projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
2934: add crunch-dispatch default settings
[arvados.git] / services / api / config / application.default.yml
diff --git a/services/api/config/application.default.yml b/services/api/config/application.default.yml
index 67aa401eca2433c3b71da4575b8010af4cc4553e..827dfe158662e5c22109e8b7acc5ae922a5330b4 100644 (file)
--- a/services/api/config/application.default.yml
+++ b/services/api/config/application.default.yml
@@ -43,6 +43,7 @@ test:
 
 common:
   secret_token: ~
+  blob_signing_key: ~
   uuid_prefix: <%= Digest::MD5.hexdigest(`hostname`).to_i(16).to_s(36)[0..4] %>
 
   # Git repositories must be readable by api server, or you won't be
@@ -67,6 +68,19 @@ common:
   # crunch-job must be able to stat() it.
   crunch_refresh_trigger: /tmp/crunch_refresh_trigger
 
+  # Maximum number of log events that may be generated by a single job.
+  crunch_limit_log_events_per_job: 65536
+
+  # Maximum number of total bytes that may be logged by a single job.
+  crunch_limit_log_event_bytes_per_job: 67108864
+
+  # These two settings control how frequently log events are flushed
+  # to the database.  If a job generates two or more events within
+  # crunch_log_seconds_between_events, the log data is not flushed
+  # until crunch_log_bytes_per_event has been reached.
+  crunch_log_bytes_per_event: 4096
+  crunch_log_seconds_between_events: 1
+
   # Path to /etc/dnsmasq.d, or false = do not update dnsmasq data.
   dnsmasq_conf_dir: false
 
@@ -86,6 +100,8 @@ common:
   admin_notifier_email_from: arvados@example.com
   email_subject_prefix: "[ARVADOS] "
   user_notifier_email_from: arvados@example.com
+  new_user_notification_recipients: [ ]
+  new_inactive_user_notification_recipients: [ ]
 
   # Visitors to the API server will be redirected to the workbench
   workbench_address: https://workbench.local:3001/
@@ -122,3 +138,18 @@ common:
   # configuration variable so that the primary server can give out the correct
   # address of the dedicated websocket server:
   #websocket_address: wss://127.0.0.1:3333/websocket
+
+  # Amount of time (in seconds) for which a blob permission signature
+  # remains valid.  Default: 2 weeks (1209600 seconds)
+  blob_signing_ttl: 1209600
+
+  # Allow clients to create collections by providing a manifest with
+  # unsigned data blob locators. IMPORTANT: This effectively disables
+  # access controls for data stored in Keep: a client who knows a hash
+  # can write a manifest that references the hash, pass it to
+  # collections.create (which will create a permission link), use
+  # collections.get to obtain a signature for that data locator, and
+  # use that signed locator to retrieve the data from Keep. Therefore,
+  # do not turn this on if your users expect to keep data private from
+  # one another!
+  permit_create_collection_with_unsigned_manifest: false