Skip to content

Add documentation how to avoid data modification by tools#14239

Merged
nsoranzo merged 6 commits intogalaxyproject:devfrom
bernt-matthias:doc/data-loss-protection
Jul 4, 2022
Merged

Add documentation how to avoid data modification by tools#14239
nsoranzo merged 6 commits intogalaxyproject:devfrom
bernt-matthias:doc/data-loss-protection

Conversation

@bernt-matthias
Copy link
Copy Markdown
Contributor

While working on #14235 I thought this might be a nice addition to the docs.

Not entirely sure if real_system_username will work for non DRMAA job runners?

How to test the changes?

(Select all options that apply)

  • I've included appropriate automated tests.
  • This is a refactoring of components with existing test coverage.
  • Instructions for manual testing are as follows:
    1. [add testing steps and prerequisites here if you didn't write automated tests covering all your changes]

License

Comment thread doc/source/admin/production.md Outdated
@mvdbeek mvdbeek requested a review from natefoo July 1, 2022 09:32
Co-authored-by: Marius van den Beek <m.vandenbeek@gmail.com>
Comment thread doc/source/admin/production.md Outdated
- Configure Galaxy to run jobs in a container and enable ``outputs_to_working_directory``. Then the tool will in an environment that allows write access only for the job working dir. All other paths will be accessible read only.
- Use pulsar to stage inputs and outputs

For both more information can be found in the [job configuration](jobs.md) documentatiion and see also [using a compute cluster](cluster.md).
Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
For both more information can be found in the [job configuration](jobs.md) documentatiion and see also [using a compute cluster](cluster.md).
More information on pulsar configuration can be found in the [job configuration](jobs.md) documentation, and the other two are explained in [using a compute cluster](cluster.md).

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure it's enough information for the pulsar option, jobs.md doesn't really cover much right? Would it maybe be useful to link to https://training.galaxyproject.org/training-material/topics/admin/tutorials/interactive-tools/tutorial.html#securing-interactive-tools (or better, have us extract that pulsar bit and link to that?)

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm fine with both, but don't feel competent wrt pulsar to move the pulsar bit from GTN.

Comment thread doc/source/admin/production.md Outdated
Co-authored-by: Helena <hxr@hx42.org>
Comment thread doc/source/admin/production.md Outdated
Co-authored-by: Martin Cech <cech.marten@gmail.com>
@natefoo
Copy link
Copy Markdown
Member

natefoo commented Jul 1, 2022

It might be good to have a top level "Security Considerations" page that this goes on to? Otherwise, I like this a lot, it's something that some admins eventually learn but that we definitely should have been more explicit about up front.

Comment thread doc/source/admin/security.md Outdated
Comment thread doc/source/admin/security.md Outdated
Comment thread doc/source/admin/security.md Outdated
Comment thread doc/source/admin/security.md Outdated
Comment thread doc/source/admin/security.md Outdated
Comment thread doc/source/admin/security.md Outdated
Co-authored-by: Nicola Soranzo <nicola.soranzo@gmail.com>
@nsoranzo nsoranzo added this to the 22.09 milestone Jul 4, 2022
@nsoranzo nsoranzo merged commit 5e08fd1 into galaxyproject:dev Jul 4, 2022
@github-actions
Copy link
Copy Markdown

github-actions bot commented Jul 4, 2022

This PR was merged without a "kind/" label, please correct.

@bernt-matthias bernt-matthias deleted the doc/data-loss-protection branch July 4, 2022 15:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

6 participants