Skip to content

Commit

Permalink
Merge branch 'main' into nginx_optimizations
Browse files Browse the repository at this point in the history
  • Loading branch information
dometto authored Jan 6, 2025
2 parents efc3a67 + 1a8f046 commit 6429b24
Show file tree
Hide file tree
Showing 11 changed files with 93 additions and 42 deletions.
13 changes: 13 additions & 0 deletions .ansible-lint
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
---
profile: production
exclude_paths:
- docs
- .github
- molecule/
skip_list:
- role-name
- var-naming
warn_list:
- yaml[line-length]
- no-changed-when
- no-handler
29 changes: 29 additions & 0 deletions .github/workflows/ansible_lint.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
name: ansible-lint
on:
push:
branches:
- main
paths:
- '**/**.yaml'
- '**/**.yml'
pull_request:
branches:
- main
types:
- opened
- reopened
- synchronize
- ready_for_review
paths:
- '**/**.yaml'
- '**/**.yml'
jobs:
build:
name: Ansible Lint # Naming the build is important to use it as a status check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run ansible-lint
uses: ansible/ansible-lint@main
with:
args: "."
17 changes: 8 additions & 9 deletions tasks/bootstrap.yml
Original file line number Diff line number Diff line change
@@ -1,16 +1,15 @@
---
- name: Wait for galaxy server to come up
ansible.builtin.uri:
url: "http://{{ _galaxy_local_address }}/api/version"
url: http://{{ _galaxy_local_address }}/api/version
register: galaxy_service_live
until: "galaxy_service_live.status == 200"
until: galaxy_service_live.status == 200
retries: 30
delay: 10 # check every 10 seconds for a maximum of 5 minutes

- name: Get user defined tools and workflows from a custom git repo
when: _galaxy_custom_repo | length > 0
block:

- name: Clone the git repo
ansible.builtin.git:
repo: "{{ _galaxy_custom_repo }}"
Expand All @@ -23,29 +22,29 @@
ansible.builtin.find:
paths: "{{ _galaxy_custom_repo_clone_dest }}/{{ _galaxy_custom_repo_tool_location }}"
file_type: file
patterns: ['*.yml', '*.yaml']
patterns: ["*.yml", "*.yaml"]
register: _galaxy_custom_repo_tool_files

- name: Set custom tool files array
set_fact:
ansible.builtin.set_fact:
_galaxy_custom_tool_files: "{{ _galaxy_custom_repo_tool_files['files'] | map(attribute='path') | list | default([]) }}"

- name: Find all workflows in repo
ansible.builtin.find:
paths: "{{ _galaxy_custom_repo_clone_dest }}/{{ _galaxy_custom_repo_workflow_location }}"
file_type: file
patterns: ['*.ga']
patterns: ["*.ga"]
register: _galaxy_custom_repo_workflow_files

- name: Set custom workflow files array
set_fact:
ansible.builtin.set_fact:
_galaxy_custom_workflow_files: "{{ _galaxy_custom_repo_workflow_files['files'] | map(attribute='path') | list | default([]) }}"

- name: Install tools and workflows
ansible.builtin.include_role:
name: galaxyproject.galaxy-tools
vars:
galaxy_tools_base_dir: "/home/{{ galaxy_user }}"
galaxy_tools_base_dir: /home/{{ galaxy_user }}
galaxy_tools_api_key: "{{ _galaxy_config.galaxy.bootstrap_admin_api_key }}"
galaxy_tools_create_bootstrap_user: true
galaxy_tools_delete_bootstrap_user: true
Expand All @@ -54,6 +53,6 @@
galaxy_tools_install_workflows: true
galaxy_tools_galaxy_publish_workflows: true
galaxy_tools_ignore_errors: false
galaxy_tools_galaxy_instance_url: "http://{{ _galaxy_local_address }}"
galaxy_tools_galaxy_instance_url: http://{{ _galaxy_local_address }}
galaxy_tools_tool_list_files: "{{ (_galaxy_tool_files | default([])) + (_galaxy_custom_tool_files | default([])) }}"
galaxy_tools_workflows: "{{ (_galaxy_workflow_files | default([])) + (_galaxy_custom_workflow_files | default([])) }}"
13 changes: 7 additions & 6 deletions tasks/interactive_tools.yml
Original file line number Diff line number Diff line change
@@ -1,21 +1,22 @@
---
- name: Add interactive tool proxy conf for nginx
ansible.builtin.template:
src: "templates/nginx/galaxy-gie-proxy.j2"
dest: "/etc/nginx/conf.d/gie-server.conf"
src: templates/nginx/galaxy-gie-proxy.j2
dest: /etc/nginx/conf.d/gie-server.conf
mode: "0640"
owner: "www-data"
group: "www-data"
owner: www-data
group: www-data
notify: restart nginx

