X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/6911361cec42d4858fb8e345e07bcf14d5e163b6..44c93373e97da98645d41ae8f09c6eef6788bb26:/lib/config/config.default.yml diff --git a/lib/config/config.default.yml b/lib/config/config.default.yml index ec32613905..8bbc33ba08 100644 --- a/lib/config/config.default.yml +++ b/lib/config/config.default.yml @@ -33,7 +33,7 @@ Clusters: RailsAPI: InternalURLs: {SAMPLE: {}} - ExternalURL: "-" + ExternalURL: "" Controller: InternalURLs: {SAMPLE: {}} ExternalURL: "" @@ -42,7 +42,7 @@ Clusters: ExternalURL: "" Keepbalance: InternalURLs: {SAMPLE: {}} - ExternalURL: "-" + ExternalURL: "" GitHTTP: InternalURLs: {SAMPLE: {}} ExternalURL: "" @@ -51,10 +51,10 @@ Clusters: ExternalURL: "" DispatchCloud: InternalURLs: {SAMPLE: {}} - ExternalURL: "-" + ExternalURL: "" DispatchLSF: InternalURLs: {SAMPLE: {}} - ExternalURL: "-" + ExternalURL: "" Keepproxy: InternalURLs: {SAMPLE: {}} ExternalURL: "" @@ -119,7 +119,7 @@ Clusters: # the old URL (with trailing slash omitted) to preserve # rendezvous ordering. Rendezvous: "" - ExternalURL: "-" + ExternalURL: "" Composer: InternalURLs: {SAMPLE: {}} ExternalURL: "" @@ -142,7 +142,7 @@ Clusters: ExternalURL: "" Health: InternalURLs: {SAMPLE: {}} - ExternalURL: "-" + ExternalURL: "" PostgreSQL: # max concurrent connections per arvados server daemon @@ -234,6 +234,24 @@ Clusters: # Timeout on requests to internal Keep services. KeepServiceRequestTimeout: 15s + # Vocabulary file path, local to the node running the controller. + # This JSON file should contain the description of what's allowed + # as object's metadata. Its format is described at: + # https://doc.arvados.org/admin/metadata-vocabulary.html + VocabularyPath: "" + + # If true, a project must have a non-empty description field in + # order to be frozen. + FreezeProjectRequiresDescription: false + + # Project properties that must have non-empty values in order to + # freeze a project. Example: {"property_name": true} + FreezeProjectRequiresProperties: {} + + # If true, only an admin user can un-freeze a project. If false, + # any user with "manage" permission can un-freeze. + UnfreezeProjectRequiresAdmin: false + Users: # Config parameters to automatically setup new users. If enabled, # this users will be able to self-activate. Enable this if you want @@ -259,6 +277,16 @@ Clusters: # user agreements. Should only be enabled for development. NewUsersAreActive: false + # Newly activated users (whether set up by an admin or via + # AutoSetupNewUsers) immediately become visible to other active + # users. + # + # On a multi-tenant cluster, where the intent is for users to be + # invisible to one another unless they have been added to the + # same group(s) via Workbench admin interface, change this to + # false. + ActivatedUsersAreVisibleToOthers: true + # The e-mail address of the user you would like to become marked as an admin # user on their first login. AutoAdminUserWithEmail: "" @@ -278,9 +306,7 @@ Clusters: NewInactiveUserNotificationRecipients: {} # Set AnonymousUserToken to enable anonymous user access. Populate this - # field with a long random string. Then run "bundle exec - # ./script/get_anonymous_user_token.rb" in the directory where your API - # server is running to record the token in the database. + # field with a random string at least 50 characters long. AnonymousUserToken: "" # If a new user has an alternate email address (local@domain) @@ -303,6 +329,14 @@ Clusters: Thanks, Your Arvados administrator. + # If RoleGroupsVisibleToAll is true, all role groups are visible + # to all active users. + # + # If false, users must be granted permission to role groups in + # order to see them. This is more appropriate for a multi-tenant + # cluster. + RoleGroupsVisibleToAll: true + AuditLogs: # Time to keep audit logs, in seconds. (An audit log is a row added # to the "logs" table in the PostgreSQL database each time an @@ -481,12 +515,12 @@ Clusters: # is older than the amount of seconds defined on PreserveVersionIfIdle, # a snapshot of the collection's previous state is created and linked to # the current collection. - CollectionVersioning: