X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/1794be475e5bb94d8dd6764329731bacc2a67f2b..3f7bde601546dc898975fbe7d56957794985fe43:/doc/install/install-manual-prerequisites.html.textile.liquid
diff --git a/doc/install/install-manual-prerequisites.html.textile.liquid b/doc/install/install-manual-prerequisites.html.textile.liquid
index 96d3082d30..b36c20b859 100644
--- a/doc/install/install-manual-prerequisites.html.textile.liquid
+++ b/doc/install/install-manual-prerequisites.html.textile.liquid
@@ -3,6 +3,11 @@ layout: default
navsection: installguide
title: Prerequisites
...
+{% comment %}
+Copyright (C) The Arvados Authors. All rights reserved.
+
+SPDX-License-Identifier: CC-BY-SA-3.0
+{% endcomment %}
h2. Hardware (or virtual machines)
@@ -13,7 +18,7 @@ table(table table-bordered table-condensed).
|_Function_|_Number of nodes_|
|Arvados API, Crunch dispatcher, Git, Websockets and Workbench|1|
|Arvados Compute node|1|
-|Arvados Keepproxy server|1|
+|Arvados Keepproxy and Keep-web server|1|
|Arvados Keepstore servers|2|
|Arvados Shell server|1|
|Arvados SSO server|1|
@@ -21,28 +26,40 @@ table(table table-bordered table-condensed).
The number of Keepstore, shell and compute nodes listed above is a minimum. In a real production installation, you will likely run many more of each of those types of nodes. In such a scenario, you would probably also want to dedicate a node to the Workbench server and Crunch dispatcher, respectively. For performance reasons, you may want to run the database server on a separate node as well.
+h2. Supported GNU/Linux distributions
+
+table(table table-bordered table-condensed).
+|_Distribution_|_State_|_Last supported version_|
+|CentOS 7|Supported|Latest|
+|Debian 8 ("jessie")|Supported|Latest|
+|Ubuntu 14.04 ("trusty")|Supported|Latest|
+|Ubuntu 16.04 ("xenial")|Supported|Latest|
+|Ubuntu 12.04 ("precise")|EOL|8ed7b6dd5d4df93a3f37096afe6d6f81c2a7ef6e (2017-05-03)|
+|Debian 7 ("wheezy")|EOL|997479d1408139e96ecdb42a60b4f727f814f6c9 (2016-12-28)|
+|CentOS 6 |EOL|997479d1408139e96ecdb42a60b4f727f814f6c9 (2016-12-28)|
+
h2(#repos). Arvados package repositories
On any host where you install Arvados software, you'll need to set up an Arvados package repository. They're available for several popular distributions.
h3. CentOS
-Packages are available for CentOS 6. First, register the Curoverse signing key in RPM's database:
-
-{% include 'install_redhat_key' %}
-
-Then save this configuration block in @/etc/yum.repos.d/arvados.repo@:
+Packages are available for CentOS 7. To install them with yum, save this configuration block in @/etc/yum.repos.d/arvados.repo@:
[arvados]
name=Arvados
baseurl=http://rpm.arvados.org/CentOS/$releasever/os/$basearch/
+gpgcheck=1
+gpgkey=http://rpm.arvados.org/CentOS/RPM-GPG-KEY-curoverse
+{% include 'install_redhat_key' %}
+
h3. Debian and Ubuntu
-Packages are available for Debian 7 ("wheezy") and Ubuntu 12.04 ("precise").
+Packages are available for Debian 8 ("jessie"), Ubuntu 14.04 ("trusty") and Ubuntu 16.04 ("xenial").
First, register the Curoverse signing key in apt's database:
@@ -52,8 +69,15 @@ Configure apt to retrieve packages from the Arvados package repository. This com
table(table table-bordered table-condensed).
|OS version|Command|
-|Debian 7 ("wheezy")|echo "deb http://apt.arvados.org/ wheezy main" | sudo tee /etc/apt/sources.list.d/arvados.list
|
-|Ubuntu 12.04 ("precise")|echo "deb http://apt.arvados.org/ precise main" | sudo tee /etc/apt/sources.list.d/arvados.list
|
+|Debian 8 ("jessie")|echo "deb http://apt.arvados.org/ jessie main" | sudo tee /etc/apt/sources.list.d/arvados.list
|
+|Ubuntu 14.04 ("trusty")[1]|echo "deb http://apt.arvados.org/ trusty main" | sudo tee /etc/apt/sources.list.d/arvados.list
|
+|Ubuntu 16.04 ("xenial")[1]|echo "deb http://apt.arvados.org/ xenial main" | sudo tee /etc/apt/sources.list.d/arvados.list
|
+
+{% include 'notebox_begin' %}
+
+fn1. Arvados packages for Ubuntu may depend on third-party packages in Ubuntu's "universe" repository. If you're installing on Ubuntu, make sure you have the universe sources uncommented in @/etc/apt/sources.list@.
+
+{% include 'notebox_end' %}
Retrieve the package list:
@@ -76,7 +100,25 @@ You may also use a different method to pick the unique identifier. The unique id
h2. SSL certificates
-There are six public-facing services that will require an SSL certificate. If you do not have official SSL certificates, you can use self-signed certificates. By convention, we use the following hostname pattern:
+There are six public-facing services that require an SSL certificate. If you do not have official SSL certificates, you can use self-signed certificates.
+
+{% include 'notebox_begin' %}
+
+Most Arvados clients and services will accept self-signed certificates when the @ARVADOS_API_HOST_INSECURE@ environment variable is set to @true@. However, web browsers generally do not make it easy for users to accept self-signed certificates from Web sites.
+
+Users who log in through Workbench will visit at least three sites: the SSO server, the API server, and Workbench itself. When a browser visits each of these sites, it will warn the user if the site uses a self-signed certificate, and the user must accept it before continuing. This procedure usually only needs to be done once in a browser.
+
+After that's done, Workbench includes JavaScript clients for other Arvados services. Users are usually not warned if these client connections are refused because the server uses a self-signed certificate, and it is especially difficult to accept those cerficiates:
+
+* JavaScript connects to the Websockets server to provide incremental page updates and view logs from running jobs.
+* JavaScript connects to the API and Keepproxy servers to upload local files to collections.
+* JavaScript connects to the Keep-web server to download log files.
+
+In sum, Workbench will be much less pleasant to use in a cluster that uses self-signed certificates. You should avoid using self-signed certificates unless you plan to deploy a cluster without Workbench; you are deploying only to evaluate Arvados as an individual system administrator; or you can push configuration to users' browsers to trust your self-signed certificates.
+
+{% include 'notebox_end' %}
+
+By convention, we use the following hostname pattern:
table(table table-bordered table-condensed).
@@ -84,6 +126,11 @@ table(table table-bordered table-condensed).
|Arvados API|@uuid_prefix@.your.domain|
|Arvados Git server|git.@uuid_prefix@.your.domain|
|Arvados Keepproxy server|keep.@uuid_prefix@.your.domain|
+|Arvados Keep-web server|download.@uuid_prefix@.your.domain
+_and_
+*.collections.@uuid_prefix@.your.domain or
+*--collections.@uuid_prefix@.your.domain or
+collections.@uuid_prefix@.your.domain (see the "keep-web install docs":install-keep-web.html)|
|Arvados SSO Server|auth.your.domain|
|Arvados Websockets endpoint|ws.@uuid_prefix@.your.domain|
|Arvados Workbench|workbench.@uuid_prefix@.your.domain|