Getting Started

These are some brief instructions to get you up and running with Ontoserver.

Make sure you check the details of the latest changes.

System Requirements

The requirements for running an Ontoserver instance are heavily dependent on the intended usage. For the basic usage pattern (< 20 concurrent users, syndicating a small number of binary indexes but not building indexes from source), the following resource levels are recommended (on top of a 64-bit docker machine)

Resource Minimum Recommended
CPUs or Cores 2 4
RAM 2GB 8GB
Storage/Disk 10GB 20GB

Building indexes from sources (e.g. RF2) is very demanding on memory - in these cases, at least 16GB of RAM is recommended.

Set up your environment

  • Install Docker

    In order to run Ontoserver, you first need a Docker environment. This will allow you to control the hosts (whether real or virtual, local or remote) on which Ontoserver and its database will run.

    The simplest method is to download and install a Docker Engine https://www.docker.com/products/container-runtime

    This should provide you with both the docker and docker-compose commands.

    If you wish to run Ontoserver on a remote virtual host, you may need to configure the appropriate drivers

  • Establish an account with quay.io at https://quay.io
  • Obtain an appropriate Licence:
    • Within Australia, email help@digitalhealth.gov.au to request a (free) Ontoserver licence. ADHA will then arrange authorisation for your quay.io account.
    • Elsewhere, email ontoserver-support@csiro.au to discuss licensing terms (both evaluation and production licences are available for single and multiple instances, no limit on number of users). Once the licence is established, CSIRO will register your quay.io account name to enable access to their repository
  • Log in to quay.io with:
    docker login quay.io

Minimal Configuration

  • Create a text file called docker-compose.yml with the following contents (or download ./docker-compose.yml).
  • If deploying in Australia, details on configuring NCTS_CLIENT_ID and NCTS_CLIENT_SECRET can be found here.

    Otherwise, you only need to include this configuration if you have a secured upstream syndication service. In this case, the process for obtaining credentials will be specific to your syndication provider.

  • You will almost certainly want to set the JVM maximum heap via JAVA_OPTS=-Xmx as per below, as the defaults can be unreliable.
  • NOTE: By default, Ontoserver will run using SSL/TLS (i.e. https://). To disable SSL/TLS, add - ONTOSERVER_INSECURE=true to the environment section of the ontoserver container in the docker-compose.yml file.
    version: '3'
    volumes:
      onto:
        driver: local
      pgdata:
        driver: local
    services:
      db:
        image: postgres:12
        volumes:
          - pgdata:/var/lib/postgresql/data
        healthcheck:
          test: ["CMD-SHELL", "pg_isready -U postgres"]
          interval: 10s
          timeout: 5s
          retries: 5
        environment:
          - POSTGRES_HOST_AUTH_METHOD=trust
      ontoserver:
        image: quay.io/aehrc/ontoserver:ctsa-6
        container_name: ontoserver
        read_only: true
        security_opt:
          - no-new-privileges
        depends_on:
          - db
        ports:
          - "8443:8443"
          - "8080:8080"
        environment:
    # These two lines are specific to deployment in Australia only
          - authentication.oauth.endpoint.client_id.0=NCTS_CLIENT_ID
          - authentication.oauth.endpoint.client_secret.0=NCTS_CLIENT_SECRET
          - JAVA_OPTS=-Xmx2G        # Minimum
    #      - JAVA_OPTS=-Xmx8G      # Preferred
        volumes:
          - onto:/var/onto
          - /tmp
          - /var/log
    
    

Common Configurations

  • For production deployment we strongly recommend running Ontoserver behind an HTTP caching reverse proxy. We have found NGINX to be a very suitable for this task.
  • You can find several sample deployments on the branchs in this GitHub repository https://github.com/aehrc/ontoserver-deploy and this is by far the simplest path to installing custom certificates for SSL/TLS support.

Running Ontoserver

Starting

docker-compose up -d

Note: Ontoserver can take a short while (up to 60 seconds) to start up. During this time it will not respond to requests such as downloading an SCT-AU version.

Stopping

docker-compose stop

Get the latest SNOMED CT-AU version

docker exec ontoserver /index.sh

Get a specific SNOMED CT-AU version

docker exec ontoserver /index.sh -v 20191231

Note: Retrieving a SNOMED index involves a large download; this may take a while, depending on network bandwidth.

For further documentation on index.sh

docker exec ontoserver /index.sh -h

Inspect the logs

docker logs ontoserver

Note: if you wish to see live updates to the logs, you should use

docker logs -f ontoserver