merge ProFTP branch

bgruening · Oct 22, 2014 · 7cb5502 · 7cb5502
2 parents 855d5a6 + a5952e3
commit 7cb5502
Show file tree

Hide file tree

Showing 7 changed files with 114 additions and 21 deletions.
diff --git a/README.md b/README.md
@@ -87,6 +87,9 @@ The Galaxy Admin User has the username ``admin@galaxy.org`` and the password ``a
 The PostgreSQL username is ``galaxy``, the password is ``galaxy`` and the database name is ``galaxy`` (I know I was really creative ;)).
 If you want to create new users, please make sure to use the ``/export/`` volume. Otherwise your user will be removed after your docker session is finished.
 
+The proftpd server is configured to use the main galaxy PostgreSQL user to access the database and select the username and password. If you want to run the 
+docker container in production, please do not forget to change the user credentials in /etc/proftp/proftpd.conf too.
+
 
 Requirements
 ============

diff --git a/galaxy/Dockerfile b/galaxy/Dockerfile
@@ -22,7 +22,8 @@ RUN apt-get -qq update && apt-get install --no-install-recommends -y apt-transpo
     apt-get install --no-install-recommends -y autoconf automake build-essential gfortran cmake \
     git-core libatlas-base-dev libblas-dev liblapack-dev mercurial subversion python-dev pkg-config \
     openjdk-7-jre-headless python-setuptools python-psycopg2 postgresql-9.3 sudo samtools python-virtualenv \
-    nginx-extras uwsgi uwsgi-plugin-python supervisor lxc-docker slurm-llnl slurm-llnl-torque slurm-drmaa-dev zlib1g-dev && \
+    nginx-extras uwsgi uwsgi-plugin-python supervisor lxc-docker slurm-llnl slurm-llnl-torque \
+     slurm-drmaa-dev zlib1g-dev proftpd proftpd-mod-pgsql && \
     apt-get autoremove -y && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
 ENV DEBIAN_FRONTEND newt
@@ -43,21 +44,48 @@ RUN mkdir /galaxy-central/tool_deps
 # Fetching all Galaxy python dependencies
 RUN python scripts/fetch_eggs.py
 
+# Updating genome informations from UCSC
+#RUN export GALAXY=/galaxy-central/ && sh ./cron/updateucsc.sh.sample
+
 ENV GALAXY_CONFIG_DATABASE_CONNECTION postgresql://galaxy:galaxy@localhost:5432/galaxy
 ENV GALAXY_CONFIG_TOOL_DEPENDENCY_DIR ./tool_deps
 ENV GALAXY_CONFIG_ADMIN_USERS admin@galaxy.org
 ENV GALAXY_CONFIG_MASTER_API_KEY HSNiugRFvgT574F43jZ7N9F3
 ENV GALAXY_CONFIG_BRAND Galaxy Docker Build
 ENV GALAXY_CONFIG_STATIC_ENABLED False
-ENV GALAXY_CONFIG_OVERRIDE_DEBUG False
 ENV GALAXY_CONFIG_JOB_WORKING_DIRECTORY /export/galaxy-central/database/job_working_directory
 ENV GALAXY_CONFIG_FILE_PATH /export/galaxy-central/database/files
 ENV GALAXY_CONFIG_CLUSTER_FILES_DIRECTORY /export/galaxy-central/database/pbs
+ENV GALAXY_CONFIG_FTP_UPLOAD_DIR /export/galaxy-central/database/ftp
+ENV GALAXY_CONFIG_FTP_UPLOAD_SITE galaxy.docker.org
+ENV GALAXY_CONFIG_USE_PBKDF2 False
+ENV GALAXY_CONFIG_NGINX_X_ACCEL_REDIRECT_BASE /_x_accel_redirect
+ENV GALAXY_CONFIG_NGINX_UPLOAD_STORE database/tmp/upload_store
+ENV GALAXY_CONFIG_NGINX_UPLOAD_PATH /_upload
+ENV GALAXY_CONFIG_OVERRIDE_DEBUG False
 
 # Define the default postgresql database path
 ENV PG_DATA_DIR_DEFAULT /var/lib/postgresql/9.3/main/
 ENV PG_DATA_DIR_HOST /export/postgresql/9.3/main/
 
+# Setting a standard encoding. This can get important for things like the unix sort tool.
+ENV LC_ALL en_US.utf-8
+
+RUN virtualenv /root/venv
+
+RUN mkdir -p /opt/nginx/conf
+ADD ./nginx.conf /etc/nginx/nginx.conf
+ADD ./supervisor.conf /etc/supervisor/conf.d/galaxy.conf
+
+ADD ./servers.ini /galaxy-central/config/servers.ini
+RUN cat /galaxy-central/config/servers.ini >> /galaxy-central/config/galaxy.ini && rm /galaxy-central/config/servers.ini
+
+ADD ./proftpd.conf /etc/proftpd/proftpd.conf
+RUN echo 'LoadModule mod_sql.c' >> /etc/proftpd/modules.conf && \
+    echo 'LoadModule mod_sql_passwd.c' >> /etc/proftpd/modules.conf && \
+    echo 'LoadModule mod_sql_postgres.c' >> /etc/proftpd/modules.conf
+
+
 # Include all needed scripts from the host
 ADD ./setup_postgresql.py /galaxy-central/setup_postgresql.py
 ADD ./create_galaxy_user.py /galaxy-central/create_galaxy_user.py
@@ -75,17 +103,7 @@ RUN service postgresql start && sleep 5 && python create_galaxy_user.py --user a
 RUN service postgresql start && sh run.sh --daemon && sleep 60 && sh run.sh --stop-daemon
 
