projects / arvados.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge branch '21666-provision-test-improvement'
[arvados.git] / services / api / config / arvados_config.rb
1 # Copyright (C) The Arvados Authors. All rights reserved.
2 #
3 # SPDX-License-Identifier: AGPL-3.0
4
5 #
6 # Load Arvados configuration from /etc/arvados/config.yml, using defaults
7 # from config.default.yml
8 #
9 # Existing application.yml is migrated into the new config structure.
10 # Keys in the legacy application.yml take precedence.
11 #
12 # Use "bundle exec config:dump" to get the complete active configuration
13 #
14 # Use "bundle exec config:migrate" to migrate application.yml and
15 # database.yml to config.yml.  After adding the output of
16 # config:migrate to /etc/arvados/config.yml, you will be able to
17 # delete application.yml and database.yml.
18
19 require "cgi"
20 require 'config_loader'
21 require 'open3'
22
23 begin
24   # If secret_token.rb exists here, we need to load it first.
25   require_relative 'secret_token.rb'
26 rescue LoadError
27   # Normally secret_token.rb is missing and the secret token is
28   # configured by application.yml (i.e., here!) instead.
29 end
30
31 # Load the defaults, used by config:migrate and fallback loading
32 # legacy application.yml
33 load_time = Time.now.utc
34 defaultYAML, stderr, status = Open3.capture3("arvados-server", "config-dump", "-config=-", "-skip-legacy", stdin_data: "Clusters: {xxxxx: {}}")
35 if !status.success?
36   puts stderr
37   raise "error loading config: #{status}"
38 end
39 confs = YAML.safe_load(defaultYAML)
40 clusterID, clusterConfig = confs["Clusters"].first
41 $arvados_config_defaults = clusterConfig
42 $arvados_config_defaults["ClusterID"] = clusterID
43 $arvados_config_defaults["SourceTimestamp"] = Time.rfc3339(confs["SourceTimestamp"])
44 $arvados_config_defaults["SourceSHA256"] = confs["SourceSHA256"]
45
46 if ENV["ARVADOS_CONFIG"] == "none"
47   # Don't load config. This magic value is set by packaging scripts so
48   # they can run "rake assets:precompile" without a real config.
49   $arvados_config_global = $arvados_config_defaults.deep_dup
50 else
51   # Load the global config file
52   Open3.popen2("arvados-server", "config-dump", "-skip-legacy") do |stdin, stdout, status_thread|
53     confs = YAML.safe_load(stdout)
54     if confs && !confs.empty?
55       # config-dump merges defaults with user configuration, so every
56       # key should be set.
57       clusterID, clusterConfig = confs["Clusters"].first
58       $arvados_config_global = clusterConfig
59       $arvados_config_global["ClusterID"] = clusterID
60       $arvados_config_global["SourceTimestamp"] = Time.rfc3339(confs["SourceTimestamp"])
61       $arvados_config_global["SourceSHA256"] = confs["SourceSHA256"]
62     else
63       # config-dump failed, assume we will be loading from legacy
64       # application.yml, initialize with defaults.
65       $arvados_config_global = $arvados_config_defaults.deep_dup
66     end
67   end
68 end
69
70 # Now make a copy
71 $arvados_config = $arvados_config_global.deep_dup
72 $arvados_config["LoadTimestamp"] = load_time
73
74 def arrayToHash cfg, k, v
75   val = {}
76   v.each do |entry|
77     val[entry.to_s] = {}
78   end
79   ConfigLoader.set_cfg cfg, k, val
80 end
81
82 # Declare all our configuration items.
