X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/2ab08e38376d9591394d35d7676badf96f7b99c9..2bbb460a29d6f76bc50aacdba466aa6262ed93a3:/doc/install/install-workbench-app.html.textile.liquid
diff --git a/doc/install/install-workbench-app.html.textile.liquid b/doc/install/install-workbench-app.html.textile.liquid
index 662a5e5ebc..72a80fd834 100644
--- a/doc/install/install-workbench-app.html.textile.liquid
+++ b/doc/install/install-workbench-app.html.textile.liquid
@@ -3,61 +3,46 @@ layout: default
navsection: installguide
title: Install Workbench
...
+{% comment %}
+Copyright (C) The Arvados Authors. All rights reserved.
+
+SPDX-License-Identifier: CC-BY-SA-3.0
+{% endcomment %}
h2. Install prerequisites
-The Arvados package repository includes Workbench server package that can help automate much of the deployment.
+The Arvados package repository includes a Workbench server package that can help automate much of the deployment.
h3(#install_ruby_and_bundler). Install Ruby and Bundler
{% include 'install_ruby_and_bundler' %}
-h3(#build_tools_workbench). Build tools
+h2(#install_workbench). Install Workbench and dependencies
Workbench doesn't need its own database, so it does not need to have PostgreSQL installed.
-On older distributions, you may need to use a backports repository to satisfy these requirements. For example, on older Red Hat-based systems, consider using the "nginx16":https://www.softwarecollections.org/en/scls/rhscl/nginx16/ Software Collection.
+{% assign rh_version = "7" %}
+{% include 'note_python_sc' %}
On a Debian-based system, install the following packages:
-~$ sudo apt-get install bison build-essential graphviz git nginx python-arvados-python-client arvados-workbench
+~$ sudo apt-get install bison build-essential graphviz git python-arvados-python-client arvados-workbench
On a Red Hat-based system, install the following packages:
-~$ sudo yum install bison make automake gcc gcc-c++ graphviz git nginx python27-python-arvados-python-client arvados-workbench
-
-
-
-{% include 'notebox_begin' %}
-
-If you intend to use specific versions of these packages from Software Collections, you may have to adapt some of the package names to match; e.g., @nginx16@.
-
-{% include 'notebox_end' %}
-
-{% include 'note_python27_sc' %}
-
-h2. Set up configuration files
-
-The Workbench server package uses configuration files that you write to @/etc/arvados/workbench@ and ensures they're consistently deployed. Create this directory and copy the example configuration files to it:
-
-
-~$ sudo mkdir -p /etc/arvados/workbench
-~$ sudo chmod 700 /etc/arvados/workbench
-~$ sudo cp /var/www/arvados-workbench/current/config/application.yml.example /etc/arvados/workbench/application.yml
+~$ sudo yum install bison make automake gcc gcc-c++ graphviz git python-arvados-python-client arvados-workbench
-h2. Configure Workbench
+h2(#configure). Configure Workbench
-Edit @/etc/arvados/workbench/application.yml@ following the instructions below. The deployment script will consistently deploy this to Workbench's configuration directory. Workbench reads both @application.yml@ and its own @config/application.defaults.yml@ file. Values in @application.yml@ take precedence over the defaults that are defined in @config/application.defaults.yml@. The @config/application.yml.example@ file is not read by Workbench and is provided for installation convenience only.
+Edit @/etc/arvados/config.yml@ to set the keys below. Only the most important configuration options are listed here. The full set of configuration options are in the "Workbench section of config.yml":{{site.baseurl}}/admin/config.html
-Consult @config/application.default.yml@ for a full list of configuration options. Always put your local configuration in @/etc/arvados/workbench/application.yml@—never edit @config/application.default.yml@.
-
-h3. secret_token
+h3. Workbench.SecretKeyBase
This application needs a secret token. Generate a new secret:
@@ -67,52 +52,57 @@ aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
-Then put that value in the @secret_token@ field.
