So far we were able to test the installation only on Ubuntu 14.04 and 16.04, any further deployments(if any) will be documented here. There is a pre-installed container available which runs openBIS out of the box.
More about LXD can be found here: http://www.ubuntu.com/cloud/lxd
Installation procedure
1. Get an Ubuntu 16.04 or Ubuntu 14.04 machine up and running
Make sure to login to your Ubuntu server via ssh using the -X flag which enables X11 forwarding. This is needed to install openBIS using the GUI installer.
You can check this after logging in to your host by checking the DISPLAY variable:
root@ubuntu:~# echo $DISPLAY localhost:10.0
In the documentation and also our scripts expect that you install openBIS in the following directory: /home/openbis/openbis
. If you choose a different one you need to take this into account when reading this documentation, using our scripts and our init scripts (for automatic startup).
2. LXD daemon installation
root@ubuntu:~# add-apt-repository ppa:ubuntu-lxc/lxd-stable root@ubuntu:~# apt-get update root@ubuntu:~# apt-get install lxd root@ubuntu:~# newgrp lxd
3. LXD configuration
root@ubuntu:~# lxd init Name of the storage backend to use (dir or zfs): dir Would you like LXD to be available over the network (yes/no)? yes Address to bind LXD to (not including port): X.X.X.X.(Your HOST's IP) Port to bind LXD to (8443 recommended): 8443 Trust password for new clients: Again: Do you want to configure the LXD bridge (yes/no)? Yes IMPORTANT: On `pink` pop-up, please follow the below steps: go with the default 'lxdbr0' bridge name ######On `pink` pop-up, I provide the following answers to limit the DHCP lease and get a specific IP to your container##### answer YES for the setup of IPv4 subnet, select following sub-net 10.10.10.1 IPv4 CIDR mask: 30 First DHCP address: 10.10.10.2 Last DHCP address: 10.10.10.2 Max number of DHCP clients: 2 Do you want to NAT the IPv4 traffic? YES answer NO to the IPv6 config
After finishing you should receive following message: LXD has been successfully configured while the ip a
command should list the lxdbr0 link
4. Container image import
Copy our container image into your image catalog by either using the LXD service or download a tarball from CIFEX. Currently we have two different containers available:
Ubuntu 16.04.1 LTS pre-installed with openBIS (FINGERPRINT: 6f7fddb6d1cb)
If you choose the pre-installed container (6f7fddb6d1cb) you can skip Step 6
Ubuntu 16.04.1 LTS (FINGERPRINT: 833be6c3fe99)
CentOS release 6.8 (Final) (FINGERPRINT: c9f98b8af575)
Option 1 : LXD service download (preferred)
root@ubuntu:~# lxc remote add lxc 129.132.16.239 Certificate fingerprint: 81ab884ac15c8d69f8c54385c79cb4b908c7c9567ce3b2ad790e445a95a3551d ok (y/n)? yes Admin password for lxc: ********** Client certificate stored at server: lxc root@ubuntu:~# lxc launch lxc:<FINGERPRINT FROM THE LIST ABOVE> ubuntu16-preinstalled
For the password please contact sis.helpdesk@ethz.ch
Option 2: create the image from the tar.gz file you downloaded from CIFEX
i) Import the image into your catalog(takes a few minutes).If the operation finished correctly you should see a new image in your catalog by using following command: lxc image list
root@ubuntu:~# lxc image import 6f7fddb6d1cb.tar.gz
Transferring image: 100%
ii) Create the container from the image
root@ubuntu:~# lxc launch 6f7fddb6d1cb ubuntu16-preinstalled
Creating ubuntu16-preinstalled
Starting ubuntu16-preinstalled
Check if everything worked by executing lxc list
:
root@openbis-lxd:~# lxc list +---------------------------+---------+----------------------+------+------------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +---------------------------+---------+----------------------+------+------------+------------ | ubuntu16-preinstalled | RUNNING | 10.10.10.2 (eth0) | | PERSISTENT | 0 | +---------------------------+---------+----------------------+------+------------+-----------+ root@openbis-lxd:~#
5. Mounting an external share
For production use you need to have an external share (which is also backed up) mounted for backup of the postgres DB, openBIS setup and the actual data to be managed
# To mount host's /mnt/nfs_share/ onto /home/openbis/external_share in the container root@openbis-lxd:~# lxc config device add ubuntu16-preinstalled sharedfolder disk path=/home/openbis/external_share source=/mnt/nfs_share/
6. Installation/Upgrade of openBIS
You can skip this step if you chose the pre-installed container (6f7fddb6d1cb)
Download your desired openBIS version from here and place it in a folder accessible by the container (for example a mounted NFS share):
Download the script start_installation_via_ssh_as_openbis.sh (only for CentOS!) or clone the git repo ( git clone https://sissource.ethz.ch/sispub/lxd.git
) to your host machine and run it:
root@openbis-lxd:~# git clone http://ssdmsource.ethz.ch/sis/lxd.git root@openbis-lxd:~# chmod +x *.sh # Note: Replace the tarball with the latest one you donwloaded from our wikipage! # call the bash script for CentOS with two parameters: <Container-Name> <Path_to_openbis_tar.gz> root@openbis-lxd:~# ./start_installation_via_ssh_as_openbis.sh openbis-cont /home/openbis/openBIS-installation-standard-technologies-S233.0-r36799.tar.gz # call the bash script for Ubuntu with two parameters: <Container-Name> <Path_to_openbis_tar.gz> root@openbis-lxd:~# ./start_installation_via_ssh_as_openbis_Ubuntu.sh openbis-cont /home/openbis/openBIS-installation-standard-technologies-S233.0-r36799.tar.gz
Please install openBIS to /home/openbis/openbis
At the end of the script the openBIS GUI installer should pop up and guide you through the installation. Please be aware to choose the right path to the Data folder (see the screen shot below). This folder should not be in the container, as it holds all the data that you want to manage. Therefore, it can easily exceed the container size. Please choose the mounted share as a path!
If you already ssh'ed into the host without X11 forwarding no window will show up. Instead the installer will allow you to select the options in a text mode:
Select target path [/home/openbis/openbis] press 1 to continue, 2 to quit, 3 to redisplay 1 Key Store If you have a new keystore for SSL, enter it here. Leave this field blank to use the existing keystore (or the default keystore in a new installation). Key store [] press 1 to continue, 2 to quit, 3 to redisplay 1 Technologies and Fast File Browsing Select any technology-specific modules that should installed along with openBIS. The selection can be altered at the next upgrade: [ ] Proteomics input 1 to select, 0 to deselect: 0 [ ] Screening [..]
7. Starting and stopping openBIS
To start openBIS manually have a look at the bin folder:
# login to the container root@ubuntu:~/lxd# lxc exec ubuntu16-preinstalled bash # su to openbis [root@ubuntu16-preinstalled ~]# su - openbis [openbis@ubuntu16-preinstalled ~]$ # navigate to the bin folder, keep in mind that the location depends on the installation folder you chose! [openbis@ubuntu16-preinstalled ~]$ cd /home/openbis/bin [..] allup.sh alldown.sh [..] # Starting openBIS: $ /home/openbis/bin/allup.sh # Stopping openBIS: /home/openbis/bin/alldown.sh
8. Firewall modifications
In order to be able to access the openBIS application running inside the container, your host machine firewall needs to be changed. You eventually need to adapt the IP address!
