FTP upload not working yet

Author: BorisYourich

README.md

@@ -90,3 +90,5 @@ On Debian 11 the default version of `ansible` is 2.10.08 which fails to extract
 Use `sudo apt install python3-docker` before running the `usegalaxy.rabbitmqserver` role.
 
 For influxdb apt key error: https://www.influxdata.com/blog/linux-package-signing-key-rotation/
+
+For proftpd add "LoadModule mod_tls.c" to roles/galaxyproject.proftpd/templates/tls.conf.j2 just before the TLSEngine 

galaxy.yml

@@ -43,6 +43,7 @@
     - geerlingguy.redis
     - usegalaxy_eu.flower
     - galaxyproject.nginx
+    - galaxyproject.proftpd
     - geerlingguy.docker
     - usegalaxy_eu.rabbitmqserver
     - galaxyproject.tiaas2

group_vars/galaxyservers.yml

@@ -22,7 +22,7 @@ galaxy_job_config:
     pulsar_runner:
       load: galaxy.jobs.runners.pulsar:PulsarMQJobRunner
       galaxy_url: "https://{{ inventory_hostname }}"
-      amqp_url: "pyamqp://galaxy:{{ rabbitmq_users_password.galaxy }}@{{ inventory_hostname }}:5671/galaxy?ssl=1"
+      amqp_url: "pyamqp://pulsar:{{ rabbitmq_users_password.galaxy }}@{{ inventory_hostname }}:5671/pulsar?ssl=1"
       amqp_acknowledge: true
       amqp_ack_republish_time: 1200
       amqp_consumer_timeout: 2
@@ -52,44 +52,26 @@ galaxy_job_config:
           value: /tmp
       pulsar:
         runner: pulsar_runner
-        default_file_action: remote_rsync_transfer
+        default_file_action: remote_transfer
         dependency_resolution: remote
         jobs_directory: "/storage/praha5-elixir/home/galaxyeu/pulsar-test/files/staging"
         persistence_directory: "/storage/praha5-elixir/home/galaxyeu/pulsar-test/files/persistent"
         remote_metadata: false
         rewrite_parameters: true
+        transport: curl
         outputs_to_working_directory: false
         submit_native_specification: '-l select=1:ncpus=2:mem=8gb:scratch_local=50gb -l walltime=12:00:00 -q [email protected]' 
         singularity_enabled: true
         singularity_volumes: "$job_directory:rw,$tool_directory:ro,$job_directory/outputs:rw,$working_directory:rw,/cvmfs/data.galaxyproject.org:ro,$SCRATCHDIR"
         ## Following configuration works!
-        #singularity_volumes: "$job_directory:rw,$tool_directory:ro,$job_directory/outputs:rw,$working_directory:rw,/cvmfs/data.galaxyproject.org:ro"
+        # singularity_volumes: "$job_directory:rw,$tool_directory:ro,$job_directory/outputs:rw,$working_directory:rw,/cvmfs/data.galaxyproject.org:ro"
         container_resolvers: 
           - type: explicit_singularity
           - type: mulled_singularity
-        ssh_user: "{{ galaxy_user.name }}"
-        ssh_host: "{{ inventory_hostname }}"
-        ssh_port: 22
-        ssh_key: |
-          -----BEGIN OPENSSH PRIVATE KEY-----
-          b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
-          QyNTUxOQAAACAonATHbBRX3FMl1tbOgsoh2DKBTzrMWkAJnhtAMfX9TgAAAJh2JLntdiS5
-          7QAAAAtzc2gtZWQyNTUxOQAAACAonATHbBRX3FMl1tbOgsoh2DKBTzrMWkAJnhtAMfX9Tg
-          AAAEAjJEh7bxnKxWkbTld8BUKj8wEEMrAFpKcd5BW7csc4wSicBMdsFFfcUyXW1s6CyiHY
-          MoFPOsxaQAmeG0Ax9f1OAAAAEGdhbGF4eUB1c2VnYWxheHkBAgMEBQ==
-          -----END OPENSSH PRIVATE KEY-----
         env:
         # Ensuring a consistent collation environment is good for reproducibility.
         - name: LC_ALL
           value: C
-        # The cache directory holds the docker containers that get converted
-        #- name: SINGULARITY_CACHEDIR
-        #  value: "/storage/praha5-elixir/home/galaxyeu/usegalaxy_data/cache/singularity"
-        # Singularity uses a temporary directory to build the squashfs filesystem
-        #- name: SINGULARITY_TMPDIR
-        #  value: "/storage/praha5-elixir/home/galaxyeu/usegalaxy_data/cache/singularity"
-        #- name: SINGULARITY_BINDPATH
-        #  value: "/storage/praha5-elixir/home/galaxyeu:/home/galaxyeu:rw, $SCRATCHDIR:/scratch"
         - name: TMPDIR
           value: "$SCRATCHDIR"
         - name: TMP
@@ -119,6 +101,9 @@ galaxy_job_config:
 galaxy_config:
   galaxy:
     # Main Configuration
+    enable_oidc: true
+    oidc_config_file: "{{ galaxy_config_dir }}/oidc_config.xml"
+    oidc_backends_config_file: "{{ galaxy_config_dir }}/oidc_backends_config.xml"
     logo_src: "https://www.e-infra.cz/img/logo.svg"
     themes_config_file: "{{ galaxy_config_dir }}/themes.yml"
     admin_users:
@@ -172,6 +157,9 @@ galaxy_config:
     # Monitoring
     statsd_host: localhost
     statsd_influxdb: true
+    # FTP
+    ftp_upload_dir: /data/uploads
+    ftp_upload_site: "{{ inventory_hostname }}"
   gravity:
     process_manager: systemd
     galaxy_root: "{{ galaxy_root }}/server"
@@ -234,6 +222,10 @@ galaxy_config_templates:
     dest: "{{ galaxy_config.galaxy.job_resource_params_file }}"
   - src: templates/galaxy/config/reports.yml
     dest: "{{ galaxy_config.gravity.reports.config_file }}"
+  - src: templates/galaxy/config/oidc_config.xml
+    dest: "{{ galaxy_config_dir }}/oidc_config.xml"
+  - src: templates/galaxy/config/oidc_backends_config.xml
+    dest: "{{ galaxy_config_dir }}/oidc_backends_config.xml"
 
