├── host_vars
├── all.yml
├── nc.hx42.org.yml
├── build.galaxyproject.eu.yml
├── sentry.denbi.uni-freiburg.de.yml
└── sn06.galaxyproject.eu.yml
├── templates
├── encoder
│ ├── .gitignore
│ ├── hosts
│ ├── macros
│ │ └── logstash_encode_macro.erb
│ ├── templates
│ │ ├── test.json.j2
│ │ ├── test.json.erb
│ │ ├── test.ini.j2
│ │ ├── test.toml.j2
│ │ ├── test.yaml.j2
│ │ ├── test.apache.j2
│ │ ├── test.erlang.j2
│ │ ├── test.logstash.j2
│ │ ├── test.ini_simple.j2
│ │ ├── test.xml.j2
│ │ ├── test.ini.erb
│ │ ├── test.toml.erb
│ │ ├── test.yaml.erb
│ │ ├── test.apache.erb
│ │ ├── test.erlang.erb
│ │ ├── test.ini_simple.erb
│ │ ├── test.logstash.erb
│ │ └── test.xml.erb
│ ├── hiera.yaml
│ ├── vars
│ │ ├── ini_test.yaml
│ │ ├── json_test.yaml
│ │ ├── yaml_test.yaml
│ │ ├── xml_test.yaml
│ │ ├── erlang_test.yaml
│ │ └── toml_test.yaml
│ └── puppet_apply.sh
├── galaxy
│ ├── webhooks
│ │ └── toolmsg_24.2
│ │ │ ├── styles.css.j2
│ │ │ ├── GALAXY_VERSION
│ │ │ └── config.yml.j2
│ └── config
│ │ ├── nagios_tool_conf.xml
│ │ ├── pulsar_app.yml
│ │ ├── vault_conf.yml.j2
│ │ ├── galaxy_workflow_scheduler.j2
│ │ ├── grt.yml.j2
│ │ ├── object_store_templates.yml.j2
│ │ ├── user_filters.py.j2
│ │ ├── build_sites.yml.j2
│ │ └── welcome.html
├── galaxy-test
│ └── config
│ │ ├── nagios_tool_conf.xml
│ │ ├── pulsar_app.yml
│ │ ├── galaxy_workflow_scheduler.j2
│ │ ├── oidc_backends_config.xml
│ │ ├── grt.yml.j2
│ │ ├── build_sites.yml.j2
│ │ ├── user_filters.py.j2
│ │ └── welcome.html
└── nginx
│ ├── docker.j2
│ ├── influxdb-ssl.j2
│ ├── grafana.j2
│ ├── influxdb.j2
│ ├── mq-ssl.j2
│ ├── telescope-ssl.j2
│ ├── redirect-ssl.j2
│ ├── telescope.j2
│ ├── proxy-ssl.j2
│ ├── build.j2
│ ├── proxy.j2
│ ├── ftp.j2
│ └── galaxy-test-proxy.j2
├── roles
├── jasonroyle.rabbitmq
│ ├── .gitmodules
│ ├── templates
│ │ ├── config-encoder-macros
│ │ │ ├── .gitignore
│ │ │ ├── hosts
│ │ │ ├── macros
│ │ │ │ └── logstash_encode_macro.erb
│ │ │ ├── templates
│ │ │ │ ├── test.json.j2
│ │ │ │ ├── test.json.erb
│ │ │ │ ├── test.ini.j2
│ │ │ │ ├── test.toml.j2
│ │ │ │ ├── test.yaml.j2
│ │ │ │ ├── test.apache.j2
│ │ │ │ ├── test.erlang.j2
│ │ │ │ ├── test.logstash.j2
│ │ │ │ ├── test.ini_simple.j2
│ │ │ │ ├── test.xml.j2
│ │ │ │ ├── test.ini.erb
│ │ │ │ ├── test.toml.erb
│ │ │ │ ├── test.yaml.erb
│ │ │ │ ├── test.apache.erb
│ │ │ │ ├── test.erlang.erb
│ │ │ │ ├── test.ini_simple.erb
│ │ │ │ ├── test.logstash.erb
│ │ │ │ └── test.xml.erb
│ │ │ ├── hiera.yaml
│ │ │ ├── vars
│ │ │ │ ├── ini_test.yaml
│ │ │ │ ├── json_test.yaml
│ │ │ │ ├── yaml_test.yaml
│ │ │ │ ├── xml_test.yaml
│ │ │ │ ├── erlang_test.yaml
│ │ │ │ └── toml_test.yaml
│ │ │ └── puppet_apply.sh
│ │ ├── erlang.cookie.j2
│ │ └── rabbitmq.config.j2
│ ├── tasks
│ │ ├── main.yml
│ │ ├── configure.yml
│ │ ├── vhosts.yml
│ │ ├── cluster.yml
│ │ ├── configure-cluster.yml
│ │ ├── RedHat
│ │ │ └── install.yml
│ │ ├── rabbitmq.yml
│ │ ├── users.yml
│ │ └── plugins.yml
│ ├── meta
│ │ ├── .galaxy_install_info
│ │ └── main.yml
│ ├── vars
│ │ └── main.yml
│ └── defaults
│ │ └── main.yml
├── usegalaxy-eu.gapars-galaxy
│ ├── README.md
│ ├── templates
│ │ ├── sudoers.j2
│ │ ├── run.sh
│ │ └── service
│ ├── handlers
│ │ └── main.yml
│ └── defaults
│ │ └── main.yml
├── devops.tomcat7
│ ├── tests
│ │ ├── inventory
│ │ ├── test.yml
│ │ └── centos-7-test.yml
│ ├── ansible.cfg
│ ├── vars
│ │ ├── main.yml
│ │ ├── Debian.yml
│ │ └── RedHat.yml
│ ├── meta
│ │ ├── .galaxy_install_info
│ │ └── main.yml
│ ├── handlers
│ │ └── main.yml
│ ├── tasks
│ │ ├── setup-Debian.yml
│ │ ├── setup-RedHat.yml
│ │ ├── main.yml
│ │ └── configure.yml
│ └── defaults
│ │ └── main.yml
├── linuxhq.yum_cron
│ ├── tests
│ │ ├── inventory
│ │ └── test.yml
│ ├── meta
│ │ ├── .galaxy_install_info
│ │ └── main.yml
│ ├── handlers
│ │ └── main.yml
│ ├── .travis.yml
│ ├── templates
│ │ ├── yum-cron.conf.j2
│ │ └── yum-cron-hourly.conf.j2
│ └── tasks
│ │ └── main.yml
├── galaxyprojectdotorg.proftpd
│ ├── tests
│ │ ├── inventory
│ │ └── test.yml
│ ├── vars
│ │ ├── main.yml
│ │ ├── debian.yml
│ │ └── redhat.yml
│ ├── templates
│ │ ├── server.conf.j2
│ │ ├── global.conf.j2
│ │ └── virtualhost.conf.j2
│ ├── handlers
│ │ └── main.yml
│ ├── tasks
│ │ ├── debian.yml
│ │ └── redhat.yml
│ ├── defaults
│ │ └── main.yml
│ ├── meta
│ │ └── main.yml
│ └── .travis.yml
├── geerlingguy.haproxy
│ ├── .gitignore
│ ├── meta
│ │ ├── .galaxy_install_info
│ │ └── main.yml
│ ├── handlers
│ │ └── main.yml
│ ├── tests
│ │ ├── test.yml
│ │ └── README.md
│ ├── .travis.yml
│ └── defaults
│ │ └── main.yml
├── geerlingguy.nginx
│ ├── .gitignore
│ ├── meta
│ │ ├── .galaxy_install_info
│ │ └── main.yml
│ ├── tasks
│ │ ├── setup-Archlinux.yml
│ │ ├── setup-OpenBSD.yml
│ │ ├── setup-Debian.yml
│ │ ├── setup-FreeBSD.yml
│ │ ├── setup-Ubuntu.yml
│ │ └── setup-RedHat.yml
│ ├── templates
│ │ └── nginx.repo.j2
│ ├── handlers
│ │ └── main.yml
│ ├── vars
│ │ ├── RedHat.yml
│ │ ├── Archlinux.yml
│ │ ├── Debian.yml
│ │ ├── OpenBSD.yml
│ │ └── FreeBSD.yml
│ ├── tests
│ │ ├── test.yml
│ │ └── README.md
│ └── .travis.yml
├── usegalaxy-eu.remap-user
│ ├── defaults
│ │ └── main.yml
│ └── tasks
│ │ └── main.yml
├── hxr.autofs
│ ├── files
│ │ ├── auto.vdb
│ │ └── auto.opt
│ ├── templates
│ │ ├── data.conf.j2
│ │ ├── usrlocal.conf.j2
│ │ ├── discontinued.conf.j2
│ │ ├── vols.conf.j2
│ │ └── data.autofs.j2
│ └── handlers
│ │ └── main.yml
├── hxr.docker-ssl-client
│ ├── files
│ │ ├── ca.pem
│ │ ├── cert.pem
│ │ └── key.pem
│ └── tasks
│ │ └── main.yml
├── usegalaxy-eu.rsync-to-nfs
│ └── defaults
│ │ └── main.yml
├── multinic
│ ├── files
│ │ ├── fix-network.sh
│ │ ├── route-eth1
│ │ ├── rt_tables
│ │ ├── fix-network.service
│ │ ├── ifcfg-eth0
│ │ └── ifcfg-eth1
│ └── templates
│ │ └── rule-eth1.j2
├── hostname
│ └── tasks
│ │ └── main.yml
├── hxr.sentry
│ ├── templates
│ │ ├── requirements.txt.j2
│ │ ├── Dockerfile.j2
│ │ └── config.yaml.j2
│ └── defaults
│ │ └── main.yml
├── hxr.simple-nagios
│ ├── templates
│ │ ├── ftp-creds.txt
│ │ ├── gx-api-creds.json
│ │ └── simple-nagios.sh
│ ├── defaults
│ │ └── main.yml
│ └── files
│ │ └── simple-ssl-check.sh
├── usegalaxy-eu.plausible
│ ├── defaults
│ │ └── main.yml
│ ├── templates
│ │ ├── plausible-mail.j2
│ │ └── plausible.j2
│ └── tasks
│ │ └── main.yml
├── hxr.apollo
│ ├── handlers
│ │ └── main.yml
│ └── defaults
│ │ └── main.yml
├── usegalaxy-eu.monitoring
│ └── tasks
│ │ ├── main.yml
│ │ └── nfsstat.yml
├── htcondor
│ ├── handlers
│ │ └── main.yml
│ └── defaults
│ │ └── main.yml
├── pgs
│ ├── defaults
│ │ └── main.yml
│ └── templates
│ │ └── script.sh.j2
├── sentry
│ └── templates
│ │ └── Dockerfile.j2
├── hxr.monitor-squid
│ ├── files
│ │ └── parse_squid.sh
│ └── tasks
│ │ └── main.yml
├── hxr.monitor-cluster
│ ├── defaults
│ │ └── main.yml
│ ├── files
│ │ ├── cluster_queue-sge.sh
│ │ ├── cluster_queue-slurm.sh
│ │ ├── cluster_queue-condor.sh
│ │ └── cluster_util-sge.sh
│ └── tasks
│ │ ├── main.yml
│ │ └── slurm.yml
├── usegalaxy-eu.tours
│ ├── defaults
│ │ └── main.yml
│ └── tasks
│ │ └── main.yml
├── hxr.install-to-venv
│ └── tasks
│ │ └── main.yml
├── usegalaxy-eu.galactic-radio-telescope
│ ├── files
│ │ └── grt.png
│ ├── templates
│ │ ├── run.sh
│ │ ├── env.sh
│ │ ├── grt.service
│ │ ├── uwsgi.yml
│ │ └── export-to-influx.sh
│ ├── handlers
│ │ └── main.yml
│ ├── tasks
│ │ ├── dependencies.yml
│ │ ├── account.yml
│ │ ├── systemd.yml
│ │ ├── django.yml
│ │ ├── main.yml
│ │ ├── config.yml
│ │ ├── cron.yml
│ │ └── user.yml
│ └── defaults
│ │ └── main.yml
├── usegalaxy-eu.remove-orphan-condor-jobs
│ └── defaults
│ │ └── main.yml
├── hxr.api-check
│ ├── defaults
│ │ └── main.yml
│ ├── tasks
│ │ └── main.yml
│ └── templates
│ │ └── http-api-check.sh
├── docker
│ ├── handlers
│ │ └── main.yml
│ └── defaults
│ │ └── main.yml
├── hxr.galaxy-log-dir
│ └── tasks
│ │ └── main.yml
├── hxr.monitor-email
│ ├── files
│ │ └── main.sh
│ └── tasks
│ │ └── main.yml
├── hxr.exclude-repo
│ └── tasks
│ │ └── main.yml
├── usegalaxy-eu.logrotate
│ ├── tasks
│ │ └── main.yml
│ └── defaults
│ │ └── main.yml
├── hxr.galaxy-nonreproducible-tools
│ └── tasks
│ │ └── main.yml
├── usegalaxy-eu.vgcn-monitoring
│ ├── handlers
│ │ └── main.yml
│ ├── templates
│ │ └── vgcn_monitoring.conf.j2
│ ├── meta
│ │ └── main.yml
│ ├── defaults
│ │ └── main.yml
│ └── tasks
│ │ └── main.yml
├── usegalaxy-eu.log-cleaner
│ └── tasks
│ │ └── main.yml
├── hxr.docker-ssl
│ ├── templates
│ │ └── docker-env.conf
│ └── defaults
│ │ └── main.yml
├── hxr.galaxy-echo-tool
│ ├── templates
│ │ ├── nagios_tool_conf.xml
│ │ └── echo.xml
│ ├── defaults
│ │ └── main.yml
│ └── tasks
│ │ └── main.yml
├── hxr.grafana-gitter-bridge
│ ├── templates
│ │ ├── sudoers.j2
│ │ ├── run.sh
│ │ └── ggb.service
│ ├── handlers
│ │ └── main.yml
│ ├── defaults
│ │ └── main.yml
│ └── README.md
├── multinic-old
│ ├── files
│ │ ├── fix-network.service
│ │ ├── fix-network.sh
│ │ ├── ifcfg-eth0
│ │ └── ifcfg-eth1
│ └── tasks
│ │ └── main.yml
├── usegalaxy-eu.webhooks
│ ├── defaults
│ │ └── main.yml
│ └── tasks
│ │ └── main.yml
├── usegalaxy-eu.bashrc
│ ├── defaults
│ │ └── main.yml
│ └── tasks
│ │ └── main.yml
├── usegalaxy-eu.gie-node-proxy
│ ├── handlers
│ │ └── main.yml
│ ├── templates
│ │ └── galaxy-gie-proxy.service.j2
│ └── tasks
│ │ └── main.yml
├── hxr.autofs-format-n-mount
│ ├── tasks
│ │ └── main.yml
│ └── files
│ │ └── formatter.sh
├── hxr.gx-cookie-proxy
│ ├── templates
│ │ └── env
│ └── files
│ │ └── gx-cookie-proxy.service
├── usegalaxy-eu.galaxy-procstat
│ └── tasks
│ │ └── main.yml
├── hxr.admin-tools
│ ├── tasks
│ │ └── main.yml
│ └── defaults
│ │ └── main.yml
├── hxr.postgres-connection
│ ├── defaults
│ │ └── main.yml
│ └── tasks
│ │ ├── main.yml
│ │ └── postgres_tasks.yml
├── matterircd
│ └── tasks
│ │ └── main.yml
├── usegalaxy-eu.error-pages
│ ├── tasks
│ │ └── main.yml
│ └── files
│ │ ├── 404.html
│ │ ├── 502.html
│ │ ├── 503.html
│ │ └── 504.html
├── hxr.monitor-galaxy
│ ├── files
│ │ ├── galaxy_job_queue_states.sh
│ │ ├── galaxy_tool_usage.sh
│ │ └── galaxy_jobs_per_handler.sh
│ └── tasks
│ │ └── main.yml
├── usegalaxy-eu.jenkins-ssh-key
│ └── tasks
│ │ └── main.yml
├── hxr.dns
│ └── templates
│ │ └── refresh.sh
├── ssh-host-resign
│ ├── files
│ │ └── server_ca.pub
│ └── tasks
│ │ └── main.yml
├── ssh-host-sign
│ └── files
│ │ └── server_ca.pub
├── hxr.galaxy-cron
│ └── tasks
│ │ └── main.yml
├── hxr.zfs-monit
│ └── files
│ │ └── monitor.sh
├── usegalaxy-eu.fix-stuck-handlers
│ ├── tasks
│ │ └── main.yml
│ └── defaults
│ │ └── main.yml
├── kysrpex.systemd_nspawn
│ ├── defaults
│ │ └── main.yml
│ └── meta
│ │ └── main.yml
├── usegalaxy-eu.galaxy-cleanup
│ └── tasks
│ │ └── main.yml
├── usegalaxy-eu.google-verification
│ └── tasks
│ │ └── main.yml
├── hxr.haproxy-error-pages
│ └── tasks
│ │ └── main.yml
├── usegalaxy-eu.fix-missing-api-keys
│ └── tasks
│ │ └── main.yml
├── usegalaxy-eu.galaxy-slurp
│ └── templates
│ │ ├── galaxy-slurp.j2
│ │ └── galaxy-slurp-upto.j2
├── hxr.monitor-ssl
│ ├── files
│ │ └── simple-ssl-check.sh
│ └── tasks
│ │ └── main.yml
├── usegalaxy-eu.fix-oidc
│ └── tasks
│ │ └── main.yml
├── hxr.replace-galaxy-user
│ └── tasks
│ │ └── main.yml
├── usegalaxy-eu.grt-client
│ ├── templates
│ │ ├── grt-upload.sh
│ │ └── grt-export.sh
│ └── tasks
│ │ └── main.yml
├── hxr.monitor-galaxy-queue
│ └── tasks
│ │ └── main.yml
├── usegalaxy-eu.fix-ancient-ftp-data
│ ├── templates
│ │ └── fix-ftp.sh.j2
│ └── tasks
│ │ └── main.yml
├── usegalaxy-eu.grt-export
│ └── tasks
│ │ └── main.yml
├── hxr.monitor-cvmfs
│ └── tasks
│ │ └── main.yml
├── hxr.aws-cli
│ └── tasks
│ │ └── main.yml
├── usegalaxy-eu.fix-unscheduled-jobs
│ └── tasks
│ │ └── main.yml
├── usegalaxy-eu.fix-failing-to-fail-jobs
│ └── tasks
│ │ └── main.yml
└── usegalaxy-eu.fix-galaxy-server-dir
│ └── tasks
│ └── main.yml
├── group_vars
├── hicbrowser.yml
├── dnbd3proxy
│ └── vars.yml
├── htcondor-manager.yml
├── job-working-dir.yml
├── proxy.yml
├── cron-test.yml
├── dnbd3primary
│ └── vars.yml
├── beacon
│ └── vars.yml
├── htcondor-submit.yml
├── htcondor
│ └── vault.yml
├── dnbd3
│ └── vars.yml
└── toolbox.yml
├── files
├── galaxy-test
│ ├── tpv
│ │ ├── users.yml
│ │ └── roles.yml
│ └── config
│ │ ├── data_manager_conf.xml
│ │ ├── external_service_types_conf.xml
│ │ ├── job_resource_params_conf.xml
│ │ ├── tool_sheds_conf.xml
│ │ ├── echo_main_env.xml
│ │ └── object_store_conf.xml
├── galaxy
│ ├── config
│ │ ├── data_manager_conf.xml
│ │ ├── job_metrics_conf.yml
│ │ ├── themes
│ │ │ ├── plants.yml
│ │ │ ├── imaging.yml
│ │ │ ├── annotation.yml
│ │ │ ├── hicexplorer.yml
│ │ │ ├── virology.yml
│ │ │ └── assembly.yml
│ │ ├── external_service_types_conf.xml
│ │ ├── job_resource_params_conf.xml
│ │ ├── tool_sheds_conf.xml
│ │ ├── nginx_gunicorn_selinux.te
│ │ └── echo_main_env.xml
│ ├── subdomains
│ │ ├── annotation
│ │ │ └── static
│ │ │ │ └── dist
│ │ │ │ └── annotation.png
│ │ └── hicexplorer
│ │ │ └── static
│ │ │ └── dist
│ │ │ └── hicexplorer.png
│ └── tpv
│ │ ├── roles.yml
│ │ └── users.yml
└── traefik
│ └── rules
│ ├── mq-service.yml
│ ├── mq-router.yml
│ ├── usegalaxy-eu-service.yml
│ └── usegalaxy-eu-router.yml
├── .github
├── requirements-python-lint.txt
└── workflows
│ └── ci.yml
├── .gitmodules
├── requirements.txt
├── .gitattributes
├── resign-keys.yml
├── sync-to-nfs.yml
├── .git-blame-ignore-revs
├── ansible.cfg
├── .flake8
├── .yamllint
├── one-off
├── hicbrowser.yml
├── ssds1.yml
├── job-working-dir.yml
├── denbi-stratum0.yml
└── cvmfs-stratum0.yml
├── pyproject.toml
├── telescope.yml
├── plausible.yml
├── secret_group_vars
└── ftp.yml
├── bin
└── clean-deps.sh
└── beacon.yml
/host_vars/all.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
--------------------------------------------------------------------------------
/templates/encoder/.gitignore:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/.gitmodules:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.gapars-galaxy/README.md:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/host_vars/nc.hx42.org.yml:
--------------------------------------------------------------------------------
1 | ---
2 | dc: do-nyc1
3 |
--------------------------------------------------------------------------------
/roles/devops.tomcat7/tests/inventory:
--------------------------------------------------------------------------------
1 | localhost
2 |
--------------------------------------------------------------------------------
/roles/linuxhq.yum_cron/tests/inventory:
--------------------------------------------------------------------------------
1 | localhost
2 |
--------------------------------------------------------------------------------
/templates/galaxy/webhooks/toolmsg_24.2/styles.css.j2:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/roles/galaxyprojectdotorg.proftpd/tests/inventory:
--------------------------------------------------------------------------------
1 | localhost
--------------------------------------------------------------------------------
/roles/devops.tomcat7/ansible.cfg:
--------------------------------------------------------------------------------
1 | [defaults]
2 | roles_path = ../
3 |
--------------------------------------------------------------------------------
/roles/geerlingguy.haproxy/.gitignore:
--------------------------------------------------------------------------------
1 | *.retry
2 | tests/test.sh
3 |
--------------------------------------------------------------------------------
/roles/geerlingguy.nginx/.gitignore:
--------------------------------------------------------------------------------
1 | *.retry
2 | tests/test.sh
3 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/templates/config-encoder-macros/.gitignore:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.remap-user/defaults/main.yml:
--------------------------------------------------------------------------------
1 | debug: False
2 |
--------------------------------------------------------------------------------
/roles/hxr.autofs/files/auto.vdb:
--------------------------------------------------------------------------------
1 | vol -fstype=ext4 :/dev/vdb
2 |
--------------------------------------------------------------------------------
/roles/hxr.docker-ssl-client/files/ca.pem:
--------------------------------------------------------------------------------
1 | ../../hxr.docker-ssl/files/ca.pem
--------------------------------------------------------------------------------
/templates/galaxy/webhooks/toolmsg_24.2/GALAXY_VERSION:
--------------------------------------------------------------------------------
1 | galaxy >= 24.2
2 |
--------------------------------------------------------------------------------
/group_vars/hicbrowser.yml:
--------------------------------------------------------------------------------
1 | ---
2 | usegalaxy_eu_autofs_mounts:
3 | - vdb
4 |
--------------------------------------------------------------------------------
/roles/hxr.docker-ssl-client/files/cert.pem:
--------------------------------------------------------------------------------
1 | ../../hxr.docker-ssl/files/cert.pem
--------------------------------------------------------------------------------
/roles/hxr.docker-ssl-client/files/key.pem:
--------------------------------------------------------------------------------
1 | ../../hxr.docker-ssl/files/key.pem
--------------------------------------------------------------------------------
/roles/devops.tomcat7/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # vars file for ansible-role-tomcat7
3 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/templates/erlang.cookie.j2:
--------------------------------------------------------------------------------
1 | {{ rabbitmq_erlang_cookie }}
2 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.rsync-to-nfs/defaults/main.yml:
--------------------------------------------------------------------------------
1 | execute_galaxy_sync_to_nfs: false
2 |
--------------------------------------------------------------------------------
/files/galaxy-test/tpv/users.yml:
--------------------------------------------------------------------------------
1 | ---
2 | users:
3 | kuntzm@informatik.uni-freiburg.de:
4 |
--------------------------------------------------------------------------------
/host_vars/build.galaxyproject.eu.yml:
--------------------------------------------------------------------------------
1 | ---
2 | htcondor_network_interface: ens802f0.223
3 |
--------------------------------------------------------------------------------
/.github/requirements-python-lint.txt:
--------------------------------------------------------------------------------
1 | isort~=5.0
2 | flake8~=6.0
3 | flake8-docstrings~=1.0
4 |
--------------------------------------------------------------------------------
/group_vars/dnbd3proxy/vars.yml:
--------------------------------------------------------------------------------
1 | ---
2 | dnbd3_is_proxy: true
3 | dnbd3_base_path: "/mnt/dnbd3"
4 |
--------------------------------------------------------------------------------
/roles/galaxyprojectdotorg.proftpd/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # vars file for galaxyprojectdotorg.proftpd
3 |
--------------------------------------------------------------------------------
/.gitmodules:
--------------------------------------------------------------------------------
1 | [submodule "mounts"]
2 | path = mounts
3 | url = https://github.com/usegalaxy-eu/mounts
4 |
--------------------------------------------------------------------------------
/files/galaxy/config/data_manager_conf.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - include: rabbitmq.yml
3 | tags:
4 | - rabbitmq
5 |
--------------------------------------------------------------------------------
/templates/encoder/hosts:
--------------------------------------------------------------------------------
1 | localhost ansible_python_interpreter=/usr/bin/python2 ansible_connection=local
2 |
--------------------------------------------------------------------------------
/files/galaxy-test/config/data_manager_conf.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/roles/devops.tomcat7/meta/.galaxy_install_info:
--------------------------------------------------------------------------------
1 | {install_date: 'Tue Feb 27 10:06:12 2018', version: 1.0.0}
2 |
--------------------------------------------------------------------------------
/roles/devops.tomcat7/vars/Debian.yml:
--------------------------------------------------------------------------------
1 | ---
2 | tomcat7_conf_dir: "/etc/tomcat7"
3 | tomcat7_service: "tomcat7"
4 |
--------------------------------------------------------------------------------
/roles/geerlingguy.nginx/meta/.galaxy_install_info:
--------------------------------------------------------------------------------
1 | {install_date: 'Mon Feb 12 17:26:22 2018', version: 2.5.0}
2 |
--------------------------------------------------------------------------------
/roles/linuxhq.yum_cron/meta/.galaxy_install_info:
--------------------------------------------------------------------------------
1 | {install_date: 'Wed Nov 7 14:28:46 2018', version: master}
2 |
--------------------------------------------------------------------------------
/roles/multinic/files/fix-network.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | ip route del 10.5.68.0/24 2>>/dev/null || true
3 |
--------------------------------------------------------------------------------
/templates/galaxy/webhooks/toolmsg_24.2/config.yml.j2:
--------------------------------------------------------------------------------
1 | id: toolmsg
2 | type:
3 | - onload
4 | activate: true
5 |
--------------------------------------------------------------------------------
/roles/geerlingguy.haproxy/meta/.galaxy_install_info:
--------------------------------------------------------------------------------
1 | {install_date: 'Thu Nov 23 14:44:09 2017', version: 1.1.1}
2 |
--------------------------------------------------------------------------------
/roles/hostname/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - hostname:
3 | name: "{{ hostname }}"
4 | #notify: 'Restart Telegraf'
5 |
--------------------------------------------------------------------------------
/roles/hxr.sentry/templates/requirements.txt.j2:
--------------------------------------------------------------------------------
1 | https://github.com/getsentry/sentry-auth-github/archive/master.zip
2 |
--------------------------------------------------------------------------------
/roles/hxr.simple-nagios/templates/ftp-creds.txt:
--------------------------------------------------------------------------------
1 | {{ galaxy_test_user.username }} {{ galaxy_test_user.password }}
2 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/meta/.galaxy_install_info:
--------------------------------------------------------------------------------
1 | {install_date: 'Mon Jun 11 12:29:54 2018', version: 0.0.4}
2 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.plausible/defaults/main.yml:
--------------------------------------------------------------------------------
1 | plausible_dir: /data/plausible
2 | plausible_lock_register: false
3 |
--------------------------------------------------------------------------------
/group_vars/htcondor-manager.yml:
--------------------------------------------------------------------------------
1 | # Configure the HTCondor central manager node.
