Install the API server

Install prerequisites

The Arvados package repository includes an API server package that can help automate much of the deployment.

Install Ruby and Bundler

Ruby 2.3 is recommended; Ruby 2.1 is also known to work.

Option 1: Install with RVM

sudo gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
\curl -sSL https://get.rvm.io | sudo bash -s stable --ruby=2.3

Either log out and log back in to activate RVM, or explicitly load it in all open shells like this:

source /usr/local/rvm/scripts/rvm

Once RVM is activated in your shell, install Bundler:

~$ gem install bundler

Option 2: Install from source

Install prerequisites for Debian 8:

sudo apt-get install \
    bison build-essential gettext libcurl3 libcurl3-gnutls \
    libcurl4-openssl-dev libpcre3-dev libreadline-dev \
    libssl-dev libxslt1.1 zlib1g-dev

Install prerequisites for CentOS 7:

sudo yum install \
    libyaml-devel glibc-headers autoconf gcc-c++ glibc-devel \
    patch readline-devel zlib-devel libffi-devel openssl-devel \
    make automake libtool bison sqlite-devel tar

Install prerequisites for Ubuntu 12.04 or 14.04:

sudo apt-get install \
    gawk g++ gcc make libc6-dev libreadline6-dev zlib1g-dev libssl-dev \
    libyaml-dev libsqlite3-dev sqlite3 autoconf libgdbm-dev \
    libncurses5-dev automake libtool bison pkg-config libffi-dev curl

Build and install Ruby:

mkdir -p ~/src
cd ~/src
curl -f http://cache.ruby-lang.org/pub/ruby/2.3/ruby-2.3.3.tar.gz | tar xz
cd ruby-2.3.3
./configure --disable-install-rdoc
make
sudo make install

sudo -i gem install bundler

Install API server and dependencies

On a Debian-based system, install the following packages:

~$ sudo apt-get install bison build-essential libcurl4-openssl-dev git arvados-api-server

On a Red Hat-based system, install the following packages:

~$ sudo yum install bison make automake gcc gcc-c++ libcurl-devel git arvados-api-server

Set up the database

Configure the API server to connect to your database by updating /etc/arvados/api/database.yml. Replace the xxxxxxxx database password placeholder with the password you generated during database setup. Be sure to update the production section.

~$ editor /etc/arvados/api/database.yml

Configure the API server

Edit /etc/arvados/api/application.yml to configure the settings described in the following sections. The API server reads both application.yml and its own config/application.default.yml file. The settings in application.yml take precedence over the defaults that are defined in config/application.default.yml. The config/application.yml.example file is not read by the API server and is provided as a starting template only.

config/application.default.yml documents additional configuration settings not listed here. You can view the current source version for reference.

Only put local configuration in application.yml. Do not edit application.default.yml.

uuid_prefix

Define your uuid_prefix in application.yml by setting the uuid_prefix field in the section for your environment. This prefix is used for all database identifiers to identify the record as originating from this site. It must be exactly 5 lowercase ASCII letters and digits.

Example application.yml:

  uuid_prefix: zzzzz

secret_token

The secret_token is used for for signing cookies. IMPORTANT: This is a site secret. It should be at least 50 characters. Generate a random value and set it in application.yml:

~$ ruby -e 'puts rand(2**400).to_s(36)'
yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy

Example application.yml:

  secret_token: yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy

blob_signing_key

The blob_signing_key is used to enforce access control to Keep blocks. This same key must be provided to the Keepstore daemons when installing Keepstore servers. IMPORTANT: This is a site secret. It should be at least 50 characters. Generate a random value and set it in application.yml:

~$ ruby -e 'puts rand(2**400).to_s(36)'
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Example application.yml:

  blob_signing_key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

sso_app_secret, sso_app_id, sso_provider_url

The following settings enable the API server to communicate with the Single Sign On (SSO) server to authenticate user log in.

Set sso_provider_url to the base URL where your SSO server is installed. This should be a URL consisting of the scheme and host (and optionally, port), without a trailing slash.

Set sso_app_secret and sso_app_id to the corresponding values for app_secret and app_id used in the Create arvados-server client for Single Sign On step.

