WIP: branch for OpenCANDEL

Dockerfile

@@ -0,0 +1,10 @@
+FROM openjdk:13
+MAINTAINER Mike Travers "mt@alum.mit.edu"
+
+ENV PORT 1996
+EXPOSE 1996
+
+ADD target ~/target
+WORKDIR ~/target
+
+ENTRYPOINT ["java", "-jar", "enflame-standalone.jar", "opencandel-config.edn"]

README.md

@@ -24,11 +24,11 @@ See [sample config](resources/candel-config.edn)
 
 ## To run locally from source:
 
-Copy `resources/candel-config.edn` to `deploy/candel-config.edn`, filling out as appropriate.
+Create the file `deploy/launch-config.edn` according to your needs (see the sample configs in `resources`). Then:
 
     lein launch
 
-This will compile the front-end, lauch a server, and open a browser windoe.
+This will compile the front-end, lauch the back-end, and open a browser windoe.
 
 ## Documentation generation
 

bin/build.sh

@@ -0,0 +1,39 @@
+# Build Docker image
+
+# ID of AWS Elastic Container Registry
+export ECR=733151965047.dkr.ecr.us-east-1.amazonaws.com
+
+# TODO parameterize properly
+
+export VERSION=$(git rev-parse --short HEAD)
+echo Building version $VERSION
+
+bin/build-guide.sh
+
+# get latest version of schema (TODO: is this a good idea?)
+# doesn't seem to actually work
+# git submodule update --init --recursive
+
+# TODO needs rethinking
+# Run Alzabo to build schemas
+# cd alzabo; lein with-profile prod do clean, run documentation candel "*", cljsbuild once; cd ..
+
+lein do clean, uberjar
+
+# TODO abort if lein fails, duh. 
+
+# Build Docker image
+
+docker build -t cbio .
+
+# verify
+# docker run -p 8080 cbio
+
+
+docker tag cbio:latest $ECR/cbio:latest
+
+# Upload to AWS repository
+
+aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin $ECR
+
+docker push $ECR/cbio:latest

deploy/README-devops.org

@@ -0,0 +1,65 @@
+* Scope of this document
+
+This describes the simplified CANDEL/Enflame architecture used for the public CandelBIO website.
+
+* Deployment
+
+Once App Runner is set up, pushing a new Docker image will reboot the server.
+
+[[bin/build.sh]] does all the necessary steps
+
+** Preconditions
+- Docker must be running
+- AWS cred must be in place
+- emacs available from shell
+
+
+* AWS Services
+
+These were all cobbled together by hand, I suppose the TODO is to make a CloudFormation them. See [[deploy/resources]] for more details.
+
+** Datomic Cloud
+
+Launched from AWS Console: https://docs.datomic.com/cloud/getting-started/start-system.html
+
+This resuls in creating three CloudFormation stacks, one master and two subordinates.
+
+Current master is https://us-east-1.console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/stackinfo?filteringText=&filteringStatus=active&viewNested=true&stackId=arn%3Aaws%3Acloudformation%3Aus-east-1%3A733151965047%3Astack%2FPublicCANDEL5%2F0eee3a40-b863-11ed-9e49-1270ef971d67
+
+You need to copy the ClientApiGatewayEnpoint output to Enflame's configuration. The current value is https://nazpex6ueb.execute-api.us-east-1.amazonaws.com
+
+** ECR (Container Registry)
+
+
+This holds the Docker container that App Runner uses.
+
+Current instance: https://us-east-1.console.aws.amazon.com/ecr/repositories/private/733151965047/cbio?region=us-east-1
+
+The name of the most recent image is: 733151965047.dkr.ecr.us-east-1.amazonaws.com/cbio:latest
+This needs to be supplied to the build.sh script
+
+** IAM 
+
+Service role for App Runner
+
+https://us-east-1.console.aws.amazon.com/iamv2/home?region=us-east-1#/roles/details/Enflame-OpenCANDEL?section=permissions
+
+** App Runner
+
+App Runner service has to be configured with the 
+
+
+https://us-east-1.console.aws.amazon.com/apprunner/home?region=us-east-1#/services/dashboard?service_arn=arn%3Aaws%3Aapprunner%3Aus-east-1%3A733151965047%3Aservice%2FEnflame-OpenCANDEL%2F68f5614bbe7248d2896d397b1e3b2033&active_tab=logs
+
+Service: Enflame-OpenCANDEL
+Public endpint: https://7gbxx4vxvn.us-east-1.awsapprunner.com/
+
+** DynamoDB
+
+For library storage
+
+https://us-east-1.console.aws.amazon.com/dynamodbv2/home?region=us-east-1#table?name=OpenCANDEL_EnflameLibrary
+
+
+
+** TODO storage service for library

