---
layout: default
navsection: installguide
title: Install Workbench
...
{% comment %}
Copyright (C) The Arvados Authors. All rights reserved.
SPDX-License-Identifier: CC-BY-SA-3.0
{% endcomment %}
h2. Install prerequisites
The Arvados package repository includes a Workbench server package that can help automate much of the deployment.
h3(#install_ruby_and_bundler). Install Ruby and Bundler
{% include 'install_ruby_and_bundler' %}
h2(#install_workbench). Install Workbench and dependencies
Workbench doesn't need its own database, so it does not need to have PostgreSQL installed.
{% assign rh_version = "7" %}
{% include 'note_python_sc' %}
On a Debian-based system, install the following packages:
~$ sudo apt-get install bison build-essential graphviz git python-arvados-python-client arvados-workbench
On a Red Hat-based system, install the following packages:
~$ sudo yum install bison make automake gcc gcc-c++ graphviz git python-arvados-python-client arvados-workbench
h2(#configure). Configure Workbench
Edit @/etc/arvados/config.yml@ following the instructions below. Only a few of the most important configuration options are listed here. The full set of configuration options are in the "Workbench section of config.yml":{{site.baseurl}}/admin/config.html
h3. Workbench.SecretKeyBase
This application needs a secret token. Generate a new secret:
~$ ruby -e 'puts rand(2**400).to_s(36)'
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Then put that value in the @Workbench.SecretKeyBase@ field.
h3. Services.Controller.ExternalURL
Ensure that @Services.Controller.ExternalURL@ is configured for "Arvados Controller":install-controller.html . For example like this:
Cluster:
zzzzz:
Services:
Controller:
ExternalURL: https://prefix_uuid.your.domain
h3. Workbench.SiteName
@Workbench.SiteName@ can be set to any arbitrary string. It is used to identify this Workbench to people visiting it.
h3. TLS.Insecure
For testing only. Allows use of self-signed certificates. If true, workbench will not verify the TLS certificate of Arvados Controller.
h2. Configure Piwik
Piwik is optional, and can be to gather usage analytics. In @/var/www/arvados-workbench/current/config@, copy @piwik.yml.example@ to @piwik.yml@ and edit to suit.
h2. Set up Web server
For best performance, we recommend you use Nginx as your Web server front-end, with a Passenger backend to serve Workbench. To do that:
- Install Nginx and Phusion Passenger.
Edit the http section of your Nginx configuration to run the Passenger server, and act as a front-end for it. You might add a block like the following, adding SSL and logging parameters to taste:
server {
listen 127.0.0.1:9000;
server_name localhost-workbench;
root /var/www/arvados-workbench/current/public;
index index.html index.htm index.php;
passenger_enabled on;
# If you're using RVM, uncomment the line below.
#passenger_ruby /usr/local/rvm/wrappers/default/ruby;
# `client_max_body_size` should match the corresponding setting in
# the API.MaxRequestSize and Controller's server's Nginx configuration.
client_max_body_size 128m;
}
upstream workbench {
server 127.0.0.1:9000 fail_timeout=10s;
}
proxy_http_version 1.1;
server {
listen [your public IP address]:443 ssl;
server_name workbench.uuid-prefix.your.domain;
ssl on;
ssl_certificate /YOUR/PATH/TO/cert.pem;
ssl_certificate_key /YOUR/PATH/TO/cert.key;
index index.html index.htm index.php;
# `client_max_body_size` should match the corresponding setting in
# the API.MaxRequestSize and Controller's server's Nginx configuration.
client_max_body_size 128m;
location / {
proxy_pass http://workbench;
proxy_redirect off;
proxy_connect_timeout 90s;
proxy_read_timeout 300s;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
- Restart Nginx.
h2. Prepare the Workbench deployment
{% assign railspkg = "arvados-workbench" %}
{% include 'install_rails_reconfigure' %}
{% include 'notebox_begin' %}
You can safely ignore the following error message you may see when Ruby Gems are installed:
themes_for_rails at /usr/local/rvm/gems/ruby-2.1.1/bundler/gems/themes_for_rails-1fd2d7897d75 did not have a valid gemspec.
This prevents bundler from installing bins or native extensions, but that may not affect its functionality.
The validation message from Rubygems was:
duplicate dependency on rails (= 3.0.11, development), (>= 3.0.0) use:
add_runtime_dependency 'rails', '= 3.0.11', '>= 3.0.0'
Using themes_for_rails (0.5.1) from https://github.com/holtkampw/themes_for_rails (at 1fd2d78)
{% include 'notebox_end' %}
h2. Trusted client setting
Log in to Workbench once to ensure that the Arvados API server has a record of the Workbench client. (It's OK if Workbench says your account hasn't been activated yet. We'll deal with that next.)
In the API server project root, start the Rails console. {% include 'install_rails_command' %}
At the console, enter the following commands to locate the ApiClient record for your Workbench installation (typically, while you're setting this up, the @last@ one in the database is the one you want), then set the @is_trusted@ flag for the appropriate client record:
irb(main):001:0> wb = ApiClient.all.last; [wb.url_prefix, wb.created_at]
=> ["https://workbench.example.com/", Sat, 19 Apr 2014 03:35:12 UTC +00:00]
irb(main):002:0> include CurrentApiClient
=> true
irb(main):003:0> act_as_system_user do wb.update_attributes!(is_trusted: true) end
=> true
h2(#admin-user). Add an admin user
Next, we're going to use the Rails console on the API server to activate your account and give yourself admin privileges. {% include 'install_rails_command' %}
Enter the following commands at the console:
irb(main):001:0> Thread.current[:user] = User.all.select(&:identity_url).last
irb(main):002:0> Thread.current[:user].update_attributes is_admin: true, is_active: true
irb(main):003:0> User.where(is_admin: true).collect &:email
=> ["root", "your_address@example.com"]
At this point, you should have a working Workbench login with administrator privileges. Revisit your Workbench URL in a browser and reload the page to access it.