Pre-Installation Requirements

Before installing Clarity LIMS, you must purchase hardware and software that meet the minimum requirements (see Technical Overview). Following those purchases there are several components that you must organize, install, or configure.

The following sections discuss these components, and how to install and configure them. These sections apply to on-premise customers only. Before completing the steps described, make sure that the server has the minimum requirements. See Technical Requirements for details.

Before the Clarity LIMS support team can install Clarity LIMS, the items listed above must be set up and configured as described in this document. Confirm the completion of this work with the support team.

Purchase SSL / TLS Certificate(s)

All instances of Clarity LIMS must have a purchased SSL / TLS certificate installed.

Certificate Authorities will no longer issue SSL / TLS certificates for internal server names. As a result, to obtain a certificate you must have a valid, public DNS entry for your server.

Before installing or upgrading Clarity LIMS, do the following:

  1. Purchase an SSL / TLS certificate.

  2. Save the certificate files on the server on which the Clarity LIMS server is installed.

  3. Provide the Clarity LIMS Support team with the private key and password for the SSL / TLS certificate.

For instructions on obtaining a certificate, see Install a Purchased SSL/TLS Certificate.

Check SELinux Mode

Security-Enhanced Linux (SELinux) is not supported for use with Clarity LIMS. Make sure that SELinux is set to either permissive or disabled mode.

For instructions, see the following sections of the Red Hat documentation:

  • 5.4.1.2 Permissive Mode

  • 5.4.2 Disabling SELinux

You can find additional documentation on users at /opt/gls/clarity/documentation/users/

Set Up Root Access Server

Clarity LIMS is installed using industry standard RPM packaging. The Clarity LIMS support team requires root credentials to the server during the installation process.

The following sections discuss the system user accounts that the support team sets up during the installation process. It is important that you do not change these system users.

The production server must be configured in US locale.

Server-based user accounts

During initial installation, the RPMs create the following server-based user accounts in a common group named claritylims.

  • glsjboss: This user account is used for setting up and starting the Tomcat application server.

  • glsai: This user account is used for setting up and starting the automation worker service.

  • glsftp: This user account is configured to allow SFTP access and to redirect the home directory to the data storage area. The glsftp user account is used by BaseSpace Clarity LIMS clients to import and export files from the LIMS file server.

NOTE: Do not create these user accounts manually.

During initial installation of the elastic search subsystem, the RPM creates the following server-based user account in the elasticsearch group.

  • elasticsearch: This user account is used for setting up and starting the elastic search subsystem used by the LIMS search mechanism.

NOTE: Do not create these user accounts manually.

During initial installation of the RabbitMQ subsystem, the RPM creates the following server-based user account in the rabbitmq group.

  • rabbitmq: This user account is used for setting up and starting the RabbitMQ subsystem used by the search indexing mechanism.

NOTE: Do not create these user accounts manually.

Setting user account passwords

During the installation process, no default passwords are created for the glsjboss, glsai, and glsftp user accounts.

  • Passwords must be set for these accounts.

  • During execution of the Clarity LIMS installation script, you are prompted for the password of the glsftp user. Use the same password you set at the operating system level for this user.

NOTE: You can find additional documentation on users at /opt/gls/clarity/documentation/users/

Allow SSH password-based authentication

To enable SSH Password Authentication, add the following configuration to the /etc/ssh/sshd_config file:

Match User "glsftp"

PasswordAuthentication yes

Install and Configure the Database

After installing a supported database, Clarity LIMS requires certain changes to the default database configuration.

Additional tablespace names and user profiles may be needed, depending on the configuration of your system.

For more information or for assistance with your database configuration, contact the Clarity LIMS Support team.

Configure PostgreSQL Database for Use with BaseSpace Clarity LIMS
  1. On your database server, create a Clarity LIMS user. The Clarity LIMS user must have either full rights and permissions, or the ones defined by this command:

    CREATE ROLE clarity WITH NOSUPERUSER CREATEDB NOCREATEROLE LOGIN

    NOTE: The Clarity LIMS user must use only the public schema. Clarity LIMS does not support other schemas.