deploy/candel-config.edn

@@ -0,0 +1,18 @@
+;;; TODO Use aero to default to resources/candel-config.edn
+{:source {:type :candel
+          :candelabra-endpoint "https://pici-prod-v1.candel.parkerici.org/"
+          :insecure-https false}
+ :schema "resources/candel-schema-1-3-1.edn"
+ :query-generator :candel-generate
+ :library {:gcs-project "pici-dev"
+           :gcs-console-url "https://console.cloud.google.com/datastore/entities;kind=EnflameItem;ns=__$DEFAULT$__;sortCol=date-created;sortDir=DESCENDING/query/kind?project=pici-dev"}
+ :rh-cards [:candel/db
+            :query
+            :candel/wick
+            :share
+            :compact                  ;debug only
+            :browser  
+            ]
+ :dev? true                             ;TODO control this somehow maybe aero/env
+ :port 1983
+ }

deploy/resources

@@ -0,0 +1,180 @@
+Note: this is a dump of relevant AWS resources (results trimmed to only include the OpenCANDEL relevax`nt ones)
+
+
+14:49:59 ~/os/enflame (opencandel) ⪢ aws apprunner list-services
+{
+    "ServiceSummaryList": [
+        {
+            "ServiceName": "Enflame-OpenCANDEL",
+            "ServiceId": "68f5614bbe7248d2896d397b1e3b2033",
+            "ServiceArn": "arn:aws:apprunner:us-east-1:733151965047:service/Enflame-OpenCANDEL/68f5614bbe7248d2896d397b1e3b2033",
+            "ServiceUrl": "7gbxx4vxvn.us-east-1.awsapprunner.com",
+            "CreatedAt": "2023-03-01T16:01:27-08:00",
+            "UpdatedAt": "2023-03-01T16:01:27-08:00",
+            "Status": "RUNNING"
+        }
+    ]
+}
+
+15:03:07 ~/os/enflame (opencandel) ⪢ aws iam list-roles
+{
+    "Roles": [
+        {
+            "Path": "/",
+            "RoleName": "Enflame-OpenCANDEL",
+            "RoleId": "AROA2VM2DF53ZHMLN5XGO",
+            "Arn": "arn:aws:iam::733151965047:role/Enflame-OpenCANDEL",
+            "CreateDate": "2023-03-02T00:58:08+00:00",
+            "AssumeRolePolicyDocument": {
+                "Version": "2012-10-17",
+                "Statement": [
+                    {
+                        "Effect": "Allow",
+                        "Principal": {
+                            "Service": "ec2.amazonaws.com"
+                        },
+                        "Action": "sts:AssumeRole"
+                    },
+                    {
+                        "Effect": "Allow",
+                        "Principal": {
+                            "Service": "tasks.apprunner.amazonaws.com"
+                        },
+                        "Action": "sts:AssumeRole"
+                    }
+                ]
+            },
+            "Description": "Role for Enflame OpenCANDEL server",
+            "MaxSessionDuration": 3600
+        }
+    ]
+}
+
+
+
+18:23:09 ~/os/enflame (opencandel) ⪢ aws iam list-role-policies --role-name "Enflame-OpenCANDEL"
+{
+    "PolicyNames": [
+        "OpenCANDEL_Enflame_Library"
+    ]
+}
+
+
+
+18:22:49 ~/os/enflame (opencandel) ⪢ aws iam get-role-policy --role-name "Enflame-OpenCANDEL" --policy-name "OpenCANDEL_Enflame_Library"
+{
+    "RoleName": "Enflame-OpenCANDEL",
+    "PolicyName": "OpenCANDEL_Enflame_Library",
+    "PolicyDocument": {
+        "Version": "2012-10-17",
+        "Statement": [
+            {
+                "Sid": "VisualEditor0",
+                "Effect": "Allow",
+                "Action": [
+                    "dynamodb:PutItem",
+                    "dynamodb:GetItem",
+                    "dynamodb:Scan",
+                    "dynamodb:Query",
+                    "dynamodb:UpdateItem"
+                ],
+                "Resource": "arn:aws:dynamodb:us-east-1:733151965047:table/OpenCANDEL_EnflameLibrary"
+            }
+        ]
+    }
+}
+
+
+
+14:52:19 ~/os/enflame (opencandel) ⪢ aws ecr describe-repositories
+{
+    "repositories": [
+
