From 93daf9febbab03ef0a551cd2390325e00463676d Mon Sep 17 00:00:00 2001 From: Jean-Marie Burel Date: Wed, 29 Apr 2020 20:44:44 +0100 Subject: [PATCH 1/2] update doc to use omero-certificates --- omero/sysadmins/unix/server-debian10-ice36.rst | 6 ++---- omero/sysadmins/unix/server-debian9-ice36.rst | 6 ++---- omero/sysadmins/unix/server-ubuntu1804-ice36.rst | 6 ++---- omero/sysadmins/unix/server-ubuntu2004-ice36.rst | 5 ++--- 4 files changed, 8 insertions(+), 15 deletions(-) diff --git a/omero/sysadmins/unix/server-debian10-ice36.rst b/omero/sysadmins/unix/server-debian10-ice36.rst index 63b8cd173d..f4aa73a88a 100644 --- a/omero/sysadmins/unix/server-debian10-ice36.rst +++ b/omero/sysadmins/unix/server-debian10-ice36.rst @@ -79,7 +79,7 @@ Installing OMERO.server **The following step is run as root.** -We recommend to create a virtual environment and install the Ice Python binding and PyTables_ using ``pip``: +We recommend to create a virtual environment and install the Ice Python binding, PyTables_ and ``omero-certificates`` using ``pip``: .. literalinclude:: walkthrough/walkthrough_debian10.sh :start-after: #start-step03bis @@ -125,9 +125,7 @@ Weaker ciphers like ADH are disabled by default in OpenSSL 1.1.0, the version installed on Debian 10. This means that it is not possible to connect to an OMERO.server using any OMERO clients e.g. the Java Desktop client, -the OMERO.web client or the CLI. -The parameter ``@SECLEVEL=0``, enabling the weaker ciphers, needs to be -set in order to allow connection. +the OMERO.web client or the CLI. Run: .. literalinclude:: walkthrough/walkthrough_debian10.sh :start-after: #start-seclevel diff --git a/omero/sysadmins/unix/server-debian9-ice36.rst b/omero/sysadmins/unix/server-debian9-ice36.rst index 7fa6864db2..fc75be27f9 100644 --- a/omero/sysadmins/unix/server-debian9-ice36.rst +++ b/omero/sysadmins/unix/server-debian9-ice36.rst @@ -92,7 +92,7 @@ Installing OMERO.server **The following step is run as root.** -We recommend to create a virtual environment and install the Ice Python binding and PyTables_ using ``pip``: +We recommend to create a virtual environment and install the Ice Python binding, PyTables_ and ``omero-certificates`` using ``pip``: .. literalinclude:: walkthrough/walkthrough_debian9.sh :start-after: #start-step03bis @@ -138,9 +138,7 @@ Weaker ciphers like ADH are disabled by default in OpenSSL 1.1.0, the version installed on Debian 9. This means that it is not possible to connect to an OMERO.server using any OMERO clients e.g. the Java Desktop client, -the OMERO.web client or the CLI. -The parameter ``@SECLEVEL=0``, enabling the weaker ciphers, needs to be -set in order to allow connection. +the OMERO.web client or the CLI. Run: .. literalinclude:: walkthrough/walkthrough_debian9.sh :start-after: #start-seclevel diff --git a/omero/sysadmins/unix/server-ubuntu1804-ice36.rst b/omero/sysadmins/unix/server-ubuntu1804-ice36.rst index 8c52b04abb..abe3bdde99 100644 --- a/omero/sysadmins/unix/server-ubuntu1804-ice36.rst +++ b/omero/sysadmins/unix/server-ubuntu1804-ice36.rst @@ -84,7 +84,7 @@ Installing OMERO.server **The following step is run as root.** -We recommend to create a virtual environment and install the Ice Python binding and PyTables_ using ``pip``: +We recommend to create a virtual environment and install the Ice Python binding, PyTables_ and ``omero-certificates`` using ``pip``: .. literalinclude:: walkthrough/walkthrough_ubuntu1804.sh :start-after: #start-step03bis @@ -130,9 +130,7 @@ Weaker ciphers like ADH are disabled by default in OpenSSL 1.1.0, the version installed on Ubuntu 18.04. This means that it is not possible to connect to an OMERO.server using any OMERO clients e.g. the Java Desktop client, -the OMERO.web client or the CLI. -The parameter ``@SECLEVEL=0``, enabling the weaker ciphers, needs to be -set in order to allow connection. +the OMERO.web client or the CLI. Run: .. literalinclude:: walkthrough/walkthrough_ubuntu1804.sh :start-after: #start-seclevel diff --git a/omero/sysadmins/unix/server-ubuntu2004-ice36.rst b/omero/sysadmins/unix/server-ubuntu2004-ice36.rst index 9435315c21..413214ceb5 100644 --- a/omero/sysadmins/unix/server-ubuntu2004-ice36.rst +++ b/omero/sysadmins/unix/server-ubuntu2004-ice36.rst @@ -84,7 +84,7 @@ Installing OMERO.server **The following step is run as root.