Prometheus.uio.no
prometheus.uio.no is the front-end node for the NCMM cryoSPARC platform. cryoSPARC is a platform used for obtaining 3D structural information from single-particle cryoEM data
This wiki page describes how to configure the host and install the cryosparc software.
Contents
- 1 Apply for licenses
- 2 Preparing the host
Apply for licenses
Proceed to https://cryosparc.com/download/ and apply for a license or two. You should get a reply to your request within 24hrs. Please mind you that Structura Biotechnology Inc. is in Toronto, Canada, which means EST timezone ( GMT - 5), so adjust your expectations for a reply, accordingly.
Preparing the host
from jump-biotek, after pxebooting and installing the OS:
ssh prometheus.uio.no
Configuring the virsh serial port for the guest OS
cp /etc/default/grub /etc/default/grub.orig vi /etc/default/grub insert the following lines for serial console: GRUB_TIMEOUT=5 GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)" GRUB_DEFAULT=saved GRUB_DISABLE_SUBMENU=true GRUB_TERMINAL_OUTPUT="console serial" GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=internvg/root rd.lvm.lv=internvg/swap rd.lvm.lv=internvg/usr console=tty1 console=ttyS0,115200" GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1" GRUB_DISABLE_RECOVERY="true" cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg.orig grub2-mkconfig -o /boot/grub2/grub.cfg systemctl reboot
Installing base-line software and prerequisites
yum install -y fail2ban* vim* etckeeper* git* collectd* lm_* ncdu bzip2 lsof --skip-broken
Allocating extra space for the /lsc partition
parted /dev/vdb (parted) mklabel gtp New disk label type? gpt mkpart primary xfs 1 -1 (parted) p Model: Virtio Block Device (virtblk) Disk /dev/vdb: 42.9GB Sector size (logical/physical): 512B/512B Partition Table: gpt Disk Flags: Number Start End Size File system Name Flags 1 1049kB 42.9GB 42.9GB primary (parted) quit Information: You may need to update /etc/fstab. quit
Format the partition
[root@prometheus ~]# mkfs.xfs /dev/vdb1 meta-data=/dev/vdb1 isize=512 agcount=4, agsize=2621312 blks = sectsz=512 attr=2, projid32bit=1 = crc=1 finobt=0, sparse=0 data = bsize=4096 blocks=10485248, imaxpct=25 = sunit=0 swidth=0 blks naming =version 2 bsize=4096 ascii-ci=0 ftype=1 log =internal log bsize=4096 blocks=5119, version=2 = sectsz=512 sunit=0 blks, lazy-count=1 realtime =none extsz=4096 blocks=0, rtextents=0 [root@prometheus ~]# blkid /dev/vdb1 /dev/vdb1: UUID="450b41db-e9a4-49df-beb5-d4ccef7461a3" TYPE="xfs" PARTLABEL="primary" PARTUUID="d189b7ce-c419-4457-9281-13b9f988caa6"
Test the partition and mount it
#add an auxiliary space under /lsc vi /etc/fstab #RT 3485324 UUID=450b41db-e9a4-49df-beb5-d4ccef7461a3 /lsc xfs defaults 0 0 mount /dev/vdb1 /lsc df -h umount /lsc mount -a df -h
Misc settings for comfortable editing
vi ~/.vimrc 1 syntax enable 2 set tabstop=4 3 set softtabstop=4 4 set expandtab 5 set number 6 set showcmd " show command in bottom bar 7 set cursorline " highlight current line 8 filetype indent on " load filetype-specific indent files 9 set wildmenu 10 set showmatch 11 set incsearch " search as characters are entered 12 set hlsearch " highlight matches 13 nnoremap <leader><space> :nohlsearch<CR> 14 " set foldenable " enable folding 15 " set foldlevelstart=10 " open most folds by default 16 " set foldnestmax=10 " 10 nested fold max 17 " space open/closes folds 18 nnoremap <space> za 19 " set foldmethod=indent " fold based on indent level vi ~/.bashrc alias ls='LC_ALL=C ls --color=auto --literal --human-readable --group-directories-first --classify'
Configuring collectd
General configuration
systemctl stop collectd systemctl enable collectd ssh prometheus.uio.no cp /etc/collectd.conf /etc/collectd.conf.orig scp ~georgmar/ncmm/files/etc/collectd.conf prometheus:/etc/collectd.conf vi /etc/collectd.conf :s/TEMPLATEHOST\.uio\.no/prometheus.uio.no/g :s/TEMPLATEINTHOST\.internal\.biotek/intprometheus.internal.biotek/g :wq /usr/sbin/collectd -T systemctl start collectd
Set up firewall on panoptis.uio.no
ssh root@panoptis -- "firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.8.144/32" port port=2003 protocol="tcp" accept' && firewall-cmd --reload" ssh root@panoptis -- "firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.8.144/32" port port=2004 protocol="tcp" accept' && firewall-cmd --reload"
Setup firewall on prometheus.uio.no
After looking at the cryosparc logs, it looks like cryosparc is using more ports than documented to communicate. so, enable more firewall ports.
On the public interface we specify dias.uio.no ( 129.240.235.130 ) for the source address, as intaristotle.internal.biotek uses dias for the NAT:
#public interface firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="129.240.235.130/32" port port=3900 protocol="tcp" accept' && firewall-cmd --reload firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="129.240.235.130/32" port port=3901 protocol="tcp" accept' && firewall-cmd --reload firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="129.240.235.130/32" port port=3902 protocol="tcp" accept' && firewall-cmd --reload firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="129.240.235.130/32" port port=3903 protocol="tcp" accept' && firewall-cmd --reload firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="129.240.235.130/32" port port=3904 protocol="tcp" accept' && firewall-cmd --reload
On the private interface we specify the address of intaristotle.internal.biotek ( 192.168.8.109 ):
# internal interface firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.8.109/32" port port=3900 protocol="tcp" accept' && firewall-cmd --reload firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.8.109/32" port port=3901 protocol="tcp" accept' && firewall-cmd --reload firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.8.109/32" port port=3902 protocol="tcp" accept' && firewall-cmd --reload firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.8.109/32" port port=3903 protocol="tcp" accept' && firewall-cmd --reload firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.8.109/32" port port=3904 protocol="tcp" accept' && firewall-cmd --reload
The cryosparc installer, as we will see, defines only the base port for the web application. supervisord and mongodb run at base port +1 and +2, respectively.
We specified that the base port is 3900, so we have to open ports 3900, 3901, 3902, 3903,for the web app, mongodb, supervisord and wsgi, respectively.