From b4f6d2617baa611a9e03762814c5ca4739178c32 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Manuel=20Dom=C3=ADnguez?= Date: Fri, 15 Dec 2023 11:29:56 +0100 Subject: [PATCH 01/15] Begin Galaxy servers playbook from existing sn06 playbook To realize a set-up with two redundant Galaxy servers, it makes sense to start from the existing playbook for our single Galaxy server so that the Git history for the file is kept intact. --- sn06.yml => galaxy.yml | 2 +- group_vars/{sn06.yml => galaxy.yml} | 0 hosts | 2 +- 3 files changed, 2 insertions(+), 2 deletions(-) rename sn06.yml => galaxy.yml (99%) rename group_vars/{sn06.yml => galaxy.yml} (100%) diff --git a/sn06.yml b/galaxy.yml similarity index 99% rename from sn06.yml rename to galaxy.yml index 8bb59c29f..9c52c4744 100644 --- a/sn06.yml +++ b/galaxy.yml @@ -180,7 +180,7 @@ ## Install miniconda, create a _galaxy_ environment and install Packages ## Galaxy will use the virtualenv from this conda environment (see - ## galaxy_virtualenv_command) in the group_vars/sn06.yml + ## galaxy_virtualenv_command) in the group_vars/galaxy.yml - role: galaxyproject.miniconda vars: miniconda_prefix: "{{ conda_prefix }}" diff --git a/group_vars/sn06.yml b/group_vars/galaxy.yml similarity index 100% rename from group_vars/sn06.yml rename to group_vars/galaxy.yml diff --git a/hosts b/hosts index f4f308a6c..5c31dc1a8 100644 --- a/hosts +++ b/hosts @@ -61,7 +61,7 @@ celery-0.galaxyproject.eu sn06.galaxyproject.eu sn07.galaxyproject.eu -[sn06] +[galaxy] sn06.galaxyproject.eu [sn07] From f66aa6397492ce29ec9a2659a6922168fa662e68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Manuel=20Dom=C3=ADnguez?= Date: Fri, 15 Dec 2023 11:31:26 +0100 Subject: [PATCH 02/15] Remove `galaxyservers` group A search within the project files reveals that no references to this group name exist. --- hosts | 4 ---- 1 file changed, 4 deletions(-) diff --git a/hosts b/hosts index 5c31dc1a8..b2467fac1 100644 --- a/hosts +++ b/hosts @@ -57,10 +57,6 @@ plausible.galaxyproject.eu celery-0.galaxyproject.eu # Baremetal -[galaxyservers] -sn06.galaxyproject.eu -sn07.galaxyproject.eu - [galaxy] sn06.galaxyproject.eu From 9c8429d0ac58bfb9635456123faca945fabe822c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Manuel=20Dom=C3=ADnguez?= Date: Fri, 15 Dec 2023 14:05:14 +0100 Subject: [PATCH 03/15] Move variables from the Galaxy servers playbook to the `galaxy.yml` group vars file I have not checked the correctness of the move, we may have to move a few variables back later. In the group vars file, organize the variables in blocks and add a comment before each block stating which role owns them. --- galaxy.yml | 42 ------------- group_vars/galaxy.yml | 141 ++++++++++++++++++++++++------------------ 2 files changed, 80 insertions(+), 103 deletions(-) diff --git a/galaxy.yml b/galaxy.yml index 9c52c4744..f5cc06a0a 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -3,48 +3,6 @@ hosts: sn06 become: true become_user: root - vars: - # The full internal name. - hostname: sn06.galaxyproject.eu - # The nginx user needed into the galaxyproject.nginx role - nginx_conf_user: galaxy - # This server has multiple CNAMEs that are important. Additionally it - # provides proxying for many of the other services run by Galaxy Europe. - # These server_names are passed to certbot. They generally should not need - # to be updated unless you add a new domain. They *only* work with the - # route53 provider, so if we want to do usegalaxy.xy, it may require - # refactoring / multiple certbot runs. - # - # - # The best way