OMERO.server installation on CentOS 7

This is an example walkthrough for installing OMERO on CentOS 7, using a dedicated system user, and should be read in conjunction with Setting up OMERO.web. You can use this as a guide for setting up your own test server. For production use you should also read the pages listed under Optimizing Server Configuration.

This guide describes how to install the recommended versions, not all the supported versions. This should be read in conjunction with Version requirements.

These instructions assume your Linux distribution is configured with a UTF-8 locale (this is normally the default).

For convenience in this walkthrough the main OMERO configuration options have been defined as environment variables. When following this walkthrough you can either use your own values, or alternatively source the following file:

OMERO_DB_USER=db_user
OMERO_DB_PASS=db_password
OMERO_DB_NAME=omero_database
OMERO_ROOT_PASS=omero_root_password
OMERO_DATA_DIR=/OMERO

OMERO_WEB_PORT=80

export OMERO_DB_USER OMERO_DB_PASS OMERO_DB_NAME OMERO_ROOT_PASS OMERO_DATA_DIR OMERO_WEB_PORT

export PGPASSWORD="$OMERO_DB_PASS"

settings.env

Installing prerequisites

The following steps are run as root.

Install Java 1.8, Ice 3.6 and PostgreSQL 9.6:

To install Java 1.8 and other dependencies:

yum -y install epel-release

# installed for convenience
yum -y install unzip wget bc

# install Java
yum -y install java-1.8.0-openjdk

# install dependencies

yum -y install \
	python-pip python-devel python-virtualenv \
	python-yaml python-jinja2 \
	python-pillow numpy scipy python-tables
pip install --upgrade pip

To install Ice 3.6:

cd /etc/yum.repos.d
wget https://zeroc.com/download/rpm/zeroc-ice-el7.repo

yum -y install gcc-c++
yum -y install libdb-utils
yum -y install openssl-devel bzip2-devel expat-devel

yum -y install ice-all-runtime ice-all-devel

pip install "zeroc-ice>3.5,<3.7"

To install PostgreSQL 9.6:

# install Postgres
# Postgres, reconfigure to allow TCP connections
yum -y install http://yum.postgresql.org/9.6/redhat/rhel-7-x86_64/pgdg-centos96-9.6-3.noarch.rpm
yum -y install postgresql96-server postgresql96

PGSETUP_INITDB_OPTIONS=--encoding=UTF8 /usr/pgsql-9.6/bin/postgresql96-setup initdb

sed -i.bak -re 's/^(host.*)ident/\1md5/' /var/lib/pgsql/9.6/data/pg_hba.conf
systemctl start postgresql-9.6.service

systemctl enable postgresql-9.6.service

Create an omero system user, and a directory for the OMERO repository:

useradd -m omero
chmod a+X ~omero

mkdir -p "$OMERO_DATA_DIR"
chown omero "$OMERO_DATA_DIR"

Create a database user and initialize a new database for OMERO:

echo "CREATE USER $OMERO_DB_USER PASSWORD '$OMERO_DB_PASS'" | su - postgres -c psql
su - postgres -c "createdb -E UTF8 -O '$OMERO_DB_USER' '$OMERO_DB_NAME'"

psql -P pager=off -h localhost -U "$OMERO_DB_USER" -l

Installing OMERO.server

The following steps are run as the omero system user.

Download, unzip and configure OMERO. The rest of this walkthrough assumes the OMERO.server is installed into the home directory of the omero system user.

Note that this script requires the same environment variables that were set earlier in settings.env, so you may need to copy and/or source this file as the omero user.

You will need to install the server corresponding to your Ice version.

Install server-ice36.zip:

cd ~omero
SERVER=http://downloads.openmicroscopy.org/latest/omero5.3/server-ice36.zip
wget $SERVER -O OMERO.server-ice36.zip
unzip -q OMERO.server*

Configure:

ln -s OMERO.server-*/ OMERO.server
OMERO.server/bin/omero config set omero.data.dir "$OMERO_DATA_DIR"
OMERO.server/bin/omero config set omero.db.name "$OMERO_DB_NAME"
OMERO.server/bin/omero config set omero.db.user "$OMERO_DB_USER"
OMERO.server/bin/omero config set omero.db.pass "$OMERO_DB_PASS"
OMERO.server/bin/omero db script -f OMERO.server/db.sql --password "$OMERO_ROOT_PASS"
psql -h localhost -U "$OMERO_DB_USER" "$OMERO_DB_NAME" < OMERO.server/db.sql

Installing and running OMERO.web

OMERO.web is deployed using Nginx, for more details on how to install and run the OMERO.web client see OMERO.web walkthrough installation CentOS 7 and IcePy 3.6.

Running OMERO.server

The following steps are run as the omero system user.

OMERO should now be set up. To start the server run:

OMERO.server/bin/omero admin start

Please read the SELinux section below.

In addition a systemd.service script is available should you wish to start OMERO automatically.

Securing OMERO

The following steps are run as root.

If multiple users have access to the machine running OMERO you should restrict access to OMERO.server’s configuration and runtime directories, and optionally the OMERO data directory:

chmod go-rwx ~omero/OMERO.server/etc ~omero/OMERO.server/var

# Optionally restrict access to the OMERO data directory
#chmod go-rwx "$OMERO_DATA_DIR"

Regular tasks

The following steps are run as root.

The default OMERO.web session handler uses temporary files to store sessions which should be deleted at regular intervals, for instance by creating a cron job:

OMERO_USER=omero
OMERO_SERVER=/home/omero/OMERO.server
su - ${OMERO_USER} -c "${OMERO_SERVER}/bin/omero web clearsessions"

Copy this script into the appropriate location:

cp omero-web-cron /etc/cron.daily/omero-web
chmod a+x /etc/cron.daily/omero-web

SELinux

The following steps are run as root.

If you are running a system with SELinux enabled and are unable to access OMERO.web you may need to adjust the security policy:

if [ $(getenforce) != Disabled ]; then
    yum -y install policycoreutils-python
    setsebool -P httpd_read_user_content 1
    setsebool -P httpd_enable_homedirs 1
    semanage port -a -t http_port_t -p tcp 4080
fi