diff --git a/README.md b/README.md index 789b304..9e5c2a3 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,16 @@ # Galaxy Server on SURF ResearchCloud -This repo provides the Ansible playbook for a [Galaxy](https://galaxyproject.org/) server component on SURF ResearchCloud (SRC). +This repo provides the Ansible playbook for a [Galaxy](https://galaxyproject.org/) server component on SURF ResearchCloud (SRC) ๐Ÿ„โ€โ™€๏ธ. Also see the [official Galaxy training manual for SRC](https://training.galaxyproject.org/training-material/topics/admin/tutorials/surf-research-cloud-galaxy/tutorial.html). ### Prerequisites * Assumes Nginx is already installed on the workspace via the SURF [Nginx component](https://gitlab.com/rsc-surf-nl/plugins/plugin-nginx). +* The official [Galaxy Ansible role](https://github.com/galaxyproject/ansible-galaxy) +* The official [Galaxy postgres](https://github.com/galaxyproject/ansible-postgresql) and [postgres_objects](https://github.com/galaxyproject/ansible-postgresql-objects) roles for database management +* The official [Galaxy CVMFS role](https://training.galaxyproject.org/training-material/topics/admin/tutorials/cvmfs/tutorial.html) and [Apptainer](https://training.galaxyproject.org/training-material/topics/admin/tutorials/apptainer/tutorial.html) provided by the Galaxy community +* Assumes Nginx is already installed on the workspace (via the SURF Nginx component) ## Overview @@ -28,6 +32,8 @@ Any members of the workspace's Collaborative Organisation (CO) will be able to a Galaxy is configured such that members of the CO that are in the SRAM workspace admin group (`src_co_admin`) will be Galaxy administrator when logging in via SSH (`sudo` will require entering the user's SRAM TOTP). Other users are normal users. +Note: only members of the `src_co_admin` group are given permission to install tools on the Galaxy instance. + ### Logging in via SSH The Galaxy VM will be accessible via SSH for users in the Collaborative Organization. However, only users in the CO admin group @@ -36,6 +42,14 @@ The Galaxy VM will be accessible via SSH for users in the Collaborative Organiza The Galaxy application listening on localhost will expect a secret key in the request header that Nginx is configured to pass on when reverse proxying; as non-admin users on the Galaxy machine won't have access to this secret key, they cannot directly query Galaxy on localhost. +### Connecting to Pulsar + +A Galaxy machine can be connected to Pulsar inside the SRC, following the [SRC component Pulsar](https://github.com/ErasmusMC-Bioinformatics/src-component-pulsar) instructions. + +### Usability of external storage + +If you attach additional networked storage to the workspace, you can set `src_galaxy_storage_path` to a path on that storage volume. If your storage is e.g. called "galaxy storage", set the parameter to: `/data/galaxy_storage/datadir`. In theory, this should allow you to re-use datasets, tools, etc. from previous Galaxy workspaces. + ## ResearchCloud parameters The component takes the following parameters: diff --git a/templates/themes.yml b/templates/themes.yml new file mode 100644 index 0000000..1c5a4ce --- /dev/null +++ b/templates/themes.yml @@ -0,0 +1,14 @@ +lightblue: + masthead: + color: "#384E77" + text: + color: white + hover: "#E6F9AF" + active: white + link: + color: transparent + hover: transparent + active: "#18314F" + logo: + img: "https://login.surf.nl/adfs/portal/logo/logo.png?id=027A75CEF032E16E649409E1B18EA839A710FBA9C2CC97E66DC08664057660F7" + diff --git a/templates/welcome.html.j2 b/templates/welcome.html.j2 index fcccf41..1d07cad 100644 --- a/templates/welcome.html.j2 +++ b/templates/welcome.html.j2 @@ -18,6 +18,7 @@ Installing Tools ยป
+

Reference genomes are also accessible for all users through CVMFS. Just simply search for a tool!

Help for using Galaxy is available: Galaxy UI diff --git a/vars/galaxy_vars.yml b/vars/galaxy_vars.yml index c1ef8db..40aa070 100644 --- a/vars/galaxy_vars.yml +++ b/vars/galaxy_vars.yml @@ -37,6 +37,10 @@ galaxy_config_templates: dest: "{{ container_resolvers_config_file }}" - src: templates/galaxy/config/dependency_resolvers_conf.xml.j2 dest: "{{ dependency_resolvers_config_file }}" +# Additional Galaxy config files +galaxy_config_files: + - src: templates/themes.yml + dest: "{{ galaxy_config.galaxy.themes_config_file }}" postgresql_objects_users: - name: galaxy password: @@ -48,6 +52,10 @@ postgresql_objects_databases: galaxy_configuration: galaxy: brand: "{{ _galaxy_brand }}" + logo_src: "https://www.ictopen.nl/sites/ict_open/files/styles/max_1300x1300/public/media-images/Logo%20SURF%20groot_0.png?itok=7aw8DXCZ" + themes_config_file: "{{ galaxy_config_dir }}/themes.yml" + support_url: "https://servicedesk.surf.nl/jira/plugins/servlet/samlsso?redirectTo=%2Fsecure%2FMyJiraHome.jspa" + terms_url: "https://www.surf.nl/en/surf-legal-framework-of-standards-cloud-services" use_remote_user: true allow_user_creation: true allow_user_deletion: true @@ -70,6 +78,18 @@ galaxy_configuration: tool_data_table_config_path: "{{ _galaxy_enable_cvmfs | ternary((cvmfs_tool_data_tables | join(',')), omit) }}" dependency_resolvers_config_file: "{{ dependency_resolvers_config_file }}" container_resolvers_config_file: "{{ container_resolvers_config_file }}" + expose_dataset_path: true + expose_potentially_sensitive_job_metrics: true + expose_user_name: true + # Celery support + enable_celery_tasks: true + amqp_internal_connection: "sqlalchemy+postgresql:///galaxy?host=/var/run/postgresql" + celery_conf: + broker_url: null + result_backend: "db+postgresql:///galaxy?host=/var/run/postgresql" + task_routes: + galaxy.fetch_data: galaxy.external + galaxy.set_job_metadata: galaxy.external gravity: galaxy_root: "{{ galaxy_server_dir }}"