to expand them is to run the playbook, it will leave a message with the command it would have run (look for `skipped, since /etc/letsencrypt/renewal/usegalaxy.eu.conf exists`) - # - # Then take this command to the command line (root@sn04) and run it with `--expand`. E.g. (DO NOT COPY PASTE (in case the config changes)) - # - # $ /opt/certbot/bin/certbot certonly --non-interactive --dns-route53 \ - # -m security@usegalaxy.eu --agree-tos -d 'usegalaxy.eu,*.usegalaxy.eu,galaxyproject.eu,*.galaxyproject.eu,*.interactivetoolentrypoint.interactivetool.usegalaxy.eu,*.interactivetoolentrypoint.interactivetool.live.usegalaxy.eu,*.interactivetoolentrypoint.interactivetool.test.usegalaxy.eu' --expand - # Saving debug log to /var/log/letsencrypt/letsencrypt.log - # Credentials found in config file: ~/.aws/config - # .... - # IMPORTANT NOTES: - # - Congratulations! Your certificate and chain have been saved at: - # - # And you're done expanding the certs. - # - # The nginx user needed into the galaxyproject.nginx role - server_names: - - "usegalaxy.eu" - - "*.usegalaxy.eu" - - "galaxyproject.eu" - - "*.galaxyproject.eu" - - "*.interactivetoolentrypoint.interactivetool.usegalaxy.eu" - - "*.interactivetoolentrypoint.interactivetool.live.usegalaxy.eu" - - "*.interactivetoolentrypoint.interactivetool.test.usegalaxy.eu" - - "*.aqua.usegalaxy.eu" - - "*.interactivetoolentrypoint.interactivetool.aqua.usegalaxy.eu" - - "*.ecology.usegalaxy.eu" - - "*.interactivetoolentrypoint.interactivetool.ecology.usegalaxy.eu" - - "*.earth-system.usegalaxy.eu" - - "*.interactivetoolentrypoint.interactivetool.earth-system.usegalaxy.eu" vars_files: - group_vars/tiaas.yml # All of the training infrastructure - group_vars/gxconfig.yml # The base galaxy configuration diff --git a/group_vars/galaxy.yml b/group_vars/galaxy.yml index 07280a0b7..6c0a1280f 100644 --- a/group_vars/galaxy.yml +++ b/group_vars/galaxy.yml @@ -1,5 +1,8 @@ --- -# packages +# (hostname) +hostname: "{{ inventory_hostname }}" + +# (usegalaxy_eu.handy.os_setup) software_groups_to_install: - admin - debug @@ -9,15 +12,15 @@ software_groups_to_install: - terminals - utils -# Docker +# (geerlingguy.docker) docker_users: - galaxy -# Autofs -autofs_service.install: true -autofs_service.enable: true +# (usegalaxy-eu.autofs) +autofs_service: + install: true + enable: true nfs_kernel_tuning: true - autofs_mount_points: - data - gxtest @@ -25,10 +28,10 @@ autofs_mount_points: - jwd - usrlocal -# Miniconda role variables (galaxyproject.miniconda) +# (galaxyproject.miniconda) conda_prefix: /opt/miniconda -# fs-maintenance +# (usegalaxy_eu.fs_maintenance) fsm_maintenance_dir: "/data/dnb01/maintenance" fsm_cron_tasks: docker: @@ -52,10 +55,10 @@ fsm_cron_tasks: job: "{{ custom_telegraf_env }} /usr/bin/gxadmin galaxy cleanup 60" user: "{{ fsm_galaxy_user.username }}" -# TIaaS +# Training infrastructure as a service (galaxyproject.tiaas2) tiaas_virtualenv_python: "python3.8" -# Telegraf +# (dj-wasabi.telegraf) telegraf_agent_hostname: "{{ hostname }}" telegraf_agent_version: 1.17.2 custom_telegraf_env: "/usr/bin/env GDPR_MODE=1 PGUSER={{ galaxy_user.name }} PGHOST={{ postgres_host }} GALAXY_ROOT={{ galaxy_server_dir }} GALAXY_CONFIG_FILE={{ galaxy_config_file }} GALAXY_LOG_DIR={{ galaxy_log_dir }} GXADMIN_PYTHON={{ galaxy_venv_dir }}/bin/python" @@ -68,8 +71,7 @@ telegraf_plugins_extra: - metric_separator = "." - allowed_pending_messages = 10000 - percentile_limit = 100 - - # Some custom galaxy monitoring stuff that can only run on the Galaxy server + # Some custom galaxy monitoring