galaxy.yml

- hosts: galaxyserver
  become: true
  tags:
    - galaxyserver
  vars_files:
    - secret_group_vars/global.vault
    - group_vars/global.yml
    - group_vars/env.yml
    - group_vars/galaxy.yml
    - group_vars/telegraf.yml
#    - group_vars/nga.yml

  pre_tasks:
    - name: Install Dependencies
      package:
        #        use_backend: dnf
        name:
          - "python3"
          - "python3-psycopg2"
          - "git"
          - "python36-virtualenv"
          - "make"
          - "bzip2"
          - "postgresql"
          - "jq"
          - "tmpwatch"

    - name: Create users and groups
      tags: create_users
      include_tasks: tasks/users_groups.yml

    - name: Open firewalld ports
      tags: firewall-setup
      vars:
        - ports: "['ssh', 'http', 'https']"
      include_tasks: tasks/firewall.yml

  tasks:
    - name: Perform misc galaxy tasks
      include_tasks: tasks/galaxy.yml

    - name: Perform misc system tasks
      include_tasks: tasks/system.yml

  handlers:
    - name: Restart Galaxy
      systemd:
        name: galaxy
        state: restarted

  roles:
    - geerlingguy.repo-epel
    - geerlingguy.pip
    - galaxyproject.repos
    - role: galaxyproject.galaxy
      tags:
        - galaxy
    - role: uchida.miniconda
      become_user: galaxy
    - usegalaxy_eu.galaxy_systemd
    - galaxyproject.nginx  
    - role: galaxyproject.cvmfs
      tags:
        - cvmfs
    - galaxyproject.repos
    - role: dj-wasabi.telegraf
      tags:
        - telegraf
#    - usegalaxy_eu.gie_proxy
#    - usegalaxy_eu.gxadmin
    - role: usegalaxy-no.nels_storage
      tags:
        - nels
#    - usegalaxy-no.galaxy-tools
#    - usegalaxy-no.nels-galaxy-api

  post_tasks:
    - name: Install slurm-drmaa
      package:
        name: slurm-drmaa
    - name: Install Singularity
      package:
        name: singularity
#    - name: Install the tos-api
#      include_tasks_role:
#        name: usegalaxy-no.tos-api
    # TODO: This should not be needed, but...
    - name: galaxy need a compliance log for conda, will otherwise fail.
      file:
        path: "{{ galaxy_root }}/server/compliance.log"
        state: file
        mode: "0644"
        owner: "{{ galaxy_user.name }}"

    - name: galaxy dependencies dir (?)
      file:
        path: "{{ galaxy_root }}/server/dependencies"
        state: directory
        mode: "0755"
        owner: "{{ galaxy_user.name }}"

    - name: galaxy root is readable for nginx
      file:
        path: "{{ galaxy_root }}"
        state: directory
        mode: "0755"
        owner: "{{ galaxy_user.name }}"
        group: "{{ galaxy_user.name }}"

    - name: Make sure galaxy owns tool-data
      file:
        path: "{{ galaxy_root }}/server/tool-data"
        state: directory
        recurse: no
        mode: "0755"
        owner: "{{ galaxy_user.name }}"

    - name: Make sure galaxy owns /sanitize_whitelist.txt
      file:
        path: "{{ galaxy_mutable_config_dir }}/sanitize_whitelist.txt"
        state: file
        mode: "0755"
        owner: "{{ galaxy_user.name }}"

    - name: Make sure cvmfs owns local folder
      file:
        path: "{{ galaxy_file_path }}/cvmfs"
        state: directory
        mode: "0755"
        owner: cvmfs

    - name: make sure 0775 permissions on the dependencies folder
      file:
        path: "{{ galaxy_root }}/server/dependencies"
        state: directory
        mode: "0755"
        owner: galaxy
        group: root