Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Before installing Clarity LIMS, you must purchase hardware and software that meet the minimum requirements (see Technical Overview). Following those purchases there are several components that you must organize, install, or configure.
The following sections discuss these components, and how to install and configure them. These sections apply to on-premise customers only. Before completing the steps described, make sure that the server has the minimum requirements. See Technical Requirements for details.
Before the Clarity LIMS support team can install Clarity LIMS, the items listed above must be set up and configured as described in this document. Confirm the completion of this work with the support team.
All instances of Clarity LIMS must have a purchased SSL / TLS certificate installed.
Certificate Authorities will no longer issue SSL / TLS certificates for internal server names. As a result, to obtain a certificate you must have a valid, public DNS entry for your server.
Before installing or upgrading Clarity LIMS, do the following:
Purchase an SSL / TLS certificate.
Save the certificate files on the server on which the Clarity LIMS server is installed.
Provide the Clarity LIMS Support team with the private key and password for the SSL / TLS certificate.
For instructions on obtaining a certificate, see Install a Purchased SSL/TLS Certificate.
Security-Enhanced Linux (SELinux) is not supported for use with Clarity LIMS. Make sure that SELinux is set to either permissive or disabled mode.
For instructions, see the following sections of the Red Hat documentation:
5.4.1.2 Permissive Mode
5.4.2 Disabling SELinux
You can find additional documentation on users at /opt/gls/clarity/documentation/users/
Clarity LIMS is installed using industry standard RPM packaging. The Clarity LIMS support team requires root credentials to the server during the installation process.
The following sections discuss the system user accounts that the support team sets up during the installation process. It is important that you do not change these system users.
The production server must be configured in US locale.
After installing a supported database, Clarity LIMS requires certain changes to the default database configuration.
Additional tablespace names and user profiles may be needed, depending on the configuration of your system.
For more information or for assistance with your database configuration, contact the Clarity LIMS Support team.
To access the Clarity LIMS server via DNS, make sure that the following apply:
The server local host file /etc/hosts does not contain an entry for that hostname bound to its loopback address.
Any hostname entries correspond to their entries in DNS.
The command hostname -f must return the fully-qualified domain name of the server.
For client systems:
Users should use the fully-qualified domain name (FQDN) when logging on to the system. Using the FQDN ensures persistence of the session ID.
Clarity LIMS requires the environment variable TZ be set on the Clarity LIMS server to your correct timezone. If the value is not configured, a default of GMT is configured by Clarity LIMS in the file /etc/profile.d/clarity.sh.
This file might update on upgrade. Any changes must be manually applied across upgrades.
To allow proper system communication, the following ports on the Clarity LIMS server must be accessible by the LIMS clients:
TCP/IP Port 22 (SFTP) for file transfers between the client and server
TCP/IP Port 443 (HTTPS) for Apache proxy
TCP/IP Port 80 (HTTP) used to forward any unknown unsecured requests over SSL / TLS and port 443
The following ports are required on the local Clarity LIMS server:
TCP/IP Port 4369 for Epmd for RabbitMQ
TCP/IP Port 5432 for PostgreSQL database communications *
TCP/IP Port 9009 for Tomcat
TCP/IP Port 9200 for Elastic Search
TCP/IP Port 9300 for Elastic Search
TCP/IP Port 5672 for RabbitMQ
TCP/IP Port 15672 for RabbitMQ
The database ports are configurable and might be different in your organization.
Computers running an automation worker must be able to reach the Clarity LIMS server via the following ports:
TCP/IP Port 22 (SFTP) for file transfers between the client and server
TCP/IP Port 443 (HTTPS) for Apache proxy
TCP/IP Port 80 (HTTPS) used to forward any unknown, unsecured requests over SSL / TLS and port 443
To facilitate instrument integrations, a site-to-site IPSEC VPN connection can be set up between your facility and the hosted instance.
There are two ports that must be opened: 4500/udp and 500/udp.
If a VPN is required, you must provide more detailed setup information to the Clarity LIMS Support team. Upon request, the Clarity LIMS Support team will provide the additional form required to do this.
Clarity LIMS uses an Apache proxy and the Clarity LIMS installation process installs and configures it automatically. If the server already has an Apache proxy installed and configured, the installation process overwrites the current configuration. If that configuration is important, you must back it up before running the Clarity LIMS installation process. Any settings that are important to your organization must be reconfigured manually after an install or upgrade of Clarity LIMS.
In Clarity LIMS v6.0.0 and later, you can choose to install and configure a HashiCorp Vault to store Clarity LIMS-related passwords and secrets safely.
