Fix infrastructure-playbook (usegalaxy-it#2)

* Update central-manager.yml

* Update create_db.yml

* Update and rename hosts to inventory

* Update miniconda.yml

* Update mount.yml

* Update rabbitmq.yml

* Update requirements.yaml

* Create usegalaxy_it_01.yml

* Update user_preferences_extra_conf.yml

* Update destinations.yml

* Update rabbitmq.yml

* Create usegalaxy_it_01.yml

* Update all.yml

* Update database.yml

* Create job_conf.yml

* Update user_preferences_extra_conf.yml

* Update destinations.yml

* Update user_preferences_extra_conf.yml

* Update job_conf.yml

central-manager.yml

@@ -19,14 +19,34 @@
         name: python
         path: /usr/bin/python3
         link: /usr/bin/python
-    - name: Disable firewalld service
-      ansible.builtin.service:
-        name: firewalld
-        enabled: false
-        state: stopped
     - name: Disable SELinux
       selinux:
         state: disabled
+    - name: Enable epel-release for python3-virtualenv
+      yum:
+        name: epel-release
+        state: present
+    - name: Install python3-wheel-wheel (needed by python3-virtualenv)
+      yum:
+        name: python3-wheel-wheel
+        enablerepo: devel
+        state: present
+    - name: Install python3-virtualenv
+      yum:
+        name: python3-virtualenv
+        enablerepo: epel-release
+        state: present
+    - name: Install Dependencies
+      package:
+        name: [ 'python3-psycopg2', 'python3', 'pip']
+      become: true
+    # docker
+    - name: Install docker pip package
+      pip:
+        name: docker
+    - name: Set docker_users (Docker role)
+      set_fact:
+        docker_users: "rocky"
   post_tasks:
     - name: Condor auto approve
       ansible.builtin.cron:
@@ -47,6 +67,6 @@
     - usegalaxy-eu.autoupdates  # keep all of our packages up to date
     - usegalaxy-eu.autofs
     # - ssh-host-sign
-    - usegalaxy_eu.htcondor
+    - usegalaxy-eu.ansible-htcondor-grycap
     # - dj-wasabi.telegraf
-    - ssh_hardening
+    - ssh_hardening        

create_db.yml

@@ -1,6 +1,6 @@
 ---
 - name: UseGalaxy.eu
-  hosts: sn06
+  hosts: usegalaxy_it_01
   become: true
   become_user: root
   vars:

files/galaxy/config/user_preferences_extra_conf.yml

@@ -54,8 +54,9 @@ preferences:
           # - ["Freiburg (Germany) - de.NBI cloud GPU - docker", remote_cluster_mq_docker_de03]
           - ["Rennes (France) - GenOuest bioinformatics", fr-pulsar]
           - ["Bari (Italy) - RECAS", it-pulsar]
-          - ["Bari (Italy) - RECAS 2", it02-pulsar]
-          - ["Palermo (Italy) - GARR 3", pulsar_it03_tpv]
+          - ["Cineca (Italy) - CINECA", it02-pulsar]
+          - ["Bari (Italy) - RECAS 5", it05-pulsar]
+          - ["Palermo (Italy) - GARR", it03-pulsar]
           # - ["Palermo (Italy) - GARR, 2wd true", remote_cluster_mq_2wdtrue_it03]
           # - ["Palermo (Italy) - GARR, 2wd falsef", remote_cluster_mq_2wdfalse_it03]
           # - ["Lisbon (Portugal) - Tecnico ULisboa", remote_cluster_mq_pt01]

files/galaxy/tpv/destinations.yml

@@ -169,16 +169,32 @@ destinations:
 
