X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/c24168b75a7bfb6813843bd0c1825baae7434cc9..0eb72b526bf8bbb011551ecf019f604e17a534f1:/doc/install/install-shell-server.html.textile.liquid
diff --git a/doc/install/install-shell-server.html.textile.liquid b/doc/install/install-shell-server.html.textile.liquid
index 506894ef15..135faeea97 100644
--- a/doc/install/install-shell-server.html.textile.liquid
+++ b/doc/install/install-shell-server.html.textile.liquid
@@ -3,6 +3,11 @@ layout: default
navsection: installguide
title: Install a shell server
...
+{% comment %}
+Copyright (C) The Arvados Authors. All rights reserved.
+
+SPDX-License-Identifier: CC-BY-SA-3.0
+{% endcomment %}
There is nothing inherently special about an Arvados shell server. It is just a GNU/Linux machine with Arvados utilites and SDKs installed. For optimal performance, the Arvados shell server should be on the same LAN as the Arvados cluster, but that is not required.
@@ -12,7 +17,21 @@ Please follow the "API token guide":../user/reference/api-tokens.html to get API
h2. Install the Ruby SDK and utilities
-If you're using RVM:
+First, install the curl development libraries necessary to build the Arvados Ruby SDK. On Debian-based systems:
+
+
+~$ sudo apt-get install libcurl4-openssl-dev
+
+
+
+On Red Hat-based systems:
+
+
+~$ sudo yum install libcurl-devel
+
+
+
+Next, install the arvados-cli Ruby gem. If you're using RVM:
~$ sudo /usr/local/rvm/bin/rvm-exec default gem install arvados-cli
@@ -22,28 +41,30 @@ If you're using RVM:
If you're not using RVM:
-~$ sudo gem install arvados-cli
+~$ sudo -i gem install arvados-cli
h2. Install the Python SDK and utilities
-On Debian-based systems:
+{% assign rh_version = "6" %}
+{% include 'note_python_sc' %}
+
+On Red Hat-based systems:
-~$ sudo apt-get install python-arvados-python-client python-arvados-fuse
+~$ echo 'exclude=python2-llfuse' | sudo tee -a /etc/yum.conf
+~$ sudo yum install python-arvados-python-client python-arvados-fuse crunchrunner
-On Red Hat-based systems:
+On Debian-based systems:
-~$ sudo yum install python27-python-arvados-python-client python27-python-arvados-fuse
+~$ sudo apt-get install python-arvados-python-client python-arvados-fuse crunchrunner
-{% include 'note_python27_sc' %}
-
h2. Install Git and curl
{% include 'install_git_curl' %}
@@ -58,3 +79,100 @@ Configure git to use the ARVADOS_API_TOKEN environment variable to authenticate
~$ sudo git config --system 'credential.https://git.uuid_prefix.your.domain/.helper' '!cred(){ cat >/dev/null; if [ "$1" = get ]; then echo password=$ARVADOS_API_TOKEN; fi; };cred'
+
+h2. Install arvados-login-sync
+
+This program makes it possible for Arvados users to log in to the shell server -- subject to permissions assigned by the Arvados administrator -- using the SSH keys they upload to Workbench. It sets up login accounts, updates group membership, and adds users' public keys to the appropriate @authorized_keys@ files.
+
+Create an Arvados virtual_machine object representing this shell server. This will assign a UUID.
+
+
+
+apiserver:~$ arv --format=uuid virtual_machine create --virtual-machine '{"hostname":"your.shell.server.hostname"}'
+zzzzz-2x53u-zzzzzzzzzzzzzzz
+
+
+
+Create a token that is allowed to read login information for this VM.
+
+
+
+apiserver:~$ arv api_client_authorization create --api-client-authorization '{"scopes":["GET /arvados/v1/virtual_machines/zzzzz-2x53u-zzzzzzzzzzzzzzz/logins"]}'
+{
+ ...
+ "api_token":"zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz",
+ ...
+}
+
+
+
+Note the UUID and the API token output by the above commands: you will need them in a minute.
+
+Install the arvados-login-sync program.
+
+If you're using RVM:
+
+
+
+shellserver:~$ sudo -i `which rvm-exec` default gem install arvados-login-sync
+
+
+
+If you're not using RVM:
+
+
+
+shellserver:~$ sudo -i gem install arvados-login-sync
+
+
+
+Install cron.
+
+On Red Hat-based distributions:
+
+
+~$ sudo yum install cronie
+~$ sudo systemctl enable crond
+~$ sudo systemctl start crond
+
+
+
+On Debian-based systems:
+
+
+~$ sudo apt-get install cron
+
+
+
+Configure cron to run the @arvados-login-sync@ program every 2 minutes.
+
+If you're using RVM:
+
+
+
+shellserver:~$ sudo bash -c 'umask 077; tee /etc/cron.d/arvados-login-sync' <<'EOF'
+ARVADOS_API_HOST="uuid_prefix.your.domain"
+ARVADOS_API_TOKEN="the_token_you_created_above"
+ARVADOS_VIRTUAL_MACHINE_UUID="zzzzz-2x53u-zzzzzzzzzzzzzzz"
+*/2 * * * * root /usr/local/rvm/bin/rvm-exec default arvados-login-sync
+EOF
+
+
+
+If you're not using RVM:
+
+
+
+shellserver:~$ sudo bash -c 'umask 077; tee /etc/cron.d/arvados-login-sync' <<'EOF'
+ARVADOS_API_HOST="uuid_prefix.your.domain"
+ARVADOS_API_TOKEN="the_token_you_created_above"
+ARVADOS_VIRTUAL_MACHINE_UUID="zzzzz-2x53u-zzzzzzzzzzzzzzz"
+*/2 * * * * root arvados-login-sync
+EOF
+
+
+
+A user should be able to log in to the shell server when the following conditions are satisfied:
+* The user has uploaded an SSH public key: Workbench → Account menu → "SSH keys" item → "Add new SSH key" button.
+* As an admin user, you have given the user permission to log in: Workbench → Admin menu → "Users" item → "Show" button → "Admin" tab → "Setup shell account" button.
+* Two minutes have elapsed since the above conditions were satisfied, and the cron job has had a chance to run.