** -We recommend to create a virtual environment and install the Ice Python binding and PyTables_ using ``pip``: +We recommend to create a virtual environment and install the Ice Python binding, PyTables_ and ``omero-certificates`` using ``pip``: .. literalinclude:: walkthrough/walkthrough_ubuntu2004.sh :start-after: #start-step03bis @@ -131,8 +131,7 @@ the version installed on Ubuntu 20.04. This means that it is not possible to connect to an OMERO.server using any OMERO clients e.g. the Java Desktop client, the OMERO.web client or the CLI. -The parameter ``@SECLEVEL=0``, enabling the weaker ciphers, needs to be -set in order to allow connection. +Run: .. literalinclude:: walkthrough/walkthrough_ubuntu2004.sh :start-after: #start-seclevel From 2ec62077f7e70b81913bf0eead1f29fdbf15d8dc Mon Sep 17 00:00:00 2001 From: Jean-Marie Burel Date: Mon, 11 May 2020 18:42:21 +0100 Subject: [PATCH 2/2] adjust layout/config certificates --- omero/sysadmins/unix/server-centos7-ice36.rst | 7 +++++-- omero/sysadmins/unix/server-centos8-ice36.rst | 15 +++++++-------- omero/sysadmins/unix/server-debian10-ice36.rst | 12 ++++++------ omero/sysadmins/unix/server-debian9-ice36.rst | 10 +++++----- omero/sysadmins/unix/server-ubuntu1604-ice36.rst | 7 +++++-- omero/sysadmins/unix/server-ubuntu1804-ice36.rst | 12 ++++++------ omero/sysadmins/unix/server-ubuntu2004-ice36.rst | 12 ++++++------ 7 files changed, 40 insertions(+), 35 deletions(-) diff --git a/omero/sysadmins/unix/server-centos7-ice36.rst b/omero/sysadmins/unix/server-centos7-ice36.rst index 2069d40e4f..fab153d0d4 100644 --- a/omero/sysadmins/unix/server-centos7-ice36.rst +++ b/omero/sysadmins/unix/server-centos7-ice36.rst @@ -78,7 +78,7 @@ Installing OMERO.server **The following step is run as root.** -We recommend to create a virtual environment and install the Ice Python binding and PyTables_ using ``pip``: +We recommend to create a virtual environment and install the Ice Python binding and the dependencies required by the server using ``pip``: .. literalinclude:: walkthrough/walkthrough_centos7.sh :start-after: #start-step03bis @@ -102,6 +102,9 @@ Change the ownership of the OMERO.server directory and create a symlink: :start-after: #end-release-ice36 :end-before: #end-step04-pre +Configuring OMERO.server +------------------------ + **The following steps are run as the omero-server system user.** (``su - omero-server``) The variable ``OMERODIR`` set in :download:`settings.env ` above **must** point to the location where OMERO.server is installed. @@ -111,7 +114,7 @@ Note that this script requires the same environment variables that were set earlier in `settings.env`, so you may need to copy and/or source this file as the omero user. -Configure the server: +Configure the database and the location of the data directory: .. literalinclude:: walkthrough/walkthrough_centos7.sh :start-after: #end-copy-omeroscript diff --git a/omero/sysadmins/unix/server-centos8-ice36.rst b/omero/sysadmins/unix/server-centos8-ice36.rst index 62d381c3ba..fc9ccc6b70 100644 --- a/omero/sysadmins/unix/server-centos8-ice36.rst +++ b/omero/sysadmins/unix/server-centos8-ice36.rst @@ -78,7 +78,7 @@ Installing OMERO.server **The following step is run as root.** -We recommend to create a virtual environment and install the Ice Python binding and PyTables_ using ``pip``: +We recommend to create a virtual environment and install the Ice Python binding and the dependencies required by the server using ``pip``: .. literalinclude:: walkthrough/walkthrough_centos8.sh :start-after: #start-step03bis @@ -102,6 +102,9 @@ Change the ownership of the OMERO.server directory and create a symlink: :start-after: #end-release-ice36 :end-before: #end-step04-pre +Configuring OMERO.server +------------------------ + **The following steps are run as the omero-server system user.** (``su - omero-server``) The variable ``OMERODIR`` set in :download:`settings.env ` above **must** point to the location where OMERO.server is installed. @@ -111,22 +114,18 @@ Note that this script requires the same environment variables that were set earlier in `settings.env`, so you may need to copy and/or source this file as the omero user. -Configure the server: +Configure the database and the location of the data directory: .. literalinclude:: walkthrough/walkthrough_centos8.sh :start-after: #end-copy-omeroscript :end-before: #end-step04 -Patching OMERO.server ---------------------- -Weaker ciphers like ADH are disabled by default in OpenSSL 1.1.0, -the version installed on Debian 10. +Weaker ciphers like ADH are disabled by default in OpenSSL 1.1+, +the version installed on CentOS 8. This means that it is not possible to connect to an OMERO.server using any OMERO clients e.g. the Java Desktop client, the OMERO.web client or the CLI. -The parameter ``@SECLEVEL=0``, enabling the weaker ciphers, needs to be -set in order to allow connection. .. literalinclude:: walkthrough/walkthrough_centos8.sh :start-after: #start-seclevel diff --git a/omero/sysadmins/unix/server-debian10-ice36.rst b/omero/sysadmins/unix/server-debian10-ice36.rst index f4aa73a88a..9b46613a99 100644 --- a/omero/sysadmins/unix/server-debian10-ice36.rst +++ b/omero/sysadmins/unix/server-debian10-ice36.rst @@ -79,7 +79,7 @@ Installing OMERO.server **The following step is run as root.