X-Git-Url: https://git.arvados.org/arvados-formula.git/blobdiff_plain/df42b08093c924e65da094864a0451b8b70a8258..777d2c8805938b1f12ee69acf317e373acfaa430:/pillar.example

diff --git a/pillar.example b/pillar.example
index 233b492..78676f1 100644
--- a/pillar.example
+++ b/pillar.example
@@ -1,6 +1,10 @@
 # -*- coding: utf-8 -*-
 # vim: ft=yaml
 ---
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+
 # The variables commented out are the default values that the formula uses.
 # The uncommented values are REQUIRED values. If you don't set them, running
 # this formula will fail.
@@ -8,23 +12,23 @@ arvados:
   ### GENERAL CONFIG
   # version: '2.1.0'
   # release: production
-  ## It makes little sense to disable this flag, but you can, if you want :)
+  ### It makes little sense to disable this flag, but you can, if you want :)
   # use_upstream_repo: true
 
-  ## Repo URL is built with grains values. If desired, it can be completely
-  ## overwritten with the pillar parameter 'repo_url'
+  ### Repo URL is built with grains values. If desired, it can be completely
+  ### overwritten with the pillar parameter 'repo_url'
   # repo:
   #   humanname: Arvados Official Repository
 
-  ## IMPORTANT!!!!!
-  ## api, workbench and shell require some gems, so you need to make sure ruby
-  ## and deps are installed in order to install and compile the gems.
-  ## We default to `false` in these two variables as it's expected you already
-  ## manage OS packages with some other tool and you don't want us messing up
-  ## with your setup.
+  # IMPORTANT!!!!!
+  # api, workbench and shell require some gems, so you need to make sure ruby
+  # and deps are installed in order to install and compile the gems.
+  # We default to `false` in these two variables as it's expected you already
+  # manage OS packages with some other tool and you don't want us messing up
+  # with your setup.
   ruby:
-    ## We set these to `true` here for testing purposes.
-    ## They both default to `false`.
+    # We set these to `true` here for testing purposes.
+    # They both default to `false`.
     manage_ruby: true
     use_rvm: false     # If you want to use rvm. Defaults to true for centos-7
     # pkg: ruby        # Can specify a version like ruby-2.5.7 for rvm
@@ -47,11 +51,26 @@ arvados:
   # config:
   #   file: /etc/arvados/config.yml
   #   user: root
-  ## IMPORTANT!!!!!
-  ## If you're intalling any of the rails apps (api, workbench), the group
-  ## should be set to that of the web server, usually `www-data`
+  ### IMPORTANT!!!!!
+  ### If you're installing any of the rails apps (api, workbench), the group
+  ### should be set to that of the web server, usually `www-data`
   #   group: root
   #   mode: 640
+  #
+  ### This is the command run to verify the configuration is correct before
+  ### deploying it. By default it uses `-strict=true`, so it will error on
+  ### warnings (ie, unknown/deprecated parameters)
+  #
+  #   check_command: /usr/bin/arvados-server config-check -config
+  #
+  ### To fail only on errors, you can use
+  #
+  #   check_command: /usr/bin/arvados-server config-check -strict=false -config
+  #
+  ### and to disable configuration checking (not recommended), just set it to
+  ### any command that returns true
+  #
+  #   check_command: /bin/true
 
   ### ARVADOS CLUSTER CONFIG
   cluster:
@@ -68,10 +87,9 @@ arvados:
       # You can pass extra database connections parameters here,
       # which will be rendered as yaml.
       # extra_conn_params:
-      #  sslmode: prefer
-      #  verify-ca: false
-      #  client_encoding: UTF8
-
+      #   sslmode: prefer
+      #   verify-ca: false
+      #   client_encoding: UTF8
 
     tls:
       # certificate: ''
@@ -84,22 +102,49 @@ arvados:
       # Secrets and tokens have to be +32 alphanumeric,
       # it does not accept underscores or special characters.
       # See https://dev.arvados.org/issues/17150
-      system_root: changemesystemroottoken
-      management: changememanagementtoken
-      anonymous_user: changemeanonymoususertoken
+      system_root: systemroottokenmushaveatleast32characters
+      management: managementtokenmushaveatleast32characters
+      # The AnonymousUserToken can be set here or in the
+      # Users dictionary below. The latter will be used if set.
+      anonymous_user: anonymoususertokenmushaveatleast32characters
 
