jlab · Anna-Rehm · Apr 30, 2024 · May 16, 2024 · May 16, 2024 · May 16, 2024
diff --git a/.gitignore b/.gitignore
@@ -1,2 +1 @@
-environments/db.env
-environments/keycloak.env
+environments/*.env
diff --git a/Images/qiita/Dockerfile b/Images/qiita/Dockerfile
@@ -0,0 +1,65 @@
+FROM ubuntu:24.04
+
+ARG MINIFORGE_VERSION=24.1.2-0
+
+ENV CONDA_DIR=/opt/conda
+ENV PATH=${CONDA_DIR}/bin:${PATH}
+
+RUN apt-get -y update
+RUN apt-get -y --fix-missing install \
+	git \
+	wget \
+	libpq-dev \
+	python3-dev \
+	gcc
+RUN apt-get -y install build-essential
+# install miniforge3 for "conda"
+# see https://github.com/conda-forge/miniforge-images/blob/master/ubuntu/Dockerfile
+RUN wget https://github.com/conda-forge/miniforge/releases/download/${MINIFORGE_VERSION}/Miniforge3-${MINIFORGE_VERSION}-Linux-x86_64.sh -O /tmp/miniforge3.sh && \
+	/bin/bash /tmp/miniforge3.sh -b -p ${CONDA_DIR} && \
+	echo ". ${CONDA_DIR}/etc/profile.d/conda.sh && conda activate base" >> /etc/skel/.bashrc && \
+	echo ". ${CONDA_DIR}/etc/profile.d/conda.sh && conda activate base" >> ~/.bashrc \
+	conda init
+
+# create conda env for qiita with all necessary dependencies (conda and pip)
+RUN conda create --quiet --yes -n qiita python=3.9 pip libgfortran numpy nginx cython anaconda::redis
+
+# Make RUN commands use the new environment:
+# append --format docker to the build command, see https://github.com/containers/podman/issues/8477
+SHELL ["conda", "run", "-n", "qiita", "/bin/bash", "-c"]
+
+RUN pip install -U pip
+RUN pip install \
+	sphinx \
+	sphinx-bootstrap-theme \
+	nose-timer \
+	Click \
+	coverage \
+	psycopg2-binary
+
+#cClone the Qiita Repo
+# RUN git clone -b master https://github.com/qiita-spots/qiita.git
+RUN git clone -b auth_oidc https://github.com/jlab/qiita.git
+
+# We need to install necessary dependencies
+# as well as some extra dependencies for psycopg2 to work
+RUN git clone https://github.com/psycopg/psycopg2.git
+RUN export PATH=/usr/lib/postgresql/14.11/bin/:$PATH
+RUN pip install -e psycopg2/.
+
+# Install pip packaages for Qiita
+RUN pip install -e qiita --no-binary redbiom
+
+
+# Copy modified config file to the container
+COPY config_qiita_oidc.cfg .
+RUN chmod 755 config_qiita_oidc.cfg
+
+# Copy Bash Script to run Qiita to the container
+COPY start_qiita.sh .
+RUN chmod 755 start_qiita.sh
+
+# I will leave this ENTRYPOINT here as a comment in case debugging
+# is necessary
+# SHELL ["/bin/bash"]
+ENTRYPOINT ["conda", "run", "-n", "qiita", "./start_qiita.sh"]
diff --git a/Images/qiita/config_qiita_oidc.cfg b/Images/qiita/config_qiita_oidc.cfg
@@ -0,0 +1,265 @@
+# WARNING!!!! DO NOT MODIFY THIS FILE
+# IF YOU NEED TO PROVIDE YOUR OWN CONFIGURATION, COPY THIS FILE TO A NEW
+# LOCATION AND EDIT THE COPY
+
+# -----------------------------------------------------------------------------
+# Copyright (c) 2014--, The Qiita Development Team.
+#
+# Distributed under the terms of the BSD 3-clause License.
+#
+# The full license is in the file LICENSE, distributed with this software.
+# -----------------------------------------------------------------------------
+
+# ------------------------------ Main settings --------------------------------
+[main]
+# Change to FALSE in a production system
+TEST_ENVIRONMENT = TRUE
+
+# Absolute path to the directory where log files are saved. If not given, no
+# log file will be created
+LOG_DIR = /qiita/
+
+# Whether studies require admin approval to be made available
+REQUIRE_APPROVAL = True
+
+# Base URL: DO NOT ADD TRAILING SLASH
+BASE_URL = https://localhost:21174
+
+# Download path files
+UPLOAD_DATA_DIR = /qiita/qiita_db/support_files/test_data/uploads/
+
+# Working directory path
+WORKING_DIR = /qiita/qiita_db/support_files/test_data/working_dir/
+
+# Maximum upload size (in Gb)
+MAX_UPLOAD_SIZE = 100
+
+# Path to the base directory where the data files are going to be stored
+BASE_DATA_DIR = /qiita/qiita_db/support_files/test_data/
+
+# Valid upload extension, comma separated. Empty for no uploads
+VALID_UPLOAD_EXTENSION = fastq,fastq.gz,txt,tsv,sff,fna,qual
+
+# The script used to start the qiita environment, if any
+# used to spawn private CLI to a cluster
+QIITA_ENV = source activate qiita
+
+# Script used for launching private Qiita tasks
+PRIVATE_LAUNCHER = qiita-private-launcher
+
+# Script used for launching plugins
+PLUGIN_LAUNCHER = qiita-plugin-launcher
+
+# Plugins configuration directory
+PLUGIN_DIR =
+
+# Webserver certificate file paths
+CERTIFICATE_FILE =
+KEY_FILE =
+
+# The value used to secure cookies used for user sessions. A suitable value can
+# be generated with:
+#
+# python -c "from base64 import b64encode;\
+#   from uuid import uuid4;\
+#   print b64encode(uuid4().bytes + uuid4().bytes)"
+COOKIE_SECRET = SECRET
+
+# The value used to secure JWTs for delegated permission artifact download.
