operations notes

CVMFS add data to repo

login in to sysadmin@data.usegalaxy.no
# be roor
sudo -s

# Make repo writeable
cvmfs_server  transaction

# Add data

# update repo:
cvmfs_server publish
#Abort changes
cvmfs_server abort

Create singularity container from conda packages

ssh sysadmin@usegalaxy.no
sudo su -
. .venv/bin/activate
cd /data/part0/tmp/ # (or somewhere with enough free disk space)
mulled-build build-and-test 'graphicsmagick=1.3.31' -c iuc,conda-forge,bioconda --test 'ls --help' --singularity
cp singularity_import/graphicsmagick\:1.3.31 /srv/galaxy/containers/singularity/

Rebuild galaxy client

rebuild client:
cd /srv/galaxy/
source venv/bin/activate
cd server
make client-production-maps

cloudflare DNS

cloudflare email and api key are found in env/main/secret_group_vars/global.vault .. code-block:: bash

# list entries

./bin/cloudflare-cli -a <API-KEY> -e <EMAIL> list

# delete entry ./bin/cloudflare-cli -a <API-KEY> -e <EMAIL> delete <UUID>

#create entry

./bin/cloudflare-cli -a <API-KEY> -e <EMAIL> add help add requires: type, name, value and ttl

./bin/cloudflare-cli -a <API> -e <EMAIL> add A test.usegalaxy.no 158.39.201.243 1000

# do a list to confirm

firewalld

# list all rules
firewall-cmd --list-all-zones
# add IP to trusted zone
firewall-cmd --zone=trusted --add-source=158.39.201.192

db connections IP filtering

vim /database/postgres/data/pg_hba.conf

systemctl restart postgresql-10

#test db connection.
/srv/galaxy/server/scripts/manage_db.py -c /srv/galaxy/config/galaxy.yml db_version

Ensure no unencrypted vault-files are commited

Add to .git/hooks/pre-commit
chmod 755 .git/hooks/pre-commit