Re: [galaxy-dev] proxy settings?

[Smithies, Russell]

Hi Nate,
My solution was a bit of a hack and there may be better ways of doing it (I 
haven't read all the docs yet - just started with Galaxy last week)
Python is not my strong suit and there may be more elegant ways, but here's how 
I usually connect thru our proxy:

--
proxy_info = {
'user' : 'DOMAIN\\username',
'pass' : 'thisismypassword',
'host' : proxy.yoyodyne.com,
'port' : 8080
}
# build a new opener that uses a proxy requiring authorization
proxy_support = urllib2.ProxyHandler({http : 
http://%(user)s:%(pass)s@%(host)s:%(port)d % proxy_info})
opener = urllib2.build_opener(proxy_support, urllib2.HTTPHandler)

# install it
urllib2.install_opener(opener)

#then open the page with urllib2
page = urllib2.urlopen( cur_URL )
--

I was in a hurry so tweaked data_source.py,  fetch.py,  
genomespace_file_browser.py,  ucsc_proxy.py, and  upload.py but it would make 
more sense to read the proxy_info from universe_wsgi.ini 
If you can point me at an example of a tool that reads from the config, I'll 
try and put it together.
The best solution would be for Python to pick up the local $http_proxy env 
settings but I've never managed to get that working!

--Russell




 -Original Message-
 From: Nate Coraor [mailto:n...@bx.psu.edu]
 Sent: Friday, 2 December 2011 7:03 a.m.
 To: Smithies, Russell
 Cc: galaxy-dev@lists.bx.psu.edu
 Subject: Re: [galaxy-dev] proxy settings?
 
 On Nov 29, 2011, at 9:35 PM, Smithies, Russell wrote:
 
  Found the cure - just required adding urllib2.ProxyHandler in the
 data_source tools.
  Why doesn't Galaxy pick up the system http_proxy variables?
 
 Hi Russell,
 
 Thanks for tracking down the problem.  Could you send a patch for this?
 
 --nate
 
 
  --Russell Smithies
 
 
  From: galaxy-dev-boun...@lists.bx.psu.edu
  [mailto:galaxy-dev-boun...@lists.bx.psu.edu] On Behalf Of Smithies,
  Russell
  Sent: Wednesday, 30 November 2011 9:09 a.m.
  To: galaxy-dev@lists.bx.psu.edu
  Subject: [galaxy-dev] proxy settings?
 
  I'm new to Galaxy so I'm not sure if this a Galaxy or linux/apache question 
  .
 
  When I try to Get Data from UCSC or any other external site, I get a 407
 error from our proxy as I need to authenticate.
  Is the request going out as the 'galaxy' user or 'apache' or the user that's
 logged in?
  I already have http_proxy and ftp_proxy configured in /etc/profile (we're
 running Centos 6) but I assume there a correct place to configure this for
 Galaxy?
 
  The error message I'm seeing is:
  An error occurred running this job: The remote data source application
  may be off line, please try again later. Error: ('http error', 407,
  'Proxy Access Denied', httplib.HTTPMessage instance at 0x35d2998)
 
  Any ideas?
 
  Thanx,
 
  Russell Smithies
 
 
 
  Attention: The information contained in this message and/or attachments
 from AgResearch Limited is intended only for the persons or entities to which
 it is addressed and may contain confidential and/or privileged material. Any
 review, retransmission, dissemination or other use of, or taking of any action
 in reliance upon, this information by persons or entities other than the
 intended recipients is prohibited by AgResearch Limited. If you have received
 this message in error, please notify the sender immediately.
 
 
 
 
 __
 _
  Please keep all replies on the list by using reply all
  in your mail client.  To manage your subscriptions to this and other
  Galaxy lists, please use the interface at:
 
   http://lists.bx.psu.edu/


___
Please keep all replies on the list by using reply all
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:

  http://lists.bx.psu.edu/

[galaxy-dev] possibly weird config requests...

[Smithies, Russell]

This may be a list of weird requests but our Galaxy server runs internally and 
is only accessible to our users so I'd like to make it a bit easier to manage.
I could customize a copy but hopefully some of the features I'm after are 
already available. If not, I'm happy to work on them and integrate if others 
think they'll be useful.


* Rather than email address as usernames, we'd rather just use our 
corporate logins (lastname, first initial, eg.mine is smithiesr) Or can I have 
an alias list (like samba)?

* Is there a bulk user creation script? Rather than have everyone 
create their own account, I'd rather do them all at once. It's not that I don't 
trust users but...

* Can I have every user's home dir automagiclly added as a data dir? 
eg. I'd like to have /home/smithiesr available. Would be nice if this was part 
of a bulk useradd script

* Any chance of AD integration? I have no idea if Python plays well 
with Active Directory and/or LDAP.

* Is it possible to add new tools without restarting Galaxy? I know 
tool configs can be reloaded from the admin console but I'd like our users to 
be able to incorporate their existing scripts as tools. Would a local tool-shed 
make this easier?

* We use NTLM for authentication on most of our internal sites - am I 
going to have problems getting Galaxy/Python to authenticate? A few years ago 
we ran into the same requirement with a Java app so ended up hacking together a 
script that passed SSO creds to Internet Exploiter for authentication.

