X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/523d1c2a9963edc25becf7958e024992ed8a6e66..0bfda57681195c431e3b6063577fdab23ff40cd5:/lib/config/generated_config.go diff --git a/lib/config/generated_config.go b/lib/config/generated_config.go index fbee937b39..6244b8dbda 100644 --- a/lib/config/generated_config.go +++ b/lib/config/generated_config.go @@ -30,49 +30,42 @@ Clusters: # In each of the service sections below, the keys under # InternalURLs are the endpoints where the service should be - # listening, and reachable from other hosts in the cluster. - SAMPLE: - InternalURLs: - "http://host1.example:12345": {} - "http://host2.example:12345": - # Rendezvous is normally empty/omitted. When changing the - # URL of a Keepstore service, Rendezvous should be set to - # the old URL (with trailing slash omitted) to preserve - # rendezvous ordering. - Rendezvous: "" - SAMPLE: - Rendezvous: "" - ExternalURL: "-" + # listening, and reachable from other hosts in the + # cluster. Example: + # + # InternalURLs: + # "http://host1.example:12345": {} + # "http://host2.example:12345": {} RailsAPI: - InternalURLs: {} - ExternalURL: "-" + InternalURLs: {SAMPLE: {}} + ExternalURL: "" Controller: - InternalURLs: {} + InternalURLs: {SAMPLE: {}} ExternalURL: "" Websocket: - InternalURLs: {} + InternalURLs: {SAMPLE: {}} ExternalURL: "" Keepbalance: - InternalURLs: {} - ExternalURL: "-" + InternalURLs: {SAMPLE: {}} + ExternalURL: "" GitHTTP: - InternalURLs: {} + InternalURLs: {SAMPLE: {}} ExternalURL: "" GitSSH: - InternalURLs: {} + InternalURLs: {SAMPLE: {}} ExternalURL: "" DispatchCloud: - InternalURLs: {} - ExternalURL: "-" - SSO: - InternalURLs: {} + InternalURLs: {SAMPLE: {}} + ExternalURL: "" + DispatchLSF: + InternalURLs: {SAMPLE: {}} ExternalURL: "" Keepproxy: - InternalURLs: {} + InternalURLs: {SAMPLE: {}} ExternalURL: "" WebDAV: - InternalURLs: {} + InternalURLs: {SAMPLE: {}} # Base URL for Workbench inline preview. If blank, use # WebDAVDownload instead, and disable inline preview. # If both are empty, downloading collections from workbench @@ -111,7 +104,7 @@ Clusters: ExternalURL: "" WebDAVDownload: - InternalURLs: {} + InternalURLs: {SAMPLE: {}} # Base URL for download links. If blank, serve links to WebDAV # with disposition=attachment query param. Unlike preview links, # browsers do not render attachments, so there is no risk of XSS. @@ -125,13 +118,19 @@ Clusters: ExternalURL: "" Keepstore: - InternalURLs: {} - ExternalURL: "-" + InternalURLs: + SAMPLE: + # Rendezvous is normally empty/omitted. When changing the + # URL of a Keepstore service, Rendezvous should be set to + # the old URL (with trailing slash omitted) to preserve + # rendezvous ordering. + Rendezvous: "" + ExternalURL: "" Composer: - InternalURLs: {} + InternalURLs: {SAMPLE: {}} ExternalURL: "" WebShell: - InternalURLs: {} + InternalURLs: {SAMPLE: {}} # ShellInABox service endpoint URL for a given VM. If empty, do not # offer web shell logins. # @@ -142,14 +141,14 @@ Clusters: # https://*.webshell.uuid_prefix.arvadosapi.com ExternalURL: "" Workbench1: - InternalURLs: {} + InternalURLs: {SAMPLE: {}} ExternalURL: "" Workbench2: - InternalURLs: {} + InternalURLs: {SAMPLE: {}} ExternalURL: "" Health: - InternalURLs: {} - ExternalURL: "-" + InternalURLs: {SAMPLE: {}} + ExternalURL: "" PostgreSQL: # max concurrent connections per arvados server daemon @@ -280,6 +279,7 @@ Clusters: AdminNotifierEmailFrom: arvados@example.com EmailSubjectPrefix: "[ARVADOS] " UserNotifierEmailFrom: arvados@example.com + UserNotifierEmailBcc: {} NewUserNotificationRecipients: {} NewInactiveUserNotificationRecipients: {} @@ -466,6 +466,13 @@ Clusters: # long-running balancing operation. BalanceTimeout: 6h + # Maximum number of replication_confirmed / + # storage_classes_confirmed updates to write to the database + # after a rebalancing run. When many updates are needed, this + # spreads them over a few runs rather than applying