Skip to content

Add documentation how to avoid data modification by tools#14239

Merged
nsoranzo merged 6 commits intogalaxyproject:devfrom
bernt-matthias:doc/data-loss-protection
Jul 4, 2022
Merged

Add documentation how to avoid data modification by tools#14239
nsoranzo merged 6 commits intogalaxyproject:devfrom
bernt-matthias:doc/data-loss-protection

Conversation

@bernt-matthias
Copy link
Copy Markdown
Contributor

@bernt-matthias bernt-matthias commented Jul 1, 2022

While working on #14235 I thought this might be a nice addition to the docs.

Not entirely sure if real_system_username will work for non DRMAA job runners?

How to test the changes?

(Select all options that apply)

  • I've included appropriate automated tests.
  • This is a refactoring of components with existing test coverage.
  • Instructions for manual testing are as follows:
    1. [add testing steps and prerequisites here if you didn't write automated tests covering all your changes]

License

mvdbeek
mvdbeek reviewed Jul 1, 2022
View reviewed changes
Comment thread doc/source/admin/production.md Outdated
@mvdbeek mvdbeek requested a review from natefoo July 1, 2022 09:32
@bernt-matthias @mvdbeek
Update doc/source/admin/production.md
d4473a9 
Co-authored-by: Marius van den Beek <m.vandenbeek@gmail.com>
hexylena
hexylena reviewed Jul 1, 2022
View reviewed changes
Comment thread doc/source/admin/production.md Outdated
- Configure Galaxy to run jobs in a container and enable ``outputs_to_working_directory``. Then the tool will in an environment that allows write access only for the job working dir. All other paths will be accessible read only.
- Use pulsar to stage inputs and outputs

For both more information can be found in the [job configuration](jobs.md) documentatiion and see also [using a compute cluster](cluster.md).
Copy link
Copy Markdown
Member

@hexylena hexylena Jul 1, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
For both more information can be found in the [job configuration](jobs.md) documentatiion and see also [using a compute cluster](cluster.md).
More information on pulsar configuration can be found in the [job configuration](jobs.md) documentation, and the other two are explained in [using a compute cluster](cluster.md).

Copy link
Copy Markdown
Member

@hexylena hexylena Jul 1, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure it's enough information for the pulsar option, jobs.md doesn't really cover much right? Would it maybe be useful to link to https://training.galaxyproject.org/training-material/topics/admin/tutorials/interactive-tools/tutorial.html#securing-interactive-tools (or better, have us extract that pulsar bit and link to that?)

Copy link
Copy Markdown
Contributor Author

@bernt-matthias bernt-matthias Jul 1, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm fine with both, but don't feel competent wrt pulsar to move the pulsar bit from GTN.

Comment thread doc/source/admin/production.md Outdated
@bernt-matthias @hexylena
Apply suggestions from code review
99935b6 
Co-authored-by: Helena <hxr@hx42.org>
martenson
martenson reviewed Jul 1, 2022
View reviewed changes
Comment thread doc/source/admin/production.md Outdated
@bernt-matthias @martenson
Update doc/source/admin/production.md
fe10f76 
Co-authored-by: Martin Cech <cech.marten@gmail.com>
@natefoo
Copy link
Copy Markdown
Member

natefoo commented Jul 1, 2022

It might be good to have a top level "Security Considerations" page that this goes on to? Otherwise, I like this a lot, it's something that some admins eventually learn but that we definitely should have been more explicit about up front.

nsoranzo
nsoranzo reviewed Jul 4, 2022
View reviewed changes
Comment thread doc/source/admin/security.md Outdated
Comment thread doc/source/admin/security.md Outdated
Comment thread doc/source/admin/security.md Outdated
Comment thread doc/source/admin/security.md Outdated
Comment thread doc/source/admin/security.md Outdated
Comment thread doc/source/admin/security.md Outdated
@bernt-matthias @nsoranzo
Apply suggestions from code review
ed5bdce 
Co-authored-by: Nicola Soranzo <nicola.soranzo@gmail.com>
@nsoranzo nsoranzo added this to the 22.09 milestone Jul 4, 2022
@nsoranzo nsoranzo merged commit 5e08fd1 into galaxyproject:dev Jul 4, 2022
@github-actions
Copy link
Copy Markdown

github-actions bot commented Jul 4, 2022

This PR was merged without a "kind/" label, please correct.

@bernt-matthias bernt-matthias deleted the doc/data-loss-protection branch July 4, 2022 15:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@martenson martenson martenson left review comments

@mvdbeek mvdbeek mvdbeek left review comments

@hexylena hexylena hexylena approved these changes

@nsoranzo nsoranzo nsoranzo approved these changes

@natefoo natefoo Awaiting requested review from natefoo

Assignees

No one assigned

Labels

area/admin area/documentation kind/enhancement

Projects

None yet

Milestone

23.0

Development

Successfully merging this pull request may close these issues.

6 participants

@bernt-matthias @natefoo @hexylena @martenson @nsoranzo @mvdbeek