Example application.yml:

  sso_app_id: arvados-server
  sso_app_secret: wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
  sso_provider_url: https://sso.example.com

workbench_address

Set workbench_address to the URL of your workbench application after following Install Workbench.

Example application.yml:

  workbench_address: https://workbench.zzzzz.example.com

websocket_address

Set websocket_address to the wss:// URL of the API server websocket endpoint after following Set up Web servers. The path of the default endpoint is /websocket.

Example application.yml:

  websocket_address: wss://ws.zzzzz.example.com/websocket

git_repositories_dir

The git_repositories_dir setting specifies the directory where user git repositories will be stored.

The git server setup process is covered on its own page. For now, create an empty directory in the default location:

~$ sudo mkdir -p /var/lib/arvados/git/repositories

If you intend to store your git repositories in a different location, specify that location in application.yml.

Default setting in application.default.yml:

  git_repositories_dir: /var/lib/arvados/git/repositories

git_internal_dir

The git_internal_dir setting specifies the location of Arvados’ internal git repository. By default this is /var/lib/arvados/internal.git. This repository stores git commits that have been used to run Crunch jobs. It should not be a subdirectory of git_repositories_dir.

Example application.yml:

  git_internal_dir: /var/lib/arvados/internal.git

enable_legacy_jobs_api

Enable the legacy Jobs API . Note: new installations should use the Containers API

Disabling the jobs API means methods involving jobs, job_tasks, pipeline_templates and pipeline_instances are disabled. This functionality is superceded by the containers API which consists of container_requests, containers and workflows. Arvados clients (such as arvados-cwl-runner) detect which APIs are available and adjust behavior accordingly.

• auto — (default) enable the Jobs API only if it has been used before (i.e., there are job records in the database), otherwise disable jobs API .
• true — enable the Jobs API even if there are no existing job records.
• false — disable the Jobs API even in the presence of existing job records.

  enable_legacy_jobs_api: auto

Set up Nginx and Passenger

The Nginx server will serve API requests using Passenger. It will also be used to proxy SSL requests to other services which are covered later in this guide.

First, Install Nginx and Phusion Passenger.

Edit the http section of your Nginx configuration to run the Passenger server. Add a block like the following, adding SSL and logging parameters to taste:

server {
  listen 127.0.0.1:8000;
  server_name localhost-api;

  root /var/www/arvados-api/current/public;
  index  index.html index.htm index.php;

  passenger_enabled on;
  # If you're using RVM, uncomment the line below.
  #passenger_ruby /usr/local/rvm/wrappers/default/ruby;

  # This value effectively limits the size of API objects users can
  # create, especially collections.  If you change this, you should
  # also ensure the following settings match it:
  # * `client_max_body_size` in the server section below
  # * `client_max_body_size` in the Workbench Nginx configuration (twice)
  # * `max_request_size` in the API server's application.yml file
  client_max_body_size 128m;
}

upstream api {
  server     127.0.0.1:8000  fail_timeout=10s;
}

proxy_http_version 1.1;

# When Keep clients request a list of Keep services from the API server, the
# server will automatically return the list of available proxies if
# the request headers include X-External-Client: 1.  Following the example
# here, at the end of this section, add a line for each netmask that has
# direct access to Keep storage daemons to set this header value to 0.
geo $external_client {
  default        1;
  10.20.30.0/24  0;
}

Restart Nginx to apply the new configuration.

~$ sudo nginx -s reload

Prepare the API server deployment

Now that all your configuration is in place, rerun the arvados-api-server package configuration to install necessary Ruby Gems and other server dependencies. On Debian-based systems:

~$ sudo dpkg-reconfigure arvados-api-server

On Red Hat-based systems:

~$ sudo yum reinstall arvados-api-server

You only need to do this manual step once, after initial configuration. When you make configuration changes in the future, you just need to restart Nginx for them to take effect.

Don't run Bundler as root. Bundler can ask for sudo if it is needed, and installing your bundle as root will
break this application for all non-root users on this machine.

fatal: Not a git repository (or any of the parent directories): .git