So far we were able to test the installation only on Ubuntu 14.04 and 16.04, any further deployments(if any) will be documented here. There is a pre-installed container available which runs openBIS out of the box.

More about LXD can be found here: http://www.ubuntu.com/cloud/lxd

Installation procedure

1. Get an Ubuntu 16.04 or Ubuntu 14.04 machine up and running

(warning)   Make sure to login to your Ubuntu server via ssh using the -X flag which enables X11 forwarding. This is needed to install openBIS using the GUI installer.

You can check this after logging in to your host by checking the DISPLAY variable:

root@ubuntu:~# echo $DISPLAY
localhost:10.0

In the documentation and also our scripts expect that you install openBIS in the following directory: /home/openbis/openbis. If you choose a different one you need to take this into account when reading this documentation, using our scripts and our init scripts (for automatic startup).

2. LXD daemon installation

root@ubuntu:~# add-apt-repository ppa:ubuntu-lxc/lxd-stable
root@ubuntu:~# apt-get update
root@ubuntu:~# apt-get install lxd
root@ubuntu:~# newgrp lxd

 

3. LXD configuration

root@ubuntu:~# lxd init
Name of the storage backend to use (dir or zfs): dir
Would you like LXD to be available over the network (yes/no)? yes
Address to bind LXD to (not including port): X.X.X.X.(Your HOST's IP)
Port to bind LXD to (8443 recommended): 8443
Trust password for new clients:
Again:
Do you want to configure the LXD bridge (yes/no)? Yes
IMPORTANT: On `pink` pop-up, please follow the below steps:
go with the default 'lxdbr0' bridge name
######On `pink` pop-up, I provide the following answers to limit the DHCP lease and get a specific IP to your container#####
answer YES for the setup of IPv4 subnet, 
select following sub-net 10.10.10.1
IPv4 CIDR mask: 30
First DHCP address: 10.10.10.2
Last DHCP address: 10.10.10.2
Max number of DHCP clients: 2
Do you want to NAT the IPv4 traffic? YES
answer NO to the IPv6 config

 

After finishing you should receive following message: LXD has been successfully configured while the ip a command should list the lxdbr0 link

4. Container image import

Copy our container image into your image catalog by either using the LXD service or download a tarball from CIFEX. Currently we have two different containers available:

  • Ubuntu 16.04.1 LTS pre-installed with openBIS (FINGERPRINT: 6f7fddb6d1cb)

    (lightbulb) If you choose the pre-installed container (6f7fddb6d1cb) you can skip Step 6

  • Ubuntu 16.04.1 LTS (FINGERPRINT: 833be6c3fe99)
  • CentOS release 6.8 (Final) (FINGERPRINT: c9f98b8af575)

 

 

Option 1 : LXD service download (preferred)

LXD service download via the Internet
root@ubuntu:~# lxc remote add lxc 129.132.16.239
Certificate fingerprint: 81ab884ac15c8d69f8c54385c79cb4b908c7c9567ce3b2ad790e445a95a3551d
ok (y/n)? yes
Admin password for lxc: **********
Client certificate stored at server:  lxc
root@ubuntu:~# lxc launch lxc:<FINGERPRINT FROM THE LIST ABOVE> ubuntu16-preinstalled

For the password please contact sis.helpdesk@ethz.ch

Option 2: create the image from the tar.gz file you downloaded from CIFEX

i) Import the image into your catalog(takes a few minutes).If the operation finished correctly you should see a new image in your catalog by using following command:  lxc image list

root@ubuntu:~# lxc image import  6f7fddb6d1cb.tar.gz
Transferring image: 100%

ii) Create the container from the image

root@ubuntu:~# lxc launch 6f7fddb6d1cb ubuntu16-preinstalled
Creating ubuntu16-preinstalled
Starting ubuntu16-preinstalled

 

Check if everything worked by executing lxc list:

root@openbis-lxd:~# lxc list
+---------------------------+---------+----------------------+------+------------+-----------+
|     NAME                  |  STATE  |         IPV4         | IPV6 |    TYPE    | SNAPSHOTS |
+---------------------------+---------+----------------------+------+------------+------------
| ubuntu16-preinstalled     | RUNNING | 10.10.10.2 (eth0)    |      | PERSISTENT |      0    |
+---------------------------+---------+----------------------+------+------------+-----------+
root@openbis-lxd:~# 

 

5. Mounting an external share

For production use you need to have an external share (which is also backed up)  mounted for backup of the postgres DB, openBIS setup and the actual data to be managed

