Install OMERO w/ ansible on Ubuntu 20.04

Hi @manics,

Thanks for the great workshop last week on installing/configuring. I’m now convinced to use Ansible. I was just in the process of setting up a new public server on a VM on AWS and had already done most of the work by hand so I’ll revert that and do it the Ansible way. For a variety of reasons the VM is running Ubuntu 20.04 and I followed: https://merge-ci.openmicroscopy.org/jenkins/job/OMERO-docs/lastSuccessfulBuild/artifact/omero/_build/html/sysadmins/unix/server-ubuntu2004-ice36.html to do the manual install and that worked perfectly fine so I know this can work.

So the question: I want to modify your ansible-example-omero-public-user playbook/requirements/etc package so it works for Ubuntu 20.04 and add a bit of extra stuff such as gallery and iviewer. What ansible files will I need to change for that and where are they? I’m mostly unclear what to do about making changes to the roles in the Ansible Galaxy.

Thanks,
Damir

Hi Damir

It’s probably best to start by checking the dependencies of the omero-server role:

Some of them will work without changes. The one that definitely needs an update is the ice role since it has to download a pre-compiled archive:

The files to concentrate on are:

• https://github.com/ome/ansible-role-ice/blob/2dd16041bd845e7a5aefd1b9290185fe8adb8319/meta/main.yml#L20-L32
• https://github.com/ome/ansible-role-ice/blob/2dd16041bd845e7a5aefd1b9290185fe8adb8319/tasks/debian.yml

Though you may need to modify others too. I’ll have a look when I get a chance.

I’ve just open a PR for the ice role:

You can install it locally using:

cat << EOF > requirements.yml
- name: ome.ice
  src: https://github.com/ome/ansible-role-ice/archive/8180bee14f0f82d959069491276938c02ec679df.tar.gz
EOF
ansible-galaxy install -p roles -r requirements.yml

Hi @manics -

Thanks for your efforts. With your changes to ome.ice and the changes I proposed to ome.omero_server and ome.omero_web, and ome.python3_virtualenv, I think there’s only one more hurdle to overcome before deploying on Ubuntu 20.04 is possible. I discovered that on Ubuntu systems, because the ome.ice role relies on the ome.deploy_archive role to deploy the ice binaries to /opt, the installation fails because /opt is owned by root, has permissions of 0755 and the tasks to download, unarchive and symlink ice are not configured with “become: true”. There’s a note in the README file for the deploy_archive role about making sure that the ansible user has write permissions to the deploy directory because the role doesn’t use the become: true directive.

I can’t find an easy way to achieve this, though and run only the ome.deploy_archive with escalated privileges, because it’s called from the ome.ice role which itself is a dependency of the ome.omero_server role. I could configure the user I connect to ansible with to always become root, or run the entire playbook with the become directive, but then all the tasks and plays are run as root, which sounds like a bad idea? Am I missing some easy way to overcome this issue?

Cheers,
Steve

@steveo thanks for all your contributions on the various Ansible roles, it looks like we are getting closer to have a collection of roles which will install OMERO on Ubuntu 20.04.

On the Ice role issue, I would have expected this contribution to fix the issue by setting the privilege escalation withing the role itself set become for ome.deploy_archive by JonnyJD · Pull Request #16 · ome/ansible-role-ice · GitHub. The change should have been released to Galaxy as ome.ice 4.2.0. Have you tested whether it fixes your issue? If it’s not sufficient, it would be worth opening an issue against the source code repository.

Best,
Sebastien

Thanks @s.besson - I was using the ice role from the PR that Simon describes above, and didn’t notice the deploy_archive fix. That will almost certainly solve my issue. I’ll test it out.

Cheers,
Steve