date:20151013

Re: [galaxy-dev] Installing Cairo into Gakaxy

2015-10-13 Thread Christian Brenninkmeijer

Thanks all for the help,

Using Marius's Cairo
https://testtoolshed.g2.bx.psu.edu/view/mvdbeek/package_cairo_1_14_2/83f00b68affb

And a slightly changed R
https://testtoolshed.g2.bx.psu.edu/view/brenninc/brenninc_r_sept32105/83005a26c16f
This is based on:
https://testtoolshed.g2.bx.psu.edu/view/iuc/package_r_3_2_1/e36e1db5e729
Except.

I removed the option to use the zip https://depot.galaxyproject.org/package/linux/x86_64/R/R-3.2.1-Linux-x86_64.tar.gz
As it has hard coded environment paths in env.sh

I used Marius's Cairo, freetype and fontconfig

regards
Christian




From: Marius van den Beek [m.vandenb...@gmail.com]
Sent: Friday, October 09, 2015 1:50 PM
To: Christian Brenninkmeijer
Cc: Björn Grüning; galaxy-dev@lists.galaxyproject.org; Dave Bouvier
Subject: Re: [galaxy-dev] Installing Cairo into Gakaxy

Hello Christian,

this is known and fixed (https://github.com/galaxyproject/tools-iuc/pull/310),
but the toolshed needs to be updated. I am thinking that this is not the only 
problem
we currently have with cairo.
I am working on the cairo issues right now and I'll give an update once the 
things work out,
plus a brand new package_r_3_2_2_cairo, that will hopefully fix your issues.

Best,
Marius

On 9 October 2015 at 14:15, Christian Brenninkmeijer 
>
 wrote:
The cairo package in the testtool shed appears to have become corrupted.

If you try to download
https://testtoolshed.g2.bx.psu.edu/view/iuc/package_cairo_1_14_2/9fe5875b0ede
or any tool that depends on that.
The first page looks fine.
The second pages as an extra dependency
iuc/1.6.7

This because the encoded version return to create that second page includes 
this for some reason.
Reported to bugs as well.

Christian

From: Björn Grüning 
[bjoern.gruen...@gmail.com]
Sent: Tuesday, October 06, 2015 3:28 PM
To: Christian Brenninkmeijer; Björn Grüning; 
galaxy-dev@lists.galaxyproject.org; 
Dave Bouvier
Subject: Re: [galaxy-dev] Installing Cairo into Gakaxy

Hi,

Am 06.10.2015 um 15:48 schrieb Christian Brenninkmeijer:
> HI Bjorn,
>
> I now see you are bringing in libmxl2 in dexseq. As this is needed by
> various R packages and already installed by fontconfig would it be
> worth making it a first class dependency of package_r_3_2_1

We could think about this, yes. Although it is not a strict dependency of R.

> I also see that in dexseg you specifically say "libxml2 needs to be
> sourced after R"
>
> Is this not because if you source it before R the current
>  name="PKG_CONFIG_PATH">$INSTALL_DIR/lib/pkgconfig:$INSTALL_DIR/share/pkgconfig
>

Yes, I have fixed this here:
https://github.com/galaxyproject/tools-iuc/pull/298

Thanks,
Bjoern

>
> Christian
>
>
>  From: Björn Grüning
> [bjoern.gruen...@gmail.com] Sent: Tuesday, 
> October 06, 2015 2:36 PM
> To: Christian Brenninkmeijer; Björn Grüning;
> galaxy-dev@lists.galaxyproject.org;
>  Dave Bouvier Subject: Re:
> [galaxy-dev] Installing Cairo into Gakaxy
>
> Hi Christian,
>
> what is needed from the TS site? Do you have any changes that are
> needed in the cairo package or R package?
>
> For me everything is now working and the only thing you need to do is
> to specify the Rcairo tarball in your tool_dependendy file. Like
> here:
>
> https://github.com/galaxyproject/tools-iuc/pull/281/files#diff-98f3c4d456a8a7bbd94eca94e167c5b8
>
>  Cheers, Bjoern
>
> Am 06.10.2015 um 15:21 schrieb Christian Brenninkmeijer:
>> i finally got Cairo installed into R inside galaxy.
>>
>> As well as cairo needing fontconfig to add cairo into R also
>> requires libmxl2
>>
>> I also changed the R install. 1. Never use the zip as it has hard
>> coded environment variables in it 2. The set_environment variable
>> in the R install to "prepend_to" PKG_CONFIG_DIR and
>> PKG_CONFIG_PATH
>>
>> I have some examples in the test tool shed test section but I would
>> like to clean these up first.
>>
>> Once done I will post a link in this thread.
>>
>> Christian University of Manchester
>>  From: Björn Grüning
>> [bjoern.gruen...@gmail.com] Sent: Sunday, 
>> September 27, 2015 10:40
>> PM To: Christian Brenninkmeijer; Bjoern Gruening;
>> galaxy-dev@lists.galaxyproject.org;
>>  Dave Bouvier Subject: Re:
>> [galaxy-dev] Installing Cairo into Gakaxy
>>
>> Hi Christian,
>>
>> I think I found the problem and fixed it in the Test Tool Shed. The
>> root problem was that cairo was not compiled with fontconfig and
>> therefore the freetype-cairo module was not working properly, which
>> causes R-Cairo do give us such an unusable error message.
>>
>> I tested it with our new

Re: [galaxy-dev] Galaxy Interactive Environment devs

2015-10-13 Thread Sebastian Schaaf


Hey Eric,

We are not yet on IEs, but we plan to upgrade our local production 
instance soon (a recent version is already 'waiting' to take over), 
apart from other goodies we intended to allow one pro user and ourselves 
to use iPython's power this way.
So, do I read your message correctly as 'In terms of iPython it would be 
best for us to wait for v15.10'? Or could we just start and do an 
incremental upgrade as soon as v15.10 is released?


