X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/276f020c46d375e9884d385340cfb4c3a5486639..e1953022010bc0679a2d79baf5c040b8312c5d8b:/lib/config/config.default.yml diff --git a/lib/config/config.default.yml b/lib/config/config.default.yml index 723e64ceab..e3b67f7259 100644 --- a/lib/config/config.default.yml +++ b/lib/config/config.default.yml @@ -225,8 +225,22 @@ Clusters: # Maximum number of concurrent requests to process concurrently # in a single service process, or 0 for no limit. + # + # Note this applies to all Arvados services (controller, webdav, + # websockets, etc.). Concurrency in the controller service is + # also effectively limited by MaxConcurrentRailsRequests (see + # below) because most controller requests proxy through to the + # RailsAPI service. + # + # HTTP proxies and load balancers downstream of arvados services + # should be configured to allow at least {MaxConcurrentRequest + + # MaxQueuedRequests + MaxGatewayTunnels} concurrent requests. MaxConcurrentRequests: 64 + # Maximum number of concurrent requests to process concurrently + # in a single RailsAPI service process, or 0 for no limit. + MaxConcurrentRailsRequests: 8 + # Maximum number of incoming requests to hold in a priority # queue waiting for one of the MaxConcurrentRequests slots to be # free. When the queue is longer than this, respond 503 to the @@ -234,12 +248,19 @@ Clusters: # # If MaxQueuedRequests is 0, respond 503 immediately to # additional requests while at the MaxConcurrentRequests limit. - MaxQueuedRequests: 64 + MaxQueuedRequests: 128 # Maximum time a "lock container" request is allowed to wait in # the incoming request queue before returning 503. MaxQueueTimeForLockRequests: 2s + # Maximum number of active gateway tunnel connections. One slot + # is consumed by each "container shell" connection. If using an + # HPC dispatcher (LSF or Slurm), one slot is consumed by each + # running container. These do not count toward + # MaxConcurrentRequests. + MaxGatewayTunnels: 1000 + # Fraction of MaxConcurrentRequests that can be "log create" # messages at any given time. This is to prevent logging # updates from crowding out more important requests. @@ -344,34 +365,59 @@ Clusters: # false. ActivatedUsersAreVisibleToOthers: true - # The e-mail address of the user you would like to become marked as an admin - # user on their first login. + # If a user creates an account with this email address, they + # will be automatically set to admin. AutoAdminUserWithEmail: "" # If AutoAdminFirstUser is set to true, the first user to log in when no # other admin users exist will automatically become an admin user. AutoAdminFirstUser: false - # Email address to notify whenever a user creates a profile for the - # first time + # Recipient for notification email sent out when a user sets a + # profile on their account. UserProfileNotificationAddress: "" + + # When sending a NewUser, NewInactiveUser, or UserProfile + # notification, this is the 'From' address to use AdminNotifierEmailFrom: arvados@example.com + + # Prefix for email subjects for NewUser and NewInactiveUser emails EmailSubjectPrefix: "[ARVADOS] " + + # When sending a welcome email to the user, the 'From' address to use UserNotifierEmailFrom: arvados@example.com - UserNotifierEmailBcc: {} - NewUserNotificationRecipients: {} - NewInactiveUserNotificationRecipients: {} + + # The welcome email sent to new users will be blind copied to + # these addresses. + UserNotifierEmailBcc: + SAMPLE: {} + + # Recipients for notification email sent out when a user account + # is created and already set up to be able to log in + NewUserNotificationRecipients: + SAMPLE: {} + + # Recipients for notification email sent out when a user account + # has been created but the user cannot log in until they are + # set up by an admin. + NewInactiveUserNotificationRecipients: + SAMPLE: {} # Set AnonymousUserToken to enable anonymous user access. Populate this # field with a random string at least 50 characters long. AnonymousUserToken: "" - # If a new user has an alternate email address (local@domain) - # with the domain given here, its local part becomes the new - # user's default username. Otherwise, the user's primary email - # address is used. + # The login provider for a user may supply a primary email + # address and one or more alternate email addresses. If a new + # user has an alternate email address with the domain given + # here, use the username from the alternate email to generate + # the user's Arvados username. Otherwise, the username from + # user's primary email address is used for the Arvados username. + # Currently implemented for OpenID Connect only. PreferDomainForUsername: "" + # Ruby ERB template used for the email sent out to users when + # they have been set up. UserSetupMailText: | <% if not @user.full_name.empty? -%> <%= @user.full_name %>, @@ -628,6 +674,15 @@ Clusters: # once. BalanceUpdateLimit: 100000 + # Maximum number of "pull block from other server" and "trash + # block" requests to