X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/996776292b5bfaeadb89457943ea1fba0700d030..db33fa2b2d1f09a186bc07a2956cb0edae380d2c:/doc/install/install-controller.html.textile.liquid diff --git a/doc/install/install-controller.html.textile.liquid b/doc/install/install-controller.html.textile.liquid new file mode 100644 index 0000000000..ccb8d980ae --- /dev/null +++ b/doc/install/install-controller.html.textile.liquid @@ -0,0 +1,180 @@ +--- +layout: default +navsection: installguide +title: Install the controller +... +{% comment %} +Copyright (C) The Arvados Authors. All rights reserved. + +SPDX-License-Identifier: CC-BY-SA-3.0 +{% endcomment %} + +The arvados-controller service must be installed on your API server node. + +On Debian-based systems: + + +
~$ sudo apt-get install arvados-controller
+
+ + +On Red Hat-based systems: + + +
~$ sudo yum install arvados-controller
+
+ + +Verify the @arvados-controller@ program is functional: + + +
~$ arvados-controller -h
+Usage:
+  -config file
+[...]
+
+ + +h3. Configure Nginx to route requests to the controller + +Add @upstream@ and @server@ definitions inside the @http@ section of your Nginx configuration using the following template. + +{% include 'notebox_begin' %} + +If you are adding arvados-controller to an existing system as part of the upgrade procedure, do not add a new "server" part here. Instead, add only the "upstream" part as shown here, and update your existing "server" section by changing its @proxy_pass@ directive from @http://api@ to @http://controller@. + +{% include 'notebox_end' %} + + +
upstream controller {
+  server     127.0.0.1:9004  fail_timeout=10s;
+}
+
+server {
+  listen       [your public IP address]:443 ssl;
+  server_name  uuid_prefix.your.domain;
+
+  ssl on;
+  ssl_certificate     /YOUR/PATH/TO/cert.pem;
+  ssl_certificate_key /YOUR/PATH/TO/cert.key;
+
+  # Refer to the comment about this setting in the passenger (arvados
+  # api server) section of your Nginx configuration.
+  client_max_body_size 128m;
+
+  location / {
+    proxy_pass            http://controller;
+    proxy_redirect        off;
+    proxy_connect_timeout 90s;
+    proxy_read_timeout    300s;
+
+    proxy_set_header      X-Forwarded-Proto https;
+    proxy_set_header      Host $http_host;
+    proxy_set_header      X-External-Client $external_client;
+    proxy_set_header      X-Real-IP $remote_addr;
+    proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+}
+
+ + +Restart Nginx to apply the new configuration. + + +
~$ sudo nginx -s reload
+
+ + +h3. Configure arvados-controller + +Create the cluster configuration file @/etc/arvados/config.yml@ using the following template. + + +
Clusters:
+  uuid_prefix:
+    NodeProfiles:
+      apiserver:
+        arvados-controller:
+          Listen: ":9004" # must match the "upstream controller" section of your Nginx config
+        arvados-api-server:
+          Listen: ":8000" # must match the "upstream api" section of your Nginx config
+    PostgreSQL:
+      ConnectionPool: 128
+      Connection:
+        host: localhost
+        dbname: arvados_production
+        user: arvados
+        password: xxxxxxxx
+        sslmode: require
+
+ + +Create the host configuration file @/etc/arvados/environment@. + + +
ARVADOS_NODE_PROFILE=apiserver
+
+ + +h3. Start the service (option 1: systemd) + +If your system does not use systemd, skip this section and follow the "runit instructions":#runit instead. + +If your system uses systemd, the arvados-controller service should already be set up. Restart it to load the new configuration file, and check its status: + + +
~$ sudo systemctl restart arvados-controller
+~$ sudo systemctl status arvados-controller
+● arvados-controller.service - Arvados controller
+   Loaded: loaded (/lib/systemd/system/arvados-controller.service; enabled; vendor preset: enabled)
+   Active: active (running) since Tue 2018-07-31 13:17:44 UTC; 3s ago
+     Docs: https://doc.arvados.org/
+ Main PID: 25066 (arvados-control)
+   CGroup: /system.slice/arvados-controller.service
+           └─25066 /usr/bin/arvados-controller
+
+Jul 31 13:17:44 zzzzz systemd[1]: Starting Arvados controller...
+Jul 31 13:17:44 zzzzz arvados-controller[25191]: {"Listen":"[::]:9004","Service":"arvados-controller","level":"info","msg":"listening","time":"2018-07-31T13:17:44.521694195Z"}
+Jul 31 13:17:44 zzzzz systemd[1]: Started Arvados controller.
+
+ + +Skip ahead to "confirm the service is working":#confirm. + +h3(#runit). Start the service (option 2: runit) + +Install runit to supervise the arvados-controller daemon. {% include 'install_runit' %} + +Create a supervised service. + + +
~$ sudo mkdir /etc/service/arvados-controller
+~$ cd /etc/service/arvados-controller
+~$ sudo mkdir log log/main
+~$ printf '#!/bin/sh\nset -a\n. /etc/arvados/environment\nexec arvados-controller 2>&1\n' | sudo tee run
+~$ printf '#!/bin/sh\nexec svlogd main\n' | sudo tee log/run
+~$ sudo chmod +x run log/run
+~$ sudo sv exit .
+~$ cd -
+
+ + +Use @sv stat@ and check the log file to verify the service is running. + + +
~$ sudo sv stat /etc/service/arvados-controller
+run: /etc/service/arvados-controller: (pid 12520) 2s; run: log: (pid 12519) 2s
+~$ tail /etc/service/arvados-controller/log/main/current
+{"Listen":"[::]:9004","Service":"arvados-controller","level":"info","msg":"listening","time":"2018-07-31T13:17:44.521694195Z"}
+
+ + +h3(#confirm). Confirm the service is working + +Confirm the service is listening on its assigned port and responding to requests. + + +
~$ curl -X OPTIONS http://0.0.0.0:9004/login
+{"errors":["Forbidden"],"error_token":"1533044555+684b532c"}
+
+