3 navsection: installguide
4 title: Install Workbench
7 h2. Install prerequisites
9 The Arvados package repository includes Workbench server package that can help automate much of the deployment.
11 h3(#install_ruby_and_bundler). Install Ruby and Bundler
13 {% include 'install_ruby_and_bundler' %}
15 h3(#build_tools_workbench). Build tools
17 * The Arvados Python SDK
19 * Build tools to build gem dependencies
22 Workbench doesn't need its own database, so it does not need to have PostgreSQL installed.
24 On older distributions, you may need to use a backports repository to satisfy these requirements. For example, on older Red Hat-based systems, consider using the "nginx16":https://www.softwarecollections.org/en/scls/rhscl/nginx16/ Software Collection.
26 On a Debian-based system, install the following packages:
29 <pre><code>~$ <span class="userinput">sudo apt-get install bison build-essential graphviz git nginx python-arvados-python-client arvados-workbench</span>
33 On a Red Hat-based system, install the following packages:
36 <pre><code>~$ <span class="userinput">sudo yum install bison make automake gcc gcc-c++ graphviz git nginx python27-python-arvados-python-client arvados-workbench</span>
40 {% include 'notebox_begin' %}
42 If you intend to use specific versions of these packages from Software Collections, you may have to adapt some of the package names to match; e.g., @nginx16@.
44 {% include 'notebox_end' %}
46 {% include 'note_python27_sc' %}
48 h2. Set up configuration files
50 The Workbench server package uses configuration files that you write to @/etc/arvados/workbench@ and ensures they're consistently deployed. Create this directory and copy the example configuration files to it:
53 <pre><code>~$ <span class="userinput">sudo mkdir -p /etc/arvados/workbench</span>
54 ~$ <span class="userinput">sudo chmod 700 /etc/arvados/workbench</span>
55 ~$ <span class="userinput">sudo cp /var/www/arvados-workbench/current/config/application.yml.example /etc/arvados/workbench/application.yml</span>
59 h2. Configure Workbench
61 Edit @/etc/arvados/workbench/application.yml@ following the instructions below. The deployment script will consistently deploy this to Workbench's configuration directory. Workbench reads both @application.yml@ and its own @config/application.defaults.yml@ file. Values in @application.yml@ take precedence over the defaults that are defined in @config/application.defaults.yml@. The @config/application.yml.example@ file is not read by Workbench and is provided for installation convenience only.
63 Consult @config/application.default.yml@ for a full list of configuration options. Always put your local configuration in @/etc/arvados/workbench/application.yml@—never edit @config/application.default.yml@.
67 This application needs a secret token. Generate a new secret:
70 <pre><code>~$ <span class="userinput">ruby -e 'puts rand(2**400).to_s(36)'</span>
71 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
75 Then put that value in the @secret_token@ field.
77 h3. arvados_login_base and arvados_v1_base
79 Point @arvados_login_base@ and @arvados_v1_base@ at your "API server":install-api-server.html. For example like this:
82 <pre><code>arvados_login_base: https://prefix_uuid.your.domain/login
83 arvados_v1_base: https://prefix_uuid.your.domain/arvados/v1
89 @site_name@ can be set to any arbitrary string. It is used to identify this Workbench to people visiting it.
91 h3. arvados_insecure_https
93 If the SSL certificate you use for your API server isn't an official certificate signed by a CA, make sure @arvados_insecure_https@ is @true@.
97 Consult @application.default.yml@ for a full list of configuration options. Always put your local configuration in @application.yml@ instead of editing @application.default.yml@.
101 In @/var/www/arvados-workbench/current/config@, copy @piwik.yml.example@ to @piwik.yml@ and edit to suit.
103 h2. Prepare the Workbench deployment
105 Now that all your configuration is in place, run @/usr/local/bin/arvados-workbench-upgrade.sh@. This will install and check your configuration, and install necessary gems.
107 {% include 'notebox_begin' %}
108 You can safely ignore the following error message you may see when installing gems:
110 <pre><code>themes_for_rails at /usr/local/rvm/gems/ruby-2.1.1/bundler/gems/themes_for_rails-1fd2d7897d75 did not have a valid gemspec.
