X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/26446197bb00d7f899673b7f9434e6bd622b8904..7bf5f28cec1ff7be1e66925c3815c253989f9eb1:/doc/install/install-workbench-app.html.textile.liquid?ds=inline
diff --git a/doc/install/install-workbench-app.html.textile.liquid b/doc/install/install-workbench-app.html.textile.liquid
index be6a04de21..22fc1557a8 100644
--- a/doc/install/install-workbench-app.html.textile.liquid
+++ b/doc/install/install-workbench-app.html.textile.liquid
@@ -1,52 +1,204 @@
---
layout: default
navsection: installguide
-title: Install the Arvados Workbench application
+title: Install Workbench
...
-h2. Prerequisites
+h2. Install prerequisites
-# A GNU/linux (virtual) machine (can be shared with the API server)
-# A hostname for your Workbench application
+The Arvados package repository includes a Workbench server package that can help automate much of the deployment.
-h2. Download the source tree
+h3(#install_ruby_and_bundler). Install Ruby and Bundler
-Please follow the instructions on the "Download page":https://arvados.org/projects/arvados/wiki/Download in the wiki.
+{% include 'install_ruby_and_bundler' %}
-The Workbench application is in @arvados/apps/workbench@.
+h2(#install_workbench). Install Workbench and dependencies
-h2. Configure the Workbench application
+Workbench doesn't need its own database, so it does not need to have PostgreSQL installed.
+
+On a Debian-based system, install the following packages:
+
+
+~$ sudo apt-get install bison build-essential graphviz git python-arvados-python-client arvados-workbench
+
+
+
+On a Red Hat-based system, install the following packages:
+
+
+~$ sudo yum install bison make automake gcc gcc-c++ graphviz git python27-python-arvados-python-client arvados-workbench
+
+
+
+{% include 'note_python27_sc' %}
+
+h2. Set up configuration files
+
+The Workbench server package uses configuration files that you write to @/etc/arvados/workbench@ and ensures they're consistently deployed. Create this directory and copy the example configuration files to it:
+
+
+~$ sudo mkdir -p /etc/arvados/workbench
+~$ sudo chmod 700 /etc/arvados/workbench
+~$ sudo cp /var/www/arvados-workbench/current/config/application.yml.example /etc/arvados/workbench/application.yml
+
+
+
+h2. Configure Workbench
+
+Edit @/etc/arvados/workbench/application.yml@ following the instructions below. The deployment script will consistently deploy this to Workbench's configuration directory. Workbench reads both @application.yml@ and its own @config/application.defaults.yml@ file. Values in @application.yml@ take precedence over the defaults that are defined in @config/application.defaults.yml@. The @config/application.yml.example@ file is not read by Workbench and is provided for installation convenience only.
+
+Consult @config/application.default.yml@ for a full list of configuration options. Always put your local configuration in @/etc/arvados/workbench/application.yml@—never edit @config/application.default.yml@.
+
+h3. secret_token
This application needs a secret token. Generate a new secret:
-~/arvados/apps/workbench$ rake secret
+~$ ruby -e 'puts rand(2**400).to_s(36)'
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
-Copy @config/application.yml.example@ to @config/application.yml@ and edit it appropriately for your environment.
+Then put that value in the @secret_token@ field.
+
+h3. arvados_login_base and arvados_v1_base
+
+Point @arvados_login_base@ and @arvados_v1_base@ at your "API server":install-api-server.html. For example like this:
+
+
+arvados_login_base: https://prefix_uuid.your.domain/login
+arvados_v1_base: https://prefix_uuid.your.domain/arvados/v1
+
+
+
+h3. site_name
+
+@site_name@ can be set to any arbitrary string. It is used to identify this Workbench to people visiting it.
+
+h3. arvados_insecure_https
+
+If the SSL certificate you use for your API server isn't an official certificate signed by a CA, make sure @arvados_insecure_https@ is @true@.
+
+h3. Other options
+
+Consult @application.default.yml@ for a full list of configuration options. Always put your local configuration in @application.yml@ instead of editing @application.default.yml@.
-* Set @secret_token@ to the string you generated with @rake secret@.
-* Point @arvados_login_base@ and @arvados_v1_base@ at your "API server":install-api-server.html
-* @site_name@ can be any string to identify this Workbench.
-* Assuming that the SSL certificate you use for development isn't signed by a CA, make sure @arvados_insecure_https@ is @true@.
+h2. Configure Piwik
-Copy @config/piwik.yml.example@ to @config/piwik.yml@ and edit to suit.
+In @/var/www/arvados-workbench/current/config@, copy @piwik.yml.example@ to @piwik.yml@ and edit to suit.
-h3. Apache/Passenger (optional)
+h2. Set up Web server
-Set up Apache and Passenger. Point them to the apps/workbench directory in the source tree.
+For best performance, we recommend you use Nginx as your Web server front-end, with a Passenger backend to serve Workbench. To do that:
+
+
+
+- Install Nginx and Phusion Passenger.