Cheers to Texas,

Sebastian


Eric Rasche schrieb:

Howdy y'all,

I'm building some changes to the IE infrastructure that will fix some
initial hacks we did, however they will be backwards incompatible.
Specifically these changes will fix some of the enterprise deployment
pains (running with an external upstream proxy like apache) and allow
for safely running IEs on a separate host.

I'm emailing the dev list to see if anyone else has started building
IEs, or if it just Björn and myself. Feel free to make yourselves known
to us so we know who to contact when we're planning new features :)

If you're just building on top of our existing containers, this won't be
an issue for you, you'll just need to rebuild your containers once we
release 15.10 versions.

Cheers,
Eric



--
Sebastian Schaaf, M.Sc. Bioinformatics
Faculty Coordinator NGS Infrastructure
Chair of Biometry and Bioinformatics
Department of Medical Informatics,
 Biometry and Epidemiology (IBE)
University of Munich
DKTK Munich
Marchioninistr. 15, K U1 808
D-81377 Munich (Germany)
Tel: +49 89 4400 77499

___
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
 https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
 http://galaxyproject.org/search/mailinglists/

Re: [galaxy-dev] QIIME tools for Galaxy (WIP, call for collaborators)

2015-10-13 Thread Sebastian Schaaf


Hey there,

Any news on this?

My colleague Aarif made me aware of the discussion, because one of our 
students, Ashok, worked on this months ago. QIIME was requested by a 
project which never started and therefore the developed codes did not 
gain priority. Basically we faced the same issues, and at least the 
'dead end' problem with the resulting tgz archives was solved. We are 
currently assembling the codes into a toolshed entry, but I need to ask 
Ashok tomorrow about the current progress.


Is there still interest on it or is everything already on the move..?

Cheers,

Sebastian


Björn Grüning schrieb:

Hi Yvan,


Hi Lance, Björn, Dan

We are several scientists working on metagenomics in France and at a
previous GUGGO  (western France User Group) meeting, we mention the
fact to "benchmark" our Galaxy pipelines. One is using new Qiime
tools integration, one Mothur and the last one, the recently
developped FROGS (Find Rapidly OTU with Galaxy Solution) pipeline
using Swarm. We already have had some exchanges with Björn concerning
metagenomics flavours on Docker, and I think it will be particularly
interesting to exchange one with each other. The Qiime integration
was started in march by colleagues from Brest Ifremer centre. I was
just trying to install and test FROGS from Toulouse and Jouy-en-Josas
INRA labs. If they are not on the list, I can contact them.

Please do so. This is great to know. Please also consider to join our
hackathon:

https://github.com/galaxyproject/tools-iuc/issues/299

We are always open for new ideas. Would be great to get a nice suite and
a few workflows for metagenomic in the near future! :)

Thanks,
Bjoern


All the best,

Yvan

- Mail original -

De: "Björn Grüning"  À: "Lance Parsons"
, "Daniel Blankenberg"  Cc:
"Galaxy Dev List"  Envoyé:
Mercredi 7 Octobre 2015 14:25:38 Objet: Re: [galaxy-dev] QIIME
tools for Galaxy (WIP,  call for collaborators)

Hi Lance,

I will help if I can. I also think we should begin too write 2-3
nice tools in the beginning to test the handshake between them and
lay the ground work. This will also help to get familiar with the
tool.

I still hope some one else from the community shows interest! :)

Thanks, Bjoern

Am 06.10.2015 um 20:33 schrieb Lance Parsons:

I agree that it would be very nice to get the data flowing
between each of the tools and to be able to mix/match with other
tools. That is an area of Galaxy tool-dev that I'm less familiar
with, so any help would be greatly appreciated.

As for the manual massaging, I agree, however, at this point I'm
really hoping that the changes between Qiime versions are
manageable, esp. once we have the data types and basic framework
of the tools down.

Along that front, I would very much like to get something usable
(at least for some specific workflows) done sooner rather than
later, then be able to iterate, adding new tools, datatypes, etc.
as we move forward. Does that sound reasonable? I love the idea
of a Metagenomics toolfest
(https://github.com/galaxyproject/tools-iuc/issues/299). One
thing I would like to do soon then, would be to define some
functionality for the first round. What would be very helpful
would be if you, Bjoern, etc. could help make sure the first
round lays the proper groundwork so I/we don't have to redo
things for later iterations, but we can build on a solid
foundation.

Thanks so much for the input, help, etc. It is very much
appreciated.

- Lance


Daniel Blankenberg  October 6, 2015 at
10:21 AM Hi Lance,

I looked at this a bit ago and had similar concerns,
particularly with the outputs and inputs not being
well-defined. In addition to the output tar ball —> local,
extract —> upload not being great, as you mention, the input
datatypes, etc, could use some work — in the very least, we
should definitely create a nice biom datatype and have some
converters available (import and export).

