This playbook installs and configures Galaxy server on Metacentrum CZ infrastructure.
-
You need to have
ansible
. Python virtualenv is a recommended way to its installation. -
These ports enabled on host machine:
80(HTTP)
443(HTTPS)
4369(TCP)
5671(TCP)
15672(TCP)
25672(TCP)
- Metacentrum service account (in the following examples
galaxy-qa1
is used) - OIDC secrets set up for federated login
Use your existing ssh key or generate new with $ ssh-keygen -t ed25519
- If you want to run the playbook through github action you need to add your key to your github profile.
- For executing this from a local machine you can forward your sshkey to the host.
For the purposes below the <YOUR_HOST>
can be e.g. galaxy-qa2.galaxy.cloud.e-infra.cz
Add an entry to the hosts.yml
file which will look like this:
galaxyservers:
hosts:
<YOUR_HOST>:
ansible_user: debian
Create host_vars/<YOUR_HOST>/vars.yml
. It should contain the following vars:
galaxy_mutable_data_dir: /data/galaxy
pulsar:
user_name: galaxy-qa1
nfs_home: brno11-elixir
nfs_prefix: pulsar-qa2
pbs_queue: galaxyqa
pbs_gpu_queue: galaxy_gpu
pulsar_data_dir: "/storage/{{ pulsar.nfs_home }}/home/{{ pulsar.user_name }}/{{ pulsar.nfs_prefix }}"
# displayed in Galaxy's masthead
csnt_brand: <YOUR_HOST>
note: the same service user (galaxy-qa1
) is used for both pulsar-qa1
and pulsar-qa2
generate password with $ openssl rand -base64 24 > .vault-password.txt
create vault for your host ansible-vault create host_vars/<YOUR_HOST>/secret.yml
The vault should contain the following vars:
vault_id_secret: choose_something_unique_per_instance
rabbitmq_users_password:
mqadmin: a-really-long-password-here
pulsar: a-really-long-DIFFERENT-password-here
vault_rabbitmq_password_galaxy: good-password-here
oidc_client_id: string-with-client-id
oidc_client_secret: string-with-client-secret
# Galaxy admin API key for tool installation
api_key: dont-be-lazy-a-really-long-password-here
# see https://github.com/galaxyproject/galaxy/blob/dev/doc/source/admin/special_topics/vault.md
vault_encryption_keys:
- generated_key_NUDIABSUmny78sad8a7sby87av8dv=
pulsar_ssh_key: |
-----BEGIN OPENSSH PRIVATE KEY-----
asdasdasdad
-----END OPENSSH PRIVATE KEY-----
tiaas_password: a-really-long-password-here
vault_rabbitmq_password_flower: a-really-long-password-here
vault_flower_user_password: a-really-long-password-here
vault_sentry_password: a-really-long-password-here
vault_reports_admin_password: a-really-long-password-here
note: you should avoid having a /
or \
in your password as galaxy will interpret this as a path.
$ ansible-playbook --limit <YOUR_HOST> galaxy.yml
Install ephemeris for tool management:
virtualenv -p python3 ~/ephemeris_venv
. ~/ephemeris_venv/bin/activate
pip install ephemeris
To obtain the list of tools from the usegalaxy.eu use:
get-tool-list -g "https://usegalaxy.eu" -o "eu_tool_list.yaml"
and then to install them:
shed-tools install -g https://your-galaxy -a <api-key> -t eu_tool_list.yaml
The api key can be found in the User -> Preferences -> Manage API Key in Galaxy menu.
Following are troubleshooting notes gathered through the learning process.
On ubuntu < 22.04 and Debian < 12 the GLIBC version is incompatible with the galaxyproject.tusd
GLIBC, therefore playbook ends in error.
- in
roles/galaxyproject.tusd/defaults/main.yml
you have to set thetusd_version:
to 'v1.8.0' (tested, possibly higher)
On Debian 11 the default version of ansible
is 2.10.08 which fails to extract binaries for TUSd.
- workaround:
sudo vim /etc/apt/sources.list
add this line :deb http://ppa.launchpad.net/ansible/ansible/ubuntu focal main
- then
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367
- followed by
sudo apt-get update
andsudo apt-get install ansible -y
- Note that you might need to
sudo apt remove ansible
sudo apt autoremove
before you try to install ansible.
Use sudo apt install python3-docker
before running the usegalaxy.rabbitmqserver
role.
For influxdb apt key error: https://www.influxdata.com/blog/linux-package-signing-key-rotation/
For proftpd add "LoadModule mod_tls.c" to roles/galaxyproject.proftpd/templates/tls.conf.j2 just before the TLSEngine