them all at + # once. + BalanceUpdateLimit: 100000 + # Default lifetime for ephemeral collections: 2 weeks. This must not # be less than BlobSigningTTL. DefaultTrashLifetime: 336h @@ -527,10 +534,10 @@ Clusters: # WebDAV would have to expose XSS vulnerabilities in order to # handle the redirect (see discussion on Services.WebDAV). # - # This setting has no effect in the recommended configuration, - # where the WebDAV is configured to have a separate domain for - # every collection; in this case XSS protection is provided by - # browsers' same-origin policy. + # This setting has no effect in the recommended configuration, where the + # WebDAV service is configured to have a separate domain for every + # collection and XSS protection is provided by browsers' same-origin + # policy. # # The default setting (false) is appropriate for a multi-user site. TrustAllContent: false @@ -552,17 +559,42 @@ Clusters: # Approximate memory limit (in bytes) for collection cache. MaxCollectionBytes: 100000000 - # Permission cache entries. - MaxPermissionEntries: 1000 - # UUID cache entries. MaxUUIDEntries: 1000 # Persistent sessions. MaxSessions: 100 + # Selectively set permissions for regular users and admins to + # download or upload data files using the upload/download + # features for Workbench, WebDAV and S3 API support. + WebDAVPermission: + User: + Download: true + Upload: true + Admin: + Download: true + Upload: true + + # Selectively set permissions for regular users and admins to be + # able to download or upload blocks using arv-put and + # arv-get from outside the cluster. + KeepproxyPermission: + User: + Download: true + Upload: true + Admin: + Download: true + Upload: true + + # Post upload / download events to the API server logs table, so + # that they can be included in the arv-user-activity report. + # You can disable this if you find that it is creating excess + # load on the API server and you don't need it. + WebDAVLogEvents: true + Login: - # One of the following mechanisms (SSO, Google, PAM, LDAP, or + # One of the following mechanisms (Google, PAM, LDAP, or # LoginCluster) should be enabled; see # https://doc.arvados.org/install/setup-login.html @@ -657,7 +689,7 @@ Clusters: AcceptAccessTokenScope: "" PAM: - # (Experimental) Use PAM to authenticate users. + # Use PAM to authenticate users. Enable: false # PAM service name. PAM will apply the policy in the @@ -743,16 +775,6 @@ Clusters: # originally supplied by the user will be used. UsernameAttribute: uid - SSO: - # Authenticate with a separate SSO server. (Deprecated) - Enable: false - - # ProviderAppID and ProviderAppSecret are generated during SSO - # setup; see - # https://doc.arvados.org/v2.0/install/install-sso.html#update-config - ProviderAppID: "" - ProviderAppSecret: "" - Test: # Authenticate users listed here in the config file. This # feature is intended to be used in test environments, and @@ -865,8 +887,8 @@ Clusters: UsePreemptibleInstances: false # PEM encoded SSH key (RSA, DSA, or ECDSA) used by the - # (experimental) cloud dispatcher for executing containers on - # worker VMs. Begins with "-----BEGIN RSA PRIVATE KEY-----\n" + # cloud dispatcher for executing containers on worker VMs. + # Begins with "-----BEGIN RSA PRIVATE KEY-----\n" # and ends with "\n-----END RSA PRIVATE KEY-----\n". DispatchPrivateKey: "" @@ -892,7 +914,7 @@ Clusters: # Minimum time between two attempts to run the same container MinRetryPeriod: 0s - # Container runtime: "docker" (default) or "singularity" (experimental) + # Container runtime: "docker" (default) or "singularity" RuntimeEngine: docker Logging: @@ -1004,6 +1026,24 @@ Clusters: # (See http://ruby-doc.org/core-2.2.2/Kernel.html#method-i-format for more.) AssignNodeHostname: "compute%d" + LSF: + # Additional arguments to bsub when submitting Arvados + # containers as LSF jobs. + # + # Note that the default arguments cause LSF to write two files + # in /tmp on the compute node each time an Arvados container + # runs. Ensure you have something in place to delete old files + # from /tmp, or adjust these arguments accordingly. + BsubArgumentsList: ["-o", "/tmp/crunch-run.