Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Galaxy servers playbook #1053

Draft
wants to merge 15 commits into
base: master
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from 13 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
131 changes: 29 additions & 102 deletions sn06.yml → galaxy.yml
Original file line number Diff line number Diff line change
@@ -1,50 +1,8 @@
---
- name: UseGalaxy.eu
hosts: sn06
- name: Configure Galaxy servers
hosts: galaxy:!sn06.galaxyproject.eu
become: true
become_user: root
vars:
# The full internal name.
hostname: sn06.galaxyproject.eu
# The nginx user needed into the galaxyproject.nginx role
nginx_conf_user: galaxy
# This server has multiple CNAMEs that are important. Additionally it
# provides proxying for many of the other services run by Galaxy Europe.
# These server_names are passed to certbot. They generally should not need
# to be updated unless you add a new domain. They *only* work with the
# route53 provider, so if we want to do usegalaxy.xy, it may require
# refactoring / multiple certbot runs.
#
#
# The best way to expand them is to run the playbook, it will leave a message with the command it would have run (look for `skipped, since /etc/letsencrypt/renewal/usegalaxy.eu.conf exists`)
#
# Then take this command to the command line (root@sn04) and run it with `--expand`. E.g. (DO NOT COPY PASTE (in case the config changes))
#
# $ /opt/certbot/bin/certbot certonly --non-interactive --dns-route53 \
# -m [email protected] --agree-tos -d 'usegalaxy.eu,*.usegalaxy.eu,galaxyproject.eu,*.galaxyproject.eu,*.interactivetoolentrypoint.interactivetool.usegalaxy.eu,*.interactivetoolentrypoint.interactivetool.live.usegalaxy.eu,*.interactivetoolentrypoint.interactivetool.test.usegalaxy.eu' --expand
# Saving debug log to /var/log/letsencrypt/letsencrypt.log
# Credentials found in config file: ~/.aws/config
# ....
# IMPORTANT NOTES:
# - Congratulations! Your certificate and chain have been saved at:
#
# And you're done expanding the certs.
#
# The nginx user needed into the galaxyproject.nginx role
server_names:
- "usegalaxy.eu"
- "*.usegalaxy.eu"
- "galaxyproject.eu"
- "*.galaxyproject.eu"
- "*.interactivetoolentrypoint.interactivetool.usegalaxy.eu"
- "*.interactivetoolentrypoint.interactivetool.live.usegalaxy.eu"
- "*.interactivetoolentrypoint.interactivetool.test.usegalaxy.eu"
- "*.aqua.usegalaxy.eu"
- "*.interactivetoolentrypoint.interactivetool.aqua.usegalaxy.eu"
- "*.ecology.usegalaxy.eu"
- "*.interactivetoolentrypoint.interactivetool.ecology.usegalaxy.eu"
- "*.earth-system.usegalaxy.eu"
- "*.interactivetoolentrypoint.interactivetool.earth-system.usegalaxy.eu"
vars_files:
- group_vars/tiaas.yml # All of the training infrastructure
- group_vars/gxconfig.yml # The base galaxy configuration
Expand All @@ -63,68 +21,38 @@
- mounts/mountpoints.yml
handlers:
- name: Restart Galaxy
shell: |
cd /opt/galaxy/ && source /opt/galaxy/.bashrc && /usr/bin/gxadmin gunicorn handler-restart && sudo -u galaxy /usr/bin/galaxy-sync-to-nfs && systemctl restart galaxy-handler@* && systemctl restart galaxy-workflow-scheduler@*
shell:
chdir: /opt/galaxy
cmd: |
source /opt/galaxy/.bashrc && \
/usr/bin/gxadmin gunicorn handler-restart && \
sudo -u galaxy /usr/bin/galaxy-sync-to-nfs && \
systemctl restart galaxy-handler@* && \
systemctl restart galaxy-workflow-scheduler@*
listen: "restart galaxy"
pre_tasks:
- name: Install Dependencies
package:
# TODO: Use usegalaxy_eu.packages to manage role dependencies.
- name: Install dependencies.
ansible.builtin.package:
name:
[
"git",
"postgresql",
"python3-psycopg2",
"python3-virtualenv",
"bc",
"python38",
"python38-devel",
]
become: true
- git
- postgresql
- python3-psycopg2
- python3-virtualenv
- bc
- python38
- python38-devel
state: present

