This repository has been archived by the owner on Jul 8, 2020. It is now read-only.
forked from cganote/docker-ctat-galaxy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
startup
executable file
·347 lines (306 loc) · 13.8 KB
/
startup
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
#!/bin/bash
# Migration path for old images that had the tool_deps under /export/galaxy-central/tool_deps/
if [ -d "/export/galaxy-central/tool_deps/" ] && [ ! -L "/export/galaxy-central/tool_deps/" ]; then
mkdir -p /export/tool_deps/
mv /export/galaxy-central/tool_deps /export/
ln -s /export/tool_deps/ $GALAXY_ROOT/
fi
if [ -d "$RESOURCE_LIB" ]; then
chown -R galaxy $RESOURCE_LIB
chgrp -R galaxy $RESOURCE_LIB
chmod -R a+rX $RESOURCE_LIB
fi
# This is needed for Docker compose to have a unified alias for the main container.
# Modifying /etc/hosts can only happen during runtime not during build-time
echo "127.0.0.1 galaxy" >> /etc/hosts
# Set number of Galaxy handlers via GALAXY_HANDLER_NUMPROCS or default to 2
ansible localhost -m ini_file -a "dest=/etc/supervisor/conf.d/galaxy.conf section=program:handler option=numprocs value=${GALAXY_HANDLER_NUMPROCS:-2}" &> /dev/null
# Configure proxy prefix filtering
if [ "x$PROXY_PREFIX" != "x" ]
then
if [ ${GALAXY_CONFIG_FILE: -4} == ".ini" ]
then
ansible localhost -m ini_file -a "dest=${GALAXY_CONFIG_FILE} section=filter:proxy-prefix option=prefix value=${PROXY_PREFIX}" &> /dev/null
ansible localhost -m ini_file -a "dest=${GALAXY_CONFIG_FILE} section=app:main option=filter-with value=proxy-prefix" &> /dev/null
else
ansible localhost -m lineinfile -a "path=${GALAXY_CONFIG_FILE} regexp='^ module:' state=absent" &> /dev/null
ansible localhost -m lineinfile -a "path=${GALAXY_CONFIG_FILE} regexp='^ socket:' state=absent" &> /dev/null
ansible localhost -m lineinfile -a "path=${GALAXY_CONFIG_FILE} regexp='^ mount:' state=absent" &> /dev/null
ansible localhost -m lineinfile -a "path=${GALAXY_CONFIG_FILE} regexp='^ manage-script-name:' state=absent" &> /dev/null
ansible localhost -m lineinfile -a "path=${GALAXY_CONFIG_FILE} insertafter='^uwsgi:' line=' manage-script-name: true'" &> /dev/null
ansible localhost -m lineinfile -a "path=${GALAXY_CONFIG_FILE} insertafter='^uwsgi:' line=' mount: ${PROXY_PREFIX}=galaxy.webapps.galaxy.buildapp:uwsgi_app()'" &> /dev/null
ansible localhost -m lineinfile -a "path=${GALAXY_CONFIG_FILE} insertafter='^uwsgi:' line=' socket: unix:///srv/galaxy/var/uwsgi.sock'" &> /dev/null
# Also set SCRIPT_NAME. It's not always necessary due to manage-script-name: true in galaxy.yml, but it makes life easier in this container + it does no harm
ansible localhost -m lineinfile -a "path=/etc/nginx/conf.d/uwsgi.conf regexp='^ uwsgi_param SCRIPT_NAME' state=absent" &> /dev/null
ansible localhost -m lineinfile -a "path=/etc/nginx/conf.d/uwsgi.conf insertafter='^ include uwsgi_params' line=' uwsgi_param SCRIPT_NAME ${PROXY_PREFIX};'" &> /dev/null
fi
ansible localhost -m ini_file -a "dest=${GALAXY_CONFIG_DIR}/reports_wsgi.ini section=filter:proxy-prefix option=prefix value=${PROXY_PREFIX}/reports" &> /dev/null
