X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/34227825eec21d3a393d4467b7ed768b52ac32b1..b49229f98012d7c08ce02b8d28dbcc165c8a6c53:/doc/install/install-sso.html.textile.liquid
diff --git a/doc/install/install-sso.html.textile.liquid b/doc/install/install-sso.html.textile.liquid
index 56c7a4b337..fbed12495b 100644
--- a/doc/install/install-sso.html.textile.liquid
+++ b/doc/install/install-sso.html.textile.liquid
@@ -3,6 +3,11 @@ layout: default
navsection: installguide
title: Install the Single Sign On (SSO) server
...
+{% comment %}
+Copyright (C) The Arvados Authors. All rights reserved.
+
+SPDX-License-Identifier: CC-BY-SA-3.0
+{% endcomment %}
h2(#dependencies). Install prerequisites
@@ -10,7 +15,7 @@ The Arvados package repository includes an SSO server package that can help auto
h3(#install_ruby_and_bundler). Install Ruby and Bundler
-{% include 'install_ruby_and_bundler' %}
+{% include 'install_ruby_and_bundler_sso' %}
h3(#install_web_server). Set up a Web server
@@ -77,98 +82,31 @@ There are other configuration options in @/etc/arvados/sso/application.yml@. See
h2(#database). Set up the database
-If PostgreSQL was newly installed as a dependency of the @arvados-sso-server@ package, you will need to start the service.
-
-On a Debian-based system:
-
-
-~$ sudo service postgresql start
-
-
-
-On a Red Hat-based system, we also need to initialize the database system:
-
-
-~$ sudo service postgresql initdb
-~$ sudo service postgresql start
-
-
-
-{% include 'notebox_begin' %}
-
-If you are installing on CentOS6, you will need to modify PostgreSQL's configuration to allow password authentication for local users. The default configuration allows 'ident' only. The following commands will make the configuration change, and restart PostgreSQL for it to take effect.
-
-
-~$ sudo sed -i -e "s/127.0.0.1\/32 ident/127.0.0.1\/32 md5/" /var/lib/pgsql/data/pg_hba.conf
-~$ sudo sed -i -e "s/::1\/128 ident/::1\/128 md5/" /var/lib/pgsql/data/pg_hba.conf
-~$ sudo service postgresql restart
-
-
-{% include 'notebox_end' %}
-
-
-Next, generate a new database password. Nobody ever needs to memorize it or type it, so make a strong one:
-
-
-~$ ruby -e 'puts rand(2**128).to_s(36)'
-abcdefghijklmnopqrstuvwxyz012345689
-
-
-Configure the SSO server to connect to your database by updating @/etc/arvados/sso/database.yml@. Replace the @xxxxxxxx@ database password placeholder with the new password you generated above. Be sure to update the @production@ section.
+Configure the SSO server to connect to your database by updating @/etc/arvados/sso/database.yml@. Replace the @xxxxxxxx@ database password placeholder with the "password you generated during database setup":install-postgresql.html#sso. Be sure to update the @production@ section.
~$ editor /etc/arvados/sso/database.yml
-Create a new database user with permission to create its own databases.
-
-
-~$ sudo -u postgres createuser --createdb --encrypted -R -S --pwprompt arvados_sso
-Enter password for new role: paste-database-password-you-generated
-Enter it again: paste-database-password-you-generated
-
-
-Rails will take care of creating the database, based on the information from @/etc/arvados/sso/database.yml@.
-
-Alternatively, if the database user you intend to use for the SSO server should not be allowed to create new databases, the user and the database can be created like this:
-
-
-~$ sudo -u postgres createuser --encrypted -R -S --pwprompt arvados_sso
-Enter password for new role: paste-database-password-you-generated
-Enter it again: paste-database-password-you-generated
-~$ sudo -u postgres createdb arvados_sso_production -E UTF8 -O arvados_sso -T template0
-
-
h2(#reconfigure_package). Reconfigure the package
-Now that the @/etc/arvados/sso/application.yml@ and @/etc/arvados/sso/database.yml@ files have been updated, we need to reconfigure our installed package. Doing so will create and/or initialize the database and precompile the assets.
-
-On a Debian-based system:
-
-
-~$ sudo dpkg-reconfigure arvados-sso-server
-
-
-
-On a Red Hat-based system, we need to reinstall the package instead:
-
-
-~$ sudo yum reinstall arvados-sso-server
-
-
+{% assign railspkg = "arvados-sso-server" %}
+{% include 'install_rails_reconfigure' %}
h2(#client). Create arvados-server client
-Use @rails console@ to create a @Client@ record that will be used by the Arvados API server. The values of @app_id@ and @app_secret@ correspond to the values for @sso_app_id@ and @sso_app_secret@ in the "API server's SSO settings.":install-api-server.html#omniauth
+{% assign railshost = "" %}
+{% assign railsdir = "/var/www/arvados-sso/current" %}
+Use @rails console@ to create a @Client@ record that will be used by the Arvados API server. {% include 'install_rails_command' %}
+
+Enter the following commands at the console. The values that appear after you assign @app_id@ and @app_secret@ correspond to the values for @sso_app_id@ and @sso_app_secret@, respectively, in the "API server's SSO settings":install-api-server.html#omniauth.
-~$ ruby -e 'puts rand(2**400).to_s(36)'
-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-~$ RAILS_ENV=production bundle exec rails console
-:001 > c = Client.new
+:001 > c = Client.new
:002 > c.name = "joshid"
:003 > c.app_id = "arvados-server"
-:004 > c.app_secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+:004 > c.app_secret = rand(2**400).to_s(36)
+=> "save this string for your API server's sso_app_secret"
:005 > c.save!
:006 > quit
@@ -244,11 +182,12 @@ There are two configuration options for local accounts:
For more information about configuring backend support for sending email (required to send email confirmations) see "Configuring Action Mailer":http://guides.rubyonrails.org/configuring.html#configuring-action-mailer
-If @allow_account_registration@ is false, you may manually create local accounts on the SSO server from the rails console:
+If @allow_account_registration@ is false, you may manually create local accounts on the SSO server from the Rails console. {% include 'install_rails_command' %}
+
+Enter the following commands at the console.
-~$ RAILS_ENV=production bundle exec rails console
-:001 > user = User.new(:email => "test@example.com")
+:001 > user = User.new(:email => "test@example.com")
:002 > user.password = "passw0rd"
:003 > user.save!
:004 > quit
@@ -297,14 +236,12 @@ In order to use Google+ authentication, you must use the "---YOUR---CLIENT---ID---HERE--"-
google_oauth2_client_secret: "---YOUR---CLIENT---SECRET---HERE--"-
-
-