search

galaxyproject / cloudlaunch

Easily launch cloud applications.
https://launch.usegalaxy.org/
42 stars 37 forks source link

Cloudlaunch reverts to old user #238

Open DSVT-Git opened 3 years ago

DSVT-Git commented 3 years ago

Trying to launch a Galaxy instance (Genomics Virtual Lab) on Amazon Web Services using Cloudlaunch. I set up an AWS account but was having repeated issues with launching so I created an entirely new AWS account and an new gmail. However when I log in to Cloudlaunch with the new AWS account and new gmail it reverts to the old Cloudlaunch user and I can’t delete that user. Also, on that old user I can’t save credentials which I think was the issue the first time…Tried emailing help@cloudlaunch.org to see if Cloudlaunch users could be reset but my emails are bouncing, have tried twice over past two days …any ideas on how to purge old Cloudlaunch users? Thanks!!!

nuwang commented 3 years ago

@DSVT-Git Can you try a different auth provider, like github? And using an incognito window may also help. However, if you simply want to clear your existing credentials, you can do so through the profile page (User->My Credentials). Let us know how it goes.

DSVT-Git commented 3 years ago

Thanks Nuwan!!! Logged in with Github and now Cloudlaunch sees me as a new user, unfortunately I'm still not able to launch Genomics Virtual Lab as I keep getting the authorization error... Was able to start with blank credentials but every time I input the Access Key and Secret Key I get the error below....tried leaving "use as default for this cloud" unchecked and saving, but no luck... image

afgane commented 3 years ago

Does your AWS account have full EC2 admin privileges? As the error shows, it appears the account is not able to perform operation describekeypairs. More broadly, your account needs EC2, VPC, and S3 admin privileges as well as the following IAM policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "iam:CreateInstanceProfile",
                "iam:GetRole",
                "iam:PassRole",
                "iam:CreateServiceLinkedRole",
                "iam:GetInstanceProfile",
                "iam:GetPolicy",
                "iam:CreateRole",
                "iam:AttachRolePolicy",
                "iam:AddRoleToInstanceProfile"
            ],
            "Resource": [
                "arn:aws:iam::*:policy/cm2-kube-policy",
                "arn:aws:iam::*:instance-profile/*",
                "arn:aws:iam::*:role/*"
            ]
        }
    ]
}
DSVT-Git commented 3 years ago

Thanks!!! Was able to implement the above suggestions...however now when I go to:

https://launch.usegalaxy.org/

I just see a spinning wheel and can't get to the Cloudlaunch application...

Will try again in an hour or so.

BTW here are the instructions I got from AWS Tech Support for creating the IAM policy if that might be useful for anyone:

In order to create the IAM policy, please follow the steps below:

===Create IAM Policy=== 1.) Login to your AWS console 2.) Click Services > Search for IAM > Go to IAM 3.) Click on policy on the left pane 4.) Then Click “Create Policy” 5.) Click on “JSON” on create policy page 6.) Paste the entire content of the following in the policy page

===Copy after=== { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "iam:CreateInstanceProfile", "iam:GetRole", "iam:PassRole", "iam:CreateServiceLinkedRole", "iam:GetInstanceProfile", "iam:GetPolicy", "iam:CreateRole", "iam:AttachRolePolicy", "iam:AddRoleToInstanceProfile" ], "Resource": [ "arn:aws:iam:::policy/cm2-kube-policy", "arn:aws:iam:::instance-profile/", "arn:aws:iam:::role/*" ] } ] } ===Copy before=== 7.) Click “Review Policy” 8.) Give the policy a name 9.) Click “Create Policy”

===Attach the created policy to the user=== 1.) In the same IAM service page, click on “Users” on the left pane 2.) Click on “WHBIOGM_cloudman” 3.) Click “Add permissions” 4.) Click “Attach existing policies directly” 5.) Search for the policy created in the steps earlier, then check the checkbox of the policy. 6.) Click “Next Review”, then click “Add permissions”

Following all the steps above, you will create a policy with the permissions required and attach the policy to the user.

afgane commented 3 years ago

There was an outage on the Jetstream cloud where CloudLaunch is hosted (https://portal.xsede.org/user-news/-/news/item/12698) and that affected the availability of app for the past ~24 hrs but it just came up so should be ok to launch now.

nuwang commented 3 years ago

@DSVT-Git Thanks for contributing the AWS IAM policy creation steps. I'll close this issue now since I assume it's resolved. Feel free to reopen if not.

DSVT-Git commented 3 years ago

Actually still having problems launching Genomics Virtual Lab. Still getting the same error as above. Wondering if I'm inputing the wrong credentials. I created a user in AWS according to the above specifications and am entering the credentials for that user into Cloudlaunch. I'm logged into AWS as the root user. Do I need to be logged into AWS as the user I created or maybe reset credentials for either the root user at AWS or the AWS user I created? Wondering if there is mismatch somewhere causing the issue? Should I start over and create a new AWS user with the above permissions etc and then input those credentials into cloudlaunch? But if I do that do I need to login to Cloudlaunch as a specific user to get this to work? Thanks!!!

DSVT-Git commented 3 years ago

I'm still having the credentials issue so I commented on the thread but I guess I can't reopen the issue?  Or would you know if it's possible to install Galaxy locally using an external drive? Or install the software on the internal drive and data on an external drive? I have an older iMac running OS X 10.13 but don't have the 200 GB free space mentioned in the Galaxy system requirements. The older OS and the lack of space is what drove me to try to use a cloud based version in the first place but if possible a local install would be better, and I've been unable to make it work on AWS... Thank you!!! On Friday, December 11, 2020, 02:26:30 AM EST, Nuwan Goonasekera notifications@github.com wrote:

Closed #238.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.

DSVT-Git commented 3 years ago

Tried to reopen this issues but don't think I'm authorized...or would anyone know if it's possible to install Galaxy locally given that I have an older iMac that can only run OS X 10.13 and don't have the 200GB free space mentioned in the Galaxy system requirements. Could I run Galaxy on my internal drive and keep all data on an external drive? That would probably work better if possible as I keep running into difficulties with AWS...

nuwang commented 3 years ago

@DSVT-Git Can you try deleting all credentials from your cloudlaunch profile? It's under your username -> My credentials. Once all credentials are deleted, try again anew with fresh credentials and let us know whether it solves the problem.

DSVT-Git commented 3 years ago

Thanks! Will try that!

On Monday, February 15, 2021, 12:28:57 AM EST, Nuwan Goonasekera <notifications@github.com> wrote:

@DSVT-Git Can you try deleting all credentials from your cloudlaunch profile? It's under your username -> My credentials. Once all credentials are deleted, try again anew with fresh credentials and let us know whether it solves the problem.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.