Galaxycloud

Install Galaxy Production environment. This role has been specifically developed to be used for the ELIXIR-IIB use case in the INDIGO-DataCloud project.

Requirements

This ansible role supports CentOS 7, Ubuntu 14.04 Trusty and Ubuntu 16.04 Xenial

Note

Minimum ansible version: 2.1.2.0

Role Variables

Path

galaxy_instance_description: set Galaxy brand

galaxy_user: set linux user to launch the Galaxy portal (default: galaxy).

GALAXY_UID: set user UID (default: 4001).

galaxy_FS_path: path to install Galaxy (default: /home/galaxy).

galaxy_directory: Galaxy directory (usually galaxy or galaxy-dist, default galaxy).

galaxy_install_path: Galaxy installation directory (default: /home/galaxy/galaxy).

galaxy_config_path: Galaxy config pat location.

galaxy_config_file: Galaxy primary configuration file.

galaxy_venv_path: Galaxy virtual environment directory (usually located to <galaxy_install_path>/.venv).

galaxy_custom_config_path: Galaxy custom configuration files path (default: /etc/galaxy).

galaxy_custom_script_path: Galaxy custom script path (defautl: /usr/local/bin).

galaxy_log_path: log file directory (default: /var/log/galaxy).

galaxy_instance_url: instance url (default: http://<ipv4_address>/galaxy/).

galaxy_instance_key_pub: instance ssh public key to configure <galaxy_user> access.

galaxy_lrms: enable Galaxy virtual elastic cluster support. Currently supported local and slurm (default: local, possible values: local, slurm).

main options

GALAXY_VERSION: set Galaxy version (e.g. master, release_17.01, release_17.05…).

create_galaxy_admin: if true the administrator user will be created (default: true).

GALAXY_ADMIN_USERNAME: Galaxy administrator username.

GALAXY_ADMIN_PASSWORD: Galaxy administrator password.

GALAXY_ADMIN_API_KEY: Galaxy administrator API_KEY. https://wiki.galaxyproject.org/Admin/API. Please note that this key acts as an alternate means to access your account, and should be treated with the same care as your login password. To be changed by the administrator.(default value: GALAXY_ADMIN_API_KEY)

GALAXY_ADMIN_EMAIL: Galaxy administrator e-mail address

Galaxy configuration

export_dir: Galaxy userdata are stored here (defatult: /export).

tool_deps_path: change tool dependency directory (default: {{ export_dir }}/tool_deps)

use_conda: enable Conda (default: true).

job_work_dir: change job_working_dir path. Due to a current limitation in conda, the total length of the conda_prefix and the job_working_directory path should be less than 50 characters! (default: {{ export_dir }}/job_work_dir).

conda_prefix: change conda prefix directory (default: {{ export_dir }}/_conda).

conda_channels: change conda channels (default: iuc,bioconda,r,defaults,conda-forge).

update_ucsc: update UCSC genome database (default: ``true). A monthly cron job is added to keep update ucsc genome db.

fast_update: force database update by copying cached files (default: true).

use_pbkdf2: enable pbkdf2 cryptograpy (default: true).

Postgres database details

postgresql_version: set postgres version to be installed (current default: 9.6).

galaxy_db_dir: change galaxy database directory to store jobs results (default: {{export_dir}}/galaxy/database).

galaxy_db_port: set postgres port (default: 5432).

galaxy_db_passwd: set database password. By default it is generated a random password 20 characters long.

set_pgsql_random_password: if set to false the role takes the password specified through galaxy_db_passwd variable (default: true).

NGINX

nginx_upload_store_path: set nginx upload dataset directory (default: {{galaxy_db_dir}}/tmp/nginx_upload_store).

https mode

The Galaxy portal runs through an nginx http proxy by default. The following variables enable you to set nginx in https mode:

nginx_https: true
ssl_cert: /etc/certs/cert.pem
ssl_key: /etc/certs/key.pem
ssl_dhparam: /etc/certs/dhparam.pem

If nginx_https is set to true, the other ssl variables are required. You can either request a signed trusted certificate or generated self-signed certificate. An ansible role to generate self-signed certificate can be found in https://galaxy.ansible.com/LIP-Computing/ssl-certs/

PROFTPD

proftpd_welcome: set proftpd welcome message (default: galaxy ftp server).

proftpd_conf_path: set proftpd configuration file path.

proftpd_db_user: set proftpd database user (default: galaxyftp).

proftpd_db_passwd: set postgresql database password. By default it is generated a random password 20 characters long.

proftpd_files_path: set proftpd upload directory (default: {{galaxy_db_dir}}/ftp).

proftpd_ftp_port: set proftpd port (default: 21).

proftpd_passive_port_low: set passive port range minimum (default: 30000).

proftpd_passive_port_high: set passive port reng maximum (default:40000).

set_proftpd_random_password: if set to false the role takes the password specified through proftpd_db_passwd variable (default: true).

Init system

Currently this role support supervisord and systemd/upstart to start Galaxy services. init_type: if set to supervisord, it use to manage Galaxy. If set to init systemd/upstart is used to start Galaxy.

It is possible to exploit supervisord to manage postegreSQL, NGINX and proftpd setting to true the following variables. To run this role on docker container you have to set them to true. supervisor_manage_postgres: enable supervisord postgresql management (default: false).

supervisor_manage_nginx: enable supervisord nginx management (default: false).

supervisor_manage_proftpd: enable supervisord proftpd management (default: false).

Advanced storage configuration

enable_storage_advanced_options: this option, false by the default, has to be set to true only if you run the ansible role indigo-dc.galaxycloud-os, for advanced path configuration, onedata and filesystem encryption support. More details here: Galaxycloud-os (default: false).

Example Playbook

Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:

- hosts: servers
  roles:
     - role: indigo-dc.galaxycloud
       GALAXY_ADMIN_EMAIL: "admin@elixir-italy.org"
       GALAXY_ADMIN_USERNAME: "admin"
       GALAXY_VERSION: "release_17.05"
       galaxy_instance_key_pub: "your_public_key"
       galaxy_instance_description: "INDIGO-CNR test"

Install Galaxy setting postgresql passwords:

- hosts: servers
  roles:
     - role: indigo-dc.galaxycloud
       GALAXY_ADMIN_EMAIL: "admin@elixir-italy.org"
       GALAXY_ADMIN_USERNAME: "admin"
       GALAXY_VERSION: "release_17.05"
       galaxy_instance_key_pub: "your_public_key"
       galaxy_instance_description: "INDIGO-CNR test"
       set_pgsql_random_password: false
       galaxy_db_passwd: 'galaxy'
       set_proftpd_random_password: false
       proftpd_db_passwd: 'galaxy'

Setup Galaxy Docker container. The role, using ansible, automatically recognize the virtual platform (virtual machine or Docker contanier).

- hosts: servers
  roles:
     - role: indigo-dc.galaxycloud
       GALAXY_ADMIN_EMAIL: "admin@elixir-italy.org"
       GALAXY_ADMIN_USERNAME: "admin"
       GALAXY_VERSION: "release_17.05"
       galaxy_instance_key_pub: "your_public_key"
       galaxy_instance_description: "INDIGO-CNR test"
       supervisor_manage_postgres: "True"
       supervisor_manage_nginx: "True"
       supervisor_manage_proftpd: "True"

License

Apache Licence v2

References

Galaxy: https://galaxyproject.org/

Apache licence: http://www.apache.org/licenses/LICENSE-2.0