X-Git-Url: https://git.arvados.org/arvados-formula.git/blobdiff_plain/cbabd4188c1200866ef7ac01e1ab57a58b8775bc..e709a10b07c7039c3878adc5d3bcc0ff5a752191:/pillar.example diff --git a/pillar.example b/pillar.example index 96f3b5f..78676f1 100644 --- a/pillar.example +++ b/pillar.example @@ -1,57 +1,329 @@ # -*- coding: utf-8 -*- # vim: ft=yaml --- +# Copyright (C) The Arvados Authors. All rights reserved. +# +# SPDX-License-Identifier: Apache-2.0 + +# The variables commented out are the default values that the formula uses. +# The uncommented values are REQUIRED values. If you don't set them, running +# this formula will fail. arvados: - lookup: - master: template-master - # Just for testing purposes - winner: lookup - added_in_lookup: lookup_value - - # Using bash package and udev service as an example. This allows us to - # test the template formula itself. You should set these parameters to - # examples that make sense in the contexto of the formula you're writing. - pkg: - name: bash - service: - name: systemd-journald - config: /etc/template-formula.conf - - tofs: - # The files_switch key serves as a selector for alternative - # directories under the formula files directory. See TOFS pattern - # doc for more info. - # Note: Any value not evaluated by `config.get` will be used literally. - # This can be used to set custom paths, as many levels deep as required. - files_switch: - - any/path/can/be/used/here - - id - - roles - - osfinger - - os - - os_family - # All aspects of path/file resolution are customisable using the options below. - # This is unnecessary in most cases; there are sensible defaults. - # Default path: salt://< path_prefix >/< dirs.files >/< dirs.default > - # I.e.: salt://arvados/files/default - # path_prefix: template_alt - # dirs: - # files: files_alt - # default: default_alt - # The entries under `source_files` are prepended to the default source files - # given for the state - # source_files: - # arvados-config-file-file-managed: - # - 'example_alt.tmpl' - # - 'example_alt.tmpl.jinja' - - # For testing purposes - source_files: - arvados-config-file-file-managed: - - 'example.tmpl.jinja' - arvados-subcomponent-config-file-file-managed: - - 'subcomponent-example.tmpl.jinja' - - # Just for testing purposes - winner: pillar - added_in_pillar: pillar_value + ### GENERAL CONFIG + # version: '2.1.0' + # release: production + ### It makes little sense to disable this flag, but you can, if you want :) + # use_upstream_repo: true + + ### Repo URL is built with grains values. If desired, it can be completely + ### overwritten with the pillar parameter 'repo_url' + # repo: + # humanname: Arvados Official Repository + + # IMPORTANT!!!!! + # api, workbench and shell require some gems, so you need to make sure ruby + # and deps are installed in order to install and compile the gems. + # We default to `false` in these two variables as it's expected you already + # manage OS packages with some other tool and you don't want us messing up + # with your setup. + ruby: + # We set these to `true` here for testing purposes. + # They both default to `false`. + manage_ruby: true + use_rvm: false # If you want to use rvm. Defaults to true for centos-7 + # pkg: ruby # Can specify a version like ruby-2.5.7 for rvm + manage_gems_deps: true + # gems_deps: + # - curl + # - g++ + # - gcc + # - git + # - libcurl4 + # - libcurl4-gnutls-dev + # - libpq-dev + # - libxml2 + # - libxml2-dev + # - make + # - python3-dev + # - ruby-dev + # - zlib1g-dev + + # config: + # file: /etc/arvados/config.yml + # user: root + ### IMPORTANT!!!!! + ### If you're installing any of the rails apps (api, workbench), the group + ### should be set to that of the web server, usually `www-data` + # group: root + # mode: 640 + # + ### This is the command run to verify the configuration is correct before + ### deploying it. By default it uses `-strict=true`, so it will error on + ### warnings (ie, unknown/deprecated parameters) + # + # check_command: /usr/bin/arvados-server config-check -config + # + ### To fail only on errors, you can use + # + # check_command: /usr/bin/arvados-server config-check -strict=false -config + # + ### and to disable configuration checking (not recommended), just set it to + ### any command that returns true + # + # check_command: /bin/true + + ### ARVADOS CLUSTER CONFIG + cluster: + name: fixme + domain: example.net + + database: + # max concurrent connections per arvados server daemon + # connection_pool_max: 32 + name: arvados + host: 127.0.0.1 + password: changeme_arvados + user: arvados + # You can pass extra database connections parameters here, + # which will be rendered as yaml. + # extra_conn_params: + # sslmode: prefer + # verify-ca: false + # client_encoding: UTF8 + + tls: + # certificate: '' + # key: '' + # required to test with snakeoil certs + insecure: true + + ### TOKENS + tokens: + # Secrets and tokens have to be +32 alphanumeric, + # it does not accept underscores or special characters. + # See https://dev.arvados.org/issues/17150 + system_root: systemroottokenmushaveatleast32characters + management: managementtokenmushaveatleast32characters + # The AnonymousUserToken can be set here or in the + # Users dictionary below. The latter will be used if set. + anonymous_user: anonymoususertokenmushaveatleast32characters + + ### KEYS + secrets: + blob_signing_key: blobsigningkeymushaveatleast32characters + workbench_secret_key: workbenchsecretkeymushaveatleast32characters + dispatcher_access_key: changemedispatcheraccesskey + dispatcher_secret_key: changemedispatchersecretkey + keep_access_key: changemekeepaccesskey + keep_secret_key: changemekeepsecretkey + + ### ARVADOS RESOURCES + # This dict allows you to create various resources in the Arvados + # database so they're ready to use. + # Check the `arvados.api.resources.