83 arvcfg = ConfigLoader.new
84 arvcfg.declare_config "ClusterID", NonemptyString, :uuid_prefix
85 arvcfg.declare_config "ManagementToken", String, :ManagementToken
86 arvcfg.declare_config "SystemRootToken", String
87 arvcfg.declare_config "API.DisabledAPIs", Hash, :disable_api_methods, ->(cfg, k, v) { arrayToHash cfg, "API.DisabledAPIs", v }
88 arvcfg.declare_config "API.MaxRequestSize", Integer, :max_request_size
89 arvcfg.declare_config "API.MaxIndexDatabaseRead", Integer, :max_index_database_read
90 arvcfg.declare_config "API.MaxItemsPerResponse", Integer, :max_items_per_response
91 arvcfg.declare_config "API.MaxTokenLifetime", ActiveSupport::Duration
92 arvcfg.declare_config "API.RequestTimeout", ActiveSupport::Duration
93 arvcfg.declare_config "API.AsyncPermissionsUpdateInterval", ActiveSupport::Duration, :async_permissions_update_interval
94 arvcfg.declare_config "Users.AutoSetupNewUsers", Boolean, :auto_setup_new_users
95 arvcfg.declare_config "Users.AutoSetupNewUsersWithVmUUID", String, :auto_setup_new_users_with_vm_uuid
96 arvcfg.declare_config "Users.AutoSetupUsernameBlacklist", Hash, :auto_setup_name_blacklist, ->(cfg, k, v) { arrayToHash cfg, "Users.AutoSetupUsernameBlacklist", v }
97 arvcfg.declare_config "Users.NewUsersAreActive", Boolean, :new_users_are_active
98 arvcfg.declare_config "Users.AutoAdminUserWithEmail", String, :auto_admin_user
99 arvcfg.declare_config "Users.AutoAdminFirstUser", Boolean, :auto_admin_first_user
100 arvcfg.declare_config "Users.UserProfileNotificationAddress", String, :user_profile_notification_address
101 arvcfg.declare_config "Users.AdminNotifierEmailFrom", String, :admin_notifier_email_from
102 arvcfg.declare_config "Users.EmailSubjectPrefix", String, :email_subject_prefix
103 arvcfg.declare_config "Users.UserNotifierEmailFrom", String, :user_notifier_email_from
104 arvcfg.declare_config "Users.UserNotifierEmailBcc", Hash
105 arvcfg.declare_config "Users.NewUserNotificationRecipients", Hash, :new_user_notification_recipients, ->(cfg, k, v) { arrayToHash cfg, "Users.NewUserNotificationRecipients", v }
106 arvcfg.declare_config "Users.NewInactiveUserNotificationRecipients", Hash, :new_inactive_user_notification_recipients, method(:arrayToHash)
107 arvcfg.declare_config "Users.CanCreateRoleGroups", Boolean
108 arvcfg.declare_config "Users.RoleGroupsVisibleToAll", Boolean
109 arvcfg.declare_config "Login.LoginCluster", String
110 arvcfg.declare_config "Login.TrustedClients", Hash
111 arvcfg.declare_config "Login.RemoteTokenRefresh", ActiveSupport::Duration
112 arvcfg.declare_config "Login.TokenLifetime", ActiveSupport::Duration
113 arvcfg.declare_config "TLS.Insecure", Boolean, :sso_insecure
114 arvcfg.declare_config "AuditLogs.MaxAge", ActiveSupport::Duration, :max_audit_log_age
115 arvcfg.declare_config "AuditLogs.MaxDeleteBatch", Integer, :max_audit_log_delete_batch
116 arvcfg.declare_config "AuditLogs.UnloggedAttributes", Hash, :unlogged_attributes, ->(cfg, k, v) { arrayToHash cfg, "AuditLogs.UnloggedAttributes", v }
117 arvcfg.declare_config "SystemLogs.MaxRequestLogParamsSize", Integer, :max_request_log_params_size
118 arvcfg.declare_config "Collections.DefaultReplication", Integer, :default_collection_replication
119 arvcfg.declare_config "Collections.DefaultTrashLifetime", ActiveSupport::Duration, :default_trash_lifetime
120 arvcfg.declare_config "Collections.CollectionVersioning", Boolean, :collection_versioning
121 arvcfg.declare_config "Collections.PreserveVersionIfIdle", ActiveSupport::Duration, :preserve_version_if_idle
122 arvcfg.declare_config "Collections.TrashSweepInterval", ActiveSupport::Duration, :trash_sweep_interval
123 arvcfg.declare_config "Collections.BlobSigningKey", String, :blob_signing_key
124 arvcfg.declare_config "Collections.BlobSigningTTL", ActiveSupport::Duration, :blob_signature_ttl
125 arvcfg.declare_config "Collections.BlobSigning", Boolean, :permit_create_collection_with_unsigned_manifest, ->(cfg, k, v) { ConfigLoader.set_cfg cfg, "Collections.BlobSigning", !v }
126 arvcfg.declare_config "Collections.ForwardSlashNameSubstitution", String
127 arvcfg.declare_config "Containers.SupportedDockerImageFormats", Hash, :docker_image_formats, ->(cfg, k, v) { arrayToHash cfg, "Containers.SupportedDockerImageFormats", v }