For more information, refer to Configure Your HashiCorp Vault.
This section explains how to install purchased SSL/TLS certificates into Clarity LIMS v5 and later.
Clarity LIMS can work with Named or WildCard certificates.
Typically, the process to install the certificates into Clarity LIMS is as follows:
Request a certificate from your IT organization, or purchase a certificate from a third-party SSL/TLS vendor.
Install the certificate using the script installCertificates.sh provided with Clarity LIMS. This script prompts for the required inputs and helps you to configure Clarity LIMS to use your SSL/TLS certificate.
Some IT organizations have preexisting certificates issued by an internal organization, typically referred to as an 'internal CA.' These internal CA certificates are not fully compatible with Java, and prevent the automation worker—and all integrations—from properly communicating with the Clarity LIMS server. Internal CA certificates are therefore not supported in Clarity LIMS.
You will need your organization or the third-party SSL/TLS vendor to provide you with the following:
An Apache 2.4-compatible SSL/TLS Certificate
The Certificate private key
The corresponding certificate chain, properly prepared for Apache 2.4. This component may not be required, depending on the organization that signs your certificate.
Your IT organization might provide you with a WildCard certificate. Clarity LIMS can use WildCard certificates, as long as the Apache 2.4-compatible certificate, private key, and certificate chain files are provided.
If purchasing from a third-party vendor, make sure that the vendor provides you with an Apache 2.4-compatible bundle that includes the components listed above. To purchase from a vendor, refer to their documentation.
By default, a private key has a password associated with it. On startup, Apache requests a passphrase to access the private key. You can use either of the following methods to resolve this issue:
Method 1 — Place a passphrase file on the system and reference it in your clarity.conf file.
Create a passphrase file in a directory that has read, write, and execute permissions for only the root or apache user.
Edit the clarity.conf file. The clarity.conf file is in the /etc/httpd/conf.d directory.
Add the following line to your clarity.conf file, before the section:
Method 2: Removing passphrase from an OpenSSL key
Removing the passphrase from an OpenSSL key is a security risk. Only remove the passphrase if you know that this risk is acceptable.
Remove the password from an OpenSSL key using the following command:\
Assumptions and Prerequisites
You have installed BaseSpace Clarity LIMS and run the 40_install_proxy.sh script.
You have OpenSSL (installed by default on the Clarity LIMS Linux server when you install Clarity LIMS). OpenSSL is used by the installCertificates.sh script.
You have the files listed in the following table (obtained from the process described previously) available on the Clarity LIMS server. In the example shown below, these files are located at /tmp/certs.
On the Clarity LIMS server, as the root user, run the installCertificates.sh script:
The following steps use the HashiCorp Vault user interface (UI) to guide you through the configuration of your HashiCorp Vault instance.
These configurations are mandatory for on premise Clarity LIMS deployments. For Illumina cloud hosted deployments, this configuration is completed by Illumina.
Detailed information and instructions for HashiCorp Vault are available on the HashiCorp website: www.hashicorp.com.
You are planning to install Clarity LIMS v6.0.0 and newer.
You have installed the latest version of either HashiCorp Vault Open Source or Enterprise.
You have read the Getting Started tutorials for Vault on the HashiCorp website and/or possess a basic knowledge of HashiCorp Vault.
You have system administrator permissions to perform the necessary operations to your HashiCorp Vault instance.
You have allowed the necessary port 443 from the Clarity LIMS instance to your HashiCorp Vault instance.
You have access to all the passwords required to be configured in your HashiCorp Vault instance.
To enable a new KV Secret Engine, refer to the Versioned Key/Value Secrets Engine tutorial provided on the HashiCorp Vault website.
The following table lists the secrets required for Clarity LIMS. To use the paths shown in the table, replace $host
with your fully qualified domain name (FQDN).
When configuration is complete, these secrets are listed in the Vault user interface.
AppRole is the recommended authentication method to use with the Clarity LIMS Secret Utility tool.
To enable the AppRole authentication method, refer to the AppRole Pull Authentication tutorial provided on the HashiCorp Vault website.
When AppRole is enabled, create an AppRole with the appropriate Access Control List (ACL) policy (see the following section).
Make a note of the Role ID and Secret ID. You need these IDs when configuring Secret Utility.
Secret Utility does not manage your Role ID and Secret ID for you (eg, renewing, revoking, and so on). It accepts the Role ID and Secret ID as-is, and attempts to authenticate with Vault.
Alternatively, the Clarity LIMS Secret Utility tool also works with the token authentication method.
To learn more about tokens, see the Tokens documentation on the HashiCorp Vault website.
