comparison docker/startup @ 42:b938475235e3 draft

Uploaded
author fubar
date Sun, 16 Aug 2020 08:33:09 -0400
parents
children
comparison
equal deleted inserted replaced
41:f8c1694190f0 42:b938475235e3
1 #!/usr/bin/env bash
2
3 # Migration path for old images that had the tool_deps under /export/galaxy-central/tool_deps/
4
5 if [ -d "/export/galaxy-central/tool_deps/" ] && [ ! -L "/export/galaxy-central/tool_deps/" ]; then
6 mkdir -p /export/tool_deps/
7 mv /export/galaxy-central/tool_deps /export/
8 ln -s /export/tool_deps/ $GALAXY_ROOT/
9 fi
10
11 # This is needed for Docker compose to have a unified alias for the main container.
12 # Modifying /etc/hosts can only happen during runtime not during build-time
13 echo "127.0.0.1 galaxy" >> /etc/hosts
14
15 # Set number of Galaxy handlers via GALAXY_HANDLER_NUMPROCS or default to 2
16 ansible localhost -m ini_file -a "dest=/etc/supervisor/conf.d/galaxy.conf section=program:handler option=numprocs value=${GALAXY_HANDLER_NUMPROCS:-2}" &> /dev/null
17
18 # If the Galaxy config file is not in the expected place, copy from the sample
19 # and hope for the best (that the admin has done all the setup through env vars.)
20 if [ ! -f $GALAXY_CONFIG_FILE ]
21 then
22 # this should succesfully copy either .yml or .ini sample file to the expected location
23 cp /export/config/galaxy${GALAXY_CONFIG_FILE: -4}.sample $GALAXY_CONFIG_FILE
24 fi
25
26 # Configure proxy prefix filtering
27 if [[ ! -z $PROXY_PREFIX ]]
28 then
29 if [ ${GALAXY_CONFIG_FILE: -4} == ".ini" ]
30 then
31 ansible localhost -m ini_file -a "dest=${GALAXY_CONFIG_FILE} section=filter:proxy-prefix option=prefix value=${PROXY_PREFIX}" &> /dev/null
32 ansible localhost -m ini_file -a "dest=${GALAXY_CONFIG_FILE} section=app:main option=filter-with value=proxy-prefix" &> /dev/null
33 else
34 ansible localhost -m lineinfile -a "path=${GALAXY_CONFIG_FILE} regexp='^ module:' state=absent" &> /dev/null
35 ansible localhost -m lineinfile -a "path=${GALAXY_CONFIG_FILE} regexp='^ socket:' state=absent" &> /dev/null
36 ansible localhost -m lineinfile -a "path=${GALAXY_CONFIG_FILE} regexp='^ mount:' state=absent" &> /dev/null
37 ansible localhost -m lineinfile -a "path=${GALAXY_CONFIG_FILE} regexp='^ manage-script-name:' state=absent" &> /dev/null
38 ansible localhost -m lineinfile -a "path=${GALAXY_CONFIG_FILE} insertafter='^uwsgi:' line=' manage-script-name: true'" &> /dev/null
39 ansible localhost -m lineinfile -a "path=${GALAXY_CONFIG_FILE} insertafter='^uwsgi:' line=' mount: ${PROXY_PREFIX}=galaxy.webapps.galaxy.buildapp:uwsgi_app()'" &> /dev/null
40 ansible localhost -m lineinfile -a "path=${GALAXY_CONFIG_FILE} insertafter='^uwsgi:' line=' socket: unix:///srv/galaxy/var/uwsgi.sock'" &> /dev/null
41
42 # Also set SCRIPT_NAME. It's not always necessary due to manage-script-name: true in galaxy.yml, but it makes life easier in this container + it does no harm
43 ansible localhost -m lineinfile -a "path=/etc/nginx/conf.d/uwsgi.conf regexp='^ uwsgi_param SCRIPT_NAME' state=absent" &> /dev/null