Definitely worth spending some extra time to make sure that we
have the data flowing well between each of the different
parts/tools, and even better to make sure that its done in a
way that allows mixing and matching with other non-qiime
tools.


One thing that we want to avoid is large amounts of manual
massaging of the automatically generated xml; fixing things up
once might not be too bad, but having to do it with each new
tool version can be “frustrating". Although perhaps having a
good starting point and only needing to manually modify for any
updates could be good enough (I’m not very familiar with the
extent of typical changes between qiime versions to make a call
on how much changes).




Dan

(resending since I received a message bounce from list)



Daniel Blankenberg  October 6, 2015 at
9:59 AM Hi Lance,

I looked at this a bit ago and had similar concerns,
particularly with the outputs and inputs not being
well-defined.

Re: [galaxy-dev] External User Authenticaion

2015-10-13 Thread Eric Rasche

Hi Ryan,

On 10/13/2015 09:50 AM, Ryan G wrote:
> Hi all - In regards to external user authentication that I have working
> now (see thread below).  When users try to go to the actual Galaxy page,
> they get the message:
> 
> 
> Access to Galaxy is denied

That's expected for External User Auth if you don't have the REMOTE_USER
header set properly.

> 
> Galaxy is configured to authenticate users via an external method (such
> as HTTP authentication in Apache), but no shared secret key was provided
> by the upstream (proxy) server.
> 
> Please contact your local Galaxy administrator. The variable
> |remote_user_secret| and |GX_SECRET| header must be set before you may
> access Galaxy.
> 
> 
> 
> That's fine and all but I'd like to have them redirected to the real
> login page.  Is there a way to do this?  I didn't see anything obvious
> and was thinking of adding a parameter to galaxy.ini and have Galaxy
> automatically forward them after 5 seconds or so.

What external auth mechanism are you using?

> 
> Ryan
> 
> 
> On Tue, Oct 13, 2015 at 10:49 AM, Ryan G  > wrote:
> 
> Hi all - In regards to external user authentication that I have
> working now (see thread below).  When users try to go to the actual
> Galaxy page, they get the message:
> 
> 
> On Thu, Oct 1, 2015 at 4:10 PM, Ryan G  > wrote:
> 
> I finally got around to this and all is working well.  I
> submitted 2 patches to remoteuser.py to assist in debugging
> incorrect set ups. 
> 
> Last question - When a user logs out, they get the page ""Access
> to Galaxy user controls is disabled".  I've set the
> remote_user_logout_href parameter to a different website, but
> they still get the "Access to Galaxy user controls is disabled". 
> 
> I see it in lib/galaxy/webapps/galaxy/controllers/user.py, but I
> think at that point its too late.
> 
> 
> 
> On Tue, Sep 8, 2015 at 4:05 PM, Ryan G
>  > wrote:
> 
> Yes, I have a test server I'm going to check this one. 
> thanks for the link, that's perfect...I'll add some
> debugging code in here to see what's going on.
> 
> On Tue, Sep 8, 2015 at 1:46 PM, Dannon Baker
> > wrote:
> 
> Do you have a way to verify the "HTTP_MAIL" header is
> actually being passed through your proxy server?  
> 
> The problem is that Galaxy still doesn't think it's
> receiving the expected headers, so there isn't a good
> way that it can tell you more about what might be going
> on.  If you're able to tweak Galaxy (using a test
> server) and add a few logging statements the code, this
> would be good places to check what's going on (print the
> `environ` dictionary associated with that request, along
> with self.remote_user_header to see what Galaxy is
> actually trying to use):
> 
> 
> https://github.com/galaxyproject/galaxy/blob/dev/lib/galaxy/web/framework/middleware/remoteuser.py#L49
> 
> -Dannon
> 
> On Thu, Sep 3, 2015 at 1:51 PM, Ryan G
>  > wrote:
> 
> It turns out our authentication system passes a
> header 'HTTP_MAIL' which contains the users email
> address.  In galaxy.ini, I have
> 
> use_remote_user = True
> remote_user_header = HTTP_MAIL
> 
> After restarting,Galaxy still gives the same error. 
> 
> On Mon, Aug 31, 2015 at 3:44 PM, Dannon Baker
>  > wrote:
> 
> Hi Ryan,
> 
> It may be that Galaxy is looking for a different
> remote user header than your proxy is setting. 
> I believe by default we look for
> HTTP_REMOTE_USER, but this is configurable in
> galaxy.ini (so, you could set yours to HTTP_USER
> there).  Let me know if this doesn't sort it out
> for you and we can dig deeper!
> 
> -Dannon
> 
> On Mon, Aug 31, 2015 at 3:42 PM, Ryan G
>  > wrote:
> 
> Hi

Re: [galaxy-dev] External User Authenticaion

2015-10-13 Thread Eric Rasche



On 10/13/2015 11:34 AM, Ryan G wrote:
> We have Apache set up to authenticate users off our LDAP.  If they
> authenticate correctly, they are then forwarded on through the proxy. 

So, mod_auth_ldap? Or not? You say "forwarded" so I'm thinking you may
not mean this.

> 
> What I want is to prevent users from hitting the galaxy URL directly. 
> If they, do I want to automatically redirect them to the proxy.

Under mod_auth_ldap this should be done for you.

