X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/2d29045a1b392251b777639634e527abfd8b06e2..2c583f85220cd6d4e2aabb0ad2753cac6f9065a6:/tools/salt-install/config_examples/multi_host/aws/pillars/arvados.sls diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/arvados.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/arvados.sls index 02653082f3..58a7851c28 100644 --- a/tools/salt-install/config_examples/multi_host/aws/pillars/arvados.sls +++ b/tools/salt-install/config_examples/multi_host/aws/pillars/arvados.sls @@ -1,10 +1,11 @@ -# -*- coding: utf-8 -*- -# vim: ft=yaml --- # Copyright (C) The Arvados Authors. All rights reserved. # # SPDX-License-Identifier: AGPL-3.0 +{%- set max_workers = ("__CONTROLLER_MAX_WORKERS__" or grains['num_cpus'])|int %} +{%- set max_reqs = ("__CONTROLLER_MAX_QUEUED_REQUESTS__" or 128)|int %} + # The variables commented out are the default values that the formula uses. # The uncommented values are REQUIRED values. If you don't set them, running # this formula will fail. @@ -74,26 +75,19 @@ arvados: host: __DATABASE_INT_IP__ password: "__DATABASE_PASSWORD__" user: __CLUSTER___arvados - extra_conn_params: - client_encoding: UTF8 - # Centos7 does not enable SSL by default, so we disable - # it here just for testing of the formula purposes only. - # You should not do this in production, and should - # configure Postgres certificates correctly - {%- if grains.os_family in ('RedHat',) %} - sslmode: disable - {%- endif %} + encoding: en_US.utf8 + client_encoding: UTF8 tls: # certificate: '' # key: '' - # When using arvados-snakeoil certs set insecure: true + # required to test with arvados-snakeoil certs insecure: false resources: virtual_machines: shell: - name: shell.__CLUSTER__.__DOMAIN__ + name: shell.__DOMAIN__ backend: __SHELL_INT_IP__ port: 4200 @@ -116,29 +110,30 @@ arvados: Email: __INITIAL_USER_EMAIL__ Password: __INITIAL_USER_PASSWORD__ + ### API + API: + MaxConcurrentRequests: {{ max_workers * 2 }} + MaxQueuedRequests: {{ max_reqs }} + ### CONTAINERS + {%- set dispatcher_ssh_privkey = "__DISPATCHER_SSH_PRIVKEY__" %} Containers: MaxRetryAttempts: 10 CloudVMs: ResourceTags: Name: __CLUSTER__-compute-node BootProbeCommand: 'systemctl is-system-running' - ImageID: ami-FIXMEFIXMEFIXMEFI + ImageID: __COMPUTE_AMI__ Driver: ec2 DriverParameters: - Region: FIXME + Region: __COMPUTE_AWS_REGION__ EBSVolumeType: gp3 - AdminUsername: FIXME + AdminUsername: __COMPUTE_USER__ ### This SG should allow SSH from the dispatcher to the compute nodes - SecurityGroupIDs: ['sg-FIXMEFIXMEFIXMEFI'] - SubnetID: subnet-FIXMEFIXMEFIXMEFI - IAMInstanceProfile: __CLUSTER__-keepstore-00-iam-role - DispatchPrivateKey: | - -----BEGIN OPENSSH PRIVATE KEY----- - Read https://doc.arvados.org/install/crunch2-cloud/install-compute-node.html#sshkeypair - for details on how to create this key. - FIXMEFIXMEFIXMEFI - -----END OPENSSH PRIVATE KEY----- + SecurityGroupIDs: ['__COMPUTE_SG__'] + SubnetID: __COMPUTE_SUBNET__ + IAMInstanceProfile: __CLUSTER__-compute-node-00-iam-role + DispatchPrivateKey: {{ dispatcher_ssh_privkey|yaml_dquote }} ### VOLUMES ## This should usually match all your `keepstore` instances @@ -149,10 +144,9 @@ arvados: Replication: 2 Driver: S3 DriverParameters: - UseAWSS3v2Driver: true Bucket: __CLUSTER__-nyw5e-000000000000000-volume IAMRole: __CLUSTER__-keepstore-00-iam-role - Region: FIXME + Region: __KEEP_AWS_REGION__ Users: NewUsersAreActive: true @@ -162,42 +156,41 @@ arvados: Services: Controller: - ExternalURL: 'https://__CLUSTER__.__DOMAIN__:__CONTROLLER_EXT_SSL_PORT__' + ExternalURL: 'https://__DOMAIN__:__CONTROLLER_EXT_SSL_PORT__' InternalURLs: 'http://localhost:8003': {} DispatchCloud: InternalURLs: - 'http://__CONTROLLER_INT_IP__:9006': {} + 'http://__DISPATCHER_INT_IP__:9006': {} Keepbalance: InternalURLs: - 'http://localhost:9005': {} + 'http://__KEEPBALANCE_INT_IP__:9005': {} Keepproxy: - ExternalURL: 'https://keep.__CLUSTER__.__DOMAIN__:__KEEP_EXT_SSL_PORT__' + ExternalURL: 'https://keep.__DOMAIN__:__KEEP_EXT_SSL_PORT__' InternalURLs: 'http://localhost:25107': {} Keepstore: InternalURLs: 'http://__KEEPSTORE0_INT_IP__:25107': {} - 'http://__KEEPSTORE1_INT_IP__:25107': {} RailsAPI: InternalURLs: 'http://localhost:8004': {} WebDAV: - ExternalURL: 'https://*.collections.__CLUSTER__.__DOMAIN__:__KEEPWEB_EXT_SSL_PORT__/' + ExternalURL: 'https://*.collections.__DOMAIN__:__KEEPWEB_EXT_SSL_PORT__/' InternalURLs: - 'http://localhost:9002': {} + 'http://__KEEPWEB_INT_IP__:9002': {} WebDAVDownload: - ExternalURL: 'https://download.__CLUSTER__.__DOMAIN__:__KEEPWEB_EXT_SSL_PORT__' + ExternalURL: 'https://download.__DOMAIN__:__KEEPWEB_EXT_SSL_PORT__' WebShell: - ExternalURL: 'https://webshell.__CLUSTER__.__DOMAIN__:__KEEPWEB_EXT_SSL_PORT__' + ExternalURL: 'https://webshell.__DOMAIN__:__KEEPWEB_EXT_SSL_PORT__' Websocket: - ExternalURL: 'wss://ws.__CLUSTER__.__DOMAIN__/websocket' + ExternalURL: 'wss://ws.__DOMAIN__/websocket' InternalURLs: 'http://localhost:8005': {} Workbench1: - ExternalURL: 'https://workbench.__CLUSTER__.__DOMAIN__:__WORKBENCH1_EXT_SSL_PORT__' + ExternalURL: 'https://workbench.__DOMAIN__:__WORKBENCH1_EXT_SSL_PORT__' Workbench2: - ExternalURL: 'https://workbench2.__CLUSTER__.__DOMAIN__:__WORKBENCH2_EXT_SSL_PORT__' + ExternalURL: 'https://workbench2.__DOMAIN__:__WORKBENCH2_EXT_SSL_PORT__' InstanceTypes: t3small: