3 navsection: installguide
4 title: Install Workbench
7 h2. Install prerequisites
9 The Arvados package repository includes a Workbench server package that can help automate much of the deployment.
11 h3(#install_ruby_and_bundler). Install Ruby and Bundler
13 {% include 'install_ruby_and_bundler' %}
15 h2(#install_workbench). Install Workbench and dependencies
17 Workbench doesn't need its own database, so it does not need to have PostgreSQL installed.
19 {% include 'note_python27_sc' %}
21 On a Debian-based system, install the following packages:
24 <pre><code>~$ <span class="userinput">sudo apt-get install bison build-essential graphviz git python-arvados-python-client arvados-workbench</span>
28 On a Red Hat-based system, install the following packages:
31 <pre><code>~$ <span class="userinput">sudo yum install bison make automake gcc gcc-c++ graphviz git python27-python-arvados-python-client arvados-workbench</span>
35 h2(#configure). Configure Workbench
37 Edit @/etc/arvados/workbench/application.yml@ following the instructions below. Workbench reads both @application.yml@ and its own @config/application.defaults.yml@ file. Values in @application.yml@ take precedence over the defaults that are defined in @config/application.defaults.yml@. The @config/application.yml.example@ file is not read by Workbench and is provided for installation convenience only.
39 Consult @config/application.default.yml@ for a full list of configuration options. Always put your local configuration in @/etc/arvados/workbench/application.yml@—never edit @config/application.default.yml@.
43 This application needs a secret token. Generate a new secret:
46 <pre><code>~$ <span class="userinput">ruby -e 'puts rand(2**400).to_s(36)'</span>
47 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
51 Then put that value in the @secret_token@ field.
53 h3. arvados_login_base and arvados_v1_base
55 Point @arvados_login_base@ and @arvados_v1_base@ at your "API server":install-api-server.html. For example like this:
58 <pre><code>arvados_login_base: https://prefix_uuid.your.domain/login
59 arvados_v1_base: https://prefix_uuid.your.domain/arvados/v1
65 @site_name@ can be set to any arbitrary string. It is used to identify this Workbench to people visiting it.
67 h3. arvados_insecure_https
69 If the SSL certificate you use for your API server isn't an official certificate signed by a CA, make sure @arvados_insecure_https@ is @true@.
73 Consult @application.default.yml@ for a full list of configuration options. Always put your local configuration in @application.yml@ instead of editing @application.default.yml@.
77 In @/var/www/arvados-workbench/current/config@, copy @piwik.yml.example@ to @piwik.yml@ and edit to suit.
81 For best performance, we recommend you use Nginx as your Web server front-end, with a Passenger backend to serve Workbench. To do that:
85 <li><a href="https://www.phusionpassenger.com/library/walkthroughs/deploy/ruby/ownserver/nginx/oss/install_passenger_main.html">Install Nginx and Phusion Passenger</a>.</li>
87 <li>If you're deploying on an older Red Hat-based distribution and installed Pythyon 2.7 from Software Collections, configure Nginx to use it:
89 <pre><code>~$ <span class="userinput">sudo usermod --shell /bin/bash nginx</span>
90 ~$ <span class="userinput">sudo -u nginx sh -c 'echo "[[ -z \$PS1 ]] && source scl_source enable python27" >>~/.bash_profile'</span>
95 <li><p>Edit the http section of your Nginx configuration to run the Passenger server, and act as a front-end for it. You might add a block like the following, adding SSL and logging parameters to taste:</p>
98 listen 127.0.0.1:9000;
99 server_name localhost-workbench;
101 root /var/www/arvados-workbench/current/public;
102 index index.html index.htm index.php;
104 passenger_enabled on;
105 # If you're using RVM, uncomment the line below.
106 #passenger_ruby /usr/local/rvm/wrappers/default/ruby;
108 # `client_max_body_size` should match the corresponding setting in
109 # the API server's Nginx configuration.
110 client_max_body_size 128m;
114 server 127.0.0.1:9000 fail_timeout=10s;
117 proxy_http_version 1.1;
120 listen <span class="userinput">[your public IP address]</span>:443 ssl;
121 server_name workbench.<span class="userinput">uuid-prefix.your.domain</span>;
124 ssl_certificate <span class="userinput">/YOUR/PATH/TO/cert.pem</span>;
125 ssl_certificate_key <span class="userinput">/YOUR/PATH/TO/cert.key</span>;
127 index index.html index.htm index.php;
128 # `client_max_body_size` should match the corresponding setting in
129 # the API server's Nginx configuration.
130 client_max_body_size 128m;
133 proxy_pass http://workbench;
135 proxy_connect_timeout 90s;
136 proxy_read_timeout 300s;
138 proxy_set_header X-Forwarded-Proto https;
139 proxy_set_header Host $http_host;
140 proxy_set_header X-Real-IP $remote_addr;
141 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
147 <li>Restart Nginx.</li>
152 h2. Prepare the Workbench deployment
154 {% assign railspkg = "arvados-workbench" %}
155 {% include 'install_rails_reconfigure' %}
157 {% include 'notebox_begin' %}
158 You can safely ignore the following error message you may see when Ruby Gems are installed:
160 <pre><code>themes_for_rails at /usr/local/rvm/gems/ruby-2.1.1/bundler/gems/themes_for_rails-1fd2d7897d75 did not have a valid gemspec.
161 This prevents bundler from installing bins or native extensions, but that may not affect its functionality.
162 The validation message from Rubygems was:
163 duplicate dependency on rails (= 3.0.11, development), (>= 3.0.0) use:
164 add_runtime_dependency 'rails', '= 3.0.11', '>= 3.0.0'
165 Using themes_for_rails (0.5.1) from https://github.com/holtkampw/themes_for_rails (at 1fd2d78)
168 {% include 'notebox_end' %}
170 h2. Trusted client setting
172 Log in to Workbench once to ensure that the Arvados API server has a record of the Workbench client. (It's OK if Workbench says your account hasn't been activated yet. We'll deal with that next.)
174 In the <strong>API server</strong> project root, start the Rails console. {% include 'install_rails_command' %}
176 At the console, enter the following commands to locate the ApiClient record for your Workbench installation (typically, while you're setting this up, the @last@ one in the database is the one you want), then set the @is_trusted@ flag for the appropriate client record:
178 <notextile><pre><code>irb(main):001:0> <span class="userinput">wb = ApiClient.all.last; [wb.url_prefix, wb.created_at]</span>
179 => ["https://workbench.example.com/", Sat, 19 Apr 2014 03:35:12 UTC +00:00]
180 irb(main):002:0> <span class="userinput">include CurrentApiClient</span>
182 irb(main):003:0> <span class="userinput">act_as_system_user do wb.update_attributes!(is_trusted: true) end</span>
187 h2(#admin-user). Add an admin user
189 Next, we're going to use the Rails console on the <strong>API server</strong> to activate your account and give yourself admin privileges. {% include 'install_rails_command' %}
191 Enter the following commands at the console:
194 <pre><code>irb(main):001:0> <span class="userinput">Thread.current[:user] = User.all.select(&:identity_url).last</span>
195 irb(main):002:0> <span class="userinput">Thread.current[:user].update_attributes is_admin: true, is_active: true</span>
196 irb(main):003:0> <span class="userinput">User.where(is_admin: true).collect &:email</span>
197 => ["root", "<b>your_address@example.com</b>"]
198 </code></pre></notextile>
200 At this point, you should have a working Workbench login with administrator privileges. Revisit your Workbench URL in a browser and reload the page to access it.