(Worst case scenario you could write some mod_rewrite logic that checks
for the remote_user header and returns a 301 if it's missing with the
location of your login page)

> 
> 
> On Tue, Oct 13, 2015 at 11:10 AM, Eric Rasche  > wrote:
> 
> Hi Ryan,
> 
> On 10/13/2015 09:50 AM, Ryan G wrote:
> > Hi all - In regards to external user authentication that I have working
> > now (see thread below).  When users try to go to the actual Galaxy page,
> > they get the message:
> >
> >
> > Access to Galaxy is denied
> 
> That's expected for External User Auth if you don't have the REMOTE_USER
> header set properly.
> 
> >
> > Galaxy is configured to authenticate users via an external method (such
> > as HTTP authentication in Apache), but no shared secret key was provided
> > by the upstream (proxy) server.
> >
> > Please contact your local Galaxy administrator. The variable
> > |remote_user_secret| and |GX_SECRET| header must be set before you may
> > access Galaxy.
> >
> >
> >
> > That's fine and all but I'd like to have them redirected to the real
> > login page.  Is there a way to do this?  I didn't see anything obvious
> > and was thinking of adding a parameter to galaxy.ini and have Galaxy
> > automatically forward them after 5 seconds or so.
> 
> What external auth mechanism are you using?
> 
> >
> > Ryan
> >
> >
> > On Tue, Oct 13, 2015 at 10:49 AM, Ryan G  
> >  >>
> wrote:
> >
> > Hi all - In regards to external user authentication that I have
> > working now (see thread below).  When users try to go to the actual
> > Galaxy page, they get the message:
> >
> >
> > On Thu, Oct 1, 2015 at 4:10 PM, Ryan G  
> >  >>
> wrote:
> >
> > I finally got around to this and all is working well.  I
> > submitted 2 patches to remoteuser.py to assist in debugging
> > incorrect set ups.
> >
> > Last question - When a user logs out, they get the page ""Access
> > to Galaxy user controls is disabled".  I've set the
> > remote_user_logout_href parameter to a different website, but
> > they still get the "Access to Galaxy user controls is disabled".
> >
> > I see it in lib/galaxy/webapps/galaxy/controllers/user.py, but I
> > think at that point its too late.
> >
> >
> >
> > On Tue, Sep 8, 2015 at 4:05 PM, Ryan G
> >  
> >  >>
> wrote:
> >
> > Yes, I have a test server I'm going to check this one.
> > thanks for the link, that's perfect...I'll add some
> > debugging code in here to see what's going on.
> >
> > On Tue, Sep 8, 2015 at 1:46 PM, Dannon Baker
> > 
> >> wrote:
> >
> > Do you have a way to verify the "HTTP_MAIL" header is
> > actually being passed through your proxy server?
> >
> > The problem is that Galaxy still doesn't think it's
> > receiving the expected headers, so there isn't a good
> > way that it can tell you more about what might be going
> > on.  If you're able to tweak Galaxy (using a test
> > server) and add a few logging statements the code, this
> > would be good places to check what's going on (print the
> > `environ` dictionary associated with that request, along
> > with self.remote_user_header to see what Galaxy is
> > actually trying to use):
> >
> > 
> https://github.com/galaxyproject/galaxy/blob/dev/lib/galaxy/web/framework/middleware/remoteuser.py#L49
> >
> >

Re: [galaxy-dev] External User Authenticaion

2015-10-13 Thread Ryan G

Sorry, maybe I'm not being clear.

Galaxy is listening on http://galaxy.mycompany.com:8080

Users access Galaxy via http://mycompay.com/galaxy

If users go to http://galaxy.mycompany.com:8080, they get the External
Authentication message.  From here I want them to be redirected to
http://mycompay.com/galaxy which is where they will be authenticated.

Users never see http://galaxy.mycompany.com:8080they will always see
http://mycompay.com/galaxy



On Tue, Oct 13, 2015 at 12:36 PM, Eric Rasche  wrote:

