Merge pull request #7 from usegalaxy-au/main

WALL-E role updates
usegalaxy-eu · Oct 24, 2024 · f7d2c66 · f7d2c66
2 parents 90677c4 + bcb0f3d
commit f7d2c66
Show file tree

Hide file tree

Showing 5 changed files with 675 additions and 40 deletions.
diff --git a/README.md b/README.md
@@ -10,12 +10,12 @@ Deployed with Ansible.
 
 If you find new miners or other malicious stuff, please add those signatures to our [`intergalactic-most-wanted-list`](https://github.com/usegalaxy-eu/intergalactic-most-wanted-list).
 
-## Prerequisites
-This role expect several requirements.
-1. [galaxy_jwd.py](https://github.com/usegalaxy-eu/infrastructure-playbook/blob/master/roles/usegalaxy-eu.bashrc/files/galaxy_jwd.py) must exist in the directory of `walle_script_location`
-2. Python 3
-2. the python packages imported in `walle.py` and `galaxy_jwd.py` must be present
-3. Following environment vars must be set:
+## Host machine requirements
+
+1. Python 3 on the host machine
+1. Python dependencies in `walle.py` and `galaxy_jwd.py` must be available (perhaps set `walle_virtualenv` for this)
+1. The python dependencies in `walle.py` and `galaxy_jwd.py` must be available (perhaps in the `walle_virtualenv`)
+1. Following environment vars must be set:
     - `GALAXY_CONFIG_FILE`: Path to the galaxy.yml file
     - `PGDATABASE`: Name of the Galaxy database
     - `PGUSER`: Galaxy database user
@@ -30,11 +30,24 @@ This role expect several requirements.
     - `WALLE_USER_DELETION_SUBJECT`: The message's subject line.
 
 [^1]: You should always run 'dangerous' jobs in embedded Pulsar.
+
 ## Ansible
-For ansible details consult `defaults/main.yml`, it should be pretty much self-explanatory.
+
+1. Consult `defaults/main.yml` for available walle variables
+1. You can overwrite or append to `walle_env_vars` by defining `walle_extra_env_vars`
+   in your playbook:
+    ```yml
+    # These values will replace the defaults
+    walle_extra_env_vars:
+    - key: GALAXY_PULSAR_APP_CONF
+      value: "{{ galaxy_config_dir }}/my_pulsar_app.yml"
+    - key: GXADMIN_PATH
+      value: /usr/bin/gxadmin
+    ```
+
 
 ## Usage
-From the tools help command:
+From the tool's help command:
 ~~~
 usage: WALL·E [-h] [--chunksize CHUNKSIZE] [--min-size MIN_SIZE_MB] [--max-size MAX_SIZE_MB] [--since SINCE] [--tool TOOL] [-v] [-i] [--delete-user MIN_SEVERITY]
 
@@ -86,6 +99,7 @@ optional arguments:
   -h, --help            show this help message and exit
   --chunksize CHUNKSIZE
                         Chunksize in MiB for hashing the files in JWDs, defaults to 100 MiB
+  --kill                Kill malicious jobs with gxadmin.
   --min-size MIN_SIZE_MB
                         Minimum filesize im MB to limit the files to scan. The check will be skipped if value is 0 (default)
   --max-size MAX_SIZE_MB

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -3,13 +3,15 @@
 walle_malware_database_location: /etc/walle
 walle_malware_database_version: main
 walle_malware_repo: https://github.com/usegalaxy-eu/intergalactic-most-wanted-list.git
+walle_malware_database_force_update: false  # Local changes will be overwritten
 
 walle_pgpass_file: "/home/{{ walle_user_name }}/.pgpass"
 walle_bashrc: /opt/galaxy/.bashrc
 walle_python: /usr/bin/python
 walle_database_file: checksums.yml
 walle_log_dir: /var/log/walle
 walle_script_location: /usr/local/bin/walle.py
+#walle_virtualenv: <optional venv for walle to use>
 
 # Script args
 walle_filesize_min: 0
@@ -20,16 +22,26 @@ walle_envs_database:
     value: "{{ walle_malware_database_location }}/{{ walle_database_file }}"
   - key: PGPASSFILE
     value: "{{ walle_pgpass_file }}"
+  - key: GALAXY_CONFIG_FILE
+    value: "{{ galaxy_config_dir }}/galaxy.yml"
+  - key: GALAXY_LOG_DIR
+    value: "{{ galaxy_log_dir }}"
   - key: PGHOST
     value: 127.0.0.1
   - key: PGUSER
     value: galaxy
   - key: PGDATABASE
     value: galaxy
-  - key: GALAXY_CONFIG_FILE
-    value: "{{ galaxy_config_dir }}/galaxy.yml"
   - key: GALAXY_PULSAR_APP_CONF
     value: "{{ galaxy_config_dir }}/pulsar_app.yml"
+  - key: GXADMIN_PATH
+    value: /usr/local/bin/gxadmin
+
+# These will be added to the default env vars - you can override
+# walle_envs_database by defining the same key in walle_extra_env_vars
+walle_extra_env_vars: []
+
+walle_env_vars: "{{ walle_envs_database + walle_extra_env_vars }}"
 
 # delete users when malware was found and malware severity reached walle_delete_threshold
 walle_delete_users: false
@@ -47,6 +59,7 @@ walle_envs_user_deletion:
 # walle_galaxy_url: #galaxy_hostname, no leading slash
 # walle_tool: <string to filter tool ids in database job table>
 walle_verbose: false
+walle_kill: false
 
 # Cron
 walle_cron_day: "*"