricardo=E2=80=99s code into =E2=80=98container-= guest-service=E2=80=99 or > >> something and have =E2=80=98containerized-operating-system=E2=80=99 ad= d it > >> automatically. =20 > >=20 > > please there was some progress with this service? > >=20 > > once done, could it be possible to declaratively start a whole network > > of containers using a dedicated home-service, or > > containerized-operating-systems (also on foreign distros)? > >=20 > > right now with "guix system container" we can imperatively manage > > (start/stop, connect to the console with nsenter) and connect them > > to the network [2], Ricardo showed us how he do it programmatically; > > having a declarative interface (os-records) whould be awesome! > >=20 > > I'm very interested and willing to test it, if needed > >=20 > > thanks! Gio' > >=20 > >=20 > > [1] id:878rn4syql.fsf@elephly.net > >=20 > > [2] thank you Ricardo for the cookbook section! > > https://guix.gnu.org/en/cookbook/en/guix-cookbook.html#Guix-System-Cont= ainers > > =20 >=20 >=20 > Does anyone have a simple example of a container with PostgreSQL and=20 > some web service like Flask? I'm new to Guix and I did see the=20 > PostgreSQL example that is linked in codebook but I'm missing an example= =20 > of adding a custom service and was a bit overwhelming when I looked at=20 > the source code. >=20 > Best, > Przemek --Sig_/Fo4Ctd4XSAa_c+Zc2l+1BkE Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTpcnBg48VjfIpPS0JLxSIcWnn9GgUCY87K7wAKCRBLxSIcWnn9 GprqAP9DRe1zO4kqAkYZJdYyLtcOSCgMkWQ6GUP5lfKvVgyNpAD6AlEBnTaZFLA5 0bRuX/9bxHv3tLGl7eJeEtiKPuim3QM= =BusV -----END PGP SIGNATURE----- --Sig_/Fo4Ctd4XSAa_c+Zc2l+1BkE--