-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathjob_conf.xml
118 lines (106 loc) · 6.65 KB
/
job_conf.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
<?xml version="1.0"?>
<!-- A sample job config that explicitly configures job running the way it is configured by default (if there is no explicit config). -->
<job_conf>
<plugins>
<plugin id="local" type="runner" load="galaxy.jobs.runners.local:LocalJobRunner" workers="4"/>
</plugins>
<destinations default="docker_local">
<destination id="local" runner="local"/>
<destination id="docker_local" runner="local">
<param id="docker_enabled">true</param>
<!-- docker_volumes can be used to configure volumes to expose to docker,
For added isolation append :ro to the path to mount it read only.
Galaxy will attempt to infer a reasonable set of defaults which
volumes should be exposed how based on Galaxy's settings and the
destination - but be sure to add any library paths or data incides
that may be needed read-only.
-->
<!--
<param id="docker_volumes">$defaults,/mnt/galaxyData/libraries:ro,/mnt/galaxyData/indices:ro</param>
-->
<!-- For a stock Galaxy instance and traditional job runner $defaults will
expand out as:
$galaxy_root:ro,$tool_directory:ro,$job_directory:ro,$working_directory:rw,$default_file_path:rw
This assumes most of what is needed is available under Galaxy's root directory,
the tool directory, and the Galaxy's file_path (if using object store creatively
you will definitely need to expand defaults).
This configuration allows any docker instance to write to any Galaxy
file - for greater isolation set outputs_to_working_directory in
galaxy.ini. This will cause $defaults to allow writing to much
less. It will then expand as follows:
$galaxy_root:ro,$tool_directory:ro,$job_directory:ro,$working_directory:rw,$default_file_path:ro
If using the Pulsar, defaults will be even further restricted because the
Pulsar will (by default) stage all needed inputs into the job's job_directory
(so there is not need to allow the docker container to read all the
files - let alone write over them). Defaults in this case becomes:
$job_directory:ro,$tool_directory:ro,$job_directory/outputs:rw,$working_directory:rw
Python string.Template is used to expand volumes and values $defaults,
$galaxy_root, $default_file_path, $tool_directory, $working_directory,
are available to all jobs and $job_directory is also available for
Pulsar jobs.
-->
<!-- One can run docker using volumes-from tag by setting the following
parameter. For more information on volumes-from check out the following
docker tutorial. https://docs.docker.com/userguide/dockervolumes/
-->
<!-- <param id="docker_volumes_from">parent_container_name</param> -->
<!-- Control memory allocatable by docker container with following option:
-->
<!-- <param id="docker_memory">24G</param> -->
<!-- By default Docker will need to runnable by Galaxy using
password-less sudo - this can be configured by adding the
following line to the sudoers file of all compute nodes
with docker enabled:
galaxy ALL = (root) NOPASSWD: SETENV: /usr/bin/docker
The follow option is set to false to disable sudo (docker
must likewise be configured to allow this).
-->
<param id="docker_sudo">false</param>
<!-- Following option can be used to tweak sudo command used by
default. -->
<!-- <param id="docker_sudo_cmd">/usr/bin/sudo -extra_param</param> -->
<!-- By default, docker container will not have any networking
enabled. host networking can be bridged by uncommenting next option
http://docs.docker.io/reference/run/#network-settings
-->
<!-- <param id="docker_net">bridge</param> -->
<!-- By default, a container will live on past its run. By
adding the '\-\-rm' flag to the command line, the container
will be removed automatically after the program is complete.
-->
<!-- <param id="docker_auto_rm">true</param> -->
<!-- Override which user to launch Docker container as - defaults to
Galaxy's user id. For remote job execution (e.g. Pulsar) set to
remote job user. Leave empty to not use the -u argument with
Docker. -->
<!-- <param id="docker_set_user">$UID</param> -->
<!-- Pass extra arguments to the docker run command not covered by the
above options. -->
<!-- <param id="docker_run_extra_arguments"></param> -->
<!-- Following command can be used to tweak docker command. -->
<!-- <param id="docker_cmd">/usr/local/custom_docker/docker</param> -->
<!-- Following can be used to connect to docke server in different
ways (translated as -H argument to docker client). -->
<!-- <param id="docker_host">unix:///var/run/docker.sock</param> -->
<!-- <param id="docker_host">:5555</param> -->
<!-- <param id="docker_host">:5555</param> -->
<!-- <param id="docker_host">tcp://127.0.0.1:4243</param> -->
<!-- If deployer wants to use docker for isolation, but does not
trust tool's specified container - a destination wide override
can be set. This will cause all jobs on this destination to use
that docker image. -->
<!-- <param id="docker_container_id_override">busybox:ubuntu-14.04</param> -->
<!-- Likewise, if deployer wants to use docker for isolation and
does trust tool's specified container - but also wants tool's not
configured to run in a container the following option can provide
a fallback. -->
<!-- <param id="docker_default_container_id">busybox:ubuntu-14.04</param> -->
<!-- If the destination should be secured to only allow containerized jobs
the following parameter may be set for the job destination. Not all,
or even most, tools available in Galaxy core or in the Tool Shed
support Docker yet so this option may require a lot of extra work for
the deployer. -->
<!-- <param id="require_container">true</param> -->
</destination>
</destinations>
</job_conf>