ansible localhost -m ini_file -a "dest=${GALAXY_CONFIG_DIR}/reports_wsgi.ini section=app:main option=filter-with value=proxy-prefix" &> /dev/null
# Fix path to html assets
ansible localhost -m replace -a "dest=$GALAXY_CONFIG_DIR/web/welcome.html regexp='(href=\"|\')[/\\w]*(/static)' replace='\\1${PROXY_PREFIX}\\2'" &> /dev/null
# Set some other vars based on that prefix
if [ "x$GALAXY_CONFIG_COOKIE_PATH" == "x" ]
then
export GALAXY_CONFIG_COOKIE_PATH="$PROXY_PREFIX"
fi
if [ "x$GALAXY_CONFIG_DYNAMIC_PROXY_PREFIX" == "x" ]
then
export GALAXY_CONFIG_DYNAMIC_PROXY_PREFIX="$PROXY_PREFIX/gie_proxy"
fi
# Change the defaults nginx upload/x-accel paths
if [ "$GALAXY_CONFIG_NGINX_UPLOAD_PATH" == "/_upload" ]
then
export GALAXY_CONFIG_NGINX_UPLOAD_PATH="${PROXY_PREFIX}${GALAXY_CONFIG_NGINX_UPLOAD_PATH}"
fi
fi
# Disable authentication of Galaxy reports
if [ "x$DISABLE_REPORTS_AUTH" != "x" ]
then
# disable authentification
echo "Disable Galaxy reports authentification "
echo "" > /etc/nginx/conf.d/reports_auth.conf
else
# enable authentification
echo "Enable Galaxy reports authentification "
cp /etc/nginx/conf.d/reports_auth.conf.source /etc/nginx/conf.d/reports_auth.conf
fi
cd /galaxy-central
. /galaxy_venv/bin/activate
umount /var/lib/docker
# If /export/ is mounted, export_user_files file moving all data to /export/
# symlinks will point from the original location to the new path under /export/
# If /export/ is not given, nothing will happen in that step
python /usr/local/bin/export_user_files.py $PG_DATA_DIR_DEFAULT
# Enable loading of dependencies on startup. Such as LDAP.
# Adapted from galaxyproject/galaxy/scripts/common_startup.sh
if [[ "x$LOAD_GALAXY_CONDITIONAL_DEPENDENCIES" != "x" ]]
then
echo "Installing optional dependencies in galaxy virtual environment..."
: ${GALAXY_WHEELS_INDEX_URL:="https://wheels.galaxyproject.org/simple"}
GALAXY_CONDITIONAL_DEPENDENCIES=$(PYTHONPATH=lib python -c "import galaxy.dependencies; print '\n'.join(galaxy.dependencies.optional('$GALAXY_CONFIG_FILE'))")
[ -z "$GALAXY_CONDITIONAL_DEPENDENCIES" ] || echo "$GALAXY_CONDITIONAL_DEPENDENCIES" | pip install -q -r /dev/stdin --index-url "${GALAXY_WHEELS_INDEX_URL}"
fi
if [[ "x$LOAD_GALAXY_CONDITIONAL_DEPENDENCIES" != "x" ]] && [[ "x$LOAD_PYTHON_DEV_DEPENDENCIES" != "x" ]]
then
echo "Installing development requirements in galaxy virtual environment..."
: ${GALAXY_WHEELS_INDEX_URL:="https://wheels.galaxyproject.org/simple"}
dev_requirements='./lib/galaxy/dependencies/dev-requirements.txt'
[ -f $dev_requirements ] && pip install -q -r $dev_requirements --index-url "${GALAXY_WHEELS_INDEX_URL}"
fi
# Enable Test Tool Shed
if [ "x$ENABLE_TTS_INSTALL" != "x" ]
then
echo "Enable installation from the Test Tool Shed."
export GALAXY_CONFIG_TOOL_SHEDS_CONFIG_FILE=$GALAXY_HOME/tool_sheds_conf.xml
fi
# Remove all default tools from Galaxy by default
if [ "x$BARE" != "x" ]
then
echo "Remove all tools from the tool_conf.xml file."
