Author: tbooth-guest Date: 2014-03-24 10:13:56 +0000 (Mon, 24 Mar 2014) New Revision: 16505
Added: trunk/packages/galaxy/trunk/debian/patches/shed_tools_data_path Modified: trunk/packages/galaxy/trunk/debian/README.apache2-setup trunk/packages/galaxy/trunk/debian/README.postgres-setup trunk/packages/galaxy/trunk/debian/README.split-ini trunk/packages/galaxy/trunk/debian/changelog trunk/packages/galaxy/trunk/debian/copy_sample_config.sh trunk/packages/galaxy/trunk/debian/get-orig-source.sh trunk/packages/galaxy/trunk/debian/patches/series trunk/packages/galaxy/trunk/debian/sbin/galaxy-add-administrator trunk/packages/galaxy/trunk/debian/universe_wsgi.d/10_debian_defaults.ini Log: Various updates, trying to get tool-shed installations to work. Modified: trunk/packages/galaxy/trunk/debian/README.apache2-setup =================================================================== --- trunk/packages/galaxy/trunk/debian/README.apache2-setup 2014-03-24 07:38:24 UTC (rev 16504) +++ trunk/packages/galaxy/trunk/debian/README.apache2-setup 2014-03-24 10:13:56 UTC (rev 16505) @@ -15,12 +15,17 @@ is that users will also be able to transfer their files securely into Galaxy without using the web upload form. -The galaxy-server-apache-proxy package activates both these -features at once but you may want to enable proxying while still using internal -authentication in Galaxy or you may have reconfigured your Apache server in a way -that conflicts with the default settings. If this is the case, you should ignore -the package and set things up manually as described here. +So if you just want the standard set-up, go ahead and install the +galaxy-server-apache-proxy package which activates both these +features at once. But if you want to understand what that is doing, or to +enable proxying while still using internal authentication in Galaxy, or if you +have reconfigured your Apache server in a way that conflicts with the default +settings then you can ignore the package and set things up manually as described +here. +#! Text like this in the document indicates what would be a footnote if this were +#! a printed doc. + Security warning!! ================== @@ -36,7 +41,7 @@ You should have Apache2 installed and running from the regular apache2 package, so that your configuration fragments can be added to /etc/apache2/conf.d. This is the default on Bio-Linux. Visit http://localhost in a web browser to check -iApache is running and you can see the standard test page displayed. +if Apache is running and you can see the standard test page displayed. In addition, assuming you want PAM authentication, install the following packages: @@ -48,32 +53,29 @@ ============================ We're going to set things up so Galaxy appears at http://your.machinename/galaxy. +If you want to use a different path, modify the instructions accordingly. -The Galaxy package on Bio-Linux is already configured to use a /galaxy prefix -for the URLs, but if for some reason you decide to use some other prefix you will -need to edit /etc/galaxy-server/universe_wsgi.ini and change the lines that say -"prefix = /galaxy" and "cookie_path = /galaxy" and ensure that -"filter-with = proxy-prefix" is also set appropriately. +First for Apache. Enable the modules. -Now for Apache. - - % sudo -i ## Will give you a root shell, represented here by a hash (#) + $ sudo -i ## Will give you a root shell, represented here by a hash (#) # a2enmod proxy proxy_http rewrite Put the following lines into a file named /etc/apache2/conf.d/galaxy: -! Note: These are essentially equivalent to the ones listed in the Wiki page -! but for those to work on BL they would need to be placed within the <VirtualHost> -! tags in /etc/apache2/sites-enabled/default whereas this variant can be put -! into conf.d without editing any existing files. Order of rules is very important. -! Also the