Install Workbench

Install prerequisites

The Arvados package repository includes a Workbench server package that can help automate much of the deployment.

Install Ruby and Bundler

Ruby 2.3 is recommended; Ruby 2.1 is also known to work.

Option 1: Install with RVM

sudo gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
\curl -sSL https://get.rvm.io | sudo bash -s stable --ruby=2.3

Either log out and log back in to activate RVM, or explicitly load it in all open shells like this:

source /usr/local/rvm/scripts/rvm

Once RVM is activated in your shell, install Bundler:

~$ gem install bundler

Option 2: Install from source

Install prerequisites for Debian 8:

sudo apt-get install \
    bison build-essential gettext libcurl3 libcurl3-gnutls \
    libcurl4-openssl-dev libpcre3-dev libreadline-dev \
    libssl-dev libxslt1.1 zlib1g-dev

Install prerequisites for CentOS 7:

sudo yum install \
    libyaml-devel glibc-headers autoconf gcc-c++ glibc-devel \
    patch readline-devel zlib-devel libffi-devel openssl-devel \
    make automake libtool bison sqlite-devel tar

Install prerequisites for Ubuntu 12.04 or 14.04:

sudo apt-get install \
    gawk g++ gcc make libc6-dev libreadline6-dev zlib1g-dev libssl-dev \
    libyaml-dev libsqlite3-dev sqlite3 autoconf libgdbm-dev \
    libncurses5-dev automake libtool bison pkg-config libffi-dev curl

Build and install Ruby:

mkdir -p ~/src
cd ~/src
curl -f http://cache.ruby-lang.org/pub/ruby/2.3/ruby-2.3.3.tar.gz | tar xz
cd ruby-2.3.3
./configure --disable-install-rdoc
make
sudo make install

sudo -i gem install bundler

Install Workbench and dependencies

Workbench doesn’t need its own database, so it does not need to have PostgreSQL installed.

~$ sudo yum install centos-release-scl scl-utils

~$ sudo yum-config-manager --enable rhel-server-rhscl-7-rpms

On a Debian-based system, install the following packages:

~$ sudo apt-get install bison build-essential graphviz git python-arvados-python-client arvados-workbench

On a Red Hat-based system, install the following packages:

~$ sudo yum install bison make automake gcc gcc-c++ graphviz git python-arvados-python-client arvados-workbench

Configure Workbench

Edit /etc/arvados/workbench/application.yml following the instructions below. Workbench reads both application.yml and its own config/application.defaults.yml file. Values in application.yml take precedence over the defaults that are defined in config/application.defaults.yml. The config/application.yml.example file is not read by Workbench and is provided for installation convenience only.

Consult config/application.default.yml for a full list of configuration options. Always put your local configuration in /etc/arvados/workbench/application.yml—never edit config/application.default.yml.

secret_token

This application needs a secret token. Generate a new secret:

~$ ruby -e 'puts rand(2**400).to_s(36)'
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

Then put that value in the secret_token field.

arvados_login_base and arvados_v1_base

Point arvados_login_base and arvados_v1_base at your API server. For example like this:

arvados_login_base: https://prefix_uuid.your.domain/login
arvados_v1_base: https://prefix_uuid.your.domain/arvados/v1

site_name

site_name can be set to any arbitrary string. It is used to identify this Workbench to people visiting it.

arvados_insecure_https

If the SSL certificate you use for your API server isn’t an official certificate signed by a CA, make sure arvados_insecure_https is true.

Other options

Consult application.default.yml for a full list of configuration options. Always put your local configuration in application.yml instead of editing application.default.yml.

Configure Piwik

In /var/www/arvados-workbench/current/config, copy piwik.yml.example to piwik.yml and edit to suit.