>
>
> On 10/13/2015 11:34 AM, Ryan G wrote:
> > We have Apache set up to authenticate users off our LDAP.  If they
> > authenticate correctly, they are then forwarded on through the proxy.
>
> So, mod_auth_ldap? Or not? You say "forwarded" so I'm thinking you may
> not mean this.
>
> >
> > What I want is to prevent users from hitting the galaxy URL directly.
> > If they, do I want to automatically redirect them to the proxy.
>
> Under mod_auth_ldap this should be done for you.
>
> (Worst case scenario you could write some mod_rewrite logic that checks
> for the remote_user header and returns a 301 if it's missing with the
> location of your login page)
>
> >
> >
> > On Tue, Oct 13, 2015 at 11:10 AM, Eric Rasche  > > wrote:
> >
> > Hi Ryan,
> >
> > On 10/13/2015 09:50 AM, Ryan G wrote:
> > > Hi all - In regards to external user authentication that I have
> working
> > > now (see thread below).  When users try to go to the actual Galaxy
> page,
> > > they get the message:
> > >
> > >
> > > Access to Galaxy is denied
> >
> > That's expected for External User Auth if you don't have the
> REMOTE_USER
> > header set properly.
> >
> > >
> > > Galaxy is configured to authenticate users via an external method
> (such
> > > as HTTP authentication in Apache), but no shared secret key was
> provided
> > > by the upstream (proxy) server.
> > >
> > > Please contact your local Galaxy administrator. The variable
> > > |remote_user_secret| and |GX_SECRET| header must be set before you
> may
> > > access Galaxy.
> > >
> > >
> > >
> > > That's fine and all but I'd like to have them redirected to the
> real
> > > login page.  Is there a way to do this?  I didn't see anything
> obvious
> > > and was thinking of adding a parameter to galaxy.ini and have
> Galaxy
> > > automatically forward them after 5 seconds or so.
> >
> > What external auth mechanism are you using?
> >
> > >
> > > Ryan
> > >
> > >
> > > On Tue, Oct 13, 2015 at 10:49 AM, Ryan G <
> ngsbioinformat...@gmail.com 
> > > >>
> > wrote:
> > >
> > > Hi all - In regards to external user authentication that I have
> > > working now (see thread below).  When users try to go to the
> actual
> > > Galaxy page, they get the message:
> > >
> > >
> > > On Thu, Oct 1, 2015 at 4:10 PM, Ryan G <
> ngsbioinformat...@gmail.com 
> > > >>
> > wrote:
> > >
> > > I finally got around to this and all is working well.  I
> > > submitted 2 patches to remoteuser.py to assist in debugging
> > > incorrect set ups.
> > >
> > > Last question - When a user logs out, they get the page
> ""Access
> > > to Galaxy user controls is disabled".  I've set the
> > > remote_user_logout_href parameter to a different website,
> but
> > > they still get the "Access to Galaxy user controls is
> disabled".
> > >
> > > I see it in lib/galaxy/webapps/galaxy/controllers/user.py,
> but I
> > > think at that point its too late.
> > >
> > >
> > >
> > > On Tue, Sep 8, 2015 at 4:05 PM, Ryan G
> > > 
> > > >>
> > wrote:
> > >
> > > Yes, I have a test server I'm going to check this one.
> > > thanks for the link, that's perfect...I'll add some
> > > debugging code in here to see what's going on.
> > >
> > > On Tue, Sep 8, 2015 at 1:46 PM, Dannon Baker
> > >  >
> > >>
> wrote:
> > >
> > > Do you have a way to verify the "HTTP_MAIL" header
> is
> > > actually being passed through your proxy server?
> > >
> > > The problem is that Galaxy still doesn't think it's
> > > receiving the expected

[galaxy-dev] MS Active Directory Authentication

2015-10-13 Thread McCully, Dwayne (NIH/NIAMS) [C]

Hello Everyone,

Is there an example of the auth_config.xml for a MS Active directory connection?
I would like to all my users to register and login to Galaxy with their AD 
username and password.

Note: We don't use a "@example.com" extension for our usernames just "username".

Thanks in advance

Dwayne
___
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/

Re: [galaxy-dev] MS Active Directory Authentication

2015-10-13 Thread Nicola Soranzo


Hi Dwayne,

see 
https://github.com/galaxyproject/galaxy/blob/dev/config/auth_conf.xml.sample


ldap is equivalent to activedirectory

Something like this may work for you:



activedirectory

False
True
ldap://dc1.example.com
True
sAMAccountName,mail
dc=dc1,dc=example,dc=com
((objectClass=user)(sAMAccountName={username}))
jsmith
mysecret
{sAMAccountName}
{password}
{sAMAccountName}
{mail}




Cheers,
Nicola

On 13/10/15 17:44, McCully, Dwayne (NIH/NIAMS) [C] wrote:


Hello Everyone,

Is there an example of the auth_config.xml for a MS Active directory 
connection?


I would like to all my users to register and login to Galaxy with 
their AD username and password.


Note: We don’t use a “@example.com” extension for our usernames just 
“username”.


Thanks in advance

Dwayne



___
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
   https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
   http://galaxyproject.org/search/mailinglists/


___
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/

Re: [galaxy-dev] External User Authenticaion

2015-10-13 Thread Eric Rasche

Howdy Ryan,

On 10/13/2015 11:44 AM, Ryan G wrote:
> Sorry, maybe I'm not being clear.
> 
> Galaxy is listening on http://galaxy.mycompany.com:8080
> 
> Users access Galaxy via http://mycompay.com/galaxy

Ah! This is much more clear, thanks :)

If you're running under remote_user, you should NOT make it available
outside of the apache proxy. Even with the remote_user_secret variable
that was added, it's still an unnecessary security risk.

> If users go to http://galaxy.mycompany.com:8080, they get the External
> Authentication message.  From here I want them to be redirected to
> http://mycompay.com/galaxy which is where they will be authenticated. 

I'm guessing you migrated at some point from the raw port to the /galaxy
address and your users are moving slowly to the new URL.

Here is my suggestion:

- have galaxy listen on 127.0.0.1:8081 so only apache on the same
machine can access it.
- add an apache virtualhost listening on 0.0.0.0:8080 that automatically
redirects any requests to that page to http://mycompany.com/galaxy/ to
help migrate users.

That should fix your problem without requiring modification to your
codebase for this one scenario.