-
-h3. arvados_login_base and arvados_v1_base
-
-Point @arvados_login_base@ and @arvados_v1_base@ at your "API server":install-api-server.html. For example like this:
+Then put that value in the @Workbench.SecretKeyBase@ field.
-arvados_login_base: https://prefix_uuid.your.domain/login
-arvados_v1_base: https://prefix_uuid.your.domain/arvados/v1
+Cluster:
+ zzzzz:
+ Workbench:
+ SecretKeyBase: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
-h3. site_name
-
-@site_name@ can be set to any arbitrary string. It is used to identify this Workbench to people visiting it.
+h3. Services.Controller.ExternalURL
-h3. arvados_insecure_https
+Ensure that @Services.Controller.ExternalURL@ is configured for "Arvados Controller":install-controller.html . For example like this:
-If the SSL certificate you use for your API server isn't an official certificate signed by a CA, make sure @arvados_insecure_https@ is @true@.
+
+Cluster:
+ zzzzz:
+ Services:
+ Controller:
+ ExternalURL: https://prefix_uuid.your.domain
+
+
-h3. Other options
+h3. Workbench.SiteName
-Consult @application.default.yml@ for a full list of configuration options. Always put your local configuration in @application.yml@ instead of editing @application.default.yml@.
+@Workbench.SiteName@ can be set to any arbitrary string. It is used to identify this Workbench to people visiting it.
-h2. Configure Piwik
-In @/var/www/arvados-workbench/current/config@, copy @piwik.yml.example@ to @piwik.yml@ and edit to suit.
+
+Cluster:
+ zzzzz:
+ Workbench:
+ SiteName: My Arvados
+
+
-h2. Prepare the Workbench deployment
+h3. TLS.Insecure
-Now that all your configuration is in place, run @/usr/local/bin/arvados-workbench-upgrade.sh@. This will install and check your configuration, and install necessary gems.
+For testing only. Allows use of self-signed certificates. If true, workbench will not verify the TLS certificate of Arvados Controller.
-{% include 'notebox_begin' %}
-You can safely ignore the following error message you may see when installing gems:
-themes_for_rails at /usr/local/rvm/gems/ruby-2.1.1/bundler/gems/themes_for_rails-1fd2d7897d75 did not have a valid gemspec.
-This prevents bundler from installing bins or native extensions, but that may not affect its functionality.
-The validation message from Rubygems was:
- duplicate dependency on rails (= 3.0.11, development), (>= 3.0.0) use:
- add_runtime_dependency 'rails', '= 3.0.11', '>= 3.0.0'
-Using themes_for_rails (0.5.1) from https://github.com/holtkampw/themes_for_rails (at 1fd2d78)
+Cluster:
+ zzzzz:
+ TLS:
+ Insecure: false
-{% include 'notebox_end' %}
-This command aborts when it encounters an error. It's safe to rerun multiple times, so if there's a problem with your configuration, you can fix that and try again.
+h2. Configure Piwik (optional)
+
+Piwik can be used to gather usage analytics. In @/var/www/arvados-workbench/current/config@, copy @piwik.yml.example@ to @piwik.yml@ and edit to suit.
h2. Set up Web server
@@ -120,9 +110,7 @@ For best performance, we recommend you use Nginx as your Web server front-end, w
-- Install Nginx via your distribution or a backports repository.
-
-- Install Phusion Passenger for Nginx.
+- Install Nginx and Phusion Passenger.
Edit the http section of your Nginx configuration to run the Passenger server, and act as a front-end for it. You might add a block like the following, adding SSL and logging parameters to taste:
@@ -136,6 +124,10 @@ For best performance, we recommend you use Nginx as your Web server front-end, w
passenger_enabled on;
# If you're using RVM, uncomment the line below.
#passenger_ruby /usr/local/rvm/wrappers/default/ruby;
+
+ # `client_max_body_size` should match the corresponding setting in
+ # the API.MaxRequestSize and Controller's server's Nginx configuration.