stuff that can only run on the Galaxy server. galaxy_lastlog: plugin: "exec" config: @@ -85,7 +87,7 @@ telegraf_plugins_extra: - data_format = "influx" - interval = "1m" -# Custom pip installer +# (hxr.install-to-venv) pip_venv_path: "{{ galaxy_venv_dir }}" pip_install_dependencies: # celery and flower @@ -109,10 +111,12 @@ pip_install_dependencies: - GitPython - python-openstackclient +# This role is not in use. (hxr.exclude-repo) yum_exclude_repos: - condor* - npm* +# No role seems to be using this variable. (namespace.no_role) all_yum_repositories: - name: galaxy_gpel description: Galaxy Packages for Enterprise Linux $releasever - $basearch @@ -122,7 +126,48 @@ all_yum_repositories: retries: 1 timeout: 10 -# Certbot +# (usegalaxy-eu.certbot) +# Galaxy servers have multiple CNAMEs that are important. Additionally, they +# provide proxying for many of the other services run by Galaxy Europe. +# These server_names are passed to certbot. They generally should not need +# to be updated unless you add a new domain. They *only* work with the +# route53 provider, so if we want to do usegalaxy.xy, it may require +# refactoring / multiple certbot runs. +# +# The best way to expand them is to run the playbook, it will leave a message +# with the command it would have run (look for `skipped, since +# /etc/letsencrypt/renewal/usegalaxy.eu.conf exists`) +# +# Then take this command to the command line (root@sn04) and run it with +# `--expand`. E.g. (DO NOT COPY PASTE (in case the config changes)) +# +# $ /opt/certbot/bin/certbot certonly \ +# --non-interactive --dns-route53 \ +# -m security@usegalaxy.eu --agree-tos \ +# -d 'usegalaxy.eu,*.usegalaxy.eu,galaxyproject.eu,*.galaxyproject.eu,*.interactivetoolentrypoint.interactivetool.usegalaxy.eu,*.interactivetoolentrypoint.interactivetool.live.usegalaxy.eu,*.interactivetoolentrypoint.interactivetool.test.usegalaxy.eu' \ +# --expand +# Saving debug log to /var/log/letsencrypt/letsencrypt.log +# Credentials found in config file: ~/.aws/config +# .... +# IMPORTANT NOTES: +# - Congratulations! Your certificate and chain have been saved at: +# +# And you're done expanding the certs. +# +server_names: + - "usegalaxy.eu" + - "*.usegalaxy.eu" + - "galaxyproject.eu" + - "*.galaxyproject.eu" + - "*.interactivetoolentrypoint.interactivetool.usegalaxy.eu" + - "*.interactivetoolentrypoint.interactivetool.live.usegalaxy.eu" + - "*.interactivetoolentrypoint.interactivetool.test.usegalaxy.eu" + - "*.aqua.usegalaxy.eu" + - "*.interactivetoolentrypoint.interactivetool.aqua.usegalaxy.eu" + - "*.ecology.usegalaxy.eu" + - "*.interactivetoolentrypoint.interactivetool.ecology.usegalaxy.eu" + - "*.earth-system.usegalaxy.eu" + - "*.interactivetoolentrypoint.interactivetool.earth-system.usegalaxy.eu" certbot_virtualenv_package_name: python3-virtualenv certbot_dns_provider: route53 certbot_auth_method: --standalone @@ -132,18 +177,10 @@ certbot_post_renewal: | certbot_share_key_users: - nginx -# AWS Credentials for certbot-route53 -aws_cli_credentials: - - access_key: "{{ aws_credentials.certbot.AWS_ACCESS_KEY }}" - secret_key: "{{ aws_credentials.certbot.AWS_SECRET_KEY }}" - homedir: /root - owner: root - group: root - -# rsync to nfs +# (usegalaxy-eu.rsync-to-nfs) galaxy_nfs_location: /data/gxkey -# Nginx +# (usegalaxy-eu.nginx) nginx_servers: - redirect-ssl nginx_ssl_servers: @@ -152,6 +189,7 @@ nginx_ssl_servers: - galaxy-main - galaxy-ie-main - galaxy-test-proxy +nginx_conf_user: galaxy nginx_conf_http: client_max_body_size: 1g proxy_cache_path: "/tmp/nginx-cache levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=1g" @@ -183,46 +221,41 @@ nginx_conf_http: gzip_min_length: 128 nginx_enable_default_server: false nginx_flavor: "" - # Nginx Letsencrypt bindings nginx_ssl_role: usegalaxy-eu.certbot nginx_conf_ssl_certificate: /etc/ssl/certs/fullchain.pem nginx_conf_ssl_certificate_key: /etc/ssl/user/privkey-nginx.pem -# Dynmotd +# (usegalaxy-eu.dynmotd) dynmotd_custom: - name: Condor command: "condor_q -totals | tail -n 2" -# TPV Script +# (usegalaxy_eu.tpv_auto_lint) tpv_config_dir_name: total_perspective_vortex -# CVMFS +# (galaxyproject.cvmfs) cvmfs_role: client galaxy_cvmfs_repos_enabled: config-repo - galaxy_cvmfs_server_urls: - domain: galaxyproject.org urls: - "http://cvmfs1-ufr0.galaxyproject.eu/cvmfs/@fqrn@" -# SystemD -galaxy_systemd_mode: "gunicorn" +# (usegalaxy_eu.galaxy_systemd) galaxy_systemd_gunicorns: 3 galaxy_systemd_gunicorn_workers: 4 galaxy_systemd_gunicorn_timeout: 600 galaxy_systemd_handlers: 6 galaxy_systemd_workflow_schedulers: 3 - galaxy_systemd_gunicorn_env: "{{ apollo_env }}" galaxy_systemd_handler_env: "{{ galaxy_systemd_gunicorn_env }}" galaxy_systemd_workflow_scheduler_env: "{{ galaxy_systemd_gunicorn_env }}" - galaxy_systemd_memory_limit: 120 galaxy_systemd_memory_limit_handler: 30 galaxy_systemd_memory_limit_workflow: 15 -# gie_proxy +# Proxy managing access to running Galaxy interactive tools (usegalaxy_eu.gie_proxy). gie_proxy_dir: "{{ galaxy_root }}/gie-proxy/proxy" gie_proxy_git_version: main gie_proxy_setup_nodejs: nodeenv @@ -234,26 +267,26 @@ gie_proxy_sessions_path: "{{ galaxy_mutable_data_dir }}/interactivetools_map.sql gie_proxy_port: 8800 gie_proxy_verbose: true -# gxadmin +# (galaxyproject.gxadmin) postgres_user: galaxy postgres_host: sn05.galaxyproject.eu postgres_port: 5432 - -# GRT -galaxy_grt_exporter: galaxy -galaxy_grt_uploader: galaxy - -# Influx Notifier -gxadmin_influx_task_notifier: true -gxadmin_influx_task_notifier_db: notifications - # postgres_pass defined in secret_group_vars/all.yml gxadmin_commit: main gxadmin_dir: /opt/gxadmin gxadmin_bin_dir: /usr/bin gxadmin_force: true +# these Influx Notifier variables seem not to be used by any role anymore +gxadmin_influx_task_notifier: true +gxadmin_influx_task_notifier_db: notifications -# GALAXY +# (usegalaxy-eu.grt-client) +# TODO: Remove, seems to be not in use. +galaxy_grt_exporter: galaxy +galaxy_grt_uploader: galaxy + +# (galaxyproject.galaxy) +galaxy_systemd_mode: "gunicorn" galaxy_group: name: galaxy gid: 999 @@ -271,10 +304,9 @@ galaxy_user: home: /opt/galaxy uid: 999 shell: /bin/bash - -# Galaxy configuration files will be written with these permissions (mode argument to Ansible copy/template module) +# Galaxy configuration files will be written with these permissions (mode +# argument to Ansible copy/template module). galaxy_config_perms: 0644 - galaxy_root: /opt/galaxy galaxy_workflow_scheduler_count: "{{ galaxy_systemd_workflow_schedulers }}" galaxy_home_dir: /opt/galaxy @@ -284,19 +316,15 @@ galaxy_shed_tools_dir: "{{ galaxy_root }}/shed_tools" galaxy_tool_data_path: "{{ galaxy_root }}/tool-data" __galaxy_shed_tools_dir: "{{ galaxy_shed_tools_dir }}" galaxy_backup_configfiles: false - galaxy_server_dir: "{{ galaxy_root }}/server" galaxy_config_dir: "{{ galaxy_root }}/config" galaxy_venv_dir: "{{ galaxy_root }}/venv" galaxy_job_working_directory: "{{ galaxy_config['galaxy']['job_working_directory'] }}" ucsc_build_sites: - galaxy_virtualenv_command: "{{ conda_prefix }}/envs/_galaxy_/bin/python -m venv --copies" #galaxy_virtualenv_python: "python3.6" galaxy_nonrepro_tools: "{{ galaxy_root }}/custom-tools" galaxy_nonrepro_commit: master - - # Custom override # Our galaxy_tool_dependency_dir is on NFS, and permissions are set in such a # way that they cannot be changed by the ansible connected user. @@ -315,19 +343,14 @@ galaxy_dirs: - "{{ galaxy_log_dir }}" - "{{ galaxy_config_dir }}/total_perspective_vortex" - "{{ tpv_mutable_dir }}" - galaxy_instance_hostname: usegalaxy.eu galaxy_config_style: yaml - galaxy_repo: "https://github.com/usegalaxy-eu/galaxy.git" galaxy_commit_id: "release_23.1_europe" galaxy_force_checkout: true # discard any modified files #galaxy_admin_email_from: 'noreply@usegalaxy.eu' - galaxy_singularity_images_cvmfs_path: "/cvmfs/singularity.galaxyproject.org/all/" - galaxy_config: "{{ galaxy_config_hash }}" - # Galaxy Subdomains galaxy_themes_ansible_file_path: /scratch/workspace/usegalaxy-eu/playbooks/sn06/files/galaxy/subdomains galaxy_themes_conf_path: files/galaxy/config/themes_conf.yml @@ -370,8 +393,6 @@ galaxy_themes_subdomains: - name: earth-system - name: cancer - name: aqua - - galaxy_config_file_src_dir: files/galaxy galaxy_config_files: # TODO(bgruening): sync this with cvmfs? can we have ours be just a small additional builds.txt? @@ -418,7 +439,6 @@ galaxy_config_files: dest: "{{ tpv_mutable_dir }}/interactive_tools.yml" - src: "{{ galaxy_config_file_src_dir }}/tpv/users.yml" dest: "{{ tpv_mutable_dir }}/users.yml" - #- src: files/galaxy/config/job_resource_params_conf.xml #dest: "{{ galaxy_config['app:main']['job_resource_params_file'] }}" #- src: files/galaxy/config/pulsar_stampede_actions.yml @@ -429,7 +449,6 @@ galaxy_config_files: #dest: "{{ galaxy_config_dir }}/pulsar_jetstream.yml" #- src: files/galaxy/config/pulsar_jetstream_actions.yml #dest: "{{ galaxy_config_dir }}/pulsar_jetstream_actions.yml" - galaxy_config_template_src_dir: templates/galaxy galaxy_config_templates: - src: "{{ galaxy_config_template_src_dir }}/config/build_sites.yml.j2" From 66144eac005212c673d86c70dbcd38496ae805f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Manuel=20Dom=C3=ADnguez?= Date: Fri, 15 Dec 2023 14:06:18 +0100 Subject: [PATCH 04/15] Rename the only play in Galaxy servers playbook --- galaxy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/galaxy.yml b/galaxy.yml index f5cc06a0a..ffa165f07 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -1,5 +1,5 @@ --- -- name: UseGalaxy.eu +- name: Configure Galaxy servers hosts: sn06 become: true become_user: root From b20c89843a8d41f637f90bbd64b8eaa2e4fec9bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Manuel=20Dom=C3=ADnguez?= Date: Fri, 15 Dec 2023 14:06:56 +0100 Subject: [PATCH 05/15] Switch the hosts to which the only play in the Galaxy servers playbook applies from the group `sn06` to the group `galaxy` Exclude `sn06.galaxyproject.eu` for the time being. --- galaxy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/galaxy.yml b/galaxy.yml index ffa165f07..14ead386c 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -1,6 +1,6 @@ --- - name: Configure Galaxy servers - hosts: sn06 + hosts: galaxy:!sn06.galaxyproject.eu become: true become_user: root vars_files: From 85aadf364d967a8a43a1c0177a6ae235b047a05b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Manuel=20Dom=C3=ADnguez?