 galaxy_extra_dirs:
   - /data
@@ -257,11 +249,13 @@ certbot_environment: production
 certbot_well_known_root: /srv/nginx/_well-known_root
 certbot_share_key_users:
   - www-data
+  - proftpd
 certbot_share_key_ids:
   - "999:999"
 certbot_post_renewal: |
     systemctl restart nginx || true
     docker restart rabbit_hole || true
+    systemctl restart proftpd || true
 certbot_domains:
  - "{{ inventory_hostname }}"
 certbot_agree_tos: --agree-tos
@@ -272,6 +266,7 @@ nginx_servers:
   - redirect-ssl
 nginx_ssl_servers:
   - galaxy
+    #  - sentry
 nginx_enable_default_server: false
 nginx_conf_http:
   client_max_body_size: 1g
@@ -331,17 +326,17 @@ rabbitmq_config:
   consumer_timeout: 21600000 # 6 hours in milliseconds
 
 rabbitmq_vhosts:
-  - galaxy
+  - pulsar
   - galaxy_internal
 
 rabbitmq_users:
   - user: debian
     password: "{{ rabbitmq_users_password.mqadmin }}"
     tags: administrator
     vhost: /
-  - user: galaxy
+  - user: pulsar
     password: "{{ rabbitmq_users_password.galaxy }}"
-    vhost: galaxy
+    vhost: pulsar
   - user: galaxy
     password: "{{ vault_rabbitmq_password_galaxy }}"
     vhost: galaxy_internal
@@ -398,3 +393,24 @@ tiaas_dir: /srv/tiaas
 tiaas_admin_user: admin
 tiaas_admin_pass: changeme
 
+# Proftpd:
+proftpd_galaxy_auth: yes
+galaxy_ftp_upload_dir: "{{ galaxy_config.galaxy.ftp_upload_dir }}"
+proftpd_display_connect: |
+  {{ inventory_hostname }} FTP server
+
+  Unauthorized access is prohibited
+proftpd_create_ftp_upload_dir: yes
+proftpd_options:
+  - User: galaxy
+  - Group: galaxy
+  - Port: 21
+proftpd_sql_db: galaxy@/var/run/postgresql
+proftpd_sql_user: galaxy
+proftpd_conf_ssl_certificate: /etc/letsencrypt/live/{{ inventory_hostname }}/cert.pem
+proftpd_conf_ssl_certificate_key: /etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem
+proftpd_global_options:
+  - PassivePorts: 56000 60000
+proftpd_use_mod_tls_shmcache: false
+proftpd_tls_options: NoSessionReuseRequired
+

