forked from ome/prod-playbooks
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathome-demoserver.yml
331 lines (289 loc) · 11.8 KB
/
ome-demoserver.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
# Install OMERO.server, OMERO.web and prepare the OME (UoD/SLS) prerequisites
# To allow OMERO to upgrade, change the omero_server_release variable to the
# desired version and pass `--extra-vars omero_server_upgrade=True` to the
# `ansible-playbook` command.
# To allow OMERO.web to upgrade, change the omero_web_release variable to the
# desired version and pass `--extra-vars omero_web_upgrade=True` to the
# `ansible-playbook` command.
# To allow the OMERO.web plugins to upgrade, also pass `--extra-vars upgrade_webapps=True`
- hosts: ome-demoserver.openmicroscopy.org
pre_tasks:
- name: Install open-vm-tools if system is a VMware vm
become: yes
yum:
name: open-vm-tools
state: installed
when: >
((ansible_virtualization_type is defined)
and (ansible_virtualization_type == "VMware"))
# Perhaps alter the role at https://github.com/openmicroscopy/ansible-role-lvm-partition/
# to make some of the variables non-required.
- name: Resize root FS without altering mount options
tags: lvm
become: yes
lvol:
lv: root
vg: VolGroup00
size: "{{ provision_root_lvsize }}"
shrink: no
- name: Install Make Movie script Prerequisite | MEncoder - Repo
become: yes
yum:
name: http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm
state: present
- name: Install Make Movie script Prerequisite | MEncoder - Package
become: yes
yum:
name: mencoder
state: present
- name: OMERO.figure server-side prerequisites, script prerequisites
become: yes
yum:
name: "{{ item }}"
state: present
with_items:
# For OMERO.figure
- python-reportlab
- python-markdown
# For the 'make movie' script
- mencoder
# Set desired state of webapps (upgrade v.s. install/keep current version)
- name: OMERO.web plugin upgrade | set default state "installed"
set_fact:
webapps_state: present
- name: OMERO.web plugin upgrade | if --extra-vars upgrade_webapps == True, allow web plugin(s) to upgrade.
set_fact:
webapps_state: latest
when: upgrade_webapps is defined and upgrade_webapps == "True"
roles:
# Now OME are using RHEL without Spacewalk, the current best-method of
# checking `is server deployed in Dundee/SLS` is checking for the SLS nameservers.
- role: openmicroscopy.system-monitor-agent
tags: monitoring
when: "'10.1.255.216' in ansible_dns.nameservers"
# Disk Layout - PostgreSQL | data dir on separate VG (SSD)
- role: openmicroscopy.lvm-partition
tags: lvm
lvm_lvname: pgdata
lvm_vgname: "{{ provision_postgres_vgname }}"
lvm_lvmount: /var/lib/pgsql
lvm_lvsize: "{{ provision_postgres_lvsize }}"
lvm_lvfilesystem: "{{ filesystem }}"
lvm_shrink: False
# Disk Layout - OMERO | VG and LV (separate disk) for Binary Repository
- role: openmicroscopy.lvm-partition
tags: lvm
lvm_lvname: datadir
lvm_vgname: "{{ provision_omero_server_datadir_vgname }}"
lvm_lvmount: "{{ omero_server_datadir }}"
lvm_lvsize: "{{ provision_omero_server_datadir_lvsize }}"
lvm_lvfilesystem: "{{ filesystem }}"
lvm_shrink: False
# Disk Layout - OMERO.server | LV for dist & logs
- role: openmicroscopy.lvm-partition
tags: lvm
lvm_lvname: omero_server_basedir
lvm_vgname: VolGroup00
lvm_lvmount: "{{ omero_server_basedir }}"
lvm_lvsize: "{{ provision_omero_server_basedir_lvsize }}"
lvm_lvfilesystem: "{{ filesystem }}"
lvm_shrink: False