= Date: Fri, 15 Dec 2023 14:07:51 +0100 Subject: [PATCH 06/15] Change formatting of pre-task responsible for installing dependencies --- galaxy.yml | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/galaxy.yml b/galaxy.yml index 14ead386c..cac027aff 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -28,16 +28,15 @@ - name: Install Dependencies package: name: - [ - "git", - "postgresql", - "python3-psycopg2", - "python3-virtualenv", - "bc", - "python38", - "python38-devel", - ] - become: true + - git + - postgresql + - python3-psycopg2 + - python3-virtualenv + - bc + - python38 + - python38-devel + state: present + - name: Set default version of Python alternatives: name: python From 8093b3ab360a150d2a2c70ba0fe1bcb215c0d09b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Manuel=20Dom=C3=ADnguez?= Date: Fri, 15 Dec 2023 14:08:29 +0100 Subject: [PATCH 07/15] Change formatting of "Restart Galaxy handler" --- galaxy.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/galaxy.yml b/galaxy.yml index cac027aff..0260f5137 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -21,8 +21,14 @@ - mounts/mountpoints.yml handlers: - name: Restart Galaxy - shell: | - cd /opt/galaxy/ && source /opt/galaxy/.bashrc && /usr/bin/gxadmin gunicorn handler-restart && sudo -u galaxy /usr/bin/galaxy-sync-to-nfs && systemctl restart galaxy-handler@* && systemctl restart galaxy-workflow-scheduler@* + shell: + chdir: /opt/galaxy + cmd: | + source /opt/galaxy/.bashrc && \ + /usr/bin/gxadmin gunicorn handler-restart && \ + sudo -u galaxy /usr/bin/galaxy-sync-to-nfs && \ + systemctl restart galaxy-handler@* && \ + systemctl restart galaxy-workflow-scheduler@* listen: "restart galaxy" pre_tasks: - name: Install Dependencies From dfbc998ae6aed4e87f0da5d201a2ef196135b3af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Manuel=20Dom=C3=ADnguez?= Date: Fri, 15 Dec 2023 14:21:16 +0100 Subject: [PATCH 08/15] Add comment mentioning the idea to manage dependencies of roles differently It is a time sink and very annoying to have to re-run playbooks until no more "command not found" errors appear because of forgetting to install role dependencies (meaning system packages, not other roles). See issue https://github.com/galaxyproject/ansible-gxadmin/issues/3 for an example of someone complaining about this recurring problem. I thought of creating a role called "usegalaxy_eu.packages" that alleviates this problem. The idea is to define a list of the packages each role depends on in group_vars/all.yml (see the example below), then have the role check what other roles are imported in a play and install the corresponding dependencies. ```yaml # Ansible role package dependencies (managed by usegalaxy_eu.packages) packages: usegalaxy_eu.handy.os_setup: - findutils galaxyproject.gxadmin: - git - make - "postgresql{{ '-client' if ansible_os_family == 'Debian' }}" usegalaxy-eu.bashrc: - python3-psycopg2 - python3-pyyaml ``` The idea to create this role stems just from stumbling upon the problem. See https://github.com/galaxyproject/ansible-gxadmin/pull/11 for an additional discussion on the topic. --- galaxy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/galaxy.yml b/galaxy.yml index 0260f5137..e58028381 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -31,6 +31,7 @@ systemctl restart galaxy-workflow-scheduler@* listen: "restart galaxy" pre_tasks: + # TODO: Use usegalaxy_eu.packages to manage role dependencies. - name: Install Dependencies package: name: From 094325c969f26d65d66a463ba7eb8a13103a961f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Manuel=20Dom=C3=ADnguez?