use of the proxy directory allows us to avoid costly auth calls for every -! static file requested. +#! Note: These are essentially equivalent to the ones listed in the Wiki page +#! but for those to work on BL they would need to be placed within the <VirtualHost> +#! tags in /etc/apache2/sites-enabled/default whereas this variant can be put +#! into conf.d without editing any existing files. Order of rules is very important. +#! Also the use of the proxy directory allows us to avoid costly auth calls for every +#! static file requested. Alias /galaxy /usr/share/galaxy-server <Directory /usr/share/galaxy-server> Options -Indexes RewriteEngine on RewriteBase /galaxy +RewriteRule ^(logout\..*) logout/$1 [L] +RewriteRule ^logout/ - [L] RewriteRule ^static/style/(.*) static/june_2007_style/blue/$1 [L] RewriteRule ^static/scripts/packed/ - [L] RewriteRule ^static/scripts/(.*) static/scripts/packed/$1 [L] @@ -81,6 +83,10 @@ RewriteRule ^(favicon.ico|robots.txt) static/$1 [L] RewriteRule (.*) proxy/$1 </Directory> +<Directory /usr/share/galaxy-server/logout> +Options -Indexes +AllowOverride AuthConfig FileInfo +</Directory> <Directory /usr/share/galaxy-server/proxy> Options -Indexes AllowOverride AuthConfig FileInfo @@ -89,9 +95,9 @@ RewriteRule (.*) http://localhost:8080/$1 [P,E=RU:%{REMOTE_USER}] </Directory> -Ensure the proxy directory exists: +Ensure the logout and proxy directories exists: - # mkdir -p /usr/share/galaxy-server/proxy + # mkdir -p /usr/share/galaxy-server/{proxy,logout} And tell Apache to restart and activate this new config like so: @@ -136,7 +142,7 @@ Add the following lines to /usr/share/galaxy-server/proxy/.htaccess: -! Note the "Require group" line means only users in the galaxy group get access. +#! Note the "Require group" line means only users in the galaxy group get access. AuthBasicProvider external AuthExternal pwauth @@ -151,30 +157,39 @@ # service apache2 restart -! Note: The Wiki page gives a slightly more complicated way of dealing with the REMOTE_USER -! variable which doesn't actually work for the setup described here. Looking on Google there -! are various discussions of the issue but no explanations of the underlying problem, so I -! had to experiment. The final RewriteRule in conf.d/galaxy above passes REMOTE_USER to the Proxy -! module before it disappears from scope, and the RequestHeader line in .htaccess then adds -! it to the proxied request. Passing the variable in the RewriteRule has no effect without -! the RequestHeader directive so there is no reason not to have it there even if you are not -! using Apache for authentication. -! Also, the Authorization header has the password embedded in it, so I scrub this out before -! proxying. Galaxy doesn't need this info and the less that login passwords are passed around -! the better. +#! Note: The Wiki page gives a slightly more complicated way of dealing with the REMOTE_USER +#! variable which doesn't actually work for the setup described here. Looking on Google there +#! are various discussions of the issue but no explanations of the underlying problem, so I +#! had to experiment. The final RewriteRule in conf.d/galaxy above passes REMOTE_USER to the Proxy +#! module before it disappears from scope, and the RequestHeader line in .htaccess then adds +#! it to the proxied request. Passing the variable in the RewriteRule has no effect without +#! the RequestHeader directive so there is no reason not to have it there even if you are not +#! using Apache for authentication. +#! Also, the Authorization header has the password embedded in it, so I scrub this out before +#! proxying. Galaxy doesn't need this info and the less that login passwords are passed around +#! the better. -Finally, tell Galaxy to defer user authentication to Apache. Edit /etc/galaxy-server/universe_wsgi.ini -and find and modify these settings: +Finally, tell Galaxy to defer user authentication to Apache. Make a file +/etc/galaxy-server/universe_wsgi.ini.d/31_apache-proxy.ini and add the following: +[app:main] use_remote_user = True remote_user_maildomain = localhost +filter-with = proxy-prefix +[filter:proxy-prefix] +use = egg:PasteDeploy#prefix +prefix = /galaxy + +Note that the last four lines should not be necessary as they are already the +defaults on Bio-Linux but if for some reason you want to change the prefix from +/galaxy you can do so here. + And restart Galaxy: # service galaxy restart -#### TODO - see if I can make logout work as per the last suggestion here: -http://stackoverflow.com/questions/4163122/http-basic-authentication-log-out ### +#### TODO - I need to document my implementation of the logout hack. Enabling Efficient File Transfers ================================= @@ -184,20 +199,21 @@ /var/lib/galaxy-server/transfer and set appropriate permissions so that users can place files there for upload with the Upload File feature of Galaxy. -To enable this feature set the ftp_upload_dir option in /etc/galaxy-server/universe_wsgi.d to -/var/lib/galaxy-server/transfer, and also set ftp_upload_site to the name of your server. +To enable this feature set the ftp_upload_dir option in universe_wsgi.ini.d/31_apache-proxy.ini +to /var/lib/galaxy-server/transfer, and also set ftp_upload_site to the name of your server. Users likely want to make a symlink to their transfer area in their home directory - eg: $ ln -s /var/lib/galaxy-server/transfer/$USER@localhost ~/galaxy_transfer -! Note1 - galaxy-server-apache-proxy package will enable file transfers as described here, but -! will not add symlinks to user home dirs. Each user has to do that themselves. -! Note2 - users with a personal umask of 007 or 077 will need to ensure that the files they -! put in their transfer directory are world-readable (o+r) so the Galaxy server can see them. -! This will not make the files visible to other users as users cannot see into other transfer -! directories at all. +#! Note1 - galaxy-server-apache-proxy package will enable file transfers as described here, but +#! will not add symlinks to user home dirs. Each user has to do that themselves. +#! Note2 - users with a personal umask of 007 or 077 will need to ensure that the files they +#! put in their transfer directory are world-readable (o+r) so the Galaxy server can see them. +#! This will not make the files visible to other users as users cannot see into other transfer +#! directories at all. + It is also possible to have things the other way round, replacing the user1@localhost directory with a symlink to some folder in the user's home dir. The user will need to "chmod a+x ~" and the sysadmin will need to put the link in place. This could be useful if your /home @@ -208,7 +224,7 @@ If you are using Galaxy on the local machine, connecting via "http://localhost/galaxy"; there is no problem with network security as no passwords go over the wire. On a local ethernet -segment it is arguably over-paranoid to worry about password sniffing, but on a WAN or any +segment it is arguably paranoid to worry about password sniffing, but on a WAN or any sort of wireless connection youa really want to encrypt traffic. Option 1: Use FreeNX or X2Go or SSH with X11 forwarding to run a web browser on the Bio-Linux Modified: trunk/packages/galaxy/trunk/debian/README.postgres-setup =================================================================== --- trunk/packages/galaxy/trunk/debian/README.postgres-setup 2014-03-24 07:38:24 UTC (rev 16504) +++ trunk/packages/galaxy/trunk/debian/README.postgres-setup 2014-03-24 10:13:56 UTC (rev 16505) @@ -8,12 +8,12 @@ for more details. Bio-Linux already comes with both PostgreSQL and MySQL. Furthermore, a -convenience package called galaxy-server-pg-database can help you set this