Provisioning the IDR
Overview of the architecture
The IDR contains two main groups of servers:
The production (public-facing) IDR (3 servers):
- Nginx gateway
The virtual analysis environment (VAE) IDR (3 servers):
- Kubernetes master
- Kubernetes workers
Almost all of the provisioning and deployment in the IDR is done using Ansible 2.1.
All ansible commands should be run from a shell in the
You must first install the required galaxy roles:
ansible-galaxy install -r requirements.yml
The IDR is currently hosted on OpenStack, see below for an example Ansible playbook for provisioning compute, storage and networking.
The Ansible openstack modules require the
shade python module.
This playbook will create two networks
idr-a for the production and analysis servers, and multiple instances and storage volumes.
idr-database: PostgreSQL database server
idr-omeroreadwrite: Read-write OMERO.server including OMERO.web
idr-omeroreadonly*: Read-only OMERO.servers including OMERO.web
idr-proxy: Nginx gateway with custom caching configuration
idr-database-db: PostgreSQL data directory
idr-omeroreadwrite-data: OMERO data directory
idr-proxy-nginxcache: Nginx cache directory
idr-management: An instance running Munin for monitoring the production IDR platform
- Security rules to restrict external access.
- Ansible hostgroup metadata is set on each instance to ensure the playbooks automatically run against the correct hosts.
- One floating IP attached to
idr-proxy. All other instances will only be accessible by using this node as a proxy.
Ansible provisioning example
You will need to customize the variables at the top of
openstack-create-infrastructure.yml to fit with your OpenStack cloud.
In particular, you must define a list of SSH public key(s), for example:
- idr_keypair_keys: ["ssh-rsa SSH_PUBLIC_KEY"]
You must have a CentOS 7 cloud image (or equivalent) available.
Ensure you can login to OpenStack from the command line using an OpenStack RC file or equivalent, and run:
ansible-playbook -i localhost, --diff openstack-create-infrastructure.yml
Ensure this playbook successfully runs to completion before deploying the IDR.
Warning: At present the
nova command may be used to attach additional network interfaces to instances.
nova does not support
This will be fixed when the
openstack command-line client supports this feature.
Occasionally you may see misleading such as
Quota exceeded for resources: ['floatingip'].
If this happens manually associate a floating IP with the idr-proxy server, and re-run the playbook.
You should be able to install the IDR on other clouds or physical hardware by provisioning the resources yourself.
All servers must be running CentOS 7.
An example static inventory is included in
For a minimal install you must have one host in each of:
The other groups can be empty.
Once you have set up your servers you can deploy the IDR.