+
+- If you're deploying on CentOS and using the python27 Software Collection, configure Nginx to use it:
+
+
~$ sudo usermod --shell /bin/bash nginx
+~$ sudo -u nginx sh -c 'echo "[[ -z \$PS1 && -e /opt/rh/python27/enable ]] && source /opt/rh/python27/enable" >>~/.bash_profile'
+
+
+
+
+Edit the http section of your Nginx configuration to run the Passenger server, and act as a front-end for it. You might add a block like the following, adding SSL and logging parameters to taste:
+
+server {
+ listen 127.0.0.1:9000;
+ server_name localhost-workbench;
+
+ root /var/www/arvados-workbench/current/public;
+ index index.html index.htm index.php;
+
+ passenger_enabled on;
+ # If you're using RVM, uncomment the line below.
+ #passenger_ruby /usr/local/rvm/wrappers/default/ruby;
+}
+
+upstream workbench {
+ server 127.0.0.1:9000 fail_timeout=10s;
+}
+
+proxy_http_version 1.1;
+
+server {
+ listen [your public IP address]:443 ssl;
+ server_name workbench.uuid-prefix.your.domain;
+
+ ssl on;
+ ssl_certificate /YOUR/PATH/TO/cert.pem;
+ ssl_certificate_key /YOUR/PATH/TO/cert.key;
+
+ index index.html index.htm index.php;
+ client_max_body_size 128m;
+
+ location / {
+ proxy_pass http://workbench;
+ proxy_redirect off;
+ proxy_connect_timeout 90s;
+ proxy_read_timeout 300s;
+
+ proxy_set_header X-Forwarded-Proto https;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+}
+
+
+
+- Restart Nginx.
+
+
+
+
+h2. Prepare the Workbench deployment
+
+Now that all your configuration is in place, run @/usr/local/bin/arvados-workbench-upgrade.sh@. This will install and check your configuration, and install necessary gems.
+
+{% include 'notebox_begin' %}
+You can safely ignore the following error message you may see when installing gems:
+
+themes_for_rails at /usr/local/rvm/gems/ruby-2.1.1/bundler/gems/themes_for_rails-1fd2d7897d75 did not have a valid gemspec.
+This prevents bundler from installing bins or native extensions, but that may not affect its functionality.
+The validation message from Rubygems was:
+ duplicate dependency on rails (= 3.0.11, development), (>= 3.0.0) use:
+ add_runtime_dependency 'rails', '= 3.0.11', '>= 3.0.0'
+Using themes_for_rails (0.5.1) from https://github.com/holtkampw/themes_for_rails (at 1fd2d78)
+
+
+{% include 'notebox_end' %}
+
+This command aborts when it encounters an error. It's safe to rerun multiple times, so if there's a problem with your configuration, you can fix that and try again.
h2. Trusted client setting
-Log in to Workbench once (this ensures that the Arvados API server has a record of the Workbench client).
+Log in to Workbench once to ensure that the Arvados API server has a record of the Workbench client. (It's OK if Workbench says your account hasn't been activated yet. We'll deal with that next.)
-In the API server project root, start the rails console. Locate the ApiClient record for your Workbench installation, then set the `is_trusted` flag for the appropriate client record:
+In the API server project root, start the rails console. Locate the ApiClient record for your Workbench installation (typically, while you're setting this up, the @last@ one in the database is the one you want), then set the @is_trusted@ flag for the appropriate client record:
-~/arvados/services/api$ RAILS_ENV=development bundle exec rails console
-irb(main):001:0> ApiClient.where('url_prefix like ?', '%workbench%')
-=> {:id => 1234}
-irb(main):002:0> ApiClient.find(1234).update_attributes is_trusted: true
+/var/www/arvados-api/current$ RAILS_ENV=production bundle exec rails console
+irb(main):001:0> wb = ApiClient.all.last; [wb.url_prefix, wb.created_at]
+=> ["https://workbench.example.com/", Sat, 19 Apr 2014 03:35:12 UTC +00:00]
+irb(main):002:0> include CurrentApiClient
+=> true
+irb(main):003:0> act_as_system_user do wb.update_attributes!(is_trusted: true) end
+=> true
+
+h2(#admin-user). Add an admin user
+
+Next, we're going to use the rails console on the API server to activate our own account and give yourself admin privileges:
+
+
+/var/www/arvados-api/current$ RAILS_ENV=production bundle exec rails console
+irb(main):001:0> Thread.current[:user] = User.all.select(&:identity_url).last
+irb(main):002:0> Thread.current[:user].update_attributes is_admin: true, is_active: true
+irb(main):003:0> User.where(is_admin: true).collect &:email
+=> ["root", "your_address@example.com"]
+
+
+At this point, you should have a working Workbench login with administrator privileges. Revisit your Workbench URL in a browser and reload the page to access it.