2 | ---
3 | htcondor_role_manager: true
4 |
--------------------------------------------------------------------------------
/roles/geerlingguy.haproxy/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: restart haproxy
3 | service: name=haproxy state=restarted
4 |
--------------------------------------------------------------------------------
/roles/hxr.apollo/handlers/main.yml:
--------------------------------------------------------------------------------
1 | - name: restart tomcat
2 | service:
3 | name: tomcat
4 | state: restarted
5 |
--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | ansible-core==2.15.9
2 | boto==2.49.0
3 | jmespath>=0.9.0,<2 # (grafana.grafana.grafana)
4 | docker>=5.0.0
5 |
--------------------------------------------------------------------------------
/.gitattributes:
--------------------------------------------------------------------------------
1 | secret_group_vars/*.yml diff=ansible-vault merge=binary
2 | secret_host_vars/*.yml diff=ansible-vault merge=binary
3 |
--------------------------------------------------------------------------------
/roles/devops.tomcat7/vars/RedHat.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # vars file for RedHat
3 | tomcat7_conf_dir: "/etc/tomcat"
4 | tomcat7_service: "tomcat"
5 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.monitoring/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - include_tasks: nfsstat.yml
3 | - include_tasks: network_disks_access_time.yml
4 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | rabbitmq_nodename: "rabbit@{{ ansible_hostname }}"
3 |
4 | rabbitmq_plugins_enabled: []
5 |
--------------------------------------------------------------------------------
/roles/htcondor/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: reload condor
3 | service:
4 | name: condor
5 | enabled: yes
6 | state: reloaded
7 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/templates/config-encoder-macros/hosts:
--------------------------------------------------------------------------------
1 | localhost ansible_python_interpreter=/usr/bin/python2 ansible_connection=local
2 |
--------------------------------------------------------------------------------
/roles/linuxhq.yum_cron/tests/test.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - hosts: localhost
3 | remote_user: root
4 | roles:
5 | - ansible-role-yum_cron
6 | ...
7 |
--------------------------------------------------------------------------------
/roles/pgs/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | pgs_dir: /opt/pgs
3 | pgs_repo_dir: "{{ pgs_dir }}/public-galaxy-servers"
4 | pgs_web_dir: /var/www/html/raw
5 |
--------------------------------------------------------------------------------
/roles/galaxyprojectdotorg.proftpd/tests/test.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - hosts: localhost
3 | remote_user: root
4 | roles:
5 | - galaxyprojectdotorg.proftpd
--------------------------------------------------------------------------------
/roles/htcondor/defaults/main.yml:
--------------------------------------------------------------------------------
1 | condor_daemons:
2 | - COLLECTOR
3 | - MASTER
4 | - NEGOTIATOR
5 | - SCHEDD
6 |
7 | condor_extra:
8 |
--------------------------------------------------------------------------------
/roles/sentry/templates/Dockerfile.j2:
--------------------------------------------------------------------------------
1 | FROM sentry:8.17-onbuild
2 | RUN pip install https://github.com/getsentry/sentry-auth-github/archive/master.zip
3 |
--------------------------------------------------------------------------------
/templates/encoder/macros/logstash_encode_macro.erb:
--------------------------------------------------------------------------------
1 | <%-#
2 | # ERB macro which converts Ruby data structure to Logstash format
3 | #-%>
4 | TODO
5 |
--------------------------------------------------------------------------------
/roles/hxr.monitor-squid/files/parse_squid.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | curl --silent http://localhost:3128/squid-internal-mgr/info | python /usr/bin/parse_squid.py
3 |
--------------------------------------------------------------------------------
/roles/multinic/files/route-eth1:
--------------------------------------------------------------------------------
1 | 10.5.68.0/24 dev eth1 tab 201
2 | default via 10.5.68.254 dev eth1 tab 201
3 | 10.4.7.0/24 via 10.5.68.1 dev eth1 tab 201
4 |
--------------------------------------------------------------------------------
/templates/encoder/templates/test.json.j2:
--------------------------------------------------------------------------------
1 | {% from "macros/json_encode_macro.j2" import json_encode with context -%}
2 |
3 | {{ json_encode(json_data) }}
4 |
--------------------------------------------------------------------------------
/resign-keys.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: resign all ssh keys
3 | hosts: all
4 | become: true
5 | roles:
6 | - ssh-host-resign
7 | - dev-sec.ssh-hardening
8 |
--------------------------------------------------------------------------------
/roles/hxr.autofs/files/auto.opt:
--------------------------------------------------------------------------------
1 | sge sn02:/opt/sge
2 | rh localhost:/export/opt/rh
3 | tivoli localhost:/export/opt/tivoli
4 |
--------------------------------------------------------------------------------
/roles/hxr.monitor-cluster/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | monitor_condor_split_util: false
3 | monitor_condor: false
4 | monitor_sge: false
5 | monitor_slurm: false
6 |
--------------------------------------------------------------------------------
/roles/devops.tomcat7/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # handlers file for ansible-role-tomcat7
3 |
4 | - name: restart tomcat
5 | service: name=tomcat state=restarted
6 |
--------------------------------------------------------------------------------
/roles/hxr.autofs/templates/data.conf.j2:
--------------------------------------------------------------------------------
1 | {% if "data" in usegalaxy_eu_autofs_mounts %}
2 | {% for row in data_conf %}
3 | {{ row }}
4 | {% endfor %}
5 | {% endif %}
6 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.tours/defaults/main.yml:
--------------------------------------------------------------------------------
1 | galaxy_tour_url: "https://github.com/usegalaxy-eu/galaxy-tours"
2 | galaxy_tour_dir: "{{ galaxy_mutable_data_dir }}/tours"
--------------------------------------------------------------------------------
/roles/geerlingguy.nginx/tasks/setup-Archlinux.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Ensure nginx is installed.
3 | pacman:
4 | name: "{{ nginx_package_name }}"
5 | state: installed
6 |
--------------------------------------------------------------------------------
/roles/hxr.monitor-cluster/files/cluster_queue-sge.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | qstat | awk '(NR>2){print $5}' | uniq -c | awk '{print "cluster.queue,engine=sge,state="$2" count="$1}'
3 |
--------------------------------------------------------------------------------
/roles/hxr.autofs/templates/usrlocal.conf.j2:
--------------------------------------------------------------------------------
1 | {% if "usrlocal" in usegalaxy_eu_autofs_mounts %}
2 | {% for row in usrlocal_conf %}
3 | {{ row }}
4 | {% endfor %}
5 | {% endif %}
6 |
--------------------------------------------------------------------------------
/roles/linuxhq.yum_cron/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: restart yum-cron
3 | tags: yum_cron
4 | become: true
5 | service:
6 | name: yum-cron
7 | state: restarted
8 | ...
9 |
--------------------------------------------------------------------------------
/templates/galaxy/config/nagios_tool_conf.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
--------------------------------------------------------------------------------
/roles/hxr.autofs/templates/discontinued.conf.j2:
--------------------------------------------------------------------------------
1 | {% if "discontinued" in usegalaxy_eu_autofs_mounts %}
2 | {% for row in discontinued_conf %}
3 | {{ row }}
4 | {% endfor %}
5 | {% endif %}
6 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/templates/config-encoder-macros/macros/logstash_encode_macro.erb:
--------------------------------------------------------------------------------
1 | <%-#
2 | # ERB macro which converts Ruby data structure to Logstash format
3 | #-%>
4 | TODO
5 |
--------------------------------------------------------------------------------
/templates/galaxy-test/config/nagios_tool_conf.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
--------------------------------------------------------------------------------
/files/galaxy/config/job_metrics_conf.yml:
--------------------------------------------------------------------------------
1 | ---
2 | ##
3 | ## This file is managed by Ansible. ALL CHANGES WILL BE OVERWRITTEN.
4 | ##
5 | - type: core
6 | - type: cgroup
7 | - type: hostname
--------------------------------------------------------------------------------
/files/galaxy/config/themes/plants.yml:
--------------------------------------------------------------------------------
1 | plants:
2 | masthead:
3 | color: >
4 | linear-gradient(90deg,
5 | #1a5d1a 0%,
6 | #369c36 50%,
7 | rgb(29 95 28) 100%)
8 |
--------------------------------------------------------------------------------
/files/traefik/rules/mq-service.yml:
--------------------------------------------------------------------------------
1 | tcp:
2 | services:
3 | mq:
4 | loadBalancer:
5 | servers:
6 | - address: "10.5.68.232:5671" #replace once mq02 is in playbook
7 |
--------------------------------------------------------------------------------
/roles/hxr.install-to-venv/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: Install all of the necessary dependencies
2 | pip:
3 | name: "{{ pip_install_dependencies }}"
4 | virtualenv: "{{ pip_venv_path }}"
5 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/templates/config-encoder-macros/templates/test.json.j2:
--------------------------------------------------------------------------------
1 | {% from "macros/json_encode_macro.j2" import json_encode with context -%}
2 |
3 | {{ json_encode(json_data) }}
4 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.galactic-radio-telescope/files/grt.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Paulinasilk/galaxy-eu-infrastructure-playbook/HEAD/roles/usegalaxy-eu.galactic-radio-telescope/files/grt.png
--------------------------------------------------------------------------------
/files/galaxy-test/tpv/roles.yml:
--------------------------------------------------------------------------------
1 | ---
2 | roles:
3 | dataplant*:
4 | params:
5 | object_store_id: "dataplant01"
6 | storage-test*:
7 | params:
8 | object_store_id: "s3_netapp01"
9 |
--------------------------------------------------------------------------------
/files/galaxy/subdomains/annotation/static/dist/annotation.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Paulinasilk/galaxy-eu-infrastructure-playbook/HEAD/files/galaxy/subdomains/annotation/static/dist/annotation.png
--------------------------------------------------------------------------------
/roles/multinic/files/rt_tables:
--------------------------------------------------------------------------------
1 | #
2 | # reserved values
3 | #
4 | 255 local
5 | 254 main
6 | 253 default
7 | 0 unspec
8 | #
9 | # local
10 | #
11 | #1 inr.ruhep
12 | 201 bioinf
13 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.remove-orphan-condor-jobs/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | remove_orphan_jobs_bin: /usr/bin/remove-orphan-condor-jobs
3 | remove_orphan_jobs_log: /var/log/remove-orphan-condor-jobs.log
4 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.tours/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: Clone tour repository
2 | git:
3 | repo: "{{ galaxy_tour_url }}"
4 | dest: "{{ galaxy_tour_dir }}"
5 | version: master
6 | force: "yes"
--------------------------------------------------------------------------------
/sync-to-nfs.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Sync to NFS
3 | hosts: sn06
4 | become: true
5 | vars:
6 | execute_galaxy_sync_to_nfs: true
7 |
8 | roles:
9 | - usegalaxy-eu.rsync-to-nfs
10 |
--------------------------------------------------------------------------------
/files/galaxy/subdomains/hicexplorer/static/dist/hicexplorer.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Paulinasilk/galaxy-eu-infrastructure-playbook/HEAD/files/galaxy/subdomains/hicexplorer/static/dist/hicexplorer.png
--------------------------------------------------------------------------------
/roles/geerlingguy.nginx/templates/nginx.repo.j2:
--------------------------------------------------------------------------------
1 | [nginx]
2 | name=nginx repo
3 | baseurl=http://nginx.org/packages/centos/{{ ansible_distribution_major_version }}/$basearch/
4 | gpgcheck=0
5 | enabled=1
6 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.remap-user/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Include CentOS8 tasks
3 | include: centos8.yml
4 | when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '8'
5 |
--------------------------------------------------------------------------------
/roles/hxr.api-check/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | http_api_check:
3 | - name: home_nossl
4 | url: "http://usegalaxy.eu"
5 | code: 301
6 | - name: home
7 | url: "https://usegalaxy.eu"
8 | code: 200
9 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/tasks/configure.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: configure rabbitmq
3 | template:
4 | src: rabbitmq.config.j2
5 | dest: /etc/rabbitmq/rabbitmq.config
6 | when: rabbitmq_config is defined
7 |
--------------------------------------------------------------------------------
/group_vars/job-working-dir.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Volumes
3 | usegalaxy_eu_autofs_mounts:
4 | - vdb
5 |
6 | nfs_exports:
7 | - "/vols/vdb/ *(rw,sync)"
8 | nfs_rpcbind_state: started
9 | nfs_rpcbind_enabled: true
10 |
--------------------------------------------------------------------------------
/roles/devops.tomcat7/tasks/setup-Debian.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Ensure Tomcat packages are installed (Debian).
3 | package:
4 | name: "{{ item }}"
5 | state: installed
6 | with_items: '{{ tomcat7_packages }}'
7 |
--------------------------------------------------------------------------------
/roles/docker/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: reload systemd daemon
4 | command: systemctl daemon-reload
5 |
6 | - name: restart docker
7 | service:
8 | name: docker
9 | state: restarted
10 |
--------------------------------------------------------------------------------
/roles/hxr.autofs/handlers/main.yml:
--------------------------------------------------------------------------------
1 | - name: autofs restart
2 | service:
3 | name: autofs
4 | state: restarted
5 |
6 | - name: autofs reload
7 | service:
8 | name: autofs
9 | state: reload
10 |
--------------------------------------------------------------------------------
/roles/hxr.galaxy-log-dir/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - file:
3 | path: "{{ galaxy_log_dir }}"
4 | state: directory
5 | mode: '0755'
6 | owner: "{{ galaxy_user.name }}"
7 | group: "{{ galaxy_group.name }}"
8 |
--------------------------------------------------------------------------------
/roles/hxr.monitor-cluster/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - include: condor.yml
3 | when: monitor_condor
4 |
5 | - include: sge.yml
6 | when: monitor_sge
7 |
8 | - include: slurm.yml
9 | when: monitor_slurm
10 |
--------------------------------------------------------------------------------
/roles/devops.tomcat7/tests/test.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # test file
3 |
4 | - name: Install Tomcat 7.
5 | hosts: servers
6 | roles:
7 | - role: ansible-role-tomcat7
8 | tomcat7_packages:
9 | - tomcat
10 |
--------------------------------------------------------------------------------
/roles/hxr.monitor-email/files/main.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | for file in $(find /var/spool/mail/ -type f); do
3 | luser=$(basename $file)
4 | count=$(grep -c '^From: ' $file)
5 | echo "mail,luser=$luser count=$count";
6 | done
7 |
--------------------------------------------------------------------------------
/roles/devops.tomcat7/tests/centos-7-test.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # test file
3 |
4 | - name: Install Tomcat 7.
5 | hosts: localhost
6 | roles:
7 | - role: role_under_test
8 | tomcat7_packages:
9 | - tomcat
10 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.galactic-radio-telescope/templates/run.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #- DJANGO_SETTINGS_MODULE=base.production
3 | . {{ grt_dir }}/config/env.sh
4 | {{ grt_dir }}/venv/bin/uwsgi \
5 | --yml {{ grt_dir }}/config/uwsgi.yml
6 |
--------------------------------------------------------------------------------
/roles/hxr.exclude-repo/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Exclude some repositories
3 | lineinfile:
4 | dest: /etc/yum.repos.d/epel.repo
5 | line: 'exclude={{ ",".join(yum_exclude_repos) }}'
6 | insertafter: '^ *enabled=1'
7 |
--------------------------------------------------------------------------------
/roles/hxr.monitor-cluster/files/cluster_queue-slurm.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | squeue | \
3 | awk '(NR>1){ print $2" "$4" "$5}' | \
4 | uniq -c | \
5 | awk '{print "cluster.queue,engine=slurm,state="$4",queue="$2",owner="$3" count="$1}'
6 |
--------------------------------------------------------------------------------
/templates/nginx/docker.j2:
--------------------------------------------------------------------------------
1 | server {
2 |
3 | listen 443 ssl default_server;
4 | listen [::]:443 ssl default_server;
5 |
6 | server_name {{ inventory_hostname }};
7 |
8 | location / {
9 | alias /var/www;
10 | }
11 | }
12 |
--------------------------------------------------------------------------------
/roles/hxr.monitor-cluster/tasks/slurm.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: "Send slurm queue monitor"
3 | copy:
4 | src: "cluster_queue-slurm.sh"
5 | dest: "/usr/bin/monitor-slurm-queue"
6 | owner: root
7 | group: root
8 | mode: 0755
9 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.logrotate/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Create logrotate files
3 | blockinfile:
4 | path: "/etc/logrotate.d/{{ item.path }}"
5 | block: "{{ item.conf }}"
6 | create: true
7 | loop: "{{ lp_logrotate_confd }}"
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.plausible/templates/plausible-mail.j2:
--------------------------------------------------------------------------------
1 | RELAY_HOST="{{ plausible_smtp_host }}"
2 | RELAY_PORT="{{ plausible_smtp_port }}"
3 | RELAY_USERNAME="{{ plausible_smtp_username }}"
4 | RELAY_PASSWORD="{{ plausible_smtp_password }}"
--------------------------------------------------------------------------------
/templates/nginx/influxdb-ssl.j2:
--------------------------------------------------------------------------------
1 | server {
2 |
3 | listen 443 ssl default_server;
4 | listen [::]:443 ssl default_server;
5 |
6 | server_name {{ inventory_hostname }};
7 |
8 | location / {
9 | }
10 |
11 | }
12 |
--------------------------------------------------------------------------------
/roles/hxr.autofs/templates/vols.conf.j2:
--------------------------------------------------------------------------------
1 | {% if "vdb" in usegalaxy_eu_autofs_mounts %}
2 | vdb -fstype=ext4 :/dev/vdb
3 | {% endif %}
4 | {% if "vdc" in usegalaxy_eu_autofs_mounts %}
5 | vdc -fstype=ext4 :/dev/vdc
6 | {% endif %}
7 |
--------------------------------------------------------------------------------
/roles/hxr.galaxy-nonreproducible-tools/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: Clone repository
2 | git:
3 | repo: "https://github.com/usegalaxy-eu/temporary-tools"
4 | dest: "{{ galaxy_nonrepro_tools }}"
5 | version: master
6 | force: "yes"
7 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.vgcn-monitoring/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # handlers file for usegalaxy-eu.vgcn-monitoring
3 | - name: restart telegraf
4 | become: yes
5 | service:
6 | name: telegraf
7 | state: restarted
8 | enabled: yes
9 |
--------------------------------------------------------------------------------
/templates/encoder/hiera.yaml:
--------------------------------------------------------------------------------
1 | :backends:
2 | - yaml
3 | :hierarchy:
4 | - apache_test
5 | - erlang_test
6 | - ini_test
7 | - json_test
8 | - toml_test
9 | - xml_test
10 | - yaml_test
11 | :yaml:
12 | :datadir: ./vars
13 |
--------------------------------------------------------------------------------
/roles/devops.tomcat7/tasks/setup-RedHat.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # tasks file for RedHat
3 |
4 | - name: Ensure Tomcat packages are installed (RedHat).
5 | yum:
6 | name: "{{ item }}"
7 | state: installed
8 | with_items: '{{ tomcat7_packages }}'
9 |
--------------------------------------------------------------------------------
/roles/multinic/files/fix-network.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Fix networking
3 | After=network-online.target
4 |
5 | [Service]
6 | Type=oneshot
7 | ExecStart=/usr/sbin/fix-network
8 |
9 | [Install]
10 | WantedBy=network-online.target
11 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.log-cleaner/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Clean up old logs
3 | cron:
4 | name: Clean up old logs
5 | minute: 0
6 | hour: 0
7 | job: journalctl --vacuum-time=1d -u galaxy-gunicorn@* galaxy-handler@* 2>/dev/null
8 |
--------------------------------------------------------------------------------
/.git-blame-ignore-revs:
--------------------------------------------------------------------------------
1 | # Run isort on galaxy_jwd.py
2 | c573ecd02e0f1ce97e74c21b753faf2467e9a227
3 | # Run black on galaxy_jwd.py
4 | e44dc2711a3bb70e62848049f09b449667b13ad1
5 | # Run flake8 on galaxy_jwd.py
6 | 40095d807803bcc8faa49278ee9904c079313439
7 |
--------------------------------------------------------------------------------
/roles/hxr.docker-ssl/templates/docker-env.conf:
--------------------------------------------------------------------------------
1 | [Service]
2 | ExecStart=
3 | ExecStart=/usr/bin/dockerd -H=0.0.0.0:8443 -H=fd:// --tlsverify --tlscacert=/etc/pki/tls/certs/ca.pem --tlscert=/etc/pki/tls/certs/cert.pem --tlskey=/etc/pki/tls/private/key.pem
4 |
--------------------------------------------------------------------------------
/roles/hxr.galaxy-echo-tool/templates/nagios_tool_conf.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | {% for handler in galaxy_test_user.handlers %}
4 |
5 | {% endfor %}
6 |
7 |
--------------------------------------------------------------------------------
/roles/hxr.grafana-gitter-bridge/templates/sudoers.j2:
--------------------------------------------------------------------------------
1 | Cmnd_Alias TIAAS = /usr/bin/systemctl restart tiaas, /usr/bin/systemctl start tiaas, /usr/bin/systemctl stop tiaas, /usr/bin/systemctl status tiaas
2 | {{ tiaas_manage_user.name }} ALL=NOPASSWD: TIAAS
3 |
--------------------------------------------------------------------------------
/roles/multinic-old/files/fix-network.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Fix networking
3 | After=network-online.target
4 |
5 | [Service]
6 | Type=oneshot
7 | ExecStart=/usr/sbin/fix-network
8 |
9 | [Install]
10 | WantedBy=network-online.target
11 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.gapars-galaxy/templates/sudoers.j2:
--------------------------------------------------------------------------------
1 | Cmnd_Alias TIAAS = /usr/bin/systemctl restart tiaas, /usr/bin/systemctl start tiaas, /usr/bin/systemctl stop tiaas, /usr/bin/systemctl status tiaas
2 | {{ tiaas_manage_user.name }} ALL=NOPASSWD: TIAAS
3 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.webhooks/defaults/main.yml:
--------------------------------------------------------------------------------
1 | galaxy_webhook_url: 'https://github.com/usegalaxy-eu/galaxy-webhooks'
2 | galaxy_webhook_dir: '{{ galaxy_mutable_data_dir }}/webhooks'
3 | galaxy_webhook_plugins_template_dir: 'templates/galaxy/webhooks/'
4 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.bashrc/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | bashrc_users:
3 | - uname: "{{ galaxy_user.name }}"
4 | uhome: "{{ galaxy_user.home }}"
5 | gname: "{{ galaxy_group.name }}"
6 |
7 | galaxy_pulsar_app_conf: "{{ galaxy_config_dir }}/pulsar_app.yml"
8 |
--------------------------------------------------------------------------------
/templates/galaxy/config/pulsar_app.yml:
--------------------------------------------------------------------------------
1 | private_token: {{ pulsar_private_token }}
2 | staging_directory: /data/jwd02f/pulsar_staging/
3 | tool_dependency_dir: /data/dnb01/galaxy_db/pulsar_dependencies/
4 |
5 | managers:
6 | _default_:
7 | type: queued_condor
8 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.gie-node-proxy/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: gie systemd reload
3 | systemd:
4 | daemon_reload: yes
5 |
6 | - name: gie systemd restart
7 | systemd:
8 | name: galaxy-gie-proxy
9 | state: restarted
10 | enabled: yes
11 |
--------------------------------------------------------------------------------
/files/traefik/rules/mq-router.yml:
--------------------------------------------------------------------------------
1 | tcp:
2 | routers:
3 | mq-rtr:
4 | rule: "HostSNI(`*`)" # || ClientIP(`132.230.224.103`)" Allow by host IP
5 | service: "mq"
6 | entryPoints:
7 | - amqps
8 | tls:
9 | passthrough: true
10 |
--------------------------------------------------------------------------------
/templates/nginx/grafana.j2:
--------------------------------------------------------------------------------
1 | server {
2 | listen 80 default_server;
3 | listen [::]:80 default_server;
4 |
5 | server_name {{ inventory_hostname }};
6 |
7 | location /.well-known/ {
8 | root {{ certbot_well_known_root }};
9 | }
10 | }
11 |
--------------------------------------------------------------------------------
/templates/nginx/influxdb.j2:
--------------------------------------------------------------------------------
1 | server {
2 | listen 80 default_server;
3 | listen [::]:80 default_server;
4 |
5 | server_name {{ inventory_hostname }};
6 |
7 | location /.well-known/ {
8 | root {{ certbot_well_known_root }};
9 | }
10 | }
11 |
--------------------------------------------------------------------------------
/roles/hxr.sentry/templates/Dockerfile.j2:
--------------------------------------------------------------------------------
1 | FROM sentry:8.22-onbuild
2 | # Decrease required GH permissions since not operating on private repos.
3 | RUN sed -i 's/user:email,read:org,repo/user:email,read:org/' /usr/local/lib/python2.7/site-packages/sentry_auth_github/constants.py
4 |
--------------------------------------------------------------------------------
/templates/galaxy-test/config/pulsar_app.yml:
--------------------------------------------------------------------------------
1 | private_token: {{ pulsar_private_token }}
2 | staging_directory: /data/dnb01/galaxy_db/pulsar_staging/
3 | tool_dependency_dir: /data/dnb01/galaxy_db/pulsar_dependencies/
4 |
5 | managers:
6 | _default_:
7 | type: queued_condor
8 |
--------------------------------------------------------------------------------
/roles/galaxyprojectdotorg.proftpd/templates/server.conf.j2:
--------------------------------------------------------------------------------
1 | ##
2 | ## This file is maintained by Ansible - CHANGES WILL BE OVERWRITTEN
3 | ##
4 |
5 | {% for pair in proftpd_options %}
6 | {% for key in pair %}
7 | {{ key }} {{ pair[key] }}
8 | {% endfor %}
9 | {% endfor %}
10 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/templates/config-encoder-macros/hiera.yaml:
--------------------------------------------------------------------------------
1 | :backends:
2 | - yaml
3 | :hierarchy:
4 | - apache_test
5 | - erlang_test
6 | - ini_test
7 | - json_test
8 | - toml_test
9 | - xml_test
10 | - yaml_test
11 | :yaml:
12 | :datadir: ./vars
13 |
--------------------------------------------------------------------------------
/roles/hxr.autofs-format-n-mount/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Copy script
3 | copy:
4 | src: formatter.sh
5 | dest: /usr/bin/format-n-mount
6 | owner: root
7 | group: root
8 | mode: 0755
9 |
10 | - name: Run script
11 | command: /usr/bin/format-n-mount
12 |
--------------------------------------------------------------------------------
/roles/hxr.grafana-gitter-bridge/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: reload ggb
3 | systemd:
4 | state: restarted
5 | name: ggb
6 |
7 | - name: setup ggb systemd
8 | systemd:
9 | state: started
10 | enabled: true
11 | name: ggb
12 | daemon_reload: yes
13 |
--------------------------------------------------------------------------------
/roles/multinic/files/ifcfg-eth0:
--------------------------------------------------------------------------------
1 | DEVICE="eth0"
2 | BOOTPROTO="dhcp"
3 | ONBOOT="yes"
4 | TYPE="Ethernet"
5 | USERCTL="yes"
6 | IPV6INIT="no"
7 | PERSISTENT_DHCLIENT="1"
8 | PROXY_METHOD=none
9 | BROWSER_ONLY=no
10 | DEFROUTE=yes
11 | IPV4_FAILURE_FATAL=no
12 | NAME="System eth0"
13 |
--------------------------------------------------------------------------------
/roles/multinic/files/ifcfg-eth1:
--------------------------------------------------------------------------------
1 | DEVICE="eth1"
2 | BOOTPROTO="dhcp"
3 | ONBOOT="yes"
4 | TYPE="Ethernet"
5 | USERCTL="yes"
6 | IPV6INIT="no"
7 | PERSISTENT_DHCLIENT="1"
8 | PROXY_METHOD=none
9 | BROWSER_ONLY=no
10 | DEFROUTE=no
11 | IPV4_FAILURE_FATAL=no
12 | NAME="System eth1"
13 |
--------------------------------------------------------------------------------
/templates/encoder/vars/ini_test.yaml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | ini_data:
4 | var1: val1
5 | var2: val2
6 | section1:
7 | aaa:
8 | - asdf
9 | - zxcv
10 | bbb: 123
11 | ccc: 'true'
12 | section2:
13 | ddd: asdfasd
14 | eee: 1234
15 | fff: 'false'
16 |
--------------------------------------------------------------------------------
/roles/geerlingguy.nginx/tasks/setup-OpenBSD.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Ensure nginx is installed.
3 | openbsd_pkg:
4 | name: "{{ nginx_package_name }}"
5 | state: present
6 |
7 | - name: Create logs directory.
8 | file:
9 | path: /var/log/nginx
10 | state: directory
11 |
--------------------------------------------------------------------------------
/roles/hxr.autofs-format-n-mount/files/formatter.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | grep --quiet vdb /etc/fstab > /dev/null
3 | ec=$?
4 |
5 | if (( ec > 0 )); then
6 | mkfs -t xfs /dev/vdb
7 | echo "/dev/vdb /vdb xfs defaults,nofail 0 2" >> /etc/fstab
8 | mkdir -p /vdb
9 | mount /vdb
10 | fi
11 |
--------------------------------------------------------------------------------
/roles/multinic-old/files/fix-network.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | ip route replace default via 192.52.3.254 2> /dev/null || true
3 | ip route add 10.4.7.0/24 via 10.5.68.1 dev eth1 2> /dev/null || true
4 | #ip route add 132.230.68.0/24 via 10.5.68.1 dev eth1 2> /dev/null || true
5 |
--------------------------------------------------------------------------------
/roles/multinic-old/files/ifcfg-eth0:
--------------------------------------------------------------------------------
1 | DEVICE="eth0"
2 | BOOTPROTO="dhcp"
3 | ONBOOT="yes"
4 | TYPE="Ethernet"
5 | USERCTL="yes"
6 | IPV6INIT="no"
7 | PERSISTENT_DHCLIENT="1"
8 | PROXY_METHOD=none
9 | BROWSER_ONLY=no
10 | DEFROUTE=yes
11 | IPV4_FAILURE_FATAL=no
12 | NAME="System eth0"
13 |
--------------------------------------------------------------------------------
/templates/encoder/templates/test.json.erb:
--------------------------------------------------------------------------------
1 | <%-
2 | item = @json_data || (json_data.kind_of?(String) ? eval(json_data) : json_data)
3 | macro_path = 'macros/json_encode_macro.erb'
4 | -%>
5 | <%= ERB.new(IO.read(macro_path), nil, '-', '_erbout1').result(OpenStruct.new().send(:binding)) -%>
6 |
--------------------------------------------------------------------------------
/templates/nginx/mq-ssl.j2:
--------------------------------------------------------------------------------
1 | server {
2 |
3 | listen 443 ssl default_server;
4 | listen [::]:443 ssl default_server;
5 |
6 | server_name {{ inventory_hostname }};
7 |
8 | location / {
9 | proxy_pass http://127.0.0.1:15672;
10 | }
11 | }
12 |
--------------------------------------------------------------------------------
/roles/hxr.gx-cookie-proxy/templates/env:
--------------------------------------------------------------------------------
1 | GALAXY_DB_URL="{{ GALAXY_DB_URL }}"
2 | GALAXY_SECRET="{{ id_secret }}"
3 | GXC_LISTEN_ADDR=127.0.0.1:5000
4 | GXC_BACKEND_URL=127.0.0.1:8080
5 | GXC_LOGLEVEL=INFO
6 | GXC_HEADER=REMOTE_USER
7 | GXC_STATSD=127.0.0.1:8125
8 | GXC_STATSD_PREFIX=apollo.test.gxc.
