AcceptAccessTokenScope: ""
PAM:
- # (Experimental) Use PAM to authenticate users.
+ # Use PAM to authenticate users.
Enable: false
# PAM service name. PAM will apply the policy in the
UsePreemptibleInstances: false
# PEM encoded SSH key (RSA, DSA, or ECDSA) used by the
- # (experimental) cloud dispatcher for executing containers on
- # worker VMs. Begins with "-----BEGIN RSA PRIVATE KEY-----\n"
+ # cloud dispatcher for executing containers on worker VMs.
+ # Begins with "-----BEGIN RSA PRIVATE KEY-----\n"
# and ends with "\n-----END RSA PRIVATE KEY-----\n".
DispatchPrivateKey: ""
# Minimum time between two attempts to run the same container
MinRetryPeriod: 0s
- # Container runtime: "docker" (default) or "singularity" (experimental)
+ # Container runtime: "docker" (default) or "singularity"
RuntimeEngine: docker
+ # When running a container, run a dedicated keepstore process,
+ # using the specified number of 64 MiB memory buffers per
+ # allocated CPU core (VCPUs in the container's runtime
+ # constraints). The dedicated keepstore handles I/O for
+ # collections mounted in the container, as well as saving
+ # container logs.
+ #
+ # A zero value disables this feature.
+ #
+ # In order for this feature to be activated, no volume may use
+ # AccessViaHosts, and each volume must have Replication higher
+ # than Collections.DefaultReplication. If these requirements are
+ # not satisfied, the feature is disabled automatically
+ # regardless of the value given here.
+ #
+ # Note that when this configuration is enabled, the entire
+ # cluster configuration file, including the system root token,
+ # is copied to the worker node and held in memory for the
+ # duration of the container.
+ LocalKeepBlobBuffersPerVCPU: 1
+
+ # When running a dedicated keepstore process for a container
+ # (see LocalKeepBlobBuffersPerVCPU), write keepstore log
+ # messages to keepstore.txt in the container's log collection.
+ #
+ # These log messages can reveal some volume configuration
+ # details, error messages from the cloud storage provider, etc.,
+ # which are not otherwise visible to users.
+ #
+ # Accepted values:
+ # * "none" -- no keepstore.txt file
+ # * "all" -- all logs, including request and response lines
+ # * "errors" -- all logs except "response" logs with 2xx
+ # response codes and "request" logs
+ LocalKeepLogsToContainerLog: none
+
Logging:
# When you run the db:delete_old_container_logs task, it will find
# containers that have been finished for at least this many seconds,
GitInternalDir: /var/lib/arvados/internal.git
CloudVMs:
- # Enable the cloud scheduler (experimental).
+ # Enable the cloud scheduler.
Enable: false
# Name/number of port where workers' SSH services listen.
# Maximum create/destroy-instance operations per second (0 =
# unlimited).
- MaxCloudOpsPerSecond: 0
+ MaxCloudOpsPerSecond: 10
- # Maximum concurrent node creation operations (0 = unlimited). This is
- # recommended by Azure in certain scenarios (see
- # https://docs.microsoft.com/en-us/azure/virtual-machines/linux/capture-image)
- # and can be used with other cloud providers too, if desired.
- MaxConcurrentInstanceCreateOps: 0
+ # Maximum concurrent instance creation operations (0 = unlimited).
+ #
+ # MaxConcurrentInstanceCreateOps limits the number of instance creation
+ # requests that can be in flight at any one time, whereas
+ # MaxCloudOpsPerSecond limits the number of create/destroy operations
+ # that can be started per second.
+ #
+ # Because the API for instance creation on Azure is synchronous, it is
+ # recommended to increase MaxConcurrentInstanceCreateOps when running
+ # on Azure. When using managed images, a value of 20 would be
+ # appropriate. When using Azure Shared Image Galeries, it could be set
+ # higher. For more information, see
+ # https://docs.microsoft.com/en-us/azure/virtual-machines/linux/capture-image
+ #
+ # MaxConcurrentInstanceCreateOps can be increased for other cloud
+ # providers too, if desired.
+ MaxConcurrentInstanceCreateOps: 1
# Interval between cloud provider syncs/updates ("list all
# instances").
ConnectTimeout: 1m
ReadTimeout: 10m
RaceWindow: 24h
+ PrefixLength: 0
# Use aws-s3-go (v2) instead of goamz
UseAWSS3v2Driver: false