Example:

java -jar /opt/gls/clarity/tools/secretutil/secretutil.jar -n=INTEGRATION -u="mypassword" "apiusers/novaseq_user"

With the Oracle Linux/RedHat Enterprise Linux server, the following error messages can display when you perform the yum commands used to install Clarity LIMS:

Failed loading plugin "product-id": No module named 'urllib3'

Failed loading plugin "subscription-manager": No module named 'urllib3'

Failed loading plugin "upload-profile": No module named 'urllib3'

These messages do not affect the installation of Clarity LIMS. You can resolve these error messages by running the following command:

Step 1: Add the Clarity LIMS Repository

1. Using scp/sftp, WinSCP, FileZilla, PSCP, or similar, copy the repository to the following location: /etc/yum.repos.d.

2. Test the repo file with this command:

Step 2: Install Clarity LIMS

1. Run the install command:

2. Type y to download and install the Clarity LIMS RPM core components.

   NOTE: The installation of Clarity LIMS creates 3 operating system users:

   • glsai - User created to run the Automation Worker node

   • glsftp - User to access the SFTP file store

   • glsjboss - Runs the application server

   These users are created by the RPM installation process, and should not be created before starting the installation steps. The user home directories are created in the directory /opt/gls/clarity/users

   The operating system passwords for each of the above users should be set by the root user.

Step 3: Run Configuration Scripts

1. As the glsjboss user, change directory to /opt/gls/clarity/config/pending with the following command:

2. Run the first script listed sequentially in the directory listing with the following bash command:

   This script configures the Secret Utility password management tool so that secrets and passwords are accessible. It is recommended that you store application secrets in vault. If that is not possible, the configuration script supports file-based storage. For more information about the prompts, see Guide to Secret Management.

3. Run the following script:

4. Run the next script to initialize the database and overwrite any existing data:

   NOTE: This script requires that you enter the password for the glsftp user. Entering the password does not set the password for this user.

5. If your database server is standalone or remote, update the /opt/gls/clarity/tomcat/current/lib/activity-management-ui-config.groovy file with the following code snippet.

   NOTE: Substitute the Remote DB IP and Remote DB Port placeholders with the information for your server.

   If you do not update the script, log and database connection errors can occur.

6. Change to the root user, and then run the following script in the sequence to configure RabbitMQ:

7. As the root user, install the Apache proxy with the following script:

Step 4: Install Lablink

LabLink v2.4 is compatible with Clarity LIMS v6.2.

Before installing LabLink v2.4, make sure that a database named LabLink is created with the same database user as the Clarity LIMS database.

1. Turn off all Clarity LIMS services using the following command:

2. Install the LabLink RPM with the following yum command. Make sure that you have the correct repo enabled:

3. As the glsjboss user, run the pending initialization script using the following command:

4. Restart all Clarity LIMS services using the following command:

5. Make sure that LabLink is accessible at https://<your-Clarity-FQDN>/lablink

Step 5: Start the System

Clarity LIMS includes the run_clarity.sh script. This script starts (or stops) all Clarity LIMS services (Elasticsearch, RabbitMQ, Search Indexing, Tomcat, httpd/Apache proxy, Automation Worker) in the required order, with one command.

Run the following script as the root user:

If an error occurs starting any service, subsequent services will not be started. Stop all services before trying to start them again.

Start the system as follows.

1. Switch to the root user.

2. Make sure that no Clarity LIMS services are running.

3. Run the script with the following start command:

4. After the script has completed, all Clarity LIMS services should be ready for use.

If any services are running, the script exits and provides a list of services to stop. In this scenario, complete the following steps:

1. Use the script with stop command to stop services.

2. Open a supported browser window and make sure that you can access the Clarity LIMS client at the following URL: https://<your-Clarity-FQDN>/

The user passwords created at the operating system level are for the glsai, glsjboss, and glsftp users.

• glsai and glsjboss users:

  • These users have no configuration associated with them.

  • You may change their passwords at any time.

• glsftp user:

  • After installation of Clarity LIMS, you can change this password. However, you must also update it in the file/vault secret store, using the Secret Management Util tool.

To change the glsftp password after installing Clarity LIMS, using SecretUtil:

1. Change the glsftp user's password on the server.

2. Log in to the server as the root user.

3. Stop Clarity LIMS using the following command:

4. Go to /opt/gls/clarity/tools/secretutil.

5. Update the password in the secret store.

   • For vault-based secret storage, use either the Vault command line interface (CLI) or Vault user interface (UI) to update the password.

   • For file-based secret storage, use Secret Management Util to update the password as follows:

6. Start Clarity LIMS using the following command:

Update Clarity LIMS User Passwords

The user passwords created at the Clarity LIMS level are for the admin, facility, and apiuser users.

• admin and facility users:

  • These users have no configuration associated with them.

  • You may change their passwords at any time.

• apiuser user:

  • After installation of Clarity LIMS, you can change this password. However, you must also update it in the file/vault secret store, using the Secret Management Util.

To change the apiuser password after installing Clarity LIMS**:**

1. Check for any remote Automation Workers, and take note of their locations in your network. You will need to restart these after changing the password.

2. Log in to the server as the root user.

3. Stop Clarity LIMS using the following command:

4. Go to /opt/gls/clarity/tools/secretutil.

5. Update the password in the secret store

   • For vault-based secret storage, use either the Vault command line interface (CLI) or Vault user interface (UI) to update the password.

   • For file-based secret storage, use Secret Management Util to update the password as follows:

6. Start Clarity LIMS using the following command:

Update Database Connection Details

In some circumstances (such as security breaches/compromises), the database connection details (eg, database password) are updated, which prevents Clarity LIMS from connecting to the database. You can correct this issue by updating Clarity LIMS with the new database connection details as follows.

1. Check for any remote Automation Workers.

2. Update the existing tenant with the new details.

3. Restart any Automation Workers.

To update database connection details:

1. Check for any remote Automation Workers, and take note of their locations in your network.

2. Log in to the server as the root user.

3. Stop Clarity LIMS using the following command:

4. Go to /opt/gls/clarity/tools/secretutil.

5. Update existing tenant with new details.

   • For vault-based secret storage, use either the Vault CLI or Vault UI to update the password.

   • For file-based secret storage, use the Secret Management Util to update the database password as the root user.

6. Start Clarity LIMS using the following command:

• Stores all integration-related passwords and allows read and write access.

• apiusers

  • Stores passwords that are used by packages and applications for API authentication (eg, the apiuser password).

  • Username is case sensitive.

  • For example, retrieve apiuser password from integration/apiusers/apiuser.

• external.file.stores

  • Stores password of external file stores used by Clarity LIMS.

  • External file store is optional to the Clarity LIMS system.

Ops

• Stores secrets related to operations.

  • For Illumina cloud hosted deployments, Illumina manages this path.

  • This path is optional for on-premise customers.

Using Vault UI

1. Log in to the Vault UI.

2. Select the Key Value (KV) secret engine with the path instances.

3. Look for the FQDN instance that you want to create the password for.

4. Select the path where you want to create the new password, ie, clarity/integration/ops.

5. Select Create Secret +.

6. Under Path for this secret, enter the path for the new password, eg, app.ldap.managerPass.

7. Under Version data:

   1. Enter 'value' into the key field.

   2. Enter the new password into the value field.

8. Select Save.

Log in to the Vault UI.