GithubHelp home page GithubHelp logo

ome / ansible-role-omero-web Goto Github PK

View Code? Open in Web Editor NEW
1.0 8.0 14.0 182 KB

Installs and configures OMERO.web and Nginx

License: BSD 2-Clause "Simplified" License

Python 61.29% Shell 2.22% Jinja 36.49%
ome openmicroscopy omero ansible

ansible-role-omero-web's Introduction

OMERO Web

Actions Status Ansible Role

Installs and configures OMERO.web and Nginx. Uses a conf.d style configuration directory for managing the OMERO.web configuration.

Warning: Python 2 support is dropped. See CHANGES.md for details.

Role Variables

All variables are optional, see defaults/main.yml for the full list

OMERO.web version and installation.

  • omero_web_release: The OMERO.web release, e.g. 5.9.1. The default is present which will install the latest version if web is not already installed, but will not modify an existing web. Use latest to automatically upgrade when a new version is released.
  • omero_web_system_user: OMERO.web system user, default omero-web.
  • omero_web_system_uid: OMERO.web system user ID (default automatic)

OMERO.web configuration.

  • omero_web_config_set: A dictionary of config-key: value which will be used for the initial OMERO.web configuration, default empty. value can be a string, or an object (list, dictionary) that will be automatically converted to quoted JSON. Note configuration can also be done pre/post installation using the web/config conf.d style directory.
  • omero_web_setup_nginx: Install and configure Nginx, default True.

OMERO.web systemd configuration

  • omero_web_systemd_setup: Create and start the omero-web systemd service, default True
  • omero_web_systemd_limit_nofile: Systemd limit for number of open files (default ignore)
  • omero_web_systemd_after: A list of strings with additional service names to appear in systemd unit file "After" statements. Default empty/none.
  • omero_web_systemd_requires: A list of strings with additional service names to appear in systemd unit file "Requires" statements. Default empty/none.

Python 3 only parameters.

  • omero_web_python_addons: List of additional Python packages to be installed into virtualenv

The omero-web-apps role has been merged into this role for Python 3 deployments. All variables are optional:

  • omero_web_apps_names: List of web application names to be appended to omero.web.apps
  • omero_web_apps_packages: List of pip installable packages
  • omero_web_apps_top_links: Lists of top link dictionaries to be appended to omero.web.ui.top_links, of the form:
    • label: Label
    • link: URL or a dict
    • attrs: Dictionary of attributes (optional)
  • omero_web_apps_ui_metadata_panes: Items to be appended to omero.web.ui.metadata_panes
  • omero_web_apps_config_append: Dictionary of other key-[list of values] pairs to be appended (multiple values can be appended to the same key)
  • omero_web_apps_config_set: Dictionary of other key-value pairs to be set
  • omero_web_apps_config_name: The basename of the configuration file (web/config/{{ omero_web_apps_config_name }}.omero)

Unstable features

Variables :

  • omero_web_systemd_start: Automatically enable and start/restart systemd omero-web service, default True. This is intended for use in server images where installation may be separate from configuration and execution.
  • omero_web_always_reset_config: Clear the existing configuration before regenerating, default True.

It should be safe to use this role to deploy OMERO.web inside a standard centos:7 Docker container without systemd (omero_web_systemd_setup: False).

Configuring OMERO.web

This role regenerates the OMERO.web configuration file using the configuration files and helper script in /opt/omero/web/config. omero_web_config_set can be used for simple configurations, for anything more complex consider creating one or more configuration files under: /opt/omero/web/config/ with the extension .omero.

Manual configuration changes (omero config ...) will be lost following a restart of omero-web with systemd, you can disable this by setting omero_web_always_reset_config: False. Manual configuration changes will never be copied during an upgrade.

See ome/design#70 for a proposal to add support for a conf.d style directory directly into OMERO.

Example Playbooks

OMERO.web with the default backend server, localhost:4064:

- hosts: localhost
  roles:
    - role: ome.omero_web

OMERO.web with a custom configuration using omero_web_config_set:

- hosts: localhost
  roles:
    - role: ome.omero_web
      omero_web_config_set:
        omero.web.server_list:
          - [omero.example.org, 4064, omero-example]
        omero.web.public.enabled: True
        omero.web.public.server_id: 1
        omero.web.public.user: public
        omero.web.public.password: secret-password

OMERO.web with the redis session engine

hosts: localhost    
roles:
- role: ome.omero_web
  omero_web_setup_redis_session: true
  omero_web_config_set:
    "omero.web.caches":
       "default": 
          "BACKEND": "django_redis.cache.RedisCache"
          "LOCATION": "redis://127.0.0.1:6379/0"
    "omero.web.session_engine": "django.contrib.sessions.backends.cache"

OMERO.web with a custom configuration using a configuration file web-custom-config.omero:

- hosts: localhost
  roles:
    - role: ome.omero_web
  tasks:
    - copy:
        content: >
          config set omero.web.server_list '[["omero.example.org", 4064, "omero-example"]'
        dest: /opt/omero/web/config/web-custom-config.omero
      notify:
        - restart omero-web

