# Container runtime: "docker" (default) or "singularity"
RuntimeEngine: docker
+ # When running a container, run a dedicated keepstore process,
+ # using the specified number of 64 MiB memory buffers per
+ # allocated CPU core (VCPUs in the container's runtime
+ # constraints). The dedicated keepstore handles I/O for
+ # collections mounted in the container, as well as saving
+ # container logs.
+ #
+ # A zero value disables this feature.
+ #
+ # This feature has security implications. (1) Container logs
+ # will include keepstore log files, which typically reveal some
+ # volume configuration details, error messages from the cloud
+ # storage provider, etc., which are not otherwise visible to
+ # users. (2) The entire cluster configuration file, including
+ # the system root token, is copied to the worker node and held
+ # in memory for the duration of the container.
+ LocalKeepBlobBuffersPerVCPU: 0
+
Logging:
# When you run the db:delete_old_container_logs task, it will find
# containers that have been finished for at least this many seconds,
projects / arvados.git / blobdiff