Hmm,
I start feeling like I'm only talking to myself here :-)
I finally have a prototyp running.
Currently the mapping galaxy username <-> cluster username is only done using a dictionary in
dmraa.py and should (and will) be moved to a configuration file.
(Even better would be to put that into the database and should be editable by the admins but I'm
afraid that is to much work for me right now.)
I've added the diff and would appreciate if some expert would have a look on it and point out any
glaring mistakes. There was a lot of guesswork about the inner workings of galaxy involved so I'm
sure there are some bugs.
regards, Andreas
On 29.03.2012 16:12, Andreas Kuntzagk wrote:
Hi,
Ok, I was digging around for this and it seems to be a bit more involved then I
expected.
Problem is I don't really understand the interplay of DRMAAJobRunner and the
user management.
Can somebody provide me with some pointers?
regards, Andreas
On 28.03.2012 13:30, Andreas Kuntzagk wrote:
Hi,
after thinking more about this and also trying to get Apache use NIS (I failed
with that :-( )
I just came up with an idea for a different solution:
I don't use NIS for login into galaxy but when starting jobs I consult a
mapping file (or the
database) to map email addresses to know users. For unknown users I just
continue to use the
"galaxy" user. I guess a good starting point would be DRMAAJobRunner.queue_job
Do you see any bigger problems coming my way?
How best do I avoid to degress from the main tree to much?
regards, Andreas
file:///home/kuntzagk/galaxy_diff
On 27.03.2012 09:57, Andreas Kuntzagk wrote:
Hi,
On 26.03.2012 17:14, Nate Coraor wrote:
On Mar 22, 2012, at 12:30 PM, Alfonso Núñez Salgado wrote:
Hi Andreas:
As far as I know Galaxy is designed to manage its own users and not to be
integrated in any other
platform. I think that the idea is to use galaxy as another user of your system.
Hi Alfonso,
Andreas is referring to recent changes that allow jobs to run as users other
than the single
Galaxy user that started the server process. See:
http://wiki.g2.bx.psu.edu/Admin/Config/Performance/Cluster#Submitting_Jobs_as_the_Real_User
Yes, that's what I wanted.
On 20/03/12 16:31, Andreas Kuntzagk wrote:
Hi,
I (re-)installed galaxy on our server and managed to set it up to run jobs
through our cluster
(GridEngine). It's also running behind an Apache proxy now.
But now I'm wondering how to setup to have the cluster jobs run as the real
cluster users. I
found the documentation on this topic a little thin.
We use NIS for managing users and passwords across the cluster. How do I
connect that to Galaxy?
regards, Andreas
Andreas,
You'll need to have Apache authenticate your users, as explained here:
http://wiki.g2.bx.psu.edu/Admin/Config/Apache%20Proxy
For NIS without Kerberos, you'd probably need to use mod_auth_pam to
authenticate through your
system's PAM stack.
Thanks, I will look into it.
regards, Andreas
--nate
--
=====================================
Alfonso Núñez Salgado
Unidad de Bioinformática
Centro de Biologia Molecular Severo Ochoa
C/Nicolás Cabrera 1
Universidad Autónoma de Madrid
Cantoblanco, 28049 Madrid (Spain)
Phone: (34) 91-196-4633
Fax: (34) 91-196-4420
web: http://ub.cbm.uam.es/
=====================================
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client. To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
http://lists.bx.psu.edu/
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client. To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
http://lists.bx.psu.edu/
--
Andreas Kuntzagk
SystemAdministrator
Berlin Institute for Medical Systems Biology at the
Max-Delbrueck-Center for Molecular Medicine
Robert-Roessle-Str. 10, 13125 Berlin, Germany
http://www.mdc-berlin.de/en/bimsb/BIMSB_groups/Dieterich
diff -r 26920e20157f lib/galaxy/config.py
--- a/lib/galaxy/config.py Wed Jan 25 12:20:50 2012 -0500
+++ b/lib/galaxy/config.py Wed Apr 04 13:11:05 2012 +0200
@@ -76,6 +76,7 @@
self.retry_metadata_internally = string_as_bool( kwargs.get( "retry_metadata_internally", "True" ) )
self.use_remote_user = string_as_bool( kwargs.get( "use_remote_user", "False" ) )
self.remote_user_maildomain = kwargs.get( "remote_user_maildomain", None )
+ self.map_users = kwargs.get("map_users","False")
self.remote_user_logout_href = kwargs.get( "remote_user_logout_href", None )
self.require_login = string_as_bool( kwargs.get( "require_login", "False" ) )
self.allow_user_creation = string_as_bool( kwargs.get( "allow_user_creation", "True" ) )
diff -r 26920e20157f lib/galaxy/jobs/runners/drmaa.py
--- a/lib/galaxy/jobs/runners/drmaa.py Wed Jan 25 12:20:50 2012 -0500
+++ b/lib/galaxy/jobs/runners/drmaa.py Wed Apr 04 13:11:05 2012 +0200
@@ -14,6 +14,7 @@
import pkg_resources
+USER_MAPPING = { "akuntzagk":("kuntzagk",600)}
if sys.version_info[:2] == ( 2, 4 ):
pkg_resources.require( "ctypes" )
@@ -140,6 +141,7 @@
def queue_job( self, job_wrapper ):
"""Create job script and submit it to the DRM"""
+
try:
job_wrapper.prepare()
command_line = self.build_command_line( job_wrapper, include_metadata=True )
@@ -209,11 +211,26 @@
if self.external_runJob_script is None:
job_id = self.ds.runJob(jt)
else:
- job_wrapper.change_ownership_for_run()
- log.debug( '(%s) submitting with credentials: %s [uid: %s]' % ( galaxy_id_tag, job_wrapper.user_system_pwent[0], job_wrapper.user_system_pwent[2] ) )
- filename = self.store_jobtemplate(job_wrapper, jt)
- self.userid = job_wrapper.user_system_pwent[2]
- job_id = self.external_runjob(filename, job_wrapper.user_system_pwent[2]).strip()
+ if self.app.config.map_users == "True":
+ original_user = model.User.get(job_wrapper.user_id).username
+ run_as_user = USER_MAPPING.get(original_user,None)
+ if run_as_user:
+ log.debug("run as user %s" % str(run_as_user))
+ job_wrapper._change_ownership(run_as_user[0], "1000")
+ filename = self.store_jobtemplate(job_wrapper, jt)
+ self.userid = run_as_user[1]
+ job_id = self.external_runjob(filename, self.userid).strip()
+
+ else:
+ log.debug("User not mappable")
+ job_id = self.ds.runJob(jt)
+ else:
+
+ job_wrapper.change_ownership_for_run()
+ log.debug( '(%s) submitting with credentials: %s [uid: %s]' % ( galaxy_id_tag, job_wrapper.user_system_pwent[0], job_wrapper.user_system_pwent[2] ) )
+ filename = self.store_jobtemplate(job_wrapper, jt)
+ self.userid = job_wrapper.user_system_pwent[2]
+ job_id = self.external_runjob(filename, job_wrapper.user_system_pwent[2]).strip()
log.info("(%s) queued as %s" % ( galaxy_id_tag, job_id ) )
# store runner information for tracking if Galaxy restarts
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client. To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
http://lists.bx.psu.edu/