false + CollectionVersioning: true # 0s = auto-create a new version on every update. # -1s = never auto-create new versions. # > 0s = auto-create a new version when older than the specified number of seconds. - PreserveVersionIfIdle: -1s + PreserveVersionIfIdle: 10s # If non-empty, allow project and collection names to contain # the "/" character (slash/stroke/solidus), and replace "/" with @@ -553,9 +587,6 @@ Clusters: # Approximate memory limit (in bytes) for collection cache. MaxCollectionBytes: 100000000 - # Permission cache entries. - MaxPermissionEntries: 1000 - # UUID cache entries. MaxUUIDEntries: 1000 @@ -686,7 +717,7 @@ Clusters: AcceptAccessTokenScope: "" PAM: - # (Experimental) Use PAM to authenticate users. + # Use PAM to authenticate users. Enable: false # PAM service name. PAM will apply the policy in the @@ -878,14 +909,19 @@ Clusters: # go down. MaxComputeVMs: 64 - # Preemptible instance support (e.g. AWS Spot Instances) - # When true, child containers will get created with the preemptible - # scheduling parameter parameter set. - UsePreemptibleInstances: false + # Schedule all child containers on preemptible instances (e.g. AWS + # Spot Instances) even if not requested by the submitter. + # + # If false, containers are scheduled on preemptible instances + # only when requested by the submitter. + # + # This flag is ignored if no preemptible instance types are + # configured, and has no effect on top-level containers. + AlwaysUsePreemptibleInstances: true # PEM encoded SSH key (RSA, DSA, or ECDSA) used by the - # (experimental) cloud dispatcher for executing containers on - # worker VMs. Begins with "-----BEGIN RSA PRIVATE KEY-----\n" + # cloud dispatcher for executing containers on worker VMs. + # Begins with "-----BEGIN RSA PRIVATE KEY-----\n" # and ends with "\n-----END RSA PRIVATE KEY-----\n". DispatchPrivateKey: "" @@ -911,9 +947,45 @@ Clusters: # Minimum time between two attempts to run the same container MinRetryPeriod: 0s - # Container runtime: "docker" (default) or "singularity" (experimental) + # Container runtime: "docker" (default) or "singularity" RuntimeEngine: docker + # When running a container, run a dedicated keepstore process, + # using the specified number of 64 MiB memory buffers per + # allocated CPU core (VCPUs in the container's runtime + # constraints). The dedicated keepstore handles I/O for + # collections mounted in the container, as well as saving + # container logs. + # + # A zero value disables this feature. + # + # In order for this feature to be activated, no volume may use + # AccessViaHosts, and each volume must have Replication higher + # than Collections.DefaultReplication. If these requirements are + # not satisfied, the feature is disabled automatically + # regardless of the value given here. + # + # Note that when this configuration is enabled, the entire + # cluster configuration file, including the system root token, + # is copied to the worker node and held in memory for the + # duration of the container. + LocalKeepBlobBuffersPerVCPU: 1 + + # When running a dedicated keepstore process for a container + # (see LocalKeepBlobBuffersPerVCPU), write keepstore log + # messages to keepstore.txt in the container's log collection. + # + # These log messages can reveal some volume configuration + # details, error messages from the cloud storage provider, etc., + # which are not otherwise visible to users. + # + # Accepted values: + # * "none" -- no keepstore.txt file + # * "all" -- all logs, including request and response lines + # * "errors" -- all logs except "response" logs with 2xx + # response codes and "request" logs + LocalKeepLogsToContainerLog: none + Logging: # When you run the db:delete_old_container_logs task, it will find # containers that have been finished for at least this many seconds, @@ -1024,9 +1096,29 @@ Clusters: AssignNodeHostname: "compute%d" LSF: - # Additional arguments to bsub when submitting Arvados - # containers as LSF jobs. - BsubArgumentsList: [] + # Arguments to bsub when submitting Arvados containers as LSF jobs. + # + # Template variables starting with % will be substituted as follows: + # + # %U uuid + # %C number of VCPUs + # %M memory in MB + # %T tmp in MB + # %G number of GPU devices (runtime_constraints.cuda.device_count) + # + # Use %% to express a literal %. The %%J in the default will be changed + # to %J, which is interpreted by bsub itself. + # + # Note that the default arguments cause LSF to write two files + # in /tmp on the compute node each time an Arvados container + # runs. Ensure you have something in place to delete old files + # from /tmp, or adjust the "-o" and "-e" arguments accordingly. + BsubArgumentsList: ["-o", "/tmp/crunch-run.