# parameter higher than this value, this value is used instead.
MaxItemsPerResponse: 1000
- # Maximum number of concurrent requests to accept in a single
- # service process, or 0 for no limit.
- MaxConcurrentRequests: 0
+ # Maximum number of concurrent requests to process concurrently
+ # in a single service process, or 0 for no limit.
+ #
+ # Note this applies to all Arvados services (controller, webdav,
+ # websockets, etc.). Concurrency in the controller service is
+ # also effectively limited by MaxConcurrentRailsRequests (see
+ # below) because most controller requests proxy through to the
+ # RailsAPI service.
+ MaxConcurrentRequests: 64
+
+ # Maximum number of concurrent requests to process concurrently
+ # in a single RailsAPI service process, or 0 for no limit.
+ MaxConcurrentRailsRequests: 8
+
+ # Maximum number of incoming requests to hold in a priority
+ # queue waiting for one of the MaxConcurrentRequests slots to be
+ # free. When the queue is longer than this, respond 503 to the
+ # lowest priority request.
+ #
+ # If MaxQueuedRequests is 0, respond 503 immediately to
+ # additional requests while at the MaxConcurrentRequests limit.
+ MaxQueuedRequests: 128
+
+ # Maximum time a "lock container" request is allowed to wait in
+ # the incoming request queue before returning 503.
+ MaxQueueTimeForLockRequests: 2s
+
+ # Fraction of MaxConcurrentRequests that can be "log create"
+ # messages at any given time. This is to prevent logging
+ # updates from crowding out more important requests.
+ LogCreateRequestFraction: 0.50
# Maximum number of 64MiB memory buffers per Keepstore server process, or
# 0 for no limit. When this limit is reached, up to
# any user with "manage" permission can un-freeze.
UnfreezeProjectRequiresAdmin: false
+ # (Experimental) Use row-level locking on update API calls.
+ LockBeforeUpdate: false
+
Users:
# Config parameters to automatically setup new users. If enabled,
# this users will be able to self-activate. Enable this if you want
# cluster.
RoleGroupsVisibleToAll: true
+ # If CanCreateRoleGroups is true, regular (non-admin) users can
+ # create new role groups.
+ #
+ # If false, only admins can create new role groups.
+ CanCreateRoleGroups: true
+
# During each period, a log entry with event_type="activity"
# will be recorded for each user who is active during that
# period. The object_uuid attribute will indicate the user's
# Use 0 to disable activity logging.
ActivityLoggingPeriod: 24h
+ # The SyncUser* options control what system resources are managed by
+ # arvados-login-sync on shell nodes. They correspond to:
+ # * SyncUserAccounts: The user's Unix account on the shell node
+ # * SyncUserGroups: The group memberships of that account
+ # * SyncUserSSHKeys: Whether to authorize the user's Arvados SSH keys
+ # * SyncUserAPITokens: Whether to set up the user's Arvados API token
+ # All default to true.
+ SyncUserAccounts: true
+ SyncUserGroups: true
+ SyncUserSSHKeys: true
+ SyncUserAPITokens: true
+
+ # If SyncUserGroups=true, then arvados-login-sync will ensure that all
+ # managed accounts are members of the Unix groups listed in
+ # SyncRequiredGroups, in addition to any groups listed in their Arvados
+ # login permission. The default list includes the "fuse" group so
+ # users can use arv-mount. You can require no groups by specifying an
+ # empty list (i.e., `SyncRequiredGroups: []`).
+ SyncRequiredGroups:
+ - fuse
+
+ # SyncIgnoredGroups is a list of group names. arvados-login-sync will
+ # never modify these groups. If user login permissions list any groups
+ # in SyncIgnoredGroups, they will be ignored. If a user's Unix account
+ # belongs to any of these groups, arvados-login-sync will not remove
+ # the account from that group. The default is a set of particularly
+ # security-sensitive groups across Debian- and Red Hat-based
+ # distributions.