Secret Utility does not manage your tokens for you (eg, renewing, revoking, and so on). It accepts the token as-is, and attempts to authenticate with Vault.
After enabling the AppRole authentication method, create ACL policies to access the Secret Engine.
IMPORTANT: Replace "claritylims" with your Secret Engine path.
You might need to update or create additional ACL policies for your System Administrator to rotate the credentials, when required.
To create the ACL policy, refer to the Vault Policies tutorial provided on the HashiCorp Vault website.
SSH into the Clarity LIMS instance.
\
This section provides instructions for upgrading existing on premise Clarity LIMS deployments to cloud hosted deployments. For assistance with upgrade steps, contact the Clarity LIMS Support team.
This section provides the steps required to upgrade an existing on-premise deployment of Clarity LIMS to a RedHat Enterprise Linux/Oracle Linux compatible Illumina cloud hosted deployment of Clarity LIMS v6.2.
For installation requirements, see Technical Requirements.
The following table shows the applicable migration paths.
From | To | Notes |
---|---|---|
Before Illumina can proceed with the upgrade, complete the following prerequisite steps.
Illumina provisions an instance installed with the latest qualified Oracle Linux version in the cloud.
Upgrades are only supported from Clarity LIMS versions 4.2, 4.3, 5.0, 5.1, 5.2, 6.0, and 6.1 (on-premise).
Custom configurations: If you have made any additional configurations that are not part of the Clarity LIMS preinstallation requirements, apply these configurations to the new instance.
Passwords: Configure all passwords to be same as the existing instance. After you have verified the new instance, you can change passwords as needed.
Make sure that all user accounts have email addresses associated with them. User passwords must be reset after the upgrade is complete.
To assist with validating the system before an upgrade, install the UpgradePreValidation RPM on the source server.
This RPM is installed temporarily, and provides tools to help check the system before an upgrade.
If validation is successful, you can remove this RPM and proceed with the upgrade.
Install the UpgradePreValidation RPM. Make sure you have the correct repo enabled.
On the source server, as the root user, run the following command:
[Optional] Set up Secret Utility.
If ClarityLIMS-SecretUtil was installed previously, run the following command to set up Secret Utility as the glsjboss user:
NOTE: Using a vault is the safer way of storing application secrets. If using a vault is not possible, the configuration script supports file-based storage.
For more information on the prompts, see #claritylimsv6.2guidetosecretmanagement-configurationscript section of Guide to Secret Management.
Run the validation script as follows.
Make sure that the Clarity LIMS server is running.
As the root user, run the following command:
Review the output of the script to determine if you can proceed with the upgrade. If the script outlines any issues with the potential upgrade, review the generated log files and contact the Clarity LIMS Support team for further assistance.
Remove the PreValidation RPM.
Remove the PreValidation RPM only after you confirm that you can upgrade. If you are unsure, consult the Clarity LIMS LIMS Support team.
As the root user, run the following command:
Archive the backup in case a rollback is required.
Before performing the backup, stop Clarity LIMS. The following command stops all Clarity LIMS components, including Automation Worker and integration services.
Stop Clarity LIMS:
On the command-line interface, run the following command as the root user:
Back up Postgresql database:
On the PostgreSQL server, best practice recommends backing up the database using the pg_dump utility.
The following example assumes the following:
The database server and the application server are on the same server.
The pg_dump utility is accessible to the glsjboss user.
Example
The Postgres DBA uses the following commands to create a database backup in the glsjboss home directory. Substitute the variables as appropriate for the specific environment.
As the glsjboss user:
Make sure that the following items, and any other files and configurations, are backed up safely:
crontab -l
custom scripts
OS configuration files
firewall rules
network configuration
etc.
If there are custom changes to any application configurations (to increase performance, security, etc.), restore/configure these items manually later by referencing the backup.
We recommend that you back up the items into a single zip file and transfer them to the new Cloud instance.
Directories
/opt/gls/clarity/users/glsftp or /home/glsftp (Clarity LIMS file store location)
/opt/gls/clarity/customextensions
/opt/gls/clarity/glscontents
Additional configurations:
rpm -qa | grep "BaseSpace\|Clarity" > clarityrpms.txt
This section provides instructions for upgrading existing cloud hosted Clarity LIMS deployments to on premise deployments. For assistance with upgrade steps, contact the Clarity LIMS Support team.
This document provides details on the steps required to upgrade an existing Clarity LIMS to RedHat Enterprise Linux/Oracle Linux compatible Clarity LIMS v6.2.
For installation requirements and Oracle Linux compatibility, see Technical Requirements.
The following table shows the applicable migration paths.