up to -work with Galaxy. In the simplest case: +convenience package called galaxy-server-pg-database can help you set PostgreSQL +up to work with Galaxy. In the simplest case: $ sudo apt-get install galaxy-server-pg-database -will give you a secure and ready-to-use set-up. +will give you a secure and ready-to-use set-up, and you are done. This document is therefore useful if you want to: @@ -35,11 +35,11 @@ Checking the PostgreSQL set-up on Bio-Linux =========================================== -(( NB: You will not find any information about PostgreSQL "clusters" in the -regular PostgreSQL documentation because they are a specific feature of Debian -(inherited by Ubuntu and thus Bio-Linux) - see -http://nebc.nerc.ac.uk/tools/bio-linux/other-bl-docs/sql-databases-on-bio-linux -and /usr/share/doc/postgresql-common/README.Debian.gz. )) +#! NB: You will not find any information about PostgreSQL "clusters" in the +#! regular PostgreSQL documentation because they are a specific feature of Debian +#! (inherited by Ubuntu and thus Bio-Linux) - see +#! http://nebc.nerc.ac.uk/tools/bio-linux/other-bl-docs/sql-databases-on-bio-linux +#! and /usr/share/doc/postgresql-common/README.Debian.gz. Run the command "pg_lsclusters". You should see output something like this: @@ -88,13 +88,13 @@ above), or you can just stop the old cluster before installing the package - the script will then ignore it and proceed to create the new database. -Once these check are passed, the script will do the following: +Once these checks are passed, the script will do the following: sudo -Hi -u postgres createuser -w Debian-galaxy -DRS sudo -Hi -u postgres createdb -w Debian-galaxy -E UTF8 -O Debian-galaxy -/etc/galaxy-server/universe_wsgi.ini will be modified to access the new database -and options recommended for PostgreSQL will be activated: +/etc/galaxy-server/universe_wsgi.d/32_pg-database.ini will tell Galaxy to access +the new database and options recommended for PostgreSQL will be activated: database_connection = postgresql:///Debian-galaxy @@ -115,14 +115,15 @@ The package does not directly populate the new database. This is done by restarting Galaxy, which will see that the database is empty and will -automatically repopulate it. Updated versions of Galaxy should also look after -adding their own modifications to the Galaxy schema. +automatically repopulate it. Updated versions of Galaxy will (or at least should) +also look after adding their own modifications to the Galaxy schema. The package doesn't add any cron jobs to clean out stale data (I may look at adding this). -The package does not purge the database when it is removed, but it will try to -re-set the configuration in universe_wsgi.ini. +The package does not purge the database when it is removed, even if the package is +purged. Also you currently need to purge the package to remove the files in /etc +though this might change at some point. Things you might want to set up manually ======================================== @@ -147,4 +148,3 @@ $ head -c 21 /dev/urandom| base64 - Modified: trunk/packages/galaxy/trunk/debian/README.split-ini =================================================================== --- trunk/packages/galaxy/trunk/debian/README.split-ini 2014-03-24 07:38:24 UTC (rev 16504) +++ trunk/packages/galaxy/trunk/debian/README.split-ini 2014-03-24 10:13:56 UTC (rev 16505) @@ -3,7 +3,7 @@ modular configuration bits I need to use this, so it has been incorporated into the Galaxy start-up script. -The package provides a /etc/galaxy-server/universe_wsgi.d directory containing: +Bio-Linux packaging provides a /etc/galaxy-server/universe_wsgi.d directory containing: 00_upstream.ini - A copy of universe_wsgi.ini from upstream. @@ -13,12 +13,14 @@ 32_pg-database.ini - Added by galaxy-server-pg-database if you install that. +35_tools_bl.ini - Added by galaxy-tools-bl