X-Git-Url: https://git.arvados.org/arvados-formula.git/blobdiff_plain/250bd933ee9caf3a29f0e6dc3bab130a670d99e5..b6fcdedd0d3233a0d1bc8b82be44090002b6e7df:/pillar.example diff --git a/pillar.example b/pillar.example index 3fc4b8b..78676f1 100644 --- a/pillar.example +++ b/pillar.example @@ -1,6 +1,10 @@ # -*- coding: utf-8 -*- # vim: ft=yaml --- +# Copyright (C) The Arvados Authors. All rights reserved. +# +# SPDX-License-Identifier: Apache-2.0 + # The variables commented out are the default values that the formula uses. # The uncommented values are REQUIRED values. If you don't set them, running # this formula will fail. @@ -8,23 +12,23 @@ arvados: ### GENERAL CONFIG # version: '2.1.0' # release: production - ## It makes little sense to disable this flag, but you can, if you want :) + ### It makes little sense to disable this flag, but you can, if you want :) # use_upstream_repo: true - ## Repo URL is built with grains values. If desired, it can be completely - ## overwritten with the pillar parameter 'repo_url' + ### Repo URL is built with grains values. If desired, it can be completely + ### overwritten with the pillar parameter 'repo_url' # repo: # humanname: Arvados Official Repository - ## IMPORTANT!!!!! - ## api, workbench and shell require some gems, so you need to make sure ruby - ## and deps are installed in order to install and compile the gems. - ## We default to `false` in these two variables as it's expected you already - ## manage OS packages with some other tool and you don't want us messing up - ## with your setup. + # IMPORTANT!!!!! + # api, workbench and shell require some gems, so you need to make sure ruby + # and deps are installed in order to install and compile the gems. + # We default to `false` in these two variables as it's expected you already + # manage OS packages with some other tool and you don't want us messing up + # with your setup. ruby: - ## We set these to `true` here for testing purposes. - ## They both default to `false`. + # We set these to `true` here for testing purposes. + # They both default to `false`. manage_ruby: true use_rvm: false # If you want to use rvm. Defaults to true for centos-7 # pkg: ruby # Can specify a version like ruby-2.5.7 for rvm @@ -47,11 +51,26 @@ arvados: # config: # file: /etc/arvados/config.yml # user: root - ## IMPORTANT!!!!! - ## If you're intalling any of the rails apps (api, workbench), the group - ## should be set to that of the web server, usually `www-data` + ### IMPORTANT!!!!! + ### If you're installing any of the rails apps (api, workbench), the group + ### should be set to that of the web server, usually `www-data` # group: root # mode: 640 + # + ### This is the command run to verify the configuration is correct before + ### deploying it. By default it uses `-strict=true`, so it will error on + ### warnings (ie, unknown/deprecated parameters) + # + # check_command: /usr/bin/arvados-server config-check -config + # + ### To fail only on errors, you can use + # + # check_command: /usr/bin/arvados-server config-check -strict=false -config + # + ### and to disable configuration checking (not recommended), just set it to + ### any command that returns true + # + # check_command: /bin/true ### ARVADOS CLUSTER CONFIG cluster: @@ -65,14 +84,12 @@ arvados: host: 127.0.0.1 password: changeme_arvados user: arvados - encoding: en_US.utf8 - client_encoding: UTF8 # You can pass extra database connections parameters here, # which will be rendered as yaml. # extra_conn_params: - # sslmode: prefer - # verify-ca: false - + # sslmode: prefer + # verify-ca: false + # client_encoding: UTF8 tls: # certificate: '' @@ -82,23 +99,52 @@ arvados: ### TOKENS tokens: - system_root: changeme_system_root_token - management: changeme_management_token - rails_secret: changeme_rails_secret_token - anonymous_user: changeme_anonymous_user_token + # Secrets and tokens have to be +32 alphanumeric, + # it does not accept underscores or special characters. + # See https://dev.arvados.org/issues/17150 + system_root: systemroottokenmushaveatleast32characters + management: managementtokenmushaveatleast32characters + # The AnonymousUserToken can be set here or in the + # Users dictionary below. The latter will be used if set. + anonymous_user: anonymoususertokenmushaveatleast32characters ### KEYS secrets: - blob_signing_key: changeme_blob_signing_key - workbench_secret_key: changeme_workbench_secret_key - dispatcher_access_key: changeme_dispatcher_access_key - dispatcher_secret_key: changeme_dispatcher_secret_key - keep_access_key: changeme_keep_access_key - keep_secret_key: changeme_keep_secret_key + blob_signing_key: blobsigningkeymushaveatleast32characters + workbench_secret_key: workbenchsecretkeymushaveatleast32characters + dispatcher_access_key: changemedispatcheraccesskey + dispatcher_secret_key: changemedispatchersecretkey + keep_access_key: changemekeepaccesskey + keep_secret_key: changemekeepsecretkey + + ### ARVADOS RESOURCES + # This dict allows you to create various resources in the Arvados + # database so they're ready to use. + # Check the `arvados.api.resources.* states to see which can be + # currently managed - AuditLogs: - Section_to_ignore: - - some_random_value + ### SHELL / WEBSHELL REGISTRATION + # In order to use shell nodes via webshell, Arvados needs to know of + # their existence and they need to be configured as upstreams in nginx + # (see https://doc.arvados.org/v2.0/install/install-webshell.html) + # This could be achieved in various ways (ie, through salt mine if you + # want them to be dinamically created), but that's outside the scope of + # this formula. The following dict is just an example that will be used + # by the `arvados.api.resources.virtual_machines` state to add entries + # in Arvados' database of the cluster's resources' + # It's additionally used in the `test/salt/pillar/examples/nginx_webshell_configuration.sls` + # pillar to add the corresponding `location` entries in nginx's webshell vhosts & upstreams + resources: + virtual_machines: + shell1: + name: webshell1 # if not set, will match the one of the dict key above + backend: 1.2.3.4 # upstream host ip/name that has the shell role + port: 4200 # port where shellinabox is listening + # when no other parameter is set: + # `name` will match the name of the key + # backend` will match `name` + # `port` will default to shellinabox's 4200 + webshell2: {} ### VOLUMES ## This should usually match all your `keepstore` instances @@ -176,6 +222,9 @@ arvados: # controller: # pkg: # name: arvados-controller +# gem: +# name: +# - arvados-cli # service: # name: arvados-controller # port: 8003 @@ -211,20 +260,12 @@ arvados: # service: # name: keepstore # port: 25107 -# #### GIT-HTTPD -# githttpd: -# pkg: -# name: arvados-git-httpd -# service: -# name: arvados-git-httpd -# port: 9001 # #### SHELL # shell: # pkg: # name: # - arvados-client # - arvados-src -# - libpam-arvados-go # - python3-arvados-fuse # - python3-arvados-python-client # - python3-arvados-cwl-runner @@ -237,8 +278,6 @@ arvados: # service: # name: shellinabox # port: 4200 -# libpam_arvados: -# config: /etc/pam.d/arvados # #### WORKBENCH # workbench: # pkg: @@ -258,13 +297,6 @@ arvados: # service: # name: arvados-ws # port: 8005 -# #### SSO -# sso: -# pkg: -# name: arvados-sso -# service: -# name: arvados-sso -# port: 8900 # ## SALTSTACK FORMULAS TOFS configuration # https://template-formula.readthedocs.io/en/latest/TOFS_pattern.html