From | To | Notes |
---|---|---|
Before Illumina can proceed with the upgrade, complete the following prerequisite steps.
We recommend you provision an instance with similar or higher specifications to the current Clarity LIMS instance.
Note the following:
Your system must meet the requirements listed in Technical Requirements
All standard operating system (OS) security updates must have been applied.
Upgrades are only supported from Clarity LIMS v4.2/4.3/5.0/5.1/5.2/5.3/5.4/6.0/6.1.
The command hostname -f must resolve to the fully qualified domain name (FQDN) of the server. For details, see the #h_3725fb56-8faa-4c75-b76f-53493f5e9636 section of Pre-Installation Requirements.
Before installing Clarity LIMS on the new instance, make sure that the instance has the same fully-qualified domain name (QFDN) as the existing Production instance. If it is not possible to have the same QFDN, contact the Clarity LIMS Support team.
To configure the new instance, follow the instructions provided in the Pre-Installation Requirements and see also Technical Overview.
Custom configurations: If you have made any additional configurations that are not part of the Clarity LIMS pre-installation requirements, apply these configurations to the new instance.
Passwords: Configure all passwords to be same as the existing instance. After you have verified the new instance, you can change passwords as needed.
Make sure that all user accounts have email addresses associated with them. Users must reset their passwords after the upgrade is complete.
To assist with validating the system before an upgrade, install the UpgradePreValidation RPM on the source server.
This RPM is installed temporarily, and provides tools to help check the system before an upgrade.
If validation is successful, you can remove this RPM and proceed with the upgrade.
Install the UpgradePreValidation RPM. Make sure you have the correct repo enabled.
On the source server, as the root user, run the following command:
[Optional] Set up Secret Utility.
If ClarityLIMS-SecretUtil was installed previously, run the following command to set up Secret Utility as the glsjboss user:
NOTE: Using a vault is the safer way of storing application secrets. If using a vault is not possible, the configuration script supports file-based storage.
For more information on the prompts, see #claritylimsv6.2guidetosecretmanagement-configurationscript section of Guide to Secret Management.
Run the validation script as follows.
Make sure that the Clarity LIMS server is running.
As the root user, run the following command:
Review the output of the script to determine if you can proceed with the upgrade. If the script outlines any issues with the potential upgrade, review the generated log files and contact the Clarity LIMS Support team for further assistance.
Remove the PreValidation RPM.
Remove the PreValidation RPM only after you confirm that you can upgrade. If you are unsure, consult the Clarity LIMS LIMS Support team.
As the root user, run the following command:
Archive the backup in case a rollback is required.
Before performing the backup, stop Clarity LIMS. The following command stops all Clarity LIMS components, including Automation Worker and integration services.
Stop Clarity LIMS:
On the command-line interface, run the following command as the root user:
Back up Postgresql database:
On the PostgreSQL server, best practice recommends backing up the database using the pg_dump utility.
The following example assumes the following:
The database server and the application server are on the same server.
The pg_dump utility is accessible to the glsjboss user.
Example
The Postgres DBA uses the following commands to create a database backup in the glsjboss home directory. Substitute the variables as appropriate for the specific environment.
As the glsjboss user:
Make sure that the following items, and any other files and configurations, are backed up safely:
crontab -l
custom scripts
OS configuration files
firewall rules
network configuration
etc.
If there are custom changes to any application configurations (to increase performance, security, etc.), restore/configure these items manually later by referencing the backup.
We recommend that you back up the items into a single zip file and transfer them to the new instance.
Directories
/opt/gls/clarity/users/glsftp or /home/glsftp (Clarity LIMS file store location)
/opt/gls/clarity/customextensions
/opt/gls/clarity/glscontents
/etc/httpd/conf.d
/etc/httpd/sslcertificate
Files
.pgpass
/opt/gls/pgsql/9.x/pg_hba.conf
/opt/gls/pgsql/9.x/postgresql.conf
Additional configurations:
rpm -qa | grep "BaseSpace\|Clarity" > clarityrpms.txt
Make sure that the repository file exists in the following location:
As the root user, install the RPMs required on the new instance by referencing the content of clarityrpms.txt.
If you are upgrading from Clarity LIMS v4.x, some RPMs (eg, Server RPM) are now included under other RPMs.
Install any other required RPMs (eg, Python packages) which are not part of the Clarity LIMS setup.
Do not install NGS, Illumina Preset Protocols (IPP), and Sequencing RPMs during this step. You install these RPMs later in the installation process.
Configure and validate the new system, following the procedure outlined in the Installation Procedure
When prompted for user passwords, enter the passwords used in the previous instance.
