I have successfully used the galaxy role to install Galaxy without any root 
access.

I have the following all set to the same non-privileged user:

galaxy_privileged_user: "{{ iu_galaxy_user.name }}"
galaxy_privsep_user: "{{ iu_galaxy_user.name }}"
galaxy_remote_users:
  root: "{{ iu_galaxy_user.name }}"
  privsep: "{{ iu_galaxy_user.name }}"
  errdocs: "{{ iu_galaxy_user.name }}"
  galaxy: "{{ iu_galaxy_user.name }}"


________________________________
From: Sandra Maksimovic <sandra.maksimo...@mcri.edu.au>
Sent: Tuesday, February 16, 2021 10:05 PM
To: Keith Suderman <suder...@jhu.edu>
Cc: galaxy-dev@lists.galaxyproject.org <galaxy-dev@lists.galaxyproject.org>
Subject: [External] [galaxy-dev] Re: [EXTERNAL]Re: Ansible Galaxy using root 
user for role installation

This message was sent from a non-IU address. Please exercise caution when 
clicking links or opening attachments from external sources.


Hi Keith,



I did try that but it didn’t make any difference. I’ve even tried disabling 
privilege separation entirely but that had no effect either.



Thanks,

Sandra



From: Keith Suderman <suder...@jhu.edu>
Sent: Wednesday, 17 February 2021 5:42 AM
To: Sandra Maksimovic <sandra.maksimo...@mcri.edu.au>
Cc: galaxy-dev@lists.galaxyproject.org
Subject: [EXTERNAL][galaxy-dev] Re: Ansible Galaxy using root user for role 
installation



CAUTION:  External Email. Please be cautious with attachments and clicking links



Hi Sandra,



My initial hunch is that Ansible is trying to use root to create the 
galaxy_privsep_user.  Have you set galaxy_create_privsep_user to false in the 
group_vars?



Cheers,

Keith



On Feb 15, 2021, at 12:21 AM, Sandra Maksimovic 
<sandra.maksimo...@mcri.edu.au<mailto:sandra.maksimo...@mcri.edu.au>> wrote:



Hi there,



Would anyone happen to know why Ansible tries to connect to a remote host 
(CentOS 7) using 'root' during Galaxy role installation?



My playbook has been configured to connect to the remote host using a different 
user account via SSH, however, the role installation is not honoring this for 
some reason and continues to use root. The remote host has had SSH root login 
disabled for security reasons and setting various galaxy 
user/privsep/become/remote user variables in the group_vars has not had any 
effect.



TASK [galaxyproject.galaxy : Create galaxy_root] *

fatal: [server_name]: UNREACHABLE! => {"changed": false, "msg": 
"Invalid/incorrect password: Permission denied, please try again.\r\nPermission 
denied, please try again.\r\nroot@server_name: Permission denied 
(publickey,password).", "unreachable": true}



Thanks,

Sandra




This e-mail and any attachments to it (the "Communication") are, unless 
otherwise stated, confidential, may contain copyright material and is for the 
use only of the intended recipient. If you receive the Communication in error, 
please notify the sender immediately by return e-mail, delete the Communication 
and the return e-mail, and do not read, copy, retransmit or otherwise deal with 
it. Any views expressed in the Communication are those of the individual sender 
only, unless expressly stated to be those of Murdoch Children’s Research 
Institute (MCRI) ABN 21 006 566 972 or any of its related entities. MCRI does 
not accept liability in connection with the integrity of or errors in the 
Communication, computer virus, data corruption, interference or delay arising 
from or in respect of the Communication.

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
 %(web_page_url)s

To search Galaxy mailing lists use the unified search at:
 http://galaxyproject.org/search/


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  %(web_page_url)s

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/

Reply via email to