Anaconda Documentation

Release 2.0

Anaconda Inc.

Jul 22, 2019

 Contents

1 Anaconda Enterprise 1

2 Anaconda Distribution 3

3 Anaconda Cloud 5
3.1 Anaconda Enterprise 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
3.2 Anaconda Distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 935
3.3 Anaconda Cloud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1406
3.4 Archive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1447

Index 1691

i
ii
 CHAPTER 1

Anaconda Enterprise

Anaconda Enterprise is an enterprise-ready, secure and scalable data science platform that empowers teams to govern
data science assets, collaborate and deploy data science projects.
Enterprise 5 includes these capabilities:
• Easily deploy your projects into interactive data applications, live notebooks and machine learning models with
APIs.
• Share those applications with colleagues and collaborators.
• Manage your data science assets: notebooks, packages, environments and projects in an integrated data science
experience.
View Anaconda Enterprise 5 documentation.

1
Anaconda Documentation, Release 2.0

2 Chapter 1. Anaconda Enterprise

 CHAPTER 2

Anaconda Distribution

Anaconda Distribution is a free, easy-to-install package manager, environment manager and Python distribution with
a collection of 1,000+ open source packages with free community support. Anaconda is platform-agnostic, so you can
use it whether you are on Windows, macOS or Linux.
View Anaconda Distribution 5 documentation.

3
Anaconda Documentation, Release 2.0

4 Chapter 2. Anaconda Distribution

 CHAPTER 3

Anaconda Cloud

Anaconda Cloud is a package management service that makes it easy to find, access, store and share public notebooks,
and environments, as well as conda and PyPI packages.
View Anaconda Cloud documentation.

3.1 Anaconda Enterprise 4

Anaconda Enterprise 4 includes Anaconda Distribution, Anaconda Enterprise 4 Repository and Anaconda Enterprise
4 Notebooks. This is our previous-generation product, and documentation is provided for our current customers.
Anaconda Enterprise 4 Repository is an enterprise server on your network or your private cloud where open source
and proprietary packages may be stored, retrieved and shared.
Anaconda Enterprise 4 Notebooks is a browser-based Python data analysis environment and visualization tool in a
secure, governed environment.
Please refer to Anaconda Enterprise 5 documentation for our current-generation product.

3.1.1 Anaconda Enterprise 4 Repository

Open Data Science Hub

Anaconda Repository is an enterprise server on your network or your private cloud where open source and proprietary
packages may be stored, retrieved and shared. It is used to govern access to data science assets including packages,
environments and notebooks.
Anaconda Repository has a self-contained internal mirror of packages and can install securely behind an enterprise
firewall or in an air gapped environment. It supports many repositories including PyPI, conda and the Anaconda
Repository.
Many enterprises have customized local instances of Repository. Anaconda also makes an instance of Repository
available for public use at Anaconda Cloud.

5
Anaconda Documentation, Release 2.0

User guide

Getting started

• Finding, downloading and installing packages

• Building and uploading new packages
• Sharing notebooks
• Viewing notebooks
• Sharing environments

Finding, downloading and installing packages

You do not need to have an Anaconda Repository account or be logged in to search for, download, or install packages,
notebooks, environments or installers.
You do need an account to access private packages without an access token and to upload and share your own packages,
notebooks, environments and installers with others.

Searching for packages

1. In the top Search box, type part or all of the name of a file you are searching for, and then press Enter.
2. Packages that match your search string are displayed. To see more information, click the package name.

Refining your search results

You can filter search results using 3 filter controls:

• Type: All, conda only or PyPI only.

6 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

• Access: All, Public and/or Private—available only if you are logged in.
• Platform: All, Source, Linux-32, Linux-64, Noarch, OSX-64, Win-32 and Win-64.
NOTE: Source packages are source code only, not yet built for any specific platform. Noarch packages are built to
work on all platforms.

Downloading and installing packages from Anaconda Repository

You can download and install packages using Anaconda Navigator, the graphical user interface for Anaconda®.
Advanced users may prefer a Terminal window or an Anaconda Prompt.

Using Navigator

Navigator is automatically installed when you install Anaconda.

To download and install a package into its own environment:
1. Start Navigator by clicking its program icon on your desktop or in your programs menu.
2. Set up Navigator to search your local Repository:
1. From the top menu bar, select Preferences.
2. In the Anaconda API domain box, type the address of your local Repository:

NOTE: If your organization does not use HTTPS, use http in the domain box and clear the Enable SSL
verification checkbox.
NOTE: If your organization uses subdomains, enter the address as https://api.
<your-anaconda-repo>:8080. Replace <your-anaconda-repo> with the name of your local
Repository. If that does not work, contact your system administrator.
3. Click the Apply button.
3. Sign Navigator into your local Anaconda Cloud—Repository— so you can search for packages marked as
private:
1. Click the top right Sign in to Anaconda Cloud button.
2. Type your Repository username and password:

3. Click the Login button.

4. On the Environments tab, in the far-right Search packages box, type the name of the desired package.
5. In the list to the left of Channels, select either Not installed or All, then click the Search button.
6. Select the checkbox of the package you want to install, then click the Apply button.
For more information, see the full Navigator documentation Anaconda Navigator.

3.1. Anaconda Enterprise 4 7

Anaconda Documentation, Release 2.0

8 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

3.1. Anaconda Enterprise 4 9

Anaconda Documentation, Release 2.0

Using conda in a Terminal window or an Anaconda Prompt

Conda is automatically installed when you install Anaconda.

To download and install a package into its own environment:
1. Locate a package on Anaconda Repository that you want to download, then click the package name.
A detail page displays specific installation instructions for the current operating system.
2. Enter the command into your Terminal window or Anaconda Prompt.
EXAMPLE: To download and install a package with conda:
conda install -c USERNAME PACKAGE

TIP: Conda expands USERNAME to a URL such as https://<your-anaconda-repo>/USERNAME,

based on the settings in the .condarc file.

Building and uploading new packages

Building and uploading new packages is optional, and best suited for advanced users who are comfortable using a
Terminal application. It requires the anaconda-client, which is easy to get if you have installed Anaconda.
Use Terminal window or Anaconda Prompt to run the following command line commands.
1. To build and upload packages, first install the Anaconda Client CLI:
conda install anaconda-client

2. Log into your Repository account:

anaconda login

At the prompt, enter your Repository username and password.

3. Choose the package you would like to build. For this example, you can download our public test package:
git clone https://github.com/anaconda-platform/anaconda-client
cd anaconda-client/example-packages/conda/

4. To build your test package, first install conda-build and turn off automatic Client uploading, then run the conda
build command:
conda install conda-build
conda config --set anaconda_upload no
conda build .

5. Find the path where the newly-built package was placed, so that you can use it in the next step:
conda build . --output

6. Upload your test package to your Repository account:

anaconda login
anaconda upload /your/path/conda-package.tar.bz2

NOTE: Replace /your/path/ with the path you found in the previous step.
For more information, see Working with conda packages.

10 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Sharing notebooks

To upload a notebook to Anaconda Repository with anaconda-client, open Anaconda Prompt or Terminal and then
enter:

anaconda upload my-notebook.ipynb

NOTE: Replace my-notebook with the name of your notebook.

Viewing notebooks

You can view an HTML version of your notebook in Anaconda Repository. Log into your account, then from the
drop-down menu of the view button, select Notebooks. Click the name of the notebook you want to view.
You can also view an HTML version of your notebook directly from:

http://<your-anaconda-repo>/USERNAME/my-notebook

NOTE: Replace <your-anaconda-repo> with your Repository name, USERNAME with your username and
my-notebook with the name of your notebook.
Anyone who has anaconda-client and access to Repository can download your notebook. To download the notebook,
open Anaconda Prompt or Terminal and enter:

anaconda download USERNAME/my-notebook

Sharing environments

A saved conda environment can be uploaded to Anaconda Repository with the web interface or the anaconda
upload command.
To save the environment, run this command in an Anaconda Prompt or Terminal window:

conda env export -n my-environment -f my-environment.yml

To upload it with the web interface go to:

https://<your-anaconda-repo>/<USERNAME>/environments

Then use the Upload button in the top right corner.

To upload it with the anaconda upload command:

anaconda upload my-environment.yml

NOTE: Replace my-environment with the name of your environment.

You can view a list of your uploaded environments at:

http://envs.<your-anaconda-repo>/USERNAME

NOTE: Replace <your-anaconda-repo> with the name of your local Repository and USERNAME with your
username.
Anyone who has access can download and install your environment. Open Anaconda Prompt or Terminal and then
enter:

3.1. Anaconda Enterprise 4 11

Anaconda Documentation, Release 2.0

conda env create user/my-environment

source activate my-environment

NOTE: Replace user with your username and my-environment with the name of your environment.

How to. . .

• Use packages
• Use the Anaconda Client CLI
• Build packages

Use packages

Find a package

From Anaconda Repository, you can search for packages by package name. From the top navigation bar of any page,
in the search box enter the package name. You can filter your searches using type of the packages, access or labels and
you can sort results by number of favorites or number of downloads by clicking the search results column heading.

Download and install a conda package from Repository

To install a conda package, in a Terminal window or an Anaconda Prompt run:

conda install -c USERNAME PACKAGE

NOTE: Conda expands USERNAME to a URL such as https://<your-anaconda-repo>/username based

on the settings in the .condarc file.
NOTE: Replace USERNAME with your username and PACKAGE with the name of the desired package.

Download and install a PyPI package from Repository

To install a PyPI package, in a Terminal window or an Anaconda Prompt run:

pip install --index-url pypi.anaconda.org/USERNAME/PACKAGE

NOTE: Replace USERNAME with your username and PACKAGE with the name of the desired package.

Use the Anaconda Client CLI

Install Client

See Installing the Anaconda Client CLI.

12 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Find my Client login credentials

Your credentials for Client are those that you used to create an account on Repository.
To get help:
1. In a browser, navigate to your Repository.
2. Select the Sign In tab.
3. Click either the I forgot my password link or the I forgot my username link.

Log into Client

After you have downloaded and configured Client, in a Terminal window or an Anaconda Prompt, run:

anaconda login

Display a list of Client commands

In a Terminal window or Anaconda Prompt, run:

anaconda --help

Find out more about a Client command

In a Terminal window or Anaconda Prompt, run:

anaconda COMMANDNAME -h

NOTE: Replace COMMANDNAME with the name of the command about which you want more information.

List all available Client configuration files

In a Terminal window or Anaconda Prompt, run:

anaconda config --files

List all of your Client configuration variables

In a Terminal window or Anaconda Prompt, run:

anaconda config --show

Find out more about Client

If you have a question that you cannot answer using the help command or documentation, contact your system admin-
istrator who has access to Anaconda Enterprise Support.

3.1. Anaconda Enterprise 4 13

Anaconda Documentation, Release 2.0

Build packages

Build and upload a package

For a quick example, see Building and uploading new packages.

Test a built package

In a Terminal window or Anaconda Prompt, specify the --use-local option:

conda create --use-local -n test PACKAGE

NOTE: Replace PACKAGE with the name of your package.

Upload a package to Repository

In a Terminal window or Anaconda Prompt, run:

anaconda upload PACKAGE

NOTE: Replace PACKAGE with the name of your package.

Find help for uploading packages

You can obtain a complete list of upload options, including:

• Package channel.
• Label.
• Availability to other users.
• Metadata.
In a Terminal window or Anaconda Prompt, run:

anaconda upload -h

Tutorials

• Using labels in the development cycle

• Working with other file types

Using labels in the development cycle

Anaconda Repository labels can be used to facilitate a development cycle and organize the code that is in development,
in testing and in production, without affecting non-development users.

14 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

In this tutorial, we show how to use a “test” label, so that you can upload files without affecting your production-quality
packages. Without a --label argument the default label is “main.”
1. You need to begin with a conda package. If you do not have one, use our example conda package. Before you
build the package, edit the version in the meta.yaml file in anaconda-client/example-packages/
conda/ to be 2.0:

git clone https://github.com/anaconda-platform/anaconda-client

cd anaconda-client/example-packages/conda/
nano meta.yaml # Bump version to 2.0
conda config --set anaconda_upload no
conda build .

2. Upload your test package to Repository using the Client upload command. Adding the --label option tells
Repository to make the upload visible only to users who specify that label:

anaconda upload /path/to/conda-package-2.0.tar.bz2 --label test

NOTE: Replace /path/to/ with the path to where you stored the package.
3. You now can see that even when you search conda “main,” you do not see the 2.0 version of the test package.
This is because you need to tell conda to look for your new “test” label.
4. The --override argument tells conda not to use any channels in your ~/.condarc file.
The following command produces no 2.0 results:

conda search --override -c USERNAME conda-package

NOTE: Replace USERNAME with your username.

Your 2.0 package is here:

conda search --override -c USERNAME/label/test conda-package

NOTE: Replace USERNAME with your username.

5. You can give the label USERNAME/label/test to your testers.
NOTE: Replace USERNAME with your username.
6. Once they finish testing, you may then want to copy the test packages back to your “main” label:

anaconda label --copy test main

Your version 2.0 is now in main:

conda search --override -c USERNAME conda-package

NOTE: Replace USERNAME with your username.

You can also manage your package labels from your dashboard: https://<your-anaconda-repo>/
USERNAME/conda-package.
NOTE: Replace <your-anaconda-repo> with the name of your local Repository, and USERNAME with your
username.
If you use anaconda-client 1.7 or higher, you can use anaconda move to move packages from one label to
another:

anaconda move --from-label OLD --to-label NEW SPEC

3.1. Anaconda Enterprise 4 15

Anaconda Documentation, Release 2.0

Replace OLD with the old label, NEW with the new label, and SPEC with the package to move. SPEC can be either
“user/package/version/file”, or “user/package/version” in which case it moves all files in that version.

Working with other file types

In addition to uploading or downloading packages, you can also upload or download other file types to/from Anaconda
Repository.

Uploading other file types

You can upload any type of file with Anaconda Client command line interface (CLI) by using the steps below.
PyPI package files, conda package files and notebook files are automatically detected. There is no auto-detect for other
types of files, so you must explicitly specify the package, package-type and version fields.
In the following example, we upload a spreadsheet named baby-names in comma separated value (CSV) format.
1. Create a new package, which creates a namespace that can hold multiple files:

anaconda login
anaconda package --create jsmith/baby-names

2. Upload the file to the new namespace:

anaconda upload --user jsmith --package baby-names --package-type file --version

˓→1 baby-names1.csv

NOTE: In this example:

• The user or organization name is “jsmith.”
• The package name is “baby-names.”
• The package type is “file.”
• The version is “1.”
• The full filename is baby-names1.csv.

Downloading other file types

Files, such as the one created above, are available at:

https://<your-anaconda-repo>/USERNAME/PACKAGE

Anyone can download these files using Client:

anaconda download USERNAME/PACKAGE

NOTE: Replace <your-anaconda-repo> with the name of your local Repository, USERNAME with the desired
username and PACKAGE with the desired package name.
If the repository has multiple files with the same name and different extensions, anaconda download will down-
load all of them by default. If you use anaconda-client 1.7 or higher, you can use anaconda download with
the option --package-type or -t to specify only one of these files. This option can work with the values pypi,
conda, ipynb, and env.

16 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Tasks

This guide covers all the everyday tasks for a user of Anaconda Repository.

Creating an account

The information below applies to personal Anaconda Repository accounts. For information on organization accounts,
see Working with organizations.
You do not need an Anaconda Repository account to find, download and use packages.
However, you do need a Repository account to:
• Author packages.
• Upload packages, notebooks and environments.
• Access private packages that are shared with you.
• Create organizations.
If your administrator sent you an email with a login address, username and password, use them.
Otherwise, to sign up for an Anaconda Repository account:
1. In a browser, go to the address your administrator gave you.

1. Make sure the Sign Up tab is active.

NOTE: There is also a Sign In tab for existing users.
2. Select a username.
3. Enter your email address.
4. Create a password that is at least 7 characters long.
5. Enter the password again to confirm it.
6. Read and accept the Terms and Conditions.
7. Click the Sign up button.
The system creates your user account, logs you in and displays your personal dashboard.

3.1. Anaconda Enterprise 4 17

Anaconda Documentation, Release 2.0

Using your Repository dashboard

When you log in to Repository, your personal dashboard is displayed.

In the top navigation bar, the currently active user or organization is shown at the far right.
TIP: If the email address on your account is associated with a Gravatar account, Repository displays your profile photo.
To associate your email address with Gravatar or to change your Gravatar profile photo, see gravatar.com.
Packages, notebooks, environments, projects and installers that you have created with this account appear on your
Landscape.
Click the view button to see the following options:
• Landscape: Your home page.
• Favorites: Other users’ packages that you have starred.
• Packages: Only packages you have created.
• Notebooks: Only notebooks you have created.

18 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

• Environments: Only environments you have created.

• Installers: If you have created and uploaded installers using Cloudera, they are displayed here.
• Projects: If you have created and uploaded projects, they are displayed here.

3.1. Anaconda Enterprise 4 19

Anaconda Documentation, Release 2.0

Installing the Anaconda Client CLI

You can use the Anaconda Client command line interface (CLI) in an Anaconda Prompt or Terminal window to:
• Connect to and manage your Anaconda Repository account.
• Upload packages you have created.
• Generate access tokens to allow access to private packages.
NOTE: Anaconda Client is not necessary to search for and download packages.
Anaconda Client requires conda to be installed. If you have Anaconda, conda is already installed.
To install with conda, open Anaconda Prompt or Terminal window and enter:

conda install anaconda-client

After installing, view the complete list of Client tasks with this command from Anaconda Prompt or Terminal window:

anaconda -h

Working with organizations

• Creating an organization
• Uploading packages to an organization
• Transferring packages to an organization
• Customizing users and groups
• Creating groups for differing access levels
• Deleting an organization

Creating an organization

1. Log in to your Anaconda Repository.

2. From the far-right drop-down menu next to your username, select New Organization.
3. Scroll to the “Create Organization” box and enter a name for your organization.
NOTE: Organization names can include dashes, but not spaces or special characters.
4. Supply an email address for the organization, then click the Create Organization button.
The system displays the dashboard for the new organization.
As the creator and owner of an organization, you have automatic administrative access to this organization and any
packages associated with the organization.
From the far-right drop-down menu, Profile option shows a list of all organizations to which you belong.

20 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Uploading packages to an organization

Only the co-owners of an organization may upload packages to the organization.

To upload a package to an organization, in a Terminal or Anaconda Prompt use the -u/--user option:

anaconda upload --user ORGANIZATION package.tar.bz2

NOTE: Replace ORGANIZATION with the name of the organization, and package.tar.bz2 with the name of the
package.

Transferring packages to an organization

See Transferring a package to a new owner.

Customizing users and groups

Only the co-owners of an organization may customize users and groups of the organization.
To add, remove, or edit group and user access for an organization you administer:
From the top right drop-down menu, select Groups, then click the name of the group you want to edit.
In the Members box, type the username of the user you want to add as a member, thenc lick the Add button.
To remove a member, in the list on the Members page, click the delete icon (trash can).
Users receive a dashboard notification when you add them to an organization.

Creating groups for differing access levels

Within an organization, you can create a group to customize access for a group of users:
1. From the top right drop-down menu, select Groups, then click the + New Group button.
2. Give the group a name and click the Create group button.
3. In the Members box, add the desired members by username.
4. Add installers, packages, notebooks, projects or environments that this group can access.
5. Click the Save Group button.

Deleting an organization

To delete an organization you administer and erase all data associated with it:
1. At the top right of the Repository interface, in the Profile list, select Switch To.
2. Select the organization you want to delete.
3. In the Profile list, select Settings.
4. Select the Account option. You may be asked to verify your password.
5. In the Delete Account section, click the Delete button.
A confirmation page requests that you provide the full name of the organization.

3.1. Anaconda Enterprise 4 21

Anaconda Documentation, Release 2.0

Working with packages

All files uploaded to Anaconda Repository are stored in packages. Each Repository package is visible at its own
unique URL based on the name of the user who owns the package and the name of the package. You can create a
Repository package and then upload files into it.
Each user and organization has their own location called a namespace where they may host packages.
A label is part of the URLs for Repository where conda looks for packages. Each file within a package may be tagged
with one or more labels, or not tagged at all to accept the default label of main. Labels are searched only if you
specify a label.

Using package managers

• Working with conda packages

• Working with PyPI packages

Repository supports two package managers, conda and PyPI. To work with conda or PyPI packages, you must use
their corresponding subdomains.
EXAMPLE: To install conda packages from the user “travis,” use the Repository URL:

https://conda.<your-anaconda-repo>/travis

EXAMPLE: To install PyPI packages from the user “travis,” use the Repository URL:

https://pypi.<your-anaconda-repo>/travis

Working with conda packages

Building a conda package

To build a package using conda build:

1. Install Anaconda Client and conda build:

conda install anaconda-client conda-build

2. Choose the repository for which you would like to build the package. In this example, we use a simple, public
conda test package:

git clone https://github.com/anaconda-platform/anaconda-client

cd anaconda-client/example-packages/conda/

In this directory, there are two required files, build.sh, and meta.yaml.
NOTE: Linux and macOS systems are Unix systems. Packages built for Unix systems require a build.sh file,
packages built for Windows require a bld.bat file, and packages built for both Unix and Windows systems
require both a build.sh file and a bld.bat file. All packages require a meta.yaml file.
3. To build the package, turn off automatic Client uploading and then run the conda build command:

22 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

conda config --set anaconda_upload no

conda build .

All packages built in this way are placed in a subdirectory of Anaconda’s conda-bld directory.
4. You can check where the resulting file was placed with the --output option:

conda build . --output

For more information on conda’s overall build framework, you may also want to read the articles Building conda
packages and Tutorials on conda build.

Uploading a conda package

Upload the test package to Repository with the anaconda upload command:

anaconda login
anaconda upload /path/to/conda-package.tar.bz2

NOTE: Replace /path/to/ with the path to where you stored the package.

Installing conda packages

You can install conda packages from Repository by adding channels to your conda configuration.
1. Because conda knows how to interact with Repository, specifying the channel “sean” translates to https://
<your-anaconda-repo>/sean:

conda config --add channels sean

2. You can now install public conda packages from Sean’s Repository account. Try installing the testci package at
https://<your-anaconda-repo>/sean/testci:

conda install testci

You can also install a package from a channel with a token and a label:

conda install -c https://conda.anaconda.org/t/<token>/<channel>/label/<labelname>

˓→<package>

NOTE: Replace <token> with the provided token,‘‘<channel>‘‘ with the user channel, <labelname> with the
label name and <package> with the package name you want to install.

Working with PyPI packages

Uploading PyPI packages

You can test PyPI package uploading with a small, public example package saved in the anaconda-client repository:
1. Begin by cloning the repository from the command line:

git clone [email protected]:anaconda-platform/anaconda-client.git

cd anaconda-client/example-packages/pypi/

3.1. Anaconda Enterprise 4 23

Anaconda Documentation, Release 2.0

2. You can now create your PyPI package with the setup.py script:

python setup.py sdist

3. Your package now is built as a source “tarball” and is ready to be uploaded with:

anaconda upload dist/*.tar.gz

Your package is now available at:

http://<your-anaconda-repo>/USERNAME/PACKAGE

NOTE: Replace <your-anaconda-repo> with the name of your local Repository, USERNAME with your user-
name and PACKAGE with the package name.

Installing PyPI packages

The best way to install a PyPI package is using pip. For the following command, you can use the package you authored
in the above steps:

pip install --extra-index-url https://pypi.<your-anaconda-repo>/USERNAME/PACKAGE

NOTE: Replace <your-anaconda-repo> with the name of your local Repository, USERNAME with your user-
name and PACKAGE with the test-package name.

Using cross-platform “noarch” packages

As of Anaconda Repository version 2.6.0, your Repository supports conda “noarch” packages that contain no operating
system-specific files.
The conda build system allows you to specify “no architecture” when building a package, so it is compatible with all
platforms and architectures. Noarch packages from your Repository instance can be downloaded and installed on any
platform.
NOTE: Noarch packages are not compatible with Anaconda constructor. If you intend to use the packages with
Anaconda constructor, build the packages for specific operating systems.

Building noarch packages

To specify a noarch build, use the noarch key in the build section of your conda recipe’s meta.yaml file:

build:
noarch: generic

See the conda documentation for full information on noarch packages.

Additional examples can be found in the conda-recipes repository on github.

Uploading noarch packages

You can upload noarch packages to Repository in the same manner as any other package:

24 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

anaconda upload babel

Noarch packages are identified on Repository by a cross-platform icon:

Uploading a package

To upload a package to Repository, using the Client CLI, run the upload command:

anaconda login
anaconda upload PACKAGE

NOTE: Replace PACKAGE with the name of the desired package.

Repository automatically detects packages and notebooks, package or notebook types, and their versions.
Your package is now available at:

https://<your-anaconda-repo>/USERNAME/PACKAGE

NOTE: <your-anaconda-repo> is the name of your local Repository, USERNAME is your username and
PACKAGE is the package name.
Anyone can download your package by using Client:

anaconda download USERNAME/PACKAGE

3.1. Anaconda Enterprise 4 25

Anaconda Documentation, Release 2.0

NOTE: USERNAME is their username, and PACKAGE is your package name.

If you want to restrict access to your package, see Controlling access to packages.

Controlling access to packages

• Making a package private

• Using groups to allow access to private packages
• Creating a token to allow access to a private package or channel
• Using a token
• Revoking a token

By default, all packages, notebooks and environments uploaded to Repository are public, meaning they are accessible
to anyone who has access to Repository.
When you make a package private, only you and the users you authorize can access it.
You can authorize users to access your private package in two ways:
• Use a group inside an organization account—only group members who are logged in can access the package.
This is the best way to control access to your private packages because it allows you to set separate permissions
for each package, notebook or environment.
• Use a token control system—only users who have the appropriate token can access the private package or chan-
nel.
After you grant other users access, they can download and install your package using the Web UI or Client.

Making a package private

1. In the Web UI, in the Tools menu, select Packages.

2. OPTIONAL: If the packages you are looking for are not visible, under Filters, in the Type list, select All.
3. Select the checkbox next to each package you want to make private.
4. Click the Settings tab, and then click the Admin tab in the sidebar.
NOTE: You can also reach this page at the following URL:

https://<your-anaconda-repo>/USERNAME/PACKAGE/settings/admin

Replace <your-anaconda-repo> with the name of your local Repository, USERNAME with your username
and PACKAGE with the name of the package.
5. Click Set access, then select Private.
NOTE: You can use the same procedure and URL to make Jupyter Notebooks and conda environments private.

Using groups to allow access to private packages

1. Create an organization.
2. Upload or transfer the package to the organization.

26 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

3. Within the organization, create a group with the appropriate users, permissions, and packages.

Creating a token to allow access to a private package or channel

You can control access to private packages and channels with the token system. All Repository URLs can be prefixed
with /t/<token> to allow access.
The degree of access a token grants is completely configurable when you generate it. You can generate multiple tokens
to control which groups of users have access to certain features if they have the appropriate token.
Tokens provide access to all packages in a specified channel. Separate permissions per package, notebook or environ-
ment may be better handled with organizations and groups.
You can generate tokens using the Web UI or Anaconda Client.
NOTE: By default, tokens expire after one year.

Generating a token in the Web UI

1. Navigate to:

https://<your-anaconda-repo>/<channel>/settings/access

NOTE: Replace <your-anaconda-repo> with the name of your local Repository, and <channel> with
the name of the desired channel.
2. In the Token Name box, type a name for the token:

3. Select the appropriate checkboxes for the type of access you want to allow for users of this token.
EXAMPLE: To allow users to download private packages or packages from private channels, select Allow
private downloads from Conda repositories.
4. Click the Create button.

Generating a token with Client

1. In a Client Terminal window or Anaconda Prompt, run:

anaconda auth --create --name YOUR-TOKEN-NAME --scopes repos conda:download'

NOTE: Replace YOUR-TOKEN-NAME with a name for the new token.

Provide scopes as a space-separated, quoted list. The token produced by the above command provides access to
download any of your private conda repositories. The available scopes are:
• all: Allow all operations.
• api: Allow all API operations.
• api:modify-group: Allow addition and modification of groups.
• api:read: Allow read access to the API site.

3.1. Anaconda Enterprise 4 27

Anaconda Documentation, Release 2.0

28 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

• api:write: Allow write access to the API site.

• conda: Allow all operations on conda repositories.
• conda:download: Allow private downloads from conda repositories.
• pypi: Allow all operations on PyPI repositories.
• pypi:download: Allow private downloads from PyPI repositories.
• pypi:upload: Allow uploads to PyPI repositories.
• repos: Allow access to all package repositories.
2. You can enable the token with the conda config command:

conda config --add channels https://conda.anaconda.org/t/<token>/<channel>

Or to add a channel with a token and label:

conda config --add channels https://conda.anaconda.org/t/<token>/<channel>/label/

˓→<labelname>

NOTE: Replace <token> with your token string,‘‘<channel>‘‘ with the desired channel name, and
<labelname> with the label name.
NOTE: If you lose the token’s random alphanumeric string, you must revoke the token and create a new one.

Using a token

The token can be used to:

• Add a channel from which to install private packages:

conda config --add channels https://conda.<your-anaconda-repo>/t/<token>/<channel>

NOTE: Replace <your-anaconda-repo> with the name of your local Repository, <token> with the
provided token and <channel> with a user channel.
• Install a private package without first adding a channel:

conda install -c https://conda.<your-anaconda-repo>/t/<token>/<channel> <package>

To install a package from a channel using a token and a label name:

conda install -c https://conda.<your-anaconda-repo>/t/<token>/<channel>/label/

˓→<labelname> <package>

NOTE: Replace <your-anaconda-repo> with the name of your local Repository, <token> with the
provided token, <channel> with a user channel, <labelname> with the label name and <package> with
the name of the package to install.
• Install a private PyPI package:

pip install --index-url https://pypi.<your-anaconda-repo>/t/<token>/<channel>/

˓→PACKAGE

NOTE: Replace <your-anaconda-repo> with the name of your local Repository, <token> with the
provided token, <channel> with a user channel and PACKAGE with the name of the desired package.
NOTE: Private PyPI packages can also be installed using:

3.1. Anaconda Enterprise 4 29

Anaconda Documentation, Release 2.0

https://pypi.<your-anaconda-repo>/t/<token>/<channel>

Revoking a token

You can revoke tokens using the Web UI or Client.

To revoke a token using the Web UI, from the far-right drop-down menu, select My Settings, then from the left
navigation select Access.
At the bottom of the page, you will see a list of all tokens you have generated. Click the name of the token you want
to revoke, then in the dialog box that appears, click the Revoke Token button.
Or to revoke a token using Client, run:

anaconda auth -r YOUR-TOKEN-NAME

NOTE: Replace YOUR-TOKEN-NAME with the name of the token you want to revoke.

Downloading and installing a package

To download a package using the Web UI, in a web browser, navigate to the organization’s or user’s channel.
To download a package using Client:
• Run:

conda install anaconda-client

anaconda login
conda install -c OrgName PACKAGE

NOTE: Replace OrgName with the organization or username and PACKAGE with the package name.
• Or run:

conda install anaconda-client

anaconda login
conda install -c https://conda.<your-anaconda-repo>/OrgName PACKAGE

NOTE: Replace <your-anaconda-repo> with the name of your local Repository, OrgName with the
organization name or username and PACKAGE with the package name.

Transferring a package to a new owner

When you create or add a package, by default it is attached to your individual profile. You can transfer ownership to
another owner account you control, such as an organization profile you manage.
To transfer a package to a new owner:
1. On your dashboard—or the dashboard of an organization you administer—select the package for which you
want to transfer ownership.
The system displays options for that package.
2. To display the package settings, select the Settings option.
3. Select the Admin option.

30 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

4. Under Transfer this package to a new owner, click the Transfer button.
5. Select the organization name for the new owner.
6. Click the Transfer Ownership button.

Adding and removing collaborators

You can add other users that are not part of an organization to collaborate on your packages. You need the usernames
of the other users. You can also remove collaborators at any time.
All collaborators have full read/write permissions to the package, even if the package is private.
1. On your dashboard, click the package name.
2. Select the Settings option.
3. In the package settings, select the Collaborators option.
4. To add a collaborator, in the current collaborators, type the username of the person you want to add, then click
the Add button.
5. To remove a collaborator, click the red X button next to the collaborator name.

Removing a previous version of a package

To remove a previous version of one of your packages from Repository:

1. On your dashboard, click the package name.
2. Select the Files tab.
3. Select the checkbox to the left of the version you want to remove.
4. In the Actions menu, select Remove.
You can also use the Client CLI to remove a previous version of a package:

anaconda remove jsmith/testpack/0.2

NOTE: Replace jsmith with your username, testpack with the package name and 0.2 with the desired version.
You can now see the change on your profile page:

https://<your-anaconda-repo>/USERNAME/PACKAGE

NOTE: Replace <your-anaconda-repo> with the name of your local Repository, USERNAME with your user-
name and PACKAGE with the package name.

Copying a package

To copy a package from the channel conda-forge to a personal channel such as jsmith:

anaconda copy conda-forge/glueviz/0.10.4 --to-owner jsmith

conda-forge/glueviz/0.10.4 is a “spec” and can match either of two formats: user/package/version

or user/package/version/filename.

3.1. Anaconda Enterprise 4 31

Anaconda Documentation, Release 2.0

Deprecated options

Previously labels were called “channels”, and the anaconda copy command has deprecated options
from-channel and to-channel that expect to operate on labels.
These deprecated options should not be used.
If you attempt to use them in a command such as anaconda copy --from-channel conda-forge
--to-channel jsmith glueviz, you will get an error that Label conda-forge does not exist.

Deleting files from a package

You can delete individual files from a package in Repository, without deleting the entire package.
CAUTION: There is no undo for deleting a file.
To delete individual files from a package in Repository:
1. Access Repository using the Web UI.
2. In the Tools menu, select Packages.
3. Click the Files tab.
4. OPTIONAL: If the files you want to delete are not visible, under Filters, in the Type list, select All.

5. To select individual files, expand the package in which the files are located.
6. Select the checkboxes next to the files you want to delete.
7. Click the Delete button.
8. Enter your account name in the confirmation window.

32 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

9. Click Delete to permanently delete the selected files.

Deleting a package

You can delete an entire package from Repository, including all of its versions.
CAUTION: There is no undo for deleting a package.
To delete a package from Repository:
1. Access Repository using the Web UI.
2. In the Tools menu, select Packages.
3. OPTIONAL: If the packages that you want to delete are not visible, under Filters, in the Type list, select All.

4. Select the checkbox next to the packages you want to delete.

5. Click the Delete button.
6. Enter the account name in the confirmation window.
7. Click Delete to permanently delete the selected package(s).
You can also use the Client CLI to delete a package:

anaconda remove jsmith/testpak

NOTE: Replace jsmith with your user name, and testpak with the package name.
You can now see the change on your profile page:

https://<your-anaconda-repo>/USERNAME

3.1. Anaconda Enterprise 4 33

Anaconda Documentation, Release 2.0

NOTE: Replace <your-anaconda-repo> with the name of your local Repository and USERNAME with your
username.
Also see the tutorial Using labels in the development cycle.

Working with Jupyter notebooks

As of Anaconda Repository version 2.3.0, you can upload and download Jupyter notebooks like other files.
You can also view a static copy of notebooks in Repository. The ability to run notebooks inside Repository will
become available in a future release.
To run notebooks, use Anaconda Navigator or AE Notebooks server.

Uploading a notebook

The default maximum allowed size for notebooks is 25 MB. This limit can be changed by setting the
MAX_IPYNB_SIZE variable in the config.yaml file.
To upload a notebook to your user account, at the Anaconda Prompt or in a Terminal window, run:

anaconda upload -p my-notebook my-notebook.ipynb

NOTE: Replace my-notebook with the name of the notebook you want to upload.
To upload a new version of your notebook, while retaining the original version, upload it with the version switch from
a Terminal window or an Anaconda Prompt:

anaconda upload -p my-notebook -v 1.1 my-notebook.ipynb

NOTE: Replace my-notebook with the name of the notebook you want to upload.

Finding a notebook

You can view an HTML version of your notebook at:

http://notebooks.<your-anaconda-repo>/USERNAME/my-notebook

NOTE: Replace <your-anaconda-repo> with the name of your local Repository, USERNAME with your user-
name and my-notebook with the name of your notebook.
To see another user’s notebook, browse to the associated user account on your Repository installation.

Downloading a notebook

Anyone with access to Repository can download your notebook using the Anaconda Prompt or Terminal window:

anaconda download USERNAME/my-notebook

NOTE: Replace USERNAME with your username, and my-notebook with the name of your notebook.

34 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Working with environments

A saved conda environment can be uploaded to Anaconda Repository with the web interface or the anaconda
upload command.
# To save the environment, run this command in an Anaconda Prompt or Terminal window:

conda env export -n my-environment -f my-environment.yml

To upload it with the web interface go to:

https://<your-anaconda-repo>/<USERNAME>/environments

Then use the Upload button in the top right corner.

To upload it with the anaconda upload command:

anaconda upload -f my-environment.yml

NOTE: Replace my-environment with the name of your environment.

1. You can view a list of your uploaded environments in the web interface at:

http://envs.anaconda.org/USERNAME

NOTE: Replace USERNAME with your username.

2. Anyone who has access can download and install your environment. Open a Terminal window or an Anaconda
Prompt and then enter:

conda env create user/my-environment

source activate my-environment

NOTE: Replace my-environment with the actual name of your environment.

Working with projects

You can add Anaconda Projects to Anaconda Repository. Projects can be any directory of code and assets. For
example, projects often contain notebooks or Bokeh apps.

Adding a project

Use the Anaconda Client to add a project to Repository.

Accessing and managing a project

1. Access Repository using the Web UI.

2. From the drop-down menu of the view button, select Projects.
The Projects page shows your existing projects.
3. Click on a project to display the Details page for that project, including the files, revisions, history and settings
for the project.

3.1. Anaconda Enterprise 4 35

Anaconda Documentation, Release 2.0

4. Under Settings for an individual project, you can change options, set groups and collaborations, and manage
administration of the project, including making it public, private or authenticated, transferring membership, or
deleting it.

Working with Cloudera Manager parcels

Anaconda Repository provides a way to integrate with Cloudera Manager to distribute your Anaconda data science
artifacts to your Hadoop cluster.

Creating parcels, management packs and installers

You can create custom Cloudera Manager parcels with the packages you want, including your own packages.
NOTE: Creating custom parcels requires a local mirror of the Anaconda packages.
When creating a parcel, Repository generates a 64-bit Linux installer including the specified packages and a file named
construct.yaml, which can be used with conda constructor.
To create a custom parcel, management pack or installer:
1. From the view button, select Installers.
2. Click the Create new installer button.

NOTE: Use only letters, numbers, dashes and underscores in the installer name.
When creating a parcel, Anaconda Repository generates a 64-bit Linux installer with the specified packages,
and a file named construct.yaml which can be used with conda constructor.

To create just the installer script, click Create installer; to create a parcel, click Create parcel.

36 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Creating a parcel by selecting packages

1. Click the Create from Packages tab.

2. Add channels from which to fetch packages into the Search for Channels box. Add each channel by clicking the
green + (plus) button next to the Search for Channels box.
NOTE: The anaconda user is added by default.
3. Add package names into the Search for Packages box. Add each package by clicking the green + (plus) button
next to the Search for Packages box.
4. Set version requirements for each package using the list next to the package name.

Creating a parcel by selecting an environment

1. Click the Create from Environment tab.

2. Type the environment name and click the green checkbox button.
3. Select the environment version from the list next to the environment name.

3.1. Anaconda Enterprise 4 37

Anaconda Documentation, Release 2.0

4. Click the Create management pack button, Create parcel button or Create installer button.
NOTE: By default, conda is not included in a custom parcel. To add additional packages to your environment, you can
add them using the Repository Web UI.
A parcel is generated with the prefix of /opt/cloudera/parcels/PARCEL_NAME. This is the default location
where activated parcels are loaded. If you are deploying parcels in a different directory, you can change this prefix
with the PARCELS_ROOT configuration setting.

Viewing a list of packages in a custom parcel

To see a list of packages included in your custom parcel, see:

/opt/cloudera/parcels/PARCEL_NAME/meta/parcel.json

NOTE: Replace PARCEL_NAME with the name of the desired parcel.

Distributing custom parcels

After you have created a custom parcel, you can distribute it to your cluster by adding http://<repository
ip>:<port>/USERNAME/installers/parcels/ as a Remote Parcel Repository URL.
NOTE: Replace <repository ip> with the Repository IP address, <port> with the port address and USERNAME
with your user name.
Cloudera Manager detects the parcels hosted on Repository and provides the option to download and distribute the
parcels.
By default, Repository generates a parcel file for every compatible distribution.
You can customize which parcel distributions are created by configuring the PARCEL_DISTRO_SUFFIXES configu-
ration setting.
NOTE: If you have configured conda via ~/.condarc on your server for use of a proxy—for example, to mirror
behind a proxy—you must disable proxying for Repository. For more information, see the conda documentation.
EXAMPLE:

proxy_servers:
https: http://proxy.corp.example.com
http: http://proxy.corp.example.com
'http://<repository ip>': false

Creating from a previous version

Once you have an installer created, you can return to this page and create a management pack or a parcel from a
specific version. Use the Create from a previous version option to choose which version you want to use. The
Create Installer button will be disabled since you have already created an installer. The other buttons will be disabled
if you have already created management packs or parcels for those versions.
The versions listed on the drop-down list are the versions that successfully created an installer. An installer is needed
to create a management pack or a parcel, so versions which failed won’t be listed.

38 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Resetting your password

Open the Anaconda Respository login page:

The Sign In tab provides two links to help regain access to your account:
• I forgot my username. Click this link to have the username emailed to the email address of record.
• I forgot my password. Click this link to have a reset password link sent to the email address of record.
NOTE: The reset password link expires within 24 hours. If you no longer have access to the email account, you can
create a new account or email your administrator for assistance.
Also see Tutorials.
Anaconda Repository is package management server software that makes it easy to find, access, store and share public
and private notebooks, projects, installers, environments, and conda and PyPI packages. Repository also makes it easy
to stay current with updates made to the packages and environments you are using.
Anaconda also makes an instance of Anaconda Repository for private enterprises at Anaconda Cloud.

To begin using Repository, read Getting started, then the remaining sections of the user guide.

3.1. Anaconda Enterprise 4 39

Anaconda Documentation, Release 2.0

Administration guide

This Anaconda Repository Administration guide is intended for installers and administrators of Anaconda Repository
version 2.33.

Installation

This guide provides instructions for installing and configuring Anaconda Repository.

System requirements

Your server must meet the requirements for hardware, software, security and network. Please review and verify that
you have met all system requirements before beginning your installation.

• Hardware requirements
• Software requirements
• Security requirements
• Network requirements
• Hardware verification
• Software verification
• Security verification

See also the system requirements for all of Anaconda Enterprise.

40 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Hardware requirements

• Physical server or virtual machine.

• CPU: 2 x 64-bit, 2.8 GHz, 8.00 GT/s CPUs or better. Verify machine architecture.
• Memory: minimum RAM size of 32 GB, or 16 GB RAM with 1600 MHz DDR3 installed, for a typical instal-
lation with 50 regular users. Verify memory requirements.
• Storage: Recommended minimum of 100 GB, or 300 GB if you are planning to mirror both Anaconda Reposi-
tory, which is approximately 90 GB, and the PyPI repository, which is approximately 100 GB, or at least 1 TB
for an air gapped environment. Additional space is recommended if Repository is used to store packages built
by your organization. Verify storage requirements.
• Internet access to download the files from Anaconda Cloud, or a USB drive containing all of the files you need
with alternate instructions for air gapped installations.

Software requirements

• Linux environment: Installations have been tested on Red Hat Enterprise Linux/CentOS 6.7, 7.3, 7.4, and 7.5,
and Ubuntu 12.04+. Verify Linux version.
• Client environment may be Windows, macOS or Linux.
• Ubuntu users may need to install cURL. Verify cURL access.
• MongoDB version 2.6+ installed as root and running. Versions through 3.6 are supported. Verify MongoDB
installation.
• bzip2. Verify bzip2 installation.

Security requirements

• Root access or sudo capabilities. Verify root access and sudo privileges.
• OPTIONAL: Ability to make IPTables modifications.
• SELinux policy edit privileges.
NOTE: SELinux does not have to be disabled for Repository operation.

Network requirements

TCP ports are used as follows:

• Inbound TCP 8080, 8443: Anaconda Repository.
• Inbound TCP 22: SSH.
• Outbound TCP 443: Anaconda Cloud.
• Outbound TCP 25: SMTP.
• Outbound TCP 389/636: LDAP(s).
You need your Anaconda.org—Repository in the cloud—account username and password and the installation token
provided to you by Anaconda at the time of purchase. If you did not receive your token, please contact your sales
representative or our Professional Support Team.

3.1. Anaconda Enterprise 4 41

Anaconda Documentation, Release 2.0

Hardware verification

Machine architecture

Repository is built to operate only on 64-bit computers.

To verify that you have a 64-bit or x86_64 computer, in a terminal window, run:

arch

This command displays what your system is: 32-bit “i686” or 64-bit “x86_64.”

Memory requirements

You need a minimum RAM size of 32 GB, or 16 GB RAM with 1600 MHz DDR3.
In a terminal window, run:

free -m

This command returns the free memory size in MB.

Storage requirements

To check your available disk space—hard drive or virtual environment size—use the built-in Linux df utility with the
-h parameter for human readable format:

df -h

Software verification

Other versions of the Linux environment

Please contact us by filing a GitHub issue if you have problems with a version other than Redhat, CentOS or Ubuntu.
Prompts may vary slightly depending on your version.

cURL access for Ubuntu users

RedHat and CentOS Linux distributions have cURL pre-installed, but Ubuntu does not.
To verify cURL access, in a terminal window, run:

curl --version

If cURL is not found, Ubuntu users can use the Advanced Packaging Tool (APT) to get and install cURL:

sudo apt-get install curl

TIP: If you already have Miniconda or Anaconda installed, in all versions of Linux you can use the conda command:

42 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

conda install curl

MongoDB version 2.4+ installed

MongoDB version 2.4 or higher must installed as root and running. Versions through 3.4 are supported. To check for
the existence of MongoDB and its version number, in a terminal window, run:

mongod --version

If you get a “not found” message or if the MongoDB version is 2.3 or earlier, then install MongoDB 2.4 or higher
using the official installation instructions. Remember to install as root with the sudo command.
MongoDB must always be running before Repository can be started.
To start MongoDB:

sudo service mongod start

To verify that MongoDB is running:

mongo --eval 'db.serverStatus().ok'

bzip2 is installed

To check for the existence of bzip2 and its version number, in a terminal window, run:

bzip2 --version

Security verification

Root access and sudo privileges

The Repository installation process cannot be completed without root access.

To verify that you have sudo privileges, in a terminal window, run:

sudo -v

Enter your root password when prompted and press Enter.

If you receive a message like the following, contact your system administrator for root access:

Sorry, user [username] may not run sudo on [hostname].

Installing on an online system

These instructions are for normal Linux installations on machines that have access to the internet.
NOTE: If the destination server is an air gapped system or otherwise does not have access to the internet, see Installing
on an air gapped system.

3.1. Anaconda Enterprise 4 43

Anaconda Documentation, Release 2.0

• Before you start

• 1. Install MongoDB 2.6
• 2. Create the Repository administrator account
• 3. Install Repository
• 4. Configure Repository
• 5. Set up automatic restart on reboot, fail or error
• 6. Start and log in to Repository
• 7. Client configuration
• 8. Install the Repository license
• 9. OPTIONAL: Mirror installers for Anaconda and Miniconda
• 10. Mirror Anaconda Cloud

Before you start

Your server must meet the requirements for hardware, software, security and network. Please review and verify that
you have met all system requirements before beginning your installation.
Your support representative provides you with a download URL for the Anaconda Repository installer. Make sure you
have the download URL.

1. Install MongoDB 2.6

In a terminal window, create the yum repo file as the root user:

RPM_CDN="https://820451f3d8380952ce65-4cc6343b423784e82fd202bb87cf87cf.ssl.cf1.
˓→rackcdn.com"

curl -O $RPM_CDN/mongodb-org-tools-2.6.8-1.x86_64.rpm
curl -O $RPM_CDN/mongodb-org-shell-2.6.8-1.x86_64.rpm
curl -O $RPM_CDN/mongodb-org-server-2.6.8-1.x86_64.rpm
curl -O $RPM_CDN/mongodb-org-mongos-2.6.8-1.x86_64.rpm
curl -O $RPM_CDN/mongodb-org-2.6.8-1.x86_64.rpm

NOTE: Ubuntu users use apt-get instead of yum.

MongoDB for Redhat and CentOS 7

1. Install MongoDB:

sudo yum install -y mongodb-org*

2. Start MongoDB:

sudo systemctl start mongod

3. Verify that MongoDB is running:

44 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

$ sudo systemctl status mongod

mongodb (pid 17258) is running...

MongoDB for Redhat and CentOS 6.7+

1. Install MongoDB:

sudo yum install -y mongodb-org*

2. Start MongoDB:

sudo /etc/init.d/mongod start

3. Verify that MongoDB is running:

$ sudo /etc/init.d/mongod status

mongodb (pid 17258) is running...

MongoDB for Ubuntu 12.04+

1. Install MongoDB:

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10

echo 'deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen' |

˓→sudo tee /etc/apt/sources.list.d/mongodb.list

sudo apt-get update

sudo apt-get install -y mongodb-org=2.6.9 mongodb-org-server=2.6.9 mongodb-org-

˓→shell=2.6.9 mongodb-org-mongos=2.6.9 mongodb-org-tools=2.6.9

NOTE: If you do not specify a version, such as 2.6.9, apt-get installs the latest stable version, which is 3.x.
2. Start MongoDB:

sudo /etc/init.d/mongod start

Verify that MongoDB is running:

$ sudo /etc/init.d/mongod status

mongodb (pid 17258) is running...

You receive verification that MongoDB is running:

start: Job is already running: mongodb

Additional MongoDB resources

For additional MongoDB installation information see https://docs.mongodb.org/manual/.

3.1. Anaconda Enterprise 4 45

Anaconda Documentation, Release 2.0

2. Create the Repository administrator account

1. In a Terminal window, create a new user account for Anaconda Repository named “anaconda-server,” and switch
to this new account:
sudo useradd -m anaconda-server

NOTE: The anaconda-server user is the default for installing Repository. Any username can be used, but using
the root user is discouraged.
2. Create a Repository package storage directory:
sudo mkdir -m 0770 -p /opt/anaconda-server/package-storage

3. Assign ownership of this directory to the anaconda-server user:

sudo chown -R anaconda-server:anaconda-server /opt/anaconda-server

4. Switch to the Repository administrator account:

sudo su - anaconda-server

3. Install Repository

Download the installer

Download the Repository installer from the download URL provided by your support representative:
curl "$INSTALLER_URL" > anaconda_repository.sh

Install Repository, following the prompts in the installation routine:

bash anaconda_repository.sh

1. Review and accept the license terms:

Welcome to Anaconda Repository 2.33 (by Anaconda, Inc.)
In order to continue the installation process, please review the license
˓→agreement.

Please, press ENTER to continue.

2. Once you have reviewed the license terms, approve them by typing yes:
Do you approve the license terms? [yes|no] yes

3. Accept the default location or specify an alternative:

anaconda_repository will now be installed into this location:
/home/anaconda-server/repo -Press ENTER to confirm the location
-Press CTRL-C to abort the installation
-Or specify a different location below
[/home/anaconda-server/repo] >>> /home/anaconda-server/repo" [Press ENTER]
PREFIX=/home/anaconda-server/repo
installing: python-2.7.11-0
...
(continues on next page)

46 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

(continued from previous page)

Python 2.7.11 :: Anaconda, Inc.
creating default environment... installation finished.

4. At the end of the installation routine, update the anaconda-server user’s path—prepending /home/
anaconda-server/repo—by answering “yes” at the prompt to add the install location to your path:

Do you wish the installer to prepend the anaconda_repository install location to

˓→PATH in your /home/anaconda-server/.bashrc ? [yes|no]

5. Type yes and press ENTER.

6. For the new path changes to take effect, source your .bashrc:

source ~/.bashrc

4. Configure Repository

1. Initialize the web server and indicate the filepath for the package storage location:

anaconda-server-config --init
anaconda-server-config --set fs_storage_root /opt/anaconda-server/package-storage

NOTE: The location for file storage can be any location owned by the anaconda-server user that you created in
section 2 above.
NOTE: As of Repository 2.33.8, the fs_storage_root configuration setting is mandatory for local filesys-
tem storage and the Repository server will not run without it.
2. Configure the connection to your MongoDB database:

anaconda-server-config --set MONGO_URL mongodb://localhost

NOTE: You may also configure an external MongoDB database.

3. If you are not using LDAP or Kerberos authentication, create an initial superuser account for Repository. Set
the environment variable USER_PASSWORD with the desired password for the initial user. Then run:

anaconda-server-create-user --username "superuser" --email "[email protected]" --

˓→superuser

NOTE: Replace superuser with a username of your choice and [email protected] with an email address
where you wish to receive system email notifications.
NOTE: To ensure the bash shell does not process any of the characters in this password, limit the password to
letters and numbers, with no punctuation. After setup, you can change the password in the web UI.
4. Initialize the Repository database:

anaconda-server-db-setup --execute

NOTE: The above command is also run when upgrading Repository. Upgrade and then run:

anaconda-server-db-setup --execute

5. Restart the server.

3.1. Anaconda Enterprise 4 47

Anaconda Documentation, Release 2.0

NOTE: More configuration options can be controlled with one or more .yaml configuration files. Repository reads
configuration files in this order:
1. From /etc/anaconda-server/*.yaml.
2. From $PREFIX/etc/anaconda-server/*.yaml.
3. From the path specified in the environment variable ANACONDA_SERVER_CONFIG, if it is set and the com-
mand line argument --config-file was not used.
4. From the path specified in the command line argument --config-file, if it was used.
All configuration is merged, and options from files read earlier are overwritten by files read later. If there are multiple
files in the same directory, they are read in alphabetical order.