Stop Clarity LIMS. To do so, on the command-line interface, run the following command as the root user:
/opt/gls/clarity/bin/run_clarity.sh stop
The following steps are only required if you are restoring from a previous instance. If you are installing on a testing environment, proceed to #claritylimsv6.2upgradeprocedureforonpremisetoonpremisefrom4.2-4.3-5.0-5.1-5.2-6.0-6.1-4.3-5.2-oracle-28 section.
LabLink v2.4 is compatible with Clarity LIMS v6.2.
If upgrading from Clarity LIMS v4.x, Illumina migrates your LabLink-related data with the following exceptions:
sample submission templates
customized UI CSS
lablink property table configurations
Before completing the following steps, make sure that a database named lablink is created with the same database user as Clarity LIMS database.
Install the LabLink RPM. Make sure that you have the correct repo enabled.
On the new instance, as the root user, run the following command:
Run the pending initialization script.
As the glsjboss user, run the following command:
The script prompts for a Google reCAPTCHA URL, site key, and secret key.
Google reCAPTCHA URL: https://www.google.com/recaptcha/
Google reCAPTCHA site key and secret key: View these keys from the Google reCAPTCHA Admin Console, under Settings.
NOTE: If you prefer not to use reCAPTCHA, leave the site-key and secret-key fields blank when running the configuration script. LabLink does not display the reCAPTCHA when these fields are left blank. You can also use your own reCAPTCHA accounts when configuring LabLink.
To reconfigure LabLink (without initializing the database), run the following command as the glsjboss user:
bash /opt/gls/clarity/config/configure_lablink.sh
Extract the backup zip file into a suitable location, e.g. /tmp/restore.
NOTE: If using Oracle database, skip the following steps 2 and 3. Contact the Clarity LIMS Support team for assistance in performing the migration from Oracle to PostgreSQL.
If using PostgreSQL database, the DBA imports the database dump into the new database instance. Dropping and recreating the database might be necessary. If you need to do this, use the following command:
dropdb -U postgres <OL8DB>
createdb -U postgres <OL8DB>
psql -U postgres -d <OL8DB> -c 'ALTER DATABASE "<OL8DB>" OWNER TO "<OL8User>"'
Restore the database exported from the previous instance.
Extract and restore the following directories to the same directory on the new instance:
Clarity LIMS file store: /opt/gls/clarity/users/glsftp or /home/glsftp
/opt/gls/clarity/customextensions
/opt/gls/clarity/glscontents
/etc/httpd/conf.d
NOTE: As of RedHat Enterprise Linux/Oracle Linux 8.8, Apache v2.4 is installed. There are several configuration changes in this version. You can use the new configuration, or merge your previous configuration file cautiously to the new configuration file. For details on the changes, refer to: httpd.apache.org.
Copy the SSL certificate files to the following location (create the directory if it does not exist):
/etc/httpd/sslcertificate
To configure the certificates, run the following command on the command-line interface, as the root user:
/opt/gls/clarity/config/installCertificates.sh
For more information, see Install a Purchased SSL/TLS Certificate
Restore files and configurations.
Copy any custom scripts into their folder locations.
For PostgreSQL database, copy / merge the database configuration file, i.e. pg_hba.conf and postgresql.conf.
Restore crontab from file.
Copy / Merge any additional application configurations.
This step is required only if the new instance hostname is different from the old instance hostname.
For details, see Change the Clarity LIMS Hostname
This step is only required if the passwords for glsftp and / or apiuser have changed.
To update the application configuration, complete the following steps:
Update glsftp password.
Update apiuser password.
Update database connection details.
For details, see Update Server Passwords and Database Connection Details.
In this step, the clarity-migrator tool is used to perform the changes required to make the database compatible with the new Clarity LIMS version.
On the command-line interface, run the following commands as the glsjboss user:
This step is required only if the RPMs have been installed on the existing Clarity LIMS instance.
Install the latest NGS, IPP, and Sequencing RPMs compatible with the new LIMS version, as listed in clarityrpms.txt.
All existing workflows, protocols, steps, and master steps are restored during the restoration process. After installing the NGS and IPP RPMs, you do not need to install the workflows again.
If the automation/External Program Plugin (EPP) scripts installed on the new instance are of a later version (e.g. /opt/gls/clarity/extensions/ngs-common/v5/EPP ), to your old instance (e.g. /opt/gls/clarity/extensions/ngs-common/v4/EPP), you must manually update the script location in your automation / EPP command lines. You can do update the script location in the Clarity LIMS interface or the Operations interface.
If you intend to install NovaSeq API-based integration, NextSeq integration, or MiSeq integration, use the latest package to ensure OS compatibility.