# Disk Layout - OMERO.web | LV for dist & logs
- role: openmicroscopy.lvm-partition
tags: lvm
lvm_lvname: omero_web_basedir
lvm_vgname: VolGroup00
lvm_lvmount: "{{ omero_web_basedir }}"
lvm_lvsize: "{{ provision_omero_web_basedir_lvsize }}"
lvm_lvfilesystem: "{{ filesystem }}"
lvm_shrink: False
- role: openmicroscopy.postgresql
no_log: true
postgresql_users_databases:
- user: "{{ vault.omero_server_db_user }}"
password: "{{ vault.omero_server_dbpassword }}"
databases: ["{{ vault.omero_server_dbname }}"]
- role: openmicroscopy.omero-server
omero_server_release: 5.4.1
omero_server_dbuser: "{{ vault.omero_server_db_user }}"
omero_server_dbname: "{{ vault.omero_server_dbname }}"
omero_server_dbpassword: "{{ vault.omero_server_dbpassword }}"
omero_server_rootpassword: "{{ vault.omero_server_rootpassword }}"
omero_server_systemd_limit_nofile: 16384
- role: openmicroscopy.omero-web
omero_web_release: 5.4.1
# This role only works on OMERO 5.3+
- role: openmicroscopy.omero-user
no_log: true
omero_user_bin_omero: /opt/omero/server/OMERO.server/bin/omero
omero_user_system: omero-server
omero_user_admin_user: root
omero_user_admin_pass: "{{ vault.omero_server_rootpassword }}"
omero_group_create:
- name: public
type: read-only
- name: "My Data"
type: private
omero_user_create:
- login: "{{ vault.omero_web_public_user }}"
firstname: Public
lastname: User
password: "{{ vault.omero_web_public_password }}"
groups: "--group-name public"
post_tasks:
- name: Omero.web plugins | plugin install via pip & pypi
become: yes
pip:
name:
- "omero-figure"
- "omero-fpbioimage"
- "omero-webtagging-autotag"
- "omero-webtagging-tagsearch"
- "omero-iviewer"
editable: False
state: "{{ webapps_state }}"
# variable comes from role openmicroscopy.omero-web
virtualenv: "{{ omero_web_basedir }}/venv"
virtualenv_site_packages: yes
notify:
- restart omero-web
- name: NGINX - Performance tuning - worker processes
become: yes
replace:
path: "/etc/nginx/nginx.conf"
regexp: '^worker_processes\s+\d+;'
replace: "worker_processes {{ ((ansible_processor_count * ansible_processor_cores) / 2) |round|int }};"
# cf https://www.digitalocean.com/community/tutorials/how-to-optimize-nginx-configuration
- name: NGINX - Performance tuning - worker connections
become: yes
replace:
path: "/etc/nginx/nginx.conf"
regexp: 'worker_connections\s+\d+;'
replace: "worker_connections 65000;"
- name: NGINX - SSL File Deployment - prepare directory
become: yes
file:
path: "{{ nginx_ssl_files_path }}"
state: directory
owner: root
group: root
mode: "u=r,go="
- name: NGINX - SSL File Deployment
become: yes
copy:
dest="{{ item.key }}"
content="{{ item.value.content }}"
owner="{{ item.value.owner }}"
group="{{ item.value.group }}"
mode="{{ item.value.mode }}"
with_dict: "{{ nginx_ssl_cert_files }}"
no_log: true
- name: NGINX - SSL Configuration - Additional listen port
become: yes
lineinfile:
path: /etc/nginx/conf.d/omero-web.conf
insertafter: ' listen 80;'
line: ' listen 443 ssl;'
- name: NGINX - SSL Configuration - Rest of SSL section to omero-web.conf
become: yes
blockinfile:
path: /etc/nginx/conf.d/omero-web.conf
insertbefore: '.*sendfile.*'
block: |2+
ssl_certificate {{ nginx_ssl_files_path }}/{{ nginx_ssl_cert_filename }};
ssl_certificate_key {{ nginx_ssl_files_path }}/{{ nginx_ssl_key_filename }};
ssl_protocols {{ nginx_ssl_protocols }}
if ($ssl_protocol = "") {
rewrite ^/(.*) https://$host/$1 permanent;
}
notify:
- restart nginx
# Config for OMERO.web plugins, loaded into OMERO.web by the
# omero.web systemd restart.
- name:
become: yes
template:
src: templates/omero-web-config-for-webapps.j2
dest: "{{ omero_web_basedir }}/config/omero-web-config-for-webapps.omero"
owner: "root"
group: "root"
mode: "u=rw,go=r"
notify:
- restart omero-web
- name: Check_MK postgres plugin | check for plugin existence
tags: monitoring
stat:
path: "{{ check_mk_agent_plugin_path }}/mk_postgres"
register: check_mk_postgres_plugin_st
- name: Check_MK postgres plugin | activate the plugin
tags: monitoring
become: yes
command: cp "{{ check_mk_agent_plugin_path }}/mk_postgres" /usr/share/check-mk-agent/plugins/ creates=/usr/share/check-mk-agent/plugins/mk_postgres
when: check_mk_postgres_plugin_st.stat.exists
- name: Check_MK logwatch plugin | check for plugin existence
tags: monitoring
stat:
path: "{{ check_mk_agent_plugin_path }}/mk_logwatch"
register: check_mk_logwatch_plugin_st
- name: Check_MK logwatch plugin | activate the plugin
tags: monitoring
become: yes
command: cp "{{ check_mk_agent_plugin_path }}/mk_logwatch" /usr/share/check-mk-agent/plugins/ creates=/usr/share/check-mk-agent/plugins/mk_logwatch
when: check_mk_logwatch_plugin_st.stat.exists
- name: Check_MK logwatch plugin | check for default config file
tags: monitoring
stat:
path: "{{ check_mk_agent_config_example_path }}/logwatch.cfg"
register: check_mk_logwatch_plugin_conf_st
- name: Check_MK logwatch plugin | copy the default config
tags: monitoring
become: yes
command: cp "{{ check_mk_agent_config_example_path }}/logwatch.cfg" "{{ check_mk_agent_config_path }}/logwatch.cfg" creates="{{ check_mk_agent_config_path }}/logwatch.cfg"
when: check_mk_logwatch_plugin_conf_st.stat.exists
- name: PostgreSQL Nightly Backups | Create the backups directory
become: yes
file:
path: "{{ omero_server_db_dumpdir_parent }}/{{ omero_server_db_dumpdir_name }}"
state: directory
owner: postgres
group: postgres
mode: "u=rwx,go="
- name: PostgreSQL Nightly Backups | send the backup script
become: yes
template:
src: nightly-pg_dump-omero.sh.j2
dest: /etc/cron.daily/nightly-pg_dump-omero.sh
mode: "u=rwx,go="
vars:
# Check_MK (system monitoring) paths
check_mk_agent_plugin_path: /usr/share/check-mk-agent/available-plugins
check_mk_agent_config_example_path: /usr/share/check_mk/agents/cfg_examples
check_mk_agent_config_path: /etc/check-mk-agent
# Backup folder for PostgreSQL 'folder' format dump
omero_server_db_dumpdir_parent: /tmp
omero_server_db_dumpdir_name: nightly-pg_dump_omero.dir
postgresql_version: "9.6"
filesystem: "xfs"
omero_server_config_set:
omero.db.poolsize: 60
omero.jvmcfg.percent.blitz: 50
omero.jvmcfg.percent.indexer: 20
omero.jvmcfg.percent.pixeldata: 20
omero.jvmcfg.system_memory: 30000
omero.mail.config: true
omero.mail.from: "{{ omero_server_mail_from }}"
omero.mail.host: "{{ omero_server_mail_host }}"
omero.new_user_group: "My Data"
omero.search.batch: 100
omero.throttling.method_time.error: 60000
omero_web_config_set:
# https://www.openmicroscopy.org/site/support/omero5.3/sysadmins/public.html
omero.web.public.user: "{{ vault.omero_web_public_user }}"
omero.web.public.password: "{{ vault.omero_web_public_password }}"
omero.web.public.enabled: True
omero.web.public.server_id: 1
omero.web.public.url_filter: "^/(webgateway/(?!(archived_files|download_as))|webclient/annotation/([0-9]+)/)"
omero.web.server_list: [["localhost", 4064, "omero"]]
# Advice is (2*cores + 1) from OME docs.
omero.web.wsgi_workers: "{{ (2 * (ansible_processor_count * ansible_processor_cores)) + 1 }}"
omero.web.admins: "{{ omero_web_admins }}"