+ SyncIgnoredGroups:
+ - adm
+ - disk
+ - kmem
+ - mem
+ - root
+ - shadow
+ - staff
+ - sudo
+ - sys
+ - utempter
+ - utmp
+ - wheel
+
AuditLogs:
# Time to keep audit logs, in seconds. (An audit log is a row added
# to the "logs" table in the PostgreSQL database each time an
# params_truncated.
MaxRequestLogParamsSize: 2000
+ # In all services except RailsAPI, periodically check whether
+ # the incoming HTTP request queue is nearly full (see
+ # MaxConcurrentRequests) and, if so, write a snapshot of the
+ # request queue to {service}-requests.json in the specified
+ # directory.
+ #
+ # Leave blank to disable.
+ RequestQueueDumpDirectory: ""
+
Collections:
# Enable access controls for data stored in Keep. This should
#
# If SIGUSR1 is received during an idle period between operations,
# the next operation will start immediately.
- BalancePeriod: 10m
+ BalancePeriod: 6h
# Limits the number of collections retrieved by keep-balance per
# API transaction. If this is zero, page size is
BalanceCollectionBatch: 0
# The size of keep-balance's internal queue of
- # collections. Higher values use more memory and improve throughput
- # by allowing keep-balance to fetch the next page of collections
- # while the current page is still being processed. If this is zero
- # or omitted, pages are processed serially.
- BalanceCollectionBuffers: 1000
+ # collections. Higher values may improve throughput by allowing
+ # keep-balance to fetch collections from the database while the
+ # current collection are still being processed, at the expense of
+ # using more memory. If this is zero or omitted, pages are
+ # processed serially.
+ BalanceCollectionBuffers: 4
# Maximum time for a rebalancing run. This ensures keep-balance
# eventually gives up and retries if, for example, a network
# once.
BalanceUpdateLimit: 100000
+ # Maximum number of "pull block from other server" and "trash
+ # block" requests to send to each keepstore server at a
+ # time. Smaller values use less memory in keepstore and
+ # keep-balance. Larger values allow more progress per
+ # keep-balance iteration. A zero value computes all of the
+ # needed changes but does not apply any.
+ BalancePullLimit: 100000
+ BalanceTrashLimit: 100000
+
# Default lifetime for ephemeral collections: 2 weeks. This must not
# be less than BlobSigningTTL.
DefaultTrashLifetime: 336h
# Skip TLS certificate name verification.
InsecureTLS: false
+ # Mininum TLS version to negotiate when connecting to server
+ # (ldaps://... or StartTLS). It may be necessary to set this
+ # to "1.1" for compatibility with older LDAP servers that fail
+ # with 'LDAP Result Code 200 "Network Error": TLS handshake
+ # failed (tls: server selected unsupported protocol version
+ # 301)'.
+ #
+ # If blank, use the recommended minimum version (1.2).
+ MinTLSVersion: ""
+
# Strip the @domain part if a user supplies an email-style
# username with this domain. If "*", strip any user-provided
# domain. If "", never strip the domain part. Example:
# probably want to include the other Workbench instances in the
# federation in this list.
#
+ # A wildcard like "https://*.example" will match client URLs
+ # like "https://a.example" and "https://a.b.c.example".
+ #
# Example:
#
# TrustedClients:
TrustedClients:
SAMPLE: {}
- # Treat any origin whose host part is a private IP address
- # (e.g., http://10.0.0.123/) as if it were listed in
- # TrustedClients.
+ # Treat any origin whose host part is "localhost" or a private
+ # IP address (e.g., http://10.0.0.123:3000/) as if it were
+ # listed in TrustedClients.
#
# Intended only for test/development use. Not appropriate for
# production use.
# troubleshooting purposes.
LogReuseDecisions: false
- # Default value for keep_cache_ram of a container's runtime_constraints.
- DefaultKeepCacheRAM: 268435456
+ # Default value for keep_cache_ram of a container's
+ # runtime_constraints. Note: this gets added to the RAM request
+ # used to allocate a VM or submit an HPC job.
+ #
+ # If this is zero, container requests that don't specify RAM or
+ # disk cache size will use a disk cache, sized to the
+ # container's RAM requirement (but with minimum 2 GiB and
+ # maximum 32 GiB).
+ #
+ # Note: If you change this value, containers that used the previous
+ # default value will only be reused by container requests that
+ # explicitly specify the previous value in their keep_cache_ram
+ # runtime constraint.
