# 4. Section in application.default.yml corresponding to RAILS_ENV
# 5. Section in application.default.yml called "common"
-<%
-# If you change any of the code in this block, you'll probably also want
-# to update it in Workbench's application.default.yml.
-def info_cmd(*args, &block)
- IO.popen(args, "r", chdir: Rails.root, err: "/dev/null", &block)
-end
-
-source_version = ""
-local_modified = false
-if Rails.env == "production"
- # Read the version from our package's git-commit.version file, if available.
- begin
- source_version = IO.read(Rails.root.join("git-commit.version")).strip
- rescue Errno::ENOENT
- end
-end
-
-if source_version.empty?
- begin
- status_output = false
- info_cmd("git", "status", "-s") do |git_pipe|
- git_pipe.each_line do |_|
- status_output = true
- # Continue reading the pipe so git doesn't get SIGPIPE.
- end
- end
- if $?.success?
- info_cmd("git", "log", "-n1", "--format=%H") do |git_pipe|
- git_pipe.each_line do |line|
- source_version = line.chomp
- end
- end
- local_modified = status_output
- end
- rescue SystemCallError
- end
-end
-%>
-
common:
###
### Essential site configuration
# generate permission signatures for Keep locators. It must be
# identical to the permission key given to Keep. IMPORTANT: This is
# a site secret. It should be at least 50 characters.
+ #
+ # Modifying blob_signing_key will invalidate all existing
+ # signatures, which can cause programs to fail (e.g., arv-put,
+ # arv-get, and Crunch jobs). To avoid errors, rotate keys only when
+ # no such processes are running.
blob_signing_key: ~
# These settings are provided by your OAuth2 provider (e.g.,
# websockets, otherwise none at all.
websocket_address: false
+ # Maximum number of websocket connections allowed
+ websocket_max_connections: 500
+
+ # Maximum number of events a single connection can be backlogged
+ websocket_max_notify_backlog: 1000
+
+ # Maximum number of subscriptions a single websocket connection can have
+ # active.
+ websocket_max_filters: 10
+
# Git repositories must be readable by api server, or you won't be
# able to submit crunch jobs. To pass the test suites, put a clone
# of the arvados tree in {git_repositories_dir}/arvados.git or
# still has permission) the client can retrieve the collection again
# to get fresh signatures.
#
- # Datamanager considers an unreferenced block older than this to be
- # eligible for garbage collection. Therefore, it should never be
- # smaller than the corresponding value used by any local keepstore
- # service (see keepstore -blob-signature-ttl flag). This rule
- # prevents datamanager from trying to garbage-collect recently
- # written blocks while clients are still holding valid signatures.
+ # This must be exactly equal to the -blob-signature-ttl flag used by
+ # keepstore servers. Otherwise, reading data blocks and saving
+ # collections will fail with HTTP 403 permission errors.
+ #
+ # Modifying blob_signature_ttl invalidates existing signatures; see
+ # blob_signing_key note above.
#
# The default is 2 weeks.
blob_signature_ttl: 1209600
# for other data types.
max_index_database_read: 134217728
+ # Maximum number of items to return when responding to a APIs that
+ # can return partial result sets using limit and offset parameters
+ # (e.g., *.index, groups.contents). If a request specifies a "limit"
+ # parameter higher than this value, this value is used instead.
+ max_items_per_response: 1000
+
# When you run the db:delete_old_job_logs task, it will find jobs that
# have been finished for at least this many seconds, and delete their
# stderr logs from the logs table.
default_openid_prefix: https://www.google.com/accounts/o8/id
- # source_version
- source_version: "<%= source_version[0...8] %>"
- local_modified: false
+ # Override the automatic version string. With the default value of
+ # false, the version string is read from git-commit.version in
+ # Rails.root (included in vendor packages) or determined by invoking
+ # "git log".
+ source_version: false
+
+ crunch_log_partial_line_throttle_period: 5
+ # Enable asynchronous permission graph rebuild. Must run
+ # script/permission-updater.rb as a separate process. When the permission
+ # cache is invalidated, the background process will update the permission
+ # graph cache. This feature is experimental!
+ async_permissions_update: false
development:
force_ssl: false
active_record.auto_explain_threshold_in_seconds: 0.5
assets.compress: false
assets.debug: true
- local_modified: "<%= local_modified ? '-modified' : '' %>"
production:
force_ssl: true