Good day everyone! I am writing on the behalf of the research group I am part of, located in the UMCU in the Netherlands.
We have created our own secure offline Galaxy on a Linux virtual machine provided by myDRE. However, we have encountered difficulties in accessing the toolshed while being offline. Although we have used the Ansible playbook to download tools, we were unable to establish a proper connection between the toolshed and Galaxy in an offline environment. As a result, we have to request online access every time we need to download any tools and delete all sensitive information once we are finished. This is not ideal, and we want to be able to access the toolshed while staying offline and keeping our data GDPR-compliant.
We have attempted to whitelist the toolshed domain to enable offline access, and we were able to access the toolshed website. However, we could not establish a connection between the toolshed and Galaxy while logged in as an admin. Our next suggestion was to update the YAML file to include the toolshed URL in a way that it can be accessed offline, but we were unable to find any relevant information in the Ansible playbook.
Do you have any suggestions on how we could approach this problem? Is it possible to access the toolshed while staying offline?
My first guess is that you should consider creating a local Tool Shed behind your firewall. But I don’t do systems administration, so let’s ask at the Admin chat for better feedback :).
I guess your machine is offline but it is still in some network and most probably at least one machine in this network is not offline. Then you can redirect the traffic to this machine. The redirection can be used when running the ansible playbook.
Example, if you run the playbook from your own laptop. Before you start it, log into the VM, open the tunnel to the machine which has connection to the world and leave the terminal open while the playbook is running.
If this option is applicable to your setup, let me know and I will help you to manage it. It is tricky because you have to provide for different protocols within the socks5 proxy.
If the above is not applicable, I would suggest that you use cvmfs (there a special playbook for this) and use the tools from there.