X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/2be95ce7f069d9eb131b0d2d922a5e556f75810c..24f3823f6e96c60025cbde15c3cb94557f3d0bec:/lib/config/generated_config.go diff --git a/lib/config/generated_config.go b/lib/config/generated_config.go index 6a4ced7c6e..a14f18aaec 100644 --- a/lib/config/generated_config.go +++ b/lib/config/generated_config.go @@ -446,6 +446,13 @@ Clusters: # or omitted, pages are processed serially. BalanceCollectionBuffers: 1000 + # Maximum time for a rebalancing run. This ensures keep-balance + # eventually gives up and retries if, for example, a network + # error causes a hung connection that is never closed by the + # OS. It should be long enough that it doesn't interrupt a + # long-running balancing operation. + BalanceTimeout: 6h + # Default lifetime for ephemeral collections: 2 weeks. This must not # be less than BlobSigningTTL. DefaultTrashLifetime: 336h @@ -557,6 +564,40 @@ Clusters: # work. If false, only the primary email address will be used. AlternateEmailAddresses: true + OpenIDConnect: + # Authenticate with an OpenID Connect provider. + Enable: false + + # Issuer URL, e.g., "https://login.example.com". + # + # This must be exactly equal to the URL returned by the issuer + # itself in its config response ("isser" key). If the + # configured value is "https://example" and the provider + # returns "https://example:443" or "https://example/" then + # login will fail, even though those URLs are equivalent + # (RFC3986). + Issuer: "" + + # Your client ID and client secret (supplied by the provider). + ClientID: "" + ClientSecret: "" + + # OpenID claim field containing the user's email + # address. Normally "email"; see + # https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims + EmailClaim: "email" + + # OpenID claim field containing the email verification + # flag. Normally "email_verified". To accept every returned + # email address without checking a "verified" field at all, + # use the empty string "". + EmailVerifiedClaim: "email_verified" + + # OpenID claim field containing the user's preferred + # username. If empty, use the mailbox part of the user's email + # address. + UsernameClaim: "" + PAM: # (Experimental) Use PAM to authenticate users. Enable: false @@ -917,6 +958,10 @@ Clusters: TimeoutShutdown: 10s # Worker VM image ID. + # (aws) AMI identifier + # (azure) managed disks: the name of the managed disk image + # (azure) unmanaged disks: the complete URI of the VHD, e.g. + # https://xxxxx.blob.core.windows.net/system/Microsoft.Compute/Images/images/xxxxx.vhd ImageID: "" # An executable file (located on the dispatcher host) to be @@ -973,13 +1018,33 @@ Clusters: # (azure) Instance configuration. CloudEnvironment: AzurePublicCloud - ResourceGroup: "" Location: centralus + + # (azure) The resource group where the VM and virtual NIC will be + # created. + ResourceGroup: "" + + # (azure) The resource group of the Network to use for the virtual + # NIC (if different from ResourceGroup) + NetworkResourceGroup: "" Network: "" Subnet: "" + + # (azure) managed disks: The resource group where the managed disk + # image can be found (if different from ResourceGroup). + ImageResourceGroup: "" + + # (azure) unmanaged disks: Where to store the VM VHD blobs StorageAccount: "" BlobContainer: "" + + # (azure) How long to wait before deleting VHD and NIC + # objects that are no longer being used. DeleteDanglingResourcesAfter: 20s + + # Account (that already exists in the VM image) that will be + # set up with an ssh authorized key to allow the compute + # dispatcher to connect. AdminUsername: arvados InstanceTypes: @@ -1037,6 +1102,8 @@ Clusters: ConnectTimeout: 1m ReadTimeout: 10m RaceWindow: 24h + # Use aws-s3-go (v2) instead of goamz + UseAWSS3v2Driver: false # For S3 driver, potentially unsafe tuning parameter, # intentionally excluded from main documentation.