Merge commit 'main' into 21160-user-activation
[arvados.git] / tools / salt-install / config_examples / single_host / multiple_hostnames / pillars / arvados.sls
1 # -*- coding: utf-8 -*-
2 # vim: ft=yaml
3 ---
4 # Copyright (C) The Arvados Authors. All rights reserved.
5 #
6 # SPDX-License-Identifier: AGPL-3.0
7
8 {%- set database_host = ("__DATABASE_EXTERNAL_SERVICE_HOST_OR_IP__" or "127.0.0.1") %}
9 {%- set database_name = "__DATABASE_NAME__" %}
10 {%- set database_user = "__DATABASE_USER__" %}
11 {%- set database_password = "__DATABASE_PASSWORD__" %}
12
13 # The variables commented out are the default values that the formula uses.
14 # The uncommented values are REQUIRED values. If you don't set them, running
15 # this formula will fail.
16 arvados:
17   ### GENERAL CONFIG
18   version: '__VERSION__'
19   ## It makes little sense to disable this flag, but you can, if you want :)
20   # use_upstream_repo: true
21
22   ## Repo URL is built with grains values. If desired, it can be completely
23   ## overwritten with the pillar parameter 'repo_url'
24   # repo:
25   #   humanname: Arvados Official Repository
26
27   release: __RELEASE__
28
29   ## IMPORTANT!!!!!
30   ## api, workbench and shell require some gems, so you need to make sure ruby
31   ## and deps are installed in order to install and compile the gems.
32   ## We default to `false` in these two variables as it's expected you already
33   ## manage OS packages with some other tool and you don't want us messing up
34   ## with your setup.
35   ruby:
36     ## We set these to `true` here for testing purposes.
37     ## They both default to `false`.
38     manage_ruby: true
39     manage_gems_deps: true
40     # pkg: ruby
41     # gems_deps:
42     #     - curl
43     #     - g++
44     #     - gcc
45     #     - git
46     #     - libcurl4
47     #     - libcurl4-gnutls-dev
48     #     - libpq-dev
49     #     - libxml2
50     #     - libxml2-dev
51     #     - make
52     #     - python3-dev
53     #     - ruby-dev
54     #     - zlib1g-dev
55
56   config:
57     check_command: /usr/bin/arvados-server config-check -strict=false -config
58   #   file: /etc/arvados/config.yml
59   #   user: root
60   ## IMPORTANT!!!!!
61   ## If you're intalling any of the rails apps (api, workbench), the group
62   ## should be set to that of the web server, usually `www-data`
63   #   group: root
64   #   mode: 640
65
66   ### ARVADOS CLUSTER CONFIG
67   cluster:
68     name: __CLUSTER__
69     domain: __DOMAIN__
70
71     database:
72       # max concurrent connections per arvados server daemon
73       # connection_pool_max: 32
74       name: {{ database_name }}
75       host: {{ database_host }}
76       password: {{ database_password }}
77       user: {{ database_user }}
78       extra_conn_params:
79         client_encoding: UTF8
80       # Centos7 does not enable SSL by default, so we disable
81       # it here just for testing of the formula purposes only.
82       # You should not do this in production, and should
83       # configure Postgres certificates correctly
84       {%- if grains.os_family in ('RedHat',) %}
85         sslmode: disable
86       {%- endif %}
87
88     tls:
89       # certificate: ''
90       # key: ''
91       # When using arvados-snakeoil certs set insecure: true
92       insecure: false
93
94     resources:
95       virtual_machines:
96         shell:
97           name: webshell
98           backend: 127.0.0.1
99           port: 4200
100
101     ### TOKENS
102     tokens:
103       system_root: __SYSTEM_ROOT_TOKEN__
104       management: __MANAGEMENT_TOKEN__
105       anonymous_user: __ANONYMOUS_USER_TOKEN__
106
107     ### KEYS
108     secrets:
109       blob_signing_key: __BLOB_SIGNING_KEY__
110       workbench_secret_key: "deprecated"
111
112     Login:
113       Test:
114         Enable: true
115         Users:
116           __INITIAL_USER__:
117             Email: __INITIAL_USER_EMAIL__
118             Password: __INITIAL_USER_PASSWORD__
119
120     ### VOLUMES
121     ## This should usually match all your `keepstore` instances
122     Volumes:
123       # the volume name will be composed with
124       # <cluster>-nyw5e-<volume>
125       __CLUSTER__-nyw5e-000000000000000:
126         AccessViaHosts:
127           'http://keep0.__CLUSTER__.__DOMAIN__:25107':
128             ReadOnly: false
129         Replication: 2
130         Driver: Directory
131         DriverParameters:
132           Root: /var/lib/arvados/keep
133
134     Users:
135       NewUsersAreActive: true
136       AutoAdminFirstUser: true
137       AutoSetupNewUsers: true
138       AutoSetupNewUsersWithRepository: true
139
140     Services:
141       Controller:
142         ExternalURL: 'https://__CLUSTER__.__DOMAIN__:__CONTROLLER_EXT_SSL_PORT__'
143         InternalURLs:
144           'http://controller.internal:8003': {}
145       DispatchCloud:
146         InternalURLs:
147           'http://__CLUSTER__.__DOMAIN__:9006': {}
148       Keepbalance:
149         InternalURLs:
150           'http://localhost:9005': {}
151       Keepproxy:
152         ExternalURL: 'https://keep.__CLUSTER__.__DOMAIN__:__CONTROLLER_EXT_SSL_PORT__'
153         InternalURLs:
154           'http://keep.internal:25100': {}
155       Keepstore:
156         InternalURLs:
157           'http://keep0.__CLUSTER__.__DOMAIN__:25107': {}
158       RailsAPI:
159         InternalURLs:
160           'http://api.internal:8004': {}
161       WebDAV:
162         ExternalURL: 'https://collections.__CLUSTER__.__DOMAIN__:__CONTROLLER_EXT_SSL_PORT__'
163         InternalURLs:
164           'http://collections.internal:9002': {}
165       WebDAVDownload:
166         ExternalURL: 'https://download.__CLUSTER__.__DOMAIN__:__CONTROLLER_EXT_SSL_PORT__'
167       WebShell:
168         ExternalURL: 'https://webshell.__CLUSTER__.__DOMAIN__:__CONTROLLER_EXT_SSL_PORT__'
169       Websocket:
170         ExternalURL: 'wss://ws.__CLUSTER__.__DOMAIN__/websocket'
171         InternalURLs:
172           'http://ws.internal:8005': {}
173       Workbench1:
174         ExternalURL: 'https://workbench.__CLUSTER__.__DOMAIN__:__CONTROLLER_EXT_SSL_PORT__'
175       Workbench2:
176         ExternalURL: 'https://workbench2.__CLUSTER__.__DOMAIN__:__CONTROLLER_EXT_SSL_PORT__'