wiki:WikiStart

This is the LIMS version 3 (LIMS3) Trac Wiki

This is a Wiki, source code browser, issue tracking system to document version 3 of the LIMS system.

You can create a ticket to document issues by logging in and clicking on New Ticket.

As all Wiki pages, this page is editable, this means that you can modify the contents of this page simply by using your web-browser. Simply click on the "Edit this page" link at the bottom of the page. WikiFormatting will give you a detailed description of available Wiki formatting commands.

Admin

LIMS3 Website Information

The LIMS3 website project was a major rewrite of the previous version software. Goals of the project include:

  • Creating a new, robust data environment
  • Porting to a new look and feel
  • Validating all web pages to the highly-regarded "XHTML 1.0 Strict" standard, according to the World Wide Web Consortium
  • Including procedures to handle the needs of all initiatives
  • Providing a more secure data management system
  • Allowing system users and administrators to interface with the data system both on- and off-campus, while adding a higher level of data security
  • Enhancing multilayer data access model
  • Improving capability of administrators to manage dynamic information about the site
  • Adding a centralized login capability

Notes on Setting up Ultrascan-In-A-Box

Setting Centos 7 image based VM

  • Notes below are for configuring Centos 7 64-bit image based VM via Oracle's VirtualBox:
  • New VM's Name/Type/Version => Custom(e.g. Centos7 VM) / Linux / Other Linux (64-bit)
    • Memory Size: set memory size
    • Hard Disk: Use Existing virtual hard disk file (use prepared Centos7 image file)
    • Click 'Create'
  • VM's Network Configuration:
    • Scenario 1: VM is not visible from outside (except host); There is host-to-guest connection; There is Internet access form the VM:
      • Adapter1: Host-in-only [ host-only communication which is using the DHCP as set in one of the previous steps and later configured with a static IP address - CAN be DHCP or Static]
      • Adapter2: NAT [connection to the Internet; uses DHCP by default but can be set static]
  • Scenario 1a:
    • Adapter1: NAT with port forwarding:
      • set rule: ssh
      • set Host port: 2222 (some unused port on the HOST OS; unique for each VM)
      • set Guest port: 22 (SSH service on the guest VM uses port 22) TRY SSH from host to guest: ssh -p2222 username@127.0.0.1

  • Scenario 2 [RECOMMENDED]: as in Scenario 1 plus more interaction btw host and guest, visiting websites developed in guest machine from outside, allow other devices in network to see the guest machine etc.
    • Adapter1: Bridged Adapter [Select proper host's interface (wired or wireless)]
      • IMPORTANT: set Promiscuous mode to "All VMs"
    • On a guest (Centos 7):
      • ifconfig to check interfaces assigned (e.g. enp0s3)
      • edit /etc/sysconfig/network-scripts/ifcfg-enp0s3, or create one if absent
        • important fields:
              BOOTPROTO=static      < -- STATIC
              DEFROUTE=yes
              NAME=enp0s3           <-- interface name
              DEVICE=enp0s3
              ONBOOT=yes
              ZONE=public
              NM_CONTROLLED=yes       <-- put it "yes" if the NM is to bring interface up; if anything else brings it up like "ifup" scripts, can be "no"
              IPADDR=192.168.1.20     <-- STATIC ip address - must be within subnet of the default gateway
              GATEWAY=192.168.1.254   <-- default gateway (in the host check via 'netstat -rn', or 'route -n')
              DNS1=8.8.8.8 xxxxxxx [xxx = 192.168.1.254 - of the gateway ? ] <-- Sometimes DNS resolution(s) should be put here (may be duplicate with /etc/resolv..)
          
      • Restart network, check assigned ip
            sudo systemctl restart network
        
      • Reconfigure httpd to listen to new ip addr. restart
            sudo emacs  /etc/httpd/conf/httpd.conf
            edit: Listen 192.168.1.20:80   [IP (static) address and port: 80 - http; for https (:443) SSL certificates must be set]
        
            sudo systemctl restart httpd
        

What is Needed to Create a LIMS Server on Centos 7 image based VM

With the Centos 7 VM running and network setup (see above) we SSH there and install the following:

  • A long series of "yum install" commands would be issued in order to create the infrastructure for
    • LAMPS stack (database service (MySQL/MariaDB) && PHP && Apache (httpd) components
    • OpenSSL
    • Subversion (svn)
  • Create the user that executes DB/Apache commands; traditionally "us3", but any known user will do.
    • ssh keys will need to be created and properly deposited in ~someuser/.ssh
  • Create needed /etc configuration files, such as
    • /etc/my.cnf <-- configure MySQL/MariaDB including setting SSL certificates for secure tunneling
    • /etc/ssh/sshd_config <-- securing OpenSSH
    • /etc/httpd/conf/httpd.conf <-- Apache Configuration
           Listen 192.168.56.140:80 [IP (static) address and port: 80 - http; for https, SSL certificates must be set]
                   * for HTTPS: install mod-ssl (sudo yum install mod_ssl); create && set up certificates with OpeSSL 
                   * check if certain port is open: 
            	         * netstat -an | grep PORTNUMBER | grep -i listen [PORTNUMBER = 80, 443]
           User us3     [set up user]
           Group apache [set up group]
           ServerName   centlims.net 
                   * If server name is set, be sure the IP address and server name pair are included in the /etc/hosts file: 
      	       [e.g., 192.168.56.140 centlims.net centlims]. 
           DocumentRoot "/var/www/htdocs/uslims3"
      