%J.out", "-e", "/tmp/crunch-run.%J.err"] + + # Use sudo to switch to this user account when submitting LSF + # jobs. + # + # This account must exist on the hosts where LSF jobs run + # ("execution hosts"), as well as on the host where the + # Arvados LSF dispatcher runs ("submission host"). + BsubSudoUser: "crunch" + JobsAPI: # Enable the legacy 'jobs' API (crunch v1). This value must be a string. # @@ -1023,7 +1063,7 @@ Clusters: GitInternalDir: /var/lib/arvados/internal.git CloudVMs: - # Enable the cloud scheduler (experimental). + # Enable the cloud scheduler. Enable: false # Name/number of port where workers' SSH services listen. @@ -1035,7 +1075,7 @@ Clusters: # Shell command to execute on each worker to determine whether # the worker is booted and ready to run containers. It should # exit zero if the worker is ready. - BootProbeCommand: "docker ps -q" + BootProbeCommand: "systemctl is-system-running" # Minimum interval between consecutive probes to a single # worker. @@ -1057,13 +1097,25 @@ Clusters: # Maximum create/destroy-instance operations per second (0 = # unlimited). - MaxCloudOpsPerSecond: 0 + MaxCloudOpsPerSecond: 10 - # Maximum concurrent node creation operations (0 = unlimited). This is - # recommended by Azure in certain scenarios (see - # https://docs.microsoft.com/en-us/azure/virtual-machines/linux/capture-image) - # and can be used with other cloud providers too, if desired. - MaxConcurrentInstanceCreateOps: 0 + # Maximum concurrent instance creation operations (0 = unlimited). + # + # MaxConcurrentInstanceCreateOps limits the number of instance creation + # requests that can be in flight at any one time, whereas + # MaxCloudOpsPerSecond limits the number of create/destroy operations + # that can be started per second. + # + # Because the API for instance creation on Azure is synchronous, it is + # recommended to increase MaxConcurrentInstanceCreateOps when running + # on Azure. When using managed images, a value of 20 would be + # appropriate. When using Azure Shared Image Galeries, it could be set + # higher. For more information, see + # https://docs.microsoft.com/en-us/azure/virtual-machines/linux/capture-image + # + # MaxConcurrentInstanceCreateOps can be increased for other cloud + # providers too, if desired. + MaxConcurrentInstanceCreateOps: 1 # Interval between cloud provider syncs/updates ("list all # instances"). @@ -1197,6 +1249,29 @@ Clusters: Price: 0.1 Preemptible: false + StorageClasses: + + # If you use multiple storage classes, specify them here, using + # the storage class name as the key (in place of "SAMPLE" in + # this sample entry). + # + # Further info/examples: + # https://doc.arvados.org/admin/storage-classes.html + SAMPLE: + + # Priority determines the order volumes should be searched + # when reading data, in cases where a keepstore server has + # access to multiple volumes with different storage classes. + Priority: 0 + + # Default determines which storage class(es) should be used + # when a user/client writes data or saves a new collection + # without specifying storage classes. + # + # If any StorageClasses are configured, at least one of them + # must have Default: true. + Default: true + Volumes: SAMPLE: # AccessViaHosts specifies which keepstore processes can read @@ -1220,7 +1295,9 @@ Clusters: ReadOnly: false Replication: 1 StorageClasses: - default: true + # If you have configured storage classes (see StorageClasses + # section above), add an entry here for each storage class + # satisfied by this volume. SAMPLE: true Driver: S3 DriverParameters: @@ -1238,6 +1315,7 @@ Clusters: ConnectTimeout: 1m ReadTimeout: 10m RaceWindow: 24h + PrefixLength: 0 # Use aws-s3-go (v2) instead of goamz UseAWSS3v2Driver: false