--- layout: default navsection: installguide title: Install Keepstore servers ... This installation guide assumes you are on a 64 bit Debian or Ubuntu system. We are going to install two Keepstore servers. By convention, we use the following hostname pattern:
table(table table-bordered table-condensed). |_Hostname_| |keep0.@uuid_prefix@.your.domain| |keep1.@uuid_prefix@.your.domain|
Because the Keepstore servers are not directly accessible from the internet, these hostnames only need to resolve on the local network. h2. Install Keepstore First add the Arvados apt repository, and then install the Keepstore package.
~$ echo "deb http://apt.arvados.org/ wheezy main" | sudo tee /etc/apt/sources.list.d/apt.arvados.org.list
~$ sudo /usr/bin/apt-key adv --keyserver pool.sks-keyservers.net --recv 1078ECD7
~$ sudo /usr/bin/apt-get update
~$ sudo /usr/bin/apt-get install keepstore
Verify that Keepstore is functional:
~$ keepstore -h
2014/10/29 14:23:38 Keep started: pid 6848
Usage of keepstore:
  -data-manager-token-file="": File with the API token used by the Data Manager. All DELETE requests or GET /index requests must carry this token.
  -enforce-permissions=false: Enforce permission signatures on requests.
  -listen=":25107": Interface on which to listen for requests, in the format ipaddr:port. e.g. -listen=10.0.1.24:8000. Use -listen=:port to listen on all network interfaces.
  -never-delete=false: If set, nothing will be deleted. HTTP 405 will be returned for valid DELETE requests.
  -permission-key-file="": File containing the secret key for generating and verifying permission signatures.
  -permission-ttl=1209600: Expiration time (in seconds) for newly generated permission signatures.
  -pid="": Path to write pid file
  -serialize=false: If set, all read and write operations on local Keep volumes will be serialized.
  -volumes="": Comma-separated list of directories to use for Keep volumes, e.g. -volumes=/var/keep1,/var/keep2. If empty or not supplied, Keep will scan mounted filesystems for volumes with a /keep top-level directory.
If you want access control on your Keepstore server(s), you should provide a permission key. The @-permission-key-file@ argument should contain the path to a file that contains a single line with a long random alphanumeric string. It should be the same as the @blob_signing_key@ that can be set in the "API server":install-api-server.html config/application.yml file. Prepare one or more volumes for Keepstore to use. Simply create a /keep directory on all the partitions you would like Keepstore to use, and then start Keepstore. For example, using 2 tmpfs volumes:
~$ keepstore
2014/10/29 11:41:37 Keep started: pid 20736
2014/10/29 11:41:37 adding Keep volume: /tmp/tmp.vwSCtUCyeH/keep
2014/10/29 11:41:37 adding Keep volume: /tmp/tmp.Lsn4w8N3Xv/keep
2014/10/29 11:41:37 Running without a PermissionSecret. Block locators returned by this server will not be signed, and will be rejected by a server that enforces permissions.
2014/10/29 11:41:37 To fix this, run Keep with --permission-key-file= to define the location of a file containing the permission key.

It's recommended to run Keepstore under "runit":https://packages.debian.org/search?keywords=runit or something similar. Repeat this section for each Keepstore server you are setting up. h3. Tell the API server about the Keepstore servers The API server needs to be informed about the presence of your Keepstore servers. For each of the Keepstore servers you have created, please execute the following commands on your shell server. Make sure to update the @service_host@ value to match each of your Keepstore servers.
~$ prefix=`arv --format=uuid user current | cut -d- -f1`
~$ echo "Site prefix is '$prefix'"
~$ read -rd $'\000' keepservice <<EOF; arv keep_service create --keep-service "$keepservice"
{
 "service_host":"keep0.$prefix.your.domain",
 "service_port":25107,
 "service_ssl_flag":false,
 "service_type":"disk"
}
EOF