5. Set up automatic restart on reboot, fail or error

1. Run the anaconda-server-install-supervisord-config.sh script to configure supervisord

management of the Anaconda server and worker processes:

anaconda-server-install-supervisord-config.sh

This will generate the /home/anaconda-server/repo/etc/supervisord.conf file and add a

crontab rule to restart supervisor after each reboot.
It will also create the folder /home/anaconda-server/repo/etc/supervisord/conf.d/ where
you can add .conf files with custom configuration.
NOTE: If you don’t want to include the crontab rule, use the --no-crontab option when running the script.
If an error message says that the user is disallowed from using cron and could not add the crontab rule, you can
add it manually with sudo. Edit the crontab file:

sudo crontab -e -u anaconda-server

When the file is open for editing, add this entry:

@reboot /home/anaconda-server/repo/bin/supervisord

2. Verify that the server is running:

supervisorctl status

If installed correctly, you see:

anaconda-server RUNNING pid 10831, uptime 0:00:05

3. View the log file at:

$PREFIX/var/log/anaconda-server/application.log

6. Start and log in to Repository

1. Open your browser and log into Repository by visiting http://your.anaconda.repository:8080/

using the superuser account you created in section 4 above.
NOTE: Replace your.anaconda.repository with the IP address or domain name of your repository.

48 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

2. If you are using LDAP or Kerberos authentication, modify your user account to be a superuser.
EXAMPLE: If your user account is “jsmith”:
anaconda-server-admin set-superuser "jsmith"

NOTE: See Troubleshooting if you have issues starting the repo server.

7. Client configuration

Follow the Configuring Anaconda Client instructions so you can use one or more clients to communicate with the
server.

8. Install the Repository license

1. In your browser, go to http://your.anaconda.repository:8080. Follow the onscreen instructions

to upload the license file that you received in an email from your sales representative.
NOTE: Replace your.anaconda.repository with the IP address or domain name of your repository.
Contact your sales representative or support representative if you cannot find or have any questions about your
license.
2. After uploading the license file, you will see the login page. Log in using the superuser user and password that
you created in section 4 above.
TIP: You can view the current license information and upload a new license file by visiting the URL http://your.
anaconda.repository:8080/admin/license.
NOTE: Replace your.anaconda.repository with the IP address or domain name of your repository.
Alternatively, you can install the license by copying the license file directly into the /home/anaconda-server/
.continuum directory.

9. OPTIONAL: Mirror installers for Anaconda and Miniconda

Miniconda and Anaconda installers can be served by Repository via the static directory located at /home/
anaconda-server/repo/opt/anaconda-server/installers. To serve up the latest installers for each
platform, download them to this directory.
Define the URL for miniconda installers:
URL="https://repo.anaconda.com/miniconda/"

The Miniconda*latest*.sh always point to the latest Miniconda installers. Either these can be mirrored or the
ones with the latest version number can be mirrored. Define the list of installers to mirror:
versions="Miniconda2-4.5.4-Linux-ppc64le.sh
Miniconda2-4.5.4-Linux-x86.sh
Miniconda2-4.5.4-Linux-x86_64.sh
Miniconda2-4.5.4-MacOSX-x86_64.pkg
Miniconda2-4.5.4-MacOSX-x86_64.sh
Miniconda2-4.5.4-Windows-x86.exe
Miniconda2-4.5.4-Windows-x86_64.exe
Miniconda3-4.5.4-Linux-ppc64le.sh
Miniconda3-4.5.4-Linux-x86.sh
(continues on next page)

3.1. Anaconda Enterprise 4 49

Anaconda Documentation, Release 2.0

(continued from previous page)

Miniconda3-4.5.4-Linux-x86_64.sh
Miniconda3-4.5.4-MacOSX-x86_64.pkg
Miniconda3-4.5.4-MacOSX-x86_64.sh
Miniconda3-4.5.4-Windows-x86.exe
Miniconda3-4.5.4-Windows-x86_64.exe"

# miniconda installers
pushd /home/anaconda-server/repo/opt/anaconda-server/installers

for installer in $versions

do
curl -O $URL$installer
done

Define the URL for Anaconda installers:

URL="https://repo.anaconda.com/archive/"

Define the anaconda version to mirror.

EXAMPLE: To mirror version 5.2.0:

versions="Anaconda3-5.2.0-Linux-ppc64le.sh
Anaconda3-5.2.0-Linux-x86.sh
Anaconda3-5.2.0-Linux-x86_64.sh
Anaconda3-5.2.0-MacOSX-x86_64.pkg
Anaconda3-5.2.0-MacOSX-x86_64.sh
Anaconda3-5.2.0-Windows-x86.exe
Anaconda3-5.2.0-Windows-x86_64.exe
Anaconda2-5.2.0-Linux-ppc64le.sh
Anaconda2-5.2.0-Linux-x86.sh
Anaconda2-5.2.0-Linux-x86_64.sh
Anaconda2-5.2.0-MacOSX-x86_64.pkg
Anaconda2-5.2.0-MacOSX-x86_64.sh
Anaconda2-5.2.0-Windows-x86.exe
Anaconda2-5.2.0-Windows-x86_64.exe"

# miniconda installers
pushd /home/anaconda-server/repo/opt/anaconda-server/installers

for installer in $versions

do
curl -O $URL$installer
done

popd

Users can download the installers using curl from the following URL:

# Fill in server name, port, and specific installer for your platform
curl -s -O http://your.anaconda.repository:8080/downloads/Miniconda-latest-Linux-x86_
˓→64.sh

NOTE: Replace your.anaconda.repository with the IP address or domain name of your repository.

50 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

10. Mirror Anaconda Cloud

The final step is to mirror the packages from a subset of channels on Anaconda Cloud to the local Repository. The
channels to mirror are as follows:

Channel Description
anaconda Default anaconda channel containing all packages built
and supported by Anaconda, Inc. Also contains custom
packages.
r If you would like conda packages for r, mirror this chan-
nel. It is typically done under an r account.
If the local Repository will be used by Anaconda Enter-
prise Notebooks the recommended method is to mirror
wakari
these channels under the wakari account.
anaconda-nb-extensions

anaconda-adam Anaconda-adam is used to manage the environments on

a cluster. If you plan to use anaconda-scale for cluster
management, mirror the anaconda-adam packages.
msys2 msys2 is required by quite a few windows packages.
See http://www.msys2.org/

The packages will be mirrored to the package store defined by the fs_storage_root key as described in section 4 above.

Mirror Anaconda

Mirror the Anaconda channel from Anaconda Cloud:

anaconda-server-sync-conda

NOTE: Due to the size of the Cloud repository and depending on the available internet bandwidth, the mirroring
process can take hours.
Mirroring an Anaconda repository contains documentation and advanced yaml configuration for mirroring other
channels.

Installing on an air gapped system

These instructions are for installation on air gapped systems or other machines that do not have access to the internet.
The air gap archives contain installers, dependencies and packages to mirror.

• Before you start

• 1. Install MongoDB 2.6
• 2. Create the Repository administrator account
• 3. Install Repository
• 4. Configure Repository
• 5. Set up automatic restart on reboot, fail or error

3.1. Anaconda Enterprise 4 51

Anaconda Documentation, Release 2.0

• 6. Start and log in to Repository

• 7. Client configuration
• 8. Install the Repository license
• 9. OPTIONAL: Mirror installers for Anaconda and Miniconda
• 10. Mirror Anaconda Cloud

Before you start

Your server must meet the requirements for hardware, software, security and network. Please review and verify that
you have met all system requirements before beginning your installation.
Download the installers archive and the appropriate mirrors archive for your needs. The Air gap archives page lists
the archives and their contents.
NOTE: These installation instructions assume the air gap media is available on the target server at $IN-
STALLER_PATH.
EXAMPLE:

tar xf <installer-archive> -C /installer/

export INSTALLER_PATH=/installer/anaconda-enterprise-`date +%Y-%m-%d`

Also download and expand the archive of conda packages you plan to mirror. These instructions assume packages are
expanded to $INSTALLER_PATH:

tar xf <archive-of-pkgs-to-mirror> -C /installer/

export MIRRORS_ARCHIVE=/installer/repo-mirrors-`date +%Y-%m-%d`

Air gap archives

This section provides information about where to get the air gap archives and their contents.
The air gap archives are generated monthly, generally on the 1st of each month. Monthly archives are hosted at
http://airgap.demo.continuum.io/ organized in folders by date.

Installers Archive

All the installers and the latest Miniconda and Anaconda installers for all platforms are in the archive titled:

anaconda-enterprise-`date +%Y-%m-%d`.tar

The archive size is about 14 GB. It contains everything to install Anaconda Repository, Anaconda Enterprise Note-
books, Anaconda Adam and Anaconda Scale.
The archive contains:

52 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Contents Description
aen-*.sh anaconda-enterprise-notebooks server, gateway, compute installers
anaconda_repository*.sh anaconda-repository installer
adam-installer*.sh adam installer
conda/ latest version of Miniconda and Anaconda for all platforms
rpms6x/ dependencies for installing on RHEL-6x/CentOS-6x
rpms7x/ dependencies for installing on RHEL-7x/CentOS-7x

Mirror archives

In addition, the anaconda-server-sync-conda subdirectory contains mirror archives. These are platform-
specific conda packages that must be mirrored after AE-Repo is installed. If you only need packages for a subset of
platforms, download the platform-based installers as they will be much smaller in size.
Each component has an md5 file and a list file which are both small and included for convenience.

Tarball Contents Size

repo-mirrors-date +%Y-%m-%d.tar All AE-channels for all platforms 160 GB
x64-repo-mirrors-+%Y-%m-%d.tar x64 conda packages for all AE-channels 100 GB
linux-64-pkgs.tar conda packages for linux-64 for all AE-channels 45 GB
win-64-pkgs.tar conda packages for win-64 30 GB
osx-64-pkgs.tar conda packages for osx-64 30 GB

NOTE: The archives contain packages for channels: Anaconda, R, Adam, Wakari. The anaconda-nb-extensions
packages are in the anaconda-nb-extensions channel.

1. Install MongoDB 2.6

Change the directory to the appropriate rpms* directory to find dependencies:

cd $INSTALLER_PATH/rpms*x/

MongoDB for Redhat and CentOS 7

1. Install MongoDB:

sudo yum install -y mongodb-org*

2. Start MongoDB:

sudo systemctl start mongod

3. Verify that MongoDB is running:

$ sudo systemctl status mongod

mongodb (pid 17258) is running...

3.1. Anaconda Enterprise 4 53

Anaconda Documentation, Release 2.0

MongoDB for Redhat and CentOS 6.7+

1. Install MongoDB:

sudo yum install -y mongodb-org*

2. Start MongoDB:

sudo /etc/init.d/mongod start

3. Verify that MongoDB is running:

$ sudo /etc/init.d/mongod status

mongodb (pid 17258) is running...

MongoDB for Ubuntu 12.04+

1. Install MongoDB:

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10

echo 'deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen' |

˓→sudo tee /etc/apt/sources.list.d/mongodb.list

sudo apt-get update

sudo apt-get install -y mongodb-org=2.6.9 mongodb-org-server=2.6.9 mongodb-org-

˓→shell=2.6.9 mongodb-org-mongos=2.6.9 mongodb-org-tools=2.6.9

NOTE: If you do not specify a version, such as 2.6.9, apt-get installs the latest stable version, which is 3.x.
2. Start MongoDB:

sudo /etc/init.d/mongod start

Verify that MongoDB is running:

$ sudo /etc/init.d/mongod status

mongodb (pid 17258) is running...

You receive verification that MongoDB is running:

start: Job is already running: mongodb

Additional MongoDB resources

For additional MongoDB installation information see https://docs.mongodb.org/manual/.

2. Create the Repository administrator account

1. In a Terminal window, create a new user account for Anaconda Repository named “anaconda-server,” and switch
to this new account:

54 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

sudo useradd -m anaconda-server

NOTE: The anaconda-server user is the default for installing Repository. Any username can be used, but using
the root user is discouraged.
2. Create a Repository package storage directory:

sudo mkdir -m 0770 -p /opt/anaconda-server/package-storage

3. Assign ownership of this directory to the anaconda-server user:

sudo chown -R anaconda-server:anaconda-server /opt/anaconda-server

4. Switch to the Repository administrator account:

sudo su - anaconda-server

3. Install Repository

Install Repository, following the prompts in the installation routine:

bash $INSTALLER_PATH/anaconda_repository-*-linux-64.sh

NOTE: Path should have only one installer that is for the latest stable version of Repository.
1. Review and accept the license terms:

Welcome to Anaconda Repository 2.33 (by Anaconda, Inc.)

In order to continue the installation process, please review the license
˓→agreement.

Please, press ENTER to continue.

2. Once you have reviewed the license terms, approve them by typing yes:

Do you approve the license terms? [yes|no] yes

3. Accept the default location or specify an alternative:

anaconda_repository will now be installed into this location:

/home/anaconda-server/repo -Press ENTER to confirm the location
-Press CTRL-C to abort the installation
-Or specify a different location below
[/home/anaconda-server/repo] >>> /home/anaconda-server/repo" [Press ENTER]
PREFIX=/home/anaconda-server/repo
installing: python-2.7.11-0
...
Python 2.7.11 :: Anaconda, Inc.
creating default environment... installation finished.

4. At the end of the installation routine, update the anaconda-server user’s path—prepending /home/
anaconda-server/repo—by answering “yes” at the prompt to add the install location to your path:

Do you wish the installer to prepend the anaconda_repository install location to

˓→PATH in your /home/anaconda-server/.bashrc ? [yes|no]

5. Type yes and press ENTER.

3.1. Anaconda Enterprise 4 55

Anaconda Documentation, Release 2.0

6. For the new path changes to take effect, source your .bashrc:

source ~/.bashrc

4. Configure Repository

1. Initialize the web server and indicate the filepath for the package storage location:

anaconda-server-config --init
anaconda-server-config --set fs_storage_root /opt/anaconda-server/package-storage

NOTE: The location for file storage can be any location owned by the anaconda-server user that you created in
section 2 above.
NOTE: As of Repository 2.33.8, the fs_storage_root configuration setting is mandatory for local filesys-
tem storage and the Repository server will not run without it.
2. Configure the connection to your MongoDB database:

anaconda-server-config --set MONGO_URL mongodb://localhost

NOTE: You may also configure an external MongoDB database.

3. If you are not using LDAP or Kerberos authentication, create an initial superuser account for Repository. Set
the environment variable USER_PASSWORD with the desired password for the initial user. Then run:

anaconda-server-create-user --username "superuser" --email "[email protected]" --

˓→superuser

NOTE: Replace superuser with a username of your choice and [email protected] with an email address
where you wish to receive system email notifications.
NOTE: To ensure the bash shell does not process any of the characters in this password, limit the password to
letters and numbers, with no punctuation. After setup, you can change the password in the web UI.
4. Initialize the Repository database:

anaconda-server-db-setup --execute

NOTE: The above command is also run when upgrading Repository. Upgrade and then run:

anaconda-server-db-setup --execute

5. Restart the server.

NOTE: More configuration options can be controlled with one or more .yaml configuration files. Repository reads
configuration files in this order:
1. From /etc/anaconda-server/*.yaml.
2. From $PREFIX/etc/anaconda-server/*.yaml.
3. From the path specified in the environment variable ANACONDA_SERVER_CONFIG, if it is set and the com-
mand line argument --config-file was not used.
4. From the path specified in the command line argument --config-file, if it was used.
All configuration is merged, and options from files read earlier are overwritten by files read later. If there are multiple
files in the same directory, they are read in alphabetical order.

56 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

5. Set up automatic restart on reboot, fail or error

1. Run the anaconda-server-install-supervisord-config.sh script to configure supervisord

management of the Anaconda server and worker processes:

anaconda-server-install-supervisord-config.sh

This will generate the /home/anaconda-server/repo/etc/supervisord.conf file and add a

crontab rule to restart supervisor after each reboot.
It will also create the folder /home/anaconda-server/repo/etc/supervisord/conf.d/ where
you can add .conf files with custom configuration.
NOTE: If you don’t want to include the crontab rule, use the --no-crontab option when running the script.
If an error message says that the user is disallowed from using cron and could not add the crontab rule, you can
add it manually with sudo. Edit the crontab file:

sudo crontab -e -u anaconda-server

When the file is open for editing, add this entry:

@reboot /home/anaconda-server/repo/bin/supervisord

2. Verify that the server is running:

supervisorctl status

If installed correctly, you see:

anaconda-server RUNNING pid 10831, uptime 0:00:05

3. View the log file at:

$PREFIX/var/log/anaconda-server/application.log

6. Start and log in to Repository

1. Open your browser and log into Repository by visiting http://your.anaconda.repository:8080/

using the superuser account you created in section 4 above.
NOTE: Replace your.anaconda.repository with the IP address or domain name of your repository.
2. If you are using LDAP or Kerberos authentication, modify your user account to be a superuser.
EXAMPLE: If your user account is “jsmith”:

anaconda-server-admin set-superuser "jsmith"

NOTE: See Troubleshooting if you have issues starting the repo server.

7. Client configuration

Follow the Configuring Anaconda Client instructions so you can use one or more clients to communicate with the
server.

3.1. Anaconda Enterprise 4 57

Anaconda Documentation, Release 2.0

8. Install the Repository license

1. In your browser, go to http://your.anaconda.repository:8080. Follow the onscreen instructions

to upload the license file that you received in an email from your sales representative.
NOTE: Replace your.anaconda.repository with the IP address or domain name of your repository.
Contact your sales representative or support representative if you cannot find or have any questions about your
license.
2. After uploading the license file, you will see the login page. Log in using the superuser user and password that
you created in section 4 above.
TIP: You can view the current license information and upload a new license file by visiting the URL http://your.
anaconda.repository:8080/admin/license.
NOTE: Replace your.anaconda.repository with the IP address or domain name of your repository.
Alternatively, you can install the license by copying the license file directly into the /home/anaconda-server/
.continuum directory.

9. OPTIONAL: Mirror installers for Anaconda and Miniconda

Miniconda and Anaconda installers can be served by Repository via the static directory located at /home/
anaconda-server/repo/opt/anaconda-server/installers. To serve up the latest installers for each
platform, copy them from your air gap archive to this directory.:

cp Miniconda-latest-Linux-x86_64.sh /home/anaconda-server/repo/opt/anaconda-server/
˓→installers

Replace Miniconda-latest-Linux-x86_64.sh with your Anaconda or Miniconda installer name.

NOTE: Air gap archive only contains the latest version of both Miniconda and Anaconda installers.
Users can download the installers using curl from the following URL:

# Fill in server name, port, and specific installer for your platform
curl -s -O http://your.anaconda.repository:8080/downloads/Miniconda-latest-Linux-x86_
˓→64.sh

NOTE: Replace your.anaconda.repository with the IP address or domain name of your repository.

10. Mirror Anaconda Cloud

The final step is to mirror the packages from a subset of channels on Anaconda Cloud to the local Repository. The
channels to mirror are as follows:

58 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Channel Description
anaconda Default anaconda channel containing all packages built
and supported by Anaconda, Inc. Also contains custom
packages.
r If you would like conda packages for r, mirror this chan-
nel. It is typically done under an r account.
If the local Repository will be used by Anaconda Enter-
prise Notebooks the recommended method is to mirror
wakari
these channels under the wakari account.
anaconda-nb-extensions

anaconda-adam Anaconda-adam is used to manage the environments on

a cluster. If you plan to use anaconda-scale for cluster
management, mirror the anaconda-adam packages.
msys2 msys2 is required by quite a few windows packages.
See http://www.msys2.org/

The packages will be mirrored to the package store defined by the fs_storage_root key as described in section 4 above.

Mirror Anaconda

Since we are mirroring from a local file system, some additional configuration is necessary. The steps are the same for
each channel:
1. Create a mirror configuration yaml typically stored in $PREFIX/etc/anaconda-server/mirror/.
2. Customize your mirror. An example is if you only need to mirror packages for a subset of platforms. By default,
it mirrors all packages found in the channels linux-64, osx-64, win-64, win-32 and linux-32.
3. Invoke the mirror command by pointing it to the config file:
echo "channels:" > ~/repo/etc/anaconda-server/mirror/conda.yaml
echo " - file://$MIRRORS_ARCHIVE/anaconda-suite/pkgs" >> \
~/repo/etc/anaconda-server/mirror/conda.yaml

4. Mirror the default Anaconda packages:

anaconda-server-sync-conda --mirror-config ~/repo/etc/anaconda-server/mirror/
˓→conda.yaml

Mirroring an Anaconda repository contains documentation and advanced yaml config for mirroring other chan-
nels.

Configuration

Enabling HTTPS

Before you begin, purchase an SSL certificate and download the SSL *.cert file and SSL *.key file.
NOTE: If security is not an issue, for testing, you may set up a self-signed SSL certificate. For more information, see
http://www.selfsignedcertificate.com/.
1. Save the SSL *.cert file and an SSL *.key file in your home directory.
2. Configure the server to use those keys and the correct ports:

3.1. Anaconda Enterprise 4 59

Anaconda Documentation, Release 2.0

anaconda-server-config --set ssl_options.keyfile ~/localhost.key

anaconda-server-config --set ssl_options.certfile ~/localhost.cert
anaconda-server-config --set port 8443

3. Restart your server for the changes to take effect:

supervisorctl restart all

4. To test, navigate to the site using https in the address bar.

NOTE: If you use a self-signed SSL certificate, your web browser issues a warning that the website certificate
cannot be verified.
Next, configure your client side tools conda and anaconda-client to pull packages from the local repo by setting
the ssl_verify flags.

Configure conda

If your conda client is configured to point to this local repo, update the configuration file .condarc to contain the
ssl_verify flag. If you’re using a self-signed certificate, configure the ssl_verify flag in .condarc to point
to the root CA used to sign the Anaconda Enterprise Repository server certificate.

Configure anaconda-client

If you’re using anaconda-client to connect to Anaconda Enterprise Repository with the command line, set the
ssl_verify flag.
Use anaconda config --files to find the anaconda-client configuration files.
SEE the command reference for updating the client sites configuration for anaconda-client.

Enabling email and SMTP

To send emails such as password reset emails, Repository must have the email settings configured.

Configuring a standard or alternate port

The easiest way to enable clients to access a Repository server on standard ports is to configure the server to redirect
traffic received on standard HTTP port 80 to the standard Repository HTTP port 8080:

sudo iptables -t nat -F

sudo iptables -t nat -A OUTPUT -d localhost -p tcp --dport 80 -j REDIRECT --to-ports
˓→8080

sudo iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080

HTTPS

To use HTTPS, redirect traffic from standard HTTPS port 443 to standard Repository HTTPS port 8443:

60 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

sudo iptables -t nat -A OUTPUT -d localhost -p tcp --dport 443 -j REDIRECT --to-ports
˓→8443

sudo iptables -t nat -I PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443

NOTE: See also Enabling HTTPS.

Alternate port

To run Repository on a port other than the standard port 8080:

1. Modify the usual instructions by adjusting the port numbers in your iptables configuration.
2. Specify the correct port in your supervisord.conf file.

Adjusting IPTables to accept requests on port 80

Enable clients to access a Repository on standard ports by configuring the server to redirect traffic received on standard
HTTP port 80 to the standard Repository HTTP port 8080.
NOTE: These commands assume the default state of IPTables, which is on and allowing inbound SSH access on port
22. This is the factory default state for CentOS 6.7. If this default has been changed, you can reset it:

sudo iptables -L

CAUTION: Mistakes with IPTables rules can render a remote machine inaccessible.
1. Allow inbound access to tcp port 80:

sudo iptables -I INPUT -i eth0 -p tcp --dport 80 -m comment --comment "# Anaconda
˓→Repo #" -j ACCEPT

2. Allow inbound access to tcp port 8080:

sudo iptables -I INPUT -i eth0 -p tcp --dport 8080 -m comment --comment "#
˓→Anaconda Repo #" -j ACCEPT

3. Redirect inbound requests to port 80 to port 8080:

sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -m comment --comment

˓→"# Anaconda Repo #" -j REDIRECT --to-port 8080

4. Display the current IPTables rules:

iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 /* #
˓→Anaconda Repo # */

ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 /* #

˓→Anaconda Repo # */

ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,

˓→ESTABLISHED

ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0

ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
(continues on next page)

3.1. Anaconda Enterprise 4 61

Anaconda Documentation, Release 2.0

(continued from previous page)

REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-
˓→host-prohibited

Chain FORWARD (policy ACCEPT)

target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-
˓→host-prohibited

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

NOTE: The PREROUTING (nat) IPTables chain is not displayed by default. To display the chain:

iptables -L -n -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 /* #
˓→Anaconda Repo # */ redir ports 8080

Chain POSTROUTING (policy ACCEPT)

target prot opt source destination

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

5. Save the running IPTables configuration to /etc/sysconfig/iptables:

sudo service iptables save

Connecting to an existing MongoDB database

If you already have a MongoDB server running, you can connect to it by setting the MONGO_URL configuration
variable:

anaconda-server-config --set MONGO_URL 'mongodb://<hostname>'

For more information, see the MongoDB Connection String URI Format manual.
See also Configuring MongoDB authentication.

Configuring MongoDB authentication

By default, MongoDB does not require a username or password to access or modify the database. We recommend
enabling and configuring mandatory authentication.
1. Open a MongoDB shell:

mongo

2. Repository requires read/write access to the database binstar. Enter the following commands into the Mon-
goDB shell to create an administrative user and a service user:

use admin

62 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

3. Create an administrative user to manage database users:

db.createUser({user:'siteUserAdmin', pwd: '<secure password #1>', roles:[

˓→'userAdminAnyDatabase']})

4. Authorize as that user to verify the password:

db.auth('siteUserAdmin', '<secure password #1>')

5. Create a service user for Repository:

db.createUser({user:'anaconda', pwd: '<secure password #2>', roles:[{db:'binstar',

˓→ role:'readWrite'}]})

6. Enable mandatory authentication in MongoDB:

• If you are using the legacy MongoDB configuration format, add the auth key to /etc/mongod.conf:

auth=true

• If you are using the current MongoDB configuration format, add the security.authorization key to /etc/
mongod.conf:

security:
authorization: enabled

7. Restart MongoDB to reload the configuration:

sudo service mongod restart

8. Edit the Repository configuration file and set the MONGO_URL parameter to mongodb://
<username>:<password>@<hostname>.
After editing the configuration file, restart Repository for the changes to take effect.
9. Edit the Repository configuration file and set the MONGO_URL parameter to mongodb://
<username>:<password>@<hostname>.
After editing the configuration file, restart Repository for the changes to take effect.
NOTE: For more information about MongoDB authentication and authorization, see https://docs.mongodb.com/v2.6/
core/authentication/ and https://docs.mongodb.com/v2.6/core/authorization/.

Whitelisting or blacklisting packages

Sometimes you do not want to replicate all the packages from Repository into your mirror. The
anaconda-server-sync-conda tool includes whitelist/blacklist functionality to manipulate your list of mir-
rored packages in a variety of ways.
A mirror config file can be specified when you run anaconda-server-sync-conda with the flag
--mirror-config=FILEPATH and replace FILEPATH with the path to your config file.
NOTE: Configuration files are yaml files.
To customize your distribution, you have the following options:
• remote_url: Repository mirrors packages from this source URL.
• mirror_dir: Repository stores packages in this directory on the machine where the script is executed.

3.1. Anaconda Enterprise 4 63

Anaconda Documentation, Release 2.0

• platforms: Repository mirrors packages for these platforms.

• license_blacklist: Repository omits packages with these licenses.
• blacklist: Repository omits these packages.
• whitelist: Repository always mirrors these packages.
TIP: You do not need to set up every option manually. If you only want to adjust one or two options, that is allowed.
Untouched options remain defined by the default setting.
EXAMPLE: The following example only selects packages that are available for linux-32 and linux-64 platforms.
Win-32 or win-64 packages are not mirrored at all:

mirror_dir: /opt/anaconda-server/package-storage
platforms:
- linux-32
- linux-64
license_blacklist: GPL
whitelist:
- distribute
- conda
blacklist:
- flask
- readline

The step-by-step algorithm that is used by cas-mirror to create the ultimate list of packages to mirror follows this
order:
1. Get a full list of packages from default_url.
2. If the platforms option is present, only those packages available to the platforms listed here are left on the list.
3. If license_blacklist is present, then all the packages subject to any of the licenses mentioned here are removed
from the list. See the list of license families that can be blacklisted.
4. If blacklist is present, then all member packages explicitly mentioned here are removed from the list.
5. If whitelist is present, then those assigned member packages are added to the list. The whitelist option overrides
license_blacklist and blacklist, so that a package listed here is mirrored even when under a GPL license or if it
appears in the blacklist option.
After performing all of the above actions sequentially, the script produces the ultimate list of packages that are mir-
rored.

Securing user-created content

To prevent cross-site scripting attacks (XSS), user content—such as Jupyter Notebooks—can be served from a separate
domain.
To enable this:
1. Configure the project to use a separate content domain:

anaconda-server-config --set SERVER_NAME your.anaconda.repository

anaconda-server-config --set USER_CONTENT_DOMAIN your.usercontent.server

NOTE: Replace your.anaconda.repository and usercontent.your.anaconda.repository with

the respective server IP address or domain name.

64 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

1. If your user content domain is a subdomain of your Repository domain, you must also configure the session
cookie to only send to the root domain:

anaconda-server-config --set SERVER_NAME your.anaconda.repository

anaconda-server-config --set USER_CONTENT_DOMAIN usercontent.your.anaconda.
˓→repository

anaconda-server-config --set SESSION_COOKIE_DOMAIN your.anaconda.repository

NOTE: Replace your.anaconda.repository and usercontent.your.anaconda.repository with

the respective server IP address or domain name.

Configuring Repository to use LDAP

To enable Lightweight Directory Access Protocol (LDAP) support:

1. Open the Repository configuration file $PREFIX/etc/anaconda-server/config.yaml and add the
following configuration:

account_names_filter: false
USER_REGEX: ^[a-z0-9_][a-z0-9_-.]+$
LDAP:
# Replace with company LDAP server
URI: 'ldap://<ldap.company.com>'

# Replace <uid=%(username)s,ou=People,dc=company,dc=com> with your company

˓→specific LDAP Bind/Base DN
# Bind directly to this Base DN.
BIND_DN: '<uid=%(username)s,ou=People,dc=company,dc=com>'

# Map LDAP keys into application specific keys

KEY_MAP:
name: 'cn'
company: 'o'
location:'l'
email: 'mail'

2. When switching authentication to LDAP, the admin account is lost, so you need to add your admin account
again:

anaconda-server-admin set-superuser "jsmith"

3. Run the flask-ldap-login-check command to verify LDAP connectivity:

flask-ldap-login-check binstar.wsgi:app --username 'jsmith' --password 'abc123DEF'

NOTE: Replace jsmith and abc123DEF with your LDAP username and password.
4. To apply the changes, restart the Repository server:

supervisorctl restart all

5. Open a new browser window and navigate to your local Repository installation:

http://your.anaconda.repository

NOTE: Replace your.anaconda.repository with your Repository server IP address or domain name.
6. Log in using your LDAP credentials.

3.1. Anaconda Enterprise 4 65

Anaconda Documentation, Release 2.0

7. Optional. You may set an LDAP network timeout in seconds with the options OPT_NETWORK_TIMEOUT
and OPT_TIMEOUT. The default value is 0, meaning no timeout.
For example, to set the timeout to 60 seconds, add this block to the LDAP settings in your configuration file:

OPTIONS:
OPT_NETWORK_TIMEOUT: 60
OPT_TIMEOUT: 60

Configuring Repository to use Active Directory

Microsoft Active Directory is a server program that provides directory services and uses the open industry standard
Lightweight Directory Access Protocol (LDAP).
To enable Active Directory support:
1. Open the Repository configuration file $PREFIX/etc/anaconda-server/config.yaml and add the
following configuration:

account_names_filter: false
USER_REGEX: ^[a-z0-9_][a-z0-9_-.]+$
LDAP:
# Replace with company LDAP server
'URI': 'ldap://<ldap.server.url>'

# This BIND_DN/BIND_PASSWORD default to '', this is shown here for

# demonstrative purposes. To enable Authorized Bind, insert the AD
# BIND_DN and BIND_AUTH password for and authorized AD user.
#
#e.g. 'BIND_DN': '<cn=Authorized User,cn=users,dc=company,dc=local>'
#e.g. 'BIND_AUTH': '<AuthUsrPassword>'

# The values '' perform an anonymous bind so we may use search/bind method
BIND_DN: ''
BIND_AUTH: ''

# Adding the USER_SEARCH field tells the flask-ldap-login that we

# are using the search/bind method
USER_SEARCH:
base: <cn=users,dc=company,dc=local>
filter: sAMAccountName=%(username)s

# Map ldap keys into application specific keys

KEY_MAP:
name: 'cn'
company: 'o'
location: 'l'
email: 'userPrincipalName'

2. To apply the changes, restart the Repository server:

supervisorctl restart all

3. Run the flask-ldap-login-check command to verify Active Directory connectivity:

flask-ldap-login-check binstar.wsgi:app --username 'jsmith' --password 'abc123DEF'

66 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

NOTE: Replace jsmith and abc123DEF with your Active Directory username and password.
You see a response similar to the following:

[anaconda.server] Started Site

Got userdata for jsmith
{'company': None, 'email': None, 'location': None, 'name': 'Jane Smith'}

4. Open your browser and navigate to your local Repository installation:

http://your.anaconda.repository

NOTE: Replace your.anaconda.repository with your Repository IP address or domain name.

5. Log in with Active Directory.

Configuring Repository to use LDAP groups

Repository can be configured to allow synchronizing the membership of organization groups with groups in an LDAP
directory. Owners of an organization can select a specific LDAP group as the source of group members.
Once this is enabled, users who sign in to Repository who are members of the LDAP group automatically are granted
the permissions of the organization group.
To enable LDAP groups, configure the following:
• Authenticated bind to LDAP. Repository needs to perform searches against the directory to determine the avail-
able groups and the membership of those groups.
• A query for Repository to identify the groups in your LDAP directory. For more information, see
GROUP_SEARCH.
If LDAP synchronization is disabled or the LDAP server is unreachable, the member list at the time is used for the
group.
To administer and debug LDAP synchronization, a superuser can visit:

http://your.anaconda.repository/admin/ldap

NOTE: Replace your.anaconda.repository with your Repository IP address or domain name.

Enabling TLS on LDAP/Active Directory

To enable a secure Transport Layer Security (TLS) connection on LDAP/Active Directory, add the following to the
LDAP configuration section of the file $PREFIX/etc/anaconda-server/config.yaml, replacing /path/
to/certfile with the actual path to the certfile.:

LDAP:
... # Rest of the LDAP config
START_TLS: true,
OPTIONS:
OPT_PROTOCOL_VERSION: 3
OPT_X_TLS_DEMAND: true
OPT_X_TLS_REQUIRE_CERT: 'OPT_X_TLS_NEVER'
OPT_X_TLS_CACERTFILE: '/path/to/certfile'

3.1. Anaconda Enterprise 4 67

Anaconda Documentation, Release 2.0

NOTE: START_TLS is not compatible with LDAPS. When using START_TLS, the URI value in the LDAP configu-
ration section must start with ldap://. When using START_TLS, the connection starts as a regular connection, and
is upgraded to use TLS after connection has been established.
If you’re using self-signed certificates, you’ll need to add OPT_X_TLS_NEWCTX as the last entry of the OPTIONS
field of the LDAP options:

LDAP:
... # Rest of the LDAP config
START_TLS: true,
OPTIONS:
OPT_PROTOCOL_VERSION: 3
OPT_X_TLS_DEMAND: true
OPT_X_TLS_REQUIRE_CERT: 'OPT_X_TLS_NEVER'
OPT_X_TLS_CACERTFILE: '/path/to/certfile'
OPT_X_TLS_NEWCTX: 0

Using LDAP and TLS configuration options

URI

Start by setting URI to point to your server. The value of this setting can be anything that your LDAP library supports.
For instance, openldap may allow you to give a comma- or space-separated list of URI values to try in sequence.

BIND_DN

The distinguished name to use when binding to the LDAP server with BIND_AUTH. Use the empty string—the
default—for an anonymous bind.

BIND_AUTH

The password to use with BIND_DN.

USER_SEARCH

A dictionary that locates a user in the directory. The dict object must contain the required entries base and filter
and may contain the optional entry scope.
• base: The base DN to search.
• filter: Should contain the placeholder %(username)s for the username.
• scope: One of LDAP_SCOPE_BASE, LDAP_SCOPE_ONELEVEL or LDAP_SCOPE_SUBTREE.
EXAMPLE:

{'base': 'dc=example,dc=com', 'filter': 'uid=%(username)s'}

68 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

SUPERUSER_SEARCH

A dict that will determine whether a valid user is a superuser. The dict object must contain the required entries base
and filter and may contain the optional entry scope. If the search is successful, then something is returned by the
LDAP server, and the user is given superuser permissions.
• base: The base DN to search.
• filter: Should contain the placeholder %(username)s for the username.
• scope: One of LDAP_SCOPE_BASE, LDAP_SCOPE_ONELEVEL, or LDAP_SCOPE_SUBTREE.
For example:

{'base': 'cn=admin,ou=Groups,dc=example,dc=com', 'filter': 'memberUid=%(username)s'}

Notice that this check is done during the login procedure, so even though privileges might have been removed from
(or added to) the LDAP server, the user will have to authenticate again to see the changes.

ENABLE_GROUPS

This attribute enables LDAP group synchronization, allowing users to synchronize group membership with an LDAP
directory. Defaults to false.
EXAMPLE:

ENABLE_GROUPS: true

GROUP_SEARCH

A dictionary that locates a group in the directory. An LDAP search is performed using the base distinguished name
and filter.
NOTE: Unlike USER_SEARCH, you must put parenthesis around the GROUP_SEARCH filter. It may appear to
work without parenthesis, when it’s actually failing or behaving unpredictably.
EXAMPLE:

GROUP_SEARCH:
base: dc=example,dc=com
filter: (objectClass=group)

NOTE: Anaconda Repository assumes that the groups’ objectClass is groupOfNames (or a compatible
schema). The following LDIF snippet shows an example group instance:

dn: cn=Analysts,ou=Anaconda Groups,dc=example,dc=com

cn: Analysts
member: cn=John Doe,ou=Users,dc=example,dc=com
member: cn=Jane Doe,ou=Users,dc=example,dc=com
member: cn=John Q. Public,ou=Users,dc=example,dc=com
member: cn=Guy Incognito,ou=Users,dc=example,dc=com
objectclass: groupOfNames
objectclass: top

3.1. Anaconda Enterprise 4 69

Anaconda Documentation, Release 2.0

GROUP_MEMBERS_ATTR

The LDAP attribute on a group object that indicates the users that are members of the group. Defaults to member.
EXAMPLE:

GROUP_MEMBERS_ATTR: 'member'

NOTE: Anaconda Repository assumes that the groups’ objectClass is groupOfNames (or a compatible schema).

REFRESH_INTERVAL

The number of seconds that group membership information from LDAP is used before being fetched from the directory
server again. Defaults to 3600, which is 1 hour.
EXAMPLE:

REFRESH_INTERVAL: 600

KEY_MAP

This is a dict mapping application context to LDAP. An application may expect user data to be consistent, and not all
LDAP setups use the same configuration:

'application_key': 'ldap_key'

EXAMPLE:

KEY_MAP={'name': 'cn', 'company': 'o', 'email': 'mail'}

START_TLS

If true, each connection to the LDAP server calls start_tls_s() to enable TLS encryption over the standard
LDAP port. There are a number of configuration options that can be given to OPTIONS that affect the TLS connection.
For example, OPT_X_TLS_REQUIRE_CERT can be set to OPT_X_TLS_NEVER to disable certificate verification,
perhaps to allow self-signed certificates.

OPTIONS

This stores LDAP specific options.

EXAMPLE:

LDAP:
OPTIONS:
OPT_PROTOCOL_VERSION: 3
OPT_X_TLS_REQUIRE_CERT: 'OPT_X_TLS_NEVER'

70 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

TLS—secure LDAP

To enable a secure TLS connection you must set START_TLS to true. There are a number of configuration options
for OPTIONS that affect the TLS connection.
EXAMPLE: OPT_X_TLS_REQUIRE_CERT set to OPT_X_TLS_NEVER disables certificate verification, perhaps to
allow self-signed certificates:

LDAP:
START_TLS: true
OPTIONS:
OPT_PROTOCOL_VERSION: 3
OPT_X_TLS_DEMAND: true
OPT_X_TLS_REQUIRE_CERT: 'OPT_X_TLS_NEVER'
OPT_X_TLS_CACERTFILE: '/path/to/certfile'

Configuring Repository to use Kerberos

Kerberos is an authentication protocol designed to allow nodes communicating over an insecure network to verify
identity. Repository can use Kerberos to authenticate users.
The Kerberos protocol uses timestamps to prevent replay attacks on expired credentials, so the Network Time Protocol
(NTP) service must be set up and working correctly.
Several aspects of Kerberos rely on name service. Your domain name system (DNS) entries and your hosts must
have the correct information. The hostname command and the configuration file /etc/hostname must reflect
the fully-qualified domain name (FQDN) of the machine. The configuration file /etc/hosts must include an entry
with the FQDN, to allow reverse-DNS lookups to be performed.
To allow clients to authenticate against Anaconda Repository, create a principal for the service with a private key that
identifies the service. Create a service principal HTTP/your.anaconda.repository, and create the keytab
containing this principal to $PREFIX/etc/anaconda-server/http.keytab:

SERVER_NAME=your.anaconda.repository

NOTE: Replace your.anaconda.repository with your server IP address or domain name.

If you are using MIT Kerberos:

kadmin -q "addprinc HTTP/${SERVER_NAME}"

kadmin -q "ktadd -k $PREFIX/etc/anaconda-server/http.keytab HTTP/${SERVER_NAME}"
chown anaconda-server:anaconda-server $PREFIX/etc/anaconda-server/http.keytab
chmod 600 $PREFIX/etc/anaconda-server/http.keytab

If you are using Active Directory:

1. Open Active Directory Users and Computers.
2. Select the Users container.
3. In the Action menu, select New, then select User.
4. In the New Object - User dialog, type the user information. In this example, we use
your-anaconda-repository as the login.
5. In the next dialog, select the options Password never expires and User cannot change password.
6. Right-click on the newly created user, and select Properties.

3.1. Anaconda Enterprise 4 71

Anaconda Documentation, Release 2.0

7. In the Properties dialog, select the Account tab, and ensure the Do not require Kerberos preauthentication option
is selected.
8. Open an Administrative prompt and run:

ktpass -princ HTTP/[email protected] -out http.keytab -pass "*

˓→" -mapUser your-anaconda-user@your-anaconda-server -ptype KRB5_NT_PRINCIPAL

9. Copy the newly created file http.keytab to $PREFIX/etc/anaconda-server/http.keytab on

your Repository server.
To enable Kerberos authentication on Repository, add the configuration options to $PREFIX/etc/
anaconda-server/config.yaml:

AUTH_TYPE: KERBEROS
KRB5_KTNAME: /home/anaconda-server/repo/etc/anaconda-server/http.keytab

For a minimal configuration example see Kerberos-Anaconda Repository setup example.

Kerberos configuration options

AUTH_TYPE string Configures the authentication scheme used for Repository. Set to
KERBEROS to enable Kerberos authentication. Default: NATIVE.
KRB5_KTNAME string The file path of the keytab containing the service principal for
Repository. Default: /etc/krb5.keytab.
KRB5_SERVICE_NAME
string The service type used to identify the service principal for Reposi-
tory. HTTP in HTTP/your.anaconda.repository@YOUR.
REALM. Default: HTTP.
KRB5_HOSTNAME string The hostname used to identify the service principal for Repos-
itory. your.anaconda.repository in HTTP/your.
[email protected]. Default: the host-
name of the machine on which Repository is running.

Kerberos-Anaconda Repository setup example

Kerberos authentication adds a layer of security to Anaconda Repository. The following example show how to set up a
minimal working installation with three machines: One running anaconda server, one running the MIT Kerberos Key
Distribution Center (KDC), and a client from where we are going to connect to both services.
For this example we assume that both the KDC and Anaconda Repository are already configured and the 3 systems
have the Network Time Protocol (NTP) service working.

Initial Setup

All 3 machines are running CentOS 7 but the configurations mentioned here apply for many other Linux distributions.
We are going to use the following domain names:
• Anaconda Repository: anaconda.kerberos.local
• Kerberos KDC: kdc.kerberos.local
• Client: client.kerberos.local

72 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Make sure that the information is correct in the configuration files /etc/hostname and /etc/hosts to allow
reverse-DNS lookups.
The name of the Kerberos realm is KERBEROS.LOCAL. The 3 machines have the same configuration file /etc/
krb5.conf:

[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
default = SYSLOG:NOTICE:DAEMON

[libdefaults]
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
default_realm = KERBEROS.LOCAL
default_ccache_name = KEYRING:persistent:%{uid}

[realms]
KERBEROS.LOCAL = {
kdc = kdc.kerberos.local
admin_server = kdc.kerberos.local
}

[domain_realm]
.kerberos.local = KERBEROS.LOCAL
kerberos.local = KERBEROS.LOCAL

On kdc.kerberos.local the files /var/kerberos/krb5kdc/kdc.conf and /var/kerberos/

krb5kdc/kadm5.acl should be configured accordingly.

Configure Anaconda Repostiory

At this point Anaconda Repository is up and running, it’s installed on /home/anaconda-server/repo, the
administrator account in this example is superuser. To allow authentication we first create a service principal and
the keytab containing this principal. This is accomplished running the following commands as root from a terminal on
anaconda.kerberos.local.

kadmin -q "addprinc HTTP/anaconda.kerberos.local"

kadmin -q "ktadd -k /home/anaconda-server/repo/etc/anaconda-server/http.keytab HTTP/
˓→anaconda.kerberos.local"

chown anaconda-server:anaconda-server \
/home/anaconda-server/repo/etc/anaconda-server/http.keytab
chmod 600 /home/anaconda-server/repo/etc/anaconda-server/http.keytab

Now edit the configuration file /home/anaconda-server/repo/etc/anaconda-server/config.

yaml and add the following lines:

AUTH_TYPE: KERBEROS
KRB5_KTNAME: /home/anaconda-server/repo/etc/anaconda-server/http.keytab

Finally, add the principal for the admin account on the kerberos realm:

3.1. Anaconda Enterprise 4 73

Anaconda Documentation, Release 2.0

kadmin -q "addprinc [email protected]"

Reboot the server for the changes to take effect.

Client Configuration

To log in to Anaconda Repository with Kerberos Authentication, a browser that supports said authentication protocol
is necessary. In this example we are using Firefox. Some extra tweaking is required.
• Open Firefox and type about:config in the navigation bar, click the confirmation button if necessary to proceed
to the configuration page.
• Type negotiate in the Search field to filter out the options, double click network.negotiate-auth.trusted-uris
and enter .kerberos.local in the text box.
• Do the same for network.negotiate-auth.delegation-uris.
Finally a ticket for the superuser should be stored on the local machine. The following command will request it:

kinit [email protected]

Now it is possible to open anaconda server on firefox, in this case the URL is anaconda.kerberos.
local:8080, after clicking Sign In, the user should be able to log in immediately without having to enter any
credentials.

Configure Anaconda Repository to use PAM

Open the Anaconda Repository configuration file $PREFIX/etc/anaconda-server/config.yaml and add

the following configuration to enable Pluggable Authentication Module (PAM) support:

AUTH_TYPE: PAM

When switching authentication to PAM the admin account is lost, so you need to add your admin account again:

anaconda-server-admin set-superuser "jsmith"

To apply the changes, restart the Anaconda Repository server:

supervisorctl restart all

Open a new browser window and navigate to your local Anaconda Repository installation:

http://your.anaconda.server

NOTE: Replace “your.anaconda.server” with your actual Anaconda Repository server IP address or domain name.
You can now log in using your PAM credentials.
NOTE: To use the “shadow” PAM backend, add the user under which Anaconda Repository is running (usually
“anaconda-server”) to the “shadow” group:

sudo usermod -a -G shadow anaconda-server

74 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Read only mode

The site can be put into read only mode to disable any action that modifies the database.
This may be useful when mirroring from the site.
NOTE: Logging in modifies the database, so in read only mode users and admins may not log in.
To enable read only mode use the setting:

READ_ONLY: true

Configuring Anaconda Client

• Client configuration
• Conda configuration
• Pip configuration
• Kerberos configuration

Anaconda Client gives you the ability to upload packages to your on-site Anaconda Repository and provides highly
granular access control capabilities. The instructions below describe how to configure Client to use your local Repos-
itory instead of Anaconda Cloud.

Client configuration

On each machine that accesses your on-site Repository, run this command as the machine’s local user:

anaconda config --set url http://your.server.name:<port>/api

Or, to set the default repo on a system-wide basis, run this command:

anaconda config --set url http://your.server.name:<port>/api --site

NOTE: Replace your.server.name with the name of your local Repository and <port> with the name of the
port used by Repository.
The system level config file is used only if no user-level config file is present.
To show the system and user config file locations and configuration settings:

anaconda config --show

Conda configuration

When the above anaconda config steps are completed, you can access all packages and channels from the local
on-site Repository instead of the public Anaconda.org.
Users can then add individual accounts to their .condarc file by running the following command:

3.1. Anaconda Enterprise 4 75

Anaconda Documentation, Release 2.0

conda config --add channels USERNAME

If you still want to access certain channels from the public Anaconda.org, run:

conda config --add channels http://conda.anaconda.org/USERNAME

NOTE: Replace USERNAME with your username.

Conda channel priority

To set a preferred priority for the channels conda searches for package installs, edit your ~/.condarc file and
change the order. Channels at the top are searched first.
For example:

channels:
- channel
- https://conda.anaconda.org/t/<token>/<channel2>
- http://conda.anaconda.org/<channel1>
- defaults

The order of search is:

1. Private on-site Repository channel.
2. Private Anaconda.org channel2.
3. Public Anaconda.org channel1.
4. Default channel on the on-site Repository.

Pip configuration

To install PyPI packages from your Repository, add your channel to your ~/.pip/pip.conf configuration file.
Edit the file and add an extra-index-url entry to the global config section:

[global]
extra-index-url = http://your.server.name:<port>/pypi/USERNAME/simple

NOTE: Replace your.server.name with the name of your local Repository, <port> with the name of the port
used by Repository and USERNAME with your username.

Kerberos configuration

If you have enabled Kerberos authentication as described in Configuring Repository to use Kerberos, your browser
and Client should be able to authenticate to Repository using Kerberos.
In macOS/Unix, configure the file /etc/krb5.conf:

[libdefaults]
default_realm = YOUR.DOMAIN

[realms]
YOUR.DOMAIN = {
(continues on next page)

76 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

(continued from previous page)

kdc = your.kdc.server
}

[domain_realm]
your.anaconda.repository = YOUR.DOMAIN

NOTE: Replace YOUR.DOMAIN with your domain, your.kdc.server with your Kerberos key distribution center
(KDC) and your.anaconda.repository with your local Repository server.
If your configuration is correct, you should be able to authenticate using the command line tool kinit:

kinit jsmith
anaconda login

NOTE: Replace jsmith with your username.

Browser Setup

Many browsers do not present your Kerberos credentials by default, to prevent leaking credentials to untrusted parties.
In order to use Kerberos authentication, you must whitelist Repository as a trusted party to receive credentials.
You must restart your browser after configuring the whitelist in order for changes to be reflected.

Safari

Safari requires no configuration—it automatically presents your credentials without whitelisting.

Chrome

The AuthServerWhitelist policy must be set to your.anaconda.repository to allow Chrome to present cre-
dentials to Repository with the hostname your.anaconda.repository. Depending on your DNS configuration,
DisableAuthNegotiateCnameLookup may also be required to prevent Chrome from canonicalizing the hostname be-
fore generating a service name.
NOTE: Replace your.anaconda.repository with your local Repository server.
To configure on macOS:

defaults write com.google.Chrome AuthServerWhitelist "your.anaconda.repository"

On Linux:

mkdir -p /etc/opt/chrome/policies/managed
mkdir -p /etc/opt/chrome/policies/recommended
chmod -w /etc/opt/chrome/policies/managed
echo '{"AuthServerWhitelist": "your.anaconda.repository"}' > /etc/opt/chrome/policies/
˓→managed/anaconda_repo_policy.json

On Windows, use Group Policy objects to set the Authentication server whitelist setting to your.anaconda.
repository.
For more information, see Chrome’s SPNEGO authentication and administration documentation.

3.1. Anaconda Enterprise 4 77

Anaconda Documentation, Release 2.0

Firefox

1. Navigate to the configuration page about:config.

2. Search for negotiate.
3. Set the configuration item network.negotiate-auth.trusted-uris to your.anaconda.
repository
NOTE: Replace your.anaconda.repository with your local Repository server.

Internet Explorer

1. In the Tools menu, select Internet Options.

2. On the Advanced tab, in the Security section, select Enable Integrated Windows Authentication.

Configuring local mirrors

You can add a local copy—mirror—of Anaconda or PyPI repositories to your Anaconda Repository installation.
This section explains how to use Repository’s convenient syncing tools to create and configure local mirrors:

Mirroring an Anaconda repository

• Before you start

• Mirroring all packages
• Mirroring some packages
• Offline mirroring
• Mirroring with the deprecated anaconda-mirror command
• Mirroring additional channels
• Configuring conda

NOTE: This documentation is for versions of Anaconda Repository 2.26 and newer. For versions from 2.23 through
2.25, see 2.23 documentation. For versions before 2.23, see 2.20 documentation.

Before you start

You need to have already installed and configured your Repository instance. Due to the size of Repository, it is
important that you have configured a file storage location with sufficient disk space. If necessary, see the requirements
for the file storage location.
A full Anaconda mirror requires approximately 90 GB.
You will also need to install cas-mirror as it is the recommended mirroring tool.
NOTE: The anaconda-mirror tool has been deprecated and will not be updated any further.