44 ansible localhost -m lineinfile -a "path=/etc/nginx/conf.d/uwsgi.conf insertafter='^ include uwsgi_params' line=' uwsgi_param SCRIPT_NAME ${PROXY_PREFIX};'" &> /dev/null
45 fi
46
47 ansible localhost -m ini_file -a "dest=${GALAXY_CONFIG_DIR}/reports_wsgi.ini section=filter:proxy-prefix option=prefix value=${PROXY_PREFIX}/reports" &> /dev/null
48 ansible localhost -m ini_file -a "dest=${GALAXY_CONFIG_DIR}/reports_wsgi.ini section=app:main option=filter-with value=proxy-prefix" &> /dev/null
49
50 # Fix path to html assets
51 ansible localhost -m replace -a "dest=$GALAXY_CONFIG_DIR/web/welcome.html regexp='(href=\"|\')[/\\w]*(/static)' replace='\\1${PROXY_PREFIX}\\2'" &> /dev/null
52
53 # Set some other vars based on that prefix
54 if [ "x$GALAXY_CONFIG_COOKIE_PATH" == "x" ]
55 then
56 export GALAXY_CONFIG_COOKIE_PATH="$PROXY_PREFIX"
57 fi
58 if [ "x$GALAXY_CONFIG_DYNAMIC_PROXY_PREFIX" == "x" ]
59 then
60 export GALAXY_CONFIG_DYNAMIC_PROXY_PREFIX="$PROXY_PREFIX/gie_proxy"
61 fi
62
63 # Change the defaults nginx upload/x-accel paths
64 if [ "$GALAXY_CONFIG_NGINX_UPLOAD_PATH" == "/_upload" ]
65 then
66 export GALAXY_CONFIG_NGINX_UPLOAD_PATH="${PROXY_PREFIX}${GALAXY_CONFIG_NGINX_UPLOAD_PATH}"
67 fi
68 fi
69
70 # Disable authentication of Galaxy reports
71 if [[ ! -z $DISABLE_REPORTS_AUTH ]]
72 then
73 # disable authentification
74 echo "Disable Galaxy reports authentification "
75 echo "" > /etc/nginx/conf.d/reports_auth.conf
76 else
77 # enable authentification
78 echo "Enable Galaxy reports authentification "
79 cp /etc/nginx/conf.d/reports_auth.conf.source /etc/nginx/conf.d/reports_auth.conf
80 fi
81
82 # Try to guess if we are running under --privileged mode
83 if [[ ! -z $HOST_DOCKER_LEGACY ]]; then
84 if mount | grep "/proc/kcore"; then
85 PRIVILEGED=false
86 else
87 PRIVILEGED=true
88 fi
89 else
90 # Taken from http://stackoverflow.com/questions/32144575/how-to-know-if-a-docker-container-is-running-in-privileged-mode
91 ip link add dummy0 type dummy 2>/dev/null
92 if [[ $? -eq 0 ]]; then
93 PRIVILEGED=true
94 # clean the dummy0 link
95 ip link delete dummy0 2>/dev/null
96 else
97 PRIVILEGED=false
98 fi
99 fi
100
101 cd $GALAXY_ROOT
102 . $GALAXY_VIRTUAL_ENV/bin/activate
103
104 if $PRIVILEGED; then
105 umount /var/lib/docker
106 fi
107
108 if [[ ! -z $STARTUP_EXPORT_USER_FILES ]]; then
109 # If /export/ is mounted, export_user_files file moving all data to /export/
110 # symlinks will point from the original location to the new path under /export/
111 # If /export/ is not given, nothing will happen in that step
112 echo "Checking /export..."
113 python3 /usr/local/bin/export_user_files.py $PG_DATA_DIR_DEFAULT
114 fi
115
116 # Delete compiled templates in case they are out of date
117 if [[ ! -z $GALAXY_CONFIG_TEMPLATE_CACHE_PATH ]]; then
118 rm -rf $GALAXY_CONFIG_TEMPLATE_CACHE_PATH/*
119 fi
120
121 # Enable loading of dependencies on startup. Such as LDAP.
122 # Adapted from galaxyproject/galaxy/scripts/common_startup.sh
123 if [[ ! -z $LOAD_GALAXY_CONDITIONAL_DEPENDENCIES ]]
124 then
125 echo "Installing optional dependencies in galaxy virtual environment..."
