X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/0311a59f177bd18fb46fc0ceefde5fc9ad07af63..79a18f2eb4c02212d30462b3c8eb4f989ab750d3:/doc/install/install-api-server.html.textile.liquid diff --git a/doc/install/install-api-server.html.textile.liquid b/doc/install/install-api-server.html.textile.liquid index e1de8c3e60..ef2e474f82 100644 --- a/doc/install/install-api-server.html.textile.liquid +++ b/doc/install/install-api-server.html.textile.liquid @@ -4,37 +4,18 @@ navsection: installguide title: Install the API server ... -h2. Prerequisites: +This installation guide assumes you are on a 64 bit Debian or Ubuntu system. -# A GNU/Linux (virtual) machine -# A domain name for your api server - -h2(#dependencies). Install dependencies +h2. Install prerequisites 
~$ sudo apt-get install \
     bison build-essential gettext libcurl3 libcurl3-gnutls \
     libcurl4-openssl-dev libpcre3-dev libpq-dev libreadline-dev \
-    libsqlite3-dev libssl-dev libxslt1.1 postgresql sqlite3 sudo \
-    wget zlib1g-dev
+    libssl-dev libxslt1.1 postgresql git wget zlib1g-dev
-h2(#ruby). Install Ruby and bundler - -We recommend Ruby >= 2.1. - - -
mkdir -p ~/src
-cd ~/src
-wget http://cache.ruby-lang.org/pub/ruby/2.1/ruby-2.1.2.tar.gz
-tar xzf ruby-2.1.2.tar.gz
-cd ruby-2.1.2
-./configure
-make
-sudo make install
-
-sudo gem install bundler
-
 +Also make sure you have "Ruby and bundler":install-manual-prerequisites-ruby.html installed. h2. Download the source tree @@ -45,6 +26,8 @@ h2. Download the source tree See also: "Downloading the source code":https://arvados.org/projects/arvados/wiki/Download on the Arvados wiki. +The API server is in @services/api@ in the source tree. + h2. Install gem dependencies @@ -52,25 +35,45 @@ h2. Install gem dependencies ~/arvados/services/api$ bundle install +h2. Choose your environment + +The API server can be run in @development@ or in @production@ mode. Unless this installation is going to be used for development on the Arvados API server itself, you should run it in @production@ mode. + +Copy the example environment file for your environment. For example, if you choose @production@: + + +
~/arvados/services/api$ cp -i config/environments/production.rb.example config/environments/production.rb
+
 + h2. Configure the API server -Edit the main configuration: +First, copy the example configuration file: 
~/arvados/services/api$ cp -i config/application.yml.example config/application.yml
-Choose a unique 5-character alphanumeric string to use as your @uuid_prefix@. An example is given that generates a 5-character string based on a hash of your hostname. The @uuid_prefix@ is a unique identifier for your API server. It also serves as the first part of the hostname for your API server. +The API server reads the @config/application.yml@ file, as well as the @config/application.defaults.yml@ file. Values in @config/application.yml@ take precedence over the defaults that are defined in @config/application.defaults.yml@. The @config/application.yml.example@ file is not read by the API server and is provided for installation convenience, only. + +Consult @config/application.default.yml@ for a full list of configuration options. Always put your local configuration in @config/application.yml@, never edit @config/application.default.yml@. + +h3(#uuid_prefix). uuid_prefix -For a development site, use your own domain instead of arvadosapi.com. +Define your @uuid_prefix@ in @config/application.yml@ by setting the @uuid_prefix@ field in the section for your environment. This prefix is used for all database identifiers to identify the record as originating from this site. It must be exactly 5 alphanumeric characters (lowercase ASCII letters and digits). -Make sure a clone of the arvados repository exists in @git_repositories_dir@: +h3(#git_repositories_dir). git_repositories_dir + +This field defaults to @/var/lib/arvados/git@. You can override the value by defining it in @config/application.yml@. + +Make sure a clone of the arvados repository exists in @git_repositories_dir@. -
~/arvados/services/api$ sudo mkdir -p /var/cache/git
-~/arvados/services/api$ sudo git clone --bare ../../.git /var/cache/git/arvados.git
+
~/arvados/services/api$ sudo mkdir -p /var/lib/arvados/git
+~/arvados/services/api$ sudo git clone --bare ../../.git /var/lib/arvados/git/arvados.git
 

 
+h3. secret_token
+
 Generate a new secret token for signing cookies:
 
 
@@ -78,17 +81,24 @@ Generate a new secret token for signing cookies:
 zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
-If you want access control on your Keep server(s), you should set @blob_signing_key@ to the same value as the permission key you provided to your "Keep server(s)":install-keep.html. +Then put that value in the @secret_token@ field. -Put it in @config/application.yml@ in the production or common section: +h3. blob_signing_key - -
    secret_token: zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
-
- +If you want access control on your "Keepstore":install-keepstore.html server(s), you should set @blob_signing_key@ to the same value as the permission key you provide to your Keepstore daemon(s). + +h3. workbench_address + +Fill in the url of your workbench application in @workbench_address@, for example + +  https://workbench.@prefix_uuid@.your.domain + +h3. other options Consult @application.default.yml@ for a full list of configuration options. Always put your local configuration in @application.yml@ instead of editing @application.default.yml@. +h2. Set up the database + Generate a new database password. Nobody ever needs to memorize it or type it, so we'll make a strong one: @@ -99,12 +109,10 @@ Generate a new database password. Nobody ever needs to memorize it or type it, s Create a new database user with permission to create its own databases. -
~/arvados/services/api$ sudo -u postgres createuser --createdb --encrypted --pwprompt arvados
+
~/arvados/services/api$ sudo -u postgres createuser --createdb --encrypted -R -S --pwprompt arvados
 [sudo] password for you: yourpassword
 Enter password for new role: paste-password-you-generated
 Enter it again: paste-password-again
-Shall the new role be a superuser? (y/n) n
-Shall the new role be allowed to create more new roles? (y/n) n
 