** -We recommend to create a virtual environment and install the Ice Python binding, PyTables_ and ``omero-certificates`` using ``pip``: +We recommend to create a virtual environment and install the Ice Python binding and the dependencies required by the server using ``pip``: .. literalinclude:: walkthrough/walkthrough_debian10.sh :start-after: #start-step03bis @@ -103,6 +103,9 @@ Change the ownership of the OMERO.server directory and create a symlink: :start-after: #end-release-ice36 :end-before: #end-step04-pre +Configuring OMERO.server +------------------------ + **The following steps are run as the omero-server system user.** The variable :envvar:`OMERODIR` set in :download:`settings.env ` above **must** point to the location where OMERO.server is installed. @@ -112,16 +115,13 @@ Note that this script requires the same environment variables that were set earlier in `settings.env`, so you may need to copy and/or source this file as the omero user. -Configure the server: +Configure the database and the location of the data directory: .. literalinclude:: walkthrough/walkthrough_debian10.sh :start-after: #end-copy-omeroscript :end-before: #end-step04 -Patching OMERO.server ---------------------- - -Weaker ciphers like ADH are disabled by default in OpenSSL 1.1.0, +Weaker ciphers like ADH are disabled by default in OpenSSL 1.1+, the version installed on Debian 10. This means that it is not possible to connect to an OMERO.server using any OMERO clients e.g. the Java Desktop client, diff --git a/omero/sysadmins/unix/server-debian9-ice36.rst b/omero/sysadmins/unix/server-debian9-ice36.rst index fc75be27f9..41a388f355 100644 --- a/omero/sysadmins/unix/server-debian9-ice36.rst +++ b/omero/sysadmins/unix/server-debian9-ice36.rst @@ -92,7 +92,7 @@ Installing OMERO.server **The following step is run as root.** -We recommend to create a virtual environment and install the Ice Python binding, PyTables_ and ``omero-certificates`` using ``pip``: +We recommend to create a virtual environment and install the Ice Python binding and the dependencies required by the server using ``pip``: .. literalinclude:: walkthrough/walkthrough_debian9.sh :start-after: #start-step03bis @@ -116,6 +116,9 @@ Change the ownership of the OMERO.server directory and create a symlink: :start-after: #end-release-ice36 :end-before: #end-step04-pre +Configuring OMERO.server +------------------------ + **The following steps are run as the omero-server system user.** (``su - omero-server``) The variable ``OMERODIR`` set in :download:`settings.env ` above **must** point to the location where OMERO.server is installed. @@ -125,15 +128,12 @@ Note that this script requires the same environment variables that were set earlier in `settings.env`, so you may need to copy and/or source this file as the omero user. -Configure the server: +Configure the database and the location of the data directory: .. literalinclude:: walkthrough/walkthrough_debian9.sh :start-after: #end-copy-omeroscript :end-before: #end-step04 -Patching OMERO.server ---------------------- - Weaker ciphers like ADH are disabled by default in OpenSSL 1.1.0, the version installed on Debian 9. This means that it is not possible to connect to an OMERO.server diff --git a/omero/sysadmins/unix/server-ubuntu1604-ice36.rst b/omero/sysadmins/unix/server-ubuntu1604-ice36.rst index e2cc0ba224..015638fe53 100644 --- a/omero/sysadmins/unix/server-ubuntu1604-ice36.rst +++ b/omero/sysadmins/unix/server-ubuntu1604-ice36.rst @@ -78,7 +78,7 @@ Installing OMERO.server **The following step is run as root.** -We recommend to create a virtual environment and install the Ice Python binding and PyTables_ using ``pip``: +We recommend to create a virtual environment and install the Ice Python binding and the dependencies required by the server using ``pip``: .. literalinclude:: walkthrough/walkthrough_ubuntu1604.sh :start-after: #start-step03bis @@ -102,6 +102,9 @@ Change the ownership of the OMERO.server directory and create a symlink: :start-after: #end-release-ice36 :end-before: #end-step04-pre +Configuring OMERO.server +------------------------ + **The following steps are run as the omero-server system user.