export GALAXY_CONFIG_TOOL_CONFIG_FILE=config/shed_tool_conf.xml,$GALAXY_ROOT/test/functional/tools/upload_tool_conf.xml
fi
if [[ $NONUSE != *"postgres"* ]]
then
# Backward compatibility for exported postgresql directories before version 15.08.
# In previous versions postgres has the UID/GID of 102/106. We changed this in
# https://github.com/bgruening/docker-galaxy-stable/pull/71 to GALAXY_POSTGRES_UID=1550 and
# GALAXY_POSTGRES_GID=1550
if [ -e /export/postgresql/ ];
then
if [ `stat -c %g /export/postgresql/` == "106" ];
then
chown -R postgres:postgres /export/postgresql/
fi
fi
fi
if [ "x$ENABLE_CONDOR" != "x" ]
then
if [ "x$CONDOR_HOST" != "x" ]
then
echo "Enabling Condor with external scheduler at $CONDOR_HOST"
echo "# Config generated by startup.sh
CONDOR_HOST = $CONDOR_HOST
ALLOW_ADMINISTRATOR = *
ALLOW_OWNER = *
ALLOW_READ = *
ALLOW_WRITE = *
ALLOW_CLIENT = *
ALLOW_NEGOTIATOR = *
DAEMON_LIST = MASTER, SCHEDD
UID_DOMAIN = galaxy
DISCARD_SESSION_KEYRING_ON_STARTUP = False
TRUST_UID_DOMAIN = true" > /etc/condor/condor_config.local
fi
if [ -e /export/condor_config ]
then
echo "Replacing Condor config by locally supplied config from /export/condor_config"
rm -f /etc/condor/condor_config
ln -s /export/condor_config /etc/condor/condor_config
fi
fi
# Copy or link the slurm/munge config files
if [ -e /export/slurm.conf ]
then
rm -f /etc/slurm-llnl/slurm.conf
ln -s /export/slurm.conf /etc/slurm-llnl/slurm.conf
else
# Configure SLURM with runtime hostname.
# Use absolute path to python so virtualenv is not used.
/usr/bin/python /usr/sbin/configure_slurm.py
fi
if [ -e /export/munge.key ]
then
rm -f /etc/munge/munge.key
ln -s /export/munge.key /etc/munge/munge.key
chmod 400 /export/munge.key
fi
# link the gridengine config file
if [ -e /export/act_qmaster ]
then
rm -f /var/lib/gridengine/default/common/act_qmaster
ln -s /export/act_qmaster /var/lib/gridengine/default/common/act_qmaster
fi
# Waits until postgres is ready
function wait_for_postgres {
echo "Checking if database is up and running"
until /usr/local/bin/check_database.py 2>&1 >/dev/null; do sleep 1; echo "Waiting for database"; done
echo "Database connected"
}
# $NONUSE can be set to include cron, proftp, reports or nodejs
# if included we will _not_ start these services.
function start_supervisor {
supervisord -c /etc/supervisor/supervisord.conf
sleep 5
if [[ $NONUSE != *"postgres"* ]]
then
echo "Starting postgres"
supervisorctl start postgresql
fi
wait_for_postgres
if [[ $NONUSE != *"cron"* ]]
then
echo "Starting cron"
supervisorctl start cron
fi
if [[ $NONUSE != *"proftp"* ]]
then
echo "Starting ProFTP"
supervisorctl start proftpd
fi
if [[ $NONUSE != *"reports"* ]]
then
echo "Starting Galaxy reports webapp"
supervisorctl start reports
fi
if [[ $NONUSE != *"nodejs"* ]]
then
echo "Starting nodejs"
supervisorctl start galaxy:galaxy_nodejs_proxy
fi
if [[ $NONUSE != *"condor"* ]]
then
echo "Starting condor"
supervisorctl start condor
fi
if [[ $NONUSE != *"slurmctld"* ]]
then
echo "Starting slurmctld"
/usr/sbin/slurmctld -L /home/galaxy/logs/slurmctld.log
fi
if [[ $NONUSE != *"slurmd"* ]]
then
echo "Starting slurmd"
/usr/sbin/slurmd -L /home/galaxy/logs/slurmd.log
fi
# We need to run munged regardless
mkdir -p /var/run/munge && /usr/sbin/munged -f
}
if [[ $NONUSE != *"postgres"* ]]
then
# Change the data_directory of postgresql in the main config file
ansible localhost -m lineinfile -a "line='data_directory = \'$PG_DATA_DIR_HOST\'' dest=$PG_CONF_DIR_DEFAULT/postgresql.conf backup=yes state=present regexp='data_directory'" &> /dev/null
fi
# Try to guess if we are running under --privileged mode
if mount | grep "/proc/kcore"; then
PRIVILEGED=false
else
PRIVILEGED=true
fi
# Try to guess if we are running under --privileged mode
if $PRIVILEGED; then
echo "Enable Galaxy Interactive Environments."
