From d6a1d6fb50b06e2a295bf7df34b0296cf17aa5d0 Mon Sep 17 00:00:00 2001 From: Kenneth Gillen Date: Thu, 23 Mar 2017 20:45:54 +0000 Subject: [PATCH 01/14] Initial OMERO web-only --- .../nightshade-web/README.txt | 14 ++++++++++++++ .../nightshade-web/Vagrantfile | 14 ++++++++++++++ .../nightshade-web/playbook.yml | 18 ++++++++++++++++++ .../nightshade-web/requirements.yml | 10 ++++++++++ 4 files changed, 56 insertions(+) create mode 100644 ansible/server-state-playbooks/nightshade-web/README.txt create mode 100644 ansible/server-state-playbooks/nightshade-web/Vagrantfile create mode 100644 ansible/server-state-playbooks/nightshade-web/playbook.yml create mode 100644 ansible/server-state-playbooks/nightshade-web/requirements.yml diff --git a/ansible/server-state-playbooks/nightshade-web/README.txt b/ansible/server-state-playbooks/nightshade-web/README.txt new file mode 100644 index 000000000..d32352d9c --- /dev/null +++ b/ansible/server-state-playbooks/nightshade-web/README.txt @@ -0,0 +1,14 @@ +### Taken from manics/ansible-public-omero-example.git +### at bc730e580e7c9ed0752a68cd4aa42397e4e58a2a +### and stripped of server components, leaving just web. + +### ansible playbooks & requirements for installing basic OMERO web + + +- playbooks set up to run from localhost rather than remotely + +- after installing ansible and ansible-galaxy, + ansible-galaxy install -r requirements.yml -p roles + +- install OMERO.web server + ansible-playbook playbook.yml diff --git a/ansible/server-state-playbooks/nightshade-web/Vagrantfile b/ansible/server-state-playbooks/nightshade-web/Vagrantfile new file mode 100644 index 000000000..127936108 --- /dev/null +++ b/ansible/server-state-playbooks/nightshade-web/Vagrantfile @@ -0,0 +1,14 @@ +Vagrant.configure("2") do |config| + config.vm.box = "centos/7" + config.vm.provider "virtualbox" do |vb| + config.vm.network "forwarded_port", guest: 80, host: 8080 + config.vm.network "forwarded_port", guest: 4064, host: 4064 + config.vm.network "forwarded_port", guest: 4063, host: 4063 + vb.customize ["modifyvm", :id, "--memory", "2048"] + end + + config.vm.provision "ansible" do |ansible| + ansible.playbook = "playbook.yml" + ansible.galaxy_role_file = "requirements.yml" + end +end diff --git a/ansible/server-state-playbooks/nightshade-web/playbook.yml b/ansible/server-state-playbooks/nightshade-web/playbook.yml new file mode 100644 index 000000000..d3f4cfa80 --- /dev/null +++ b/ansible/server-state-playbooks/nightshade-web/playbook.yml @@ -0,0 +1,18 @@ +# Install OMERO.web with a public user on localhost + +- hosts: all + roles: + + - role: openmicroscopy.omero-web + omero_web_release: 5.3.0-m9 + omero_web_config_set: + omero.web.public.enabled: True + omero.web.public.server_id: 1 + omero.web.public.user: public + omero.web.public.password: "{{ omero_web_public_password }}" + omero.web.public.url_filter: "^/(webadmin/myphoto/|webclient/(?!(action|annotate_(file|tags|comment|rating|map)|script_ui|ome_tiff|figure_script))|webgateway/(?!