= Date: Fri, 15 Dec 2023 14:25:58 +0100 Subject: [PATCH 09/15] Remove pre-task injecting custom Pulsar build The custom Pulsar build was meant to be used during the HTCondor migration to have two embedded pulsar runners, each submitting jobs to a different HTCondor cluster. For a new Galaxy server set up from scratch, the migration is formally complete and only one pulsar embedded runner is needed. Thus, this patched version is not needed anymore. --- galaxy.yml | 38 -------------------------------------- 1 file changed, 38 deletions(-) diff --git a/galaxy.yml b/galaxy.yml index e58028381..15d7298f6 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -51,44 +51,6 @@ - name: Disable SELinux selinux: state: disabled - - name: Inject custom Pulsar build in the Galaxy requirements file (HTCondor migration). - # This Pulsar build makes the `condor_rm` and `condor_submit` commands configurable. - # See https://github.com/kysrpex/pulsar/commits/condor_manager_prefix_option for more details. - block: - - name: Allocate a temporary directory. - ansible.builtin.tempfile: - prefix: ansible.galaxyproject.galaxy_requirements_file - state: directory - changed_when: false - register: galaxy_requirements_file_directory - - name: Clone Galaxy. - git: - dest: "{{ galaxy_requirements_file_directory.path }}/galaxy" - depth: 1 - repo: "{{ galaxy_repo }}" - version: "{{ galaxy_commit_id }}" - executable: "{{ git_executable | default(omit) }}" - changed_when: false - - name: Retrieve the requirements file. - ansible.builtin.copy: - remote_src: true - src: "{{ galaxy_requirements_file_directory.path }}/galaxy/lib/galaxy/dependencies/pinned-requirements.txt" - dest: "{{ galaxy_requirements_file_directory.path }}/requirements.txt" - changed_when: false - - name: Replace `pulsar-galaxy-lib` with a patched version in the requirements file. - ansible.builtin.lineinfile: - path: "{{ galaxy_requirements_file_directory.path }}/requirements.txt" - regexp: 'pulsar-galaxy-lib' - line: 'git+https://github.com/kysrpex/pulsar.git@condor_manager_prefix_option#egg=pulsar-galaxy-lib ; python_version >= "3.7" and python_version < "3.12"' - - name: Configure the Galaxy role to use the modified version of the requirements file. - ansible.builtin.set_fact: - galaxy_requirements_file: "{{ galaxy_requirements_file_directory.path }}/requirements.txt" - always: - - name: Remove the Galaxy clone. - changed_when: false - ansible.builtin.file: - path: "{{ galaxy_requirements_file_directory.path }}/galaxy" - state: absent post_tasks: - name: Append some users to the systemd-journal group user: From 6089df5cff1b0d27478bd181468deb6539dcf007 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Manuel=20Dom=C3=ADnguez?= Date: Fri, 15 Dec 2023 14:27:24 +0100 Subject: [PATCH 10/15] Remove the role usegalaxy_eu.htcondor from the Galaxy servers playbook The HTCondor clusters playbook is now responsible for setting the node up as a submitter. --- galaxy.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/galaxy.yml b/galaxy.yml index 15d7298f6..8bd8c710d 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -151,9 +151,6 @@ ## Setup docker - geerlingguy.docker - # HTCondor Cluster setup - - usegalaxy_eu.htcondor - # Misc. - role: hxr.galaxy-nonreproducible-tools become: true From 779ba505b3b36411a43637e637369a49df319eaf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Manuel=20Dom=C3=ADnguez?= Date: Fri, 15 Dec 2023 14:29:07 +0100 Subject: [PATCH 11/15] Rename "Install Dependencies" pre-task --- galaxy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/galaxy.yml b/galaxy.yml index 8bd8c710d..8453edb4b 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -32,8 +32,8 @@ listen: "restart galaxy" pre_tasks: # TODO: Use usegalaxy_eu.packages to manage role dependencies. - - name: Install Dependencies - package: + - name: Install dependencies. + ansible.builtin.package: name: - git - postgresql From 635698e9facdd9f6197c20cfa7a4987e0310df27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Manuel=20Dom=C3=ADnguez?