dbname: ""
SAMPLE: ""
API:
+ # Limits for how long a client token created by regular users can be valid,
+ # and also is used as a default expiration policy when no expiration date is
+ # specified.
+ # Default value zero means token expirations don't get clamped and no
+ # default expiration is set.
+ MaxTokenLifetime: 0s
+
# Maximum size (in bytes) allowed for a single API request. This
# limit is published in the discovery document for use by clients.
# Note: You must separately configure the upstream web server or
TrustAllContent: false
# Cache parameters for WebDAV content serving:
- # * TTL: Maximum time to cache manifests and permission checks.
- # * UUIDTTL: Maximum time to cache collection state.
- # * MaxBlockEntries: Maximum number of block cache entries.
- # * MaxCollectionEntries: Maximum number of collection cache entries.
- # * MaxCollectionBytes: Approximate memory limit for collection cache.
- # * MaxPermissionEntries: Maximum number of permission cache entries.
- # * MaxUUIDEntries: Maximum number of UUID cache entries.
WebDAVCache:
+ # Time to cache manifests, permission checks, and sessions.
TTL: 300s
+
+ # Time to cache collection state.
UUIDTTL: 5s
- MaxBlockEntries: 4
+
+ # Block cache entries. Each block consumes up to 64 MiB RAM.
+ MaxBlockEntries: 4
+
+ # Collection cache entries.
MaxCollectionEntries: 1000
- MaxCollectionBytes: 100000000
+
+ # Approximate memory limit (in bytes) for collection cache.
+ MaxCollectionBytes: 100000000
+
+ # Permission cache entries.
MaxPermissionEntries: 1000
- MaxUUIDEntries: 1000
+
+ # UUID cache entries.
+ MaxUUIDEntries: 1000
+
+ # Persistent sessions.
+ MaxSessions: 100
Login:
# One of the following mechanisms (SSO, Google, PAM, LDAP, or
# ID > Web application) and add your controller's /login URL
# (e.g., "https://zzzzz.example.com/login") as an authorized
# redirect URL.
- #
- # Incompatible with ForceLegacyAPI14. ProviderAppID must be
- # blank.
ClientID: ""
ClientSecret: ""
# work. If false, only the primary email address will be used.
AlternateEmailAddresses: true
+ # Send additional parameters with authentication requests. See
+ # https://developers.google.com/identity/protocols/oauth2/openid-connect#authenticationuriparameters
+ # for a list of supported parameters.
+ AuthenticationRequestParameters:
+ # Show the "choose which Google account" page, even if the
+ # client is currently logged in to exactly one Google
+ # account.
+ prompt: select_account
+
+ SAMPLE: ""
+
OpenIDConnect:
# Authenticate with an OpenID Connect provider.
Enable: false
# address.
UsernameClaim: ""
+ # Send additional parameters with authentication requests,
+ # like {display: page, prompt: consent}. See
+ # https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
+ # and refer to your provider's documentation for supported
+ # parameters.
+ AuthenticationRequestParameters:
+ SAMPLE: ""
+
PAM:
# (Experimental) Use PAM to authenticate users.
Enable: false
# stale locks from a previous dispatch process.
StaleLockTimeout: 1m
- # The crunch-run command to manage the container on a node
+ # The crunch-run command used to start a container on a worker node.
+ #
+ # When dispatching to cloud VMs, this is used only if
+ # DeployRunnerBinary in the CloudVMs section is set to the empty
+ # string.
CrunchRunCommand: "crunch-run"
# Extra arguments to add to crunch-run invocation
#
# Use the empty string to disable this step: nothing will be
# copied, and cloud instances are assumed to have a suitable
- # version of crunch-run installed.
+ # version of crunch-run installed; see CrunchRunCommand above.
DeployRunnerBinary: "/proc/self/exe"
# Tags to add on all resources (VMs, NICs, disks) created by
# this blank.
SSHHelpHostSuffix: ""
- # Bypass new (Arvados 1.5) API implementations, and hand off
- # requests directly to Rails instead. This can provide a temporary
- # workaround for clients that are incompatible with the new API
- # implementation. Note that it also disables some new federation
- # features and will be removed in a future release.
- ForceLegacyAPI14: false
-
# (Experimental) Restart services automatically when config file
# changes are detected. Only supported by ` + "`" + `arvados-server boot` + "`" + ` in
# dev/test mode.