X-Git-Url: https://git.arvados.org/arvados-formula.git/blobdiff_plain/06050e0a5377d3d6a4c54c7f50fe53a06a07c837..629e09f34c9483e267e5b8b3f49942aec1b4729e:/pillar.example diff --git a/pillar.example b/pillar.example index c3f669d..78676f1 100644 --- a/pillar.example +++ b/pillar.example @@ -1,32 +1,38 @@ # -*- coding: utf-8 -*- # vim: ft=yaml --- +# Copyright (C) The Arvados Authors. All rights reserved. +# +# SPDX-License-Identifier: Apache-2.0 + # The variables commented out are the default values that the formula uses. # The uncommented values are REQUIRED values. If you don't set them, running # this formula will fail. arvados: ### GENERAL CONFIG - # version: '2.0.2' - ## It makes little sense to disable this flag, but you can, if you want :) + # version: '2.1.0' + # release: production + ### It makes little sense to disable this flag, but you can, if you want :) # use_upstream_repo: true - ## Repo URL is built with grains values. If desired, it can be completely - ## overwritten with the pillar parameter 'repo_url' + ### Repo URL is built with grains values. If desired, it can be completely + ### overwritten with the pillar parameter 'repo_url' # repo: # humanname: Arvados Official Repository - ## IMPORTANT!!!!! - ## api, workbench and shell require some gems, so you need to make sure ruby - ## and deps are installed in order to install and compile the gems. - ## We default to `false` in these two variables as it's expected you already - ## manage OS packages with some other tool and you don't want us messing up - ## with your setup. + # IMPORTANT!!!!! + # api, workbench and shell require some gems, so you need to make sure ruby + # and deps are installed in order to install and compile the gems. + # We default to `false` in these two variables as it's expected you already + # manage OS packages with some other tool and you don't want us messing up + # with your setup. ruby: - ## We set these to `true` here for testing purposes. - ## They both default to `false`. + # We set these to `true` here for testing purposes. + # They both default to `false`. manage_ruby: true + use_rvm: false # If you want to use rvm. Defaults to true for centos-7 + # pkg: ruby # Can specify a version like ruby-2.5.7 for rvm manage_gems_deps: true - # pkg: ruby # gems_deps: # - curl # - g++ @@ -38,18 +44,33 @@ arvados: # - libxml2 # - libxml2-dev # - make - # - python-dev + # - python3-dev # - ruby-dev # - zlib1g-dev # config: # file: /etc/arvados/config.yml # user: root - ## IMPORTANT!!!!! - ## If you're intalling any of the rails apps (api, workbench), the group - ## should be set to that of the web server, usually `www-data` + ### IMPORTANT!!!!! + ### If you're installing any of the rails apps (api, workbench), the group + ### should be set to that of the web server, usually `www-data` # group: root # mode: 640 + # + ### This is the command run to verify the configuration is correct before + ### deploying it. By default it uses `-strict=true`, so it will error on + ### warnings (ie, unknown/deprecated parameters) + # + # check_command: /usr/bin/arvados-server config-check -config + # + ### To fail only on errors, you can use + # + # check_command: /usr/bin/arvados-server config-check -strict=false -config + # + ### and to disable configuration checking (not recommended), just set it to + ### any command that returns true + # + # check_command: /bin/true ### ARVADOS CLUSTER CONFIG cluster: @@ -63,8 +84,12 @@ arvados: host: 127.0.0.1 password: changeme_arvados user: arvados - encoding: en_US.utf8 - client_encoding: UTF8 + # You can pass extra database connections parameters here, + # which will be rendered as yaml. + # extra_conn_params: + # sslmode: prefer + # verify-ca: false + # client_encoding: UTF8 tls: # certificate: '' @@ -74,37 +99,112 @@ arvados: ### TOKENS tokens: - system_root: changeme_system_root_token - management: changeme_management_token - rails_secret: changeme_rails_secret_token - anonymous_user: changeme_anonymous_user_token - provider_secret: changeme_provider_secret_token + # Secrets and tokens have to be +32 alphanumeric, + # it does not accept underscores or special characters. + # See https://dev.arvados.org/issues/17150 + system_root: systemroottokenmushaveatleast32characters + management: managementtokenmushaveatleast32characters + # The AnonymousUserToken can be set here or in the + # Users dictionary below. The latter will be used if set. + anonymous_user: anonymoususertokenmushaveatleast32characters ### KEYS secrets: - blob_signing_key: changeme_blob_signing_key - workbench_secret_key: changeme_workbench_secret_key - dispatcher_access_key: changeme_dispatcher_access_key - dispatcher_secret_key: changeme_dispatcher_secret_key - keep_access_key: changeme_keep_access_key - keep_secret_key: changeme_keep_secret_key + blob_signing_key: blobsigningkeymushaveatleast32characters + workbench_secret_key: workbenchsecretkeymushaveatleast32characters + dispatcher_access_key: changemedispatcheraccesskey + dispatcher_secret_key: changemedispatchersecretkey + keep_access_key: changemekeepaccesskey + keep_secret_key: changemekeepsecretkey + + ### ARVADOS RESOURCES + # This dict allows you to create various resources in the Arvados + # database so they're ready to use. + # Check the `arvados.api.resources.