> 
> Users never see http://galaxy.mycompany.com:8080they will always see
> http://mycompay.com/galaxy



> 
> 
> 
> On Tue, Oct 13, 2015 at 12:36 PM, Eric Rasche  > wrote:
> 
> 
> 
> On 10/13/2015 11:34 AM, Ryan G wrote:
> > We have Apache set up to authenticate users off our LDAP.  If they
> > authenticate correctly, they are then forwarded on through the proxy.
> 
> So, mod_auth_ldap? Or not? You say "forwarded" so I'm thinking you may
> not mean this.
> 
> >
> > What I want is to prevent users from hitting the galaxy URL directly.
> > If they, do I want to automatically redirect them to the proxy.
> 
> Under mod_auth_ldap this should be done for you.
> 
> (Worst case scenario you could write some mod_rewrite logic that checks
> for the remote_user header and returns a 301 if it's missing with the
> location of your login page)
> 
> >
> >
> > On Tue, Oct 13, 2015 at 11:10 AM, Eric Rasche  
> > >> wrote:
> >
> > Hi Ryan,
> >
> > On 10/13/2015 09:50 AM, Ryan G wrote:
> > > Hi all - In regards to external user authentication that I have 
> working
> > > now (see thread below).  When users try to go to the actual 
> Galaxy page,
> > > they get the message:
> > >
> > >
> > > Access to Galaxy is denied
> >
> > That's expected for External User Auth if you don't have the 
> REMOTE_USER
> > header set properly.
> >
> > >
> > > Galaxy is configured to authenticate users via an external method 
> (such
> > > as HTTP authentication in Apache), but no shared secret key was 
> provided
> > > by the upstream (proxy) server.
> > >
> > > Please contact your local Galaxy administrator. The variable
> > > |remote_user_secret| and |GX_SECRET| header must be set before 
> you may
> > > access Galaxy.
> > >
> > >
> > >
> > > That's fine and all but I'd like to have them redirected to the 
> real
> > > login page.  Is there a way to do this?  I didn't see anything 
> obvious
> > > and was thinking of adding a parameter to galaxy.ini and have 
> Galaxy
> > > automatically forward them after 5 seconds or so.
> >
> > What external auth mechanism are you using?
> >
> > >
> > > Ryan
> > >
> > >
> > > On Tue, Oct 13, 2015 at 10:49 AM, Ryan G 
> 
>  >
> > >  
>   > wrote:
> > >
> > > Hi all - In regards to external user authentication that I 
> have
> > > working now (see thread below).  When users try to go to the 
> actual
> > > Galaxy page, they get the message:
> > >
> > >
> > > On Thu, Oct 1, 2015 at 4:10 PM, Ryan G 
> 
>  >
> > >  
>   > wrote:
> > >
> > > I finally got around to this and all is working well.  I
> > > submitted 2 patches to remoteuser.py to assist in

Re: [galaxy-dev] External User Authenticaion

2015-10-13 Thread Ryan G

We have Apache set up to authenticate users off our LDAP.  If they
authenticate correctly, they are then forwarded on through the proxy.

What I want is to prevent users from hitting the galaxy URL directly.  If
they, do I want to automatically redirect them to the proxy.


On Tue, Oct 13, 2015 at 11:10 AM, Eric Rasche  wrote:

> Hi Ryan,
>
> On 10/13/2015 09:50 AM, Ryan G wrote:
> > Hi all - In regards to external user authentication that I have working
> > now (see thread below).  When users try to go to the actual Galaxy page,
> > they get the message:
> >
> >
> > Access to Galaxy is denied
>
> That's expected for External User Auth if you don't have the REMOTE_USER
> header set properly.
>
> >
> > Galaxy is configured to authenticate users via an external method (such
> > as HTTP authentication in Apache), but no shared secret key was provided
> > by the upstream (proxy) server.
> >
> > Please contact your local Galaxy administrator. The variable
> > |remote_user_secret| and |GX_SECRET| header must be set before you may
> > access Galaxy.
> >
> >
> >
> > That's fine and all but I'd like to have them redirected to the real
> > login page.  Is there a way to do this?  I didn't see anything obvious
> > and was thinking of adding a parameter to galaxy.ini and have Galaxy
> > automatically forward them after 5 seconds or so.
>
> What external auth mechanism are you using?
>
> >
> > Ryan
> >
> >
> > On Tue, Oct 13, 2015 at 10:49 AM, Ryan G  > > wrote:
> >
> > Hi all - In regards to external user authentication that I have
> > working now (see thread below).  When users try to go to the actual
> > Galaxy page, they get the message:
> >
> >
> > On Thu, Oct 1, 2015 at 4:10 PM, Ryan G  > > wrote:
> >
> > I finally got around to this and all is working well.  I
> > submitted 2 patches to remoteuser.py to assist in debugging
> > incorrect set ups.
> >
> > Last question - When a user logs out, they get the page ""Access
> > to Galaxy user controls is disabled".  I've set the
> > remote_user_logout_href parameter to a different website, but
> > they still get the "Access to Galaxy user controls is disabled".
> >
> > I see it in lib/galaxy/webapps/galaxy/controllers/user.py, but I
> > think at that point its too late.
> >
> >
> >
> > On Tue, Sep 8, 2015 at 4:05 PM, Ryan G
> >  > > wrote:
> >
> > Yes, I have a test server I'm going to check this one.
> > thanks for the link, that's perfect...I'll add some
> > debugging code in here to see what's going on.
> >
> > On Tue, Sep 8, 2015 at 1:46 PM, Dannon Baker
> > >
> wrote:
> >
> > Do you have a way to verify the "HTTP_MAIL" header is
> > actually being passed through your proxy server?
> >
> > The problem is that Galaxy still doesn't think it's
> > receiving the expected headers, so there isn't a good
> > way that it can tell you more about what might be going
> > on.  If you're able to tweak Galaxy (using a test
> > server) and add a few logging statements the code, this
> > would be good places to check what's going on (print the
> > `environ` dictionary associated with that request, along
> > with self.remote_user_header to see what Galaxy is
> > actually trying to use):
> >
> >
> https://github.com/galaxyproject/galaxy/blob/dev/lib/galaxy/web/framework/middleware/remoteuser.py#L49
> >
> > -Dannon
> >
> > On Thu, Sep 3, 2015 at 1:51 PM, Ryan G
> >  > > wrote:
> >
> > It turns out our authentication system passes a
> > header 'HTTP_MAIL' which contains the users email
> > address.  In galaxy.ini, I have
> >
> > use_remote_user = True
> > remote_user_header = HTTP_MAIL
> >
> > After restarting,Galaxy still gives the same error.
> >
> > On Mon, Aug 31, 2015 at 3:44 PM, Dannon Baker
> >  > > wrote:
> >
> > Hi Ryan,
> >
> > It may be that Galaxy is looking for a different
> > remote user header than your proxy is setting.
> > I believe by default we look for
> >

