X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/9494d7df964f24d7d8d53a09233d696d4ffcc234..39c17737ac69d7693684fe2f95bef0ec235a28bf:/doc/install/install-api-server.html.textile.liquid?ds=sidebyside
diff --git a/doc/install/install-api-server.html.textile.liquid b/doc/install/install-api-server.html.textile.liquid
index d2b7566b7d..a25942fe24 100644
--- a/doc/install/install-api-server.html.textile.liquid
+++ b/doc/install/install-api-server.html.textile.liquid
@@ -3,6 +3,11 @@ layout: default
navsection: installguide
title: Install the API server
...
+{% comment %}
+Copyright (C) The Arvados Authors. All rights reserved.
+
+SPDX-License-Identifier: CC-BY-SA-3.0
+{% endcomment %}
h2. Install prerequisites
@@ -12,10 +17,6 @@ h3(#install_ruby_and_bundler). Install Ruby and Bundler
{% include 'install_ruby_and_bundler' %}
-h3(#install_postgres). Install PostgreSQL
-
-{% include 'install_postgres' %}
-
h2(#install_apiserver). Install API server and dependencies
On a Debian-based system, install the following packages:
@@ -34,59 +35,19 @@ On a Red Hat-based system, install the following packages:
{% include 'install_git' %}
-h2. Set up the database
+h2(#configure). Set up the database
-Generate a new database password. Nobody ever needs to memorize it or type it, so we'll make a strong one:
+Configure the API server to connect to your database by updating @/etc/arvados/api/database.yml@. Replace the @xxxxxxxx@ database password placeholder with the "password you generated during database setup":install-postgresql.html#api. Be sure to update the @production@ section.
~$ ruby -e 'puts rand(2**128).to_s(36)'
-6gqa1vu492idd7yca9tfandj3
+
~$ editor /etc/arvados/api/database.yml
~$ sudo -u postgres createuser --encrypted -R -S --pwprompt arvados
-[sudo] password for you: yourpassword
-Enter password for new role: paste-password-you-generated
-Enter it again: paste-password-again
-
-~$ sudo -u postgres createdb arvados_production -T template0 -E UTF8 -O arvados
-
-~$ sudo mkdir -p /etc/arvados/api
-~$ sudo chmod 700 /etc/arvados/api
-~$ cd /var/www/arvados-api/current
-/var/www/arvados-api/current$ sudo cp config/database.yml.example /etc/arvados/api/database.yml
-/var/www/arvados-api/current$ sudo cp config/application.yml.example /etc/arvados/api/application.yml
-
Don't run Bundler as root. Bundler can ask for sudo if it is needed, and installing your bundle as root will -break this application for all non-root users on this machine.-
fatal: Not a git repository (or any of the parent directories): .git-{% include 'notebox_end' %} - -This command aborts when it encounters an error. It's safe to rerun multiple times, so if there's a problem with your configuration, you can fix that and try again. - -h2(#set_up). Set up Web servers - -For best performance, we recommend you use Nginx as your Web server front-end, with a Passenger backend for the main API server and a Puma backend for API server Websockets. To do that: +Set the @disable_api_methods@ configuration option to disable the deprecated @jobs@ API. This will prevent users from accidentally submitting jobs that won't run. "All new installations should use the containers API.":crunch2-slurm/install-prerequisites.html
Puma is already included with the API server's gems. We recommend you run it as a service under runit or a similar tool. Here's a sample runit script for that:
- -#!/bin/bash
-
-set -e
-exec 2>&1
-
-# Uncomment the line below if you're using RVM.
-#source /etc/profile.d/rvm.sh
+
+ disable_api_methods:
+ - jobs.create
+ - pipeline_instances.create
+ - pipeline_templates.create
+ - jobs.get
+ - pipeline_instances.get
+ - pipeline_templates.get
+ - jobs.list
+ - pipeline_instances.list
+ - pipeline_templates.list
+ - jobs.index
+ - pipeline_instances.index
+ - pipeline_templates.index
+ - jobs.update
+ - pipeline_instances.update
+ - pipeline_templates.update
+ - jobs.queue
+ - jobs.queue_size
+ - job_tasks.create
+ - job_tasks.get
+ - job_tasks.list
+ - job_tasks.index
+ - job_tasks.update
+ - jobs.show
+ - pipeline_instances.show
+ - pipeline_templates.show
+ - job_tasks.show
+
+
Edit the http section of your Nginx configuration to run the Passenger server, and act as a front-end for both it and Puma. You might add a block like the following, adding SSL and logging parameters to taste:
+Edit the http section of your Nginx configuration to run the Passenger server. Add a block like the following, adding SSL and logging parameters to taste: -server {
+
+
+server {
listen 127.0.0.1:8000;
server_name localhost-api;
@@ -257,17 +214,20 @@ exec chpst -m 1073741824 -u webserver-user:webserver-group -e "$envdir" \
passenger_enabled on;
# If you're using RVM, uncomment the line below.
#passenger_ruby /usr/local/rvm/wrappers/default/ruby;
+
+ # This value effectively limits the size of API objects users can
+ # create, especially collections. If you change this, you should
+ # also ensure the following settings match it:
+ # * `client_max_body_size` in the server section below
+ # * `client_max_body_size` in the Workbench Nginx configuration (twice)
+ # * `max_request_size` in the API server's application.yml file
+ client_max_body_size 128m;
}
upstream api {
server 127.0.0.1:8000 fail_timeout=10s;
}
-upstream websockets {
- # The address below must match the one specified in puma's -b option.
- server 127.0.0.1:8100 fail_timeout=10s;
-}
-
proxy_http_version 1.1;
# When Keep clients request a list of Keep services from the API server, the
@@ -279,69 +239,26 @@ geo $external_client {
default 1;
10.20.30.0/24 0;
}
-
-server {
- listen [your public IP address]:443 ssl;
- server_name uuid_prefix.your.domain;
-
- ssl on;
- ssl_certificate /YOUR/PATH/TO/cert.pem;
- ssl_certificate_key /YOUR/PATH/TO/cert.key;
-
- index index.html index.htm index.php;
-
- # This value effectively limits the size of API objects users can create,
- # especially collections. If you change this, you should also set
- # `max_request_size` in the API server's application.yml file to the same
- # value.
- client_max_body_size 128m;
-
- location / {
- proxy_pass http://api;
- proxy_redirect off;
- proxy_connect_timeout 90s;
- proxy_read_timeout 300s;
-
- proxy_set_header X-Forwarded-Proto https;
- proxy_set_header Host $http_host;
- proxy_set_header X-External-Client $external_client;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
-}
-
-server {
- listen [your public IP address]:443 ssl;
- server_name ws.uuid_prefix.your.domain;
-
- ssl on;
- ssl_certificate /YOUR/PATH/TO/cert.pem;
- ssl_certificate_key /YOUR/PATH/TO/cert.key;
-
- index index.html index.htm index.php;
-
- location / {
- proxy_pass http://websockets;
- proxy_redirect off;
- proxy_connect_timeout 90s;
- proxy_read_timeout 300s;
-
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
-}
-
Restart Nginx:
+Restart Nginx to apply the new configuration. +~$ sudo nginx -s reload
+Don't run Bundler as root. Bundler can ask for sudo if it is needed, and installing your bundle as root will +break this application for all non-root users on this machine.
fatal: Not a git repository (or any of the parent directories): .git