send to each keepstore server at a + # time. Smaller values use less memory in keepstore and + # keep-balance. Larger values allow more progress per + # keep-balance iteration. A zero value computes all of the + # needed changes but does not apply any. + BalancePullLimit: 100000 + BalanceTrashLimit: 100000 + # Default lifetime for ephemeral collections: 2 weeks. This must not # be less than BlobSigningTTL. DefaultTrashLifetime: 336h @@ -702,16 +757,18 @@ Clusters: # Time to cache manifests, permission checks, and sessions. TTL: 300s - # Block cache entries. Each block consumes up to 64 MiB RAM. - MaxBlockEntries: 20 + # Maximum amount of data cached in /var/cache/arvados/keep. + # Can be given as a percentage ("10%") or a number of bytes + # ("10 GiB") + DiskCacheSize: 10% # Approximate memory limit (in bytes) for session cache. # # Note this applies to the in-memory representation of # projects and collections -- metadata, block locators, - # filenames, etc. -- excluding cached file content, which is - # limited by MaxBlockEntries. - MaxCollectionBytes: 100000000 + # filenames, etc. -- not the file data itself (see + # DiskCacheSize). + MaxCollectionBytes: 100 MB # Persistent sessions. MaxSessions: 100 @@ -1074,7 +1131,7 @@ Clusters: # Number of times a container can be unlocked before being # automatically cancelled. - MaxDispatchAttempts: 5 + MaxDispatchAttempts: 10 # Default value for container_count_max for container requests. This is the # number of times Arvados will create a new container to satisfy a container @@ -1102,6 +1159,17 @@ Clusters: # A price factor of 1.0 is a reasonable starting point. PreemptiblePriceFactor: 0 + # When the lowest-priced instance type for a given container is + # not available, try other instance types, up to the indicated + # maximum price factor. + # + # For example, with AvailabilityPriceFactor 1.5, if the + # lowest-cost instance type A suitable for a given container + # costs $2/h, Arvados may run the container on any instance type + # B costing $3/h or less when instance type A is not available + # or an idle instance of type B is already running. + MaximumPriceFactor: 1.5 + # PEM encoded SSH key (RSA, DSA, or ECDSA) used by the # cloud dispatcher for executing containers on worker VMs. # Begins with "-----BEGIN RSA PRIVATE KEY-----\n" @@ -1212,11 +1280,14 @@ Clusters: # before being silenced until the end of the period. LogThrottleLines: 1024 - # Maximum bytes that may be logged by a single job. Log bytes that are - # silenced by throttling are not counted against this total. - # If you set this to zero, each container will only create a single - # log on the API server, noting for users that logging is throttled. - LimitLogBytesPerJob: 67108864 + # Maximum bytes that may be logged as legacy log events + # (records posted to the "logs" table). Starting with Arvados + # 2.7, container live logging has migrated to a new system + # (polling the container request live log endpoint) and this + # value should be 0. As of this writing, the container will + # still create a single log on the API server, noting for that + # log events are throttled. + LimitLogBytesPerJob: 0 LogPartialLineThrottlePeriod: 5s @@ -1421,16 +1492,17 @@ Clusters: # as containers start up successfully and decreases in # response to high API load and cloud quota errors. # - # Setting this too high creates a risk that the dispatcher - # will cause deadlock by starting so many supervisor - # containers (based on SupervisorFraction and MaxInstances) - # that the cloud quota prevents them from running any child - # containers. + # Setting this to 0 means the dynamic instance limit will + # start at MaxInstances. # - # Setting this too low causes the dispatcher to be - # unnecessarily slow to start up new instances after a - # restart. - InitialQuotaEstimate: 16 + # Situations where you may want to set this (to a value less + # than MaxInstances) would be when there is significant + # variability or uncertainty in the actual cloud resources + # available. Upon reaching InitialQuotaEstimate the + # dispatcher will switch to a more conservative behavior with + # slower instance start to avoid over-shooting cloud resource + # limits. + InitialQuotaEstimate: 0 # Maximum fraction of available instance capacity allowed to # run "supervisor" containers at any given time. A supervisor @@ -1444,9 +1516,9 @@ Clusters: # containers who just create more work. # # For example, with the default MaxInstances of 64, it will - # schedule at most floor(64*0.30) = 19 concurrent workflows, - # ensuring 45 slots are available for work. - SupervisorFraction: 0.30 + # schedule at most floor(64*0.50) = 32 concurrent workflow + # runners, ensuring 32 slots are available for work. + SupervisorFraction: 0.50 # Interval between cloud provider syncs/updates ("list all # instances"). @@ -1531,10 +1603,23 @@ Clusters: SecretAccessKey: "" # (ec2) Instance configuration. + + # (ec2) Region, like "us-east-1". + Region: "" + + # (ec2) Security group IDs. Omit