128 arvcfg.declare_config "Containers.LogReuseDecisions", Boolean, :log_reuse_decisions
129 arvcfg.declare_config "Containers.DefaultKeepCacheRAM", Integer, :container_default_keep_cache_ram
130 arvcfg.declare_config "Containers.MaxDispatchAttempts", Integer, :max_container_dispatch_attempts
131 arvcfg.declare_config "Containers.MaxRetryAttempts", Integer, :container_count_max
132 arvcfg.declare_config "Containers.AlwaysUsePreemptibleInstances", Boolean, :preemptible_instances
133 arvcfg.declare_config "Containers.Logging.LogUpdatePeriod", ActiveSupport::Duration, :crunch_log_update_period
134 arvcfg.declare_config "Containers.Logging.LogUpdateSize", Integer, :crunch_log_update_size
135 arvcfg.declare_config "Mail.MailchimpAPIKey", String, :mailchimp_api_key
136 arvcfg.declare_config "Mail.MailchimpListID", String, :mailchimp_list_id
137 arvcfg.declare_config "Services.Controller.ExternalURL", URI
138 arvcfg.declare_config "Services.Workbench1.ExternalURL", URI, :workbench_address
139 arvcfg.declare_config "Services.Websocket.ExternalURL", URI, :websocket_address
140 arvcfg.declare_config "Services.WebDAV.ExternalURL", URI, :keep_web_service_url
141 arvcfg.declare_config "RemoteClusters", Hash, :remote_hosts, ->(cfg, k, v) {
142   h = if cfg["RemoteClusters"] then
143         cfg["RemoteClusters"].deep_dup
144       else
145         {}
146       end
147   v.each do |clusterid, host|
148     if h[clusterid].nil?
149       h[clusterid] = {
150         "Host" => host,
151         "Proxy" => true,
152         "Scheme" => "https",
153         "Insecure" => false,
154         "ActivateUsers" => false
155       }
156     end
157   end
158   ConfigLoader.set_cfg cfg, "RemoteClusters", h
159 }
160 arvcfg.declare_config "RemoteClusters.*.Proxy", Boolean, :remote_hosts_via_dns
161 arvcfg.declare_config "StorageClasses", Hash
162
163 dbcfg = ConfigLoader.new
164
165 dbcfg.declare_config "PostgreSQL.ConnectionPool", Integer, :pool
166 dbcfg.declare_config "PostgreSQL.Connection.host", String, :host
167 dbcfg.declare_config "PostgreSQL.Connection.port", String, :port
168 dbcfg.declare_config "PostgreSQL.Connection.user", String, :username
169 dbcfg.declare_config "PostgreSQL.Connection.password", String, :password
170 dbcfg.declare_config "PostgreSQL.Connection.dbname", String, :database
171 dbcfg.declare_config "PostgreSQL.Connection.template", String, :template
172 dbcfg.declare_config "PostgreSQL.Connection.encoding", String, :encoding
173 dbcfg.declare_config "PostgreSQL.Connection.collation", String, :collation
174
175 application_config = {}
176 %w(application.default application).each do |cfgfile|
177   path = "#{::Rails.root.to_s}/config/#{cfgfile}.yml"
178   confs = ConfigLoader.load(path, erb: true)
179   # Ignore empty YAML file:
180   next if confs == nil
181   application_config.deep_merge!(confs['common'] || {})
182   application_config.deep_merge!(confs[::Rails.env.to_s] || {})
183 end
184
185 db_config = {}
186 path = "#{::Rails.root.to_s}/config/database.yml"
187 if !ENV['ARVADOS_CONFIG_NOLEGACY'] && File.exist?(path)
188   db_config = ConfigLoader.load(path, erb: true)
189 end
190
191 $remaining_config = arvcfg.migrate_config(application_config, $arvados_config)
192 dbcfg.migrate_config(db_config[::Rails.env.to_s] || {}, $arvados_config)
193
194 if application_config[:auto_activate_users_from]
195   application_config[:auto_activate_users_from].each do |cluster|
196     if $arvados_config.RemoteClusters[cluster]
197       $arvados_config.RemoteClusters[cluster]["ActivateUsers"] = true
198     end
199   end
200 end
201
202 if application_config[:host] || application_config[:port] || application_config[:scheme]
203   if !application_config[:host] || application_config[:host].empty?
204     raise "Must set 'host' when setting 'port' or 'scheme'"
205   end
206   $arvados_config.Services["Controller"]["ExternalURL"] = URI((application_config[:scheme] || "https")+"://"+application_config[:host]+
207                                                               (if application_config[:port] then ":#{application_config[:port]}" else "" end))
208 end
209
210 # Checks for wrongly typed configuration items, coerces properties
211 # into correct types (such as Duration), and optionally raise error
212 # for essential configuration that can't be empty.