126 : ${GALAXY_WHEELS_INDEX_URL:="https://wheels.galaxyproject.org/simple"}
127 GALAXY_CONDITIONAL_DEPENDENCIES=$(PYTHONPATH=lib python -c "import galaxy.dependencies; print('\n'.join(galaxy.dependencies.optional('$GALAXY_CONFIG_FILE')))")
128 [ -z "$GALAXY_CONDITIONAL_DEPENDENCIES" ] || echo "$GALAXY_CONDITIONAL_DEPENDENCIES" | pip install -q -r /dev/stdin --index-url "${GALAXY_WHEELS_INDEX_URL}"
129 fi
130
131 if [[ ! -z $LOAD_GALAXY_CONDITIONAL_DEPENDENCIES ]] && [[ ! -z $LOAD_PYTHON_DEV_DEPENDENCIES ]]
132 then
133 echo "Installing development requirements in galaxy virtual environment..."
134 : ${GALAXY_WHEELS_INDEX_URL:="https://wheels.galaxyproject.org/simple"}
135 dev_requirements='./lib/galaxy/dependencies/dev-requirements.txt'
136 [ -f $dev_requirements ] && pip install -q -r $dev_requirements --index-url "${GALAXY_WHEELS_INDEX_URL}"
137 fi
138
139 # Enable Test Tool Shed
140 if [[ ! -z $ENABLE_TTS_INSTALL ]]
141 then
142 echo "Enable installation from the Test Tool Shed."
143 export GALAXY_CONFIG_TOOL_SHEDS_CONFIG_FILE=$GALAXY_HOME/tool_sheds_conf.xml
144 fi
145
146 # Remove all default tools from Galaxy by default
147 if [[ ! -z $BARE ]]
148 then
149 echo "Remove all tools from the tool_conf.xml file."
150 export GALAXY_CONFIG_TOOL_CONFIG_FILE=config/shed_tool_conf.xml,$GALAXY_ROOT/test/functional/tools/upload_tool_conf.xml
151 fi
152
153 # If auto installing conda envs, make sure bcftools is installed for __set_metadata__ tool
154 if [[ ! -z $GALAXY_CONFIG_CONDA_AUTO_INSTALL ]]
155 then
156 if [ ! -d "/tool_deps/_conda/envs/__bcftools@1.5" ]; then
157 su $GALAXY_USER -c "/tool_deps/_conda/bin/conda create -y --override-channels --channel iuc --channel conda-forge --channel bioconda --channel defaults --name __bcftools@1.5 bcftools=1.5"
158 su $GALAXY_USER -c "/tool_deps/_conda/bin/conda clean --tarballs --yes"
159 fi
160 fi
161
162 if [[ ! -z $GALAXY_EXTRAS_CONFIG_POSTGRES ]]; then
163 if [[ $NONUSE != *"postgres"* ]]
164 then
165 # Backward compatibility for exported postgresql directories before version 15.08.
166 # In previous versions postgres has the UID/GID of 102/106. We changed this in
167 # https://github.com/bgruening/docker-galaxy-stable/pull/71 to GALAXY_POSTGRES_UID=1550 and
168 # GALAXY_POSTGRES_GID=1550
169 if [ -e /export/postgresql/ ];
170 then
171 if [ `stat -c %g /export/postgresql/` == "106" ];
172 then
173 chown -R postgres:postgres /export/postgresql/
174 fi
175 fi
176 fi
177 fi
178
179
180 if [[ ! -z $GALAXY_EXTRAS_CONFIG_CONDOR ]]; then
181 if [[ ! -z $ENABLE_CONDOR ]]
182 then
183 if [[ ! -z $CONDOR_HOST ]]
184 then
185 echo "Enabling Condor with external scheduler at $CONDOR_HOST"
186 echo "# Config generated by startup.sh
187 CONDOR_HOST = $CONDOR_HOST
188 ALLOW_ADMINISTRATOR = *
189 ALLOW_OWNER = *
190 ALLOW_READ = *
191 ALLOW_WRITE = *
192 ALLOW_CLIENT = *
193 ALLOW_NEGOTIATOR = *
194 DAEMON_LIST = MASTER, SCHEDD
195 UID_DOMAIN = galaxy
196 DISCARD_SESSION_KEYRING_ON_STARTUP = False
197 TRUST_UID_DOMAIN = true" > /etc/condor/condor_config.local
198 fi
199
200 if [[ -e /export/condor_config ]]
201 then
202 echo "Replacing Condor config by locally supplied config from /export/condor_config"
203 rm -f /etc/condor/condor_config
204 ln -s /export/condor_config /etc/condor/condor_config
205 fi
206 fi
207 fi
208
209
210 # Copy or link the slurm/munge config files
211 if [ -e /export/slurm.conf ]
212 then
213 rm -f /etc/slurm-llnl/slurm.conf
214 ln -s /export/slurm.conf /etc/slurm-llnl/slurm.conf
215 else
216 # Configure SLURM with runtime hostname.