78 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Mirroring all packages

You can mirror some or all of the contents of the Anaconda repository using the cas-sync-api-v4 command:
$ cas-sync-api-v4 --help
usage: cas-sync-api-v4 [-h] [-f FILENAME] [--config] [--version]
[-l LOG_LEVEL] [-v]

Updates an Anaconda repository instance

optional arguments:
-h, --help show this help message and exit
-f FILENAME, --file FILENAME
Configuration file location (Defaults to:
/home/abarto/.cas-mirror or /etc/cas-mirror)
--config, --show-config
Show running configuration and exit
--version Print version and exit
-l LOG_LEVEL, --log-level LOG_LEVEL
Set the log level (CRITICAL, ERROR, WARNING, INFO,
DEBUG)Default: INFO.
-v, --verbose Shorthand for --log-level DEBUG

This tools mirrors all of the packages from the Anaconda repository default channels into the anaconda user account.
It leverages the functionality exposed by the anaconda-client package to import the remote packages into an
existing site.
1. Associate the URL of your Anaconda repository with a site using the anaconda command:
anaconda config --set sites.myrepo.url "http://your-anaconda-repo/"

NOTE: Replace your-anaconda-repo with the URL to your installation of Repository.

2. Create a configuration file sync.yaml that tells cas-sync-api-v4 which site to use:
dest_site: myrepo

3. Check that the configuration is valid with the --config parameter:

$ cas-sync-api-v4 -f sync.yaml --config
path: /home/ec2-user/sync.yaml
remote_url: https://repo.anaconda.com/
mirror_dir: /opt/cas-mirror
platforms: ['osx-32', 'osx-64', 'win-32', 'win-64', 'linux-32', 'linux-64',
˓→'linux-armv6l', 'linux-armv7l', 'linux-ppc64le']

fetch_installers: True
repodata_source: False
dir_names: ['archive']
server_log_dir: None
server_port: None
dest_site: myrepo
dest_channel: anaconda
verify_checksum: False
delta: False
delta_dir: None
log_dir: None
log_level: 20
python_versions: []
(continues on next page)

3.1. Anaconda Enterprise 4 79

Anaconda Documentation, Release 2.0

(continued from previous page)

pkg_list: []
license_blacklist: []
blacklist: []
whitelist: []
channels:
- https://repo.anaconda.com/pkgs/main/
- https://repo.anaconda.com/pkgs/free/
- https://repo.anaconda.com/pkgs/pro/

With this configuration, cas-sync-api-v4 mirrors the contents of all the default channels into the
anaconda account of the myrepo site.
4. Run cas-sync-api-v4:
cas-sync-api-v4 -f sync.yaml

5. Verify the mirroring by opening a browser and loading this URL:

http://your-anaconda-repo/anaconda/

NOTE: Replace your-anaconda-repo with the URL to your installation of Repository.

Mirroring some packages

Alternately, you may not want to mirror all packages. To mirror a subset of the total repository, specify which platforms
you want to include, or use the whitelist, blacklist or license_blacklist functionality to control which packages are
mirrored, by copying the default configuration file $PREFIX/etc/anaconda-server/mirror/anaconda.
yaml to $PREFIX/etc/anaconda-server/mirror/anaconda-custom.yaml.
For Repository 2.27 or newer, there are sample yaml config files located at: $PREFIX/etc/anaconda-server/
mirror. PREFIX is the install location of Repository, which by default is ~anaconda-server/repo/etc/
anaconda-server/mirror.
This command mirrors the repository according to the settings in the configuration file anaconda-custom.yaml:
cas-sync-api-v4 -f anaconda-custom.yaml

For more information, see Customizing mirrors.

Offline mirroring

Offline mirroring is done by using both cas-sync and cas-sync-api-v4. First download all the packages onto
a host with Internet access.
EXAMPLE:
To download the packages, create a configuration file named export.yaml:
mirror_dir: /opt/mirror/export/
platforms:
- linux-64
- win-64
python_versions:
- 2.7
- 3.6
(continues on next page)

80 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

(continued from previous page)

fetch_installers: false
pkg_list:
- ca-certificates
- certifi
- libedit
- libffi
- libgcc-ng
- libstdcxx-ng
- ncurses
- openssl
- pip
- python
- readline
- setuptools
- sqlite
- tk
- wheel
- xz
- zlib

This example downloads only a subset of the default channels.

Run cas-sync:
cas-sync -f export.yaml

After it finishes, a conda repository for each platform is created in the directory /opt/mirror/export/pkgs.
We can now take the contents of the directory /opt/mirror/export/ to the air-gapped environment.
To import the packages, create a config file named import.yaml:
dest_site: mysite
dest_channel: anaconda
channels:
- file:///opt/mirror/export/pkgs/
platforms:
- linux-64
- win-64
python_versions:
- 2.7
- 3.6

Make sure these requirements are true:

• The files mirrored onto the connected box have been put in the /opt/mirror/export directory.
• An anaconda site named mysite is properly configured and the user has logged into it using the anaconda
command.
• An “anaconda” account exists in the “mysite” site and the logged in user has access to it.
After these requirements are true, run cas-sync-api-v4:
cas-sync-api-v4 -f import.yaml

Mirroring with the deprecated anaconda-mirror command

The anaconda-mirror command is deprecated but still in use at some installations.

3.1. Anaconda Enterprise 4 81

Anaconda Documentation, Release 2.0

It is used with the command anaconda-mirror sync, or with a configuration file such as anaconda-custom.
yaml with the command anaconda-mirror --config-file anaconda-custom sync.

Resetting packages

Use the --reset option to reset the previously mirrored packages:

anaconda-mirror --config-file anaconda-custom sync --reset

This resets the “last sync” time for the repository, so anaconda-mirror requests all packages, not just those
changed or added since the last sync. As the requests are processed, anaconda-mirror still automatically down-
loads only those files that differ from the files currently in the repository.

Exporting a mirror

To generate a mirror archive:

anaconda-mirror export mirror.tar

This command dumps the packages, according to the configured settings, into the file mirror.tar.
This mirror can be used in an air gapped environment.

Importing a mirror

To mirror the Anaconda repository in an air gapped environment, point anaconda-mirror to the exported mirror
archive.
Mount the USB drive and then run:

anaconda-mirror import $USB/mirror.tar

This command mirrors the contents of the local Anaconda repository to your Repository installation under the user-
name “anaconda.”

Filtering

If you want to update the filters on your mirror—for example, to exclude additional licenses—running
anaconda-mirror sync again retrieves new packages that match this filter, but it does not remove existing
packages that no longer match the filter.
To see which packages no longer match your filter:

anaconda-mirror clean --dry-run

To remove these packages from your mirror:

anaconda-mirror clean

82 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Mirroring additional channels

If mirroring from an air gap archive, the channel in the following configuration points to a local directory to which the
archive is expanded.
In addition, if a platform-specific archive is downloaded, then the config file needs the platforms section. The examples
in the following sections assume x64-repo-mirrors-\*.tar <airgap-archive-mirrors> is expanded
to $MIRRORS_ARCHIVE.
Similarly, for an online system, the channel points to Anaconda Cloud. The platforms are optional and limit the
mirrored conda packages to the specified platforms.

Mirroring R channel

1. Create the yaml config file.

EXAMPLE: The following is a config to mirror from an air gap archive containing only x64 packages:

cat $PREFIX/etc/anaconda-server/mirror/r.yaml

channels:
- file://$MIRRORS_ARCHIVE/r/pkgs

# The platforms should correspond to the platforms contained in

# the archive. Omit if the archive contains conda packages for all platforms.
platforms:
- linux-64
- osx-64
- win-64

EXAMPLE: The following is for an online system:

cat $PREFIX/etc/anaconda-server/mirror/r.yaml

channels:
- https://conda.anaconda.org/r

2. Mirror the packages to r-channel:

anaconda-server-sync-conda --mirror-config \
$PREFIX/etc/anaconda-server/mirror/r.yaml --account=r-channel

Mirroring Wakari channel for AEN

1. Create the yaml config file.

EXAMPLE: The following is a config to mirror from an air gap archive containing only x64 packages:

cat $PREFIX/etc/anaconda-server/mirror/wakari.yaml

channels:
- file://$MIRRORS_ARCHIVE/wakari/pkgs

# The platforms should correspond with the platforms contained in

# the archive. Omit if the archive contains conda packages for all platforms.
(continues on next page)

3.1. Anaconda Enterprise 4 83

Anaconda Documentation, Release 2.0

(continued from previous page)

platforms:
- linux-64
- osx-64
- win-64

EXAMPLE: The following is for an online system:

cat $PREFIX/etc/anaconda-server/mirror/wakari.yaml

channels:
- https://conda.anaconda.org/t/<TOKEN>/anaconda-nb-extensions
- https://conda.anaconda.org/wakari

NOTE: Replace <TOKEN> with the token for the anaconda-nb-extensions channel that you should have received
along with your Repository license.
2. Mirror the packages to the Wakari channel:

anaconda-server-sync-conda --mirror-config \
$PREFIX/etc/anaconda-server/mirror/wakari.yaml --account=wakari

Mirroring anaconda-adam channel for cluster management

1. Create the yaml config file.

EXAMPLE: The following is a config to mirror from an air gap archive containing only x64 packages:

cat $PREFIX/etc/anaconda-server/mirror/anaconda-adam.yaml

channels:
- file://$MIRRORS_ARCHIVE/anaconda-adam/pkgs

# The platforms should correspond with the platforms contained in

# the archive. Omit if the archive contains conda packages for all
# platforms.
platforms:
* linux-64
* osx-64
* win-64

EXAMPLE: The following is for an online system:

cat $PREFIX/etc/anaconda-server/mirror/anaconda-adam.yaml

channels:
- https://conda.anaconda.org/anaconda-adam

2. Mirror the packages to anaconda-adam channel:

anaconda-server-sync-conda --mirror-config \
$PREFIX/etc/anaconda-server/mirror/anaconda-adam.yaml --account=anaconda-adam

84 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Configuring conda

Having created the mirror, you still need to configure conda to search for packages here rather than on the default
Anaconda repository. You can do that by editing your ~/.condarc file to add the appropriate channel:

channels:
- http://<anaconda.repo.ipaddress>:<port>/conda/anaconda/

NOTE: Replace <anaconda.repo.ipaddress> with the URL to your installation of Repository.

NOTE: This configuration change can be made at the user level or via an administrative conda file, to force all internal
users to use your local Anaconda mirror rather than querying the Anaconda repository.
NOTE: Users can download Anaconda installers that are pre-configured to search your Repository from http:/
/<anaconda.repository.addr>/downloads. To learn how to generate these installers, see Customizing
installers.

Mirroring a PyPI repository

• Before you start

• Running the PyPI mirror command
• Customizing the mirror
• Configuring pip

Before you start

You need to have already installed and configured your Repository instance. Due to the size of Repository, it is
important that you have configured a file storage location with sufficient disk space. If necessary, see the requirements
for the file storage location.
The full PyPI mirror requires approximately 120 GB.

Running the PyPI mirror command

To create a PyPI mirror:

anaconda-server-sync-pypi

This command loads all of the packages on pypi.python.org into the ~pypi binstar user account.
Verify that the command ran successfully by opening your browser to http://your-anaconda-repo/pypi/
~pypi.
NOTE: Replace your-anaconda-repo with the URL to your installation of Repository.

Customizing the mirror

It is possible to customize the mirror behavior by creating a configuration file such as $PREFIX/etc/
anaconda-server/mirror/pypi.yaml and using the --mirror-config option:

3.1. Anaconda Enterprise 4 85

Anaconda Documentation, Release 2.0

anaconda-server-sync-pypi --mirror-config /etc/binstar/mirrors/pypi.yaml

The following configuration options are available:

Name Description
user The local user under which the PyPI packages are imported. Default: pypi.
pkg_list A list of packages to mirror. Only packages listed are mirrored. If this is set, blacklist and
whitelist settings are ignored. Default: [].
whitelistA list of packages to mirror. Only packages listed are mirrored. If the list is empty, all packages are
checked. Default: [].
blacklistA list of packages to skip. The packages listed are ignored. Default: [].
Only download the latest versions of the packages. Default: false.
latest_only
The URL of the PyPI mirror. /pypi is appended to build the XML RPC API URL, /simple for the
remote_url
simple index and /pypi/{package}/{version}/json for the JSON API. Default: https:/
/pypi.python.org/.
A custom value for XML RPC URL. If this value is present, it takes precedence over the URL built
xml_rpc_api_url
using remote_url. Default: null.
A custom value for the simple index URL. If this value is present, it takes precedence over the URL
simple_index_url
built using remote_url. Default: null.
Whether to use the XML RPC API as specified by PEP381. If this is set to true, the XML RPC API
use_xml_rpc
is used to determine which packages to check. Otherwise the scripts falls back to the simple index. If
the XML RPC fails, the simple index is used. Default: true.
Whether to use the serial number provided by the XML RPC API. Only packages updated since the
use_serial
last serial saved are checked. If this is set to false, all PyPI packages are checked for updates. Default:
true.
Create the mirror user as an organization instead of a regular user account. All superusers are added to
create_org
the “Owners” group of the organization. Default: false.
private Save the mirrored packages as private. Default: false.

EXAMPLE:

whitelist:
- requests
- six
- numpy
- simplejson
latest_only: true
remote_url: http://pypimirror.local/
use_xml_rpc: true

Configuring pip

To configure pip to use this new mirror, edit /etc/pip.conf as follows:

[global]
index-url=https://pypi.anaconda.org/pypi/simple

Customizing mirrors

86 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

• Before you start

• Customizing your mirror
• Mirroring a platform-specific list
• Mirroring a package-specific list
• Mirroring Python version-specific packages
• Mirroring with a license blacklist
• Mirroring with a blacklist
• Mirroring with a whitelist
• Combining multiple mirror configurations

This section explains how you can customize your PyPI or Anaconda repository mirror.
NOTE: This documentation applies to versions of Repository 2.26 and newer. For versions between 2.23 and 2.26,
see 2.23 documentation. For older versions, see 2.20 documentation.

Before you start

Your Anaconda Repository should already be installed and configured, as well as the mirroring tool cas-mirror.
See mirroring an Anaconda repository.

Customizing your mirror

The following commands can be used with the cas-mirror tool:

• cas-sync: Creates or updates an existing local Anaconda package repository. The packages are saved into a
local directory. This directory is defined by the mirror_dir configuration setting.
• cas-sync-api-v4: Creates or updates an existing remote Anaconda package repository. The packages are
uploaded into an account of an existing Anaconda repository instance. The account and instance are controlled
by the dest_channel and dest_site configuration settings.
• cas-merge: Combines delta repositories into an existing Anaconda package repository. A delta repository
contains the changes between the local and remote Anaconda package repositories. Delta repositories are gen-
erated by cas-sync using the delta configuration setting.
All the commands can read a YAML configuration file specified by the --file (or -f) command line option. The
YAML file can contain any of the following valid keys:

remote_url

Conda packages, Anaconda installers and Miniconda installers are fetched from this remote URL.
DEFAULT: https://repo.anaconda.com/

channels

Conda packages are fetched from these remote channels.

3.1. Anaconda Enterprise 4 87

Anaconda Documentation, Release 2.0

DEFAULT: A list of these channels:

• <remote_url>/pkgs/main/
• <remote_url>/pkgs/free/
• <remote_url>/pkgs/pro/

mirror_dir

The mirror is saved in this local directory.

NOTE: A full mirror of the Anaconda repository uses about 100 GB of disk space. Make sure the mirror directory has
enough space.
DEFAULT: /opt/cas-mirror

platforms

Conda packages and installers for this list of platforms are mirrored.
DEFAULT: A list of all platforms. This is:
['osx-32', 'osx-64', 'win-32', 'win-64', 'linux-32', 'linux-64',
'linux-armv6l', 'linux-armv7l', 'linux-ppc64le']

fetch_installers

Whether to fetch all Anaconda and Miniconda installers from remote_url.

If fetch_installers is set to false then installers are not fetched.
DEFAULT: true

python_versions

Python versions to mirror.

DEFAULT: All versions.
EXAMPLE: ['2.7', '3.6']

pkg_list

An explicit list of package names to be mirrored.

When this list is provided, the license_blacklist, blacklist and whitelist keys are not allowed to be
set.

88 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

license_blacklist

A list of licenses to be excluded from the mirror.

The license families that can be blacklisted are:
• AGPL
• APACHE
• BSD
• GPL2
• GPL3
• LGPL
• MIT
• PROPRIETARY
• PUBLICDOMAIN
• PSF
• OTHER
• NONE

blacklist

A list of package names to be excluded from the mirror.

whitelist

A list of package names to be included in the mirror.

The whitelist overrides the blacklists. If a package is both blacklisted and whitelisted, then it is included and mirrored.
EXAMPLE: The package numpy has a license in the license family BSD.
If license_blacklist contains BSD and whitelist is empty, then numpy and all other BSD licensed pack-
ages are excluded and not mirrored.
If license_blacklist contains BSD and whitelist contains numpy, then the numpy package is included
and mirrored and other BSD licensed packages are excluded and not mirrored.

dest_channel

Optional channel to use when synchronizing with a local Repository instance.

DEFAULT: “anaconda”

dest_site

Optional site to use when synchronizing with a local Repository instance.

DEFAULT: None

3.1. Anaconda Enterprise 4 89

Anaconda Documentation, Release 2.0

delta

If delta is true, then a delta is generated from mirror_dir.

If delta is false, then the changes are applied directly.

delta_dir

The delta is generated (or merged) onto this directory.

If this is not specified, the generated delta directory is named delta-<timestamp>-pkgs. <timestamp> is
replaced with a timestamp.

max_retries

The number of retries to allow before failing.

When it is set to 0, cas-mirror fails at the first error. Default is 0.
This is supported only for the cas-sync and cas-sync-api-v4 commands.
DEFAULT: 0

safe

If safe is true, synchronizing repositories or merging delta directories never delete anything.
DEFAULT: false

repodata_source

Uses a repodata.json (or repodata.json.bz2) as the source of existing packages.

This file must be in the mirror directory for a specific platform.
EXAMPLE: /mirror/linux-64/repodata.json

Mirroring a platform-specific list

By default, cas-sync and cas-sync-api-v4 mirror all platforms. If you do not need all platforms, you can save
time and disk space by editing the yaml file to specify which platform(s) you want to mirror.
EXAMPLE:

platforms:
- linux-64
- win-32

90 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Mirroring a package-specific list

You may want to mirror only a small subset of Repository. Rather than blacklisting a long list of packages you do not
want to be mirrored, you can instead simply enumerate the list of packages you do want to mirror.
EXAMPLE: This example mirrors only the three packages Accelerate, PyQt and Zope. All other packages are ignored:

package_list:
- accelerate
- pyqt
- zope

Mirroring Python version-specific packages

You may want to mirror only a subset of versions.

EXAMPLE: This example mirrors only Anaconda packages built for Python 3.3:

python_versions:
- 3.3

Mirroring with a license blacklist

As of Repository 2.26.0, the Anaconda mirroring script supports license blacklisting for the following license families:
• AGPL
• APACHE
• BSD
• GPL2
• GPL3
• LGPL
• MIT
• PROPRIETARY
• PUBLICDOMAIN
• PSF
• OTHER
• NONE
EXAMPLE: This example mirrors all the packages in the repository except those that are GPL2-, GPL3- or BSD-
licensed:

license_blacklist:
- GPL2
- GPL3
- BSD

NOTE: Older versions of Anaconda mirror support only license blacklisting for GPL. If you are using an older version
of Repository, see the documentation for customizing your PyPI or Anaconda Repository mirror.

3.1. Anaconda Enterprise 4 91

Anaconda Documentation, Release 2.0

Mirroring with a blacklist

The blacklist allows access to all packages except those explicitly listed.
EXAMPLE: This example mirrors the entire Repository except the bzip2, tk and openssl packages:

blacklist:
- bzip2
- tk
- openssl

Mirroring with a whitelist

The whitelist functions in combination with either the license_blacklist or blacklist arguments, and re-adds packages
that were excluded by a previous argument.
EXAMPLE: This example mirrors the entire Repository except any GPL2- or GPL3-licensed packages, but including
readline, despite the fact that it is GPL3-licensed:

license_blacklist:
- GPL2
- GPL3
whitelist:
- readline

Combining multiple mirror configurations

You may find that combining two or more of the arguments above is the simplest way to get the exact combination of
packages that you want.
The platforms argument is evaluated before any other argument.
EXAMPLE: This example mirrors only linux-64 distributions of the dnspython, shapely and gdal packages:

platforms:
- linux-64
package_list:
- dnspython
- shapely
- gdal

If the license_blacklist and blacklist arguments are combined, the license_blacklist is evaluated first, and the blacklist
is a supplemental modifier.
EXAMPLE: In this example, the mirror configuration does not mirror GPL2-licensed packages. It does not mirror the
GPL3-licensed package PyQt because it has been blacklisted. It does mirror all other packages in Repository:

license_blacklist:
- GPL2
blacklist:
- pyqt

If the blacklist and whitelist arguments are both employed, the blacklist is evaluated first, with the whitelist functioning
as a modifier.

92 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

EXAMPLE: This example mirrors all packages in the repository except astropy and pygments. Despite being listed
on the blacklist, Accelerate is mirrored because it is listed on the whitelist:

blacklist:
- accelerate
- astropy
- pygments
whitelist:
- accelerate

Verifying the checksum of a file

To help ensure that a file was correctly uploaded or synced you can use the checksum tool. This routine fetches a file
from a database and verifies that the stored hash checksum and the calculated hash checksum of the file on disk are
the same.
On a package’s page, view the file list and click the Info button next to a file to see the file’s keyname.
To check the file’s hash checksum run:

anaconda-server-checksum keyname

NOTE: Replace “keyname” with the file’s keyname.

The output will be either Hashes are the same or Hashes differ.
To overwrite the old hash checksum in the database with the new hash checksum you calculated, use the option --fix.

Customizing installers

Anaconda Repository can distribute copies of the Anaconda distribution and the Miniconda installer that are pre-
configured to use your installation of Repository.
This applies to Anaconda Distribution version 4.1 and higher, and Miniconda version 4.1.11 and higher.
By default the installers will be stored in $PREFIX/opt/anaconda-server/installers. If you prefer to
store the installers in a different location, configure a new path:

anaconda-server-config --set INSTALLER_DIR /preferred/directory

NOTE: Replace “/preferred/directory” with the path to the directory where you prefer to store the installers.
If necessary, edit the script below and replace “5.2.0” with the current version number.
To download the installers:

mkdir -p /tmp/extras
pushd /tmp/extras

URL="https://repo.anaconda.com"

version="5.2.0"
miniconda="Miniconda3-latest-Linux-x86_64.sh \
Miniconda3-latest-MacOSX-x86_64.sh \
Miniconda3-latest-Windows-x86.exe \
Miniconda3-latest-Windows-x86_64.exe \
Miniconda-latest-Linux-x86_64.sh \
(continues on next page)

3.1. Anaconda Enterprise 4 93

Anaconda Documentation, Release 2.0

(continued from previous page)

Miniconda-latest-MacOSX-x86_64.sh \
Miniconda-latest-Windows-x86.exe \
Miniconda-latest-Windows-x86_64.exe"
anaconda="Anaconda2-$version-Linux-x86_64.sh \
Anaconda3-$version-Linux-x86_64.sh \
Anaconda2-$version-MacOSX-x86_64.sh \
Anaconda3-$version-MacOSX-x86_64.sh \
Anaconda2-$version-MacOSX-x86_64.pkg \
Anaconda3-$version-MacOSX-x86_64.pkg \
Anaconda2-$version-Windows-x86_64.exe \
Anaconda3-$version-Windows-x86_64.exe"

for installer in $miniconda; do

curl -O $URL/miniconda/$installer
done
for installer in $anaconda; do
curl -O $URL/archive/$installer
done

# Move the files into the installers directory

popd
cp -a /tmp/extras $PREFIX/opt/anaconda-server/installers

The installers will be available for download from http://your.anaconda.server:port/downloads.

NOTE: Replace “your.anaconda.server:port” with the name or IP address and port of your Anaconda server.
The downloadable file will be a zip file containing the Anaconda distribution and the configuration files specific to
your Repository. These zip files are cached in the server’s configured storage for quick retrieval.
Check that the SERVER_NAME setting has been set so you generate the correct URLs in the next step.
To pre-generate these installer bundles based on the downloaded installers, or to re-generate after downloading new
installers, execute the command:

anaconda-server-admin update-installers

This command requires that the SERVER_NAME setting be set in order to generate the correct URLs.
By default, the included conda installation will point to the default anaconda and r-channel accounts on your
Anaconda Repository server, if those accounts exist.
You can change these default channels by setting the DEFAULT_CHANNELS setting, and then running the
anaconda-server-admin update-installers command.

Configuration reference

• Files
• Logging
• Usernames
– USER_REGEX
• Database

94 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

– MONGO_URL
– MONGO_DBNAME
– MQ_DBNAME
– MONGO_REPLICA_SET
• File storage
– Storage_type
– keyname_full_path
– Fs_storage_root
– PACKAGE_BUCKET_ID
– S3_REGION_NAME
– S3_SERVER_SIDE_ENCRYPTION
• Notebooks
– MAX_IPYNB_SIZE
• Web server
– SERVER_NAME
– port
– subdomains
– SESSION_COOKIE_DOMAIN
– USER_CONTENT_DOMAIN
– ssl_options

* certfile
* keyfile
* ssl_version
– PREFERRED_URL_SCHEME
– gunicorn

* timeout
* workers
• Authentication
– AUTH_TYPE
– KRB5_HOSTNAME
– KRB5_SERVICE_NAME
– KRB5_KTNAME
– LDAP
– LOCK_DOWN
• Email

3.1. Anaconda Enterprise 4 95

Anaconda Documentation, Release 2.0

– SMTP_HOST
– SMTP_PORT
– SMTP_TLS
– SMTP_USERNAME
– SMTP_PASSWORD
– USE_SES
– RETURN_ADDRESS
– ALLOW_DUPLICATED_EMAILS
– require_email_validation
• Advanced
– AVATAR_METHOD
– AVATAR_GRAVATAR_URL
– AVATAR_STATIC_URL
– CONSTRUCTOR_TIMEOUT
– CONSTRUCTOR_TOKEN_TIMEOUT
– CONSTRUCTOR_ALLOWED_OPTIONS
– PARCELS_ROOT
– PARCEL_DISTRO_SUFFIXES
– DEFAULT_CHANNELS
– CONSTRUCTOR_TMPDIR
– STANDARD_LABELS
– CONDA_CACHE_SIZE
– CACHE_METHOD
• REMEMBER_COOKIE_ENABLED
• PERMANENT_SESSION_LIFETIME
• REMEMBER_COOKIE_DURATION
• SUPERUSER_ORG_ADMIN
• NEXT_URL_WHITELIST
• NEXT_URL_WHITELIST_REGEXP

Files

Anaconda Repository loads configuration files with the extension .yaml from the following locations:
• /etc/binstar/
• /etc/anaconda-server/
• $PREFIX/etc/anaconda-server

96 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

NOTE: $PREFIX is the location where repository is installed.

Files are loaded from these directories in order, with later files overriding earlier files. Files are loaded from each
directory in alphabetical order.
If an environment variable ANACONDA_SERVER_CONFIG is set with the path of a configuration file, this file is
loaded after the three already listed. Its settings override any conflicting settings in the earlier files.
Each configuration setting variable can have its value set with the anaconda-server-config --set command,
or by editing a configuration file.
EXAMPLE: To set a value named VALUE_ONE to 50, add this to a configuration file:

VALUE_ONE: 50

Or, you can set a value named VALUE_ONE to 50 with this command:

anaconda-server-config --set VALUE_ONE 50

Logging

The location of the server’s log file is defined in the supervisord configuration file $PREFIX/etc/supervisord.
conf by the stdout_logfile config entry located in the [program:anaconda-server] section.
Advanced configuration of logging requires setting a LOGGING key on the server’s config.yaml. It uses Python’s
logging module config structure.

Usernames

USER_REGEX

A regular expression that defines the allowable user names.

For example, this setting specifies that user names contain only lowercase letters, periods, plus and minus characters
(., + and -):

USER_REGEX: '^[a-z.+-]+$'

NOTE: The default value for USER_REGEX is ^[a-z0-9_][a-z0-9_-]+$ which translates to: at least one
alphanumeric character or underscore, followed by zero or more alphanumeric, dash or underscore characters.
NOTE: Escape any extra instances of the single quote character ' as \'. Do not use the slash and ampersand characters
/ and &, which have special meanings in URLs.
NOTE: If USER_REGEX is changed and the server is restarted, existing usernames that do not match the new
USER_REGEX do not cause errors.

Database

Repository uses MongoDB as the database back end.

3.1. Anaconda Enterprise 4 97

Anaconda Documentation, Release 2.0

MONGO_URL

A MongoDB connection URI is used to connect to the MongoDB database server. It can be used to configure the
hostname and port, as well as database authentication.
For example:

MONGO_URL: mongodb://anaconda-server:[email protected]/

MONGO_DBNAME

The MongoDB database where Repository stores its data.

MQ_DBNAME

The MongoDB database where Repository stores data used for asynchronous processing.

MONGO_REPLICA_SET

The name of a MongoDB replica set Repository connects to after establishing a connection to the database server.

File storage

Repository can serve package contents from a local file-system, or from Amazon Web Services Simple Storage Ser-
vice: AWS S3.

Storage_type

The storage mechanism to use. Valid choices are fs, for file-system storage, or s3, for AWS S3 storage.

keyname_full_path

When this option is set, Repository stores the files by full paths and not just by hashes. This way a tensor-
flow file uploaded by the user Bob will be stored on <fs_storage_root>/Bob/tensorflow/osx-64/
tensorflow-1.1.0-np112py36_0.tar.bz2-594ac56e7e042600648defdb.
NOTE: The storage path does not always contain the current file owner and their user name. This is because the file
location on the storage does not change when you rename a user or transfer a file to a different user.

Fs_storage_root

If configured to use file-system storage, the absolute path to a directory where Repository stores all uploaded packages.

98 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

PACKAGE_BUCKET_ID

If configured to use AWS S3 storage, the name of an AWS S3 bucket where Repository stores uploaded packages.
You can identify the name of your bucket by using <bucket> in your http://<bucket>.s3.amazonaws.
com URL.

S3_REGION_NAME

The S3 region that the bucket is located in. The available regions can be found in the Amazon AWS documentation.

S3_SERVER_SIDE_ENCRYPTION

This variable can be set to AES256 to enable server-side encryption for packages stored in the S3 bucket.

Notebooks

MAX_IPYNB_SIZE

Specifies the maximum allowed size when uploading notebooks to the server. The default is 25 MB. This variable can
be set in config.yaml.

Web server

SERVER_NAME

The name and port number of the server. This option is required for subdomain support.
For example:

SERVER_NAME: anaconda.srv:8080

port

The port number of the server. Defaults to 8080.

subdomains

If set to true, Repository serves conda package from a separate subdomain. Defaults to false.
For example:

SERVER_NAME: anaconda.srv:8080
subdomains: true

Allows access to conda packages at http://conda.anaconda.srv:8080/.

3.1. Anaconda Enterprise 4 99

Anaconda Documentation, Release 2.0

SESSION_COOKIE_DOMAIN

The domain that Repository sets on the session cookie. If this is not set, the cookie is valid for all subdomains of
SERVER_NAME.
See Securing user-created content.

USER_CONTENT_DOMAIN

As a cross-site scripting (XSS) protection, notebook content can be served from a separate domain name. If this option
is configured, Repository only serves rendered notebooks from this domain.
See Securing user-created content.

ssl_options

Repository can serve content over HTTPS, using user-provided SSL certificates.
For example:
ssl_options:
certfile: /etc/anaconda-server/server.crt
keyfile: /etc/anaconda-server/server.key
PREFERRED_URL_SCHEME: https

certfile

The absolute path to a PEM-formatted X.509 certificate file.

keyfile

The absolute path to a PEM-formatted private key for the associated certificate.

ssl_version

An integer that specifies the SSL protocol version as defined by Python’s ssl module:
PROTOCOL_SSLv2 = 0
PROTOCOL_SSLv23 = 2
PROTOCOL_SSLv3 = 1
PROTOCOL_TLS = 2
PROTOCOL_TLSv1 = 3

PROTOCOL_TLSv1_1 = 4
PROTOCOL_TLSv1_2 = 5

The default is 5 (TLS v1.2).

PREFERRED_URL_SCHEME

The preferred scheme that is used to generate URLs. Set this to https if HTTPS is configured.

100 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

gunicorn

Repository uses Gunicorn. The most commonly used options are timeout and workers. A complete list of settings
can be found in Gunicorn’s documentation.
For example:

gunicorn:
timeout: 60
workers: 5

timeout

The number of seconds for which a worker is allowed to process a request, before being forcefully terminated.
Default: 120

workers

The number of workers that Gunicorn spawns to serve Repository. Defaults to 2 × the number of CPUs + 1.

Authentication

AUTH_TYPE

The method Repository uses to authenticate users. Valid choices are NATIVE, for built-in authentication, KERBEROS,
for Kerberos, and LDAP.

KRB5_HOSTNAME

See Kerberos configuration options.

KRB5_SERVICE_NAME

See Kerberos configuration options.

KRB5_KTNAME

See Kerberos configuration options.

LDAP

Options for configuring LDAP authentication and group synchronization.

For example:

3.1. Anaconda Enterprise 4 101

Anaconda Documentation, Release 2.0

LDAP:
# Replace with company LDAP server
URI: 'ldap://<ldap.company.com>'
# Replace <uid=%(username)s,ou=People,dc=company,dc=com> with your company specific
˓→LDAP Bind/Base DN

# Bind directly to this Base DN.

BIND_DN: '<uid=%(username)s,ou=People,dc=company,dc=com>'
# password of the user specified in the BIND_DN
BIND_AUTH: abc123456

USER_SEARCH:
base: cn=Users,dc=example,dc=com
filter: sAMAccountName=%(username)s

# Map LDAP keys into application specific keys

KEY_MAP:
name: 'cn'
company: 'o'
location: 'l'
email: 'mail'

OPTIONS:
OPT_NETWORK_TIMEOUT: 60
OPT_TIMEOUT: 60

NOTE: To use LDAP with SSL, set the USER_REGEX and account_names_filter options:

account_names_filter: false
USER_REGEX: ^[a-z0-9_][a-z0-9_-.]+$
LDAP:
[configuration continues as above with URI, BIND_DN, and so on]

See Using LDAP and TLS configuration options.

LOCK_DOWN

Makes all views with the exception of the login form and welcome page, unaccessible to anonymous users.

Email

Repository can be configured to send email for various reasons, including to reset forgotten usernames and passwords.
Email can be sent using SMTP protocol, or through Amazon Web Services Simple Email Service (AWS SES).

SMTP_HOST

The hostname of the SMTP server.

SMTP_PORT

The port of the SMTP server.

102 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

SMTP_TLS

If set to true, Repository attempts an SSL connection to the SMTP server.

SMTP_USERNAME

The username to authenticate against the SMTP server before attempting to send email.

SMTP_PASSWORD

The password to authenticate against the SMTP server before attempting to send email.

USE_SES

If set to true, Repository sends email with AWS SES. To authenticate to AWS, the server should be configured with
an appropriate IAM role, or have credentials specified in a Boto configuration file.

RETURN_ADDRESS

The From: email address that Repository uses as sender.

ALLOW_DUPLICATED_EMAILS

If set to true, Repository allows different users to share the same email or secondary email. Defaults to false.

require_email_validation

If set to true, Repository emails new users a unique token to validate their email address before permitting them to
log in.

Advanced

AVATAR_METHOD

The method to use to generate the user avatar URL. Valid choices are:
• ‘gravatar’ to use the gravatar.com service
• ‘default’ to show a predefined static icon
• ‘static’ to use a custom static URL

AVATAR_GRAVATAR_URL

A URL for a Gravatar compatible service. Default: https://www.gravatar.com/. This URL is used as the
prefix to build a valid gravatar URL.

3.1. Anaconda Enterprise 4 103

Anaconda Documentation, Release 2.0

AVATAR_STATIC_URL

A static URL to use when AVATAR_METHOD is set to static. Defaults to an empty string.

CONSTRUCTOR_TIMEOUT

The timeout in seconds for the call to constructor while building installers, parcels and management packs.
Defaults to 60 seconds.

CONSTRUCTOR_TOKEN_TIMEOUT

To provide access to private packages while building an installer, a temporary token is created. It must be valid during
the call to constructor and it should expire soon after the call completes. CONSTRUCTOR_TOKEN_TIMEOUT
sets the token’s valid lifetime in seconds. Defaults to 60 seconds. This value should be greater than or equal to
CONSTRUCTOR_TIMEOUT.

CONSTRUCTOR_ALLOWED_OPTIONS

A list of constructor option names that are allowed to be included in the installer construction form. The default
is [] (no options are allowed).

PARCELS_ROOT

The prefix with which Cloudera parcels are generated. Defaults to /opt/cloudera/parcels.

PARCEL_DISTRO_SUFFIXES

The distributions for which Cloudera parcels are generated. Defaults to ['el5', 'el6', 'el7', 'lucid',
'precise', 'trusty', 'wheezy', 'jessie', 'squeeze', 'sles11', 'sles12'].
For example, if you want to support only Ubuntu:

PARCEL_DISTRO_SUFFIXES:
- lucid
- precise
- trusty

DEFAULT_CHANNELS

The Repository accounts that environments installed with the bundled Anaconda distributions pull packages from.
Defaults to ['anaconda', 'r-channel'].
For example, to add an additional custom account:

DEFAULT_CHANNELS:
- anaconda
- r-channel
- custom

104 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

CONSTRUCTOR_TMPDIR

When constructor builds an installer it stores the configuration in this temporary directory. The default is None,
which tells constructor to create a temporary directory using Python’s tempfile.mkdtemp.

STANDARD_LABELS

A list of standarized labels. If a user defines a label that is not listed as standard, a warning notice will be shown in the
package’s page. Defaults to ['main', 'dev', 'alpha', 'beta', 'broken'].

CONDA_CACHE_SIZE

The maximum size (in bytes) of the repodata.json requests cache. Set to 0 to disable repodata.json caching.
Default: 1 Gb. When the maximum size is reached, the 10 least recently used entries of the cache are evicted.

CACHE_METHOD

The method used for caching repodata info. It can either be tempfile (the prior method of caching) or diskcache,
which uses SQLite as a back-end. Default: diskcache.

REMEMBER_COOKIE_ENABLED

Sets whether to use the remember me cookie to keep the session alive. If it’s set to
true the REMEMBER_COOKIE_DURATION setting is relevant, and if it’s set to false, the
PERMANENT_SESSION_LIFETIME is relevant. Defaults to true.

PERMANENT_SESSION_LIFETIME

An integer that sets how many minutes the session will live. Only used when REMEMBER_COOKIE_ENABLED is
false. Default is 44640 (31 days).

REMEMBER_COOKIE_DURATION

An integer that sets how many minutes the session will live when using the remember me cookie. Only used when
REMEMBER_COOKIE_ENABLED is true. Default is 525600 (365 days).

SUPERUSER_ORG_ADMIN

Whether superusers should automatically be granted admin rights on organizations. Default is false.

NEXT_URL_WHITELIST

List of hostnames that are marked as safe when redirecting requests due to the presence of a “next” request parameter.
It is mainly used under an Anaconda Enterprise Notebooks Single Sign-on Set-up. The default is [] (no external
redirects are safe).

3.1. Anaconda Enterprise 4 105

Anaconda Documentation, Release 2.0

NEXT_URL_WHITELIST_REGEXP

A regular expression to match hostnames that are marked as safe when redirecting requests due to the presence of
a “next” request parameter. It is mainly used under an Anaconda Enterprise Notebooks Single Sign-on Set-up. The
default is ‘(?!)’ which matches nothing, so only local redirects are allowed.
Repository has two installation options:
• Online: If you have internet access on the destination server, follow the online instructions.
• Air gap: If you have an air gapped system or the destination server does not have internet access, follow the air
gap instructions.
Repository provides advanced configuration options that can be used to meet site-specific needs.
Repository includes a number of optional components that can be installed and used individually.
You may also want to see Updating Repository and Uninstalling Repository.

User management

• Adding a user
• Searching for users
• Promoting an existing user
• Resetting user passwords
• Resending welcome emails to new users
• Changing a user’s storage size or changing their plan to free unlimited
• Removing a user

Adding a user

New users can navigate in a browser to your local Repository web page and sign themselves up for an account, or you
can add them using the command line:
1. Set the USER_PASSWORD environment variable (e.g., export USER_PASSWORD=abc123DEF).
2. Run the anaconda-server-create-user command, with the following syntax:

anaconda-server-create-user [-h] -u USERNAME [-e EMAIL] [--superuser]

EXAMPLE:
anaconda-server-create-user --username jsmith --email [email protected]
--superuser

Searching for users

As of Anaconda Repository version 2.33.5, you can search for users by username or email address. Open this URL in
a browser:

106 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

http://your.anaconda.server:port/admin/users

NOTE: Replace “your.anaconda.server:port” with the name or IP address and port of your Anaconda server.

Promoting an existing user

As of Anaconda Repository version 2.28, administrators can use the Administration Accounts page to promote users
to staff or superuser status.

Viewing rights of staff and superuser

The staff user and superuser can view the following sections of the Administration page:
• Reports.
• User administration.
• License downloads.
• Trial licenses.
• Current LDAP configuration.
• Current server configuration.
• Downloads summary.
• Downloads from a specific address.
• Security feed and security feed details.
• Storage administration.

Privileges of staff and superuser

The staff user and superuser have the following privileges:

• Create licenses.
• Download a CSV of the user database.
• Search for a package in the Administration panel.
• Resend confirmation emails to users.
• Resend password reset emails to users.
• Download a CSV with the users emails.

Additional rights of superuser

In addition to all of the above, a superuser can also view the following on the Administration page:
• Plans.
• User details.
To promote an existing user to a staff user or superuser:

3.1. Anaconda Enterprise 4 107

Anaconda Documentation, Release 2.0

1. On the Administration page, in the left navigation pane, select Accounts.

2. Select the username you want to promote.
Repository displays the user information page:

3. Click the Set Staff button to give the user staff privileges or click the Set Superuser button to give the user
superuser privileges.
4. In the dialog box that appears, retype the user’s name.
5. Click the Set button.

Resetting user passwords

If a user forgets their password, you can request a reset link to provide to the user.
To send emails, Repository must have the email settings configured.
1. Log into your Repository administrative account.
2. From the top Tools menu, select Admin.
3. From the left navigation pane, select Password Reset.
4. Enter the user’s email address.
The Web UI generates a password reset link.
5. Email the link to the user.
You can also reset passwords without sending emails:

108 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

anaconda-server-admin reset-password jsmith

NOTE: Replace jsmith with the username whose password you want to reset.

Resending welcome emails to new users

To send emails, Repository must have the email settings configured.

If a user reports that they did not receive their welcome email after registering on your local Repository web page, it
may have been caught in a spam filter.
Follow the above instructions for resetting user passwords.

Changing a user’s storage size or changing their plan to free unlimited

To change a user’s storage size or plan:

1. Log into your Repository administrative account.
2. From the top Tools menu, select Admin.
3. From the left navigation pane, select Accounts.
4. Select the username of the user whose account you want to change.
5. To update the storage limits click Update Storage.
6. To set the user’s plan to free and unlimited, click Set free unlimited plan.

Removing a user

1. Log into your Repository administrative account.

2. From the top Tools menu, select Admin.
3. From the left navigation pane, select Accounts.
4. Select the username of the user you want to remove.
5. Click the Delete user button.
6. Optional: Use anaconda-server-admin clean-storage to remove files from that user’s account.

System management

Recommended workflow

One of the most useful features of Anaconda Repository is its ability to help manage package development and
deployment in a seamless fashion. This page describes the development process and channel usage employed by
one of our internal teams, to serve as an example of how you can leverage channels for workflow separation.
Multiple channels allow our team to maintain separate package states and easily earmark and control the versions and
states of packages that users can install.
Our team created the following channels:
• Master.

3.1. Anaconda Enterprise 4 109

Anaconda Documentation, Release 2.0

• Staging.
• Release.
We have used this workflow through 4 release cycles and it has worked out well for us.

Master

A master is created any time something is merged into our master branch. It is considered the development build of
all of the components that make up the software. Code that makes it to this channel should be stable and should have
been confirmed independently, but a full QA test has not been run on it yet.

Staging

Once we are ready to start working on a release, we create a staging:X.Y.Z branch. This contains all code that is going
to go into a release. No new features should be introduced at this point, just any last minute bug fixes to existing code.

Release

The staging channel gets culled so that only the latest package is maintained in it. Any alpha, beta, or dev packages
are removed. After all testing is complete, all issues are resolved, and the channel contains only one version of each
package, we copy that package into a release:X.Y.Z channel, then lock that channel.

Performing general maintenance

To maintain a Repository installation, perform all of these tasks regularly:

• Review the error logs at /var/log/anaconda-server
• Back up the file system and database.
• Update the anaconda-server package with the command:

conda update anaconda-server

Anaconda repository backup and restore procedure

This guide is for backing up and restoring an Anaconda Repository instance that uses local file system storage. If your
instance uses Amazon S3 or any other storage provider, please consult their specific documentation on backup and
restore procedures.

Before you start

These instructions are for a Repository that is:

• Installed in the directory /home/anaconda-server/repo as suggested by the installation guide.
• Owned by the anaconda-server user.
• Using the storage directory /opt/anaconda-server/package-storage.
• Storing the configuration file in /etc/anaconda-server.

110 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

If any of these items are different for your instance, modify these instructions accordingly.
• Unless noted, run all shell commands while logged in as the anaconda-server user. Using sudo privileges,
log in as the anaconda-server user with this command:

sudo su - anaconda-server

• Execute all commands in the working directory /home/anaconda-server:

$ pwd
/home/anaconda-server

Backup

Before starting the backup process, shut the service down using supervisorctl:

$ supervisorctl stop all

anaconda-server: stopped
$ supervisorctl status
anaconda-server STOPPED Jul 6 05:05 PM

Make a $VERSION environment variable and set it to the version of the currently installed Anaconda Repository:

$ VERSION=`conda list anaconda-server --json | python -c 'import sys, json; print

˓→json.load(sys.stdin)[0]["version"]'`

$ echo $VERSION
2.33.27

This version string will be used in all backup file names.

It’s also useful to add a timestamp to the files, so generate one now:

$ TIMESTAMP=`date +%Y-%m-%d`
$ echo $TIMESTAMP
2018-07-30

Code/Binaries

Generate a tarfile archive with the installed code, binaries and any dependencies:

$ tar -cpsf anaconda-server-repo-$VERSION-$TIMESTAMP.tar --exclude var/run -C /home/

˓→anaconda-server repo/

$ sha1sum anaconda-server-repo-$VERSION-$TIMESTAMP.tar > anaconda-server-repo-

˓→$VERSION-$TIMESTAMP.tar.sha1

Notice that this also generated a SHA1 checksum. This checksum will be used to verify when you restore the archive.

Configuration

This step is necessary only if you stored Anaconda Repository’s configuration in a custom location outside of the
instance installation folder (usually /home/anaconda-server/etc/).
These commands show how to generate the tarfile if the configuration is stored in /etc/anaconda-server.
Generate the tarfile with its SHA1 checksum:

3.1. Anaconda Enterprise 4 111

Anaconda Documentation, Release 2.0

$ tar -cpsf anaconda-server-etc-$VERSION-$TIMESTAMP.tar /etc/anaconda-server

$ sha1sum anaconda-server-etc-$VERSION-$TIMESTAMP.tar > anaconda-server-etc-$VERSION-
˓→$TIMESTAMP.tar.sha1

Storage

As before, create a tarfile archive and its checksum with the contents of the package storage location:

$ tar -cpsf anaconda-server-package-storage-$VERSION-$TIMESTAMP.tar -C /opt/anaconda-

˓→server/ package-storage

$ sha1sum anaconda-server-package-storage-$VERSION-$TIMESTAMP.tar > anaconda-server-

˓→package-storage-$VERSION-$TIMESTAMP.tar.sha1

Database

Generate a dump of Anaconda Repository’s MongoDB database. We recommend you follow MongoDB’s guidelines
for backup and restore. This guide uses MongoDB tools:

$ mongodump --host=127.0.0.1 --port=27017 --archive=anaconda-server-mongodb-$VERSION-

˓→$TIMESTAMP.archive

$ sha1sum anaconda-server-mongodb-$VERSION-$TIMESTAMP.archive > anaconda-server-

˓→mongodb-$VERSION-$TIMESTAMP.archive.sha1

.bashrc

If you chose to let the Anaconda Repository installer update the .bashrc file of the user anaconda-server, back
it up:

$ cp /home/anaconda-server/.bashrc anaconda-server-bashrc-$VERSION-$TIMESTAMP.sh
$ sha1sum anaconda-server-bashrc-$VERSION-$TIMESTAMP.sh > anaconda-server-bashrc-
˓→$VERSION-$TIMESTAMP.sh.sha1

Restore

Before you start

• Verify that the restore environment meets the requirements listed in the Installation Guide for Anaconda Repos-
itory. You will need:
– MongoDB (any supported version) installed
– A user account (usually anaconda-server)
– A storage directory (usually /opt/anaconda-server/package-storage) owned by the Ana-
conda Repository user account. This is only needed if you’re using a local filesystem as a storage backend.
• Run all shell commands while logged in as the anaconda-server user, as you did when backing up Ana-
conda Repository. Using sudo privileges, log in as the anaconda-server user with this command:

sudo su - anaconda-server

112 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

• Execute all commands in the working directory /home/anaconda-server.

Verify checksums

Verify the integrity of the backup files:

$ sha1sum --check *.sha1

anaconda-server-bashrc-2.33.27-2018-07-30.sh: OK
anaconda-server-mongodb-2.33.27-2018-07-30.archive: OK
anaconda-server-package-storage-2.33.27-2018-07-30.tar: OK
anaconda-server-repo-2.33.27-2018-07-30.tar: OK

.bashrc

If you backed up the .bashrc file of the user anaconda-server, restore it:

cp anaconda-server-bashrc-$VERSION-$TIMESTAMP.sh /home/anaconda-server/.bashrc

After restoring this file, log out and log in as anaconda-server again for the changes to take effect.

Database

If you followed the Anaconda Repository Installation Guide, MongoDB is up and running and you can use
mongorestore to restore the database archive:

mongorestore --host=127.0.0.1 --port=27017 --db=binstar --archive=anaconda-server-

˓→mongodb-$VERSION-$TIMESTAMP.archive

Storage

Assuming that the storage directory is /opt/anaconda-server/package-storage, restore it with:

tar -xpsf anaconda-server-package-storage-$VERSION-$TIMESTAMP.tar -C /opt/anaconda-

˓→server/

Code/Binaries

Restore the code and binaries:

tar -xpsf anaconda-server-repo-$VERSION-$TIMESTAMP.tar -C /home/anaconda-server

Restore the supervisord configuration:

repo/bin/anaconda-server-install-supervisord-config.sh

The server should now be up and running. Check the status with supervisorctl:

$ repo/bin/supervisorctl status
anaconda-server RUNNING pid 8446, uptime 0:03:18

3.1. Anaconda Enterprise 4 113

Anaconda Documentation, Release 2.0

Checking for Orphan Files or Packages

You can use the “orphan-check” tool to resynchronize the filesystem and the database if the filesystem and the database
get out of sync.
The system can get out of sync when files in the filesystem are not referenced from the database, or when packages in
the database do not have a corresponding file in the filesystem.
The orphan-check tool prints on stdout a list of files on the filesystem that are not referenced from the database:

anaconda-server-orphan-check --dryrun

You can use the –json option if you want a JSON representation of the output:

anaconda-server-orphan-check --json

NOTE: Running anaconda-server-orphan-check without arguments is the same as running

anaconda-server-orphan-check --dryrun.
After you’ve viewed the list of files without references, “orphan-check –clean” can delete them:

anaconda-server-orphan-check --clean

You can also check for packages that have missing files:

anaconda-server-orphan-check --reverse

Then you can delete those file objects from the database:

anaconda-server-orphan-check --reverse --clean

Using optional components

Anaconda Repository includes a number of components that can be installed and used individually.
This section describes how to install and use two such tools:
• cas-mirror.
• cas-installer.
As a convention, all packages and commands that are part of the Repository product share the common cas prefix,
which is short for Continuum Anaconda Server. (Anaconda, Inc. was formerly known as Continuum Analytics, Inc.)
All packages are installed using the conda command, which is part of the Miniconda installer. For Repository
installation and configuration instructions, see Installation.

Using cas-mirror

The cas-mirror tool is a component of the Anaconda Repository Enterprise product.

The cas-mirror tool makes an exact copy of Anaconda’s package Repository, or part of it, on a your local Repository
server.
For more information about the cas-mirror tool’s functionality and configurable options, see Configuring local mirrors.

114 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Installing cas-mirror

To install the mirror tool, run:

conda install cas-mirror

After cas-mirror has been installed, the following commands are available:

cas-sync --help
cas-merge --help
cas-sync-api-v4 --help
cas-server --help

Using the cas-sync command

The cas-sync command brings the local mirror of Repository up-to-date with our remote servers.
To configure the location of the mirror on your file system, check the output of:

cas-sync --config

If necessary, create a configuration file, either ~/.cas-mirror or system-wise /etc/cas-mirror, which con-
tains the desired location of the local mirror on the file system, the platforms that should be mirrored and an optional
blacklist of packages that which should not be mirrored.
EXAMPLE:

mirror_dir: /home/data/mirror
remote_url: "" # where to get miniconda and anaconda installers -- blank to skip
# possible platforms are: linux-64, linux-32, osx-64, win-32, win-64 platforms:
- linux-64
- win-32
blacklist:
- dnspython
- shapely
- gdal

Once you are satisfied with the mirror directory—which may be the default—run:

cas-sync

Running this command for the first time takes many hours, because the entire Repository is being downloaded. Sub-
sequent runs take significantly less time.

Using the cas-server command

You need to run cas-server as root when you intend to serve on port 80.
To serve repository over HTTP, run:

cas-server

If needed, use the --port option to change the port on which the repository is being served.