- name: Remove comment to activate default interactive tools
# match [\d\D\n] to match digits, non-digits, and newlines -- this is because .* does not match newlines in ansible.builtin.replace
ansible.builtin.replace:
path: "{{ galaxy_config_dir }}/tool_conf.xml"
regexp: '\s*<!--\s*\n.*(<section id="interactivetools" name="Interactive tools">[\d\D\n]*</section>)\n\s*-->'
replace: '\n \1'
regexp: \s*<!--\s*\n.*(<section id="interactivetools" name="Interactive tools">[\d\D\n]*</section>)\n\s*-->
replace: \n \1

- name: Copy script to dynamically determine if a job should use Docker
ansible.builtin.template:
src: default_dispatch.py.j2
dest: "{{ galaxy_server_dir }}/lib/galaxy/jobs/rules/{{ _galaxy_default_dispatcher }}.py"
mode: "0755"
1 change: 0 additions & 1 deletion tasks/nginx.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
---

- name: Add custom 502 page
ansible.builtin.copy:
src: nginx/error502.html
Expand Down
10 changes: 6 additions & 4 deletions tasks/set_config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,17 +17,19 @@

- name: Set admins from CO group
ansible.builtin.set_fact:
_galaxy_admins: "{{ fact_co_groups[_galaxy_admin_co_group] | product(['@' + _galaxy_remote_user_maildomain]) | map('join') | list | join(',') | default('') }}"
_galaxy_admins: >-
{{ fact_co_groups[_galaxy_admin_co_group] | product(['@' + _galaxy_remote_user_maildomain]) |
map('join') | list | join(',') | default('') }}
when: fact_co_groups[_galaxy_admin_co_group] is defined

- name: Set admins to blank
ansible.builtin.set_fact:
_galaxy_admins: ''
_galaxy_admins: ""
when: fact_co_groups[_galaxy_admin_co_group] is not defined

- name: Determine whether to bootstrap Galaxy
set_fact:
_galaxy_do_bootstrap: "{{ _galaxy_bootstrap and _galaxy_tool_files | length + _galaxy_workflow_files | length + _galaxy_custom_repo | length > 0}}"
ansible.builtin.set_fact:
_galaxy_do_bootstrap: "{{ _galaxy_bootstrap and _galaxy_tool_files | length + _galaxy_workflow_files | length + _galaxy_custom_repo | length > 0 }}"