     ### KEYS
     secrets:
-      blob_signing_key: changemeblobsigningkey
-      workbench_secret_key: changemeworkbenchsecretkey
+      blob_signing_key: blobsigningkeymushaveatleast32characters
+      workbench_secret_key: workbenchsecretkeymushaveatleast32characters
       dispatcher_access_key: changemedispatcheraccesskey
       dispatcher_secret_key: changemedispatchersecretkey
       keep_access_key: changemekeepaccesskey
       keep_secret_key: changemekeepsecretkey
 
-    AuditLogs:
-      Section_to_ignore:
-        - some_random_value
+    ### ARVADOS RESOURCES
+    # This dict allows you to create various resources in the Arvados
+    # database so they're ready to use.
+    # Check the `arvados.api.resources.* states to see which can be
+    # currently managed
+
+    ### SHELL / WEBSHELL REGISTRATION
+    # In order to use shell nodes via webshell, Arvados needs to know of
+    # their existence and they need to be configured as upstreams in nginx
+    # (see https://doc.arvados.org/v2.0/install/install-webshell.html)
+    # This could be achieved in various ways (ie, through salt mine if you
+    # want them to be dinamically created), but that's outside the scope of
+    # this formula. The following dict is just an example that will be used
+    # by the `arvados.api.resources.virtual_machines` state to add entries
+    # in Arvados' database of the cluster's resources'
+    # It's additionally used in the `test/salt/pillar/examples/nginx_webshell_configuration.sls`
+    # pillar to add the corresponding `location` entries in nginx's webshell vhosts & upstreams
+    resources:
+      virtual_machines:
+        shell1:
+          name: webshell1      # if not set, will match the one of the dict key above
+          backend: 1.2.3.4     # upstream host ip/name that has the shell role
+          port: 4200           # port where shellinabox is listening
+        # when no other parameter is set:
+        # `name` will match the name of the key
+        # backend` will match `name`
+        # `port` will default to shellinabox's 4200
+        webshell2: {}
 
     ### VOLUMES
     ## This should usually match all your `keepstore` instances
@@ -177,6 +222,9 @@ arvados:
 #   controller:
 #     pkg:
 #       name: arvados-controller
+#     gem:
+#       name:
+#         - arvados-cli
 #     service:
 #       name: arvados-controller
 #       port: 8003
@@ -212,20 +260,12 @@ arvados:
 #     service:
 #       name: keepstore
 #       port: 25107
-#  #### GIT-HTTPD
-#   githttpd:
-#     pkg:
-#       name: arvados-git-httpd
-#     service:
-#       name: arvados-git-httpd
-#       port: 9001
 #  #### SHELL
 #   shell:
 #     pkg:
 #       name:
 #         - arvados-client
 #         - arvados-src
-#         - libpam-arvados-go
 #         - python3-arvados-fuse
 #         - python3-arvados-python-client
 #         - python3-arvados-cwl-runner
@@ -238,8 +278,6 @@ arvados:
 #       service:
 #         name: shellinabox
 #         port: 4200
-#     libpam_arvados:
-#       config: /etc/pam.d/arvados
 #  #### WORKBENCH
 #   workbench:
 #     pkg:
@@ -259,13 +297,6 @@ arvados:
 #     service:
 #       name: arvados-ws
 #       port: 8005
-#  #### SSO
-#   sso:
-#     pkg:
-#       name: arvados-sso
-#     service:
-#       name: arvados-sso
-#       port: 8900
 
 #  ## SALTSTACK FORMULAS TOFS configuration
 #   https://template-formula.readthedocs.io/en/latest/TOFS_pattern.html