# -*- coding: utf-8 -*-
# vim: ft=yaml
---
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+
# The variables commented out are the default values that the formula uses.
# The uncommented values are REQUIRED values. If you don't set them, running
# this formula will fail.
### GENERAL CONFIG
# version: '2.1.0'
# release: production
- ## It makes little sense to disable this flag, but you can, if you want :)
+ ### It makes little sense to disable this flag, but you can, if you want :)
# use_upstream_repo: true
- ## Repo URL is built with grains values. If desired, it can be completely
- ## overwritten with the pillar parameter 'repo_url'
+ ### Repo URL is built with grains values. If desired, it can be completely
+ ### overwritten with the pillar parameter 'repo_url'
# repo:
# humanname: Arvados Official Repository
- ## IMPORTANT!!!!!
- ## api, workbench and shell require some gems, so you need to make sure ruby
- ## and deps are installed in order to install and compile the gems.
- ## We default to `false` in these two variables as it's expected you already
- ## manage OS packages with some other tool and you don't want us messing up
- ## with your setup.
+ # IMPORTANT!!!!!
+ # api, workbench and shell require some gems, so you need to make sure ruby
+ # and deps are installed in order to install and compile the gems.
+ # We default to `false` in these two variables as it's expected you already
+ # manage OS packages with some other tool and you don't want us messing up
+ # with your setup.
ruby:
- ## We set these to `true` here for testing purposes.
- ## They both default to `false`.
+ # We set these to `true` here for testing purposes.
+ # They both default to `false`.
manage_ruby: true
use_rvm: false # If you want to use rvm. Defaults to true for centos-7
# pkg: ruby # Can specify a version like ruby-2.5.7 for rvm
# config:
# file: /etc/arvados/config.yml
# user: root
- ## IMPORTANT!!!!!
- ## If you're intalling any of the rails apps (api, workbench), the group
- ## should be set to that of the web server, usually `www-data`
+ ### IMPORTANT!!!!!
+ ### If you're installing any of the rails apps (api, workbench), the group
+ ### should be set to that of the web server, usually `www-data`
# group: root
# mode: 640
+ #
+ ### This is the command run to verify the configuration is correct before
+ ### deploying it. By default it uses `-strict=true`, so it will error on
+ ### warnings (ie, unknown/deprecated parameters)
+ #
+ # check_command: /usr/bin/arvados-server config-check -config
+ #
+ ### To fail only on errors, you can use
+ #
+ # check_command: /usr/bin/arvados-server config-check -strict=false -config
+ #
+ ### and to disable configuration checking (not recommended), just set it to
+ ### any command that returns true
+ #
+ # check_command: /bin/true
### ARVADOS CLUSTER CONFIG
cluster:
host: 127.0.0.1
password: changeme_arvados
user: arvados
- encoding: en_US.utf8
- client_encoding: UTF8
# You can pass extra database connections parameters here,
# which will be rendered as yaml.
# extra_conn_params:
- # sslmode: prefer
- # verify-ca: false
-
+ # sslmode: prefer
+ # verify-ca: false
+ # client_encoding: UTF8
tls:
# certificate: ''
### TOKENS
tokens:
- system_root: changeme_system_root_token
- management: changeme_management_token
- rails_secret: changeme_rails_secret_token
- anonymous_user: changeme_anonymous_user_token
+ # Secrets and tokens have to be +32 alphanumeric,
+ # it does not accept underscores or special characters.
+ # See https://dev.arvados.org/issues/17150
+ system_root: systemroottokenmushaveatleast32characters
+ management: managementtokenmushaveatleast32characters
+ # The AnonymousUserToken can be set here or in the
+ # Users dictionary below. The latter will be used if set.
+ anonymous_user: anonymoususertokenmushaveatleast32characters
### KEYS
secrets:
- blob_signing_key: changeme_blob_signing_key
- workbench_secret_key: changeme_workbench_secret_key
- dispatcher_access_key: changeme_dispatcher_access_key
- dispatcher_secret_key: changeme_dispatcher_secret_key
- keep_access_key: changeme_keep_access_key
- keep_secret_key: changeme_keep_secret_key
+ blob_signing_key: blobsigningkeymushaveatleast32characters
+ workbench_secret_key: workbenchsecretkeymushaveatleast32characters
+ dispatcher_access_key: changemedispatcheraccesskey
+ dispatcher_secret_key: changemedispatchersecretkey
+ keep_access_key: changemekeepaccesskey
+ keep_secret_key: changemekeepsecretkey
- AuditLogs:
- Section_to_ignore:
- - some_random_value
+ ### ARVADOS RESOURCES
+ # This dict allows you to create various resources in the Arvados
+ # database so they're ready to use.
+ # Check the `arvados.api.resources.* states to see which can be
+ # currently managed
+
+ ### SHELL / WEBSHELL REGISTRATION
+ # In order to use shell nodes via webshell, Arvados needs to know of
+ # their existence and they need to be configured as upstreams in nginx
+ # (see https://doc.arvados.org/v2.0/install/install-webshell.html)
+ # This could be achieved in various ways (ie, through salt mine if you
+ # want them to be dinamically created), but that's outside the scope of
+ # this formula. The following dict is just an example that will be used
+ # by the `arvados.api.resources.virtual_machines` state to add entries
+ # in Arvados' database of the cluster's resources'
+ # It's additionally used in the `test/salt/pillar/examples/nginx_webshell_configuration.sls`
+ # pillar to add the corresponding `location` entries in nginx's webshell vhosts & upstreams
+ resources:
+ virtual_machines:
+ shell1:
+ name: webshell1 # if not set, will match the one of the dict key above
+ backend: 1.2.3.4 # upstream host ip/name that has the shell role
+ port: 4200 # port where shellinabox is listening
+ # when no other parameter is set:
+ # `name` will match the name of the key
+ # backend` will match `name`
+ # `port` will default to shellinabox's 4200
+ webshell2: {}
### VOLUMES
## This should usually match all your `keepstore` instances
# service:
# name: keepstore
# port: 25107
-# #### GIT-HTTPD
-# githttpd:
-# pkg:
-# name: arvados-git-httpd
-# service:
-# name: arvados-git-httpd
-# port: 9001
# #### SHELL
# shell:
# pkg:
# name:
# - arvados-client
# - arvados-src
-# - libpam-arvados-go
# - python3-arvados-fuse
# - python3-arvados-python-client
# - python3-arvados-cwl-runner
# service:
# name: shellinabox
# port: 4200
-# libpam_arvados:
-# config: /etc/pam.d/arvados
# #### WORKBENCH
# workbench:
# pkg:
# service:
# name: arvados-ws
# port: 8005
-# #### SSO
-# sso:
-# pkg:
-# name: arvados-sso
-# service:
-# name: arvados-sso
-# port: 8900
# ## SALTSTACK FORMULAS TOFS configuration
# https://template-formula.readthedocs.io/en/latest/TOFS_pattern.html