3.1. Anaconda Enterprise 4 115

Anaconda Documentation, Release 2.0

Using the “delta” option

If you’ve already downloaded most of the anaconda repository, and you’re only interested in the changes since
cas-sync was last run, you can use the delta configuration option:

mirror_dir: /home/data/mirror
remote_url: "" # where to get miniconda and anaconda installers -- blank to skip
# possible platforms are: linux-64, linux-32, osx-64, win-32, win-64
platforms:
- linux-64
- win-32
blacklist:
- dnspython
- shapely
- gdal
delta: true
delta_dir: delta_pkgs

Instead of mirroring to the existing local repository, it will record the necessary changes to bring the mirror up to date
in a separate directory (delta_pkgs in this case). You can then use this generated directory to update air-gapped
mirrors using the cas-merge command.
The cas-merge command takes a delta directory and combines its contents with an existing mirror directory. New
packages are added, missing packages are deleted, and the repodata is updated.
If instead of mirroring to a local directory, you want to make the changes directly into an existing Anaconda Repository
instance, the cas-sync-api-v4 can be used. You’ll need to use the dest_site config option:

mirror_dir: /home/data/mirror
remote_url: "" # where to get miniconda and anaconda installers -- blank to skip
# possible platforms are: linux-64, linux-32, osx-64, win-32, win-64
platforms:
- linux-64
- win-32
blacklist:
- dnspython
- shapely
- gdal
dest_site: some_site

Make sure that the site is defined in the anaconda config and you’re properly logged into it before invoking
cas-sync-api-v4.
More extensive information about the cas-mirror tool’s functionality and configurable options is available at Customiz-
ing mirrors.

Using cas-installer

The cas-installer tool makes an environment installer, which is a bash script or Windows executable file that can be
run on any machine to install an exact copy of a conda environment and its packages on that machine.

Installing cas-installer

A token from Anaconda is required to install cas-installer, and you should have received it when your organization
purchased Repository, Workgroup or Enterprise. If you no longer have access to your token, submit a support ticket

116 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

or contact us at Enterprise Support. You can also email support at the email address given to you by your sales
representative.
When you have the token, run:

export TOKEN=<your_anaconda_cloud-token>
conda config --add channels https://conda.anaconda.org/t/$TOKEN/anaconda-server

Because this tool allows you to create an installer for a conda environment, it is important that the cas-installer package
is installed into the root conda environment, not root user. The following command ensures that this happens:

conda install -n root cas-installer=1.3.2

Using the cas-installer command

Once installed, the cas-installer command is available:

cas-installer -h

The command takes an installer specification file as its argument, which specifies the name of the installer, the conda
channel to pull packages from, the conda packages included in the installer, and so on.
EXAMPLE:

# ----------------- required -----------------

# name
name: test

# channels to pull packages from

# The &channels creates a back reference so that it can be reused as
# *channels in the conda_default_channels section below.
channels: &channels
- https://repo.anaconda.com/pkgs/free/

# specifications
specs:
- python
- grin

# ----------------- optional -----------------

# platform e.g. linux-32, osx-64, win-32 defaults to current platform
# platform: linux-64

# The conda default channels which are used when running a conda which
# was installed be the cas-installer created: requires conda---3.6.2 or
# greater---in the specifications. The *channels is a YAML reference to
# &channels above. It inserts all the channels from the channels key, so
# that they do not have to be typed twice.

conda_default_channels: *channels

# installer filename
# installer_filename: grin.sh

# default install prefix

default_prefix: /opt/anaconda

3.1. Anaconda Enterprise 4 117

Anaconda Documentation, Release 2.0

For Windows, the tool creates nsis-based .exe installers, which can only be created on a Windows platform, although
the architecture may be different. For Unix, the tool creates bash-based .sh installer, which can only be created on
Unix—Linux or macOS—systems.

Updating Repository

CAUTION: You must have a tested backup of your installation before starting the update process. If updating more
than one version, all updates must be performed in sequential order.
Your support representative can provide you with a download URL for an updated Repository installer.
To update to the latest Repository release:

curl '$INSTALLER_URL' > anaconda_repository.sh

bash anaconda_repository.sh -u
anaconda-server-db-setup --execute
supervisorctl stop all
supervisorctl reload
supervisorctl start all

NOTE: To use a Repository version from 2.33.3 through 2.33.10 and Anaconda Enterprise Notebooks with single sign-
on (SSO), you must set USE_SERVER_BASED_SESSIONS: false in the Repository configuration. This setting
affects the network security properties of AEN and Repository. Specifically, if USE_SERVER_BASED_SESSIONS
is set to false, and if a new cross-site scripting (XSS) vulnerability is discovered, it could expose an additional server
fixation vulnerability. Please discuss this with your Anaconda representative and be sure the feature is compatible with
your network requirements before setting USE_SERVER_BASED_SESSIONS: false.
NOTE: As of Repository 2.33.8, the fs_storage_root configuration setting is mandatory for local filesystem
storage and the Repository server will not run without it. You can set it with this command:

anaconda-server-config --set fs_storage_root /opt/anaconda-server/package-storage

You may replace /opt/anaconda-server/package-storage with any location owned by the

anaconda-server user.
Please contact your Professional Support Team contact or sales person if you have any questions or problems regarding
the update.

Updating to current and previous versions

Updating to 2.33:

curl '$INSTALLER_URL' > anaconda_repository.sh

bash anaconda_repository.sh -u
anaconda-server-db-setup --execute
supervisorctl stop all
supervisorctl reload
supervisorctl start all

NOTE: To use a Repository version from 2.33.3 through 2.33.10 and Anaconda Enterprise Notebooks with single sign-
on (SSO), you must set USE_SERVER_BASED_SESSIONS: false in the Repository configuration. This setting
affects the network security properties of AEN and Repository. Specifically, if USE_SERVER_BASED_SESSIONS
is set to false, and if a new cross-site scripting (XSS) vulnerability is discovered, it could expose an additional server
fixation vulnerability. Please discuss this with your Anaconda representative and be sure the feature is compatible with
your network requirements before setting USE_SERVER_BASED_SESSIONS: false.

118 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

NOTE: As of Repository 2.33.8, the fs_storage_root configuration setting is mandatory for local filesystem
storage and the Repository server will not run without it. You can set it with this command:
anaconda-server-config --set fs_storage_root /opt/anaconda-server/package-storage

You may replace /opt/anaconda-server/package-storage with any location owned by the

anaconda-server user.
Updating to 2.32:
curl '$INSTALLER_URL' > anaconda_repository.sh
bash anaconda_repository.sh -u
anaconda-server-db-setup --execute
supervisorctl stop all
supervisorctl reload
supervisorctl start all

Updating to 2.31:
curl '$INSTALLER_URL' > anaconda_repository.sh
bash anaconda_repository.sh -u
anaconda-server-db-setup --execute
supervisorctl stop all
supervisorctl reload
supervisorctl start all

Updating to 2.30:
curl '$INSTALLER_URL' > anaconda_repository.sh
bash anaconda_repository.sh -u
anaconda-server-db-setup --execute
supervisorctl stop all
supervisorctl reload
supervisorctl start all

Updating to 2.29:
curl '$INSTALLER_URL' > anaconda_repository.sh
bash anaconda_repository.sh -u
anaconda-server-db-setup --execute
supervisorctl stop all
supervisorctl reload
supervisorctl start all

Updating to 2.28:
curl '$INSTALLER_URL' > anaconda_repository.sh
bash anaconda_repository.sh -u
anaconda-server-db-setup --execute
supervisorctl stop all
supervisorctl reload
supervisorctl start all

Updating to 2.27:
curl '$INSTALLER_URL' > anaconda_repository.sh
bash anaconda_repository.sh -u
anaconda-server-db-setup --execute
(continues on next page)

3.1. Anaconda Enterprise 4 119

Anaconda Documentation, Release 2.0

(continued from previous page)

supervisorctl stop all
supervisorctl reload
supervisorctl start all

Updating to 2.26.6:
The logging configuration can be removed. Logs have been moved to $PREFIX/var/log/anaconda-server/:

curl '$INSTALLER_URL' > anaconda_repository.sh

bash anaconda_repository.sh -u
anaconda-server-db-setup --execute
anaconda-server-config --remove LOGGING
supervisorctl stop all
supervisorctl start all

Updating to 2.26:

curl '$INSTALLER_URL' > anaconda_repository.sh

bash anaconda_repository.sh -u
anaconda-server-db-setup --execute
supervisorctl stop all
supervisorctl reload
supervisorctl start all

Updating to 2.25:

curl '$INSTALLER_URL' > anaconda_repository.sh

bash anaconda_repository.sh -u
anaconda-server-db-setup --execute
supervisorctl stop all
supervisorctl reload
supervisorctl start all

Updating to 2.24:

conda update binstar-server binstar-static anaconda-client

anaconda-server-db-setup --execute
anaconda-server-install-supervisord-config.sh
supervisorctl stop all
supervisorctl reload
supervisorctl start all

Updating to 2.23:

conda update binstar-server binstar-static anaconda-client

anaconda-server-db-setup --execute
supervisorctl stop all
supervisorctl reload
supervisorctl start all

Updating to 2.22:

conda update binstar-server binstar-static anaconda-client

anaconda-server-db-setup --execute
supervisorctl stop all
supervisorctl reload
supervisorctl start all

120 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Updating to 2.21:
conda update binstar-server binstar-static anaconda-client
anaconda-server-db-setup --execute
supervisorctl stop all
supervisorctl reload
supervisorctl start all

Updating to 2.20:
conda update binstar-server binstar-static anaconda-client
anaconda-server-db-setup --execute
supervisorctl stop all
supervisorctl reload
supervisorctl start all

Updating to 2.19:
conda update binstar-server anaconda-client anaconda-build
anaconda-server-db-setup --execute
supervisorctl stop all
supervisorctl reload
supervisorctl start all

Updating to 2.18:
conda update binstar-server anaconda-client anaconda-build
anaconda-server-db-setup --execute
supervisorctl stop
supervisorctl reload
supervisorctl start all

Updating to 2.17:
conda update binstar-server anaconda-client anaconda-build
anaconda-server-db-setup --execute
supervisorctl stop
supervisorctl reload
supervisorctl start all

Updating to 2.16:
conda update binstar-server anaconda-client anaconda-build
anaconda-server-db-setup --execute
supervisorctl restart all

Updating to 2.15:
conda update binstar-server anaconda-client anaconda-build
anaconda-server-db-setup --execute
supervisorctl restart all

Updating to 2.14:
conda update binstar-server anaconda-client anaconda-build
anaconda-server-db-setup --execute
supervisorctl restart all

Updating to 2.13:

3.1. Anaconda Enterprise 4 121

Anaconda Documentation, Release 2.0

conda update binstar-server anaconda-client anaconda-build

anaconda-server-db-setup --execute
anaconda-server-config --config-file /etc/binstar/config.yaml --set LABEL_NAME "
˓→'channel'"

supervisorctl restart all

Updating to 2.12:

conda update binstar-server anaconda-client anaconda-build

anaconda-server-db-setup --execute
supervisorctl restart all

Updating to 2.9:

conda update binstar-static binstar-server cas-mirror

anaconda-server-db-setup --execute
supervisorctl restart all

Updating to 2.8:

conda update binstar-static binstar-server cas-mirror

anaconda-server-db-setup --execute
supervisorctl restart all

Updating to 2.6.0:

conda update binstar-server

conda install cas-mirror

Updating to 2.5.1:

conda update binstar-server

Updating to 2.3:

conda update binstar-server

conda install cas-mirror

Updating to 2.2:

conda update binstar-server

Uninstalling Repository

Before deleting Repository, you may want to make a backup for security reasons. For suggestions on mongo backups,
see https://docs.mongodb.org/manual/reference/program/mongodump/ .
To delete Repository:
1. Check the file storage path:

anaconda-server-config --get fs_storage_root

2. Delete the contents of /home/anaconda-server/repo:

122 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

rm -rf /home/anaconda-server/repo

3. Delete the appropriate MongoDB database, “binstar.”

4. Delete the contents of /etc/binstar:

rm -rf /etc/binstar

5. Delete the contents of the Repository file storage path.

Troubleshooting

• Cannot connect to the server on port x

• Error: “No environment named ‘search’ exists in. . . ” on Windows
• Anaconda upload fails while behind a reverse proxy
• Start Repository application as a foreground process

This page provides instructions for troubleshooting issues that may occur with your Anaconda Repository installation.

Cannot connect to the server on port x

This could be because you are behind a firewall. Check if your IPTables rules are blocking your ports:

iptables -L -n

If a rule blocks a port you want to use, then you must allow the port:

sudo iptables -t nat -F

sudo iptables -A INPUT -p tcp -m tcp --dport <PORT> -j ACCEPT
sudo service iptables save
sudo service iptables restart

Error: “No environment named ‘search’ exists in. . . ” on Windows

If Anaconda Client is not yet installed and you try to search for a package on Anaconda.org using the anaconda
command, you may receive the following error message:

C:\Users\USERNAME>anaconda search -t conda PACKAGE

No environment named "search" exists in C:\anaconda\envs

This error occurs because the Windows version of Anaconda contains an anaconda.bat file that is used for setting
environment paths and switching environments. If Client is not installed, this batch file is called instead. Once you
install Client, the Anaconda search command will work:

conda install anaconda-client

anaconda search -t conda PACKAGE

3.1. Anaconda Enterprise 4 123

Anaconda Documentation, Release 2.0

Anaconda upload fails while behind a reverse proxy

When configuring Client to connect to a Repository behind a reverse proxy, the anaconda upload command may
appear to try connecting to the internal hostname rather than the external configured one.
This can be corrected in the settings of the reverse proxy, such as NGINX or Apache.
In NGINX, add the setting proxy_set_header Host $host; to access the internal host with the external
hostname.
In Apache, turn on the option ProxyPreserveHost.
Other reverse proxies each have their own settings to handle hostnames correctly.
EXAMPLE: Some other reverse proxies use a settings syntax such as
http_proxy=id:passwd@proxyhost:port.

Start Repository application as a foreground process

Repository should normally be started as a daemon. For troubleshooting, it can instead be started as a foreground
process on a specified port:

anaconda-server --port 8080

Stop the application with Control-C.

Administrative commands

Many of these actions can be done in the web interface. This command reference is for those administrators who
prefer to use command line shortcuts.
In all examples below, replace “jsmith” with the name of the user whose settings you wish to change.
Reset a user’s password interactively:

anaconda-server-admin reset-password jsmith

The above command will prompt you to enter the new password twice. You may also reset the password directly:

anaconda-server-admin reset-password --password abcDEF123! jsmith

NOTE: Replace “abcDEF123!” with the new password.

Set a user’s plan to a free and unlimited plan:

anaconda-server-admin free-unlimited-plan jsmith

Set all users with a given email domain to a free and unlimited plan:

anaconda-server-admin free-unlimited-plan-for-domain yourdomain.com

You can do a “dry run” of the command to display what the command will do without changing anything:

anaconda-server-admin free-unlimited-plan-for-domain --dry-run yourdomain.com

NOTE: Replace “yourdomain.com” with the domain whose users you wish to upgrade.
Give the user the privileges of a superuser or remove them:

124 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

anaconda-server-admin set-superuser jsmith

anaconda-server-admin unset-superuser jsmith

Give the user the privileges of a staff user or remove them:

anaconda-server-admin set-staff jsmith

anaconda-server-admin unset-staff jsmith

Change a user’s login name (username):

anaconda-server-admin move-user old_name new_name

NOTE: Replace “old_name” with the current username, and “new_name” with the new username.
Ensure the files recorded in the database exist.
anaconda-server-admin verify-storage
Ensure that files recorded in the database exist and have the correct checksum:

anaconda-server-admin verify-storage --md5

List the key names of files with problems:

anaconda-server-admin verify-storage --list-files

Scan the storage for unused files and delete them:

anaconda-server-admin clean-storage

Update the bundled installers:

anaconda-server-admin update-installers

Delete a user:

anaconda-server-admin delete-user jsmith

Ser or unset “read only” mode:

anaconda-server-admin read-only --enable/--disable

Convert a regular user account to an organization and add another user to the owners group:

anaconda-server-convert-account to-organization --owner some_user regular_user

Convert an organization into a regular user account:

anaconda-server-convert-account to-user some_organization

FAQs

• What is Anaconda Repository?

• What kind of packages does Repository support?

3.1. Anaconda Enterprise 4 125

Anaconda Documentation, Release 2.0

• What is Anaconda?
• How do I get started with Repository?
• What is an organization account, and how is it different from an individual account?
• Who can upload packages to an organization?

What is Anaconda Repository?

Anaconda Repository is package management server software that makes it easy to find, access, store and share public
and private notebooks, projects, installers, environments, and conda and PyPI packages. Repository also makes it easy
to stay current with updates made to the packages and environments you are using.
Many enterprises have customized local instances of Repository. Anaconda also makes an instance of Repository
available for public use at Anaconda Cloud.

What kind of packages does Repository support?

Repository supports any type of package. It is primarily used for conda, PyPI and R packages, as well as notebooks
and environments.

What is Anaconda?

Anaconda is a software development and consulting company of passionate, open source advocates based in Austin,
Texas, USA. We are committed to the open source community. We created the Anaconda Python distribution and
contribute to many other open source-based data analytics tools. You can find out more about us by reading our story.

How do I get started with Repository?

If you have access to Repository, you can search, download and install hundreds of public packages without having an
account.
If you want to upload packages to Repository, you need to sign up for a Repository account, get Anaconda and the
Anaconda Client. For more information, see Creating an account or ask your system administrator.

What is an organization account, and how is it different from an individual account?

An organization account allows multiple individual users to administer packages and have more control over package
access by other users. An individual account is for use by one person.

Who can upload packages to an organization?

Only users who are co-owners of an organization may upload packages to that organization. Administrators who are
not co-owners cannot upload packages to the organization. Users who are members of groups with read/write access
but who are not co-owners, cannot upload packages to the organization.

126 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Help and support

Your organization receives Professional Support with your purchase of Anaconda Repository. Please contact your
system administrator for help.

Joining community support

You are also welcome to join our community support mailing lists for both Anaconda and conda. On these lists you
can ask questions, answer questions and discuss ways to use Anaconda. You can also submit requests for new features
and make any other comments you may have.
Note that the community support forums cannot provide Anaconda Repository support.

Reporting a bug

Issues with Repository are tracked on GitHub. If you think you have found a bug, search to see if it has been reported,
and report it if no one else has.

Release notes

The Anaconda Repository 2.33 release is available to all Anaconda Repository customers as of September 19, 2017.
NOTE: If you have a subscription but do not have a license, contact support to receive that license. Otherwise contact
sales to acquire it.
Administrators can update to the new Anaconda Repository release as described in Updating Repository.
Please contact your enterprise support representative if you have any questions or problems regarding the release.

Changelog

SEE ALSO: update instructions for current and past versions.

2.33.27 - 2018-07-30

User facing changes

• Remove /about/pricing
• Allow the disabling of new Personal and Organization private accounts via Stripe API

2.33.26 - 2018-07-19

User facing changes

• Captcha on organization creation

3.1. Anaconda Enterprise 4 127

Anaconda Documentation, Release 2.0

2.33.25 - 2018-07-19

User facing changes

• Captcha on account creation

2.33.24 - 2018-07-03

User facing changes

• Remove ‘Pricing’ links from header and footer
• Updated compatibility docs
Non visible changes
• Cloudflare cache invalidation
• Fixed pypi simple index mirroring
• Fixed installers and environments downloads on read-only mode
• Raise exception when an invalid USER_REGEX value is used
• Fixed “All labels” file filter
• Fix broken session

2.33.23 - 2018-05-23

User facing changes

• Policy change notice

2.33.22 - 2018-05-21

User facing changes

• Support for ppc64le installers
• Constructor form advanced option validation
• Added explicit Redhat versions to requirements
• Improved API docs regarding the basename of files
• Search includes package summaries
• Bug fixes and broken link fixes
• Added note about compatibility between LDAPS and START_TLS
• Fixed pypi mirror config example

2.33.21 - 2018-05-03

User facing changes

• Added advanced options on installer creation form

128 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

• Warn about label main when manually editing labels

• Package summary shows summary of latest main release

2.33.20 - 2018-04-24

Non visible changes

• Support for serving files from the origin

2.33.19 - 2018-04-19

User facing changes

• Flash warning when label doesn’t exist
• Searching using unicode characters
• Notebooks without labels are rendered
Admin facing changes
• Added option to customize constructor temp dir
• Forbid supplying the same account as owner when converting account to org
Non visible changes
• Fix download stats link
• Avoid saving generated zip for installers
• Add quotes on paths in AIC templates
• Add support for unicode characters in version
• Removed server header from responses
• Fixed label validation

2.33.18 - 2018-04-03

User facing changes

• Added icons to the repo files page
• Changed package search placeholder
• Updated notebook upload icon
• Show warning when copying a label onto itself
• Fixed navbar spacing when logged out
• Fixed org feed links
Admin facing changes
• Re-use owners group when converting account to org
Non visible changes
• Fixed redirection after label operations

3.1. Anaconda Enterprise 4 129

Anaconda Documentation, Release 2.0

• Fixed transferring from org to superuser account

• Fixed update of installers and parcels
• Label filters are reset if the label set changes

2.33.17 - 2018-03-09

Non visible changes

• Next URL whitelist

2.33.16 - 2018-03-08

User facing changes

• Add warnings when removing main label
• Update last seen on account change
• Allow signing up with an orgs email
• Show favorites on dropdown menu for orgs
• Show settings tab for collaborators
• Fixed LDAP TLS docs
Admin facing changes
• Allow superusers to be organization admins
• Add billing history
Non visible changes
• Added validation of build number
• Add scheme to AIC templates
• Removed hotjar
• Remove marketo

2.33.15 - 2018-02-27

Non visible changes

• Standardize If-Modified-Since handling

2.33.14 - 2018-02-20

Non visible changes

• Fix HEAD support by stripping quotes from s3’s object

130 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

2.33.13 - 2018-02-19

User facing changes

• Custom ordering of notebooks and environments
• Added tooltips showing the exact upload date and time of files on the repo page
• New command to convert regular user accounts to organizations and back
• Last upload date on package and installer info pages
• Fixed error message wording when deleting packages on groups
• Fixed error message when deleting packages, environments and notebooks
• Fixed the wording on the empty dashboard cards
• Fixed navbar fonts on IE11
• Fixed file management actions for package collaborators
• Fixed transferring of packages to and from the same user
• Show file actions for collaborating organizations
• Forbid downloads on read-only mode
• Allow collaborators with admin rights to delete ownables
Admin facing changes
• Mirror tools now create organization accounts by default
Non visible changes
• Add custom X-Anaconda-Lockdown and X-Anaconda-Read-Only response headers
• Use database info to construct filenames of conda downloads
• Fixed support for HEAD method on download endpoints
• Added extra validation of the basename on conda package uploads
• Use upserts instead of inserts to stage files

2.33.12 - 2018-02-07

User facing changes

• Updated terms of service

2.33.11 - 2018-02-06

User facing changes

• Added badge for the date of the latest release
• Added badge for platform support
• Show warning if no revision is selected when working with projects
• Updated terms of service
• Favorites are now shown on org dashboards

3.1. Anaconda Enterprise 4 131

Anaconda Documentation, Release 2.0

• A warning message is now shown when all packages are added to a given group
Admin facing changes
• Disable password reset admin option while using LDAP
Non visible changes
• Added proper HEAD support on download endpoints
• Disabled USE_SERVER_BASED_SESSIONS by default
• Disabled database based settings
• Strengthened validation of labels
• Fixed popups for operations when no files or packages are selected
• Fixed deletion of files by collaborators
• Fixed access to static content while on LOCK_DOWN
• Fixed transfer of ownership of items between orgs

2.33.10 - 2018-01-19

User facing changes

• Added “noarch” to the platforms mirrored by anaconda-server-sync-conda

2.33.9 - 2018-01-16

Admin facing changes

• Made fs_storage_root setting mandatory only for local filesystem storage

2.33.8 - 2018-01-15

User facing changes

• Updated LDAP docs
• Hide actions on a user’s repo page when viewing it with an org
Admin facing changes
• Made fs_storage_root setting mandatory
• Block uploading a new license when read-only mode is enabled
Non visible changes
• Fixed exception logging on anaconda-server-sync-conda
• Remove debug code
• Better handling of next url redirect on login link
• Fixed response of repodata endpoint when an invalid If-Valid-Since header is given
• Remove install instructions from label table
• Fix orgs favorites

132 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

• Removed suggestions from confirmation dialogs

2.33.7 - 2017-12-11

User facing changes

• Updated support links
• Added activity feed item for installer upload
• Clarified pip install example command
• Added close icon for installer log popup
• Organizations are able to see their email on the profile page
Admin facing changes
• Removed READ_ONLY config option. Added admin cli tool to change read only state
Non visible changes
• Added index in database for package ‘_name’ attribute
• Several fixes on license creation page
• Added proper message to groups permission set
• Fixed actors for some feed items actions
• Validate that users exists when adding a group member
• E-mail confirmation error message for organizations
• Enable read-only option with repo page
• Fixed profile description not being wrapped

2.33.6 - 2017-11-27

Added
• Filter for authenticated packages in search/favorites view
• Updated message for input field when copying label
• Updated support links
• Added email notification when group member is added
• Installation info for R and pypi packages using labels
• Support for defining standard labels
• Added support to remove user using anaconda-server-admin
• Show licence url for packages, environments and notebooks
• Validation for empty fields in credit card info for plan upgrade
Fixed
• Updated instructions to create initial user
• Prevent organizations to have admin access for ownables of its original user

3.1. Anaconda Enterprise 4 133

Anaconda Documentation, Release 2.0

• Fixed package view when a release description is not a string

• Panels for ownables not showing in profile page if there are no packages
• Set limit to installers log height to prevent modal going below the footer
• Validation to prevent organization adding itself to one of his groups
• Set invalid license messages on mirroring script to debug instead of warning
• Generated tokens can be viewed without password prompt if kerberos authentication is used
• Fixed link on R package label page
• Remove password reset option if auth_type is not native
• Replaced urls for R packages sources
• Fixed counts in billing overview page
• Added quotes to install instructions to avoid issues with spaces
• Documentation tooltip in conda packages
• Hide transfer modal if there are no accounts to transfer to
• Use dashboard used instead of current user as actor for feed items
• Fixed feed url links
• Redirection for labels on package files list
• Removed duplicated feed item on package transfer
• Fixed installer version validation message
• Fixed query to retrieve non-private packages
• Fixed dead links to deleted projects on the feed
• Expanded LDAP groups docs
• Handling of duplicate package exceptions on API
• Remove word kapsel from email when collaborator is added

2.33.5 - 2017-11-07

Added
• Added a CLI tool to manage group membership
• Missing tooltips on header and admin section
• Added some missing feed items
• Account search now uses both names and emails
• Filter for authenticated packages
Fixed
• File info modal now works with list attributes that contain dicts
• Validate uploaded environment name
• Improved UX of installer creation form
• Updated feed icon for group collaboration removal

134 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

• Show all feed items related to a particular ownable in the History tab for that ownable
• Added main channel to default mirror config
• Generic exceptions during LDAP auth are now caught and logged
• Fixed supervisord script crontab option
• Updated read only rules on projects and installers
• Disable autocomplete suggestions for confirmation input fields
• Added authenticated packages to the billing package limit notice
• Add quotes around conda install help message if label has spaces
• Specify correct package type on tooltip text for label removal
• Updated flask-login-ldap dependency
• Validate name of copied label
• Removed validation of label name on deletion
• Removed duplicate HTTP headers on cached responses
• Do not allow pypi packages in installers
• Updated mirroring docs
• Make installers/projects summary optional
• Replaced some occurrences of word kapsel
• Align upvote icon
• Set package access from packages list
• Only owners can upload installers/environments to its own channel

2.33.4 - 2017-10-24

Added
• Use environment variable to set initial user’s password
• Usernames blacklist
• Show projects and installers summaries on header
• Added tooltips to package page buttons
• Instructions to generate tokens for organizations
• Feed items for projects and installers
• Settings for session timeout
• Supervisor script creates folder for extra config
• Updated EULA
• Set private packages and storage to unlimited individually
• Added progress indicator on installer upload
• Command to mirror only latest versions of conda packages
Fixed

3.1. Anaconda Enterprise 4 135

Anaconda Documentation, Release 2.0

• Fixed creation of private packages from the API

• Feed now uses the package database when it doesn’t know the package type
• Hidden installers empty panel on profile page
• Infer access attribute from other attributes when adding package
• Incorrect logging of user downloads
• Show ‘Set access’ options for organizations in packages list
• Flash error messages when an errors occur on LDAP admin page
• Replaced word kapsel with project on flash messages
• Changed s3 content-disposition of anaconda server installers
• Date ranges for stats in admin page
• Transfer projects with the same name as a deleted project
• Remove package groups when package is archived
• No longer is possible to upload expired licenses
• Hide brand from delete user modal if user is an organization
• Package and environment file modal style issue
• Filter public packages from package search in admin
• Allow access to ownable settings to collaborators with ‘write’ permissions
• Fixed pypi installer tooltip
• In admin user account, prevent setting lower storage than the used storage
• Delete groups when the org is removed
• Removed add-ons page
• Handling missing package after deleting files
• Do not allow to create tokens expiring today
• Fixed redirections to packages on feed items
• Show installer and project feed items in history tab
• Show all collaborators of an organization’s package
• Fix issues with package icons on dashboard
• Sorted tabs in group settings
• Always display collaborators tab as ‘Collaborators’

2.33.3 - 2017-10-20

Added
• Added support for server based sessions

136 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

2.33.2 - 2017-10-10

Fixed
• Exception in admin after updating private packages for a user

2.33.1 - 2017-10-03

Added
• New feed items for group membership and groups collaborations
• Download stats for files API endpoint
• Option to set amount of private packages for a user from admin
• Improved license creation page
• Added distribution_types to downloads feed
• Set packages access as authenticated from packages list
• Added option –authenticated to anaconda-server-sync-conda
• Added conda-build as dependency
• Relaxed expired tokens restrictions for public endpoints
• Add organizations as collaborators for packages, environments and notebooks
• Send email when adding collaborator to a project/installer
Fixed
• Link to docs in packages view
• Catch all exceptions raised when loading environment file
• Return json responses on api calls when an error is encountered
• Error message when uploading an invalid installer file
• Group permissions moved to the settings
• Fix wrong autocomplete using firefox
• Fix typeahead initial suggestions in installers form
• Updated callout in contact us form
• Hiding package access settings for collaborators
• Fixed refresh when closing user menu on the navbar
• Show info about installers downloads on admin interface
• Fixed downloads stats on admin
• Prevent adding package owner as package collaborator
• Storing package_type when API package upload
• Collaborators can now access a package’s history page
• API docs are back up again
• Refactored mirroring tools

3.1. Anaconda Enterprise 4 137

Anaconda Documentation, Release 2.0

• Fixed incorrect links from feed items

2.33.0 - 2017-09-19

Added
• SUPERUSER_SEARCH to set superuser status in LDAP
• File format validation on installer upload
• Show which users are admin in users list
• Use simillar settings for typeahead package suggestions
• Require user to be logged in to see user typeahead suggestions
• Cleaned output from test suite
• READ_ONLY mode setting and admin option
• Added tooltips to social media icons on footer
• Hide license download buttons from add ons page
• PAM authentication support
• Added reCAPTCHA to contact us form
Fixed
• Exception in group collaborations list for a package after group delete
• Maintain consistency in redirections after item deletion
• Fix group link in project collaborator view
• Flash message after issues with email validation
• Exception on admin downloads list for a user when package/file was had no owner
• Change dashboard user on item transfer
• Prevent adding current user as a collaborator
• Remove current owner from items ownership transfer options
• Fixed UI issues
• Validate name and version of installers only when full form is submitted
• Fixed some redirections to documentation in Anaconda Cloud
• Hiding delete package for collaborators
• Updated links to slideshare and youtube accounts

2.32.9 - 2017-09-15

Fixed
• Fixed forgot password link

138 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

2.32.8 - 2017-09-11

Fixed
• Temporarily disabled contact page for anaconda cloud

2.32.7 - 2017-09-07

Fixed
• Exception in token expiration warning code
• Fixed error when displaying a group that no longer exists

2.32.6 - 2017-09-06

Added
• Separated package groups collaborations in three tabs (packages, notebooks, environments)
• Added icons to all feed items
• Provided more info on feed for uploaded packages/environments/notebooks
• Unicode validation on signup form
• Package api returns builds and adds filter for search platform
• Validation for profile name
• Added option to upload all packages to a group at once
• Added page to see feed for a user
• Added some reserved names for packages
• Semantic versions validation for installers version field
• Warning header when token is about to expire
• Make favorites page public
Fixed
• Allowing anaconda login under lockdown
• Fixed potential exceptions on old cache code
• Changed typeahead environment query to use dashboard user
• Fixed issues with the upload of previously deleted installers
• Fixed Cache-Control headers on old repodata caching code
• Display all packages by default, not just only conda packages
• Show correct label for Groups & Collaborators depending on type of user
• Changed owner of uploaded installer to current dashboard user
• Remove groups permissions from all items after group delete
• Color schemes of some flashing messages
• Prevent project/installer transfer if recipient already has one with the same name

3.1. Anaconda Enterprise 4 139

Anaconda Documentation, Release 2.0

• Empty environment field from installer created from environment if the environment was deleted
• Fixed email validation when other user is logged in
• Maintain consistency on headers from dashboard
• Fixed token generalizations
• Exception on admin downloads list for a user when package/file was missing
• Fixed “View Docs” URL
• Use dashboard user in redirects after file delete

2.32.5 - 2017-08-29

Fixed
• Removed Continuum references

2.32.4 - 2017-08-28

Fixed
• Fixed old continuum links

2.32.3 - 2017-08-24

Fixed
• Navbar logo responsiveness issues

2.32.2 - 2017-08-24

Fixed
• Changed navbar buttons order to the new design schema

2.32.1 - 2017-08-24

Fixed
• Bigger logo on the navbar
• Fixed home page screenshot of the site

2.32.0 - 2017-08-22

Added
• New top bar button structure
• Added option ‘any’ to display all kind of packages in repo view
• Support for custom user avatar methods

140 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

• Updated cas-mirror docs

• Create installers uploading an environment file
• Parcel and management packs can be created from installers previously created
• SSL protocol version can now be customized
• Fresh design
• Stats API endpoint
• Updated all flash messages colors
Fixed
• Ownership of uploaded environments
• Doc links on the feed
• Styling of installer widget
• Transferred projects now appear in dashboard
• Environment validation
• Environment upload labels
• Show correct package type when transferring package/environment/notebook
• Increased panel sizes in profile and dashboard
• Limited items to display in panels
• Fixed collaborators view
• Potential cache related exception
• Made management packs template order deterministic
• Unsafe redirections
• Removed packages from groups when transferred
• Closed XSS vulnerabilities
• Contact us emails are sent from [email protected] with a reply-to header
• Fixed typeahead input field to add package collaborators
• Archive items when all their files are deleted
• Return NotFound on item details page when they don’t contain any files
• Fixed stats report admin view
• Replaced occurrences of the word “package” for a more appropriate name depending on the package type

2.31.6 - 2017-08-08

Added
• Email notification when added as a collaborator
• Labels regex now distinguishes uppercase characters
• Added site export tool
• Upload option for installers

3.1. Anaconda Enterprise 4 141

Anaconda Documentation, Release 2.0

• Added button to review the build log next to each installer file
• Version specific landing page for packages
• Added group info to site export tool
• Upload option for environments
Fixed
• Layout issues on dashboard and repo pages
• Remove user from groups when the account is removed
• Remove user as a collaborator for installers/packages/projects/notebooks/environments when is deleted
• Show only projects with files in projects list
• CSV export of users
• Typeahead for multi-type packages
• Added user validation to remove collaborator form
• Metadata display on package API
• Cache key generation and diskcache size limit parameter
• Empty packages will no longer appear in search results

2.31.4 - 2017-08-03

Fixed
• Fixed repodata caching

2.31.3 - 2017-07-27

Fixed

• Fixed label validation

2.31.2 - 2017-07-24

Added

• Tool to check a file’s checksum

Fixed

• Show conda packages install instructions only for available labels

• Solved exception raise by anaconda-server-admin clean-storage
• Hide empty packages/environments/notebooks from dashboard/profile page
• Solved exception raised creating an installer from an empty environment
• Fixed style issues with dashboard/profile page.

142 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

• Added help info in profile page

• Show correct icons in objects page
• Removed extra space from groups breadcrumb
• Fixed license not updating
• Hide License expired message overlay during session when alert is closed
• Fixed email sending on forgot password and forgot username

2.31.1 - 2017-07-13

Added

• Docs for LDAP timeout

• –clean-platforms option for anaconda-server-sync-conda
• Docs for backup and restore procedures based on the default installation
• Added setting for custom installers location
• Updated FontAwesome to 4.7.0

Fixed

• Displays the latest release data on the package page

• Fixed panel size in profile page and added scrollbars on overflow
• Show latest version available for each platform in conda packages
• Custom installers pre-configured to point to repo instance
• Exception when trying to display security log
• Display the correct username on the navigation bar
• Remove unused logging configuration
• Python tags on environment.yaml now parsed on installer creation from environment
• Omitting non-conda dependencies on installer creation from environment
• Updated documentation links
• Added missing R packages icons
• Unicode issue on Contact Us form for anaconda cloud
• Fixed CSS issue on Internet Explorer
• Solved issues with labels containing slashes and spaces
• Updated link to conda documentation
• Force pypi mirroring for a new mirror user
• Fixed validation when setting packages to private in bulk
• Fixed some UI issues with long names
• Fixed org creation on mirroring tools

3.1. Anaconda Enterprise 4 143

Anaconda Documentation, Release 2.0

• Labels link takes you to all type package listing

• Package type filter set to ‘all’ will not show notebooks/environments anymore
• Confirmation of package delete with username input works also using uppercase
• Correct order of search filters
• Fixed typeahead endpoints
• Fixed duplicated channels on custom installers
• Allowing slashes on token name delete action
• Disabled LDAP referrals by default

2.31.0 - 2017-06-28

Added

• Added USER_REGEX defaults to reference docs

• Added period (.) as a valid character for the default USER_REGEX
• Added diskcache based repodata caching
• Added license url validation for packages
• Option to set storage keyname to full path
• Show error message when attempting to add duplicated collaborators

Fixed

• CSS fixes on top navbar

• CSS fixes on group names
• Added filter for valid packages in installer creation
• Added support for deleted Strip accounts
• Stops adding/updating labels if the validation fails
• Tokens modal is no longer going below the bottom of the page
• Displaying credit card errors correctly
• Handling LDAP login error
• Fixed highlight of proyect settings tab
• Updated tqdm version to stop exception on mirror download
• Environments summary is no longer duplicated
• Display correct package summary after update
• Customized success message on upvote depending on package type
• Updated links to docs for labels
• Updated verbose exception
• Fixed notebook revisions links

144 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

• Optimized query to get latest package versions

• Updated all references to docs with correct links for cloud
• Removed top-level domain validation from profile URL
• Improved speed of show_channel endpoint
• Added validation to prevent duplicated packages on installers
• Changed default label filter for packages to ‘all’
• Removed distinction of user menu based on username
• CSS issues with long names
• Fixed long project names overlapping

2.30.3 - 2017-06-06

Added

• Added feeds for kapsel creation/removal/new revision

Fixed

• Added some more plural forms for flash messages

• Show project description from latest revision instead of project summary
• Fixed window installer configuration files
• Moved project history to settings
• Projects and installers on the same row
• Fixed installer creation under LOCK_DOWN
• Fixed settings tab highlight on installer admin page
• Fixed handling of empty page param on search page
• Fixed max-age overflow on authentications endpoint
• Fixed project creation time
• Fixed installer form when python package has no releases
• Fixed subscriptions plans link
• Fixed unicode issues on contact form
• Merged LDAP login logic
• CSS clean up for groups with long names

## 2.30.2 - 2017-05-24

• Fixed authentications endpoint

3.1. Anaconda Enterprise 4 145

Anaconda Documentation, Release 2.0

## 2.30.1 - 2017-05-24

Added
• Warning before deleting a package and all of its messages
• Tool to check orphan files and packages
• Added option to lock down all public pages
• Added link to contact us for custom plans.
Fixed
• Display error message when config file is not found
• Fixes resend confirmation email
• Retrying on 502 error while mirroring conda
• Replace non-ascii characters from filename when downloading a file
• Added password validation to password reset form
• Handling 404 on s3 key_exists
• Removed files and packages will appear on package history
• Using user’s name and email on contact emails
• Changed Resend Email label to Password Reset in admin page
• Added placeholder to collaborators form
• Added singular form messages in flash notifications
• Fixed popup label for pkg/nbk/env settings
• Fixed scrollbar blocking content in installers documentation
• Added searchbox on navigation header for non-authenticated users
• Added more database indexes for better query performance
• Removed admin monitor page
• Increased request timeout default to 120 seconds
• Updated the mirror configuration examples
• Fixed URL for pricing info
• Fixed token creation API
• Removed outdated mirror documentation
• Added migration to normalize files data
• Added brand as key in api endpoint
• Declined credit card info is no longer stored
• Improved UI for group members page

146 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

## 2.30.0 - 2017-05-08

Added
• Added EULA to the installer
• Contact Us form now sends emails to [email protected]
• Create organization instead of user on mirroring tools
Fixed
• Fixed anaconda-server-sync-conda settings message
• Secured web helpers views
• Removed unused test endpoints
• Fixed insecure groups endpoint
• Fixed filename too long exception on type filter for installers
• Server side encryption on S3 storage
• Fixed documentation link in /settings/access API token page
• Year in footer matches current year
• Fixed password restrictions checks
• Replaced binstar-* message for anaconda-server-* on mirroring script
• Added missing instruction to Project upload instructions
• Fixed the way we load the license data from the database
• Added validation for reserved usernames
• Fixed package set-access on firefox
• Fixed encoding error on package information page
• Changed error message on installer creation form

## 2.29.1 - 2017-04-19

Fixed
• Fixed access to LDAP views
• Removed unused remove_user view
• Add support for expired marketo access token
• Fixed exception on installer creation

## 2.29.0 - 2017-04-19

Added
• Visibility on Projects feature
• Sortable account list by package count
• Change plan button for organizations

3.1. Anaconda Enterprise 4 147

Anaconda Documentation, Release 2.0

• Add lead source to marketo requests

Fixed
• Fixed installers downloads
• Set S3 addressing style to “virtual”
• Fixed S3 ETag processing
• Fixed handling of missing arch attribute on search
• Typeahead endpoint access limits
• Changed supervisord runtime files location
• Allowing numeric named installers
• Allows installer creation with environment with url on the channel list
• Fixed typeahead on installer creation form
• Remove unreachable code
• Fixed flake8 findings
• Fixed installer collaborators form
• Fixed remove unlabeled files
• Fixed repo access admin for organizations

## 2.28.1 - 2017-04-03

Added
• Installers can now be created from uploaded environments
Fixed
• Fixed outdated version badges
• Add “jessie” and “sles12” parcel suffixes
• Only allows alphanumeric characters on installers name
• Fix group installers page
• Fix edition of existing installers

2.28 - 2017-03-22

Added
• Add UI to delete and set access of packages on the repo page
• Add UI to delete files in the files section of the repo page
• Add UI to set and unset superuser and staff status on admin page
• Staff users can now access licensing
• Pagination on history for the account admin page
Fixed

148 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

• Config set using anaconda-server-config

• Username on page titles
• Fixed anaconda-server-sync-conda issue with local repos
• CSV export on emails with special characters
• Package label filtering
• Signup password validation error message
• Exception requesting non existing file url
• Fixed email confirmation for organizations
• Text overflow when username is too long
• Remove all user packages in a single action to avoid filling the queue
• Checking user existence on reset password
• Installer URL shows zip extension

2.27.5 - 2017-03-14

Fixed
• Added boto dependency back

2.27.4 - 2017-03-03

Added
• Support for S3 regions that only use V4 signatures
• Support for S3 server-side encryption
• Support for custom PyPI repo sync
• New releases overrides package’s description, summary, license and icon
• Update mongodb to 3.4
Fixed
• API endpoint DELETE /dist/{owner_login}/{package_name}/{version}/-/{_id} should delete the file with the
associated ID
• Email validation on profile page
• Downloading files with spaces or special characters should result in the correct filename
• Some documentation URLs showed up without styling
• Fixed text overlap in admin deployment page
• /downloads installers should generate configuration files correctly
• “Not Found” errors are more consistent and clear
• Package search timeout
• Displaying validation in the popup on account’s admin page

3.1. Anaconda Enterprise 4 149

Anaconda Documentation, Release 2.0

2.27.3 - 2017-03-02

Fixed
• Add support for string license attribute

2.27.2 - 2017-02-27

Fixed
• Remove pyc from ambari mpack templates folder

2.27.1 - 2017-02-23

Added
• Limit to the cache
Fixed
• Added missing ambari mpack templates folder

2.27.0 - 2017-02-15

Added
• Support for generating custom Hortonworks/Ambari management packs
• License and license url to packages api
• Update email confirmation code to more secure and flexible hash
• Support for multiple users with same email (if option enabled)
• Admin support to remove an account
• Admin support to change storage size or change plan to free unlimited
• Package versions on installers and parcels are now optional
• Specify a configuration file with the environment variable ANACONDA_SERVER_CONFIG
Fixed
• Noarch repodata should not include files that are missing platform and arch
• Fix attribute errors kapsel unit tests
• Mirror configuration python_versions should not require quotes
• Add link to package on Favorites page breadcrumbs.
• Improve support for POWER and ARM architectures.
• Provide a useful error page when MongoDB is unreachable.
• Fix notebook and env with same name
• Suppress form errors when adding or removing package/channels
• anaconda-server-config will work on the config file you actually have
• Remove temporary redirects on user settings and org groups settings

150 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

• Disable empty as a valid label/channel name

• Fix organization name on group membership view
• Disable Reset Password if it is the only button

2.26.5 - 2017-01-30

• Remove experimental feature from display.

2.26.4 - 2017-01-30

Fixed
• Some files would not be cleaned up correctly when the corresponding user was deleted in the interface. Added
a migration to clean up any existing unused files.
• Add anaconda-server-admin clean-storage command to clean up unused files.
• Fix csv column order on package info at the admin page.
• Render URLs in the package summary as links.
• Display correct breadcrumb for a selected environment.
• Sort labels on package page alphabetically.
• Pluralize storage information correctly.

2.26.3 - 2017-01-10

• Added AnacondaCON promo to Anaconda Cloud

2.26.2 - 2017-01-06

Added
• Conda repodata is now cached more frequently.
• Constructor installer creation will now be terminated if it takes longer than 60 seconds.
Fixed
• An error that occurred when PyPI packages that were deleted were re-uploaded.

Anaconda repository 2.26.0 - 2016-12-19

• Anaconda Repository has a new mirroring tool with reproducible results, and improved support for delta mir-
roring.

Anaconda repository 2.25.0 - 2016-11-30

• Anaconda Repository is now distributed as a self-contained installer.

3.1. Anaconda Enterprise 4 151

Anaconda Documentation, Release 2.0

Anaconda repository 2.24.4 - 2016-11-17

• FIX: issues with async workers PR #3120, #3123

• FIX: Issue with sending forgotten username. PR #3120
• LOGGING: log everything to stdout. supervisord script will now log to file instead of syslog PR #3106
• KAPSEL: Remove kapsel uploader PR #3107

Anaconda repository 2.24.0 - 2016-11-09

• Documentation updates
• Fix task queue (removed mtq library)
• Improve performance of PyPI simple index page
• Move licensing code to anaconda_platform.component.licensing
• Add hotjar (cloud)
• Move username regex to check into settings
• Parcels: Add anaconda and python 2.7 as default packages
• Added AIC (Anaconda Installer Configuration) installers
• Remove Kapsel Execution

Anaconda repository 2.23.1 - 2016-10-25

Added
• Gevent in as the server worker_class
• Remove check of key existence in s3 for anaconda.org

Anaconda repository 2.22.0 - 2016-10-18

Fixed
• API: added correct handling when user is deleted
• DOWNLOADS: allow unlimited storage of download stats
• UI: terms and conditions link was incorrectly escaped
• NOTEBOOKS: fix sorting of notebook versions
• REPO: copied package files would sometimes return 404
• UI: added default sorting to more tables
• REPO: usability and functionality fixes for CDH parcel generation

152 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Anaconda repository 2.21.0 - 2016-09-29

Added
• REPO: users can create custom CDH parcels through Anaconda Repository
• UI: standardize sorting on tables
• UI: the software version is included in the footer of Anaconda Repository
Fixed
• NOTEBOOKS: added iframe sandboxing to notebooks
• NOTEBOOKS: fixed rendering of thumbnails uploaded by nb_anacondacloud
• REPO: copied package files were sometimes incorrectly garbage collected
Changed
• UI: The pages on the conda.anaconda.org and pypi.anaconda.org domains redirect to anaconda.org.
Removed
• BUILD: The deprecated build feature has been removed from Anaconda Repository.

Anaconda repository 2.20.4 - 2016-09-26

Fixed
• NOTEBOOKS: links in the notebook will open in the browser window directly, instead of inside of a frame.

Anaconda repository 2.20.3 - 2016-09-20

Fixed
• Allow numeric usernames

Anaconda repository 2.20.2 - 2016-08-18

Added
• REPO: package types will correctly update from added files (#2492)
• UI: cluster pages now list apps associated with that cluster
• Notebooks larger than 25mb will not be rendered (#2336)
• API: the endpoint /user/{account}/downloads/{start}--{end} now provides download activity
aggregated by package for an account.
Fixed
• Improve the performance of the security feed (#2335)
Changed
• UI: the reminder to use beta will be hidden for 24 hours when a user clicks the “close” button.
• BUILD: remove welcome to build message for build deprecation notice.
• UI: rename project to kapsel everywhere (except imports) (#2563)

3.1. Anaconda Enterprise 4 153

Anaconda Documentation, Release 2.0

• Collaborators page updated to new groups API (#2512)

Anaconda repository 2.19.5 - 2016-08-04

Fixed
• Fixed generation of URLs to user notebook content server over https

Anaconda repository 2.19.4 - 2016-07-21

Fixed
• DB: improved group migration to handle more corner cases

Anaconda repository 2.19.2 - 2016-07-07

Fixed
• REPO: package types will correctly update from added files (#2492)

Anaconda repository 2.19.1 - 2016-07-07

Added
• Basic Cluster Pages
• Conda Caching - Conda endpoints now use Last-Modified/if-modified-since headers

Anaconda repository 2.18.0 - 2016-06-01

Added
• API: add an endpoint /user/{account}/downloads/{start}--{end} that provides an aggregated
summary of download activity for an account.
• BUILD: automatically scroll to the bottom of log when new lines are appended
• REPO: improve support for R packages
• WEB: license warning message includes a link to the license configuration page
Fixed
• Users do not need to be logged into GitHub to trigger builds
• BUILD: remote address for workers will be detected correctly when running behind a proxy (#2036)
• API: LDAP users logging in for the first time via anaconda login are created correctly.
• PIP v8.1.2 fixed package name lookup

154 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Anaconda repository 2.17.0 - 2016-04-18

Added
• Queue administration page that displays build worker details and history (#1847)
• An additional configuration file can be specified with the environment variable ANACONDA_SERVER_CONFIG
or the command line argument --config-file
• Configuration files in the directory $PREFIX/etc/anaconda-server/ will now be automatically loaded
• Better logging for login logic
• Failed logins are now recorded in the security log
• docs.anaconda.org content is now bundled with Anaconda Repository
• New privacy policy
• Project’s API
• Show notebooks with nbpresent metadata as presentations (#1583)
• Can now view different versions of notebooks (#1764)
• Complete list of current settings on /admin/deployment (#1928)
• Decorator to validate params in a requests. (#1970)
• api.anaconda.org returns conda_url, pypi_url and main_url (#1984)
• keyname is displayed for superusers on the file details modal, allowing an administrator to locate a file on disk
(#1985)
Fixed
• Editing package description should not add extra whitespace (#1710)
• Starred packages owned by other users will appear on the dashboard (#1706)
• Notebook output that is too wide will display a scroll-bar (#1581)
• Cleaned up styling on CI settings page (#1713)
• Security log details modal should appear for non-administrator users
• More graceful handling of notebook rendering failure (#1548)
• GitHub OAuth flow in the user settings page (#1931)
• Changed conda install instructions to use short channel name
• Group API exceptions when viewing group members (#1959)
• Fixed error in sample enterprise config file (#1968)
Changed
• Renamed “upvotes” to “favorites” (#1707)
• adjusted helptext for conda install from specific user channel (#1914)

Anaconda repository 2.16.6 - 2016-03-28

• Clean up build workers that have been idle too long (#1749)
• Add SMTP support for sending email (#1747)

3.1. Anaconda Enterprise 4 155

Anaconda Documentation, Release 2.0

• Add remote address of build workers to queue status (#1743)

• Toggleable sections in build log output
• Render progress bars in build log correctly
• Fix organization page redirects
• Improve search performance for “type:pypi” query (#1808)
• Fix duplicated build item when resubmitting via CLI (#1805)
• Fix sorting of file sizes (#1783)
• Fix small issue in package files page

Anaconda repository 2.16.0 - 2016-02-25

• Kerberos Authentication Support

• Several small fixes
• Performance improvements

Anaconda repository 2.15.5 - 2016-02-06

• Minor fixes and improvements

• Made build a separate component from the server
• Added license code
• Improved UI
• Better support for labels
• Improved performance on user profiles / security pages

Anaconda repository 2.14.1 - 2016-01-20

• Re-enabled the anaconda copy command

• Release renaming “channels” to “labels”
• Implemented new UI enhancements that included a new user dashboard
• Performed additional bug fixes

Anaconda repository 2.13.1 - 2016-01-12

• Implemented “My upvotes” page

• Added UI improvements to notebooks
• Implemented error logging fixes
• Performed additional bug fixes

156 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Anaconda repository 2.12.3 - 2015-12-22

• Implemented UI Improvements to align with Anaconda branding, making A-Cloud easier to use
• Added confirmation after sending a message to support from the “contact us” page
• Removed left nav on dashboard
• Moved channel manager to the apps dropdown
• Made it easier for Academic users to access features by adding extended subdomain access for institutions
• Created a landing page for bug reporting to help A-Cloud users better self-select which repo for issue logging

Anaconda repository 2.11 - 2015-12-09

• Implemented UI Improvements
• Fixed minor issues
• Improved user profile
• Improved password validation
• Updated plans and pricing pages

Anaconda repository 2.10 - 2015-11-13

• Implemented UI Improvements

Anaconda repository 2.9 - 2015-09-28

• Implemented Upgrade/Setup script

• Offered free MKL Optimizations and free IOPro Addons for academic use
• Added command line scripts for user name changes
• Allowed port number configuration
• The Anaconda Server will subsequently be referred to as Anaconda repository

Anaconda Server 2.8 - 2015-08-27

• Added support for Jupyter 4.0

• Made passwords configurable
• Supplied better error messages

Anaconda Server 2.7 - 2015-07-28

• Implemented a new environment page

• Offered new channel features

3.1. Anaconda Enterprise 4 157

Anaconda Documentation, Release 2.0

Anaconda Server 2.6 - 2015-07-23

• Added support for conda noarch packages.

