X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/763e5bd313592a1c1f161b80bc07c94a49f8fb91..b87f98819a9d71c55ab8b4512f5feb8c604f6921:/tools/salt-install/local.params.example.multiple_hosts diff --git a/tools/salt-install/local.params.example.multiple_hosts b/tools/salt-install/local.params.example.multiple_hosts index 463ee4c101..26cd16ed57 100644 --- a/tools/salt-install/local.params.example.multiple_hosts +++ b/tools/salt-install/local.params.example.multiple_hosts @@ -21,7 +21,6 @@ INITIAL_USER=admin # If not specified, the initial user email will be composed as # INITIAL_USER@DOMAIN INITIAL_USER_EMAIL="admin@cluster_fixme_or_this_wont_work.domain_fixme_or_this_wont_work" -INITIAL_USER_PASSWORD="fixmepassword" # Use a public node as a jump host for SSH sessions. This allows running the # installer from the outside of the cluster's local network and still reach @@ -29,13 +28,7 @@ INITIAL_USER_PASSWORD="fixmepassword" # Comment out to disable. USE_SSH_JUMPHOST="controller.${DOMAIN}" -# YOU SHOULD CHANGE THESE TO SOME RANDOM STRINGS -BLOB_SIGNING_KEY=fixmeblobsigningkeymushaveatleast32characters -MANAGEMENT_TOKEN=fixmemanagementtokenmushaveatleast32characters -SYSTEM_ROOT_TOKEN=fixmesystemroottokenmushaveatleast32characters -ANONYMOUS_USER_TOKEN=fixmeanonymoususertokenmushaveatleast32characters -WORKBENCH_SECRET_KEY=fixmeworkbenchsecretkeymushaveatleast32characters -DATABASE_PASSWORD=fixmeplease_set_this_to_some_secure_value +AWS_REGION="fixme_or_this_wont_work" # SSL CERTIFICATES # Arvados requires SSL certificates to work correctly. This installer supports these options: @@ -51,9 +44,17 @@ USE_LETSENCRYPT_ROUTE53="yes" # For that reason, you'll need to provide AWS credentials with permissions to manage # RRs in the route53 zone for the cluster. # WARNING!: If AWS credentials files already exist in the hosts, they won't be replaced. -LE_AWS_REGION="us-east-1" -LE_AWS_ACCESS_KEY_ID="AKIABCDEFGHIJKLMNOPQ" -LE_AWS_SECRET_ACCESS_KEY="thisistherandomstringthatisyoursecretkey" +LE_AWS_REGION="${AWS_REGION}" + +# Compute node configurations +COMPUTE_AMI="ami_id_fixme_or_this_wont_work" +COMPUTE_SG="security_group_fixme_or_this_wont_work" +COMPUTE_SUBNET="subnet_fixme_or_this_wont_work" +COMPUTE_AWS_REGION="${AWS_REGION}" +COMPUTE_USER="${DEPLOY_USER}" + +# Keep S3 backend region +KEEP_AWS_REGION="${AWS_REGION}" # If you going to provide your own certificates for Arvados, the provision script can # help you deploy them. In order to do that, you need to set `SSL_MODE=bring-your-own` above, @@ -83,21 +84,25 @@ LE_AWS_SECRET_ACCESS_KEY="thisistherandomstringthatisyoursecretkey" # a custom AWS secret name for each node to retrieve the password. SSL_KEY_ENCRYPTED="no" SSL_KEY_AWS_SECRET_NAME="${CLUSTER}-arvados-ssl-privkey-password" -SSL_KEY_AWS_REGION="us-east-1" +SSL_KEY_AWS_REGION="${AWS_REGION}" # Customize Prometheus & Grafana web UI access credentials MONITORING_USERNAME=${INITIAL_USER} -MONITORING_PASSWORD=${INITIAL_USER_PASSWORD} MONITORING_EMAIL=${INITIAL_USER_EMAIL} + # Sets the directory for Grafana dashboards # GRAFANA_DASHBOARDS_DIR="${SCRIPT_DIR}/local_config_dir/dashboards" +# Sets the amount of data (expressed in time) Prometheus keeps on its +# time-series database. Default is 15 days. +# PROMETHEUS_DATA_RETENTION_TIME="180d" + # The mapping of nodes to roles # installer.sh will log in to each of these nodes and then provision # it for the specified roles. NODES=( - [controller.${DOMAIN}]=database,api,controller,websocket,dispatcher,keepbalance - [workbench.${DOMAIN}]=monitoring,workbench,workbench2,webshell,keepproxy,keepweb + [controller.${DOMAIN}]=database,controller + [workbench.${DOMAIN}]=monitoring,workbench,workbench2,webshell,keepproxy,keepweb,websocket,dispatcher,keepbalance [keep0.${DOMAIN}]=keepstore [shell.${DOMAIN}]=shell ) @@ -121,20 +126,28 @@ CLUSTER_INT_CIDR=10.1.0.0/16 # Note the IPs in this example are shared between roles, as suggested in # https://doc.arvados.org/main/install/salt-multi-host.html CONTROLLER_INT_IP=10.1.1.11 -WEBSOCKET_INT_IP=10.1.1.11 -KEEP_INT_IP=10.1.1.15 +DATABASE_INT_IP=${CONTROLLER_INT_IP} +WORKBENCH1_INT_IP=10.1.1.15 +DISPATCHER_INT_IP=${WORKBENCH1_INT_IP} +KEEPBALANCE_INT_IP=${WORKBENCH1_INT_IP} +WEBSOCKET_INT_IP=${WORKBENCH1_INT_IP} # Both for collections and downloads -KEEPWEB_INT_IP=10.1.1.15 +KEEPWEB_INT_IP=${WORKBENCH1_INT_IP} +WORKBENCH2_INT_IP=${WORKBENCH1_INT_IP} +WEBSHELL_INT_IP=${WORKBENCH1_INT_IP} +KEEP_INT_IP=${WORKBENCH1_INT_IP} KEEPSTORE0_INT_IP=10.1.2.13 -WORKBENCH1_INT_IP=10.1.1.15 -WORKBENCH2_INT_IP=10.1.1.15 -WEBSHELL_INT_IP=10.1.1.15 -DATABASE_INT_IP=10.1.1.11 SHELL_INT_IP=10.1.2.17 -# Performance tuning parameters -#CONTROLLER_NGINX_WORKERS= -#CONTROLLER_MAX_CONCURRENT_REQUESTS= +# In a load balanced deployment, you can do rolling upgrades by specifying one +# controller node name at a time, so that it gets removed from the pool and can +# be upgraded. +DISABLED_CONTROLLER="" + +# Performance tuning parameters. If these are not set, workers +# defaults on the number of cpus and queued requests defaults to 128. +#CONTROLLER_MAX_WORKERS= +#CONTROLLER_MAX_QUEUED_REQUESTS= # The directory to check for the config files (pillars, states) you want to use. # There are a few examples under 'config_examples'.