[med-svn] r16505 - in trunk/packages/galaxy/trunk/debian: . patches sbin universe_wsgi.d
Timothy Booth
tbooth-guest at moszumanska.debian.org
Mon Mar 24 10:13:56 UTC 2014
Author: tbooth-guest
Date: 2014-03-24 10:13:56 +0000 (Mon, 24 Mar 2014)
New Revision: 16505
Added:
trunk/packages/galaxy/trunk/debian/patches/shed_tools_data_path
Modified:
trunk/packages/galaxy/trunk/debian/README.apache2-setup
trunk/packages/galaxy/trunk/debian/README.postgres-setup
trunk/packages/galaxy/trunk/debian/README.split-ini
trunk/packages/galaxy/trunk/debian/changelog
trunk/packages/galaxy/trunk/debian/copy_sample_config.sh
trunk/packages/galaxy/trunk/debian/get-orig-source.sh
trunk/packages/galaxy/trunk/debian/patches/series
trunk/packages/galaxy/trunk/debian/sbin/galaxy-add-administrator
trunk/packages/galaxy/trunk/debian/universe_wsgi.d/10_debian_defaults.ini
Log:
Various updates, trying to get tool-shed installations to work.
Modified: trunk/packages/galaxy/trunk/debian/README.apache2-setup
===================================================================
--- trunk/packages/galaxy/trunk/debian/README.apache2-setup 2014-03-24 07:38:24 UTC (rev 16504)
+++ trunk/packages/galaxy/trunk/debian/README.apache2-setup 2014-03-24 10:13:56 UTC (rev 16505)
@@ -15,12 +15,17 @@
is that users will also be able to transfer their files securely into Galaxy
without using the web upload form.
-The galaxy-server-apache-proxy package activates both these
-features at once but you may want to enable proxying while still using internal
-authentication in Galaxy or you may have reconfigured your Apache server in a way
-that conflicts with the default settings. If this is the case, you should ignore
-the package and set things up manually as described here.
+So if you just want the standard set-up, go ahead and install the
+galaxy-server-apache-proxy package which activates both these
+features at once. But if you want to understand what that is doing, or to
+enable proxying while still using internal authentication in Galaxy, or if you
+have reconfigured your Apache server in a way that conflicts with the default
+settings then you can ignore the package and set things up manually as described
+here.
+#! Text like this in the document indicates what would be a footnote if this were
+#! a printed doc.
+
Security warning!!
==================
@@ -36,7 +41,7 @@
You should have Apache2 installed and running from the regular apache2 package,
so that your configuration fragments can be added to /etc/apache2/conf.d. This
is the default on Bio-Linux. Visit http://localhost in a web browser to check
-iApache is running and you can see the standard test page displayed.
+if Apache is running and you can see the standard test page displayed.
In addition, assuming you want PAM authentication, install the following packages:
@@ -48,32 +53,29 @@
============================
We're going to set things up so Galaxy appears at http://your.machinename/galaxy.
+If you want to use a different path, modify the instructions accordingly.
-The Galaxy package on Bio-Linux is already configured to use a /galaxy prefix
-for the URLs, but if for some reason you decide to use some other prefix you will
-need to edit /etc/galaxy-server/universe_wsgi.ini and change the lines that say
-"prefix = /galaxy" and "cookie_path = /galaxy" and ensure that
-"filter-with = proxy-prefix" is also set appropriately.
+First for Apache. Enable the modules.
-Now for Apache.
-
- % sudo -i ## Will give you a root shell, represented here by a hash (#)
+ $ sudo -i ## Will give you a root shell, represented here by a hash (#)
# a2enmod proxy proxy_http rewrite
Put the following lines into a file named /etc/apache2/conf.d/galaxy:
-! Note: These are essentially equivalent to the ones listed in the Wiki page
-! but for those to work on BL they would need to be placed within the <VirtualHost>
-! tags in /etc/apache2/sites-enabled/default whereas this variant can be put
-! into conf.d without editing any existing files. Order of rules is very important.
-! Also the use of the proxy directory allows us to avoid costly auth calls for every
-! static file requested.