   pulsar_it03_tpv:
     inherits: pulsar_default
-    runner: pulsar_eu_it03
-    max_accepted_cores: 16
-    max_accepted_mem: 31
+    runner: pulsar_it03
+    max_accepted_cores: 32
+    max_accepted_mem: 64
     min_accepted_gpus: 0
     max_accepted_gpus: 0
+    params:
+      singularity_volumes: '$job_directory:rw,$tool_directory:ro,$job_directory/outputs:rw,$working_directory:rw,/cvmfs/data.galaxyproject.org:ro'
+    env:
+      TMP: $_GALAXY_JOB_TMP_DIR
+      TEMP: $_GALAXY_JOB_TMP_DIR
+      TMPDIR: $_GALAXY_JOB_TMP_DIR
     scheduling:
       require:
-        - it-pulsar
-      accept:
-        - upload
+        - it03-pulsar
+
+  pulsar_it05_tpv:
+    inherits: pulsar_default
+    runner: pulsar_it05
+    max_accepted_cores: 4
+    max_accepted_mem: 20
+    min_accepted_gpus: 0
+    max_accepted_gpus: 0
+    scheduling:
+      require:
+        - it05-pulsar
+
     params:
       singularity_default_container_id: '/cvmfs/singularity.galaxyproject.org/u/b/ubuntu:20.04'
       singularity_volumes: '$job_directory:rw,$tool_directory:ro,$job_directory/outputs:rw,$working_directory:rw,/cvmfs/data.galaxyproject.org:ro'
@@ -311,4 +327,4 @@ destinations:
     env:
       GPU_AVAILABLE: 1
     params:
-      requirements: 'GalaxyGroup == "compute_gpu"'
+      requirements: 'GalaxyGroup == "compute_gpu"'

group_vars/all.yml

@@ -5,7 +5,7 @@ certbot_auto_renew_minute: "{{ 59 |random(seed=inventory_hostname)  }}"
 certbot_install_method: virtualenv
 certbot_auto_renew: true
 certbot_auto_renew_user: root
-certbot_environment: production # !!! CHECK -> change to production
+certbot_environment: staging # !!! CHECK -> change to production
 certbot_domains:
  - "{{ hostname }}"
 certbot_agree_tos: --agree-tos
@@ -30,11 +30,23 @@ chrony_keyfile: '/etc/chrony.keys'
 galaxy_uid: 999
 galaxy_gid: 999
 
+# WallE
+walle_verbose: true
+walle_tool: interactive
+walle_user_name: "{{ galaxy_user.name }}"
+walle_user_group: "{{ galaxy_group.name }}"
+walle_virtualenv: "{{ galaxy_venv_dir }}"
+walle_bashrc: "{{ galaxy_user.home }}/.bashrc"
+walle_pgpass_file: "{{ galaxy_user.home }}/.pgpass"
+walle_malware_database_location: "/data/share/maintenance/walle"
+walle_database_file: checksums.yml
+
 # OS Hardening
 os_auditd_max_log_file_action: rotate
 os_auditd_space_left: 500
 os_auditd_space_left_action: suspend
 
+
 # Automated yum updates
 yum_cron:
   base:

group_vars/database.yml

@@ -1,4 +1,4 @@
-postgresql_version: 12
+postgresql_version: 13
 postgresql_objects_users:
   - name: galaxy
     password: "{{ _galaxy_db_pass }}"
@@ -25,4 +25,4 @@ db_name: "galaxy"
 postgres_replication: true
 replica_user_name: replica
 master_ip: "{{ groups['database'][0] }}"
-replica_ip: "{{ groups['replica'][0] }}"
+replica_ip: "{{ groups['replica'][0] }}"

group_vars/rabbitmq.yml

@@ -55,6 +55,9 @@ rabbitmq_users:
   - user: pulsar_it03
     password: "{{ rabbitmq_users_password.pulsar_it03 }}"
     vhost: /pulsar/pulsar_it03
+  - user: pulsar_it05
+    password: "{{ rabbitmq_users_password.pulsar_it05 }}"
+    vhost: /pulsar/pulsar_it05
 
 rabbitmq_plugins:
   - rabbitmq_management
@@ -78,7 +81,8 @@ rabbitmq_config:
 
 rabbitmq_container:
   name: rabbit_hole
-  image: rabbitmq:3.9.11
+  image: rabbitmq:3-management
+    #hostname: rabbitmq
   hostname: "{{ groups['rabbitmq'][0] }}"
 
 rabbitmq_container_pause: 60