or use {} to use the + # default security group. SecurityGroupIDs: "SAMPLE": {} + + # (ec2) One or more subnet IDs. Omit or leave empty to let + # AWS choose a default subnet from your default VPC. If + # multiple subnets are configured here (enclosed in brackets + # like [subnet-abc123, subnet-def456]) the cloud dispatcher + # will detect subnet-related errors and retry using a + # different subnet. Most sites specify one subnet. SubnetID: "" - Region: "" + EBSVolumeType: gp2 AdminUsername: debian # (ec2) name of the IAMInstanceProfile for instances started by @@ -1667,6 +1752,11 @@ Clusters: ReadOnly: false "http://host1.example:25107": {} ReadOnly: false + # AllowTrashWhenReadOnly enables unused and overreplicated + # blocks to be trashed/deleted even when ReadOnly is + # true. Normally, this is false and ReadOnly prevents all + # trash/delete operations as well as writes. + AllowTrashWhenReadOnly: false Replication: 1 StorageClasses: # If you have configured storage classes (see StorageClasses @@ -1735,8 +1825,18 @@ Clusters: Serialize: false Mail: - MailchimpAPIKey: "" - MailchimpListID: "" + # In order to send mail, Arvados expects a default SMTP server + # on localhost:25. It cannot require authentication on + # connections from localhost. That server should be configured + # to relay mail to a "real" SMTP server that is able to send + # email on behalf of your domain. + + # See also the "Users" configuration section for additional + # email-related options. + + # When a user has been set up (meaning they are able to log in) + # they will receive an email using the template specified + # earlier in Users.UserSetupMailText SendUserSetupNotificationEmail: true # Bug/issue report notification to and from addresses @@ -1746,6 +1846,10 @@ Clusters: # Generic issue email from EmailFrom: "arvados@example.com" + + # No longer supported, to be removed. + MailchimpAPIKey: "" + MailchimpListID: "" RemoteClusters: "*": Host: "" @@ -1779,18 +1883,12 @@ Clusters: ArvadosDocsite: https://doc.arvados.org ArvadosPublicDataDocURL: https://playground.arvados.org/projects/public ShowUserAgreementInline: false - SecretKeyBase: "" # Set this configuration to true to avoid providing an easy way for users # to share data with unauthenticated users; this may be necessary on # installations where strict data access controls are needed. DisableSharingURLsUI: false - # Scratch directory used by the remote repository browsing - # feature. If it doesn't exist, it (and any missing parents) will be - # created using mkdir_p. - RepositoryCache: /var/www/arvados-workbench/current/tmp/git - # Below is a sample setting of user_profile_form_fields config parameter. # This configuration parameter should be set to either false (to disable) or # to a map as shown below. @@ -1837,71 +1935,7 @@ Clusters: # to display on the profile page. UserProfileFormMessage: 'Welcome to Arvados. All required fields must be completed before you can proceed.' - # Mimetypes of applications for which the view icon - # would be enabled in a collection's show page. - # It is sufficient to list only applications here. - # No need to list text and image types. - ApplicationMimetypesWithViewIcon: - cwl: {} - fasta: {} - go: {} - javascript: {} - json: {} - pdf: {} - python: {} - x-python: {} - r: {} - rtf: {} - sam: {} - x-sh: {} - vnd.realvnc.bed: {} - xml: {} - xsl: {} - SAMPLE: {} - - # The maximum number of bytes to load in the log viewer - LogViewerMaxBytes: 1M - - # When anonymous_user_token is configured, show public projects page - EnablePublicProjectsPage: true - - # By default, disable the "Getting Started" popup which is specific to Arvados playground - EnableGettingStartedPopup: false - - # Ask Arvados API server to compress its response payloads. - APIResponseCompression: true - - # Timeouts for API requests. - APIClientConnectTimeout: 2m - APIClientReceiveTimeout: 5m - - # Maximum number of historic log records of a running job to fetch - # and display in the Log tab, while subscribing to web sockets. - RunningJobLogRecordsToFetch: 2000 - - # In systems with many shared projects, loading of dashboard and topnav - # can be slow due to collections indexing; use the following parameters - # to suppress these properties - ShowRecentCollectionsOnDashboard: true - ShowUserNotifications: true - - # Enable/disable "multi-site search" in top nav ("true"/"false"), or - # a link to the multi-site search page on a "home" Workbench site. - # - # Example: - # https://workbench.zzzzz.arvadosapi.com/collections/multisite - MultiSiteSearch: "" - - # Should workbench allow management of local git repositories? Set to false if - # the jobs api is disabled and there are no local git repositories. - Repositories: true - SiteName: Arvados Workbench - ProfilingEnabled: false - - # This is related to obsolete Google OpenID 1.0 login - # but some workbench stuff still expects it to be set. - DefaultOpenIdPrefix: "https://www.google.com/accounts/o8/id" # Workbench2 configs FileViewersConfigURL: ""