├── .gitignore ├── .travis.yml ├── LICENSE.txt ├── README.md ├── ci_test_docker_galaxy.sh ├── ci_test_galaxykickstart.sh ├── ci_test_planemo_machine.sh ├── defaults └── main.yml ├── docs └── https.md ├── files ├── nginx_sample.crt └── nginx_sample.key ├── handlers ├── main.yml └── restart_nginx.yml ├── local.yml ├── meta └── main.yml ├── organization.rst ├── tasks ├── client.yml ├── condor.yml ├── cvmfs_client.yml ├── galaxy_extra_dependencies.yml ├── galaxy_metrics.yml ├── galaxy_root.yml ├── galaxy_scripts.yml ├── ie_proxy.yml ├── k8s.yml ├── letsencrypt.yml ├── main.yml ├── nginx.yml ├── pbs.yml ├── proftpd.yml ├── rabbitmq.yml ├── slurm.yml ├── startup.yml ├── supervisor.yml └── uwsgi.yml ├── templates ├── add_tool_shed.py.j2 ├── cgroupfs_mount.sh.j2 ├── check_database.py.j2 ├── configure_slurm.py.j2 ├── container_resolvers_conf.xml.j2 ├── create_galaxy_user.py.j2 ├── export_user_files.py.j2 ├── htpasswd.j2 ├── job_conf.xml.j2 ├── job_metrics_conf.xml.j2 ├── letsencrypt.conf.j2 ├── letsencrypt_refresh.sh.j2 ├── macros.xml.j2 ├── munge.service.j2 ├── nginx.conf.j2 ├── nginx_galaxy_web.conf.j2 ├── nginx_letsencrypt.conf.j2 ├── nginx_reports_auth.conf.j2 ├── nginx_reports_noauth.conf.j2 ├── nginx_uwsgi.conf.j2 ├── proftpd.conf.j2 ├── rabbitmq.sh.j2 ├── startup.sh.j2 ├── startup_lite.sh.j2 └── supervisor.conf.j2 └── tests ├── conditional_deps ├── auth_conf.xml └── test_script.sh └── syntax.yml /.gitignore: -------------------------------------------------------------------------------- 1 | .idea/ 2 | .vagrant/ 3 | *.retry 4 | .DS_Store 5 | *.pyc 6 | docs/html 7 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | language: python 3 | python: 2.7 4 | dist: bionic 5 | os: linux 6 | 7 | env: 8 | global: 9 | - TOX_ENV=py37 10 | 11 | services: 12 | - docker 13 | 14 | before_install: 15 | - docker --version 16 | - docker info 17 | - export GALAXY_HOME=/home/galaxy 18 | - export GALAXY_TRAVIS_USER=galaxy 19 | - export GALAXY_UID=1450 20 | - export GALAXY_GID=1450 21 | - sudo groupadd -r $GALAXY_TRAVIS_USER -g $GALAXY_GID 22 | - sudo useradd -u $GALAXY_UID -r -g $GALAXY_TRAVIS_USER -d $GALAXY_HOME -p travis_testing -s /bin/bash -c "Galaxy user" $GALAXY_TRAVIS_USER 23 | - sudo mkdir $GALAXY_HOME 24 | - sudo chown -R $GALAXY_TRAVIS_USER:$GALAXY_TRAVIS_USER $GALAXY_HOME 25 | 26 | install: 27 | # Install Ansible. 28 | - pip install ansible 29 | - ansible --version 30 | 31 | # Add ansible.cfg to pick up roles path. 32 | - printf '[defaults]\nroles_path = ../' > ansible.cfg 33 | 34 | jobs: 35 | include: 36 | - name: "Syntax" 37 | env: SUITE=syntax 38 | script: 39 | - ansible-playbook -i "localhost," tests/syntax.yml --syntax-check 40 | 41 | - name: "Galaxy Kickstart" 42 | python: "3.7" 43 | env: SUITE=galaxykickstart 44 | script: 45 | - bash ci_test_galaxykickstart.sh 46 | 47 | - name: "Galaxy Docker" 48 | python: "3.7" 49 | env: SUITE=docker-galaxy TOX_ENV=py37 50 | addons: 51 | apt: 52 | sources: 53 | - deadsnakes 54 | packages: 55 | - python3.7-dev 56 | script: 57 | - bash ci_test_docker_galaxy.sh 58 | 59 | # 2020.06.19: Failing because the Docker image there fails to build (python 2.7 can't install setuptools) 60 | #- name: "Planemo Machine" 61 | # python: "2.7" 62 | # env: SUITE=planemo-machine 63 | # script: 64 | # - bash ci_test_planemo_machine.sh 65 | -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) 2005-2013 Pennsylvania State University 2 | 3 | Licensed under the Academic Free License version 3.0 4 | 5 | 1) Grant of Copyright License. Licensor grants You a worldwide, royalty-free, 6 | non-exclusive, sublicensable license, for the duration of the copyright, to 7 | do the following: 8 | 9 | a) to reproduce the Original Work in copies, either alone or as part of a 10 | collective work; 11 | 12 | b) to translate, adapt, alter, transform, modify, or arrange the Original 13 | Work, thereby creating derivative works ("Derivative Works") based upon 14 | the Original Work; 15 | 16 | c) to distribute or communicate copies of the Original Work and Derivative 17 | Works to the public, under any license of your choice that does not 18 | contradict the terms and conditions, including Licensor's reserved 19 | rights and remedies, in this Academic Free License; 20 | 21 | d) to perform the Original Work publicly; and 22 | 23 | e) to display the Original Work publicly. 24 | 25 | 2) Grant of Patent License. Licensor grants You a worldwide, royalty-free, 26 | non-exclusive, sublicensable license, under patent claims owned or 27 | controlled by the Licensor that are embodied in the Original Work as 28 | furnished by the Licensor, for the duration of the patents, to make, use, 29 | sell, offer for sale, have made, and import the Original Work and 30 | Derivative Works. 31 | 32 | 3) Grant of Source Code License. The term "Source Code" means the preferred 33 | form of the Original Work for making modifications to it and all available 34 | documentation describing how to modify the Original Work. Licensor agrees 35 | to provide a machine-readable copy of the Source Code of the Original Work 36 | along with each copy of the Original Work that Licensor distributes. 37 | Licensor reserves the right to satisfy this obligation by placing a 38 | machine-readable copy of the Source Code in an information repository 39 | reasonably calculated to permit inexpensive and convenient access by You 40 | for as long as Licensor continues to distribute the Original Work. 41 | 42 | 4) Exclusions From License Grant. Neither the names of Licensor, nor the 43 | names of any contributors to the Original Work, nor any of their 44 | trademarks or service marks, may be used to endorse or promote products 45 | derived from this Original Work without express prior permission of the 46 | Licensor. Except as expressly stated herein, nothing in this License 47 | grants any license to Licensor's trademarks, copyrights, patents, trade 48 | secrets or any other intellectual property. No patent license is granted 49 | to make, use, sell, offer for sale, have made, or import embodiments of 50 | any patent claims other than the licensed claims defined in Section 2. 51 | No license is granted to the trademarks of Licensor even if such marks 52 | are included in the Original Work. Nothing in this License shall be 53 | interpreted to prohibit Licensor from licensing under terms different 54 | from this License any Original Work that Licensor otherwise would have a 55 | right to license. 56 | 57 | 5) External Deployment. The term "External Deployment" means the use, 58 | distribution, or communication of the Original Work or Derivative Works 59 | in any way such that the Original Work or Derivative Works may be used by 60 | anyone other than You, whether those works are distributed or 61 | communicated to those persons or made available as an application 62 | intended for use over a network. As an express condition for the grants 63 | of license hereunder, You must treat any External Deployment by You of 64 | the Original Work or a Derivative Work as a distribution under 65 | section 1(c). 66 | 67 | 6) Attribution Rights. You must retain, in the Source Code of any Derivative 68 | Works that You create, all copyright, patent, or trademark notices from 69 | the Source Code of the Original Work, as well as any notices of licensing 70 | and any descriptive text identified therein as an "Attribution Notice." 71 | You must cause the Source Code for any Derivative Works that You create 72 | to carry a prominent Attribution Notice reasonably calculated to inform 73 | recipients that You have modified the Original Work. 74 | 75 | 7) Warranty of Provenance and Disclaimer of Warranty. Licensor warrants that 76 | the copyright in and to the Original Work and the patent rights granted 77 | herein by Licensor are owned by the Licensor or are sublicensed to You 78 | under the terms of this License with the permission of the contributor(s) 79 | of those copyrights and patent rights. Except as expressly stated in the 80 | immediately preceding sentence, the Original Work is provided under this 81 | License on an "AS IS" BASIS and WITHOUT WARRANTY, either express or 82 | implied, including, without limitation, the warranties of 83 | non-infringement, merchantability or fitness for a particular purpose. 84 | THE ENTIRE RISK AS TO THE QUALITY OF THE ORIGINAL WORK IS WITH YOU. This 85 | DISCLAIMER OF WARRANTY constitutes an essential part of this License. 86 | No license to the Original Work is granted by this License except under 87 | this disclaimer. 88 | 89 | 8) Limitation of Liability. Under no circumstances and under no legal 90 | theory, whether in tort (including negligence), contract, or otherwise, 91 | shall the Licensor be liable to anyone for any indirect, special, 92 | incidental, or consequential damages of any character arising as a result 93 | of this License or the use of the Original Work including, without 94 | limitation, damages for loss of goodwill, work stoppage, computer failure 95 | or malfunction, or any and all other commercial damages or losses. This 96 | limitation of liability shall not apply to the extent applicable law 97 | prohibits such limitation. 98 | 99 | 9) Acceptance and Termination. If, at any time, You expressly assented to 100 | this License, that assent indicates your clear and irrevocable acceptance 101 | of this License and all of its terms and conditions. If You distribute or 102 | communicate copies of the Original Work or a Derivative Work, You must 103 | make a reasonable effort under the circumstances to obtain the express 104 | assent of recipients to the terms of this License. This License 105 | conditions your rights to undertake the activities listed in Section 1, 106 | including your right to create Derivative Works based upon the Original 107 | Work, and doing so without honoring these terms and conditions is 108 | prohibited by copyright law and international treaty. Nothing in this 109 | License is intended to affect copyright exceptions and limitations 110 | (including "fair use" or "fair dealing"). This License shall terminate 111 | immediately and You may no longer exercise any of the rights granted to 112 | You by this License upon your failure to honor the conditions in 113 | Section 1(c). 114 | 115 | 10) Termination for Patent Action. This License shall terminate 116 | automatically and You may no longer exercise any of the rights granted 117 | to You by this License as of the date You commence an action, including 118 | a cross-claim or counterclaim, against Licensor or any licensee alleging 119 | that the Original Work infringes a patent. This termination provision 120 | shall not apply for an action alleging patent infringement by 121 | combinations of the Original Work with other software or hardware. 122 | 123 | 11) Jurisdiction, Venue and Governing Law. Any action or suit relating to 124 | this License may be brought only in the courts of a jurisdiction wherein 125 | the Licensor resides or in which Licensor conducts its primary business, 126 | and under the laws of that jurisdiction excluding its conflict-of-law 127 | provisions. The application of the United Nations Convention on 128 | Contracts for the International Sale of Goods is expressly excluded. Any 129 | use of the Original Work outside the scope of this License or after its 130 | termination shall be subject to the requirements and penalties of 131 | copyright or patent law in the appropriate jurisdiction. This section 132 | shall survive the termination of this License. 133 | 134 | 12) Attorneys' Fees. In any action to enforce the terms of this License or 135 | seeking damages relating thereto, the prevailing party shall be entitled 136 | to recover its costs and expenses, including, without limitation, 137 | reasonable attorneys' fees and costs incurred in connection with such 138 | action, including any appeal of such action. This section shall survive 139 | the termination of this License. 140 | 141 | 13) Miscellaneous. If any provision of this License is held to be 142 | unenforceable, such provision shall be reformed only to the extent 143 | necessary to make it enforceable. 144 | 145 | 14) Definition of "You" in This License. "You" throughout this License, 146 | whether in upper or lower case, means an individual or a legal entity 147 | exercising rights under, and complying with all of the terms of, this 148 | License. For legal entities, "You" includes any entity that controls, is 149 | controlled by, or is under common control with you. For purposes of this 150 | definition, "control" means (i) the power, direct or indirect, to cause 151 | the direction or management of such entity, whether by contract or 152 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 153 | outstanding shares, or (iii) beneficial ownership of such entity. 154 | 155 | 15) Right to Use. You may use the Original Work in all ways not otherwise 156 | restricted or conditioned by this License or by law, and Licensor 157 | promises not to interfere with or be responsible for such uses by You. 158 | 159 | 16) Modification of This License. This License is Copyright © 2005 Lawrence 160 | Rosen. Permission is granted to copy, distribute, or communicate this 161 | License without modification. Nothing in this License permits You to 162 | modify this License as applied to the Original Work or to Derivative 163 | Works. However, You may modify the text of this License and copy, 164 | distribute or communicate your modified version (the "Modified 165 | License") and apply it to other original works of authorship subject to 166 | the following conditions: (i) You may not indicate in any way that your 167 | Modified License is the "Academic Free License" or "AFL" and you may not 168 | use those names in the name of your Modified License; (ii) You must 169 | replace the notice specified in the first paragraph above with the 170 | notice "Licensed under " or with a notice 171 | of your own that is not confusingly similar to the notice in this 172 | License; and (iii) You may not claim that your original works are open 173 | source software unless your Modified License has been approved by Open 174 | Source Initiative (OSI) and You comply with its license review and 175 | certification process. 176 | 177 | 178 | Some icons found in Galaxy are from the Silk Icons set, available under 179 | the Creative Commons Attribution 2.5 License, from: 180 | 181 | http://www.famfamfam.com/lab/icons/silk/ 182 | 183 | 184 | Other images and documentation are licensed under the Creative Commons Attribution 3.0 (CC BY 3.0) License. See 185 | 186 | http://creativecommons.org/licenses/by/3.0/ 187 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Ansible Galaxy Extras 2 | 3 | This Ansible role is for building out some production services on top 4 | of Galaxy - the so-called @natefoo stack - uWSGI, NGINX, Proftpd, and 5 | supervisor. 6 | 7 | Requirements 8 | ------------ 9 | The role has been developed and tested on Ubuntu 14.04. It requires `sudo` access. 10 | 11 | Dependencies 12 | ------------ 13 | 14 | This role assumes Galaxy has already been installed and configured 15 | (for instance with the [Galaxy 16 | role](https://github.com/galaxyproject/ansible-galaxy)). 17 | 18 | Role variables 19 | -------------- 20 | 21 | All of the listed variabls are stored in 22 | `defaults/main.yml`. Individual variables can be set or overridden by 23 | setting them directly in a playbook for this role. Alternatively, they 24 | can be set by creating `group_vars` directory in the root directory of 25 | the playbook used to execute this role and placing a file with the 26 | variables there. Note that the name of this file must match the value 27 | of `hosts` setting in the corresponding playbook. 28 | 29 | Additional Documentation 30 | ------------------------ 31 | 32 | Much of the functionality of these ansible roles can be gleaned by reading 33 | through `defaults/main.yml` however we've also provided some additional 34 | documentation under `docs/`. 35 | 36 | Example Usage 37 | ------------- 38 | 39 | See [planemo-machine](https://github.com/galaxyproject/planemo-machine) for 40 | an example of how to use this role. 41 | 42 | 43 | Code of Conduct 44 | --------------- 45 | 46 | Please note that this project follows the Galaxy [Contributor Code of Conduct](https://github.com/galaxyproject/galaxy/blob/dev/CODE_OF_CONDUCT.md). By 47 | participating in this project you agree to abide by its terms. 48 | 49 | 50 | Project Organization 51 | -------------------- 52 | 53 | See the [Project Organization](https://github.com/galaxyproject/ansible-galaxy-extras/blob/master/organization.rst) document for a description of project governance. 54 | 55 | -------------------------------------------------------------------------------- /ci_test_docker_galaxy.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | # this failed because galaxy-postgresql is not recursively imported 6 | # mkdir $HOME/galaxy-docker 7 | # wget -q -O - https://github.com/bgruening/docker-galaxy-stable/archive/master.tar.gz | tar xzf - --strip-components=1 -C $HOME/galaxy-docker 8 | 9 | git clone --recursive https://github.com/bgruening/docker-galaxy-stable $HOME/galaxy-docker 10 | 11 | # remove the submodule role 12 | rm $HOME/galaxy-docker/galaxy/roles/galaxyprojectdotorg.galaxyextras/* -rf 13 | wget https://raw.githubusercontent.com/galaxyproject/galaxy-flavor-testing/master/Makefile -O $HOME/galaxy-docker/Makefile 14 | 15 | # install BioBlend 16 | make install -f $HOME/galaxy-docker/Makefile 17 | 18 | # Check the role/playbook's syntax. 19 | ansible-playbook -i "localhost," tests/syntax.yml --syntax-check 20 | # Copy the ansible-playbook from this repo into the Docker roles directory and build the image. 21 | cp -r ./* $HOME/galaxy-docker/galaxy/roles/galaxyprojectdotorg.galaxyextras/ 22 | ls -l $HOME/galaxy-docker/galaxy/roles/galaxyprojectdotorg.galaxyextras/ 23 | cd $HOME/galaxy-docker/ && docker build -t galaxy-docker/test ./galaxy/ 24 | # run various tests against the container 25 | make docker_run 26 | sleep 30 27 | make test_api 28 | make test_ftp 29 | make test_bioblend 30 | 31 | # Test the conditional loading of dependencies. 32 | cd $HOME/galaxy-docker/galaxy/roles/galaxyprojectdotorg.galaxyextras/ 33 | bash tests/conditional_deps/test_script.sh 34 | -------------------------------------------------------------------------------- /ci_test_galaxykickstart.