+#! Note: These are essentially equivalent to the ones listed in the Wiki page
+#! but for those to work on BL they would need to be placed within the <VirtualHost>
+#! tags in /etc/apache2/sites-enabled/default whereas this variant can be put
+#! into conf.d without editing any existing files. Order of rules is very important.
+#! Also the use of the proxy directory allows us to avoid costly auth calls for every
+#! static file requested.
Alias /galaxy /usr/share/galaxy-server
<Directory /usr/share/galaxy-server>
Options -Indexes
RewriteEngine on
RewriteBase /galaxy
+RewriteRule ^(logout\..*) logout/$1 [L]
+RewriteRule ^logout/ - [L]
RewriteRule ^static/style/(.*) static/june_2007_style/blue/$1 [L]
RewriteRule ^static/scripts/packed/ - [L]
RewriteRule ^static/scripts/(.*) static/scripts/packed/$1 [L]
@@ -81,6 +83,10 @@
RewriteRule ^(favicon.ico|robots.txt) static/$1 [L]
RewriteRule (.*) proxy/$1
</Directory>
+<Directory /usr/share/galaxy-server/logout>
+Options -Indexes
+AllowOverride AuthConfig FileInfo
+</Directory>
<Directory /usr/share/galaxy-server/proxy>
Options -Indexes
AllowOverride AuthConfig FileInfo
@@ -89,9 +95,9 @@
RewriteRule (.*) http://localhost:8080/$1 [P,E=RU:%{REMOTE_USER}]
</Directory>
-Ensure the proxy directory exists:
+Ensure the logout and proxy directories exists:
- # mkdir -p /usr/share/galaxy-server/proxy
+ # mkdir -p /usr/share/galaxy-server/{proxy,logout}
And tell Apache to restart and activate this new config like so:
@@ -136,7 +142,7 @@
Add the following lines to /usr/share/galaxy-server/proxy/.htaccess:
-! Note the "Require group" line means only users in the galaxy group get access.
+#! Note the "Require group" line means only users in the galaxy group get access.
AuthBasicProvider external
AuthExternal pwauth
@@ -151,30 +157,39 @@
# service apache2 restart
-! Note: The Wiki page gives a slightly more complicated way of dealing with the REMOTE_USER
-! variable which doesn't actually work for the setup described here. Looking on Google there
-! are various discussions of the issue but no explanations of the underlying problem, so I
-! had to experiment. The final RewriteRule in conf.d/galaxy above passes REMOTE_USER to the Proxy
-! module before it disappears from scope, and the RequestHeader line in .htaccess then adds
-! it to the proxied request. Passing the variable in the RewriteRule has no effect without
-! the RequestHeader directive so there is no reason not to have it there even if you are not
-! using Apache for authentication.
-! Also, the Authorization header has the password embedded in it, so I scrub this out before
-! proxying. Galaxy doesn't need this info and the less that login passwords are passed around
-! the better.
+#! Note: The Wiki page gives a slightly more complicated way of dealing with the REMOTE_USER
+#! variable which doesn't actually work for the setup described here. Looking on Google there
+#! are various discussions of the issue but no explanations of the underlying problem, so I
+#! had to experiment. The final RewriteRule in conf.d/galaxy above passes REMOTE_USER to the Proxy
+#! module before it disappears from scope, and the RequestHeader line in .htaccess then adds
+#! it to the proxied request. Passing the variable in the RewriteRule has no effect without
+#! the RequestHeader directive so there is no reason not to have it there even if you are not
+#! using Apache for authentication.
+#! Also, the Authorization header has the password embedded in it, so I scrub this out before
+#! proxying. Galaxy doesn't need this info and the less that login passwords are passed around
+#! the better.
-Finally, tell Galaxy to defer user authentication to Apache. Edit /etc/galaxy-server/universe_wsgi.ini
-and find and modify these settings:
+Finally, tell Galaxy to defer user authentication to Apache. Make a file
+/etc/galaxy-server/universe_wsgi.ini.d/31_apache-proxy.ini and add the following:
+[app:main]
use_remote_user = True
remote_user_maildomain = localhost
+filter-with = proxy-prefix
+[filter:proxy-prefix]
+use = egg:PasteDeploy#prefix
+prefix = /galaxy
+
+Note that the last four lines should not be necessary as they are already the
+defaults on Bio-Linux but if for some reason you want to change the prefix from
+/galaxy you can do so here.