export GALAXY_CONFIG_INTERACTIVE_ENVIRONMENT_PLUGINS_DIRECTORY="config/plugins/interactive_environments"
if [ x$DOCKER_PARENT == "x" ]; then
#build the docker in docker environment
bash /root/cgroupfs_mount.sh
start_supervisor
supervisorctl start docker
else
#inheriting /var/run/docker.sock from parent, assume that you need to
#run docker with sudo to validate
echo "galaxy ALL = NOPASSWD : ALL" >> /etc/sudoers
start_supervisor
fi
if [ "x$PULL_IE_IMAGES" != "x" ]; then
echo "About to pull IE images. Depending on the size, this may take a while!"
fi
else
echo "Disable Galaxy Interactive Environments. Start with --privileged to enable IE's."
export GALAXY_CONFIG_INTERACTIVE_ENVIRONMENT_PLUGINS_DIRECTORY=""
start_supervisor
fi
if [ "$USE_HTTPS_LETSENCRYPT" != "False" ]
then
echo "Settting up letsencrypt"
ansible-playbook -c local /ansible/provision.yml \
--extra-vars gather_facts=False \
--extra-vars galaxy_extras_config_ssl=True \
--extra-vars galaxy_extras_config_ssl_method=letsencrypt \
--extra-vars galaxy_extras_galaxy_domain="GALAXY_CONFIG_GALAXY_INFRASTRUCTURE_URL" \
--tags https
fi
if [ "$USE_HTTPS" != "False" ]
then
if [ -f /export/server.key -a -f /export/server.crt ]
then
echo "Copying SSL keys"
ansible-playbook -c local /ansible/provision.yml \
--extra-vars gather_facts=False \
--extra-vars galaxy_extras_config_ssl=True \
--extra-vars galaxy_extras_config_ssl_method=own \
--extra-vars src_nginx_ssl_certificate_key=/export/server.key \
--extra-vars src_nginx_ssl_certificate=/export/server.crt \
--tags https
else
echo "Setting up self-signed SSL keys"
ansible-playbook -c local /ansible/provision.yml \
--extra-vars gather_facts=False \
--extra-vars galaxy_extras_config_ssl=True \
--extra-vars galaxy_extras_config_ssl_method=self-signed \
--tags https
fi
fi
# In case the user wants the default admin to be created, do so.
if [ "x$GALAXY_DEFAULT_ADMIN_USER" != "x" ]
then
echo "Creating admin user $GALAXY_DEFAULT_ADMIN_USER with key $GALAXY_DEFAULT_ADMIN_KEY and password $GALAXY_DEFAULT_ADMIN_PASSWORD if not existing"
python /usr/local/bin/create_galaxy_user.py --user "$GALAXY_DEFAULT_ADMIN_EMAIL" --password "$GALAXY_DEFAULT_ADMIN_PASSWORD" \
-c "$GALAXY_CONFIG_FILE" --username "$GALAXY_DEFAULT_ADMIN_USER" --key "$GALAXY_DEFAULT_ADMIN_KEY"
# If there is a need to execute actions that would require a live galaxy instance, such as adding workflows, setting quotas, adding more users, etc.
# then place a file with that logic named post-start-actions.sh on the /export/ directory, it should have access to all environment variables
# visible here.
# The file needs to be executable (chmod a+x post-start-actions.sh)
if [ -x /export/post-start-actions.sh ]
then
# uses ephemeris, present in docker-galaxy-stable, to wait for the local instance
galaxy-wait -g http://127.0.0.1 -v --timeout 120 > /home/galaxy/logs/post-start-actions.log &&
/export/post-start-actions.sh >> /home/galaxy/logs/post-start-actions.log &
fi
fi
# Enable verbose output
if [ `echo ${GALAXY_LOGGING:-'no'} | tr [:upper:] [:lower:]` = "full" ]
then
tail -f /var/log/supervisor/* /var/log/nginx/* /home/galaxy/logs/*.log
else
tail -f /home/galaxy/logs/*.log
fi