X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/76f9268395068d47fda7f34426bc83d603c834c7..31e1d10eb4a54b13f55b3c9638f46032be633ff9:/doc/install/install-api-server.html.textile.liquid diff --git a/doc/install/install-api-server.html.textile.liquid b/doc/install/install-api-server.html.textile.liquid index ccfc58ecf4..e1de8c3e60 100644 --- a/doc/install/install-api-server.html.textile.liquid +++ b/doc/install/install-api-server.html.textile.liquid @@ -8,17 +8,42 @@ h2. Prerequisites: # A GNU/Linux (virtual) machine # A domain name for your api server -# Ruby >= 2.0.0 -# Bundler: @gem install bundler@ -# Curl libraries: @sudo apt-get install libcurl3 libcurl3-gnutls libcurl4-openssl-dev@ + +h2(#dependencies). Install dependencies + + +
~$ sudo apt-get install \
+    bison build-essential gettext libcurl3 libcurl3-gnutls \
+    libcurl4-openssl-dev libpcre3-dev libpq-dev libreadline-dev \
+    libsqlite3-dev libssl-dev libxslt1.1 postgresql sqlite3 sudo \
+    wget zlib1g-dev
+
 + +h2(#ruby). Install Ruby and bundler + +We recommend Ruby >= 2.1. + + +
mkdir -p ~/src
+cd ~/src
+wget http://cache.ruby-lang.org/pub/ruby/2.1/ruby-2.1.2.tar.gz
+tar xzf ruby-2.1.2.tar.gz
+cd ruby-2.1.2
+./configure
+make
+sudo make install
+
+sudo gem install bundler
+
 h2. Download the source tree -
~$ git clone https://github.com/curoverse/arvados.git
+
~$ cd $HOME # (or wherever you want to install)
+~$ git clone https://github.com/curoverse/arvados.git
 

 
-See also: "Downloading the source code:https://arvados.org/projects/arvados/wiki/Download on the Arvados wiki.
+See also: "Downloading the source code":https://arvados.org/projects/arvados/wiki/Download on the Arvados wiki.
 
 h2. Install gem dependencies
 
@@ -49,10 +74,12 @@ Make sure a clone of the arvados repository exists in @git_repositories_dir@:
 Generate a new secret token for signing cookies:
 
 
-
~/arvados/services/api$ rake secret
+
~/arvados/services/api$ rake secret
 zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
 

 
+If you want access control on your Keep server(s), you should set @blob_signing_key@ to the same value as the permission key you provided to your "Keep server(s)":install-keep.html.
+
 Put it in @config/application.yml@ in the production or common section:
 
 
@@ -62,13 +89,32 @@ Put it in @config/application.yml@ in the production or common section:
 
 Consult @application.default.yml@ for a full list of configuration options. Always put your local configuration in @application.yml@ instead of editing @application.default.yml@.
 
-Configure the database:
+Generate a new database password. Nobody ever needs to memorize it or type it, so we'll make a strong one:
+
+
+
~/arvados/services/api$ ruby -e 'puts rand(2**128).to_s(36)'
+6gqa1vu492idd7yca9tfandj3
+

+
+Create a new database user with permission to create its own databases.
+
+
+
~/arvados/services/api$ sudo -u postgres createuser --createdb --encrypted --pwprompt arvados
+[sudo] password for you: yourpassword
+Enter password for new role: paste-password-you-generated
+Enter it again: paste-password-again
+Shall the new role be a superuser? (y/n) n
+Shall the new role be allowed to create more new roles? (y/n) n
+

+
+Configure API server to connect to your database by creating and updating @config/database.yml@. Replace the @xxxxxxxx@ database password placeholders with the new password you generated above.
 
 
 
~/arvados/services/api$ cp -i config/database.yml.sample config/database.yml
+~/arvados/services/api$ edit config/database.yml
 

 
-By default, the development database will use the sqlite3 driver, so no configuration is necessary.  If you wish to use mysql or postgres, edit @config/database.yml@ to your liking and make sure the database and db user exist. Then initialize the database:
+Create and initialize the database.
 
 
 
~/arvados/services/api$ RAILS_ENV=development bundle exec rake db:setup
@@ -80,12 +126,25 @@ Set up omniauth:
 
~/arvados/services/api$ cp -i config/initializers/omniauth.rb.example config/initializers/omniauth.rb
 

 
-Edit @config/initializers/omniauth.rb@. Set @APP_SECRET@ to the value of @app_secret@ from "installing the single sign on server":install-sso.html .
+Edit @config/initializers/omniauth.rb@, and tell your api server to use the Curoverse SSO server for authentication:
+
+
+
APP_ID = 'local_docker_installation'
+APP_SECRET = 'yohbai4eecohshoo1Yoot7tea9zoca9Eiz3Tajahweo9eePaeshaegh9meiye2ph'
+CUSTOM_PROVIDER_URL = 'https://auth.curoverse.com'
+

+

+
+

+  
+  
Note!

+  
You can also run your own SSO server. However, the SSO server codebase currently uses OpenID 2.0 to talk to Google's authentication service. Google has deprecated that protocol. This means that new clients will not be allowed to talk to Google's authentication services anymore over OpenID 2.0, and they will phase out the use of OpenID 2.0 completely in the coming monts. We are working on upgrading the SSO server codebase to a newer protocol. That work should be complete by the end of November 2014. In the mean time, anyone is free to use the existing Curoverse SSO server for any local Arvados installation.

+

 
 You can now run the development server:
 
 
-
~/arvados/services/api$ rails server
+
~/arvados/services/api$ bundle exec rails server --port=3030
 

 
 h3. Apache/Passenger (optional)
@@ -99,30 +158,24 @@ To enable streaming so users can monitor crunch jobs in real time, add to your P
 

 
 
-h2. Add an admin user
+h2(#admin-user). Add an admin user
 
-Point browser to the API endpoint. Log in with a google account.
-
-In the rails console:
+Point your browser to the API server's login endpoint:
 
 
-
~/arvados/services/api$ rails console
-irb(main):001:0> Thread.current[:user] = User.find(1)
-irb(main):002:0> Thread.current[:user].is_admin = true
-irb(main):003:0> User.find(1).update_attributes is_admin: true, is_active: true
-irb(main):004:0> User.find(1).is_admin
-=> true
-

+
https://localhost:3030/login
+

+
 
-h2. Create an API token
+Log in with your google account.
 
-In rails console:
+Use the rails console to give yourself admin privileges:
 
 
-
~/arvados/services/api$ rails console
-irb(main):001:0> a = ApiClient.new(owner_uuid:'0')
-irb(main):002:0> a.save!
-irb(main):003:0> x = ApiClientAuthorization.new(api_client_id:a.id, user_id:1)
-irb(main):004:0> x.save
-irb(main):005:0> x.api_token
+
~/arvados/services/api$ bundle exec rails console
+irb(main):001:0> Thread.current[:user] = User.all.select(&:identity_url).last
+irb(main):002:0> Thread.current[:user].is_admin = true
+irb(main):003:0> Thread.current[:user].update_attributes is_admin: true, is_active: true
+irb(main):004:0> User.where(is_admin: true).collect &:email
+=> ["root", "your_address@example.com"]