X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/5a55113805af906145449be18ec86b1a95a5017b..38fcd08dda022d0167840fbb65222fe99b75fcf5:/services/api/config/application.default.yml

diff --git a/services/api/config/application.default.yml b/services/api/config/application.default.yml
index a61420c450..5241cb4378 100644
--- a/services/api/config/application.default.yml
+++ b/services/api/config/application.default.yml
@@ -8,45 +8,6 @@
 # 4. Section in application.default.yml corresponding to RAILS_ENV
 # 5. Section in application.default.yml called "common"
 
-<%
-# If you change any of the code in this block, you'll probably also want
-# to update it in Workbench's application.default.yml.
-def info_cmd(*args, &block)
-  IO.popen(args, "r", chdir: Rails.root, err: "/dev/null", &block)
-end
-
-source_version = ""
-local_modified = false
-if Rails.env == "production"
-  # Read the version from our package's git-commit.version file, if available.
-  begin
-    source_version = IO.read(Rails.root.join("git-commit.version")).strip
-  rescue Errno::ENOENT
-  end
-end
-
-if source_version.empty?
-  begin
-    status_output = false
-    info_cmd("git", "status", "-s") do |git_pipe|
-      git_pipe.each_line do |_|
-        status_output = true
-        # Continue reading the pipe so git doesn't get SIGPIPE.
-      end
-    end
-    if $?.success?
-      info_cmd("git", "log", "-n1", "--format=%H") do |git_pipe|
-        git_pipe.each_line do |line|
-          source_version = line.chomp
-        end
-      end
-      local_modified = status_output
-    end
-  rescue SystemCallError
-  end
-end
-%>
-
 common:
   ###
   ### Essential site configuration
@@ -66,6 +27,11 @@ common:
   # generate permission signatures for Keep locators. It must be
   # identical to the permission key given to Keep. IMPORTANT: This is
   # a site secret. It should be at least 50 characters.
+  #
+  # Modifying blob_signing_key will invalidate all existing
+  # signatures, which can cause programs to fail (e.g., arv-put,
+  # arv-get, and Crunch jobs).  To avoid errors, rotate keys only when
+  # no such processes are running.
   blob_signing_key: ~
 
   # These settings are provided by your OAuth2 provider (e.g.,
@@ -104,6 +70,16 @@ common:
   # websockets, otherwise none at all.
   websocket_address: false
 
+  # Maximum number of websocket connections allowed
+  websocket_max_connections: 500
+
+  # Maximum number of events a single connection can be backlogged
+  websocket_max_notify_backlog: 1000
+
+  # Maximum number of subscriptions a single websocket connection can have
+  # active.
+  websocket_max_filters: 10
+
   # Git repositories must be readable by api server, or you won't be
   # able to submit crunch jobs. To pass the test suites, put a clone
   # of the arvados tree in {git_repositories_dir}/arvados.git or
@@ -194,19 +170,31 @@ common:
   # still has permission) the client can retrieve the collection again
   # to get fresh signatures.
   #
-  # Datamanager considers an unreferenced block older than this to be
-  # eligible for garbage collection. Therefore, it should never be
-  # smaller than the corresponding value used by any local keepstore
-  # service (see keepstore -blob-signature-ttl flag). This rule
-  # prevents datamanager from trying to garbage-collect recently
-  # written blocks while clients are still holding valid signatures.
+  # This must be exactly equal to the -blob-signature-ttl flag used by
+  # keepstore servers.  Otherwise, reading data blocks and saving
+  # collections will fail with HTTP 403 permission errors.
+  #
+  # Modifying blob_signature_ttl invalidates existing signatures; see
+  # blob_signing_key note above.
   #
   # The default is 2 weeks.
   blob_signature_ttl: 1209600
 
-  # Default lifetime for ephemeral collections: 2 weeks.
+  # Default lifetime for ephemeral collections: 2 weeks. This must not
+  # be less than blob_signature_ttl.
   default_trash_lifetime: 1209600
 
+  # Interval (seconds) between trash sweeps. During a trash sweep,
+  # collections are marked as trash if their trash_at time has
+  # arrived, and deleted if their delete_at time has arrived.
+  trash_sweep_interval: 60
+
+  # Maximum characters of (JSON-encoded) query parameters to include
+  # in each request log entry. When params exceed this size, they will
+  # be JSON-encoded, truncated to this size, and logged as
+  # params_truncated.
+  max_request_log_params_size: 2000
+
   # Maximum size (in bytes) allowed for a single API request.  This
   # limit is published in the discovery document for use by clients.
   # Note: You must separately configure the upstream web server or
@@ -227,11 +215,41 @@ common:
   # for other data types.
   max_index_database_read: 134217728
 
+  # Maximum number of items to return when responding to a APIs that
+  # can return partial result sets using limit and offset parameters
+  # (e.g., *.index, groups.contents). If a request specifies a "limit"
+  # parameter higher than this value, this value is used instead.
+  max_items_per_response: 1000
+
   # When you run the db:delete_old_job_logs task, it will find jobs that
   # have been finished for at least this many seconds, and delete their
   # stderr logs from the logs table.
   clean_job_log_rows_after: <%= 30.days %>
 