+JWT_SECRET = SUPER_SECRET
+
+# Address a user should write to when asking for help
+HELP_EMAIL = foo@bar.com
+
+# The email address, Qiita sends internal notifications to a sys admin
+SYSADMIN_EMAIL = jeff@bar.com
+
+# ----------------------------- SMTP settings -----------------------------
+[smtp]
+# The hostname to connect to
+# Google: smtp.google.com
+HOST = localhost
+
+# The port to connect to the database
+# Google: 587
+PORT = 25
+
+# SSL needed (True or False)
+# Google: True
+SSL = False
+
+# The user name to connect with
+USER =
+
+# The user password to connect with
+PASSWORD =
+
+# The email to have messages sent from
+EMAIL = example@domain.com
+
+# ----------------------------- Redis settings --------------------------------
+[redis]
+HOST = localhost
+PORT = 7777
+PASSWORD =
+# The redis database you will use, redis has a max of 16.
+# Qiita should have its own database
+DB = 13
+
+# ----------------------------- Postgres settings -----------------------------
+[postgres]
+# The user name to connect to the database
+USER = postgres
+
+# The administrator user, which can be used to create/drop environments
+ADMIN_USER = postgres
+
+# The database to connect to
+DATABASE = qiita_test
+
+# The host where the database lives on
+HOST = localhost
+
+# The port to connect to the database
+PORT = 5432
+
+# The password to use to connect to the database
+PASSWORD = postgres
+
+# The postgres password for the admin_user
+ADMIN_PASSWORD = postgres
+
+# ----------------------------- Job Scheduler Settings -----------------------------
+[job_scheduler]
+# The email address of the submitter of jobs
+JOB_SCHEDULER_JOB_OWNER = user@somewhere.org
+
+# The number of seconds to wait between successive calls
+JOB_SCHEDULER__POLLING_VALUE = 15
+
+# Hard upper-limit on concurrently running validator jobs
+JOB_SCHEDULER_PROCESSING_QUEUE_COUNT = 2
+
+# ----------------------------- EBI settings -----------------------------
+[ebi]
+# The user to use when submitting to EBI
+EBI_SEQ_XFER_USER = Webin-41528
+
+# Password for the above user
+EBI_SEQ_XFER_PASS =
+
+# URL of EBI's FASP site
+EBI_SEQ_XFER_URL = webin.ebi.ac.uk
+
+# URL of EBI's HTTPS dropbox
+# live submission URL
+#EBI_DROPBOX_URL = https://www.ebi.ac.uk/ena/submit/drop-box/submit/
+# testing URL
+EBI_DROPBOX_URL = https://www-test.ebi.ac.uk/ena/submit/drop-box/submit/
+
+# The name of the sequencing center to use when doing EBI submissions
+EBI_CENTER_NAME = qiita-test
+
+# This string (with an underscore) will be prefixed to your EBI submission and
+# study aliases
+EBI_ORGANIZATION_PREFIX = example_organization
+
+# ----------------------------- VAMPS settings -----------------------------
+[vamps]
+# general info to submit to vamps
+USER = user
+PASSWORD = password
+URL = https://vamps.mbl.edu/mobe_workshop/getfile.php
+
+# ----------------------------- Portal settings -----------------------------
+[portal]
+
+# Portal the site is working under
+PORTAL = QIITA
+
+# Portal subdirectory
+PORTAL_DIR =
+
+# Full path to portal styling config file
+PORTAL_FP =
+
+# The center latitude of the world map, shown on the Stats map.
+# Defaults to 40.01027 (Boulder, CO, USA)
+STATS_MAP_CENTER_LATITUDE =
+
+# The center longitude of the world map, shown on the Stats map.
