Clusters:
xxxxx:
+ # Token used internally by Arvados components to authenticate to
+ # one another. Use a string of at least 50 random alphanumerics.
SystemRootToken: ""
# Token to be included in all healthcheck requests. Disabled by default.
# * 1.1) fits comfortably in memory. On a host dedicated to running
# Keepstore, divide total memory by 88MiB to suggest a suitable value.
# For example, if grep MemTotal /proc/meminfo reports MemTotal: 7125440
- # kB, compute 7125440 / (88 * 1024)=79 and configure MaxBuffers: 79
+ # kB, compute 7125440 / (88 * 1024)=79 and set MaxKeepBlobBuffers: 79
MaxKeepBlobBuffers: 128
# API methods to disable. Disabled methods are not listed in the
# serving a single incoming multi-cluster (federated) request.
MaxRequestAmplification: 4
- # RailsSessionSecretToken is a string of alphanumeric characters
- # used by Rails to sign session tokens. IMPORTANT: This is a
- # site secret. It should be at least 50 characters.
- RailsSessionSecretToken: ""
-
# Maximum wall clock time to spend handling an incoming request.
RequestTimeout: 5m
# The e-mail address of the user you would like to become marked as an admin
# user on their first login.
- # In the default configuration, authentication happens through the Arvados SSO
- # server, which uses OAuth2 against Google's servers, so in that case this
- # should be an address associated with a Google account.
AutoAdminUserWithEmail: ""
# If AutoAdminFirstUser is set to true, the first user to log in when no
NewUserNotificationRecipients: {}
NewInactiveUserNotificationRecipients: {}
- # Set AnonymousUserToken to enable anonymous user access. You can get
- # the token by running "bundle exec ./script/get_anonymous_user_token.rb"
- # in the directory where your API server is running.
+ # Set AnonymousUserToken to enable anonymous user access. Populate this
+ # field with a long random string. Then run "bundle exec
+ # ./script/get_anonymous_user_token.rb" in the directory where your API
+ # server is running to record the token in the database.
AnonymousUserToken: ""
# If a new user has an alternate email address (local@domain)
# address is used.
PreferDomainForUsername: ""
+ UserSetupMailText: |
+ <% if not @user.full_name.empty? -%>
+ <%= @user.full_name %>,
+ <% else -%>
+ Hi there,
+ <% end -%>
+
+ Your Arvados account has been set up. You can log in at
+
+ <%= Rails.configuration.Services.Workbench1.ExternalURL %>
+
+ Thanks,
+ Your Arvados administrator.
+
AuditLogs:
# Time to keep audit logs, in seconds. (An audit log is a row added
# to the "logs" table in the PostgreSQL database each time an
# work. If false, only the primary email address will be used.
AlternateEmailAddresses: true
+ # Send additional parameters with authentication requests. See
+ # https://developers.google.com/identity/protocols/oauth2/openid-connect#authenticationuriparameters
+ # for a list of supported parameters.
+ AuthenticationRequestParameters:
+ # Show the "choose which Google account" page, even if the
+ # client is currently logged in to exactly one Google
+ # account.
+ prompt: select_account
+
+ SAMPLE: ""
+
OpenIDConnect:
# Authenticate with an OpenID Connect provider.
Enable: false
# address.
UsernameClaim: ""
+ # Send additional parameters with authentication requests,
+ # like {display: page, prompt: consent}. See
+ # https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
+ # and refer to your provider's documentation for supported
+ # parameters.
+ AuthenticationRequestParameters:
+ SAMPLE: ""
+
PAM:
# (Experimental) Use PAM to authenticate users.
Enable: false
# Default value zero means tokens don't have expiration.
TokenLifetime: 0s
+ # When the token is returned to a client, the token itself may
+ # be restricted from manipulating other tokens based on whether
+ # the client is "trusted" or not. The local Workbench1 and
+ # Workbench2 are trusted by default, but if this is a
+ # LoginCluster, you probably want to include the other Workbench
+ # instances in the federation in this list.
+ TrustedClients:
+ SAMPLE:
+ "https://workbench.federate1.example": {}
+ "https://workbench.federate2.example": {}
+
Git:
# Path to git or gitolite-shell executable. Each authenticated
# request will execute this program with the single argument "http-backend"
# stale locks from a previous dispatch process.
StaleLockTimeout: 1m
- # The crunch-run command to manage the container on a node
+ # The crunch-run command used to start a container on a worker node.
+ #
+ # When dispatching to cloud VMs, this is used only if
+ # DeployRunnerBinary in the CloudVMs section is set to the empty
+ # string.
CrunchRunCommand: "crunch-run"
# Extra arguments to add to crunch-run invocation
# period.
LogUpdateSize: 32MiB
+ ShellAccess:
+ # An admin user can use "arvados-client shell" to start an
+ # interactive shell (with any user ID) in any running
+ # container.
+ Admin: false
+
+ # Any user can use "arvados-client shell" to start an
+ # interactive shell (with any user ID) in any running
+ # container that they started, provided it isn't also
+ # associated with a different user's container request.
+ #
+ # Interactive sessions make it easy to alter the container's
+ # runtime environment in ways that aren't recorded or
+ # reproducible. Consider the implications for automatic
+ # container reuse before enabling and using this feature. In
+ # particular, note that starting an interactive session does
+ # not disqualify a container from being reused by a different
+ # user/workflow in the future.
+ User: false
+
SLURM:
PrioritySpread: 0
SbatchArgumentsList: []
# Time before repeating SIGTERM when killing a container.
TimeoutSignal: 5s
+ # Time to give up on a process (most likely arv-mount) that
+ # still holds a container lockfile after its main supervisor
+ # process has exited, and declare the instance broken.
+ TimeoutStaleRunLock: 5s
+
# Time to give up on SIGTERM and write off the worker.
TimeoutTERM: 2m
# unlimited).
MaxCloudOpsPerSecond: 0
+ # Maximum concurrent node creation operations (0 = unlimited). This is
+ # recommended by Azure in certain scenarios (see
+ # https://docs.microsoft.com/en-us/azure/virtual-machines/linux/capture-image)
+ # and can be used with other cloud providers too, if desired.
+ MaxConcurrentInstanceCreateOps: 0
+
# Interval between cloud provider syncs/updates ("list all
# instances").
SyncInterval: 1m
#
# Use the empty string to disable this step: nothing will be
# copied, and cloud instances are assumed to have a suitable
- # version of crunch-run installed.
+ # version of crunch-run installed; see CrunchRunCommand above.
DeployRunnerBinary: "/proc/self/exe"
# Tags to add on all resources (VMs, NICs, disks) created by
# Cloud-specific driver parameters.
DriverParameters:
- # (ec2) Credentials.
+ # (ec2) Credentials. Omit or leave blank if using IAM role.
AccessKeyID: ""
SecretAccessKey: ""
# a link to the multi-site search page on a "home" Workbench site.
#
# Example:
- # https://workbench.qr1hi.arvadosapi.com/collections/multisite
+ # https://workbench.zzzzz.arvadosapi.com/collections/multisite
MultiSiteSearch: ""
# Should workbench allow management of local git repositories? Set to false if
VocabularyURL: ""
FileViewersConfigURL: ""
+ # Idle time after which the user's session will be auto closed.
+ # This feature is disabled when set to zero.
+ IdleTimeout: 0s
+
# Workbench welcome screen, this is HTML text that will be
# incorporated directly onto the page.
WelcomePageHTML: |
projects / arvados.git / blobdiff