• Exposed additional distribution attributes via the API
• Changed Anaconda Server’s underlying webserver from tornado to gunicorn

Anaconda Server 2.3 - 2015-04-24

• Increased specificity when mirroring the Anaconda repository including more robust license-blacklisting capac-
ity and new python version-filtering capacity
• Implemented the ability to upload iPython notebooks to your Anaconda Server user account

Anaconda Server 2.2 - 2015-04-17

• Improved the user interface for channel-based interactions, which allowed users to manage multiple package
and channel interactions from a single dashboard
• Performed additional unit testing
• Due to a lack of backwards compatibility, this release locks the following two versions of the dependency packages:

– flask-wtf=0.8.4
– werkzeug=0.9.6

Command reference

Anaconda Client is the command line interface (CLI) to Anaconda Repository. You can use it to log in, log out,
manage your account, upload files, generate access tokens, view tokens and other tasks.
The full Client command reference is shown below. You can also view this command reference in a terminal window
with the command anaconda --help or anaconda -h.
See also: Anaconda Cloud API Reference.

• anaconda
• Authentication
– auth
– login
– logout
– whoami
• Informational
– show
– search
– config

158 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

• Package management
– package
– upload
– download
– remove
– groups
– label
– copy
– move

anaconda

usage: anaconda [-h] [--disable-ssl-warnings] [--show-traceback] [-v] [-q]

[-V] [-t TOKEN] [-s SITE]
...

Anaconda Repository command line manager

optional arguments:
-h, --help show this help message and exit
-V, --version show program's version number and exit

output:
--disable-ssl-warnings
Disable SSL warnings (default: False)
--show-traceback Show the full traceback for chalmers user errors
(default: False)
-v, --verbose print debug information ot the console
-q, --quiet Only show warnings or errors the console

anaconda-client options:
-t TOKEN, --token TOKEN
Authentication token to use. May be a token or a path
to a file containing a token
-s SITE, --site SITE select the anaconda-client site to use

Commands:

auth Manage Authorization Tokens

label Manage your Anaconda Repository labels
channel [DEPRECATED in favor of label] Manage your Anaconda
Repository channels
config Anaconda client configuration
copy Copy packages from one account to another
download Download notebooks from Anaconda Repository
groups Manage Groups
login Authenticate a user
logout Log out from Anaconda Repository
notebook [DEPRECATED in favor of upload/download] Interact
with notebooks in anaconda.org
(continues on next page)

3.1. Anaconda Enterprise 4 159

Anaconda Documentation, Release 2.0

(continued from previous page)

package Package utils
remove Remove an object from Anaconda Repository. Must refer to
the formal package name as it appears in the URL of
the package. Also use anaconda show <USERNAME> to see
list of package names. Example: anaconda remove
continuumio/empty-example-notebook
search Search Anaconda Repository
show Show information about an object
upload Upload packages to Anaconda Repository
whoami Print the information of the current user
build Anaconda build client for continuous integration,
testing and building packages
worker Anaconda build client for continuous integration,
testing and building packages

Authentication

auth

usage: anaconda auth [-h] [-n NAME] [-o ORGANIZATION]

[--strength {strong,weak}] [--strong] [-w] [--url URL]
[--max-age MAX_AGE] [-s SCOPES] [--out OUT]
(-x | -l | -r NAME [NAME ...] | -c | -i)

Manage Authorization Tokens

optional arguments:
-h, --help show this help message and exit
-n NAME, --name NAME A unique name so you can identify this token later.
View your tokens at anaconda.org/settings/access
-o ORGANIZATION, --org ORGANIZATION, --organization ORGANIZATION
Set the token owner (must be an organization)

token creation arguments:

These arguments are only valid with the `--create` action

--strength {strong,weak}
--strong Create a longer token (default)
-w, --weak Create a shorter token
--url URL The url of the application that will use this token
--max-age MAX_AGE The maximum age in seconds that this token will be
valid for
-s SCOPES, --scopes SCOPES
Scopes for token. For example if you want to limit
this token to conda downloads only you would use
--scopes "repo conda:download"
--out OUT

actions:
-x, --list-scopes list all authentication scopes
-l, --list list all user authentication tokens
-r NAME [NAME ...], --remove NAME [NAME ...]
remove authentication tokens
-c, --create Create an authentication token
(continues on next page)

160 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

(continued from previous page)

-i, --info, --current-info
Show information about the current authentication
token

Manage Authentication tokens

See also token.

login

usage: anaconda login [-h] [--hostname HOSTNAME] [--username LOGIN_USERNAME]

[--password LOGIN_PASSWORD]

Authenticate a user

optional arguments:
-h, --help show this help message and exit
--hostname HOSTNAME Specify the host name of this login, this should be
unique (default: hq-phone-114.corp.continuum.io)
--username LOGIN_USERNAME
Specify your username. If this is not given, you will
be prompted
--password LOGIN_PASSWORD
Specify your password. If this is not given, you will
be prompted

logout

usage: anaconda logout [-h]

Log out from Anaconda Repository

optional arguments:
-h, --help show this help message and exit

whoami

usage: anaconda whoami [-h]

Print the information of the current user

optional arguments:
-h, --help show this help message and exit

Informational

3.1. Anaconda Enterprise 4 161

Anaconda Documentation, Release 2.0

show

usage: anaconda show [-h] spec

Show information about an object

positional arguments:
spec Package written as USER[/PACKAGE[/VERSION[/FILE]]]

optional arguments:
-h, --help show this help message and exit

Show information about an object

EXAMPLE:
anaconda show anaconda
anaconda show anaconda/python
anaconda show anaconda/python/2.7.5
anaconda show anaconda/python/2.7.5/linux-64/python-2.7.5-0.tar.bz2

search

usage: anaconda search [-h] [-t {conda,pypi}]

[-p {osx-32,osx-64,win-32,win-64,linux-32,linux-64,linux-
˓→armv6l,linux-armv7l,linux-ppc64le,noarch}]

name

Search Anaconda Repository

positional arguments:
name Search string

optional arguments:
-h, --help show this help message and exit
-t {conda,pypi}, --package-type {conda,pypi}
only search for packages of this type
-p {osx-32,osx-64,win-32,win-64,linux-32,linux-64,linux-armv6l,linux-armv7l,linux-
˓→ppc64le,noarch}, --platform {osx-32,osx-64,win-32,win-64,linux-32,linux-64,linux-

˓→armv6l,linux-armv7l,linux-ppc64le,noarch}

only search for packages of the chosen platform

Search Anaconda Repository for packages

config

usage: anaconda config [-h] [--type TYPE] [--set name value] [--get name]
[--remove REMOVE] [--show] [-f] [--show-sources] [-u]
[-s]

Anaconda client configuration

optional arguments:
(continues on next page)

162 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

(continued from previous page)

-h, --help show this help message and exit
--type TYPE The type of the values in the set commands

actions:
--set name value sets a new variable: name value
--get name get value: name
--remove REMOVE removes a variable
--show show all variables
-f, --files show the config file names
--show-sources Display all identified config sources

location:
-u, --user set a variable for this user
-s, --system, --site set a variable for all users on this machine

anaconda-client configuration

Get, Set, Remove or Show the anaconda-client configuration.

###### anaconda-client sites

anaconda-client sites are a mechanism to allow users to quickly switch

between Anaconda Repository instances. This can be used with the on-site Anaconda
Enterprise.

* Invoke the anaconda command with the `-s/--site` option like this:

anaconda -s site_name whoami

* Set a site as the default:

anaconda config --set default_site site_name

anaconda whoami

###### Add an anaconda-client site

After installing Anaconda Enterprise

you can add a site named **site_name** like this:

anaconda config --set sites.site_name.url "http://<anaconda-enterprise-ip>:<port>/

˓→ api"
anaconda config --set default_site site_name

###### Site Options VS Global Options

All options can be set as global options that affect all sites
or site options that affect only one site.

By default, options are set globally:

anaconda config --set OPTION VALUE

If you want the option to be limited to a single site,

prefix the option with `sites.site_name`:

anaconda config --set sites.site_name.OPTION VALUE

(continues on next page)

3.1. Anaconda Enterprise 4 163

Anaconda Documentation, Release 2.0

(continued from previous page)

###### Common anaconda-client configuration options

* `url`: Set the anaconda api url (default: https://api.anaconda.org)

* `ssl_verify`: Perform ssl validation on the https requests.
ssl_verify may be `True`, `False` or a path to a root CA pem file.

###### Toggle auto_register when doing anaconda upload

The default is yes, automatically create a new package when uploading.

If no, then an upload will fail if the package name does not already exist on the
˓→server.

anaconda config --set auto_register yes|no

Package management

package

usage: anaconda package [-h]

(--add-collaborator user | --list-collaborators | --create)
[--summary SUMMARY] [--license LICENSE]
[--license-url LICENSE_URL] [--personal | --private]
USER/PACKAGE

Anaconda Repository package utilities

positional arguments:
USER/PACKAGE Package to operate on

optional arguments:
-h, --help show this help message and exit

actions:
--add-collaborator user
username of the collaborator you want to add
--list-collaborators list all of the collaborators in a package
--create Create a package

metadata arguments:
--summary SUMMARY Set the package short summary
--license LICENSE Set the package license
--license-url LICENSE_URL
Set the package license url

privacy:
--personal Set the package access to personal This package will
be available only on your personal registries
--private Set the package access to private This package will
require authorized and authenticated access to install

164 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

upload

usage: anaconda upload [-h] [-c CHANNELS] [-l LABELS] [--no-progress]

[-u USER] [--all] [-p PACKAGE] [-v VERSION]
[-s SUMMARY] [-t PACKAGE_TYPE] [-d DESCRIPTION]
[--thumbnail THUMBNAIL] [--private]
[--no-register | --register] [--build-id BUILD_ID]
[-i | -f | --force]
files [files ...]

Upload packages to Anaconda Repository

positional arguments:
files Distributions to upload

optional arguments:
-h, --help show this help message and exit
-c CHANNELS, --channel CHANNELS
[DEPRECATED] Add this file to a specific channel.
Warning: if the file channels do not include "main",
the file will not show up in your user channel
-l LABELS, --label LABELS
Add this file to a specific label. Warning: if the
file labels do not include "main", the file will not
show up in your user label
--no-progress Don't show upload progress
-u USER, --user USER User account or Organization, defaults to the current
user
--all Use conda convert to generate packages for all
platforms and upload them
--no-register Don't create a new package namespace if it does not
exist
--register Create a new package namespace if it does not exist
--build-id BUILD_ID Anaconda Repository Build ID (internal only)
-i, --interactive Run an interactive prompt if any packages are missing
-f, --fail Fail if a package or release does not exist (default)
--force Force a package upload regardless of errors

metadata options:
-p PACKAGE, --package PACKAGE
Defaults to the package name in the uploaded file
-v VERSION, --version VERSION
Defaults to the package version in the uploaded file
-s SUMMARY, --summary SUMMARY
Set the summary of the package
-t PACKAGE_TYPE, --package-type PACKAGE_TYPE
Set the package type [ipynb, env]. Defaults to
autodetect
-d DESCRIPTION, --description DESCRIPTION
description of the file(s)
--thumbnail THUMBNAIL
Notebook's thumbnail image
--private Create the package with private access

anaconda upload CONDA_PACKAGE_1.bz2

anaconda upload notebook.ipynb
anaconda upload environment.yml

3.1. Anaconda Enterprise 4 165

Anaconda Documentation, Release 2.0

See also:
• Uploading a conda package.
• Uploading PyPI packages.

download

usage: anaconda download [-h] [-f] [-o OUTPUT] handle

Download packages from Anaconda Repository

positional arguments:
handle user/notebook

optional arguments:
-h, --help show this help message and exit
-f, --force Overwrite
-o OUTPUT, --output OUTPUT
Download as

Usage:
anaconda download notebook
anaconda download user/notebook

remove

usage: anaconda remove [-h] [-f] specs [specs ...]

Remove an object from Anaconda Repository

example::

anaconda remove sean/meta/1.2.0/meta.tar.gz

positional arguments:
specs Package written as <user>[/<package>[/<version>[/<filename>]]]

optional arguments:
-h, --help show this help message and exit
-f, --force Do not prompt removal

groups

usage: anaconda groups [-h] [--perms {read,write,admin}]

{add,show,members,add_member,remove_member,packages,add_
˓→package,remove_package}

spec

positional arguments:
{add,show,members,add_member,remove_member,packages,add_package,remove_package}
The group management command to execute
(continues on next page)

166 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

(continued from previous page)

spec <organization>/<group_name>/<member>

optional arguments:
-h, --help show this help message and exit
--perms {read,write,admin}
The permission the group should provide

label

usage: anaconda label [-h] [-o ORGANIZATION]

(--copy LABEL LABEL | --list | --show LABEL | --lock LABEL | --
˓→unlock LABEL | --remove LABEL)

Manage your Anaconda Repository channels

optional arguments:
-h, --help show this help message and exit
-o ORGANIZATION, --organization ORGANIZATION
Manage an organizations labels
--copy LABEL LABEL
--list list all labels for a user
--show LABEL Show all of the files in a label
--lock LABEL Lock a label
--unlock LABEL Unlock a label
--remove LABEL Remove a label

copy

usage: anaconda copy [-h] [--to-owner TO_OWNER] [--from-label FROM_LABEL]

[--to-label TO_LABEL]
spec

Copy packages from one account to another

positional arguments:
spec Package - written as user/package/version[/filename]
If filename is not given, copy all files in the
version

optional arguments:
-h, --help show this help message and exit
--to-owner TO_OWNER User account to copy package to (default: your
account)
--from-label FROM_LABEL
Label to copy packages from
--to-label TO_LABEL Label to put all packages into

move

3.1. Anaconda Enterprise 4 167

Anaconda Documentation, Release 2.0

usage: anaconda move [-h] [--from-label FROM_LABEL] [--to-label TO_LABEL] spec

Move packages between labels.

positional arguments:
spec Package - written as user/package/version[/filename]
If filename is not given, move all files in the
version

optional arguments:
-h, --help show this help message and exit
--from-label FROM_LABEL
Label to move packages from
--to-label TO_LABEL Label to move packages to

Glossary

• Anaconda
• Anaconda Client CLI
• Anaconda Repository
• conda
• conda build
• conda package
• label
• Miniconda
• namespace
• noarch package
• on-site repository
• organization account
• package
• package manager
• project
• repository
• source package
• token

Anaconda

An easy-to-install, free collection of open source packages, including Python and the conda package manager. Over
150 packages are installed with Anaconda. After installing Anaconda, you can install or update over 250 additional
open source packages contained in the Anaconda Repository using the conda install PACKAGE command.

168 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

NOTE: Replace PACKAGE with the name of the desired package.

Anaconda Client CLI

The Anaconda Client command line interface (CLI) allows you to log into Anaconda Repository directly from your
Terminal window or Anaconda Prompt and manage your account. It is not necessary for downloading or installing
packages from Repository.

Anaconda Repository

Repository hosts hundreds of useful Python packages, notebooks and environments for a wide variety of applications.
You do not need to be logged in, or even need a Repository account, to search for packages, download and install
them.

conda

The conda package manager and environment manager program that installs and updates packages and their depen-
dencies, and lets you easily switch between environments on your local computer.

conda build

The command line interface that lets you build packages for your local operating system.

conda package

A compressed file containing system-level libraries, Python modules, executable programs or other components. The
file uses the tarball format.

label

Part of the URLs for Repository where conda looks for packages. Labels are searched only if you specify a label.
The default label is “main,” so packages that are uploaded without specifying a label are automatically labeled “main.”
The version labeled main is also downloaded by default, unless a user specifies a different label. So, if a file is labeled
main, then the label name may be omitted from the URL.
EXAMPLE: The following repositories are equivalent:
https://<your-anaconda-repo>/sean/label/main
https://<your-anaconda-repo>/sean

Commands such as conda install can be used with a channel, or used with a channel and a label:
conda install --channel sean selenium
conda install --channel sean/label/dev selenium
conda install --channel sean/label/stable selenium

Using Anaconda Client, package developers can create labels such as development labels/dev, test labels/
test or other labels that are searched only if the user specifies the label.
EXAMPLE: The following search examples use a namespace of “travis”:

3.1. Anaconda Enterprise 4 169

Anaconda Documentation, Release 2.0

• https://<your-anaconda-repo>/travis/labels/main—the label searched by default.

• https://<your-anaconda-repo>/travis—same as default label with main implicit.
• https://<your-anaconda-repo>/travis/labels/dev—contains the packages in development.
• https://<your-anaconda-repo>/travis/labels/test—contains packages ready to test.
• https://<your-anaconda-repo>/travis/labels/any-custom-label—any label you want
to use.

Miniconda

A minimal installer for conda. Like Anaconda, Miniconda is a software package that includes the conda package
manager and Python and its dependencies, but does not include any other packages. Once conda is installed by
installing either Anaconda or Miniconda, you can install other software packages directly from the command line
using conda install.

namespace

Each user and organization has their own location called a “namespace” where they may host packages. You can view
the public packages in a user or organization’s namespace by navigating to their user page.
EXAMPLE: The “travis” user namespace located at https://<your-anaconda-repo>/travis contains
packages that were uploaded and shared by the user whose account is named “travis.”

noarch package

A conda package that contains nothing specific to any system architecture, so it may be installed on any system. When
conda searches for packages on any system in a channel, conda always checks both the system-specific subdirec-
tory—such as linux-64—and the noarch directory.

on-site repository

Repository is powered by Anaconda Server. You can run your own server behind firewalls or in air gapped environ-
ments. For more information, contact [email protected].

organization account

An organization account is a type of account on Repository that allows multiple individual users to administer packages
and control package access to different user groups. It also includes a large amount of storage space.
Use organization accounts to:
• Share packages, environments or notebooks under an organization’s account rather than your personal account.
• Assign multiple account administrators.
• Assign different access permissions to groups of users and customize per-package access by group.

170 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

package

All files uploaded to Repository are stored in packages. Each Repository package is visible at its own unique URL
based on the name of the user who owns the package and the name of the package.
EXAMPLE: If a user “travis” uploads a test package named “testpkg,” it is visible at:

https://<your-anaconda-repo>/travis/testpkg

Repository packages may contain multiple files, and these files may be data files such as comma separated value (CSV),
tab separated value (TSV), or text (TXT), or package files such as conda packages, PyPI packages or R packages.

package manager

A tool that facilitates the process of installing, upgrading, configuring and removing packages on Repository. Reposi-
tory supports two package managers, conda and PyPI.
For more information, see Using package managers.

project

Anaconda Project is an open source tool created by Anaconda that delivers light-weight, efficient encapsulation and
portability of data science projects.

repository

A storage location from which software packages may be retrieved and installed on a computer.

source package

“Source” packages are source code only, not yet built for any specific platform, and might be compatible with all,
some or only one of the platforms.

token

An access control token is a random alphanumeric string that is inserted into a URL that you give to another Repository
user. The token allows them to download a package or add a channel that you have marked private. Only those users
with the correct access token can access the private file. You can use Client to generate tokens to give other users
specifically scoped access to packages and collections.

Previous versions

This documentation is provided for the use of our customers who have not yet upgraded to the current version. Your
version number is located in the footer.*

3.1. Anaconda Enterprise 4 171

Anaconda Documentation, Release 2.0

Anaconda Repository 2.32

User guide (AER 2.32)

Quickstart (AER 2.32)

Managing Your Account (AER 2.32)

Using Anaconda Repository (AER 2.32)

Parcels, Management Packs, and Installers (AER 2.32)

Reference (AER 2.32)

Command Reference (AER 2.32)

Admin and install guide (AER 2.32)

Install Anaconda Repository (AER 2.32)

Online Installation (AER 2.32)

Offline Installation (AER 2.32)

Advanced Installation Options (AER 2.32)

Troubleshooting your Anaconda repository installation (AER 2.32)

Maintenance and configuration concerns (AER 2.32)

User administration (AER 2.32)

Anaconda repository requirements and verification (AER 2.32)

Client configuration (AER 2.32)

Air gap archive (AER 2.32)

Update/Uninstall Anaconda Repository (AER 2.32)

Anaconda repository backup and restore procedure (AER 2.32)

Anaconda repository command line interface (AER 2.32)

Command line interface (AER 2.32)

172 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Administrative commands (AER 2.32)

Adding a PyPI or Anaconda mirror to your Anaconda repository installation (AER 2.32)

Mirroring an Anaconda repository (AER 2.32)

Mirroring a PyPI repository (AER 2.32)

Configuring your PyPI or Anaconda Repository mirror (AER 2.32)

Customized Anaconda Installers (AER 2.32)

Cross platform (“Noarch”) package support in Anaconda repository (AER 2.32)

Jupyter notebook support in Anaconda repository (AER 2.32)

Recommended Workflow (AER 2.32)

Anaconda repository changelog (AER 2.32)

Configuration reference (AER 2.32)

Anaconda repository end user license agreement

Anaconda Repository 2.31

User guide (AER 2.31)

Quickstart (AER 2.31)

Managing Your Account (AER 2.31)

Using Anaconda Repository (AER 2.31)

Parcels, Management Packs, and Installers (AER 2.31)

Reference (AER 2.31)

Command Reference (AER 2.31)

Admin and install guide (AER 2.31)

Install Anaconda Repository (AER 2.31)

Online Installation (AER 2.31)

3.1. Anaconda Enterprise 4 173

Anaconda Documentation, Release 2.0

Offline Installation (AER 2.31)

Advanced Installation Options (AER 2.31)

Troubleshooting your Anaconda repository installation (AER 2.31)

Maintenance and configuration concerns (AER 2.31)

User administration (AER 2.31)

Anaconda repository requirements and verification (AER 2.31)

Client configuration (AER 2.31)

Air gap archive (AER 2.31)

Update/Uninstall Anaconda Repository (AER 2.31)

Anaconda repository backup and restore procedure (AER 2.31)

Anaconda repository command line interface (AER 2.31)

Command line interface (AER 2.31)

Administrative commands (AER 2.31)

Adding a PyPI or Anaconda mirror to your Anaconda repository installation (AER 2.31)

Mirroring an Anaconda repository (AER 2.31)

Mirroring a PyPI repository (AER 2.31)

Configuring your PyPI or Anaconda Repository mirror (AER 2.31)

Customized Anaconda Installers (AER 2.31)

Cross platform (“Noarch”) package support in Anaconda repository (AER 2.31)

Jupyter notebook support in Anaconda repository (AER 2.31)

Recommended Workflow (AER 2.31)

Anaconda repository changelog (AER 2.31)

Configuration reference (AER 2.31)

174 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Anaconda repository end user license agreement

Anaconda Repository 2.30

User guide (AER 2.30)

Quickstart (AER 2.30)

Managing Your Account (AER 2.30)

Using Anaconda Repository (AER 2.30)

Parcels, Management Packs, and Installers (AER 2.30)

Reference (AER 2.30)

Command Reference (AER 2.30)

Admin and install guide (AER 2.30)

Install Anaconda Repository (AER 2.30)

Online Installation (AER 2.30)

Offline Installation (AER 2.30)

Advanced Installation Options (AER 2.30)

Troubleshooting your Anaconda repository installation (AER 2.30)

Maintenance and configuration concerns (AER 2.30)

User administration (AER 2.30)

Anaconda repository requirements and verification (AER 2.30)

Client configuration (AER 2.30)

Air gap archive (AER 2.30)

Update/Uninstall Anaconda Repository (AER 2.30)

Anaconda repository backup and restore procedure (AER 2.30)

Anaconda repository command line interface (AER 2.30)

3.1. Anaconda Enterprise 4 175

Anaconda Documentation, Release 2.0

Command line interface (AER 2.30)

Adding a PyPI or Anaconda mirror to your Anaconda repository installation (AER 2.30)

Mirroring an Anaconda repository (AER 2.30)

Mirroring a PyPI repository (AER 2.30)

Configuring your PyPI or Anaconda Repository mirror (AER 2.30)

Customized Anaconda Installers (AER 2.30)

Cross platform (“Noarch”) package support in Anaconda repository (AER 2.30)

Jupyter notebook support in Anaconda repository (AER 2.30)

Recommended Workflow (AER 2.30)

Anaconda repository changelog (AER 2.30)

Configuration reference (AER 2.30)

Anaconda repository end user license agreement

Anaconda Repository 2.29

User guide (AER 2.29)

Quickstart (AER 2.29)

Managing Your Account (AER 2.29)

Using Anaconda Repository (AER 2.29)

Parcels, Management Packs, and Installers (AER 2.29)

Reference (AER 2.29)

Command Reference (AER 2.29)

Admin and install guide (AER 2.29)

Install Anaconda Repository (AER 2.29)

Advanced Installation Options (AER 2.29)

176 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Troubleshooting your Anaconda repository installation (AER 2.29)

Maintenance and configuration concerns (AER 2.29)

User administration (AER 2.29)

Anaconda repository requirements and verification (AER 2.29)

Client configuration (AER 2.29)

Update/Uninstall Anaconda Repository (AER 2.29)

Anaconda repository command line interface (AER 2.29)

Command line interface (AER 2.29)

Adding a PyPI or Anaconda mirror to your Anaconda repository installation (AER 2.29)

Mirroring an Anaconda repository (AER 2.29)

Transition from anaconda-server-sync-conda to anaconda-mirror (AER 2.29)

Mirroring a PyPI repository (AER 2.29)

Configuring your PyPI or Anaconda Repository mirror (AER 2.29)

Customized Anaconda Installers (AER 2.29)

Cross platform (“Noarch”) package support in Anaconda repository (AER 2.29)

Jupyter notebook support in Anaconda repository (AER 2.29)

Recommended Workflow (AER 2.29)

Anaconda repository changelog (AER 2.29)

Configuration reference (AER 2.29)

Anaconda repository end user license agreement (AER 2.29)

Anaconda Repository 2.28

User guide (AER 2.28)

Quickstart (AER 2.28)

3.1. Anaconda Enterprise 4 177

Anaconda Documentation, Release 2.0

Managing Your Account (AER 2.28)

Using Anaconda Repository (AER 2.28)

Parcels, Management Packs, and Installers (AER 2.28)

Reference (AER 2.28)

Command Reference (AER 2.28)

Admin and install guide (AER 2.28)

Install Anaconda Repository (AER 2.28)

Advanced Installation Options (AER 2.28)

Troubleshooting your Anaconda repository installation (AER 2.28)

Maintenance and configuration concerns (AER 2.28)

User administration (AER 2.28)

Anaconda repository requirements and verification (AER 2.28)

Client configuration (AER 2.28)

Update/Uninstall Anaconda Repository (AER 2.28)

Anaconda repository command line interface (AER 2.28)

Command line interface (AER 2.28)

Adding a PyPI or Anaconda mirror to your Anaconda repository installation (AER 2.28)

Mirroring an Anaconda repository (AER 2.28)

Transition from anaconda-server-sync-conda to anaconda-mirror (AER 2.28)

Mirroring a PyPI repository (AER 2.28)

Configuring your PyPI or Anaconda Repository mirror (AER 2.28)

Customized Anaconda Installers (AER 2.28)

Cross platform (“Noarch”) package support in Anaconda repository (AER 2.28)

178 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Jupyter notebook support in Anaconda repository (AER 2.28)

Recommended Workflow (AER 2.28)

Anaconda repository changelog (AER 2.28)

Configuration reference (AER 2.28)

Anaconda repository end user license agreement (AER 2.28)

Anaconda Repository 2.27

User guide (AER 2.27)

Quickstart (AER 2.27)

Managing Your Account (AER 2.27)

Using Anaconda Repository (AER 2.27)

Cloudera Manager Parcels (AER 2.27)

Reference (AER 2.27)

Command Reference (AER 2.27)

Admin and install guide (AER 2.27)

Install/Update/Uninstall Anaconda Repository (AER 2.27)

Advanced Installation Options (AER 2.27)

Troubleshooting your Anaconda repository installation (AER 2.27)

Maintenance and configuration concerns (AER 2.27)

User administration (AER 2.27)

Anaconda repository requirements and verification (AER 2.27)

Client configuration (AER 2.27)

Update/Uninstall Anaconda Repository (AER 2.27)

Anaconda repository command line interface (AER 2.27)

3.1. Anaconda Enterprise 4 179

Anaconda Documentation, Release 2.0

Command line interface (AER 2.27)

Adding a PyPI or Anaconda mirror to your Anaconda repository installation (AER 2.27)

Mirroring an Anaconda repository (AER 2.27)

Transition from anaconda-server-sync-conda to anaconda-mirror (AER 2.27)

Mirroring a PyPI repository (AER 2.27)

Configuring your PyPI or Anaconda Repository mirror (AER 2.27)

Customized Anaconda Installers (AER 2.27)

Cross platform (“Noarch”) package support in Anaconda repository (AER 2.27)

Jupyter notebook support in Anaconda repository (AER 2.27)

Recommended Workflow (AER 2.27)

Anaconda repository changelog (AER 2.27)

Configuration reference (AER 2.27)

Anaconda repository end user license agreement (AER 2.27)

Anaconda Repository 2.26

User guide (AER 2.26)

Quickstart (AER 2.26)

Managing Your Account (AER 2.26)

Using Anaconda Repository (AER 2.26)

Cloudera Manager Parcels (AER 2.26)

Reference (AER 2.26)

Command Reference (AER 2.26)

Admin and install guide (AER 2.26)

Install/Update/Uninstall Anaconda Repository (AER 2.26)

180 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Advanced Installation Options (AER 2.26)

Troubleshooting your Anaconda repository installation (AER 2.26)

Maintenance and configuration concerns (AER 2.26)

User administration (AER 2.26)

Anaconda repository requirements and verification (AER 2.26)

Client configuration (AER 2.26)

Update/Uninstall Anaconda Repository (AER 2.26)

Anaconda repository command line interface (AER 2.26)

Command line interface (AER 2.26)

Adding a PyPI or Anaconda mirror to your Anaconda repository installation (AER 2.26)

Mirroring an Anaconda repository (AER 2.26)

Mirroring a PyPI repository (AER 2.26)

Configuring your PyPI or Anaconda Repository mirror (AER 2.26)

Customized Anaconda Installers (AER 2.26)

Cross platform (“Noarch”) package support in Anaconda repository (AER 2.26)

Jupyter notebook support in Anaconda repository (AER 2.26)

Recommended Workflow (AER 2.26)

Anaconda repository changelog (AER 2.26)

Configuration reference (AER 2.26)

Anaconda repository end user license agreement (AER 2.26)

Anaconda Repository 2.25

User guide (AER 2.25)

Quickstart (AER 2.25)

3.1. Anaconda Enterprise 4 181

Anaconda Documentation, Release 2.0

Managing Your Account (AER 2.25)

Using Anaconda Repository (AER 2.25)

Cloudera Manager Parcels (AER 2.25)

Reference (AER 2.25)

Command Reference (AER 2.25)

Admin and install guide (AER 2.25)

Install/Update/Uninstall Anaconda Repository (AER 2.25)

Advanced Installation Options (AER 2.25)

Troubleshooting your Anaconda repository installation (AER 2.25)

Maintenance and configuration concerns (AER 2.25)

User administration (AER 2.25)

Anaconda repository requirements and verification (AER 2.25)

Client configuration (AER 2.25)

Anaconda repository command line interface (AER 2.25)

Command line interface (AER 2.25)

Adding a PyPI or Anaconda mirror to your Anaconda repository installation (AER 2.25)

Mirroring an Anaconda repository (AER 2.25)

Mirroring a PyPI repository (AER 2.25)

Configuring your PyPI or Anaconda Repository mirror (AER 2.25)

Customizing your PyPI or Anaconda repository mirror - v 2.2.0 or earlier (AER 2.25)

Customized Anaconda Installers (AER 2.25)

Cross platform (“Noarch”) package support in Anaconda repository (AER 2.25)

Jupyter notebook support in Anaconda repository (AER 2.25)

182 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Recommended Workflow (AER 2.25)

Anaconda repository changelog (AER 2.25)

Configuration reference (AER 2.25)

Anaconda repository end user license agreement (AER 2.25)

Anaconda Repository 2.24

User guide (AER 2.24)

Quickstart (AER 2.24)

Managing Your Account (AER 2.24)

Using Anaconda Repository (AER 2.24)

Cloudera Manager Parcels (AER 2.24)

Reference (AER 2.24)

Command Reference (AER 2.24)

Admin and install guide (AER 2.24)

Install/Update/Uninstall Anaconda Repository (AER 2.24)

Advanced Installation Options (AER 2.24)

Troubleshooting your Anaconda repository installation (AER 2.24)

Maintenance and configuration concerns (AER 2.24)

User administration (AER 2.24)

Anaconda repository requirements and verification (AER 2.24)

Client configuration (AER 2.24)

Anaconda repository command line interface (AER 2.24)

Command line interface (AER 2.24)

Adding a PyPI or Anaconda mirror to your Anaconda repository installation (AER 2.24)

3.1. Anaconda Enterprise 4 183

Anaconda Documentation, Release 2.0

Mirroring an Anaconda repository (AER 2.24)

Mirroring a PyPI repository (AER 2.24)

Configuring your PyPI or Anaconda Repository mirror (AER 2.24)

Customizing your PyPI or Anaconda repository mirror - v 2.2.0 or earlier (AER 2.24)

Customized Anaconda Installers (AER 2.24)

Cross platform (“Noarch”) package support in Anaconda repository (AER 2.24)

Jupyter notebook support in Anaconda repository (AER 2.24)

Recommended Workflow (AER 2.24)

Anaconda repository changelog (AER 2.24)

Configuration reference (AER 2.24)

Anaconda repository end user license agreement (AER 2.24)

Anaconda Repository 2.23

User guide

Quickstart

Managing Your Account

Using Anaconda Repository

Cloudera Manager Parcels

Reference

Command Reference

Admin and install guide

Install/Update/Uninstall Anaconda Repository

Advanced Installation Options

Troubleshooting your Anaconda repository installation

184 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Maintenance and configuration concerns

User administration

Anaconda repository requirements and verification

Client configuration

Anaconda repository command line interface

Command line interface

Adding a PyPI or Anaconda mirror to your Anaconda repository installation

Mirroring an Anaconda repository

Mirroring a PyPI repository

Configuring your PyPI or Anaconda Repository mirror

Customizing your PyPI or Anaconda repository mirror - v 2.2.0 or earlier

Cross platform (“Noarch”) package support in Anaconda repository

Jupyter notebook support in Anaconda repository

Recommended Workflow

Anaconda repository changelog

Configuration reference

Anaconda repository end user license agreement

* Anaconda Repository Versions 2.21.0 and earlier do not contain the version number in the footer. Please contact
your Enterprise Support representative to get your version number.

3.1.2 Anaconda Enterprise 4 Notebooks

Empower the Data Science Team with cross-collaboration

AEN is a browser-based Python data analysis environment and visualization tool from Anaconda®. AEN is a ready-
to-use, powerful, fully-configured data analytics environment all in a secure, governed environment.
AEN allows data science team members to create and share private notebooks, manage access, control notebook
revisions, compare and identify differences across notebook versions, search notebooks for keywords and packages,
use enhanced collaborative notebook features—including revision control and locking—and to access an on-premises
and/or cloud collaborative notebook server.

3.1. Anaconda Enterprise 4 185

Anaconda Documentation, Release 2.0

The current version of AEN is 4.3.2, released May 29, 2019.

User guide

AEN’s browser-based management of private packages, notebooks, and environments allows data science team mem-
bers to:
• Create, share and manage private notebooks.
• Control notebook revisions.
• Compare and identify differences across notebook versions.
• Search notebooks for keywords and packages.
• Use enhanced collaborative notebook features including revision control and locking.
• Access on-premises and/or cloud-based collaborative notebook servers.
• Utilize multiple language kernels like Python and R language in the same notebook.
• Create new notebook environments on the fly without leaving the notebook or entering commands in a prompt.
• Publish results to business stakeholders as interactive visualizations and presentations.
To quickly get up and running with AEN, see Getting started.
Download the Cheat sheet for easy reference.

Concepts

• Projects
• Team collaboration
• Access control
• Sharing projects
• Project tags

Projects

AEN users interact with the system predominantly through projects.

A project is a set of conda environments, Jupyter Notebooks, and other files.
Each project has a project drive that all team members can access. The size of the drive is not limited by AEN. Contact
your system administrator if you find you do not have sufficent space.
Each project has a separate project directory on the project drive.
The project directory is a directory for project files and data that is separate from the project owner’s and team mem-
bers’ home directories, so that team members can share and have equal access.
The path to your project directory is /projects/<project_owner>/<project_name>.
For administrative information about projects, directories, and permissions, see Projects and permissions.

186 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Team collaboration

Teams collaborate in AEN using projects. Projects allow a team to easily come together by sharing the resources,
applications, and environments that are necessary to collaborate effectively.
The AEN project owner and any team members connected to their project will have access to the same:
• Shared files and home directories.
• Shared Python and R environments.
• Shared nodes and hardware.
• Common applications.
• Web user interface.
For more information, see Working with projects.

Access control

AEN access controls allow you to:

• Add and remove project access for new team members.
• Limit the access to specific folders and files to members of your project team.
• Use permissions to extend execute access to team members. By default, all of the team members on a project
have read and write access to all project assets.
Access control is performed from each project’s Workbench application.
For more information, see Controlling access to your project.

Sharing projects

AEN supports both public and private sharing.

A project can be “public,” which means that anyone with access to the system can view the project assets.
Any content placed in the public folder in a project is publicly accessible using its URL.
A project can be “private,” which means that only the project owner and team members can view the project assets.
You can also limit who can access specific files.

Sharing Jupyter Notebooks

In addition to general project sharing capabilities, you can also publish Jupyter Notebooks to Anaconda Repository.
This automatically versions the notebook and allows you to define who can view the notebook.

Project tags

Tags are used to:

• Group similar or related projects.
• Identify your project so that it is easier to find.

3.1. Anaconda Enterprise 4 187

Anaconda Documentation, Release 2.0

• Let others know about your project.

You can add and remove tags for any project that you have access to.

Getting started

This section contains information and tasks for first-time AEN users.
In this getting started guide, you will:

• 1. Download the AEN cheat sheet

• 2. Access your user home page
• 3. Create a new project
• 4. Add collaborators
• 5a. Open an example notebook, OR
• 5b. Create a new environment and notebook
• 6. Create checkpoints for version control
• 7. Share your notebook and environment with others
• 8. See what to do next

1. Download the AEN cheat sheet

Before you start, download and print the AEN cheat sheet for easy reference.

2. Access your user home page

After your administrator has set up your server and new Anaconda account, you will receive a welcome email.
1. Click the link in the email to open the AEN login page.
NOTE: Use the domain name and not the IP address when you connect to AEN. Using the IP address can cause
TLS and security certificate errors.
2. Enter your AEN account username and password.
NOTE: Some administrators allow you to create your own account. If your administrator has allowed this, in
the create a new account section, create your own username and password.
3. Click the Login button.
Your user home page, where all good things happen, is displayed:

3. Create a new project

1. There are 2 ways to create a new project in AEN:

188 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

• On the right side of the AEN task bar, click on the New Project icon:

• On your home page, click the New project button:

2. On the Project page that is displayed, type a name for your project, such as “Testing.”

3. Type a summary of the project so you can recognize it later.

4. Select whether your project will be public or private.
5. Verify that the default data center is selected.
TIP: You can update the project summary and description at any time from the Project menu in the Project
Settings. To return to your project at any time, click the project name.
6. Click the Next button.
Your new project’s home page is displayed:

3.1. Anaconda Enterprise 4 189

Anaconda Documentation, Release 2.0

7. To change the project settings, click the Project Settings icon on at the top right.

8. Modify the summary or add a description of the project.

TIP: A project description is recommended, and may be written in Markdown syntax (plain text valid Mark-
down).
To see how Markdown will be displayed, in the description area, click the Preview tab.

4. Add collaborators

You can add team members to your project as collaborators. Adding team members to your projects makes collabora-
tion easy because they have full access to the project’s applications, files and services.
When you add team members, their home directory is mounted in the project. There is no need to download and email
data or scripts—team members can work on the same files in the same environment in which you are working.
To add collaborators to your project:

190 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

1. From your project home page, in the Team box, begin typing a teammate’s username.
2. In the list that is displayed, select the teammate’s username.
3. Click the Add button.

1. Repeat these steps for each team member you want to add as a collaborator.
TIP: You can add or remove team members any time from the Team menu in Project Settings. You can also modify a
team member’s read, write or execute permissions at any time from the Using Workbench.

5a. Open an example notebook, OR

1. From your project home page, click the Jupyter Notebooks icon.
2. On the File View page, click the Examples folder.

1. Select any of the example notebooks.

2. To see the default results of the formulas used in the displayed notebook, in the Cell menu, select Run All.
3. To experiment with changing the notebook, edit any of the formulas in the notebook.
4. In the Cell menu, select Run All.
Any differences resulting from your edits are displayed.

5b. Create a new environment and notebook

If you are already familiar with creating notebooks, you can easily set up a new environment with the programs you
need—like SciPy and NumPy—then open a new notebook and make your edits.
To create a new environment:
1. From your project home page, click the Jupyter Notebooks icon.

3.1. Anaconda Enterprise 4 191

Anaconda Documentation, Release 2.0

2. On the File View page, click the Conda tab.

3. To add a new conda environment, on the top right of the Conda tab, click the + icon.
4. Type a name for your environment.
5. Select Python 2, Python 3 or R language kernel.
6. Click the Create button.
7. To activate your new environment, click its name.
The packages that are available and installed in your new environment are displayed.

Adding SciPy and Numpy packages

1. In the available packages section, search for the package name numpy—all lower case.
2. In the results section, next to numpy, select the checkbox.

1. Click the Install icon.

2. To confirm your installation, click the Install button.
Numpy is displayed in the installed packages section—if not, click the Refresh button. Repeat these steps to install
the Scipy package—searching for scipy in step 1.
TIP: You can return to this screen at any time to add additional packages to this environment.

Creating a new notebook in your environment

1. From the AEN homepage, click the Files tab.

2. On the top right of the Files tab, click the New button.
3. Under Notebooks, select the Python environment with the name you entered while creating a new environment.

192 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

NOTE: If you do not see your new environment listed under Notebooks, next to the New
button, click the Refresh button.
A new locked notebook is displayed. Paste or write some code to execute when you are ready.

6. Create checkpoints for version control

Whether you are exploring an existing notebook, or creating a new one, you can easily create checkpoints, return to
an earlier version, compare two different versions and save them for reference.
To create a checkpoint, in the File menu, select Save and Checkpoint:

To revert your notebook to a previous checkpoint, in the File menu, select Revert to Checkpoint.
NOTE: For more information about revision control features, including creating commits and comparing differences,
see Using the Revision Control Mechanism extension.

7. Share your notebook and environment with others

See Sharing projects and notebooks.

8. See what to do next

Now that you have completed the Getting Started guide, you are ready to move on to basic tasks and advanced tasks.

Basic tasks

This section contains information and tasks that use the web browser to manage projects and is best-suited for any
beginning AEN user:

Working with projects

Almost everything in AEN starts by opening an existing project or creating a new one.
After that, you can set up a special environment with the packages you want, set their access permissions and modify
your project settings.

3.1. Anaconda Enterprise 4 193

Anaconda Documentation, Release 2.0

194 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Searching for a project or file

• Types of files searched

• Search indexing
• Using search constructs
• Searching metadata fields
• Searching a project
• Saving a search
• Removing a saved search

To search for projects and files, use the Search box in the AEN navigation bar. The search provides different results
depending on which page you search from:
• On a project home page, search results include any files that match your search criteria within the current project.
• On any other AEN page, search results include any files that match your search criteria within all projects.
TIP: Your search results include only files and projects that you can view: public projects, and private projects to
which you have a minimum of view access.

Types of files searched

The following types of files are included in search results:

• .py—Python source files.
• .ipynb—IPython/Jupyter notebooks.
• .txt—plain text files.
• .md—Markdown files.

Search indexing

Files that are modified while a project is running are automatically re-indexed shortly after the files are modified. If
you create or update a large number of files—such as cloning a git repository or copying a directory—search results
may take several minutes to update.
Files that are modified while the project is not running are re-indexed only after the project is started.

Using search constructs

You can use the following search constructs:

• Ordinary words will match the full-text contents of any file.
• Wildcards are permitted.
EXAMPLE: John* will match John and Johnny. These are glob patterns and are similar to their usage in the
command line.
• Combine queries using AND or OR, and group them using parentheses ().

3.1. Anaconda Enterprise 4 195

Anaconda Documentation, Release 2.0

Regular expression patterns can be embedded in the query string by wrapping them in forward-slashes (/):

name:/joh?n(ath[oa]n)/

The supported regular expression syntax is explained in the Elasticsearch reference.

NOTE: Wildcards apply inside a regular expression. A query string such as /.*n/ would force the search to visit
every term in the index.

Searching metadata fields

You can search in specific metadata fields:

• imports:name—matches files that import the module name.
• uses:name—matches files that reference the identifier name. Referenced names include any functions and
globals imported from other modules, as well as the names of any methods invoked on any object.
• defines:name—matches files that define the identifier name. Defined names include functions defined at
global scope, class names, and method names within classes.
• acl:user—matches files in which the named user has read access or higher.

Searching a project

1. In the Search box, type a string of text:

TIP: Search by glob patterns, which are similar to file matching in the command line.
EXAMPLE: To find projects in the test family that are numbered from 00 to 99, search for Test-??. To find
all projects whose name ends with “Stats,” search for *Stats.
2. Press Enter.
3. In the search results, click the plus + icon above a project name to show a list of matching files in the selected
project:

TIP: Click the project name to open the project’s home page.
4. To view a file, click its file name in the matching files list:

196 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Saving a search

1. At the top of the search results, click Save this search:

The “save this search” text changes to “stored” and your search is saved. Your saved searches are listed on your home
page.

Removing a saved search

On your home page, in the Saved searches section, click X next the saved search that you want to remove:

3.1. Anaconda Enterprise 4 197

Anaconda Documentation, Release 2.0

Adding and removing team members on a project

1. On the project home page, click the Project Settings icon to open the Project Settings page.

2. In the Settings menu, select Team.

Adding a team member

1. In the username box, type in the first few letters of the username for the team member you want to add to the
project.
2. In the list of usernames that displays, click the user to add.
3. Click the Add button.

198 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Removing a team member

Click the red Remove link next to the name of the user you want to remove from the project.

Controlling access to your project

• Controlling team member access

• Controlling non-team member access

Controlling team member access

By default, all of the team members on a project have read and write access permissions for all project assets.
The available permissions are read, write and execute. If you remove all individual or group permissions for a project
asset, team members will not be able to access that asset.
To change a project’s permissions:
1. Open the project’s home page.
2. Click the Workbench icon.
3. In the Workbench app, right-click the file or folder you want to limit access to.
NOTE: When you change a folder’s permissions, the permissions of files and folders inside it do not change.
You may change the permissions of those files and folders manually.
4. In the menu that displays, select Permissions:

A list of owners and team members who have access to your project is displayed.
5. Find the team member you want to change access for:

6. Next to the team member’s name, select or deselect the permissions for that user.
NOTE: You can add a team member and set their access at the same time by typing their name in a username
box, setting their permissions, and then clicking the Add button.
7. Click the Submit button.
The selected permissions are added, and the deselected permissions are removed.
NOTE: If a team member is in the Workbench application when you give them access, they must refresh their browser
window to see their current permissions.

3.1. Anaconda Enterprise 4 199

Anaconda Documentation, Release 2.0

200 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Controlling non-team member access

You can choose to grant file or folder access to someone who is not part of the project team, as long as that person has
an AEN account.
Sharing with individuals outside the team is a four step process:
1. Copy or move the file or folder to your home directory.
2. Give the user read and execute access to your home directory.
3. Add the user to the file’s permissions.
4. Have the user add your directory to their workbench.

Copying a file or folder to your home directory

Your home directory is displayed at the bottom of the File Manager pane in the Workbench.
To protect the other files and folders in your home directory—those you are not providing permissions to a user to
access—we recommended that you:
1. Create a sub-folder.
2. Rename the folder with the name of the user you are granting access to.
3. Copy or move the file you want to grant permissions for to the renamed folder.
The file is copied or moved to the new location and is ready for you to update the file permissions.

Granting file access

You must select read and execute access for a user to be able to view, but not edit, the files or folders.
1. Right-click the name of the file or folder you are granting access to.
2. In the menu that is displayed, select Permissions.
3. Click the Add button.
4. Type the username of the user to whom you are granting file access and press Enter.
TIP: If you grant access to a folder instead of a specific file, you only have to set permissions the first time you share
the folder with each user, unless you need to update the permissions.

Adding file permissions for a user

Once a user is included in your Permissions list, you must add the correct permissions for the user, in the same way
as you would for a team member.
Once complete, depending on the access granted, the user will be able to view, read, change, and execute the file.
NOTE: If you change permissions for a folder instead of a file, the user will be able to see and access any files within
that folder.

3.1. Anaconda Enterprise 4 201

Anaconda Documentation, Release 2.0

Adding a directory to a user’s workbench

The user can now add your home directory to their Workbench File Manager.
To add your home directory to another user’s workbench, have the other user follow these steps:
1. Click the Show Directory button at the top of the Workbench File Manager:

The Show Directories dialog box displays.

2. In the text box, type /home/[yourusername].
NOTE: Replace [yourusername] with your AEN username.

3. Click the Show button.

4. Verify that the folder is now displayed below the text box:

5. Close the Show Directories dialog box by clicking the X in the upper-right corner or by clicking anywhere
outside the box.

202 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

6. Click the Refresh button.

The shared file is displayed in the File Manager:

Starting and stopping a project

TIP: Stopping a project stops all the applications launched for that project that use resources when running, such as
memory and compute cycles. It is best to stop projects when they are not in use.
1. On the project home page, click the Project Settings icon to open the Project Settings page.

2. In the Settings menu, select Project.

3. In the Status section, click the Start or Stop button to toggle between manually starting and stopping your project.

3.1. Anaconda Enterprise 4 203

Anaconda Documentation, Release 2.0

Making a project public or private

1. On the project home page, click the Project Settings icon to open the Project Settings page.

2. In the Settings menu, select Admin.

3. Click the Make Public button.

4. If the project is already public and you want to make it private, click the Make Private button.

Tagging a project

Existing tags assigned to a project are listed in the Tags section on the project’s home page.

Adding a tag

1. In the Tags box, type the name of the tag you want to add:

204 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

2. Click the Add button.

The new tag is added to the Tags list:

If the tag was not already in the Top Tags list on your user home page, it is added. If the tag was already listed
because another project used it, the number next to the tag is incremented:

Removing a tag

1. On your user home page, in the Top Tags list, click the tag name.

1. In the Tags list, click the X button next to tag name.

3.1. Anaconda Enterprise 4 205

Anaconda Documentation, Release 2.0

Starring a project (rating)

Starring a project makes it appear on your user home page in the Top Rated list.
Adding or removing stars for a project does not affect the stars added by other users.
1. Open the project that you want to star.
2. On the project home page, click the Star icon at the upper right:

3. To unstar a project, click the Star icon again.

Claim ownership of a project

When you claim ownership of a project, ownership of all files and folders created by the team members on the project
is transferred to you. Project files and folders are copied and renamed.
1. Stop the project to prevent team members from making changes while you are changing ownership.
2. On the project home page, click the Project Settings icon to open the Project Settings page.

3. In the Settings menu, select Admin.

4. Click the Reclaim ownership button.

206 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Changing a project’s summary or description

1. On the project home page, click the Project Settings icon to open the Project Settings page.

2. In the Settings menu, select Project.

3. Update your project’s summary using plain text or its description using Markdown syntax.
4. Click the Preview tab to see a preview of the Markdown description.
5. Click the Submit button.

Viewing a project’s status

1. On the project home page, click the Project Settings icon to open the Project Settings page.

3.1. Anaconda Enterprise 4 207

Anaconda Documentation, Release 2.0

2. In the Settings menu, select Info.

On the Info page, you can see:

• Whether the project is currently running or stopped.
• When the project was created.
• When the project was last accessed.
• The data center in which the project is running.

Viewing related projects

Related projects are listed on a project’s home page.

These are projects that contain fields that are most similar to the current project.
TIP: You will only see projects to which you have been granted access: public projects, and private projects on which
you are a team member.

How related projects are identified

To determine which projects should be listed in Related Projects:

1. The recommendation engine scans the current project’s files and weights the terms found to determine which of
them to use for the likeness search.

208 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

3.1. Anaconda Enterprise 4 209

Anaconda Documentation, Release 2.0

2. The engine performs a search, with extra weight given to the “uses” and “imports” keywords.
3. The engine finds the files and projects that are most similar to the current project and scores the results.
4. The top-scoring matches are displayed in Related Projects. Only public projects and private projects to which
you have access are included.

Viewing top-rated projects

Top-rated projects are listed on your home page:

The number next to a project represents the number of stars that have been given to that project.
Click a project name to view the project’s home page.

Using tags to find a project

The top tags used on your projects are listed on your home page:

To list all projects that share a specific tag, click the tag name:

210 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

A list of projects with the selected tag is displayed:

TIP: The list includes only projects that you have access to: public projects, and private projects on which you are a
team member.
Click a project name to open the project’s home page.

Viewing your top collaborators

Your top collaborators are listed on your home page:

3.1. Anaconda Enterprise 4 211

Anaconda Documentation, Release 2.0

These are the team members who have the most projects in common with you.
To view a collaborator’s home page—where you can see all public projects and the private projects they have shared
with you—click the collaborator’s name.