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | export GALAXY_USER="admin@galaxy.org" 4 | export GALAXY_USER_EMAIL="admin@galaxy.org" 5 | export GALAXY_USER_PASSWD="artbio2020" 6 | export GALAXY_HOME=/home/galaxy 7 | export GALAXY_TRAVIS_USER=galaxy 8 | export GALAXY_UID=1450 9 | export GALAXY_GID=1450 10 | export BIOBLEND_GALAXY_API_KEY="artbio2020" 11 | export BIOBLEND_GALAXY_URL=http://127.0.0.1:80 12 | export BIOBLEND_TEST_JOB_TIMEOUT=240 13 | 14 | sudo /etc/init.d/postgresql stop 15 | sudo apt-get -y --purge remove postgresql libpq-dev libpq5 postgresql-client-common postgresql-common 16 | sudo rm -rf /var/lib/postgresql 17 | 18 | git clone http://github.com/artbio/galaxykickstart -b newgks $HOME/galaxykickstart 19 | ansible-galaxy install -r $HOME/galaxykickstart/requirements_roles.yml \ 20 | -p $HOME/galaxykickstart/roles -f 21 | # remove ansible-galaxy-extras for testing 22 | rm -rf $HOME/galaxykickstart/roles/galaxyprojectdotorg.galaxy-extras/* 23 | cp -r ./* $HOME/galaxykickstart/roles/galaxyprojectdotorg.galaxy-extras/ 24 | 25 | # install galaxy and user&tools 26 | ansible-playbook -i $HOME/galaxykickstart/inventory_files/galaxy-kickstart $HOME/galaxykickstart/galaxy.yml 27 | sleep 15 28 | ansible-playbook -i $HOME/galaxykickstart/inventory_files/galaxy-kickstart $HOME/galaxykickstart/galaxy_tool_install.yml 29 | 30 | sudo supervisorctl status 31 | curl http://localhost:80/api/version| grep version_major 32 | curl --fail $BIOBLEND_GALAXY_URL/api/version 33 | 34 | echo "test proftpd" 35 | proftpd --version 36 | date > $HOME/date.txt && curl --fail -T $HOME/date.txt ftp://127.0.0.1:21 --user $GALAXY_USER_EMAIL:$GALAXY_USER_PASSWD 37 | 38 | # install bioblend testing, GKS way. 39 | pip --version 40 | sudo rm -f /etc/boto.cfg 41 | pip install --ignore-installed https://github.com/galaxyproject/bioblend/archive/master.zip pytest 42 | 43 | chmod a+rx /home/travis/ 44 | sudo -E su $GALAXY_TRAVIS_USER -c "source /home/travis/virtualenv/python3.7/bin/activate && 45 | cd $GALAXY_HOME && 46 | bioblend-galaxy-tests -v -k 'not download_dataset and \ 47 | not download_history and \ 48 | not export_and_download and \ 49 | not test_show_nonexistent_dataset and \ 50 | not test_invocation and \ 51 | not test_update_dataset_tags and \ 52 | not test_upload_file_contents_with_tags and \ 53 | not test_create_local_user and \ 54 | not test_update_dataset_datatype and \ 55 | not test_show_workflow_versions' /home/travis/virtualenv/python3.7/lib/python3.7/site-packages/bioblend/_tests/TestGalaxy*.py" 56 | cd $TRAVIS_BUILD_DIR 57 | -------------------------------------------------------------------------------- /ci_test_planemo_machine.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | PLANEMO_MACHINE_DIR="${HOME}/planemo-machine-test" 6 | git clone https://github.com/galaxyproject/planemo-machine $PLANEMO_MACHINE_DIR 7 | 8 | ( cd ${PLANEMO_MACHINE_DIR} && git submodule update --init ) 9 | 10 | # remove the submodule role 11 | rm -rf ${PLANEMO_MACHINE_DIR}/roles/galaxyprojectdotorg.galaxy-extras/* 12 | 13 | # Copy the ansible-playbook from this repo into the Docker roles directory and build the image. 14 | cp -r ./* "${PLANEMO_MACHINE_DIR}/roles/galaxyprojectdotorg.galaxy-extras/" 15 | 16 | cd "${PLANEMO_MACHINE_DIR}" 17 | bash ci_test.sh 18 | -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | # All default values here based on usage within 2 | # https://github.com/bgruening/docker-galaxy-stable. 3 | 4 | galaxy_extras_config_nginx: true 5 | galaxy_extras_config_nginx_upload: false 6 | galaxy_extras_config_postgres: true 7 | galaxy_extras_config_proftpd: true 8 | galaxy_extras_config_slurm: true 9 | galaxy_extras_config_pbs: false 10 | galaxy_extras_config_condor: false 11 | galaxy_extras_config_condor_docker: false 12 | galaxy_extras_config_k8s_jobs: false 13 | galaxy_extras_config_supervisor: true 14 | galaxy_extras_config_galaxy_root: true 15 | galaxy_extras_config_galaxy_extra_dependencies: false 16 | galaxy_extras_config_galaxy_job_metrics: true 17 | galaxy_extras_config_uwsgi: true 18 | galaxy_extras_config_ie_proxy: true 19 | galaxy_extras_config_neo4j_ie: false # Configure routes for the Neo4j Interactive Environment 20 | galaxy_extras_config_scripts: true 21 | galaxy_extras_config_ssl: false 22 | galaxy_extras_config_ssl_method: self-signed # This may be 'own', 'self-signed' or 'letsencrypt' 23 | galaxy_extras_galaxy_domain: "localhost" # This is used by letsencrypt, set it to the domain name under which galaxy can be reached 24 | galaxy_extras_config_startup: true 25 | galaxy_extras_config_rabbitmq: false 26 | galaxy_extras_config_cvmfs: true 27 | 28 | # Default destination for Galaxy jobs in generated job_conf.xml - can 29 | # tweak this to allow for a different default for Docker-enabled tools. 30 | galaxy_extras_galaxy_destination_default: slurm_cluster 31 | galaxy_extras_galaxy_destination_docker_default: "{{ galaxy_extras_galaxy_destination_default }}" 32 | galaxy_extras_galaxy_destination_singularity_default: "{{ galaxy_extras_galaxy_destination_default }}" 33 | 34 | galaxy_extras_config_container_resolution: false 35 | container_resolution_explicit: true 36 | container_resolution_mulled: true 37 | container_resolution_cached_mulled: "{{ container_resolution_mulled }}" 38 | container_resolution_build_mulled: "{{ container_resolution_mulled }}" 39 | container_resolution_mulled_namespace: biocontainers 40 | 41 | # set the FQDN for the pbs server, only used when galaxy_extras_config_pbs: true 42 | pbs_server_name: pbsqueue 43 | 44 | # Only used when galaxy_extras_config_slurm: true, sets slurm ntask in job_conf.xml. 45 | # Will be overwritten if NATIVE_SPEC environmental variable is set. 46 | # In the default setting controls the value of GALAXY_SLOTS. 47 | # Use ansible_processor_cores: "{{ ansible_processor_vcpus }}" to set this to the number of 48 | # threads per core * processor count * cores per processor 49 | galaxy_extras_slurm_ntask: 1 50 | 51 | # Install OS packages corresponding to each service being configured. 52 | galaxy_extras_install_packages: false 53 | # If galaxy_extras_install_packages is enabled - should be these packages 54 | # be 'present' or 'latest'. 55 | galaxy_extras_apt_package_state: present 56 | 57 | galaxy_extras_ie_fetch_jupyter: false 58 | galaxy_extras_ie_jupyter_image: quay.io/bgruening/docker-jupyter-notebook:17.05 59 | galaxy_extras_ie_fetch_rstudio: false 60 | galaxy_extras_ie_rstudio_image: erasche/docker-rstudio-notebook:17.01 61 | galaxy_extras_ie_fetch_ethercalc: false 62 | galaxy_extras_ie_ethercalc_image: shiltemann/ethercalc-galaxy-ie:17.05 63 | galaxy_extras_ie_fetch_phinch: false 64 | galaxy_extras_ie_phinch_image: shiltemann/docker-phinch-galaxy:16.04 65 | galaxy_extras_ie_fetch_neo: false 66 | galaxy_extras_ie_neo_image: quay.io/sanbi-sa/neo_ie:3.1 67 | # The storage backend to use for docker-in-docker. 68 | # aufs on parent docker cannot be combined with aufs in child docker 69 | galaxy_extras_docker_storage_backend: aufs 70 | galaxy_extras_docker_legacy: true 71 | 72 | galaxy_extras_gcc_available: false 73 | 74 | # Docker defaults 75 | galaxy_docker_enabled: false 76 | galaxy_docker_sudo: false 77 | galaxy_docker_default_image: 'busybox:ubuntu-14.04' 78 | galaxy_docker_volumes_from: "" 79 | galaxy_docker_volumes : "$defaults" 80 | 81 | # Singularity defaults 82 | galaxy_singularity_enabled: false 83 | galaxy_singularity_sudo: false 84 | # ToDo create default image 85 | galaxy_singularity_default_image: '' 86 | galaxy_singularity_volumes_from: "" 87 | # rw directories are not considered if the parent is ro 88 | galaxy_singularity_volumes : "$defauls" 89 | 90 | # Point at the existing Galaxy configuration. 91 | galaxy_server_dir: "/galaxy-central" 92 | galaxy_job_conf_path: "{{ galaxy_server_dir }}/config/job_conf.xml" 93 | galaxy_container_resolvers_conf_path: "{{ galaxy_server_dir }}/config/container_resolvers_conf.xml" 94 | galaxy_job_metrics_conf_path: "{{ galaxy_server_dir }}/config/job_metrics_conf.xml" 95 | galaxy_user_name: "galaxy" 96 | galaxy_home_dir: "/home/{{ galaxy_user_name }}" 97 | galaxy_source_shellrc: false 98 | galaxy_user_shellrc: "{{ galaxy_home_dir }}/.bashrc" 99 | galaxy_log_dir: "{{ galaxy_home_dir }}/" 100 | galaxy_venv_dir: "{{ galaxy_home_dir }}/venv" 101 | 102 | galaxy_config_dir: "{{ galaxy_server_dir }}/config" 103 | galaxy_reports_config_file: "{{ galaxy_config_dir }}/reports_wsgi.ini" 104 | galaxy_toolshed_config_file: "{{ galaxy_config_dir }}/tool_shed.ini" 105 | galaxy_tool_data_table_config_file: "{{ galaxy_config_dir }}/tool_data_table_conf.xml" 106 | 107 | # the other option for galaxy_config_style is "ini-paste" 108 | galaxy_config_style: "yaml" 109 | galaxy_config_file: "{{ galaxy_config_dir }}/galaxy.ini" 110 | galaxy_reports_port: "9001" 111 | galaxy_reports_log: "{{ galaxy_log_dir }}/reports.log" 112 | 113 | galaxy_db_port: "5432" 114 | galaxy_database_connection: "postgres://{{ galaxy_user_name }}@localhost:{{ galaxy_db_port }}/galaxy" 115 | 116 | # Minimum version to target with configuration. 117 | galaxy_minimum_version: "19.01" 118 | 119 | # Port to serve uwsgi on. 120 | galaxy_uwsgi: true 121 | uwsgi_log: "{{ galaxy_log_dir }}/uwsgi.log" 122 | uwsgi_port: 4001 123 | 124 | # Set to true to write thread/process number into supervisor config. If false, uses environmental variables. 125 | galaxy_uwsgi_static_conf: false 126 | # number of uwsgi threads to use if galaxy_uwsgi_static_conf is true 127 | uwsgi_threads: 2 128 | 129 | # Set the following to true - to run paste processes for Galaxy 130 | # handlers (should not longer be needed). 131 | galaxy_paste_handlers: false 132 | galaxy_mule_handlers: false 133 | galaxy_web_processes: 2 134 | galaxy_handler_processes: 2 135 | 136 | # Follow job_conf attributes set if galaxy_extras_config_k8s_jobs is true. 137 | galaxy_k8s_jobs_use_service_account: true 138 | galaxy_k8s_jobs_persistent_volume_claim_name: galaxy-web-claim0 139 | galaxy_k8s_jobs_persistent_volume_claim_mount_path: /export 140 | galaxy_k8s_jobs_namespace: default 141 | galaxy_k8s_jobs_supplemental_group_id: 0 142 | galaxy_k8s_jobs_fs_group_id: 0 143 | galaxy_k8s_jobs_pull_policy: IfNotPresent 144 | galaxy_k8s_jobs_pods_retrials: 1 145 | 146 | startup_export_user_files: true 147 | startup_chown_on_directory: "" 148 | startup_sleeplock: false 149 | 150 | slurm_log_dir: "{{ galaxy_log_dir }}" 151 | 152 | # Nginx configuration. 153 | nginx_conf_path: /etc/nginx/nginx.conf 154 | nginx_conf_directory: /etc/nginx/conf.d 155 | nginx_upload_store_path: "/tmp/nginx_upload_store" 156 | 157 | # Use nginx_*_location variables to control serving apps at subdirectories. 158 | # If galaxy should be served at subdirectory (e.g. example.com/galaxy) set nginx_galaxy_location: /galaxy 159 | # If all apps should be served on a common subdirectory, use nginx_prefix_location: /your_common_dir 160 | nginx_prefix_location: "" 161 | nginx_galaxy_location: "{{ nginx_prefix_location }}" 162 | nginx_interactive_environment_location: "{{ nginx_galaxy_location }}/gie_proxy" 163 | nginx_reports_location: "{{ nginx_prefix_location }}/reports" 164 | nginx_planemo_web_location: "{{ nginx_prefix_location }}/planemo" 165 | nginx_ide_location: "{{ nginx_prefix_location }}/ide" 166 | nginx_welcome_location: "{{ nginx_prefix_location }}/etc/galaxy/web" 167 | nginx_welcome_path: "/etc/galaxy/web" 168 | 169 | # Synchronize error handling with ansible-galaxy role. 170 | galaxy_errordocs_dest: "/root" 171 | 172 | #web security 173 | nginx_use_passwords: False 174 | nginx_htpasswds: 175 | - "admin:WiBKbsJTSQ8dc" 176 | nginx_use_remote_header: False 177 | 178 | # Additional configurations to be appended to nginx config 179 | nginx_additional_config : [] 180 | 181 | # Configure proxy to planemo-machine-web. 182 | nginx_serve_planemo_machine_web: false 183 | nginx_proxy_reports: true 184 | 185 | galaxy_job_metrics_core: true 186 | galaxy_job_metrics_env: false 187 | galaxy_job_metrics_cpuinfo: true 188 | galaxy_job_metrics_meminfo: true 189 | galaxy_job_metrics_uname: true 190 | # TODO: configure collectl, individual env files 191 | # TODO: alternative to configure metrics all at once using yml datastructure. 192 | 193 | ## Proftp Configuration. 194 | proftpd_conf_path: /etc/proftpd/proftpd.conf 195 | proftpd_db_connection: galaxy@localhost 196 | proftpd_db_username: galaxy 197 | proftpd_db_password: galaxy 198 | # Set proftpd_sql_auth_type to SHA1 if use_pbkd2=False in your galaxy.ini, 199 | # or PBKDF2 if you have use_pbkd2=True or if you haven't changed the default. 200 | # If you want to use PBKDF-2 you will need proftpd version 1.3.5rc3 or later 201 | # (which is not available by default for ubuntu-12.04) 202 | proftpd_sql_auth_type: SHA1 203 | proftpd_welcome: "Public Galaxy FTP" 204 | proftpd_files_dir: /export/galaxy-central/database/ftp 205 | proftpd_ftp_port: 21 206 | proftpd_passive_port_low: 30000 207 | proftpd_passive_port_high: 40000 208 | # Set proftpd_use_sftp to true to use sftp instead of ftp 209 | proftpd_use_sftp: false 210 | # Default behavior when using ssh: generate a new key 211 | proftpd_generate_ssh_key: true 212 | proftpd_sftp_port: 22 213 | # Set masquearade to true if host is NAT'ed. 214 | proftpd_nat_masquerade: false 215 | # proftpd_masquerade_address refefers to the ip that clients use to establish an ftp connection. 216 | # Can be a command that returns an IP or an IP address and applies only if proftpd_nat_masquerade is true. 217 | # ec2metadata --public-ipv4 returns the public ip for amazon's ec2 service. 218 | proftpd_masquerade_address: "`ec2metadata --public-ipv4`" 219 | 220 | ## Supervisor Configuration. 221 | supervisor_conf_path: "/etc/supervisor/conf.d/galaxy.conf" 222 | supervisor_manage_slurm: true 223 | supervisor_manage_uwsgi: true 224 | supervisor_slurm_config_dir: "/home/galaxy" 225 | supervisor_manage_postgres: true 226 | postgresql_version: 10 227 | supervisor_postgres_config_path: "/etc/postgresql/{{ postgresql_version }}/main/postgresql.conf" 228 | supervisor_postgres_database_path: "/export/postgresql/{{ postgresql_version }}/main" 229 | supervisor_postgres_options: "-D {{ supervisor_postgres_database_path }} -c \"config_file={{ supervisor_postgres_config_path }}\"" 230 | supervisor_manage_proftp: true 231 | supervisor_manage_nginx: true 232 | supervisor_manage_reports: true 233 | supervisor_manage_ie_proxy: true 234 | supervisor_manage_condor: true 235 | supervisor_manage_cron: true 236 | supervisor_manage_autofs: "{{ galaxy_extras_config_cvmfs }}" 237 | supervisor_manage_docker: true 238 | supervisor_manage_toolshed: false 239 | 240 | supervisor_galaxy_startsecs: 20 241 | # had to increase retries to ensure the postgres database is available, 242 | # wasn't needed in the past. 243 | supervisor_galaxy_startretries: 15 244 | 245 | supervisor_ie_proxy_autostart: false 246 | supervisor_reports_autostart: false 247 | supervisor_condor_autostart: false 248 | supervisor_slurm_autostart: true 249 | supervisor_proftpd_autostart: false 250 | supervisor_postgres_autostart: true 251 | supervisor_cron_autostart: false 252 | supervisor_autofs_autostart: "{{ galaxy_extras_config_cvmfs }}" 253 | supervisor_docker_autostart: false 254 | supervisor_docker_autorestart: true 255 | 256 | supervisor_webserver: true 257 | supervisor_webserver_port: "0.0.0.0:9002" 258 | supervisor_webserver_username: null 259 | supervisor_webserver_password: changeme 260 | 261 | use_pbkdf2: false 262 | 263 | # Used to check if container is privileged 264 | host_docker_legacy: true 265 | 266 | nginx_ssl_certificate_key: /etc/ssl/private/nginx.key 267 | nginx_ssl_certificate: /etc/ssl/private/nginx.crt 268 | 269 | # Here you can set a path to a pair of ssl keys 270 | # These will be copied if galaxy_extras_config_ssl_method is set to 'own' 271 | # This defaults to a set of self-generated keys 272 | src_nginx_ssl_certificate_key: nginx_sample.key 273 | src_nginx_ssl_certificate: nginx_sample.crt 274 | 275 | nodejs_version: "9.x" 276 | 277 | cvmfs_keys: 278 | - path: /etc/cvmfs/keys/data.galaxyproject.org.pub 279 | key: | 280 | -----BEGIN PUBLIC KEY----- 281 | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5LHQuKWzcX5iBbCGsXGt 282 | 6CRi9+a9cKZG4UlX/lJukEJ+3dSxVDWJs88PSdLk+E25494oU56hB8YeVq+W8AQE 283 | 3LWx2K2ruRjEAI2o8sRgs/IbafjZ7cBuERzqj3Tn5qUIBFoKUMWMSIiWTQe2Sfnj 284 | GzfDoswr5TTk7aH/FIXUjLnLGGCOzPtUC244IhHARzu86bWYxQJUw0/kZl5wVGcH 285 | maSgr39h1xPst0Vx1keJ95AH0wqxPbCcyBGtF1L6HQlLidmoIDqcCQpLsGJJEoOs 286 | NVNhhcb66OJHah5ppI1N3cZehdaKyr1XcF9eedwLFTvuiwTn6qMmttT/tHX7rcxT 287 | owIDAQAB 288 | -----END PUBLIC KEY----- 289 | 290 | cvmfs_server_urls: 291 | - domain: galaxyproject.org 292 | urls: 293 | - "http://cvmfs1-iu0.galaxyproject.org/cvmfs/@fqrn@;http://cvmfs1-tacc0.galaxyproject.org/cvmfs/@fqrn@;http://cvmfs1-psu0.galaxyproject.org/cvmfs/@fqrn@;http://galaxy.jrc.ec.europa.eu:8008/cvmfs/@fqrn@;http://cvmfs1-ufr0.galaxyproject.eu/cvmfs/@fqrn@" 294 | 295 | cvmfs_repositories: 296 | - repository: data.galaxyproject.org 297 | stratum0: cvmfs0-psu0.galaxyproject.org 298 | 299 | cvmfs_http_proxies: 300 | - DIRECT 301 | 302 | cvmfs_stratum1_servers: 303 | - "cvmfs1-tacc0.galaxyproject.org" 304 | - "cvmfs1-iu0.galaxyproject.org" 305 | - "cvmfs1-psu0.galaxyproject.org" 306 | -------------------------------------------------------------------------------- /docs/https.md: -------------------------------------------------------------------------------- 1 | # HTTPS using ansible-galaxy-extras 2 | 3 | ### Introduction 4 | 5 | There are three ways in which you can configure nginx for HTTPS using this role. 6 | - Using your own keys 7 | - Using self-signed keys 8 | - Using [letsencrypt](https://letsencrypt.org/) 9 | 10 | ### Use 11 | 12 | For all methods, set `galaxy_extras_config_ssl` to `True` and set 13 | `galaxy_extras_config_ssl_method` to 'own', 'self-signed' or 14 | 'letsencrypt', depending on which method you would like to use. 15 | 16 | If you are using your own keys, point `src_nginx_ssl_certificate_key` 17 | and `src_nginx_ssl_certificate` to the path on the control machine where 18 | the keys are stored. They will be copied onto the target host. 19 | 20 | If you are using letsencrypt, set galaxy_extras_galaxy_domain to the 21 | domain that nginx will be reachable under. 22 | 23 | No additional action needs to be taken if using self-signed keys. -------------------------------------------------------------------------------- /files/nginx_sample.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDgzCCAmugAwIBAgIJAJnksQLgx5tnMA0GCSqGSIb3DQEBCwUAMFgxCzAJBgNV 3 | BAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xETAPBgNVBAcMCFBvcnRsYW5kMQswCQYD 4 | VQQKDAJJVDEYMBYGA1UEAwwPJHthbnNpYmxlX2ZxZG59MB4XDTE2MDgyNzE5NDAz 5 | N1oXDTI2MDgyNTE5NDAzN1owWDELMAkGA1UEBhMCVVMxDzANBgNVBAgMBk9yZWdv 6 | bjERMA8GA1UEBwwIUG9ydGxhbmQxCzAJBgNVBAoMAklUMRgwFgYDVQQDDA8ke2Fu 7 | c2libGVfZnFkbn0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5Empj 8 | 8kwqquO1U7/KtxSRm53v2tfyxRHeqwb0RDi14ox/lKpGmcb/zsIwGvrOYmnW/rbI 9 | 9ODq+IqMfkDRQVY9iJto8V/Jn4OVjlNawxgSBMtoWRS9av1sbZ68ga5pdxzI3QKg 10 | W77Iob5a9Zk5iEKBWLpXMO5RLwet0V1U8hIgurtLmXnhln5zPO/gDheRJrXrwcXM 11 | IZvWHl+udFk6QR+sRnwNR78lCAU7BDqXVyczjmE2wy09O2HwZuBFPp5HwqnvVFQ2 12 | tEAGHkdudhuN0tz30NlFI+LWUAH063xlCvNSwk15A2MqWYIZhJEe91F27inNzOdL 13 | m10HSo04pgcxQRmjAgMBAAGjUDBOMB0GA1UdDgQWBBSBIUmxCn72VV6ET3vGDOkt 14 | xIBh8TAfBgNVHSMEGDAWgBSBIUmxCn72VV6ET3vGDOktxIBh8TAMBgNVHRMEBTAD 15 | AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCZq/4xs+zdpOpbM16QHxvE/QspgzY6ma/2 16 | iVmEV4Hy3/zcWk5AYvGnYcRzojkflbbWpNSv7HfWXtf1BetCXiNfvp551yzLrz8i 17 | UefPs84S/LvYkjAAZSjuEDFPSLh8b1S4sqms8NqNNlF/baQyKa1NhNFLGtXdLK6y 18 | oJydgM1cR4yXm/b1WDmXb9ZTFrWqu+Qwxjfg1Wz4WkON8JsKNyooHL5yXJ9C+LnC 19 | yxCpXDILPFkvCNKWQb2HoGS0DjCyytM01g+MXF2yPc3VuylDF3zWrZKdBYkdwpbN 20 | Elr4v7XdtpaMHhSXz1Nj4M0jEIzCks82koveh4v0S2Zg+yG92qoj 21 | -----END CERTIFICATE----- 22 | -------------------------------------------------------------------------------- /files/nginx_sample.