+
And restart Galaxy:
# service galaxy restart
-#### TODO - see if I can make logout work as per the last suggestion here:
-http://stackoverflow.com/questions/4163122/http-basic-authentication-log-out ###
+#### TODO - I need to document my implementation of the logout hack.
Enabling Efficient File Transfers
=================================
@@ -184,20 +199,21 @@
/var/lib/galaxy-server/transfer and set appropriate permissions so that users can place files
there for upload with the Upload File feature of Galaxy.
-To enable this feature set the ftp_upload_dir option in /etc/galaxy-server/universe_wsgi.d to
-/var/lib/galaxy-server/transfer, and also set ftp_upload_site to the name of your server.
+To enable this feature set the ftp_upload_dir option in universe_wsgi.ini.d/31_apache-proxy.ini
+to /var/lib/galaxy-server/transfer, and also set ftp_upload_site to the name of your server.
Users likely want to make a symlink to their transfer area in their home directory - eg:
$ ln -s /var/lib/galaxy-server/transfer/$USER at localhost ~/galaxy_transfer
-! Note1 - galaxy-server-apache-proxy package will enable file transfers as described here, but
-! will not add symlinks to user home dirs. Each user has to do that themselves.
-! Note2 - users with a personal umask of 007 or 077 will need to ensure that the files they
-! put in their transfer directory are world-readable (o+r) so the Galaxy server can see them.
-! This will not make the files visible to other users as users cannot see into other transfer
-! directories at all.
+#! Note1 - galaxy-server-apache-proxy package will enable file transfers as described here, but
+#! will not add symlinks to user home dirs. Each user has to do that themselves.
+#! Note2 - users with a personal umask of 007 or 077 will need to ensure that the files they
+#! put in their transfer directory are world-readable (o+r) so the Galaxy server can see them.
+#! This will not make the files visible to other users as users cannot see into other transfer
+#! directories at all.
+
It is also possible to have things the other way round, replacing the user1 at localhost directory with
a symlink to some folder in the user's home dir. The user will need to "chmod a+x ~" and the
sysadmin will need to put the link in place. This could be useful if your /home
@@ -208,7 +224,7 @@
If you are using Galaxy on the local machine, connecting via "http://localhost/galaxy" there
is no problem with network security as no passwords go over the wire. On a local ethernet
-segment it is arguably over-paranoid to worry about password sniffing, but on a WAN or any
+segment it is arguably paranoid to worry about password sniffing, but on a WAN or any
sort of wireless connection youa really want to encrypt traffic.
Option 1: Use FreeNX or X2Go or SSH with X11 forwarding to run a web browser on the Bio-Linux
Modified: trunk/packages/galaxy/trunk/debian/README.postgres-setup
===================================================================
--- trunk/packages/galaxy/trunk/debian/README.postgres-setup 2014-03-24 07:38:24 UTC (rev 16504)
+++ trunk/packages/galaxy/trunk/debian/README.postgres-setup 2014-03-24 10:13:56 UTC (rev 16505)
@@ -8,12 +8,12 @@
for more details.
Bio-Linux already comes with both PostgreSQL and MySQL. Furthermore, a
-convenience package called galaxy-server-pg-database can help you set this up to
-work with Galaxy. In the simplest case:
+convenience package called galaxy-server-pg-database can help you set PostgreSQL
+up to work with Galaxy. In the simplest case:
$ sudo apt-get install galaxy-server-pg-database
-will give you a secure and ready-to-use set-up.
+will give you a secure and ready-to-use set-up, and you are done.
This document is therefore useful if you want to:
@@ -35,11 +35,11 @@
Checking the PostgreSQL set-up on Bio-Linux
===========================================
-(( NB: You will not find any information about PostgreSQL "clusters" in the
-regular PostgreSQL documentation because they are a specific feature of Debian
-(inherited by Ubuntu and thus Bio-Linux) - see
-http://nebc.nerc.ac.uk/tools/bio-linux/other-bl-docs/sql-databases-on-bio-linux
-and /usr/share/doc/postgresql-common/README.Debian.gz. ))
+#! NB: You will not find any information about PostgreSQL "clusters" in the
+#! regular PostgreSQL documentation because they are a specific feature of Debian
+#! (inherited by Ubuntu and thus Bio-Linux) - see
+#! http://nebc.nerc.ac.uk/tools/bio-linux/other-bl-docs/sql-databases-on-bio-linux
+#! and /usr/share/doc/postgresql-common/README.Debian.gz.