Author Information

[email protected]

ansible-role-omero-web's People

Contributors

dominikl avatar jburel avatar joshmoore avatar kennethgillen avatar khaledk2 avatar manics avatar pwalczysko avatar sbesson avatar stephenogg avatar

Stargazers

avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

manics kennethgillen sbesson jburel snoopycrimecop joshmoore stephenogg ucl-mirsg drjrkuhn pwalczysko khaledk2 glyg eyal-erknet dominikl

ansible-role-omero-web's Issues

omero-web Python 3 dependency versioning

Since this role is meant to support reproducible deployments it should support pinning of python dependencies in virtualenvs. For instance, omero-web depends on omero-py

One option is to have setup.py in omero-web and omero-py have generic ranges for dependencies and each Ansible role is reponsible for defining the full set of pinned dependencies.

Another option is to pin the versions in setup.py of the modules instead, perhaps as a [variant] designed for use in reproducible installations, e.g. something like ome/omero-py#114

    extras_require={
        'linux/linux-dist/dist/pinned/reproducible/recommended': [
            # These match the currently available binary wheels and should
            # ensure omero-py can be installed without a compiler
            # 'ipython==7.9.0',
            'Jinja2==2.10.3',
            'numexpr==2.7.0',
            'numpy==1.17.3',
            'Pillow==6.2.1',
            'PyYAML==5.1.2',
            'tables==3.6.1',
        ],
    },

Remove testing warning

"This is for development and testing purposes only. Do not use on a production server."

from #26 will need to be removed for GA early next year.

Add omero_web_python_addons to preinstall additional pip packages

ome/ansible-role-omero-server#36 includes the parameter omero_server_python_addons to install pip packages when the venv is created. An analogous parameter could be added to this role to simplify installation of web apps.

You'll need to duplicate the task https://github.com/ome/ansible-role-omero-web/blob/2.0.2/tasks/web-install.yml#L119 since omero.web includes a requirements file (unless you want to decouple omero.web so it's pip installable ๐Ÿ˜€)

SELINUX, labels

Upon using the ansible-role-omero-web on a RHEL system with SELINUX set to enforcing, the static files served up by NGINX are not loading after a fresh installation, or an upgrade of an existing running server.

Note: in the case of the output here, this was already done for the existing server at first deployment, and these steps were re-ran for an upgrade to the existing server.

[root@pub-omero ~]# audit2why < /var/log/audit/audit.log shows:

type=AVC msg=audit(1522679845.947:375427): avc:  denied  { read } for  pid=20627 comm="nginx" name="OMERO.web" dev="dm-7" ino=726 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:unlabeled_
t:s0 tclass=lnk_file

        Was caused by:
                Missing type enforcement (TE) allow rule.

                You can use audit2allow to generate a loadable module to allow this access.

after creating an audit2allow rule as it suggests, the following is generated:

[root@ ~]# audit2allow < /var/log/audit/audit.log


#============= abrt_t ==============
allow abrt_t inetd_child_t:dbus send_msg;

#============= httpd_t ==============

#!!!! WARNING: 'unlabeled_t' is a base type.
#!!!! The file '/opt/omero/web/OMERO.web' is mislabeled on your system.
#!!!! Fix with $ restorecon -R -v /opt/omero/web/OMERO.web
allow httpd_t unlabeled_t:lnk_file read;

After running restorecon -R -v /opt/omero/web/OMERO.web, the statics are happily served without a restart of NGINX.

Add support for omero-web extra dependencies

The upgrade of the UoD learning system playbook to OMERO.web 5.14.0/Django 3.2 required the bump of django-redis - see https://github.com/ome/prod-playbooks/blob/master/omero/learning.yml#L118.

This dependency is currently managed using the omero_web_python_addons variable in this role which is a legit strategy. However, omero-web 5.14.0 introduced the extra redis dependency to manage django-redis. It should be possible for this role to leverage this e.g. by introducing a new optional omero_web_extras or similar variable that could be used in

ansible-role-omero-web/defaults/main.yml

Lines 87 to 88 in ef88102

- "omero-web{{ (omero_web_release == 'present') |
ternary('', '==' + omero_web_release) }}"
.

Maintain OMERO.web/var/django_secret_key across upgrades

OMERO.web/var/django_secret_key contains a secret key used to encrypt django sessions. The current upgrade process causes this to be regenerated, invalidating existing sessions. We should:

  1. See whether sessions can be maintained across OMERO.web restarts. If they're not then there's no point in exploring this issue further.
  2. If they are, then we should either copy OMERO.web/var/django_secret_key between upgrades, or if possible use an OMERO.web/Django configuration option to change the location of this file.

omero web nginx config is ignored

Nginx is configured before the systemd setup. This means omero-web configuration properties that affect the generated nginx config file (e.g. omero.web.prefix) are ignored.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.