-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathgalaxy.yml
192 lines (182 loc) · 6.29 KB
/
galaxy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
---
- hosts: all
name: apt update & pip
become: true
become_user: root
tasks:
- ansible.builtin.apt:
name: python3-pip
update_cache: yes
when: ansible_os_family == 'Debian'
- hosts: dbservers
become: true
become_user: root
pre_tasks:
- name: Install Dependencies
package:
name: ['acl', 'anacron']
roles:
- galaxyproject.postgresql
- role: galaxyproject.postgresql_objects
become: true
become_user: postgres
- hosts: noletsencrypt
become: true
become_user: root
tasks:
- name: Certificate
copy:
src: "{{ nginx_ssl_src_dir }}/{{ nginx_conf_ssl_certificate | basename }}"
dest: "/etc/ssl/cert.pem"
mode: "0644"
- name: RabbitMQ key
copy:
content: "{{ sslkeys[nginx_conf_ssl_certificate_key | basename] }}"
dest: "{{ rabbitmq_conf_ssl_certificate_key }}"
owner: "999"
mode: "0400"
- hosts: galaxyservers
become: true
become_user: root
pre_tasks:
- name: Admin ssh keys
blockinfile:
path: .ssh/authorized_keys
block: "{{ admin_ssh_keys }}"
when: admin_ssh_keys
- name: Install Dependencies
package:
name: ['acl', 'bzip2', 'git', 'make', 'tar', 'python3-bioblend', 'python3-venv', 'python3-setuptools', 'python3-pip', 'python3-psycopg2', 'rsync', 'python3-docker', 'python3-passlib', 'nginx-full', 'logrotate', 'proftpd-mod-ldap', 'ceph-common', 'squashfs-tools', 'krb5-user'] # krb5-user is neccessary only if you need to mount NFS storage
- name: Install RHEL/CentOS/Rocky specific dependencies
package:
name: ['tmpwatch']
when: ansible_os_family == 'RedHat'
- name: Install Debian/Ubuntu specific dependencies
package:
name: ['tmpreaper']
when: ansible_os_family == 'Debian'
- name: Comment out SHOWWARNING line in tmpreaper config
ansible.builtin.lineinfile:
path: /etc/tmpreaper.conf
regexp: "SHOWWARNING="
state: absent
when: ansible_os_family == 'Debian'
- htpasswd:
path: /etc/nginx/passwd
name: admin # Pick a username
password: "{{ vault_reports_admin_password }}" # and a password
owner: www-data # nginx on centos
group: root
mode: 0640
- git:
repo: 'https://github.com/usegalaxy-eu/libraries-training-repo'
dest: /libraries/
# - ansible.builtin.group:
# name: galaxy
# - ansible.builtin.user:
# name: galaxy
# group: galaxy
# comment: Galaxy system user
# - name: Create the data storage directory
# file:
# owner: galaxy
# group: galaxy
# path: "{{ galaxy_mutable_data_dir }}"
# state: directory
# mode: '0755'
# - name: Create the nginx upload job files store
# file:
# owner: www-data
# group: galaxy
# path: "{{ datastore }}/data/_upload_job_files"
# state: directory
# mode: '0775'
# - name: Create the client body temp path
# file:
# owner: www-data
# group: galaxy
# path: "{{ datastore }}/data/nginx_upload_store"
# state: directory
# mode: '0775'
roles:
- galaxyproject.tusd
- usegalaxy_eu.apptainer
- galaxyproject.galaxy
- usegalaxy_eu.tpv_auto_lint
- role: galaxyproject.miniconda
become: true
become_user: "{{ galaxy_user_name }}"
- geerlingguy.redis
- role: usegalaxy_eu.flower
when: enable_flower | bool
- galaxyproject.tiaas2
- galaxyproject.nginx
- galaxyproject.proftpd
- geerlingguy.docker
- usegalaxy_eu.rabbitmqserver
- galaxyproject.gxadmin
- galaxyproject.cvmfs
- role: dj-wasabi.telegraf
when: enable_telegraf | bool
post_tasks:
- name: Adds nginx's www-data user into galaxy user group
ansible.builtin.user:
name: www-data
groups: "{{ galaxy_user_group_name }}"
append: yes
- name: Restart Nginx after changing its user
ansible.builtin.systemd:
state: restarted
name: nginx
- name: Creates entry in crontab "chmod on _files for ngnix access"
ansible.builtin.cron:
name: "chmod on _files for ngnix access"
minute: "2"
hour: "*"
#DEMON: zvazit ci nepouzit find /rbd/data/datasets/*/*/*/dataset_*_files -type f ! -perm /g+rw -exec chmod g+rw '{}' ';'
job: "/usr/bin/find {{ galaxy_config.galaxy.file_path }}/*/*/*/dataset_*_files -type d -mmin -180 -maxdepth 0 -exec chmod -R g+rw '{}' ';'"
become: yes
become_user: "{{ galaxy_user_name }}"
- name: Setup gxadmin cleanup task
ansible.builtin.cron:
name: "Cleanup Old User Data"
user: galaxy # Run as the Galaxy user
minute: "0"
hour: "0"
job: "GALAXY_LOG_DIR=/tmp/gxadmin/ GALAXY_ROOT={{ galaxy_root }}/server /usr/local/bin/gxadmin galaxy cleanup 60"
- name: Setup user - group association rutine
ansible.builtin.cron:
name: "Add E-infra users to E-infra group"
user: postgres # Run as the postgres user
minute: "0"
hour: "*"
job: "python3 {{ playbook_dir }}/extra_scripts/add_group_users.py {{ inventory_hostname }} {{ api_key }}"
# - name: Setup CVMFS cache cleaning
# ansible.builtin.cron:
# name: "CVMFS cache cleaning"
# user: root
# minute: "0"
# hour: "*/12"
# job: "cvmfs_talk -i singularity.galaxyproject.org cleanup {{ cvmfs_quota_limit }}"
- name: RE Galaxy instance patch in lib/galaxy/webapps/galaxy/api/job_files.py
replace:
path: "{{ galaxy_root }}/server/lib/galaxy/webapps/galaxy/api/job_files.py"
regexp: '^(\s*?)shutil\.move\(input_file\.name,\s*path\)\s*$'
replace: '\1os.chmod(shutil.move(input_file.name, path), 0o664)'
- name: Add lines to logrotate config of ProFTPd
lineinfile:
path: /etc/logrotate.d/proftpd-core
line: '{{ item }}'
insertbefore: BOF
with_items:
- /var/log/proftpd/tls.log
- /var/log/proftpd/sql.log
- name: Add pulsar public ssh key
ansible.posix.authorized_key:
user: galaxy
state: present
key: "{{ lookup('file','files/{{ inventory_hostname }}/pulsar.pub') }}"
- name: Restart galaxy
become: true
become_user: root
ansible.builtin.command: galaxyctl restart