-INITIAL_USER="admin"
-# If not specified, the initial user email will be composed as
-# INITIAL_USER@CLUSTER.DOMAIN
-INITIAL_USER_EMAIL="admin@cluster_fixme_or_this_wont_work.domain_fixme_or_this_wont_work"
-INITIAL_USER_PASSWORD="password"
-
-# Populate these values with random strings
-BLOB_SIGNING_KEY=fixmeblobsigningkeymushaveatleast32characters
-MANAGEMENT_TOKEN=fixmemanagementtokenmushaveatleast32characters
-SYSTEM_ROOT_TOKEN=fixmesystemroottokenmushaveatleast32characters
-ANONYMOUS_USER_TOKEN=fixmeanonymoususertokenmushaveatleast32characters
-WORKBENCH_SECRET_KEY=fixmeworkbenchsecretkeymushaveatleast32characters
-DATABASE_PASSWORD=fixmeplease_set_this_to_some_secure_value
-
-# SSL CERTIFICATES
-# Arvados requires SSL certificates to work correctly. This installer supports these options:
-# * self-signed: let the installer create self-signed certificate(s)
-# * bring-your-own: supply your own certificate(s) in the `certs` directory
-# * lets-encrypt: automatically obtain and install SSL certificates for your hostname(s)
-#
-# See https://doc.arvados.org/intall/salt-single-host.html#certificates for more information.
-SSL_MODE="self-signed"
-
-# CUSTOM_CERTS_DIR is only used when SSL_MODE is set to "bring-your-own".
-# See https://doc.arvados.org/intall/salt-single-host.html#bring-your-own for more information.
-# CUSTOM_CERTS_DIR="${SCRIPT_DIR}/local_config_dir/certs"
-
-# Set the following to "yes" if the key files are encrypted and optionally set
-# a custom AWS secret name for each node to retrieve the password.
-SSL_KEY_ENCRYPTED="no"
-SSL_KEY_AWS_SECRET_NAME="${CLUSTER}-arvados-ssl-privkey-password"
+CLUSTER_INT_CIDR=""
+CONTROLLER_INT_IP=""
+DATABASE_INT_IP=""
+WORKBENCH1_INT_IP=""
+DISPATCHER_INT_IP=""
+KEEPBALANCE_INT_IP=""
+WEBSOCKET_INT_IP=""
+KEEPWEB_INT_IP=""
+WORKBENCH2_INT_IP=""
+WEBSHELL_INT_IP=""
+KEEP_INT_IP=""
+KEEPSTORE0_INT_IP=""
+SHELL_INT_IP=""
+
+DATABASE_NAME="${CLUSTER}_arvados"
+DATABASE_USER="${CLUSTER}_arvados"
+DATABASE_POSTGRESQL_VERSION=12
+# Set this if using an external PostgreSQL service.
+#DATABASE_EXTERNAL_SERVICE_HOST_OR_IP=