217 # Use absolute path to python so virtualenv is not used.
218 /usr/bin/python /usr/sbin/configure_slurm.py
219 fi
220 if [ -e /export/munge.key ]
221 then
222 rm -f /etc/munge/munge.key
223 ln -s /export/munge.key /etc/munge/munge.key
224 chmod 400 /export/munge.key
225 fi
226
227 # link the gridengine config file
228 if [ -e /export/act_qmaster ]
229 then
230 rm -f /var/lib/gridengine/default/common/act_qmaster
231 ln -s /export/act_qmaster /var/lib/gridengine/default/common/act_qmaster
232 fi
233
234 # Waits until postgres is ready
235 function wait_for_postgres {
236 echo "Checking if database is up and running"
237 until /usr/local/bin/check_database.py 2>&1 >/dev/null; do sleep 1; echo "Waiting for database"; done
238 echo "Database connected"
239 }
240
241 # $NONUSE can be set to include cron, proftp, reports or nodejs
242 # if included we will _not_ start these services.
243 function start_supervisor {
244 supervisord -c /etc/supervisor/supervisord.conf
245 sleep 5
246
247 if [[ ! -z $SUPERVISOR_MANAGE_POSTGRES && ! -z $SUPERVISOR_POSTGRES_AUTOSTART ]]; then
248 if [[ $NONUSE != *"postgres"* ]]
249 then
250 echo "Starting postgres"
251 supervisorctl start postgresql
252 fi
253 fi
254
255 wait_for_postgres
256
257 # Make sure the database is automatically updated
258 if [[ ! -z $GALAXY_AUTO_UPDATE_DB ]]
259 then
260 echo "Updating Galaxy database"
261 sh manage_db.sh -c /etc/galaxy/galaxy.yml upgrade
262 fi
263
264 if [[ ! -z $SUPERVISOR_MANAGE_CRON ]]; then
265 if [[ $NONUSE != *"cron"* ]]
266 then
267 echo "Starting cron"
268 supervisorctl start cron
269 fi
270 fi
271
272 if [[ ! -z $SUPERVISOR_MANAGE_PROFTP ]]; then
273 if [[ $NONUSE != *"proftp"* ]]
274 then
275 echo "Starting ProFTP"
276 supervisorctl start proftpd
277 fi
278 fi
279
280 if [[ ! -z $SUPERVISOR_MANAGE_REPORTS ]]; then
281 if [[ $NONUSE != *"reports"* ]]
282 then
283 echo "Starting Galaxy reports webapp"
284 supervisorctl start reports
285 fi
286 fi
287
288 if [[ ! -z $SUPERVISOR_MANAGE_IE_PROXY ]]; then
289 if [[ $NONUSE != *"nodejs"* ]]
290 then
291 echo "Starting nodejs"
292 supervisorctl start galaxy:galaxy_nodejs_proxy
293 fi
294 fi
295
296 if [[ ! -z $SUPERVISOR_MANAGE_CONDOR ]]; then
297 if [[ $NONUSE != *"condor"* ]]
298 then
299 echo "Starting condor"
300 supervisorctl start condor
301 fi
302 fi
303
304 if [[ ! -z $SUPERVISOR_MANAGE_SLURM ]]; then