Sharing projects and notebooks

For information on sharing projects via the project settings and access control, see Sharing projects.
To upload a Jupyter Notebook to Anaconda Repository:
1. Log in to Repository by running the anaconda login command or by using the login user interface provided
by the nbextension.
CAUTION: If you are not using a secure connection, we strongly recommended that you use the command line
to log in.
2. To share your notebook environment, select the Attach conda environment checkbox. This ensures that your
team members will have the right environment for your notebook.
3. Click the Upload button to upload your notebook to your local Repository or to Anaconda.org, depending on
how your administrator has set up AEN:

NOTE: If you have not yet logged into Repository or Anaconda Cloud, or have not created an account, you will
be asked to do so.

Other ways to share a notebook

• Print—In the File menu, select Print.

• Download and share—In the File menu, select one of the following options:
– Download as Notebook.
– Download as Python.

212 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

– Download as HTML.
– Download as Markdown.
– Download as ReStructured Text.
– Download as PDF.
• Share and control team members’ direct access to read, write and/or execute your notebook file or folder. For
more information, see Controlling access to your project.
• Share and control non-team members’ file or folder access. For more information, see Controlling access to
your project.
• Create a presentation with NBPresent 4.1.

Deleting a project

CAUTION: Deleting a project deletes all project files and information! There is no undo option.
1. Download a copy of any project files that you need to save.
2. On the project home page, click the Project Settings icon to open the Project Settings page.

3. In the Settings menu, select Admin.

4. Click the Delete button.

Using AEN applications

The applications in your project make it easy for you to interact with your files and data, manage your project’s
resources and to customize your AEN experience.
To use applications, log into AEN, then select the project you want to work on or create a new project and open it.

3.1. Anaconda Enterprise 4 213

Anaconda Documentation, Release 2.0

On the project home page, the following application icons are displayed:

TIP: Each application opens in a new browser tab. You can run multiple applications at the same time in your project.
For more information on each AEN application, see:
• Using Workbench—File viewer and manager, including permissions settings.
• Using Viewer—View-only versions of notebooks and other text files.
• Using JupyterLab—Alpha preview of the next generation notebook.
• Using Terminal—Basic bash shell Terminal.
• Using Jupyter Notebook—Jupyter Notebooks with extensions.
• Using Compute Resource Configuration—Project information, view and manage applications.

Using Workbench

• Opening Workbench
• Using File Manager
• Opening the Workbench terminal

Workbench is a file viewer and manager that includes a file editor and file permissions manager.
You can use Workbench to:
• Upload and download files using the File Manager.
• Create new files and folders using the File Manager.
• Copy and move files to new locations using the File Manager.
• Rename files and/or folders using the File Manager.
• Manage the access permissions of team members.
• Grant or revoke access to non-team members.
Workbench also includes a simple Terminal application, which is convenient because the File Manager is always
visible, making navigation simple.
When you first open Workbench, the File Manager is displayed in the left pane, and the Create a New File and Upload
a New File buttons are in the right pane:

214 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

When you open a file or Workbench Terminal, it is displayed in the right pane. To make the Create or Upload a file
options re-appear, refresh your browser window.
Two small icons are displayed in the black navigation bar at the top of the Workbench page. Hovering over them
displays tool tips that describe their use:
• The Toggle icon displays or hides the File Manager.
• The Terminal icon opens a simple terminal window.

Opening Workbench

To open Workbench:
1. Log in to AEN.
2. Select the project you want to work on, or create a new project and open it.
3. On the project home page, click the Workbench icon:

Workbench opens in a new browser window.

Using File Manager

The File Manager is an intuitive way to interact with your files and folders.

Using the options drop-down menu

To perform any of the actions described below:

1. Right-click on any folder to display the options drop-down menu.
2. Select one of the following options:
• New File—Create and edit a new file.

3.1. Anaconda Enterprise 4 215

Anaconda Documentation, Release 2.0

• New Folder—Create a new folder.

• Upload File—Upload a file to the selected folder. You can also drag a file to the folder.
• Permissions—Control access to files and folders.
• Cut—Cut the selected file or folder.
• Copy—Copy the selected file or folder.
• Paste—Paste a previously cut or copied file or folder.
• Delete—Delete the highlighted file or folder.
• Rename—Rename the highlighted file or folder.

Editing files using the File Editor

1. Double-click any text file in the File Manager.

The File Editor opens in the right pane:

2. When you finish editing the file, click the Save button.
NOTE: To close the file without saving, click the X at the top of the page under the file name.

Opening the Workbench terminal

In the navigation bar, click the Open terminal icon:

216 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

A Terminal—bash shell—is displayed in the right pane.

TIP: You can open additional terminals by clicking the Open terminal icon again, or by clicking the Plus + icon at the
top of an open terminal.
To move between terminal windows, click the Terminal tab in the navigation bar, then select the number of the
terminal window you want to work in.

Using Viewer

The Viewer application displays a static, view-only version of your notebooks and other text files by rendering the text
files directly and using the NBConvert tool to convert notebooks to static HTML.
1. Log in to AEN.
2. Select the project you want to work on, or create a new project and open it.
3. On the project home page, click the Viewer icon.
Viewer opens in a new browser window:

4. Click any folder to view its contents, or click any filename to view the file.
5. To search for a file or folder name, type text in the Find File box, then press the Enter key. This is not a full-text
search, but wildcards are permitted.

Using JupyterLab

JupyterLab is an early alpha-preview of the next generation of the Jupyter Notebook. It is included so that you can
take a tour and play with its capabilities.
CAUTION: JupyterLab is experimental. It is not yet intended for production work.
JupyterLab does not include any of the notebook extensions that are available in the Jupyter Notebook app.

3.1. Anaconda Enterprise 4 217

Anaconda Documentation, Release 2.0

For more information about JupyterLab, see the documentation.

You can also download and print a Jupyter cheat sheet on using Jupyter Notebook and the new JupyterLab.
To open JupyterLab:
1. Log in to AEN.
2. Select the project you want to work on, or create a new project and open it.
3. On the project home page, click on the JupyterLab icon.
JupyterLab opens in a new browser window:

Experiment with the application on your own, using the Notebook, Editor, Terminal and Console menus.
To review a guided tour of all of the features JupyterLab will contain when it is ready for production, click the Take a
tour link in the right pane.

Using Terminal

The Terminal application is a simple bash shell terminal that runs in your browser:

Using Terminal, you can:

• Access your home directory and your project drive.

218 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

• Open multiple shells within one instance of Terminal.

• Open multiple instances of Terminal in the same browser window.
1. Log in to AEN.
2. Select a project you want to work on, or create a new project and open it.
3. On the project home page, click the Terminal icon:

Terminal opens the project directory in a new browser window.

By default, the project directory is /projects/username/project-name.
EXAMPLE: /projects/TestUser/MyFirstNotebook
4. To see the physical path of your directory, run the Print Working Directory command pwd -P.
TIP: The physical path -P is important because project attaches data to the beginning of your virtual path to
keep your project files together.
5. To navigate out of your project directory to your home directory, run the command cd.
6. To return to your project directory, run the command cd/projects/username/project-name.
TIP: If you are new to navigating in a terminal, you may want to use the Workbench terminal, which includes a visual
navigation tree in the File Manager.

3.1. Anaconda Enterprise 4 219

Anaconda Documentation, Release 2.0

Using multiple Terminals

You can open as many terminals as you want.

To open another shell in the terminal, in the upper left of the pane, click the plus + icon.

A corresponding number appears after the plus + icon and 1.

To move to another Terminal, click the corresponding number.
The color of the number tab changes to show which terminal is currently selected.

Using Jupyter Notebook

• Opening the Jupyter Notebook application

• Using example notebooks
• Creating a new Jupyter Notebook

The Jupyter Notebook application allows you to create and edit documents that display the input and output of a
Python or R language script. Once saved, you can share these files with others.
NOTE: Python and R language are included by default, but with customization, Notebook can run several other kernel
environments.
This page provides a brief introduction to Jupyter Notebooks for AEN users.
For the official Jupyter Notebook user instructions, see Jupyter documentation.
For information on the notebook extensions available in AEN, see Using Jupyter Notebook extensions.

Opening the Jupyter Notebook application

1. Log in to AEN.
2. Select the project you want to work on, or create a new project and open it.
3. On the project home page, click the Jupyter Notebook icon:

220 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Jupyter Notebook opens in a new browser window:

TIP: You can see the same File Manager in the Terminal, Workbench, and Viewer applications.

Using example notebooks

The Examples folder in Jupyter Notebook contains several types of Notebook examples created in Python—and one
with R language—kernel environments.
Open any example notebook to experiment and see how it works.

Creating a new Jupyter Notebook

1. An the top right of the Files tab, click the New button.

2. Select the kernel environment to create your new notebook in.

NOTE: Customizable Python and R Language kernel environments are automatically created for you during
project creation.
• Your project’s default conda env kernels are a cloned copy of the root environment. You can customize
them and install and delete additional packages.
• Root environment is managed by your Administrator. You cannot make or save any changes to it.

3.1. Anaconda Enterprise 4 221

Anaconda Documentation, Release 2.0

• You can switch between Python, R language and any other custom kernels in the notebook as you work in
your notebook. For more information, see Using the Synchronize Environments extension.
The new notebook is saved in the related project directory and displayed.

Using Jupyter Notebook extensions

The following extensions are available for use with AEN’s Jupyter Notebook application:
• Synchronize Environments with Jupyter from the Kernel menu.
• Locking adds multi-user capability from the Lock button.
• Revision Control Mechanism (RCM) adds Status, Checkout and Commit buttons.
• Conda environment and package management tab.
• Conda notebook adds conda management inside Notebook from the Kernel > Conda Packages menu option.
• Anaconda Cloud integration from the Publish to cloud button.
• Notebook Present turns your notebook into a PowerPoint-style presentation.

Using the Synchronize Environments extension

The Synchronize Environments extension allows you to apply a Python, R language or any other custom environment
inside your current notebook session, without needing to start up several Notebook instances using each of the selected
environments.
To change environments:
1. Open the Kernel menu.

222 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

2. Click the Change kernel option.

3. From the list, select the environment to use.
NOTE: In AEN 4.1+ the default kernel for projects is default. In versions prior to 4.0, the default kernel for projects
is root Python.

Using the Locking extension

Multi-user capabilities are engaged in AEN when multiple users work in the same notebook file.
The Locking extension allows you to lock a notebook to prevent multiple team members from making changes at the
same time. Notebooks are automatically locked when you open them.
If team members open a notebook and make changes while it is locked, their save capability is disabled, and they
cannot overwrite the notebook.
To override the lock, they must actively take control of the locked file by clicking the Lock icon in the Notebook menu
bar:

NOTE: This is a soft locking model. Team members can choose to override your lock to save their work. If you give
team members write access to your files, confirm that they understand that they should never unlock your file unless
they are making meaningful, non-destructive team contributions.

Using the Revision Control Mechanism extension

The Revision Control Mechanism (RCM) Jupyter Notebook extension provides simple version control for notebook
files. It uses the internal Jupyter functionality to perform tasks.
On the surface, RCM uses a simple linear model, but beneath that is a more complex git-based branching model. To
prevent merge conflicts, this model uses a “latest wins” policy as its main merging strategy.

3.1. Anaconda Enterprise 4 223

Anaconda Documentation, Release 2.0

The RCM Jupyter Notebook extension adds four buttons:

• Status.
• Checkout.
• Commit.
• Configure git.
TIP: If you do not see the RCM buttons, see Setting up RCM for the first time.

Using the Status button

The Status button allows you to see what revision you are on.
Clicking the Status button displays:

Using the Checkout button

The Checkout button allows you to view a list of the previous revision points, check out a previous revision or compare
differences between revisions.
Clicking the Checkout button displays:

Checking out a previous revision

To checkout a notebook at an earlier revision point:

1. Select the checkbox next to the desired revision point.
2. Click the OK button.
A copy of the notebook at the selected revision point is displayed.
NOTE: If you have not saved the work in your current project window, checking out a previous revision destroys it. If
in doubt, click the Cancel button and save your work before reverting to a previous revision point.

224 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

3.1. Anaconda Enterprise 4 225

Anaconda Documentation, Release 2.0

Comparing revisions

To compare 2 previous revision points:

1. Select the checkboxes of the revision points to compare.
2. Click the View Diff button.
A side-by-side comparison is displayed.
Click the Cancel button to close the differences window.

Using the Commit button

The Commit button allows you to save or persist the current changes, keeping a permanent record of any changes that
are introduced, so that you do not have to worry about losing important data.
Clicking the Commit button displays:

1. Enter a description of the changes in the commit as a reminder in case you need to revert back to it later.
2. Click the OK button.
Your changes are committed and a revision point is created.

226 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

If Git user name and user email are not set, the following window appears:

Configure Git and then try to commit again.

TIP: You can roll back committed changes by checking out a previous version.

Using the Configure git button

The Configure git button allows you to configure Git user name and email values.
After clicking the Configure Git button, the following window appears:

Enter user name and e-mail address. Click the OK button when finished.

Setting up RCM for the first time

If you do not see the RCM buttons in your notebook:

3.1. Anaconda Enterprise 4 227

Anaconda Documentation, Release 2.0

1. Go to the project home page.

2. Open the Terminal application.
3. In the terminal window, run:

git config --global user.email "[email protected]"

git config --global user.name "Your Name"

NOTE: Change [email protected] to your email address, and Your Name to your actual name.
4. Open Jupyter Notebook and refresh the page.

Using the NBConda extension

The NBConda extension adds a Conda tab to your notebook for easy environment and package management from
within the notebook.

Click the Conda tab in a notebook to display:

• Conda environments list—export, clone or delete an environment in the action column, or create a new environ-
ment by clicking the plus + icon. Switch to an environment by clicking it; packages for that environment are
displayed below in the installed packages list.

228 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

• Conda available packages list—for the selected environment in currently configured channels, search for pack-
ages and click a package name to install it.
• Installed packages list—in the selected environment, check for updates, update or delete selected packages.
TIP: While you are in any notebook, you can jump to the NBConda extension for that environment by clicking the
Kernel menu and selecting Conda Packages:

Using the Conda Notebook extension

The Conda Notebook extension adds the Conda Packages option to the Kernel menu.
Select the Conda Packages option to display a list of all of the Conda packages that are currently used in the environ-
ment associated with the running kernel, as well as any available packages.
From the Conda Packages option, you can perform all of the tasks available in the Conda tab, but they will only apply
to the current environment.

Using the Anaconda Cloud extension

The Anaconda Cloud extension adds the Cloud button to your notebook, allowing you to easily upload your notebook
to Cloud:

3.1. Anaconda Enterprise 4 229

Anaconda Documentation, Release 2.0

Using the Notebook Present extension

The AEN Notebook Present extension turns your notebook into a Microsoft PowerPoint-style presentation.
The Present extension adds 2 buttons to Notebook’s menu bar—Edit Presentation and Show Presentation:

To begin using Notebook Present, click the Edit Presentation button.

The Notebook Present sidebar is displayed on the right side of your browser:
Clicking each icon changes the menu and layout of your notebook.
Clicking the Help icon displays 3 tours—demonstrations—of the main features of Present:
• Intro tour.
• Slides tour.
• Editor tour.

Select one of the tours to view a short presentation regarding the specifics of that feature.

230 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Intro tour

The Intro tour is a 2-minute presentation that explains how to use the main features of Present, including a description
of each button’s purpose.
NOTE: At any time, you can pause, go back to the previous or move forward to the next slide.
The following information is covered in the Intro tour:
• App Bar—When Authoring, this allows you control the content and style of your presentation. It also can be
used to activate several keyboard shortcuts for editing:

• Stop Authoring—Clicking the Edit Presentation button again stops Authoring, and removes all keyboard short-
cuts.
• Show Presentation—If you just want to run your presentation without using any Authoring tools, just click the
Show Presentation button.
• Presenting/Authoring—Once you’ve made some slides, start Presenting, where you can use most Notebook
functions with the Theme we have defined, as well as customize slides on the fly.
• Slides button—Slides, made of Regions linked to Cell Parts are the bread and butter of any presentation, and
can be imported, created, linked, reordered, and edited here.

3.1. Anaconda Enterprise 4 231

Anaconda Documentation, Release 2.0

232 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

• Theming—Theming lets you select from existing colors, typography, and backgrounds to make distinctive pre-
sentations. The first theme you select will become the default, while you can choose custom themes for a
particular slide, like a title.

• Saving—Whenever you save your Notebook, all your presentation data will be stored right in the Notebook
.ipynb file.

3.1. Anaconda Enterprise 4 233

Anaconda Documentation, Release 2.0

• Downloading—After you’ve made a presentation, you can download it as an HTML page by choosing Download
→ Download As: Presentation (.html) in the menu.
• Help—Activate Help at any time to try other tours, connect with the Present developers and community, and
other information.

Slides tour

Slides make up a presentation. Clicking Slides toggles the sorter view and the Slide Toolbar on and off:

The Slides tour explains how to create and manage slides, including the following information:
• Slide Toolbar—Create a new slide. Clicking + Slide will offer some choices for creating your new slide.
• Import—The quickest way to create a presentation is to import each cell as a slide. If you’ve already created
slides with the official slideshow cell toolbar or RISE, you can import most of that content.
• Template Library—You can create a presentation from an existing template.
– Reuse Slide as Template—You can create a presentation based on an existing slide.
– Simple Template—A common template is the Quad Chart, with four pieces of content arranged in a grid.
• Region—The Quad Chart has four Regions. To select a region, click it.
– Link a Region to a Cell Part—Each Region can be linked to a single Cell Part using the Link Overlay,
which shows all of the parts available.

* Cell Part: Source (blue)–Source, such as code and Markdown text.

234 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

* Cell Part: Outputs (red)–Outputs, such as rich figures and script results.
* Cell Part: Widgets (purple)–Jupyter widgets, interactive widgets that provide both visualization and
user input.

* Cell Part: Whole (orange)–Finally, a Whole Cell, including its Source, Widgets and Outputs can be
linked to a single region.
– Unlink a region from a Cell Part—Unlinking removes the connection between a region and a cell part,
without deleting either one.
– Region: Trashing—Trashing a Region permanently deletes it, without affecting any linked Cell Part.
– Part Thumbnail—We’ll try to draw a part thumbnail. It can only be reliably updated when a linked Cell
Part is on-screen when you mouse over it, but you should usually be able to get an idea of what you’re
seeing. The colors of the regions correspond to the cell types.
• Presenting—Clicking the Present button while editing brings up the Presenter with editing mode still enabled:
– Linked inputs and widgets are still interactive.
– Go forward—Click to go to the next slide
– Go back—Click to go back to the previous slide
– Go back to the beginning—Click to go back to the first slide
– My work is done here—Click to go back to the Notebook.

Editor tour

Once you’ve made a few slides, you’ll likely want to customize them. The Editor tour explains how to edit your
notebook, including the following information:
• Editing Slides—Activate the Slide Editor by double-clicking it, or by clicking Edit Slide.
• Region Editor—Click to drag Regions around and resize them.
• Region Tree—Reorder Regions and see the details of how Regions will show their linked Parts.
• Add Region—Add new regions.
• Attribute Editor—Edit the properties of a region.
• Data Layouts—In addition to manually moving regions, you can apply these layouts to automatically fill your
slides.
• More Regions—Add more regions—with a weight of 1.
• Tree Weight—Make a Region bigger or smaller, based on its relative weight.
• 12 Grid—A compromise between the Free and Treemap layouts, the 12 Grid option rounds all of the values in
a layout to a factor of 12.

Using Compute Resource Configuration

The Compute Resource Configuration (CRC) application displays information about the current project and allows you
to set a custom project environment and view and manage your other AEN applications, including stopping, starting,
restarting and viewing the logs of each.
The CRC application screen contains 3 sections:
• Info.

3.1. Anaconda Enterprise 4 235

Anaconda Documentation, Release 2.0

• Conda environment.
• Running apps.

Info

The Info section displays:

• Hostname—IP address of the host computer.
• Project Home—File path to the project home.
• Project RC file—File path to the project runtime configuration file .projectrc. This file is sourced when
a user opens any AEN application. It sets several AEN internal environment variables, sets up the project
environment and sets additional user environment variables for the project.

Conda environment

This section displays the path to the default conda environment.

CAUTION: Changing the default environment will affect all users. Be sure that no team members have any unsaved
documents before changing the project environment.
To change the default conda environment location:
1. Edit the path to point to your preferred conda environment.
2. Click the Set Project Environment button.
Your .projectrc file is modified.

236 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Running apps

The Running Apps section displays a list of users and the applications that are in use, as well as when the app was last
modified.
To terminate any individual application, click the Terminate button.
To stop and re-launch any individual application, click the Relaunch button.
To review the run logs of any active application, which may be useful for troubleshooting, click the Logs button.

Managing your account

• Updating your public profile

• Changing your password
• Deleting your AEN account
• Viewing account operations
• Registering an application

To access your account information, click the User Settings icon in the AEN navigation bar:

Updating your public profile

Your public profile is made up of a name, a personal URL, your company and location.
1. In the left navigation pane, click the Public Profile tab.
2. To update your profile picture, create a Gravatar that is associated with the email address you used to create your
AEN account. The gravatar will automatically appear.

Changing your password

1. In the left navigation pane, click the Account Settings tab.

Deleting your AEN account

1. In the left navigation pane, click the Account Settings tab.

3.1. Anaconda Enterprise 4 237

Anaconda Documentation, Release 2.0

Viewing account operations

1. In the left navigation pane, click the Security Log tab to view a list of operations performed on your account.

2. For more information about an operation, click the Eye icon to the left of the the operation name.

Registering an application

If you want to create an application for AEN or have already done so, you must register your application.
1. In the left navigation pane, click the Applications tab.

238 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

2. Click the Register New Application button to open a form for registering your application.

Advanced tasks

Advanced tasks are best-suited for users who are comfortable working in a Terminal.

Working with environments

AEN runs on conda, a package management system and environment management system for installing multiple
versions of software packages and their dependencies and switching easily between them.
A conda environment usually includes 1 version of Python or R language and some packages.
The ability to have a custom project environment is one of the most powerful features of AEN. Your project environ-
ment is integrated so that all of your project applications recognize it and all of your team members have access to
it.
This section contains information about:
• Creating a default conda environment using the Jupyter Notebook application
• Creating a default conda environment using the Jupyter Notebook application
• Using your conda environment in a notebook
• Customizing your conda environment
• Installing a conda package using Terminal
• Installing a conda package using Notebook
• Uninstalling a conda package
NOTE: This conda environments guide is specific to AEN. For full conda documentation—including cheat sheets, a
conda test drive, and command reference—see the conda documentation.

Creating a default conda environment using the Jupyter Notebook application

You can create, activate, and install packages and deactivate environments from within the Notebook menu bar.
To install from the Notebook menu bar:
1. Click the Conda tab and select the plus sign icon.
2. Search for numpy in the package search box.
3. Select numpy from the search results.

1. Click the Install button.

The environment is added to the project’s env directory.

3.1. Anaconda Enterprise 4 239

Anaconda Documentation, Release 2.0

Creating a default conda environment using Terminal

In AEN, all new environments created with conda automatically include Python, Jupyter Notebooks and pip. You can
specify any other packages you want included in your new environment.
TIP: By default, conda creates a new environment in your project’s env directory—so that all team members have
access to the environment. For information about limiting your team member’s read, write or execute permissions, see
Workbench.
To create a new environment within your AEN account, run the command conda in a Terminal application.
EXAMPLE: To create a new environment named WeatherModel that contains Python, NumPy, pip and Jupyter
Notebooks in your project’s env directory:
1. Log in to AEN.
2. Open a project.
3. On the project home page, click the Terminal application icon to open a Terminal.
4. Create the environment:

conda create -n WeatherModel numpy

TIP: Python, pip and Jupyter Notebooks are automatically installed in each new environment. You only need to
specify NumPy in this command.
5. Make the new environment your default:

source activate WeatherModel

6. To use your new environment with Jupyter Notebooks, open the Notebook application.
7. Click the New button to open a new notebook. In the drop-down menu under Notebooks, the environment you
just created is displayed.
8. To activate that environment, select it.
The environment is added to the project’s env directory.

240 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

NOTE: You can deactivate the new environment when you are finished with your notebook by opening the Terminal
application and running the command source deactivate.

Using your conda environment in a notebook

Whether you have created an environment using conda in a terminal, or from the Conda tab in a notebook, you can
use the conda environment in the same way.
When working in a notebook, to select the environment you have created and want to use with that notebook, in the
Kernel menu, select Change Kernel.
EXAMPLE: If you have an environment named my_env in a project named test1 that includes NumPy and SciPy
and you want to use that environment in your notebook, in the Kernel menu, select Python [conda env:test1-my_env].
The notebook code will run in that environment and can import NumPy and SciPy functions.

Customizing your conda environment

If you need a Python package that AEN doesn’t include by default, you can install additional packages into your AEN
environment.
TIP: You cannot install packages into the default Anaconda environment. You must create your own environment
before installing a new package into that environment.
AEN is built on Anaconda, so you can install additional Python packages using conda or pip—both of which are
included with Anaconda.

Installing a conda package using Terminal

To install a conda package using the Terminal application:

1. Create and activate the environment using the steps in Creating a default conda environment using the Jupyter
Notebook application.
2. In your Terminal application, run the command conda install <packagename>.
NOTE: Be sure to specify the Python version you want when using conda to create the environment, or it will
use the same version as root.
EXAMPLE:
conda create -n mypy3 python=3 numpy scipy

A conda environment named mypy3, running on Python 3 and containing NumPy and SciPy is created. All
subsequent packages added to this environment will be the Python 3 compatible versions.

3.1. Anaconda Enterprise 4 241

Anaconda Documentation, Release 2.0

Installing a conda package using Notebook

You can also install the package within your notebook without using the terminal app:
1. From the Notebook application, click the Conda tab.
2. Select the environment you wish to use.
3. Search for the package you want to add.
4. Click the Install button.

Uninstalling a conda package

To uninstall a package using this method, run the command conda remove <packagename>.
NOTE: Replace <packagename> with the name of the package you are uninstalling.

Using visualization packages

AEN supports multiple visualization packages for Python and R language.

For Python, the default environment has Matplotlib and Bokeh installed.
For R language, the default environment has r-ggplot2 and r-bokeh installed.

Matplotlib

Matplotlib is a Python 2D and 3D plotting and visualization library that produces publication-quality figures in a
variety of hardcopy formats and interactive environments across platforms.
To display Matplotlib figures in the output cells of a notebook running the default environment, run:

import matplotlib.pyplot as plt

%matplotlib inline

Any Matplotlib figures in the notebook are displayed in it’s output cells.
EXAMPLE: The following screenshot is of a cumulative density function (CDF) plot using values taken from a normal
distribution:

For more information, including a gallery, examples, documentation and a list of plotting commands, see the Mat-
plotlib website.

Bokeh

Bokeh is an interactive visualization library that targets modern web browsers to provide elegant, concise construction
of novel graphics.
To display Bokeh figures in the output cells of a notebook running the default environment, run:

242 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

from bokeh.io import output_notebook, show

output_notebook()

Any Bokeh figures in the notebook are displayed in its output cells.
The following screenshot is of a scatter plot of miles-per-gallon vs. horsepower for 392 automobiles using the
autompg sample dataset:

ggplot2

Ggplot2 is a plotting system for R language which is based on the grammar of graphics. Ggplot2 tries to take only the
good parts of base and lattice graphics and none of the bad parts.
To use ggplot2 with AEN:
1. Open a new Notebook using the R kernel.
2. Load the ggplot2 library with the following code:

3.1. Anaconda Enterprise 4 243

Anaconda Documentation, Release 2.0

library(ggplot2)

The ggplot2 library is loaded and ready for use in AEN.

The following screenshot is of a scatter plot of sepal width vs sepal length using the iris dataset provided by the
dplyr library:

Using environment variables

Some Python packages depend on environment variables for correct operation.

EXAMPLE: Theano requires that the directory containing the CUDA compiler is included in the $PATH environment
variable in order for GPU acceleration to be enabled.
To change environment variables for all AEN applications, modify the project runtime configuration file .
projectrc. For more information, see Using Compute Resource Configuration.
.projectrc sets several AEN internal environment variables, sets up the project environment and can set additional
user environment variables for that project. This file is sourced when a user opens any AEN application—including
Jupyter Notebook—and Jupyter kernels will be able to read the included environment variables.

Cheat sheet

See the Anaconda Enterprise Notebooks cheat sheet PDF (232 KB) for a single-page summary of the
most important information about using AEN.

Troubleshooting

This troubleshooting guide provides you with ways to deal with issues that may occur with your AEN installation.

244 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

AEN application not working properly

An AEN application is not working as expected.

Cause

There are several reasons an application may not work as expected.

Solution

Most AEN application issues can be resolved by following these steps:

1. Refresh the page.
2. If the issue is not resolved, close and open the application.
3. If the issue is not resolved, stop and restart your project.
4. If the issue is not resolved, check that you are using the latest version of your web browser—Chrome, Safari,
Edge, or Firefox.
5. Log out of AEN.
6. Restart your browser, and log back in.
If you continue to have issues, then please contact your administrator or enterprise support representative.

Admin guide

This administrator guide provides information about the administration of an AEN installation.
Most AEN system management is done from the administrative user interface (admin UI). Some advanced tasks are
done using the command line.
Any AEN user account can be upgraded to an administrator account to have both user and administrator privileges.
Administrators see two additional links in the AEN Navigation bar—Admin and Users:

3.1. Anaconda Enterprise 4 245

Anaconda Documentation, Release 2.0

All of the other navigation bar items are the same as for a user account.

Concepts

• System overview
• Server node
• Gateway node
• Compute node(s)
• Supervisor and supervisord
• Service Account
• Anaconda environments
• Projects and permissions

System overview

The Anaconda Enterprise Notebooks platform consists of 3 main service groups: AEN server, AEN gateway and AEN
compute, which are called “nodes”:
• Server node—The administrative front-end to the system where users login, user accounts are stored, and ad-
ministrators manage the system.
• Gateway node(s)—A reverse proxy that authenticates users and directs them to the proper compute node for
their project. Users will not notice this node after installation as it automatically routes them.
• Compute nodes—Where projects are stored and run.

These services can be run on a single machine or distributed across multiple servers.

Organizationally, each AEN installation has exactly 1 server instance and 1 or more gateway instances. Each compute
node can only be connected to a single gateway. The collection of compute nodes served by a single gateway is called
a data center. You can add data centers to the AEN installation at any time.
EXAMPLE: An AEN deployment with 2 data centers, where 1 gateway has a cluster of 20 physical computers, and
the second gateway has 30 virtual machines, must have the following services installed and running:
• 1 AEN server instance
• 2 AEN gateway instances
• 50 AEN compute instances (20 + 30)
Nodes must be configured and maintained separately.

246 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

3.1. Anaconda Enterprise 4 247

Anaconda Documentation, Release 2.0

Server node

The server node controls login, accounts, admin, project creation and management as well as interfacing with the
database. It is the main entry point to AEN for all users. The server node handles project setup and ensures that users
are sent to the correct project data center.
Since AEN is web-based, it uses the standard HTTP port 80 or HTTPS port 443 on the server.
AEN uses MongoDB for its internal data persistency. It is typically run on the same host as the server but can also be
installed on a separate host.
Server nodes use NGINX to handle the user-facing AEN web interface. NGINX acts as a request proxy for the actual
server web-process which runs on a high numbered port that only listens on localhost. NGINX is also responsible for
static content.
Server is installed in the /opt/wakari/wakari-server directory.

Server processes

When you view the status of server processes, you may see the processes explained below.

supervisord details
description Manage wakari-worker, multiple processes of wk-server.
user wakari
configuration /opt/wakari/wakari-server/etc/supervisord.conf
log /opt/wakari/wakari-server/var/log/supervisord.log
control service wakari-server
ports none

wk-server details
description Handles user interaction and passing jobs on to the wakari gateway. Access to it is managed by
NGINX.
user wakari
command /opt/wakari/wakari-server/bin/wk-server
configura- /opt/wakari/wakari-server/etc/wakari/
tion
control service wakari-server
logs /opt/wakari/wakari-server/var/log/wakari/server.log
ports Not used in versions after 4.1.2 *

248 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

* AEN 4.1.2 and earlier use port 5000. This port is used only on localhost. Later versions of AEN use Unix sockets in-
stead. The Unix socket path is: unix:/opt/wakari/wakari-server/var/run/wakari-server.sock

wakari-worker details
description Asynchronously executes tasks from wk-server.
user wakari
logs /opt/wakari/wakari-server/var/log/wakari/worker.log
control service wakari-server

nginx details
description Serves static files and acts as proxy for all other requests passed to wk-server process. *
user nginx
configura- /etc/nginx/nginx.conf /opt/wakari/wakari-server/etc/conf.d/www.
tion enterprise.conf
logs /var/log/nginx/woc.log /var/log/nginx/woc-error.log
control service nginx status
port 80

* In AEN 4.1.2 and earlier the wk-server process runs on port 5000 on localhost only. In later versions of
AEN the wk-server process uses the Unix socket path unix:/opt/wakari/wakari-server/var/run/
wakari-server.sock.
NGINX runs at least two processes:
• Master process running as root user.
• Worker processes running as nginx user.

Gateway node

The gateway node serves as an access point for a given group of compute nodes. It acts as a proxy service and
manages the authorization and mapping of URLs and ports to services that are running on those nodes. The gateway
nodes provide a consistent uniform interface for the user.
NOTE: The gateway may also be referred to as a data center because it serves as the proxy for a collection of compute
nodes.
You can put a gateway in each data center in a tiered scale-out fashion.
AEN gateway is installed in the /opt/wakari/wakari-gateway directory.

Gateway processes

When you view the status of server processes, you may see the processes explained below.

supervisord details
description Manages the wk-gateway process.
user wakari
configuration /opt/wakari/wakari-gateway/etc/supervisord.conf
log /opt/wakari/wakari-gateway/var/log/supervisord.log
control service wakari-gateway
ports none

3.1. Anaconda Enterprise 4 249

Anaconda Documentation, Release 2.0

wakari- details
gateway
descrip- Passes requests from the AEN Server to the Compute nodes.
tion
user wakari
configu- /opt/wakari/wakari-gateway/etc/wakari/wk-gateway-config.json
ration
logs /opt/wakari/wakari-gateway/var/log/wakari/gateway.application.log
/opt/wakari/wakari-gateway/var/log/wakari/gateway.log
working / (root)
dir
port 8089 (webcache)

Compute node(s)

Compute nodes are where applications such as Jupyter Notebook and Workbench actually run. They are also the
hosts that a user sees when using the Terminal app or when using SSH to access a node. Compute nodes contain all
user-visible programs.
Compute nodes only need to communicate with a gateway, so they can be completely isolated by a firewall.
Each project is associated with one or more compute nodes that are part of a single data center.
AEN compute nodes are installed in the /opt/wakari/wakari-compute directory.
Each compute node in the AEN system requires a compute launcher service to mediate access to the server and
gateway.

Compute processes

When you view the status of server processes, you may see the processes explained below.

supervisord details
description Manages the wk-compute process.
user wakari
configuration /opt/wakari/wakari-compute/etc/supervisord.conf
log /opt/wakari/wakari-compute/var/log/supervisord.log
control service wakari-compute
working dir /opt/wakari/wakari-compute/etc
ports none

250 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

wk- details
compute
de- Launches compute processes.
scrip-
tion
user wakari
con- /opt/wakari/wakari-compute/etc/wakari/wk-compute-launcher-config.json
figura- /opt/wakari/wakari-compute/etc/wakari/scripts/config.json
tion
logs /opt/wakari/wakari-compute/var/log/wakari/compute-launcher.
application.log /opt/wakari/wakari-compute/var/log/wakari/
compute-launcher.log
work- / (root)
ing
dir
con- service wakari-compute
trol
port 5002 (rfe)

Wk-compute loads each of the following configuration files, in this order:

• /etc/wakari/config.json.
• /etc/wakari/compute-launcher-config.json.
• ./compute-launcher-config.json.
• Any configuration file specified by the -c option.
If an option is specified in multiple files, the last one encountered takes precedence.

Supervisor and supervisord

AEN uses a process control system called “Supervisor” to run its services. Supervisor is run by the AEN Service
Account user, usually wakari or aen_admin.
The Supervisor daemon process is called “supervisord”. It runs in the background and should rarely need to be
restarted.

Service Account

AEN must be installed and executed by a Linux account called the AEN Service Account. The username of the
AEN Service Account is called the AEN Functional ID (NFI). The AEN Service Account is created during AEN
installation—if it does not exist—and is used to run all AEN services.
The default NFI username is wakari. Another popular choice is aen_admin.
WARNING: The Service Account should only be used for administrative tasks, and should not be used for operating
AEN the way an ordinary user would. If the Service Account creates or starts projects, the permissions on the AEN
package cache will be reset to match the Service Account, which will interfere with the normal operation of AEN for
all other users.

3.1. Anaconda Enterprise 4 251

Anaconda Documentation, Release 2.0

Anaconda environments

Each project has an associated conda environment containing the packages needed for that project. When a project is
first started, AEN clones a default environment with the name “default” into the project directory.
Each release of AEN 4 includes specific tested versions of conda and the conda packages included with AEN. These
tested conda packages include Python, R, and other packages, and these tested conda packages include all of the
packages in Anaconda.
If you upgrade or install different versions of conda or different versions of any of these conda packages, the new
packages will not have been tested as part of the AEN 4 release.
These different packages will usually work, especially if they are newer versions, but they are not tested or guaranteed
to work, and in some cases they may break product functionality.
You can use a new conda environment to test a new version of a package before installing it in your existing environ-
ments.
If using conda to change the version of a package breaks product functionality, you can use conda to change the version
of the package back to the version known to work.
For more information about environments, see Working with environments.

Projects and permissions

AEN users interact with the system predominantly through projects.

Projects are associated with a single data center within the AEN environment. The team of users includes one owner,
which is the user that created the project.
Projects live in the projectRoot folder on the compute node—by default, /projects.
The project directory is created the first time a project is started. The start-project script clones it from /opt/
wakari/wakari-compute/lib/node_modules/wakari-compute-launcher/skeleton.
Project directory permissions are:

owner: rwx, user who created the project

group: rwx, group of the owner
other: --x, to allow access to the Public folder
ACL: rwx for any other team members

Files and subdirectories within the project directory have the same permissions as the project directory, except:
• The public folder and everything in it are open to anyone.
• Any files hardlinked into the root anaconda environment—/opt/wakari/anaconda—are owned by the
root or wakari users.
Project file and directory permissions are maintained by the start-project script. All files and directories
in the project will have their permissions set when the project is started, except for files owned by root or the
AEN_SRVC_ACCT user—by default, wakari or aen_admin.
The permissions set for files owned by root or the AEN_SRVC_ACCT user are not changed to avoid changing the
permissions settings of any linked files in the /opt/wakari/anaconda directory.
CAUTION: Do not start a project as the AEN_SRVC_ACCT user. The permissions system does not correctly manage
project files owned by this user.

252 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Installation

Installation requirements

• Hardware requirements
• Software requirements
• Security requirements
• Network requirements
• Other requirements
• What’s next

Hardware requirements

AEN server—At least:

• 2+GB RAM.
• 2+CPU cores.
• 20GB storage.
AEN gateway—At least:
• 2 GB RAM.
• 2 CPU cores.
AEN compute (N-machines)—Configured to meet the needs of the projects. At least:
• 2GB RAM.
• 2 CPU cores.
• 20 GB.
NOTE: We recommend putting /opt/wakari and /projects on the same filesystem. If the project and conda
env directories are on separate filesystems then more disk space will be required on compute nodes and performance
will be worse.

Software requirements

• RHEL/CentOS on all nodes. Versions from 6.5 through 7.4 are supported. Other operating systems are sup-
ported. However, this document assumes RHEL or CentOS.
• Linux home directories—Jupyter looks in $HOME for profiles and extensions.
• Ability to install in AEN directory /opt/wakari with at least 10 GB of storage.
• Ability to install in Projects directory /projects with at least 20 GB of storage. Size depends on number and
size of projects.
NOTE: To install AEN in a different location see Installing AEN in a custom location.

3.1. Anaconda Enterprise 4 253

Anaconda Documentation, Release 2.0

Linux system accounts

Some Linux system accounts (UIDs) are added to the system during installation.
If your organization requires special actions, the following list is available:
• mongod (RHEL) or mongodb (Ubuntu/Debian)—created by the RPM or deb package.
• elasticsearch—created by RPM or deb package.
• nginx—created by RPM or deb package.
• AEN_SRVC_ACCT—created during installation of AEN, and defaults to wakari.
• ANON_USER—An account such as “public” or “anonymous” on the compute node.
NOTE: If ANON_USER is not found, AEN_SRVC_ACCT will attempt to create it. If it fails, the project(s) will
fail to start.
• ACL directories need the filesystem mounted with Posix ACL support (Posix.1e).
NOTE: You can verify ACL from the command line by running mount and tune2fs -l /path/to/
filesystem | grep options.

Software prerequisites

• AEN server:
– Mongo—Equal to or higher than version 2.6.8 and lower than version 3.0.
– NGINX—Equal to or higher than version 1.6.2.
– Elasticsearch—Equal to or higher than version 1.7.2.
– Oracle JRE version 7 or 8.
– bzip2.
• AEN Gateway:
– bzip2.
• AEN compute:
– git
– bzip2
– bash or zsh
– X Window System
NOTE: If you don’t want to install the whole X Window System, you must install the following packages
to have R plotting support:

sudo yum install -y libXrender libXext libXdmcp libSM libICE libXt \

dejavu-sans-fonts dejavu-serif-fonts dejavu-fonts-common \
fontpackages-filesystem

254 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Security requirements

• Root or sudo access.

• File permissions: umask 0022 is required during the installation.
• SELinux in permissive or disabled mode.
Edit the following file using either root or sudo access:

/etc/sysconfig/selinux

Edit the following:

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.

SELINUX=enforcing

# SELINUXTYPE= can take one of these two values:

# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.

SELINUXTYPE=targeted

NOTE: You must reboot for the changes to take effect.

Verify changes with getenforce.

Network requirements

TCP Ports:

Direction Type Default Port Protocol Optional Configurable Comments

Inbound TCP 80 HTTP or HTTPS No Yes Server
Inbound TCP 8089 HTTP or HTTPS No Yes Gateway
Inbound TCP 5002 HTTP No Yes Compute

Other requirements

As long as the above requirements are met, there are no additional dependencies for AEN.
See also system requirements for Anaconda Repository and Anaconda Scale.

What’s next

Prepare for installation.

3.1. Anaconda Enterprise 4 255

Anaconda Documentation, Release 2.0

Preparing for installation

• Downloading AEN installers

• Gathering IP addresses or FQDNs
• Set up variables
• What’s next

Downloading AEN installers

Download the installers and copy them to the corresponding servers.

RPM_CDN="https://820451f3d8380952ce65-4cc6343b423784e82fd202bb87cf87cf.ssl.cf1.
˓→rackcdn.com"

curl -O $RPM_CDN/aen-server-4.3.2-Linux-x86_64.sh
curl -O $RPM_CDN/aen-gateway-4.3.2-Linux-x86_64.sh
curl -O $RPM_CDN/aen-compute-4.3.2-Linux-x86_64.sh

NOTE: The current $RPM_CDN server will be confirmed in an email provided by your sales rep.
NOTE: These instructions use curl or wget to download packages, but you may use other means to move the necessary
files into the installation directory.

Gathering IP addresses or FQDNs

AEN is very sensitive to the IP address or domain name used to connect to the server and gateway nodes. If users
will be using the domain name, you should install the nodes using the domain name instead of the IP addresses. The
authentication system requires the proper hostnames when authenticating users between the services.
Print this page and fill in the domain names or IP addresses of the nodes below and record the user name and auto-
generated password for the administrative user account in the box below after installing the AEN server node:

Node | Name or IP address Port Number Username | Password

AEN server |

AEN gateway |
AEN compute |

NOTE: The values of these IP entries or DNS entries are referred to as <AEN_SERVER_IP> or
<AEN_SERVER_FQDN>, particularly in examples of shell commands. Consider actually assigning those values to
environment variables with similar names.

Set up variables

Certain variables need to have values assigned to them before you start the installation.

256 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

AEN server address

To define an environment variable for the AEN server address—FQDN or IP:

export AEN_SERVER=<AEN_SERVER_IP> # <from table above>

NOTE: The address—FQDN or IP—specified for the AEN server must be resolvable by your intended AEN users’
web clients.
To verify your hostname, run echo $AEN_SERVER.

AEN functional ID

AEN must be installed and executed by a Linux account called the AEN Service Account. The username of the
AEN Service Account is called the AEN Functional ID (NFI). The AEN Service Account is created during AEN
installation—if it does not exist—and is used to run all AEN services.
The default NFI username is wakari. Another popular choice is aen_admin.
To set the environment variable AEN_SRVC_ACCT to wakari or your chosen name before installation, run export
AEN_SRVC_ACCT="aen_admin".
This name is now the username of the AEN Service Account and of the AEN administrator account.
When upgrading AEN, set the NFI to the NFI of the current installation.
WARNING: The Service Account should only be used for administrative tasks, and should not be used for operating
AEN the way an ordinary user would. If the Service Account creates or starts projects, the permissions on the AEN
package cache will be reset to match the Service Account, which will interfere with the normal operation of AEN for
all other users.

AEN functional group

The AEN Functional Group (NFG) may be given any name. Most often, it is set to aen_admin or wakari. This
Linux group includes the AEN service account, so all files and directories that have the owner NFI also have the group
NFG.
When upgrading AEN, set the NFG to the NFG of the current installation.
To set the NFG before installation, run:

export AEN_SRVC_GRP="<NFG>"

NOTE: Replace <NFG> with your NFG name.

AEN install sudo command

During AEN installation the installers perform various operations that require root level privileges. By default, the
installers use the sudo command to perform these operations.
Before installation, set the AEN_SUDO_CMD_INSTALL environment variable to perform root level operations. You
can also set it to no command at all if the user running the installer(s) has root privileges and the sudo command is not
needed or is not available.
EXAMPLES:

3.1. Anaconda Enterprise 4 257

Anaconda Documentation, Release 2.0

export AEN_SUDO_CMD_INSTALL=""
export AEN_SUDO_CMD_INSTALL="sudo2"

AEN sudo command

By default the AEN services uses sudo -u to perform operations on behalf of other users—including mkdir,
chmod, cp and mv.
To override the default sudo command when sudo is not available on the system, before installing, set the
AEN_SUDO_CMD environment variable.
AEN must have the ability to perform operations on behalf of other users. Therefore, this environment variable cannot
be set to an empty string or to null.
CAUTION: Any command that replaces AEN_SUDO_CMD must support the -u command line parameter—similarly
to the sudo command.
EXAMPLE:

export AEN_SUDO_CMD="sudo2"

The optional environmental variable AEN_SUDO_SH is another way to customize AEN sudo operations. When AEN
executes any sudo command, it will include the value of AEN_SUDO_SH, if it is set.
EXAMPLE: If your username is “jsmith” and the values are set as:

AEN_SUDO_CMD=sudo
OWNER=jsmith
AEN_SUDO_SH=sudologger
PROJECT_HOME=/projects/jsmith/myproj

Then AEN will resolve:

$AEN_SUDO_CMD -u ${OWNER} $AEN_SUDO_SH rm -rf $PROJECT_HOME

As:

sudo -u jsmith sudologger rm -rf /projects/jsmith/myproj

In this case the sudologger utility could be a pass-through utility that logs all sudo usage and then executes the remain-
ing parameters.

Post-installation Sudo configuration

While root/sudo privileges are required during installation, root/sudo privileges are not required during normal oper-
ations after install, if user accounts are managed outside the software. However root/sudo privileges are required to
start the services, thus in the service config files there may still need to be an AEN_SUDO_CMD entry.
For more information, see Configuring sudo customizations.

AEN remote database settings

By default AEN server uses a local database. To override the default database location, see Install AEN connected to
a remote Mongo DB instance.

258 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

What’s next

Install the AEN server.

Installing the AEN server

• Installing the bzip2 package

• Downloading prerequisite RPMs
• Installing prerequisite RPMs
• Setting variables and changing permissions
• Running the AEN server installer
• Starting NGINX and Elasticsearch
• Testing AEN server installation
• Updating your license
• What’s next

The AEN server is the administrative front end to the system. This is where users log in to the system, where user
accounts are stored, and where admins can manage the system.
Server is installed in the /opt/wakari/wakari-server directory.

Installing the bzip2 package

Be sure you have the bzip2 package installed. If this package is not installed on your system, install it:

sudo yum install bzip2

Downloading prerequisite RPMs

To install AEN on a CentOS 6 server:

RPM_CDN="https://820451f3d8380952ce65-4cc6343b423784e82fd202bb87cf87cf.ssl.cf1.
˓→rackcdn.com"

curl -O $RPM_CDN/nginx-1.6.2-1.el6.ngx.x86_64.rpm
curl -O $RPM_CDN/mongodb-org-tools-2.6.8-1.x86_64.rpm
curl -O $RPM_CDN/mongodb-org-shell-2.6.8-1.x86_64.rpm
curl -O $RPM_CDN/mongodb-org-server-2.6.8-1.x86_64.rpm
curl -O $RPM_CDN/mongodb-org-mongos-2.6.8-1.x86_64.rpm
curl -O $RPM_CDN/mongodb-org-2.6.8-1.x86_64.rpm
curl -O $RPM_CDN/elasticsearch-1.7.2.noarch.rpm
curl -O $RPM_CDN/jre-8u65-linux-x64.rpm

To install AEN on a CentOS 7 server:

3.1. Anaconda Enterprise 4 259

Anaconda Documentation, Release 2.0

RPM_CDN="https://820451f3d8380952ce65-4cc6343b423784e82fd202bb87cf87cf.ssl.cf1.
˓→rackcdn.com"

curl -O $RPM_CDN/nginx-1.10.2-1.el7.ngx.x86_64.rpm
curl -O $RPM_CDN/mongodb-org-tools-2.6.12-1.x86_64.rpm
curl -O $RPM_CDN/mongodb-org-shell-2.6.12-1.x86_64.rpm
curl -O $RPM_CDN/mongodb-org-server-2.6.12-1.x86_64.rpm
curl -O $RPM_CDN/mongodb-org-mongos-2.6.12-1.x86_64.rpm
curl -O $RPM_CDN/mongodb-org-2.6.12-1.x86_64.rpm
curl -O $RPM_CDN/jre-8u112-linux-x64.rpm
curl -O $RPM_CDN/elasticsearch-1.7.6.noarch.rpm

Installing prerequisite RPMs

Run:

sudo yum install -y *.rpm

sudo service mongod start
sudo chkconfig --add elasticsearch

Setting variables and changing permissions

Run:

export AEN_SERVER=<FQDN HOSTNAME OR IP ADDRESS> # Use the real FQDN

chmod a+x aen-*.sh # Set installer to be executable

NOTE: Change <FQDN HOSTNAME OR IP ADDRESS> to the actual fully qualified domain hostname or IP address.

Running the AEN server installer

Run:

sudo -E ./aen-server-4.3.2-Linux-x86_64.sh -w $AEN_SERVER

<license text>
...
...

PREFIX=/opt/wakari/wakari-server
Logging to /tmp/wakari_server.log
Checking server name
Ready for pre-install steps
Installing miniconda
...
...
Checking server name
Loading config from /opt/wakari/wakari-server/etc/wakari/config.json
Loading config from /opt/wakari/wakari-server/etc/wakari/wk-server-config.json

===================================

Created password '<RANDOM_PASSWORD>' for user 'aen_admin'

(continues on next page)

260 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

(continued from previous page)

===================================

Starting Wakari daemons...

installation finished.

After successfully completing the installation script, the installer creates the administrator ac-
count—AEN_SRVC_ACCT user—and assigns it a password.
EXAMPLE:
Created password '<RANDOM_PASSWORD>' for user 'aen_admin'

TIP: Record this password. It will be needed in the following steps. It is also available in the installation log file
/tmp/wakari_server.log.

Starting NGINX and Elasticsearch

When SELinux is enabled, it blocks NGINX from connecting to the socket created by Gunicorn. If you have SELinux
enabled, run these commands to correct these permissions and allow connections between NGINX and Gunicorn:
sudo semanage fcontext -a -t httpd_var_run_t "/opt/wakari/wakari-server/var/run/
˓→wakari-server.sock"

sudo restorecon -r /opt/wakari/wakari-server/var/run

To start NGINX and Elasticsearch to read the new config file:

sudo service nginx start
sudo service elasticsearch start

TIP: If the AEN web page shows an NGINX 404 error, restart NGINX:
sudo nginx -s stop
sudo nginx

Testing AEN server installation

Visit http://\protect\T1\textdollarAEN_SERVER.
The License expired page is displayed.

Updating your license

From the License expired page, follow the onscreen instructions to upload your license file.
After your license is submitted, you will see this page:

3.1. Anaconda Enterprise 4 261

Anaconda Documentation, Release 2.0

What’s next

Install the AEN gateway.

Installing the AEN gateway

• Setting variables and changing permissions

• Running the AEN gateway installer
• Registering your gateway
• What’s next

The gateway is a reverse proxy that authenticates users and automatically directs them to the proper AEN compute
node for their project. Users will not notice this node as it automatically routes them.
Gateway is installed in the /opt/wakari/wakari-gateway directory.

Setting variables and changing permissions

Run:

export AEN_SERVER=<FQDN HOSTNAME OR IP ADDRESS> # Use the real FQDN

export AEN_GATEWAY_PORT=8089
(continues on next page)

262 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

(continued from previous page)

export AEN_GATEWAY=<FQDN HOSTNAME OR IP ADDRESS> # will be needed shortly
chmod a+x aen-*.sh # Set installer to be executable

NOTE: Change <FQDN HOSTNAME OR IP ADDRESS> to the actual fully qualified domain hostname or IP address.
NOTE: You must perform the entire procedure before closing the terminal to ensure the variable export persists. If the
terminal is closed before successful installation, export the variables to continue with the installation.

Running the AEN gateway installer

Run:

sudo -E ./aen-gateway-4.3.2-Linux-x86_64.sh -w $AEN_SERVER

<license text>
...
...

PREFIX=/opt/wakari/wakari-gateway
Logging to /tmp/wakari_gateway.log
...
...
Checking server name
Please restart the Gateway after running the following command
to connect this Gateway to the AEN Server
...