Run the command "pg_lsclusters". You should see output something like this:
@@ -88,13 +88,13 @@
above), or you can just stop the old cluster before installing the package - the
script will then ignore it and proceed to create the new database.
-Once these check are passed, the script will do the following:
+Once these checks are passed, the script will do the following:
sudo -Hi -u postgres createuser -w Debian-galaxy -DRS
sudo -Hi -u postgres createdb -w Debian-galaxy -E UTF8 -O Debian-galaxy
-/etc/galaxy-server/universe_wsgi.ini will be modified to access the new database
-and options recommended for PostgreSQL will be activated:
+/etc/galaxy-server/universe_wsgi.d/32_pg-database.ini will tell Galaxy to access
+the new database and options recommended for PostgreSQL will be activated:
database_connection = postgresql:///Debian-galaxy
@@ -115,14 +115,15 @@
The package does not directly populate the new database. This is done by
restarting Galaxy, which will see that the database is empty and will
-automatically repopulate it. Updated versions of Galaxy should also look after
-adding their own modifications to the Galaxy schema.
+automatically repopulate it. Updated versions of Galaxy will (or at least should)
+also look after adding their own modifications to the Galaxy schema.
The package doesn't add any cron jobs to clean out stale data (I may look at
adding this).
-The package does not purge the database when it is removed, but it will try to
-re-set the configuration in universe_wsgi.ini.
+The package does not purge the database when it is removed, even if the package is
+purged. Also you currently need to purge the package to remove the files in /etc
+though this might change at some point.
Things you might want to set up manually
========================================
@@ -147,4 +148,3 @@
$ head -c 21 /dev/urandom| base64
-
Modified: trunk/packages/galaxy/trunk/debian/README.split-ini
===================================================================
--- trunk/packages/galaxy/trunk/debian/README.split-ini 2014-03-24 07:38:24 UTC (rev 16504)
+++ trunk/packages/galaxy/trunk/debian/README.split-ini 2014-03-24 10:13:56 UTC (rev 16505)
@@ -3,7 +3,7 @@
modular configuration bits I need to use this, so it has been incorporated into the
Galaxy start-up script.
-The package provides a /etc/galaxy-server/universe_wsgi.d directory containing:
+Bio-Linux packaging provides a /etc/galaxy-server/universe_wsgi.d directory containing:
00_upstream.ini - A copy of universe_wsgi.ini from upstream.
@@ -13,12 +13,14 @@
32_pg-database.ini - Added by galaxy-server-pg-database if you install that.
+35_tools_bl.ini - Added by galaxy-tools-bl if you install that.