+ client_max_body_size 128m;
}
upstream workbench {
@@ -149,16 +141,22 @@ server {
server_name workbench.uuid-prefix.your.domain;
ssl on;
+ ssl_certificate /YOUR/PATH/TO/cert.pem;
+ ssl_certificate_key /YOUR/PATH/TO/cert.key;
index index.html index.htm index.php;
+ # `client_max_body_size` should match the corresponding setting in
+ # the API.MaxRequestSize and Controller's server's Nginx configuration.
+ client_max_body_size 128m;
location / {
proxy_pass http://workbench;
proxy_redirect off;
+ proxy_connect_timeout 90s;
+ proxy_read_timeout 300s;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
- proxy_set_header X-External-Client $external_client;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
@@ -171,14 +169,33 @@ server {
+h2. Prepare the Workbench deployment
+
+{% assign railspkg = "arvados-workbench" %}
+{% include 'install_rails_reconfigure' %}
+
+{% include 'notebox_begin' %}
+You can safely ignore the following error message you may see when Ruby Gems are installed:
+
+themes_for_rails at /usr/local/rvm/gems/ruby-2.1.1/bundler/gems/themes_for_rails-1fd2d7897d75 did not have a valid gemspec.
+This prevents bundler from installing bins or native extensions, but that may not affect its functionality.
+The validation message from Rubygems was:
+ duplicate dependency on rails (= 3.0.11, development), (>= 3.0.0) use:
+ add_runtime_dependency 'rails', '= 3.0.11', '>= 3.0.0'
+Using themes_for_rails (0.5.1) from https://github.com/holtkampw/themes_for_rails (at 1fd2d78)
+
+
+{% include 'notebox_end' %}
+
h2. Trusted client setting
Log in to Workbench once to ensure that the Arvados API server has a record of the Workbench client. (It's OK if Workbench says your account hasn't been activated yet. We'll deal with that next.)
-In the API server project root, start the rails console. Locate the ApiClient record for your Workbench installation (typically, while you're setting this up, the @last@ one in the database is the one you want), then set the @is_trusted@ flag for the appropriate client record:
+In the API server project root, start the Rails console. {% include 'install_rails_command' %}
+
+At the console, enter the following commands to locate the ApiClient record for your Workbench installation (typically, while you're setting this up, the @last@ one in the database is the one you want), then set the @is_trusted@ flag for the appropriate client record:
-/var/www/arvados-api/current$ RAILS_ENV=production bundle exec rails console
-irb(main):001:0> wb = ApiClient.all.last; [wb.url_prefix, wb.created_at]
+irb(main):001:0> wb = ApiClient.all.last; [wb.url_prefix, wb.created_at]
=> ["https://workbench.example.com/", Sat, 19 Apr 2014 03:35:12 UTC +00:00]
irb(main):002:0> include CurrentApiClient
=> true
@@ -189,14 +206,14 @@ irb(main):003:0> act_as_system_user do wb.update_attr
h2(#admin-user). Add an admin user
-Next, we're going to use the rails console on the API server to activate our own account and give yourself admin privileges:
+Next, we're going to use the Rails console on the API server to activate your account and give yourself admin privileges. {% include 'install_rails_command' %}
+
+Enter the following commands at the console:
-/var/www/arvados-api/current$ RAILS_ENV=production bundle exec rails console
-irb(main):001:0> Thread.current[:user] = User.all.select(&:identity_url).last
-irb(main):002:0> Thread.current[:user].is_admin = true
-irb(main):003:0> Thread.current[:user].update_attributes is_admin: true, is_active: true
-irb(main):004:0> User.where(is_admin: true).collect &:email
+irb(main):001:0> Thread.current[:user] = User.all.select(&:identity_url).last
+irb(main):002:0> Thread.current[:user].update_attributes is_admin: true, is_active: true
+irb(main):003:0> User.where(is_admin: true).collect &:email
=> ["root", "your_address@example.com"]