= Date: Fri, 15 Dec 2023 14:30:17 +0100 Subject: [PATCH 12/15] Add a few blank lines --- galaxy.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/galaxy.yml b/galaxy.yml index 8453edb4b..6f2671e6a 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -48,9 +48,11 @@ alternatives: name: python path: /usr/bin/python3 + - name: Disable SELinux selinux: state: disabled + post_tasks: - name: Append some users to the systemd-journal group user: @@ -61,6 +63,7 @@ - "{{ galaxy_user.name }}" - "telegraf" - "stats" # special account to retrieve statistics from the server in read-only mode + - name: Set authorized SSH key (galaxy user) ansible.posix.authorized_key: user: "{{ galaxy_user.name }}" @@ -74,6 +77,7 @@ - https://github.com/wm75.keys - https://github.com/gmauro.keys - "{{ galaxy_user_public_key }}" + - name: Set authorized SSH key (stats user) ansible.posix.authorized_key: user: "stats" From 122814846182fd9a201d1189eb345c1f8fa05d25 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Manuel=20Dom=C3=ADnguez?= Date: Fri, 15 Dec 2023 14:31:16 +0100 Subject: [PATCH 13/15] Fix typos in authorized SSH keys tasks --- galaxy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/galaxy.yml b/galaxy.yml index 6f2671e6a..b0b38e812 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -64,7 +64,7 @@ - "telegraf" - "stats" # special account to retrieve statistics from the server in read-only mode - - name: Set authorized SSH key (galaxy user) + - name: Set authorized SSH keys (galaxy user) ansible.posix.authorized_key: user: "{{ galaxy_user.name }}" state: present @@ -78,7 +78,7 @@ - https://github.com/gmauro.keys - "{{ galaxy_user_public_key }}" - - name: Set authorized SSH key (stats user) + - name: Set authorized SSH keys (stats user) ansible.posix.authorized_key: user: "stats" state: present From 02297c0c6417d40a48ae87513878c2ba49360f06 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Manuel=20Dom=C3=ADnguez?= Date: Fri, 15 Dec 2023 15:21:28 +0100 Subject: [PATCH 14/15] Update Python package names to Rocky 9 From https://github.com/usegalaxy-eu/infrastructure-playbook/commit/7d8415f12bcf7f1410572822a1a4bb7349684c80#diff-316d158127c2bfa39b0d5ec17d12d4a6fde2c410095e1a125c3c2d08e30a5e11R70-R71. --- galaxy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/galaxy.yml b/galaxy.yml index b0b38e812..50b98c304 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -40,8 +40,8 @@ - python3-psycopg2 - python3-virtualenv - bc - - python38 - - python38-devel + - python3 + - python3-devel state: present - name: Set default version of Python From 91b00eb255b17c7f8884706e7c2617b9c1274704 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Manuel=20Dom=C3=ADnguez?= Date: Fri, 15 Dec 2023 15:22:53 +0100 Subject: [PATCH 15/15] Add `become: true` to "Install dependencies." task From https://github.com/usegalaxy-eu/infrastructure-playbook/commit/7d8415f12bcf7f1410572822a1a4bb7349684c80#diff-316d158127c2bfa39b0d5ec17d12d4a6fde2c410095e1a125c3c2d08e30a5e11R73. --- galaxy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/galaxy.yml b/galaxy.yml index 50b98c304..318872575 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -33,6 +33,7 @@ pre_tasks: # TODO: Use usegalaxy_eu.packages to manage role dependencies. - name: Install dependencies. + become: true ansible.builtin.package: name: - git