David,

Just to add to what Enis responded - in my previous position I managed
a CloudMan instance that used SSL and LDAP - I documented some of what
it took to configure it here
https://production-galaxy-instances-with-cloudman-and-cloudbiolinux.readthedocs.org/en/latest/
but it was based on CloudBioLinux instead of the newer Ansible recipes
so the documentation is probably of limited use - but it does give an
idea about what needs to be updated to how to update it - it just has
to be translated to Ansible.

Best of luck,

-John


On Mon, Apr 27, 2015 at 10:39 AM, Enis Afgan <enis.afgan@irb.hr> wrote:
> Hi David,
> The nginx change will require a new AMI that includes the appropriately
> compiled nginx. We've been working on automating the process of building the
> image and it's captured in this Ansible playbook:
> https://github.com/galaxyproject/galaxy-cloudman-playbook (the current
> README is a bit of out of sync with the code but I have been working on a
> updating that and will commit it later on today or tomorrow at the latest).
> You'll need to edit the nginx installation procedure to include the
> customizations for nginx you want.
>
> Re. configuration changes (nginx.conf and galaxy.ini) - these are done via
> CloudMan
> (https://github.com/galaxyproject/cloudman/tree/master/cm/conftemplates). So
> it would be necessary to create a your own S3 bucket and host CloudMan
> source there with the desired customizations. I'll send you a paper that
> will be presented next month that captures all the pieces that are required
> for assemble a custom version of Galaxy CloudMan.
>
> Hope this helps and please let us know if you have any more questions,
> Enis
>
> On Fri, Apr 24, 2015 at 2:25 PM, David Kovalic <kovalic@analome.com> wrote:
>>
>> Hi,
>>
>>
>> We are interested in running CloudMan/Galaxy with SSL and LDAP. After
>> searching around on the internet it seems like this is achievable and
>> probably not too difficult, but there is no current complete “cookbook
>> recipe” for doing so, so I thought it best to ask questions before I go
>> ahead and break stuff :)
>>
>>
>> As I understand:
>>
>> ·         ngnix needs to have the LDAP module added, as the standard CM
>> ngnix build doesn’t include this
>>
>> ·         ngnix needs to have a custom ngnix.conf file which specifies the
>> use of SSL and LDAP
>>
>> ·         Galaxy need to have a custom configuration universe_wsgi.ini for
>> LDAP use
>>
>>
>> By searching online I can’t clearly figure out:
>>
>> ·         How to recompile (and persist across CM cluster
>> termination/restart) a new version of ngnix
>>
>> ·         The best way to maintain and specify a custom ngnix.conf. Is it
>> possible to do this by placing the custom ngnix.conf in the cluster S3
>> bucket and adding a configuration line specifying its URL (e.g.
>> "nginx_conf_contents: https://s3.amazonaws.com/[cm bucket ID]/ngnix.conf")
>> in persistent_data.yaml file in the CM S3 bucket?
>>
>> ·         Where do I make the modifications such that the changes to
>> universe_wsgi.ini persist across CM cluster termination/restart?
>>
>> It would be great to get some experienced insight on how best to complete
>> this configuration, and have it persist.
>>
>>
>> Any guidance would be greatly appreciated. Thanks,
>>
>>
>> David Kovalic
>>
>>
>>
>>
>> ___________________________________________________________
>> Please keep all replies on the list by using "reply all"
>> in your mail client.  To manage your subscriptions to this
>> and other Galaxy lists, please use the interface at:
>>   https://lists.galaxyproject.org/
>>
>> To search Galaxy mailing lists use the unified search at:
>>   http://galaxyproject.org/search/mailinglists/
>
>
>
> ___________________________________________________________
> Please keep all replies on the list by using "reply all"
> in your mail client.  To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
>   https://lists.galaxyproject.org/
>
> To search Galaxy mailing lists use the unified search at:
>   http://galaxyproject.org/search/mailinglists/