(archived_files|download_as)))" + + +# To be migrated to MT + vars: + omero_web_public_password: public diff --git a/ansible/server-state-playbooks/nightshade-web/requirements.yml b/ansible/server-state-playbooks/nightshade-web/requirements.yml new file mode 100644 index 000000000..ba74a774d --- /dev/null +++ b/ansible/server-state-playbooks/nightshade-web/requirements.yml @@ -0,0 +1,10 @@ +--- + +- name: openmicroscopy.omero-common + src: https://github.com/manics/ansible-role-omero-common.git + +- name: openmicroscopy.omego + src: https://github.com/manics/ansible-role-omego.git + +- name: openmicroscopy.omero-web + src: https://github.com/manics/ansible-role-omero-web.git From b45aea4d870e03ceb8c0f314983cdaa7f9913420 Mon Sep 17 00:00:00 2001 From: Kenneth Gillen Date: Fri, 24 Mar 2017 16:33:35 +0000 Subject: [PATCH 02/14] LVM commented out for testing, but progressing well. --- .../nightshade-web/playbook.yml | 23 +++++++++++-------- .../nightshade-web/requirements.yml | 12 +++++++--- 2 files changed, 23 insertions(+), 12 deletions(-) diff --git a/ansible/server-state-playbooks/nightshade-web/playbook.yml b/ansible/server-state-playbooks/nightshade-web/playbook.yml index d3f4cfa80..1b51b14a1 100644 --- a/ansible/server-state-playbooks/nightshade-web/playbook.yml +++ b/ansible/server-state-playbooks/nightshade-web/playbook.yml @@ -1,18 +1,23 @@ # Install OMERO.web with a public user on localhost - hosts: all + roles: +# # Root LV Size +# - role: openmicroscopy.lvm-partition +# lvm_lvmount: / +# lvm_lvsize: "{{ provision_rootsize }}" +# lvm_lvfilesystem: "{{ provision_root_filesystem }}" +# + + + # OMERO.web configuration in host_vars in different repository - role: openmicroscopy.omero-web omero_web_release: 5.3.0-m9 - omero_web_config_set: - omero.web.public.enabled: True - omero.web.public.server_id: 1 - omero.web.public.user: public - omero.web.public.password: "{{ omero_web_public_password }}" - omero.web.public.url_filter: "^/(webadmin/myphoto/|webclient/(?!(action|annotate_(file|tags|comment|rating|map)|script_ui|ome_tiff|figure_script))|webgateway/(?!(archived_files|download_as)))" + - role: openmicroscopy.system-monitor-agent + when: > + ((ansible_env.COBBLER_SERVER is defined) + and (ansible_env.COBBLER_SERVER == "spacewalk.lifesci.dundee.ac.uk")) -# To be migrated to MT - vars: - omero_web_public_password: public diff --git a/ansible/server-state-playbooks/nightshade-web/requirements.yml b/ansible/server-state-playbooks/nightshade-web/requirements.yml index ba74a774d..bde419392 100644 --- a/ansible/server-state-playbooks/nightshade-web/requirements.yml +++ b/ansible/server-state-playbooks/nightshade-web/requirements.yml @@ -1,10 +1,16 @@ --- - name: openmicroscopy.omero-common - src: https://github.com/manics/ansible-role-omero-common.git + src: https://github.com/openmicroscopy/ansible-role-omero-common.git - name: openmicroscopy.omego - src: https://github.com/manics/ansible-role-omego.git + src: https://github.com/openmicroscopy/ansible-role-omego.git - name: openmicroscopy.omero-web - src: https://github.com/manics/ansible-role-omero-web.git + src: https://github.com/openmicroscopy/ansible-role-omero-web.git + +- name: openmicroscopy.lvm-partition + src: https://github.com/openmicroscopy/ansible-role-lvm-partition.git + + + From 0a4d38911c64c54e939817b003f9f513becb5324 Mon Sep 17 00:00:00 2001 From: Kenneth Gillen Date: Fri, 24 Mar 2017 16:34:02 +0000 Subject: [PATCH 03/14] Additional check-mk --- ansible/server-state-playbooks/nightshade-web/requirements.