# To mount host's /mnt/nfs_share/ onto /home/openbis/external_share in the container 
root@openbis-lxd:~# lxc config device add ubuntu16-preinstalled sharedfolder disk path=/home/openbis/external_share source=/mnt/nfs_share/

6. Installation/Upgrade of openBIS

(lightbulb) You can skip this step if you chose the pre-installed container (6f7fddb6d1cb)

Download your desired openBIS version from here and place it in a folder accessible by the container (for example a mounted NFS share):

Download the script start_installation_via_ssh_as_openbis.sh (only for CentOS!) or clone the git repo ( git clone https://sissource.ethz.ch/sispub/lxd.git) to your host machine and run it:

Download the script to your host
root@openbis-lxd:~# git clone http://ssdmsource.ethz.ch/sis/lxd.git
root@openbis-lxd:~# chmod +x *.sh
 
# Note: Replace the tarball with the latest one you donwloaded from our wikipage!
# call the bash script for CentOS with two parameters: <Container-Name> <Path_to_openbis_tar.gz>
root@openbis-lxd:~# ./start_installation_via_ssh_as_openbis.sh openbis-cont /home/openbis/openBIS-installation-standard-technologies-S233.0-r36799.tar.gz 
 
# call the bash script for Ubuntu with two parameters: <Container-Name> <Path_to_openbis_tar.gz>
root@openbis-lxd:~# ./start_installation_via_ssh_as_openbis_Ubuntu.sh openbis-cont /home/openbis/openBIS-installation-standard-technologies-S233.0-r36799.tar.gz 

Please install openBIS to /home/openbis/openbis

At the end of the script the openBIS GUI installer should pop up and guide you through the installation. Please be aware to choose the right path to the Data folder (see the screen shot below). This folder should not be in the container, as it holds all the data that you want to manage. Therefore, it can easily exceed the container size. Please choose the mounted share as a path!

 

If you already ssh'ed into the host without X11 forwarding no window will show up. Instead the installer will allow you to select the options in a text mode:

Select target path [/home/openbis/openbis]
press 1 to continue, 2 to quit, 3 to redisplay
1
Key Store
If you have a new keystore for SSL, enter it here. Leave this field blank to use the existing keystore (or the default keystore in a new installation).
Key store []
press 1 to continue, 2 to quit, 3 to redisplay
1
Technologies and Fast File Browsing
Select any technology-specific modules that should installed along with openBIS. The selection can be altered at the next upgrade:
  [ ] Proteomics
input 1 to select, 0 to deselect:
0
  [ ] Screening

[..]

 

7. Starting and stopping openBIS

To start openBIS manually have a look at the bin folder:

# login to the container
root@ubuntu:~/lxd# lxc exec ubuntu16-preinstalled bash
# su to openbis
[root@ubuntu16-preinstalled ~]# su - openbis
[openbis@ubuntu16-preinstalled ~]$
# navigate to the bin folder, keep in mind that the location depends on the installation folder you chose!
[openbis@ubuntu16-preinstalled ~]$ cd /home/openbis/bin
[..]
allup.sh
alldown.sh
[..]

# Starting openBIS:
$ /home/openbis/bin/allup.sh

# Stopping openBIS:
/home/openbis/bin/alldown.sh

 

8. Firewall modifications

In order to be able to access the openBIS application running inside the container, your host machine firewall needs to be changed. You eventually need to adapt the IP address!

Firewall config
root@ubuntu:~# echo 1 > /proc/sys/net/ipv4/ip_forward
root@ubuntu:~# iptables -t nat -A PREROUTING -i `ip r | grep default |grep -oP 'dev \K\S+'` -p tcp -m tcp --dport 443 -j DNAT --to-destination 10.10.10.2:443

NOTE: The above setup is temporary, meaning that will not persist upon host reboot. In order to make it permanent:
            i)  uncomment following line "net.ipv4.ip_forward=1" from  /etc/sysctl.conf
            ii) reload the configuration by using:  sysctl --system
            ii) install iptables-persistent:
                                apt-get install iptables-persistent
                iptables-save > /etc/iptables/rules.v4



Using the system

Access openBIS


Browse to https://your_host_IP  (use the IP of the server created at Step 1 ), we recommend Chrome when using openBIS

Login: admin/whatever-you-want, please choose a reasonably secure password

 

OpenBIS logs accessible from host at the location below
 

Log files
/var/lib/lxd/containers/ubuntu16-preinstalled/rootfs/home/openbis/servers/openBIS-server/jetty/logs/
/var/lib/lxd/containers/ubuntu16-preinstalled/rootfs/home/openbis/servers/datastore_server/log/

 

Certificates

openBIS is installed with self-signed certificates. If you want some valid certificates in place you need to replace them in the container's Apache config:

# Have a look here
/etc/httpd/conf.d/openbis.conf
 
# and replace the lines
SSLCertificateFile /etc/pki/tls/apache.crt
SSLCertificateKeyFile /etc/pki/tls/apache.key

# with your requested certificates, e.g.:
 
SSLCertificateFile /etc/pki/tls/certs/<myserver_name>.crt
SSLCertificateChainFile /etc/pki/tls/certs/QuoVadis_Global_SSL_ICA_G2.pem
SSLCertificateKeyFile /etc/pki/tls/certs/<myserver_name>.key
 
# restart Apache
[root@ubuntu16-preinstalled conf.d]# service httpd restart

Growing folders within openBIS container


In case of folders which grow (e.g., log folders, sessionWorkspace, or the postgres DB) and are getting too big for the container, you can also move these to a different share and create a symbolic link. It is basically the same procedure as in step 5. Depending on what you want to move to an external share stop openBIS or openBIS and postgres before moving files around

# In the container:
[openbis@ubuntu16-preinstalled ~]$ /home/openbis/bin/alldown.sh

# in the container as root, if you move the DB data folder
[root@ubuntu16-preinstalled ~]# service postgresql-9.5 stop

# To mount host's /mnt/nfs_share2/ onto /home/openbis/external_share2 in the container
root@ubuntu:~# lxc config device add ubuntu16-preinstalled sharedfolder disk path=/home/openbis/external_share2 source=/mnt/nfs_share2/

# rsync the data you want to re-locate
[root@openbis-cont ~]# rsync -a <folders> /home/openbis/external_share2

# eventually fix permissions
# create symbolic links to the new locations
# start DB and openBIS
# check logs if everything is fine
 
 
 
Potential candidates which can be re-located, as these folders grow over time:
 
Postgres:
/var/lib/pgsql/<version>

# openBIS AS logs:
/home/openbis/servers/openBIS-server/jetty/logs

# openBIS DSS Data:
/home/openbis/store
/home/openbis/datastore_server/data/sessionWorkspace

# openBIS DSS Logs:
/home/openbis/servers/datastore_server/log
/home/openbis/servers/datastore_server/log-registrations/

 

 

X11 Error

If the error below shows up, please logout from your host machine and login again, make sure to use the -X flag of ssh!

Exception in thread "main" java.awt.AWTError: Can't connect to X11 window server using 'localhost:10.0' as the value of the DISPLAY variable.
	at sun.awt.X11GraphicsEnvironment.initDisplay(Native Method)
	at sun.awt.X11GraphicsEnvironment.access$200(X11GraphicsEnvironment.java:65)
	at sun.awt.X11GraphicsEnvironment$1.run(X11GraphicsEnvironment.java:115)
	at java.security.AccessController.doPrivileged(Native Method)
	at sun.awt.X11GraphicsEnvironment.<clinit>(X11GraphicsEnvironment.java:74)
	at java.lang.Class.forName0(Native Method)
	at java.lang.Class.forName(Class.java:264)
	at java.awt.GraphicsEnvironment.createGE(GraphicsEnvironment.java:103)
	at java.awt.GraphicsEnvironment.getLocalGraphicsEnvironment(GraphicsEnvironment.java:82)
	at sun.awt.X11.XToolkit.<clinit>(XToolkit.java:126)
	at java.lang.Class.forName0(Native Method)
	at java.lang.Class.forName(Class.java:264)
	at java.awt.Toolkit$2.run(Toolkit.java:860)
	at java.awt.Toolkit$2.run(Toolkit.java:855)
	at java.security.AccessController.doPrivileged(Native Method)
	at java.awt.Toolkit.getDefaultToolkit(Toolkit.java:854)
	at java.awt.Toolkit.getEventQueue(Toolkit.java:1738)
	at java.awt.EventQueue.invokeLater(EventQueue.java:1266)
	at javax.swing.SwingUtilities.invokeLater(SwingUtilities.java:1290)
	at com.izforge.izpack.installer.bootstrap.InstallerGui.run(InstallerGui.java:40)
	at com.izforge.izpack.installer.bootstrap.Installer.launchInstall(Installer.java:172)
	at com.izforge.izpack.installer.bootstrap.Installer.start(Installer.java:149)
	at com.izforge.izpack.installer.bootstrap.Installer.main(Installer.java:62)
error: open: No such file or directory

 

 

Helpful links about LXD

http://www.ubuntu.com/cloud/lxd

 

For any issue please contact sis.helpdesk@id.ethz.ch and use a paste service like paste.ubuntu.com to send us the errors

  • No labels