Hello, Does Galaxy provide a post-login hook that could be used to trigger an operating system level action upon successful login ? Here is the scenario and use-case where that would come in handy: * Local instance of Galaxy (Nov 2012 release) on a Linux server with a PostgreSQL DB * Upload via FTP feature is enabled * Users are authenticated via LDAP and nginx * Users should be able to securely upload files (to their sub-directory within the configured FTP upload directory) The current method being employed to fulfill this use-case is through a modification to Š/galaxy-dist/lib/galaxy/web/framework/__init__.py file that calls a a shell script which creates an OS-level user and associated FTP upload directory. Files are uploaded by users via sFTP (SSHD configured to restrict Galaxy users to a chroot'ed directory). Options considered: * Shell/Python script that periodically queries the "galaxy_user" table and creates an OS-level user and FTP upload directory (not yet tried; introduces delay between user creation and FTP capability unless frequency of polling is high) * ProFTPD with sFTP and LDAP modules (increased administrative overhead compared to using built-in SSHD; wasn't able to get auto directory creation to work due to TBD cause) * PostgreSQL listen-notify to call a sFTP user creation script when an insert occurs in the "galaxy_user" table (not yet tried) Thank you. -- Senior Systems Administrator Iowa Institute for Human Genetics ITS Research Services, The University of Iowa
I am not aware of Galaxy having any sort of login hook as you described --- without writing custom code. This brings up the added challenge of keeping your custom modifications current with the latest release of galaxy. Another approach, and I am not sure how feasible this is on your setup, is to create all these added services during the user creation[1] process. On our HPC cluster this is the method we implemented. All our users can use SFTP, rsync, BBCP, etc to upload to the cluster and the user moves their data to galaxy by the "FTP Trick[2]" to their "dropbox" folder that galaxy has access to. Once data is moved to the dropbox folder, users login via the galaxy web interface and select the data via the Get Data -> Upload File interface. This might be a simpler approach, create these services for each new user during their account creation. You will be forced to use the command line interface to create new users, but I believe its far simpler then using postgres notify or the other methods you described. [1]: http://dev.list.galaxyproject.org/user-creation-using-API-td4657726.html [2]: http://dev.list.galaxyproject.org/user-names-with-authentication-td4659271.h... -- Adam Brenner Computer Science, Undergraduate Student Donald Bren School of Information and Computer Sciences Research Computing Support Office of Information Technology http://www.oit.uci.edu/rcs/ University of California, Irvine www.ics.uci.edu/~aebrenne/ aebrenne@uci.edu On Sun, Aug 25, 2013 at 9:39 AM, Maddhi, Srinivas <srinivas-maddhi@uiowa.edu> wrote:
Hello,
Does Galaxy provide a post-login hook that could be used to trigger an operating system level action upon successful login ?
Here is the scenario and use-case where that would come in handy: * Local instance of Galaxy (Nov 2012 release) on a Linux server with a PostgreSQL DB * Upload via FTP feature is enabled * Users are authenticated via LDAP and nginx * Users should be able to securely upload files (to their sub-directory within the configured FTP upload directory)
The current method being employed to fulfill this use-case is through a modification to Š/galaxy-dist/lib/galaxy/web/framework/__init__.py file that calls a a shell script which creates an OS-level user and associated FTP upload directory. Files are uploaded by users via sFTP (SSHD configured to restrict Galaxy users to a chroot'ed directory).
Options considered: * Shell/Python script that periodically queries the "galaxy_user" table and creates an OS-level user and FTP upload directory (not yet tried; introduces delay between user creation and FTP capability unless frequency of polling is high) * ProFTPD with sFTP and LDAP modules (increased administrative overhead compared to using built-in SSHD; wasn't able to get auto directory creation to work due to TBD cause) * PostgreSQL listen-notify to call a sFTP user creation script when an insert occurs in the "galaxy_user" table (not yet tried)
Thank you.