111 This prevents bundler from installing bins or native extensions, but that may not affect its functionality.
112 The validation message from Rubygems was:
113 duplicate dependency on rails (= 3.0.11, development), (>= 3.0.0) use:
114 add_runtime_dependency 'rails', '= 3.0.11', '>= 3.0.0'
115 Using themes_for_rails (0.5.1) from https://github.com/holtkampw/themes_for_rails (at 1fd2d78)
118 {% include 'notebox_end' %}
120 This command aborts when it encounters an error. It's safe to rerun multiple times, so if there's a problem with your configuration, you can fix that and try again.
122 h2. Set up Web server
124 For best performance, we recommend you use Nginx as your Web server front-end, with a Passenger backend to serve Workbench. To do that:
128 <li>Install Nginx via your distribution or a backports repository.</li>
130 <li><a href="https://www.phusionpassenger.com/documentation/Users%20guide%20Nginx.html">Install Phusion Passenger for Nginx</a>.</li>
132 <li><p>Edit the http section of your Nginx configuration to run the Passenger server, and act as a front-end for it. You might add a block like the following, adding SSL and logging parameters to taste:</p>
135 listen 127.0.0.1:9000;
136 server_name localhost-workbench;
138 root /var/www/arvados-workbench/current/public;
139 index index.html index.htm index.php;
141 passenger_enabled on;
142 # If you're using RVM, uncomment the line below.
143 #passenger_ruby /usr/local/rvm/wrappers/default/ruby;
147 server 127.0.0.1:9000 fail_timeout=10s;
150 proxy_http_version 1.1;
153 listen <span class="userinput">[your public IP address]</span>:443 ssl;
154 server_name workbench.<span class="userinput">uuid-prefix.your.domain</span>;
158 index index.html index.htm index.php;
161 proxy_pass http://workbench;
164 proxy_set_header X-Forwarded-Proto https;
165 proxy_set_header Host $http_host;
166 proxy_set_header X-External-Client $external_client;
167 proxy_set_header X-Real-IP $remote_addr;
168 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
174 <li>Restart Nginx.</li>
179 h2. Trusted client setting
181 Log in to Workbench once to ensure that the Arvados API server has a record of the Workbench client. (It's OK if Workbench says your account hasn't been activated yet. We'll deal with that next.)
183 In the <strong>API server</strong> project root, start the rails console. Locate the ApiClient record for your Workbench installation (typically, while you're setting this up, the @last@ one in the database is the one you want), then set the @is_trusted@ flag for the appropriate client record:
185 <notextile><pre><code>/var/www/arvados-api/current$ <span class="userinput">RAILS_ENV=production bundle exec rails console</span>
186 irb(main):001:0> <span class="userinput">wb = ApiClient.all.last; [wb.url_prefix, wb.created_at]</span>
187 => ["https://workbench.example.com/", Sat, 19 Apr 2014 03:35:12 UTC +00:00]
188 irb(main):002:0> <span class="userinput">include CurrentApiClient</span>
190 irb(main):003:0> <span class="userinput">act_as_system_user do wb.update_attributes!(is_trusted: true) end</span>
195 h2(#admin-user). Add an admin user
197 Next, we're going to use the rails console on the <strong>API server</strong> to activate our own account and give yourself admin privileges:
200 <pre><code>/var/www/arvados-api/current$ <span class="userinput">RAILS_ENV=production bundle exec rails console</span>
201 irb(main):001:0> <span class="userinput">Thread.current[:user] = User.all.select(&:identity_url).last</span>
202 irb(main):002:0> <span class="userinput">Thread.current[:user].is_admin = true</span>
203 irb(main):003:0> <span class="userinput">Thread.current[:user].update_attributes is_admin: true, is_active: true</span>
204 irb(main):004:0> <span class="userinput">User.where(is_admin: true).collect &:email</span>
205 => ["root", "<b>your_address@example.com</b>"]
206 </code></pre></notextile>
208 At this point, you should have a working Workbench login with administrator privileges. Revisit your Workbench URL in a browser and reload the page to access it.