9 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.galaxy-procstat/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: "Copy procstat setup"
2 | template:
3 | src: "telegraf-procstat.conf.j2"
4 | dest: "/etc/telegraf/telegraf.d/galaxy_procstat.conf"
5 | owner: telegraf
6 | group: telegraf
7 | mode: 0640
8 | notify: "Restart Telegraf"
9 |
--------------------------------------------------------------------------------
/files/galaxy/config/external_service_types_conf.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.gapars-galaxy/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: reload gapars
3 | systemd:
4 | state: restarted
5 | name: gapars
6 |
7 | - name: setup gapars systemd
8 | systemd:
9 | state: started
10 | enabled: true
11 | name: gapars
12 | daemon_reload: yes
13 |
--------------------------------------------------------------------------------
/templates/encoder/templates/test.ini.j2:
--------------------------------------------------------------------------------
1 | #
2 | # This file is managed by Ansible.
3 | # Do not edit this file manually.
4 | # Any changes will be automatically reverted.
5 | #
6 |
7 | {% from "macros/ini_encode_macro.j2" import ini_encode with context -%}
8 |
9 | {{ ini_encode(ini_data) }}
10 |
--------------------------------------------------------------------------------
/templates/encoder/vars/json_test.yaml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | json_data:
4 | string: This is a string
5 | number: 123
6 | boolean: 'true'
7 | dict:
8 | aaa: bbb
9 | ccc: true
10 | list:
11 | - eee
12 | - fff
13 | complex:
14 | ggg:
15 | - hhh
16 | - iii: jjj
17 |
--------------------------------------------------------------------------------
/templates/encoder/vars/yaml_test.yaml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | yaml_data:
4 | string: This is a string
5 | number: 123
6 | boolean: 'true'
7 | dict:
8 | aaa: bbb
9 | ccc: true
10 | list:
11 | - eee
12 | - fff
13 | complex:
14 | ggg:
15 | - hhh
16 | - iii: jjj
17 |
--------------------------------------------------------------------------------
/files/galaxy-test/config/external_service_types_conf.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/roles/galaxyprojectdotorg.proftpd/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # handlers file for galaxyprojectdotorg.proftpd
3 |
4 | - name: reload proftpd
5 | service:
6 | name: proftpd
7 | state: reloaded
8 |
9 | - name: restart proftpd
10 | service:
11 | name: proftpd
12 | state: restarted
13 |
--------------------------------------------------------------------------------
/roles/galaxyprojectdotorg.proftpd/tasks/debian.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # tasks file for galaxyprojectdotorg.proftpd
3 |
4 | - name: Install ProFTPD (apt)
5 | apt:
6 | name: "{{ item }}"
7 | with_items:
8 | - proftpd-basic
9 | - proftpd-mod-pgsql
10 | - proftpd-doc
11 | - proftpd-dev
12 |
--------------------------------------------------------------------------------
/roles/hxr.admin-tools/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Install useful tools
3 | yum:
4 | name: "{{ admin_packages }}"
5 | state: installed
6 |
7 | - name: Start atop
8 | service:
9 | name: atop
10 | state: started
11 | enabled: yes
12 | when: "'atop' in admin_packages"
13 |
--------------------------------------------------------------------------------
/roles/hxr.galaxy-echo-tool/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | galaxy_root_dir: /usr/local/galaxy/galaxy-dist
3 | galaxy_tool_dir: "{{ galaxy_root_dir }}/tools"
4 | galaxy_conf_dir: "{{ galaxy_root_dir }}/config"
5 |
6 | galaxy_test_user:
7 | handlers:
8 | - handler1
9 | - handler2
10 |
11 |
--------------------------------------------------------------------------------
/roles/hxr.grafana-gitter-bridge/templates/run.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | . {{ ggb_dir }}/venv/bin/activate
3 | cd {{ ggb_dir }}/code/
4 | export CONFIG_PATH="{{ ggb_dir }}/config/config.yaml"
5 | exec gunicorn --workers {{ ggb_workers | default("4") }} --bind {{ ggb_listen_url | default("127.0.0.1:5000") }} app:app
6 |
--------------------------------------------------------------------------------
/roles/hxr.postgres-connection/defaults/main.yml:
--------------------------------------------------------------------------------
1 | pgc_users:
2 | - uname: "{{ galaxy_user.name }}"
3 | uhome: "{{ galaxy_user.home }}"
4 | gname: "{{ galaxy_group.name | default(galaxy_group) }}"
5 | pguser: "{{ postgres_user }}"
6 | pgpass: "{{ postgres_pass }}"
7 | pgdatabase: galaxy
8 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.monitoring/tasks/nfsstat.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - copy:
3 | content: |
4 | #!/bin/bash
5 | nfsstat -3 -v -l | awk '(NR>2 && length){print "nfsstat,op="substr($4, 0, length($4)-1)" count="$5}'
6 | dest: /usr/bin/nfsstat-influx
7 | owner: root
8 | group: root
9 | mode: 0755
--------------------------------------------------------------------------------
/templates/encoder/templates/test.toml.j2:
--------------------------------------------------------------------------------
1 | #
2 | # This file is managed by Ansible.
3 | # Do not edit this file manually.
4 | # Any changes will be automatically reverted.
5 | #
6 |
7 | {% from "macros/toml_encode_macro.j2" import toml_encode with context -%}
8 |
9 | {{ toml_encode(toml_data) }}
10 |
--------------------------------------------------------------------------------
/templates/encoder/templates/test.yaml.j2:
--------------------------------------------------------------------------------
1 | #
2 | # This file is managed by Ansible.
3 | # Do not edit this file manually.
4 | # Any changes will be automatically reverted.
5 | #
6 |
7 | {% from "macros/yaml_encode_macro.j2" import yaml_encode with context -%}
8 |
9 | {{ yaml_encode(yaml_data) }}
10 |
--------------------------------------------------------------------------------
/roles/matterircd/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: MatterIRCd
3 | docker_container:
4 | name: 42wim
5 | image: 42wim/matterircd:latest
6 | state: started
7 | recreate: yes
8 | restart_policy: always
9 | command: "-bind 0.0.0.0:6667"
10 | ports:
11 | - "0.0.0.0:6667:6667"
12 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.vgcn-monitoring/templates/vgcn_monitoring.conf.j2:
--------------------------------------------------------------------------------
1 | ### Managed by usegalaxy-eu.vgcn-monitoring ansible role ###
2 | [[inputs.exec]]
3 | commands = ["sudo {{ custom_vgcn_env }} /usr/local/bin/vgcn_monitoring.py"]
4 | timeout = "60s"
5 | data_format = "influx"
6 | interval = "30m"
7 |
--------------------------------------------------------------------------------
/files/galaxy/config/themes/imaging.yml:
--------------------------------------------------------------------------------
1 | imaging:
2 | masthead:
3 | color: >
4 | linear-gradient(90deg,
5 | rgb(0, 0, 0) 0%,
6 | rgb(0, 69, 227) 17%,
7 | rgb(9, 121, 33) 30%,
8 | rgb(180, 170, 15) 70%,
9 | rgb(193, 35, 0) 79%,
10 | rgb(0, 0, 0) 100%)
11 |
--------------------------------------------------------------------------------
/roles/docker/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | docker_install: yes
4 | docker_service_enabled: "{{ 'dockerservers' in group_names or 'dockersslservers' in group_names }}"
5 | docker_ssl_ca_dir: /etc/docker-ca
6 | docker_daemon_option_list: []
7 |
8 | docker_ssl_server_certs: {}
9 | docker_ssl_server_keys: {}
10 |
--------------------------------------------------------------------------------
/roles/galaxyprojectdotorg.proftpd/templates/global.conf.j2:
--------------------------------------------------------------------------------
1 | ##
2 | ## This file is maintained by Ansible - CHANGES WILL BE OVERWRITTEN
3 | ##
4 |
5 |
6 | {% for pair in proftpd_global_options %}
7 | {% for key in pair %}
8 | {{ key }} {{ pair[key] }}
9 | {% endfor %}
10 | {% endfor %}
11 |
12 |
--------------------------------------------------------------------------------
/roles/geerlingguy.nginx/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: restart nginx
3 | service: name=nginx state=restarted
4 |
5 | - name: validate nginx configuration
6 | command: nginx -t -c /etc/nginx/nginx.conf
7 | changed_when: False
8 |
9 | - name: reload nginx
10 | service: name=nginx state=reloaded
11 |
--------------------------------------------------------------------------------
/templates/encoder/templates/test.apache.j2:
--------------------------------------------------------------------------------
1 | #
2 | # This file is managed by Ansible.
3 | # Do not edit this file manually.
4 | # Any changes will be automatically reverted.
5 | #
6 |
7 | {% from "macros/apache_encode_macro.j2" import apache_encode with context -%}
8 |
9 | {{ apache_encode(apache_data) }}
10 |
--------------------------------------------------------------------------------
/templates/encoder/templates/test.erlang.j2:
--------------------------------------------------------------------------------
1 | %
2 | % This file is managed by Ansible.
3 | % Do not edit this file manually.
4 | % Any changes will be automatically reverted.
5 | %
6 |
7 | {% from "macros/erlang_encode_macro.j2" import erlang_encode with context -%}
8 |
9 | {{ erlang_encode(erlang_data) }}
10 |
--------------------------------------------------------------------------------
/group_vars/proxy.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # NGINX
3 | nginx_enable_default_server: false
4 | nginx_servers:
5 | - proxy
6 | nginx_conf_http:
7 | client_max_body_size: 1g
8 | nginx_remove_default_vhost: true
9 |
10 | certbot_well_known_root: /srv/nginx/_well-known_root
11 |
12 | # Autoupdates
13 | au_apply_updates: true
14 |
--------------------------------------------------------------------------------
/ansible.cfg:
--------------------------------------------------------------------------------
1 | [ssh_connection]
2 | pipelining = true
3 |
4 | [defaults]
5 | roles_path = roles
6 | collections_path = collections
7 |
8 | # use openssh so that we can persist connections
9 | transport = ssh
10 |
11 | vault_password_file=.vault_password
12 |
13 | retry_files_enabled = false
14 | inventory = hosts
15 |
--------------------------------------------------------------------------------
/files/galaxy/config/job_resource_params_conf.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/roles/devops.tomcat7/meta/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | galaxy_info:
3 | author: z
4 | description: Tomcat 7 for RHEL/CentOS.
5 | company:
6 | license: license (BSD, MIT)
7 | min_ansible_version: 1.9
8 | platforms:
9 | - name: EL
10 | versions:
11 | - 7
12 | categories:
13 | - web
14 | dependencies: []
15 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/templates/config-encoder-macros/vars/ini_test.yaml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | ini_data:
4 | var1: val1
5 | var2: val2
6 | section1:
7 | aaa:
8 | - asdf
9 | - zxcv
10 | bbb: 123
11 | ccc: 'true'
12 | section2:
13 | ddd: asdfasd
14 | eee: 1234
15 | fff: 'false'
16 |
--------------------------------------------------------------------------------
/roles/multinic-old/files/ifcfg-eth1:
--------------------------------------------------------------------------------
1 | DEVICE="eth1"
2 | BOOTPROTO="dhcp"
3 | ONBOOT="yes"
4 | TYPE="Ethernet"
5 | USERCTL="yes"
6 | IPV6INIT="no"
7 | PERSISTENT_DHCLIENT="1"
8 | PROXY_METHOD=none
9 | BROWSER_ONLY=no
10 | DEFROUTE=no
11 | IPV4_FAILURE_FATAL=no
12 | NAME="System eth1"
13 | PEERROUTES=no
14 | PEERDNS=no
15 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.error-pages/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: "Deploy error pages"
3 | copy:
4 | src: "{{ item }}"
5 | dest: "/usr/share/nginx/html/{{ item }}"
6 | owner: nginx
7 | group: nginx
8 | mode: 0755
9 | loop:
10 | - 404.html
11 | - 502.html
12 | - 503.html
13 | - 504.html
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.gapars-galaxy/templates/run.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | . {{ gapars_dir }}/venv/bin/activate
3 | cd {{ gapars_dir }}/code/
4 | export CONFIG_PATH="{{ gapars_dir }}/config/config.yaml"
5 | export PYTHONUNBUFFERED=1
6 | exec gunicorn --workers {{ gapars_workers | default("4") }} --bind {{ gapars_listen_url }} app:app
7 |
--------------------------------------------------------------------------------
/templates/encoder/templates/test.logstash.j2:
--------------------------------------------------------------------------------
1 | #
2 | # This file is managed by Ansible.
3 | # Do not edit this file manually.
4 | # Any changes will be automatically reverted.
5 | #
6 |
7 | {% from "macros/logstash_encode_macro.j2" import logstash_encode with context -%}
8 |
9 | {{ logstash_encode(logstash_data) }}
10 |
--------------------------------------------------------------------------------
/files/galaxy-test/config/job_resource_params_conf.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/files/traefik/rules/usegalaxy-eu-service.yml:
--------------------------------------------------------------------------------
1 | http:
2 | services:
3 | usegalaxy-eu:
4 | loadBalancer:
5 | passHostHeader: true
6 | sticky:
7 | cookie: {}
8 | servers:
9 | - url: "https://sn06.galaxyproject.eu/"
10 | # - url: "https://sn07.galaxyproject.eu/"
11 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/templates/config-encoder-macros/templates/test.json.erb:
--------------------------------------------------------------------------------
1 | <%-
2 | item = @json_data || (json_data.kind_of?(String) ? eval(json_data) : json_data)
3 | macro_path = 'macros/json_encode_macro.erb'
4 | -%>
5 | <%= ERB.new(IO.read(macro_path), nil, '-', '_erbout1').result(OpenStruct.new().send(:binding)) -%>
6 |
--------------------------------------------------------------------------------
/group_vars/cron-test.yml:
--------------------------------------------------------------------------------
1 | ---
2 | cron_tasks:
3 | - name: "Restart handlers part 1"
4 | minute: 0
5 | hour: 6
6 | job: systemctl restart galaxy-handler@0
7 | user: root
8 | - name: "Restart zergling 0"
9 | minute: 0
10 | hour: 6
11 | job: systemctl restart galaxy-zergling@0
12 | user: root
13 |
--------------------------------------------------------------------------------
/roles/geerlingguy.nginx/tasks/setup-Debian.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Update apt cache.
3 | apt: update_cache=yes cache_valid_time=86400
4 | changed_when: false
5 |
6 | - name: Ensure nginx is installed.
7 | apt:
8 | name: "{{ nginx_package_name }}"
9 | state: installed
10 | default_release: "{{ nginx_default_release }}"
11 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/templates/config-encoder-macros/templates/test.ini.j2:
--------------------------------------------------------------------------------
1 | #
2 | # This file is managed by Ansible.
3 | # Do not edit this file manually.
4 | # Any changes will be automatically reverted.
5 | #
6 |
7 | {% from "macros/ini_encode_macro.j2" import ini_encode with context -%}
8 |
9 | {{ ini_encode(ini_data) }}
10 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/templates/config-encoder-macros/vars/json_test.yaml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | json_data:
4 | string: This is a string
5 | number: 123
6 | boolean: 'true'
7 | dict:
8 | aaa: bbb
9 | ccc: true
10 | list:
11 | - eee
12 | - fff
13 | complex:
14 | ggg:
15 | - hhh
16 | - iii: jjj
17 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/templates/config-encoder-macros/vars/yaml_test.yaml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | yaml_data:
4 | string: This is a string
5 | number: 123
6 | boolean: 'true'
7 | dict:
8 | aaa: bbb
9 | ccc: true
10 | list:
11 | - eee
12 | - fff
13 | complex:
14 | ggg:
15 | - hhh
16 | - iii: jjj
17 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.galactic-radio-telescope/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: reload grt
3 | systemd:
4 | state: restarted
5 | name: galactic-radio-telescope
6 |
7 | - name: setup grt systemd
8 | systemd:
9 | state: started
10 | enabled: true
11 | name: galactic-radio-telescope
12 | daemon_reload: yes
13 |
--------------------------------------------------------------------------------
/roles/galaxyprojectdotorg.proftpd/templates/virtualhost.conf.j2:
--------------------------------------------------------------------------------
1 | ##
2 | ## This file is maintained by Ansible - CHANGES WILL BE OVERWRITTEN
3 | ##
4 |
5 |
6 | {% for pair in item.options -%}
7 | {% for key in pair -%}
8 | {{ key }} {{ pair[key] }}
9 | {% endfor %}
10 | {% endfor %}
11 |
12 |
--------------------------------------------------------------------------------
/roles/geerlingguy.nginx/tasks/setup-FreeBSD.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Update pkg cache.
3 | shell: pkg update -f
4 |
5 | - name: Ensure nginx is installed.
6 | pkgng:
7 | name: "{{ nginx_package_name }}"
8 | state: present
9 |
10 | - name: Create logs directory.
11 | file:
12 | path: /var/log/nginx
13 | state: directory
14 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/templates/config-encoder-macros/templates/test.toml.j2:
--------------------------------------------------------------------------------
1 | #
2 | # This file is managed by Ansible.
3 | # Do not edit this file manually.
4 | # Any changes will be automatically reverted.
5 | #
6 |
7 | {% from "macros/toml_encode_macro.j2" import toml_encode with context -%}
8 |
9 | {{ toml_encode(toml_data) }}
10 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/templates/config-encoder-macros/templates/test.yaml.j2:
--------------------------------------------------------------------------------
1 | #
2 | # This file is managed by Ansible.
3 | # Do not edit this file manually.
4 | # Any changes will be automatically reverted.
5 | #
6 |
7 | {% from "macros/yaml_encode_macro.j2" import yaml_encode with context -%}
8 |
9 | {{ yaml_encode(yaml_data) }}
10 |
--------------------------------------------------------------------------------
/templates/encoder/templates/test.ini_simple.j2:
--------------------------------------------------------------------------------
1 | #
2 | # This file is managed by Ansible.
3 | # Do not edit this file manually.
4 | # Any changes will be automatically reverted.
5 | #
6 |
7 | {% from "macros/ini_encode_macro.j2" import ini_encode with context -%}
8 |
9 | {{ ini_encode(ini_data, section_is_comment=true, delimiter=" ") }}
10 |
--------------------------------------------------------------------------------
/templates/encoder/vars/xml_test.yaml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | xml_data:
4 | root:
5 | elem1: asd
6 | elem2:
7 | - asd
8 | - zxc
9 | with_attrs:
10 | 'elem3 attr1="val1" attr2=val2': 123
11 | 'elem4 attr3="val3"':
12 | - Value 1
13 | - elem5:
14 | - Value 2
15 | - Value 3
16 |
--------------------------------------------------------------------------------
/files/galaxy/config/tool_sheds_conf.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
7 |
8 |
--------------------------------------------------------------------------------
/roles/galaxyprojectdotorg.proftpd/vars/debian.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | proftpd_config_dir: /etc/proftpd
4 | proftpd_config_file: "{{ proftpd_config_dir }}/proftpd.conf"
5 | proftpd_modules_config_file: "{{ proftpd_config_dir }}/modules.conf"
6 | proftpd_config_include_dir: "{{ proftpd_config_dir }}/conf.d"
7 | proftpd_tls_sesscache_path: /run/proftpd_sesscache
8 |
--------------------------------------------------------------------------------
/roles/galaxyprojectdotorg.proftpd/vars/redhat.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | proftpd_config_dir: /etc
4 | proftpd_config_file: "{{ proftpd_config_dir }}/proftpd.conf"
5 | proftpd_modules_config_file: "{{ proftpd_config_dir }}/proftpd.conf"
6 | proftpd_config_include_dir: "{{ proftpd_config_dir }}/proftpd.conf.d"
7 | proftpd_tls_sesscache_path: /run/proftpd/sesscache
8 |
--------------------------------------------------------------------------------
/.flake8:
--------------------------------------------------------------------------------
1 | [flake8]
2 | exclude =
3 | .venv
4 | collections
5 | roles/htcondor
6 | roles/hxr.monitor-galaxy
7 | roles/hxr.monitor-squid
8 | roles/hxr.simple-nagios
9 | roles/jasonroyle.rabbitmq
10 | templates/encoder/yaml_converter.py
11 | ignore =
12 | E203,
13 | W503
14 | docstring-convention = google
15 |
--------------------------------------------------------------------------------
/files/galaxy-test/config/tool_sheds_conf.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
7 |
8 |
--------------------------------------------------------------------------------
/roles/hxr.gx-cookie-proxy/files/gx-cookie-proxy.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Galaxy Cookie Proxy
3 | After=network-online.target
4 |
5 | [Service]
6 | EnvironmentFile=/etc/sysconfig/gx-cookie-proxy
7 | Type=simple
8 | ExecStart=/usr/bin/gx-cookie-proxy
9 | Restart=always
10 | User=gxp
11 |
12 | [Install]
13 | WantedBy=network-online.target
14 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/templates/config-encoder-macros/templates/test.apache.j2:
--------------------------------------------------------------------------------
1 | #
2 | # This file is managed by Ansible.
3 | # Do not edit this file manually.
4 | # Any changes will be automatically reverted.
5 | #
6 |
7 | {% from "macros/apache_encode_macro.j2" import apache_encode with context -%}
8 |
9 | {{ apache_encode(apache_data) }}
10 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/templates/config-encoder-macros/templates/test.erlang.j2:
--------------------------------------------------------------------------------
1 | %
2 | % This file is managed by Ansible.
3 | % Do not edit this file manually.
4 | % Any changes will be automatically reverted.
5 | %
6 |
7 | {% from "macros/erlang_encode_macro.j2" import erlang_encode with context -%}
8 |
9 | {{ erlang_encode(erlang_data) }}
10 |
--------------------------------------------------------------------------------
/roles/devops.tomcat7/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # defaults file for ansible-role-tomcat7
3 |
4 | tomcat7_packages:
5 | - tomcat
6 | - tomcat-admin-webapps
7 | - tomcat-webapps
8 |
9 | tomcat7_hostname: localhost
10 | tomcat7_server_port: 8005
11 | tomcat7_catalina_port: 8080
12 | tomcat7_catalina_redirect_port: 8443
13 | tomcat7_ajp_port: 8009
14 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.plausible/templates/plausible.j2:
--------------------------------------------------------------------------------
1 | ADMIN_USER_EMAIL=admin@galaxyproject.eu
2 | ADMIN_USER_NAME=admin
3 | ADMIN_USER_PWD="{{ plausible_admin_password }}"
4 | BASE_URL="https://plausible.galaxyproject.eu"
5 | SECRET_KEY_BASE="{{ plausible_secret_key }}"
6 | DISABLE_REGISTRATION={{ plausible_lock_register }}
7 | MAILER_EMAIL="{{ plausible_from_mail }}"
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/templates/config-encoder-macros/templates/test.logstash.j2:
--------------------------------------------------------------------------------
1 | #
2 | # This file is managed by Ansible.
3 | # Do not edit this file manually.
4 | # Any changes will be automatically reverted.
5 | #
6 |
7 | {% from "macros/logstash_encode_macro.j2" import logstash_encode with context -%}
8 |
9 | {{ logstash_encode(logstash_data) }}
10 |
--------------------------------------------------------------------------------
/roles/geerlingguy.nginx/vars/RedHat.yml:
--------------------------------------------------------------------------------
1 | ---
2 | root_group: root
3 | nginx_conf_path: /etc/nginx/conf.d
4 | nginx_conf_file_path: /etc/nginx/nginx.conf
5 | nginx_mime_file_path: /etc/nginx/mime.types
6 | nginx_pidfile: /var/run/nginx.pid
7 | nginx_vhost_path: /etc/nginx/conf.d
8 | nginx_default_vhost_path: /etc/nginx/conf.d/default.conf
9 | __nginx_user: "nginx"
10 |
--------------------------------------------------------------------------------
/roles/hxr.api-check/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: install dependencies
3 | package:
4 | name: "{{ item }}"
5 | state: present
6 | with_items:
7 | - curl
8 |
9 | - name: "Install http-api-check script"
10 | template:
11 | src: http-api-check.sh
12 | dest: /usr/bin/http-api-check
13 | owner: root
14 | group: root
15 | mode: 0755
16 |
--------------------------------------------------------------------------------
/roles/hxr.monitor-galaxy/files/galaxy_job_queue_states.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Description: This script is used to get the number of jobs in each state in the Galaxy job queue.
3 | job_state_stats=$(/usr/bin/gxadmin tsvquery queue-detail --all | awk '{print $1}' | sort | uniq -c)
4 | echo "$job_state_stats" | awk '{print "galaxy_job_queue_states_stats,job_state="$2" value="$1}'
5 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.galactic-radio-telescope/templates/env.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | export DJANGO_SETTINGS_MODULE=base.production
3 | export DJANGO_ALLOWED_HOSTS="{{ grt_allowed_hosts }}"
4 | export GRT_UPLOAD_DIR={{ grt_upload_dir }}
5 | export PGHOST="{{ grt_pghost }}" PGUSER="{{ grt_pguser }}" PGNAME="{{ grt_pgname }}" PGPORT="{{ grt_pgport }}" PGPASSWORD="{{ grt_pgpassword }}"
6 |
--------------------------------------------------------------------------------
/roles/geerlingguy.nginx/vars/Archlinux.yml:
--------------------------------------------------------------------------------
1 | ---
2 | root_group: root
3 | nginx_conf_path: /etc/nginx/conf.d
4 | nginx_conf_file_path: /etc/nginx/nginx.conf
5 | nginx_mime_file_path: /etc/nginx/mime.types
6 | nginx_pidfile: /run/nginx.pid
7 | nginx_vhost_path: /etc/nginx/sites-enabled
8 | nginx_default_vhost_path: /etc/nginx/sites-enabled/default
9 | __nginx_user: "http"
10 |
--------------------------------------------------------------------------------
/roles/geerlingguy.nginx/vars/Debian.yml:
--------------------------------------------------------------------------------
1 | ---
2 | root_group: root
3 | nginx_conf_path: /etc/nginx/conf.d
4 | nginx_conf_file_path: /etc/nginx/nginx.conf
5 | nginx_mime_file_path: /etc/nginx/mime.types
6 | nginx_pidfile: /run/nginx.pid
7 | nginx_vhost_path: /etc/nginx/sites-enabled
8 | nginx_default_vhost_path: /etc/nginx/sites-enabled/default
9 | __nginx_user: "www-data"
10 |
--------------------------------------------------------------------------------
/templates/encoder/templates/test.xml.j2:
--------------------------------------------------------------------------------
1 |
2 |
3 |
10 |
11 | {% from "macros/xml_encode_macro.j2" import xml_encode with context -%}
12 |
13 | {{ xml_encode(xml_data) }}
14 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/templates/config-encoder-macros/templates/test.ini_simple.j2:
--------------------------------------------------------------------------------
1 | #
2 | # This file is managed by Ansible.
3 | # Do not edit this file manually.
4 | # Any changes will be automatically reverted.