* states to see which can be + # currently managed + + ### SHELL / WEBSHELL REGISTRATION + # In order to use shell nodes via webshell, Arvados needs to know of + # their existence and they need to be configured as upstreams in nginx + # (see https://doc.arvados.org/v2.0/install/install-webshell.html) + # This could be achieved in various ways (ie, through salt mine if you + # want them to be dinamically created), but that's outside the scope of + # this formula. The following dict is just an example that will be used + # by the `arvados.api.resources.virtual_machines` state to add entries + # in Arvados' database of the cluster's resources' + # It's additionally used in the `test/salt/pillar/examples/nginx_webshell_configuration.sls` + # pillar to add the corresponding `location` entries in nginx's webshell vhosts & upstreams + resources: + virtual_machines: + shell1: + name: webshell1 # if not set, will match the one of the dict key above + backend: 1.2.3.4 # upstream host ip/name that has the shell role + port: 4200 # port where shellinabox is listening + # when no other parameter is set: + # `name` will match the name of the key + # backend` will match `name` + # `port` will default to shellinabox's 4200 + webshell2: {} ### VOLUMES ## This should usually match all your `keepstore` instances - volumes: - volume_one: - # the volume name will be composed with - # -nyw5e- - cluster: fixme - volume_id: '000000000000000' - access_via_hosts: - "http://keep0.example.net:25107/": {} - replication: 2 - driver: Directory - driver_parameters: + Volumes: + # the volume name will be composed with + # -nyw5e- + fixme-nyw5e-000000000000000: + AccessViaHosts: + http://keep0.fixme.example.net:25107: + ReadOnly: false + Replication: 2 + Driver: Directory + DriverParameters: Root: /tmp -# ## SERVICES + Users: + NewUsersAreActive: true + AutoAdminFirstUser: true + AutoSetupNewUsers: true + AutoSetupNewUsersWithRepository: true + + Services: + Controller: + ExternalURL: https://fixme.example.net + InternalURLs: + http://localhost:8003: {} + DispatchCloud: + InternalURLs: + http://fixme.example.net:9006: {} + Keepbalance: + InternalURLs: + http://fixme.example.net:9005: {} + Keepproxy: + ExternalURL: https://keep.fixme.example.net + InternalURLs: + http://localhost:25100: {} + Keepstore: + InternalURLs: + http://keep0.fixme.example.net:25107: {} + RailsAPI: + InternalURLs: + http://localhost:8004: {} + WebDAV: + ExternalURL: https://collections.fixme.example.net + InternalURLs: + http://localhost:9002: {} + WebDAVDownload: + ExternalURL: https://download.fixme.example.net + WebShell: + ExternalURL: https://webshell.fixme.example.net + Websocket: + ExternalURL: wss://ws.fixme.example.net/websocket + InternalURLs: + http://localhost:8005: {} + Workbench1: + ExternalURL: https://workbench.fixme.example.net + Workbench2: + ExternalURL: https://workbench2.fixme.example.net + +# ### THESE ARE THE PACKAGES AND DAEMONS BASIC CONFIGS # #### API # api: # pkg: @@ -122,6 +222,9 @@ arvados: # controller: # pkg: # name: arvados-controller +# gem: +# name: +# - arvados-cli # service: # name: arvados-controller # port: 8003 @@ -157,27 +260,24 @@ arvados: # service: # name: keepstore # port: 25107 -# #### GIT-HTTPD -# githttpd: -# pkg: -# name: arvados-git-httpd -# service: -# name: arvados-git-httpd -# port: 9001 # #### SHELL # shell: # pkg: # name: # - arvados-client # - arvados-src -# - libpam-arvados -# - python-arvados-fuse -# - python-arvados-python-client +# - python3-arvados-fuse +# - python3-arvados-python-client # - python3-arvados-cwl-runner # gem: # name: # - arvados-cli # - arvados-login-sync +# shellinabox: +# config: /etc/default/shellinabox +# service: +# name: shellinabox +# port: 4200 # #### WORKBENCH # workbench: # pkg: @@ -197,13 +297,6 @@ arvados: # service: # name: arvados-ws # port: 8005 -# #### SSO -# sso: -# pkg: -# name: arvados-sso -# service: -# name: arvados-sso -# port: 8900 # ## SALTSTACK FORMULAS TOFS configuration # https://template-formula.readthedocs.io/en/latest/TOFS_pattern.html