--- layout: default navsection: installguide title: Install Workbench ... h2. Install prerequisites The Arvados package repository includes a Workbench server package that can help automate much of the deployment. h3(#install_ruby_and_bundler). Install Ruby and Bundler {% include 'install_ruby_and_bundler' %} h2(#install_workbench). Install Workbench and dependencies Workbench doesn't need its own database, so it does not need to have PostgreSQL installed. {% assign rh_version = "6" %} {% include 'note_python_sc' %} On a Debian-based system, install the following packages:
~$ sudo apt-get install bison build-essential graphviz git python-arvados-python-client arvados-workbench
On a Red Hat-based system, install the following packages:
~$ sudo yum install bison make automake gcc gcc-c++ graphviz git python-arvados-python-client arvados-workbench
h2(#configure). Configure Workbench Edit @/etc/arvados/workbench/application.yml@ following the instructions below. Workbench reads both @application.yml@ and its own @config/application.defaults.yml@ file. Values in @application.yml@ take precedence over the defaults that are defined in @config/application.defaults.yml@. The @config/application.yml.example@ file is not read by Workbench and is provided for installation convenience only. Consult @config/application.default.yml@ for a full list of configuration options. Always put your local configuration in @/etc/arvados/workbench/application.yml@—never edit @config/application.default.yml@. h3. secret_token This application needs a secret token. Generate a new secret:
~$ ruby -e 'puts rand(2**400).to_s(36)'
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Then put that value in the @secret_token@ field. h3. arvados_login_base and arvados_v1_base Point @arvados_login_base@ and @arvados_v1_base@ at your "API server":install-api-server.html. For example like this:
arvados_login_base: https://prefix_uuid.your.domain/login
arvados_v1_base: https://prefix_uuid.your.domain/arvados/v1
h3. site_name @site_name@ can be set to any arbitrary string. It is used to identify this Workbench to people visiting it. h3. arvados_insecure_https If the SSL certificate you use for your API server isn't an official certificate signed by a CA, make sure @arvados_insecure_https@ is @true@. h3. Other options Consult @application.default.yml@ for a full list of configuration options. Always put your local configuration in @application.yml@ instead of editing @application.default.yml@. h2. Configure Piwik In @/var/www/arvados-workbench/current/config@, copy @piwik.yml.example@ to @piwik.yml@ and edit to suit. h2. Set up Web server For best performance, we recommend you use Nginx as your Web server front-end, with a Passenger backend to serve Workbench. To do that:
  1. Install Nginx and Phusion Passenger.
  2. Edit the http section of your Nginx configuration to run the Passenger server, and act as a front-end for it. You might add a block like the following, adding SSL and logging parameters to taste:

    server {
      listen 127.0.0.1:9000;
      server_name localhost-workbench;
    
      root /var/www/arvados-workbench/current/public;
      index  index.html index.htm index.php;
    
      passenger_enabled on;
      # If you're using RVM, uncomment the line below.
      #passenger_ruby /usr/local/rvm/wrappers/default/ruby;
    
      # `client_max_body_size` should match the corresponding setting in
      # the API server's Nginx configuration.
      client_max_body_size 128m;
    }
    
    upstream workbench {
      server     127.0.0.1:9000  fail_timeout=10s;
    }
    
    proxy_http_version 1.1;
    
    server {
      listen       [your public IP address]:443 ssl;
      server_name  workbench.uuid-prefix.your.domain;
    
      ssl on;
      ssl_certificate     /YOUR/PATH/TO/cert.pem;
      ssl_certificate_key /YOUR/PATH/TO/cert.key;
    
      index  index.html index.htm index.php;
      # `client_max_body_size` should match the corresponding setting in
      # the API server's Nginx configuration.
      client_max_body_size 128m;
    
      location / {
        proxy_pass            http://workbench;
        proxy_redirect        off;
        proxy_connect_timeout 90s;
        proxy_read_timeout    300s;
    
        proxy_set_header      X-Forwarded-Proto https;
        proxy_set_header      Host $http_host;
        proxy_set_header      X-Real-IP $remote_addr;
        proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
      }
    }
    
  3. Restart Nginx.
h2. Prepare the Workbench deployment {% assign railspkg = "arvados-workbench" %} {% include 'install_rails_reconfigure' %} {% include 'notebox_begin' %} You can safely ignore the following error message you may see when Ruby Gems are installed:
themes_for_rails at /usr/local/rvm/gems/ruby-2.1.1/bundler/gems/themes_for_rails-1fd2d7897d75 did not have a valid gemspec.
This prevents bundler from installing bins or native extensions, but that may not affect its functionality.
The validation message from Rubygems was:
  duplicate dependency on rails (= 3.0.11, development), (>= 3.0.0) use:
    add_runtime_dependency 'rails', '= 3.0.11', '>= 3.0.0'
Using themes_for_rails (0.5.1) from https://github.com/holtkampw/themes_for_rails (at 1fd2d78)
{% include 'notebox_end' %} h2. Trusted client setting Log in to Workbench once to ensure that the Arvados API server has a record of the Workbench client. (It's OK if Workbench says your account hasn't been activated yet. We'll deal with that next.) In the API server project root, start the Rails console. {% include 'install_rails_command' %} At the console, enter the following commands to locate the ApiClient record for your Workbench installation (typically, while you're setting this up, the @last@ one in the database is the one you want), then set the @is_trusted@ flag for the appropriate client record:
irb(main):001:0> wb = ApiClient.all.last; [wb.url_prefix, wb.created_at]
=> ["https://workbench.example.com/", Sat, 19 Apr 2014 03:35:12 UTC +00:00]
irb(main):002:0> include CurrentApiClient
=> true
irb(main):003:0> act_as_system_user do wb.update_attributes!(is_trusted: true) end
=> true
h2(#admin-user). Add an admin user Next, we're going to use the Rails console on the API server to activate your account and give yourself admin privileges. {% include 'install_rails_command' %} Enter the following commands at the console:
irb(main):001:0> Thread.current[:user] = User.all.select(&:identity_url).last
irb(main):002:0> Thread.current[:user].update_attributes is_admin: true, is_active: true
irb(main):003:0> User.where(is_admin: true).collect &:email
=> ["root", "your_address@example.com"]
At this point, you should have a working Workbench login with administrator privileges. Revisit your Workbench URL in a browser and reload the page to access it.