+  # When you run the db:delete_old_container_logs task, it will find
+  # containers that have been finished for at least this many seconds,
+  # and delete their stdout, stderr, arv-mount, crunch-run, and
+  # crunchstat logs from the logs table.
+  clean_container_log_rows_after: <%= 30.days %>
+
+  # Time to keep audit logs, in seconds. (An audit log is a row added
+  # to the "logs" table in the PostgreSQL database each time an
+  # Arvados object is created, modified, or deleted.)
+  #
+  # Currently, websocket event notifications rely on audit logs, so
+  # this should not be set lower than 600 (5 minutes).
+  max_audit_log_age: 1209600
+
+  # Maximum number of log rows to delete in a single SQL transaction.
+  #
+  # If max_audit_log_delete_batch is 0, log entries will never be
+  # deleted by Arvados. Cleanup can be done by an external process
+  # without affecting any Arvados system processes, as long as very
+  # recent (<5 minutes old) logs are not deleted.
+  #
+  # 100000 is a reasonable batch size for most sites.
+  max_audit_log_delete_batch: 0
+
   # The maximum number of compute nodes that can be in use simultaneously
   # If this limit is reduced, any existing nodes with slot number >= new limit
   # will not be counted against the new limit. In other words, the new limit
@@ -261,6 +279,19 @@ common:
   # silenced by throttling are not counted against this total.
   crunch_limit_log_bytes_per_job: 67108864
 
+  # Attributes to suppress in events and audit logs.  Notably,
+  # specifying ["manifest_text"] here typically makes the database
+  # smaller and faster.
+  #
+  # Warning: Using any non-empty value here can have undesirable side
+  # effects for any client or component that relies on event logs.
+  # Use at your own risk.
+  unlogged_attributes: []
+
+  # API methods to disable. Disabled methods are not listed in the
+  # discovery document, and respond 404 to all requests.
+  # Example: ["jobs.create", "pipeline_instances.create"]
+  disable_api_methods: []
 
   ###
   ### Crunch, DNS & compute node management
@@ -269,6 +300,17 @@ common:
   # Docker image to be used when none found in runtime_constraints of a job
   default_docker_image_for_jobs: false
 
+  # List of supported Docker Registry image formats that compute nodes
+  # are able to use. `arv keep docker` will error out if a user tries
+  # to store an image with an unsupported format. Use an empty array
+  # to skip the compatibility check (and display a warning message to
+  # that effect).
+  #
+  # Example for sites running docker < 1.10: ["v1"]
+  # Example for sites running docker >= 1.10: ["v2"]
+  # Example for disabling check: []
+  docker_image_formats: ["v2"]
+
   # :none or :slurm_immediate
   crunch_job_wrapper: :none
 
@@ -365,10 +407,29 @@ common:
 
   default_openid_prefix: https://www.google.com/accounts/o8/id
 
-  # source_version
-  source_version: "<%= source_version[0...8] %>"
-  local_modified: false
+  # Override the automatic version string. With the default value of
+  # false, the version string is read from git-commit.version in
+  # Rails.root (included in vendor packages) or determined by invoking
+  # "git log".
+  source_version: false
+
+  crunch_log_partial_line_throttle_period: 5
+
+  # Enable asynchronous permission graph rebuild.  Must run
+  # script/permission-updater.rb as a separate process.  When the permission
+  # cache is invalidated, the background process will update the permission
+  # graph cache.  This feature is experimental!
+  async_permissions_update: false
+
+  # Default value for container_count_max for container requests.  This is the
+  # number of times Arvados will create a new container to satisfy a container
+  # request.  If a container is cancelled it will retry a new container if
+  # container_count < container_count_max on any container requests associated
+  # with the cancelled container.
+  container_count_max: 3
 
+  # Default value for keep_cache_ram of a container's runtime_constraints.
+  container_default_keep_cache_ram: 268435456
 
 development:
   force_ssl: false
@@ -384,7 +445,6 @@ development:
   active_record.auto_explain_threshold_in_seconds: 0.5
   assets.compress: false
   assets.debug: true
-  local_modified: "<%= local_modified ? '-modified' : '' %>"
 
 production:
   force_ssl: true
@@ -419,3 +479,6 @@ test:
   workbench_address: https://localhost:3001/
   git_repositories_dir: <%= Rails.root.join 'tmp', 'git', 'test' %>
   git_internal_dir: <%= Rails.root.join 'tmp', 'internal.git' %>
+  websocket_address: <% if ENV['ARVADOS_TEST_EXPERIMENTAL_WS'] %>"wss://0.0.0.0:<%= ENV['ARVADOS_TEST_WSS_PORT'] %>/websocket"<% else %>false<% end %>
+  trash_sweep_interval: -1
+  docker_image_formats: ["v1"]