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ansible/server-state-playbooks/nightshade-web/requirements.yml b/ansible/server-state-playbooks/nightshade-web/requirements.yml index bde419392..d73d08145 100644 --- a/ansible/server-state-playbooks/nightshade-web/requirements.yml +++ b/ansible/server-state-playbooks/nightshade-web/requirements.yml @@ -12,5 +12,7 @@ - name: openmicroscopy.lvm-partition src: https://github.com/openmicroscopy/ansible-role-lvm-partition.git +- name: openmicroscopy.system-monitor-agent + src: https://github.com/openmicroscopy/ansible-role-system-monitor-agent.git From 00287658c890defb95e4af61ab4ab7b3a1def6a4 Mon Sep 17 00:00:00 2001 From: Kenneth Gillen Date: Thu, 30 Mar 2017 14:01:22 +0100 Subject: [PATCH 04/14] Run configured for SLS VM versus local vagrant --- .../nightshade-web/playbook.yml | 26 +++++++++++++------ 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/ansible/server-state-playbooks/nightshade-web/playbook.yml b/ansible/server-state-playbooks/nightshade-web/playbook.yml index 1b51b14a1..fe3e9559e 100644 --- a/ansible/server-state-playbooks/nightshade-web/playbook.yml +++ b/ansible/server-state-playbooks/nightshade-web/playbook.yml @@ -2,19 +2,29 @@ - hosts: all + tasks: + - name: Install open-vm-tools if VMware vm + become: yes + yum: + name: open-vm-tools + state: latest + when: > + ((ansible_virtualization_type is defined) + and (ansible_virtualization_type == "VMware")) + roles: -# # Root LV Size -# - role: openmicroscopy.lvm-partition -# lvm_lvmount: / -# lvm_lvsize: "{{ provision_rootsize }}" -# lvm_lvfilesystem: "{{ provision_root_filesystem }}" -# - + # Root LV Size + - role: openmicroscopy.lvm-partition + lvm_lvname: "{{ provision_root_lvname }}" + lvm_vgname: "{{ provision_root_vgname }}" + lvm_lvmount: / + lvm_lvsize: "{{ provision_rootsize }}" + lvm_lvfilesystem: "{{ provision_root_filesystem }}" # OMERO.web configuration in host_vars in different repository - role: openmicroscopy.omero-web - omero_web_release: 5.3.0-m9 + omero_web_release: 5.2.8 - role: openmicroscopy.system-monitor-agent when: > From 44b6232f551abe33b8c9d9a465a3194566229aea Mon Sep 17 00:00:00 2001 From: Kenneth Gillen Date: Thu, 6 Apr 2017 19:40:37 +0100 Subject: [PATCH 05/14] nginx SSL transform added from OMERO.web generated file --- .../nightshade-web/playbook.yml | 62 +++++++++++++------ 1 file changed, 44 insertions(+), 18 deletions(-) diff --git a/ansible/server-state-playbooks/nightshade-web/playbook.yml b/ansible/server-state-playbooks/nightshade-web/playbook.yml index fe3e9559e..8c8970d64 100644 --- a/ansible/server-state-playbooks/nightshade-web/playbook.yml +++ b/ansible/server-state-playbooks/nightshade-web/playbook.yml @@ -1,27 +1,17 @@ # Install OMERO.web with a public user on localhost - hosts: all - - tasks: - - name: Install open-vm-tools if VMware vm - become: yes - yum: - name: open-vm-tools - state: latest - when: > - ((ansible_virtualization_type is defined) - and (ansible_virtualization_type == "VMware")) - + roles: # Root LV Size - - role: openmicroscopy.lvm-partition - lvm_lvname: "{{ provision_root_lvname }}" - lvm_vgname: "{{ provision_root_vgname }}" - lvm_lvmount: / - lvm_lvsize: "{{ provision_rootsize }}" - lvm_lvfilesystem: "{{ provision_root_filesystem }}" - +# - role: openmicroscopy.lvm-partition +# lvm_lvname: "{{ provision_root_lvname }}" +# lvm_vgname: "{{ provision_root_vgname }}" +# lvm_lvmount: / +# lvm_lvsize: "{{ provision_rootsize }}" +# lvm_lvfilesystem: "{{ provision_root_filesystem }}" +# # OMERO.web configuration in host_vars in different repository - role: openmicroscopy.omero-web omero_web_release: 5.2.8 @@ -31,3 +21,39 @@ ((ansible_env.COBBLER_SERVER is defined) and (ansible_env.COBBLER_SERVER == "spacewalk.lifesci.dundee.ac.uk")) + post_tasks: + - name: Install open-vm-tools if system is a VMware vm + become: yes + yum: + name: open-vm-tools + state: latest + when: > + ((ansible_virtualization_type is defined) + and (ansible_virtualization_type == "VMware")) + + # post 2.3 'destfile' should be renamed 'path' + - name: NGINX - SSL Configuration - Additional listen port + become: yes + lineinfile: + destfile: /etc/nginx/conf.d/omero-web.conf + insertafter: ' listen 80;' + line: ' listen 443 ssl;' + + # post 2.3 'destfile' should be renamed 'path' + - name: NGINX - SSL Configuration - Rest of SSL section to omero-web.conf + tags: + - indev + become: yes + blockinfile: + destfile: /etc/nginx/conf.d/omero-web.conf + insertbefore: '.*sendfile.*' + block: |2+ + + ssl_certificate {{ nginx_ssl_files_path }}/{{ nginx_ssl_cert_filename }}; + ssl_certificate_key {{ nginx_ssl_files_path }}/{{ nginx_ssl_key_filename }}; + ssl_protocols {{ nginx_ssl_protocols }} + + if ($ssl_protocol = "") { + rewrite ^/(.*) https://$host/$1 permanent; + } + From bc8330f1661cc4f449e1f087852ea4ebd47bda0e Mon Sep 17 00:00:00 2001 From: Kenneth Gillen Date: Fri, 7 Apr 2017 16:03:38 +0100 Subject: [PATCH 06/14] nginx restart handler, plus SSL configuration --- .../nightshade-web/playbook.yml | 51 +++++++++++++++---- 1 file changed, 40 insertions(+), 11 deletions(-) diff --git a/ansible/server-state-playbooks/nightshade-web/playbook.yml b/ansible/server-state-playbooks/nightshade-web/playbook.yml index 8c8970d64..605795bac 100644 --- a/ansible/server-state-playbooks/nightshade-web/playbook.yml +++ b/ansible/server-state-playbooks/nightshade-web/playbook.yml @@ -1,17 +1,26 @@ # Install OMERO.web with a public user on localhost - hosts: all - + + handlers: + + # Handler for nginx + - name: restart nginx + become: yes + service: + name: nginx + state: restarted + roles: # Root LV Size -# - role: openmicroscopy.lvm-partition -# lvm_lvname: "{{ provision_root_lvname }}" -# lvm_vgname: "{{ provision_root_vgname }}" -# lvm_lvmount: / -# lvm_lvsize: "{{ provision_rootsize }}" -# lvm_lvfilesystem: "{{ provision_root_filesystem }}" -# + - role: openmicroscopy.lvm-partition + lvm_lvname: "{{ provision_root_lvname }}" + lvm_vgname: "{{ provision_root_vgname }}" + lvm_lvmount: / + lvm_lvsize: "{{ provision_rootsize }}" + lvm_lvfilesystem: "{{ provision_root_filesystem }}" + # OMERO.web configuration in host_vars in different repository - role: openmicroscopy.omero-web omero_web_release: 5.2.8 @@ -31,6 +40,26 @@ ((ansible_virtualization_type is defined) and (ansible_virtualization_type == "VMware")) + - name: NGINX - SSL File Deployment - prepare directory + become: yes + file: + path: "{{ nginx_ssl_files_path }}" + state: directory + owner: root + group: root + mode: "u=r,go=" + + - name: NGINX - SSL File Deployment + become: yes + copy: + dest="{{ item.key }}" + content="{{ item.value.content }}" + owner="{{ item.value.owner }}" + group="{{ item.value.group }}" + mode="{{ item.value.mode }}" + with_dict: "{{ nginx_ssl_cert_files }}" + no_log: true + # post 2.3 'destfile' should be renamed 'path' - name: NGINX - SSL Configuration - Additional listen port become: yes @@ -41,8 +70,6 @@ # post 2.3 'destfile' should be renamed 'path' - name: NGINX - SSL Configuration - Rest of SSL section to omero-web.conf - tags: - - indev become: yes blockinfile: destfile: /etc/nginx/conf.d/omero-web.conf @@ -56,4 +83,6 @@ if ($ssl_protocol = "") { rewrite ^/(.