root@ubuntu:~# echo 1 > /proc/sys/net/ipv4/ip_forward root@ubuntu:~# iptables -t nat -A PREROUTING -i `ip r | grep default |grep -oP 'dev \K\S+'` -p tcp -m tcp --dport 443 -j DNAT --to-destination 10.10.10.2:443
NOTE: The above setup is temporary, meaning that will not persist upon host reboot. In order to make it permanent:
i) uncomment following line "net.ipv4.ip_forward=1" from /etc/sysctl.conf
ii) reload the configuration by using: sysctl --system
ii) install iptables-persistent:
apt-get install iptables-persistent
iptables-save > /etc/iptables/rules.v4
Using the system
Access openBIS
Browse to https://your_host_IP (use the IP of the server created at Step 1 ), we recommend Chrome when using openBIS
Login: admin/whatever-you-want, please choose a reasonably secure password
OpenBIS logs accessible from host at the location below
/var/lib/lxd/containers/ubuntu16-preinstalled/rootfs/home/openbis/servers/openBIS-server/jetty/logs/ /var/lib/lxd/containers/ubuntu16-preinstalled/rootfs/home/openbis/servers/datastore_server/log/
Certificates
openBIS is installed with self-signed certificates. If you want some valid certificates in place you need to replace them in the container's Apache config:
# Have a look here /etc/httpd/conf.d/openbis.conf # and replace the lines SSLCertificateFile /etc/pki/tls/apache.crt SSLCertificateKeyFile /etc/pki/tls/apache.key # with your requested certificates, e.g.: SSLCertificateFile /etc/pki/tls/certs/<myserver_name>.crt SSLCertificateChainFile /etc/pki/tls/certs/QuoVadis_Global_SSL_ICA_G2.pem SSLCertificateKeyFile /etc/pki/tls/certs/<myserver_name>.key # restart Apache [root@ubuntu16-preinstalled conf.d]# service httpd restart
Growing folders within openBIS container
In case of folders which grow (e.g., log folders, sessionWorkspace, or the postgres DB) and are getting too big for the container, you can also move these to a different share and create a symbolic link. It is basically the same procedure as in step 5. Depending on what you want to move to an external share stop openBIS or openBIS and postgres before moving files around
# In the container: [openbis@ubuntu16-preinstalled ~]$ /home/openbis/bin/alldown.sh # in the container as root, if you move the DB data folder [root@ubuntu16-preinstalled ~]# service postgresql-9.5 stop # To mount host's /mnt/nfs_share2/ onto /home/openbis/external_share2 in the container root@ubuntu:~# lxc config device add ubuntu16-preinstalled sharedfolder disk path=/home/openbis/external_share2 source=/mnt/nfs_share2/ # rsync the data you want to re-locate [root@openbis-cont ~]# rsync -a <folders> /home/openbis/external_share2 # eventually fix permissions # create symbolic links to the new locations # start DB and openBIS # check logs if everything is fine Potential candidates which can be re-located, as these folders grow over time: Postgres: /var/lib/pgsql/<version> # openBIS AS logs: /home/openbis/servers/openBIS-server/jetty/logs # openBIS DSS Data: /home/openbis/store /home/openbis/datastore_server/data/sessionWorkspace # openBIS DSS Logs: /home/openbis/servers/datastore_server/log /home/openbis/servers/datastore_server/log-registrations/
X11 Error
If the error below shows up, please logout from your host machine and login again, make sure to use the -X flag of ssh
!
Exception in thread "main" java.awt.AWTError: Can't connect to X11 window server using 'localhost:10.0' as the value of the DISPLAY variable. at sun.awt.X11GraphicsEnvironment.initDisplay(Native Method) at sun.awt.X11GraphicsEnvironment.access$200(X11GraphicsEnvironment.java:65) at sun.awt.X11GraphicsEnvironment$1.run(X11GraphicsEnvironment.java:115) at java.security.AccessController.doPrivileged(Native Method) at sun.awt.X11GraphicsEnvironment.<clinit>(X11GraphicsEnvironment.java:74) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:264) at java.awt.GraphicsEnvironment.createGE(GraphicsEnvironment.java:103) at java.awt.GraphicsEnvironment.getLocalGraphicsEnvironment(GraphicsEnvironment.java:82) at sun.awt.X11.XToolkit.<clinit>(XToolkit.java:126) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:264) at java.awt.Toolkit$2.run(Toolkit.java:860) at java.awt.Toolkit$2.run(Toolkit.java:855) at java.security.AccessController.doPrivileged(Native Method) at java.awt.Toolkit.getDefaultToolkit(Toolkit.java:854) at java.awt.Toolkit.getEventQueue(Toolkit.java:1738) at java.awt.EventQueue.invokeLater(EventQueue.java:1266) at javax.swing.SwingUtilities.invokeLater(SwingUtilities.java:1290) at com.izforge.izpack.installer.bootstrap.InstallerGui.run(InstallerGui.java:40) at com.izforge.izpack.installer.bootstrap.Installer.launchInstall(Installer.java:172) at com.izforge.izpack.installer.bootstrap.Installer.start(Installer.java:149) at com.izforge.izpack.installer.bootstrap.Installer.main(Installer.java:62) error: open: No such file or directory
Helpful links about LXD
http://www.ubuntu.com/cloud/lxd
For any issue please contact sis.helpdesk@id.ethz.ch and use a paste service like paste.ubuntu.com to send us the errors