5 | #
6 |
7 | {% from "macros/ini_encode_macro.j2" import ini_encode with context -%}
8 |
9 | {{ ini_encode(ini_data, section_is_comment=true, delimiter=" ") }}
10 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/templates/config-encoder-macros/vars/xml_test.yaml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | xml_data:
4 | root:
5 | elem1: asd
6 | elem2:
7 | - asd
8 | - zxc
9 | with_attrs:
10 | 'elem3 attr1="val1" attr2=val2': 123
11 | 'elem4 attr3="val3"':
12 | - Value 1
13 | - elem5:
14 | - Value 2
15 | - Value 3
16 |
--------------------------------------------------------------------------------
/roles/hxr.docker-ssl-client/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Certs
3 | - name: mkdir
4 | file:
5 | path: "~/.docker"
6 | state: directory
7 | mode: '0750'
8 |
9 | - name: Setup docker for user
10 | copy:
11 | src: "{{ item }}"
12 | dest: "~/.docker/{{ item }}"
13 | mode: "0640"
14 | with_items:
15 | - ca.pem
16 | - cert.pem
17 | - key.pem
18 |
19 |
--------------------------------------------------------------------------------
/roles/hxr.docker-ssl/defaults/main.yml:
--------------------------------------------------------------------------------
1 | docker_server_key: /etc/pki/tls/private/docker.pem
2 | docker_server_csr: /etc/pki/tls/private/docker.pem.csr
3 | docker_server_crt: /etc/pki/tls/certs/docker.crt
4 |
5 | docker_client_key: /etc/pki/tls/private/docker-client.pem
6 | docker_client_csr: /etc/pki/tls/private/docker-client.pem.csr
7 | docker_client_crt: /etc/pki/tls/certs/docker-client.crt
8 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.galactic-radio-telescope/tasks/dependencies.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Install all of the necessary dependencies
3 | pip:
4 | virtualenv: "{{ grt_dir }}/venv/"
5 | requirements: "{{ grt_dir }}/code/requirements.txt"
6 | notify: 'reload grt'
7 |
8 | - name: Install postgres client on centos
9 | package:
10 | name: postgresql
11 | state: present
12 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.jenkins-ssh-key/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - file:
2 | path: "{{ jenkins_home }}/.ssh"
3 | state: directory
4 | mode: 0750
5 | owner: jenkins
6 | group: jenkins
7 |
8 | - copy:
9 | dest: "{{ jenkins_home }}/.ssh/id_rsa"
10 | mode: 0400
11 | owner: jenkins
12 | group: jenkins
13 | content: "{{ jenkins_ssh_key }}"
14 | no_log: true
15 |
--------------------------------------------------------------------------------
/files/galaxy/config/themes/annotation.yml:
--------------------------------------------------------------------------------
1 | annotation:
2 | masthead:
3 | color: >
4 | linear-gradient(to right, #3337 0, #3337 365px, transparent 365px),
5 | linear-gradient(to left, #3337 0, #3337 120px, transparent 120px),
6 | left / 23% url("/static/dist/annotation.png")
7 | link:
8 | color: "#3337"
9 | hover: "#3339"
10 | active: "#333e"
11 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.gapars-galaxy/templates/service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Galaxy GAPARS group joining service
3 | After=network.target
4 |
5 | [Service]
6 | User={{ gapars_user }}
7 | Group={{ gapars_group }}
8 | ExecStart={{ gapars_dir }}/run.sh
9 | Restart=on-failure
10 | RestartForceExitStatus=SIGPIPE
11 | KillMode=control-group
12 |
13 | [Install]
14 | WantedBy=multi-user.target
15 |
--------------------------------------------------------------------------------
/files/galaxy/config/themes/hicexplorer.yml:
--------------------------------------------------------------------------------
1 | hicexplorer:
2 | masthead:
3 | color: >
4 | linear-gradient(to right, #3337 0, #3337 285px, transparent 285px),
5 | linear-gradient(to left, #3337 0, #3337 120px, transparent 120px),
6 | left / 340px url("/static/dist/hicexplorer.png")
7 | link:
8 | color: "#3337"
9 | hover: "#3339"
10 | active: "#333e"
11 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/templates/rabbitmq.config.j2:
--------------------------------------------------------------------------------
1 | %
2 | % This file is managed by Ansible.
3 | % Do not edit this file manually.
4 | % Any changes will be automatically reverted.
5 | %
6 |
7 | {% from "templates/config-encoder-macros/macros/erlang_encode_macro.j2" import erlang_encode with context -%}
8 |
9 | {{ erlang_encode(rabbitmq_config, convert_bools=true, convert_nums=true) }}
10 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.galactic-radio-telescope/tasks/account.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: Create group
4 | user:
5 | name: "{{ grt_group }}"
6 | state: present
7 | when: grt_create_group
8 |
9 | - name: Create user account
10 | user:
11 | name: "{{ grt_user }}"
12 | comment: GRT User
13 | group: "{{ grt_group }}"
14 | home: "{{ grt_dir }}"
15 | when: grt_create_user
16 |
--------------------------------------------------------------------------------
/templates/encoder/puppet_apply.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Apply Puppet manifests
4 | puppet apply \
5 | --test \
6 | --confdir=. \
7 | --ssldir=/tmp/puppet_ssl \
8 | --templatedir=./templates \
9 | $@ \
10 | ./site.pp
11 |
12 | # Or you can use ERB directly:
13 | # $ erb -r ostruct -T '-' 'ini_data={"aaa" => "bbb", "ccc" => {"ddd" => "eee"}}' ./templates/test.ini.erb
14 |
--------------------------------------------------------------------------------
/roles/linuxhq.yum_cron/meta/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | dependencies: []
3 | galaxy_info:
4 | role_name: yum_cron
5 | author: tkimball83
6 | description: RHEL/CentOS - An interface to conveniently call yum from cron
7 | license: GPLv3
8 | min_ansible_version: 2.5
9 | platforms:
10 | - name: EL
11 | versions:
12 | - 6
13 | - 7
14 | galaxy_tags:
15 | - yum
16 | ...
17 |
--------------------------------------------------------------------------------
/roles/linuxhq.yum_cron/.travis.yml:
--------------------------------------------------------------------------------
1 | ---
2 | language: python
3 | python: "2.7"
4 | sudo: required
5 | install:
6 | - pip install ansible
7 | - ansible --version
8 | - printf '[defaults]\nroles_path=../' > ansible.cfg
9 | script:
10 | - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
11 | notifications:
12 | webhooks: https://galaxy.ansible.com/api/v1/notifications/
13 | ...
14 |
--------------------------------------------------------------------------------
/templates/encoder/templates/test.ini.erb:
--------------------------------------------------------------------------------
1 | #
2 | # This file is managed by Puppet.
3 | # Do not edit this file manually.
4 | # Any changes will be automatically reverted.
5 | #
6 |
7 | <%-
8 | item = @ini_data || (ini_data.kind_of?(String) ? eval(ini_data) : ini_data)
9 | -%>
10 | <%= ERB.new(IO.read('macros/ini_encode_macro.erb'), nil, '-', '_erbout1').result(OpenStruct.new().send(:binding)) -%>
11 |
--------------------------------------------------------------------------------
/roles/geerlingguy.nginx/vars/OpenBSD.yml:
--------------------------------------------------------------------------------
1 | ---
2 | root_group: wheel
3 | nginx_conf_path: /etc/nginx/conf.d
4 | nginx_conf_file_path: /etc/nginx/nginx.conf
5 | nginx_mime_file_path: /etc/nginx/mime.types
6 | nginx_pidfile: /var/run/nginx.pid
7 | nginx_vhost_path: /etc/nginx/sites-enabled
8 | nginx_default_vhost_path: /etc/nginx/sites-enabled/default
9 | nginx_package_name: "nginx--"
10 | __nginx_user: "www"
11 |
--------------------------------------------------------------------------------
/roles/hxr.dns/templates/refresh.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | certbot certonly \
3 | --expand \
4 | --no-eff-email \
5 | --preferred-challenges http-01 \
6 | --http-01-port 8118 \
7 | {% for domain in server_names %}
8 | -d {{ domain }} \
9 | {% endfor %}
10 | {% for domain in server_names_de %}
11 | -d {{ domain }} \
12 | {% endfor %}
13 | --standalone \
14 | --agree-tos \
15 | -m security@usegalaxy.eu
16 |
--------------------------------------------------------------------------------
/roles/multinic/templates/rule-eth1.j2:
--------------------------------------------------------------------------------
1 | from {{ ansible_eth1.ipv4.address }}/32 tab 201
2 | to {{ ansible_eth1.ipv4.address }}/32 tab 201
3 |
4 | from 10.4.7.0/24 tab 201
5 | to 10.4.7.0/24 tab 201
6 |
7 | from 132.230.68.1/32 tab 201
8 | to 132.230.68.1/32 tab 201
9 | from 132.230.68.2/32 tab 201
10 | to 132.230.68.2/32 tab 201
11 | from 132.230.68.4/32 tab 201
12 | to 132.230.68.4/32 tab 201
13 |
--------------------------------------------------------------------------------
/roles/hxr.admin-tools/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | admin_packages:
3 | - vim
4 | - htop
5 | - atop
6 | - strace
7 | - jq
8 | - iftop
9 | - wget
10 | - curl
11 | - tmux
12 | - git
13 | - nmap
14 | - tcpdump
15 | - net-tools
16 | - unzip
17 | - mutt
18 | - byobu
19 | - tmpwatch
20 | - rclone
21 | # centos specific
22 | - setools-console
23 | - yum-utils
24 | - bind-utils
25 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/templates/config-encoder-macros/templates/test.xml.j2:
--------------------------------------------------------------------------------
1 |
2 |
3 |
10 |
11 | {% from "macros/xml_encode_macro.j2" import xml_encode with context -%}
12 |
13 | {{ xml_encode(xml_data) }}
14 |
--------------------------------------------------------------------------------
/templates/galaxy/config/vault_conf.yml.j2:
--------------------------------------------------------------------------------
1 | type: database
2 | path_prefix: /galaxy
3 | # Encryption keys must be valid fernet keys
4 | # To generate a valid key:
5 | #
6 | # Use the ascii string value as a key
7 | # For more details, see: https://cryptography.io/en/latest/fernet/#
8 | encryption_keys:
9 | {% for encryption_key in galaxy_vault_encryption_keys %}
10 | - {{ encryption_key }}
11 | {% endfor %}
12 |
--------------------------------------------------------------------------------
/files/galaxy/config/themes/virology.yml:
--------------------------------------------------------------------------------
1 | virology:
2 | masthead:
3 | color: >
4 | linear-gradient(50deg,
5 | hsl(240deg 100% 20%) 0%,
6 | hsl(234deg 95% 23%) 13%,
7 | hsl(227deg 90% 26%) 26%,
8 | hsl(220deg 85% 29%) 38%,
9 | hsl(213deg 79% 32%) 52%,
10 | hsl(207deg 74% 35%) 66%,
11 | hsl(200deg 69% 38%) 82%,
12 | hsl(194deg 64% 42%) 100%)
13 |
--------------------------------------------------------------------------------
/roles/hxr.grafana-gitter-bridge/defaults/main.yml:
--------------------------------------------------------------------------------
1 | # ggb Configuration
2 | ggb_galaxy_db_url: postgres
3 | ggb_redirect_url: "https://usegalaxy.eu"
4 | ggb_galaxy_idsecret: "DEFAULT IS INSECURE!"
5 | ggb_trainings:
6 | - test
7 |
8 | # ggb Deployment
9 | ggb_dir: /opt/ggb
10 | ggb_user: ggb
11 | ggb_group: ggb
12 | ggb_version: master
13 | ggb_create_user: no
14 | ggb_create_group: no
15 | ggb_force_checkout: yes
16 |
--------------------------------------------------------------------------------
/roles/ssh-host-resign/files/server_ca.pub:
--------------------------------------------------------------------------------
1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLQD6fG38uwFj91GSe6YnRnBuTjXWZN6Pck1JRCTWtufwKV0SZNczD+qUdnFfZrCx/wBVK8R6zL2VWS9hcFK1LuE8HK86f8qG/gcB6yFt/0I/PWoSjcbUMPQTzFIy8yxvdIoPTlj/P6+uNgweTvMFI4+UOuCI71IhB/liTHn1/2dXQM94SFd4VQeg+3Tc6gDxEqRSS6dLIq0uvR8//luIpoW38yh2ozwHmjMKTvHnbduGqHlES4qz9cU9iZkWoPzSp+qoxCOijHvwzL5vD0/k4hZ/iJyTzDHQLDra3Kaa8ykWdERCxjpMp1y9dVQ23lVxp+UUAt3RHOCU1/KuNM9Pr hxr@mk
2 |
--------------------------------------------------------------------------------
/roles/ssh-host-sign/files/server_ca.pub:
--------------------------------------------------------------------------------
1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLQD6fG38uwFj91GSe6YnRnBuTjXWZN6Pck1JRCTWtufwKV0SZNczD+qUdnFfZrCx/wBVK8R6zL2VWS9hcFK1LuE8HK86f8qG/gcB6yFt/0I/PWoSjcbUMPQTzFIy8yxvdIoPTlj/P6+uNgweTvMFI4+UOuCI71IhB/liTHn1/2dXQM94SFd4VQeg+3Tc6gDxEqRSS6dLIq0uvR8//luIpoW38yh2ozwHmjMKTvHnbduGqHlES4qz9cU9iZkWoPzSp+qoxCOijHvwzL5vD0/k4hZ/iJyTzDHQLDra3Kaa8ykWdERCxjpMp1y9dVQ23lVxp+UUAt3RHOCU1/KuNM9Pr hxr@mk
2 |
--------------------------------------------------------------------------------
/templates/nginx/telescope-ssl.j2:
--------------------------------------------------------------------------------
1 | server {
2 | listen 443 ssl;
3 | listen [::]:443 ssl;
4 |
5 | server_name telescope.galaxyproject.eu;
6 |
7 | location / {
8 | proxy_pass http://telescope.internal.galaxyproject.eu/;
9 | proxy_cache STATIC;
10 | proxy_cache_valid 200 20m;
11 | proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
12 | }
13 | }
14 |
--------------------------------------------------------------------------------
/roles/geerlingguy.nginx/vars/FreeBSD.yml:
--------------------------------------------------------------------------------
1 | ---
2 | root_group: wheel
3 | nginx_conf_path: /usr/local/etc/nginx/conf.d
4 | nginx_conf_file_path: /usr/local/etc/nginx/nginx.conf
5 | nginx_mime_file_path: /usr/local/etc/nginx/mime.types
6 | nginx_pidfile: /var/run/nginx.pid
7 | nginx_vhost_path: /usr/local/etc/nginx/sites-enabled
8 | nginx_default_vhost_path: /usr/local/etc/nginx/sites-enabled/default
9 | __nginx_user: "www"
10 |
--------------------------------------------------------------------------------
/roles/hxr.galaxy-cron/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - cron:
3 | name: Docker cleanup
4 | job: ". {{ galaxy_root }}/.bashrc && docker system prune -f > /dev/null"
5 | minute: 30
6 | hour: 2
7 |
8 | - cron:
9 | name: Cleanup held jobs
10 | job: condor_q -hold -autoformat ClusterId EnteredCurrentStatus CurrentTime | awk '(($3-$2) > (60*60)){print $1}' | xargs --no-run-if-empty condor_rm
11 | minute: 15
12 |
--------------------------------------------------------------------------------
/templates/encoder/vars/erlang_test.yaml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | erlang_data:
4 | - rabbit:
5 | - tcp_listeners:
6 | - '"127.0.0.1"': 5672
7 | - ssl_listeners:
8 | - 5671
9 | - ssl_options:
10 | - cacertfile: /path/to/testca/cacert.pem
11 | - certfile: /path/to/server/cert.pem
12 | - keyfile: /path/to/server/key.pem
13 | - verify: verify_peer
14 | - fail_if_no_peer_cert: true
15 |
--------------------------------------------------------------------------------
/roles/geerlingguy.nginx/tasks/setup-Ubuntu.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Add PPA for Nginx.
3 | apt_repository:
4 | repo: 'ppa:nginx/{{ nginx_ppa_version }}'
5 | state: present
6 | update_cache: yes
7 | register: nginx_ppa_added
8 | when: nginx_ppa_use
9 |
10 | - name: Ensure nginx will reinstall if the PPA was just added.
11 | apt:
12 | name: nginx
13 | state: absent
14 | when: nginx_ppa_added.changed
15 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/meta/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | galaxy_info:
3 | author: jasonroyle
4 | description: RabbitMQ
5 | license: MIT
6 | min_ansible_version: 1.2
7 | platforms:
8 | - name: EL
9 | versions:
10 | - 5
11 | - 6
12 | - 7
13 | - name: Ubuntu
14 | versions:
15 | - trusty
16 | galaxy_tags:
17 | - rabbitmq
18 | - amqp
19 | - plugin
20 | - cluster
21 |
22 | dependencies: []
23 |
--------------------------------------------------------------------------------
/roles/hxr.zfs-monit/files/monitor.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | properties=used,available,referenced,compressratio,usedbysnapshots,usedbydataset,usedbychildren,usedbyrefreservation,written,logicalused,logicalreferenced
3 |
4 | for pool in $(zfs list -H | cut -f1); do
5 | output=$(zfs get $properties -Hp tank/cvmfs | sed 's/compressratio\(.*\)x/compressratio\1/' | awk '{print $2"="$3}' | paste -d, -s)
6 | echo "zfs.extra,pool=$pool $output"
7 | done
8 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/templates/config-encoder-macros/puppet_apply.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Apply Puppet manifests
4 | puppet apply \
5 | --test \
6 | --confdir=. \
7 | --ssldir=/tmp/puppet_ssl \
8 | --templatedir=./templates \
9 | $@ \
10 | ./site.pp
11 |
12 | # Or you can use ERB directly:
13 | # $ erb -r ostruct -T '-' 'ini_data={"aaa" => "bbb", "ccc" => {"ddd" => "eee"}}' ./templates/test.ini.erb
14 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.fix-stuck-handlers/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Wed Jun 19 17:58:28 CEST 2019 HXR Added because they get badly behaved so
3 | # we're best off to just restart regularly.
4 |
5 | - name: Restart Galaxy processes
6 | cron:
7 | name: "{{ item.name }}"
8 | minute: "{{ item.minute }}"
9 | hour: "{{ item.hour }}"
10 | job: "{{ item.job }}"
11 | user: "{{ item.user }}"
12 | loop: "{{ cron_tasks }}"
13 |
--------------------------------------------------------------------------------
/templates/galaxy/config/galaxy_workflow_scheduler.j2:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {% for n in range(galaxy_workflow_scheduler_count) %}
6 |
7 | {% endfor %}
8 |
9 |
10 |
--------------------------------------------------------------------------------
/templates/nginx/redirect-ssl.j2:
--------------------------------------------------------------------------------
1 | server {
2 | listen 80 default_server;
3 | listen [::]:80 default_server;
4 |
5 | server_name {{ inventory_hostname }};
6 |
7 | {% if certbot_well_known_root is defined %}
8 | location /.well-known/ {
9 | root {{ certbot_well_known_root }};
10 | }
11 | {% endif %}
12 |
13 | location / {
14 | return 302 https://$host$request_uri;
15 | }
16 | }
17 |
--------------------------------------------------------------------------------
/files/traefik/rules/usegalaxy-eu-router.yml:
--------------------------------------------------------------------------------
1 | http:
2 | routers:
3 | usegalaxy-eu-rtr:
4 | rule: "Host(`usegalaxy.eu`) || HostRegexp(`^.+\\.usegalaxy\\.eu`)"
5 | service: "usegalaxy-eu"
6 | entryPoints:
7 | - websecure
8 | tls:
9 | certResolver: "route53"
10 | domains:
11 | - main: "usegalaxy.eu"
12 | sans:
13 | - "*.ep.interactivetool.usegalaxy.eu"
14 |
--------------------------------------------------------------------------------
/templates/encoder/templates/test.toml.erb:
--------------------------------------------------------------------------------
1 | #
2 | # This file is managed by Puppet.
3 | # Do not edit this file manually.
4 | # Any changes will be automatically reverted.
5 | #
6 |
7 | <%-
8 | item = @toml_data || (toml_data.kind_of?(String) ? eval(toml_data) : toml_data)
9 | macro_path = 'macros/toml_encode_macro.erb'
10 | -%>
11 | <%= ERB.new(IO.read(macro_path), nil, '-', '_erbout1').result(OpenStruct.new().send(:binding)) -%>
12 |
--------------------------------------------------------------------------------
/templates/encoder/templates/test.yaml.erb:
--------------------------------------------------------------------------------
1 | #
2 | # This file is managed by Puppet.
3 | # Do not edit this file manually.
4 | # Any changes will be automatically reverted.
5 | #
6 |
7 | <%-
8 | item = @yaml_data || (yaml_data.kind_of?(String) ? eval(yaml_data) : yaml_data)
9 | macro_path = 'macros/yaml_encode_macro.erb'
10 | -%>
11 | <%= ERB.new(IO.read(macro_path), nil, '-', '_erbout1').result(OpenStruct.new().send(:binding)) -%>
12 |
--------------------------------------------------------------------------------
/templates/galaxy-test/config/galaxy_workflow_scheduler.j2:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {% for n in range(galaxy_workflow_scheduler_count) %}
6 |
7 | {% endfor %}
8 |
9 |
10 |
--------------------------------------------------------------------------------
/templates/nginx/telescope.j2:
--------------------------------------------------------------------------------
1 | server {
2 |
3 | listen 80 default_server;
4 | listen [::]:80 default_server;
5 |
6 | server_name {{ inventory_hostname }};
7 |
8 | location /api/ {
9 | alias /srv/nginx/grt-api/;
10 | autoindex on;
11 | }
12 |
13 | location / {
14 | alias /srv/nginx/grt/;
15 | }
16 |
17 | location /grt/ {
18 | uwsgi_pass 127.0.0.1:8080;
19 | include uwsgi_params;
20 | }
21 |
22 | }
23 |
--------------------------------------------------------------------------------
/roles/hxr.autofs/templates/data.autofs.j2:
--------------------------------------------------------------------------------
1 | /data /etc/auto.data nfsvers=3
2 | {% if "discontinued" in usegalaxy_eu_autofs_mounts %}
3 | /discontinued /etc/auto.discontinued nfsvers=3
4 | {% endif %}
5 | {% if "usrlocal" in usegalaxy_eu_autofs_mounts %}
6 | /- /etc/auto.usrlocal nfsvers=3
7 | {% endif %}
8 | {% if "vdb" in usegalaxy_eu_autofs_mounts %}
9 | /vols /etc/auto.vols
10 | {% endif %}
11 |
--------------------------------------------------------------------------------
/roles/hxr.grafana-gitter-bridge/templates/ggb.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Grafana gitter bridge
3 | Documentation=https://github.com/usegalaxy-eu/grafana-gitter-bridge
4 | After=network.target
5 |
6 | [Service]
7 | User={{ ggb_user }}
8 | Group={{ ggb_group }}
9 | ExecStart={{ ggb_dir }}/run.sh
10 | Restart=on-failure
11 | RestartForceExitStatus=SIGPIPE
12 | KillMode=control-group
13 |
14 | [Install]
15 | WantedBy=multi-user.target
16 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/templates/config-encoder-macros/templates/test.ini.erb:
--------------------------------------------------------------------------------
1 | #
2 | # This file is managed by Puppet.
3 | # Do not edit this file manually.
4 | # Any changes will be automatically reverted.
5 | #
6 |
7 | <%-
8 | item = @ini_data || (ini_data.kind_of?(String) ? eval(ini_data) : ini_data)
9 | -%>
10 | <%= ERB.new(IO.read('macros/ini_encode_macro.erb'), nil, '-', '_erbout1').result(OpenStruct.new().send(:binding)) -%>
11 |
--------------------------------------------------------------------------------
/templates/encoder/templates/test.apache.erb:
--------------------------------------------------------------------------------
1 | #
2 | # This file is managed by Puppet.
3 | # Do not edit this file manually.
4 | # Any changes will be automatically reverted.
5 | #
6 |
7 | <%-
8 | item = @apache_data || (apache_data.kind_of?(String) ? eval(apache_data) : apache_data)
9 | macro_path = 'macros/apache_encode_macro.erb'
10 | -%>
11 | <%= ERB.new(IO.read(macro_path), nil, '-', '_erbout1').result(OpenStruct.new().send(:binding)) -%>
12 |
--------------------------------------------------------------------------------
/templates/encoder/templates/test.erlang.erb:
--------------------------------------------------------------------------------
1 | %
2 | % This file is managed by Puppet.
3 | % Do not edit this file manually.
4 | % Any changes will be automatically reverted.
5 | %
6 |
7 | <%-
8 | item = @erlang_data || (erlang_data.kind_of?(String) ? eval(erlang_data) : erlang_data)
9 | macro_path = 'macros/erlang_encode_macro.erb'
10 | -%>
11 | <%= ERB.new(IO.read(macro_path), nil, '-', '_erbout1').result(OpenStruct.new().send(:binding)) -%>
12 |
--------------------------------------------------------------------------------
/group_vars/dnbd3primary/vars.yml:
--------------------------------------------------------------------------------
1 | ---
2 | dnbd3_is_proxy: false
3 | dnbd3_base_path: "/export/dnbd3-cache/images"
4 | tftpboot_path: "/export/dnbd3-cache/boot"
5 | apache_listen_port: 80
6 | apache_remove_default_vhost: true
7 | apache_vhosts:
8 | - servername: "dnbd3-primary.galaxyproject.eu"
9 | serveralias: "{{ hostvars['dnbd3-primary.galaxyproject.eu']['ansible_default_ipv4']['address'] }}"
10 | documentroot: "/export/dnbd3-cache/http"
11 |
--------------------------------------------------------------------------------
/templates/nginx/proxy-ssl.j2:
--------------------------------------------------------------------------------
1 | server {
2 |
3 | listen 443 ssl default_server;
4 | listen [::]:443 ssl default_server;
5 |
6 | server_name {{ inventory_hostname }};
7 |
8 | # TODO: move this to be a separate vhost
9 | location /rabbit/ {
10 | proxy_pass http://127.0.0.1:15672/;
11 | }
12 |
13 | location /stash/ {
14 | root /srv/nginx/;
15 | autoindex on;
16 | }
17 |
18 | }
19 |
--------------------------------------------------------------------------------
/roles/kysrpex.systemd_nspawn/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | nspawn_name: nspawn
3 | nspawn_distro: "rocky"
4 | nspawn_release: "9"
5 | nspawn_packages:
6 | - dhcp-client
7 | - dnf
8 | - glibc-langpack-en
9 | - iproute
10 | - iputils
11 | - less
12 | - passwd
13 | - systemd
14 | - dbus
15 | - vim-minimal
16 |
17 | nspawn_config: |
18 | # systemd-nspawn container configuration file
19 |
20 | nspawn_enable: true
21 | nspawn_start: true
22 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/templates/config-encoder-macros/vars/erlang_test.yaml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | erlang_data:
4 | - rabbit:
5 | - tcp_listeners:
6 | - '"127.0.0.1"': 5672
7 | - ssl_listeners:
8 | - 5671
9 | - ssl_options:
10 | - cacertfile: /path/to/testca/cacert.pem
11 | - certfile: /path/to/server/cert.pem
12 | - keyfile: /path/to/server/key.pem
13 | - verify: verify_peer
14 | - fail_if_no_peer_cert: true
15 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.galactic-radio-telescope/templates/grt.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Galactic Radio Telescope
3 | Documentation=https://github.com/erasche/galactic-radio-telescope
4 | After=network.target
5 |
6 | [Service]
7 | User={{ grt_user.name }}
8 | Group={{ grt_group.name }}
9 | ExecStart={{ grt_dir }}/run.sh
10 | Restart=on-failure
11 | RestartForceExitStatus=SIGPIPE
12 | KillMode=control-group
13 |
14 | [Install]
15 | WantedBy=multi-user.target
16 |
--------------------------------------------------------------------------------
/templates/encoder/templates/test.ini_simple.erb:
--------------------------------------------------------------------------------
1 | #
2 | # This file is managed by Puppet.
3 | # Do not edit this file manually.
4 | # Any changes will be automatically reverted.
5 | #
6 |
7 | <%-
8 | item = @ini_data || (ini_data.kind_of?(String) ? eval(ini_data) : ini_data)
9 | delimiter = ' '
10 | section_is_comment = true
11 | -%>
12 | <%= ERB.new(IO.read('macros/ini_encode_macro.erb'), nil, '-', '_erbout1').result(OpenStruct.new().send(:binding)) -%>
13 |
--------------------------------------------------------------------------------
/templates/encoder/templates/test.logstash.erb:
--------------------------------------------------------------------------------
1 | #
2 | # This file is managed by Puppet.
3 | # Do not edit this file manually.
4 | # Any changes will be automatically reverted.
5 | #
6 |
7 | <%-
8 | item = @logstash_data || (logstash_data.kind_of?(String) ? eval(logstash_data) : logstash_data)
9 | macro_path = 'macros/logstash_encode_macro.erb'
10 | -%>
11 | <%= ERB.new(IO.read(macro_path), nil, '-', '_erbout1').result(OpenStruct.new().send(:binding)) -%>
12 |
--------------------------------------------------------------------------------
/roles/hxr.simple-nagios/templates/gx-api-creds.json:
--------------------------------------------------------------------------------
1 | {
2 | "url": "{{ galaxy_test_url }}",
3 | "username": "{{ galaxy_test_user.username }}",
4 | "password": "{{ galaxy_test_user.password }}",
5 | "api_key": "{{ galaxy_test_user.api_key }}",
6 | "galaxy_test_name": "{{ galaxy_test_name }}",
7 | "handlers": [
8 | {% for handler in galaxy_test_user.handlers %}
9 | "{{ handler }}"{% if not loop.last %},{% endif %}
10 | {% endfor %}
11 | ]
12 | }
13 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.vgcn-monitoring/meta/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | galaxy_info:
3 | author: The Galaxy Project
4 | description: Installs a VGCN monitoring script and a Telegraf configuration file
5 | to monitor the VGCN nodes.
6 | company: The Galaxy Project
7 | license: MIT
8 | min_ansible_version: 2.5
9 | platforms:
10 | - name: EL
11 | versions:
12 | - 8
13 | - 9
14 | galaxy_tags:
15 | - system
16 | - monitoring
17 | dependencies: []
18 |
--------------------------------------------------------------------------------
/roles/devops.tomcat7/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # tasks file for ansible-role-tomcat7
3 |
4 | # Variable setup.
5 | - name: Include OS-specific variables.
6 | include_vars: "{{ ansible_os_family }}.yml"
7 |
8 | # Setup/install tasks.
9 | - include: setup-RedHat.yml
10 | when: ansible_os_family == 'RedHat'
11 |
12 | # Setup/install tasks.
