3 navsection: installguide
4 title: Install the API server
9 # A GNU/Linux (virtual) machine
10 # A domain name for your api server
12 h2(#dependencies). Install dependencies
15 <pre><code>~$ <span class="userinput">sudo apt-get install \
16 bison build-essential gettext libcurl3 libcurl3-gnutls \
17 libcurl4-openssl-dev libpcre3-dev libpq-dev libreadline-dev \
18 libsqlite3-dev libssl-dev libxslt1.1 postgresql sqlite3 sudo \
20 </span></code></pre></notextile>
22 h2(#ruby). Install Ruby and bundler
24 We recommend Ruby >= 2.1.
27 <pre><code><span class="userinput">mkdir -p ~/src
29 wget http://cache.ruby-lang.org/pub/ruby/2.1/ruby-2.1.2.tar.gz
30 tar xzf ruby-2.1.2.tar.gz
36 sudo gem install bundler</span>
37 </code></pre></notextile>
39 h2. Download the source tree
42 <pre><code>~$ <span class="userinput">cd $HOME</span> # (or wherever you want to install)
43 ~$ <span class="userinput">git clone https://github.com/curoverse/arvados.git</span>
44 </code></pre></notextile>
46 See also: "Downloading the source code":https://arvados.org/projects/arvados/wiki/Download on the Arvados wiki.
48 h2. Install gem dependencies
51 <pre><code>~$ <span class="userinput">cd arvados/services/api</span>
52 ~/arvados/services/api$ <span class="userinput">bundle install</span>
53 </code></pre></notextile>
55 h2. Configure the API server
57 Edit the main configuration:
60 <pre><code>~/arvados/services/api$ <span class="userinput">cp -i config/application.yml.example config/application.yml</span>
61 </code></pre></notextile>
63 Choose a unique 5-character alphanumeric string to use as your @uuid_prefix@. An example is given that generates a 5-character string based on a hash of your hostname. The @uuid_prefix@ is a unique identifier for your API server. It also serves as the first part of the hostname for your API server.
65 For a development site, use your own domain instead of arvadosapi.com.
67 Make sure a clone of the arvados repository exists in @git_repositories_dir@:
70 <pre><code>~/arvados/services/api$ <span class="userinput">sudo mkdir -p /var/cache/git</span>
71 ~/arvados/services/api$ <span class="userinput">sudo git clone --bare ../../.git /var/cache/git/arvados.git</span>
72 </code></pre></notextile>
74 Generate a new secret token for signing cookies:
77 <pre><code>~/arvados/services/api$ <span class="userinput">rake secret</span>
78 zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
79 </code></pre></notextile>
81 If you want access control on your Keep server(s), you should set @blob_signing_key@ to the same value as the permission key you provided to your "Keep server(s)":install-keep.html.
83 Put it in @config/application.yml@ in the production or common section:
86 <pre><code><span class="userinput"> secret_token: zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz</span>
90 Consult @application.default.yml@ for a full list of configuration options. Always put your local configuration in @application.yml@ instead of editing @application.default.yml@.
92 Generate a new database password. Nobody ever needs to memorize it or type it, so we'll make a strong one:
95 <pre><code>~/arvados/services/api$ <span class="userinput">ruby -e 'puts rand(2**128).to_s(36)'</span>
96 6gqa1vu492idd7yca9tfandj3
97 </code></pre></notextile>
99 Create a new database user with permission to create its own databases.
102 <pre><code>~/arvados/services/api$ <span class="userinput">sudo -u postgres createuser --createdb --encrypted --pwprompt arvados</span>
103 [sudo] password for <b>you</b>: <span class="userinput">yourpassword</span>
104 Enter password for new role: <span class="userinput">paste-password-you-generated</span>
105 Enter it again: <span class="userinput">paste-password-again</span>
106 Shall the new role be a superuser? (y/n) <span class="userinput">n</span>
107 Shall the new role be allowed to create more new roles? (y/n) <span class="userinput">n</span>
108 </code></pre></notextile>
110 Configure API server to connect to your database by creating and updating @config/database.yml@. Replace the @xxxxxxxx@ database password placeholders with the new password you generated above.
113 <pre><code>~/arvados/services/api$ <span class="userinput">cp -i config/database.yml.sample config/database.yml</span>
114 ~/arvados/services/api$ <span class="userinput">edit config/database.yml</span>
115 </code></pre></notextile>
117 Create and initialize the database.
120 <pre><code>~/arvados/services/api$ <span class="userinput">RAILS_ENV=development bundle exec rake db:setup</span>
121 </code></pre></notextile>
126 <pre><code>~/arvados/services/api$ <span class="userinput">cp -i config/initializers/omniauth.rb.example config/initializers/omniauth.rb
127 </code></pre></notextile>
129 Edit @config/initializers/omniauth.rb@, and tell your api server to use the Curoverse SSO server for authentication:
132 <pre><code>APP_ID = 'local_docker_installation'
133 APP_SECRET = 'yohbai4eecohshoo1Yoot7tea9zoca9Eiz3Tajahweo9eePaeshaegh9meiye2ph'
134 CUSTOM_PROVIDER_URL = 'https://auth.curoverse.com'
135 </code></pre></notextile>
138 <div class="alert alert-block alert-info">
139 <button type="button" class="close" data-dismiss="alert">×</button>
141 <p>You can also run your own SSO server. However, the SSO server codebase currently uses OpenID 2.0 to talk to Google's authentication service. Google <a href="https://developers.google.com/accounts/docs/OpenID2">has deprecated that protocol</a>. This means that new clients will not be allowed to talk to Google's authentication services anymore over OpenID 2.0, and they will phase out the use of OpenID 2.0 completely in the coming monts. We are working on upgrading the SSO server codebase to a newer protocol. That work should be complete by the end of November 2014. In the mean time, anyone is free to use the existing Curoverse SSO server for any local Arvados installation.</p>
144 You can now run the development server:
147 <pre><code>~/arvados/services/api$ <span class="userinput">bundle exec rails server --port=3030
148 </code></pre></notextile>
150 h3. Apache/Passenger (optional)
152 You can use "Passenger":https://www.phusionpassenger.com/ for deployment. Point it to the services/api directory in the source tree.
154 To enable streaming so users can monitor crunch jobs in real time, add to your Passenger configuration in Apache:
157 <pre><code><span class="userinput">PassengerBufferResponse off</span>
161 h2(#admin-user). Add an admin user
163 Point your browser to the API server's login endpoint:
166 <pre><code><span class="userinput">https://localhost:3030/login</span>
170 Log in with your google account.
172 Use the rails console to give yourself admin privileges:
175 <pre><code>~/arvados/services/api$ <span class="userinput">bundle exec rails console</span>
176 irb(main):001:0> <span class="userinput">Thread.current[:user] = User.all.select(&:identity_url).last</span>
177 irb(main):002:0> <span class="userinput">Thread.current[:user].is_admin = true</span>
178 irb(main):003:0> <span class="userinput">Thread.current[:user].update_attributes is_admin: true, is_active: true</span>
179 irb(main):004:0> <span class="userinput">User.where(is_admin: true).collect &:email</span>
180 => ["root", "<b>your_address@example.com</b>"]
181 </code></pre></notextile>