*) https://$host/$1 permanent; } - + notify: + - restart nginx + From 3a23209767097082b16914551909d29e90cfd0b2 Mon Sep 17 00:00:00 2001 From: Kenneth Gillen Date: Wed, 12 Apr 2017 14:22:44 +0100 Subject: [PATCH 07/14] Manual, i.e. non-pip install of omero web extensions/apps figure an tagging --- .../nightshade-web/playbook.yml | 96 +++++++++++++++++++ .../templates/omero-web-config-for-webapps.j2 | 9 ++ 2 files changed, 105 insertions(+) create mode 100644 ansible/server-state-playbooks/nightshade-web/templates/omero-web-config-for-webapps.j2 diff --git a/ansible/server-state-playbooks/nightshade-web/playbook.yml b/ansible/server-state-playbooks/nightshade-web/playbook.yml index 605795bac..1c4218c07 100644 --- a/ansible/server-state-playbooks/nightshade-web/playbook.yml +++ b/ansible/server-state-playbooks/nightshade-web/playbook.yml @@ -11,6 +11,35 @@ name: nginx state: restarted + pre_tasks: + + # For OMERO.web apps + # Pythonpath must exist before omero.web.config is provisioned + # or OMERO.web won't start. + # create systemd file addition for PYTHONPATH + - name: OMERO.web apps | (pre_task) configure systemd for pythonpath - create config folder + become: yes + file: + dest: "/etc/systemd/system/omero-web.service.d" + state: directory + mode: "u=rwx,go=rx" + owner: "root" + group: "root" + + # systemd web-apps folder to pythonpath to env + - name: OMERO.web apps | (pre_task) configure systemd for pythonpath + become: yes + blockinfile: + create: yes + destfile: /etc/systemd/system/omero-web.service.d/pythonpath.conf + owner: "root" + group: "root" + block: |2+ + [Service] + Environment="PYTHONPATH=$PYTHONPATH:/opt/omero/web/web-extensions" + notify: + - reload systemd + roles: # Root LV Size @@ -86,3 +115,70 @@ notify: - restart nginx + # 'manual' install of omero.web.apps for Nightshade feature parity + + # note: system user var defined in openmicroscopy.omero-web as a default + - name: OMERO.web apps | top-level folder + become: yes + file: + path: "{{ omero_web_extensionsdir }}" + state: directory + owner: "{{ omero_web_system_user }}" + group: "{{ omero_web_system_user }}" + mode: "u=rwx,go=rx" + + # download figure + - name: OMERO.web apps | download latest figure + become: yes + unarchive: + src: https://downloads.openmicroscopy.org/latest/figure.zip + owner: "{{ omero_web_system_user }}" + group: "{{ omero_web_system_user }}" + mode: "u=rwx,go=rx" + dest: "{{ omero_web_extensionsdir }}" + remote_src: True + creates: "{{ omero_web_extensionsdir }}/figure-{{omero_web_extensions_figure_ver}}" + + # download tagging + - name: OMERO.web apps | download latest tagging + become: yes + unarchive: + src: "http://downloads.openmicroscopy.org/webtagging/{{ omero_web_extensions_tagging_ver }}/webtagging-{{ omero_web_extensions_tagging_ver }}.zip" + owner: "{{ omero_web_system_user }}" + group: "{{ omero_web_system_user }}" + mode: "u=rwx,go=rx" + dest: "{{ omero_web_extensionsdir }}" + remote_src: True + creates: "{{ omero_web_extensionsdir }}/webtagging-{{omero_web_extensions_tagging_ver}}" + + # create symlinks + - name: OMERO.web apps | app-name symlinks + become: yes + file: + src: '{{ omero_web_extensionsdir }}/{{ item.src }}' + dest: '{{ omero_web_extensionsdir }}/{{ item.dest }}' + state: link + owner: "{{ omero_web_system_user }}" + group: "{{ omero_web_system_user }}" + with_items: + - { src: 'webtagging-{{ omero_web_extensions_tagging_ver }}/autotag/', dest: 'autotag' } + - { src: 'webtagging-{{ omero_web_extensions_tagging_ver }}/tagsearch/', dest: 'tagsearch' } + - { src: 'figure-{{ omero_web_extensions_figure_ver }}', dest: 'figure' } + + # put the OMERO.web config for webapps here, and then restart web. + # i.e. take it out the initial set of omero.web config + # to go into {{ omero_web_basedir }}/config/*.omero + # which should then be turned into OMERO.web config by the + # omero.web systemd-based restart. + - name: + become: yes + tags: + - indev + template: + src: templates/omero-web-config-for-webapps.j2 + dest: "{{ omero_web_basedir }}/config/omero-web-config-for-webapps.omero" + owner: "{{ omero_web_system_user }}" + group: "{{ omero_web_system_user }}" + mode: "u=rw,go=r" + notify: + - omero-web restart omero-web diff --git a/ansible/server-state-playbooks/nightshade-web/templates/omero-web-config-for-webapps.j2 b/ansible/server-state-playbooks/nightshade-web/templates/omero-web-config-for-webapps.j2 new file mode 100644 index 000000000..c471947d7 --- /dev/null +++ b/ansible/server-state-playbooks/nightshade-web/templates/omero-web-config-for-webapps.j2 @@ -0,0 +1,9 @@ +# {{ ansible_managed }} +# Add web-extension OMERO.web configuration +# after web already installed and running via role + +config set -- omero.web.apps '["autotag", "tagsearch", "figure"]' +config set -- omero.web.ui.center_plugins '[["Auto Tag", "autotag/auto_tag_init.js.html", "auto_tag_panel"]]' +config set -- omero.web.ui.top_links '[["Data", "webindex", {"title": "Browse Data via Projects, Tags etc"}], ["History", "history", {"title": "History"}], ["Help", "http://help.openmicroscopy.org/", {"target": "new", "title": "Open OMERO user guide in a new tab"}], ["Figure", "figure_index", {"target": "new", "title": "Open OMERO.Figure in a new tab"}], ["Tag Search", "tagsearch"]]' + + From 75395a9db72dc9f5f8b301d0a06cc34759f81bdf Mon Sep 17 00:00:00 2001 From: Kenneth Gillen Date: Wed, 12 Apr 2017 14:29:48 +0100 Subject: [PATCH 08/14] ignore the roles folder which are pulled down from galaxy --- ansible/server-state-playbooks/nightshade-web/.gitignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 ansible/server-state-playbooks/nightshade-web/.gitignore diff --git a/ansible/server-state-playbooks/nightshade-web/.gitignore b/ansible/server-state-playbooks/nightshade-web/.gitignore new file mode 100644 index 000000000..f9da32b8f --- /dev/null +++ b/ansible/server-state-playbooks/nightshade-web/.gitignore @@ -0,0 +1 @@ +roles From 71e434859a01b101e6e964bcc00fab0e1f33c8fa Mon Sep 17 00:00:00 2001 From: Kenneth Gillen Date: Wed, 12 Apr 2017 16:10:15 +0100 Subject: [PATCH 09/14] Addressing @manics concerns --- .../nightshade-web/playbook.yml | 17 +++-------------- 1 file changed, 3 insertions(+), 14 deletions(-) diff --git a/ansible/server-state-playbooks/nightshade-web/playbook.yml