X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/313f5fedd4214d077e2b5c7c26bab4df3895c44a..340d6a03a20592e3ba1c69340dbdf70070e43e82:/doc/install/install-api-server.html.textile.liquid diff --git a/doc/install/install-api-server.html.textile.liquid b/doc/install/install-api-server.html.textile.liquid index 6440a54e4d..b65fe6975d 100644 --- a/doc/install/install-api-server.html.textile.liquid +++ b/doc/install/install-api-server.html.textile.liquid @@ -12,7 +12,7 @@ h2. Install prerequisites
~$ sudo apt-get install \
     bison build-essential gettext libcurl3 libcurl3-gnutls \
     libcurl4-openssl-dev libpcre3-dev libpq-dev libreadline-dev \
-    libssl-dev libxslt1.1 postgresql sudo wget zlib1g-dev
+    libssl-dev libxslt1.1 postgresql git wget zlib1g-dev
 
Also make sure you have "Ruby and bundler":install-manual-prerequisites-ruby.html installed. @@ -59,7 +59,7 @@ Consult @config/application.default.yml@ for a full list of configuration option h3(#uuid_prefix). uuid_prefix -It is recommended to explicitly define your @uuid_prefix@ in @config/application.yml@, by setting the 'uuid_prefix' field in the section for your environment. +Define your @uuid_prefix@ in @config/application.yml@ by setting the @uuid_prefix@ field in the section for your environment. This prefix is used for all database identifiers to identify the record as originating from this site. It must be exactly 5 alphanumeric characters (lowercase ASCII letters and digits). h3(#git_repositories_dir). git_repositories_dir @@ -77,7 +77,7 @@ h3. secret_token Generate a new secret token for signing cookies: -
~/arvados/services/api$ rake secret
+
~/arvados/services/api$ ruby -e 'puts rand(2**400).to_s(36)'
 zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
 
@@ -89,7 +89,7 @@ If you want access control on your "Keepstore":install-keepstore.html server(s), h3. workbench_address -Fill in the url of your workbench application in in @workbench_address@, for example +Fill in the url of your workbench application in @workbench_address@, for example   https://workbench.@prefix_uuid@.your.domain @@ -109,12 +109,10 @@ Generate a new database password. Nobody ever needs to memorize it or type it, s Create a new database user with permission to create its own databases. -
~/arvados/services/api$ sudo -u postgres createuser --createdb --encrypted --pwprompt arvados
+
~/arvados/services/api$ sudo -u postgres createuser --createdb --encrypted -R -S --pwprompt arvados
 [sudo] password for you: yourpassword
 Enter password for new role: paste-password-you-generated
 Enter it again: paste-password-again
-Shall the new role be a superuser? (y/n) n
-Shall the new role be allowed to create more new roles? (y/n) n
 
Configure API server to connect to your database by creating and updating @config/database.yml@. Replace the @xxxxxxxx@ database password placeholders with the new password you generated above. @@ -138,15 +136,13 @@ Alternatively, if the database user you intend to use for the API server is not ~/arvados/services/api$ RAILS_ENV=production bundle exec rake db:seed
-
- -

Note!

+{% include 'notebox_begin' %} You can safely ignore the following error message you may see when loading the database structure:
ERROR:  must be owner of extension plpgsql
-
+{% include 'notebox_end' %} -h2. Set up omniauth +h2(#omniauth). Set up omniauth First copy the omniauth configuration file: @@ -154,20 +150,14 @@ First copy the omniauth configuration file:
~/arvados/services/api$ cp -i config/initializers/omniauth.rb.example config/initializers/omniauth.rb
 
-Edit @config/initializers/omniauth.rb@, and tell your api server to use the Curoverse SSO server for authentication. Use the @APP_SECRET@ specified in the snippet below. +Edit @config/initializers/omniauth.rb@ to configure the SSO server for authentication. @APP_ID@ and @APP_SECRET@ correspond to the @app_id@ and @app_secret@ set in "Create arvados-server client for Single Sign On (SSO)":install-sso.html#client and @CUSTOM_PROVIDER_URL@ is the address of your SSO server. -
APP_ID = 'local_docker_installation'
-APP_SECRET = 'yohbai4eecohshoo1Yoot7tea9zoca9Eiz3Tajahweo9eePaeshaegh9meiye2ph'
-CUSTOM_PROVIDER_URL = 'https://auth.curoverse.com'
-
-
- -
- -

Note!

-

You can also run your own SSO server. However, the SSO server codebase currently uses OpenID 2.0 to talk to Google's authentication service. Google has deprecated that protocol. This means that new clients will not be allowed to talk to Google's authentication services anymore over OpenID 2.0, and they will phase out the use of OpenID 2.0 completely in the coming monts. We are working on upgrading the SSO server codebase to a newer protocol. That work should be complete by the end of November 2014. In the mean time, anyone is free to use the existing Curoverse SSO server for any local Arvados installation.

-
+
APP_ID = 'arvados-server'
+APP_SECRET = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
+CUSTOM_PROVIDER_URL = 'https://sso.example.com/'
+
+
h2. Start the API server @@ -181,7 +171,7 @@ If you plan to run in development mode, you can now run the development server t h3. Production environment -We recommend "Passenger":https://www.phusionpassenger.com/ to run the API server in production. +We recommend "Passenger":https://www.phusionpassenger.com/ to run the API server in production. Point it to the services/api directory in the source tree.