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC5Empj8kwqquO1 3 | U7/KtxSRm53v2tfyxRHeqwb0RDi14ox/lKpGmcb/zsIwGvrOYmnW/rbI9ODq+IqM 4 | fkDRQVY9iJto8V/Jn4OVjlNawxgSBMtoWRS9av1sbZ68ga5pdxzI3QKgW77Iob5a 5 | 9Zk5iEKBWLpXMO5RLwet0V1U8hIgurtLmXnhln5zPO/gDheRJrXrwcXMIZvWHl+u 6 | dFk6QR+sRnwNR78lCAU7BDqXVyczjmE2wy09O2HwZuBFPp5HwqnvVFQ2tEAGHkdu 7 | dhuN0tz30NlFI+LWUAH063xlCvNSwk15A2MqWYIZhJEe91F27inNzOdLm10HSo04 8 | pgcxQRmjAgMBAAECggEBAJLI+17YDvcMYNwxV32lZYfzH/nb3cjr6rdreHGGJmCE 9 | FaEevUqPrti3GSdkTqYgQgfGMB0Es9tJU0II5MnTA158mZ5LSwi0Hn4gyxXChLXN 10 | 3bKebKerUuKLswmZ5UY6tbbOK8YZ3iBswHiOMIAEBZNnVyvOYEY9gd6nnlnAQQZ5 11 | Gmuwa013MQ8Y7utvo/FeJHEWiRgUH7nVy6sHVKw2wznXz4R9ba3DoXXp4JIgXdnI 12 | lylWk0M6HbCNxF+mwzjGN2ZMbr8cpwDoPuwvF4rqZ1Fhsb9EsOy6poEZr9loEYP2 13 | OWVoMfg4vXft+EQM/SGO88DrnDT5nVfJ8fg60KMQLmkCgYEA5ADovHeLApIHAAnS 14 | fM01kj9sYk06w5WzNILV+C0NKs0WmFAOktOfylP4dwgvE9AUAy86deqHAt23gua5 15 | 87bsOWcf5K/j2QijIANEItELKNj0wT40usQtp6EGi8Uf5SCVZW1urwoeXSkmHe7B 16 | kjtSk1vdUFqJo8qZpGGW6rTWsNUCgYEAz8v9KsfjueeS7AmtZDNXcty3rqYxXesK 17 | QC58LQ4SkoAg0S9Y48QSLaB1T4PI7bJB1nFV6oAaGpx8ceAIMhnXSm8jFt9shDe5 18 | Qoi2B11lh/algjs8eqb7S8FzkfHbXpe2PDYlMsHULCuqIeovIbn+kLAzo3zkihoq 19 | OFMpcj3pnJcCgYAU78hvVgLbz5D4/e3oK+fZcB2BwVm+EAcOsVz4lxp4bbC/d8p+ 20 | zRQFPkS4mXXJOfg8ep/BqDGRn850JL+6k3eJpeCV3Vjs2xAvpl0hXVTLAXEoNZAd 21 | /lm65Nx3BTjyj1VopO3fAOzc3SR05zG7PdtNUMg30riE49vL7nIvRz/XqQKBgA47 22 | sb6hbHbKZuTmEMthPOcwOSCsX4tIUy5sQLMxWJJSVm0dqiAHyRr497AXncayRBI1 23 | NyZV2fPirh96sfUEkhuWGzgw25T+4CCvjpBYlGDIwzN1bUIVd/cLbCgeAeGr0J61 24 | Mr0US70uzHuAN/Q+cjJk71SOdHUFL8kl4RvjI8JHAoGAE7ZdLJMJ0lU3coiZPGCq 25 | NGU3FVcSax6sMex7NU8dY+9GEWeeY4S3hExAtcRU4U9UK3HW/oyoaLnsDOUIF5ri 26 | kr3FmN4ohDSB2MK2t7S9OeWe/081MEbuD8Z2GYavNgWelwLewp+/Y6RFrB/Vk8qI 27 | c/EHa84E+frkReT82vAxn0o= 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- 1 | - name: restart nginx 2 | # include: restart_nginx.yml 3 | # Move this back to restart_nginx.yml once ansible 2.1.2.0 is released 4 | command: /usr/sbin/nginx -s reload 5 | become: yes 6 | become_user: root 7 | ignore_errors: yes 8 | -------------------------------------------------------------------------------- /handlers/restart_nginx.yml: -------------------------------------------------------------------------------- 1 | # Attempt to restart nginx (if nginx is running) 2 | #- name: nginx status 3 | # stat: path=/run/nginx.pid 4 | # register: nginx_status 5 | 6 | #- name: Restart Nginx 7 | # command: /usr/sbin/nginx -s reload 8 | # become: yes 9 | # become_user: root 10 | # when: nginx_status.stat.islnk is defined 11 | -------------------------------------------------------------------------------- /local.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # file: local.yml 3 | # Short-cut to run local install tasks without setting up an inventory. 4 | # 5 | # Run roles locally via following command: 6 | # ansible-playbook -i localhost, local.yml [-e var=val]* --tags= --skip-tags= 7 | - hosts: localhost 8 | connection: local 9 | tasks: 10 | - include: tasks/slurm.yml 11 | tags: slurm 12 | - include: tasks/pbs.yml 13 | tags: pbs 14 | - include: tasks/nginx.yml 15 | tags: nginx 16 | - include: tasks/proftpd.yml 17 | tags: proftpd 18 | - include: tasks/supervisor.yml 19 | tags: supervisor 20 | -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: The Galaxy Project 4 | description: Configure assorted compontents for the Galaxy application. 5 | company: The Galaxy Project 6 | license: AFL v3.0 7 | min_ansible_version: 2.0.0.1 8 | platforms: 9 | - name: Ubuntu 10 | versions: 11 | - trusty 12 | categories: 13 | - system 14 | dependencies: [] 15 | allow_duplicates: yes 16 | -------------------------------------------------------------------------------- /organization.rst: -------------------------------------------------------------------------------- 1 | ================================== 2 | Project Governance 3 | ================================== 4 | 5 | This document informally outlines the organizational structure governing the 6 | ansible-galaxy-extras code base hosted at https://github.com/galaxyproject 7 | /ansible-galaxy-extras. This governance extends to code-related activities of 8 | this repository such as releases and packaging and related projects. This governance does not include any other Galaxy- 9 | related projects belonging to the ``galaxyproject`` organization on GitHub. 10 | 11 | Benevolent Dictator for Now (BDFN) 12 | =================================== 13 | 14 | John Chilton (@jmchilton) is the benevolent dictator for now (BDFN) and is solely 15 | responsible for setting project policy. The BDFN is responsible for maintaining 16 | the trust of the developer community and so should be consistent and 17 | transparent in decision making processes and request comment and build 18 | consensus whenever possible. 19 | 20 | The BDFN position only exists because the developers of the project believe it 21 | is currently too small to support full and open governance at this time. In 22 | order to keep things evolving quickly, it is better to keep procedures and 23 | process to a minimum and centralize important decisions with a trusted 24 | developer. The BDFN is explicitly meant to be replaced with a more formal and 25 | democratice process if the project grows to a sufficient size or importance. 26 | 27 | The *committers* group is the group of trusted developers and 28 | advocates who manage the ansible-galaxy-extras code base. They assume 29 | many roles required to achieve the project's goals, especially those 30 | that require a high level of trust. 31 | 32 | The BDFN will add committers as he or she see fits, usually after a few 33 | successful pull requests. Committers may commit directly or merge pull 34 | requests at their discretion, but everyone (including the BDFN) should open 35 | pull requests for larger changes. 36 | 37 | In order to encourage a shared sense of ownership and openness, any committer 38 | may decide at any time to request a open governance model for the project be 39 | established and the BDFN must replace this informal policy with a more formal 40 | one and work with the project committers to establish a consensus on these 41 | procedures. 42 | 43 | Committers 44 | ============================== 45 | 46 | - Dannon Baker (@dannon) 47 | - John Chilton (@jmchilton) 48 | - Nate Coraor (@natefoo) 49 | - Björn Grüning (@bgruening) 50 | - Marius van den Beek (@mvdbeek) 51 | -------------------------------------------------------------------------------- /tasks/client.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure apt-transport-https is installed. 3 | apt: name=apt-transport-https state={{ galaxy_extras_apt_package_state }} 4 | 5 | - name: "Yarn: Make sure package key is present" 6 | apt_key: 7 | url: https://dl.yarnpkg.com/debian/pubkey.gpg 8 | state: present 9 | 10 | - name: "Yarn: Add Debian/Ubuntu package to sources list" 11 | apt_repository: 12 | repo: "deb http://dl.yarnpkg.com/debian/ stable main" 13 | state: "{{ galaxy_extras_apt_package_state }}" 14 | 15 | - name: "Yarn: Install" 16 | apt: pkg=yarn state=latest update_cache=true 17 | -------------------------------------------------------------------------------- /tasks/condor.yml: -------------------------------------------------------------------------------- 1 | 2 | - name: Add Condor apt key 3 | shell: "wget -qO - http://research.cs.wisc.edu/htcondor/ubuntu/HTCondor-Release.gpg.key | apt-key add -" 4 | when: galaxy_extras_install_packages 5 | 6 | - name: Add Condor repository 7 | apt_repository: repo='deb http://research.cs.wisc.edu/htcondor/ubuntu/stable/ {{ ansible_distribution_release }} contrib' update_cache=yes 8 | when: galaxy_extras_install_packages 9 | 10 | - name: Install Condor system packages 11 | apt: 12 | state: "{{ galaxy_extras_apt_package_state }}" 13 | name: "{{ packages }}" 14 | vars: 15 | packages: 16 | - condor 17 | - pbs-drmaa-dev 18 | when: galaxy_extras_install_packages 19 | 20 | - name: "Set DISCARD_SESSION_KEYRING_ON_STARTUP to False in Condor configs" 21 | lineinfile: dest=/etc/condor/condor_config.local line='DISCARD_SESSION_KEYRING_ON_STARTUP=False' state=present create=yes 22 | 23 | - name: "Set TRUST_UID_DOMAIN to True in Condor configs" 24 | lineinfile: dest=/etc/condor/condor_config.local line='TRUST_UID_DOMAIN=true' state=present create=yes 25 | 26 | - name: "Set ALLOW_NEGIOTIATOR to * in Condor configs" 27 | lineinfile: dest=/etc/condor/condor_config.local line='ALLOW_NEGOTIATOR=*' state=present create=yes 28 | -------------------------------------------------------------------------------- /tasks/cvmfs_client.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Setup of the CernVM-File system (CVMFS) and configure so that the reference 3 | # data hosted by Galaxy on usegalaxy.org is available to the remote target. 4 | 5 | # Install autofs 6 | - name: Install autofs system package 7 | apt: 8 | name: ['autofs', 'uuid-runtime'] 9 | state: "{{ galaxy_extras_apt_package_state }}" 10 | when: galaxy_extras_install_packages 11 | 12 | - name: Install CernVM apt key 13 | apt_key: 14 | url: https://cvmrepo.web.cern.ch/cvmrepo/apt/cernvm.gpg 15 | 16 | # Install & setup CermVM-FS 17 | - name: Configure CernVM apt repository 18 | apt_repository: 19 | filename: "cernvm.list" 20 | mode: 422 21 | repo: deb https://cvmrepo.web.cern.ch/cvmrepo/apt/ {{ ansible_distribution_release }}-prod main 22 | 23 | - name: Install CernVM-FS client (apt) 24 | apt: 25 | name: ['cvmfs', 'cvmfs-config'] 26 | state: "{{ galaxy_extras_apt_package_state }}" 27 | update_cache: yes 28 | 29 | - name: Install CernVM-FS keys 30 | copy: 31 | content: "{{ item.key }}" 32 | dest: "{{ item.path }}" 33 | owner: "root" 34 | group: "root" 35 | mode: "0444" 36 | with_items: "{{ cvmfs_keys }}" 37 | 38 | - name: Perform AutoFS and FUSE configuration for CernVM-FS 39 | command: cvmfs_config setup 40 | 41 | - name: Configure CernVM-FS domain 42 | copy: 43 | content: | 44 | CVMFS_SERVER_URL="{{ item.urls | join(';') }}" 45 | dest: "/etc/cvmfs/domain.d/{{ item.domain }}.conf" 46 | owner: "root" 47 | group: "root" 48 | mode: "0644" 49 | with_items: "{{ cvmfs_server_urls }}" 50 | 51 | - name: Configure CernVM-FS client settings 52 | copy: 53 | content: | 54 | CVMFS_REPOSITORIES="{%- for repo in cvmfs_repositories -%}{{ ',' if loop.index0 > 0 else '' }}{{ repo.repository }}{%- endfor -%}" 55 | CVMFS_HTTP_PROXY="{{ cvmfs_http_proxies | join(';') }}" 56 | CVMFS_QUOTA_LIMIT="{{ cvmfs_quota_limit | default('4000') }}" 57 | CVMFS_USE_GEOAPI="{{ cvmfs_use_geoapi | default('yes') }}" 58 | dest: "/etc/cvmfs/default.local" 59 | owner: "root" 60 | group: "root" 61 | mode: "0644" 62 | 63 | # Create a symlink from the CVMFS to /galaxy/data because that is where the 64 | # .loc files from CVMFS point (and consequently tool_data_table_conf.xml) 65 | - name: Create /galaxy dir 66 | file: path=/galaxy state=directory 67 | 68 | # This is required to be able to use Galaxy .len files from Main w/o mods 69 | - name: Create a symlink from CVMFS to /galaxy/data 70 | file: src=/cvmfs/data.galaxyproject.org/byhand dest=/galaxy/data state=link force=yes 71 | 72 | - name: Use tool_data_table_conf.xml from usegalaxy-playbook 73 | get_url: 74 | url: https://raw.githubusercontent.com/galaxyproject/usegalaxy-playbook/067433f547f67b848f2e4597274a379f06da04b2/files/galaxy/usegalaxy.org/config/tool_data_table_conf.xml 75 | dest: "{{ galaxy_tool_data_table_config_file }}" 76 | 77 | # The following two tasks need to be at the bottom of this file 78 | - name: Stop autofs service 79 | service: 80 | name: autofs 81 | state: stopped 82 | 83 | - name: Remove autofs service file since we're using Supervisor 84 | file: 85 | path: /etc/init/autofs.conf 86 | state: absent 87 | -------------------------------------------------------------------------------- /tasks/galaxy_extra_dependencies.yml: -------------------------------------------------------------------------------- 1 | - name: "Install most of the conditional dependencies" 2 | # https://github.com/galaxyproject/galaxy/blob/dev/lib/galaxy/dependencies/conditional-requirements.txt 3 | pip: 4 | name: "{{item}}" 5 | virtualenv: "{{ galaxy_venv_dir }}" 6 | virtualenv_command: "{{ pip_virtualenv_command | default( 'virtualenv' ) }}" 7 | extra_args: --index-url https://wheels.galaxyproject.org/simple --extra-index-url https://pypi.python.org/simple 8 | become: True 9 | become_user: "{{ galaxy_user_name }}" 10 | with_items: 11 | - "psycopg2-binary==2.7.7" 12 | - "weberror==0.10.3" 13 | - "python-openid" 14 | - "fluent-logger" 15 | - "raven" 16 | - "drmaa" 17 | - "statsd" 18 | - "graphitesend" 19 | - "python-ldap==2.4.44" 20 | - "pykube==0.15.0" 21 | - "kamaki" 22 | - "azure-storage==0.32.0" 23 | -------------------------------------------------------------------------------- /tasks/galaxy_metrics.yml: -------------------------------------------------------------------------------- 1 | # TODO: I believe job_metrics_conf.xml can just be specified as YML now (at 2 | # least it can in pulsar) so that should be a separate option. 3 | - name: "Setup job metrics" 4 | template: src=job_metrics_conf.xml.j2 dest={{galaxy_job_metrics_conf_path}} owner={{ galaxy_user_name }} group={{ galaxy_user_name }} 5 | -------------------------------------------------------------------------------- /tasks/galaxy_root.yml: -------------------------------------------------------------------------------- 1 | # TODO: following task is kind of a crutch - shouldn't be needed. 2 | - name: "Run common_startup.sh to create welcome.html from sample" 3 | shell: scripts/common_startup.sh 4 | environment: 5 | GALAXY_VIRTUAL_ENV: "{{ galaxy_venv_dir }}" 6 | args: 7 | chdir: "{{ galaxy_server_dir }}" 8 | become: True 9 | become_user: "{{ galaxy_user_name }}" 10 | 11 | - name: "Install watchdog for galaxy" 12 | pip: 13 | name: "watchdog" 14 | virtualenv: "{{ galaxy_venv_dir }}" 15 | virtualenv_command: "{{ pip_virtualenv_command | default( 'virtualenv' ) }}" 16 | extra_args: --index-url https://wheels.galaxyproject.org/simple --extra-index-url https://pypi.python.org/simple 17 | become: True 18 | become_user: "{{ galaxy_user_name }}" 19 | 20 | - name: Ensure galaxy_log dir exists 21 | file: path={{ galaxy_log_dir }} state=directory owner={{ galaxy_user_name }} group={{ galaxy_user_name }} 22 | -------------------------------------------------------------------------------- /tasks/galaxy_scripts.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Install galaxy user creation script." 3 | template: src=create_galaxy_user.py.j2 dest=/usr/local/bin/create_galaxy_user.py mode=a+x 4 | 5 | - name: "Install galaxy check database script." 6 | template: src=check_database.py.j2 dest=/usr/local/bin/check_database.py mode=a+x 7 | 8 | - name: "Install export user files script." 9 | template: src=export_user_files.py.j2 dest=/usr/local/bin/export_user_files.py mode=a+x 10 | 11 | - name: "Install add_tool_shed script." 12 | template: src=add_tool_shed.py.j2 dest=/usr/local/bin/add-tool-shed mode=a+x 13 | 14 | - name: "Install startup lite script." 15 | template: src=startup_lite.sh.j2 dest=/usr/bin/startup_lite mode=a+x 16 | -------------------------------------------------------------------------------- /tasks/ie_proxy.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Check if the Ubuntu distro is supported 4 | get_url: url="https://deb.nodesource.com/node_10.x/dists/{{ ansible_distribution_release }}/Release" dest=/dev/null 5 | register: distro_supported 6 | when: galaxy_minimum_version < "19.01" 7 | 8 | - name: Ensure apt-transport-https is installed. 9 | apt: name=apt-transport-https state={{ galaxy_extras_apt_package_state }} 10 | when: distro_supported is succeeded and galaxy_minimum_version < "19.01" 11 | 12 | - name: Add Nodesource apt key. 13 | apt_key: 14 | url: https://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0x1655A0AB68576280 15 | id: "68576280" 16 | state: "{{ galaxy_extras_apt_package_state }}" 17 | when: distro_supported is succeeded and galaxy_minimum_version < "19.01" 18 | 19 | - name: Add NodeSource repositories for Node.js. 20 | apt_repository: 21 | repo: "{{ item }}" 22 | state: "{{ galaxy_extras_apt_package_state }}" 23 | with_items: 24 | - "deb https://deb.nodesource.com/node_{{ nodejs_version }} {{ ansible_distribution_release }} main" 25 | - "deb-src https://deb.nodesource.com/node_{{ nodejs_version }} {{ ansible_distribution_release }} main" 26 | when: distro_supported is succeeded and galaxy_minimum_version < "19.01" 27 | 28 | - name: Install nodejs (npm is included) 29 | apt: pkg=nodejs state=latest update_cache=true 30 | when: galaxy_minimum_version < "19.01" 31 | 32 | - name: "Install proxy dependencies (>=19.01)." 33 | shell: ". {{ galaxy_venv_dir }}/bin/activate && npm config set strict-ssl false && npm install && deactivate" 34 | args: 35 | chdir: "{{ galaxy_server_dir }}/lib/galaxy/web/proxy/js" 36 | become: True 37 | become_user: "{{ galaxy_user_name }}" 38 | when: galaxy_minimum_version >= "19.01" 39 | 40 | - name: "Install proxy dependencies (<19.01)." 41 | shell: "cd {{ galaxy_server_dir }}/lib/galaxy/web/proxy/js && npm config set strict-ssl false && npm install" 42 | become: True 43 | become_user: "{{ galaxy_user_name }}" 44 | when: galaxy_minimum_version < "19.01" 45 | 46 | - name: "Install Juypter container." 47 | shell: "docker pull {{ galaxy_extras_ie_jupyter_image }}" 48 | become: True 49 | when: galaxy_extras_ie_fetch_jupyter 50 | 51 | - name: "Install RStudio container." 