- name: Generate a bootstrap key
when: _galaxy_do_bootstrap and not _molecule_idempotence
Expand Down
11 changes: 6 additions & 5 deletions vars/galaxy_vars.yml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
---
# Variables for the galaxyproject.galaxy role
galaxy_config_style: yaml
galaxy_layout: custom
Expand All @@ -6,8 +7,8 @@ galaxy_root: "{{ galaxy_server_dir }}" # workaround https://github.com/galaxypro
galaxy_manage_systemd: false
galaxy_venv_dir: "{{ _galaxy_root }}/venv"
galaxy_config_dir: "{{ _galaxy_root }}/config"
galaxy_mutable_data_dir: "{{ src_galaxy_storage_path | default(_galaxy_root+'/datadir', true) }}" # component variable src_galaxy_storage_path
galaxy_commit_id: "release_{{ src_galaxy_version | default('23.2', true) }}" # component variable src_galaxy_version
galaxy_mutable_data_dir: "{{ src_galaxy_storage_path | default(_galaxy_root + '/datadir', true) }}" # component variable src_galaxy_storage_path
galaxy_commit_id: release_{{ src_galaxy_version | default('23.2', true) }} # component variable src_galaxy_version
galaxy_separate_privileges: true
galaxy_create_user: true
galaxy_manage_paths: true
Expand All @@ -27,7 +28,7 @@ galaxy_config_templates:
dest: "{{ galaxy_config_dir }}/pulsar_app.yml"
postgresql_objects_users:
- name: galaxy
password: null
password:
postgresql_objects_databases:
- name: galaxy
owner: galaxy
Expand All @@ -39,7 +40,7 @@ galaxy_configuration:
admin_users: "{{ _galaxy_admins }}"
remote_user_maildomain: "{{ _galaxy_remote_user_maildomain }}"
remote_user_secret: "{{ _galaxy_remote_user_secret }}"
database_connection: "postgresql:///galaxy?host=/var/run/postgresql"
database_connection: postgresql:///galaxy?host=/var/run/postgresql
file_path: "{{ galaxy_mutable_data_dir }}/datasets"
job_config_file: "{{ galaxy_config_dir }}/job_conf.yml"
tool_config_file: "{{ galaxy_config_dir }}/tool_conf.xml"
Expand All @@ -64,7 +65,7 @@ galaxy_configuration:
# Other options that will be passed to gunicorn
# This permits setting of 'secure' headers like REMOTE_USER (and friends)
# https://docs.gunicorn.org/en/stable/settings.html#forwarded-allow-ips
extra_args: '--forwarded-allow-ips="*"'
extra_args: --forwarded-allow-ips="*"
# This lets Gunicorn start Galaxy completely before forking which is faster.
# https://docs.gunicorn.org/en/stable/settings.html#preload-app
preload: true
Expand Down
1 change: 1 addition & 0 deletions vars/interactive_tools_vars.yml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
---
gie_proxy_dir: "{{ _galaxy_root }}/gie-proxy/proxy"
gie_proxy_sessions_path: "{{ galaxy_mutable_data_dir }}/interactivetools_map.sqlite"
gie_proxy_path_prefix: /interactivetool/ep
Expand Down
7 changes: 4 additions & 3 deletions vars/internal_vars.yml
Original file line number Diff line number Diff line change
@@ -1,17 +1,18 @@
---
# Internal variables that are not user configurable

# Is this a molecule run?
_molecule_active: "{{ true if 'molecule-notest' in ansible_skip_tags else false }}"
_molecule_idempotence: "{{ true if 'molecule-idempotence-notest' in ansible_skip_tags else false }}"

# Authorisation and authentication
_galaxy_remote_user_maildomain: "src.surf-hosted.nl"
_galaxy_remote_user_maildomain: src.surf-hosted.nl
_galaxy_custom_repo_clone_dest: /tmp/galaxy_load_on_deploy

# if using a user-supplied git repo for installing tools, what subdirectory are the tools in?
_galaxy_custom_repo_tool_location: 'tools'
_galaxy_custom_repo_tool_location: tools
# if using a user-supplied git repo for installing workflows, what subdirectory are the workflows in?
_galaxy_custom_repo_workflow_location: 'workflows'
_galaxy_custom_repo_workflow_location: workflows