** (``su - omero-server``) The variable ``OMERODIR`` set in :download:`settings.env ` above **must** point to the location where OMERO.server is installed. @@ -111,7 +114,7 @@ Note that this script requires the same environment variables that were set earlier in `settings.env`, so you may need to copy and/or source this file as the omero user. -Configure the server: +Configure the database and the location of the data directory: .. literalinclude:: walkthrough/walkthrough_ubuntu1604.sh :start-after: #end-copy-omeroscript diff --git a/omero/sysadmins/unix/server-ubuntu1804-ice36.rst b/omero/sysadmins/unix/server-ubuntu1804-ice36.rst index abe3bdde99..ad0948104f 100644 --- a/omero/sysadmins/unix/server-ubuntu1804-ice36.rst +++ b/omero/sysadmins/unix/server-ubuntu1804-ice36.rst @@ -84,7 +84,7 @@ Installing OMERO.server **The following step is run as root.** -We recommend to create a virtual environment and install the Ice Python binding, PyTables_ and ``omero-certificates`` using ``pip``: +We recommend to create a virtual environment and install the Ice Python binding and the dependencies required by the server using ``pip``: .. literalinclude:: walkthrough/walkthrough_ubuntu1804.sh :start-after: #start-step03bis @@ -108,6 +108,9 @@ Change the ownership of the OMERO.server directory and create a symlink: :start-after: #end-release-ice36 :end-before: #end-step04-pre +Configuring OMERO.server +------------------------ + **The following steps are run as the omero-server system user.** (``su - omero-server``) The variable ``OMERODIR`` set in :download:`settings.env ` above **must** point to the location where OMERO.server is installed. @@ -117,16 +120,13 @@ Note that this script requires the same environment variables that were set earlier in `settings.env`, so you may need to copy and/or source this file as the omero user. -Configure the server: +Configure the database and the location of the data directory: .. literalinclude:: walkthrough/walkthrough_ubuntu1804.sh :start-after: #end-copy-omeroscript :end-before: #end-step04 -Patching OMERO.server ---------------------- - -Weaker ciphers like ADH are disabled by default in OpenSSL 1.1.0, +Weaker ciphers like ADH are disabled by default in OpenSSL 1.1+, the version installed on Ubuntu 18.04. This means that it is not possible to connect to an OMERO.server using any OMERO clients e.g. the Java Desktop client, diff --git a/omero/sysadmins/unix/server-ubuntu2004-ice36.rst b/omero/sysadmins/unix/server-ubuntu2004-ice36.rst index 413214ceb5..bec474f565 100644 --- a/omero/sysadmins/unix/server-ubuntu2004-ice36.rst +++ b/omero/sysadmins/unix/server-ubuntu2004-ice36.rst @@ -84,7 +84,7 @@ Installing OMERO.server **The following step is run as root.** -We recommend to create a virtual environment and install the Ice Python binding, PyTables_ and ``omero-certificates`` using ``pip``: +We recommend to create a virtual environment and install the Ice Python binding and the dependencies required by the server using ``pip``: .. literalinclude:: walkthrough/walkthrough_ubuntu2004.sh :start-after: #start-step03bis @@ -108,6 +108,9 @@ Change the ownership of the OMERO.server directory and create a symlink: :start-after: #end-release-ice36 :end-before: #end-step04-pre +Configuring OMERO.server +------------------------ + **The following steps are run as the omero-server system user.** (``su - omero-server``) The variable ``OMERODIR`` set in :download:`settings.env ` above **must** point to the location where OMERO.server is installed. @@ -117,16 +120,13 @@ Note that this script requires the same environment variables that were set earlier in `settings.env`, so you may need to copy and/or source this file as the omero user. -Configure the server: +Configure the database and the location of the data directory: .. literalinclude:: walkthrough/walkthrough_ubuntu2004.sh :start-after: #end-copy-omeroscript :end-before: #end-step04 -Patching OMERO.server ---------------------- - -Weaker ciphers like ADH are disabled by default in OpenSSL 1.1.0, +Weaker ciphers like ADH are disabled by default in OpenSSL 1.1+, the version installed on Ubuntu 20.04. This means that it is not possible to connect to an OMERO.server using any OMERO clients e.g. the Java Desktop client,