if you install that. + Users are advised not to edit any of these but to make new files with a higher priority and modify the contents. Eg. to change the Apache settings: -$ cd /etc/galaxy-server/universe-wsgi.d -$ sudo cp 31_apache-proxy.ini 50_local.ini -$ sudo nano 50_local.ini + $ cd /etc/galaxy-server/universe-wsgi.d + $ sudo cp 31_apache-proxy.ini 50_local.ini + $ sudo nano 50_local.ini The scripts/build_universe_config.py script will be used to create a config file under /tmp each time Galaxy is started, and there will be no Modified: trunk/packages/galaxy/trunk/debian/changelog =================================================================== --- trunk/packages/galaxy/trunk/debian/changelog 2014-03-24 07:38:24 UTC (rev 16504) +++ trunk/packages/galaxy/trunk/debian/changelog 2014-03-24 10:13:56 UTC (rev 16505) @@ -1,3 +1,9 @@ +galaxy (1.bl.py27.20140210-0biolinux2) precise; urgency=low + + * Fixed misspelling of shed-tools/shed_tools that messed up symlinks + + -- Tim Booth <[email protected]> Thu, 20 Mar 2014 11:49:33 +0000 + galaxy (1.bl.py27.20140210-0biolinux1) precise; urgency=low * Updated Galaxy since previous version seems to have fundamental Modified: trunk/packages/galaxy/trunk/debian/copy_sample_config.sh =================================================================== --- trunk/packages/galaxy/trunk/debian/copy_sample_config.sh 2014-03-24 07:38:24 UTC (rev 16504) +++ trunk/packages/galaxy/trunk/debian/copy_sample_config.sh 2014-03-24 10:13:56 UTC (rev 16505) @@ -18,7 +18,6 @@ external_service_types_conf.xml.sample migrated_tools_conf.xml.sample reports_wsgi.ini.sample - shed_tool_data_table_conf.xml.sample tool_conf.xml.sample tool_data_table_conf.xml.sample tool_sheds_conf.xml.sample @@ -32,21 +31,21 @@ # Create all the config files for sample in $SAMPLES; do - file=`echo $sample | sed -e 's/\.sample$//'` - filebase=`basename $file` - if [ -e "../config_override/$filebase" ] ; then - echo "Initializing /etc/galaxy-server/$file from config_override/$filebase" - mkdir -p etc/galaxy-server/`dirname $file` - cp "../config_override/$filebase" etc/galaxy-server/$file - ln -s /etc/galaxy-server/$file usr/lib/galaxy-server/$file - else - echo "Initializing /etc/galaxy-server/$file from `basename $sample`" - mkdir -p etc/galaxy-server/`dirname $file` - cp usr/lib/galaxy-server/$sample etc/galaxy-server/$file - ln -s /etc/galaxy-server/$file usr/lib/galaxy-server/$file - fi - #And remove the .sample versions - rm usr/lib/galaxy-server/$sample + file=`echo $sample | sed -e 's/\.sample$//'` + filebase=`basename $file` + if [ -e "../config_override/$filebase" ] ; then + echo "Initializing /etc/galaxy-server/$file from config_override/$filebase" + mkdir -p etc/galaxy-server/`dirname $file` + cp "../config_override/$filebase" etc/galaxy-server/$file + ln -s /etc/galaxy-server/$file usr/lib/galaxy-server/$file + else + echo "Initializing /etc/galaxy-server/$file from `basename $sample`" + mkdir -p etc/galaxy-server/`dirname $file` + cp usr/lib/galaxy-server/$sample etc/galaxy-server/$file + ln -s /etc/galaxy-server/$file usr/lib/galaxy-server/$file + fi + #And remove the .sample versions + rm usr/lib/galaxy-server/$sample done # Deal with universe_wsgi.d @@ -58,8 +57,9 @@ mv usr/lib/galaxy-server/universe_wsgi.ini.sample "$d"/00_upstream.ini cp ../universe_wsgi.d/1* "$d" -# Deal with shed_tool_conf.xml -stc=shed_tool_conf.xml -echo "Initialising /var/lib/galaxy-server/${stc} from ${stc}.sample" -mv usr/lib/galaxy-server/${stc}.sample var/lib/galaxy-server/shed-tools/${stc} -ln -s /var/lib/galaxy-server/shed-tools/${stc} usr/lib/galaxy-server/${stc} +# Deal with shed_tool*_conf.xml +for stc in shed_tool_conf.xml shed_tool_data_table_conf.xml ; do + echo "Initialising /var/lib/galaxy-server/${stc} from ${stc}.sample" + mv -v usr/lib/galaxy-server/${stc}.sample var/lib/galaxy-server/shed_tools/${stc} + ln -s /var/lib/galaxy-server/shed_tools/${stc} usr/lib/galaxy-server/${stc} +done Modified: trunk/packages/galaxy/trunk/debian/get-orig-source.sh =================================================================== --- trunk/packages/galaxy/trunk/debian/get-orig-source.sh 2014-03-24 07:38:24 UTC (rev 16504) +++ trunk/packages/galaxy/trunk/debian/get-orig-source.sh 2014-03-24 10:13:56 UTC (rev 16505) @@ -59,11 +59,13 @@ # Work on the tarball... # Sort out the directory name mv -v galaxy-galaxy-dist-* galaxy-dist -# Download all the eggs, including psychopg2 +# Download all the eggs, but not psychopg2 +# Purge any .pyc files pushd galaxy-dist python ./scripts/fetch_eggs.py -c universe_wsgi.ini.sample - python ./scripts/fetch_eggs.py -c universe_wsgi.ini.sample -e psycopg2 + #python ./scripts/fetch_eggs.py -c universe_wsgi.ini.sample -e psycopg2 python ./scripts/fetch_eggs.py -c universe_wsgi.ini.sample -e sqlalchemy-migrate + find -name '*.pyc' -delete popd echo "Repacking galaxy-repack_$REPACK_VERSION.tar.xz" Modified: trunk/packages/galaxy/trunk/debian/patches/series =================================================================== --- trunk/packages/galaxy/trunk/debian/patches/series 2014-03-24 07:38:24 UTC (rev 16504) +++ trunk/packages/galaxy/trunk/debian/patches/series 2014-03-24 10:13:56 UTC (rev 16505) @@ -5,3 +5,4 @@ use_system_python_libs force_use_of_bash_interpreter drop_tmp_table_before_upgrade +shed_tools_data_path Added: trunk/packages/galaxy/trunk/debian/patches/shed_tools_data_path =================================================================== --- trunk/packages/galaxy/trunk/debian/patches/shed_tools_data_path (rev 0) +++ trunk/packages/galaxy/trunk/debian/patches/shed_tools_data_path 2014-03-24 10:13:56 UTC (rev 16505) @@ -0,0 +1,11 @@ +--- a/lib/tool_shed/util/tool_util.py ++++ b/lib/tool_shed/util/tool_util.py +@@ -207,7 +207,7 @@ + def copy_sample_file( app, filename, dest_path=None ): + """Copy xxx.sample to dest_path/xxx.sample and dest_path/xxx. The default value for dest_path is ~/tool-data.""" + if dest_path is None: +- dest_path = os.path.abspath( app.config.tool_data_path ) ++ dest_path = os.path.abspath( app.config.shed_tool_data_path ) + sample_file_name = suc.strip_path( filename ) + copied_file = sample_file_name.replace( '.sample', '' ) + full_source_path = os.path.abspath( filename ) Modified: trunk/packages/galaxy/trunk/debian/sbin/galaxy-add-administrator =================================================================== --- trunk/packages/galaxy/trunk/debian/sbin/galaxy-add-administrator 2014-03-24 07:38:24 UTC (rev 16504) +++ trunk/packages/galaxy/trunk/debian/sbin/galaxy-add-administrator 2014-03-24 10:13:56 UTC (rev 16505) @@ -108,8 +108,8 @@ } elsif( $create_ini && $mode eq 'show' ) { - print "The file $ini was not found. If you add an administrator with this\n". - "script it will be created for you.\n"; + print "The file $ini was not found.\n". + "If you add an administrator with this script it will be created for you.\n"; usage(); } else Modified: trunk/packages/galaxy/trunk/debian/universe_wsgi.d/10_debian_defaults.ini =================================================================== --- trunk/packages/galaxy/trunk/debian/universe_wsgi.d/10_debian_defaults.ini 2014-03-24 07:38:24 UTC (rev 16504) +++ trunk/packages/galaxy/trunk/debian/universe_wsgi.d/10_debian_defaults.ini 2014-03-24 10:13:56 UTC (rev 16505) @@ -45,5 +45,10 @@ # public. new_user_dataset_access_role_default_private = True +# By default tool defs installed into the shed try to write to ./tool-data, +# but that is read-only. +shed_tools_data_path = shed_tools/data +tool_dependency_dir = shed_tools/deps + # And no debugging, ta. debug = False _______________________________________________ debian-med-commit mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/debian-med-commit