52 | shell: "docker pull {{ galaxy_extras_ie_rstudio_image }}" 53 | become: True 54 | when: galaxy_extras_ie_fetch_rstudio 55 | -------------------------------------------------------------------------------- /tasks/k8s.yml: -------------------------------------------------------------------------------- 1 | - name: "Install secure urllib3 for galaxy - better SSL verification with pykube" 2 | # See also https://github.com/kelproject/pykube/issues/29 3 | pip: name=urllib3[secure] virtualenv={{ galaxy_venv_dir }} virtualenv_command="{{ pip_virtualenv_command | default( 'virtualenv' ) }}" 4 | when: galaxy_extras_gcc_available 5 | become: True 6 | become_user: "{{ galaxy_user_name }}" 7 | 8 | - name: "Install ipaddress for galaxy - better SSL verification with pykube" 9 | # See also https://github.com/kelproject/pykube/issues/29 10 | pip: name=ipaddress virtualenv={{ galaxy_venv_dir }} virtualenv_command="{{ pip_virtualenv_command | default( 'virtualenv' ) }}" 11 | become: True 12 | become_user: "{{ galaxy_user_name }}" 13 | 14 | - name: "Install pykube for galaxy" 15 | pip: name=pykube version="0.15.0" virtualenv={{ galaxy_venv_dir }} virtualenv_command="{{ pip_virtualenv_command | default( 'virtualenv' ) }}" 16 | become: True 17 | become_user: "{{ galaxy_user_name }}" 18 | -------------------------------------------------------------------------------- /tasks/letsencrypt.yml: -------------------------------------------------------------------------------- 1 | # Letsencrypt-specific configuration: 2 | 3 | - name: Create self-signed SSL cert # For initial challenge need either http-only or self-signed 4 | command: openssl req -new -nodes -x509 -subj "/C=US/ST=Oregon/L=Portland/O=IT/CN=selfsigned" -days 3650 -keyout "{{ nginx_ssl_certificate_key }}" -out "{{ nginx_ssl_certificate }}" -extensions v3_ca creates="{{ nginx_ssl_certificate }}" 5 | when: galaxy_extras_config_ssl_method == 'self-signed' 6 | 7 | - name: Create letsencrypt configuration directory 8 | file: path=/etc/letsencrypt state=directory mode=0755 9 | 10 | - name: Create letsencrypt wellknown directory 11 | file: path=/etc/letsencrypt/wellknown state=directory mode=0755 12 | 13 | - name: Get letsencrypt script from github repository 14 | get_url: 15 | url: https://raw.githubusercontent.com/lukas2511/letsencrypt.sh/d81eb58536e3ae1170de3eda305688ae28d0575b/letsencrypt.sh 16 | dest: /usr/bin/letsencrypt.sh 17 | mode: "u=rwx,g=rx,o=r" 18 | force: no 19 | 20 | - name: Setup letsencrypt-specific configuration files 21 | template: > 22 | src={{ item.src }} 23 | dest={{ item.dest }} 24 | owner=root group=root mode={{ item.mode }} 25 | with_items: 26 | - { src: 'nginx_letsencrypt.conf.j2', dest: '{{ nginx_conf_directory }}/letsencrypt.conf', mode: "u=rw,g=r,o=r" } 27 | - { src: 'letsencrypt.conf.j2', dest: '/etc/letsencrypt/letsencrypt.conf', mode: "u=rw,g=r,o=r" } 28 | - { src: 'letsencrypt_refresh.sh.j2', dest: '/usr/local/bin/letsencrypt_refresh.sh', mode: "u=rwx,g=rx,o=r" } 29 | notify: 30 | - restart nginx 31 | 32 | - meta: flush_handlers 33 | 34 | - shell: /usr/local/bin/letsencrypt_refresh.sh "{{ galaxy_extras_galaxy_domain }}" 35 | 36 | - name: Add letsencrypt renewal script to crontab 37 | cron: name="letsencrypt cert renewal" special_time=daily job="/usr/local/bin/letsencrypt_refresh.sh {{ galaxy_extras_galaxy_domain }}" 38 | -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | 2 | - include: galaxy_root.yml 3 | when: galaxy_extras_config_galaxy_root 4 | tags: 5 | - galaxy 6 | 7 | - name: Create directory for "galaxy_config_dir" 8 | file: path="{{ galaxy_config_dir }}" state=directory 9 | 10 | - include: galaxy_metrics.yml 11 | when: galaxy_extras_config_galaxy_root 12 | tags: 13 | - metrics 14 | 15 | - include: galaxy_extra_dependencies.yml 16 | when: galaxy_extras_config_galaxy_extra_dependencies 17 | tags: 18 | - extra_dependencies 19 | 20 | - include: uwsgi.yml 21 | when: galaxy_extras_config_uwsgi 22 | tags: 23 | - uwsgi 24 | 25 | - include: nginx.yml 26 | when: galaxy_extras_config_nginx 27 | tags: 28 | - nginx_config 29 | - nginx 30 | 31 | - include: proftpd.yml 32 | when: galaxy_extras_config_proftpd 33 | tags: 34 | - proftpd 35 | 36 | - include: slurm.yml 37 | when: galaxy_extras_config_slurm 38 | tags: 39 | - slurm 40 | 41 | - include: pbs.yml 42 | when: galaxy_extras_config_pbs 43 | tags: 44 | - pbs 45 | 46 | - include: k8s.yml 47 | when: galaxy_extras_config_k8s_jobs 48 | tags: 49 | - k8s 50 | 51 | - include: condor.yml 52 | when: galaxy_extras_config_condor 53 | tags: 54 | - condor 55 | 56 | - include: cvmfs_client.yml 57 | when: galaxy_extras_config_cvmfs 58 | tags: 59 | - cvmfs 60 | 61 | - include: supervisor.yml 62 | when: galaxy_extras_config_supervisor 63 | tags: 64 | - supervisor 65 | 66 | - include: ie_proxy.yml 67 | when: galaxy_extras_config_ie_proxy 68 | tags: 69 | - ie 70 | 71 | - include: galaxy_scripts.yml 72 | when: galaxy_extras_config_scripts 73 | tags: 74 | - scripts 75 | 76 | - include: rabbitmq.yml 77 | when: galaxy_extras_config_rabbitmq 78 | tags: 79 | - rabbitmq 80 | 81 | - include: startup.yml 82 | when: galaxy_extras_config_startup 83 | tags: 84 | - startup 85 | 86 | - include: client.yml 87 | when: galaxy_extras_config_startup 88 | tags: 89 | - client 90 | -------------------------------------------------------------------------------- /tasks/nginx.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Create nginx upload_store dir 4 | file: 5 | state: directory 6 | path: "{{ nginx_upload_store_path }}" 7 | owner: "{{ galaxy_user_name }}" 8 | 9 | - name: Place configuration files 10 | template: > 11 | src={{ item.src }} 12 | dest={{ item.dest }} 13 | owner={{ item.owner }} group={{ item.owner }} mode=0600 14 | with_items: 15 | - { src: 'htpasswd.j2', dest: '/etc/nginx/htpasswd', owner: '{{ galaxy_user_name }}' } 16 | - { src: 'nginx_galaxy_web.conf.j2', dest: '{{ nginx_conf_directory }}/galaxy_web.conf', owner: 'root' } 17 | - { src: 'nginx_uwsgi.conf.j2', dest: '{{ nginx_conf_directory }}/uwsgi.conf', owner: 'root' } 18 | - { src: 'nginx_reports_noauth.conf.j2', dest: '{{ nginx_conf_directory }}/reports_auth.conf', owner: 'root' } 19 | - { src: 'nginx_reports_auth.conf.j2', dest: '{{ nginx_conf_directory }}/reports_auth.conf.source', owner: 'root' } 20 | - { src: 'nginx.conf.j2', dest: '{{ nginx_conf_path }}', owner: 'root' } 21 | notify: restart nginx 22 | tags: 23 | - https 24 | 25 | - name: Letsencrypts-specific tasks 26 | include: letsencrypt.yml 27 | when: galaxy_extras_config_ssl_method == 'letsencrypt' 28 | tags: 29 | - https 30 | 31 | - name: Create self-signed SSL cert 32 | command: openssl req -new -nodes -x509 -subj "/C=US/ST=Oregon/L=Portland/O=IT/CN=selfsigned" -days 3650 -keyout "{{ nginx_ssl_certificate_key }}" -out "{{ nginx_ssl_certificate }}" -extensions v3_ca creates="{{ nginx_ssl_certificate }}" 33 | when: galaxy_extras_config_ssl_method == 'self-signed' 34 | notify: restart nginx 35 | tags: 36 | - https 37 | 38 | - name: Copy own certificate 39 | copy: src="{{ item.src }}" dest="{{ item.dest }}" mode=0644 owner=root group=root backup=yes 40 | when: galaxy_extras_config_ssl_method == 'own' 41 | with_items: 42 | - { src: '{{ src_nginx_ssl_certificate_key }}', dest: '{{ nginx_ssl_certificate_key }}'} 43 | - { src: '{{ src_nginx_ssl_certificate }}', dest: '{{ nginx_ssl_certificate }}'} 44 | notify: restart nginx 45 | tags: 46 | - https 47 | -------------------------------------------------------------------------------- /tasks/pbs.yml: -------------------------------------------------------------------------------- 1 | - name: Install PBS/torque system packages 2 | apt: 3 | state: "{{ galaxy_extras_apt_package_state }}" 4 | name: "{{ packages }}" 5 | vars: 6 | packages: 7 | - torque-client 8 | - pbs-drmaa-dev 9 | when: galaxy_extras_install_packages 10 | 11 | # If job_conf.xml is installed before running galaxyprojectdotorg.galaxy, this would already be installed. 12 | - name: Fetch DRMAA wheel for Galaxy 13 | pip: 14 | name: "drmaa" 15 | extra_args: "--index-url https://wheels.galaxyproject.org/simple/ --extra-index-url https://pypi.python.org/simple" 16 | virtualenv: "{{ galaxy_venv_dir }}" 17 | environment: 18 | PYTHOPATH: null 19 | VIRTUAL_ENV: "{{ galaxy_venv_dir }}" 20 | 21 | - name: "Install Galaxy job conf" 22 | template: src=job_conf.xml.j2 dest={{galaxy_job_conf_path}} owner={{ galaxy_user_name }} group={{ galaxy_user_name }} 23 | tags: galaxy_extras_job_conf 24 | 25 | - name: "Set PBS/torque server name" 26 | lineinfile: dest=/etc/torque/server_name line={{ pbs_server_name }} state=present create=yes 27 | -------------------------------------------------------------------------------- /tasks/proftpd.yml: -------------------------------------------------------------------------------- 1 | 2 | - name: Install proftpd related system packages 3 | apt: 4 | state: "{{ galaxy_extras_apt_package_state }}" 5 | name: "{{ packages }}" 6 | vars: 7 | packages: 8 | - proftpd 9 | - proftpd-mod-pgsql 10 | when: galaxy_extras_install_packages 11 | tags: 12 | - proftpd_apt 13 | 14 | - name: Create Galaxy configuration file 15 | template: src=proftpd.conf.j2 dest={{ proftpd_conf_path }} 16 | 17 | - name: Load Proftpd modules 18 | lineinfile: dest=/etc/proftpd/modules.conf line="{{ item }}" 19 | with_items: 20 | - LoadModule mod_sql.c 21 | - LoadModule mod_sql_passwd.c 22 | - LoadModule mod_sql_postgres.c 23 | 24 | - name: Load Proftpd SFTP modules 25 | lineinfile: dest=/etc/proftpd/modules.conf line="{{ item }}" 26 | with_items: 27 | - LoadModule mod_sftp.c 28 | - LoadModule mod_sftp_pam.c 29 | - LoadModule mod_sftp_sql.c 30 | when: proftpd_use_sftp 31 | 32 | - name: Install OpenSSH client package 33 | apt: pkg=openssh-client 34 | when: proftpd_use_sftp 35 | tags: 36 | - proftpd_apt 37 | 38 | - name: Create /etc/proftpd/ssh_host_keys/ directory 39 | file: path=/etc/proftpd/ssh_host_keys/ state=directory 40 | when: proftpd_use_sftp 41 | 42 | - name: Generate new SSH keys (rsa) 43 | shell: ssh-keygen -b 2048 -t rsa -f /etc/proftpd/ssh_host_keys/rsa -N "" 44 | args: 45 | creates: /etc/proftpd/ssh_host_keys/rsa 46 | when: 47 | - proftpd_use_sftp 48 | - proftpd_generate_ssh_key 49 | 50 | - name: Generate new SSH keys (dsa) 51 | shell: ssh-keygen -b 1024 -t dsa -f /etc/proftpd/ssh_host_keys/dsa -N "" 52 | args: 53 | creates: /etc/proftpd/ssh_host_keys/dsa 54 | when: 55 | - proftpd_use_sftp 56 | - proftpd_generate_ssh_key 57 | 58 | # Proftpd ships with default keys, and it makes sense to change them. 59 | # But we've decided not to do this, because this task takes nearly a day. 60 | # - name: Generate new DHparams 61 | # shell: openssl dhparam -outform PEM {{ item[0] }} {{ item[1] }} | tee -a "${THIS_DIR}/dhparams.pem" 62 | # with_nested: 63 | # - [2, 5] 64 | # - [1024, 1536, 2048, 4096, 6144, 8192] 65 | # when: proftpd_use_sftp 66 | 67 | 68 | 69 | -------------------------------------------------------------------------------- /tasks/rabbitmq.yml: -------------------------------------------------------------------------------- 1 | - name: Copy startup script for rabbitmq 2 | template: src=rabbitmq.sh.j2 dest=/usr/local/bin/rabbitmq.sh 3 | -------------------------------------------------------------------------------- /tasks/slurm.yml: -------------------------------------------------------------------------------- 1 | - name: Install pip 2 | apt: 3 | state: "{{ galaxy_extras_apt_package_state }}" 4 | name: "{{ packages }}" 5 | vars: 6 | packages: 7 | - python-pip 8 | when: galaxy_extras_install_packages 9 | 10 | - name: Create munge.service configuration file 11 | template: src=munge.service.j2 dest=/etc/systemd/system/munge.service 12 | when: galaxy_extras_install_packages 13 | 14 | - name: Install munge system package 15 | apt: pkg=munge state={{ galaxy_extras_apt_package_state }} 16 | when: galaxy_extras_install_packages 17 | 18 | - name: Install SLURM system packages 19 | apt: 20 | state: "{{ galaxy_extras_apt_package_state }}" 21 | name: "{{ packages }}" 22 | vars: 23 | packages: 24 | - slurm-llnl 25 | - slurm-drmaa-dev 26 | - python-psutil 27 | when: galaxy_extras_install_packages and ansible_distribution_version < "18.04" 28 | 29 | - name: Add custom Galaxy PPA (used for Slurm DRMAA package in Ubuntu 18.04) 30 | apt_repository: 31 | repo: ppa:natefoo/slurm-drmaa 32 | state: present 33 | update_cache: yes 34 | when: galaxy_extras_install_packages and ansible_distribution_version == "18.04" 35 | 36 | - name: Install SLURM system packages for Ubuntu 18.04 37 | apt: pkg={{ item }} state={{ galaxy_extras_apt_package_state }} 38 | with_items: 39 | - slurm-wlm 40 | - slurm-drmaa-dev 41 | - python-psutil 42 | when: galaxy_extras_install_packages and ansible_distribution_version == "18.04" 43 | 44 | - name: Install SLURM system packages 45 | apt: pkg=slurm-wlm-torque state={{ galaxy_extras_apt_package_state }} 46 | when: galaxy_extras_install_packages 47 | 48 | - name: Create Munge Key 49 | command: /usr/sbin/create-munge-key creates=/etc/munge/munge.key 50 | 51 | - name: Setup Munge permissions and folder 52 | file: path={{ item }} state=directory owner=root group=root recurse=yes 53 | with_items: 54 | - /var/run/munge 55 | - /var/lib/munge 56 | - /var/log/munge 57 | - /var/run/munge 58 | - /etc/munge 59 | 60 | - name: Setup tmp area for slurm. 61 | file: path=/tmp/slurm state=directory owner={{ galaxy_user_name }} group={{ galaxy_user_name }} 62 | 63 | - name: Create slurm configuration file 64 | template: src=configure_slurm.py.j2 dest=/usr/sbin/configure_slurm.py 65 | 66 | - name: Check if Galaxy uses eggs or wheels 67 | stat: 68 | path: "{{ galaxy_server_dir }}/lib/galaxy/dependencies/pinned-requirements.txt" 69 | register: requirements_txt 70 | 71 | - name: Fetch DRMAA egg for Galaxy 72 | shell: "{{ galaxy_venv_dir }}/bin/python {{ galaxy_server_dir }}/scripts/fetch_eggs.py -e drmaa -c {{ galaxy_config_file }}" 73 | when: not requirements_txt.stat.exists 74 | 75 | # If job_conf.xml is installed before running galaxyprojectdotorg.galaxy, this would already be installed. 76 | - name: Fetch DRMAA wheel for Galaxy 77 | pip: 78 | name: "drmaa" 79 | extra_args: "--index-url https://wheels.galaxyproject.org/simple/ --extra-index-url https://pypi.python.org/simple" 80 | virtualenv: "{{ galaxy_venv_dir }}" 81 | environment: 82 | PYTHOPATH: null 83 | VIRTUAL_ENV: "{{ galaxy_venv_dir }}" 84 | 85 | # TODO: Move the following two out of this file since it is no longer SLURM specific. 86 | - name: "Install Galaxy job conf" 87 | template: src=job_conf.xml.j2 dest={{galaxy_job_conf_path}} owner={{ galaxy_user_name }} group={{ galaxy_user_name }} 88 | tags: galaxy_extras_job_conf 89 | 90 | - name: "Install Galaxy container resolution configuration" 91 | template: src=container_resolvers_conf.xml.j2 dest={{galaxy_container_resolvers_conf_path}} owner={{ galaxy_user_name }} group={{ galaxy_user_name }} 92 | when: galaxy_extras_config_container_resolution|bool 93 | tags: galaxy_extras_job_conf 94 | -------------------------------------------------------------------------------- /tasks/startup.yml: -------------------------------------------------------------------------------- 1 | - name: "Install cgroupfs_mount.sh for startup script." 2 | template: src=cgroupfs_mount.sh.j2 dest=/root/cgroupfs_mount.sh mode=a+x 3 | 4 | - name: "Install startup script used to configure container." 5 | template: src=startup.sh.j2 dest=/usr/bin/startup mode=a+x 6 | -------------------------------------------------------------------------------- /tasks/supervisor.yml: -------------------------------------------------------------------------------- 1 | 2 | - name: Install web related system packages 3 | apt: 4 | state: "{{ galaxy_extras_apt_package_state }}" 5 | name: "{{ packages }}" 6 | vars: 7 | packages: 8 | - uwsgi 9 | - uwsgi-plugin-python 10 | - supervisor 11 | when: galaxy_extras_install_packages 12 | 13 | - name: Install cron 14 | apt: 15 | state: "{{ galaxy_extras_apt_package_state }}" 16 | name: "{{ packages }}" 17 | vars: 18 | packages: 19 | - cron 20 | when: supervisor_manage_cron|bool 21 | 22 | - name: Create Galaxy configuration file 23 | template: src=supervisor.conf.j2 dest={{ supervisor_conf_path }} 24 | 25 | - name: Stop supervisor 26 | service: name=supervisor state=stopped 27 | tags: stop_supervisor 28 | 29 | - name: Stop and remove uwsgi. 30 | service: name={{ item }} state=stopped enabled=no 31 | with_items: 32 | - uwsgi 33 | when: galaxy_extras_config_uwsgi|bool and supervisor_manage_uwsgi|bool and galaxy_extras_install_packages 34 | 35 | - name: Stop and remove munge. 36 | service: name={{ item }} state=stopped enabled=no 37 | with_items: 38 | - munge 39 | when: galaxy_extras_config_slurm|bool and supervisor_manage_slurm|bool 40 | 41 | - name: Stop and remove slurm. 42 | service: name={{ item }} state=stopped enabled=no 43 | with_items: 44 | - slurmd 45 | - slurmctld 46 | when: galaxy_extras_config_slurm|bool and supervisor_manage_slurm|bool 47 | 48 | - name: Stop and remove postgresql. 49 | service: name={{ item }} state=stopped enabled=no 50 | with_items: 51 | - postgresql 52 | when: supervisor_manage_postgres 53 | 54 | - name: Stop and remove proftpd. 55 | service: name={{ item }} state=stopped enabled=no 56 | with_items: 57 | - proftpd 58 | when: galaxy_extras_config_proftpd|bool and supervisor_manage_proftp|bool 59 | 60 | - name: Stop and remove nginx. 61 | service: name={{ item }} state=stopped enabled=no 62 | with_items: 63 | - nginx 64 | when: galaxy_extras_config_nginx|bool and supervisor_manage_nginx|bool 65 | 66 | # Do not start supervisor when building docker-galaxy-stable 67 | - name: Start supervisor 68 | service: name=supervisor state=started 69 | when: galaxy_uwsgi_static_conf 70 | -------------------------------------------------------------------------------- /tasks/uwsgi.yml: -------------------------------------------------------------------------------- 1 | - name: "Install uwsgi for galaxy" 2 | pip: 3 | name: uwsgi 4 | version: 2.0.15 5 | virtualenv: "{{ galaxy_venv_dir }}" 6 | virtualenv_command: "{{ pip_virtualenv_command | default( 'virtualenv' ) }}" 7 | extra_args: "--index-url https://wheels.galaxyproject.org/ --extra-index-url https://pypi.python.org/simple" 8 | become: True 9 | become_user: "{{ galaxy_user_name }}" 10 | -------------------------------------------------------------------------------- /templates/add_tool_shed.py.j2: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | import os 4 | import argparse 5 | import xml.etree.ElementTree as ET 6 | 7 | TOOL_SHEDS_XML = os.path.join(os.environ['GALAXY_ROOT'], "config/tool_sheds_conf.xml") 8 | TOOL_SHEDS_XML_SAMPLE = TOOL_SHEDS_XML + '.sample' 9 | 10 | if __name__ == '__main__': 11 | parser = argparse.ArgumentParser(description='Add new Tool Shed to Galaxy.') 12 | parser.add_argument('-n', '--name', help='Tool Shed name that is displayed in the admin menue') 13 | parser.add_argument('-u', '--url', help='Tool Shed URL') 14 | 15 | args = parser.parse_args() 16 | 17 | ts = ET.Element('tool_shed') 18 | ts.set('name', args.name) 19 | ts.set('url', args.url) 20 | 21 | if os.path.exists( TOOL_SHEDS_XML ): 22 | tree = ET.parse( TOOL_SHEDS_XML ) 23 | else: 24 | tree = ET.parse( TOOL_SHEDS_XML_SAMPLE ) 25 | root = tree.getroot() 26 | root.append( ts ) 27 | tree.write( TOOL_SHEDS_XML ) 28 | -------------------------------------------------------------------------------- /templates/cgroupfs_mount.sh.j2: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | # DinD: a wrapper script which allows docker to be run inside a docker container. 5 | # Original version by Jerome Petazzoni 6 | # See the blog post: https://blog.docker.com/2013/09/docker-can-now-run-within-docker/ 7 | # 8 | # This script should be executed inside a docker container in privilieged mode 9 | # ('docker run --privileged', introduced in docker 0.6). 10 | 11 | # Usage: dind CMD [ARG...] 12 | 13 | # apparmor sucks and Docker needs to know that it's in a container (c) @tianon 14 | export container=docker 15 | 16 | if [ -d /sys/kernel/security ] && ! mountpoint -q /sys/kernel/security; then 17 | mount -t securityfs none /sys/kernel/security || { 18 | echo >&2 'Could not mount /sys/kernel/security.' 19 | echo >&2 'AppArmor detection and --privileged mode might break.' 