John/Enis, Thanks for the help.
John, I had discovered your document on the web and it gave me confidence that SSL/LDAP was going to be possible. Enis, thanks for the pointers to the new developments which are "news to me" and look like a really exciting extension. I'll give this a go and report back to the group when we are, hopefully :), successful. Looking forward to meeting up with many of the architects/builders/admins at GCC 2015 in Norwich. David On Mon, Apr 27, 2015 at 9:45 AM John Chilton <jmchil...@gmail.com> wrote: > David, > > Just to add to what Enis responded - in my previous position I managed > a CloudMan instance that used SSL and LDAP - I documented some of what > it took to configure it here > > https://production-galaxy-instances-with-cloudman-and-cloudbiolinux.readthedocs.org/en/latest/ > but it was based on CloudBioLinux instead of the newer Ansible recipes > so the documentation is probably of limited use - but it does give an > idea about what needs to be updated to how to update it - it just has > to be translated to Ansible. > > Best of luck, > > -John > > > On Mon, Apr 27, 2015 at 10:39 AM, Enis Afgan <enis.af...@irb.hr> wrote: > > Hi David, > > The nginx change will require a new AMI that includes the appropriately > > compiled nginx. We've been working on automating the process of building > the > > image and it's captured in this Ansible playbook: > > https://github.com/galaxyproject/galaxy-cloudman-playbook (the current > > README is a bit of out of sync with the code but I have been working on a > > updating that and will commit it later on today or tomorrow at the > latest). > > You'll need to edit the nginx installation procedure to include the > > customizations for nginx you want. > > > > Re. configuration changes (nginx.conf and galaxy.ini) - these are done > via > > CloudMan > > (https://github.com/galaxyproject/cloudman/tree/master/cm/conftemplates). > So > > it would be necessary to create a your own S3 bucket and host CloudMan > > source there with the desired customizations. I'll send you a paper that > > will be presented next month that captures all the pieces that are > required > > for assemble a custom version of Galaxy CloudMan. > > > > Hope this helps and please let us know if you have any more questions, > > Enis > > > > On Fri, Apr 24, 2015 at 2:25 PM, David Kovalic <kova...@analome.com> > wrote: > >> > >> Hi, > >> > >> > >> We are interested in running CloudMan/Galaxy with SSL and LDAP. After > >> searching around on the internet it seems like this is achievable and > >> probably not too difficult, but there is no current complete “cookbook > >> recipe” for doing so, so I thought it best to ask questions before I go > >> ahead and break stuff :) > >> > >> > >> As I understand: > >> > >> · ngnix needs to have the LDAP module added, as the standard CM > >> ngnix build doesn’t include this > >> > >> · ngnix needs to have a custom ngnix.conf file which specifies > the > >> use of SSL and LDAP > >> > >> · Galaxy need to have a custom configuration universe_wsgi.ini > for > >> LDAP use > >> > >> > >> By searching online I can’t clearly figure out: > >> > >> · How to recompile (and persist across CM cluster > >> termination/restart) a new version of ngnix > >> > >> · The best way to maintain and specify a custom ngnix.conf. Is > it > >> possible to do this by placing the custom ngnix.conf in the cluster S3 > >> bucket and adding a configuration line specifying its URL (e.g. > >> "nginx_conf_contents: https://s3.amazonaws.com/[cm bucket > ID]/ngnix.conf") > >> in persistent_data.yaml file in the CM S3 bucket? > >> > >> · Where do I make the modifications such that the changes to > >> universe_wsgi.ini persist across CM cluster termination/restart? > >> > >> It would be great to get some experienced insight on how best to > complete > >> this configuration, and have it persist. > >> > >> > >> Any guidance would be greatly appreciated. Thanks, > >> > >> > >> David Kovalic > >> > >> > >> > >> > >> ___________________________________________________________ > >> Please keep all replies on the list by using "reply all" > >> in your mail client. To manage your subscriptions to this > >> and other Galaxy lists, please use the interface at: > >> https://lists.galaxyproject.org/ > >> > >> To search Galaxy mailing lists use the unified search at: > >> http://galaxyproject.org/search/mailinglists/ > > > > > > > > ___________________________________________________________ > > Please keep all replies on the list by using "reply all" > > in your mail client. To manage your subscriptions to this > > and other Galaxy lists, please use the interface at: > > https://lists.galaxyproject.org/ > > > > To search Galaxy mailing lists use the unified search at: > > http://galaxyproject.org/search/mailinglists/ >
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/