Re: [galaxy-dev] Galaxy Interactive Environment devs

2015-10-13 Thread Eric Rasche

Hey Sebastian

On 10/13/2015 06:41 AM, Sebastian Schaaf wrote:
> Hey Eric,
> 
> We are not yet on IEs, but we plan to upgrade our local production
> instance soon (a recent version is already 'waiting' to take over),
> apart from other goodies we intended to allow one pro user and ourselves
> to use iPython's power this way.

Great! Hope it works well for your power users. Feel free to ping me on
IRC (erasche) if you have any deployment issues.

> So, do I read your message correctly as 'In terms of iPython it would be
> best for us to wait for v15.10'? Or could we just start and do an
> incremental upgrade as soon as v15.10 is released?

You should be fine to do an incremental upgrade. However, if GIEs are
important to you, I'd personally consider going to 15.10 now (we're in
freeze pending release) as there were some nice bugfixes/enhancements
for GIEs.

In 15.07 GIEs had issues accessing static resources rendering them
unavailable without special apache/nginx routes or symlinks
(https://github.com/galaxyproject/galaxy/pull/500), they also naively
bound ports rather than using `docker -P` properly
(https://github.com/galaxyproject/galaxy/pull/790) and it was
unpleasant/complex to have your Galaxy user `sudo` or `sg` to run docker
(https://github.com/galaxyproject/galaxy/pull/777)

> 
> Cheers to Texas,
> 
> Sebastian

Grüße nach München,

> 
> 
> Eric Rasche schrieb:
>> Howdy y'all,
>>
>> I'm building some changes to the IE infrastructure that will fix some
>> initial hacks we did, however they will be backwards incompatible.
>> Specifically these changes will fix some of the enterprise deployment
>> pains (running with an external upstream proxy like apache) and allow
>> for safely running IEs on a separate host.
>>
>> I'm emailing the dev list to see if anyone else has started building
>> IEs, or if it just Björn and myself. Feel free to make yourselves known
>> to us so we know who to contact when we're planning new features :)
>>
>> If you're just building on top of our existing containers, this won't be
>> an issue for you, you'll just need to rebuild your containers once we
>> release 15.10 versions.
>>
>> Cheers,
>> Eric
>>
> 

-- 
Eric Rasche
Programmer II

Center for Phage Technology
Rm 312A, BioBio
Texas A University
College Station, TX 77843
404-692-2048
e...@tamu.edu
___
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/

Re: [galaxy-dev] MS Active Directory Authentication

2015-10-13 Thread McCully, Dwayne (NIH/NIAMS) [C]

Thanks Nicola,

Updated the auth_config.xml  file but got the following message in the 
paster.log.   Any idea how to fix?

DEBUG 2015-10-13 14:18:11,644 LDAP authenticate: could not load ldap module

Dwayne

From: Nicola Soranzo [mailto:nicola.sora...@gmail.com] On Behalf Of Nicola 
Soranzo
Sent: Tuesday, October 13, 2015 1:44 PM
To: McCully, Dwayne (NIH/NIAMS) [C] ; 
galaxy-dev@lists.galaxyproject.org
Subject: Re: [galaxy-dev] MS Active Directory Authentication

Hi Dwayne,

see https://github.com/galaxyproject/galaxy/blob/dev/config/auth_conf.xml.sample

ldap is equivalent to activedirectory

Something like this may work for you:



activedirectory

False
True
ldap://dc1.example.com
True
sAMAccountName,mail
dc=dc1,dc=example,dc=com

((objectClass=user)(sAMAccountName={username}))
jsmith
mysecret
{sAMAccountName}
{password}
{sAMAccountName}
{mail}




Cheers,
Nicola
On 13/10/15 17:44, McCully, Dwayne (NIH/NIAMS) [C] wrote:
Hello Everyone,

Is there an example of the auth_config.xml for a MS Active directory connection?
I would like to all my users to register and login to Galaxy with their AD 
username and password.

Note: We don’t use a “@example.com” extension for our usernames just “username”.