20 | } 21 | fi 22 | 23 | # Mount /tmp (conditionally) 24 | if ! mountpoint -q /tmp; then 25 | mount -t tmpfs none /tmp 26 | fi 27 | 28 | 29 | # If a pidfile is still around (for example after a container restart), 30 | # delete it so that docker can start. 31 | rm -rf /var/run/docker.pid 32 | -------------------------------------------------------------------------------- /templates/check_database.py.j2: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | # This script checks if the database is connected by querying an user 4 | 5 | import sys 6 | sys.path.insert(1,'{{ galaxy_server_dir }}') 7 | sys.path.insert(1,'{{ galaxy_server_dir }}/lib') 8 | 9 | from galaxy.model import User 10 | from galaxy.model.mapping import init 11 | from galaxy.model.orm.scripts import get_config 12 | import argparse 13 | 14 | __author__ = "Lukas Voegtle" 15 | __email__ = "voegtlel@tf.uni-freiburg.de" 16 | 17 | if __name__ == "__main__": 18 | db_url = get_config(sys.argv)['db_url'] 19 | mapping = init('/tmp/', db_url) 20 | sa_session = mapping.context 21 | security_agent = mapping.security_agent 22 | 23 | # Just query something 24 | query = sa_session.query(User).filter_by(email="admin@galaxy.org") 25 | query.count() 26 | -------------------------------------------------------------------------------- /templates/configure_slurm.py.j2: -------------------------------------------------------------------------------- 1 | from socket import gethostname 2 | from string import Template 3 | from os import environ 4 | import subprocess 5 | 6 | 7 | SLURM_CONFIG_TEMPLATE = ''' 8 | # slurm.conf file generated by configurator.html. 9 | # Put this file on all nodes of your cluster. 10 | # See the slurm.conf man page for more information. 11 | # 12 | ControlMachine=$control_machine 13 | #ControlAddr= 14 | #BackupController= 15 | #BackupAddr= 16 | # 17 | AuthType=auth/munge 18 | CacheGroups=0 19 | #CheckpointType=checkpoint/none 20 | CryptoType=crypto/munge 21 | MpiDefault=none 22 | #PluginDir= 23 | #PlugStackConfig= 24 | #PrivateData=jobs 25 | ProctrackType=proctrack/pgid 26 | #Prolog= 27 | #PrologSlurmctld= 28 | #PropagatePrioProcess=0 29 | #PropagateResourceLimits= 30 | #PropagateResourceLimitsExcept= 31 | ReturnToService=1 32 | #SallocDefaultCommand= 33 | SlurmctldPidFile=/var/run/slurmctld.pid 34 | SlurmctldPort=6817 35 | SlurmdPidFile=/var/run/slurmd.pid 36 | SlurmdPort=6818 37 | SlurmdSpoolDir=/tmp/slurmd 38 | SlurmUser=$user 39 | #SlurmdUser=root 40 | #SrunEpilog= 41 | #SrunProlog= 42 | StateSaveLocation=/tmp/slurm 43 | SwitchType=switch/none 44 | #TaskEpilog= 45 | TaskPlugin=task/none 46 | #TaskPluginParam= 47 | #TaskProlog= 48 | InactiveLimit=0 49 | KillWait=30 50 | MinJobAge=300 51 | #OverTimeLimit=0 52 | SlurmctldTimeout=120 53 | SlurmdTimeout=300 54 | #UnkillableStepTimeout=60 55 | #VSizeFactor=0 56 | Waittime=0 57 | FastSchedule=1 58 | SchedulerType=sched/backfill 59 | SchedulerPort=7321 60 | SelectType=select/cons_res 61 | SelectTypeParameters=CR_Core_Memory 62 | AccountingStorageType=accounting_storage/none 63 | #AccountingStorageUser= 64 | AccountingStoreJobComment=YES 65 | ClusterName=$cluster_name 66 | #DebugFlags= 67 | #JobCompHost= 68 | #JobCompLoc= 69 | #JobCompPass= 70 | #JobCompPort= 71 | JobCompType=jobcomp/none 72 | #JobCompUser= 73 | JobAcctGatherFrequency=30 74 | JobAcctGatherType=jobacct_gather/none 75 | SlurmctldDebug=3 76 | #SlurmctldLogFile= 77 | SlurmdDebug=3 78 | #SlurmdLogFile= 79 | NodeName=$hostname CPUs=$cpus RealMemory=$memory State=UNKNOWN 80 | PartitionName=$partition_name Nodes=$hostname Default=YES MaxTime=INFINITE State=UP Shared=YES {% if ansible_distribution=='Ubuntu' %}DefMemPerCPU=$mem_per_cpu 81 | {% endif %} 82 | ''' 83 | 84 | slurm_status = subprocess.check_output(['slurmd', '-C']) 85 | dict_status = dict(z.split('=') for z in slurm_status.split()) 86 | cpus = dict_status['CPUs'] 87 | memory = dict_status['RealMemory'] 88 | mem_per_cpu = int(memory) / int(cpus) 89 | 90 | def main(): 91 | hostname = gethostname() 92 | template_params = { 93 | "hostname": hostname, 94 | "control_machine": environ.get('SLURM_CONTROL_MACHINE', hostname), 95 | "cluster_name": environ.get('SLURM_CLUSTER_NAME', 'cluster'), 96 | "user": environ.get('SLURM_USER_NAME', '{{ galaxy_user_name }}'), 97 | "partition_name": environ.get('SLURM_PARTITION_NAME', 'debug'), 98 | "cpus": environ.get("SLURM_CPUS", cpus), 99 | "memory": environ.get("SLURM_MEMORY", memory), 100 | "mem_per_cpu": environ.get("SLURM_MEMORY_PER_CPU", int(memory)/int(cpus)) 101 | } 102 | config_contents = Template(SLURM_CONFIG_TEMPLATE).substitute(template_params) 103 | open("/etc/slurm-llnl/slurm.conf", "w").write(config_contents) 104 | 105 | if __name__ == "__main__": 106 | main() 107 | -------------------------------------------------------------------------------- /templates/container_resolvers_conf.xml.j2: -------------------------------------------------------------------------------- 1 | 2 | {% if container_resolution_explicit %} 3 | 4 | {% endif %} 5 | {% if container_resolution_cached_mulled %} 6 | 7 | {% endif %} 8 | {% if container_resolution_mulled %} 9 | 10 | {% endif %} 11 | {% if container_resolution_build_mulled %} 12 | 13 | {% endif %} 14 | 15 | -------------------------------------------------------------------------------- /templates/create_galaxy_user.py.j2: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | import sys 3 | sys.path.insert(1,'{{ galaxy_server_dir }}') 4 | sys.path.insert(1,'{{ galaxy_server_dir }}/lib') 5 | 6 | from galaxy.model import User, APIKeys 7 | from galaxy.model.mapping import init 8 | from galaxy.model.orm.scripts import get_config 9 | import argparse 10 | 11 | def add_user(sa_session, security_agent, email, password, key=None, username="admin"): 12 | """ 13 | Add Galaxy User. 14 | From John https://gist.github.com/jmchilton/4475646 15 | """ 16 | query = sa_session.query( User ).filter_by( email=email ) 17 | user = None 18 | if query.count() > 0: 19 | user = query.first() 20 | user.username = username 21 | user.set_password_cleartext(password) 22 | sa_session.add(user) 23 | sa_session.flush() 24 | else: 25 | User.use_pbkdf2 = {{ use_pbkdf2 }} 26 | user = User(email) 27 | user.username = username 28 | user.set_password_cleartext(password) 29 | sa_session.add(user) 30 | sa_session.flush() 31 | 32 | security_agent.create_private_user_role( user ) 33 | if not user.default_permissions: 34 | security_agent.user_set_default_permissions( user, history=True, dataset=True ) 35 | 36 | if key is not None: 37 | query = sa_session.query( APIKeys ).filter_by( user_id=user.id ).delete() 38 | sa_session.flush() 39 | 40 | api_key = APIKeys() 41 | api_key.user_id = user.id 42 | api_key.key = key 43 | sa_session.add(api_key) 44 | sa_session.flush() 45 | return user 46 | 47 | 48 | if __name__ == "__main__": 49 | db_url = get_config(sys.argv, use_argparse=False)['db_url'] 50 | 51 | parser = argparse.ArgumentParser(description='Create Galaxy Admin User.') 52 | 53 | parser.add_argument("--user", required=True, 54 | help="Username, it should be an email address.") 55 | parser.add_argument("--password", required=True, 56 | help="Password.") 57 | parser.add_argument("--key", help="API-Key.") 58 | parser.add_argument("--username", default="admin", 59 | help="The public username. Public names must be at least three characters in length and contain only lower-case letters, numbers, and the '-' character.") 60 | parser.add_argument('args', nargs=argparse.REMAINDER) 61 | 62 | options = parser.parse_args() 63 | 64 | mapping = init('/tmp/', db_url) 65 | sa_session = mapping.context 66 | security_agent = mapping.security_agent 67 | 68 | add_user(sa_session, security_agent, options.user, options.password, key=options.key, username=options.username) 69 | -------------------------------------------------------------------------------- /templates/export_user_files.py.j2: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | import glob 3 | import sys 4 | import os 5 | import shutil 6 | import subprocess 7 | 8 | if len( sys.argv ) == 2: 9 | PG_DATA_DIR_DEFAULT = sys.argv[1] 10 | else: 11 | PG_DATA_DIR_DEFAULT = "/var/lib/postgresql/9.3/main" 12 | PG_DATA_DIR_HOST = os.environ.get("PG_DATA_DIR_HOST", "/export/postgresql/9.3/main/") 13 | 14 | def change_path( src ): 15 | """ 16 | src will be copied to /export/`src` and a symlink will be placed in src pointing to /export/ 17 | """ 18 | if os.path.exists( src ): 19 | dest = os.path.join( '/export/', src.strip('/') ) 20 | # if destination is empty move all files into /export/ and symlink back to source 21 | if not os.path.exists( dest ): 22 | dest_dir = os.path.dirname(dest) 23 | if not os.path.exists( dest_dir ): 24 | os.makedirs(dest_dir) 25 | shutil.move( src, dest ) 26 | os.symlink( dest, src.rstrip('/') ) 27 | os.chown( src, int(os.environ['GALAXY_UID']), int(os.environ['GALAXY_GID']) ) 28 | subprocess.call( 'chown -R %s:%s %s' % ( os.environ['GALAXY_UID'], os.environ['GALAXY_GID'], dest ), shell=True ) 29 | # if destination exists (e.g. continuing a previous session), remove source and symlink 30 | else: 31 | if not os.path.realpath( src ) == os.path.realpath( dest ): 32 | stripped_src = src.rstrip('/') 33 | if not os.path.islink( stripped_src ): 34 | if os.path.isdir( stripped_src ): 35 | shutil.rmtree( stripped_src ) 36 | else: 37 | os.unlink( stripped_src ) 38 | os.symlink( dest, src.rstrip('/') ) 39 | 40 | 41 | def copy_samples(src, dest): 42 | if not os.path.realpath(src) == os.path.realpath(dest): 43 | for filename in os.listdir(src): 44 | if filename.endswith('ml.sample') or filename.endswith('ml.sample_advanced') or filename.endswith('ml.sample_basic'): 45 | distrib_file = os.path.join(src, filename) 46 | export_file = os.path.join(dest, filename) 47 | shutil.copy(distrib_file, export_file) 48 | os.chown(export_file, int(os.environ['GALAXY_UID']), int(os.environ['GALAXY_GID'])) 49 | 50 | 51 | def _makedir(path): 52 | if not os.path.exists( path ): 53 | os.makedirs( path ) 54 | os.chown( path, int(os.environ['GALAXY_UID']), int(os.environ['GALAXY_GID']) ) 55 | 56 | if __name__ == "__main__": 57 | """ 58 | If the '/export/' folder exist, meaning docker was started with '-v /home/foo/bar:/export', 59 | we will link every file that needs to persist to the host system. Addionaly a file (/.galaxy_save) is 60 | created that indicates all linking is already done. 61 | If the user re-starts (with docker start) the container the file /.galaxy_save is found and the linking 62 | is aborted. 63 | """ 64 | 65 | galaxy_root_dir = os.environ.get('GALAXY_ROOT', '/galaxy-central/') 66 | 67 | galaxy_distrib_paths = {'/galaxy-central/config/': '/export/.distribution_config', 68 | '/galaxy-central/lib': '/export/galaxy-central/lib', 69 | '/galaxy-central/tools': '/export/galaxy-central/tools'} 70 | for image_path, export_path in galaxy_distrib_paths.items(): 71 | if os.path.exists(export_path): 72 | shutil.rmtree(export_path) 73 | shutil.copytree( image_path, export_path ) 74 | 75 | shutil.copy('/galaxy-central/requirements.txt','/export/galaxy-central/requirements.txt') 76 | 77 | _makedir('/export/galaxy-central/') 78 | _makedir('/export/ftp/') 79 | 80 | change_path( os.path.join(galaxy_root_dir, 'config') ) 81 | 82 | # Copy all sample config files to config dir 83 | # TODO find a way to update plugins/ without breaking user customizations 84 | config_src = os.path.join(galaxy_root_dir, 'config') 85 | config_dest = os.path.join('/export/', galaxy_root_dir, 'config') 86 | copy_samples(config_src, config_dest) 87 | 88 | # Copy all sample files to tool-data dir 89 | # TODO find a way to update shared/ without breaking user customizations 90 | tool_data_src = os.path.join(galaxy_root_dir, 'tool-data') 91 | tool_data_dest = os.path.join('/export/', galaxy_root_dir, 'tool-data') 92 | copy_samples(tool_data_src, tool_data_dest) 93 | 94 | # TODO find a way to update /export/galaxy-central/display_applications/ without breaking user customizations 95 | 96 | # Copy all files starting with "welcome" 97 | # This enables a flexible start page design. 98 | for filename in os.listdir('/export/'): 99 | if filename.startswith('welcome'): 100 | export_file = os.path.join( '/export/', filename) 101 | image_file = os.path.join('/etc/galaxy/web/', filename) 102 | shutil.copy(export_file, image_file) 103 | os.chown( image_file, int(os.environ['GALAXY_UID']), int(os.environ['GALAXY_GID']) ) 104 | 105 | # copy image defaults to config/.docker_sample to base derivatives on, 106 | # and if there is a realized version of these files in the export directory 107 | # replace Galaxy's copy with these. Use symbolic link instead of copying so 108 | # deployer can update and reload Galaxy and changes will be reflected. 109 | for config in [ 'galaxy.yml', 'job_conf.xml' ]: 110 | image_config = os.path.join('/etc/galaxy/', config) 111 | export_config = os.path.join( '/export/galaxy-central/config', config ) 112 | export_sample = export_config + ".docker_sample" 113 | shutil.copy(image_config, export_sample) 114 | if os.path.exists(export_config): 115 | subprocess.call('ln -s -f %s %s' % (export_config, image_config), shell=True) 116 | 117 | # Update Conda version if needed 118 | if os.environ.get('GALAXY_AUTO_UPDATE_CONDA', '0') != 0: 119 | src_conda = '/tool_deps/_conda/' 120 | dest_conda = '/export/tool_deps/_conda/' 121 | if os.path.exists(dest_conda) and os.path.realpath(src_conda) != os.path.realpath(dest_conda): 122 | for subdir in ['bin', 'compiler_compat', 'conda-meta', 'etc', 'include', 'lib', 'share', 'ssl', 'x86_64-conda_cos6-linux-gnu']: 123 | if os.path.exists(os.path.join(dest_conda, subdir)): 124 | shutil.rmtree(os.path.join(dest_conda, subdir)) 125 | subprocess.call('cp -p --preserve -R %s %s' % (os.path.join(src_conda, subdir), os.path.join(dest_conda, subdir)), shell=True) 126 | 127 | change_path( os.path.join(galaxy_root_dir, 'tools.yaml') ) 128 | change_path( os.path.join(galaxy_root_dir, 'integrated_tool_panel.xml') ) 129 | change_path( os.path.join(galaxy_root_dir, 'display_applications') ) 130 | change_path( os.path.join('/tool_deps') ) 131 | change_path( os.path.join(galaxy_root_dir, 'tool-data') ) 132 | change_path( os.path.join(galaxy_root_dir, 'database') ) 133 | change_path( '/shed_tools/' ) 134 | 135 | if os.path.exists('/export/reports_htpasswd'): 136 | shutil.copy('/export/reports_htpasswd', '/etc/nginx/htpasswd') 137 | 138 | try: 139 | change_path('/var/lib/docker/') 140 | except: 141 | # In case of unprivileged access this will result in a "Device or resource busy." error. 142 | pass 143 | 144 | if not os.path.exists( PG_DATA_DIR_HOST ) or 'PG_VERSION' not in os.listdir( PG_DATA_DIR_HOST ): 145 | dest_dir = os.path.dirname( PG_DATA_DIR_HOST ) 146 | if not os.path.exists( dest_dir ): 147 | os.makedirs(dest_dir) 148 | # User given dbpath, usually a directory from the host machine 149 | # copy the postgresql data folder to the new location 150 | subprocess.call('cp -R %s/* %s' % (PG_DATA_DIR_DEFAULT, PG_DATA_DIR_HOST), shell=True) 151 | os.symlink( os.path.join(os.environ.get('PG_CONF_DIR_DEFAULT'), 'conf.d'), os.path.join(PG_DATA_DIR_HOST, 'conf.d') ) 152 | # copytree needs an non-existing dst dir, how annoying :( 153 | # shutil.copytree(PG_DATA_DIR_DEFAULT, PG_DATA_DIR_HOST) 154 | subprocess.call('chown -R postgres:postgres /export/postgresql/', shell=True) 155 | subprocess.call('chmod -R 0755 /export/', shell=True) 156 | subprocess.call('chmod -R 0700 %s' % PG_DATA_DIR_HOST, shell=True) 157 | -------------------------------------------------------------------------------- /templates/htpasswd.j2: -------------------------------------------------------------------------------- 1 | {% for p in nginx_htpasswds %} 2 | {{ p }} 3 | {% endfor %} -------------------------------------------------------------------------------- /templates/job_conf.xml.j2: -------------------------------------------------------------------------------- 1 | 2 | {% import "macros.xml.j2" as macros with context %} 3 | 4 | 5 | {% if galaxy_extras_config_slurm %} 6 | 7 | /usr/lib/slurm-drmaa/lib/libdrmaa.so 8 | {% if galaxy_minimum_version >= "17.09" %} 9 | true 10 | {% endif %} 11 | 12 | {% endif %} 13 | {% if galaxy_extras_config_condor %} 14 | 15 | {% if galaxy_minimum_version >= "17.09" %} 16 | true 17 | {% endif %} 18 | 19 | {% endif %} 20 | {% if galaxy_extras_config_pbs %} 21 | 22 | /usr/lib/pbs-drmaa/lib/libdrmaa.so.1 23 | {% if galaxy_minimum_version >= "17.09" %} 24 | true 25 | {% endif %} 26 | 27 | {% endif %} 28 | {% if galaxy_extras_config_k8s_jobs %} 29 | 30 | 31 | {{ galaxy_k8s_jobs_use_service_account }} 32 | {{ galaxy_k8s_jobs_persistent_volume_claim_name }} 33 | {{ galaxy_k8s_jobs_persistent_volume_claim_mount_path }} 34 | {{ galaxy_k8s_jobs_namespace }} 35 | {{ galaxy_k8s_jobs_supplemental_group_id }} 36 | {{ galaxy_k8s_jobs_fs_group_id }} 37 | {{ galaxy_k8s_jobs_pull_policy }} 38 | {{ galaxy_k8s_jobs_pods_retrials }} 39 | {% if galaxy_minimum_version >= "17.09" %} 40 | true 41 | {% endif %} 42 | 43 | {% endif %} 44 | 45 | 46 | {% if not galaxy_mule_handlers %} 47 | 48 | 49 | {% if galaxy_handler_processes == 0 %} 50 | 51 | {% else %} 52 | {% for i in range(galaxy_handler_processes) %} 53 | 54 | {% endfor %} 55 | {% endif %} 56 | 57 | {% else %} 58 | 59 | {% endif %} 60 | 61 | 62 | 63 | 65 | docker_dispatch 66 | {{ galaxy_extras_galaxy_destination_docker_default }} 67 | {{ galaxy_extras_galaxy_destination_default }} 68 | 69 | 74 | {% call macros.destination("local_no_container", "local") %}{% endcall %} 75 | {% call macros.destination("local_docker", "local", container_type="docker") %}{% endcall %} 76 | {% call macros.destination("local_force_docker", "local", container_type="docker", force_container=True) %}{% endcall %} 77 | {% if galaxy_extras_config_pbs %} 78 | {% call macros.destination("pbs_cluster", "pbs") %}{% endcall %} 79 | {% call macros.destination("pbs_cluster_docker", "pbs", container_type="docker") %}{% endcall %} 80 | {% call macros.destination("pbs_cluster_force_docker", "pbs", container_type="docker", force_container=True) %}{% endcall %} 81 | {% endif %} 82 | {% if galaxy_extras_config_slurm %} 83 | {% call macros.destination("slurm_cluster", "slurm") %} 84 | --ntasks={{ galaxy_extras_slurm_ntask }} --share 85 | {% endcall %} 86 | 87 | {% call macros.destination("slurm_cluster_docker", "slurm", container_type="docker") %} 88 | --ntasks={{ galaxy_extras_slurm_ntask }} --share 89 | {% endcall %} 90 | {% call macros.destination("slurm_cluster_force_docker", "slurm", container_type="docker", force_container=True) %} 91 | --ntasks={{ galaxy_extras_slurm_ntask }} --share 92 | {% endcall %} 93 | 94 | {% call macros.destination("slurm_cluster_singularity", "slurm", container_type="singularity") %} 95 | --ntasks={{ galaxy_extras_slurm_ntask }} --share 96 | {% endcall %} 97 | 98 | {% endif %} 99 | {% if galaxy_extras_config_condor %} 100 | {% call macros.destination("condor_cluster", "condor") %} 101 | vanilla 102 | {% endcall %} 103 | {% call macros.destination("condor_cluster_docker", "condor", container_type="docker") %} 104 | vanilla 105 | {% endcall %} 106 | {% call macros.destination("condor_cluster_force_docker", "condor", container_type="docker", force_container=True) %} 107 | vanilla 108 | {% endcall %} 109 | {% call macros.destination("condor_docker_universe", "condor", container_type="docker", force_container=True) %} 110 | docker 111 | {% endcall %} 112 | 117 | {{ macros.docker_dispatch_destination("condor_docker_cluster_dispatch", "condor_cluster_docker", "condor_cluster")}} 118 | {{ macros.docker_dispatch_destination("condor_docker_universe_dispatch", "condor_docker_universe", "condor_cluster")}} 119 | {% endif %} 120 | {% if galaxy_extras_config_k8s_jobs %} 121 | {% call macros.destination("k8s_default", "k8s", container_type="docker", force_container=True) %}{% endcall %} 122 | {{ macros.docker_dispatch_destination("k8s_or_local_dispatch", "k8s_default", "local_no_container")}} 123 | {{ macros.docker_dispatch_destination("k8s_or_slurm_dispatch", "k8s_default", "slurm_cluster")}} 124 | {{ macros.docker_dispatch_destination("k8s_or_condor_dispatch", "k8s_default", "condor_cluster")}} 125 | {% endif %} 126 | 127 | 128 | 129 | 130 | -------------------------------------------------------------------------------- /templates/job_metrics_conf.xml.j2: -------------------------------------------------------------------------------- 1 | 2 | 3 | {% if galaxy_job_metrics_core %} 4 | 5 | {% endif %} 6 | {% if galaxy_job_metrics_cpuinfo and galaxy_job_metrics_cpuinfo == "verbose" %} 7 | 8 | {% elif galaxy_job_metrics_cpuinfo %} 9 | 10 | {% endif %} 11 | {% if galaxy_job_metrics_meminfo %} 12 | 13 | {% endif %} 14 | {% if galaxy_job_metrics_uname %} 15 | 16 | {% endif %} 17 | {% if galaxy_job_metrics_env %} 18 | 19 | {% endif %} 20 | 21 | -------------------------------------------------------------------------------- /templates/letsencrypt.conf.j2: -------------------------------------------------------------------------------- 1 | ######################################################## 2 | # This is the main config file for letsencrypt.sh # 3 | # # 4 | # This file is looked for in the following locations: # 5 | # $SCRIPTDIR/config (next to this script) # 6 | # /usr/local/etc/letsencrypt.sh/config # 7 | # /etc/letsencrypt.sh/config # 8 | # ${PWD}/config (in current working-directory) # 9 | # # 10 | # Default values of this config are in comments # 11 | ######################################################## 12 | 13 | # Resolve names to addresses of IP version only. (curl) 14 | # supported values: 4, 6 15 | # default: 16 | #IP_VERSION= 17 | 18 | # Path to certificate authority (default: https://acme-v01.api.letsencrypt.org/directory) 19 | #CA="https://acme-v01.api.letsencrypt.org/directory" 20 | 21 | # Path to license agreement (default: https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf) 22 | #LICENSE="https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf" 23 | 24 | # Which challenge should be used? Currently http-01 and dns-01 are supported 25 | #CHALLENGETYPE="http-01" 26 | 27 | # Path to a directory containing additional config files, allowing to override 28 | # the defaults found in the main configuration file. Additional config files 29 | # in this directory needs to be named with a '.sh' ending. 30 | # default: 31 | #CONFIG_D= 32 | 33 | # Base directory for account key, generated certificates and list of domains (default: $SCRIPTDIR -- uses config directory if undefined) 34 | #BASEDIR=$SCRIPTDIR (default) 35 | BASEDIR="/etc/letsencrypt" 36 | 37 | # File containing the list of domains to request certificates for (default: $BASEDIR/domains.txt) 38 | #DOMAINS_TXT="${BASEDIR}/domains.txt" 39 | 40 | # Output directory for generated certificates 41 | #CERTDIR="${BASEDIR}/certs" (default) 42 | CERTDIR="/etc/ssl/private" 43 | 44 | # Directory for account keys and registration information 45 | #ACCOUNTDIR="${BASEDIR}/accounts" 46 | 47 | # Output directory for challenge-tokens to be served by webserver or deployed in HOOK (default: /var/www/letsencrypt) 48 | #WELLKNOWN="/var/www/letsencrypt" (default) 49 | WELLKNOWN="${BASEDIR}/wellknown" 50 | 51 | # Default keysize for private keys (default: 4096) 52 | #KEYSIZE="4096" 53 | 54 | # Path to openssl config file (default: - tries to figure out system default) 55 | #OPENSSL_CNF= 56 | 57 | # Program or function called in certain situations 58 | # 59 | # After generating the challenge-response, or after failed challenge (in this case altname is empty) 60 | # Given arguments: clean_challenge|deploy_challenge altname token-filename token-content 61 | # 62 | # After successfully signing certificate 63 | # Given arguments: deploy_cert domain path/to/privkey.pem path/to/cert.pem path/to/fullchain.pem 64 | # 65 | # BASEDIR and WELLKNOWN variables are exported and can be used in an external program 66 | # default: 67 | #HOOK= 68 | 69 | # Chain clean_challenge|deploy_challenge arguments together into one hook call per certificate (default: no) 70 | #HOOK_CHAIN="no" 71 | 72 | # Minimum days before expiration to automatically renew certificate (default: 30) 73 | #RENEW_DAYS="30" 74 | 75 | # Regenerate private keys instead of just signing new certificates on renewal (default: yes) 76 | #PRIVATE_KEY_RENEW="yes" 77 | 78 | # Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1 79 | #KEY_ALGO=rsa 80 | 81 | # E-mail to use during the registration (default: ) 82 | #CONTACT_EMAIL= 83 | 84 | # Lockfile location, to prevent concurrent access (default: $BASEDIR/lock) 85 | #LOCKFILE="${BASEDIR}/lock" 86 | 87 | # Option to add CSR-flag indicating OCSP stapling to be mandatory (default: no) 88 | #OCSP_MUST_STAPLE="no" 89 | -------------------------------------------------------------------------------- /templates/letsencrypt_refresh.sh.j2: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | DOMAIN="$1" 4 | 5 | letsencrypt.sh --cron -d "$DOMAIN" --config /etc/letsencrypt/letsencrypt.conf 6 | 7 | if [ -e "/etc/ssl/private/"$DOMAIN"/privkey.pem" -a -e "/etc/ssl/private/"$DOMAIN"/fullchain.pem" ] 8 | then 9 | ln -sf /etc/ssl/private/"$DOMAIN"/privkey.pem {{ nginx_ssl_certificate_key }} 10 | ln -sf /etc/ssl/private/"$DOMAIN"/fullchain.pem {{ nginx_ssl_certificate }} 11 | nginx -s reload 12 | fi 13 | -------------------------------------------------------------------------------- /templates/macros.xml.j2: -------------------------------------------------------------------------------- 1 | {% macro destination(id, runner, container_type=None, force_container=False) -%} 2 | 3 | 4 | {% if galaxy_source_shellrc %} 5 | 6 | {% endif %} 7 | true 8 | 9 | {% if container_type == 'docker' %} 10 | true 11 | {{ galaxy_docker_sudo }} 12 | 13 | {{ galaxy_docker_volumes_from }} 14 | 15 | {{ galaxy_docker_volumes }} 16 | {% if force_container %} 17 | {{ galaxy_docker_default_image }} 18 | {% endif %} 19 | {% endif %} 20 | 21 | {% if container_type == 'singularity' %} 22 | true 23 | {{ galaxy_singularity_sudo }} 24 | 25 | {{ galaxy_singularity_volumes_from }} 26 | 27 | {{ galaxy_singularity_volumes }} 28 | {% if force_container %} 29 | {{ galaxy_singularity_default_image }} 30 | {% endif %} 31 | 32 | {% endif %} 33 | 34 | {{ caller() }} 35 | 36 | {%- endmacro %} 37 | 38 | {% macro docker_dispatch_destination(id, default_destination, docker_destination) -%} 39 | 40 | docker_dispatch 41 | {{ docker_destination }} 42 | {{ default_destination }} 43 | 44 | {%- endmacro %} 45 | 46 | {% macro singularity_dispatch_destination(id, default_destination, singularity_destination) -%} 47 | 48 | singularity_dispatch 49 | {{ singularity_destination }} 50 | {{ default_destination }} 51 | 52 | {%- endmacro %} 53 | -------------------------------------------------------------------------------- /templates/munge.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=MUNGE authentication service 3 | Documentation=man:munged(8) 4 | After=network.target 5 | After=time-sync.target 6 | 7 | [Service] 8 | Type=forking 9 | ExecStart=/usr/sbin/munged --syslog 10 | PIDFile=/var/run/munge/munged.pid 11 | User=munge 12 | Group=munge 13 | Restart=on-abort 14 | 15 | [Install] 16 | WantedBy=multi-user.target 17 | -------------------------------------------------------------------------------- /templates/nginx.conf.j2: -------------------------------------------------------------------------------- 1 | user {{ galaxy_user_name }}; 2 | worker_processes 1; 3 | daemon off; 4 | 5 | events { 6 | worker_connections 1024; 7 | } 8 | 9 | http { 10 | include mime.types; 11 | default_type application/octet-stream; 12 | 13 | uwsgi_buffers 8 16384; 14 | uwsgi_buffer_size 16384; 15 | 16 | 17 | underscores_in_headers on; 18 | sendfile on; 19 | 20 | keepalive_timeout 600; 21 | types_hash_max_size 2048; 22 | 23 | gzip on; 24 | gzip_vary on; 25 | gzip_proxied any; 26 | gzip_comp_level 6; 27 | gzip_buffers 16 8k; 28 | gzip_http_version 1.1; 29 | gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; 30 | 31 | client_max_body_size 50g; 32 | uwsgi_read_timeout 300; 33 | 34 | {% if not galaxy_uwsgi %} 35 | upstream galaxy_web_app { 36 | server localhost:8080; 37 | } 38 | {% endif %} 39 | server { 40 | listen 80; 41 | {% if galaxy_extras_config_ssl %} 42 | rewrite ^ https://$host$request_uri permanent; 43 | } 44 | 45 | server { 46 | listen 443 default ssl; 47 | ssl_certificate {{ nginx_ssl_certificate }}; 48 | ssl_certificate_key {{ nginx_ssl_certificate_key }}; 49 | {% endif %} 50 | 51 | {% if nginx_use_passwords %} 52 | auth_basic "devbox"; 53 | auth_basic_user_file /etc/nginx/htpasswd; 54 | {% endif %} 55 | 56 | {% if nginx_proxy_reports %} 57 | # enable reports under :80/reports/ 58 | location {{ nginx_reports_location }}/ { 59 | # include authentification settings if enabled 60 | include {{ nginx_conf_directory }}/reports_auth.conf; 61 | proxy_pass http://127.0.0.1:{{ galaxy_reports_port }}/; 62 | } 63 | # serve static content for report app 64 | location {{ nginx_reports_location }}/static { 65 | alias {{ galaxy_server_dir }}/static; 66 | gzip on; 67 | gzip_types text/plain text/xml text/javascript text/css application/x-javascript; 68 | expires 24h; 69 | } 70 | location {{ nginx_reports_location }}/static/style { 71 | alias {{ galaxy_server_dir }}/static/style/blue; 72 | gzip on; 73 | gzip_types text/plain text/xml text/javascript text/css application/x-javascript; 74 | expires 24h; 75 | } 76 | location {{ nginx_reports_location }}/static/scripts { 77 | alias {{ galaxy_server_dir }}/static/scripts; 78 | gzip on; 79 | gzip_types text/plain text/javascript application/x-javascript; 80 | expires 24h; 81 | } 82 | {% endif %} 83 | 84 | # pass to uWSGI by default 85 | {% if galaxy_uwsgi %} 86 | include {{ nginx_conf_directory }}/uwsgi.conf; 87 | {% else %} 88 | include {{ nginx_conf_directory }}/galaxy_web.conf; 89 | {% endif %} 90 | {% if galaxy_extras_config_ssl_method == 'letsencrypt' %} 91 | include {{ nginx_conf_directory }}/letsencrypt.conf; 92 | {% endif %} 93 | {% for a in nginx_additional_config %} 94 | include {{ nginx_conf_directory }}/{{ a }}.conf; 95 | {% endfor %} 96 | {% if nginx_serve_planemo_machine_web %} 97 | location {{ nginx_planemo_web_location }} { 98 | alias {{ planemo_machine_web_dir }}; 99 | } 100 | {% endif %} 101 | 102 | # serve static content 103 | location {{ nginx_galaxy_location }}/static { 104 | alias {{ galaxy_server_dir }}/static; 105 | gzip on; 106 | gzip_types text/plain text/xml text/javascript text/css application/x-javascript; 107 | expires 24h; 108 | } 109 | location {{ nginx_galaxy_location }}/static/style { 110 | alias {{ galaxy_server_dir }}/static/style; 111 | gzip on; 112 | gzip_types text/plain text/xml text/javascript text/css application/x-javascript; 113 | expires 24h; 114 | } 115 | location {{ nginx_galaxy_location }}/static/scripts { 116 | alias {{ galaxy_server_dir }}/static/scripts; 117 | gzip on; 118 | gzip_types text/plain text/javascript application/x-javascript; 119 | expires 24h; 120 | } 121 | location /favicon.ico { 122 | alias {{ galaxy_server_dir }}/static/favicon.ico; 123 | } 124 | 125 | # delegated downloads 126 | location /_x_accel_redirect/ { 127 | internal; 128 | alias /; 129 | } 130 | 131 | # this is needed if 'welcome_url' is set to /etc/galaxy/web 132 | location {{ nginx_welcome_location }} { 133 | alias {{ nginx_welcome_path }}; 134 | gzip on; 135 | gzip_types text/plain text/xml text/javascript text/css application/x-javascript; 136 | expires 24h; 137 | } 138 | 139 | location {{ nginx_interactive_environment_location }} { 140 | proxy_pass http://localhost:8800/{{ nginx_interactive_environment_location }}; 141 | proxy_redirect off; 142 | } 143 | 144 | # IPython specific. Other IEs may require their own routes. 145 | # For older IPython versions 146 | location ~ ^{{ nginx_interactive_environment_location }}/jupyter/(?[^/]+)/api/kernels(?.*?)$ { 147 | proxy_pass http://localhost:8800/{{ nginx_interactive_environment_location }}/jupyter/$nbtype/api/kernels$rest; 148 | proxy_redirect off; 149 | proxy_http_version 1.1; 150 | proxy_set_header Upgrade $http_upgrade; 151 | proxy_set_header Connection "upgrade"; 152 | } 153 | 154 | # IPython specific. Other IEs may require their own routes. 155 | # Newer version of IPython - please note the "kernelspecs" change 156 | location ~ ^{{ nginx_interactive_environment_location }}/jupyter/(?[^/]+)/api/kernelspecs(?.*?)$ { 157 | proxy_pass http://localhost:8800/{{ nginx_interactive_environment_location }}/jupyter/$nbtype/api/kernelspecs$rest; 158 | proxy_redirect off; 159 | proxy_http_version 1.1; 160 | proxy_set_header Upgrade $http_upgrade; 161 | proxy_set_header Connection "upgrade"; 162 | } 163 | 164 | location ~ ^{{ nginx_galaxy_location }}/plugins/(?.+?)/(?.+?)/static/(?.*?)$ { 165 | alias {{ galaxy_server_dir }}/config/plugins/$plug_type/$vis_name/static/$static_file; 166 | } 167 | 168 | {% if galaxy_extras_config_nginx_upload == True %} 169 | # delegated uploads 170 | location {{ nginx_galaxy_location }}/_upload { 171 | upload_store {{ nginx_upload_store_path }}; 172 | upload_store_access user:rw; 173 | upload_pass_form_field ""; 174 | upload_set_form_field "__${upload_field_name}__is_composite" "true"; 175 | upload_set_form_field "__${upload_field_name}__keys" "name path"; 176 | upload_set_form_field "${upload_field_name}_name" "$upload_file_name"; 177 | upload_set_form_field "${upload_field_name}_path" "$upload_tmp_path"; 178 | upload_pass_args on; 179 | upload_pass {{ nginx_galaxy_location }}/_upload_done; 180 | } 181 | location {{ nginx_galaxy_location }}/_upload_done { 182 | set $dst {{ nginx_galaxy_location }}/api/tools; 183 | if ($args ~ nginx_redir=([^&]+)) { 184 | set $dst $1; 185 | } 186 | rewrite "" $dst; 187 | } 188 | {% endif %} 189 | 190 | {% if nginx_use_passwords %} 191 | location /api { 192 | auth_basic off; 193 | proxy_pass http://galaxy_web_app/api; 194 | proxy_set_header X-Forwarded-Host $host; 195 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 196 | {% if galaxy_admin_user is defined and galaxy_admin_user %} 197 | # hard-code a fixed user to pass to Galaxy to auto-login 198 | proxy_set_header REMOTE_USER '{{ galaxy_admin_user }}'; 199 | {% endif %} 200 | } 201 | {% endif %} 202 | 203 | # error docs 204 | error_page 502 503 504 {{ nginx_prefix_location }}/error/502/index.shtml; 205 | error_page 413 {{ nginx_prefix_location }}/error/413/index.html; 206 | error_page 500 {{ nginx_prefix_location }}/error/500/index.html; 207 | location {{ nginx_prefix_location }}/error { 208 | ssi on; 209 | alias {{ galaxy_errordocs_dest }}; 210 | } 211 | 212 | 213 | } 214 | } 215 | -------------------------------------------------------------------------------- /templates/nginx_galaxy_web.conf.j2: -------------------------------------------------------------------------------- 1 | # pass to uWSGI by default 2 | location {{ nginx_galaxy_location }}/ { 3 | proxy_pass http://galaxy_web_app; 4 | proxy_set_header X-Forwarded-Host $host; 5 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 6 | {% if galaxy_admin_user is defined and galaxy_admin_user %} 7 | # hard-code a fixed user to pass to Galaxy to auto-login 8 | proxy_set_header REMOTE_USER '{{ galaxy_admin_user }}'; 9 | {% endif %} 10 | {% if nginx_use_remote_header %} 11 | # forward the remote_user header in case it is set by a previous proxy 12 | if ($remote_user) { 13 | proxy_set_header REMOTE_USER $remote_user; 14 | } 15 | {% endif %} 16 | } 17 | -------------------------------------------------------------------------------- /templates/nginx_letsencrypt.conf.j2: -------------------------------------------------------------------------------- 1 | location /.well-known/acme-challenge { 2 | alias /etc/letsencrypt/wellknown; 3 | } 4 | -------------------------------------------------------------------------------- /templates/nginx_reports_auth.conf.j2: -------------------------------------------------------------------------------- 1 | # Authenticating with htpasswd file 2 | 3 | set $auth "Galaxy reports are restricted. Please contact your administrator."; 4 | 5 | auth_basic $auth; 6 | auth_basic_user_file htpasswd; 7 | -------------------------------------------------------------------------------- /templates/nginx_reports_noauth.conf.j2: -------------------------------------------------------------------------------- 1 | # No authentication defined 2 | -------------------------------------------------------------------------------- /templates/nginx_uwsgi.conf.j2: -------------------------------------------------------------------------------- 1 | # pass to uWSGI by default 2 | location {{ nginx_galaxy_location }}/ { 3 | uwsgi_pass 127.0.0.1:{{ uwsgi_port }}; 4 | include uwsgi_params; 5 | {% if galaxy_admin_user is defined and galaxy_admin_user %} 6 | # hard-code a fixed user to pass to Galaxy to auto-login 7 | uwsgi_param HTTP_REMOTE_USER '{{ galaxy_admin_user }}'; 8 | {% endif %} 9 | {% if nginx_use_remote_header %} 10 | # forward the remote_user header in case it is set by a previous proxy 11 | uwsgi_param HTTP_REMOTE_USER $remote_user if_not_empty; 12 | {% endif %} 13 | } 14 | -------------------------------------------------------------------------------- /templates/proftpd.conf.j2: -------------------------------------------------------------------------------- 1 | # Includes DSO modules 2 | Include /etc/proftpd/modules.conf 3 | 4 | # Basics, some site-specific 5 | ServerName "{{ proftpd_welcome }}" 6 | ServerType standalone 7 | DefaultServer on 8 | Port {{ proftpd_ftp_port }} 9 | Umask 022 10 | #SyslogFacility DAEMON 11 | #SyslogLevel debug 12 | MaxInstances 30 13 | User nobody 14 | Group nogroup 15 | 16 | # Passive port range for the firewall 17 | PassivePorts {{ proftpd_passive_port_low }} {{ proftpd_passive_port_high }} 18 | 19 | 20 | {% if proftpd_nat_masquerade %} 21 | # If your host was NATted, this option is useful in order to 22 | # allow passive tranfers to work. You have to use your public 23 | # address and opening the passive ports used on your firewall as well. 24 | MasqueradeAddress %{env:MASQUERADE_ADDRESS} 25 | {% endif %} 26 | 27 | # Cause every FTP user to be "jailed" (chrooted) into their home