On the command-line interface, run the following commands as the root user:
Make sure that ElasticSearch is running:
When ElasticSearch service is running, remove the ElasticSearch indexes:
Restart Clarity LIMS:
The following verification steps are the minimum required to confirm that the various services are up and running properly.
To conduct a thorough verification, perform your verification steps or daily routine on the new Clarity LIMS instance.
Log in to BaseSpace Clarity LIMS via https://<FQDN>/clarity and perform a basic search.
Check that search results are returned.
If no search results are returned, try again later as the search indexes are still building.
Run a sample through a QC protocol step. Create a temporary workflow if necessary.
Make sure that the automation executes successfully and the log files are accessible.
Open a browser window and access https://<FQDN>/api/v2/projects.
Log in with api user credentials.
Check that all projects are returned in the response.
Open a browser window and access https://<FQDN>/lablink/.
Log in with administrator credentials.
On the Projects page, make sure that all data are properly displayed.
To make sure that the service is running properly, you must initiate an actual sequencing run on the instrument.
This section provides instructions for upgrading an existing on premise Clarity LIMS deployment. For assistance with upgrade steps, contact the Clarity LIMS Support team.
This section provides the steps required to upgrade an existing on-premise deployment of Clarity LIMS to a RedHat Enterprise Linux/Oracle Linux compatible on-premise deployment of Clarity LIMS v6.2.
The installation procedure includes provisioning and configuring the new instance, and installing and then verifying the new Clarity LIMS version.
For installation requirements, see .
If you have questions about the upgrade procedure, contact the Clarity LIMS Support team.
The following table shows the applicable migration paths.
From | To | Notes |
---|
Before Illumina can proceed with the upgrade, complete the following prerequisite steps.
We recommend you provision an instance with similar or higher specifications to the current Clarity LIMS instance.
Note the following:
All standard operating system (OS) security updates must have been applied.
Upgrades are only supported from Clarity LIMS v4.2/5.0/5.1/6.0/6.1, and v4.3/5.2.0 (Oracle).
Before installing Clarity LIMS on the new instance, make sure that the instance has the same FQDN as the existing production instance. If your new instance cannot have the same FQDN as the production instance, contact the Illumina Support team.
Custom configurations: If you have made any additional configurations that are not part of the Clarity LIMS pre-installation requirements, apply these configurations to the new instance.
Passwords: Configure all passwords to be same as the existing instance. After you have verified the new instance, you can change passwords as needed.
Make sure that all user accounts have email addresses associated with them. Users must reset their passwords after the upgrade is complete.
To assist with validating the system before an upgrade, install the UpgradePreValidation RPM on the source server.
This RPM is installed temporarily, and provides tools to help check the system before an upgrade.
If validation is successful, you can remove this RPM and proceed with the upgrade.
Install the UpgradePreValidation RPM. Make sure you have the correct repo enabled.
On the source server, as the root user, run the following command:
[Optional] Set up Secret Utility.
If ClarityLIMS-SecretUtil was installed previously, run the following command to set up Secret Utility as the glsjboss user:
NOTE: Using a vault is the safer way of storing application secrets. If using a vault is not possible, the configuration script supports file-based storage.
Run the validation script as follows.
Make sure that the Clarity LIMS server is running.
As the root user, run the following command:
Review the output of the script to determine if you can proceed with the upgrade. If the script outlines any issues with the potential upgrade, review the generated log files and contact the Clarity LIMS Support team for further assistance.
Remove the PreValidation RPM.
Remove the PreValidation RPM only after you confirm that you can upgrade. If you are unsure, consult the Clarity LIMS LIMS Support team.
As the root user, run the following command:
Archive the backup in case a rollback is required.
Before performing the backup, stop Clarity LIMS. The following command stops all Clarity LIMS components, including Automation Worker and integration services.
Stop Clarity LIMS:
On the command-line interface, run the following command as the root user:
Back up Postgresql database:
On the PostgreSQL server, best practice recommends backing up the database using the pg_dump utility.
The following example assumes the following:
The database server and the application server are on the same server.
The pg_dump utility is accessible to the glsjboss user.
Example
The Postgres DBA uses the following commands to create a database backup in the glsjboss home directory. Substitute the variables as appropriate for the specific environment.
As the glsjboss user:
Make sure that the following items, and any other files and configurations, are backed up safely:
crontab -l
custom scripts
OS configuration files
firewall rules
network configuration
etc.
If there are custom changes to any application configurations (to increase performance, security, etc.), restore/configure these items manually later by referencing the backup.