+ DefaultKeepCacheRAM: 0
# Number of times a container can be unlocked before being
# automatically cancelled.
- MaxDispatchAttempts: 5
+ MaxDispatchAttempts: 10
# Default value for container_count_max for container requests. This is the
# number of times Arvados will create a new container to satisfy a container
# with the cancelled container.
MaxRetryAttempts: 3
- # The maximum number of compute nodes that can be in use simultaneously
- # If this limit is reduced, any existing nodes with slot number >= new limit
- # will not be counted against the new limit. In other words, the new limit
- # won't be strictly enforced until those nodes with higher slot numbers
- # go down.
- MaxComputeVMs: 64
-
# Schedule all child containers on preemptible instances (e.g. AWS
# Spot Instances) even if not requested by the submitter.
#
# A price factor of 1.0 is a reasonable starting point.
PreemptiblePriceFactor: 0
+ # When the lowest-priced instance type for a given container is
+ # not available, try other instance types, up to the indicated
+ # maximum price factor.
+ #
+ # For example, with AvailabilityPriceFactor 1.5, if the
+ # lowest-cost instance type A suitable for a given container
+ # costs $2/h, Arvados may run the container on any instance type
+ # B costing $3/h or less when instance type A is not available
+ # or an idle instance of type B is already running.
+ MaximumPriceFactor: 1.5
+
# PEM encoded SSH key (RSA, DSA, or ECDSA) used by the
# cloud dispatcher for executing containers on worker VMs.
# Begins with "-----BEGIN RSA PRIVATE KEY-----\n"
# and ends with "\n-----END RSA PRIVATE KEY-----\n".
+ #
+ # Use "file:///absolute/path/to/key" to load the key from a
+ # separate file instead of embedding it in the configuration
+ # file.
DispatchPrivateKey: ""
# Maximum time to wait for workers to come up before abandoning
# Extra RAM to reserve on the node, in addition to
# the amount specified in the container's RuntimeConstraints
- ReserveExtraRAM: 256MiB
+ ReserveExtraRAM: 550MiB
# Minimum time between two attempts to run the same container
MinRetryPeriod: 0s
# before being silenced until the end of the period.
LogThrottleLines: 1024
- # Maximum bytes that may be logged by a single job. Log bytes that are
- # silenced by throttling are not counted against this total.
- LimitLogBytesPerJob: 67108864
+ # Maximum bytes that may be logged as legacy log events
+ # (records posted to the "logs" table). Starting with Arvados
+ # 2.7, container live logging has migrated to a new system
+ # (polling the container request live log endpoint) and this
+ # value should be 0. As of this writing, the container will
+ # still create a single log on the API server, noting for that
+ # log events are throttled.
+ LimitLogBytesPerJob: 0
LogPartialLineThrottlePeriod: 5s
# providers too, if desired.
MaxConcurrentInstanceCreateOps: 1
+ # The maximum number of instances to run at a time, or 0 for
+ # unlimited.
+ #
+ # If more instances than this are already running and busy
+ # when the dispatcher starts up, the running containers will
+ # be allowed to finish before the excess instances are shut
+ # down.
+ MaxInstances: 64
+
+ # The minimum number of instances expected to be runnable
+ # without reaching a provider-imposed quota.
+ #
+ # This is used as the initial value for the dispatcher's
+ # dynamic instance limit, which increases (up to MaxInstances)
+ # as containers start up successfully and decreases in
+ # response to high API load and cloud quota errors.
+ #
+ # Setting this to 0 means the dynamic instance limit will
+ # start at MaxInstances.
+ #
+ # Situations where you may want to set this (to a value less
+ # than MaxInstances) would be when there is significant
+ # variability or uncertainty in the actual cloud resources
+ # available. Upon reaching InitialQuotaEstimate the
+ # dispatcher will switch to a more conservative behavior with
+ # slower instance start to avoid over-shooting cloud resource
+ # limits.
+ InitialQuotaEstimate: 0
+
+ # Maximum fraction of available instance capacity allowed to
+ # run "supervisor" containers at any given time. A supervisor
+ # is a container whose purpose is mainly to submit and manage
+ # other containers, such as arvados-cwl-runner workflow
+ # runner.
