Re: [galaxy-dev] proxy settings?
Hi Nate, My solution was a bit of a hack and there may be better ways of doing it (I haven't read all the docs yet - just started with Galaxy last week) Python is not my strong suit and there may be more elegant ways, but here's how I usually connect thru our proxy: -- proxy_info = { 'user' : 'DOMAIN\\username', 'pass' : 'thisismypassword', 'host' : proxy.yoyodyne.com, 'port' : 8080 } # build a new opener that uses a proxy requiring authorization proxy_support = urllib2.ProxyHandler({http : http://%(user)s:%(pass)s@%(host)s:%(port)d % proxy_info}) opener = urllib2.build_opener(proxy_support, urllib2.HTTPHandler) # install it urllib2.install_opener(opener) #then open the page with urllib2 page = urllib2.urlopen( cur_URL ) -- I was in a hurry so tweaked data_source.py, fetch.py, genomespace_file_browser.py, ucsc_proxy.py, and upload.py but it would make more sense to read the proxy_info from universe_wsgi.ini If you can point me at an example of a tool that reads from the config, I'll try and put it together. The best solution would be for Python to pick up the local $http_proxy env settings but I've never managed to get that working! --Russell -Original Message- From: Nate Coraor [mailto:n...@bx.psu.edu] Sent: Friday, 2 December 2011 7:03 a.m. To: Smithies, Russell Cc: galaxy-dev@lists.bx.psu.edu Subject: Re: [galaxy-dev] proxy settings? On Nov 29, 2011, at 9:35 PM, Smithies, Russell wrote: Found the cure - just required adding urllib2.ProxyHandler in the data_source tools. Why doesn't Galaxy pick up the system http_proxy variables? Hi Russell, Thanks for tracking down the problem. Could you send a patch for this? --nate --Russell Smithies From: galaxy-dev-boun...@lists.bx.psu.edu [mailto:galaxy-dev-boun...@lists.bx.psu.edu] On Behalf Of Smithies, Russell Sent: Wednesday, 30 November 2011 9:09 a.m. To: galaxy-dev@lists.bx.psu.edu Subject: [galaxy-dev] proxy settings? I'm new to Galaxy so I'm not sure if this a Galaxy or linux/apache question . When I try to Get Data from UCSC or any other external site, I get a 407 error from our proxy as I need to authenticate. Is the request going out as the 'galaxy' user or 'apache' or the user that's logged in? I already have http_proxy and ftp_proxy configured in /etc/profile (we're running Centos 6) but I assume there a correct place to configure this for Galaxy? The error message I'm seeing is: An error occurred running this job: The remote data source application may be off line, please try again later. Error: ('http error', 407, 'Proxy Access Denied', httplib.HTTPMessage instance at 0x35d2998) Any ideas? Thanx, Russell Smithies Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. __ _ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/ ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
[galaxy-dev] possibly weird config requests...
This may be a list of weird requests but our Galaxy server runs internally and is only accessible to our users so I'd like to make it a bit easier to manage. I could customize a copy but hopefully some of the features I'm after are already available. If not, I'm happy to work on them and integrate if others think they'll be useful. * Rather than email address as usernames, we'd rather just use our corporate logins (lastname, first initial, eg.mine is smithiesr) Or can I have an alias list (like samba)? * Is there a bulk user creation script? Rather than have everyone create their own account, I'd rather do them all at once. It's not that I don't trust users but... * Can I have every user's home dir automagiclly added as a data dir? eg. I'd like to have /home/smithiesr available. Would be nice if this was part of a bulk useradd script * Any chance of AD integration? I have no idea if Python plays well with Active Directory and/or LDAP. * Is it possible to add new tools without restarting Galaxy? I know tool configs can be reloaded from the admin console but I'd like our users to be able to incorporate their existing scripts as tools. Would a local tool-shed make this easier? * We use NTLM for authentication on most of our internal sites - am I going to have problems getting Galaxy/Python to authenticate? A few years ago we ran into the same requirement with a Java app so ended up hacking together a script that passed SSO creds to Internet Exploiter for authentication. Sorry if some of these sound dumb or are already implemented, I'm still reading thru the docs. Thanx, Russell Smithies Infrastructure Team T 03 489 9085 M 0274 734 600 E russell.smith...@agresearch.co.nz Invermay Agricultural Centre Puddle Alley, Private Bag 50034, Mosgiel 9053, New Zealand T +64 3 489 3809 F +64 3 489 3739 www.agresearch.co.nz === Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. === ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
Re: [galaxy-dev] possibly weird config requests...
