16435: Merge branch 'master' into 16435-sync-groups-perm-levels
[arvados.git] / doc / install / install-workbench-app.html.textile.liquid
1 ---
2 layout: default
3 navsection: installguide
4 title: Install Workbench
5 ...
6 {% comment %}
7 Copyright (C) The Arvados Authors. All rights reserved.
8
9 SPDX-License-Identifier: CC-BY-SA-3.0
10 {% endcomment %}
11
12 # "Install dependencies":#dependencies
13 # "Update config.yml":#update-config
14 # "Update Nginx configuration":#update-nginx
15 # "Trusted client flag":#trusted_client
16 # "Install arvados-workbench":#install-packages
17 # "Restart the API server and controller":#restart-api
18 # "Confirm working installation":#confirm-working
19
20 h2(#dependencies). Install dependencies
21
22 # "Install Ruby and Bundler":ruby.html
23 # "Install nginx":nginx.html
24 # "Install Phusion Passenger":https://www.phusionpassenger.com/library/walkthroughs/deploy/ruby/ownserver/nginx/oss/install_passenger_main.html
25
26 h2(#configure). Update config.yml
27
28 Edit @config.yml@ to set the keys below.  The full set of configuration options are in the "Workbench section of config.yml":{{site.baseurl}}/admin/config.html
29
30 <notextile>
31 <pre><code>    Services:
32       Workbench1:
33         ExternalURL: <span class="userinput">"https://workbench.ClusterID.example.com"</span>
34     Workbench:
35       SecretKeyBase: <span class="userinput">aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</span>
36     Users:
37       AutoAdminFirstUser: true
38 </code></pre>
39 </notextile>
40
41 This application needs a secret token. Generate a new secret:
42
43 <notextile>
44 <pre><code>~$ <span class="userinput">ruby -e 'puts rand(2**400).to_s(36)'</span>
45 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
46 </code></pre>
47 </notextile>
48
49 Then put that value in the @Workbench.SecretKeyBase@ field.
50
51 You probably want to enable @Users.AutoAdminFirstUser@ .  The first user to log in when no other admin user exists will automatically be made an admin.
52
53 h2(#update-nginx). Update nginx configuration
54
55 Use a text editor to create a new file @/etc/nginx/conf.d/arvados-workbench.conf@ with the following configuration.  Options that need attention are marked in <span class="userinput">red</span>.
56
57 <notextile>
58 <pre><code>server {
59     listen       80;
60     server_name  workbench.<span class="userinput">ClusterID.example.com</span>;
61     return 301   https://workbench.<span class="userinput">ClusterID.example.com</span>$request_uri;
62 }
63
64 server {
65   listen       *:443 ssl;
66   server_name  workbench.<span class="userinput">ClusterID.example.com</span>;
67
68   ssl on;
69   ssl_certificate     <span class="userinput">/YOUR/PATH/TO/cert.pem</span>;
70   ssl_certificate_key <span class="userinput">/YOUR/PATH/TO/cert.key</span>;
71
72   root /var/www/arvados-workbench/current/public;
73   index  index.html;
74
75   passenger_enabled on;
76   # If you're using RVM, uncomment the line below.
77   #passenger_ruby /usr/local/rvm/wrappers/default/ruby;
78
79   # `client_max_body_size` should match the corresponding setting in
80   # the API.MaxRequestSize and Controller's server's Nginx configuration.
81   client_max_body_size 128m;
82 }
83 </code></pre>
84 </notextile>
85
86 h2(#trusted_client). Trusted client flag
87
88 In the <strong>API server</strong> project root, start the Rails console.  {% include 'install_rails_command' %}
89
90 Create an ApiClient record for your Workbench installation with the @is_trusted@ flag set.
91
92 <notextile><pre><code>irb(main):001:0&gt; <span class="userinput">include CurrentApiClient</span>
93 =&gt; true
94 irb(main):002:0&gt; <span class="userinput">act_as_system_user do ApiClient.create!(url_prefix: "https://workbench.ClusterID.example.com/", is_trusted: true) end</span>
95 =&gt; #&lt;ApiClient id: 2, uuid: "...", owner_uuid: "...", modified_by_client_uuid: nil, modified_by_user_uuid: "...", modified_at: "2019-12-16 14:19:10", name: nil, url_prefix: "https://workbench.ClusterID.example.com/", created_at: "2019-12-16 14:19:10", updated_at: "2019-12-16 14:19:10", is_trusted: true&gt;
96 </code></pre>
97 </notextile>
98
99 {% assign arvados_component = 'arvados-workbench' %}
100
101 {% include 'install_packages' %}
102
103 {% include 'restart_api' %}
104
105 h2(#confirm-working). Confirm working installation
106
107 Visit @https://workbench.ClusterID.example.com@ in a browser.  You should be able to log in using the login method you configured in the previous step.  If @Users.AutoAdminFirstUser@ is true, you will be an admin user.