  2. Create one database named ClarityDB and another named ClarityTenantLookup. Make sure that both databases are set up to receive remote connections from the Clarity LIMS application server.

  3. Restart PostgreSQL

  4. Confirm the completion of these items with the Clarity LIMS Support team, and provide the following information:

    • The database user name and password for both databases.

    • The hostname/IP address of the database server.

    • The PostgreSQL port number.

Set up database maintenance tasks

To achieve optimum performance, we recommend you perform the following database maintenance tasks, using the appropriate tools and commands.

  • PostgreSQL: Routinely vacuum the database.

    For instructions, refer to the PostgreSQL documentation.

IPv4 support

Clarity LIMS supports only IPv4.

Confirm Hostname Resolution

To access the Clarity LIMS server via DNS, make sure that the following apply:

  • The server local host file /etc/hosts does not contain an entry for that hostname bound to its loopback address.

  • Any hostname entries correspond to their entries in DNS.

  • The command hostname -f must return the fully-qualified domain name of the server.

For client systems:

  • Users should use the fully-qualified domain name (FQDN) when logging on to the system. Using the FQDN ensures persistence of the session ID.

Set the TimeZone (TZ) Environment Variable

Clarity LIMS requires the environment variable TZ be set on the Clarity LIMS server to your correct timezone. If the value is not configured, a default of GMT is configured by Clarity LIMS in the file /etc/profile.d/clarity.sh.

This file might update on upgrade. Any changes must be manually applied across upgrades.

Configure TCP/IP Settings

To allow proper system communication, the following ports on the Clarity LIMS server must be accessible by the LIMS clients:

  • TCP/IP Port 22 (SFTP) for file transfers between the client and server

  • TCP/IP Port 443 (HTTPS) for Apache proxy

  • TCP/IP Port 80 (HTTP) used to forward any unknown unsecured requests over SSL / TLS and port 443

The following ports are required on the local Clarity LIMS server:

  • TCP/IP Port 4369 for Epmd for RabbitMQ

  • TCP/IP Port 5432 for PostgreSQL database communications *

  • TCP/IP Port 9009 for Tomcat

  • TCP/IP Port 9200 for Elastic Search

  • TCP/IP Port 9300 for Elastic Search

  • TCP/IP Port 5672 for RabbitMQ

  • TCP/IP Port 15672 for RabbitMQ

The database ports are configurable and might be different in your organization.

Configure automation worker TCP/IP settings

Computers running an automation worker must be able to reach the Clarity LIMS server via the following ports:

  • TCP/IP Port 22 (SFTP) for file transfers between the client and server

  • TCP/IP Port 443 (HTTPS) for Apache proxy

  • TCP/IP Port 80 (HTTPS) used to forward any unknown, unsecured requests over SSL / TLS and port 443

Configure VPN Access for Hosted Systems

To facilitate instrument integrations, a site-to-site IPSEC VPN connection can be set up between your facility and the hosted instance.

There are two ports that must be opened: 4500/udp and 500/udp.

If a VPN is required, you must provide more detailed setup information to the Clarity LIMS Support team. Upon request, the Clarity LIMS Support team will provide the additional form required to do this.

Save any Apache Proxy Configuration

Clarity LIMS uses an Apache proxy and the Clarity LIMS installation process installs and configures it automatically. If the server already has an Apache proxy installed and configured, the installation process overwrites the current configuration. If that configuration is important, you must back it up before running the Clarity LIMS installation process. Any settings that are important to your organization must be reconfigured manually after an install or upgrade of Clarity LIMS.

Install and Configure HashiCorp Vault

In Clarity LIMS v6.0.0 and later, you can choose to install and configure a HashiCorp Vault to store Clarity LIMS-related passwords and secrets safely.

For more information, refer to Configure Your HashiCorp Vault.

Last updated