directory 28 | DefaultRoot ~ 29 | 30 | # Automatically create home directory if it doesn't exist 31 | CreateHome on dirmode 700 32 | 33 | # Allow users to overwrite their files 34 | AllowOverwrite on 35 | 36 | # Allow users to resume interrupted uploads 37 | AllowStoreRestart on 38 | 39 | # Bar use of SITE CHMOD 40 | 41 | DenyAll 42 | 43 | 44 | # Bar use of RETR (download) since this is not a public file drop 45 | 46 | DenyAll 47 | 48 | 49 | # Do not authenticate against real (system) users 50 | AuthPAM off 51 | 52 | {% macro SQL_Auth() -%} 53 | 54 | # Set up mod_sql_password - Galaxy passwords used to be stored as hex-encoded SHA1 and are now stored as base64 encoded SHA256 (PBKDF2 function) 55 | SQLPasswordEngine on 56 | {% if proftpd_sql_auth_type == "SHA1" %} 57 | SQLPasswordEncoding hex 58 | {% elif proftpd_sql_auth_type == "PBKDF2" %} 59 | SQLPasswordEncoding base64 60 | {% endif %} 61 | 62 | # Set up mod_sql to authenticate against the Galaxy database 63 | SQLEngine on 64 | SQLBackend postgres 65 | SQLConnectInfo {{ proftpd_db_connection }} {{ proftpd_db_username }} {{ proftpd_db_password }} 66 | SQLAuthTypes {{ proftpd_sql_auth_type }} 67 | SQLAuthenticate users 68 | 69 | # An empty directory in case chroot fails 70 | SQLDefaultHomedir /var/opt/local/proftpd 71 | 72 | # Define a custom query for lookup that returns a passwd-like entry. UID and GID should match your Galaxy user. 73 | SQLUserInfo custom:/LookupGalaxyUser 74 | {% if proftpd_sql_auth_type == "SHA1" %} 75 | 76 | SQLNamedQuery LookupGalaxyUser SELECT "email,password,'%{env:GALAXY_UID}','%{env:GALAXY_GID}','{{ proftpd_files_dir }}/%U','/bin/bash' FROM galaxy_user WHERE email='%U'" 77 | 78 | {% elif proftpd_sql_auth_type == "PBKDF2" %} 79 | 80 | SQLNamedQuery LookupGalaxyUser SELECT "email, (CASE WHEN substring(password from 1 for 6) = 'PBKDF2' THEN split_part(password, '$', 5) ELSE password END) AS password2,'{{ galaxy_user_uid }}','{{ galaxy_user_gid }}','{{ proftpd_files_dir }}/%U','/bin/bash' FROM galaxy_user WHERE email='%U'" 81 | SQLNamedQuery GetUserSalt SELECT "(CASE WHEN SUBSTRING (password from 1 for 6) = 'PBKDF2' THEN split_part(password, '$', 4) END) AS salt FROM galaxy_user WHERE email='%U'" 82 | SQLDefaultGID %{env:GALAXY_GID} 83 | SQLDefaultUID %{env:GALAXY_UID} 84 | SQLPasswordPBKDF2 SHA256 100000 24 85 | SQLPasswordUserSalt sql:/GetUserSalt 86 | 87 | {% endif %} 88 | 89 | {%- endmacro %} 90 | 91 | {{ SQL_Auth() }} 92 | 93 | {% if proftpd_use_sftp %} 94 | 95 | 96 | Port {{ proftpd_sftp_port }} 97 | SFTPEngine on 98 | SFTPPAMEngine off 99 | CreateHome on dirmode 700 100 | SFTPHostKey /etc/proftpd/ssh_host_keys/rsa 101 | SFTPHostKey /etc/proftpd/ssh_host_keys/dsa 102 | SFTPCompression delayed 103 | 104 | {{ SQL_Auth() }} 105 | 106 | 107 | 108 | {% endif %} 109 | -------------------------------------------------------------------------------- /templates/rabbitmq.sh.j2: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # call "rabbitmqctl stop" when exiting 3 | # taken from https://gist.github.com/caioariede/342a583f75467509ad42 4 | mkdir -p /var/run/rabbitmq && chown rabbitmq:rabbitmq /var/run/rabbitmq && chmod 755 /var/run/rabbitmq 5 | RABBITMQ_ENV=/usr/lib/rabbitmq/bin/rabbitmq-env 6 | RABBITMQ_SCRIPTS_DIR=$(dirname "$RABBITMQ_ENV") 7 | . /usr/lib/rabbitmq/bin/rabbitmq-env 8 | trap "{ echo Stopping rabbitmq; rabbitmqctl stop; exit 0; }" TERM 9 | 10 | echo Starting rabbitmq 11 | rabbitmq-server & 12 | 13 | # from docs: When Bash receives a signal for which a 14 | # trap has been set while waiting for a command to 15 | # complete, the trap will not be executed until the 16 | # command completes. 17 | # 18 | # This is why we use & and wait here. Idea taken from: 19 | # http://veithen.github.io/2014/11/16/sigterm-propagation.html 20 | PID=$! 21 | wait $PID 22 | -------------------------------------------------------------------------------- /templates/startup.sh.j2: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | {% if startup_sleeplock|bool %} 4 | echo "Waiting for galaxy-init" 5 | # Wait until the $SLEEPLOCK_FILE existis in the /export folder. 6 | # Can be disabled by NONUSE=sleeplock 7 | if [[ $NONUSE != *"sleeplock"* ]] 8 | then 9 | SLEEPLOCK_FILE=${SLEEPLOCK_FILE:-/export/.initdone} 10 | 11 | touch $SLEEPLOCK_FILE 12 | until [ "$(cat $SLEEPLOCK_FILE)" == "done" ] 13 | do 14 | echo "Sleeping another 5s and wait for the galaxy-init container." 15 | sleep 5 16 | done 17 | 18 | echo "Init done" 19 | fi 20 | {% endif %} 21 | 22 | # Migration path for old images that had the tool_deps under /export/galaxy-central/tool_deps/ 23 | 24 | if [ -d "/export/galaxy-central/tool_deps/" ] && [ ! -L "/export/galaxy-central/tool_deps/" ]; then 25 | mkdir -p /export/tool_deps/ 26 | mv /export/galaxy-central/tool_deps /export/ 27 | ln -s /export/tool_deps/ $GALAXY_ROOT/ 28 | fi 29 | 30 | # This is needed for Docker compose to have a unified alias for the main container. 31 | # Modifying /etc/hosts can only happen during runtime not during build-time 32 | echo "127.0.0.1 galaxy" >> /etc/hosts 33 | 34 | # Set number of Galaxy handlers via GALAXY_HANDLER_NUMPROCS or default to 2 35 | ansible localhost -m ini_file -a "dest=/etc/supervisor/conf.d/galaxy.conf section=program:handler option=numprocs value=${GALAXY_HANDLER_NUMPROCS:-2}" &> /dev/null 36 | 37 | # If the Galaxy config file is not in the expected place, copy from the sample 38 | # and hope for the best (that the admin has done all the setup through env vars.) 39 | if [ ! -f $GALAXY_CONFIG_FILE ] 40 | then 41 | # this should succesfully copy either .yml or .ini sample file to the expected location 42 | cp /export/config/galaxy${GALAXY_CONFIG_FILE: -4}.sample $GALAXY_CONFIG_FILE 43 | fi 44 | 45 | # Configure proxy prefix filtering 46 | if [ "x$PROXY_PREFIX" != "x" ] 47 | then 48 | if [ ${GALAXY_CONFIG_FILE: -4} == ".ini" ] 49 | then 50 | ansible localhost -m ini_file -a "dest=${GALAXY_CONFIG_FILE} section=filter:proxy-prefix option=prefix value=${PROXY_PREFIX}" &> /dev/null 51 | ansible localhost -m ini_file -a "dest=${GALAXY_CONFIG_FILE} section=app:main option=filter-with value=proxy-prefix" &> /dev/null 52 | else 53 | ansible localhost -m lineinfile -a "path=${GALAXY_CONFIG_FILE} regexp='^ module:' state=absent" &> /dev/null 54 | ansible localhost -m lineinfile -a "path=${GALAXY_CONFIG_FILE} regexp='^ socket:' state=absent" &> /dev/null 55 | ansible localhost -m lineinfile -a "path=${GALAXY_CONFIG_FILE} regexp='^ mount:' state=absent" &> /dev/null 56 | ansible localhost -m lineinfile -a "path=${GALAXY_CONFIG_FILE} regexp='^ manage-script-name:' state=absent" &> /dev/null 57 | ansible localhost -m lineinfile -a "path=${GALAXY_CONFIG_FILE} insertafter='^uwsgi:' line=' manage-script-name: true'" &> /dev/null 58 | ansible localhost -m lineinfile -a "path=${GALAXY_CONFIG_FILE} insertafter='^uwsgi:' line=' mount: ${PROXY_PREFIX}=galaxy.webapps.galaxy.buildapp:uwsgi_app()'" &> /dev/null 59 | ansible localhost -m lineinfile -a "path=${GALAXY_CONFIG_FILE} insertafter='^uwsgi:' line=' socket: unix:///srv/galaxy/var/uwsgi.sock'" &> /dev/null 60 | 61 | # Also set SCRIPT_NAME. It's not always necessary due to manage-script-name: true in galaxy.yml, but it makes life easier in this container + it does no harm 62 | ansible localhost -m lineinfile -a "path={{ nginx_conf_directory }}/uwsgi.conf regexp='^ uwsgi_param SCRIPT_NAME' state=absent" &> /dev/null 63 | ansible localhost -m lineinfile -a "path={{ nginx_conf_directory }}/uwsgi.conf insertafter='^ include uwsgi_params' line=' uwsgi_param SCRIPT_NAME ${PROXY_PREFIX};'" &> /dev/null 64 | fi 65 | 66 | ansible localhost -m ini_file -a "dest=${GALAXY_CONFIG_DIR}/reports_wsgi.ini section=filter:proxy-prefix option=prefix value=${PROXY_PREFIX}/reports" &> /dev/null 67 | ansible localhost -m ini_file -a "dest=${GALAXY_CONFIG_DIR}/reports_wsgi.ini section=app:main option=filter-with value=proxy-prefix" &> /dev/null 68 | 69 | # Fix path to html assets 70 | ansible localhost -m replace -a "dest=$GALAXY_CONFIG_DIR/web/welcome.html regexp='(href=\"|\')[/\\w]*(/static)' replace='\\1${PROXY_PREFIX}\\2'" &> /dev/null 71 | 72 | # Set some other vars based on that prefix 73 | if [ "x$GALAXY_CONFIG_COOKIE_PATH" == "x" ] 74 | then 75 | export GALAXY_CONFIG_COOKIE_PATH="$PROXY_PREFIX" 76 | fi 77 | if [ "x$GALAXY_CONFIG_DYNAMIC_PROXY_PREFIX" == "x" ] 78 | then 79 | export GALAXY_CONFIG_DYNAMIC_PROXY_PREFIX="$PROXY_PREFIX/gie_proxy" 80 | fi 81 | 82 | # Change the defaults nginx upload/x-accel paths 83 | if [ "$GALAXY_CONFIG_NGINX_UPLOAD_PATH" == "/_upload" ] 84 | then 85 | export GALAXY_CONFIG_NGINX_UPLOAD_PATH="${PROXY_PREFIX}${GALAXY_CONFIG_NGINX_UPLOAD_PATH}" 86 | fi 87 | fi 88 | 89 | # Disable authentication of Galaxy reports 90 | if [ "x$DISABLE_REPORTS_AUTH" != "x" ] 91 | then 92 | # disable authentification 93 | echo "Disable Galaxy reports authentification " 94 | echo "" > {{ nginx_conf_directory }}/reports_auth.conf 95 | else 96 | # enable authentification 97 | echo "Enable Galaxy reports authentification " 98 | cp {{ nginx_conf_directory }}/reports_auth.conf.source {{ nginx_conf_directory }}/reports_auth.conf 99 | fi 100 | 101 | # Try to guess if we are running under --privileged mode 102 | {% if host_docker_legacy|bool %} 103 | if mount | grep "/proc/kcore"; then 104 | PRIVILEGED=false 105 | else 106 | PRIVILEGED=true 107 | fi 108 | {% else %} 109 | # Taken from http://stackoverflow.com/questions/32144575/how-to-know-if-a-docker-container-is-running-in-privileged-mode 110 | ip link add dummy0 type dummy >/dev/null 111 | if [[ $? -eq 0 ]]; then 112 | PRIVILEGED=true 113 | # clean the dummy0 link 114 | ip link delete dummy0 >/dev/null 115 | else 116 | PRIVILEGED=false 117 | fi 118 | {% endif %} 119 | 120 | cd {{ galaxy_server_dir }} 121 | . {{ galaxy_venv_dir }}/bin/activate 122 | 123 | if $PRIVILEGED; then 124 | umount /var/lib/docker 125 | fi 126 | 127 | {% if startup_export_user_files is defined and startup_export_user_files|bool %} 128 | # If /export/ is mounted, export_user_files file moving all data to /export/ 129 | # symlinks will point from the original location to the new path under /export/ 130 | # If /export/ is not given, nothing will happen in that step 131 | echo "Checking /export..." 132 | python /usr/local/bin/export_user_files.py $PG_DATA_DIR_DEFAULT 133 | {% endif %} 134 | 135 | # Enable loading of dependencies on startup. Such as LDAP. 136 | # Adapted from galaxyproject/galaxy/scripts/common_startup.sh 137 | if [[ "x$LOAD_GALAXY_CONDITIONAL_DEPENDENCIES" != "x" ]] 138 | then 139 | echo "Installing optional dependencies in galaxy virtual environment..." 140 | : ${GALAXY_WHEELS_INDEX_URL:="https://wheels.galaxyproject.org/simple"} 141 | GALAXY_CONDITIONAL_DEPENDENCIES=$(PYTHONPATH=lib python -c "import galaxy.dependencies; print '\n'.join(galaxy.dependencies.optional('$GALAXY_CONFIG_FILE'))") 142 | [ -z "$GALAXY_CONDITIONAL_DEPENDENCIES" ] || echo "$GALAXY_CONDITIONAL_DEPENDENCIES" | pip install -q -r /dev/stdin --index-url "${GALAXY_WHEELS_INDEX_URL}" --extra-index-url https://pypi.python.org/simple 143 | fi 144 | 145 | if [[ "x$LOAD_GALAXY_CONDITIONAL_DEPENDENCIES" != "x" ]] && [[ "x$LOAD_PYTHON_DEV_DEPENDENCIES" != "x" ]] 146 | then 147 | echo "Installing development requirements in galaxy virtual environment..." 148 | : ${GALAXY_WHEELS_INDEX_URL:="https://wheels.galaxyproject.org/simple"} 149 | dev_requirements='./lib/galaxy/dependencies/dev-requirements.txt' 150 | [ -f $dev_requirements ] && pip install -q -r $dev_requirements --index-url "${GALAXY_WHEELS_INDEX_URL}" --extra-index-url https://pypi.python.org/simple 151 | fi 152 | 153 | # Enable Test Tool Shed 154 | if [ "x$ENABLE_TTS_INSTALL" != "x" ] 155 | then 156 | echo "Enable installation from the Test Tool Shed." 157 | export GALAXY_CONFIG_TOOL_SHEDS_CONFIG_FILE=$GALAXY_HOME/tool_sheds_conf.xml 158 | fi 159 | 160 | # Remove all default tools from Galaxy by default 161 | if [ "x$BARE" != "x" ] 162 | then 163 | echo "Remove all tools from the tool_conf.xml file." 164 | export GALAXY_CONFIG_TOOL_CONFIG_FILE=config/shed_tool_conf.xml,$GALAXY_ROOT/test/functional/tools/upload_tool_conf.xml 165 | fi 166 | 167 | # If auto installing conda envs, make sure bcftools is installed for __set_metadata__ tool 168 | if [ "x$GALAXY_CONFIG_CONDA_AUTO_INSTALL" != "x" ] 169 | then 170 | if [ ! -d "/tool_deps/_conda/envs/__bcftools@1.5" ]; then 171 | su $GALAXY_USER -c "/tool_deps/_conda/bin/conda create -y --override-channels --channel iuc --channel conda-forge --channel bioconda --channel defaults --name __bcftools@1.5 bcftools=1.5" 172 | su $GALAXY_USER -c "/tool_deps/_conda/bin/conda clean --tarballs --yes" 173 | fi 174 | fi 175 | 176 | {% if galaxy_extras_config_postgres|bool %} 177 | if [[ $NONUSE != *"postgres"* ]] 178 | then 179 | # Backward compatibility for exported postgresql directories before version 15.08. 180 | # In previous versions postgres has the UID/GID of 102/106. We changed this in 181 | # https://github.com/bgruening/docker-galaxy-stable/pull/71 to GALAXY_POSTGRES_UID=1550 and 182 | # GALAXY_POSTGRES_GID=1550 183 | if [ -e /export/postgresql/ ]; 184 | then 185 | if [ `stat -c %g /export/postgresql/` == "106" ]; 186 | then 187 | chown -R postgres:postgres /export/postgresql/ 188 | fi 189 | fi 190 | fi 191 | {% endif %} 192 | 193 | 194 | {% if galaxy_extras_config_condor|bool %} 195 | if [ "x$ENABLE_CONDOR" != "x" ] 196 | then 197 | if [ "x$CONDOR_HOST" != "x" ] 198 | then 199 | echo "Enabling Condor with external scheduler at $CONDOR_HOST" 200 | echo "# Config generated by startup.sh 201 | CONDOR_HOST = $CONDOR_HOST 202 | ALLOW_ADMINISTRATOR = * 203 | ALLOW_OWNER = * 204 | ALLOW_READ = * 205 | ALLOW_WRITE = * 206 | ALLOW_CLIENT = * 207 | ALLOW_NEGOTIATOR = * 208 | DAEMON_LIST = MASTER, SCHEDD 209 | UID_DOMAIN = galaxy 210 | DISCARD_SESSION_KEYRING_ON_STARTUP = False 211 | TRUST_UID_DOMAIN = true" > /etc/condor/condor_config.local 212 | fi 213 | 214 | if [ -e /export/condor_config ] 215 | then 216 | echo "Replacing Condor config by locally supplied config from /export/condor_config" 217 | rm -f /etc/condor/condor_config 218 | ln -s /export/condor_config /etc/condor/condor_config 219 | fi 220 | fi 221 | {% endif %} 222 | 223 | 224 | {% if startup_chown_on_directory is defined and startup_chown_on_directory|bool %} 225 | if [ -e {{ startup_chown_on_directory }} ]; 226 | then 227 | old_uid=`stat -c '%u' "{{ galaxy_home_dir }}"` 228 | old_gid=`stat -c '%g' "{{ galaxy_home_dir }}"` 229 | old_perms="$old_uid:$old_gid" 230 | 231 | source_uid=`stat -c '%u' "{{ startup_chown_on_directory }}"` 232 | source_gid=`stat -c '%g' "{{ startup_chown_on_directory }}"` 233 | source_perms="$source_uid:$source_gid" 234 | 235 | deluser {{ galaxy_user_name }} 236 | groupadd -r {{ galaxy_user_name }} -g $source_gid 237 | useradd -u $source_uid -r -g {{ galaxy_user_name }} -d "{{ galaxy_home_dir }}" -c "Galaxy User" {{ galaxy_user_name }} -s /bin/bash 238 | echo {{ galaxy_user_name }} | passwd {{ galaxy_user_name }} --stdin 239 | 240 | for target_path in /opt /home /tmp/slurm; 241 | do 242 | chown --from=$old_perms -R $source_perms $target_path 243 | done 244 | fi 245 | {% endif %} 246 | 247 | 248 | # Copy or link the slurm/munge config files 249 | if [ -e /export/slurm.conf ] 250 | then 251 | rm -f /etc/slurm-llnl/slurm.conf 252 | ln -s /export/slurm.conf /etc/slurm-llnl/slurm.conf 253 | else 254 | # Configure SLURM with runtime hostname. 255 | # Use absolute path to python so virtualenv is not used. 256 | /usr/bin/python /usr/sbin/configure_slurm.py 257 | fi 258 | if [ -e /export/munge.key ] 259 | then 260 | rm -f /etc/munge/munge.key 261 | ln -s /export/munge.key /etc/munge/munge.key 262 | chmod 400 /export/munge.key 263 | fi 264 | 265 | # link the gridengine config file 266 | if [ -e /export/act_qmaster ] 267 | then 268 | rm -f /var/lib/gridengine/default/common/act_qmaster 269 | ln -s /export/act_qmaster /var/lib/gridengine/default/common/act_qmaster 270 | fi 271 | 272 | # Waits until postgres is ready 273 | function wait_for_postgres { 274 | echo "Checking if database is up and running" 275 | until /usr/local/bin/check_database.py 2>&1 >/dev/null; do sleep 1; echo "Waiting for database"; done 276 | echo "Database connected" 277 | } 278 | 279 | # $NONUSE can be set to include cron, proftp, reports or nodejs 280 | # if included we will _not_ start these services. 281 | function start_supervisor { 282 | supervisord -c /etc/supervisor/supervisord.conf 283 | sleep 5 284 | {% if supervisor_manage_postgres|bool and not supervisor_postgres_autostart|bool %} 285 | if [[ $NONUSE != *"postgres"* ]] 286 | then 287 | echo "Starting postgres" 288 | supervisorctl start postgresql 289 | fi 290 | {% endif %} 291 | wait_for_postgres 292 | 293 | # Make sure the database is automatically updated 294 | if [ "x$GALAXY_AUTO_UPDATE_DB" != "x" ] 295 | then 296 | echo "Updating Galaxy database" 297 | sh manage_db.sh -c /etc/galaxy/galaxy.yml upgrade 298 | fi 299 | 300 | {% if supervisor_manage_cron|bool %} 301 | if [[ $NONUSE != *"cron"* ]] 302 | then 303 | echo "Starting cron" 304 | supervisorctl start cron 305 | fi 306 | {% endif %} 307 | {% if supervisor_manage_proftp|bool %} 308 | if [[ $NONUSE != *"proftp"* ]] 309 | then 310 | echo "Starting ProFTP" 311 | supervisorctl start proftpd 312 | fi 313 | {% endif %} 314 | {% if supervisor_manage_reports|bool %} 315 | if [[ $NONUSE != *"reports"* ]] 316 | then 317 | echo "Starting Galaxy reports webapp" 318 | supervisorctl start reports 319 | fi 320 | {% endif %} 321 | {% if supervisor_manage_ie_proxy|bool %} 322 | if [[ $NONUSE != *"nodejs"* ]] 323 | then 324 | echo "Starting nodejs" 325 | supervisorctl start galaxy:galaxy_nodejs_proxy 326 | fi 327 | {% endif %} 328 | {% if supervisor_manage_condor|bool %} 329 | if [[ $NONUSE != *"condor"* ]] 330 | then 331 | echo "Starting condor" 332 | supervisorctl start condor 333 | fi 334 | {% endif %} 335 | 336 | 337 | {% if supervisor_manage_slurm|bool %} 338 | if [[ $NONUSE != *"slurmctld"* ]] 339 | then 340 | echo "Starting slurmctld" 341 | supervisorctl start slurmctld 342 | fi 343 | if [[ $NONUSE != *"slurmd"* ]] 344 | then 345 | echo "Starting slurmd" 346 | supervisorctl start slurmd 347 | fi 348 | supervisorctl start munge 349 | 350 | {% else %} 351 | if [[ $NONUSE != *"slurmctld"* ]] 352 | then 353 | echo "Starting slurmctld" 354 | /usr/sbin/slurmctld -L {{ slurm_log_dir }}/slurmctld.log 355 | fi 356 | if [[ $NONUSE != *"slurmd"* ]] 357 | then 358 | echo "Starting slurmd" 359 | /usr/sbin/slurmd -L {{ slurm_log_dir }}/slurmd.log 360 | fi 361 | 362 | # We need to run munged regardless 363 | mkdir -p /var/run/munge && /usr/sbin/munged -f 364 | 365 | {% endif %} 366 | } 367 | 368 | {% if galaxy_extras_config_postgres|bool %} 369 | if [[ $NONUSE != *"postgres"* ]] 370 | then 371 | # Change the data_directory of postgresql in the main config file 372 | ansible localhost -m lineinfile -a "line='data_directory = \'$PG_DATA_DIR_HOST\'' dest=$PG_CONF_DIR_DEFAULT/postgresql.conf backup=yes state=present regexp='data_directory'" &> /dev/null 373 | fi 374 | {% endif %} 375 | 376 | if $PRIVILEGED; then 377 | echo "Enable Galaxy Interactive Environments." 