Thanks in advance

Dwayne




___

Please keep all replies on the list by using "reply all"

in your mail client.  To manage your subscriptions to this

and other Galaxy lists, please use the interface at:

  https://lists.galaxyproject.org/



To search Galaxy mailing lists use the unified search at:

  http://galaxyproject.org/search/mailinglists/

___
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/

[galaxy-dev] CORS requests to public Galaxy server

2015-10-13 Thread Marco Ocana

Hi,

I am attempting to access the public usegalaxy.org server using the REST
API from web browsers.

The question:  I am not seeing Access-Control-Allow-* headers in REST API
responses. Are browser REST CORS requests supported by the Galaxy servers?

More details:

Here is an error reported by Chrome during a preflight OPTIONS request for
a GET https://usegalaxy.org/api/tools?key=MYREALKEY request.

XMLHttpRequest cannot load https://usegalaxy.org/api/tools?key=xx. No
'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://localhost:63342' is therefore not allowed access. The
response had HTTP status code 404.

The request headers:

   1. Accept:
   */*
   2. Accept-Encoding:
   gzip, deflate, sdch
   3. Accept-Language:
   en-US,en;q=0.8,es;q=0.6
   4. Access-Control-Request-Headers:
   accept, content-type, gs-toolname
   5. Access-Control-Request-Method:
   GET
   6. Connection:
   keep-alive
   7. Host:
   usegalaxy.org
   8. Origin:
   http://localhost:63342
   9. Referer:
   http://localhost:63342/GSRemoteComputatio/TestWidgetsWithRemoteJobs.html
   10. User-Agent:
   Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36
   (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36

The response headers from Galaxy:

   1. Connection:
   keep-alive
   2. Content-Encoding:
   gzip
   3. Content-Type:
   text/html
   4. Date:
   Tue, 13 Oct 2015 22:14:31 GMT
   5. Server:
   nginx/1.4.7
   6. Transfer-Encoding:
   chunked
   7. Vary:
   Accept-Encoding

Thanks

Marco
___
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/

Re: [galaxy-dev] MS Active Directory Authentication

2015-10-13 Thread Nicola Soranzo

Hi Dwayne,
you need to install the Python LDAP module:

http://www.python-ldap.org/
https://pypi.python.org/pypi/python-ldap/

If you are using a virtualenv (which is recommended for a production
server), activate it and then execute:

pip install ldap

Cheers,
Nicola

Il giorno mar, 13/10/2015 alle 18.23 +, McCully, Dwayne (NIH/NIAMS)
[C] ha scritto:
> Thanks Nicola,
> 
> Updated the auth_config.xml  file but got the following message in
> the paster.log.   Any idea how to fix?
> 
> DEBUG 2015-10-13 14:18:11,644 LDAP authenticate: could not load ldap
> module
> 
> Dwayne
> 
> From: Nicola Soranzo [mailto:nicola.sora...@gmail.com] On Behalf Of
> Nicola Soranzo
> Sent: Tuesday, October 13, 2015 1:44 PM
> To: McCully, Dwayne (NIH/NIAMS) [C] ; 
> galaxy-dev@lists.galaxyproject.org
> Subject: Re: [galaxy-dev] MS Active Directory Authentication
> 
> Hi Dwayne,
> 
> see https://github.com/galaxyproject/galaxy/blob/dev/config/auth_conf
> .xml.sample
> 
> ldap is equivalent to activedirectory
> 
> Something like this may work for you:
> 
> 
> 
> activedirectory
> 
> False
> True
> ldap://dc1.example.com
> True
> sAMAccountName,mail
> dc=dc1,dc=example,dc=com
>  -filter>((objectClass=user)(sAMAccountName={username})) -filter>
> jsmith
> mysecret
> {sAMAccountName}
> {password}
> {sAMAccountName} -username>
> {mail}
> 
> 
> 
> 
> Cheers,
> Nicola
> On 13/10/15 17:44, McCully, Dwayne (NIH/NIAMS) [C] wrote:
> Hello Everyone,
> 
> Is there an example of the auth_config.xml for a MS Active directory
> connection?
> I would like to all my users to register and login to Galaxy with
> their AD username and password.
> 
> Note: We don’t use a “@example.com” extension for our usernames just
> “username”.
> 
> Thanks in advance
> 
> Dwayne
> 
> 
> 
> 
> ___
> 
> Please keep all replies on the list by using "reply all"
> 
> in your mail client.  To manage your subscriptions to this
> 
> and other Galaxy lists, please use the interface at:
> 
>   https://lists.galaxyproject.org/
> 
> 
> 
> To search Galaxy mailing lists use the unified search at:
> 
>   http://galaxyproject.org/search/mailinglists/
> 
___
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/

Re: [galaxy-dev] Installing Cairo into Gakaxy

Re: [galaxy-dev] Galaxy Interactive Environment devs

Re: [galaxy-dev] QIIME tools for Galaxy (WIP, call for collaborators)

Re: [galaxy-dev] External User Authenticaion

Re: [galaxy-dev] External User Authenticaion

Re: [galaxy-dev] External User Authenticaion

[galaxy-dev] MS Active Directory Authentication

Re: [galaxy-dev] MS Active Directory Authentication

Re: [galaxy-dev] External User Authenticaion

Re: [galaxy-dev] External User Authenticaion

Re: [galaxy-dev] Galaxy Interactive Environment devs

Re: [galaxy-dev] MS Active Directory Authentication

[galaxy-dev] CORS requests to public Galaxy server

Re: [galaxy-dev] MS Active Directory Authentication

14 matches

Site Navigation

Mail list logo

Footer information