13 | - include: setup-Debian.yml
14 | when: ansible_os_family == 'Debian'
15 |
16 | # Configure.
17 | - include: configure.yml
18 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/templates/config-encoder-macros/templates/test.toml.erb:
--------------------------------------------------------------------------------
1 | #
2 | # This file is managed by Puppet.
3 | # Do not edit this file manually.
4 | # Any changes will be automatically reverted.
5 | #
6 |
7 | <%-
8 | item = @toml_data || (toml_data.kind_of?(String) ? eval(toml_data) : toml_data)
9 | macro_path = 'macros/toml_encode_macro.erb'
10 | -%>
11 | <%= ERB.new(IO.read(macro_path), nil, '-', '_erbout1').result(OpenStruct.new().send(:binding)) -%>
12 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/templates/config-encoder-macros/templates/test.yaml.erb:
--------------------------------------------------------------------------------
1 | #
2 | # This file is managed by Puppet.
3 | # Do not edit this file manually.
4 | # Any changes will be automatically reverted.
5 | #
6 |
7 | <%-
8 | item = @yaml_data || (yaml_data.kind_of?(String) ? eval(yaml_data) : yaml_data)
9 | macro_path = 'macros/yaml_encode_macro.erb'
10 | -%>
11 | <%= ERB.new(IO.read(macro_path), nil, '-', '_erbout1').result(OpenStruct.new().send(:binding)) -%>
12 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.galactic-radio-telescope/tasks/systemd.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Send runner script
3 | template:
4 | src: "run.sh"
5 | dest: "{{ grt_dir }}/run.sh"
6 | owner: "{{ grt_user.name }}"
7 | group: "{{ grt_group.name }}"
8 | mode: 0750
9 | notify: 'reload grt'
10 |
11 | - name: Install systemd unit file
12 | template:
13 | src: grt.service
14 | dest: /etc/systemd/system/galactic-radio-telescope.service
15 | notify: setup grt systemd
16 |
--------------------------------------------------------------------------------
/files/galaxy/config/themes/assembly.yml:
--------------------------------------------------------------------------------
1 | assembly:
2 | masthead:
3 | color: >
4 | bottom -90px left / 1000px no-repeat url("/static/dist/flying-bird-1.svg"),
5 | bottom -90px left / 1000px no-repeat url("/static/dist/flying-bird-2.svg"),
6 | linear-gradient( 20deg,
7 | rgb(7, 40, 98) 0%,
8 | rgb(69, 122, 184) 48%,
9 | rgba(165, 204, 210, 0.9676562309265136) 74%,
10 | rgb(228, 195, 131) 92%,
11 | rgb(203, 119, 79) 100%)
12 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/templates/config-encoder-macros/templates/test.apache.erb:
--------------------------------------------------------------------------------
1 | #
2 | # This file is managed by Puppet.
3 | # Do not edit this file manually.
4 | # Any changes will be automatically reverted.
5 | #
6 |
7 | <%-
8 | item = @apache_data || (apache_data.kind_of?(String) ? eval(apache_data) : apache_data)
9 | macro_path = 'macros/apache_encode_macro.erb'
10 | -%>
11 | <%= ERB.new(IO.read(macro_path), nil, '-', '_erbout1').result(OpenStruct.new().send(:binding)) -%>
12 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/templates/config-encoder-macros/templates/test.erlang.erb:
--------------------------------------------------------------------------------
1 | %
2 | % This file is managed by Puppet.
3 | % Do not edit this file manually.
4 | % Any changes will be automatically reverted.
5 | %
6 |
7 | <%-
8 | item = @erlang_data || (erlang_data.kind_of?(String) ? eval(erlang_data) : erlang_data)
9 | macro_path = 'macros/erlang_encode_macro.erb'
10 | -%>
11 | <%= ERB.new(IO.read(macro_path), nil, '-', '_erbout1').result(OpenStruct.new().send(:binding)) -%>
12 |
--------------------------------------------------------------------------------
/.yamllint:
--------------------------------------------------------------------------------
1 | ---
2 | extends: default
3 |
4 | ignore: |
5 | roles
6 | collections
7 | one-off
8 | secret_group_vars
9 | templates
10 | files/galaxy/config
11 | files/galaxy-test/config
12 | files/galaxy-test/dynamic_rules/usegalaxy/
13 | files/traefik/rules/template*
14 |
15 | rules:
16 | line-length: disable
17 | comments-indentation: disable # don't bother me with this rule
18 | comments:
19 | require-starting-space: false
20 | min-spaces-from-content: 1
21 |
--------------------------------------------------------------------------------
/roles/geerlingguy.haproxy/tests/test.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - hosts: all
3 |
4 | vars:
5 | haproxy_socket: ''
6 | haproxy_chroot: ''
7 | haproxy_user: root
8 | haproxy_group: root
9 |
10 | haproxy_backend_servers:
11 | - name: app1
12 | address: 127.0.0.1:8080
13 |
14 | pre_tasks:
15 | - name: Update apt cache.
16 | apt: update_cache=yes cache_valid_time=600
17 | when: ansible_os_family == 'Debian'
18 |
19 | roles:
20 | - role_under_test
21 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/tasks/vhosts.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: remove rabbitmq virtual hosts
3 | rabbitmq_vhost:
4 | name: "{{ item }}"
5 | state: absent
6 | with_items: "{{ rabbitmq_vhosts_absent }}"
7 |
8 | - name: add rabbitmq virtual hosts
9 | rabbitmq_vhost:
10 | name: "{{ item.name | default(item) }}"
11 | node: "{{ item.node | default('rabbit') }}"
12 | state: present
13 | tracing: "{{ item.tracing | default(False) }}"
14 | with_items: "{{ rabbitmq_vhosts }}"
15 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.logrotate/defaults/main.yml:
--------------------------------------------------------------------------------
1 | lp_logrotate_confd:
2 | - path: galaxy
3 | conf: |
4 | /var/log/galaxy/*.log {
5 | compress
6 | copytruncate
7 | daily
8 | notifempty
9 | missingok
10 | rotate 1
11 | }
12 |
13 | - path: atop
14 | conf: |
15 | /var/log/atop/atop_* {
16 | compress
17 | copytruncate
18 | daily
19 | notifempty
20 | missingok
21 | rotate 1
22 | }
23 |
--------------------------------------------------------------------------------
/one-off/hicbrowser.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - hosts: hicbrowser
3 | become: true
4 | vars_files:
5 | - "secret_group_vars/all.yml"
6 | roles:
7 | - hxr.admin-tools
8 | - influxdata.chrony
9 | - geerlingguy.repo-epel
10 | - hxr.monitor-email
11 | - linuxhq.yum_cron
12 | - hxr.autofs
13 | # BEGIN custom
14 | - geerlingguy.pip
15 | - geerlingguy.docker
16 | # END custom
17 | - dj-wasabi.telegraf
18 | - dev-sec.os-hardening
19 | - dev-sec.ssh-hardening
20 |
--------------------------------------------------------------------------------
/roles/hxr.monitor-galaxy/files/galaxy_tool_usage.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Description: This script will collect the usage of galaxy tools and formats the output to influxdb line protocol
3 |
4 | gxadmin csvquery tool-usage | awk -F, '{split($1, a, "/"); if (length(a) > 1) {tool_id = a[length(a)-1]; version = a[length(a)]} else {tool_id = $1; version = "unknown"}; gsub(/ /, "\\ ", tool_id); gsub(/ /, "\\ ", version); print "tool-usage,tool_id=" tool_id ",version=" version " count=" $2 " " systime() "000000000"}'
5 |
--------------------------------------------------------------------------------
/roles/hxr.postgres-connection/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Get all users
3 | getent:
4 | database: passwd
5 | split: ':'
6 |
7 | - name: Debug info when user does not exist
8 | debug:
9 | msg: "INFO: User {{ item.uname }} does not exist"
10 | loop: "{{ pgc_users }}"
11 | when: (not item.uname in getent_passwd.keys())
12 |
13 | - name: Run postgres tasks
14 | include_tasks: postgres_tasks.yml
15 | loop: "{{ pgc_users }}"
16 | when: (item.uname in getent_passwd.keys())
17 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/templates/config-encoder-macros/templates/test.ini_simple.erb:
--------------------------------------------------------------------------------
1 | #
2 | # This file is managed by Puppet.
3 | # Do not edit this file manually.
4 | # Any changes will be automatically reverted.
5 | #
6 |
7 | <%-
8 | item = @ini_data || (ini_data.kind_of?(String) ? eval(ini_data) : ini_data)
9 | delimiter = ' '
10 | section_is_comment = true
11 | -%>
12 | <%= ERB.new(IO.read('macros/ini_encode_macro.erb'), nil, '-', '_erbout1').result(OpenStruct.new().send(:binding)) -%>
13 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/templates/config-encoder-macros/templates/test.logstash.erb:
--------------------------------------------------------------------------------
1 | #
2 | # This file is managed by Puppet.
3 | # Do not edit this file manually.
4 | # Any changes will be automatically reverted.
5 | #
6 |
7 | <%-
8 | item = @logstash_data || (logstash_data.kind_of?(String) ? eval(logstash_data) : logstash_data)
9 | macro_path = 'macros/logstash_encode_macro.erb'
10 | -%>
11 | <%= ERB.new(IO.read(macro_path), nil, '-', '_erbout1').result(OpenStruct.new().send(:binding)) -%>
12 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.bashrc/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Get all users
3 | getent:
4 | database: passwd
5 | split: ':'
6 |
7 | - name: Debug info when user does not exist
8 | debug:
9 | msg: "INFO: User {{ item.uname }} does not exist"
10 | loop: "{{ bashrc_users }}"
11 | when: (not item.uname in getent_passwd.keys())
12 |
13 | - name: Add/Update bashrc
14 | include_tasks: bashrc_tasks.yml
15 | loop: "{{ bashrc_users }}"
16 | when: (item.uname in getent_passwd.keys())
17 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.galactic-radio-telescope/defaults/main.yml:
--------------------------------------------------------------------------------
1 | grt_create_user: true
2 | grt_dir: /opt/galactic-radio-telescope
3 |
4 | grt_group:
5 | name: grt
6 | grt_user:
7 | name: grt
8 | home: "{{ grt_dir }}"
9 | shell: /bin/bash
10 |
11 | grt_version: master
12 | grt_force_checkout: true
13 |
14 | grt_create_group: true
15 | grt_create_user: true
16 |
17 | grt_upload_dir: "{{ grt_dir }}/uploads"
18 | grt_queries_dir: "{{ grt_dir }}/queries"
19 |
20 | grt_allowed_hosts: localhost
21 |
--------------------------------------------------------------------------------
/one-off/ssds1.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Tasks for cvmfs-nfs-preload hosts
3 | hosts: cvmfspreload
4 | become: true
5 | vars:
6 | hostname: cvmfs1-ufr1-nfs.galaxyproject.eu
7 | vars_files:
8 | - "secret_group_vars/all.yml"
9 | roles:
10 | - hostname
11 | - geerlingguy.repo-epel
12 | - galaxyproject.cvmfs
13 | - hxr.admin-tools
14 | - dj-wasabi.telegraf
15 | - geerlingguy.nfs
16 | - linuxhq.yum_cron
17 | - dev-sec.os-hardening
18 | - dev-sec.ssh-hardening
19 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.galaxy-cleanup/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - set_fact:
3 | plugin_config_galaxy_cleanup:
4 | galaxy_cleanup:
5 | plugin: "exec"
6 | config:
7 | - commands = ["{{ custom_telegraf_env }} /usr/bin/gxadmin galaxy cleanup 60"]
8 | - timeout = "12h"
9 | - data_format = "influx"
10 | - interval = "48h"
11 |
12 | - set_fact:
13 | telegraf_plugins_extra: "{{ telegraf_plugins_extra | combine(plugin_config_galaxy_cleanup) }}"
14 |
--------------------------------------------------------------------------------
/host_vars/sentry.denbi.uni-freiburg.de.yml:
--------------------------------------------------------------------------------
1 | ---
2 | telegraf_plugins_default:
3 | - plugin: cpu
4 | config:
5 | - percpu = true
6 | - plugin: disk
7 | - plugin: kernel
8 | - plugin: processes
9 | - plugin: io
10 | - plugin: mem
11 | - plugin: system
12 | - plugin: swap
13 | - plugin: net
14 | - plugin: netstat
15 | - plugin: docker
16 | - plugin: statsd
17 | config:
18 | - service_address = ":8125"
19 | - percentiles = [90]
20 | - metric_separator = "."
21 |
--------------------------------------------------------------------------------
/templates/encoder/templates/test.xml.erb:
--------------------------------------------------------------------------------
1 |
2 |
3 |
10 |
11 | <%-
12 | item = @xml_data || (xml_data.kind_of?(String) ? eval(xml_data) : xml_data)
13 | macro_path = 'macros/xml_encode_macro.erb'
14 | -%>
15 | <%= ERB.new(IO.read(macro_path), nil, '-', '_erbout1').result(OpenStruct.new().send(:binding)) -%>
16 |
--------------------------------------------------------------------------------
/roles/hxr.monitor-galaxy/files/galaxy_jobs_per_handler.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Description: This script is used to get the number of jobs handled by each job handler in the current Galaxy job queue.
3 |
4 | jobs_per_handler=$(/usr/bin/gxadmin csvquery q "select handler, state, count(state) from job where state in ('new', 'queued', 'running') and handler like '%handler_sn06_%' group by handler, state order by handler")
5 | echo "$jobs_per_handler" | awk -F, '{print "galaxy_jobs_per_handler_stats,handler="$1",state="$2" value="$3}'
6 |
--------------------------------------------------------------------------------
/roles/hxr.simple-nagios/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | galaxy_test_url: https://usegalaxy.eu
3 | galaxy_test_name: usegalaxy-eu
4 | galaxy_test_user:
5 | api_key: deadbeefcafe
6 | username: bot@usegalaxy.eu
7 | password: password
8 | handlers:
9 | - "handler0"
10 | - "handler1"
11 |
12 | galaxy_nagios_urls:
13 | http_tests:
14 | - name: home_nossl
15 | url: "http://usegalaxy.eu"
16 | code: 301
17 | - name: home
18 | url: "https://usegalaxy.eu"
19 | code: 200
20 |
--------------------------------------------------------------------------------
/files/galaxy/tpv/roles.yml:
--------------------------------------------------------------------------------
1 | ---
2 | roles:
3 | dataplant*:
4 | params:
5 | object_store_id: "dataplant01"
6 | storage-test*:
7 | params:
8 | object_store_id: "s3_netapp01"
9 |
10 | rstudio-poweruser*:
11 | rules:
12 | - id: rstudio_poweruser
13 | if: |
14 | 'interactive_tool_rstudio' in tool.id
15 | scheduling:
16 | require:
17 | - docker
18 | - interactive
19 | - rstudio-poweruser
20 | mem: 100
21 | cores: 2
22 |
--------------------------------------------------------------------------------
/roles/geerlingguy.haproxy/meta/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | dependencies: []
3 |
4 | galaxy_info:
5 | author: geerlingguy
6 | description: HAProxy installation and configuration.
7 | company: "Midwestern Mac, LLC"
8 | license: "license (BSD, MIT)"
9 | min_ansible_version: 2.2
10 | platforms:
11 | - name: EL
12 | versions:
13 | - 6
14 | - 7
15 | - name: Ubuntu
16 | versions:
17 | - precise
18 | - trusty
19 | - xenial
20 | galaxy_tags:
21 | - web
22 | - networking
23 | - cloud
24 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/tasks/cluster.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: stop rabbitmq app
3 | shell: rabbitmqctl stop_app
4 |
5 | - name: join rabbitmq cluster
6 | shell: "rabbitmqctl join_cluster {{ rabbitmq_cluster_master }}"
7 | register: rabbitmq_output
8 | ignore_errors: True
9 |
10 | - name: ensure rabbitmq cluster member
11 | fail: msg="Unable to join the cluster."
12 | when: ("'already_member' not in rabbitmq_output.stderr") and rabbitmq_output.rc != 0
13 |
14 | - name: start rabbitmq app
15 | shell: rabbitmqctl start_app
16 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.google-verification/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: "Deploy file"
3 | copy:
4 | content: |
5 | google-site-verification: {{ google_site_verification_id }}
6 | dest: /usr/share/nginx/html/{{ google_site_verification_id }}
7 | owner: nginx
8 | group: nginx
9 | mode: 0755
10 |
11 | - name: Export some NGINX configuration
12 | set_fact:
13 | google_site_verification: |
14 | location /{{ google_site_verification_id }} {
15 | root /usr/share/nginx/html;
16 | }
17 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/tasks/configure-cluster.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: add rabbitmq cluster hosts
3 | lineinfile:
4 | dest: /etc/hosts
5 | line: "{{ hostvars[item].rabbitmq_cluster_ip_address | default(hostvars[item].ansible_default_ipv4.address) }} {{ hostvars[item].ansible_hostname }}"
6 | with_items: "{{ ansible_play_hosts }}"
7 |
8 | - name: set erlang cookie
9 | template:
10 | src: erlang.cookie.j2
11 | dest: "{{ rabbitmq_erlang_cookie_file }}"
12 | owner: rabbitmq
13 | group: rabbitmq
14 | mode: 0400
15 |
--------------------------------------------------------------------------------
/files/galaxy/tpv/users.yml:
--------------------------------------------------------------------------------
1 | ---
2 | users:
3 | dominguj@informatik.uni-freiburg.de:
4 | bjoern.gruening@gmail.com:
5 | rules:
6 | - id: user-specific-notebook
7 | if: |
8 | 'interactive_tool_jupyter_notebook' in tool.id
9 | cores: 1
10 | mem: 15
11 | kuntzm@informatik.uni-freiburg.de:
12 | andreas.kalagasidis@gmail.com:
13 | rules:
14 | - id: user-specific-notebook
15 | if: |
16 | 'interactive_tool_jupyter_notebook' in tool.id
17 | cores: 1
18 | mem: 15
19 |
--------------------------------------------------------------------------------
/roles/hxr.haproxy-error-pages/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: "Deploy downloader script"
4 | copy:
5 | src: usegalaxy-error-pages.sh
6 | dest: /usr/local/bin/usegalaxy-error-pages.sh
7 | owner: root
8 | group: root
9 | mode: 0755
10 |
11 | - name: "Exec once the downloader script"
12 | command: usegalaxy-error-pages.sh
13 |
14 | - name: Schedule re-fetch/template of error pages
15 | cron:
16 | name: "Re-fetch error pages"
17 | user: "root"
18 | hour: 0
19 | job: /usr/local/bin/usegalaxy-error-pages.sh
20 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/templates/config-encoder-macros/templates/test.xml.erb:
--------------------------------------------------------------------------------
1 |
2 |
3 |
10 |
11 | <%-
12 | item = @xml_data || (xml_data.kind_of?(String) ? eval(xml_data) : xml_data)
13 | macro_path = 'macros/xml_encode_macro.erb'
14 | -%>
15 | <%= ERB.new(IO.read(macro_path), nil, '-', '_erbout1').result(OpenStruct.new().send(:binding)) -%>
16 |
--------------------------------------------------------------------------------
/roles/kysrpex.systemd_nspawn/meta/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | galaxy_info:
3 | namespace: kysrpex # change to usegalaxy-eu if releasing on Ansible Galaxy
4 | role_name: systemd_nspawn
5 | author: José Manuel Domínguez
6 | description: Run a systemd-nspawn container.
7 | company: The Galaxy Project
8 | license: MIT
9 | min_ansible_version: "2.13"
10 | platforms:
11 | - name: EL
12 | versions:
13 | - "8"
14 | - "9"
15 | galaxy_tags:
16 | - system
17 | - systemd
18 | - container
19 |
20 | dependencies: []
21 |
--------------------------------------------------------------------------------
/templates/galaxy-test/config/oidc_backends_config.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | {{ elixir_aai.test_usegalaxy_eu.client_id }}
5 | {{ elixir_aai.test_usegalaxy_eu.client_secret }}
6 | https://test.usegalaxy.eu/authnz/elixir/callback
7 | consent
8 | https://elixir-europe.org/sites/default/files/images/login-button-orange.png
9 |
10 |
11 |
--------------------------------------------------------------------------------
/templates/nginx/build.j2:
--------------------------------------------------------------------------------
1 | server {
2 |
3 | listen 443 ssl default_server;
4 | listen [::]:443 ssl default_server;
5 |
6 | server_name {{ inventory_hostname }};
7 |
8 | location / {
9 | proxy_set_header Host $host:$server_port;
10 | proxy_set_header X-Real-IP $remote_addr;
11 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
12 | proxy_set_header X-Forwarded-Proto $scheme;
13 | proxy_pass http://127.0.0.1:8080;
14 | proxy_pass_request_headers on;
15 | }
16 | }
17 |
--------------------------------------------------------------------------------
/host_vars/sn06.galaxyproject.eu.yml:
--------------------------------------------------------------------------------
1 | ---
2 | htcondor_network_interface: ens802f0.223
3 |
4 | # 15/03/2024: On sn06 HTCondor conf was manually adjusted to use port 9618 since the
5 | # HTCondor container was using 9628. Changing this now will require a restart of the
6 | # HTCondor service on sn06. So this needs to be combined with a maintenance window in the
7 | # future. Rest of the schedulers are using 9628 including the manager.
8 | # Adding it to the host_vars for the dedicated host sn06 thus it has the higher precedence.
9 | htcondor_shared_port: 9618
10 |
--------------------------------------------------------------------------------
/roles/geerlingguy.nginx/tests/test.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - hosts: all
3 |
4 | vars:
5 | nginx_use_ppa: true
6 | nginx_remove_default_vhost: true
7 | nginx_vhosts:
8 | - server_name: "test.dev"
9 | root: "/var/www/test"
10 |
11 | pre_tasks:
12 | - name: Update apt cache.
13 | apt: update_cache=yes cache_valid_time=600
14 | when: ansible_os_family == 'Debian'
15 | changed_when: false
16 |
17 | - name: Install dependencies.
18 | package: name=curl state=present
19 |
20 | roles:
21 | - role_under_test
22 |
--------------------------------------------------------------------------------
/roles/linuxhq.yum_cron/templates/yum-cron.conf.j2:
--------------------------------------------------------------------------------
1 | # {{ ansible_managed }}
2 |
3 | {% for section in yum_cron|sort %}
4 | [{{ section }}]
5 | {% for key, value in yum_cron[section].items()|sort %}
6 | {% if value is sameas true %}
7 | {{ key }} = yes
8 | {% elif value is sameas false %}
9 | {{ key }} = no
10 | {% elif value is string or value is number %}
11 | {{ key }} = {{ value }}
12 | {% else %}
13 | {{ key }} = {{ value|join(', ') }}
14 | {% endif %}
15 | {% endfor %}
16 | {% if not loop.last %}
17 |
18 | {% endif %}
19 | {% endfor %}
20 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.fix-missing-api-keys/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: "Deploy fixer upper script"
3 | copy:
4 | content: |
5 | #!/bin/bash
6 | . {{ galaxy_root }}/.bashrc
7 | gxadmin mutate generate-unset-api-keys --commit
8 | dest: /usr/bin/galaxy-fix-missing-api-keys
9 | owner: root
10 | group: root
11 | mode: 0755
12 |
13 | - name: Add to cron
14 | cron:
15 | name: "Fix Missing API keys for IE users"
16 | minute: "*/5"
17 | user: "{{ galaxy_user.name }}"
18 | job: /usr/bin/galaxy-fix-missing-api-keys
19 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.galaxy-slurp/templates/galaxy-slurp.j2:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | data=$(mktemp --suffix .gxadmin)
3 | export INFLUX_PASS={{ galaxy_slurp_influx_pass }}
4 | export INFLUX_USER={{ galaxy_slurp_influx_user }}
5 | export INFLUX_URL={{ galaxy_slurp_influx_url }}
6 | export PGUSER={{ postgres_user }}
7 | export PGHOST={{ postgres_host }}
8 | export GDPR_MODE={{ galaxy_slurp_gdpr | default("1") }}
9 |
10 | # Export
11 | gxadmin meta slurp-current --date > $data
12 |
13 | # Ship it
14 | gxadmin meta influx-post galaxy_stats $data
15 |
16 | # Cleanup
17 | rm $data
18 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.galactic-radio-telescope/templates/uwsgi.yml:
--------------------------------------------------------------------------------
1 | uwsgi:
2 | chdir: {{ grt_dir }}/code
3 | socket: 127.0.0.1:8080
4 | buffer-size: 16384
5 | processes: 4
6 | threads: 1
7 | offload-threads: 2
8 | static-map: /static=static
9 | master: false
10 | virtualenv: {{ grt_dir }}/venv
11 | module: base.wsgi:application
12 | thunder-lock: false
13 | die-on-term: true
14 | hook-master-start: unix_signal:2 gracefully_kill_them_all
15 | hook-master-start: unix_signal:15 gracefully_kill_them_all
16 | py-call-osafterfork: true
17 | enable-threads: true
18 |
--------------------------------------------------------------------------------
/files/galaxy/config/nginx_gunicorn_selinux.te:
--------------------------------------------------------------------------------
1 | module nginx_gunicorn_selinux 1.0;
2 |
3 | require {
4 | type httpd_t;
5 | type usr_t;
6 | type unconfined_service_t;
7 | type unconfined_t;
8 | class unix_stream_socket connectto;
9 | class sock_file { relabelto write };
10 | }
11 |
12 | #============= httpd_t ==============
13 | allow httpd_t unconfined_service_t:unix_stream_socket connectto;
14 | allow httpd_t usr_t:sock_file write;
15 |
16 | #============= unconfined_t ==============
17 | allow unconfined_t httpd_t:sock_file relabelto;
18 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/tasks/RedHat/install.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: add bintray rabbitmq-server repo
3 | yum_repository:
4 | name: bintray-rabbitmq-rpm
5 | description: 'asdf'
6 | baseurl: "https://dl.bintray.com/rabbitmq/rpm/rabbitmq-server/v3.7.x/el/$releasever/"
7 | gpgcheck: false
8 | repo_gpgcheck: false
9 | enabled: true
10 |
11 | - name: install erlang
12 | yum:
13 | name: https://github.com/rabbitmq/erlang-rpm/releases/download/v21.3.8.3/erlang-21.3.8.3-1.el7.x86_64.rpm
14 |
15 | - name: install rabbitmq
16 | yum:
17 | name: rabbitmq-server
18 |
--------------------------------------------------------------------------------
/group_vars/beacon/vars.yml:
--------------------------------------------------------------------------------
1 | ---
2 | postgres_data_dir: /data/postgresql/data
3 | postgres_init_dir: /data/postgresql/init
4 | bp_external_binding: 80
5 | postgres_user: "{{ beacon_db_user }}"
6 | postgres_pass: "{{ beacon_db_password }}"
7 | postgres_external_binding: "{{ beacon_db_port }}"
8 | hostname: beacon.galaxyproject.eu
9 | script_user: beacon
10 | script_dir: /home/beacon/script
11 | galaxy_api_url: https://usegalaxy.eu
12 | handy_groups:
13 | - group_name: beacon
14 | group_gid: 999
15 | handy_users:
16 | - user_name: beacon
17 | user_uid: 999
18 | user_group: beacon
19 |
--------------------------------------------------------------------------------
/roles/galaxyprojectdotorg.proftpd/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # defaults file for galaxyprojectdotorg.proftpd
3 |
4 | proftpd_ssl_src_dir: files/ssl
5 |
6 | proftpd_galaxy_modules:
7 | - mod_sql.c
8 | - mod_sql_passwd.c
9 | - mod_sql_postgres.c
10 |
11 | proftpd_galaxy_default_options:
12 | - AuthOrder: mod_sql.c
13 | - AuthPAM: 'off'
14 | - Umask: '077'
15 | - DefaultRoot: '~'
16 | - CreateHome: on dirmode 700
17 |
18 | proftpd_virtualhosts: []
19 |
20 | proftpd_display_connect_context: 'server'
21 | proftpd_tls_context: 'server'
22 | proftpd_galaxy_auth_context: 'server'
23 |
--------------------------------------------------------------------------------
/roles/linuxhq.yum_cron/templates/yum-cron-hourly.conf.j2:
--------------------------------------------------------------------------------
1 | # {{ ansible_managed }}
2 |
3 | {% for section in yum_cron_hourly|sort %}
4 | [{{ section }}]
5 | {% for key, value in yum_cron_hourly[section].items()|sort %}
6 | {% if value is sameas true %}
7 | {{ key }} = yes
8 | {% elif value is sameas false %}
9 | {{ key }} = no
10 | {% elif value is string or value is number %}
11 | {{ key }} = {{ value }}
12 | {% else %}
13 | {{ key }} = {{ value|join(', ') }}
14 | {% endif %}
15 | {% endfor %}
16 | {% if not loop.last %}
17 |
18 | {% endif %}
19 | {% endfor %}
20 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/tasks/rabbitmq.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: include rabbitmq installation tasks
3 | include: "{{ ansible_os_family }}/install.yml"
4 |
5 | - include: configure.yml
6 |
7 | - include: configure-cluster.yml
8 | when: rabbitmq_cluster
9 |
10 | - name: start rabbitmq server
11 | service:
12 | name: rabbitmq-server
13 | enabled: True
14 | state: started
15 |
16 | - include: vhosts.yml
17 |
18 | - include: users.yml
19 |
20 | - include: plugins.yml
21 |
22 | - include: cluster.yml
23 | when: rabbitmq_cluster and rabbitmq_nodename != rabbitmq_cluster_master
24 |
--------------------------------------------------------------------------------
/one-off/job-working-dir.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - hosts: job-working-dir
3 | become: true
4 | vars:
5 | hostname: job-working-dir.internal.galaxyproject.eu
6 | vars_files:
7 | - "secret_group_vars/all.yml"
8 | roles:
9 | - hostname
10 | - usegalaxy-eu.dynmotd
11 | - geerlingguy.repo-epel
12 | - hxr.admin-tools
13 | - influxdata.chrony
14 | - hxr.monitor-email
15 | - linuxhq.yum_cron
16 | - hxr.autofs
17 | # BEGIN custom
18 | - geerlingguy.nfs
19 | # END custom
20 | - dj-wasabi.telegraf
21 | - dev-sec.os-hardening
22 | - dev-sec.ssh-hardening
23 |
--------------------------------------------------------------------------------
/roles/hxr.galaxy-echo-tool/templates/echo.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | python
4 |
5 |
6 | True
7 | "$output";
9 | python -V 2>> "$output";
10 | ]]>
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
--------------------------------------------------------------------------------
/roles/hxr.monitor-ssl/files/simple-ssl-check.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | for HOST in "$@"; do
4 | cert="$(echo | openssl s_client -servername "$HOST" -connect "$HOST" 2>/dev/null)"
5 | certExit=$?