- name: Set default version of Python
alternatives:
name: python
path: /usr/bin/python3

- name: Disable SELinux
selinux:
state: disabled
- name: Inject custom Pulsar build in the Galaxy requirements file (HTCondor migration).
# This Pulsar build makes the `condor_rm` and `condor_submit` commands configurable.
# See https://github.com/kysrpex/pulsar/commits/condor_manager_prefix_option for more details.
block:
- name: Allocate a temporary directory.
ansible.builtin.tempfile:
prefix: ansible.galaxyproject.galaxy_requirements_file
state: directory
changed_when: false
register: galaxy_requirements_file_directory
- name: Clone Galaxy.
git:
dest: "{{ galaxy_requirements_file_directory.path }}/galaxy"
depth: 1
repo: "{{ galaxy_repo }}"
version: "{{ galaxy_commit_id }}"
executable: "{{ git_executable | default(omit) }}"
changed_when: false
- name: Retrieve the requirements file.
ansible.builtin.copy:
remote_src: true
src: "{{ galaxy_requirements_file_directory.path }}/galaxy/lib/galaxy/dependencies/pinned-requirements.txt"
dest: "{{ galaxy_requirements_file_directory.path }}/requirements.txt"
changed_when: false
- name: Replace `pulsar-galaxy-lib` with a patched version in the requirements file.
ansible.builtin.lineinfile:
path: "{{ galaxy_requirements_file_directory.path }}/requirements.txt"
regexp: 'pulsar-galaxy-lib'
line: 'git+https://github.com/kysrpex/pulsar.git@condor_manager_prefix_option#egg=pulsar-galaxy-lib ; python_version >= "3.7" and python_version < "3.12"'
- name: Configure the Galaxy role to use the modified version of the requirements file.
ansible.builtin.set_fact:
galaxy_requirements_file: "{{ galaxy_requirements_file_directory.path }}/requirements.txt"
always:
- name: Remove the Galaxy clone.
changed_when: false
ansible.builtin.file:
path: "{{ galaxy_requirements_file_directory.path }}/galaxy"
state: absent

post_tasks:
- name: Append some users to the systemd-journal group
user:
Expand All @@ -135,7 +63,8 @@
- "{{ galaxy_user.name }}"
- "telegraf"
- "stats" # special account to retrieve statistics from the server in read-only mode
- name: Set authorized SSH key (galaxy user)

- name: Set authorized SSH keys (galaxy user)
ansible.posix.authorized_key:
user: "{{ galaxy_user.name }}"
state: present
Expand All @@ -148,7 +77,8 @@
- https://github.com/wm75.keys
- https://github.com/gmauro.keys
- "{{ galaxy_user_public_key }}"
- name: Set authorized SSH key (stats user)

- name: Set authorized SSH keys (stats user)
ansible.posix.authorized_key:
user: "stats"
state: present
Expand Down Expand Up @@ -180,7 +110,7 @@

## Install miniconda, create a _galaxy_ environment and install Packages
## Galaxy will use the virtualenv from this conda environment (see
## galaxy_virtualenv_command) in the group_vars/sn06.yml
## galaxy_virtualenv_command) in the group_vars/galaxy.yml
- role: galaxyproject.miniconda
vars:
miniconda_prefix: "{{ conda_prefix }}"
Expand Down Expand Up @@ -225,9 +155,6 @@
## Setup docker
- geerlingguy.docker

# HTCondor Cluster setup
- usegalaxy_eu.htcondor

# Misc.
- role: hxr.galaxy-nonreproducible-tools
become: true
Expand Down
Loading
Loading