--- layout: default navsection: installguide title: Install Workbench ... {% comment %} Copyright (C) The Arvados Authors. All rights reserved. SPDX-License-Identifier: CC-BY-SA-3.0 {% endcomment %} h2. Install prerequisites The Arvados package repository includes a Workbench server package that can help automate much of the deployment. h3(#install_ruby_and_bundler). Install Ruby and Bundler {% include 'install_ruby_and_bundler' %} h2(#install_workbench). Install Workbench and dependencies Workbench doesn't need its own database, so it does not need to have PostgreSQL installed. {% assign rh_version = "7" %} {% include 'note_python_sc' %} On a Debian-based system, install the following packages:
~$ sudo apt-get install bison build-essential graphviz git python-arvados-python-client arvados-workbench
On a Red Hat-based system, install the following packages:
~$ sudo yum install bison make automake gcc gcc-c++ graphviz git python-arvados-python-client arvados-workbench
h2(#configure). Configure Workbench Edit @/etc/arvados/config.yml@ to set the keys below. Only the most important configuration options are listed here. The full set of configuration options are in the "Workbench section of config.yml":{{site.baseurl}}/admin/config.html h3. Workbench.SecretKeyBase This application needs a secret token. Generate a new secret:
~$ ruby -e 'puts rand(2**400).to_s(36)'
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Then put that value in the @Workbench.SecretKeyBase@ field.
Cluster:
  zzzzz:
    Workbench:
      SecretKeyBase: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
h3. Services.Controller.ExternalURL Ensure that @Services.Controller.ExternalURL@ is configured for "Arvados Controller":install-controller.html . For example like this:
Cluster:
  zzzzz:
    Services:
      Controller:
        ExternalURL: https://prefix_uuid.your.domain
h3. Workbench.SiteName @Workbench.SiteName@ can be set to any arbitrary string. It is used to identify this Workbench to people visiting it.
Cluster:
  zzzzz:
    Workbench:
      SiteName: My Arvados
h3. TLS.Insecure For testing only. Allows use of self-signed certificates. If true, workbench will not verify the TLS certificate of Arvados Controller.
Cluster:
  zzzzz:
    TLS:
      Insecure: false
h2. Configure Piwik (optional) Piwik can be used to gather usage analytics. In @/var/www/arvados-workbench/current/config@, copy @piwik.yml.example@ to @piwik.yml@ and edit to suit. h2. Set up Web server For best performance, we recommend you use Nginx as your Web server front-end, with a Passenger backend to serve Workbench. To do that:
  1. Install Nginx and Phusion Passenger.
  2. Edit the http section of your Nginx configuration to run the Passenger server, and act as a front-end for it. You might add a block like the following, adding SSL and logging parameters to taste:

    server {
      listen 127.0.0.1:9000;
      server_name localhost-workbench;
    
      root /var/www/arvados-workbench/current/public;
      index  index.html index.htm index.php;
    
      passenger_enabled on;
      # If you're using RVM, uncomment the line below.
      #passenger_ruby /usr/local/rvm/wrappers/default/ruby;
    
      # `client_max_body_size` should match the corresponding setting in
      # the API.MaxRequestSize and Controller's server's Nginx configuration.
      client_max_body_size 128m;
    }
    
    upstream workbench {
      server     127.0.0.1:9000  fail_timeout=10s;
    }
    
    proxy_http_version 1.1;
    
    server {
      listen       [your public IP address]:443 ssl;
      server_name  workbench.uuid-prefix.your.domain;
    
      ssl on;
      ssl_certificate     /YOUR/PATH/TO/cert.pem;
      ssl_certificate_key /YOUR/PATH/TO/cert.key;
    
      index  index.html index.htm index.php;
      # `client_max_body_size` should match the corresponding setting in
      # the API.MaxRequestSize and Controller's server's Nginx configuration.
      client_max_body_size 128m;
    
      location / {
        proxy_pass            http://workbench;
        proxy_redirect        off;
        proxy_connect_timeout 90s;
        proxy_read_timeout    300s;
    
        proxy_set_header      X-Forwarded-Proto https;
        proxy_set_header      Host $http_host;
        proxy_set_header      X-Real-IP $remote_addr;
        proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
      }
    }
    
  3. Restart Nginx.
h2. Prepare the Workbench deployment {% assign railspkg = "arvados-workbench" %} {% include 'install_rails_reconfigure' %} {% include 'notebox_begin' %} You can safely ignore the following error message you may see when Ruby Gems are installed:
themes_for_rails at /usr/local/rvm/gems/ruby-2.1.1/bundler/gems/themes_for_rails-1fd2d7897d75 did not have a valid gemspec.
This prevents bundler from installing bins or native extensions, but that may not affect its functionality.
The validation message from Rubygems was:
  duplicate dependency on rails (= 3.0.11, development), (>= 3.0.0) use:
    add_runtime_dependency 'rails', '= 3.0.11', '>= 3.0.0'
Using themes_for_rails (0.5.1) from https://github.com/holtkampw/themes_for_rails (at 1fd2d78)
{% include 'notebox_end' %} h2. Trusted client setting Log in to Workbench once to ensure that the Arvados API server has a record of the Workbench client. (It's OK if Workbench says your account hasn't been activated yet. We'll deal with that next.) In the API server project root, start the Rails console. {% include 'install_rails_command' %} At the console, enter the following commands to locate the ApiClient record for your Workbench installation (typically, while you're setting this up, the @last@ one in the database is the one you want), then set the @is_trusted@ flag for the appropriate client record:
irb(main):001:0> wb = ApiClient.all.last; [wb.url_prefix, wb.created_at]
=> ["https://workbench.example.com/", Sat, 19 Apr 2014 03:35:12 UTC +00:00]
irb(main):002:0> include CurrentApiClient
=> true
irb(main):003:0> act_as_system_user do wb.update_attributes!(is_trusted: true) end
=> true
h2(#admin-user). Add an admin user Next, we're going to use the Rails console on the API server to activate your account and give yourself admin privileges. {% include 'install_rails_command' %} Enter the following commands at the console:
irb(main):001:0> Thread.current[:user] = User.all.select(&:identity_url).last
irb(main):002:0> Thread.current[:user].update_attributes is_admin: true, is_active: true
irb(main):003:0> User.where(is_admin: true).collect &:email
=> ["root", "your_address@example.com"]
At this point, you should have a working Workbench login with administrator privileges. Revisit your Workbench URL in a browser and reload the page to access it.