* states to see which can be + # currently managed + + ### SHELL / WEBSHELL REGISTRATION + # In order to use shell nodes via webshell, Arvados needs to know of + # their existence and they need to be configured as upstreams in nginx + # (see https://doc.arvados.org/v2.0/install/install-webshell.html) + # This could be achieved in various ways (ie, through salt mine if you + # want them to be dinamically created), but that's outside the scope of + # this formula. The following dict is just an example that will be used + # by the `arvados.api.resources.virtual_machines` state to add entries + # in Arvados' database of the cluster's resources' + # It's additionally used in the `test/salt/pillar/examples/nginx_webshell_configuration.sls` + # pillar to add the corresponding `location` entries in nginx's webshell vhosts & upstreams + resources: + virtual_machines: + shell1: + name: webshell1 # if not set, will match the one of the dict key above + backend: 1.2.3.4 # upstream host ip/name that has the shell role + port: 4200 # port where shellinabox is listening + # when no other parameter is set: + # `name` will match the name of the key + # backend` will match `name` + # `port` will default to shellinabox's 4200 + webshell2: {} + + ### VOLUMES + ## This should usually match all your `keepstore` instances + Volumes: + # the volume name will be composed with + # -nyw5e- + fixme-nyw5e-000000000000000: + AccessViaHosts: + http://keep0.fixme.example.net:25107: + ReadOnly: false + Replication: 2 + Driver: Directory + DriverParameters: + Root: /tmp + + Users: + NewUsersAreActive: true + AutoAdminFirstUser: true + AutoSetupNewUsers: true + AutoSetupNewUsersWithRepository: true + + Services: + Controller: + ExternalURL: https://fixme.example.net + InternalURLs: + http://localhost:8003: {} + DispatchCloud: + InternalURLs: + http://fixme.example.net:9006: {} + Keepbalance: + InternalURLs: + http://fixme.example.net:9005: {} + Keepproxy: + ExternalURL: https://keep.fixme.example.net + InternalURLs: + http://localhost:25100: {} + Keepstore: + InternalURLs: + http://keep0.fixme.example.net:25107: {} + RailsAPI: + InternalURLs: + http://localhost:8004: {} + WebDAV: + ExternalURL: https://collections.fixme.example.net + InternalURLs: + http://localhost:9002: {} + WebDAVDownload: + ExternalURL: https://download.fixme.example.net + WebShell: + ExternalURL: https://webshell.fixme.example.net + Websocket: + ExternalURL: wss://ws.fixme.example.net/websocket + InternalURLs: + http://localhost:8005: {} + Workbench1: + ExternalURL: https://workbench.fixme.example.net + Workbench2: + ExternalURL: https://workbench2.fixme.example.net + +# ### THESE ARE THE PACKAGES AND DAEMONS BASIC CONFIGS +# #### API +# api: +# pkg: +# name: +# - arvados-api-server +# - arvados-dispatch-cloud +# gem: +# name: +# - arvados-cli +# service: +# name: +# - nginx +# port: 8004 +# #### CONTROLLER +# controller: +# pkg: +# name: arvados-controller +# gem: +# name: +# - arvados-cli +# service: +# name: arvados-controller +# port: 8003 +# #### DISPATCHER +# dispatcher: +# pkg: +# name: +# - crunch-dispatch-local +# # - arvados-dispatch-cloud +# # - crunch-dispatch-slurm +# service: +# name: crunch-dispatch-local +# port: 9006 +# #### KEEPPROXY +# keepproxy: +# pkg: +# name: keepproxy +# service: +# name: keepproxy +# port: 25107 +# #### KEEPWEB +# keepweb: +# pkg: +# name: keep-web +# service: +# name: keep-web +# # webdav +# port: 9002 +# #### KEEPSTORE +# keepstore: +# pkg: +# name: keepstore +# service: +# name: keepstore +# port: 25107 +# #### SHELL +# shell: +# pkg: +# name: +# - arvados-client +# - arvados-src +# - python3-arvados-fuse +# - python3-arvados-python-client +# - python3-arvados-cwl-runner +# gem: +# name: +# - arvados-cli +# - arvados-login-sync +# shellinabox: +# config: /etc/default/shellinabox +# service: +# name: shellinabox +# port: 4200 +# #### WORKBENCH +# workbench: +# pkg: +# name: arvados-workbench +# service: +# name: nginx +# #### WORKBENCH2 +# workbench2: +# pkg: +# name: arvados-workbench2 +# service: +# name: nginx +# #### WEBSOCKET +# websocket: +# pkg: +# name: arvados-ws +# service: +# name: arvados-ws +# port: 8005 + +# ## SALTSTACK FORMULAS TOFS configuration +# https://template-formula.readthedocs.io/en/latest/TOFS_pattern.html +# tofs: +# # The files_switch key serves as a selector for alternative +# # directories under the formula files directory. See TOFS pattern +# # doc for more info. +# # Note: Any value not evaluated by `config.get` will be used literally. +# # This can be used to set custom paths, as many levels deep as required. +# files_switch: +# - any/path/can/be/used/here +# - id +# - roles +# - osfinger +# - os +# - os_family +# # All aspects of path/file resolution are customisable using the options below. +# # This is unnecessary in most cases; there are sensible defaults. +# # Default path: salt://< path_prefix >/< dirs.files >/< dirs.default > +# # I.e.: salt://arvados/files/default +# # path_prefix: template_alt +# # dirs: +# # files: files_alt +# # default: default_alt +# # The entries under `source_files` are prepended to the default source files +# # given for the state +# # source_files: +# # arvados-config-file-file-managed: +# # - 'example_alt.tmpl' +# # - 'example_alt.tmpl.jinja'