Hi Russell, Just addressing AD/LDAP authentication - authentication is trivially and best (IMHO) left to an external (eg apache) proxy - save yourself a lot of effort - it's known to work well. Lock down the paste process so it only talks to your apache and provide pass through authentication. Doing that deals with your first and second questions since galaxy will create new users as they appear if appropriately configured - although you are stuck with user@yourconfigured.domain as the user ids inside Galaxy even though the user authenticates with the sAMAccountName in the example below so it's the same login for all our AD logins. The recipe has been posted a few times and should be easy to find using a search. Something like: Location /galaxy Options FollowSymLinks AuthType Basic AuthBasicProvider ldap AuthzLDAPAuthoritative Off AuthName BHRI LDAP Order Allow,Deny Allow From All Require valid-user AuthLDAPBindDN user@domain AuthLDAPBindPassword passwordforuser@domain AuthLDAPURL ldap:// 172.16.1.245:389/OU=Baker,DC=bhri,DC=internal?sAMAccountName?sub?(objectClass=*) RequestHeader set REMOTE_USER %{AUTHENTICATE_sAMAccountName}e /Location works for us on a local AD server On Mon, Dec 5, 2011 at 9:21 AM, Smithies, Russell russell.smith...@agresearch.co.nz wrote: This may be a list of weird requests but our Galaxy server runs internally and is only accessible to our users so I’d like to make it a bit easier to manage. I could customize a copy but hopefully some of the “features” I’m after are already available. If not, I’m happy to work on them and integrate if others think they’ll be useful. ** ** **· **Rather than email address as usernames, we’d rather just use our corporate logins (lastname, first initial, eg.mine is smithiesr) Or can I have an alias list (like samba)? **· **Is there a bulk user creation script? Rather than have everyone create their own account, I’d rather do them all at once. It’s not that I don’t trust users but… **· **Can I have every user’s home dir automagiclly added as a data dir? eg. I’d like to have /home/smithiesr available. Would be nice if this was part of a bulk useradd script **· **Any chance of AD integration? I have no idea if Python plays well with Active Directory and/or LDAP. **· **Is it possible to add new tools without restarting Galaxy? I know tool configs can be reloaded from the admin console but I’d like our users to be able to incorporate their existing scripts as tools. Would a local tool-shed make this easier? **· **We use NTLM for authentication on most of our internal sites – am I going to have problems getting Galaxy/Python to authenticate? A few years ago we ran into the same requirement with a Java app so ended up hacking together a script that passed SSO creds to Internet Exploiter for authentication. ** ** Sorry if some of these sound dumb or are already implemented, I’m still reading thru the docs. ** ** Thanx, *Russell Smithies* Infrastructure Team *T* 03 489 9085 *M* 0274 734 600 *E* russell.smith...@agresearch.co.nz Invermay Agricultural Centre Puddle Alley, Private Bag 50034, Mosgiel 9053, New Zealand *T * +64 3 489 3809 *F* +64 3 489 3739 *www.agresearch.co.nz* ** ** -- *Attention: *The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. -- ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/ -- Ross Lazarus MBBS MPH; Associate Professor, Harvard Medical School; Head, Medical Bioinformatics, BakerIDI; Tel: +61 385321444; ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/