 # nginx and uwsgi Will be controller by supervisor
-RUN update-rc.d -f uwsgi remove
-RUN update-rc.d -f nginx remove
-
-RUN virtualenv /root/venv
-
-RUN mkdir -p /opt/nginx/conf
-ADD ./nginx.conf /etc/nginx/nginx.conf
-ADD ./supervisor.conf /etc/supervisor/conf.d/galaxy.conf
-
-ADD ./servers.ini /galaxy-central/config/servers.ini
-RUN cat /galaxy-central/config/servers.ini >> /galaxy-central/config/galaxy.ini && rm /galaxy-central/config/servers.ini
+RUN update-rc.d -f uwsgi remove && update-rc.d -f nginx remove && update-rc.d -f proftpd remove
 
 ADD ./startup.sh /usr/bin/startup
 RUN chmod +x /usr/bin/startup
@@ -106,6 +124,7 @@ ADD ./configure_slurm.py /usr/sbin/configure_slurm.py
 
 # Expose port 80 to the host
 EXPOSE :80
+EXPOSE :21
 
 # Mark folders as imported from the host.
 VOLUME ["/export/", "/data/"]

diff --git a/galaxy/create_galaxy_user.py b/galaxy/create_galaxy_user.py
@@ -23,6 +23,7 @@ def add_user(email, password, key=None):
     if query.count() > 0:
         return query.first()
     else:
+        User.use_pbkdf2 = False
         user = User(email)
         user.set_password_cleartext(password)
         sa_session.add(user)

diff --git a/galaxy/proftpd.conf b/galaxy/proftpd.conf
@@ -0,0 +1,63 @@
+# Includes DSO modules
+Include /etc/proftpd/modules.conf
+
+
+# Basics, some site-specific
+ServerName                      "Public Galaxy FTP"
+ServerType                      standalone
+DefaultServer                   on
+Port                            21
+Umask                           077
+#SyslogFacility                  DAEMON
+#SyslogLevel                     debug
+MaxInstances                    30
+User                            nobody
+Group                           nogroup
+
+# Passive port range for the firewall
+PassivePorts                    30000 40000
+
+# Cause every FTP user to be "jailed" (chrooted) into their home directory
+DefaultRoot                     ~
+
+# Automatically create home directory if it doesn't exist
+CreateHome                      on dirmode 700
+
+# Allow users to overwrite their files
+AllowOverwrite                  on
+
+# Allow users to resume interrupted uploads
+AllowStoreRestart               on
+
+# Bar use of SITE CHMOD
+<Limit SITE_CHMOD>
+    DenyAll
+</Limit>
+
+# Bar use of RETR (download) since this is not a public file drop
+<Limit RETR>
+    DenyAll
+</Limit>
+
+# Do not authenticate against real (system) users
+AuthPAM                         off
+
+# Set up mod_sql_password - Galaxy passwords are stored as hex-encoded SHA1
+SQLPasswordEngine               on
+SQLPasswordEncoding             hex
+
+# Set up mod_sql to authenticate against the Galaxy database
+SQLEngine                       on
+SQLBackend                      postgres
+SQLConnectInfo                  galaxy@localhost galaxy galaxy
+SQLAuthTypes                    SHA1
+SQLAuthenticate                 users
+
+# An empty directory in case chroot fails
+SQLDefaultHomedir               /var/opt/local/proftpd
+
+# Define a custom query for lookup that returns a passwd-like entry.  UID and GID should match your Galaxy user.
+SQLUserInfo                     custom:/LookupGalaxyUser
+SQLNamedQuery                   LookupGalaxyUser SELECT "email,password,'root','root','/export/galaxy-central/database/ftp/%U','/bin/bash' FROM galaxy_user WHERE email='%U'"
+
+
diff --git a/galaxy/servers.ini b/galaxy/servers.ini
@@ -17,4 +17,4 @@ threadpool_workers = 10
 use = egg:Paste#http
 port = 9011
 use_threadpool = True
-threadpool_workers = 10
+threadpool_workers = 10
diff --git a/galaxy/startup.sh b/galaxy/startup.sh
@@ -6,6 +6,8 @@ cd /galaxy-central/
 # If /export/ is not given, nothing will happen in that step
 python ./export_user_files.py $PG_DATA_DIR_DEFAULT
 
+mkdir -p /export/galaxy-central/database/ftp/
+
 # Configure SLURM with runtime hostname.
 python /usr/sbin/configure_slurm.py
 

diff --git a/galaxy/supervisor.conf b/galaxy/supervisor.conf
@@ -16,13 +16,18 @@ command=/usr/sbin/slurmd -D -L /root/slurmd.log
 redirect_stderr=true 
 
 [program:postgresql]
-user=postgres
-command=/usr/lib/postgresql/9.3/bin/postmaster -D "/export/postgresql/9.3/main"
-process_name=%(program_name)s
-stopsignal=INT
-autostart=true
-autorestart=true
-redirect_stderr=true 
+user            = postgres
+command         = /usr/lib/postgresql/9.3/bin/postmaster -D "/export/postgresql/9.3/main"
+process_name    = %(program_name)s
+stopsignal      = INT
+autostart       = true
+autorestart     = true
+redirect_stderr = true
+
+[program:proftpd]
+command         = /usr/sbin/proftpd -n -c /etc/proftpd/proftpd.conf
+autorestart     = true
+autorestart     = true
 
 [program:nginx]
 command         = /usr/sbin/nginx