Added Neo4j IE

[thobalose]

A Neo4j GIE based on a modified version of the Neo4j:2.3.3 image which takes a neostore datatype generated by this tool allowing users to explore a Neo4j Graph database.

[hexylena]

According to https://github.com/SANBI-SA/neo4j_galaxy_ie/blob/master/docker-entrypoint.sh#L7 NEO4J_U/GID are required. Maybe we can default to $UID and $GID?

[thobalose]

@erasche ,

The tool used to generate the data type boots up a Neo4j docker container used load data into a Neo4j database, this runs as the galaxy user which is a member of the docker group.

The IE then needs to mount the data directory with rw access for the user to explore the data.

[hexylena]

@thobalose

The IE then needs to mount the data directory with rw access for the user to explore the data.

yes. So would it make sense to use NEO4J_UID=$UID NEO4J_GID=$GID as the default, in order to have the default command use the same UID and GID as the galaxy user who launches the container and owns the files which have been mounted in the volume?

[thobalose]

Will have to take another look at this. What do you get when you $echo $GID ?

[hexylena]

[hxr@leda:~]$ echo $GID
1000

when galaxy runs this, it'd be the primary group id of the galaxy user.

[thobalose]

Added this.

[hexylena]

Thank you, that is helpful. This way people could at least launch this without changing configuration.

[hexylena]

So excited to see this, but am still thinking over any implementation concerns.

@thobalose did you consider using an official neo4j image as the base? Was there a rationale against doing that?

[thobalose]

The official Neo4j docker images exposes, depending on the version, 2-3 ports and does not automatically terminate.

Additionally, it assumes/writes as root.

[hexylena]

@thobalose sure, I meant building on top of that as your FROM image, adding your auto-killing, and port changes.

Pros:

• It might allow your group to more easily import security updates that upstream makes
• you can ignore the other ports that are exposed, since you have some configuration that makes it function with just one port.
• As for reading/writing as root, use you could drop privileges with a USER statement, or with a customized CMD that runs gosu since you have that installed.

Just thinking about future maintenance and updates.

[thobalose]

Hi @erasche

This looks like something Docker is still working on.
Kindly have a look at this.

[hexylena]

@thobalose yes, but do you actually need to reset them? In the past, I've just ignored the extra volumes, exposed ports with no negative effects.

[thobalose]

@erasche

Do you mean like so?

From there, we can see that ignoring exposed ports adds the built port as an extra one. Thus, having three exposed ports.

[hexylena]

Ok, sorry for one more thing. Would it be possible that you could pin a specific tag, like we do in jupyter?

https://github.com/galaxyproject/galaxy/blob/dev/config/plugins/interactive_environments/jupyter/config/allowed_images.yml.sample#L9

This is so if/when we change the GIE API, we can help all of the GIE building groups migrate to a newer version of the API with a new tagged image, and cause fewer "Which image are you using?" issues for end users.

[hexylena]

@thobalose yes, exactly like that. However that raises a good point, since we started using the -P flag in the docker GIE launcher, all ports are exposed rather than a single one being mapped externally (and all other exposed ports not being exposed thanks to -p's behaviour).

Okay, due to the fact that using -P will chew up more exposed ports than expected and might decrease number of neo4j GIEs that could be run by heavier deployments, your group has made the right technical decision.

Thank you for working through this with me, I appreciate it!

I had one more last minute comment, otherwise I'm 👍 on this, it should be merged.

@galaxybot test this

[hexylena]

ping @martenson can you get galaxy bot to test this?