378 | export GALAXY_CONFIG_INTERACTIVE_ENVIRONMENT_PLUGINS_DIRECTORY="config/plugins/interactive_environments" 379 | if [ x$DOCKER_PARENT == "x" ]; then 380 | #build the docker in docker environment 381 | bash /root/cgroupfs_mount.sh 382 | start_supervisor 383 | supervisorctl start docker 384 | else 385 | #inheriting /var/run/docker.sock from parent, assume that you need to 386 | #run docker with sudo to validate 387 | echo "{{ galaxy_user_name }} ALL = NOPASSWD : ALL" >> /etc/sudoers 388 | start_supervisor 389 | fi 390 | if [ "x$PULL_IE_IMAGES" != "x" ]; then 391 | echo "About to pull IE images. Depending on the size, this may take a while!" 392 | {% if galaxy_extras_ie_fetch_jupyter|bool %} 393 | docker pull {{ galaxy_extras_ie_jupyter_image }} 394 | {% endif %} 395 | {% if galaxy_extras_ie_fetch_rstudio|bool %} 396 | docker pull {{ galaxy_extras_ie_rstudio_image }} 397 | {% endif %} 398 | {% if galaxy_extras_ie_fetch_ethercalc|bool %} 399 | docker pull {{ galaxy_extras_ie_ethercalc_image }} 400 | {% endif %} 401 | {% if galaxy_extras_ie_fetch_phinch|bool %} 402 | docker pull {{ galaxy_extras_ie_phinch_image }} 403 | {% endif %} 404 | {% if galaxy_extras_ie_fetch_neo|bool %} 405 | docker pull {{ galaxy_extras_ie_neo_image }} 406 | {% endif %} 407 | fi 408 | 409 | # in privileged mode autofs and CVMFS is available 410 | # install autofs 411 | echo "Installing autofs to enable automatic CVMFS mounts" 412 | apt-get install autofs --no-install-recommends -y 413 | apt-get autoremove -y && apt-get clean && rm -rf /var/lib/apt/lists/* 414 | else 415 | echo "Disable Galaxy Interactive Environments. Start with --privileged to enable IE's." 416 | export GALAXY_CONFIG_INTERACTIVE_ENVIRONMENT_PLUGINS_DIRECTORY="" 417 | start_supervisor 418 | fi 419 | 420 | if [ "$USE_HTTPS_LETSENCRYPT" != "False" ] 421 | then 422 | echo "Settting up letsencrypt" 423 | ansible-playbook -c local /ansible/provision.yml \ 424 | --extra-vars gather_facts=False \ 425 | --extra-vars galaxy_extras_config_ssl=True \ 426 | --extra-vars galaxy_extras_config_ssl_method=letsencrypt \ 427 | --extra-vars galaxy_extras_galaxy_domain="GALAXY_CONFIG_GALAXY_INFRASTRUCTURE_URL" \ 428 | --extra-vars galaxy_extras_config_nginx_upload=False \ 429 | --tags https 430 | fi 431 | if [ "$USE_HTTPS" != "False" ] 432 | then 433 | if [ -f /export/server.key -a -f /export/server.crt ] 434 | then 435 | echo "Copying SSL keys" 436 | ansible-playbook -c local /ansible/provision.yml \ 437 | --extra-vars gather_facts=False \ 438 | --extra-vars galaxy_extras_config_ssl=True \ 439 | --extra-vars galaxy_extras_config_ssl_method=own \ 440 | --extra-vars src_nginx_ssl_certificate_key=/export/server.key \ 441 | --extra-vars src_nginx_ssl_certificate=/export/server.crt \ 442 | --extra-vars galaxy_extras_config_nginx_upload=False \ 443 | --tags https 444 | else 445 | echo "Setting up self-signed SSL keys" 446 | ansible-playbook -c local /ansible/provision.yml \ 447 | --extra-vars gather_facts=False \ 448 | --extra-vars galaxy_extras_config_ssl=True \ 449 | --extra-vars galaxy_extras_config_ssl_method=self-signed \ 450 | --extra-vars galaxy_extras_config_nginx_upload=False \ 451 | --tags https 452 | fi 453 | fi 454 | 455 | # In case the user wants the default admin to be created, do so. 456 | if [ "x$GALAXY_DEFAULT_ADMIN_USER" != "x" ] 457 | then 458 | echo "Creating admin user $GALAXY_DEFAULT_ADMIN_USER with key $GALAXY_DEFAULT_ADMIN_KEY and password $GALAXY_DEFAULT_ADMIN_PASSWORD if not existing" 459 | python /usr/local/bin/create_galaxy_user.py --user "$GALAXY_DEFAULT_ADMIN_EMAIL" --password "$GALAXY_DEFAULT_ADMIN_PASSWORD" \ 460 | -c "$GALAXY_CONFIG_FILE" --username "$GALAXY_DEFAULT_ADMIN_USER" --key "$GALAXY_DEFAULT_ADMIN_KEY" 461 | # If there is a need to execute actions that would require a live galaxy instance, such as adding workflows, setting quotas, adding more users, etc. 462 | # then place a file with that logic named post-start-actions.sh on the /export/ directory, it should have access to all environment variables 463 | # visible here. 464 | # The file needs to be executable (chmod a+x post-start-actions.sh) 465 | if [ -x /export/post-start-actions.sh ] 466 | then 467 | # uses ephemeris, present in docker-galaxy-stable, to wait for the local instance 468 | galaxy-wait -g http://127.0.0.1 -v --timeout 120 > {{ galaxy_log_dir }}/post-start-actions.log && 469 | /export/post-start-actions.sh >> {{ galaxy_log_dir }}/post-start-actions.log & 470 | fi 471 | fi 472 | 473 | # Reinstall tools if the user want to 474 | if [ "x$GALAXY_AUTO_UPDATE_TOOLS" != "x" ] 475 | then 476 | galaxy-wait -g http://127.0.0.1 -v --timeout 120 > /home/galaxy/logs/post-start-actions.log && 477 | OLDIFS=$IFS 478 | IFS=',' 479 | for TOOL_YML in `echo "$GALAXY_AUTO_UPDATE_TOOLS"` 480 | do 481 | echo "Installing tools from $TOOL_YML" 482 | shed-tools install -g "http://127.0.0.1" -a "$GALAXY_DEFAULT_ADMIN_KEY" -t "$TOOL_YML" 483 | /tool_deps/_conda/bin/conda clean --tarballs --yes 484 | done 485 | IFS=$OLDIFS 486 | fi 487 | 488 | # migrate custom IEs or Visualisations (Galaxy plugins) 489 | # this is needed for by the new client build system 490 | python3 ${GALAXY_ROOT}/scripts/plugin_staging.py 491 | 492 | # Enable verbose output 493 | if [ `echo ${GALAXY_LOGGING:-'no'} | tr [:upper:] [:lower:]` = "full" ] 494 | then 495 | tail -f /var/log/supervisor/* /var/log/nginx/* {{ galaxy_log_dir }}/*.log 496 | else 497 | tail -f {{ galaxy_log_dir }}/*.log 498 | fi 499 | -------------------------------------------------------------------------------- /templates/startup_lite.sh.j2: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | cd $GALAXY_ROOT 4 | 5 | export GALAXY_CONFIG_STATIC_ENABLED=True 6 | export GALAXY_CONFIG_ALLOW_LIBRARY_PATH_PASTE=True 7 | unset GALAXY_CONFIG_NGINX_UPLOAD_STORE 8 | unset GALAXY_CONFIG_NGINX_UPLOAD_PATH 9 | 10 | # The lite mode can be useful to populate data libraries. 11 | # To make this work it is needed to unset the following variables 12 | unset GALAXY_CONFIG_JOB_WORKING_DIRECTORY 13 | unset GALAXY_CONFIG_FILE_PATH 14 | unset GALAXY_CONFIG_NEW_FILE_PATH 15 | unset GALAXY_CONFIG_TEMPLATE_CACHE_PATH 16 | unset GALAXY_CONFIG_CITATION_CACHE_DATA_DIR 17 | unset GALAXY_CONFIG_CLUSTER_FILES_DIRECTORY 18 | unset GALAXY_CONFIG_FTP_UPLOAD_DIR 19 | unset GALAXY_CONFIG_INTEGRATED_TOOL_PANEL_CONFIG 20 | 21 | JOB_CONF=$GALAXY_ROOT/config/job_conf.xml.sample_basic 22 | 23 | while getopts "j" opt; do 24 | case $opt in 25 | j) 26 | #if they pass -j, don't override the job config file 27 | JOB_CONF=$GALAXY_CONFIG_JOB_CONFIG_FILE 28 | ;; 29 | \?) 30 | echo "Invalid option: -$OPTARG" >&2 31 | ;; 32 | esac 33 | done 34 | 35 | export GALAXY_CONFIG_JOB_CONFIG_FILE=$JOB_CONF 36 | 37 | service postgresql start 38 | 39 | . {{ galaxy_venv_dir }}/bin/activate 40 | 41 | echo "Checking if database is up and running" 42 | until /usr/local/bin/check_database.py 2>&1 >/dev/null; do sleep 1; echo "Waiting for database"; done 43 | echo "Database connected" 44 | 45 | ./run.sh -d galaxy_startup_lite.log --pidfile galaxy_startup_lite.pid --http-timeout 3000 46 | -------------------------------------------------------------------------------- /templates/supervisor.conf.j2: -------------------------------------------------------------------------------- 1 | [supervisord] 2 | nodaemon=false 3 | 4 | {% if supervisor_webserver|bool %} 5 | [inet_http_server] 6 | port={{ supervisor_webserver_port }} 7 | {% if supervisor_webserver_username|bool %} 8 | username={{ supervisor_webserver_username }} 9 | password={{ supervisor_webserver_password }} 10 | {% endif %} 11 | {% endif %} 12 | 13 | {% if supervisor_manage_cron|bool %} 14 | [program:cron] 15 | user = root 16 | command = /usr/sbin/cron -f 17 | autostart = {{ supervisor_cron_autostart }} 18 | autorestart = true 19 | {% endif %} 20 | 21 | {% if supervisor_manage_autofs|bool %} 22 | [program:autofs] 23 | user = root 24 | command = /usr/sbin/automount -f 25 | autostart = {{ supervisor_autofs_autostart }} 26 | autorestart = true 27 | redirect_stderr = true 28 | stdout_logfile = /var/log/autofs.log 29 | {% endif %} 30 | 31 | {% if supervisor_manage_slurm|bool %} 32 | [program:munge] 33 | user=root 34 | # In VMs the chown seems to be needed, in containers the mkdir. 35 | command=/bin/bash -c "mkdir -p /var/run/munge && chown -R root:root /var/run/munge && /usr/sbin/munged -f -F" 36 | redirect_stderr = true 37 | priority = 100 38 | stopasgroup = true 39 | 40 | [program:slurmctld] 41 | user=root 42 | command=/bin/bash -c "/usr/bin/python /usr/sbin/configure_slurm.py && /usr/sbin/slurmctld -D -L {{supervisor_slurm_config_dir}}/slurmctld.log" 43 | redirect_stderr=true 44 | autostart = {{ supervisor_slurm_autostart }} 45 | autorestart = true 46 | priority = 200 47 | stopasgroup = true 48 | 49 | [program:slurmd] 50 | user=root 51 | command=/usr/sbin/slurmd -D -L {{supervisor_slurm_config_dir}}/slurmd.log 52 | autostart = {{ supervisor_slurm_autostart }} 53 | redirect_stderr = true 54 | autorestart = true 55 | priority = 300 56 | {% endif %} 57 | 58 | {% if galaxy_extras_config_condor|bool %} 59 | [program:condor] 60 | user=root 61 | command=condor_master -f -t 62 | redirect_stderr = true 63 | autostart = {{ supervisor_condor_autostart }} 64 | autorestart = true 65 | priority = 100 66 | {% endif %} 67 | 68 | 69 | {% if supervisor_manage_postgres|bool %} 70 | {% if ansible_virtualization_type != "docker" %} 71 | [program:pre_postgresql] 72 | user = root 73 | startsecs = 0 74 | command = /bin/bash -c "install -d -m 2775 -o postgres -g postgres /var/run/postgresql" 75 | {% endif %} 76 | 77 | [program:postgresql] 78 | user = postgres 79 | command = /usr/lib/postgresql/{{ postgresql_version }}/bin/postmaster {{ supervisor_postgres_options }} 80 | process_name = %(program_name)s 81 | stopsignal = INT 82 | autostart = {{ supervisor_postgres_autostart }} 83 | autorestart = true 84 | redirect_stderr = true 85 | priority = 100 86 | {% endif %} 87 | 88 | {% if supervisor_manage_proftp|bool %} 89 | [program:proftpd] 90 | {% if proftpd_nat_masquerade %} 91 | command = bash -c " export MASQUERADE_ADDRESS={{ proftpd_masquerade_address }} && /usr/sbin/proftpd -n -c {{proftpd_conf_path}}" 92 | {% else %} 93 | command = /usr/sbin/proftpd -n -c {{proftpd_conf_path}} 94 | {% endif %} 95 | autostart = {{ supervisor_proftpd_autostart }} 96 | autorestart = true 97 | stopasgroup = true 98 | killasgroup = true 99 | {% endif %} 100 | 101 | {% if supervisor_manage_nginx|bool %} 102 | [program:nginx] 103 | command = /usr/sbin/nginx 104 | directory = / 105 | umask = 022 106 | autostart = true 107 | autorestart = unexpected 108 | startsecs = 5 109 | exitcodes = 0 110 | user = root 111 | priority = 200 112 | {% endif %} 113 | 114 | [program:galaxy_web] 115 | {% if galaxy_uwsgi|bool %} 116 | {% if galaxy_uwsgi_static_conf|bool %} 117 | command = {{ galaxy_venv_dir }}/bin/uwsgi --virtualenv {{ galaxy_venv_dir }} --{{ galaxy_config_style }} {{ galaxy_config_file }} --logdate --thunder-lock --master --processes {{ galaxy_web_processes }} --threads {{ uwsgi_threads }} --logto {{ uwsgi_log }} --socket 127.0.0.1:{{ uwsgi_port }} --pythonpath lib --stats 127.0.0.1:9191 -b 16384 118 | {% if galaxy_mule_handlers|bool %} 119 | {%- for i in range(galaxy_handler_processes) %} 120 | --mule=lib/galaxy/main.py 121 | {%- endfor %} 122 | --farm=job-handlers:{{ range(1, galaxy_handler_processes + 1) | join(',') }} 123 | {% endif %} 124 | {% else %} 125 | command = {{ galaxy_venv_dir }}/bin/uwsgi --virtualenv {{ galaxy_venv_dir }} --{{ galaxy_config_style }} {{ galaxy_config_file }} --logdate --thunder-lock --master --processes %(ENV_UWSGI_PROCESSES)s --threads %(ENV_UWSGI_THREADS)s --logto {{ uwsgi_log }} --socket 127.0.0.1:{{ uwsgi_port }} --pythonpath lib --stats 127.0.0.1:9191 -b 16384 126 | {% endif %} 127 | directory = {{ galaxy_server_dir }} 128 | umask = 022 129 | autostart = true 130 | autorestart = true 131 | startsecs = {{ supervisor_galaxy_startsecs }} 132 | user = {{ galaxy_user_name }} 133 | environment = PATH={{ galaxy_venv_dir }}:{{ galaxy_venv_dir }}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 134 | numprocs = 1 135 | stopsignal = QUIT 136 | startretries = {{ supervisor_galaxy_startretries }} 137 | {% else %} 138 | # template cache hack https://github.com/galaxyproject/planemo-machine/issues/38 139 | command = /bin/bash -c "rm -rf {{ galaxy_server_dir }}/database/template_cache; {{ galaxy_venv_dir }}/bin/python ./scripts/paster.py serve {{ galaxy_config_file }} --server-name=web%(process_num)s --pid-file={{ galaxy_log_dir }}/galaxy_web%(process_num)s.pid --log-file={{ galaxy_log_dir }}/galaxy_web%(process_num)s.log" 140 | directory = {{ galaxy_server_dir }} 141 | process_name = web%(process_num)s 142 | numprocs = {{ galaxy_web_processes }} 143 | umask = 022 144 | autostart = true 145 | autorestart = true 146 | startsecs = {{ supervisor_galaxy_startsecs }} 147 | user = {{ galaxy_user_name }} 148 | environment = PATH={{ galaxy_venv_dir }}:{{ galaxy_venv_dir }}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 149 | startretries = {{ supervisor_galaxy_startretries }} 150 | # needed for bash wrapper 151 | stopasgroup = true 152 | {% endif %} 153 | 154 | {% if not galaxy_mule_handlers|bool %} 155 | [program:handler] 156 | {% if not galaxy_paste_handlers|bool %} 157 | command = {{ galaxy_venv_dir }}/bin/python ./lib/galaxy/main.py -c {{ galaxy_config_file }} --server-name=handler%(process_num)s --log-file={{ galaxy_log_dir }}/handler%(process_num)s.log 158 | {% else %} 159 | command = {{ galaxy_venv_dir }}/bin/python ./scripts/paster.py serve {{ galaxy_config_file }} --server-name=handler%(process_num)s --pid-file={{ galaxy_log_dir }}/handler%(process_num)s.pid --log-file={{ galaxy_log_dir }}/handler%(process_num)s.log 160 | {% endif %} 161 | directory = {{ galaxy_server_dir }} 162 | process_name = handler%(process_num)s 163 | numprocs = {{ galaxy_handler_processes }} 164 | umask = 022 165 | autostart = true 166 | autorestart = true 167 | startsecs = {{ supervisor_galaxy_startsecs }} 168 | user = {{ galaxy_user_name }} 169 | startretries = {{ supervisor_galaxy_startretries }} 170 | {% endif %} 171 | 172 | {% if supervisor_manage_reports|bool %} 173 | [program:reports] 174 | command = {{ galaxy_venv_dir }}/bin/python ./scripts/paster.py serve {{ galaxy_reports_config_file }} --server-name=main --pid-file={{ galaxy_log_dir }}/reports.pid --log-file={{ galaxy_reports_log }} 175 | directory = {{ galaxy_server_dir }} 176 | process_name = reports 177 | umask = 022 178 | autostart = {{ supervisor_reports_autostart }} 179 | autorestart = true 180 | startsecs = {{ supervisor_galaxy_startsecs }} 181 | user = {{ galaxy_user_name }} 182 | startretries = {{ supervisor_galaxy_startretries }} 183 | {% endif %} 184 | 185 | {% if supervisor_manage_toolshed|bool %} 186 | [program:toolshed] 187 | command = {{ galaxy_venv_dir }}/bin/python ./scripts/paster.py serve {{ galaxy_toolshed_config_file }} --server-name=main --pid-file={{ galaxy_log_dir }}/toolshed.pid --log-file={{ galaxy_log_dir }}/toolshed.log 188 | directory = {{ galaxy_server_dir }} 189 | process_name = toolshed 190 | umask = 022 191 | autostart = true 192 | autorestart = true 193 | startsecs = {{ supervisor_galaxy_startsecs }} 194 | user = {{ galaxy_user_name }} 195 | startretries = {{ supervisor_galaxy_startretries }} 196 | {% endif %} 197 | 198 | {% if supervisor_manage_ie_proxy|bool %} 199 | [program:galaxy_nodejs_proxy] 200 | directory = {{ galaxy_server_dir }} 201 | command = {{ galaxy_server_dir }}/lib/galaxy/web/proxy/js/lib/main.js --sessions database/session_map.sqlite --ip 0.0.0.0 --port 8800 202 | autostart = {{ supervisor_ie_proxy_autostart }} 203 | autorestart = unexpected 204 | user = {{ galaxy_user_name }} 205 | environment = PATH={{ galaxy_venv_dir }}/bin:%(ENV_PATH)s 206 | startsecs = 5 207 | redirect_stderr = true 208 | {% endif %} 209 | 210 | {% if supervisor_manage_docker|bool %} 211 | [program:docker] 212 | directory = / 213 | {% if galaxy_extras_docker_legacy|bool %} 214 | command = /usr/bin/docker daemon --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 -s {{ galaxy_extras_docker_storage_backend }} 215 | {% else %} 216 | command = /usr/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 -s {{ galaxy_extras_docker_storage_backend }} 217 | {% endif %} 218 | autostart = {{ supervisor_docker_autostart }} 219 | autorestart = {{ supervisor_docker_autorestart }} 220 | user = root 221 | startsecs = 5 222 | redirect_stderr = true 223 | {% endif %} 224 | 225 | {% if galaxy_extras_config_rabbitmq|bool %} 226 | [program:rabbitmq] 227 | command = /bin/sh /usr/local/bin/rabbitmq.sh 228 | user = root 229 | autostart = true 230 | autorestart = true 231 | {% endif %} 232 | 233 | [group:galaxy] 234 | programs = galaxy_web 235 | {%- if not galaxy_mule_handlers|bool %} 236 | , handler 237 | {%- endif -%} 238 | {%- if supervisor_manage_ie_proxy|bool %} 239 | , galaxy_nodejs_proxy 240 | {%- endif %} 241 | -------------------------------------------------------------------------------- /tests/conditional_deps/auth_conf.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | ldap 5 | '{email}'.endswith('example.com') 6 | 7 | True 8 | True 9 | False 10 | 11 | ldap://dc1.example.com 12 | True 13 | False 14 | 15 | sAMAccountName,mail 16 | dc=dc1,dc=example,dc=com 17 | 18 | (&(objectClass=user)(sAMAccountName={username})) 19 | 20 | ldapsearch@dc1.example.com 21 | SECRETDON'tLoOK!1! 22 | 23 | {sAMAccountName}@dc1.example.com 24 | {password} 25 | {sAMAccountName} 26 | {mail} 27 | 28 | 29 | 30 | 31 | -------------------------------------------------------------------------------- /tests/conditional_deps/test_script.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo "Starting container" 3 | CONTAINER_ID=`docker run -d \ 4 | -e GALAXY_CONFIG_AUTH_CONFIG_FILE=config/auth_conf.xml \ 5 | -e LOAD_GALAXY_CONDITIONAL_DEPENDENCIES=True \ 6 | -v $PWD/tests/conditional_deps/auth_conf.xml:/galaxy-central/config/auth_conf.xml \ 7 | galaxy-docker/test` 8 | docker ps 9 | echo "Waiting for container to load..." 10 | sleep 30 11 | echo "Check auth_conf.xml's presence" 12 | docker exec -u 1450 $CONTAINER_ID cat /galaxy-central/config/auth_conf.xml 13 | echo "Wait some more for the dependency to install" 14 | sleep 30 15 | echo "Testing presence of conditional dependency in virtual environment..." 16 | ldap_installed=`docker exec -u 1450 $CONTAINER_ID \ 17 | /galaxy_venv/bin/pip list --format=columns | grep python-ldap | wc -l` 18 | if [ $ldap_installed == 0 ] 19 | then echo "Conditional dependency not loaded!" && exit 1 20 | else echo "Conditional dependency loaded." 21 | fi 22 | -------------------------------------------------------------------------------- /tests/syntax.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | remote_user: root 4 | roles: 5 | - ansible-galaxy-extras 6 | 7 | --------------------------------------------------------------------------------