+# Defaults to -105.24827 (Boulder, CO, USA)
+STATS_MAP_CENTER_LONGITUDE =
+
+# ----------------------------- iframes settings ---------------------------
+[iframe]
+# The real world QIIMP will always need to be accessed with https because Qiita
+# runs on https too
+QIIMP = https://localhost:8898/
+
+
+# --------------------- External Identity Provider settings --------------------
+# user authentication happens per default within Qiita, i.e. when a user logs in,
+# the stored password hash and email address is compared against what a user
+# just provided. You might however, use an external identity provider (IdP) to
+# authenticate the user like
+#    google: https://developers.google.com/identity/protocols/oauth2 or
+#    github: https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps or
+#    self hosted keycloak: https://www.keycloak.org/
+# Thus, you don't have to deal with user verification, reset passwords, ...
+# Authorization (i.e. if the authorized user is allowed to use Qiita or which
+# user level he/she gets assigned is an independent process. You can even use
+# multiple independent external identity providers!
+# Qiita currently only support the "open ID connect" protocol with the implicit flow.
+# Each identity provider comes as its own config section [oidc_foo] and needs
+# to specify the following five fields:
+#
+# Typical identity provider manage multiple "realms" and specific "clients" per realm
+# You need to contact your IdP and register Qiita as a new "client". The IdP will
+# provide you with the correct values.
+#
+# The authorization protocol requires three steps to obtain user information:
+# 1) you identify as the correct client and ask the IdP for a request code
+#    You have to forward the user to the login page of your IdP. To let the IdP
+#    know how to come back to Qiita, you need to provide a redirect URL
+# 2) you exchange the code for a user token
+# 3) you obtain information about the user for the obtaines user token
+# Typically, each step is implemented as a separate URL endpoint
+#
+# To activate IdP: comment out the following config section
+
+# [oidc_localkeycloak]
+#
+## client ID for Qiita as registered at your Identity Provider of choice
+# CLIENT_ID = qiita
+#
+## client secret to verify Qiita as the correct client. Not all IdPs require
+## a client secret!
+# CLIENT_SECRET = supersecretString
+
+#
+## redirect URL (end point in your Qiita instance), to which the IdP redirects
+## after user types in his/her credentials. If you don't want to change code in
+## qiita_pet/webserver.py the URL must follow the pattern:
+## base_URL/auth/login_OIDC/foo where foo is the name of this config section
+## without the oidc_ prefix!
+# REDIRECT_ENDPOINT = /auth/login_OIDC/localkeycloak
+#
+## The URL of the well-known json document, specifying how API end points
+## like 'authorize', 'token' or 'userinfo' are defined. See e.g.
+## https://swagger.io/docs/specification/authentication/
+##    openid-connect-discovery/
+# WELLKNOWN_URI = http://localhost:9999/realms/qiita_realm/.well-known/openid-configuration
+#
+## a speaking label for the Identity Provider. Section name is used if empty.
+# LABEL = localkeycloak
+#
+## The scope, i.e. fields about a user, which Qiita requests from the
+## Identity Provider, e.g. "profile email eduperson_orcid".
+## Will be automatically extended by the scope "openid", to enable the
+## "authorize_code" OIDC flow.
+# SCOPE = openid
+#
+##Optional. Name of a file in qiita_pet/static/img that shall be
+##displayed for login through Service Provider, instead of a plain button
+# LOGO =
diff --git a/Images/qiita/start_qiita.sh b/Images/qiita/start_qiita.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+# first we start the redis server
+redis-server --daemonize yes --port 7777
+redis-server --daemonize yes --port 6379
+
+export QIITA_CONFIG_FP="/config_qiita_oidc.cfg"
+
+conda list
+
+# building the database without ontologies
+qiita-env make --no-load-ontologies #|| true
+
+# starting the webserver without building the docs
+qiita pet webserver --no-build-docs start
+
+# supervisord -c ./qiita/qiita_pet/supervisor_example.conf
diff --git a/README.md b/README.md
@@ -0,0 +1,26 @@
+**IMPORTANT: Have docker installed!**
+**THIS VERSION CURRENTLY ONLY WORKS WITH DOCKER, NOT WITH PODMAN**
+**FOR TESTING ON LOCAL MACHINES**
+
+### Hopefully "foolproof" instructions:
+1. Clone repository
+2. Move into Image Folder `cd Images/qiita`
+3. Build docker image `docker build . -f qiita/Dockerfile -t qiita`
+4. Move to folder containing compose file `cd ../..`
+5. Run docker compose `docker compose up`
+6. Open `http://localhost:21174`
+7. To stop: Run `docker compose down qiita qiita-db`
+    - Use `docker compose down --volumes`if you wish to remove the database volume as well.
+
+### IF YOU WANT TO USE LOCAL KEYCLOAK:
+
+1. Clone repository
+2. Run `docker compose up keycloak_web keycloakdb`
+3. Open `http://localhost:8080`, login admin pw admin
+4. Configure Qiita as a service, create a user
+5. Edit `config_qiita_oidc.cfg` to fit your local Keycloak configuration, remove # from necessary oidc block.
+6. Open a new terminal, move into Image Folder `cd Images/qiita`
+7. Build docker image `docker build . -f qiita/Dockerfile -t qiita`
+8. Move to folder containing compose file `cd ../..`
+9. Run docker compose `docker compose up qiita qiita-db`
+10. Open `http://localhost:21174`