+ #
+ # If there is a hard limit on the amount of concurrent
+ # containers that the cluster can run, it is important to
+ # avoid crowding out the containers doing useful work with
+ # containers who just create more work.
+ #
+ # For example, with the default MaxInstances of 64, it will
+ # schedule at most floor(64*0.50) = 32 concurrent workflow
+ # runners, ensuring 32 slots are available for work.
+ SupervisorFraction: 0.50
+
# Interval between cloud provider syncs/updates ("list all
# instances").
SyncInterval: 1m
# https://xxxxx.blob.core.windows.net/system/Microsoft.Compute/Images/images/xxxxx.vhd
ImageID: ""
+ # Shell script to run on new instances using the cloud
+ # provider's UserData (EC2) or CustomData (Azure) feature.
+ #
+ # It is not necessary to include a #!/bin/sh line.
+ InstanceInitCommand: ""
+
# An executable file (located on the dispatcher host) to be
# copied to cloud instances at runtime and used as the
# container runner/supervisor. The default value is the
# version of crunch-run installed; see CrunchRunCommand above.
DeployRunnerBinary: "/proc/self/exe"
+ # Install the Dispatcher's SSH public key (derived from
+ # DispatchPrivateKey) when creating new cloud
+ # instances. Change this to false if you are using a different
+ # mechanism to pre-install the public key on new instances.
+ DeployPublicKey: true
+
# Tags to add on all resources (VMs, NICs, disks) created by
# the container dispatcher. (Arvados's own tags --
# InstanceType, IdleBehavior, and InstanceSecret -- will also
SecretAccessKey: ""
# (ec2) Instance configuration.
+
+ # (ec2) Region, like "us-east-1".
+ Region: ""
+
+ # (ec2) Security group IDs. Omit or use {} to use the
+ # default security group.
SecurityGroupIDs:
"SAMPLE": {}
+
+ # (ec2) One or more subnet IDs. Omit or leave empty to let
+ # AWS choose a default subnet from your default VPC. If
+ # multiple subnets are configured here (enclosed in brackets
+ # like [subnet-abc123, subnet-def456]) the cloud dispatcher
+ # will detect subnet-related errors and retry using a
+ # different subnet. Most sites specify one subnet.
SubnetID: ""
- Region: ""
+
EBSVolumeType: gp2
AdminUsername: debian
# (ec2) name of the IAMInstanceProfile for instances started by
# the cloud dispatcher. Leave blank when not needed.
IAMInstanceProfile: ""
+ # (ec2) how often to look up spot instance pricing data
+ # (only while running spot instances) for the purpose of
+ # calculating container cost estimates. A value of 0
+ # disables spot price lookups entirely.
+ SpotPriceUpdateInterval: 24h
+
+ # (ec2) per-GiB-month cost of EBS volumes. Matches
+ # EBSVolumeType. Used to account for AddedScratch when
+ # calculating container cost estimates. Note that
+ # https://aws.amazon.com/ebs/pricing/ defines GB to mean
+ # GiB, so an advertised price $0.10/GB indicates a real
+ # price of $0.10/GiB and can be entered here as 0.10.
+ EBSPrice: 0.10
+
# (azure) Credentials.
SubscriptionID: ""
ClientID: ""
RAM: 128MiB
IncludedScratch: 16GB
AddedScratch: 0
+ # Hourly price ($), used to select node types for containers,
+ # and to calculate estimated container costs. For spot
+ # instances on EC2, this is also used as the maximum price
+ # when launching spot instances, while the estimated container
+ # cost is computed based on the current spot price according
+ # to AWS. On Azure, and on-demand instances on EC2, the price
+ # given here is used to compute container cost estimates.
Price: 0.1
Preemptible: false
# Include this section if the node type includes GPU (CUDA) support
ReadOnly: false
"http://host1.example:25107": {}
ReadOnly: false
+ # AllowTrashWhenReadOnly enables unused and overreplicated
+ # blocks to be trashed/deleted even when ReadOnly is
+ # true. Normally, this is false and ReadOnly prevents all
+ # trash/delete operations as well as writes.