We recommend that you back up the items into a single zip file and transfer them to the new instance.
Directories
/opt/gls/clarity/users/glsftp or /home/glsftp (Clarity LIMS file store location)
/opt/gls/clarity/customextensions
/opt/gls/clarity/glscontents
/etc/httpd/conf.d
/etc/httpd/sslcertificate
Files
.pgpass
/opt/gls/pgsql/9.x/pg_hba.conf
/opt/gls/pgsql/9.x/postgresql.conf
Additional configurations:
rpm -qa | grep "BaseSpace\|Clarity" > clarityrpms.txt
Make sure that the repository file exists in the following location:
As the root user, install the RPMs required on the new instance by referencing the content of clarityrpms.txt.
If you are upgrading from Clarity LIMS v4.x, some RPMs (eg, Server RPM) are now included under other RPMs.
Install any other required RPMs (eg, Python packages) which are not part of the Clarity LIMS setup.
Do not install NGS, Illumina Preset Protocols (IPP), and Sequencing RPMs during this step. You install these RPMs later in the installation process.
When prompted for user passwords, enter the passwords used in the previous instance.
Stop Clarity LIMS. To do so, on the command-line interface, run the following command as the root user:
/opt/gls/clarity/bin/run_clarity.sh stop
LabLink v2.4 is compatible with Clarity LIMS v6.2.
If upgrading from Clarity LIMS v4.x, Illumina migrates your LabLink-related data with the following exceptions:
sample submission templates
customized UI CSS
lablink property table configurations
Before completing the following steps, make sure that a database named lablink is created with the same database user as Clarity LIMS database.
Install the LabLink RPM. Make sure that you have the correct repo enabled.
On the new instance, as the root user, run the following command:
Run the pending initialization script.
As the glsjboss user, run the following command:
The script prompts for a Google reCAPTCHA URL, site key, and secret key.
Google reCAPTCHA URL: https://www.google.com/recaptcha/
Google reCAPTCHA site key and secret key: View these keys from the Google reCAPTCHA Admin Console, under Settings.
NOTE: If you prefer not to use reCAPTCHA, leave the site-key and secret-key fields blank when running the configuration script. LabLink does not display the reCAPTCHA when these fields are left blank. You can also use your own reCAPTCHA accounts when configuring LabLink.
To reconfigure LabLink (without initializing the database), run the following command as the glsjboss user:
bash /opt/gls/clarity/config/configure_lablink.sh
Extract the backup zip file into a suitable location, e.g. /tmp/restore.
NOTE: If using Oracle database, skip the following steps 2 and 3. Contact the Clarity LIMS Support team for assistance in performing the migration from Oracle to PostgreSQL.
If using PostgreSQL database, the DBA imports the database dump into the new database instance. Dropping and recreating the database might be necessary. If you need to do this, use the following command:
dropdb -U postgres <OL8DB>
createdb -U postgres <OL8DB>
psql -U postgres -d <OL8DB> -c 'ALTER DATABASE "<OL8DB>" OWNER TO "<OL8User>"'
Restore the database exported from the previous instance.
Extract and restore the following directories to the same directory on the new instance:
Clarity LIMS file store: /opt/gls/clarity/users/glsftp or /home/glsftp
/opt/gls/clarity/customextensions
/opt/gls/clarity/glscontents
/etc/httpd/conf.d
NOTE: As of RedHat Enterprise Linux/Oracle Linux 8.8, Apache v2.4 is installed. There are several configuration changes in this version. You can use the new configuration, or merge your previous configuration file cautiously to the new configuration file. For details on the changes, refer to: httpd.apache.org.
Copy the SSL certificate files to the following location (create the directory if it does not exist):
/etc/httpd/sslcertificate
To configure the certificates, run the following command on the command-line interface, as the root user:
/opt/gls/clarity/config/installCertificates.sh
Restore files and configurations.
Copy any custom scripts into their folder locations.
For PostgreSQL database, copy / merge the database configuration file, i.e. pg_hba.conf and postgresql.conf.
Restore crontab from file.
Copy / Merge any additional application configurations.
This step is required only if the new instance hostname is different from the old instance hostname.
This step is only required if the passwords for glsftp and / or apiuser have changed.
To update the application configuration, complete the following steps:
Update glsftp password.
Update apiuser password.
Update database connection details.
In this step, the clarity-migrator tool is used to perform the changes required to make the database compatible with the new Clarity LIMS version.
On the command-line interface, run the following commands as the glsjboss user:
This step is required only if the RPMs have been installed on the existing Clarity LIMS instance.
Install the latest NGS, IPP, and Sequencing RPMs compatible with the new LIMS version, as listed in clarityrpms.txt.