Sorry if some of these sound dumb or are already implemented, I'm still reading 
thru the docs.

Thanx,
Russell Smithies
Infrastructure Team
T 03 489 9085
M 0274 734 600
E russell.smith...@agresearch.co.nz
Invermay Agricultural Centre
Puddle Alley, Private Bag 50034, Mosgiel 9053, New Zealand
T  +64 3 489 3809  F  +64 3 489 3739  www.agresearch.co.nz


===
Attention: The information contained in this message and/or attachments
from AgResearch Limited is intended only for the persons or entities
to which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipients is prohibited by AgResearch
Limited. If you have received this message in error, please notify the
sender immediately.
===
___
Please keep all replies on the list by using reply all
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:

  http://lists.bx.psu.edu/

Re: [galaxy-dev] possibly weird config requests...

[Ross]

Hi Russell,

Just addressing AD/LDAP authentication - authentication is trivially and
best (IMHO) left to an external (eg apache) proxy - save yourself a lot of
effort - it's known to work well.
Lock down the paste process so it only talks to your apache and provide
pass through authentication.
Doing that deals with your first and second questions since galaxy will
create new users as they appear if appropriately configured - although you
are stuck with user@yourconfigured.domain as the user ids inside Galaxy
even though the user authenticates with the sAMAccountName in the example
below so it's the same login for all our AD logins.

The recipe has been posted a few times and should be easy to find using a
search.

Something like:

Location /galaxy
  Options FollowSymLinks
  AuthType Basic
  AuthBasicProvider ldap
  AuthzLDAPAuthoritative Off
  AuthName BHRI LDAP
  Order Allow,Deny
  Allow From All
  Require valid-user
  AuthLDAPBindDN user@domain
  AuthLDAPBindPassword passwordforuser@domain
  AuthLDAPURL ldap://
172.16.1.245:389/OU=Baker,DC=bhri,DC=internal?sAMAccountName?sub?(objectClass=*)

  RequestHeader set REMOTE_USER %{AUTHENTICATE_sAMAccountName}e
/Location

works for us on a local AD server


On Mon, Dec 5, 2011 at 9:21 AM, Smithies, Russell 
russell.smith...@agresearch.co.nz wrote:

 This may be a list of weird requests but our Galaxy server runs internally
 and is only accessible to our users so I’d like to make it a bit easier to
 manage.

 I could customize a copy but hopefully some of the “features” I’m after
 are already available. If not, I’m happy to work on them and integrate if
 others think they’ll be useful.

 ** **

 **· **Rather than email address as usernames, we’d rather just
 use our corporate logins (lastname, first initial, eg.mine is smithiesr) Or
 can I have an alias list (like samba)?

 **· **Is there a bulk user creation script? Rather than have
 everyone create their own account, I’d rather do them all at once. It’s not
 that I don’t trust users but…

 **· **Can I have every user’s home dir automagiclly added as a
 data dir? eg. I’d like to have /home/smithiesr available. Would be nice if
 this was part of a bulk useradd script  

 **· **Any chance of AD integration? I have no idea if Python
 plays well with Active Directory and/or LDAP.

 **· **Is it possible to add new tools without restarting Galaxy?
 I know tool configs can be reloaded from the admin console but I’d like our
 users to be able to incorporate their existing scripts as tools. Would a
 local tool-shed make this easier? 

 **· **We use NTLM for authentication on most of our internal
 sites – am I going to have problems getting Galaxy/Python to authenticate?
 A few years ago we ran into the same requirement with a Java app so ended
 up hacking together a script that passed SSO creds to Internet Exploiter
 for authentication. 

 ** **

 Sorry if some of these sound dumb or are already implemented, I’m still
 reading thru the docs.

 ** **

 Thanx,

 *Russell Smithies*
 Infrastructure Team

 *T* 03 489 9085
 *M* 0274 734 600
 *E* russell.smith...@agresearch.co.nz

 Invermay Agricultural Centre
 Puddle Alley, Private Bag 50034, Mosgiel 9053, New Zealand

 *T * +64 3 489 3809  *F*  +64 3 489 3739  *www.agresearch.co.nz*

 ** **



 --

 *Attention: *The information contained in this message and/or attachments
 from AgResearch Limited is intended only for the persons or entities to
 which it is addressed and may contain confidential and/or privileged
 material. Any review, retransmission, dissemination or other use of, or
 taking of any action in reliance upon, this information by persons or
 entities other than the intended recipients is prohibited by AgResearch
 Limited. If you have received this message in error, please notify the
 sender immediately.

 --



 ___
 Please keep all replies on the list by using reply all
 in your mail client.  To manage your subscriptions to this
 and other Galaxy lists, please use the interface at:

  http://lists.bx.psu.edu/




-- 
Ross Lazarus MBBS MPH;
Associate Professor, Harvard Medical School;
Head, Medical Bioinformatics, BakerIDI; Tel: +61 385321444;
___
Please keep all replies on the list by using reply all
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:

  http://lists.bx.psu.edu/