+
Users are advised not to edit any of these but to make new files with
a higher priority and modify the contents. Eg. to change the Apache settings:
-$ cd /etc/galaxy-server/universe-wsgi.d
-$ sudo cp 31_apache-proxy.ini 50_local.ini
-$ sudo nano 50_local.ini
+ $ cd /etc/galaxy-server/universe-wsgi.d
+ $ sudo cp 31_apache-proxy.ini 50_local.ini
+ $ sudo nano 50_local.ini
The scripts/build_universe_config.py script will be used to create a
config file under /tmp each time Galaxy is started, and there will be no
Modified: trunk/packages/galaxy/trunk/debian/changelog
===================================================================
--- trunk/packages/galaxy/trunk/debian/changelog 2014-03-24 07:38:24 UTC (rev 16504)
+++ trunk/packages/galaxy/trunk/debian/changelog 2014-03-24 10:13:56 UTC (rev 16505)
@@ -1,3 +1,9 @@
+galaxy (1.bl.py27.20140210-0biolinux2) precise; urgency=low
+
+ * Fixed misspelling of shed-tools/shed_tools that messed up symlinks
+
+ -- Tim Booth <tbooth at ceh.ac.uk> Thu, 20 Mar 2014 11:49:33 +0000
+
galaxy (1.bl.py27.20140210-0biolinux1) precise; urgency=low
* Updated Galaxy since previous version seems to have fundamental
Modified: trunk/packages/galaxy/trunk/debian/copy_sample_config.sh
===================================================================
--- trunk/packages/galaxy/trunk/debian/copy_sample_config.sh 2014-03-24 07:38:24 UTC (rev 16504)
+++ trunk/packages/galaxy/trunk/debian/copy_sample_config.sh 2014-03-24 10:13:56 UTC (rev 16505)
@@ -18,7 +18,6 @@
external_service_types_conf.xml.sample
migrated_tools_conf.xml.sample
reports_wsgi.ini.sample
- shed_tool_data_table_conf.xml.sample
tool_conf.xml.sample
tool_data_table_conf.xml.sample
tool_sheds_conf.xml.sample
@@ -32,21 +31,21 @@
# Create all the config files
for sample in $SAMPLES; do
- file=`echo $sample | sed -e 's/\.sample$//'`
- filebase=`basename $file`
- if [ -e "../config_override/$filebase" ] ; then
- echo "Initializing /etc/galaxy-server/$file from config_override/$filebase"
- mkdir -p etc/galaxy-server/`dirname $file`
- cp "../config_override/$filebase" etc/galaxy-server/$file
- ln -s /etc/galaxy-server/$file usr/lib/galaxy-server/$file
- else
- echo "Initializing /etc/galaxy-server/$file from `basename $sample`"
- mkdir -p etc/galaxy-server/`dirname $file`
- cp usr/lib/galaxy-server/$sample etc/galaxy-server/$file
- ln -s /etc/galaxy-server/$file usr/lib/galaxy-server/$file
- fi
- #And remove the .sample versions
- rm usr/lib/galaxy-server/$sample
+ file=`echo $sample | sed -e 's/\.sample$//'`
+ filebase=`basename $file`
+ if [ -e "../config_override/$filebase" ] ; then
+ echo "Initializing /etc/galaxy-server/$file from config_override/$filebase"
+ mkdir -p etc/galaxy-server/`dirname $file`
+ cp "../config_override/$filebase" etc/galaxy-server/$file
+ ln -s /etc/galaxy-server/$file usr/lib/galaxy-server/$file
+ else
+ echo "Initializing /etc/galaxy-server/$file from `basename $sample`"
+ mkdir -p etc/galaxy-server/`dirname $file`
+ cp usr/lib/galaxy-server/$sample etc/galaxy-server/$file
+ ln -s /etc/galaxy-server/$file usr/lib/galaxy-server/$file
+ fi
+ #And remove the .sample versions
+ rm usr/lib/galaxy-server/$sample
done
# Deal with universe_wsgi.d
@@ -58,8 +57,9 @@
mv usr/lib/galaxy-server/universe_wsgi.ini.sample "$d"/00_upstream.ini
cp ../universe_wsgi.d/1* "$d"
-# Deal with shed_tool_conf.xml
-stc=shed_tool_conf.xml
-echo "Initialising /var/lib/galaxy-server/${stc} from ${stc}.sample"
-mv usr/lib/galaxy-server/${stc}.sample var/lib/galaxy-server/shed-tools/${stc}
-ln -s /var/lib/galaxy-server/shed-tools/${stc} usr/lib/galaxy-server/${stc}
+# Deal with shed_tool*_conf.xml
+for stc in shed_tool_conf.xml shed_tool_data_table_conf.xml ; do
+ echo "Initialising /var/lib/galaxy-server/${stc} from ${stc}.sample"
+ mv -v usr/lib/galaxy-server/${stc}.sample var/lib/galaxy-server/shed_tools/${stc}
+ ln -s /var/lib/galaxy-server/shed_tools/${stc} usr/lib/galaxy-server/${stc}
+done
Modified: trunk/packages/galaxy/trunk/debian/get-orig-source.sh
===================================================================
--- trunk/packages/galaxy/trunk/debian/get-orig-source.sh 2014-03-24 07:38:24 UTC (rev 16504)
+++ trunk/packages/galaxy/trunk/debian/get-orig-source.sh 2014-03-24 10:13:56 UTC (rev 16505)