Registering your gateway

The gateway needs to register with the AEN server.

This needs to be authenticated, so the NFI user’s credentials created during the AEN server install must be used.
To write the configuration file /opt/wakari/wakari-gateway/etc/wakari/wk-gateway-config.
json, run the following as sudo or root:

sudo /opt/wakari/wakari-gateway/bin/wk-gateway-configure \
--server http://$AEN_SERVER --host $AEN_GATEWAY \
--port $AEN_GATEWAY_PORT --name Gateway --protocol http \
--summary Gateway --username $AEN_SRVC_ACCT \
--password '<NFI USER PASSWORD>'

NOTE: replace <NFI USER PASSWORD> with the password of the NFI user that was generated during server in-
stallation.

Setting permissions

Run:

sudo chown $AEN_SRVC_ACCT /opt/wakari/wakari-gateway/etc/wakari/wk-gateway-config.json

3.1. Anaconda Enterprise 4 263

Anaconda Documentation, Release 2.0

Starting the gateway

Run:

sudo service wakari-gateway start

Verifying your gateway registration

1. Log into the AEN server using the Chrome or Firefox browser and the AEN_SRVC_ACCT user.
2. In the AEN navigation bar, click Admin to open the Admin Settings page.
3. In the Site Admin menu, select Data Centers:

4. Click your data center:

5. Verify that your data center is registered and the status is {"status": "ok", "messages": []}:

264 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

What’s next

Install the AEN compute node(s).

Installing the AEN compute node(s)

• Setting variables and changing permissions

• Running the AEN compute installer
• Restart the AEN Server
• Configuring your compute node(s)
• What’s next

Compute nodes are where projects are stored and run.

Adding multiple AEN compute machines allows you to scale-out horizontally to increase capacity. Projects can be
created on individual compute nodes to spread the load.
Repeat this procedure on each compute machine.

Setting variables and changing permissions

Run:

3.1. Anaconda Enterprise 4 265

Anaconda Documentation, Release 2.0

export AEN_SERVER=<FQDN HOSTNAME OR IP ADDRESS> # Use the real FQDN

chmod a+x aen-*.sh # Set installer to be executable

NOTE: Change <FQDN HOSTNAME OR IP ADDRESS> to the actual fully qualified domain hostname or IP address.
NOTE: You must perform the entire procedure before closing the terminal to ensure the variable export persists.

Running the AEN compute installer

Run:

sudo -E ./aen-compute-4.3.2-Linux-x86_64.sh -w $AEN_SERVER

...
...
PREFIX=/opt/wakari/wakari-compute
Logging to /tmp/wakari_compute.log
Checking server name
...
...
Initial clone of root environment...
Starting Wakari daemons...
installation finished.
Do you wish the installer to prepend the wakari-compute install location
to PATH in your /root/.bashrc ? [yes|no]
[no] >>> yes

Restart the AEN Server

Once configured, restart the AEN server:

sudo service wakari-server restart

Configuring your compute node(s)

Once installed, you must configure the compute launcher on your server:
1. In your browser, go to your AEN server.
2. Log in as the AEN_SRVC_ACCT user.
3. In the AEN navigation bar, click Admin to open the Admin Settings page.
4. In the Providers menu, select Enterprise Resources:

5. Click the Add Resource button to open the new resource form.
6. Select the data center to associate this compute node with.

266 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

3.1. Anaconda Enterprise 4 267

Anaconda Documentation, Release 2.0

7. In the URL box, type: http://$AEN_COMPUTE:5002.

NOTE: If the compute launcher is located on the same box as the gateway, we recommended that you type
http://localhost:5002 instead.
8. Type a Name and Description for the compute node.
9. Click the Add Resource button to save the changes.
Your AEN compute node is configured.

What’s next

Configure conda to use your local on-site AEN repository.

Configuring conda to use your local on-site AEN repository

You can configure AEN to use a local on-site Anaconda Repository server instead of Anaconda.org.
To configure AEN to use a local on-site Repository, you must:
1. Edit condarc on the compute node.
2. Configure the Anaconda client.

Editing condarc on the compute node

NOTE: If there are channels that you haven’t mirrored, you must remove them from the configuration.
Edit the file .condarc to match the following:

#/opt/wakari/anaconda/.condarc
channels:
- defaults

create_default_packages:
- anaconda-client
- ipykernel

# Default channels is needed for when users override the system .condarc
# with ~/.condarc. This ensures that "defaults" maps to your Anaconda Repository and
˓→not

# repo.anaconda.com
default_channels:
- http://<your Anaconda Repository name>:8080/conda/anaconda
- http://<your Anaconda Repository name>:8080/conda/wakari
- http://<your Anaconda Repository name>:8080/conda/r-channel

# Note: You must add the "conda" subdirectory to the end

channel_alias: http://<your Anaconda Repository name:8080/conda

NOTE: Replace <your Anaconda Repository name> with the actual name or IP address of your local Ana-
conda Repository installation.

268 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Configuring the Anaconda client

Anaconda client lets users work with Repository from the command-line—including searching for packages, logging
in, uploading packages, and more.
To set the default configuration of anaconda-client for all users on your compute node:

sudo /opt/wakari/anaconda/bin/anaconda config --set url http://<your Anaconda

˓→Repository>:8080/api -s

NOTE: Sudo is required because the configuration file is written to the root file system: /etc/xdg/binstar/
config.yaml.
NOTE: Replace <your Anaconda Repository> with the actual name or IP address of your local Anaconda
Repository installation.

What’s next

Review the optional configuration tasks to see if any apply to your system.

Optional configuration

Using configuration files

• AEN configuration keys

• Checking configuration file syntax

The default locations for each component’s configuration files are:

• Server—/opt/wakari/wakari-server/etc/wakari/config.json.
• Gateway—/opt/wakari/wakari-gateway/etc/wakari/config.json.
• Compute—/opt/wakari/wakari-compute/etc/wakari/config.json.
Additionally, service-specific configuration files may also be present in the following locations:
• Server—/opt/wakari/wakari-server/etc/wakari/wk-server-config.json.
• Gateway—/opt/wakari/wakari-gateway/etc/wakari/wk-gateway-config.json.
• Compute—/opt/wakari/wakari-compute/etc/wakari/wk-compute-config.json.
Each service loads each of the configuration files in the following order and updates the AEN configuration at each
step:
1. /etc/wakari/config.json.
2. /etc/wakari/wk-gateway-config.json.
3. /opt/wakari/wakari-SERVICE/etc/wakari/config.json.
4. /opt/wakari/wakari-SERVICE/etc/wakari/wk-SERVICE-config.json.
5. ./config.json.
6. ./wk-gateway-config.json.

3.1. Anaconda Enterprise 4 269

Anaconda Documentation, Release 2.0

AEN configuration keys

The following is a list of AEN supported configuration keys:

Table 1: Server Configuration Keys

Key Default Description
CDN $WAKARI_SERVER/ The location of static assets.
static/
MONGO_DB wakari The name of the AEN database in mongodb.
MONGO_URL mongodb:// The URL of your AEN server’s mon-
localhost/ godb instance. Format: mongodb://
<username>:<password>@<host>:<port>/
WAKARI_SERVER The URL of this AEN server.
DEFAULT_PRIVACY public The default project privacy setting—can be either public or
private.
SESSION_COOKIE_NAME
wakari. The Cookie name used to maintain Anaconda Enterprise Note-
enterprise. books Enterprise login sessions.
session
SESSION_COOKIE_SECURE
false This key is automatically set to true when SSL is enabled. It will
default to false when SSL is not enabled. Manually changing this
value may cause the system to malfunction if it’s not configured
properly.
PERMANENT_SESSIONTrue` Sets cookie session to permanent. This will keep the session
open after the browser is closed. The session will still expire af-
ter the number of minutes set in the SESSION_LIFETIME key.
SESSION_LIFETIME 120 Time in minutes until the session expires. The counter resets
with each request.
USE_SES false Sets whether AEN will use Amazon SES to send emails.
SMTP Sets the SMTP email settings.
- host A SMTP subkey—the SMTP mail server hostname.
- user SMTP subkey—the username for SMTP server authentication.
- password SMTP subkey—the password for SMTP server authentication.
- from_addr SMTP subkey—the From address for emails sent through SMTP.
verify_gateway true A boolean setting that indicates whether your AEN server should
_certificate verify the gateway SSL certificate.
accounts wk_server. The account provider class. For LDAP, this should be set to
plugins . wk_server.plugins.accounts.ldap_accounts.
accounts.cloud
uniqueEmail true A boolean setting that indicates whether unique user email ad-
dresses are required. See note below about updating the database
when setting uniqueEmail.
has_internet true Boolean for retrieving the avatar from the gravatar URL. If false
a local default is used instead.
LDAP 389 LDAP configurations.
- SERVER LDAP subkey—A list of LDAP servers. At least one server
name must be listed. The primary server should be listed first.
All secondary or fail-over servers should be listed after the pri-
mary.
- PORT 389 LDAP subkey—The LDAP port on the LDAP server.
Continued on next page

270 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Table 1 – continued from previous page

Key Default Description
- AUTH_TYPE LDAP subkey—LDAP Authentication types. simple—no
encryption not secure.‘‘TLS‘‘–encrypted secure requires the
TLS_CERT to be set.
- TLS_CERT LDAP subkey—the full path to the TLS certificate file. The cer-
tificate file must also be provided by the Enterprise.
- BASEDN LDAP subkey—the LDAP Base DN value.
- OU LDAP subkey—a list of Organizational Units. Some Enterprises
group users by OUs in their LDAP server records. AEN will
loop over the list of OUs when authenticating a user. The OU
value is a list of lists to support multiple OUs where each OU is
a single name or a hierarchy of names.
ANON_USER anonymous Username—such as public or anonymous– assigned users
who are not logged in to access projects. To disable public access
use the special value disabled. For more information, see
Configuring sudo customizations.
SEARCH_ENABLED true Boolean indicating whether ElasticSearch is enabled
SEARCH_SERVER 'localhost:9200' IP address or domain name and port of ElasticSearch server
LOG_LEVEL 'DEBUG' Log verbosity. One of: ‘ERROR’ ‘WARN’ ‘INFO’ ‘DEBUG’

NOTE: If you set uniqueEmail to false, you must drop the existing index in the database. EXAMPLE: If the
index name is email_1, run db.users.dropIndex("email_1").

Table 2: Gateway Configuration Keys

Key Default Description
WAKARI_SERVER The URL of the AEN WAKARI_SERVER.
port 8089 The Port number used by the gateway application. Must be a
non-privileged port (>= 1024).
client_id The client ID assigned to this gateway by the server during
wk-gateway-configure.
client_secret The Client secret assigned to this gateway by the server during
wk-gateway-configure.
httpTimeout 600 Timeout in seconds. The default is 10 minutes to allow project
creation.
logLevel info Log verbosity. One of: ‘error’ ‘warn’ ‘info’ ‘debug’.
https Enable SSL encryption. For more information, see Configuring
SSL.
- key A https subkey–Path to gateway key.
- cert A https subkey–Path to gateway cert.
- ca A https subkey–Required if cert was signed by a private root CA
or signed by an intermediate authority. It must contain separate
values for the paths to the CA root, any intermediates and the
certificate for the Server.
- passhphrase A https subkey–Passphrase required to decrypt SSL certs.

3.1. Anaconda Enterprise 4 271

Anaconda Documentation, Release 2.0

Table 3: Compute Node Configuration Keys

Key Default Description
WAKARI_SERVER The URL of the AEN WAKARI_SERVER.
MANAGE_ACCOUNTS true A boolean setting that indicates whether AEN should manage
system user accounts. Set to false for LDAP installations.
identicalGID false
To make the AEN compute service create groups with the same uid. Set to tru
/projects folder resides on an NFSv3 volume. For
more information, see Group and user permissions for
NFS.

port 2227 The port number used by the compute-launcher application.

Note that individual applications use dynamic ports.
projectRoot /projects The location of project file storage.
logLevel info Log verbosity. One of: ‘error’ ‘warn’ ‘info’ ‘debug’
logMaxSize 10000000 Max size in bytes of the logfile. Default is 10 MB. If the size is
exceeded then a new file is created and a counter will become a
suffix of the log file.
logMaxFiles 30 Limit the number of files created when the size of the logfile is
exceeded
appIdleTime 172800000 (48 hours) The amount of idle time before applications will be auto-
terminated (in msec).
idleCheckInterval3600000 (1 hour) The frequency of idle checks.
numericUsernames false A boolean setting that indicates whether numeric usernames are
permitted.
httpTimeout 600 The time before a timeout—in seconds. The default is 10 min-
utes—600 seconds—to allow time for project creation.
ANON_USER anonymous Username such as public or anonymous for users who are
not logged in to access projects. To disable public access use the
special value disabled. For more information, see Configur-
ing sudo customizations.
projDirsAsHome false A boolean setting. When false AEN apps use /home/
<username> as HOME. When true AEN apps use /
projects/<username> as HOME.

Table 4: Server Internal Configuration Keys - Do not change

Key Default Description
PROVIDERS ["wk_server. A list of compute provider classes.
plugins .
providers.
enterprise"]
MONGO_ACTION 262144000 The size of the Mongo action log in bytes.
_LOG_SIZE
SITE_ADMINS A list of site administrator email addresses—used for crash no-
tifications and LDAP password reset requests.
FROM
The From address for notification emails sent by
_EMAIL_ADDR
AEN.

uniqueUserName true A boolean setting that indicates whether unique usernames are
required.

272 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Table 5: Gateway Internal Configuration Keys - Do not change

Key Default Description
CDN $WAKARI_SERVER/ The location of static assets.
static/
SUBDOMAIN_ROUTINGfalse A boolean that indicates whether subdomains are being used.
refreshTokenExpiration
600000 Idle time in milliseconds before the Gateway session expires.

Table 6: Compute Node Internal Configuration Keys - Do not change

Key Default Description
CDN $WAKARI_SERVER/ The location of static assets.
static/
USE_SES false Sets whether AEN will use Amazon SES to send emails.
multiUser true A boolean that indicates whether multi-user support is enabled.
multiProject true A boolean that indicates whether multi-project support is en-
abled.
ANACONDA_ROOT /opt/wakari/ The location of your Anaconda installation.
anaconda
appLogs /opt/wakari/ The directory where application logs are stored.
wakari-
compute/var/
log/wakari/
compute-launcher-apps
appPIDs /opt/wakari/ The directory where application PID files are stored.
wakari-compute/
var/run/
compute-launcher-apps
applicationLog /opt/wakari/ The path to the compute launcher log.
wakari-compute/
var/log/
wakari/
compute-launcher.
application.
log
accessLog opt/wakari/ Path to compute launcher access log
wakari-compute/
var/log/
wakari/
compute-launcher.
access.log

Checking configuration file syntax

To verify that the configuration file contains valid JSON, run:

root@server # python -m json.tool /opt/wakari/wakari-server/etc/wakari/*.json

root@gateway # python -m json.tool /opt/wakari/wakari-gateway/etc/wakari/*.json
root@compute # python -m json.tool /opt/wakari/wakari-compute/etc/wakari/*.json

If the file is correct, the contents are displayed.

If there is a syntax error in the file, a “No JSON object could be decoded” message is displayed instead.

3.1. Anaconda Enterprise 4 273

Anaconda Documentation, Release 2.0

To fix any errors, edit the configuration file and verify that it contains the correct JSON syntax.

Increasing HTTP timeout between gateway and compute nodes

The default HTTP timeout is 600 seconds (10 minutes).

This setting works for HTTP timeout only, not HTTPS.
To modify the HTTP timeout setting:
1. Open the /opt/wakari/wakari-compute/etc/wakari/wk-compute-launcher-config.
json file and modify the httpTimeout key:

"httpTimeout": 600

2. Update the gateway node by modifying the httpTimeout key in the /opt/wakari/wakari-gateway/
etc/wakari/wk-gateway-config.json file to match the above settings.
3. Restart the AEN compute service:

sudo service wakari-compute restart

Installing AEN in a custom location

To install AEN in a custom location:

1. Make the custom install folder owned by $AEN_SRVC_ACCT. EXAMPLE: /data/aen/.
2. Make a symlink from /opt/wakari to /data/aen.
3. Run the installers.
4. Move the folder from /projects to your chosen custom location. EXAMPLE: /data/aen/projects.
5. Make a symlink from /projects to /data/aen/projects.
NOTE: We recommend putting /opt/wakari and /projects on the same filesystem. If the project and conda
environment directories are on separate filesystems then more disk space will be required on compute nodes and
performance will be worse.

Changing where projects are stored

NOTE: We recommend putting /opt/wakari and /projects on the same filesystem. If the project and conda
env directories are on separate filesystems then more disk space will be required on compute nodes and performance
will be worse.
To make aen-compute service use a different directory than /projects to store your AEN projects:
1. Modify the /opt/wakari/wakari-compute/etc/wakari/wk-compute-launcher-config.
json file:

"projectRoot" : "/nfs/storage/services/wakari/projects",

NOTE: The directory /nfs/storage/services/wakari/projects specified as projectRoot

must already exist for this command to resolve properly.
2. Restart the AEN compute service:

274 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

sudo service wakari-compute restart

Group and user permissions for NFS

To install AEN with multiple compute nodes and a /projects folder on an NFSv3 volume, manually pre-create
both the anonymous user and the $AEN_SRVC_ACCOUNT user on all nodes. Each of these users must have the same
user identity number (UID) and group identity number (GID) on all nodes.
By default AEN creates local users with a different GID on each node. To make the AEN compute service create
groups with the same GID:
1. In the /opt/wakari/wakari-compute/etc/wakari/wk-compute-launcher-config.json
file, change the identicalGID key value to true:

, "identicalGID": true

If you don’t see the identicalGID key, add it.

NOTE: You must add the comma at the beginning of the line. If you add this line as the last key, you must
remove any comma at the end of the line.
2. Restart the AEN compute service:

sudo service wakari-compute restart

Using numeric usernames

1. In the /opt/wakari/wakari-compute/etc/wakari/wk-compute-launcher-config.json
file, change the numericUsernames key value to true.

, "numericUsernames": true

If you don’t see the numericUsernames key, add it.

NOTE: You must add the comma at the beginning of the line. If you add this line as the last key, you must
remove any comma at the end of the line.
2. Restart the AEN compute service:

sudo service wakari-compute restart

Using project directories as home directories

The projDirsAsHome option changes the AEN home directories from the standard /home/<username> loca-
tion to the project directories and the location /projects/<username>/<project_name>/<username>/.
This ensures that AEN and AEN apps will not be affected by configuration files in a user’s home directory, such as
.bashrc or configuration files in subdirectories such as .ipython and .jupyter.

Package cache locations

AEN version 4.1.3 stores the cache of packages in /home/<username>, while AEN versions 4.2.0 and higher
store the cache of packages in /projects/<username>/<project_name>/<username>/. By moving the

3.1. Anaconda Enterprise 4 275

Anaconda Documentation, Release 2.0

package cache to the same filesystem as the project, AEN versions 4.2.0 and higher can use hardlinks and save disk
space and time when creating or cloning environments.
These package cache locations are not affected by the projDirsAsHome option.
After upgrading from AEN 4.1.3 to AEN 4.2.0 or higher, existing projects will still use the package cache in /home/
<username>. Do not remove this cache, or the existing projects will break.
When users create new projects or install packages, the newly installed packages will use the new cache location.
If you wish to remove the older package cache in /home/<username>:
• Upgrade AEN to 4.2.0 or higher.
• Use conda remove to remove every non-default package in every project.
• Use conda install to replace them. The replaced packages will link to the new package cache in /
projects/<username>/<project_name>/<username>/.
• You can now safely remove the older package cache.

Enabling projDirsAsHome

NOTE: The projDirsAsHome option should be enabled immediately after performing the installation process and
before any users have logged in to AEN. This ensures that users will not have home directories in different places due
to some creating their home directories when the option was disabled and others creating their home directories when
the option was enabled.
1. In the /opt/wakari/wakari-compute/etc/wakari/wk-compute-launcher-config.json
file, add the projDirsAsHome key value and set it to true.

, "projDirsAsHome": true

NOTE: You must add the comma at the beginning of the line. If you add this line as the last key, you must
remove any comma at the end of the line.
2. Restart the AEN compute service:

sudo service wakari-compute restart

Setting up a default project environment

AEN includes a full installation of the Anaconda Python distribution—along with several additional pack-
ages—located within the root conda environment in /opt/wakari/anaconda.
The first time any new AEN project is started, this default project environment is cloned into the new project’s
workspace.
To configure a different set of packages than the default:
1. Create a new conda environment in the /opt/wakari/anaconda/envs/default directory.
EXAMPLE: Using a Python 3.4 base environment, run:

sudo -u $AEN_SRVC_ACCT /opt/wakari/anaconda/bin/conda \

create -p /opt/wakari/anaconda/envs/default python=3.4

2. Use conda to install any additional packages into the environment.

3. After the environment is created, clone it to ensure that it works correctly:

276 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

sudo -u $AEN_SRVC_ACCT /opt/wakari/anaconda/bin/conda \

create -p /opt/wakari/testenv --clone /opt/wakari/anaconda/envs/default
sudo -u $AEN_SRVC_ACCT rm -rf /opt/wakari/testenv

For more information and examples about creating a default project environment with Microsoft R Open (MRO), see
Using MRO in AEN.

Converting an existing project

1. Run the following command to clone the environment:

sudo -u $AEN_SRVC_ACCT /opt/wakari/anaconda/bin/conda \

create -n /projects/owner/project/envs/<ENV_NAME> \
--clone /opt/wakari/anaconda/envs/default

NOTE: Replace /projects/owner/project/envs/<ENV_NAME> with the path to the new environ-

ment you would like to create within the project.
2. Open the Compute Resource Configuration application for your project and set the project environment path
there as well.

Using MRO in AEN

In AEN 4.2.2 and higher, you can choose to create environments with the Microsoft R Open (MRO) interpreter by
installing the mro-base package, or create environments with the R interpreter by installing the r-base package.
Unless you request a change, conda will continue to use the existing interpreter in each environment. In AEN r-base
is the default.
EXAMPLE: To create a custom environment called mro_env with MRO and R Essentials:

.. code-block:: bash

sudo -u $AEN_SRVC_ACCT /opt/wakari/anaconda/bin/conda \

create -c https://repo.anaconda.com/pkgs/main \
-n mro_env r-essentials

NOTE: Conda 4.4 and higher include the main channel by default. Earlier versions of conda do not.

Making a default project environment with MRO

You can also create an environment with MRO and make this the default AEN project environment.
The first time a new project is started, the default project environment is cloned into the new project’s workspace.
1. Create a new conda environment in the /opt/wakari/anaconda/envs/default directory.
The command is similar to the one used in the previous example to create a custom environment.

sudo -u $AEN_SRVC_ACCT /opt/wakari/anaconda/bin/conda \

create -c https://repo.anaconda.com/pkgs/main \
-p /opt/wakari/anaconda/envs/default r-essentials

2. Use conda to install any additional packages into the environment.

3. After the environment is created, clone it to check that it works correctly, and then clean up the clone.

3.1. Anaconda Enterprise 4 277

Anaconda Documentation, Release 2.0

sudo -u $AEN_SRVC_ACCT /opt/wakari/anaconda/bin/conda \

create -p /opt/wakari/testenv --clone /opt/wakari/anaconda/envs/default
sudo -u $AEN_SRVC_ACCT rm -rf /opt/wakari/testenv

NOTE: To convert existing projects, see Converting an existing project.

Install AEN connected to a remote Mongo DB instance

To install AEN with a remote database:

1. Connect to the Mongodb instance and create the user for AEN:

> user = { user: "<username>",

pwd: "<super-secure-password>",
roles: [
{ role: "dbOwner", db: "<db_name>" },
{ role: "dbOwner", db: "<db_name>_mq" }
]
}
> db.createUser(user)
Successfully added user: { ... }

2. Before installing AEN-server export the database URL and name:

$ export MONGO_URL="mongodb://<username>:<password>@<host>:<port>/"
$ export MONGO_DB="<database_name>"

3. Continue the installation process: Install the AEN server.

Migrate from local to remote MongoDB

To configure your remote database to work with an already installed AEN server:
1. Stop the server, gateway and compute nodes:

sudo service wakari-server stop

sudo service wakari-gateway stop
sudo service wakari-compute stop

2. Open the /opt/wakari/wakari-server/etc/wakari/config.json file and create the

MONGO_URL key. For the value parameter, add the database information.
The final file should read:

{
"MONGO_URL": "mongodb://MONGO-USER:MONGO-PASSWORD@MONGO-URL:MONGO-PORT",
"MONGO_DB": "MONGO-DB-NAME",
"WAKARI_SERVER": "http://YOUR-IP",
"USE_SES": false,
"CDN": "http://YOUR-IP/static/",
"ANON_USER": "anonymous"
}

For more information about configuration keys, see Using configuration files.

278 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

3. Migrate the data from the former database into the new one. For more information, see the MongoDB docu-
mentation website.
4. After migration, restart the nodes:

sudo service wakari-server start

sudo service wakari-gateway start
sudo service wakari-compute start

Running SELinux in enforcing mode

To run SELinux in Enforcing mode, a few ports must be set up using the semanage port command.
The semange command relies on policycoreutils-python. To install policycoreutils-python, if
needed, run:

sudo yum -y install policycoreutils-python

Enable ports 9200 and 9300 for Elasticsearch:

sudo semanage port -a -t http_port_t -p tcp 9200

sudo semanage port -a -t http_port_t -p tcp 9300

Changing server hostnames

It is possible to change the domain names (hostnames) of the various AEN nodes by updating the configuration files.
NOTE: After the configuration files are updated, the associated nodes need to be restarted.
To edit the information for all of the data centers that you are changing the base domain name for:
1. Go to the Site Admin section of the Admin Settings page.
2. In the Data Centers section, click the Edit button.
3. Make any necessary updates.
NOTE: This must include the service port if it is different from the default—80 for HTTP and 443 for HTTPS.
4. In the Enterprise Resources sub-section of the Providers section, edit each compute node that has a changed
domain name.
NOTE: These URLs should include the protocol, hostname and port.

Authenticating with LDAP

Anaconda Enterprise Notebooks performs local authentication against accounts in the AEN database by default.
To configure AEN to authenticate against accounts in an LDAP (Lightweight Directory Access Protocol) server, follow
the instructions below.

Installing OpenLDAP libraries

The system needs OpenLDAP libraries to be installed and accessible by AEN. AEN uses the OpenLDAP libraries to
establish an LDAP connection to your LDAP servers.

3.1. Anaconda Enterprise 4 279

Anaconda Documentation, Release 2.0

To install OpenLDAP on CentOS or Redhat:

sudo yum install openldap

To install OpenLDAP on Ubuntu or Debian, follow the official OpenLDAP installation instructions.

Configuring OpenLDAP

1. Open the /opt/wakari/wakari-server/etc/wakari/wk-server-config.json file.

2. Add the following LDAP settings:

{
"accounts":"wk_server.plugins.accounts.ldap2",
"LDAP" : {
"URI": "ldap://openldap.EXAMPLE.COM",
"BIND_DN": "cn=Bob Jones,ou=Users,DC=EXAMPLE,DC=COM",
"BIND_AUTH": "secretpass",
"USER_SEARCH": {"base": "DC=EXAMPLE,DC=COM",
"filter": "(| (& (ou=Payroll)
(uid=%(username)s))
(& (ou=Facilities)
(uid=%(username)s)))"
},
"KEY_MAP": {"email": "mail",
"name": "cn"
}
}
}

• URI—The IP address or hostname of your OpenLDAP server. For SSL/TLS, use the ldaps:// prefix
and specify a TLS_CACERT as described in the SSL/TLS configuration section below.
• BIND_DN—The full directory path of the user you want AEN server to bind as.
• BIND_AUTH—The password of the BIND_DN user.
• USER_SEARCH:
– base—The level at which you want to start the search.
– filter—The default is to search for the sAMAccountName attribute, and use its value for the AEN
server username field.
• KEY_MAP—Maps user attributes in AEN server to LDAP user attributes.
EXAMPLE: The mail attribute in LDAP maps to the email attribute in AEN server.
3. Restart AEN server to load new settings.
4. Log in with the admin account. This creates the admin user in the local database.
5. As soon as LDAP is installed, LDAP authentication takes over, so you need to add your admin account again:

/opt/wakari/wakari-server/bin/wk-server-admin superuser --add "jsmith"

280 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Configuring Active Directory

Microsoft Active Directory is a server program that provides directory services and uses the open industry standard
Lightweight Directory Access Protocol (LDAP).
To enable Active Directory support:
1. Open the /opt/wakari/wakari-server/etc/wakari/wk-server-config.json file.
2. Add the following LDAP settings:

{
"accounts":"wk_server.plugins.accounts.ldap2",
"LDAP" : {
"URI": "ldap://<ad.EXAMPLE.COM>",
"BIND_DN": "CN=Bind User,CN=Users,DC=EXAMPLE,DC=COM",
"BIND_AUTH": "secretpass",
"USER_SEARCH": {"base": "CN=Users,DC=EXAMPLE,DC=COM",
"filter": "sAMAccountName=%(username)s"
},
"KEY_MAP": {"email": "mail",
"name": "cn"
}
}
}

• URI—The IP address or hostname of your Active Directory server. Replace <ad.EXAMPLE.COM> with
the actual URI. For SSL/TLS, use the ldaps:// prefix and specify a TLS_CACERT as described in the
SSL/TLS configuration section below.
• BIND_DN—The full directory path of the user you want AEN server to bind as.
• BIND_AUTH—The password of the BIND_DN user.
• USER_SEARCH:
– base—the level at which you want to start the search.
– filter—default is to search for the sAMAccountName attribute, and use its value for the AEN server
username field.
• KEY_MAP—Maps user attributes in AEN server to LDAP user attributes.
EXAMPLE: The mail attribute in LDAP maps to the email attribute in AEN server.
3. Restart AEN server to load new settings.
4. Log in with the admin account. This creates the admin user in the local database.
5. As soon as LDAP is installed, LDAP authentication takes over, so you need to add your admin account again:

/opt/wakari/wakari-server/bin/wk-server-admin superuser --add "jsmith"

Configuring SSL/TLS

AEN uses system-wide LDAP settings, including SSL/TLS support.

• On Redhat/CentOS systems, these settings are located in the /etc/openldap/ldap.conf file.
• On Ubuntu/Debian systems, these settings are located in the /etc/ldap/ldap.conf file.
Typically, the only configuration necessary is updating the file to read:

3.1. Anaconda Enterprise 4 281

Anaconda Documentation, Release 2.0

TLS_CACERT /path/to/CA.cert

NOTE: CA.cert is the Certificate Authority used to sign the LDAP server’s SSL certificate. In the case of a self-
signed SSL certificate, this is the path to the SSL certificate itself.

Testing LDAP configuration

Test your LDAP configuration using flask-ldap-login-check:

/opt/wakari/wakari-server/bin/flask-ldap-login-check \
wk_server.wsgi:app \
-u [username] \
-p [password]

NOTE: username is the username of a valid user and password is that user’s BIND_AUTH password.

Configuring sudo customizations

If your organization’s IT security policy does not allow root access or has restrictions on the use of sudo, after AEN
installation, you may customize AEN to meet their requirements.
Your organization may choose to implement any or all of the following:
• Remove root access for AEN service account (Note: this restricts AEN from managing user accounts).
• Configurable sudo command.
• Restrict sudo access to all processes.
These customizations must be done in a terminal window after copying the files to the server node.

Removing all root access from the service account

Because root access is required for useradd, the following process restricts AEN from managing user accounts.
1. Modify the /etc/sudoers.d/wakari_sudo file to read:

Defaults:wakari !requiretty, visiblepw

Runas_Alias OP = ALL,!root
wakari ALL=(OP) NOPASSWD: ALL

NOTE: If you used a service account name other than wakari, enter that name instead of wakari.
2. Modify the /opt/wakari/wakari-compute/etc/wakari/config.json file to read:

"MANAGE_ACCOUNTS": false,

Using this option means that your IT department must create and manage all user accounts at the OS level.
After an OS-level account exists, you may create on the main AEN web page an AEN account using the same name.
The password you choose is not linked in any way to the OS-level password for the account.
Alternatively, you can configure the system to use LDAP for authenticating users.

282 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Allowing public users to have access to your AEN projects

A public account is visible to anyone who can access the AEN server. The name of this account can be configured to
any name you wish. For example, public or anonymous. To disable this feature use the special value disabled.
1. In the /opt/wakari/wakari-compute/etc/wakari/wk-compute-launcher-config.json
file, modify the ANON_USER line to read:

"ANON_USER": "public"

2. Restart AEN compute node:

sudo service wakari-compute restart

3. In the /opt/wakari/wakari-server/etc/wakari/wk-server-config.json file, modify the

ANON_USER line to read:

"ANON_USER": "public"

4. Restart AEN server:

sudo service wakari-server restart

For more information about configuration keys, see Using configuration files.

Using a sudo alternative

You can use a sudo alternative as long as it supports the same execution semantics as the original sudo. The alternative
must be configured to give the service account permission to run commands on behalf of AEN users.
1. In your terminal window, open the /opt/wakari/wakari-compute/etc/wakari/config.json
file.
2. Modify the AEN_SUDO_CMD line to read:

"AEN_SUDO_CMD": "/path/to/alternative/sudo",

NOTE: If the alternate sudo command is available on PATH, then the full path is not required.

Restricting sudo access to a single gatekeeper

By default, sudoers is configured to allow AEN to run any command as a particular user which allows the platform to
initiate processes as the logged-in end user. If more restrictive control is required, it should be implemented using a
suitable sudoers policy. If that is not possible or practical, it is also possible to route all AEN ID-changing operations
through a single gatekeeper.
This gatekeeper wraps the desired executable and provides an alternate way to log, monitor, or control which processes
can be initiated by AEN on behalf of a user.
CAUTION: Gatekeeper is a special case configuration and should only be used if required.
To configure an AEN gatekeeper:
1. Modify the /etc/sudoers.d/wakari_sudo file to contain:

3.1. Anaconda Enterprise 4 283

Anaconda Documentation, Release 2.0

Defaults:wakari !requiretty, visiblepw

Runas_Alias OP = ALL,!root
wakari ALL=(OP) NOPASSWD: /path/to/gatekeeper

2. In the /opt/wakari/wakari-compute/etc/wakari/config.json file, modify the

AEN_SUDO_SH line to read:
"AEN_SUDO_SH": "/path/to/gatekeeper"

EXAMPLE: The gatekeeper can be as simple as a script with contents such as:
#!/bin/bash
first_cmd=$1
if [ 'bash' == $1 ]; then
shift
export HOME=~
export SHELL=/bin/bash
export PATH=$PATH:/opt/wakari/anaconda/bin
bash "$@"
else
exec $@
fi

Configuring SSL

The server node uses NGINX to proxy all incoming http(s) requests to the server running on a local port, and uses
NGINX for SSL termination. The default setup uses http—non-SSL—since cert files are required to configure SSL
and each enterprise will have their own cert files.
The www.enterprise.conf file is the default nginx.conf file used for AEN. It is copied to the /etc/
nginx/conf.d directory during server installation.
NOTE: This section describes setting up SSL after your gateway node has been installed and registered with the server
node.

Copying the required files

To configure SSL on AEN, you will need the following files:

• Server certificate and key
• Server CA bundle
• Gateway certificate and key
• Gateway CA bundle
Configure SSL on AEN:
1. Copy the Gateway certificate and key to /opt/wakari/wakari-gateway/etc/ on the Gateway as
gateway.crt and gateway.key.
2. Copy the Gateway CA bundle to /opt/wakari/wakari-server/etc/ on the Server.
3. Copy the Server certificate and key to /etc/nginx on the Server as server.crt and server.key.
4. Copy the Server CA bundle to /opt/wakari/wakari-gateway/etc/ on the Gateway.
If you have a certificate that was signed by a private root CA and/or an intermediate authority:

284 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

• The Gateway CA bundle must contain the full chain: root CA, any intermediate authority and the certificate.

cat gateway.crt intermediate.crt root.crt >> gatway-crt-int-root.crt

• The Server CA bundle must be separated into individual files for the root CA, any intermediate and the certifi-
cate.

Configuring SSL on the server node

The www.enterprise.https.conf is an NGINX configuration file for SSL. It is set up to use the server.crt
and server.key cert files.
CAUTION: You must change these values to point to the signed cert files for your domain.
NOTE: Self-signed certs or those signed by a private root CA require additional configuration.
Perform the following steps as root:
1. Stop NGINX:

service nginx stop

2. Move the /etc/nginx/conf.d/www.enterprise.conf file to a backup directory.

3. Copy the /opt/wakari/wakari-server/etc/nginx/conf.d/www.enterprise.https.
conf file to /etc/nginx/conf.d.
NOTE: /etc/nginx/conf.d may have www.enterprise.conf or www.enterprise.https.
conf but it may not have both.
4. Edit the /etc/nginx/conf.d/www.enterprise.https.conf file and change the server.crt and
server.key values to the names of the real cert and key files if they are different.
5. Restart NGINX by running:

service nginx start

6. Update the WAKARI_SERVER and CDN settings to use https instead of http in the following configuration
files:

/opt/wakari/wakari-server/etc/wakari/config.json
/opt/wakari/wakari-gateway/etc/wakari/wk-gateway-config.json
/opt/wakari/wakari-compute/etc/wakari/config.json

7. Copy the gateway certificate, gateway.crt to /opt/wakari/wakari-server/etc/.

8. In an editor, open /opt/wakari/wakari-server/etc/wakari/wk-server-config.json and
add:

"verify_gateway_certificate": "/opt/wakari/wakari-server/etc/gateway.crt"

9. Restart AEN services on the server by running:

service wakari-server restart

NOTE: This step may return an error since the gateway has not yet been configured for SSL.
10. In AEN, verify that the browser uses https. On the Admin Settings page, under Data Centers, click Gateway,
then select https:

3.1. Anaconda Enterprise 4 285

Anaconda Documentation, Release 2.0

Configuring SSL on the gateway

1. For all types of SSL certificates, in /opt/wakari/wakari-gateway/etc/wakari/

wk-gateway-config.json, add:

{
EXISTING_CONFIGURATION,
"https": {
"key": "/opt/wakari/wakari-gateway/etc/gateway.key",
"cert": "/opt/wakari/wakari-gateway/etc/gateway.crt"
}
}

2. For a server certificate signed by a private root CA or signed by an intermediate authority, add:

{
EXISTING_CONFIGURATION,
"https": {
"key": "/opt/wakari/wakari-gateway/etc/gateway.key",
"cert": "/opt/wakari/wakari-gateway/etc/gateway.crt",
"ca": ["/opt/wakari/wakari-gateway/etc/server.crt"]
}
}

NOTE: When the certificate chain has more than one intermediate cert signed by a higher root CA authority,
you must manually break up the certs in the chain into individual files, and enumerate them in the ca key:

{
EXISTING_CONFIGURATION,
"https": {
(continues on next page)

286 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

(continued from previous page)

"key": "/opt/wakari/wakari-gateway/etc/gateway.key",
"cert": "/opt/wakari/wakari-gateway/etc/gateway.crt",
"ca": ["/opt/wakari/wakari-gateway/etc/server1.crt",
"/opt/wakari/wakari-gateway/etc/server2.crt"
"/opt/wakari/wakari-gateway/etc/server3.crt"]
}
}

3. For a gateway certificate that is encrypted using a passphrase, add:

{
EXISTING_CONFIGURATION,
"https": {
"key": "/opt/wakari/wakari-gateway/etc/gateway.key",
"cert": "/opt/wakari/wakari-gateway/etc/gateway.crt",
"passphrase": "mysecretpassphrase"
}
}

NOTE: Alternatively, the passphrase can be passed using an environment variable or entered when the wakari-
gateway service is manually started.
EXAMPLES:

# using an environment variable

AEN_GATEWAY_SSL_PASSPHRASE='mysecretpassphrase' wk-gateway

# starting wakari-gateway manually

sudo service wakari-gateway start --ask-for-passphrase
Passphrase?

4. Restart the gateway:

sudo service wakari-gateway restart

Configuring SSL on compute nodes

Anaconda Enterprise does not support direct SSL on Compute Nodes. If you need SSL on Compute Nodes, you must
install each Compute Node on the same server as a Gateway using http://localhost:5002 for the URL value
while adding it as a resource, and you must use a Gateway for each and every Compute Node.

Security reminder

The permissions on the cert files must be set correctly to prevent them from being read by others. Since NGINX is run
by the root user, only the root user needs read access to the cert files.
EXAMPLE: If the cert files are called server.crt and server.key, then use the root account to set permissions:

chmod 600 server.key

chmod 600 server.crt

3.1. Anaconda Enterprise 4 287

Anaconda Documentation, Release 2.0

Enabling or disabling the Strict-Transport-Security header

By default, Strict-Transport-Security (STS) is enabled in the www.enterprise.https.conf file:

add_header Strict-Transport-Security max-age=31536000;

It can remain enabled if either of the following is true:

• The gateway is running on a different host than the server.
or
• SSL has been enabled for the gateway.
You must comment out this line if both of the following are true:
• The gateway is running on the same host as the server.
and
• SSL has not been enabled for the gateway.
Leaving STS enabled when these conditions are true will cause a mismatch in protocols between the server and
gateway, causing your apps to fail to launch correctly.

Configuring single sign-on

AEN’s single sign-on (SSO) capability creates a new authentication provider that defers to your Anaconda Repository
for login and authentication cookies.
To enable SSO:
1. Deploy AEN and Repository on the same machine.
2. In the /opt/wakari/wakari-server/etc/wakari/config.json file, add:

{
EXISTING_CONFIGURATION,
"SECRET_KEY": "<repo signing secret>",
"REPO_LOGIN_URL":
"http://example_repo.com:8080/account/login?next=http://example_repo.com/"
}

3. Copy the SECRET_KEY from the Repository configuration file.

4. In the /opt/wakari/wakari-server/etc/wakari/wk-server-config.json file, modify:

{
EXISTING_CONFIGURATION,
"accounts": "wk_server.plugins.accounts.repo",
}

5. If you are using Repository version 2.33.3 through 2.33.10, set USE_SERVER_BASED_SESSIONS: false
in the Repository configuration.
This setting affects the network security properties of AEN and Repository. Specifically, if
USE_SERVER_BASED_SESSIONS is set to false, and if a new cross-site scripting (XSS) vulnerability
is discovered, it could expose an additional server fixation vulnerability. Please discuss this with your Ana-
conda representative and be sure the feature is compatible with your network requirements before setting
USE_SERVER_BASED_SESSIONS: false.

288 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

6. To activate the changes restart wakari-server:

sudo service wakari-server restart

SSO is enabled.

Adding a third-party extension

Anaconda officially supports and tests functionality of the default environment(s) only for those extensions that ship
with AEN.
It is possible to add third-party and custom extensions from conda-forge or pip, but doing so may cause instability in
your default project environments or kernels.
CAUTION: Anaconda does not officially support third-party extensions. This section is informational only.

Installing unofficial Jupyter Notebook extensions for AEN

TIP: Always back up and verify your complete system before installing extensions.
The jupyter-contrib-nbextensions extensions are installed on a compute node.
The default conda executable directory for AEN is /opt/wakari/anaconda/bin/conda. If you are installing
a Jupyter extension, it must be installed in the wakari-compute directory.
EXAMPLE: Run:

/opt/wakari/anaconda/bin/conda install -p /opt/wakari/wakari-compute/ -c conda-forge

˓→jupyter_contrib_nbextension

For more information, see Unofficial Jupyter Notebook Extensions.

Configure search indexing

For search indexing to work correctly, verify that the AEN Compute node can communicate with the AEN Server.

curl -m 5 $AEN_SERVER > /dev/null

There must be at least one inotify watch available for the number of subdirectories within the project root filesys-
tem. Some Linux distributions default to a low number of watches, which can prevent the search indexer from moni-
toring project directories for changes.

cat /proc/sys/fs/inotify/max_user_watches

If necessary, increase the number of max user watches with the following command:

echo fs.inotify.max_user_watches=100000 | sudo tee -a /etc/sysctl.conf && sudo sysctl

˓→-p

There must be at least one inotify user instance available per project.

cat /proc/sys/fs/inotify/max_user_instances

If necessary, this can be increased with the following command:

3.1. Anaconda Enterprise 4 289

Anaconda Documentation, Release 2.0

echo fs.inotify.max_user_instances=1000 | sudo tee -a /etc/sysctl.conf && sudo sysctl

˓→-p

Create custom Jupyter kernel for Pyspark

These instructions add a custom Jupyter Notebook option to allow users to select PySpark as the kernel.

Install Spark

The easiest way to install Spark is with Cloudera CDH.

You will use YARN as a resource manager. After installing Cloudera CDH, install Spark. Spark comes with a PySpark
shell.

Create a notebook kernel for PySpark

You may create the kernel as an administrator or as a regular user. Read the instructions below to help you choose
which method to use.

1. As an administrator

Create a new kernel and point it to the root env in each project. To do so create a directory ‘pyspark’ in
/opt/wakari/wakari-compute/share/jupyter/kernels/.
Create the following kernel.json file:

{"argv": ["/opt/wakari/anaconda/bin/python",
"-m", "ipykernel", "-f", "connection_file}", "--profile", "pyspark"],
"display_name":"PySpark", "language":"python" }

You may choose any name for the ‘display_name’.

This configuration is pointing to the python executable in the root environment. Since that environment is under admin
control, users cannot add new packages to the environment. They will need an admin to help update the environment.

2. As an administrator without IPython profile

To have an admin level PySpark kernel without the user .ipython space:

{"argv":
["/opt/wakari/wakari-compute/etc/ipython/pyspark.sh", "-f", "{connection_file}"],
"display_name":"PySpark", "language":"python" }

NOTE: The pyspark.sh script is defined in Without IPython profile section below.

3. As a regular user

Create a new directory in the user’s home directory: .local/share/jupyter/kernels/pyspark/. This way the user will be
using the default environment and able to upgrade or install new packages.

290 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Create the following kernel.json file:

{"argv": ["/projects/<username>/<project_name>/envs/default/bin/python",
"-m", "ipykernel", "-f", "connection_file}", "--profile", "pyspark"],
"display_name":"PySpark", "language":"python" }

NOTE: Replace “<username>” with the correct user name and “<project_name>” with the correct project name.
You may choose any name for the ‘display_name’.

Create an IPython profile

The above profile call from the kernel requires that we define a particular PySpark profile. This profile should be
created for each user that logs in to AEN to use the PySpark kernel.
In the user’s home, create the directory and file ~/.ipython/profile_pyspark/startup/
00-pyspark-setup.py with the file contents:

import os
import sys

# The place where CDH installed spark, if the user installed Spark locally it can be
˓→changed here.

# Optionally we can check if the variable can be retrieved from environment.

os.environ["SPARK_HOME"] = "/usr/lib/spark"

os.environ["PYSPARK_PYTHON"] = "/opt/wakari/anaconda/bin/python"

# And Python path

os.environ["PYLIB"] = os.environ["SPARK_HOME"] + "/python/lib"
sys.path.insert(0, os.environ["PYLIB"] +"/py4j-0.9-src.zip") #10.4-src.zip")
sys.path.insert(0, os.environ["PYLIB"] +"/pyspark.zip")

os.environ["PYSPARK_SUBMIT_ARGS"] = "--name yarn pyspark-shell"

Now log in using the user account that has the PySpark profile.

Without IPython profile

If it is necessary to avoid creating a local profile for the users, a script can be made to be called from the kernel. Create
a bash script that will load the environment variables:

sudo -u $AEN_SRVC_ACCT mkdir /opt/wakari/wakari-compute/etc/ipython

sudo -u $AEN_SRVC_ACCT touch /opt/wakari/wakari-compute/etc/ipython/pyspark.sh
sudo -u $AEN_SRVC_ACCT chmod a+x /opt/wakari/wakari-compute/etc/ipython/pyspark.sh

The contents of the file should look like:

#!/usr/bin/env bash
# setup environment variable, etc.

export PYSPARK_PYTHON="/opt/wakari/anaconda/bin/python"
export SPARK_HOME="/usr/lib/spark"

(continues on next page)

3.1. Anaconda Enterprise 4 291

Anaconda Documentation, Release 2.0

(continued from previous page)

# And Python path
export PYLIB=$SPARK_HOME:/python/lib
export PYTHONPATH=$PYTHONPATH:$PYLIB:/py4j-0.9-src.zip
export PYTHONPATH=$PYTHONPATH:$PYLIB:/pyspark.zip

export PYSPARK_SUBMIT_ARGS="--name yarn pyspark-shell"

# run the ipykernel

exec /opt/wakari/anaconda/bin/python -m ipykernel $@

Using PySpark

When creating a new notebook in a project, now there will be the option to select PySpark as the kernel. When creating
such a notebook you’ll be able to import pyspark and start using it:

from pyspark import SparkConf

from pyspark import SparkContext

NOTE: You can always add those lines and any other command you may use frequently in the PySpark setup file
00-pyspark-setup.py as shown above.

Enabling server-side session management

By default, AEN uses client-side session management which is vulnerable to session replay attacks if an attacker
manages to steal a valid session ID of a user.
To enable server-side session management:
1. Modify the /opt/wakari/wakari-server/etc/wakari/wk-server-config.json file:

"USE_SERVER_BASED_SESSIONS": true,

2. Restart the AEN server service:

sudo service wakari-server restart

Terminate terminal sessions on logout

By default, when a user logs out, their open terminal sessions will remain active.
To disable this behavior:
1. Modify the /opt/wakari/wakari-server/etc/wakari/wk-server-config.json file:

"TERMINATE_TERMINALS_ON_LOGOUT": true,

2. Modify the /opt/wakari/wakari-gateway/etc/wakari/wk-gateway-config.json file:

"TERMINATE_TERMINALS_ON_LOGOUT": true,

3. Restart the AEN server service:

292 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

sudo service wakari-server restart

4. Restart the AEN gateway service:

sudo service wakari-gateway restart

Upgrading AEN

• Before you upgrade

• Upgrading the AEN server node
• Upgrading the AEN gateway node
• Upgrading AEN compute nodes
• After upgrading

CAUTION: These instructions are for upgrading AEN to the current version 4.3.2 from 4.3.1 ONLY. Each version
must be upgraded iteratively from the previous version. Do not skip versions.
Upgrade instructions for previous versions:
• AEN 4.3.1 upgrade instructions
• AEN 4.3.0 upgrade instructions
• AEN 4.2.2 upgrade instructions
• AEN 4.2.1 upgrade instructions
• AEN 4.2.0 upgrade instructions
• AEN 4.1.3 upgrade instructions
• AEN 4.1.2 upgrade instructions
• AEN 4.1.1 upgrade instructions.
• AEN 4.1.0 upgrade instructions.
• AEN 4.0.0 upgrade instructions.
For upgrades from versions before those listed above, please contact your enterprise support representative.
NOTE: Named Service Account functionality is available with AEN 4.0.0+ for new installations only. It is not available
for upgraded installations. Contact your enterprise support representative for more information.
An AEN platform update requires that each instance of the 3 node types be upgraded individually:
• AEN Server
• AEN Gateway
• AEN Compute
The upgrade process requires that all AEN service instances be stopped, upgraded, and then restarted.
NOTE: Any commands that call for the root user can also be done using sudo.
If you encounter any difficulty during the upgrade process, see Troubleshooting which provides guidance on:
• processes

3.1. Anaconda Enterprise 4 293

Anaconda Documentation, Release 2.0

• configuration files
• log files
• ports
If you are unable to resolve an installation or upgrade problem, please contact your enterprise support representative.

Before you upgrade

CAUTION: Make a tested backup of your installation before starting the upgrade. Upgrading to a higher version of
AEN is not reversible. Any errors during the upgrade procedure may result in partial or complete data loss and require
restoring data from backups.
CAUTION: Terminate all AEN applications and stop all projects before starting the upgrade process.
Before upgrading each service on each host:
1. Suspend the services on each of the nodes:

sudo service wakari-server stop

sudo service wakari-gateway stop
sudo service wakari-compute stop

2. Set the AEN Functional ID (“NFI”) and AEN Functional Group (“NFG”) to the NFI and NFG of the current
installation:

export AEN_SRVC_ACCT="wakari"
export AEN_SRVC_GRP="wakari"

NOTE: The default NFI is wakari, but aen_admin or any other name may be used instead.
For more information on NFI and NFG, see the installation instructions.
3. Install wget:

yum install wget

Upgrading the AEN server node

NOTE: If you are using LDAP-based authentication, back up the /opt/wakari/wakari-server/etc/

wakari/wk-server-config.json configuration file. After the server has been upgraded, copy that file back
into the same location as before the upgrade.
Complete the following steps on the server host:
1. Stop the Elasticsearch service:

sudo service elasticsearch stop

2. Remove any previous index:

sudo rm -rf /var/lib/elasticsearch/*

NOTE: You can choose to keep the old index, but if you detect any issues with the search capabilities after the
upgrade, you will need to run the following to start with a clean index:

294 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

sudo service wakari-server stop

sudo service elasticsearch stop
sudo rm -rf /var/lib/elasticsearch/*
sudo service elasticsearch start
sudo service wakari-server start

3. Upgrade the server:

pushd /tmp
wget http://j.mp/aen-server-update-4.3.2

sudo -E -u $AEN_SRVC_ACCT /opt/wakari/miniconda/bin/conda install \

-p /opt/wakari/wakari-server \
--file aen-server-update-4.3.2

sudo -E -u $AEN_SRVC_ACCT /opt/wakari/miniconda/bin/conda install \

-p /opt/wakari/wakari-server \
--no-deps \
wakari-enterprise-server-conf-update=2.0.12
popd

4. Start Elasticsearch:

sudo service elasticsearch start

Or, if you do not want to use the search features, edit your server’s /opt/wakari/wakari-server/etc/
wakari/config.json file by adding the line "SEARCH_ENABLED": false.
5. Restart the NGINX server:
AEN server version >= 4.1.3 uses Unix sockets for communication with NGINX. Restart NGINX to load this
new configuration:

sudo service nginx restart

Alternatively, you can restart NGINX with:

sudo nginx -s stop

sudo nginx

6. Start the server:

sudo service wakari-server start

7. Check that the server is running properly:

sudo service wakari-server status

8. If you see NGINX errors, please check the configuration at /opt/wakari/wakari-server/etc/

nginx/conf.d/www.enterprise.conf:18.
9. Connect to AEN server using your web browser with the correct protocol (http or https), hostname and port
number.

