Difference between revisions of "Prometheus.uio.no"

From medicin.ncmm.IT
Jump to: navigation, search
(Setup firewall on prometheus.uio.no)
Line 1: Line 1:
prometheus.uio.no is the front-end node for the NCMM cryoSPARC platform.
+
<pre>prometheus.uio.no</pre> is the front-end node for the NCMM cryoSPARC platform. [https://cryosparc.com/ cryoSPARC] is a platform used for obtaining 3D structural information from single-particle cryoEM data
  
 +
This wiki page describes how to configure the host and install the cryosparc software.
  
[https://cryosparc.com/ cryoSPARC] is a platform used for obtaining 3D structural information from single-particle cryoEM data
+
== Apply for licenses ==
 +
 
 +
Proceed to https://cryosparc.com/download/ and apply for a license or two. You should get a reply to your request within 24hrs. Please mind you that Structura Biotechnology Inc. is in Toronto, Canada, which means EST timezone ( GMT - 5), so adjust your expectations for a reply, accordingly.
  
 
== Preparing the host ==  
 
== Preparing the host ==  

Revision as of 16:18, 17 July 2019

prometheus.uio.no
is the front-end node for the NCMM cryoSPARC platform. cryoSPARC is a platform used for obtaining 3D structural information from single-particle cryoEM data

This wiki page describes how to configure the host and install the cryosparc software.

Apply for licenses

Proceed to https://cryosparc.com/download/ and apply for a license or two. You should get a reply to your request within 24hrs. Please mind you that Structura Biotechnology Inc. is in Toronto, Canada, which means EST timezone ( GMT - 5), so adjust your expectations for a reply, accordingly.

Preparing the host

from jump-biotek, after pxebooting and installing the OS:

ssh prometheus.uio.no

Configuring the virsh serial port for the guest OS

cp /etc/default/grub /etc/default/grub.orig
vi /etc/default/grub 
insert the following lines for serial console:
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console serial"
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=internvg/root rd.lvm.lv=internvg/swap rd.lvm.lv=internvg/usr console=tty1 console=ttyS0,115200"
GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"
GRUB_DISABLE_RECOVERY="true"

cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg.orig
grub2-mkconfig -o /boot/grub2/grub.cfg
systemctl reboot

Installing base-line software and prerequisites

yum install -y fail2ban* vim* etckeeper* git* collectd* lm_* ncdu bzip2 lsof --skip-broken

Allocating extra space for the /lsc partition

parted /dev/vdb
(parted) mklabel gtp
New disk label type? gpt
mkpart primary xfs 1 -1
(parted) p
Model: Virtio Block Device (virtblk)
Disk /dev/vdb: 42.9GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags: 

Number Start End Size File system Name Flags
1 1049kB 42.9GB 42.9GB primary

(parted) quit 
Information: You may need to update /etc/fstab.
quit


Format the partition

[root@prometheus ~]# mkfs.xfs /dev/vdb1 
meta-data=/dev/vdb1 isize=512 agcount=4, agsize=2621312 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=0, sparse=0
data = bsize=4096 blocks=10485248, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=1
log =internal log bsize=4096 blocks=5119, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
[root@prometheus ~]# blkid /dev/vdb1 
/dev/vdb1: UUID="450b41db-e9a4-49df-beb5-d4ccef7461a3" TYPE="xfs" PARTLABEL="primary" PARTUUID="d189b7ce-c419-4457-9281-13b9f988caa6" 

Test the partition and mount it


#add an auxiliary space under /lsc
vi /etc/fstab
#RT 3485324
UUID=450b41db-e9a4-49df-beb5-d4ccef7461a3 /lsc xfs defaults 0 0
mount /dev/vdb1 /lsc
df -h
umount /lsc
mount -a
df -h

Misc settings for comfortable editing

 
vi ~/.vimrc

1 syntax enable
2 set tabstop=4
3 set softtabstop=4
4 set expandtab
5 set number
6 set showcmd " show command in bottom bar
7 set cursorline " highlight current line
8 filetype indent on " load filetype-specific indent files
9 set wildmenu
10 set showmatch
11 set incsearch " search as characters are entered
12 set hlsearch " highlight matches
13 nnoremap <leader><space> :nohlsearch<CR>
14 " set foldenable " enable folding
15 " set foldlevelstart=10 " open most folds by default
16 " set foldnestmax=10 " 10 nested fold max
17 " space open/closes folds
18 nnoremap <space> za
19 " set foldmethod=indent " fold based on indent level

vi ~/.bashrc
alias ls='LC_ALL=C ls --color=auto --literal --human-readable --group-directories-first --classify'

Configuring collectd

General configuration

systemctl stop collectd
systemctl enable collectd
ssh prometheus.uio.no cp /etc/collectd.conf /etc/collectd.conf.orig
scp ~georgmar/ncmm/files/etc/collectd.conf prometheus:/etc/collectd.conf
vi /etc/collectd.conf
:s/TEMPLATEHOST\.uio\.no/prometheus.uio.no/g
:s/TEMPLATEINTHOST\.internal\.biotek/intprometheus.internal.biotek/g
:wq
/usr/sbin/collectd -T
systemctl start collectd

Set up firewall on panoptis.uio.no

ssh root@panoptis -- "firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.8.144/32" port port=2003 protocol="tcp" accept' && firewall-cmd --reload"
ssh root@panoptis -- "firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.8.144/32" port port=2004 protocol="tcp" accept' && firewall-cmd --reload"


Setup firewall on prometheus.uio.no

After looking at the cryosparc logs, it looks like cryosparc is using more ports than documented to communicate. so, enable more firewall ports.

On the public interface we specify dias.uio.no ( 129.240.235.130 ) for the source address, as intaristotle.internal.biotek uses dias for the NAT:

 
#public interface
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="129.240.235.130/32" port port=3900 protocol="tcp" accept' && firewall-cmd --reload
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="129.240.235.130/32" port port=3901 protocol="tcp" accept' && firewall-cmd --reload
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="129.240.235.130/32" port port=3902 protocol="tcp" accept' && firewall-cmd --reload
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="129.240.235.130/32" port port=3903 protocol="tcp" accept' && firewall-cmd --reload
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="129.240.235.130/32" port port=3904 protocol="tcp" accept' && firewall-cmd --reload

On the private interface we specify the address of intaristotle.internal.biotek ( 192.168.8.109 ):

# internal interface
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.8.109/32" port port=3900 protocol="tcp" accept' && firewall-cmd --reload
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.8.109/32" port port=3901 protocol="tcp" accept' && firewall-cmd --reload
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.8.109/32" port port=3902 protocol="tcp" accept' && firewall-cmd --reload
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.8.109/32" port port=3903 protocol="tcp" accept' && firewall-cmd --reload
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.8.109/32" port port=3904 protocol="tcp" accept' && firewall-cmd --reload

The cryosparc installer, as we will see, defines only the base port for the web application. supervisord and mongodb run at base port +1 and +2, respectively.

We specified that the base port is 3900, so we have to open ports 3900, 3901, 3902, 3903,for the web app, mongodb, supervisord and wsgi, respectively.