@@ -59,11 +59,13 @@
# Work on the tarball...
# Sort out the directory name
mv -v galaxy-galaxy-dist-* galaxy-dist
-# Download all the eggs, including psychopg2
+# Download all the eggs, but not psychopg2
+# Purge any .pyc files
pushd galaxy-dist
python ./scripts/fetch_eggs.py -c universe_wsgi.ini.sample
- python ./scripts/fetch_eggs.py -c universe_wsgi.ini.sample -e psycopg2
+ #python ./scripts/fetch_eggs.py -c universe_wsgi.ini.sample -e psycopg2
python ./scripts/fetch_eggs.py -c universe_wsgi.ini.sample -e sqlalchemy-migrate
+ find -name '*.pyc' -delete
popd
echo "Repacking galaxy-repack_$REPACK_VERSION.tar.xz"
Modified: trunk/packages/galaxy/trunk/debian/patches/series
===================================================================
--- trunk/packages/galaxy/trunk/debian/patches/series 2014-03-24 07:38:24 UTC (rev 16504)
+++ trunk/packages/galaxy/trunk/debian/patches/series 2014-03-24 10:13:56 UTC (rev 16505)
@@ -5,3 +5,4 @@
use_system_python_libs
force_use_of_bash_interpreter
drop_tmp_table_before_upgrade
+shed_tools_data_path
Added: trunk/packages/galaxy/trunk/debian/patches/shed_tools_data_path
===================================================================
--- trunk/packages/galaxy/trunk/debian/patches/shed_tools_data_path (rev 0)
+++ trunk/packages/galaxy/trunk/debian/patches/shed_tools_data_path 2014-03-24 10:13:56 UTC (rev 16505)
@@ -0,0 +1,11 @@
+--- a/lib/tool_shed/util/tool_util.py
++++ b/lib/tool_shed/util/tool_util.py
+@@ -207,7 +207,7 @@
+ def copy_sample_file( app, filename, dest_path=None ):
+ """Copy xxx.sample to dest_path/xxx.sample and dest_path/xxx. The default value for dest_path is ~/tool-data."""
+ if dest_path is None:
+- dest_path = os.path.abspath( app.config.tool_data_path )
++ dest_path = os.path.abspath( app.config.shed_tool_data_path )
+ sample_file_name = suc.strip_path( filename )
+ copied_file = sample_file_name.replace( '.sample', '' )
+ full_source_path = os.path.abspath( filename )
Modified: trunk/packages/galaxy/trunk/debian/sbin/galaxy-add-administrator
===================================================================
--- trunk/packages/galaxy/trunk/debian/sbin/galaxy-add-administrator 2014-03-24 07:38:24 UTC (rev 16504)
+++ trunk/packages/galaxy/trunk/debian/sbin/galaxy-add-administrator 2014-03-24 10:13:56 UTC (rev 16505)
@@ -108,8 +108,8 @@
}
elsif( $create_ini && $mode eq 'show' )
{
- print "The file $ini was not found. If you add an administrator with this\n".
- "script it will be created for you.\n";
+ print "The file $ini was not found.\n".
+ "If you add an administrator with this script it will be created for you.\n";
usage();
}
else
Modified: trunk/packages/galaxy/trunk/debian/universe_wsgi.d/10_debian_defaults.ini
===================================================================
--- trunk/packages/galaxy/trunk/debian/universe_wsgi.d/10_debian_defaults.ini 2014-03-24 07:38:24 UTC (rev 16504)
+++ trunk/packages/galaxy/trunk/debian/universe_wsgi.d/10_debian_defaults.ini 2014-03-24 10:13:56 UTC (rev 16505)
@@ -45,5 +45,10 @@
# public.
new_user_dataset_access_role_default_private = True
+# By default tool defs installed into the shed try to write to ./tool-data,
+# but that is read-only.
+shed_tools_data_path = shed_tools/data
+tool_dependency_dir = shed_tools/deps
+
# And no debugging, ta.
debug = False
More information about the debian-med-commit
mailing list