+ AllowTrashWhenReadOnly: false
Replication: 1
StorageClasses:
# If you have configured storage classes (see StorageClasses
ReadTimeout: 10m
RaceWindow: 24h
PrefixLength: 0
- # Use aws-s3-go (v2) instead of goamz
- UseAWSS3v2Driver: true
# For S3 driver, potentially unsafe tuning parameter,
# intentionally excluded from main documentation.
ArvadosDocsite: https://doc.arvados.org
ArvadosPublicDataDocURL: https://playground.arvados.org/projects/public
ShowUserAgreementInline: false
- SecretKeyBase: ""
# Set this configuration to true to avoid providing an easy way for users
# to share data with unauthenticated users; this may be necessary on
# installations where strict data access controls are needed.
DisableSharingURLsUI: false
- # Scratch directory used by the remote repository browsing
- # feature. If it doesn't exist, it (and any missing parents) will be
- # created using mkdir_p.
- RepositoryCache: /var/www/arvados-workbench/current/tmp/git
-
# Below is a sample setting of user_profile_form_fields config parameter.
# This configuration parameter should be set to either false (to disable) or
# to a map as shown below.
# to display on the profile page.
UserProfileFormMessage: 'Welcome to Arvados. All <span style="color:red">required fields</span> must be completed before you can proceed.'
- # Mimetypes of applications for which the view icon
- # would be enabled in a collection's show page.
- # It is sufficient to list only applications here.
- # No need to list text and image types.
- ApplicationMimetypesWithViewIcon:
- cwl: {}
- fasta: {}
- go: {}
- javascript: {}
- json: {}
- pdf: {}
- python: {}
- x-python: {}
- r: {}
- rtf: {}
- sam: {}
- x-sh: {}
- vnd.realvnc.bed: {}
- xml: {}
- xsl: {}
- SAMPLE: {}
-
- # The maximum number of bytes to load in the log viewer
- LogViewerMaxBytes: 1M
-
- # When anonymous_user_token is configured, show public projects page
- EnablePublicProjectsPage: true
-
- # By default, disable the "Getting Started" popup which is specific to Arvados playground
- EnableGettingStartedPopup: false
-
- # Ask Arvados API server to compress its response payloads.
- APIResponseCompression: true
-
- # Timeouts for API requests.
- APIClientConnectTimeout: 2m
- APIClientReceiveTimeout: 5m
-
- # Maximum number of historic log records of a running job to fetch
- # and display in the Log tab, while subscribing to web sockets.
- RunningJobLogRecordsToFetch: 2000
-
- # In systems with many shared projects, loading of dashboard and topnav
- # can be slow due to collections indexing; use the following parameters
- # to suppress these properties
- ShowRecentCollectionsOnDashboard: true
- ShowUserNotifications: true
-
- # Enable/disable "multi-site search" in top nav ("true"/"false"), or
- # a link to the multi-site search page on a "home" Workbench site.
- #
- # Example:
- # https://workbench.zzzzz.arvadosapi.com/collections/multisite
- MultiSiteSearch: ""
-
- # Should workbench allow management of local git repositories? Set to false if
- # the jobs api is disabled and there are no local git repositories.
- Repositories: true
-
SiteName: Arvados Workbench
- ProfilingEnabled: false
-
- # This is related to obsolete Google OpenID 1.0 login
- # but some workbench stuff still expects it to be set.
- DefaultOpenIdPrefix: "https://www.google.com/accounts/o8/id"
# Workbench2 configs
FileViewersConfigURL: ""
# This feature is disabled when set to zero.
IdleTimeout: 0s
- # URL to a file that is a fragment of text or HTML which should
- # be rendered in Workbench as a banner.
- BannerURL: ""
+ # UUID of a collection. This collection should be shared with
+ # all users. Workbench will look for a file "banner.html" in
+ # this collection and display its contents (should be
+ # HTML-formatted text) when users first log in to Workbench.
+ BannerUUID: ""
# Workbench welcome screen, this is HTML text that will be
# incorporated directly onto the page.
projects / arvados.git / blobdiff