group_vars/secret.yml

@@ -1,26 +1,28 @@
 $ANSIBLE_VAULT;1.1;AES256
-64346264363635373433303434653062656233303862383266626336343866623838633439616562
-3930363839653363366230353932396530363761663435300a386337653161303265393038646335
-33613363613266663834306332356433363532643235613630373139623761366338303732393365
-3538613964313436310a393466386361386437373934366635666633303235303130396162626233
-32336662613366333164666230373766643565343938366337393934303430393932313530393961
-37313331626130393963616238323732336439373763333766646537306565336131326433653264
-65363731383865316163633036383933333932346532363035396635376535333563616536633633
-61303438633638633563616463303764616465323934613434646132623362316139396665616335
-64336335376164333565633366636565346436623032633932613863303534653232393966646637
-38303361343736393366623835376539626463616563376564636239333131323262373565316433
-64623461376231313430386336616561613630303663306565373966633939353362383533383734
-32343038393337313666353265613032333031356634373534346263666637386462623133363739
-34343136636633643866613161313161366333623236393830646630333763623638326331396161
-34623564343933633066303035613435363662666466396666613464376263396666373033653431
-31656535366138653563306431626537643564313432353739366534323763383736373662393235
-37353336633234633737353939666264383963343730626562646230316230313335303530656136
-31623062393566613233316165663361333738353861623937373162653131303232623234633362
-39313931306261623034643339636437663765633033653435633936363136363334623339653531
-63623131313165633230646165373066346331396132316230616131613962393564303234636436
-32613462373864383666393237313835653739313261316531313864623466363966313565663033
-30353133613336363964353534393966623033373665663339633736616534643465623034396639
-31396232636462326161396265373533663266396130366164303631303937363265633830316338
-30366335356163323432303262356463316261633033386534373165326138396161396163663562
-32343837396430613063373439646535343661326562383161616534653930336235616631326561
-3938
+39323962323361343763363439383965383037613333363437353038643766343134616661616235
+3463653335613935613134616435366561363332383334630a366436623838636231396539633332
+37656332393737303938373232326435303138646361613966363236653936333534306133306635
+3965666563626666390a393539393932376532663333343461633834636538626436333838643936
+61303730393632366661363930626130323035383536633366356362363961383062313830396237
+31633339643334366333373037333139373664316238396330343862636363363064393564323936
+33396232316137373762623862653536303736623735396433623663393062323736366634613766
+64356238373939663738343338663162313035336639333036376265326562356233333436303436
+31616533613438306332613763383232313062613265323461346631363831373035383338643364
+35386163386235656638383535636432303038336133306230663965656235366663326166353531
+35313236346163636538356464613831346639656262643061396664386139653233306633633430
+32646163306131393137343532663064383030343061316262363430663432366630303366613830
+31383266336231356132643834326239386431616437383366346636323965316630323164376631
+63346430343862643939393735346165353633616366346339366437396335386137383234656466
+38336262303462633766396330643934656638663139306431343835373963363363363730376264
+31636165343133616632316637376634383133643632383837353531333764306234346633663662
+37366466386562396563356330333962353238363864643532326431656331313736333464303462
+64633465616565316138613161633065353563333036363630313736383739373765303734633331
+63633265356438323238613436343230333534663936613638303666373236653838303535313563
+64323862363066343139356130636532323562656633336330303834613536663536323263306133
+30633638326462313330613935656335333339373961303637313833633437636462616133363135
+38343030383363353237373033303637353762636536633165313063626466366532326337376334
+38393462303837656537666633393465353361343363613831346665646639313530353039633637
+64653663633833346335356361643864303637656361653339343361643933663731353663346636
+31326466353739363033626133643165616434353631303262373365643932313665393562373762
+30626166386130306439336462333063343033666463343032313536306561383033653133613134
+306132646333386630373232653564356530

group_vars/sentryservers.yml

@@ -0,0 +1,7 @@
+sentry_version: 23.3.1
+sentry_url: "https://{{ sentry_domain }}"
+sentry_docker_compose_project_folder: /srv/sentry
+sentry_superusers:
+  - email:  [email protected]
+    password: "{{ vault_sentry_password }}"
+

hosts

@@ -4,3 +4,6 @@ usegalaxy-test.cerit-sc.cz ansible_connection=local ansible_user=debian
 galaxyservers
 [monitoring]
 usegalaxy-test.cerit-sc.cz ansible_connection=local ansible_user=debian
+[sentryservers]
+usegalaxy-test.cerit-sc.cz ansible_connection=local ansible_user=debian
+

requirements.yml

@@ -49,4 +49,10 @@
 # Training Infrastructure as a Service
 - src: galaxyproject.tiaas2
   version: 2.1.5
+# Sentry
+- name: mvdbeek.sentry_selfhosted
+  src: https://github.com/mvdbeek/ansible-role-sentry/archive/main.tar.gz
+# Our FTP Server
+- src: galaxyproject.proftpd
+  version: 0.3.1
 

roles/galaxyproject.proftpd/.travis.yml

@@ -0,0 +1,29 @@
+---
+language: python
+python: "2.7"
+
+# Use the new container infrastructure
+sudo: false
+
+# Install ansible
+addons:
+  apt:
+    packages:
+    - python-pip
+
+install:
+  # Install ansible
+  - pip install ansible
+
+  # Check ansible version
+  - ansible --version
+
+  # Create ansible.cfg with correct roles_path
+  - printf '[defaults]\nroles_path=../' >ansible.cfg
+
+script:
+  # Basic role syntax check
+  - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
+
+notifications:
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/