%%J.out", "-e", "/tmp/crunch-run.%%J.err", "-J", "%U", "-n", "%C", "-D", "%MMB", "-R", "rusage[mem=%MMB:tmp=%TMB] span[hosts=1]", "-R", "select[mem>=%MMB]", "-R", "select[tmp>=%TMB]", "-R", "select[ncpus>=%C]"] + + # Arguments that will be appended to the bsub command line + # when submitting Arvados containers as LSF jobs with + # runtime_constraints.cuda.device_count > 0 + BsubCUDAArguments: ["-gpu", "num=%G"] # Use sudo to switch to this user account when submitting LSF # jobs. @@ -1055,7 +1147,7 @@ Clusters: GitInternalDir: /var/lib/arvados/internal.git CloudVMs: - # Enable the cloud scheduler (experimental). + # Enable the cloud scheduler. Enable: false # Name/number of port where workers' SSH services listen. @@ -1067,7 +1159,7 @@ Clusters: # Shell command to execute on each worker to determine whether # the worker is booted and ready to run containers. It should # exit zero if the worker is ready. - BootProbeCommand: "docker ps -q" + BootProbeCommand: "systemctl is-system-running" # Minimum interval between consecutive probes to a single # worker. @@ -1089,13 +1181,25 @@ Clusters: # Maximum create/destroy-instance operations per second (0 = # unlimited). - MaxCloudOpsPerSecond: 0 + MaxCloudOpsPerSecond: 10 - # Maximum concurrent node creation operations (0 = unlimited). This is - # recommended by Azure in certain scenarios (see - # https://docs.microsoft.com/en-us/azure/virtual-machines/linux/capture-image) - # and can be used with other cloud providers too, if desired. - MaxConcurrentInstanceCreateOps: 0 + # Maximum concurrent instance creation operations (0 = unlimited). + # + # MaxConcurrentInstanceCreateOps limits the number of instance creation + # requests that can be in flight at any one time, whereas + # MaxCloudOpsPerSecond limits the number of create/destroy operations + # that can be started per second. + # + # Because the API for instance creation on Azure is synchronous, it is + # recommended to increase MaxConcurrentInstanceCreateOps when running + # on Azure. When using managed images, a value of 20 would be + # appropriate. When using Azure Shared Image Galeries, it could be set + # higher. For more information, see + # https://docs.microsoft.com/en-us/azure/virtual-machines/linux/capture-image + # + # MaxConcurrentInstanceCreateOps can be increased for other cloud + # providers too, if desired. + MaxConcurrentInstanceCreateOps: 1 # Interval between cloud provider syncs/updates ("list all # instances"). @@ -1172,6 +1276,9 @@ Clusters: Region: "" EBSVolumeType: gp2 AdminUsername: debian + # (ec2) name of the IAMInstanceProfile for instances started by + # the cloud dispatcher. Leave blank when not needed. + IAMInstanceProfile: "" # (azure) Credentials. SubscriptionID: "" @@ -1228,6 +1335,11 @@ Clusters: AddedScratch: 0 Price: 0.1 Preemptible: false + # Include this section if the node type includes GPU (CUDA) support + CUDA: + DriverVersion: "11.0" + HardwareCapability: "9.0" + DeviceCount: 1 StorageClasses: @@ -1287,7 +1399,7 @@ Clusters: AccessKeyID: aaaaa SecretAccessKey: aaaaa Endpoint: "" - Region: us-east-1a + Region: us-east-1 Bucket: aaaaa LocationConstraint: false V2Signature: false @@ -1295,6 +1407,7 @@ Clusters: ConnectTimeout: 1m ReadTimeout: 10m RaceWindow: 24h + PrefixLength: 0 # Use aws-s3-go (v2) instead of goamz UseAWSS3v2Driver: false @@ -1506,7 +1619,6 @@ Clusters: DefaultOpenIdPrefix: "https://www.google.com/accounts/o8/id" # Workbench2 configs - VocabularyURL: "" FileViewersConfigURL: "" # Idle time after which the user's session will be auto closed.