305 if [[ $NONUSE != *"slurmctld"* ]]
306 then
307 echo "Starting slurmctld"
308 supervisorctl start slurmctld
309 fi
310 if [[ $NONUSE != *"slurmd"* ]]
311 then
312 echo "Starting slurmd"
313 supervisorctl start slurmd
314 fi
315 supervisorctl start munge
316 else
317 if [[ $NONUSE != *"slurmctld"* ]]
318 then
319 echo "Starting slurmctld"
320 /usr/sbin/slurmctld -L $GALAXY_LOGS_DIR/slurmctld.log
321 fi
322 if [[ $NONUSE != *"slurmd"* ]]
323 then
324 echo "Starting slurmd"
325 /usr/sbin/slurmd -L $GALAXY_LOGS_DIR/slurmd.log
326 fi
327
328 # We need to run munged regardless
329 mkdir -p /var/run/munge && /usr/sbin/munged -f
330 fi
331 }
332
333 if [[ ! -z $SUPERVISOR_POSTGRES_AUTOSTART ]]; then
334 if [[ $NONUSE != *"postgres"* ]]
335 then
336 # Change the data_directory of postgresql in the main config file
337 ansible localhost -m lineinfile -a "line='data_directory = \'$PG_DATA_DIR_HOST\'' dest=$PG_CONF_DIR_DEFAULT/postgresql.conf backup=yes state=present regexp='data_directory'" &> /dev/null
338 fi
339 fi
340
341 if $PRIVILEGED; then
342 echo "Enable Galaxy Interactive Environments."
343 export GALAXY_CONFIG_INTERACTIVE_ENVIRONMENT_PLUGINS_DIRECTORY="config/plugins/interactive_environments"
344 if [ x$DOCKER_PARENT == "x" ]; then
345 #build the docker in docker environment
346 bash /root/cgroupfs_mount.sh
347 start_supervisor
348 supervisorctl start docker
349 else
350 #inheriting /var/run/docker.sock from parent, assume that you need to
351 #run docker with sudo to validate
352 echo "$GALAXY_USER ALL = NOPASSWD : ALL" >> /etc/sudoers
353 start_supervisor
354 fi
355 if [[ ! -z $PULL_IE_IMAGES ]]; then
356 echo "About to pull IE images. Depending on the size, this may take a while!"
357
358 for ie in {JUPYTER,RSTUDIO,ETHERCALC,PHINCH,NEO}; do
359 enabled_var_name="GALAXY_EXTRAS_IE_FETCH_${ie}";
360 if [[ ${!enabled_var_name} ]]; then
361 # Store name in a var
362 image_var_name="GALAXY_EXTRAS_${ie}_IMAGE"
363 # And then read from that var
364 docker pull "${!image_var_name}"
365 fi
366 done
367 fi
368
369 # in privileged mode autofs and CVMFS is available
370 # install autofs
371 echo "Installing autofs to enable automatic CVMFS mounts"
372 apt-get install autofs --no-install-recommends -y
373 apt-get autoremove -y && apt-get clean && rm -rf /var/lib/apt/lists/*
374 else
375 echo "Disable Galaxy Interactive Environments. Start with --privileged to enable IE's."
