Setting up an arvbox dev federation

For development of federation features, you can run multiple arvbox instances and configure them for federation.

Make sure you have the latest 'arvbox' script and arvbox-dev image.

curl -O https://raw.githubusercontent.com/curoverse/arvados/master/tools/arvbox/bin/arvbox
chmod +x arvbox
docker pull arvados/arvbox-dev

Create two arvbox instances

$ export ARVBOX_CONTAINER=cluster1
$ arvbox start dev
$ export ARVBOX_CONTAINER=cluster2
$ arvbox start dev

Make note of the cluster ids and IP addresses. In this example cluster1 is 1b7fr and cluster2 is 2gvh8.

Note that Docker assigns IP addresses sequentially. To ensure you get the same IP addresses each time you'll need to start cluster1 first, followed by cluster2, and you don't want any other containers running. Your cluster ids will be different than this example.

Set configuration overrides

Create ~/.arvbox/cluster1/var/cluster_config.yml.override

Clusters:
  1b7fr:  # cluster1 id
    RemoteClusters:
      1b7fr:
        Host: 172.17.0.2:8000
        Proxy: true
      2gvh8:
        Host: 172.17.0.3:8000
        Proxy: true

Create ~/.arvbox/cluster2/var/cluster_config.yml.override

Clusters:
  2gvh8:  # cluster2 id
    RemoteClusters:
      1b7fr:
        Host: 172.17.0.2:8000
        Proxy: true
      2gvh8:
        Host: 172.17.0.3:8000
        Proxy: true

Copy root certificates

docker cp ~/.arvbox/cluster2/var/root-cert.pem cluster1:/usr/local/share/ca-certificates/cluster2-root-cert.crt
docker cp ~/.arvbox/cluster1/var/root-cert.pem cluster2:/usr/local/share/ca-certificates/cluster1-root-cert.crt
docker exec cluster1 update-ca-certificates
docker exec cluster2 update-ca-certificates

You probably also want to install the root certificates on the host: https://doc.arvados.org/install/arvbox.html

Restart services

$ export ARVBOX_CONTAINER=cluster1
$ arvbox sv restart api
$ arvbox sv restart controller
$ arvbox sv restart keepstore0
$ arvbox sv restart keepstore1
$ export ARVBOX_CONTAINER=cluster2
$ arvbox sv restart api
$ arvbox sv restart controller
$ arvbox sv restart keepstore0
$ arvbox sv restart keepstore1

Testing

  1. Visit workbench2 at 172.17.0.2:3001 and create a user account.
  2. Copy the token
  3. Visit workbench2 at 172.17.0.3:3001 and specify "log in with user from cluster1"
  4. You should be logged into workbench on the cluster2 with the user from cluster1

At the command line:

$ export ARVADOS_API_HOST=172.17.0.3:8000
$ export ARVADOS_API_TOKEN=token_copied_in_previous_step
$ arv user current

This shows cluster2 accepting a token for cluster1. Look for the "writable_by" field in the response including uuids with both cluster1 and cluster2.