This directory contains the server component of the analysis runner, which is deployed as a Cloud Run container.
It uses aiohttp
instead of flask
because Hail Batch's async event queue
doesn't mix well with flask
's threads.
Each dataset / storage stack has its own permissions groups, which are checked through a single analysis-runner instance.
Deployment happens continuously using the hail_update
workflow.
Hail service account tokens need to be copied to a Secret Manager secret separately, after the stacks have been set up.
The Cloud Run HTTPS deployment endpoint is hardcoded in the CLI tool.
See Testing the Container Image Locally for details.
Download a JSON key for the analysis-runner-server
service account. Store the file name in the $GSA_KEY_FILE
environment variable. Then run:
docker build -t analysis-runner-server .
docker run -it -p 8080:8080 -v $GSA_KEY_FILE:/gsa-key/key.json -e GOOGLE_APPLICATION_CREDENTIALS=/gsa-key/key.json -e DRIVER_IMAGE=$DRIVER_IMAGE analysis-runner-server
This will start a server that listens locally on port 8080.
From another terminal, send a request like this, replacing the JSON parameters accordingly.
TOKEN=$(gcloud auth print-identity-token) curl -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type:application/json" -d '{"output": "gs://test-bucket/test", "dataset": "fewgenomes", "accessLevel": "test", "repo": "hail-batch-test", "commit": "0fa3abfe59692618578c4e1551b2a9357566d2ad", "script": ["main.py"], "description": "test"}' localhost:8080