OMERO.server installation on Ubuntu 18.04

This is an example walkthrough for installing OMERO on Ubuntu 18.04, using a dedicated local system user, and should be read in conjunction with OMERO.web administration. You can use this as a guide for setting up your own test server. For production use you should also read the pages listed under Optimizing Server Configuration. This guide will install Python 3.6. Since 5.6, a new OMERODIR variable is used, you should first unset OMERO_HOME (if set) before beginning the installation process.

This guide describes how to install using the recommended versions for Java, Ice, PostgreSQL. This should be read in conjunction with Version requirements.

This guide does not describe how to install OMERO.web. To deploy OMERO.web, please read OMERO.web installation on Ubuntu 18.04 and IcePy 3.6.

These instructions assume your Linux distribution is configured with a UTF-8 locale (this is normally the default).

For convenience in this walkthrough we will use the omero-server system user and the main OMERO configuration options have been defined as environment variables. When following this walkthrough you can either use your own values, or alternatively source settings.env:


OMERO_DB_USER=db_user
OMERO_DB_PASS=db_password
OMERO_DB_NAME=omero_database
OMERO_ROOT_PASS=omero_root_password
OMERO_DATA_DIR=/OMERO

export OMERO_DB_USER OMERO_DB_PASS OMERO_DB_NAME OMERO_ROOT_PASS OMERO_DATA_DIR

export PGPASSWORD="$OMERO_DB_PASS"

# Location of the OMERO.server
export OMERODIR=/opt/omero/server/OMERO.server

# Location of the virtual environment for omero-py
VENV_SERVER=/opt/omero/server/venv3

export PATH=$VENV_SERVER/bin:$PATH

Installing prerequisites

The following steps are run as root.

Install Java 11, Ice 3.6.5 and PostgreSQL 11:

To install Java 11 and other dependencies:

apt-get update

apt-get -y install unzip wget bc

# to be installed if daily cron tasks are configured
apt-get -y install cron

# install Java
apt-get update -q
apt-get install -y openjdk-11-jre

# install dependencies
apt-get update
apt-get -y install \
	unzip \
	wget \
	python3 \
	python3-venv

To install Ice 3.6.5:

apt-get update && \
apt-get install -y -q \
build-essential \
db5.3-util \
libbz2-dev \
libdb++-dev \
libdb-dev \
libexpat-dev \
libmcpp-dev \
libssl-dev \
mcpp \
zlib1g-dev

cd /tmp
wget -q https://github.com/ome/zeroc-ice-ubuntu1804/releases/download/0.3.0/ice-3.6.5-0.3.0-ubuntu1804-amd64.tar.gz
tar xf ice-3.6.5-0.3.0-ubuntu1804-amd64.tar.gz
mv ice-3.6.5-0.3.0 /opt
echo /opt/ice-3.6.5-0.3.0/lib/x86_64-linux-gnu > /etc/ld.so.conf.d/ice-x86_64.conf
ldconfig

To make Ice available to all users and activate the virtual environment, set the following in /etc/profile:

# Environment file for OMERO		
		
export ICE_HOME=/opt/ice-3.6.5-0.3.0		
export PATH="$ICE_HOME/bin:$PATH"		
#Remove commented out export below if Ice is not set globally accessible		
#export LD_LIBRARY_PATH="$ICE_HOME/lib64:$ICE_HOME/lib:$LD_LIBRARY_PATH"		
export SLICEPATH="$ICE_HOME/slice"

and add the virtual environment to PATH:

VENV_SERVER=/opt/omero/server/venv3

export PATH=$VENV_SERVER/bin:$PATH

To install PostgreSQL 11:

apt-get install -y gnupg
echo "deb http://apt.postgresql.org/pub/repos/apt/ bionic-pgdg main" > /etc/apt/sources.list.d/pgdg.list
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
apt-get update
apt-get -y install postgresql-11
service postgresql start

Create a local omero-server system user, and a directory for the OMERO repository:

useradd -mr omero-server
# Give a password to the omero user
# e.g. passwd omero
chmod a+X ~omero-server

mkdir -p "$OMERO_DATA_DIR"
chown omero-server "$OMERO_DATA_DIR"

Create a database user and initialize a new database for OMERO:

echo "CREATE USER $OMERO_DB_USER PASSWORD '$OMERO_DB_PASS'" | su - postgres -c psql
su - postgres -c "createdb -E UTF8 -O '$OMERO_DB_USER' '$OMERO_DB_NAME'"

psql -P pager=off -h localhost -U "$OMERO_DB_USER" -l

Installing OMERO.server

The following step is run as root.

We recommend to create a virtual environment and install the Ice Python binding using pip:

# Create a virtual env and activate it
python3 -mvenv $VENV_SERVER

# Install the Ice Python binding
$VENV_SERVER/bin/pip install https://github.com/ome/zeroc-ice-ubuntu1804/releases/download/0.3.0/zeroc_ice-3.6.5-cp36-cp36m-linux_x86_64.whl

Install omero-py:

# Install omero-py
$VENV_SERVER/bin/pip install "omero-py>=5.6.dev4"

Download and unzip OMERO.server:

cd /opt/omero/server
SERVER=https://downloads.openmicroscopy.org/omero/5.6/server-ice36.zip
wget -q $SERVER -O OMERO.server-ice36.zip
unzip -q OMERO.server*

Change the ownership of the OMERO.server directory and create a symlink:

# change ownership of the folder
chown -R omero-server OMERO.server-*
ln -s OMERO.server-*/ OMERO.server

The following steps are run as the omero-server system user. (su - omero-server)

The variable OMERODIR set in settings.env above must point to the location where OMERO.server is installed. e.g. OMERODIR=/path_to_omero_server/OMERO.server.

Note that this script requires the same environment variables that were set earlier in settings.env, so you may need to copy and/or source this file as the omero user.

Configure the server:

omero config set omero.data.dir "$OMERO_DATA_DIR"
omero config set omero.db.name "$OMERO_DB_NAME"
omero config set omero.db.user "$OMERO_DB_USER"
omero config set omero.db.pass "$OMERO_DB_PASS"
omero db script -f $OMERODIR/db.sql --password "$OMERO_ROOT_PASS"
psql -h localhost -U "$OMERO_DB_USER" "$OMERO_DB_NAME" < $OMERODIR/db.sql

Patching OMERO.server

Weaker ciphers like ADH are disabled by default in OpenSSL 1.1.0, the version installed on Ubuntu 18.04. This means that it is not possible to connect to an OMERO.server using any OMERO clients e.g. the Java Desktop client, the OMERO.web client or the CLI. The parameter @SECLEVEL=0, enabling the weaker ciphers, needs to be added in two files in order to allow connection.

omero config set omero.glacier2.IceSSL.Ciphers HIGH:ADH:@SECLEVEL=0

Running OMERO.server

The following steps are run as the omero-server system user. (su - omero-server)

OMERO should now be set up. To start the server run:

omero admin start

In addition omero-init.d is available should you wish to start OMERO automatically.

Securing OMERO

The following steps are run as root.

If multiple users have access to the machine running OMERO you should restrict access to OMERO.server’s configuration and runtime directories, and optionally the OMERO data directory:

chmod go-rwx $OMERODIR/etc $OMERODIR/var

# Optionally restrict access to the OMERO data directory
# chmod go-rwx "$OMERO_DATA_DIR"