6 |
7 | if [[ $certExit -eq 0 ]]; then
8 | exprDate=$(echo "$cert" | openssl x509 -noout -dates | grep notAfter | sed 's/notAfter=//g' | awk '{print $1,$2,$4}');
9 | unixExprDate=$(date -d "$exprDate" '+%s')
10 | secondsToExpr=$(echo "$unixExprDate - $(date '+%s')" | bc)
11 | echo "ssl.expiry,server=$HOST value=$secondsToExpr"
12 | else
13 | echo "ssl.expiry,server=$HOST value=-1"
14 | fi
15 | done
16 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.galaxy-slurp/templates/galaxy-slurp-upto.j2:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | data=$(mktemp --suffix .gxadmin)
3 | export INFLUX_PASS={{ galaxy_slurp_influx_pass }}
4 | export INFLUX_USER={{ galaxy_slurp_influx_user }}
5 | export INFLUX_URL={{ galaxy_slurp_influx_url }}
6 | export PGUSER={{ postgres_user }}
7 | export PGHOST={{ postgres_host }}
8 | export GDPR_MODE={{ galaxy_slurp_gdpr | default("1") }}
9 |
10 | # Export
11 | gxadmin meta slurp-upto $(date --date="1 day ago" +%Y-%m-%d) > $data
12 |
13 | # Ship it
14 | gxadmin meta influx-post galaxy_stats $data
15 |
16 | # Cleanup
17 | rm $data
18 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.gapars-galaxy/defaults/main.yml:
--------------------------------------------------------------------------------
1 | # GAPARS Deployment
2 | gapars_dir: /opt/gapars
3 | gapars_user: gapars
4 | gapars_group: gapars
5 | gapars_version: master
6 | gapars_create_group: true
7 | gapars_create_user: true
8 | gapars_force_checkout: true
9 |
10 | gapars_listen_url: "127.0.0.1:5001"
11 |
12 | gapars_nginx_config: |
13 | location /gapars-experiment/ {
14 | proxy_pass http://{{ gapars_listen_url }}/;
15 | proxy_set_header Host $host;
16 | }
17 |
18 | location /gapars-experiment/img/ {
19 | alias {{ gapars_dir }}/code/img/;
20 | }
21 |
--------------------------------------------------------------------------------
/roles/hxr.monitor-cluster/files/cluster_queue-condor.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | condor_q -global -total | grep "all\|Schedd" | while read hostline; read numbersline; do
3 | host=$(echo $hostline | awk -F": " '{gsub(/ /, "", $2); print$2}');
4 | echo $numbersline | sed 's/.* jobs;\s*//g;s/, /\n/g' | while read line; do
5 | type=$(echo $line | sed 's/^[0-9]* //g');
6 | count=$(echo $line | sed 's/ .*//g');
7 | echo cluster.queue,engine=condor,schedd="$host",state=$type count=$count
8 | done;
9 | done;
10 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.error-pages/files/404.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Galaxy Europe, error page
6 |
7 |
8 |
9 |
12 |
13 |
14 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.error-pages/files/502.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Galaxy Europe, error page
6 |
7 |
8 |
9 |
12 |
13 |
14 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.error-pages/files/503.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Galaxy Europe, error page
6 |
7 |
8 |
9 |
12 |
13 |
14 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.error-pages/files/504.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Galaxy Europe, error page
6 |
7 |
8 |
9 |
12 |
13 |
14 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.fix-oidc/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: "Deploy fixer upper script"
3 | copy:
4 | content: |
5 | #!/bin/bash
6 | . {{ galaxy_root }}/.bashrc
7 | for user in $(gxadmin mutate oidc-role-find-affected); do
8 | gxadmin mutate oidc-role-fix $user;
9 | done;
10 | dest: /usr/bin/galaxy-fix-oidc
11 | owner: root
12 | group: root
13 | mode: 0755
14 |
15 | - name: Add to cron
16 | cron:
17 | name: "Fix OIDC for galaxyproject/galaxy#8244"
18 | minute: "*/5"
19 | user: "{{ galaxy_user.name }}"
20 | job: /usr/bin/galaxy-fix-oidc
21 |
--------------------------------------------------------------------------------
/roles/hxr.replace-galaxy-user/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - group:
3 | name: "{{ hxr_custom_group.name }}"
4 | state: present
5 | gid: 999
6 |
7 | - user:
8 | name: "{{ hxr_custom_user.name }}"
9 | comment: "{{ hxr_custom_user.comment }}"
10 | uid: 999
11 | group: "{{ hxr_custom_group.name }}"
12 | shell: "{{ hxr_custom_user.shell }}"
13 | createhome: no
14 | system: yes
15 |
16 | - user:
17 | name: "{{ hxr_custom_group.name }}"
18 | groups: "{{ item }}"
19 | append: yes
20 | when: hxr_custom_user.extra_groups
21 | with_items: "{{ hxr_custom_user.extra_groups | default([]) }}"
22 |
--------------------------------------------------------------------------------
/roles/hxr.simple-nagios/files/simple-ssl-check.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | HOST=${1:-example.org}
3 | PORT=${2:-443}
4 |
5 | cert=$(echo | openssl s_client -servername $HOST -connect $HOST:$PORT 2>/dev/null)
6 | certExit=$?
7 |
8 | if [[ $certExit -eq 0 ]]; then
9 | exprDate=$(echo "$cert" | openssl x509 -noout -dates | grep notAfter | sed 's/notAfter=//g' | awk '{print $1,$2,$4}');
10 | unixExprDate=$(date -d "$exprDate" '+%s')
11 | secondsToExpr=$(echo "$unixExprDate - $(date '+%s')" | bc)
12 | echo "ssl.expiry,server=$HOST,port=$PORT value=$secondsToExpr"
13 | else
14 | echo "ssl.expiry,server=$HOST,port=$PORT value=-1"
15 | fi
16 |
--------------------------------------------------------------------------------
/roles/galaxyprojectdotorg.proftpd/meta/main.yml:
--------------------------------------------------------------------------------
1 | galaxy_info:
2 | author: The Galaxy Project
3 | description: Install and Configure ProFTPD (optionally, for Galaxy Servers).
4 | company: The Galaxy Project
5 | license: AFL v3.0
6 | min_ansible_version: 1.8
7 | platforms:
8 | - name: Ubuntu
9 | versions:
10 | - trusty
11 | - utopic
12 | - vivid
13 | - wily
14 | - xenial
15 | - yakkety
16 | - name: Debian
17 | versions:
18 | - wheezy
19 | - jessie
20 | - stretch
21 | - name: EL
22 | versions:
23 | - 7
24 | galaxy_tags:
25 | - system
26 | - ftp
27 | dependencies: []
28 |
--------------------------------------------------------------------------------
/roles/galaxyprojectdotorg.proftpd/tasks/redhat.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # tasks file for galaxyprojectdotorg.proftpd
3 |
4 | - name: Install ProFTPD (yum)
5 | yum:
6 | name: "{{ item }}"
7 | with_items:
8 | - proftpd
9 | - proftpd-postgresql
10 |
11 | - name: Add include statement to proftpd.conf
12 | lineinfile:
13 | name: "{{ proftpd_config_file }}"
14 | insertafter: EOF
15 | line: "Include {{ proftpd_config_include_dir }}/*.conf"
16 | notify:
17 | - reload proftpd
18 |
19 | - name: Create proftpd.conf include directory
20 | file:
21 | name: "{{ proftpd_config_include_dir }}"
22 | state: directory
23 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.galactic-radio-telescope/tasks/django.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Collect static files
3 | command: "{{ grt_dir }}/venv/bin/python {{ grt_dir }}/code/manage.py collectstatic --noinput"
4 |
5 | - name: Migrate database
6 | become: true
7 | become_user: "{{ grt_user.name }}"
8 | command: "{{ grt_dir }}/venv/bin/python {{ grt_dir }}/code/manage.py migrate --no-input"
9 | environment:
10 | DJANGO_SETTINGS_MODULE: base.production
11 | PGHOST: "{{ grt_pghost }}"
12 | PGUSER: "{{ grt_pguser }}"
13 | PGNAME: "{{ grt_pgname }}"
14 | PGPORT: "{{ grt_pgport }}"
15 | PGPASSWORD: "{{ grt_pgpassword }}"
16 |
--------------------------------------------------------------------------------
/templates/galaxy/config/grt.yml.j2:
--------------------------------------------------------------------------------
1 | ---
2 | grt:
3 | # Register at https://telescope.galaxyproject.org to obtain an Instance ID and API key
4 | instance_id: "{{ grt_eu_main_instance_id }}"
5 | api_key: "{{ grt_eu_main_api_key }}"
6 |
7 | # Galaxy Project offers a public galactic-radio-telescope instance, however
8 | # you are free to run your own if you need. We would love it if you were
9 | # willing and able to contribute your data publicly.
10 | url: https://telescope.galaxyproject.eu/grt/
11 |
12 | sanitization:
13 | # Blacklist the entire tool from appearing
14 | tools:
15 | - __SET_METADATA__
16 | - upload1
17 |
--------------------------------------------------------------------------------
/roles/hxr.simple-nagios/templates/simple-nagios.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | . /usr/bin/simple-nagios-library
3 |
4 | {% if galaxy_nagios_urls.http_tests %}
5 | {% for c in galaxy_nagios_urls.http_tests %}
6 | expect_http {{ c.name }} {{ c.url }} {{ c.code }}
7 | {% endfor %}
8 | {% endif %}
9 |
10 | {% if galaxy_nagios_urls.ftp_tests %}
11 | {% for c in galaxy_nagios_urls.ftp_tests %}
12 | expect_ftps {{ c.name }} {{ c.url }}
13 | {% endfor %}
14 | {% endif %}
15 |
16 | {% if galaxy_nagios_urls.ftp_age_tests %}
17 | {% for c in galaxy_nagios_urls.ftp_age_tests %}
18 | expect_gx_ftp_age {{ c.name }} {{ c.url }}
19 | {% endfor %}
20 | {% endif %}
21 |
--------------------------------------------------------------------------------
/templates/galaxy-test/config/grt.yml.j2:
--------------------------------------------------------------------------------
1 | ---
2 | grt:
3 | # Register at https://telescope.galaxyproject.org to obtain an Instance ID and API key
4 | instance_id: "{{ grt_eu_test_instance_id }}"
5 | api_key: "{{ grt_eu_test_api_key }}"
6 |
7 | # Galaxy Project offers a public galactic-radio-telescope instance, however
8 | # you are free to run your own if you need. We would love it if you were
9 | # willing and able to contribute your data publicly.
10 | url: https://telescope.galaxyproject.eu/grt/
11 |
12 | sanitization:
13 | # Blacklist the entire tool from appearing
14 | tools:
15 | - __SET_METADATA__
16 | - upload1
17 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.grt-client/templates/grt-upload.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Prevent duplicate processes
4 | pgrep -f 'scripts/grt/upload.py' && echo 'Previous GRT upload still running' && exit
5 |
6 | start=$(date +%s)
7 | python scripts/grt/upload.py \
8 | --report-directory {{ galaxy_mutable_data_dir }}/reports/ \
9 | --grt-config {{ glaxy_config_dir }}/grt.yml \
10 | --loglevel info
11 | ec=$?
12 | end=$(date +%s)
13 |
14 | {% if gxadmin_influx_task_notifier is defined %}
15 | runtime=$((start - end))
16 | gxadmin meta influx-post {{ gxadmin_influx_task_notifier_db }} <(echo "grt-upload,host=$HOST code=$ec,runtime=$runtime $(date +%s%N)")
17 | {% endif %}
18 |
--------------------------------------------------------------------------------
/roles/hxr.monitor-galaxy-queue/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - set_fact:
3 | plugin_config_monitor_galaxy_queue:
4 | galaxy_monitor_queue:
5 | plugin: "exec"
6 | config:
7 | - commands = [
8 | "{{ custom_telegraf_env }} /usr/bin/gxadmin iquery queue-overview --short-tool-id",
9 | "{{ custom_telegraf_env }} /usr/bin/gxadmin iquery workflow-invocation-status"
10 | ]
11 | - timeout = "15s"
12 | - data_format = "influx"
13 | - interval = "1m"
14 |
15 | - set_fact:
16 | telegraf_plugins_extra: "{{ telegraf_plugins_extra | combine(plugin_config_monitor_galaxy_queue) }}"
17 |
--------------------------------------------------------------------------------
/roles/hxr.sentry/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | hxr_sentry_repodir: /tmp/sentry-code
3 | hxr_sentry_datadir: /tmp/sentry-data
4 | hxr_sentry_user: centos
5 | hxr_sentry_group: centos
6 | hxr_sentry_version: cd13427aa9a231b2b27c9fd14017d183cca52c1e
7 |
8 | hxr_sentry_mail: {}
9 | #backend: 'smtp'
10 | #host: 'localhost'
11 | #port: 25
12 | #username: ''
13 | #password: ''
14 | #use-tls: 'false'
15 | #from: 'root@localhost'
16 | #enable-replies: 'false'
17 | #reply-hostname: ''
18 | #mailgun-api-key: ''
19 |
20 |
21 | #hxr_sentry_secret_key: 'asdf'
22 | #hxr_sentry_github_app_id: 'asdf'
23 | #hxr_sentry_github_api_secret: 'asdfasdf'
24 |
--------------------------------------------------------------------------------
/templates/galaxy/config/object_store_templates.yml.j2:
--------------------------------------------------------------------------------
1 | # This is a catalog file for all the user object store templates that are offered by EU's Galaxy server.
2 | - include: "{{ galaxy_server_dir }}/lib/galaxy/objectstore/templates/examples/onedata.yml"
3 | - include: "{{ galaxy_server_dir }}/lib/galaxy/objectstore/templates/examples/production_aws_s3.yml"
4 | - include: "{{ galaxy_server_dir }}/lib/galaxy/objectstore/templates/examples/production_azure_blob.yml"
5 | - include: "{{ galaxy_server_dir }}/lib/galaxy/objectstore/templates/examples/production_gcp_s3.yml"
6 | - include: "{{ galaxy_server_dir }}/lib/galaxy/objectstore/templates/examples/production_generic_s3.yml"
7 |
8 |
--------------------------------------------------------------------------------
/group_vars/htcondor-submit.yml:
--------------------------------------------------------------------------------
1 | # Configure HTCondor submit nodes.
2 | ---
3 | htcondor_role_submit: true
4 |
5 | # Role: hxr.postgres-connection
6 | postgres_user: galaxy
7 | postgres_host: sn05.galaxyproject.eu
8 | postgres_port: 5432
9 |
10 | # MISC
11 | galaxy_root: /opt/galaxy
12 | galaxy_venv_dir: "{{ galaxy_root }}/venv"
13 | galaxy_server_dir: "{{ galaxy_root }}/server"
14 | galaxy_config_dir: "{{ galaxy_root }}/config"
15 | galaxy_config_file: "{{ galaxy_config_dir }}/galaxy.yml"
16 | galaxy_mutable_config_dir: "{{ galaxy_root }}/mutable-config"
17 | galaxy_log_dir: "/var/log/galaxy"
18 | galaxy_config:
19 | galaxy:
20 | job_working_directory: /data/jwd04/main
21 |
--------------------------------------------------------------------------------
/pyproject.toml:
--------------------------------------------------------------------------------
1 | [tool.isort]
2 | profile = "black"
3 | line_length = 79
4 | extend_skip = [
5 | "collections",
6 | "roles/htcondor",
7 | "roles/hxr.monitor-galaxy",
8 | "roles/hxr.monitor-squid",
9 | "roles/hxr.simple-nagios",
10 | "roles/jasonroyle.rabbitmq",
11 | "templates/encoder/yaml_converter.py",
12 | ]
13 |
14 | [tool.black]
15 | line-length = 79
16 | target-version = ['py39']
17 | extend-exclude = """
18 | collections|\
19 | roles/htcondor|\
20 | roles/hxr.monitor-galaxy|\
21 | roles/hxr.monitor-squid|\
22 | roles/hxr.simple-nagios|\
23 | roles/jasonroyle.rabbitmq|\
24 | templates/encoder/yaml_converter.py\
25 | """
26 |
--------------------------------------------------------------------------------
/roles/hxr.monitor-ssl/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: "Install simple-ssl-check script"
3 | copy:
4 | src: simple-ssl-check.sh
5 | dest: /usr/bin/simple-ssl-check
6 | owner: root
7 | group: root
8 | mode: 0755
9 |
10 | - set_fact:
11 | plugin_config_monitor_ssl:
12 | ssl_expiry:
13 | plugin: "exec"
14 | config:
15 | - commands = ["/usr/bin/simple-ssl-check {{ hxr_monitor_ssl_expiry | join(' ') }}"]
16 | - timeout = "15s"
17 | - data_format = "influx"
18 | - interval = "15m"
19 |
20 | - set_fact:
21 | telegraf_plugins_extra: "{{ telegraf_plugins_extra | combine(plugin_config_monitor_ssl) }}"
22 |
--------------------------------------------------------------------------------
/roles/hxr.monitor-galaxy/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: "Send Galaxy job queue states stats"
3 | copy:
4 | src: "galaxy_job_queue_states.sh"
5 | dest: "/usr/bin/galaxy_job_queue_states_stats"
6 | owner: root
7 | group: root
8 | mode: 0755
9 |
10 | - name: "Send Galaxy jobs per handler stats"
11 | copy:
12 | src: "galaxy_jobs_per_handler.sh"
13 | dest: "/usr/bin/galaxy_jobs_per_handler_stats"
14 | owner: root
15 | group: root
16 | mode: 0755
17 |
18 | - name: Copy the galaxy tool-usage script
19 | copy:
20 | src: "galaxy_tool_usage.sh"
21 | dest: "/usr/bin/galaxy_tool_usage"
22 | owner: root
23 | group: root
24 | mode: 0755
25 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | rabbitmq_cluster: False
3 |
4 | rabbitmq_cluster_master: "rabbit@{{ hostvars[ansible_play_hosts.0].ansible_hostname }}"
5 |
6 | rabbitmq_erlang_cookie_file: /var/lib/rabbitmq/.erlang.cookie
7 |
8 | rabbitmq_plugin_dir: "/usr/lib/rabbitmq/lib/rabbitmq_server-{{ rabbitmq_version.split('-').0 }}/plugins"
9 |
10 | rabbitmq_plugins:
11 | - rabbitmq_management
12 |
13 | rabbitmq_plugins_disabled: []
14 |
15 | rabbitmq_users:
16 | - user: admin
17 | password: admin
18 | tags: administrator
19 |
20 | rabbitmq_users_absent:
21 | - guest
22 |
23 | rabbitmq_version: 3.6.6-1
24 |
25 | rabbitmq_vhosts: []
26 |
27 | rabbitmq_vhosts_absent: []
28 |
--------------------------------------------------------------------------------
/roles/galaxyprojectdotorg.proftpd/.travis.yml:
--------------------------------------------------------------------------------
1 | ---
2 | language: python
3 | python: "2.7"
4 |
5 | # Use the new container infrastructure
6 | sudo: false
7 |
8 | # Install ansible
9 | addons:
10 | apt:
11 | packages:
12 | - python-pip
13 |
14 | install:
15 | # Install ansible
16 | - pip install ansible
17 |
18 | # Check ansible version
19 | - ansible --version
20 |
21 | # Create ansible.cfg with correct roles_path
22 | - printf '[defaults]\nroles_path=../' >ansible.cfg
23 |
24 | script:
25 | # Basic role syntax check
26 | - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
27 |
28 | notifications:
29 | webhooks: https://galaxy.ansible.com/api/v1/notifications/
--------------------------------------------------------------------------------
/roles/geerlingguy.nginx/tests/README.md:
--------------------------------------------------------------------------------
1 | # Ansible Role tests
2 |
3 | To run the test playbook(s) in this directory:
4 |
5 | 1. Install and start Docker.
6 | 1. Download the test shim (see .travis.yml file for the URL) into `tests/test.sh`:
7 | - `wget -O tests/test.sh https://gist.githubusercontent.com/geerlingguy/73ef1e5ee45d8694570f334be385e181/raw/`
8 | 1. Make the test shim executable: `chmod +x tests/test.sh`.
9 | 1. Run (from the role root directory) `distro=[distro] playbook=[playbook] ./tests/test.sh`
10 |
11 | If you don't want the container to be automatically deleted after the test playbook is run, add the following environment variables: `cleanup=false container_id=$(date +%s)`
12 |
--------------------------------------------------------------------------------
/roles/geerlingguy.haproxy/tests/README.md:
--------------------------------------------------------------------------------
1 | # Ansible Role tests
2 |
3 | To run the test playbook(s) in this directory:
4 |
5 | 1. Install and start Docker.
6 | 1. Download the test shim (see .travis.yml file for the URL) into `tests/test.sh`:
7 | - `wget -O tests/test.sh https://gist.githubusercontent.com/geerlingguy/73ef1e5ee45d8694570f334be385e181/raw/`
8 | 1. Make the test shim executable: `chmod +x tests/test.sh`.
9 | 1. Run (from the role root directory) `distro=[distro] playbook=[playbook] ./tests/test.sh`
10 |
11 | If you don't want the container to be automatically deleted after the test playbook is run, add the following environment variables: `cleanup=false container_id=$(date +%s)`
12 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/tasks/users.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: remove rabbitmq users
3 | rabbitmq_user:
4 | user: "{{ item }}"
5 | state: absent
6 | with_items: "{{ rabbitmq_users_absent }}"
7 |
8 | - name: add rabbitmq users
9 | rabbitmq_user:
10 | user: "{{ item.user }}"
11 | password: "{{ item.password }}"
12 | vhost: "{{ item.vhost | default('/') }}"
13 | configure_priv: "{{ item.configure_priv | default('.*') }}"
14 | read_priv: "{{ item.read_priv | default('.*') }}"
15 | write_priv: "{{ item.write_priv | default('.*') }}"
16 | tags: "{{ item.tags | default('') }}"
17 | # req ansible 2.6
18 | update_password: always
19 | with_items: "{{ rabbitmq_users }}"
20 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.fix-ancient-ftp-data/templates/fix-ftp.sh.j2:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | lockdir=/tmp/BXgqt0lsoeykp9L9NZjIurqvu7BNILL4foAazpJcTs3YkwtiJ9
4 | mkdir $lockdir || {
5 | echo "lock directory exists. exiting"
6 | exit 1
7 | }
8 | trap "rmdir $lockdir" EXIT INT KILL TERM
9 |
10 | . /opt/galaxy/.bashrc
11 |
12 | stat_timeout=0.1 # seconds
13 | ftp_upload_path="{{ galaxy_config['galaxy']['ftp_upload_dir'] }}"
14 | nfs_mp=`dirname $ftp_upload_path`
15 |
16 | timeout -s kill $stat_timeout stat -t $nfs_mp > /dev/null
17 | if [[ ! $? == 137 ]]; then
18 | for username in $(psql -c 'COPY (select email from galaxy_user) TO STDOUT WITH CSV'); do
19 | mkdir -p "$ftp_upload_path/$username"
20 | done;
21 | fi
22 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.galactic-radio-telescope/templates/export-to-influx.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | cd $(mktemp -d)
3 |
4 | # Env vars for sending data
5 | . {{ grt_dir }}/config/env.sh
6 | export INFLUX_PASS={{ influxdb.node.password }}
7 | export INFLUX_USER={{ influxdb.node.username }}
8 | export INFLUX_URL={{ influxdb.url }}
9 |
10 | # Export data into a file
11 | gxadmin meta iquery-grt-export > main.iflx
12 |
13 | # Split into reasonable sized chunks
14 | split --lines 10000 main.iflx SPLIT
15 |
16 | # Clear out previous data points
17 | gxadmin meta influx-query grt 'delete from "iquery-grt-export"'
18 |
19 | # Send chunks to influxdb
20 | for chunk in SPLIT*; do
21 | gxadmin meta influx-post grt $chunk
22 | done
23 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.grt-export/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: "Deploy exporter script"
3 | copy:
4 | content: |
5 | #!/bin/bash
6 | . {{ galaxy_root }}/.bashrc
7 | . {{ galaxy_venv_dir }}/bin/activate
8 | python {{ galaxy_server_dir }}/scripts/grt/export.py -g {{ galaxy_config_dir }}/grt.yml -r {{ galaxy_mutable_data_dir }}/reports/ -b 10000 -c {{ galaxy_config_dir }}/galaxy.ini
9 | dest: /usr/bin/galaxy-grt-export
10 | owner: root
11 | group: root
12 | mode: 0755
13 |
14 | - name: Add to cron
15 | cron:
16 | name: "GRT Export"
17 | minute: 0
18 | hour: 0
19 | weekday: 2
20 | job: /usr/bin/galaxy-grt-export
21 | user: "{{ galaxy_user.name }}"
22 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/tasks/plugins.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: install rabbitmq plugins
3 | get_url:
4 | url: "{{ item.url }}"
5 | dest: "{{ rabbitmq_plugin_dir }}"
6 | with_items: "{{ rabbitmq_plugins }}"
7 | when: item.url is defined
8 |
9 | - name: disable rabbitmq plugins
10 | rabbitmq_plugin:
11 | names: "{{ rabbitmq_plugins_disabled | join(',') }}"
12 | state: disabled
13 |
14 | - name: set enabled rabbitmq plugins
15 | set_fact:
16 | rabbitmq_plugins_enabled: "{{ rabbitmq_plugins_enabled + [ item.name | default(item) ] }}"
17 | with_items: "{{ rabbitmq_plugins }}"
18 |
19 | - name: enable rabbitmq plugins
20 | rabbitmq_plugin:
21 | names: "{{ rabbitmq_plugins_enabled | join(',') }}"
22 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.gie-node-proxy/templates/galaxy-gie-proxy.service.j2:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Galaxy GIE NodeJS Proxy
3 | After=network.target
4 | After=time-sync.target
5 |
6 | [Service]
7 | UMask=022
8 | Type=simple
9 | User=galaxy
10 | Group=galaxy
11 | WorkingDirectory={{ galaxy_root }}/node-proxy
12 | TimeoutStartSec=5
13 | ExecStart={{ galaxy_root }}/venv/bin/node lib/main.js --ip 127.0.0.1 --port 8800 --sessions {{ galaxy_mutable_config_dir }}/interactivetools_map.sqlite --cookie galaxysession --verbose
14 | MemoryLimit=4G
15 | Restart=always
16 | StartLimitIntervalSec=0
17 | RestartSec=1
18 |
19 | MemoryAccounting=yes
20 | CPUAccounting=yes
21 | BlockIOAccounting=yes
22 |
23 | [Install]
24 | WantedBy=multi-user.target
25 |
--------------------------------------------------------------------------------
/telescope.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - hosts: telescope
3 | become: true
4 | vars:
5 | hostname: telescope.internal.galaxyproject.eu
6 | vars_files:
7 | - "secret_group_vars/all.yml"
8 | pre_tasks:
9 | - package:
10 | name: ['python-psycopg2']
11 | roles:
12 | - hostname
13 | - usegalaxy-eu.dynmotd
14 | - geerlingguy.repo-epel
15 | - hxr.admin-tools
16 | - influxdata.chrony
17 | - hxr.monitor-email
18 | - linuxhq.yum_cron
19 | - galaxyproject.nginx
20 | - hxr.autofs
21 | # BEGIN custom
22 | - usegalaxy-eu.gxadmin
23 | - usegalaxy-eu.galactic-radio-telescope
24 | # END custom
25 | - dj-wasabi.telegraf
26 | - dev-sec.os-hardening
27 | - dev-sec.ssh-hardening
28 |
--------------------------------------------------------------------------------
/files/galaxy/config/echo_main_env.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | sleep $sleep_time;
4 | #if $dump_env == "true":
5 | env | sort > $out_file1;
6 | #else
7 | echo "hi" > $out_file1;
8 | #end if
9 | exit $exit_code;
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
--------------------------------------------------------------------------------
/group_vars/htcondor/vault.yml:
--------------------------------------------------------------------------------
1 | $ANSIBLE_VAULT;1.1;AES256
2 | 31353533313831356632376636636564653732313930623263376437313362386632623732306136
3 | 3465326632326138646330353164336363653764396237370a393562613834343765313835656362
4 | 66633030353534663831323939386335316130343137396139633038366438613731376130663564
5 | 6635643366613463390a663637643834366632643730666131323737633966393335343734663731
6 | 63346138623034333265633465376633313537313062633633353261623934333037646532303132
7 | 63643364633136613265333461623036313964383932336335623236623462316437303964346163
8 | 32386236303765353936333563303934323964383039626233613333396431383936326530343931
9 | 33636531343831663864373365613036333964343534616664356462383066623238326138373435
10 | 3566
11 |
--------------------------------------------------------------------------------
/files/galaxy-test/config/echo_main_env.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | sleep $sleep_time;
4 | #if $dump_env == "true":
5 | env | sort > $out_file1;
6 | #else
7 | echo "hi" > $out_file1;
8 | #end if
9 | exit $exit_code;
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
--------------------------------------------------------------------------------
/templates/nginx/proxy.j2:
--------------------------------------------------------------------------------
1 | server {
2 | listen 80 default_server;
3 | listen [::]:80 default_server;
4 |
5 | server_name {{ inventory_hostname }};
6 |
7 | location /.well-known/ {
8 | root {{ certbot_well_known_root }};
9 | }
10 |
11 | # TODO: move this to be a separate vhost
12 | location / {
13 | proxy_set_header Host $host:$server_port;
14 | proxy_set_header X-Real-IP $remote_addr;
15 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
16 | proxy_set_header X-Forwarded-Proto $scheme;
17 | proxy_pass http://cvmfs1-ufr0.internal.galaxyproject.eu;
18 | proxy_pass_request_headers on;
19 | }
20 | }
21 |
--------------------------------------------------------------------------------
/roles/geerlingguy.nginx/tasks/setup-RedHat.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Enable nginx repo.