376 export GALAXY_CONFIG_INTERACTIVE_ENVIRONMENT_PLUGINS_DIRECTORY=""
377 start_supervisor
378 fi
379
380 if [ "$USE_HTTPS_LETSENCRYPT" != "False" ]
381 then
382 echo "Settting up letsencrypt"
383 ansible-playbook -c local /ansible/provision.yml \
384 --extra-vars gather_facts=False \
385 --extra-vars galaxy_extras_config_ssl=True \
386 --extra-vars galaxy_extras_config_ssl_method=letsencrypt \
387 --extra-vars galaxy_extras_galaxy_domain="GALAXY_CONFIG_GALAXY_INFRASTRUCTURE_URL" \
388 --extra-vars galaxy_extras_config_nginx_upload=False \
389 --tags https
390 fi
391 if [ "$USE_HTTPS" != "False" ]
392 then
393 if [ -f /export/server.key -a -f /export/server.crt ]
394 then
395 echo "Copying SSL keys"
396 ansible-playbook -c local /ansible/provision.yml \
397 --extra-vars gather_facts=False \
398 --extra-vars galaxy_extras_config_ssl=True \
399 --extra-vars galaxy_extras_config_ssl_method=own \
400 --extra-vars src_nginx_ssl_certificate_key=/export/server.key \
401 --extra-vars src_nginx_ssl_certificate=/export/server.crt \
402 --extra-vars galaxy_extras_config_nginx_upload=False \
403 --tags https
404 else
405 echo "Setting up self-signed SSL keys"
406 ansible-playbook -c local /ansible/provision.yml \
407 --extra-vars gather_facts=False \
408 --extra-vars galaxy_extras_config_ssl=True \
409 --extra-vars galaxy_extras_config_ssl_method=self-signed \
410 --extra-vars galaxy_extras_config_nginx_upload=False \
411 --tags https
412 fi
413 fi
414
415 # In case the user wants the default admin to be created, do so.
416 if [[ ! -z $GALAXY_DEFAULT_ADMIN_USER ]]
417 then
418 echo "Creating admin user $GALAXY_DEFAULT_ADMIN_USER with key $GALAXY_DEFAULT_ADMIN_KEY and password $GALAXY_DEFAULT_ADMIN_PASSWORD if not existing"
419 python /usr/local/bin/create_galaxy_user.py --user "$GALAXY_DEFAULT_ADMIN_EMAIL" --password "$GALAXY_DEFAULT_ADMIN_PASSWORD" \
420 -c "$GALAXY_CONFIG_FILE" --username "$GALAXY_DEFAULT_ADMIN_USER" --key "$GALAXY_DEFAULT_ADMIN_KEY"
421 # If there is a need to execute actions that would require a live galaxy instance, such as adding workflows, setting quotas, adding more users, etc.
422 # then place a file with that logic named post-start-actions.sh on the /export/ directory, it should have access to all environment variables
423 # visible here.
424 # The file needs to be executable (chmod a+x post-start-actions.sh)
425 fi
426 if [ -x /export/post-start-actions.sh ]
427 then
428 # uses ephemeris, present in docker-galaxy-stable, to wait for the local instance
429 /tool_deps/_conda/bin/galaxy-wait -g http://127.0.0.1 -v --timeout 120 > $GALAXY_LOGS_DIR/post-start-actions.log &&
430 /export/post-start-actions.sh >> $GALAXY_LOGS_DIR/post-start-actions.log &
431 fi
432
433
434 # Reinstall tools if the user want to
435 if [[ ! -z $GALAXY_AUTO_UPDATE_TOOLS ]]
436 then
437 /tool_deps/_conda/bin/galaxy-wait -g http://127.0.0.1 -v --timeout 120 > /home/galaxy/logs/post-start-actions.log &&
438 OLDIFS=$IFS
439 IFS=','
440 for TOOL_YML in `echo "$GALAXY_AUTO_UPDATE_TOOLS"`
441 do
442 echo "Installing tools from $TOOL_YML"
443 /tool_deps/_conda/bin/shed-tools install -g "http://127.0.0.1" -a "$GALAXY_DEFAULT_ADMIN_KEY" -t "$TOOL_YML"
444 /tool_deps/_conda/bin/conda clean --tarballs --yes
445 done
446 IFS=$OLDIFS
447 fi
448
449 # migrate custom IEs or Visualisations (Galaxy plugins)
450 # this is needed for by the new client build system
451 python3 ${GALAXY_ROOT}/scripts/plugin_staging.py
452
453 # Enable verbose output
454 if [ `echo ${GALAXY_LOGGING:-'no'} | tr [:upper:] [:lower:]` = "full" ]
455 then
456 tail -f /var/log/supervisor/* /var/log/nginx/* $GALAXY_LOGS_DIR/*.log
457 else
458 tail -f $GALAXY_LOGS_DIR/*.log
459 fi
460