+        {
+            "repositoryArn": "arn:aws:ecr:us-east-1:733151965047:repository/cbio",
+            "registryId": "733151965047",
+            "repositoryName": "cbio",
+            "repositoryUri": "733151965047.dkr.ecr.us-east-1.amazonaws.com/cbio",
+            "createdAt": "2023-03-01T13:32:19-08:00",
+            "imageTagMutability": "MUTABLE",
+            "imageScanningConfiguration": {
+                "scanOnPush": false
+            },
+            "encryptionConfiguration": {
+                "encryptionType": "AES256"
+            }
+        }
+    ]
+}
+
+
+14:50:11 ~/os/enflame (opencandel) ⪢ aws cloudformation list-stacks
+{
+    "StackSummaries": [
+        {
+            "StackId": "arn:aws:cloudformation:us-east-1:733151965047:stack/PublicCANDEL5-Compute-93S9RT2L5TUI/bbcf46f0-b863-11ed-932d-0ab2700ca4cf",
+            "StackName": "PublicCANDEL5-Compute-93S9RT2L5TUI",
+            "TemplateDescription": "Creates compute resources needed to run Datomic.",
+            "CreationTime": "2023-03-01T19:03:21.404000+00:00",
+            "StackStatus": "CREATE_COMPLETE",
+            "ParentId": "arn:aws:cloudformation:us-east-1:733151965047:stack/PublicCANDEL5/0eee3a40-b863-11ed-9e49-1270ef971d67",
+            "RootId": "arn:aws:cloudformation:us-east-1:733151965047:stack/PublicCANDEL5/0eee3a40-b863-11ed-9e49-1270ef971d67",
+            "DriftInformation": {
+                "StackDriftStatus": "NOT_CHECKED"
+            }
+        },
+        {
+            "StackId": "arn:aws:cloudformation:us-east-1:733151965047:stack/PublicCANDEL5-StorageF7F305E7-UD47ELG33U9Z/134d9cc0-b863-11ed-b08e-128bb3d0467b",
+            "StackName": "PublicCANDEL5-StorageF7F305E7-UD47ELG33U9Z",
+            "TemplateDescription": "Creates storage resources needed to run Datomic.",
+            "CreationTime": "2023-03-01T18:58:38.643000+00:00",
+            "StackStatus": "CREATE_COMPLETE",
+            "ParentId": "arn:aws:cloudformation:us-east-1:733151965047:stack/PublicCANDEL5/0eee3a40-b863-11ed-9e49-1270ef971d67",
+            "RootId": "arn:aws:cloudformation:us-east-1:733151965047:stack/PublicCANDEL5/0eee3a40-b863-11ed-9e49-1270ef971d67",
+            "DriftInformation": {
+                "StackDriftStatus": "NOT_CHECKED"
+            }
+        },
+        {
+            "StackId": "arn:aws:cloudformation:us-east-1:733151965047:stack/PublicCANDEL5/0eee3a40-b863-11ed-9e49-1270ef971d67",
+            "StackName": "PublicCANDEL5",
+            "TemplateDescription": "Creates resources needed to run Datomic. The stack name is the name of the Datomic system.",
+            "CreationTime": "2023-03-01T18:58:31.189000+00:00",
+            "StackStatus": "CREATE_COMPLETE",
+            "DriftInformation": {
+                "StackDriftStatus": "NOT_CHECKED"
+            }
+        },
+
+    ]
+}
+
+20:25:31 ~/os/enflame (opencandel) ⪢ aws dynamodb describe-table --table-name "OpenCANDEL_EnflameLibrary"
+{
+    "Table": {
+        "AttributeDefinitions": [
+            {
+                "AttributeName": "entityId",
+                "AttributeType": "S"
+            }
+        ],
+        "TableName": "OpenCANDEL_EnflameLibrary",
+        "KeySchema": [
+            {
+                "AttributeName": "entityId",
+                "KeyType": "HASH"
+            }
+        ],
+        "TableStatus": "ACTIVE",
+        "CreationDateTime": "2023-03-09T09:57:35.493000-08:00",
+        "ProvisionedThroughput": {
+            "NumberOfDecreasesToday": 0,
+            "ReadCapacityUnits": 1,
+            "WriteCapacityUnits": 1
+        },
+        "TableSizeBytes": 57488,
+        "ItemCount": 3,
+        "TableArn": "arn:aws:dynamodb:us-east-1:733151965047:table/OpenCANDEL_EnflameLibrary",
+        "TableId": "f29723c1-b287-48da-8c8b-6739caaed63e"
+    }
+}