X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/522404b2066c8b635a240f79dd4bf652479afadb..4f245ddd7f4cb4e10dc0d844a78e809c0cd97af7:/doc/install/install-shell-server.html.textile.liquid
diff --git a/doc/install/install-shell-server.html.textile.liquid b/doc/install/install-shell-server.html.textile.liquid
index 506894ef15..08ac57f5ba 100644
--- a/doc/install/install-shell-server.html.textile.liquid
+++ b/doc/install/install-shell-server.html.textile.liquid
@@ -58,3 +58,98 @@ Configure git to use the ARVADOS_API_TOKEN environment variable to authenticate
~$ sudo git config --system 'credential.https://git.uuid_prefix.your.domain/.helper' '!cred(){ cat >/dev/null; if [ "$1" = get ]; then echo password=$ARVADOS_API_TOKEN; fi; };cred'
+
+h2. Install arvados-login-sync
+
+This program makes it possible for Arvados users to log in to the shell server -- subject to permissions assigned by the Arvados administrator -- using the SSH keys they upload to Workbench. It sets up login accounts, updates group membership, and adds users' public keys to the appropriate @authorized_keys@ files.
+
+Create an Arvados virtual_machine object representing this shell server. This will assign a UUID.
+
+
+
+apiserver:~$ arv --format=uuid virtual_machine create --virtual-machine '{"hostname":"your.shell.server.hostname"}'
+zzzzz-2x53u-zzzzzzzzzzzzzzz
+
+
+
+Create a token that is allowed to read login information for this VM.
+
+
+
+apiserver:~$ arv api_client_authorization create --api-client-authorization '{"scopes":["GET /arvados/v1/virtual_machines/zzzzz-2x53u-zzzzzzzzzzzzzzz/logins"]}'
+{
+ ...
+ "api_token":"zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz",
+ ...
+}
+
+
+
+Note the UUID and the API token output by the above commands: you will need them in a minute.
+
+Install the arvados-login-sync program.
+
+If you're using RVM:
+
+
+
+shellserver:~$ sudo -i `which rvm-exec` default gem install arvados-login-sync
+
+
+
+If you're not using RVM:
+
+
+
+shellserver:~$ sudo -i gem install arvados-login-sync
+
+
+
+Install cron.
+
+On Debian-based systems:
+
+
+~$ sudo apt-get install cron
+
+
+
+On Red Hat-based systems:
+
+
+~$ sudo yum install cron
+
+
+
+Configure cron to run the @arvados-login-sync@ program every 2 minutes.
+
+If you're using RVM:
+
+
+
+shellserver:~$ sudo bash -c 'umask 077; tee /etc/cron.d/arvados-login-sync' <<'EOF'
+ARVADOS_API_HOST="uuid_prefix.your.domain"
+ARVADOS_API_TOKEN="the_token_you_created_above"
+ARVADOS_VIRTUAL_MACHINE_UUID="zzzzz-2x53u-zzzzzzzzzzzzzzz"
+*/2 * * * * root /usr/local/rvm/bin/rvm-exec default arvados-login-sync
+EOF
+
+
+
+If you're not using RVM:
+
+
+
+shellserver:~$ sudo bash -c 'umask 077; tee /etc/cron.d/arvados-login-sync' <<'EOF'
+ARVADOS_API_HOST="uuid_prefix.your.domain"
+ARVADOS_API_TOKEN="the_token_you_created_above"
+ARVADOS_VIRTUAL_MACHINE_UUID="zzzzz-2x53u-zzzzzzzzzzzzzzz"
+*/2 * * * * root arvados-login-sync
+EOF
+
+
+
+A user should be able to log in to the shell server when the following conditions are satisfied:
+* The user has uploaded an SSH public key: Workbench → Account menu → "SSH keys" item → "Add new SSH key" button.
+* As an admin user, you have given the user permission to log in: Workbench → Admin menu → "Users" item → "Show" button → "Admin" tab → "Setup shell account" button.
+* Two minutes have elapsed since the above conditions were satisfied, and the cron job has had a chance to run.