All existing workflows, protocols, steps, and master steps are restored during the restoration process. After installing the NGS and IPP RPMs, you do not need to install the workflows again.
If the automation/External Program Plugin (EPP) scripts installed on the new instance are of a later version (e.g. /opt/gls/clarity/extensions/ngs-common/v5/EPP ), to your old instance (e.g. /opt/gls/clarity/extensions/ngs-common/v4/EPP), you must manually update the script location in your automation / EPP command lines. You can do update the script location in the Clarity LIMS interface or the Operations interface.
If you intend to install NovaSeq API-based integration, NextSeq integration, or MiSeq integration, use the latest package to ensure OS compatibility.
On the command-line interface, run the following commands as the root user:
Make sure that ElasticSearch is running:
When ElasticSearch service is running, remove the ElasticSearch indexes:
Restart Clarity LIMS:
The following verification steps are the minimum required to confirm that the various services are up and running properly.
To conduct a thorough verification, perform your verification steps or daily routine on the new Clarity LIMS instance.
Log in to BaseSpace Clarity LIMS via https://<FQDN>/clarity and perform a basic search.
Check that search results are returned.
If no search results are returned, try again later as the search indexes are still building.
Run a sample through a QC protocol step. Create a temporary workflow if necessary.
Make sure that the automation executes successfully and the log files are accessible.
Open a browser window and access https://<FQDN>/api/v2/projects.
Log in with api user credentials.
Check that all projects are returned in the response.
Open a browser window and access https://<FQDN>/lablink/.
Log in with administrator credentials.
On the Projects page, make sure that all data are properly displayed.
To make sure that the service is running properly, you must initiate an actual sequencing run on the instrument.
Path | Purpose |
---|
ACL Policies |
---|
After installing Clarity LIMS and configuring Secret Utility using the instructions provided in , run the command to read an existing password/secret from HashiCorp Vault.
Your system must meet the requirements listed in
The command hostname -f must resolve to the fully qualified domain name (FQDN) of the server. For details, see the section of .
To configure the new instance, follow the instructions provided in the and see also .
For more information on the prompts, see section of .
Configure and validate the new system, following the procedure outlined in the
The following steps are only required if you are restoring from a previous instance. If you are installing on a testing environment, proceed to section.
For more information, see
For details, see
For details, see .
PostgreSQL:
v4.2 On-premise
v5.0 On-premise
v5.1 On-premise
v6.2 Cloud hosted
Upgrading from CentOS6 to Oracle Linux v8.8 and v8.9 (on-premise to cloud hosted).
PostgreSQL:
v4.3 On-premise
v5.2 On-premise
v6.0 On-premise
v6.1 On-premise
v6.2 Cloud hosted
Upgrading from CentOS7 to Oracle Linux v8.8 and v8.9 (on-premise to cloud hosted).
Oracle:
v4.3 On-premise
v5.2 On-premise
v6.2 Cloud hosted
Migrating from Oracle to PostgresQL.
v6.2 supports PostgreSQL only.
File description
Example file name (used in examples below)
Apache private key
private.key
Signed SSL/TLS Certificate
customer_domain.crt
Intermediate chain file (optional)
intermediate.crt
v4.2 Cloud
v4.3 Cloud
v5.0 Cloud
v5.1 Cloud
v5.2 Cloud
v5.3 Cloud
v5.4 Cloud
v6.0 Cloud
v6.1 Cloud
v6.2 On-premise
Changing environment from Cloud to On-premise
| Password for GLSFTP user on the Clarity LIMS instance. |
| Password for RabbitMQ admin on the Clarity LIMS instance. |
| Password for the configured Clarity LIMS database user |
| Password for the configured LabLink DB database user. |
| Password for the configured Tenant Lookup DB database user. |
| [Optional] Password for the User DN configured for Clarity LIMS LDAP integration |
| Password for the apiuser user account that is used by Automation Worker to authenticate with Clarity LIMS API. If you have configured a different user account, create it under |
|
PostgreSQL: v4.2 On-premise v5.0 On-premise v5.1 On-premise | v6.2 On-premise | Upgrading from CentOS6 to Oracle Linux v8.8 and v8.9. |
PostgreSQL: v4.3 On-premise v5.2 On-premise v6.0 On-premise v6.1 On-premise | v6.2 On-premise | Upgrading from CentOS7 to Oracle Linux v8.8 and v8.9. |
Oracle: v4.3 On-premise v5.2 On-premise | v6.2 On-premise | Migrating from Oracle to PostgresQL. v6.2 supports PostgreSQL only. |