 
 Configure API server to connect to your database by creating and updating @config/database.yml@. Replace the @xxxxxxxx@ database password placeholders with the new password you generated above.
@@ -114,68 +122,62 @@ Configure API server to connect to your database by creating and updating @confi
 ~/arvados/services/api$ edit config/database.yml
-Create and initialize the database. +Create and initialize the database. If you are planning a production system, choose the @production@ rails environment, otherwise use @development@. -
~/arvados/services/api$ RAILS_ENV=development bundle exec rake db:setup
+
~/arvados/services/api$ RAILS_ENV=production bundle exec rake db:setup
 

 
-Set up omniauth:
+Alternatively, if the database user you intend to use for the API server is not allowed to create new databases, you can create the database first and then populate it with rake. Be sure to adjust the database name if you are using the @development@ environment. This sequence of commands is functionally equivalent to the rake db:setup command above.
 
 
-
~/arvados/services/api$ cp -i config/initializers/omniauth.rb.example config/initializers/omniauth.rb
+
~/arvados/services/api$ su postgres createdb arvados_production -E UTF8 -O arvados
+~/arvados/services/api$ RAILS_ENV=production bundle exec rake db:structure:load
+~/arvados/services/api$ RAILS_ENV=production bundle exec rake db:seed
 

 
-Edit @config/initializers/omniauth.rb@, and tell your api server to use the Curoverse SSO server for authentication:
-
+{% include 'notebox_begin' %}
+You can safely ignore the following error message you may see when loading the database structure:
 
-
APP_ID = 'local_docker_installation'
-APP_SECRET = 'yohbai4eecohshoo1Yoot7tea9zoca9Eiz3Tajahweo9eePaeshaegh9meiye2ph'
-CUSTOM_PROVIDER_URL = 'https://auth.curoverse.com'
-

-

+
ERROR:  must be owner of extension plpgsql

+{% include 'notebox_end' %}
 
-

-  
-  
Note!

-  
You can also run your own SSO server. However, the SSO server codebase currently uses OpenID 2.0 to talk to Google's authentication service. Google has deprecated that protocol. This means that new clients will not be allowed to talk to Google's authentication services anymore over OpenID 2.0, and they will phase out the use of OpenID 2.0 completely in the coming monts. We are working on upgrading the SSO server codebase to a newer protocol. That work should be complete by the end of November 2014. In the mean time, anyone is free to use the existing Curoverse SSO server for any local Arvados installation.

-

+h2(#omniauth). Set up omniauth
 
-You can now run the development server:
+First copy the omniauth configuration file:
 
 
-
~/arvados/services/api$ bundle exec rails server --port=3030
+
~/arvados/services/api$ cp -i config/initializers/omniauth.rb.example config/initializers/omniauth.rb
 

 
-h3. Apache/Passenger (optional)
-
-You can use "Passenger":https://www.phusionpassenger.com/ for deployment. Point it to the services/api directory in the source tree.
-
-To enable streaming so users can monitor crunch jobs in real time, add to your Passenger configuration in Apache:
+Edit @config/initializers/omniauth.rb@ to configure the SSO server for authentication.  @APP_ID@ and @APP_SECRET@ correspond to the @app_id@ and @app_secret@ set in "Create arvados-server client for Single Sign On (SSO)":install-sso.html#client and @CUSTOM_PROVIDER_URL@ is the address of your SSO server.
 
 
-
PassengerBufferResponse off
+
APP_ID = 'arvados-server'
+APP_SECRET = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
+CUSTOM_PROVIDER_URL = 'https://sso.example.com/'
 

 
 
-h2(#admin-user). Add an admin user
+h2. Start the API server
 
-Point your browser to the API server's login endpoint:
+h3. Development environment
+
+If you plan to run in development mode, you can now run the development server this way:
 
 
-
https://localhost:3030/login
-

-
+
~/arvados/services/api$ bundle exec rails server --port=3030
+

+
+h3. Production environment
 
-Log in with your google account.
+We recommend "Passenger":https://www.phusionpassenger.com/ to run the API server in production.
 
-Use the rails console to give yourself admin privileges:
+Point it to the services/api directory in the source tree.
+
+To enable streaming so users can monitor crunch jobs in real time, make sure to add the following to your Passenger configuration:
 
 
-
~/arvados/services/api$ bundle exec rails console
-irb(main):001:0> Thread.current[:user] = User.all.select(&:identity_url).last
-irb(main):002:0> Thread.current[:user].is_admin = true
-irb(main):003:0> Thread.current[:user].update_attributes is_admin: true, is_active: true
-irb(main):004:0> User.where(is_admin: true).collect &:email
-=> ["root", "your_address@example.com"]
-

+
PassengerBufferResponse off
+

+