3 | template:
4 | src: nginx.repo.j2
5 | dest: /etc/yum.repos.d/nginx.repo
6 | owner: root
7 | group: root
8 | mode: 0644
9 | when: nginx_yum_repo_enabled
10 |
11 | - name: Ensure nginx is installed.
12 | yum:
13 | name: "{{ nginx_package_name }}"
14 | state: installed
15 |
16 |
17 | - name: check if selinux is enabled
18 | tags: selinuxCheck
19 | register: selinuxCheckOut
20 | command: getenforce
21 |
22 | - name: "Allow connecting to localhost"
23 | seboolean:
24 | name: httpd_can_network_connect
25 | state: yes
26 | persistent: yes
27 | when: not ansible_check_mode and selinuxCheckOut.stdout_lines == "Enforcing"
28 |
--------------------------------------------------------------------------------
/roles/hxr.apollo/defaults/main.yml:
--------------------------------------------------------------------------------
1 | apollo_version: 2.4.1
2 | apollo_tmp_file: "/tmp/apollo-{{ apollo_version }}.zip"
3 | # do NOT end this with a /
4 | tomcat_apollo_webapp_dir: /usr/share/tomcat/webapps/apollo
5 |
6 | apollo_data_directory: /data/dnb01/apollo
7 |
8 | apollo_db_username: apollo
9 | #apollo_db_password:
10 | apollo_db_uri: jdbc:postgresql://sn03.bi.uni-freiburg.de:5432/apollo
11 | apollo_chado_username: apollo
12 | #apollo_chado_password:
13 | apollo_chado_uri: jdbc:postgresql://sn03.bi.uni-freiburg.de:5432/chado
14 |
15 | apollo_admin_username: admin@usegalaxy.eu
16 | #apollo_admin_password:
17 | apollo_admin_firstname: UseGalaxy.eu
18 | apollo_admin_lastname: Admin
19 |
20 | apollo_config_apollo: ""
21 | apollo_config_jbrowse: ""
22 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.galactic-radio-telescope/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | #- include_tasks: account.yml
3 | #when: grt_create_group or grt_create_user
4 | - include_tasks: user.yml
5 | when: grt_create_user
6 |
7 | - include_tasks: dirs.yml
8 |
9 | - name: Clone repository
10 | git:
11 | repo: "https://github.com/erasche/galactic-radio-telescope"
12 | dest: "{{ grt_dir }}/code/"
13 | version: "{{ grt_version }}"
14 | force: "{{ grt_force_checkout }}"
15 | register: repo_cloned
16 | notify: 'reload grt'
17 |
18 | - include_tasks: dependencies.yml
19 |
20 | - include_tasks: django.yml
21 | when: repo_cloned.changed
22 |
23 | - include_tasks: config.yml
24 |
25 | - include_tasks: systemd.yml
26 |
27 | - include_tasks: cron.yml
28 |
--------------------------------------------------------------------------------
/.github/workflows/ci.yml:
--------------------------------------------------------------------------------
1 | ---
2 | name: CI
3 | 'on':
4 | pull_request:
5 | push:
6 | branches:
7 | - master
8 |
9 | defaults:
10 | run:
11 | working-directory: 'infrastructure-playbook'
12 |
13 | jobs:
14 | lint:
15 | name: Lint
16 | runs-on: ubuntu-latest
17 | steps:
18 | - name: Check out the codebase.
19 | uses: actions/checkout@v2
20 | with:
21 | path: 'infrastructure-playbook'
22 |
23 | - name: Set up Python 3.
24 | uses: actions/setup-python@v2
25 | with:
26 | python-version: '3.x'
27 |
28 | - name: Install test dependencies.
29 | run: pip3 install yamllint
30 |
31 | - name: Lint code.
32 | run: |
33 | yamllint .
34 |
--------------------------------------------------------------------------------
/plausible.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Plausible
3 | hosts: plausible
4 | become: true
5 | vars:
6 | hostname: plausible.galaxyproject.eu
7 | vars_files:
8 | - secret_group_vars/all.yml
9 | - secret_group_vars/plausible.yml
10 | collections:
11 | - devsec.hardening
12 | roles:
13 | - hostname
14 | - usegalaxy-eu.dynmotd
15 | - geerlingguy.repo-epel
16 | - hxr.admin-tools
17 | - influxdata.chrony
18 | - usegalaxy-eu.autoupdates
19 | - galaxyproject.nginx
20 | # missing iptables, pip3 install docker
21 | - geerlingguy.docker
22 | # Custom
23 | - usegalaxy-eu.plausible
24 | # End Custom
25 | - dj-wasabi.telegraf
26 | # - os_hardening
27 | # - nginx_hardening
28 | # - ssh_hardening
29 |
--------------------------------------------------------------------------------
/roles/devops.tomcat7/tasks/configure.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # tasks for tomcat 7 Configure
3 |
4 | - name: Copy tomcat server.xml.
5 | template:
6 | src: server.xml.j2
7 | dest: "{{ tomcat7_conf_dir }}/server.xml"
8 | owner: root
9 | group: root
10 | mode: 0664
11 | backup: yes
12 | notify: restart tomcat
13 |
14 | - name: Copy tomcat tomcat-users.xml.
15 | template:
16 | src: tomcat-users.xml.j2
17 | dest: "{{ tomcat7_conf_dir }}/tomcat-users.xml"
18 | owner: root
19 | group: root
20 | mode: 0664
21 | backup: yes
22 | notify: restart tomcat
23 |
24 | - name: Ensure tomcat services is started and enabled at boot.
25 | service:
26 | name: "{{ tomcat7_service }}"
27 | state: started
28 | enabled: yes
29 |
--------------------------------------------------------------------------------
/roles/hxr.monitor-cvmfs/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Ensure curl is installed
3 | package:
4 | name: curl
5 | state: present
6 |
7 | - name: Deploy CVMFS data processor
8 | template:
9 | src: main.sh
10 | dest: /usr/bin/check_cvmfs_repos
11 | owner: root
12 | group: root
13 | mode: 0755
14 | notify: 'Restart Telegraf'
15 |
16 | - set_fact:
17 | check_cvmfs_telegraf:
18 | check_cvmfs_telegraf:
19 | plugin: exec
20 | config:
21 | - commands = ["/usr/bin/check_cvmfs_repos"]
22 | - timeout = "2m"
23 | - data_format = "influx"
24 | - interval = "5m"
25 |
26 | - set_fact:
27 | telegraf_plugins_extra: "{{ telegraf_plugins_extra | combine(check_cvmfs_telegraf) }}"
28 |
--------------------------------------------------------------------------------
/files/galaxy-test/config/object_store_conf.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
--------------------------------------------------------------------------------
/group_vars/dnbd3/vars.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # --- dnbd3 setup vars ---
3 | #dnbd3_base_path: "/mnt/s3/dnbd3"
4 | dnbd3_git_tag: "master"
5 | dnbd3_git_repo: "git://git.openslx.org/dnbd3.git"
6 | # --- dnbd3 config vars ---
7 | dnbd3_listen_port: "5003"
8 | dnbd3_client_penalty: "100000"
9 | dnbd3_primary: "{{ hostvars['dnbd3-primary.galaxyproject.eu']['ansible_default_ipv4']['address'] }}"
10 | dnbd3_primary_comment: "Primary DNBD3 server, which replicates S3FS mounted QCOW2 images."
11 | # dnbd3_primary_backup: "10.20.56.174"
12 | # dnbd3_primary_backup_comment: "Secondary/backup DNBD3 server, which replicates S3FS mounted QCOW2 images."
13 | dnbd3_poxys:
14 | - ip: "{{ hostvars['dnbd3-proxy.galaxyproject.eu']['ansible_default_ipv4']['address'] }}"
15 | comment: "1st DNBD3 Proxy"
16 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.fix-ancient-ftp-data/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Remove old FTP data
3 | ansible.builtin.cron:
4 | name: Remove old FTP data
5 | minute: 0
6 | hour: 1
7 | user: "{{ galaxy_user.name }}"
8 | job: |
9 | cd "{{ galaxy_config['galaxy']['ftp_upload_dir'] }}" && find . -type f -not -newermt "3 months ago" -exec rm '{}' +
10 |
11 | - name: Copy script to create FTP users
12 | ansible.builtin.template:
13 | src: "fix-ftp.sh.j2"
14 | dest: /usr/bin/fix-ftp
15 | mode: '0755'
16 | owner: root
17 | group: root
18 |
19 | - name: Add to cron the script to create FTP users
20 | ansible.builtin.cron:
21 | name: "Fix ftp"
22 | job: /usr/bin/fix-ftp
23 | minute: "*/15"
24 | user: "{{ galaxy_user.name }}"
25 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.gie-node-proxy/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Clone nodejs stuff
3 | git:
4 | repo: https://github.com/usegalaxy-eu/gie-nodejs-proxy
5 | dest: "{{ galaxy_root }}/node-proxy"
6 | version: ie2
7 | notify:
8 | - gie systemd restart
9 |
10 | - name: Install deps
11 | npm:
12 | path: "{{ galaxy_root }}/node-proxy"
13 | environment:
14 | PATH: "{{ galaxy_root }}/venv/bin:{{ ansible_env.PATH }}"
15 | notify:
16 | - gie systemd restart
17 |
18 | - name: Copy main systemd file
19 | template:
20 | src: galaxy-gie-proxy.service.j2
21 | dest: "/etc/systemd/system/galaxy-gie-proxy.service"
22 | owner: root
23 | group: root
24 | mode: 0644
25 | notify:
26 | - gie systemd reload
27 | - gie systemd restart
28 |
--------------------------------------------------------------------------------
/templates/galaxy-test/config/build_sites.yml.j2:
--------------------------------------------------------------------------------
1 | ---
2 | - type: ucsc
3 | file: "/cvmfs/data.galaxyproject.org/managed/location/ucsc_build_sites.txt"
4 | display: [main,archaea,ucla]
5 | - type: gbrowse
6 | file: "{{ galaxy_server_dir }}/tool-data/shared/gbrowse/gbrowse_build_sites.txt"
7 | display: [wormbase,tair,modencode_worm,modencode_fly]
8 | - type: ensembl
9 | file: "{{ galaxy_server_dir }}/tool-data/shared/ensembl/ensembl_sites.txt"
10 | - type: ensembl_data_url
11 | file: "{{ galaxy_server_dir }}/tool-data/shared/ensembl/ensembl_sites_data_URL.txt"
12 | - type: igv
13 | file: "{{ galaxy_server_dir }}/tool-data/shared/igv/igv_build_sites.txt.sample"
14 | - type: rviewer
15 | file: "{{ galaxy_server_dir }}/tool-data/shared/rviewer/rviewer_build_sites.txt.sample"
16 |
--------------------------------------------------------------------------------
/templates/galaxy/config/user_filters.py.j2:
--------------------------------------------------------------------------------
1 | special_sections = set([
2 | {% for section in toolbox.toolbox_sections %}{% for incl in section.include_sections %}
3 | "{{ incl }}",
4 | {% endfor %}{% endfor %}
5 | ])
6 |
7 | {% for section in toolbox.toolbox_sections %}
8 | def section_{{ section.name | regex_replace('[^A-Za-z0-9_]*', '') }}(context, section):
9 | """
10 | Toolbox filter for {{ section.name }}
11 |
12 | This filter will hide all tools in the section "{{ section.name }}".
13 | """
14 | # By default we should return true for non-special sections
15 | if section.name not in special_sections:
16 | return True
17 |
18 | return section.name in ["{{ section.include_sections | join('", "')}}"]
19 |
20 | {% endfor %}
21 |
--------------------------------------------------------------------------------
/roles/hxr.aws-cli/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Ensure AWS directory exists
3 | file:
4 | path: "{{ item.homedir | default('/root') }}/.aws"
5 | state: directory
6 | owner: "{{ item.owner | default('root') }}"
7 | group: "{{ item.group | default('root') }}"
8 | mode: 0750
9 | with_items: "{{ aws_cli_credentials }}"
10 |
11 | - name: "Deploy credentials to an account"
12 | copy:
13 | content: |
14 | [default]
15 | aws_access_key_id={{ item.access_key }}
16 | aws_secret_access_key={{ item.secret_key }}
17 | dest: "{{ item.homedir | default('/root') }}/.aws/config"
18 | owner: "{{ item.owner | default('root') }}"
19 | group: "{{ item.group | default('root') }}"
20 | mode: 0400
21 | with_items: "{{ aws_cli_credentials }}"
22 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.webhooks/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: Clone webhook repository
2 | ansible.builtin.git:
3 | repo: '{{ galaxy_webhook_url }}'
4 | dest: '{{ galaxy_webhook_dir }}'
5 | version: master
6 | force: 'yes'
7 |
8 | - name: Create toolmsg plugins directory in webhook directory
9 | ansible.builtin.file:
10 | path: '{{ galaxy_webhook_dir }}/toolmsg_24.2'
11 | state: directory
12 | mode: '0755'
13 |
14 | - name: Template toolmsg_24.2 webhook files
15 | ansible.builtin.template:
16 | src: '{{ item }}'
17 | dest: "{{ galaxy_webhook_dir }}/toolmsg_24.2/{{ item | basename | regex_replace('\\.j2$', '') }}"
18 | mode: 0644
19 | with_fileglob:
20 | - '{{ galaxy_webhook_plugins_template_dir }}/toolmsg_24.2/*'
21 | notify: Restart Galaxy
22 |
--------------------------------------------------------------------------------
/templates/galaxy-test/config/user_filters.py.j2:
--------------------------------------------------------------------------------
1 | special_sections = set([
2 | {% for section in toolbox.toolbox_sections %}{% for incl in section.include_sections %}
3 | "{{ incl }}",
4 | {% endfor %}{% endfor %}
5 | ])
6 |
7 | {% for section in toolbox.toolbox_sections %}
8 | def section_{{ section.name | regex_replace('[^A-Za-z0-9_]*', '') }}(context, section):
9 | """
10 | Toolbox filter for {{ section.name }}
11 |
12 | This filter will hide all tools in the section "{{ section.name }}".
13 | """
14 | # By default we should return true for non-special sections
15 | if section.name not in special_sections:
16 | return True
17 |
18 | return section.name in ["{{ section.include_sections | join('", "')}}"]
19 |
20 | {% endfor %}
21 |
--------------------------------------------------------------------------------
/roles/hxr.galaxy-echo-tool/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: "Nagios tools directory"
3 | file:
4 | path: "{{ galaxy_tool_dir }}/nagios/"
5 | state: directory
6 | owner: "{{ galaxy_user.name }}"
7 | group: "{{ galaxy_group }}"
8 | mode: 0755
9 |
10 | - name: "Template nagios tools"
11 | template:
12 | src: echo.xml
13 | dest: "{{ galaxy_tool_dir }}/nagios/{{ item }}.xml"
14 | owner: "{{ galaxy_user.name }}"
15 | group: "{{ galaxy_group }}"
16 | mode: 0640
17 | with_items: "{{ galaxy_test_user.handlers }}"
18 |
19 | - name: "Nagios tool conf"
20 | template:
21 | src: nagios_tool_conf.xml
22 | dest: "{{ galaxy_conf_dir }}/nagios_tool_conf.xml"
23 | owner: "{{ galaxy_user.name }}"
24 | group: "{{ galaxy_group }}"
25 | mode: 0640
26 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.vgcn-monitoring/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # defaults file for usegalaxy-eu.vgcn-monitoring
3 | vgcn_infra_repo: https://github.com/usegalaxy-eu/vgcn-infrastructure
4 | vgcn_repo_dest_dir: /tmp/vgcn-infrastructure-repo
5 | vgcn_ven_dir: "{{ galaxy_venv_dir }}"
6 | openstack_executable: "{{ galaxy_venv_dir }}/bin/openstack"
7 |
8 | # Credentials are stored in the vault
9 | custom_vgcn_env: "/usr/bin/env OS_AUTH_TYPE={{ bwc_OS_AUTH_TYPE }} OS_AUTH_URL={{ bwc_OS_AUTH_URL }} OS_IDENTITY_API_VERSION={{ bwc_OS_IDENTITY_API_VERSION }} OS_REGION_NAME={{ bwc_OS_REGION_NAME }} OS_INTERFACE={{ bwc_OS_INTERFACE }} OS_APPLICATION_CREDENTIAL_ID={{ bwc_OS_APPLICATION_CREDENTIAL_ID }} OS_APPLICATION_CREDENTIAL_SECRET={{ bwc_OS_APPLICATION_CREDENTIAL_SECRET }} {{ vgcn_ven_dir }}/bin/python"
10 |
--------------------------------------------------------------------------------
/secret_group_vars/ftp.yml:
--------------------------------------------------------------------------------
1 | $ANSIBLE_VAULT;1.1;AES256
2 | 32383837373736623732356465353230643834336132643765633237323136643131313634613530
3 | 3463613535306634633866666538643865393166313463630a666537363236386131616666626239
4 | 33356561313266353263373735363361613261326261633261616133316663336637356630346136
5 | 6231386638303836360a663335366131333730643434653330363164383139373164653531313832
6 | 63333430336362373638366466343231663531303136636364373838643732366135306563343964
7 | 66353866306366343961383463373463303130313235646332386662333137633364386134393335
8 | 31626564616138663634633565646333313462633263313831336133366463306631623236313532
9 | 39383834356131323462353032333864373837623463383732363436656234633030663836633962
10 | 30326537376438623166393434646665323532393130326431363038393063373535
11 |
--------------------------------------------------------------------------------
/bin/clean-deps.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | for repo__version in $(ansible-galaxy list | awk '{gsub(", ", "\t"); print $2"__"$3}'); do
4 | vers="$(echo "$repo__version" | sed 's/.*__//g')"
5 | repo="$(echo "$repo__version" | sed 's/__.*//g')"
6 |
7 | # Ignore these, not proper ones.
8 | if [[ "$vers" != "(unkonwn" ]]; then
9 | results="$(grep "$repo" -A2 requirements.yaml)"
10 | ec=$?
11 |
12 | # Not under git's control
13 | if (( ec == 0 )); then
14 | expected_version=$(echo "$results" | grep version | sed 's/.*version: //g')
15 |
16 | if [[ "$expected_version" != "master" ]]; then
17 | if [[ "$vers" != "$expected_version" ]]; then
18 | echo "Removing $repo: $vers != $expected_version";
19 | ansible-galaxy remove "$repo"
20 | fi
21 | fi
22 | fi
23 | fi
24 | done
25 |
--------------------------------------------------------------------------------
/roles/hxr.monitor-cluster/files/cluster_util-sge.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | mem_alloc_sge=$(qstat -u galaxy -ne -s r -r -xml | grep h_vmem | sed 's/<\/.*//' | sed 's/^.*>//;s/G/ * 1024/g;s/M/ * 1/g' | bc | paste -s -d'+' | bc)
3 | mem_total_sge=$(qhost | grep -v -- '-\s*-\s*-' | grep -v cnt | grep -v HOSTNAME | awk '{print $8}' | sed 's/G/* 1024/' | paste -s -d+ | bc)
4 | mem_perc_sge=$(echo "$mem_alloc_sge / $mem_total_sge" | bc -l)
5 | cpu_alloc_sge=$(qstat -u galaxy -ne -s r | grep '^[0-9][0-9]*' | awk '{ print $9}' | paste -s -d'+' | bc)
6 | cpu_total_sge=$(qhost | grep -v -- '-\s*-\s*-' | grep -v cnt | grep -v HOSTNAME | awk '{print $3}' | paste -s -d+ | bc)
7 | cpu_perc_sge=$(echo "$cpu_alloc_sge / $cpu_total_sge" | bc -l)
8 | echo "cluster.alloc,cluster=sge,group=all cores=0$cpu_perc_sge,memory=0$mem_perc_sge"
9 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.grt-client/templates/grt-export.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Prevent duplicate processes
4 | pgrep -f 'scripts/grt/export.py' && echo 'Previous GRT export still running' && exit
5 |
6 | # Otherwise start the export
7 | start=$(date +%s)
8 | python scripts/grt/export.py \
9 | --report-directory {{ galaxy_mutable_data_dir }}/reports/ \
10 | --grt-config {{ galaxy_config_dir }}/grt.yml \
11 | --config-file {{ galaxy_config_dir }}/{{ galaxy_config_file_basename }} \
12 | --loglevel info \
13 | --batch-size 10000
14 | ec=$?
15 | end=$(date +%s)
16 |
17 | {% if gxadmin_influx_task_notifier is defined %}
18 | runtime=$((start - end))
19 | gxadmin meta influx-post {{ gxadmin_influx_task_notifier_db }} <(echo "grt-export,host=$HOST code=$ec,runtime=$runtime $(date +%s%N)")
20 | {% endif %}
21 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.plausible/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Clone repository
3 | git:
4 | repo: "https://github.com/usegalaxy-eu/hosting"
5 | dest: "{{ plausible_dir }}"
6 | version: "master"
7 | force: "true"
8 | register: repo_cloned
9 |
10 | - name: Template config
11 | template:
12 | src: plausible.j2
13 | dest: "{{ plausible_dir }}/plausible-conf.env"
14 | owner: root
15 | group: root
16 | mode: '0640'
17 |
18 | - name: Template config for mail
19 | template:
20 | src: plausible-mail.j2
21 | dest: "{{ plausible_dir }}/plausible-mail-conf.env"
22 | owner: root
23 | group: root
24 | mode: '0640'
25 |
26 | - name: Create and start services
27 | docker_compose:
28 | project_src: "{{ plausible_dir }}"
29 | #when: repo_cloned.changed
30 |
--------------------------------------------------------------------------------
/templates/encoder/vars/toml_test.yaml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | toml_data:
4 | title: TOML Example
5 | owner:
6 | name: Tom Preston-Werner
7 | organization: GitHub
8 | bio: "GitHub Cofounder & CEO\nLikes tater tots and beer."
9 | dob: "1979-05-27T07:32:00Z"
10 | database:
11 | server: 192.168.1.1
12 | ports: [ 8001, 8001, 8002 ]
13 | connection_max: 5000
14 | enabled: true
15 | servers:
16 | alpha:
17 | ip: 10.0.0.1
18 | dc: eqdc10
19 | beta:
20 | ip: 10.0.0.2
21 | dc: eqdc10
22 | country: "中国"
23 | clients:
24 | data: [ ["gamma", "delta"], [1, 2] ]
25 | hosts: [ "alpha", "omega" ]
26 | products:
27 | -
28 | name: Hammer
29 | sku: 738594937
30 | -
31 | name: Nail
32 | sku: 284758393
33 | color: gray
34 |
--------------------------------------------------------------------------------
/one-off/denbi-stratum0.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - hosts: denbistratum0
3 | become: true
4 | vars:
5 | cvmfs_role: 'stratum0'
6 | usegalaxy_eu_autofs_mounts:
7 | - vdb
8 | vars_files:
9 | - "secret_group_vars/all.yml"
10 | pre_tasks:
11 | - file:
12 | src: /data/vol/
13 | dest: /srv
14 | owner: root
15 | group: root
16 | state: link
17 | force: true
18 | roles:
19 | - hxr.admin-tools
20 | - influxdata.chrony
21 | - geerlingguy.repo-epel
22 | - hxr.monitor-email
23 | - linuxhq.yum_cron
24 | - hxr.autofs
25 | # BEGIN custom
26 | - galaxyproject.cvmfs
27 | - hxr.monitor-squid
28 | - hxr.monitor-cvmfs
29 | # END custom
30 | - dj-wasabi.telegraf
31 | #- dev-sec.os-hardening
32 | #- dev-sec.ssh-hardening
33 |
--------------------------------------------------------------------------------
/roles/geerlingguy.haproxy/.travis.yml:
--------------------------------------------------------------------------------
1 | ---
2 | services: docker
3 |
4 | env:
5 | - distro: centos7
6 | - distro: centos6
7 | - distro: ubuntu1604
8 | - distro: ubuntu1404
9 | - distro: ubuntu1204
10 |
11 | script:
12 | # Configure test script so we can run extra tests after playbook is run.
13 | - export container_id=$(date +%s)
14 | - export cleanup=false
15 |
16 | # Download test shim.
17 | - wget -O ${PWD}/tests/test.sh https://gist.githubusercontent.com/geerlingguy/73ef1e5ee45d8694570f334be385e181/raw/
18 | - chmod +x ${PWD}/tests/test.sh
19 |
20 | # Run tests.
21 | - ${PWD}/tests/test.sh
22 |
23 | # Make sure haproxy is installed.
24 | - 'docker exec --tty ${container_id} env TERM=xterm haproxy -v'
25 |
26 | notifications:
27 | webhooks: https://galaxy.ansible.com/api/v1/notifications/
28 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.galactic-radio-telescope/tasks/config.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Ensure config directory is available
3 | file:
4 | path: "{{ grt_dir }}/config"
5 | state: directory
6 | owner: root
7 | group: "{{ grt_group.name }}"
8 | mode: 0750
9 |
10 | - name: Send templates
11 | template:
12 | src: "{{ item }}"
13 | dest: "{{ grt_dir }}/config/{{ item }}"
14 | owner: root
15 | group: "{{ grt_group.name }}"
16 | mode: 0640
17 | with_items:
18 | - uwsgi.yml
19 | - env.sh
20 | notify: 'reload grt'
21 |
22 | - name: Send web data
23 | copy:
24 | src: "{{ item }}"
25 | dest: "{{ grt_web_dir }}/{{ item }}"
26 | owner: root
27 | group: "{{ grt_group.name }}"
28 | mode: 0644
29 | with_items:
30 | - tos.html
31 | - index.html
32 | - grt.png
33 |
--------------------------------------------------------------------------------
/templates/galaxy/config/build_sites.yml.j2:
--------------------------------------------------------------------------------
1 | ---
2 | - type: ucsc
3 | ##file: "/cvmfs/data.galaxyproject.org/managed/location/ucsc_build_sites.txt"
4 | file: "/opt/galaxy/config/ucsc_build_sites.txt"
5 | display: [main,archaea,ucla]
6 | - type: gbrowse
7 | file: "{{ galaxy_server_dir }}/tool-data/shared/gbrowse/gbrowse_build_sites.txt"
8 | display: [wormbase,tair,modencode_worm,modencode_fly]
9 | - type: ensembl
10 | file: "{{ galaxy_server_dir }}/tool-data/shared/ensembl/ensembl_sites.txt"
11 | - type: ensembl_data_url
12 | file: "{{ galaxy_server_dir }}/tool-data/shared/ensembl/ensembl_sites_data_URL.txt"
13 | - type: igv
14 | file: "{{ galaxy_server_dir }}/tool-data/shared/igv/igv_build_sites.txt.sample"
15 | - type: rviewer
16 | file: "{{ galaxy_server_dir }}/tool-data/shared/rviewer/rviewer_build_sites.txt.sample"
17 |
--------------------------------------------------------------------------------
/roles/geerlingguy.haproxy/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | haproxy_socket: /var/lib/haproxy/stats
3 | haproxy_chroot: /var/lib/haproxy
4 | haproxy_user: haproxy
5 | haproxy_group: haproxy
6 |
7 | # Frontend settings.
8 | haproxy_frontend_name: 'hafrontend'
9 | haproxy_frontend_bind_address: '*'
10 | haproxy_frontend_port: 80
11 | haproxy_frontend_mode: 'http'
12 |
13 | # Backend settings.
14 | haproxy_backend_name: 'habackend'
15 | haproxy_backend_mode: 'http'
16 | haproxy_backend_balance_method: 'roundrobin'
17 | haproxy_backend_httpchk: 'HEAD / HTTP/1.1\r\nHost:localhost'
18 |
19 | # List of backend servers.
20 | haproxy_backend_servers: []
21 | # - name: app1
22 | # address: 192.168.0.1:80
23 | # - name: app2
24 | # address: 192.168.0.2:80
25 |
26 | # Extra global vars (see README for example usage).