      
           More on HTTPS: 
             letsencrypt can be used - it gives validates SSL certs that are automatically updated through a crontab. 
             More info at: https://letsencrypt.org/getting-started/
             For Centos7:  certbot  (https://certbot.eff.org/docs/intro.html, https://certbot.eff.org/lets-encrypt/centosrhel7-apache)
      
    • /etc/httpd/conf.d/*
  • Create and populate the DocumentRoot (see /etc/httpd/conf/httpd.conf <-- Apache Configuration Above) and related directories.
    • /var/www/htdocs/uslims3
    • /var/www/htdocs/uslims3/uslims3_[InstitutionName] <-- LIMS instance served by LIMS server
    • /var/www/htdocs/common
  • Create "GridCtl" directories, daemons, crontabs.
    • ~us3/lims/bin (or base user equivalent) via subversion
    • /etc/init.d/us3-listen
      How to make us3-listen to start at the BOOT time: 
         in us3-listen, ADD inportant headers for chkconfig to understand: 
            		  - # chkconfig: 345 99 01
      		  - # description: gridctl us3-listen daemons (listen, manage-us3-pipe)
            RUN: systemctl enable us3-listen, OR chkcongig us3-listen on 
      
    • crontab entries for "us3" (e.g., gridctp_pro.php, cluster_status.php)
      Setting Up Cron task 
      1. Add the following 
         ##MAILTO=your_email_address
         #nolog(true)
         */1  * * * *  cd /home/us3/lims/bin;  /usr/bin/php /home/us3/lims/bin/gridctl_pro.php
         */12 * * * *  cd /home/us3/lims/bin;  /usr/bin/php /home/us3/lims/bin/cluster_status.php
         */20 * * * *  cd /home/us3/lims/bin;  /usr/bin/php /home/us3/lims/bin/update_notice.php
      
         # each morning: save data directory */job_statistics.xml files
         MAILTO=alexsav.science@gmail.com
         15 2 * * * /home/us3/lims/bin/save-jobstats.sh
      
      via 
         crontab -e  (as a us3 user) 
      

After Install: Miscellaneous Notes && Tweaking

  • locate something
    • after installing something new, run "sudo updatedb" to update db of files..
  • To determine what potential file is dependent upon (package to install):
    • e.g., yum provides */libudev.h

  • Mailserver: postfix, edit /etc/postfix/main.cf to enable e.g. smtp.google...
    myhostname = centlims.net
    
    relayhost = [smtp.gmail.com]:587
    smtp_use_tls = yes
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
    smtp_sasl_security_options = noanonymous
    smtp_sasl_tls_security_options = noanonymous
    
    
    • to let httpd send e-mails, run in terminal,
        sudo setsebool -P httpd_can_sendmail=1
        systemctl restart httpd
      
  • to allow httpd (Apache) to write into specific dir:
     sudo chcon -t httpd_sys_rw_content_t the_path_to_dir
    
    • NOTE: Security-Enhanced Linux (SELinux) is a mandatory access control (MAC) security mechanism implemented in the [CentOS] kernel." So it blocks by default everything from writing into (and probably more than that) from Apache..
    • to completely disable SELinux:
      • edit /etc/sysconfig/selinux ("enforcing" -> "disabled”)
      • remove SELinux settings on all current files:
          $ sudo su -			    
          $ cd /			    
          $ find . -exec setfattr -x security.selinux {} \; 
          ( that last command will take a long time, but insures that no current files have SELinux settings. 
          The ''disabled'' setting insures future ones won’t. A “ls -l” in any directory will show SELinux privileged by a ‘.’ (dot) character before “rwx….” or the like. )
        

  • httpd.service: enable to run PHP processes (such as exec("qsub .pbs"), torque ):
    • typical error [CentOS 7]:
          socket_connect_unix failed: 15137
          qmgr: cannot connect to server  (errno=15137) could not connect to trqauthd
      
      • Solution:
        • [ put PrivateTmp=false in /usr/lib/systemd/system/httpd.service] && systemctl daemon-reload
  • REASONING: The cause is that newer Apache.httpd versions default to having the systemd property PrivateTmp? set to true.

This causes the httpd service to see a private /tmp directory that is actually mapped to some other location in the file system, instead of the real /tmp directory. PHP, running in the Apache process, has the same /tmp directory as the Apache service, and so do any processes forked from PHP (e.g. using exec or system etc). So when PHP calls qsub (etc), that too will see the private /tmp directory.