Upgrading the AEN gateway node

Complete the following steps on each gateway host:

3.1. Anaconda Enterprise 4 295

Anaconda Documentation, Release 2.0

1. Upgrade the gateway:

pushd /tmp
wget http://j.mp/aen-gateway-update-4.3.2

sudo -E -u $AEN_SRVC_ACCT /opt/wakari/miniconda/bin/conda install \

-p /opt/wakari/wakari-gateway \
--file aen-gateway-update-4.3.2

sudo -E -u $AEN_SRVC_ACCT /opt/wakari/miniconda/bin/conda install \

-p /opt/wakari/wakari-gateway \
--no-deps \
wakari-enterprise-gateway-conf-update=2.0.12
popd

2. Start the gateway:

sudo service wakari-gateway start

3. Check that the gateway is running properly:

sudo service wakari-gateway status

4. Connect to the gateway using your web browser with the correct http/https, hostname and port number.

Upgrading AEN compute nodes

Complete the following steps on each host where an AEN compute service is running:
1. Check for any wakari-indexer processes running:

ps aux | grep wakari-indexer

NOTE: If you stopped all the projects, you will not see any wakari-indexer processes running.
Terminate any remaining wakari-indexer processes:

sudo killall wakari-indexer

NOTE: The processes killed with killall are run by the $AEN_SRVC_ACCT user, so they can be killed
as root with sudo killall or killed as the $AEN_SRVC_ACCT user with sudo -u $AEN_SRVC_ACCT
killall. Example commands show the sudo killall option.
2. Check for any AEN applications processes running—Workbench, Viewer, Terminal or Notebook:

ps aux | grep wk-app-gateone

ps aux | grep wk-app-workbench
ps aux | grep wk-app-viewer
ps aux | grep wk-app-terminal
ps aux | grep jupyter-notebook

NOTE: If you stopped all the projects, you will not see any AEN app processes running.
Terminate any remaining AEN application processes by running one or more of the following:

sudo killall wk-app-gateone

sudo killall wk-app-workbench
(continues on next page)

296 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

(continued from previous page)

sudo killall wk-app-viewer
sudo killall wk-app-terminal
sudo killall jupyter-notebook

3. Verify the contents of /opt/wakari/anaconda/.condarc. Modify it to contain the following entries,

and possibly others if you customized the .condarc file.
NOTE: Modify the file as the AEN_SRVC_ACCT user (or be sure to keep the same ownership).

channels:
- https://conda.anaconda.org/t/<TOKEN>/anaconda-nb-extensions
- r
- https://conda.anaconda.org/wakari
- defaults

create_default_packages:
- anaconda-client
- ipykernel

NOTE: Contact your enterprise support representative to get your token for the Anaconda channel referenced
above. Replace <TOKEN> with the actual token from your enterprise support representative.
4. Upgrade Anaconda in the root environment:

pushd /tmp
wget http://j.mp/aen-anaconda-update-4_3_2

sudo -E -u $AEN_SRVC_ACCT /opt/wakari/anaconda/bin/conda install \

-p /opt/wakari/anaconda \
--file aen-anaconda-update-4_3_2
popd

5. Upgrade each compute service:

pushd /tmp
wget http://j.mp/aen-compute-update-4.3.2

sudo -E -u $AEN_SRVC_ACCT /opt/wakari/anaconda/bin/conda install \

-p /opt/wakari/wakari-compute \
--file aen-compute-update-4.3.2

sudo -E -u $AEN_SRVC_ACCT /opt/wakari/anaconda/bin/conda install \

--no-deps \
-p /opt/wakari/wakari-compute \
wakari-enterprise-compute-conf-update=2.0.16
popd

NOTE: When upgrading the wakari-compute environment, you may see ImportError warnings with some nbex-
tensions. As long as the Validating message is OK, the ImportError warnings are harmless—a consequence of
the post-link presence on those packages.
6. Initialize the root environment to prime the package cache:

sudo -E -u $AEN_SRVC_ACCT /opt/wakari/anaconda/bin/conda create \

-p /opt/wakari/testenv \
--clone root

7. Test the offline cloning step:

3.1. Anaconda Enterprise 4 297

Anaconda Documentation, Release 2.0

sudo -E -u $AEN_SRVC_ACCT /opt/wakari/anaconda/bin/conda create \

-p /opt/wakari/testenvoffline \
--clone root --offline

8. Remove the test environments:

sudo rm -rf /opt/wakari/testenv

sudo rm -rf /opt/wakari/testenvoffline

9. Install necessary dependencies:

NOTE: Skip this step if you already have these dependencies installed from previous installations.

sudo yum groupinstall "X Window System" -y

sudo yum install git -y

NOTE: If you don’t want to install the whole X Window System, you must install the following packages to
have R plotting support:

sudo yum install -y libXrender libXext libXdmcp libSM libICE libXt \

dejavu-sans-fonts dejavu-serif-fonts dejavu-fonts-common \
fontpackages-filesystem

10. Start the compute service:

sudo service wakari-compute start

11. Verify the compute service is running properly:

sudo service wakari-compute status

12. Restart the AEN Server with:

sudo service wakari-server restart

13. Repeat this upgrade procedure for all compute nodes in your Data Center.

After upgrading

1. Restart the projects and start using AEN applications.

2. If you have a customized default environment, you may choose to upgrade it depending on the needs of your
users.
Upgrade the customized default environment at /opt/wakari/anaconda/envs/default with the
$AEN_SRVC_ACCT user:

pushd /tmp
wget http://j.mp/aen-anaconda-update-4.3.2

sudo -E -u $AEN_SRVC_ACCT /opt/wakari/anaconda/bin/conda install \

-p /opt/wakari/anaconda/envs/default \
--file aen-anaconda-update-4.3.2
popd

To upgrade the customized default environments for every user and every project at /projects/<USER>/
<PROJECT>/envs/default, run these commands for every user as that user:

298 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

pushd /tmp
wget http://j.mp/aen-anaconda-update-4.3.2

sudo -E -u <USER> /opt/wakari/anaconda/bin/conda install \

-p /projects/<USER>/<PROJECT>/envs/default \
--file aen-anaconda-update-4.3.2
popd

NOTE: Replace <USER> with the user’s name. Replace <PROJECT> with the project name.
NOTE: Upgrading the default environment at /opt/wakari/anaconda/envs/default does NOT au-
tomatically upgrade the default environment in the users pre-existing projects. For pre-existing projects, the
upgrade, if requested, should be done on a per-user basis.
NOTE: These commands update packages listed in aen-anaconda-update-4.3.2 and do not update any
other package.
3. If you did not stop all your projects before upgrading, then the first time you start an application you will see an
error page requesting that you restart the application.
4. Restart the application to complete the upgrade.
5. If you still see old applications or icons after restart, reload the page to reset the browser cache.

Uninstalling AEN

Each AEN node must be uninstalled separately.

• Uninstalling a server node

• Uninstalling a gateway node
• Uninstalling a compute node
• OPTIONAL: Removing projects from compute nodes

Begin by setting the AEN Functional ID (NFI). The NFI is the username of the AEN Service Account which is used to
run all AEN services and is also the username of the AEN Admin account. The NFI may be any name. The default NFI
is wakari. The NFI is also often set to aen_admin. The NFI (and AEN Functional Group or NFG) are described
in the installation instructions.
Set the NFI with this command:

export AEN_SRVC_ACCT="aen_admin"

Replace the name aen_admin with the NFI that was set in your installation of Anaconda Enterprise Notebooks.

Uninstalling a server node

To remove a server node, run the following commands as root or sudo on the server node’s host system:
1. Stop the server processes:

service wakari-server stop

2. Stop MongoDB:

3.1. Anaconda Enterprise 4 299

Anaconda Documentation, Release 2.0

service mongod stop

3. Remove AEN server software, AEN database files and NGINX configuration:

rm -Rf /opt/wakari/wakari-server
rm -Rf /opt/wakari/miniconda
rm -Rf /var/lib/mongo/wakari*
rm -Rf /etc/nginx/conf.d/www.enterprise.conf

NOTE: Remove /etc/nginx/conf.d/www.enterprise.https.conf if SSL is enabled on the

Server node.
4. Restart MongoDB and NGINX:

service mongod restart

service nginx restart

5. Check for any outstanding server processes and stop them:

ps -ef | grep -e wakari-server -e wk-server

6. Remove the AEN Service Account:

userdel $AEN_SRVC_ACCT

7. Check for and remove any references to “aen” or “wakari” from the root user’s .condarc file:

grep -i aen ~/.condarc

grep -i wakari ~/.condarc

Uninstalling a gateway node

To uninstall a gateway node, run the following commands as root or sudo on the gateway host system:
1. Stop the gateway processes:

service wakari-gateway stop

2. Remove gateway software:

rm -Rf /opt/wakari/wakari-gateway

3. Check for any outstanding gateway processes and stop them:

ps -ef | grep -e wakari-gateway -e wk-gateway

4. Remove the AEN Service Account:

userdel $AEN_SRVC_ACCT

5. Check for and remove any references to “aen” or “wakari” from the root user’s .condarc file:

grep -i aen ~/.condarc

grep -i wakari ~/.condarc

300 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Uninstalling a compute node

To remove a compute node, run the following commands as root or sudo on each compute node host system:
1. Stop the compute processes:
service wakari-compute stop

2. Remove the compute software:

rm -Rf /opt/wakari/wakari-compute
rm -Rf /opt/wakari/miniconda
rm -Rf /opt/wakari/anaconda

3. Check for any outstanding compute processes and stop them:

ps -ef | grep -e wakari-compute -e wk-compute

4. Remove the AEN Service Account:

userdel $AEN_SRVC_ACCT

5. Check for and remove any references to “aen” or “wakari” from the root user’s .condarc file:
grep -i aen ~/.condarc
grep -i wakari ~/.condarc

OPTIONAL: Removing projects from compute nodes

CAUTION: This is an extreme measure and is not necessary in most instances. We recommend you create and verify
a backup before doing this or any other file removal.
To remove all AEN projects from all of your compute nodes:
rm -Rf /projects

This is a step-by-step guide to installing an Anaconda Enterprise Notebooks system comprised of a front-end server, a
gateway and compute machines.
If you have any questions about these instructions or you encounter any issues while installing AEN, please contact
your sales representative or Priority Support team.
When you have completed the installation process, review the optional configuration tasks to see if any are appropriate
for your system.

Distributed install

In a distributed install the server and gateway run on separate hosts.

Single-box install

In a single-box install, both the server and the gateway need separate external ports since they are independent services
that are running on the same host in the single-box installation.
Both port 80 and port 8089 must be open on the firewall for a single-box install.

3.1. Anaconda Enterprise 4 301

Anaconda Documentation, Release 2.0

The compute node only receives connections from the gateway and server nodes and typically runs on port 80 or port
443.

User management

Adding or removing an administrative user

An administrator can make any other user an administrator—or remove their administrator permissions—by using
administrator commands in the Terminal application.
A user can also be designated as a superuser or as staff, giving them greater administrative privileges within the system.

Designating a user as an administrator/superuser

To designate a user as an administrator and superuser:

/opt/wakari/wakari-server/bin/wk-server-admin superuser --add <username>

NOTE: Replace <username> with the actual username.

EXAMPLE: To give administrative privileges to the user named “jsmith” and set them as a superuser, run:

/opt/wakari/wakari-server/bin/wk-server-admin superuser --add jsmith

Removing an administrator/superuser

To remove a user’s administrative privileges:

/opt/wakari/wakari-server/bin/wk-server-admin superuser --remove <username>

NOTE: Replace <username> with the actual username.

Allowing and restricting new user registration

When Open Registration is enabled, anyone who has access to the URL of your AEN server can create their own
account.
1. In the AEN navigation bar, click Admin to open the Admin Settings page.
2. In the Site Admin menu, select Accounts.

3. To open user registration, select the Open Registration checkbox. To close registration, clear the checkbox.
4. Click the Update button.

302 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Resetting a user password

1. In the AEN navigation bar, click Admin to open the Admin Settings page.
2. In the Staff menu, select Password Reset:

3. Enter the username of the user whose password needs to be reset.

4. Click the Generate URL button.
A password reset link is generated that you can email to the user.
Alternatively you may use the command line interface:
1. Use ssh to log into the server as root.
2. Run:

/opt/wakari/wakari-server/bin/wk-server-admin reset-password -u SOME_USER -p SOME_

˓→PASSWORD

3.1. Anaconda Enterprise 4 303

Anaconda Documentation, Release 2.0

NOTE: Replace SOME_USER with the username and SOME_PASSWORD with the password.
3. Log into AEN as the user.

Managing permissions

This page explains the admin commands used to manage user permissions.

Checking file ownership

To verify that all files in the /opt/wakari/anaconda directory are owned by the wakari user or group:

root@server # find /opt/wakari/anaconda \! -user wakari -print

root@server # find /opt/wakari/anaconda \! -group wakari -print

Fixing file ownership settings

To fix the ownership settings of any files that are listed in the output:

chown -R wakari:wakari /opt/wakari/anaconda

Setting a file owner and permissions

To set a file owner and set its permissions:

chown wakari:wakari /opt/wakari/wakari-server/bin/wk-*

chmod 700 /opt/wakari/wakari-server/bin/wk-*

Verifying that POSIX ACLs are enabled

The acl option must be enabled on the file system that contains the project root directory.
NOTE: By default, the project root directory is /projects.
To determine the project root directory where a custom projectRoot is configured:

root@compute # grep projectRoot /opt/wakari/wakari-compute/etc/wakari/config.json

The mount options or default options listed by tune2fs should indicate that the acl option is enabled.
EXAMPLE:

root@compute # fs=`df /projects | tail -1 | cut -d " " -f 1`

root@compute # mount | grep $fs
/dev/vda on / type ext4 (rw)
root@compute # tune2fs -l $fs | grep options
Default mount options: user_xattr acl

304 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Viewing a list of users

1. In the AEN navigation bar, click Admin to open the Admin Settings page.
2. In the Site Admin menu, select Users:

The Users section lists the all users who are signed up, the number of projects they have created and the last time they
logged on to AEN.

Viewing a list of currently active users

In the AEN navigation bar, click Users.

Click a username to open the user’s profile page.

Viewing a user profile

A user’s profile page includes a summary of the projects created by that user and a list of projects on which the user is
a team member.
1. In the AEN navigation bar, click Users to see a list of users who are currently logged into the system.
2. On the Users page, click the username of the user whose profile page you want to view.

3.1. Anaconda Enterprise 4 305

Anaconda Documentation, Release 2.0

306 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

3.1. Anaconda Enterprise 4 307

Anaconda Documentation, Release 2.0

Sending a system message

1. In the AEN navigation bar, click Admin to open the Admin Settings page.
2. In the Staff menu, select Notification:

The Notification Settings section allows you to create a system message that can be relayed to users.
By default, notifications are off.
3. To turn on email notifications, select the radio button for the type of email service to use:
• SES to use Amazon Simple Email Service (SES).
• SMTP Email Server.
4. If you select SMTP Email Server, complete the SMTP Settings.
NOTE: If you get an error message after changing the SMTP settings, you may need to restart the server.

308 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Moving a project to another compute node

If you have multiple compute nodes available and want to move a project from one to another, the project must exist
on both nodes.
1. Verify that the project has been created on both compute nodes. You can use rsync for this job unless you
have a shared file system like nfs.
2. On the project home page, click the Project Settings icon to open the Project Settings page.

3. In the Settings menu, select Admin.

4. Click the Move button.

5. In the move dialog box, click to choose the compute node destination, and click the Move button.

3.1. Anaconda Enterprise 4 309

Anaconda Documentation, Release 2.0

Deleting a user

To remove a user from the AEN database:

/opt/wakari/wakari-server/bin/wk-server-admin remove-user <username>

NOTE: Replace <username> with the actual username.

NOTE: Changing the owner of a project requires that both the previous owner and the new owner are still AEN users.
Before deleting a user, change the owner of that user’s projects.

Deleting a project

To remove a project from the AEN database:

/opt/wakari/wakari-server/bin/wk-server-admin remove-project <username> <projectname>

NOTE: Replace <username> with the actual username and <projectname> with the actual project name you are
removing.

System management

Opening the Admin dashboard

If you have administrator privileges, you see two additional links in the AEN navigation bar—Admin and Users:
To open the Admin dashboard, click the Admin link.

310 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

3.1. Anaconda Enterprise 4 311

Anaconda Documentation, Release 2.0

Backing up and restoring AEN

• Document purpose
• Important notes
• Server component steps
– Backup

* Mongo database
* AEN Server config files (including License file)
* Nginx config (if needed)
* SSL certificates (if needed)
– Restore

* Reinstall AEN-Server
* Restore Mongo database
* AEN Server config files (including License file)
* Nginx config (if needed)
* SSL certificates (if needed)
* Restart server
• Gateway component steps
– Backup

* Config files
* Custom .condarc file (if needed)
* SSL certificates (if needed)
– Restore

* Reinstall AEN-Gateway
* Config files
* Custom .condarc file (if needed)
* SSL certificates (if needed)
* Restart gateway
• Compute component steps
– Backup

* Config files
* Custom Changes (rare)
* Create user list

312 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

* Project files
* Full Anaconda (option 1)
* Partial Anaconda (option 2)
– Restore

* Reinstall AEN-Compute
* Config files
* Custom changes (rare)
* Create users
* Project files
* Full Anaconda (option 1)
* Partial Anaconda (option 2)
* Custom environments (if needed)
* Restart compute node

Document purpose

This document lays out the steps to backup and restore Anaconda Enterprise Notebooks (AEN) for Disaster Recovery.
It is not intended to provide High Availability. Each of the components (Server, Gateway and Compute) has its own
instructions and each may be done individually as needed. The steps primarily involve creating tar files of important
configuration files and data.
This document is written for a system administrator who is comfortable with basic Linux command line navigation
and usage.
To migrate to a new cluster, use these backup and restore instructions to back up the system from the old cluster and
restore it to the new cluster.

Important notes

Review the Concepts page to become familiar with the different components and how they work together.
Root or sudo access is required for some commands.
CAUTION: All commands MUST be run by $AEN_SRVC_ACCT (the account used to run AEN) except for those
commands explicitly indicated to run as root or sudo. If the commands are not run by the correct user, the installation
will not work, and a full uninstallation and reinstallation will be required!
These instructions assume that the fully qualified domain name (FQDN) has not changed for any of the component
nodes. If any of the FQDNs are not the same, additional steps will be needed.

Server component steps

Backup

3.1. Anaconda Enterprise 4 313

Anaconda Documentation, Release 2.0

Mongo database

This will create a single tar file called aen_mongo_backup.tar that includes only the database named “wakari”
that is used by AEN. It also generates a log of the database backup.
NOTE: These commands must be run by $AEN_SRVC_ACCT.

mongodump -db wakari -o aen_main >> mongo_backup.log

tar -cvf aen_mongo_backup.tar aen_main

AEN Server config files (including License file)

Create a tar file of all of the configuration files, including any license files.
NOTE: This command must be run by $AEN_SRVC_ACCT.

tar -cvf aen_server_config.tar -C /opt/wakari/ wakari-server/etc/wakari/

Nginx config (if needed)

Make a copy of the nginx configuration file if it has been customized. The default configuration for the AEN server is
a symlink.
NOTE: This command must be run by $AEN_SRVC_ACCT.

/etc/nginx/conf.d/www.enterprise.conf -> /opt/wakari/wakari-server/etc/nginx/conf.d/

˓→www.enterprise.conf

SSL certificates (if needed)

Make a copy of the SSL certificates files (certfiles) for the server, including the key file, and a copy of the certfile for
the gateway, which is needed for verification if using self-signed or private CA signed certs.

Restore

Reinstall AEN-Server

See the instructions for installing the current version of AEN-Server.

It is not necessary to upload the license, because it will be restored with the config files.
NOTE: The new installation will generate a new password for the local $AEN_SRVC_ACCT account.

Restore Mongo database

This assumes that mongo was reinstalled as part of the reinstallation of the server component. Untar the mongo
database and restore it.
NOTE: These commands must be run by $AEN_SRVC_ACCT.

314 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

tar -xvf aen_mongo_backup.tar

mongorestore --drop aen_main

NOTE: The --drop option resets the $AEN_SRVC_ACCT user password and restores the database to the exact state
it was in at the time of backup. Please see the MongoDB documentation for more information about mongorestore
options for Mongo 2.6.
NOTE: AEN uses Mongo 2.6 by default. If you are using a different version, consult the documentation for your
version.

AEN Server config files (including License file)

Untar the tar file of all of the configuration files, including any license files.
NOTE: This command must be run by $AEN_SRVC_ACCT.

tar -xvf aen_server_config.tar -C /opt/wakari/

Make sure the files are in /opt/wakari/wakari-server/etc/wakari/ and are owned by the
$AEN_SRVC_ACCT.

Nginx config (if needed)

Make sure any modifications to the nginx configuration are either in /etc/nginx/conf.d or in /opt/wakari/
wakari-server/etc/nginx/conf.d/ with a proper symlink.
NOTE: This command must be run by $AEN_SRVC_ACCT.

/etc/nginx/conf.d/www.enterprise.conf -> /opt/wakari/wakari-server/etc/nginx/conf.d/

˓→www.enterprise.conf

SSL certificates (if needed)

Move any SSL certificate files to the locations indicated in the config files.

Restart server

Restart the server application.

NOTE: This command must be run as root or with sudo.

service wakari-server restart

Gateway component steps

Backup

Config files

Create a tar file of all of the configuration files.

3.1. Anaconda Enterprise 4 315

Anaconda Documentation, Release 2.0

NOTE: This command must be run by $AEN_SRVC_ACCT.

tar -cvf aen_gateway_config.tar -C /opt/wakari/ wakari-gateway/etc/wakari/

Custom .condarc file (if needed)

Make a copy of any /opt/wakari/miniconda/.condarc if it has been modified.

SSL certificates (if needed)

Make a copy of SSL certificate files for the gateway (including the key file) and the certfile for the server (needed for
verification if using self-signed or private CA signed certs).

Restore

Reinstall AEN-Gateway

Setting variables and changing permissions

NOTE: These commands must be run by $AEN_SRVC_ACCT.

Run:

export AEN_SERVER=<FQDN HOSTNAME OR IP ADDRESS> # Use the real FQDN

export AEN_GATEWAY_PORT=8089
export AEN_GATEWAY=<FQDN HOSTNAME OR IP ADDRESS> # will be needed shortly
chmod a+x aen-*.sh # Set installer to be executable

NOTE: Change <FQDN HOSTNAME OR IP ADDRESS> to the actual fully qualified domain hostname or IP address.
NOTE: You must perform the entire procedure before closing the terminal to ensure the variable export persists. If the
terminal is closed before successful installation, export the variables to continue with the installation.

Running the AEN gateway installer

Run:

sudo -E ./aen-gateway-4.3.2-Linux-x86_64.sh -w $AEN_SERVER

<license text>
...
...

PREFIX=/opt/wakari/wakari-gateway
Logging to /tmp/wakari_gateway.log
...
...
Checking server name
Please restart the Gateway after running the following command
to connect this Gateway to the AEN Server
...

316 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Config files

Untar the configuration files.

NOTE: This command must be run by $AEN_SRVC_ACCT.

tar -xvf aen_gateway_config.tar -C /opt/wakari

Verify that the files are in /opt/wakari/wakari-gateway/etc/wakari/ and are owned by the
$AEN_SRVC_ACCT.

Custom .condarc file (if needed)

Move the custom .condarc file to /opt/wakari/miniconda/.condarc.

SSL certificates (if needed)

Move any SSL certificate files to the locations indicated in the config files.

Restart gateway

Restart the gateway application.

NOTE: This command must be run as root or with sudo.

service wakari-gateway restart

Compute component steps

Backup

Config files

Create a tar file of all of the configuration files.

NOTE: This command must be run by $AEN_SRVC_ACCT.

tar -cvf aen_compute_config.tar -C /opt/wakari/ wakari-compute/etc/wakari

Custom Changes (rare)

Manually backup any custom changes that were applied to the code. One change might be additional files in the
skeleton folder:
/opt/wakari/wakari-compute/lib/node_modules/wakari-compute-launcher/skeleton

3.1. Anaconda Enterprise 4 317

Anaconda Documentation, Release 2.0

Create user list

AEN uses POSIX access control lists (ACLs) for project sharing, so the backup must preserve the ACL information.
This is done with a script that creates a file named users.lst containing a list of all users that have access to
projects on a given compute node. Download and run the script.
NOTE: These commands must be run by $AEN_SRVC_ACCT.

wget https://s3.amazonaws.com/continuum-airgap/misc/wk-compute-get-acl-users.py
chmod 755 wk-compute-get-acl-users.py
./wk-compute-get-acl-users.py

Project files

Create a tar of the projects directory with ACLs enabled. The default projects base location is /projects.
NOTE: This command must be run as root or with sudo.

tar --acls -cpvf projects.tar -C <projects base location>/*

Full Anaconda (option 1)

If any changes have been made to the default Anaconda installation (additional packages installed or packages re-
moved), it is necessary to backup the entire Anaconda installation.
NOTE: This command must be run by $AEN_SRVC_ACCT.

tar -cvf aen_anaconda.tar -C /opt/wakari/anaconda/*

If no changes have been made to the default installation of Anaconda, you may just backup the .condarc file and
any custom environments.

Partial Anaconda (option 2)

Custom .condarc file

Make a copy of /opt/wakari/anaconda/.condarc.

Custom environments (if needed)

Create a tar file of any custom shared environments.

NOTE: This command must be run by $AEN_SRVC_ACCT.

tar -cvf aen_compute_envs.tar -C /opt/wakari/ anaconda/envs

NOTE: If no custom shared environments have been created, the envs folder will not be present.

318 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Restore

Reinstall AEN-Compute

Setting variables and changing permissions

NOTE: These commands must be run by $AEN_SRVC_ACCT.

Run:

export AEN_SERVER=<FQDN HOSTNAME OR IP ADDRESS> # Use the real FQDN

chmod a+x aen-*.sh # Set installer to be executable

NOTE: Change <FQDN HOSTNAME OR IP ADDRESS> to the actual fully qualified domain hostname or IP address.
NOTE: You must perform the entire procedure before closing the terminal to ensure the variable export persists.

Running the AEN compute installer

Run:

sudo -E ./aen-compute-4.3.2-Linux-x86_64.sh -w $AEN_SERVER

...
...
PREFIX=/opt/wakari/wakari-compute
Logging to /tmp/wakari_compute.log
Checking server name
...
...
Initial clone of root environment...
Starting Wakari daemons...
installation finished.
Do you wish the installer to prepend the wakari-compute install location
to PATH in your /root/.bashrc ? [yes|no]
[no] >>> yes

Config files

Untar the config files.

NOTE: This command must be run by $AEN_SRVC_ACCT.

tar -xvf aen_compute_config.tar -C /opt/wakari

NOTE: Verify that they are located in /opt/wakari/wakari-compute/etc/wakari and are owned by the
$AEN_SRVC_ACCT.

Custom changes (rare)

Manually restore any custom changes you saved in the backup section. If there are changes in the skeleton directory,
these files must be world readable or projects will refuse to start.

3.1. Anaconda Enterprise 4 319

Anaconda Documentation, Release 2.0

Create users

NOTE: Only create users with these instructions if your Linux machine is not bound to LDAP.
In order for the ACLs to be set properly on restore, all users that have permissions to the files must be available on the
machine. Ask your system administrator for the proper way to do this for your system, such as using the “useradd”
tool. A list of users that are needed was created in the backup process as a file named users.lst.
A process similar to the following useradd example will be suitable for most Linux systems.
NOTE: This command must be run by $AEN_SRVC_ACCT.

xargs -0 -n 1 useradd --user-group < users.lst

Project files

Create the projects directory in the location specified in projectRoot in wk-compute-launcher-config.json.

NOTE: By default this directory is /projects.
Then untar the projects directory with ACLs.
NOTE: This command must be run as root or with sudo:

tar --acls -xpvf projects.tar -C <projects base location>

Full Anaconda (option 1)

If you did a full backup of the full Anaconda installation, untar this file to /opt/wakari/anaconda.
NOTE: This command must be run by $AEN_SRVC_ACCT.

tar -xvf aen_anaconda.tar -C /opt/wakari

Partial Anaconda (option 2)

Restore the custom .condarc file.

If you did a partial backup of the Anaconda installation, move the copy of the .condarc file to /opt/wakari/
anaconda/.condarc.

Custom environments (if needed)

Untar any custom environments that were created to /opt/wakari/anaconda/envs.

NOTE: This command must be run by $AEN_SRVC_ACCT.

tar -xvf aen_compute_envs.tar -C /opt/wakari

320 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Restart compute node

Restart the compute-launcher application.

NOTE: This command must be run as root or with sudo.

service wakari-compute restart

Viewing a list of admin commands

A user who is promoted to administrator can access administrator commands to perform advanced administrator tasks.
NOTE: Utility files are owned by, and should only be executed by, the AEN user who owns the files.
To display a list of all administrator commands:

ls -al /opt/wakari/wakari-server/bin/wk-*

Viewing help for admin commands

To view help information for command, run the command followed by -h or --help.
EXAMPLE: To view help for the remove-user command:

/opt/wakari/wakari-server/bin/wk-server-admin remove-user -h
/opt/wakari/wakari-server/bin/wk-server-admin remove-project -h

Running daily reports

1. In the AEN navigation bar, click Admin to open the Admin Settings page.
2. In the Staff menu, select Daily Report:

The Report section displays the following:

• Users—The number of users and projects.
• New User Emails—If open registration is enabled, the user names and emails for new users.
• Actions—The actions—projects created, projects updated, user authentications and added users—that have oc-
curred in during the selected time frame—today, yesterday, this week, or this month.

Viewing system errors

When an error occurs, a red dot is displayed in the AEN navigation bar next to the Admin link. The red dot is removed
when all exceptions are marked as “read.”
1. In the AEN navigation bar, click Admin to open the Admin Settings page.
2. In the Staff menu, select Exceptions:

3.1. Anaconda Enterprise 4 321

Anaconda Documentation, Release 2.0

322 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

3.1. Anaconda Enterprise 4 323

Anaconda Documentation, Release 2.0

The Exceptions section lists all errors that have occurred while AEN is running.
3. To see the details of an error, click the radio button next to the error. This also marks the error as “read.”
4. To mark all errors as read without reviewing each one, click the Mark all as read button.

Viewing security errors

1. In the AEN navigation bar, click Admin to open the Admin Settings page.
2. In the Site Admin menu, select Security Log:

The Security Log section lists all errors that have occurred that could potentially affect AEN security.
3. To view a user’s profile page, click their username in the Actor column.
4. To see the details of an error, click the Eye icon next to the error.
The error details are displayed:

5. To close the error details, click the Back link.

324 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Managing data centers

1. In the AEN navigation bar, click Admin to open the Admin Settings page.
2. In the Site Admin menu, select Data Centers:

The Data Centers section displays current data center information.

3.1. Anaconda Enterprise 4 325

Anaconda Documentation, Release 2.0

Adding a data center

1. Click the Add DataCenter button to display the the Register a datacenter form.
2. In the Name box, type a Name for the new data center:

3. Select the Subdomain Routing and/or Https checkboxes.

4. In the Base Domain Name box, type the base domain name.
5. In the Summary box, type a description of the data center.
6. In the Provider list, select a provider.
7. Click the Submit button.

Managing enterprise resources

1. In the AEN navigation bar, click Admin to open the Admin Settings page.
2. In the Providers menu, select Enterprise Resources:

326 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

3.1. Anaconda Enterprise 4 327

Anaconda Documentation, Release 2.0

The Resources section lists your existing cloud and local resources.

Adding a resource

1. Click the Add Resource button to open the new resource form.
2. Complete the form:

3. Click the Add Resource button.

Viewing or changing the resource details

1. Click a resource name to open the Local Resource form.

2. If necessary, change the resource details:

328 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

3.1. Anaconda Enterprise 4 329

Anaconda Documentation, Release 2.0

3. Click the Update button.

Making a node public or private

1. Click the resource name to open the Local Resource form.

2. Select or clear the Public checkbox:

330 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

3. Click the Update button.

Removing a resource

Click the Remove button next to the resource you want to remove.
NOTE: When you remove a resource assigned to a project, the project becomes orphaned. To fix an orphaned project,
move the project to a valid Compute Resource.

Managing services

The tasks on this page assume that the 3 AEN nodes are installed in the following locations:
• Server–/opt/wakari/wakari-server/.
• Gateway–/opt/wakari/wakari-gateway/.
• Compute-Launcher–/opt/wakari/wakari-compute/.

• Checking the status of server node processes

• Checking the status of gateway node processes
• Checking the status of compute node processes
• Starting AEN services
• Verifying that AEN services are set to start with the system
• Stopping AEN services
• Restarting AEN services
• Identifying extraneous processes
• Removing extraneous processes

Checking the status of server node processes

1. Run:

# service wakari-server status

wk-server RUNNING pid 20758, uptime 5 days, 0:30:23
worker RUNNING pid 20757, uptime 5 days, 0:30:23

OR

root@server # ps -Hu wakari

PID TTY TIME CMD
20756 ? 00:02:26 .supervisord
20757 ? 00:05:58 mtq-worker
20758 ? 00:00:08 wk-server
(continues on next page)

3.1. Anaconda Enterprise 4 331

Anaconda Documentation, Release 2.0

(continued from previous page)

20765 ? 00:02:00 wk-server
20766 ? 00:01:55 wk-server
20767 ? 00:02:20 wk-server
20770 ? 00:02:02 wk-server

2. Run:

root@server # service nginx status

nginx (pid 26303) is running...

For more information on server processes, see Server processes.

Checking the status of gateway node processes

Run:

# service wakari-gateway status

wk-gateway RUNNING pid 1137, uptime 5 days, 1:59:28

OR

root@gateway # ps -Hu wakari

PID TTY TIME CMD
1136 ? 00:01:59 .supervisord
1137 ? 00:00:02 wk-gateway

For more information on gateway processes, see Gateway processes.

Checking the status of compute node processes

Run:

# service wakari-compute status

wk-compute RUNNING pid 22050, uptime 3 days, 1:03:19

OR

root@compute # ps -Hu wakari

PID TTY TIME CMD
1150 ? 00:02:01 .supervisord
1152 ? 00:00:01 wk-compute

For more information on compute node processes, see Compute processes.

Starting AEN services

Services should start automatically both when they are first installed and at any point when the system is restarted.
If you need to manually start an AEN service, you must start each node independently, because they may be running
on separate machines.
NOTE: The process is basically the same for each node, but the path to the correct commands vary.
To manually start a service:

332 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

• On the server node, run:

service wakari-server start

• On the gateway node, run:

service wakari-gateway start

• On a compute node, run:

service wakari-compute start

Verifying that AEN services are set to start with the system

To verify that AEN services are set up to start automatically:

1. Run the following command on each node:

chkconfig --list | grep wakari

2. If services are missing, add them:

chkconfig --add [wakari-server|wakari-gateway|wakari-compute]

3. Restart the services.

Stopping AEN services

CAUTION: Do not stop or kill supervisord without first stopping wk-compute and any other processes that use it.
You must stop services on each node independently, because they may be running on separate machines.
To stop an AEN service:
• On the server node, run:

service wakari-server stop

• On the gateway node, run:

service wakari-gateway stop

• On a compute node, run:

service wakari-compute stop

Compute nodes may have running processes that are not automatically stopped. To stop them, run:

sudo /opt/wakari/wakari-compute/bin/wk-compute-apps kill-all

Restarting AEN services

• On the server node, run:

3.1. Anaconda Enterprise 4 333

Anaconda Documentation, Release 2.0

service wakari-server restart

• On the gateway node, run:

service wakari-gateway restart

• On a compute node, run:

service wakari-compute restart

Identifying extraneous processes

To get a complete list of the processes running under the wakari user account, run ps -Hu wakari.
EXAMPLE:

root@server # ps -Hu wakari

PID TTY TIME CMD
20756 ? 00:02:26 .supervisord
20757 ? 00:05:58 mtq-worker
20758 ? 00:00:08 wk-server
20765 ? 00:02:00 wk-server
20766 ? 00:01:55 wk-server
20767 ? 00:02:20 wk-server
20770 ? 00:02:02 wk-server

root@server # ps -f -C nginx
UID PID PPID C STIME TTY TIME CMD
root 26303 1 0 12:18 ? 00:00:00 nginx: master process /usr/sbin/nginx -c /
˓→etc/nginx/nginx.conf

nginx 26305 26303 0 12:18 ? 00:00:00 nginx: worker process

root@gateway # ps -Hu wakari

PID TTY TIME CMD
1136 ? 00:01:59 .supervisord
1137 ? 00:00:02 wk-gateway

root@compute # ps -Hu wakari

PID TTY TIME CMD
1150 ? 00:02:01 .supervisord
1152 ? 00:00:01 wk-compute

• wk-server, wk-gateway and wk-compute should have PIDs reported by supervisorctl.

• The nginx master process should have a PID reported by service nginx status.
• If you have installed more than one AEN node on a single machine, the processes from all of the installed nodes
should be displayed for that machine.
• On compute node(s), any AEN applications currently being run by users will be present.
EXAMPLE:

root@compute # ps -Hu wakari

PID TTY TIME CMD
1150 ? 00:00:00 .supervisord
1152 ? 00:00:00 wk-compute
(continues on next page)

334 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

(continued from previous page)

1340 ? 00:00:00 bash
1341 ? 00:00:00 notebookwrapper

Removing extraneous processes

If extra wk-server, wk-gateway, wk-compute, or supervisord processes are present, use the kill command to remove
them to prevent issues with AEN.
You can safely restart any process that you remove in error.

Making sure NGINX and MongoDB are running

In order for AEN to run, the dependencies mongodb and nginx must be up and running. If either of these fail to start,
AEN will not be served on port 80.
Check if nginx and mongod are both running (RHEL 6x):
$ sudo service nginx status
nginx (pid 25956) is running...

$ sudo service mongod status

mongod (pid 25928) is running...

If either of these failed to start, tail the log files. The default location of log files is:
$ tail -n 50 /var/log/mongodb/mongod.log

# nginx errors reported in error.log

$ tail -n 50 /var/log/nginx/error.log

Viewing, terminating, and relaunching applications

1. In the AEN navigation bar, click Admin to open the Admin Settings page.
2. In the Site Admin menu, select Monitor:

The Monitor menu lists started applications by user and project.

The list includes columns for the application name, current running status, running node and last seen date.
3. Use the buttons to terminate or relaunch an application.
4. To view an application’s logs, click the Logs button with the document icon.

Viewing the task queue

1. In the AEN navigation bar, click Admin to open the Admin Settings page.
2. In the Site Admin menu, select Task Queue:

3.1. Anaconda Enterprise 4 335

Anaconda Documentation, Release 2.0

336 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

The Workers section lists the workers in the task queue and whether each worker is set at high, default or low
priority.
The Queues section provides information on the default and high priority queues.
3. To view all the tasks in a particular queue, in the Queues section, click the queue name.

Checking node connections

When the AEN nodes cannot communicate with each other as intended, it can cause issues with you AEN platform
installation.

• Verifying server to gateway connectivity

• Verifying gateway to compute node connectivity
• Verifying gateway to server connectivity

Verifying server to gateway connectivity

1. On the server, in the AEN navigation bar, click Admin to open the Admin Settings page.
2. In the Site Admin menu, select Data Centers:

3.1. Anaconda Enterprise 4 337

Anaconda Documentation, Release 2.0

3. For each data center in the list, check connectivity from the server to that gateway.
EXAMPLE: The gateway in this example is http://gateway.example.com:8089:

root@server # curl --connect-timeout 5 http://gateway.example.com:8089 > /dev/null

Verifying gateway to compute node connectivity

1. On the server, in the AEN navigation bar, click Admin to open the Admin Settings page.
2. In the Providers menu, select Enterprise Resources:

3. Open each compute node in the Resources section.

4. Verify that the contents of the URL field begin with either http or https.

338 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

3.1. Anaconda Enterprise 4 339

Anaconda Documentation, Release 2.0

5. Check connectivity to that URL from the corresponding gateway.

EXAMPLE: The gateway in this example is http://gateway.example.com:8089:
root@gateway # curl --connect-timeout 5 http://compute.example.com:5002 > /dev/
˓→null

Verifying gateway to server connectivity

The gateway-to-server path is used by the gateway configuration command wk-gateway-configure.

1. Verify that the gateway is linked to the correct server in the configuration file.
2. Verify that the full server URL is specified.
3. Check connectivity to the server:
root@gateway # grep WAKARI_SERVER /opt/wakari/wakari-gateway/etc/wakari/wk-
˓→gateway-config.json

"WAKARI_SERVER": "http://wakari.example.com",

root@gateway # curl --connect-timeout 5 http://wakari.example.com > /dev/null

root@gateway # curl --connect-timeout 5 http://error.example.com > /dev/null
curl: (7) Failed to connect to error.example.com port 80: Connection refused

4. If a connection fails:
1. Ensure that gateways (data centers) and compute nodes (Enterprise Resources) are correctly configured on
the server.
2. Verify that processes are listening on the configured ports:
$ sudo netstat -nplt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program
tcp 0 0 *:80 *:* LISTEN 26409/nginx
tcp 0 0 *:22 *:* LISTEN 986/sshd
tcp 0 0 127.0.0.1:25 *:* LISTEN 1063/master
tcp 0 0 *:5000 *:* LISTEN 26192/python
tcp 0 0 127.0.0.1:27017 *:* LISTEN 29261/mongod
tcp 0 0 *:22 *:* LISTEN 986/sshd
tcp 0 0 127.0.0.1:25 *:* LISTEN 1063/master

3. Check the firewall setting and logs on both hosts to ensure that packets are not being blocked or discarded.

Verifying and tuning search indexing

For search indexing to work correctly, a compute node must be able to communicate with the server. To verify this:
1. Run:
curl -m 5 $AEN_SERVER > /dev/null

2. Verify that there are sufficient inotify watches available for the number of subdirectories within the project root
file system:

340 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

cat /proc/sys/fs/inotify/max_user_watches

NOTE: Some Linux distributions default to a low number of watches, which may prevent the search indexer
from monitoring project directories for changes.
3. If necessary, increase the number of watches:

echo fs.inotify.max_user_watches=100000 | sudo tee -a /etc/sysctl.conf && sudo

˓→sysctl -p

4. Verify that there are sufficient inotify user instances available—at least one per project:

cat /proc/sys/fs/inotify/max_user_instances

5. If necessary, increase the number of inotify user instances:

echo fs.inotify.max_user_instances=1000 | sudo tee -a /etc/sysctl.conf && sudo

˓→sysctl -p

Changing the AEN server URL

1. In the AEN navigation bar, click Admin to open the Admin Settings page.
2. In the Site Admin menu, select General:

3. In the Wakari Server box, type the main URL where the site can be viewed.
4. Click the Update button.

Changing the static URL for JavaScript files

1. In the AEN navigation bar, click Admin to open the Admin Settings page.
2. In the Site Admin menu, select General:

3. In the Static URL box, type the static URL where JavaScript files can be accessed.
4. Click the Update button.

Changing the AEN account type

1. In the AEN navigation bar, click Admin to open the Admin Settings page.
2. In the Site Admin menu, select General:

3.1. Anaconda Enterprise 4 341

Anaconda Documentation, Release 2.0

342 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

3.1. Anaconda Enterprise 4 343

Anaconda Documentation, Release 2.0

344 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

3. In the Account Type box, select the account type—cloud or LDAP.

4. Click the Update button.

Changing the default for project access

1. In the AEN navigation bar, click Admin to open the Admin Settings page.
2. In the Site Admin menu, select General:

3. Under Default Project Access, select the default access type for new projects: Public or Private.
4. Click the Update button.

3.1. Anaconda Enterprise 4 345

Anaconda Documentation, Release 2.0

Changing the owner of a project

To change the owner of a project:

1. Collect the project name, the user name of the previous owner, and the user name of the new owner.
2. Run the wakari-server executable command wk-server-admin:

/opt/wakari/wakari-server/bin/wk-server-admin project-owner --project PROJECT --

˓→old OLD_OWNER --new NEW_OWNER --delete --keep-owner

• PROJECT: The project name.

• OLD_OWNER: The user name of the previous owner.
• NEW_OWNER: The user name of the new owner.
• --delete: An optional flag that deletes the old project directory in the projects directory of
OLD_OWNER. If this flag is not used, the old project directory is preserved but no longer used.
• --keep-owner: An optional flag that makes OLD_OWNER a collaborator of the project after it is transferred
to NEW_OWNER. If this flag is not used, OLD_OWNER will no longer have collaborator access to the project.
NOTE: The OLD_OWNER user must still exist when the project’s owner is changed. Before deleting any user, be
sure to change the owner of the user’s projects.

Editing configuration files

1. In the AEN navigation bar, click Admin to open the Admin Settings page.
2. In the Site Admin menu, select General.

3. In the Config Files section, change the configuration settings for your AEN installation. For more information
on configuration files, see Using configuration files.
4. Click the Update button.

Managing your AEN license

1. In the AEN navigation bar, click Admin to open the Admin Settings page.
2. In the Site Admin menu, select License:

The Current License section displays information regarding your AEN license, including the name of the prod-
uct, vendor, license holder’s name, end and issued dates, company name, license type, and contact email.

346 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

3.1. Anaconda Enterprise 4 347

Anaconda Documentation, Release 2.0

Renewing your AEN license

1. Click the Renew your license button.

2. In the Upload New License section, click the Choose File button.
3. Select the new license file.
4. Click the Open button.
5. Click the Update button.
Your renewed license information is displayed.

Cheat sheet

The Admin dashboard includes three menus in the left column: Staff, Site Admin and Providers.

Staff menu

• Daily Report—See the number of users and projects.

• Password Reset—Reset a user password.
• Notification—Send system messages to users via SES or SMTP.

348 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

• Exceptions—If errors are raised while AEN is running, a red dot appears in the AEN navigation bar. Review
errors and mark them as read.

Site Admin menu

• General—Change the configuration settings for your AE Notebook server installation.

• Accounts—Turns on or off Open Registration.
• Users—View usernames, number of projects and last logins.
• Monitor–View status of applications with related data, terminate or restart
• Security Log—View errors that could affect security.
• Data Centers—View current data centers and add a new data center.
• Task Queue—View workers in the task queue and priority.
• License—View current AEN license or upload a new license.

Providers menu

Enterprise Resources—View, add or remove local or cloud services and designate public or private to control access
to a compute node.

Troubleshooting

This troubleshooting guide provides you with ways to deal with issues that may occur with your AEN installation.

• General troubleshooting steps

• Browser error: too many redirects
• Browser error: too many redirects when starting project apps
• Exception: exceptions.TypeError: ‘NoneType’ object has no attribute ‘__getitem__’
• Error: unix:////opt/wakari/wakari-server/etc/supervisor.sock no such file
• Error: “Data Center Not Found” when deleting a project
• Forgotten administrator password
• Log files being deleted
• Error: This socket is closed
• Service error 502: Cannot connect to the application manager
• 502 communication error on Amazon web services (AWS)
• Invalid username
• Notebook Error: Cannot download notebook as PDF via LaTeX
• Unresponsive wk-server thread without error messages
• Unresponsive wk-gateway thread without error messages

3.1. Anaconda Enterprise 4 349

Anaconda Documentation, Release 2.0

• Error starting projects

• Changes in .condarc file are ignored

General troubleshooting steps

1. Clear browser cookies. When you change the AEN configuration or upgrade AEN, cookies remaining in the
browser can cause issues. Clearing cookies and logging in again can help to resolve problems.
2. Make sure NGINX and MongoDB are running.
3. Make sure that AEN services are set to start at boot, on all nodes.
4. Make sure that services are running as expected. If any services are not running or are missing, restart them.
5. Check for and remove extraneous processes.
6. Check the connectivity between nodes.
7. Check the configuration file syntax.
8. Check file ownership.
9. Verify that POSIX ACLs are enabled.

Browser error: too many redirects

Cause

Browser cookies are out of date.

Solution

1. Log out.
2. Clear the browser’s cookies.
3. Clear the browser cache.
4. Log in.

Browser error: too many redirects when starting project apps

Browser shows “Too many redirects” when the user tries to start an application.

Cause

The project’s Compute Resource is invalid or was deleted.

Solution

Move the project to a valid Compute Resource.

350 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Exception: exceptions.TypeError: ‘NoneType’ object has no attribute ‘__getitem__’

This exception appears on the Admin > Exceptions page when a project does not have a Compute Resource assigned.

Cause

The project’s Compute Resource is invalid or was deleted.

Solution

Move the project to a valid Compute Resource.

Error: unix:////opt/wakari/wakari-server/etc/supervisor.sock no such file

This is a supervisorctl error.

Cause

supervisord is not running on the Server.

Solution

Ensure that supervisord is included in the crontab. Then restart supervisord manually.

Error: “Data Center Not Found” when deleting a project

Cause

The data center has been removed.

Solution

As root, run:

/opt/wakari/wakari-server/bin/wk-server-admin remove-project --db-only <user>

˓→<project>

Forgotten administrator password

1. Use ssh to log into the server as root.

2. Run:

/opt/wakari/wakari-server/bin/wk-server-admin reset-password -u SOME_USER -p SOME_

˓→PASSWORD

3.1. Anaconda Enterprise 4 351

Anaconda Documentation, Release 2.0

NOTE: Replace SOME_USER with the administrator username and SOME_PASSWORD with the password.
3. Log into AEN as the administrator user with the new password.
Alternatively you may add an administrator user:
1. Use ssh to log into the server as root.
2. Run:

/opt/wakari/wakari-server/bin/wk-server-admin add-user SOME_USER --admin -p SOME_

˓→PASSWORD -e YOUR_EMAIL

NOTE: Replace SOME_USER with the username, replace SOME_PASSWORD with the password, and replace
YOUR_EMAIL with your email address.
3. Log into AEN as the administrator user with the new password.

Log files being deleted

Log files are being deleted.

NOTE: Locations of AEN log files for each process and application are shown in the node sections in Concepts.

Cause

AEN installers log into /tmp/wakari\_{server,gateway,compute}.log. If the log files grow too large,
they might be deleted.

Solution

To set the logs to be more or less verbose, Jupyter Notebooks uses Application.log_level.
To make the logs less verbose than the default, but still informative, set Application.log_level to ERROR.

Error: This socket is closed

You receive the “This socket is closed” error message when you try to start an application.

Cause

When the supervisord process is killed, information sent to the standard output stdout and the standard error
stderr is held in a pipe that will eventually fill up.
Once full, attempting to start any application will cause the “This socket is closed” error.

Solution

To prevent this issue:

• Follow the instructions in Managing services to stop and restart processes.
• Do not stop or kill supervisord without first stopping wk-compute and any other processes that use it.

352 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

To resolve the “This socket is closed” error:

1. Stop wk-compute by running sudo kill -9.
2. Restart the supervisord and wk-compute processes:

sudo /etc/init.d/wakari-compute stop

sudo /etc/init.d/wakari-compute start

Service error 502: Cannot connect to the application manager

Gateway node displays “Service Error 502: Can not connect to the application manager.”

Cause

A compute node is not responding because the wk-compute process has stopped.

Solution

Stop and then restart the supervisord and wk-compute processes:

sudo /etc/init.d/wakari-compute stop

sudo /etc/init.d/wakari-compute start

502 communication error on Amazon web services (AWS)

You receive the “502 Communication Error: This gateway could not communicate with the Wakari server” error
message.

Cause

An AEN gateway cannot communicate with the Wakari server on AWS. There may be an issue with the IP address of
the Wakari server.

Solution

Configure your AEN gateway to use the DNS hostname of the server. On AWS this is the DNS hostname of the
Amazon Elastic Compute Cloud (EC2) instance.

Invalid username

Cause

The username does not follow 1 or more of these rules:

• Must be at least 3 characters and no more than 25 characters.
• The first character must be a letter (A-Z) or a digit (0-9).

3.1. Anaconda Enterprise 4 353

Anaconda Documentation, Release 2.0

• Other characters can be a letter, digit, period (.), underscore (_) or hyphen (-).
• The POSIX standard specifies that these characters are the portable filename character set, and that portable
usernames have the same character set.

Solution

Follow the above rules for usernames.

Notebook Error: Cannot download notebook as PDF via LaTeX

Cause

LaTeX is not properly installed.

CentOS/6 Solution

1. Install TeXLive from the TUG site. Follow the described steps. The installation may take some time.
2. Add the installation to the PATH in the file /etc/profile.d/latex.sh. Add the following, replacing the
year and architecture as needed:
PATH=/usr/local/texlive/2017/bin/x86_64-linux:$PATH

3. Restart the compute node.

CentOS/7 Solution

1. Install the missing packages running the command:

yum install texlive texlive-xetex texlive-xetexconfig texlive-xetex-def texlive-
˓→adjustbox texlive-upquote texlive-ulem

Unresponsive wk-server thread without error messages

Cause

Two things can cause the wk-server thread to freeze without error messages:
• LDAP freezing
• MongoDB freezing
If LDAP or MongoDB are configured with a long timeout, Gunicorn can time out first and kill the LDAP or MongoDB
process. Then the LDAP or MongoDB process dies without logging a timeout error.

Solution

1. Check for frozen LDAP or MongoDB server processes.

2. You may also wish to configure the Gunicorn timeout to more than 30 seconds.

354 Chapter 3. Anaconda Cloud

 Anaconda Documentation, Release 2.0

Unresponsive wk-gateway thread without error messages

Cause

If TLS is configured with a passphrase protected private key, wk-gateway will freeze without any error messages.

Solution

Update the TLS configuration so that it does not use a passphrase protected private key.

Error starting projects

Project’s status page shows “There was an error starting this project”.

Cause

Lack of disk space in compute nodes prevents projects from starting.

Solution

1. Verify that the project node meets the system requirements.

2. Check if there is enough free space on the compute node’s partition where /projects lives:

df -h /projects

3. Free up some disk space to meet the system requirements.

4. Restart the project.

Changes in .condarc file are ignored

Changes applied to .condarc are ignored by conda.

Cause