27 | haproxy_global_vars: []
28 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.fix-unscheduled-jobs/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: "Deploy fixer upper script"
3 | copy:
4 | content: |
5 | #!/bin/bash
6 | . {{ galaxy_root }}/.bashrc
7 | journalctl -u galaxy-handler@* --since '20 minutes ago' | \
8 | grep 'failure running job' | \
9 | awk '{print $13}' | \
10 | sort -u | \
11 | xargs -I{} -n1 --no-run-if-empty -P1 gxadmin mutate fail-job {} --commit;
12 | gxadmin mutate fail-terminal-datasets --commit > /dev/null;
13 | dest: /usr/bin/galaxy-fix-unscheduled-jobs
14 | owner: root
15 | group: root
16 | mode: 0755
17 |
18 | - name: Add to cron
19 | cron:
20 | name: "Fix unscheduled jobs"
21 | minute: "*/20"
22 | job: /usr/bin/galaxy-fix-unscheduled-jobs
23 | user: "{{ galaxy_user.name }}"
24 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.vgcn-monitoring/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: copy vgcn_monitoring template
3 | template:
4 | src: vgcn_monitoring.py.j2
5 | dest: /usr/local/bin/vgcn_monitoring.py
6 | owner: root
7 | group: root
8 | mode: 0755
9 |
10 | - name: Add command to sudoers to ensure condor permissions
11 | community.general.sudoers:
12 | name: vgcn-monitoring
13 | user: telegraf
14 | commands:
15 | - "{{ vgcn_ven_dir }}/bin/python /usr/local/bin/vgcn_monitoring.py"
16 | - "/usr/bin/env"
17 | notify: restart telegraf
18 |
19 | - name: Add VGCN monitoring Telegraf configuration
20 | template:
21 | src: vgcn_monitoring.conf.j2
22 | dest: /etc/telegraf/telegraf.d/vgcn_monitoring.conf
23 | owner: telegraf
24 | group: telegraf
25 | mode: 0640
26 | notify: restart telegraf
27 |
--------------------------------------------------------------------------------
/roles/geerlingguy.nginx/meta/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | dependencies: []
3 |
4 | galaxy_info:
5 | author: geerlingguy
6 | description: Nginx installation for Linux, FreeBSD and OpenBSD.
7 | company: "Midwestern Mac, LLC"
8 | license: "license (BSD, MIT)"
9 | min_ansible_version: 1.8
10 | platforms:
11 | - name: EL
12 | versions:
13 | - 6
14 | - 7
15 | - name: Debian
16 | versions:
17 | - all
18 | - name: Ubuntu
19 | versions:
20 | - trusty
21 | - xenial
22 | - name: Archlinux
23 | versions:
24 | - all
25 | - name: FreeBSD
26 | versions:
27 | - 10.3
28 | - 10.2
29 | - 10.1
30 | - 10.0
31 | - 9.3
32 | - name: OpenBSD
33 | versions:
34 | - 5.9
35 | - 6.0
36 | galaxy_tags:
37 | - development
38 | - web
39 |
--------------------------------------------------------------------------------
/roles/jasonroyle.rabbitmq/templates/config-encoder-macros/vars/toml_test.yaml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | toml_data:
4 | title: TOML Example
5 | owner:
6 | name: Tom Preston-Werner
7 | organization: GitHub
8 | bio: "GitHub Cofounder & CEO\nLikes tater tots and beer."
9 | dob: "1979-05-27T07:32:00Z"
10 | database:
11 | server: 192.168.1.1
12 | ports: [ 8001, 8001, 8002 ]
13 | connection_max: 5000
14 | enabled: true
15 | servers:
16 | alpha:
17 | ip: 10.0.0.1
18 | dc: eqdc10
19 | beta:
20 | ip: 10.0.0.2
21 | dc: eqdc10
22 | country: "中国"
23 | clients:
24 | data: [ ["gamma", "delta"], [1, 2] ]
25 | hosts: [ "alpha", "omega" ]
26 | products:
27 | -
28 | name: Hammer
29 | sku: 738594937
30 | -
31 | name: Nail
32 | sku: 284758393
33 | color: gray
34 |
--------------------------------------------------------------------------------
/templates/nginx/ftp.j2:
--------------------------------------------------------------------------------
1 | proxy_cache_path /tmp/cache levels=1:2 keys_zone=STATIC:100m inactive=24h max_size=1g;
2 |
3 | server {
4 |
5 | listen 443 ssl default_server;
6 | listen [::]:443 ssl default_server;
7 |
8 | server_name {{ inventory_hostname }};
9 |
10 | location /assets/ {
11 | proxy_pass https://usegalaxy-eu.github.io/assets/;
12 | proxy_cache STATIC;
13 | proxy_cache_valid 200 1d;
14 | proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
15 | }
16 | location / {
17 | proxy_pass https://usegalaxy-eu.github.io/ftp/;
18 | proxy_cache STATIC;
19 | proxy_cache_valid 200 1d;
20 | proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
21 | }
22 | }
23 |
--------------------------------------------------------------------------------
/templates/nginx/galaxy-test-proxy.j2:
--------------------------------------------------------------------------------
1 | server {
2 | listen 443 ssl;
3 | listen [::]:443 ssl;
4 |
5 | server_name test.usegalaxy.eu;
6 |
7 | location / {
8 | proxy_pass http://test.internal.usegalaxy.eu/;
9 | }
10 | }
11 |
12 |
13 | server {
14 | listen 443 ssl;
15 | listen [::]:443 ssl;
16 |
17 | error_log /var/log/nginx/interactive-err.log;
18 | access_log /var/log/nginx/interactive-out.log;
19 |
20 | server_name ~^(?[0-9a-f-]*)\.interactivetoolentrypoint\.interactivetool\.test\.usegalaxy\.eu$;
21 |
22 | # No clue why this doesn't work with "location /" unlike every other instance of that???
23 | location ~ ^(/.*) {
24 | proxy_pass http://$key.interactivetoolentrypoint.interactivetool.test.internal.usegalaxy.eu$1;
25 | }
26 |
27 | # belwü is slow.
28 | resolver 8.8.8.8 8.8.4.4 valid=300s;
29 | resolver_timeout 5s;
30 | }
31 |
--------------------------------------------------------------------------------
/roles/pgs/templates/script.sh.j2:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -ex
3 | . {{ pgs_dir }}/venv/bin/activate;
4 | # Temporarily set umask usch that www-data can read our files.
5 | umask 0003
6 | MYTMP=$(mktemp -d)
7 |
8 | # Move into a temp dir
9 | cd $MYTMP
10 | # Fetch an updated list of URLs
11 | make -f {{ pgs_repo_dir }}/Makefile
12 | # Contact all servers
13 | python {{ pgs_repo_dir }}/process.py \
14 | --json_dir {{ pgs_web_dir }} servers.csv
15 |
16 | # Send to influxdb
17 | python {{ pgs_repo_dir }}/send-to-influx.py \
18 | --influx_db galaxy \
19 | --influx_ssl \
20 | --influx_host {{ influxdb.host }} \
21 | --influx_user {{ influxdb.node.username }} \
22 | --influx_pass {{ influxdb.node.password }} \
23 | --json_dir {{ pgs_web_dir }}
24 |
25 | # Build badges
26 | python {{ pgs_repo_dir }}/badges.py {{ pgs_web_dir }} {{ pgs_web_dir }}/badges/
27 |
28 | rm -rf $MYTMP
29 |
--------------------------------------------------------------------------------
/roles/hxr.api-check/templates/http-api-check.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | expect_http() {
3 | service=$1
4 | url=$2
5 | expected_status=$3
6 |
7 | t_start=$(date +%s.%N)
8 | curl_output=$(timeout 10 curl 2>/dev/null --silent --connect-timeout 10 $url -I)
9 | if [[ $? -eq 0 ]]; then
10 | response_code=$(echo $curl_output | head -n1 | awk '{print $2}');
11 | if [[ $response_code -eq $expected_status ]]; then
12 | status=0
13 | else
14 | status=1
15 | fi
16 | else
17 | response_code=999
18 | status=1
19 | fi
20 |
21 | t_end=$(date +%s.%N)
22 | t_delta=$(echo "1000000 * ($t_end - $t_start)" | bc -l)
23 | t_delta=$(echo $t_delta | sed 's/\..*//')
24 | echo "http-api-check,page=$service code=$response_code,request_time=0$t_delta,status=$status"
25 | }
26 |
27 | {% for c in http_api_check %}
28 | expect_http {{ c.name }} {{ c.url }} {{ c.code }}
29 | {% endfor %}
30 |
--------------------------------------------------------------------------------
/beacon.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Beacon
3 | become: true
4 | hosts:
5 | - beacon
6 | vars_files:
7 | - secret_group_vars/all.yml
8 | - group_vars/all.yml
9 | - group_vars/beacon/vars.yml
10 | - group_vars/beacon/vault.yml
11 | vars:
12 | collections:
13 | - devsec.hardening
14 | roles:
15 | - role: usegalaxy_eu.handy.os_setup
16 | vars:
17 | enable_hostname: true
18 | enable_powertools: true # geerlingguy.repo-epel role doesn't enable PowerTools repository
19 | enable_remap_user: true
20 | enable_create_user: true
21 | - usegalaxy-eu.autoupdates # keep all of our packages up to date
22 | - influxdata.chrony
23 | - dj-wasabi.telegraf
24 | - usegalaxy-eu.dynmotd # nicer MOTD/welcome message
25 | - paprikant.beacon
26 | - paprikant.beacon-importer
27 | # - os_hardening
28 | # - ssh_hardening
29 |
--------------------------------------------------------------------------------
/roles/hxr.monitor-email/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Deploy mail counter
3 | copy:
4 | src: main.sh
5 | dest: /usr/bin/check_mail_counts
6 | owner: root
7 | group: root
8 | mode: 0755
9 | notify: 'Restart Telegraf'
10 |
11 | - name: "Allow telegraf to run check_mail_counts"
12 | lineinfile:
13 | path: /etc/sudoers
14 | state: present
15 | insertafter: EOF
16 | line: 'telegraf ALL=(ALL) NOPASSWD: /usr/bin/check_mail_counts'
17 | notify: 'Restart Telegraf'
18 |
19 | - set_fact:
20 | plugin_config:
21 | email_counter:
22 | plugin: "exec"
23 | config:
24 | - commands = ["sudo /usr/bin/check_mail_counts"]
25 | - timeout = "10s"
26 | - data_format = "influx"
27 | - interval = "1h"
28 |
29 | - set_fact:
30 | telegraf_plugins_extra: "{{ telegraf_plugins_extra | combine(plugin_config) }}"
31 |
--------------------------------------------------------------------------------
/roles/hxr.grafana-gitter-bridge/README.md:
--------------------------------------------------------------------------------
1 | # TIaaS Group Join Service
2 |
3 | Install and configure [this mess](https://github.com/usegalaxy-eu/tiaas-group-join).
4 |
5 | TODO:
6 | - add systemd unit when can migrate to new host
7 |
8 | Requirements
9 | ------------
10 |
11 | RHEL / Centos7 / Centos6
12 |
13 | Role Variables
14 | --------------
15 |
16 | ```
17 | tiaas_galaxy_db_url: postgres
18 | tiaas_redirect_url: "https://usegalaxy.eu"
19 | tiaas_galaxy_idsecret: "DEFAULT IS INSECURE!"
20 | tiaas_trainings:
21 | - test
22 | tiaas_dir: /opt/tiaas
23 | tiaas_user: root
24 | tiaas_group: root
25 | tiaas_version: master
26 | ```
27 |
28 | Dependencies
29 | ------------
30 |
31 | None.
32 |
33 | Example Playbook
34 | ----------------
35 |
36 | TODO
37 |
38 | License
39 | -------
40 |
41 | GPL3
42 |
43 | Author Information
44 | ------------------
45 |
46 | [Helena Rasche](https://github.com/erasche)
47 |
--------------------------------------------------------------------------------
/group_vars/toolbox.yml:
--------------------------------------------------------------------------------
1 | ---
2 | toolbox:
3 | toolbox_sections:
4 | - name: Genomics (NGS)
5 | include_sections:
6 | - Variant calling
7 | - Epigenetics
8 | - Assembly
9 | - RAD-seq
10 | - Genome editing
11 |
12 | - name: Metagenomics
13 | include_sections:
14 | - Metagenomic analyses
15 | - Qiime
16 | - Mothur
17 |
18 | - name: Proteomics
19 | include_sections:
20 | - Proteomics
21 |
22 | - name: Metabolomics
23 | include_sections:
24 | - Metabolomics
25 |
26 | - name: Cheminformatics
27 | include_sections:
28 | - ChemicalToolBox
29 |
30 | - name: Genome Annotation
31 | include_sections:
32 | - Annotation
33 | - OBO Ontology manipulatoin
34 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.grt-client/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Deploy export
3 | template:
4 | src: grt-export.sh
5 | dest: /usr/bin/grt-export
6 | owner: "{{ galaxy_grt_exporter }}"
7 | mode: 0750
8 |
9 | - name: Deploy upload
10 | template:
11 | src: grt-eupload.sh
12 | dest: /usr/bin/grt-upload
13 | owner: "{{ galaxy_grt_uploader }}"
14 | mode: 0750
15 |
16 | - name: Cron job for export
17 | cron:
18 | name: GRT export
19 | job: /usr/bin/grt-export
20 | minute: "{{ galaxy_grt_export_minute | default(45) }}"
21 | hour: "{{ galaxy_grt_export_hour | default(0) }}"
22 | user: "{{ galaxy_grt_exporter}}"
23 |
24 | - name: Cron job for upload
25 | cron:
26 | name: GRT upload
27 | job: /usr/bin/grt-upload
28 | minute: "{{ galaxy_grt_upload_minute | default(15) }}"
29 | hour: "{{ galaxy_grt_upload_hour | default(5) }}"
30 | user: "{{ galaxy_grt_uploader}}"
31 |
--------------------------------------------------------------------------------
/roles/linuxhq.yum_cron/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Ensure that the yum-cron package is installed
3 | tags: yum_cron
4 | become: true
5 | yum:
6 | name: yum-cron
7 | state: present
8 | register: yum_cron_yum
9 |
10 | - name: Attempting to overlay yum-cron configurations
11 | tags: yum_cron
12 | become: true
13 | template:
14 | src: "{{ item.src }}"
15 | dest: "{{ item.dst }}"
16 | owner: root
17 | group: root
18 | mode: 0644
19 | notify: restart yum-cron
20 | with_items:
21 | - { src: yum-cron.conf.j2, dst: /etc/yum/yum-cron.conf }
22 | - { src: yum-cron-hourly.conf.j2, dst: /etc/yum/yum-cron-hourly.conf }
23 | when: yum_cron_yum is success
24 |
25 | - name: Enable and start the yum-cron service on boot
26 | tags: yum_cron
27 | become: true
28 | service:
29 | enabled: yes
30 | name: yum-cron
31 | state: started
32 | when: yum_cron_yum is success
33 | ...
34 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.fix-failing-to-fail-jobs/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: "Deploy fixer upper script"
3 | copy:
4 | content: |
5 | #!/bin/bash
6 | . {{ galaxy_root }}/.bashrc
7 | journalctl -u galaxy-handler@* --since '20 hour ago' | \
8 | grep "Caught exception while attempting to fail job" | \
9 | egrep -o '\([0-9]+\) Caught' | \
10 | sed 's/ Caught//g;s/(//g;s/)//g' | \
11 | sort -u | \
12 | xargs -I{} -n1 --no-run-if-empty -P1 gxadmin mutate fail-job {} --commit > /dev/null;
13 | gxadmin mutate fail-terminal-datasets --commit > /dev/null;
14 | dest: /usr/bin/galaxy-fix-failing-to-fail-jobs
15 | owner: root
16 | group: root
17 | mode: 0755
18 |
19 | - name: Add to cron
20 | cron:
21 | name: "Fix failing to fail jobs"
22 | minute: "*/20"
23 | job: /usr/bin/galaxy-fix-failing-to-fail-jobs
24 | user: "{{ galaxy_user.name }}"
25 |
--------------------------------------------------------------------------------
/roles/hxr.postgres-connection/tasks/postgres_tasks.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Add postgres connection configuration
3 | block:
4 | - name: Add env vars in bashrc
5 | lineinfile:
6 | path: "{{ item.uhome }}/.bashrc"
7 | regexp: "^export {{ task_item.var }}"
8 | line: "export {{ task_item.var }}='{{ task_item.val }}'"
9 | with_items:
10 | - var: PGUSER
11 | val: "{{ item.pguser }}"
12 | - var: PGHOST
13 | val: "{{ postgres_host }}"
14 | - var: PGDATABASE
15 | val: "{{ item.pgdatabase }}"
16 | loop_control:
17 | loop_var: task_item
18 |
19 | - name: Copy using the 'content' for inline data
20 | copy:
21 | content: |
22 | {{ postgres_host }}:{{ postgres_port }}:*:{{ item.pguser }}:{{ item.pgpass }}
23 | dest: "{{ item.uhome }}/.pgpass"
24 | mode: 0600
25 | owner: "{{ item.uname }}"
26 | group: "{{ item.gname }}"
27 |
--------------------------------------------------------------------------------
/roles/hxr.monitor-squid/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Ensure curl is installed
3 | package:
4 | name: curl
5 | state: present
6 |
7 | - name: Deploy squid data parser
8 | copy:
9 | src: "parse_squid.py"
10 | dest: "/usr/bin/parse_squid.py"
11 | owner: root
12 | group: root
13 | mode: 0755
14 | notify: 'Restart Telegraf'
15 |
16 | - name: Deploy squid data wrapper
17 | copy:
18 | src: "parse_squid.sh"
19 | dest: "/usr/bin/parse_squid"
20 | owner: root
21 | group: root
22 | mode: 0755
23 | notify: 'Restart Telegraf'
24 |
25 | - set_fact:
26 | check_squid_telegraf:
27 | check_squid_telegraf:
28 | plugin: "exec"
29 | config:
30 | - commands = ["/usr/bin/parse_squid"]
31 | - timeout = "10s"
32 | - data_format = "influx"
33 | - interval = "5m"
34 |
35 | - set_fact:
36 | telegraf_plugins_extra: "{{ telegraf_plugins_extra | combine(check_squid_telegraf) }}"
37 |
--------------------------------------------------------------------------------
/roles/hxr.sentry/templates/config.yaml.j2:
--------------------------------------------------------------------------------
1 | ###############
2 | # Mail Server #
3 | ###############
4 | {% if hxr_sentry_mail %}
5 | {% for prop in hxr_sentry_mail.keys() %}
6 | mail.{{ prop }} = {{ hxr_sentry_mail[prop] }}
7 | {% endfor %}
8 | {% endif %}
9 |
10 |
11 |
12 | # mail.backend: 'smtp' # Use dummy if you want to disable email entirely
13 | # mail.host: 'localhost'
14 | # mail.port: 25
15 | # mail.username: ''
16 | # mail.password: ''
17 | # mail.use-tls: false
18 | # mail.from: 'root@localhost'
19 | # mail.enable-replies: false
20 | # mail.reply-hostname: ''
21 | # mail.mailgun-api-key: ''
22 |
23 | # Uploaded media uses these `filestore` settings. The available
24 | # backends are either `filesystem` or `s3`.
25 | # filestore.backend: 'filesystem'
26 | # filestore.options:
27 | # location: '/tmp/sentry-files'
28 | # filestore.backend: 's3'
29 | # filestore.options:
30 | # access_key: 'AKIXXXXXX'
31 | # secret_key: 'XXXXXXX'
32 | # bucket_name: 's3-bucket-name'
33 |
--------------------------------------------------------------------------------
/roles/ssh-host-resign/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Copy server key into VM temporarily
3 | copy:
4 | src: server_ca
5 | dest: /tmp/server_ca
6 | owner: root
7 | group: root
8 | mode: 0600
9 |
10 | - name: Sign Keys
11 | command: ssh-keygen -s /tmp/server_ca -I key_for_test1 -h -V +520w /etc/ssh/ssh_host_{{ item }}_key.pub
12 | with_items:
13 | - rsa
14 | - ecdsa
15 | - ed25519
16 |
17 | # Requires dev-sec.ssh-hardening + patches
18 | - set_fact:
19 | ssh_host_key_cert_files:
20 | - /etc/ssh/ssh_host_rsa_key-cert.pub
21 | - /etc/ssh/ssh_host_ecdsa_key-cert.pub
22 | - /etc/ssh/ssh_host_ed25519_key-cert.pub
23 | notify: "restart sshd"
24 |
25 | - name: Ensure server key is gone
26 | file:
27 | path: /tmp/server_ca
28 | state: absent
29 |
30 | - name: "Helper"
31 | debug:
32 | msg: "Please add the following to your known_hosts file: @cert-authority {{ lookup('file', 'server_ca.pub') }}"
33 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.fix-stuck-handlers/defaults/main.yml:
--------------------------------------------------------------------------------
1 | sleep_duration: 360
2 | cron_tasks:
3 | - name: "Call sync-to-nfs"
4 | minute: 30
5 | hour: 2
6 | job: "/usr/bin/galaxy-sync-to-nfs"
7 | user: galaxy
8 | - name: "Restart handlers"
9 | minute: 0
10 | hour: 3
11 | job: "/bin/bash -c 'for (( c=0; c<{{ galaxy_systemd_handlers }}; c++ )); do systemctl restart galaxy-handler@$c && sleep {{ sleep_duration }}; done'"
12 | user: root
13 | - name: "Restart gunicorn"
14 | minute: 30
15 | hour: 3
16 | job: "/bin/bash -c 'for (( c=0; c<{{ galaxy_systemd_gunicorns }}; c++ )); do systemctl restart galaxy-gunicorn@$c && sleep {{ sleep_duration }}; done'"
17 | user: root
18 | - name: "Restart workflow schedulers"
19 | minute: 0
20 | hour: 4
21 | job: "/bin/bash -c 'for (( c=0; c<{{ galaxy_systemd_workflow_schedulers }}; c++ )); do systemctl restart galaxy-workflow-scheduler@$c && sleep {{ sleep_duration }}; done'"
22 | user: root
23 |
--------------------------------------------------------------------------------
/templates/galaxy-test/config/welcome.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
18 |
19 |
20 |
21 |
25 |
26 |
27 |
--------------------------------------------------------------------------------
/templates/galaxy/config/welcome.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
18 |
19 |
20 |
21 |
25 |
26 |
27 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.fix-galaxy-server-dir/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Check that the dependencies directory exists
3 | stat:
4 | path: "{{ galaxy_server_dir }}/dependencies"
5 | register: dependencies_stat_result
6 |
7 | - name: Symlink dependencies
8 | file:
9 | src: /usr/local/tools/
10 | dest: "{{ galaxy_server_dir }}/dependencies"
11 | owner: galaxy
12 | group: galaxy
13 | state: link
14 | when: not dependencies_stat_result.stat.exists
15 |
16 | # see https://docs.galaxyproject.org/en/master/admin/special_topics/gdpr_compliance.html
17 | - name: Check that the compliance.log exists
18 | stat:
19 | path: "{{ galaxy_server_dir }}/compliance.log"
20 | register: compliance_log_stat_result
21 |
22 | - name: Create the compliance.log file, if it doesnt exist already
23 | file:
24 | path: "{{ galaxy_server_dir }}/compliance.log"
25 | owner: galaxy
26 | group: root
27 | mode: 0644
28 | state: touch
29 | when: not compliance_log_stat_result.stat.exists
30 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.galactic-radio-telescope/tasks/cron.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Process uploads
3 | cron:
4 | name: Process GRT Uploads
5 | user: "{{ grt_user.name }}"
6 | minute: 0
7 | hour: 0
8 | job: ". {{ grt_dir }}/config/env.sh && {{ grt_dir }}/venv/bin/python {{ grt_dir }}/code/manage.py import_data"
9 |
10 | - name: Export queries
11 | cron:
12 | name: Export queries
13 | user: "{{ grt_user.name }}"
14 | minute: 0
15 | hour: 4
16 | job: "cd {{ grt_queries_dir }} && . {{ grt_dir }}/config/env.sh && {{ grt_dir }}/venv/bin/python {{ grt_dir }}/code/manage.py queries"
17 |
18 | - name: Send influx script
19 | template:
20 | src: "export-to-influx.sh"
21 | dest: "/usr/bin/export-grt-to-influx"
22 | owner: root
23 | group: "{{ grt_group.name }}"
24 | mode: 0750
25 |
26 | - name: Update influxdb
27 | cron:
28 | name: Export to influx
29 | user: "{{ grt_user.name }}"
30 | minute: 0
31 | hour: 2
32 | job: "/usr/bin/export-grt-to-influx"
33 |
--------------------------------------------------------------------------------
/roles/usegalaxy-eu.galactic-radio-telescope/tasks/user.yml:
--------------------------------------------------------------------------------
1 | - name: Create grt group
2 | group:
3 | name: "{{ grt_group.name | default(grt_group) }}"
4 | gid: "{{ grt_group.gid | default(omit) }}"
5 | system: "{{ grt_group.system | default(grt_user.system) | default('true') }}"
6 | local: "{{ grt_group.local | default(grt_user.local) | default(omit) }}"
7 | when: grt_group is defined
8 |
9 | - name: Create grt user
10 | user:
11 | name: "{{ grt_user.name | default(grt_user) }}"
12 | uid: "{{ grt_user.uid | default(omit) }}"
13 | group: "{{ (grt_group | default({})).name | default(grt_group) | default(omit) }}"
14 | comment: "{{ grt_user.comment | default('grt server') }}"
15 | create_home: "{{ grt_user.create_home | default('true') }}"
16 | home: "{{ grt_user.home | default(omit) }}"
17 | shell: "{{ grt_user.shell | default(omit) }}"
18 | system: "{{ grt_user.system | default('true') }}"
19 | local: "{{ grt_user.local | default(omit) }}"
20 | when: grt_create_user
21 |
--------------------------------------------------------------------------------
/roles/geerlingguy.nginx/.travis.yml:
--------------------------------------------------------------------------------
1 | ---
2 | services: docker
3 |
4 | env:
5 | - distro: centos7
6 | - distro: ubuntu1604
7 | - distro: ubuntu1404
8 | - distro: debian9
9 | - distro: debian8
10 |
11 | script:
12 | # Configure test script so we can run extra tests after playbook is run.
13 | - export container_id=$(date +%s)
14 | - export cleanup=false
15 |
16 | # Download test shim.
17 | - wget -O ${PWD}/tests/test.sh https://gist.githubusercontent.com/geerlingguy/73ef1e5ee45d8694570f334be385e181/raw/
18 | - chmod +x ${PWD}/tests/test.sh
19 |
20 | # Run tests.
21 | - ${PWD}/tests/test.sh
22 |
23 | # Setup test site.
24 | - 'docker exec ${container_id} mkdir -p /var/www/test'
25 | - 'docker exec ${container_id} bash -c "echo Success >| /var/www/test/index.html"'
26 |
27 | # Make sure virtualhost exists.
28 | - 'docker exec --tty ${container_id} env TERM=xterm curl http://test.dev/ | grep "Success"'
29 |
30 | notifications:
31 | webhooks: https://galaxy.ansible.com/api/v1/notifications/
32 |
--------------------------------------------------------------------------------
/roles/multinic-old/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: ifcfg for eth1
3 | copy:
4 | src: ifcfg-eth1
5 | dest: /etc/sysconfig/network-scripts/ifcfg-eth1
6 | owner: root
7 | group: root
8 | mode: 0644
9 |
10 | - name: ifcfg for eth0
11 | copy:
12 | src: ifcfg-eth0
13 | dest: /etc/sysconfig/network-scripts/ifcfg-eth0
14 | owner: root
15 | group: root
16 | mode: 0644
17 |
18 | - name: Deploy networking hotfix script
19 | copy:
20 | src: fix-network.sh
21 | dest: /usr/sbin/fix-network
22 | owner: root
23 | group: root
24 | mode: 0755
25 |
26 | - name: Execute it anyway
27 | command: /usr/sbin/fix-network
28 |
29 | - name: Deploy systemd unit
30 | copy:
31 | src: fix-network.service
32 | dest: /etc/systemd/system/fix-network.service
33 | owner: root
34 | group: root
35 | mode: 0644
36 |
37 | - name: Make sure the service is running
38 | systemd:
39 | daemon_reload: yes
40 | state: started
41 | name: fix-network
42 | enabled: yes
43 |
--------------------------------------------------------------------------------
/one-off/cvmfs-stratum0.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - hosts: cvmfs-stratum0
3 | become: true
4 | vars:
5 | chrony_port: # 123
6 | chrony_acquisitionport: # 1123
7 | data_conf:
8 | - stratum0 -rw,hard,intr,nosuid,quota,context="system_u:object_r:httpd_sys_content_t:s0" ufr.isi1.public.ads.uni-freiburg.de:/ifs/isi1/ufr/bronze/nfs/denbi/&
9 | usegalaxy_eu_autofs_mounts:
10 | - vdb
11 | - data
12 | vars_files:
13 | - "secret_group_vars/all.yml"
14 | pre_tasks:
15 | - authorized_key:
16 | user: centos
17 | state: present
18 | key: https://github.com/natefoo.keys
19 | roles:
20 | - geerlingguy.repo-epel
21 | - hxr.admin-tools
22 | - influxdata.chrony
23 | - hxr.monitor-email
24 | - linuxhq.yum_cron
25 | - hxr.autofs
26 | # BEGIN custom
27 | # - galaxyproject.cvmfs
28 | # - hxr.monitor-squid
29 | # - hxr.monitor-cvmfs
30 | # END custom
31 | - dj-wasabi.telegraf
32 | # - dev-sec.os-hardening
33 | # - dev-sec.ssh-hardening
34 |
--------------------------------------------------------------------------------