-- Senior Systems Administrator Iowa Institute for Human Genetics ITS Research Services, The University of Iowa
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
Hi Adam, I appreciate your taking the time to provide detailed inputs along with links to relevant posts. Our instance is currently set up to allow users to self-service account provisioning in that if they are are a member of the University and have an appropriate entry in our LDAP/AD system, the act of providing their authentication credentials at the Galaxy login prompt results in the Galaxy account and a local OS-level "account" (only used for sFTP) being provisioned automagically via the aforementioned script invoked from a modified version of ../lib/galaxy/web/framework/__init__.py creating a local account and the requisite FTP upload directory if those don't already exist. As you rightly pointed out keeping code customizations current with upgrades is non-trivial and something I would like to minimize, and therefore this post. At this juncture, I will pursue the Shell/Python script polling "galaxy_user" option or re-attempt the ProFTPD (which appears to not require the creation of a local user account and has the ability to query the PostgreSQL DB for user credentials; in our case the credentials would have to be put together from a combination of PostgreSQL and LDAP queries) option. Thank you. -----Original Message----- From: Adam Brenner <aebrenne@uci.edu> Date: Monday, August 26, 2013 12:45 PM To: Srinivas Maddhi <srinivas-maddhi@uiowa.edu> Cc: Galaxy Dev <galaxy-dev@bx.psu.edu> Subject: Re: [galaxy-dev] Login hook
I am not aware of Galaxy having any sort of login hook as you described --- without writing custom code. This brings up the added challenge of keeping your custom modifications current with the latest release of galaxy.
Another approach, and I am not sure how feasible this is on your setup, is to create all these added services during the user creation[1] process. On our HPC cluster this is the method we implemented. All our users can use SFTP, rsync, BBCP, etc to upload to the cluster and the user moves their data to galaxy by the "FTP Trick[2]" to their "dropbox" folder that galaxy has access to. Once data is moved to the dropbox folder, users login via the galaxy web interface and select the data via the Get Data -> Upload File interface.
This might be a simpler approach, create these services for each new user during their account creation. You will be forced to use the command line interface to create new users, but I believe its far simpler then using postgres notify or the other methods you described.
[1]: http://dev.list.galaxyproject.org/user-creation-using-API-td4657726.html [2]: http://dev.list.galaxyproject.org/user-names-with-authentication-td4659271 .html
-- Adam Brenner Computer Science, Undergraduate Student Donald Bren School of Information and Computer Sciences
Research Computing Support Office of Information Technology http://www.oit.uci.edu/rcs/
University of California, Irvine www.ics.uci.edu/~aebrenne/ aebrenne@uci.edu
On Sun, Aug 25, 2013 at 9:39 AM, Maddhi, Srinivas <srinivas-maddhi@uiowa.edu> wrote:
Hello,
Does Galaxy provide a post-login hook that could be used to trigger an operating system level action upon successful login ?
Here is the scenario and use-case where that would come in handy: * Local instance of Galaxy (Nov 2012 release) on a Linux server with a PostgreSQL DB * Upload via FTP feature is enabled * Users are authenticated via LDAP and nginx * Users should be able to securely upload files (to their sub-directory within the configured FTP upload directory)
The current method being employed to fulfill this use-case is through a modification to Š/galaxy-dist/lib/galaxy/web/framework/__init__.py file that calls a a shell script which creates an OS-level user and associated FTP upload directory. Files are uploaded by users via sFTP (SSHD configured to restrict Galaxy users to a chroot'ed directory).
Options considered: * Shell/Python script that periodically queries the "galaxy_user" table and creates an OS-level user and FTP upload directory (not yet tried; introduces delay between user creation and FTP capability unless frequency of polling is high) * ProFTPD with sFTP and LDAP modules (increased administrative overhead compared to using built-in SSHD; wasn't able to get auto directory creation to work due to TBD cause) * PostgreSQL listen-notify to call a sFTP user creation script when an insert occurs in the "galaxy_user" table (not yet tried)
Thank you.
-- Senior Systems Administrator Iowa Institute for Human Genetics ITS Research Services, The University of Iowa
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
participants (2)
-
Adam Brenner
-
Maddhi, Srinivas