# Paths to server dir
_galaxy_root: /srv/galaxy
Expand Down
23 changes: 12 additions & 11 deletions vars/nginx_vars.yml
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
---
galaxy_nginx_vhost_config:
- name: galaxy
location: /
error_page: 502 /galaxy502.html
proxy_pass: "http://{{ _galaxy_local_address }}"
proxy_pass: http://{{ _galaxy_local_address }}
auth: "{{ _molecule_active | ternary(omit, 'sram') }}"
proxy_set_header:
GX_SECRET: "{{ _galaxy_remote_user_secret | default(omit) }}"
Expand All @@ -15,34 +16,34 @@ galaxy_nginx_vhost_config:
gzip_buffers: 16 8k
- name: api
location: /api/
proxy_pass: "http://{{ _galaxy_local_address }}/api/"
proxy_pass: http://{{ _galaxy_local_address }}/api/
auth: "{{ _galaxy_api_exposed | ternary('noauth', 'sram') }}"
- name: static
location: /static
alias: "{{ galaxy_server_dir }}/static"
auth: noauth
- name: static_plugins
location: "~ ^/plugins/(?<plug_type>.+?)/(?<vis_name>.+?)/static/(?<static_file>.*?)$"
expires: '24'
location: ~ ^/plugins/(?<plug_type>.+?)/(?<vis_name>.+?)/static/(?<static_file>.*?)$
expires: "24"
alias: "{{ galaxy_server_dir }}/config/plugins/$plug_type/$vis_name/static/$static_file"
auth: noauth
- name: favicon
location: /favicon.ico
expires: 24h
auth: noauth
- name: interactive_tools
location: "~* ^/(interactivetool/.+)$"
proxy_redirect: 'off'
proxy_http_version: '1.1'
proxy_pass: "http://localhost:{{ gie_proxy_port }}"
location: ~* ^/(interactivetool/.+)$
proxy_redirect: "off"
proxy_http_version: "1.1"
proxy_pass: http://localhost:{{ gie_proxy_port }}
- name: custom_502
location: = /galaxy502.html
root: "{{ _galaxy_error_502 | dirname }}"
internal: ''
internal: ""
- name: x_accel_redirect
location: /_x_accel_redirect/
internal: ''
alias: '/'
internal: ""
alias: /
add_headers:
Access-Control-Allow-Origin: $upstream_http_access_control_allow_origin
Access-Control-Allow-Methods: $upstream_http_access_control_allow_methods
Expand Down
10 changes: 7 additions & 3 deletions vars/src_galaxy_vars.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---
# Variables derived from component parameters in ResearchCLoud

_galaxy_bootstrap: "{{ _molecule_idempotence | ternary(false, src_galaxy_bootstrap | default(true, true) | bool ) }}"
_galaxy_bootstrap: "{{ _molecule_idempotence | ternary(false, src_galaxy_bootstrap | default(true, true) | bool) }}"
_galaxy_ibridges_enabled: "{{ src_ibridges | default(true, true) | bool }}"
_galaxy_default_tool_files:
- path: tools/ibridges.yml
Expand All @@ -13,12 +14,15 @@ _galaxy_api_exposed: "{{ src_galaxy_api_exposed | default(true, true) }}"
_galaxy_use_interactive_tools: "{{ src_galaxy_interactive_tools | default(true, true) | bool }}"
_galaxy_server_fqdn: "{{ workspace_fqdn | default('localhost', true) }}"
_galaxy_jobs_default: "{{ src_galaxy_jobs_default | default('local', true) }}"
_galaxy_enable_docker: "{{ _galaxy_use_interactive_tools or (_galaxy_jobs_default == 'docker' ) }}"
_galaxy_enable_docker: "{{ _galaxy_use_interactive_tools or (_galaxy_jobs_default == 'docker') }}"
_galaxy_enable_tus: "{{ src_galaxy_enable_tus | default(true, true) }}"
_galaxy_external_url: "https://{{ workspace_fqdn }}"


# Build the final lists of tool and workflow installation files
_galaxy_tool_files: "{{ src_galaxy_tool_files | default('', true) | split(',') | select() + _galaxy_default_tool_files_list }}" # select() necessary because split on the default '' yields ['']

# select() necessary because split on the default '' yields ['']
_galaxy_tool_files: "{{ src_galaxy_tool_files | default('', true) | split(',') | select() + _galaxy_default_tool_files_list }}"
_galaxy_workflow_files: "{{ src_galaxy_workflow_files | default('') | split(',') | select() }}"

# Note that some component parameters are also used in galaxy_vars.yml:
Expand Down

0 comments on commit 6429b24

Please sign in to comment.