--- layout: default navsection: installguide title: Install the controller ... {% comment %} Copyright (C) The Arvados Authors. All rights reserved. SPDX-License-Identifier: CC-BY-SA-3.0 {% endcomment %} The arvados-controller service must be installed on your API server node. On Debian-based systems:

~$ sudo apt-get install arvados-controller

On Red Hat-based systems:

~$ sudo yum install arvados-controller

Verify the @arvados-controller@ program is functional:

~$ arvados-controller -h
Usage:
  -config file
[...]

h3. Configure Nginx to route requests to the controller Add @upstream@ and @server@ definitions inside the @http@ section of your Nginx configuration using the following template. {% include 'notebox_begin' %} If you are adding arvados-controller to an existing system as part of the upgrade procedure, do not add a new "server" part here. Instead, add only the "upstream" part as shown here, and update your existing "server" section by changing its @proxy_pass@ directive from @http://api@ to @http://controller@. {% include 'notebox_end' %}

upstream controller {
  server     127.0.0.1:9004  fail_timeout=10s;
}

server {
  listen       [your public IP address]:443 ssl;
  server_name  uuid_prefix.your.domain;

  ssl on;
  ssl_certificate     /YOUR/PATH/TO/cert.pem;
  ssl_certificate_key /YOUR/PATH/TO/cert.key;

  # Refer to the comment about this setting in the passenger (arvados
  # api server) section of your Nginx configuration.
  client_max_body_size 128m;

  location / {
    proxy_pass            http://controller;
    proxy_redirect        off;
    proxy_connect_timeout 90s;
    proxy_read_timeout    300s;

    proxy_set_header      X-Forwarded-Proto https;
    proxy_set_header      Host $http_host;
    proxy_set_header      X-External-Client $external_client;
    proxy_set_header      X-Real-IP $remote_addr;
    proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}

Restart Nginx to apply the new configuration.

~$ sudo nginx -s reload

h3(#configuration). Configure arvados-controller Create the cluster configuration file @/etc/arvados/config.yml@ using the following template.

Clusters:
  uuid_prefix:
    Services:
      Controller:
        InternalURLs:
          "http://localhost:9004": {} # must match the "upstream controller" section of your Nginx config
      RailsAPI:
        arvados-api-server:
          "http://localhost:8000": {} # must match the "upstream api" section of your Nginx config
    PostgreSQL:
      ConnectionPool: 128
      Connection:
        host: localhost
        dbname: arvados_production
        user: arvados
        password: xxxxxxxx
        sslmode: require

Create the host configuration file @/etc/arvados/environment@.

ARVADOS_NODE_PROFILE=apiserver

h3. Start the service (option 1: systemd) If your system does not use systemd, skip this section and follow the "runit instructions":#runit instead. If your system uses systemd, the arvados-controller service should already be set up. Restart it to load the new configuration file, and check its status:

~$ sudo systemctl restart arvados-controller
~$ sudo systemctl status arvados-controller
● arvados-controller.service - Arvados controller
   Loaded: loaded (/lib/systemd/system/arvados-controller.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2018-07-31 13:17:44 UTC; 3s ago
     Docs: https://doc.arvados.org/
 Main PID: 25066 (arvados-control)
   CGroup: /system.slice/arvados-controller.service
           └─25066 /usr/bin/arvados-controller

Jul 31 13:17:44 zzzzz systemd[1]: Starting Arvados controller...
Jul 31 13:17:44 zzzzz arvados-controller[25191]: {"Listen":"[::]:9004","Service":"arvados-controller","level":"info","msg":"listening","time":"2018-07-31T13:17:44.521694195Z"}
Jul 31 13:17:44 zzzzz systemd[1]: Started Arvados controller.

Skip ahead to "confirm the service is working":#confirm. h3(#runit). Start the service (option 2: runit) Install runit to supervise the arvados-controller daemon. {% include 'install_runit' %} Create a supervised service.

~$ sudo mkdir /etc/service/arvados-controller
~$ cd /etc/service/arvados-controller
~$ sudo mkdir log log/main
~$ printf '#!/bin/sh\nset -a\n. /etc/arvados/environment\nexec arvados-controller 2>&1\n' | sudo tee run
~$ printf '#!/bin/sh\nexec svlogd main\n' | sudo tee log/run
~$ sudo chmod +x run log/run
~$ sudo sv exit .
~$ cd -

Use @sv stat@ and check the log file to verify the service is running.

~$ sudo sv stat /etc/service/arvados-controller
run: /etc/service/arvados-controller: (pid 12520) 2s; run: log: (pid 12519) 2s
~$ tail /etc/service/arvados-controller/log/main/current
{"Listen":"[::]:9004","Service":"arvados-controller","level":"info","msg":"listening","time":"2018-07-31T13:17:44.521694195Z"}

h3(#confirm). Confirm the service is working Confirm the service is listening on its assigned port and responding to requests.

~$ curl -X OPTIONS http://0.0.0.0:9004/login
{"errors":["Forbidden"],"error_token":"1533044555+684b532c"}

h3(#confirm-config). Confirm the public configuration is OK Confirm the publicly accessible configuration endpoint does not reveal any sensitive information (e.g., a secret that was mistakenly entered under the wrong configuration key). Use the jq program, if you have installed it, to make the JSON document easier to read.

~$ curl http://0.0.0.0:9004/arvados/v1/config | jq .
{
  "API": {
    "MaxItemsPerResponse": 1000,
    "MaxRequestAmplification": 4,
    "RequestTimeout": "5m"
  },
  ...