b/ansible/server-state-playbooks/nightshade-web/playbook.yml index 1c4218c07..7254227cd 100644 --- a/ansible/server-state-playbooks/nightshade-web/playbook.yml +++ b/ansible/server-state-playbooks/nightshade-web/playbook.yml @@ -2,15 +2,6 @@ - hosts: all - handlers: - - # Handler for nginx - - name: restart nginx - become: yes - service: - name: nginx - state: restarted - pre_tasks: # For OMERO.web apps @@ -172,13 +163,11 @@ # omero.web systemd-based restart. - name: become: yes - tags: - - indev template: src: templates/omero-web-config-for-webapps.j2 dest: "{{ omero_web_basedir }}/config/omero-web-config-for-webapps.omero" - owner: "{{ omero_web_system_user }}" - group: "{{ omero_web_system_user }}" + owner: "root" + group: "root" mode: "u=rw,go=r" notify: - - omero-web restart omero-web + - restart omero-web From 0eb8e96652bbef21728d42f6b4e99c98c0ca0641 Mon Sep 17 00:00:00 2001 From: Kenneth Gillen Date: Wed, 12 Apr 2017 16:16:20 +0100 Subject: [PATCH 10/14] Addressing @manics concerns --- ansible/server-state-playbooks/nightshade-web/playbook.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/server-state-playbooks/nightshade-web/playbook.yml b/ansible/server-state-playbooks/nightshade-web/playbook.yml index 7254227cd..08070e743 100644 --- a/ansible/server-state-playbooks/nightshade-web/playbook.yml +++ b/ansible/server-state-playbooks/nightshade-web/playbook.yml @@ -114,8 +114,8 @@ file: path: "{{ omero_web_extensionsdir }}" state: directory - owner: "{{ omero_web_system_user }}" - group: "{{ omero_web_system_user }}" + owner: "root" + group: "root" mode: "u=rwx,go=rx" # download figure From 7003b1e9b85c46c891d0b7af6aea581d3d5fe7c1 Mon Sep 17 00:00:00 2001 From: Kenneth Gillen Date: Wed, 12 Apr 2017 16:49:13 +0100 Subject: [PATCH 11/14] root:root as advised by @manics via GH code review --- .../nightshade-web/playbook.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/ansible/server-state-playbooks/nightshade-web/playbook.yml b/ansible/server-state-playbooks/nightshade-web/playbook.yml index 08070e743..193e5d51d 100644 --- a/ansible/server-state-playbooks/nightshade-web/playbook.yml +++ b/ansible/server-state-playbooks/nightshade-web/playbook.yml @@ -123,8 +123,8 @@ become: yes unarchive: src: https://downloads.openmicroscopy.org/latest/figure.zip - owner: "{{ omero_web_system_user }}" - group: "{{ omero_web_system_user }}" + owner: "root" + group: "root" mode: "u=rwx,go=rx" dest: "{{ omero_web_extensionsdir }}" remote_src: True @@ -135,8 +135,8 @@ become: yes unarchive: src: "http://downloads.openmicroscopy.org/webtagging/{{ omero_web_extensions_tagging_ver }}/webtagging-{{ omero_web_extensions_tagging_ver }}.zip" - owner: "{{ omero_web_system_user }}" - group: "{{ omero_web_system_user }}" + owner: "root" + group: "root" mode: "u=rwx,go=rx" dest: "{{ omero_web_extensionsdir }}" remote_src: True @@ -149,8 +149,8 @@ src: '{{ omero_web_extensionsdir }}/{{ item.src }}' dest: '{{ omero_web_extensionsdir }}/{{ item.dest }}' state: link - owner: "{{ omero_web_system_user }}" - group: "{{ omero_web_system_user }}" + owner: "root" + group: "root" with_items: - { src: 'webtagging-{{ omero_web_extensions_tagging_ver }}/autotag/', dest: 'autotag' } - { src: 'webtagging-{{ omero_web_extensions_tagging_ver }}/tagsearch/', dest: 'tagsearch' } From f8be35862493d0d32bba91f37258eb7ae13e6aba Mon Sep 17 00:00:00 2001 From: Kenneth Gillen Date: Wed, 12 Apr 2017 17:05:30 +0100 Subject: [PATCH 12/14] adding no_log because it's not set in the omero-web role and I don't want to leak config to ansible logfiles --- ansible/server-state-playbooks/nightshade-web/playbook.