Ilya, Nate,

To add a bit of background to the below, we have several clusters on campus 
that use very different accounting systems; some run as a regular cron job to 
process job run info, however others use a qsub wrapper to check service units 
prior to job submission (a byproduct of being part of teragrid/xcede).  It 
seems the most direct route to work around accounting-level differences is to 
submit the job as a user (so I'm interested in this solution), but the below 
security questions I mentioned were raised by a number of our local cluster 
sysadmins as well as (if I'm not mistaken) at the conference.  

Were these ever addressed, or is it considered an non-issue?  Apologies about 
re-sending, I didn't know if this had been answered elsewhere, but this was a 
serious concern that may block us from using some pretty nice HPC resources.

chris

On Nov 1, 2011, at 4:59 PM, Fields, Christopher J wrote:

> I recall at the Galaxy conf there were questions on how secure this is 
> (having the 'galaxy' user submit jobs as someone else).  This would involve 
> switching users on the cluster or would require user login information, 
> correct?
> 
> The way we planned on working around this was to just specify a user account 
> string (using '-A') instead of bothering with switching users.  I believe our 
> local cluster disallows switching users via PBS unless the submitter has 
> admin privs, but the accounting string works fine (I suppose one could use 
> the project option as well).
> 
> chris
> 
> On Oct 31, 2011, at 6:30 PM, Chorny, Ilya wrote:
> 
>> I modified drmaa.py to pass the galaxy users path variable to the actual 
>> user. As long as the galaxy user's environment is correct then the actual 
>> user's environment should be correct.  
>> 
>> -----Original Message-----
>> From: Glen Beane [mailto:glen.be...@jax.org] 
>> Sent: Monday, October 31, 2011 4:20 PM
>> To: Chorny, Ilya
>> Cc: Lloyd Brown; Galaxy Dev List
>> Subject: Re: [galaxy-dev] Clusters, Runners, and user credentials
>> 
>> Many of us are using the PBS job runner (for TORQUE) and would definitely be 
>> interested in a port. 
>> 
>> How do you deal with making sure the user's environment is configured 
>> properly? We use a python virtualenv and load specific module files with 
>> tested tool versions in our galaxy users startup scripts on our cluster. 
>> 
>> Sent from my iPhone
>> 
>> On Oct 31, 2011, at 6:29 PM, "Chorny, Ilya" <icho...@illumina.com> wrote:
>> 
>>> BTW, I am not sure if PBS works with drmaa. If not then the code will need 
>>> to be ported to work with pbs.
>>> 
>>> Ilya
>>> 
>>> 
>>> -----Original Message-----
>>> From: galaxy-dev-boun...@lists.bx.psu.edu 
>>> [mailto:galaxy-dev-boun...@lists.bx.psu.edu] On Behalf Of Chorny, Ilya
>>> Sent: Monday, October 31, 2011 3:27 PM
>>> To: Lloyd Brown; Galaxy Dev List
>>> Subject: Re: [galaxy-dev] Clusters, Runners, and user credentials
>>> 
>>> Lyod,
>>> 
>>> See Nate's email below Title: Actual user code. We have been working on 
>>> implementing this feature in galaxy. The code is still in development but 
>>> feel free to test it out and let us know how it works for you.
>>> 
>>> Best,
>>> 
>>> Ilya
>>> 
>>> -----Original Message-----
>>> From: galaxy-dev-boun...@lists.bx.psu.edu 
>>> [mailto:galaxy-dev-boun...@lists.bx.psu.edu] On Behalf Of Lloyd Brown
>>> Sent: Monday, October 31, 2011 2:35 PM
>>> To: Galaxy Dev List
>>> Subject: [galaxy-dev] Clusters, Runners, and user credentials
>>> 
>>> I'm a systems administrator for an HPC cluster, and have been asked by a 
>>> faculty member here to try to get galaxy to work on our cluster.
>>> Unfortunately, there are one or two outstanding questions that I can't seem 
>>> to find the answer to, and I'm hoping someone here can help me out.
>>> 
>>> In particular, is galaxy, and the PBS runner specifically, capable of 
>>> submitting jobs under specific user names?  Essentially, if I set up galaxy 
>>> to push jobs to our cluster, will they all show up under one user 
>>> credential (eg. the "galaxy" user), or can we set it up so that the user 
>>> logged into galaxy, is used to submit the job?
>>> 
>>> This one is kindof a show-stopper, since our internal policies require that 
>>> all jobs have a specific user credential, with one person per username.
>>> 
>>> Thanks,
>>> Lloyd
>>> 
>>> 
>>> --
>>> Lloyd Brown
>>> Systems Administrator
>>> Fulton Supercomputing Lab
>>> Brigham Young University
>>> http://marylou.byu.edu
>>> ___________________________________________________________
>>> Please keep all replies on the list by using "reply all"
>>> in your mail client.  To manage your subscriptions to this and other Galaxy 
>>> lists, please use the interface at:
>>> 
>>> http://lists.bx.psu.edu/
>>> 
>>> ___________________________________________________________
>>> Please keep all replies on the list by using "reply all"
>>> in your mail client.  To manage your subscriptions to this and other Galaxy 
>>> lists, please use the interface at:
>>> 
>>> http://lists.bx.psu.edu/
>>> 
>>> ___________________________________________________________
>>> Please keep all replies on the list by using "reply all"
>>> in your mail client.  To manage your subscriptions to this and other 
>>> Galaxy lists, please use the interface at:
>>> 
>>> http://lists.bx.psu.edu/
>> 
>> ___________________________________________________________
>> Please keep all replies on the list by using "reply all"
>> in your mail client.  To manage your subscriptions to this
>> and other Galaxy lists, please use the interface at:
>> 
>> http://lists.bx.psu.edu/
> 
> 
> ___________________________________________________________
> Please keep all replies on the list by using "reply all"
> in your mail client.  To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
> 
>  http://lists.bx.psu.edu/


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:

  http://lists.bx.psu.edu/

Reply via email to