  • To check order of the services loaded at BOOT TIME:
    • systemd-analyze blame;
  • To change/edit order of services: /usr/lib/systemd/system, edit process of interest ..
    • Example Problem: HTTPD.service - if it's configured to listen to specific (static) IP address - relies on network to aasign IP addresses BEFORE.
    • Solution:
      • systemctl enable NetworkManager-wait-online.service
      • make sure affected services have Wants=network-online.target and After=network-online.target
                                 
            edit:  /usr/lib/systemd/system/NetworkManager-wait-online.service  - to start AND activate NetworkManager-wait-online
        		         
            add:    Wants=network-online.target
        	    After=NetworkManager.service network-online.target
            edit:  /usr/lib/systemd/system/NetworkManager-wait-online.service   
            add:   Wants=network-online.target
        	   After=network-online.target network.target NetworkManager-wait-online.service remote-fs.target nss-lookup.target
        
        
  • TORQUE: disable/changig sending e-mails:
        qmgr -c 'set server mail_domain=never' (never = never send)
    

Setting Up New (local) cluster to LIMS instance [uslims3_xxxx]

Example for adding cluster named centlims-local and hosted at centlims.net to the set of computational resources:

LIMS instance is located at

  /var/www/htdocs/uslims3/uslims3_xxxx
  • in config.php, set "common/class_local" for class_dir.
  • in file lib/utility.php
    • add "new cluster_info( "centlims.net", "centlims-local", "batch" )" to cluster_array()
  • in files 2DSA_2.php, GA_3.php, ./2DSA-CG_2.php, ./PCSA_2.php:
    • in "switch ( $cluster )" add "case 'centlims-local':"
  • in file ./queue_viewer.php:
    • in "switch ( $shortname )" add "case 'centlims-local':"
    • in "if ( preg_match( "/(us3iab|centlims)/", $shortname ) )"
  • in file: ../../common/class_local/submit_local.php
    • function copy_files():
       $is_us3iab = preg_match( "/(us3iab|centlims)/", $cluster );
      
    • function create_pbs():
       $is_us3iab = preg_match( "/(us3iab|centlims)/", $cluster );
      
    • function create_pbs():
          switch( $cluster ): 
            case 'centlims-local':
      	$centlims_load = 1;                         # (defined above as  $centlims_load = 0;) 
      	$libpath = "/home/us3/cluster/lib";
      	$path    = "/home/us3/cluster/bin";
      	$ppn     = max( $ppn, 4 );
      	break;   
      
               ...
      
          if ( $centlims_load )
            {
      	 $plines .= "\n" .
      	    "module load mpi/openmpi-x86_64 \n" .
      	   "\n";
            } 
      
      
    • function submit_job():
        $is_us3iab = preg_match( "/(us3iab|centlims)/", $cluster );
      
  • in file: ../../common/class_local/jobsubmit.php:
    • function __construct():
      • add description of '$this->grid[ 'centlims-local' ] = array( )'
  • To make sure new 'centlims-local' cluster appear in the list, run
    ~us3/lims/bin/cluster_status.php   [will add cluster to gfac's "cluster_status"]
    
  • in ~us3/lims/bin/cluster_status.php:
    • function local_status():
         if ( preg_match( "/(attlocal|centlims.net)/", $org_domain ) )
            $clusters = array( "us3iab-devel", "alamo-local", "centlims-local" );
            switch( $clname ) - add "case 'centlims-local':"
      
  • IMPORTANT!!: change the cluster authorizations list for people in each instance. This is done by running
       ~us3/lims/database/us3_update_cluster.sh
    

after modifying

   ~us3/lims/database/alter_cluster_auth.sql

Also, add new instance name into DB list (read by us3_update_cluster.sh): ~us3/lims/database/dblist_clustauth.txt

  • For insuring that new instances have the right list of clusters, look in
        ~us3/lims/database/sql
    

and insure the clusterAuthorizations default setting is set in

   us3.sql
   us3_people_procs.sql

How to Delete Existing Instance

  1. Running the command “mysql -u root” and entering a mysql command like “DROP DATABASE uslims3_inst”.
  2. Removing the corresponding directory, similar to “/srv/www/htdocs/uslims3/uslims3_inst”.
  3. Delete a row in the metadata table of the newus3 DB:
    • DELETE FROM metadata where metadataID=XXX; (in principle, only change of 'status' to pending - from complete - would make it dissaper from instance list in web GUI...)

HOW data is copied back to server from HPC resources

/home/us3/lims/bin/gridctl_pro.php (OR gridctl.php) is a cron task: updates queue status, copies results back to server, updates DB

  • make sure include "cleanup.php" containing get_local_files() is included in gridctl.php

Trac Notes

Last modified 7 weeks ago Last modified on Oct 25, 2018 7:06:47 PM