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/server-state-playbooks/nightshade-web/playbook.yml b/ansible/server-state-playbooks/nightshade-web/playbook.yml index 193e5d51d..368f9555b 100644 --- a/ansible/server-state-playbooks/nightshade-web/playbook.yml +++ b/ansible/server-state-playbooks/nightshade-web/playbook.yml @@ -44,6 +44,7 @@ # OMERO.web configuration in host_vars in different repository - role: openmicroscopy.omero-web omero_web_release: 5.2.8 + no_log: true - role: openmicroscopy.system-monitor-agent when: > From b0dabca9f37da6832c26afe27504cc2fc76757b0 Mon Sep 17 00:00:00 2001 From: Kenneth Gillen Date: Wed, 12 Apr 2017 18:09:33 +0100 Subject: [PATCH 13/14] Tuning nginx workers/processes as per https://www.digitalocean.com/community/tutorials/how-to-optimize-nginx-configuration --- .../nightshade-web/playbook.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/ansible/server-state-playbooks/nightshade-web/playbook.yml b/ansible/server-state-playbooks/nightshade-web/playbook.yml index 368f9555b..d91545a46 100644 --- a/ansible/server-state-playbooks/nightshade-web/playbook.yml +++ b/ansible/server-state-playbooks/nightshade-web/playbook.yml @@ -61,6 +61,24 @@ ((ansible_virtualization_type is defined) and (ansible_virtualization_type == "VMware")) + # cf https://www.digitalocean.com/community/tutorials/how-to-optimize-nginx-configuration + # post 2.3 'dest' should be renamed 'path' + - name: NGINX - Performance tuning - worker processes + become: yes + replace: + dest: "/etc/nginx/nginx.conf" + regexp: '^worker_processes\s+\d+;' + replace: "worker_processes {{ ansible_processor_cores }};" + + # post 2.3 'dest' should be renamed 'path' + # cf https://www.digitalocean.com/community/tutorials/how-to-optimize-nginx-configuration + - name: NGINX - Performance tuning - worker connections + become: yes + replace: + dest: "/etc/nginx/nginx.conf" + regexp: 'worker_connections\s+\d+;' + replace: "worker_connections 65000;" + - name: NGINX - SSL File Deployment - prepare directory become: yes file: From bef823fa84eb7aa8d0b9f329f9eb3f2616007b52 Mon Sep 17 00:00:00 2001 From: Kenneth Gillen Date: Thu, 13 Apr 2017 11:16:01 +0100 Subject: [PATCH 14/14] ansible_processor_cores was not total, but per-processor. Had to multiply with #processors to get total cores --- ansible/server-state-playbooks/nightshade-web/playbook.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/server-state-playbooks/nightshade-web/playbook.yml b/ansible/server-state-playbooks/nightshade-web/playbook.yml index d91545a46..ff5602d20 100644 --- a/ansible/server-state-playbooks/nightshade-web/playbook.yml +++ b/ansible/server-state-playbooks/nightshade-web/playbook.yml @@ -68,7 +68,7 @@ replace: dest: "/etc/nginx/nginx.conf" regexp: '^worker_processes\s+\d+;' - replace: "worker_processes {{ ansible_processor_cores }};" + replace: "worker_processes {{ ansible_processor_count * ansible_processor_cores }};" # post 2.3 'dest' should be renamed 'path' # cf https://www.digitalocean.com/community/tutorials/how-to-optimize-nginx-configuration