OMERO.server installation on CentOS 8¶
This is an example walkthrough for installing OMERO on CentOS 8, using
a dedicated local system user. You can use this as a guide
for setting up your own test server. For production use you should also read
the pages listed under Optimizing Server Configuration.
This guide will install Python 3.6.
Since 5.6, a new OMERODIR
variable is used, you should first unset OMERO_HOME
(if set) before beginning the installation process.
This guide describes how to install using the recommended versions for Java, Ice, PostgreSQL. This should be read in conjunction with Version requirements.
This guide does not describe how to install OMERO.web. To deploy OMERO.web, please read OMERO.web installation on CentOS 8 and IcePy 3.6.
These instructions assume your Linux distribution is configured with a UTF-8 locale (this is normally the default).
For convenience in this walkthrough, we will use the omero-server system user and the main OMERO configuration options have
been defined as environment variables. When following this walkthrough you can
either use your own values, or alternatively create settings.env
for example under /tmp
e.g. /tmp/settings.env
containing the variables below and source it when required:
OMERO_DB_USER=db_user
OMERO_DB_PASS=db_password
OMERO_DB_NAME=omero_database
OMERO_ROOT_PASS=omero_root_password
OMERO_DATA_DIR=/OMERO
export OMERO_DB_USER OMERO_DB_PASS OMERO_DB_NAME OMERO_ROOT_PASS OMERO_DATA_DIR
export PGPASSWORD="$OMERO_DB_PASS"
# Location of the OMERO.server
export OMERODIR=/opt/omero/server/OMERO.server
# Location of the virtual environment for omero-py
VENV_SERVER=/opt/omero/server/venv3
export PATH=$VENV_SERVER/bin:$PATH
Installing prerequisites¶
The following steps are run as root.
Install Java 11, Ice 3.6.5 and PostgreSQL 11:
To install Java 11 and other dependencies:
yum -y install epel-release
yum -y install unzip wget bc
# install Java
yum -y install java-11-openjdk
# install dependencies
yum -y install python3
yum -y install openssl
To install Ice 3.6.5:
yum install -y -q \
bzip2-devel \
expat-devel \
gcc \
gcc-c++ \
libmcpp
cd /tmp
wget -q https://github.com/ome/zeroc-ice-centos8/releases/download/0.0.1/ice-3.6.5-0.0.1-centos8-amd64.tar.gz
tar xf ice-3.6.5-0.0.1-centos8-amd64.tar.gz
mv ice-3.6.5-0.0.1 ice-3.6.5
mv ice-3.6.5 /opt
echo /opt/ice-3.6.5/lib64 > /etc/ld.so.conf.d/ice-x86_64.conf
ldconfig
To install PostgreSQL 11:
yum module disable -y postgresql
yum -y install https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm
yum -y install postgresql11-server postgresql11
PGSETUP_INITDB_OPTIONS=--encoding=UTF8 /usr/pgsql-11/bin/postgresql-11-setup initdb
sed -i.bak -re 's/^(host.*)ident/\1md5/' /var/lib/pgsql/11/data/pg_hba.conf
systemctl start postgresql-11.service
systemctl enable postgresql-11.service
Note
if you are installing PostgreSQL in a Docker container, some of the commands above will not work. For more details check step01_centos8_pg_deps.sh
Create a local omero-server system user, and a directory for the OMERO repository:
useradd -mr omero-server
# Give a password to the omero user
# e.g. passwd omero-server
chmod a+X ~omero-server
mkdir -p "$OMERO_DATA_DIR"
chown omero-server "$OMERO_DATA_DIR"
Make the settings.env
available to the omero-server system user by copying in to the user home directory. The file will need to be sourced each time you switch user. You could add . ~/settings.env
to the omero-server system user bash
profile.
Create a database user and initialize a new database for OMERO:
echo "CREATE USER $OMERO_DB_USER PASSWORD '$OMERO_DB_PASS'" | su - postgres -c psql
su - postgres -c "createdb -E UTF8 -O '$OMERO_DB_USER' '$OMERO_DB_NAME'"
psql -P pager=off -h localhost -U "$OMERO_DB_USER" -l
Installing OMERO.server¶
The following step is run as root.
We recommend to create a virtual environment and install the Ice Python binding and the dependencies required by the server using pip
:
# Create a virtual env and activate it
python3 -mvenv $VENV_SERVER
# Install the Ice Python binding
$VENV_SERVER/bin/pip install https://github.com/ome/zeroc-ice-centos8/releases/download/0.0.1/zeroc_ice-3.6.5-cp36-cp36m-linux_x86_64.whl
# Install server dependencies
$VENV_SERVER/bin/pip install omero-server[default]
Install omero-py
:
# Install omero-py
$VENV_SERVER/bin/pip install "omero-py>=5.6.0"
Download and unzip OMERO.server:
cd /opt/omero/server
SERVER=https://downloads.openmicroscopy.org/omero/5.6/server-ice36.zip
wget -q $SERVER -O OMERO.server-ice36.zip
unzip -q OMERO.server*
Change the ownership of the OMERO.server directory and create a symlink:
# change ownership of the folder
chown -R omero-server OMERO.server-*
ln -s OMERO.server-*/ OMERO.server
Configuring OMERO.server¶
The following steps are run as the omero-server system user. (su - omero-server
)
The variable OMERODIR
set in settings.env
above must point to the location where OMERO.server is installed.
e.g. OMERODIR=/path_to_omero_server/OMERO.server
.
Note that this script requires the same environment variables that were set earlier in settings.env, so you may need to copy and/or source this file as the omero user.
Configure the database and the location of the data directory:
omero config set omero.data.dir "$OMERO_DATA_DIR"
omero config set omero.db.name "$OMERO_DB_NAME"
omero config set omero.db.user "$OMERO_DB_USER"
omero config set omero.db.pass "$OMERO_DB_PASS"
omero db script -f $OMERODIR/db.sql --password "$OMERO_ROOT_PASS"
psql -h localhost -U "$OMERO_DB_USER" "$OMERO_DB_NAME" < $OMERODIR/db.sql
Weaker ciphers like ADH are disabled by default in OpenSSL 1.1+, the version installed on CentOS 8. This means that it is not possible to connect to an OMERO.server using any OMERO clients e.g. the Java Desktop client, the OMERO.web client or the CLI.
omero certificates
Running OMERO.server¶
The following steps are run as the omero-server system user. (su - omero-server
)
OMERO should now be set up. To start the server run:
omero admin start
Should you wish to start OMERO automatically, a systemd service file could be created.
An example omero-server-systemd.service
is available.
Copy the systemd.service
file and configure the service:
cp omero-server-init.d /etc/init.d/omero-server
chmod a+x /etc/init.d/omero-server
update-rc.d -f omero-server remove
update-rc.d -f omero-server defaults 98 02
You can then start up the service.
Securing OMERO¶
The following steps are run as root.
If multiple users have access to the machine running OMERO you should restrict access to OMERO.server’s configuration and runtime directories, and optionally the OMERO data directory:
chmod go-rwx $OMERODIR/etc $OMERODIR/var
# Optionally restrict access to the OMERO data directory
# chmod go-rwx "$OMERO_DATA_DIR"