projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
14715: Updates keepproxy documentation
[arvados.git] / doc / install / install-keepproxy.html.textile.liquid
diff --git a/doc/install/install-keepproxy.html.textile.liquid b/doc/install/install-keepproxy.html.textile.liquid
index fe690a5eda8880b67f21fca6c2242e8bf62afead..738cd523e9dfae33cda4763a99911277bcaa4947 100644 (file)
--- a/doc/install/install-keepproxy.html.textile.liquid
+++ b/doc/install/install-keepproxy.html.textile.liquid
@@ -50,20 +50,29 @@ Usage: keepproxy [-config path/to/keepproxy.yml]
 </code></pre>
 </notextile>
 
-h3. Create an API token for the Keepproxy server
+h3. Update the cluster config
 
-{% assign railscmd = "bundle exec ./script/get_anonymous_user_token.rb --get" %}
-{% assign railsout = "zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz" %}
-The Keepproxy server needs a token to talk to the API server.  On the <strong>API server</strong>, use the following command to create the token.  {% include 'install_rails_command' %}
+Edit the cluster config at @/etc/arvados/config.yml@ and set @Services.Keepproxy.ExternalURL@ and @Services.Keepproxy.InternalURLs@.  Replace @zzzzz@ with your cluster id.
+
+<notextile>
+<pre><code>Clusters:
+  zzzzz:
+    Services:
+      <span class="userinput">Keepproxy:
+        ExternalURL: https://keep.uuid_prefix.your.domain
+        InternalURLs:
+         "http://localhost:25107": {}
+</span></code></pre>
+</notextile>
 
 h3. Set up the Keepproxy service
 
 Install runit to supervise the keepproxy daemon.  {% include 'install_runit' %}
 
-The run script for the keepproxy service should set the environment variables @ARVADOS_API_TOKEN@ (with the token you just generated), @ARVADOS_API_HOST@, and, if needed, @ARVADOS_API_HOST_INSECURE@.  The core keepproxy command to run is:
+The keepproxy command to run is:
 
 <notextile>
-<pre><code>ARVADOS_API_TOKEN=<span class="userinput">{{railsout}}</span> ARVADOS_API_HOST=<span class="userinput">uuid_prefix.your.domain</span> exec keepproxy
+<pre><code>~$ <span class="userinput">exec keepproxy
 </code></pre>
 </notextile>
 
@@ -79,22 +88,24 @@ upstream keepproxy {
 }
 
 server {
-  listen                <span class="userinput">[your public IP address]</span>:443 ssl;
-  server_name           keep.<span class="userinput">uuid_prefix</span>.your.domain;
+  listen                  <span class="userinput">[your public IP address]</span>:443 ssl;
+  server_name             keep.<span class="userinput">uuid_prefix</span>.your.domain;
 
-  proxy_connect_timeout 90s;
-  proxy_read_timeout    300s;
-  proxy_set_header      X-Real-IP $remote_addr;
+  proxy_connect_timeout   90s;
+  proxy_read_timeout      300s;
+  proxy_set_header        X-Real-IP $remote_addr;
+  proxy_http_version      1.1;
+  proxy_request_buffering off;
 
-  ssl                   on;
-  ssl_certificate       /etc/nginx/keep.<span class="userinput">uuid_prefix</span>.your.domain-ssl.crt;
-  ssl_certificate_key   /etc/nginx/keep.<span class="userinput">uuid_prefix</span>.your.domain-ssl.key;
+  ssl                     on;
+  ssl_certificate         /etc/nginx/keep.<span class="userinput">uuid_prefix</span>.your.domain-ssl.crt;
+  ssl_certificate_key     /etc/nginx/keep.<span class="userinput">uuid_prefix</span>.your.domain-ssl.key;
 
   # Clients need to be able to upload blocks of data up to 64MiB in size.
-  client_max_body_size  64m;
+  client_max_body_size    64m;
 
   location / {
-    proxy_pass          http://keepproxy;
+    proxy_pass            http://keepproxy;
   }
 }
 </pre></notextile>
@@ -103,7 +114,18 @@ Note: if the Web uploader is failing to upload data and there are no logs from k
 
 h3. Tell the API server about the Keepproxy server
 
-The API server needs to be informed about the presence of your Keepproxy server. Please execute the following commands on your <strong>shell server</strong>.
+The API server needs to be informed about the presence of your Keepproxy server.
+
+First, if you don't already have an admin token, create a superuser token.
+
+{% include 'create_superuser_token' %}
+
+Configure your environment to run @arv@ using the output of create_superuser_token.rb:
+
+<pre>
+export ARVADOS_API_HOST=zzzzz.example.com
+export ARVADOS_API_TOKEN=zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
+</pre>
 
 <notextile>
 <pre><code>~$ <span class="userinput">uuid_prefix=`arv --format=uuid user current | cut -d- -f1`</span>
@@ -117,3 +139,13 @@ The API server needs to be informed about the presence of your Keepproxy server.
 }
 EOF</span>
 </code></pre></notextile>
+
+h3. Testing keepproxy
+
+Log into a host that is on an external network from your private Arvados network.  The host should be able to contact your keepproxy server (eg keep.$uuid_prefix.arvadosapi.com), but not your keepstore servers (eg keep[0-9].$uuid_prefix.arvadosapi.com).
+
+Install the "Python SDK":{{site.baseurl}}/sdk/python/sdk-python.html
+
+@ARVADOS_API_HOST@ and @ARVADOS_API_TOKEN@ must be set in the environment.
+
+You should now be able to use @arv-put@ to upload collections and @arv-get@ to fetch collections, for an example see "Testing keep.":install-keepstore.html#testing on the keepstore install page.