Set up Web server

For best performance, we recommend you use Nginx as your Web server front-end, with a Passenger backend to serve Workbench. To do that:

1. Install Nginx and Phusion Passenger.

2. Edit the http section of your Nginx configuration to run the Passenger server, and act as a front-end for it. You might add a block like the following, adding SSL and logging parameters to taste:

   server {
     listen 127.0.0.1:9000;
     server_name localhost-workbench;
   
     root /var/www/arvados-workbench/current/public;
     index  index.html index.htm index.php;
   
     passenger_enabled on;
     # If you're using RVM, uncomment the line below.
     #passenger_ruby /usr/local/rvm/wrappers/default/ruby;
   
     # `client_max_body_size` should match the corresponding setting in
     # the API server's Nginx configuration.
     client_max_body_size 128m;
   }
   
   upstream workbench {
     server     127.0.0.1:9000  fail_timeout=10s;
   }
   
   proxy_http_version 1.1;
   
   server {
     listen       [your public IP address]:443 ssl;
     server_name  workbench.uuid-prefix.your.domain;
   
     ssl on;
     ssl_certificate     /YOUR/PATH/TO/cert.pem;
     ssl_certificate_key /YOUR/PATH/TO/cert.key;
   
     index  index.html index.htm index.php;
     # `client_max_body_size` should match the corresponding setting in
     # the API server's Nginx configuration.
     client_max_body_size 128m;
   
     location / {
       proxy_pass            http://workbench;
       proxy_redirect        off;
       proxy_connect_timeout 90s;
       proxy_read_timeout    300s;
   
       proxy_set_header      X-Forwarded-Proto https;
       proxy_set_header      Host $http_host;
       proxy_set_header      X-Real-IP $remote_addr;
       proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
     }
   }
   

3. Restart Nginx.

Prepare the Workbench deployment

Now that all your configuration is in place, rerun the arvados-workbench package configuration to install necessary Ruby Gems and other server dependencies. On Debian-based systems:

~$ sudo dpkg-reconfigure arvados-workbench

On Red Hat-based systems:

~$ sudo yum reinstall arvados-workbench

You only need to do this manual step once, after initial configuration. When you make configuration changes in the future, you just need to restart Nginx for them to take effect.

themes_for_rails at /usr/local/rvm/gems/ruby-2.1.1/bundler/gems/themes_for_rails-1fd2d7897d75 did not have a valid gemspec.
This prevents bundler from installing bins or native extensions, but that may not affect its functionality.
The validation message from Rubygems was:
  duplicate dependency on rails (= 3.0.11, development), (>= 3.0.0) use:
    add_runtime_dependency 'rails', '= 3.0.11', '>= 3.0.0'
Using themes_for_rails (0.5.1) from https://github.com/holtkampw/themes_for_rails (at 1fd2d78)

Trusted client setting

Log in to Workbench once to ensure that the Arvados API server has a record of the Workbench client. (It’s OK if Workbench says your account hasn’t been activated yet. We’ll deal with that next.)

In the API server project root, start the Rails console.

Using RVM:

apiserver:~$ cd /var/www/arvados-api/current
apiserver:/var/www/arvados-api/current$ sudo -u webserver-user RAILS_ENV=production `which rvm-exec` default bundle exec rails console

Not using RVM:

apiserver:~$ cd /var/www/arvados-api/current
apiserver:/var/www/arvados-api/current$ sudo -u webserver-user RAILS_ENV=production bundle exec rails console

At the console, enter the following commands to locate the ApiClient record for your Workbench installation (typically, while you’re setting this up, the last one in the database is the one you want), then set the is_trusted flag for the appropriate client record:

irb(main):001:0> wb = ApiClient.all.last; [wb.url_prefix, wb.created_at]
=> ["https://workbench.example.com/", Sat, 19 Apr 2014 03:35:12 UTC +00:00]
irb(main):002:0> include CurrentApiClient
=> true
irb(main):003:0> act_as_system_user do wb.update_attributes!(is_trusted: true) end
=> true

Add an admin user

Next, we’re going to use the Rails console on the API server to activate your account and give yourself admin privileges.

Using RVM:

apiserver:~$ cd /var/www/arvados-api/current
apiserver:/var/www/arvados-api/current$ sudo -u webserver-user RAILS_ENV=production `which rvm-exec` default bundle exec rails console

Not using RVM:

apiserver:~$ cd /var/www/arvados-api/current
apiserver:/var/www/arvados-api/current$ sudo -u webserver-user RAILS_ENV=production bundle exec rails console

Enter the following commands at the console:

irb(main):001:0> Thread.current[:user] = User.all.select(&:identity_url).last
irb(main):002:0> Thread.current[:user].update_attributes is_admin: true, is_active: true
irb(main):003:0> User.where(is_admin: true).collect &:email
=> ["root", "your_address@example.com"]

At this point, you should have a working Workbench login with administrator privileges. Revisit your Workbench URL in a browser and reload the page to access it.