213 arvcfg.coercion_and_check $arvados_config_defaults, check_nonempty: false
214 arvcfg.coercion_and_check $arvados_config_global, check_nonempty: false
215 arvcfg.coercion_and_check $arvados_config, check_nonempty: true
216 dbcfg.coercion_and_check $arvados_config, check_nonempty: true
217
218 # * $arvados_config_defaults is the defaults
219 # * $arvados_config_global is $arvados_config_defaults merged with the contents of /etc/arvados/config.yml
220 # These are used by the rake config: tasks
221 #
222 # * $arvados_config is $arvados_config_global merged with the migrated contents of application.yml
223 # This is what actually gets copied into the Rails configuration object.
224
225 if $arvados_config["Collections"]["DefaultTrashLifetime"] < 86400.seconds then
226   raise "default_trash_lifetime is %d, must be at least 86400" % Rails.configuration.Collections.DefaultTrashLifetime
227 end
228
229 default_storage_classes = []
230 $arvados_config["StorageClasses"].each do |cls, cfg|
231   if cfg["Default"]
232     default_storage_classes << cls
233   end
234 end
235 if default_storage_classes.length == 0
236   default_storage_classes = ["default"]
237 end
238 $arvados_config["DefaultStorageClasses"] = default_storage_classes.sort
239
240 #
241 # Special case for test database where there's no database.yml,
242 # because the Arvados config.yml doesn't have a concept of multiple
243 # rails environments.
244 #
245 if ::Rails.env.to_s == "test" && db_config["test"].nil?
246   $arvados_config["PostgreSQL"]["Connection"]["dbname"] = "arvados_test"
247 end
248 if ::Rails.env.to_s == "test"
249   # Use template0 when creating a new database. Avoids
250   # character-encoding/collation problems.
251   $arvados_config["PostgreSQL"]["Connection"]["template"] = "template0"
252   # Some test cases depend on en_US.UTF-8 collation.
253   $arvados_config["PostgreSQL"]["Connection"]["collation"] = "en_US.UTF-8"
254 end
255
256 if ENV["ARVADOS_CONFIG"] == "none"
257   # We need the postgresql connection URI to be valid, even if we
258   # don't use it.
259   $arvados_config["PostgreSQL"]["Connection"]["host"] = "localhost"
260   $arvados_config["PostgreSQL"]["Connection"]["user"] = "x"
261   $arvados_config["PostgreSQL"]["Connection"]["password"] = "x"
262   $arvados_config["PostgreSQL"]["Connection"]["dbname"] = "x"
263 end
264
265 if $arvados_config["PostgreSQL"]["Connection"]["password"].empty?
266   raise "Database password is empty, PostgreSQL section is: #{$arvados_config["PostgreSQL"]}"
267 end
268
269 dbhost = $arvados_config["PostgreSQL"]["Connection"]["host"]
270 if $arvados_config["PostgreSQL"]["Connection"]["port"] != 0
271   dbhost += ":#{$arvados_config["PostgreSQL"]["Connection"]["port"]}"
272 end
273
274 #
275 # If DATABASE_URL is set, then ActiveRecord won't error out if database.yml doesn't exist.
276 #
277 # For config migration, we've previously populated the PostgreSQL
278 # section of the config from database.yml
279 #
280 database_url = "postgresql://#{CGI.escape $arvados_config["PostgreSQL"]["Connection"]["user"]}:"+
281                       "#{CGI.escape $arvados_config["PostgreSQL"]["Connection"]["password"]}@"+
282                       "#{dbhost}/#{CGI.escape $arvados_config["PostgreSQL"]["Connection"]["dbname"]}?"+
283                       "template=#{$arvados_config["PostgreSQL"]["Connection"]["template"]}&"+
284                       "encoding=#{$arvados_config["PostgreSQL"]["Connection"]["client_encoding"]}&"+
285                       "collation=#{$arvados_config["PostgreSQL"]["Connection"]["collation"]}&"+
286                       "pool=#{$arvados_config["PostgreSQL"]["ConnectionPool"]}"
287
288 ENV["DATABASE_URL"] = database_url
289
290 Server::Application.configure do
291   # Copy into the Rails config object.  This also turns Hash into
292   # OrderedOptions so that application code can use
293   # Rails.configuration.API.Blah instead of
294   # Rails.configuration.API["Blah"]
295   ConfigLoader.copy_into_config $arvados_config, config
296   ConfigLoader.copy_into_config $remaining_config, config
297
298   # We don't rely on cookies for authentication, so instead of
299   # requiring a signing key in config, we assign a new random one at
300   # startup.
301   secrets.secret_key_base = rand(1<<255).to_s(36)
302 end