X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/a2107d5fc7982769c2d667e51656a6e2529d9bc9..0dffc025de9ebc7a54596e1018a589a6f5b8a03e:/services/api/config/application.default.yml diff --git a/services/api/config/application.default.yml b/services/api/config/application.default.yml index 36eedb4fce..f18c89f732 100644 --- a/services/api/config/application.default.yml +++ b/services/api/config/application.default.yml @@ -39,12 +39,24 @@ test: action_mailer.delivery_method: :test active_support.deprecation: :stderr active_record.mass_assignment_sanitizer: :strict + uuid_prefix: zzzzz common: secret_token: ~ + blob_signing_key: ~ uuid_prefix: <%= Digest::MD5.hexdigest(`hostname`).to_i(16).to_s(36)[0..4] %> - git_repositories_dir: /var/cache/git + # Git repositories must be readable by api server, or you won't be + # able to submit crunch jobs. To pass the test suites, put a clone + # of the arvados tree in {git_repositories_dir}/arvados.git or + # {git_repositories_dir}/arvados/.git + git_repositories_dir: /var/lib/arvados/git + + # This is a (bare) repository that stores commits used in jobs. When a job + # runs, the source commits are first fetched into this repository, then this + # repository is used to deploy to compute nodes. This should NOT be a + # subdirectory of {git_repositiories_dir}. + git_internal_dir: /var/lib/arvados/internal.git # :none or :slurm_immediate crunch_job_wrapper: :none @@ -64,7 +76,7 @@ common: compute_node_ec2run_args: -g arvados-compute compute_node_spot_bid: 0.11 - compute_node_domain: <%= `hostname`.split('.')[1..-1].join('.').strip %> + compute_node_domain: false compute_node_nameservers: - 192.168.1.1 compute_node_ec2_tag_enable: false @@ -74,6 +86,9 @@ common: new_users_are_active: false admin_notifier_email_from: arvados@example.com email_subject_prefix: "[ARVADOS] " + user_notifier_email_from: arvados@example.com + new_user_notification_recipients: [ ] + new_inactive_user_notification_recipients: [ ] # Visitors to the API server will be redirected to the workbench workbench_address: https://workbench.local:3001/ @@ -83,4 +98,45 @@ common: # In the default configuration, authentication happens through the Arvados SSO # server, which uses openid against Google's servers, so in that case this # should be an address associated with a Google account. - auto_admin_user: ~ + auto_admin_user: false + + ## Set Time.zone default to the specified zone and make Active + ## Record auto-convert to this zone. Run "rake -D time" for a list + ## of tasks for finding time zone names. Default is UTC. + #time_zone: Central Time (US & Canada) + + ## Default encoding used in templates for Ruby 1.9. + encoding: utf-8 + + # Enable the asset pipeline + assets.enabled: true + + # Version of your assets, change this if you want to expire all your assets + assets.version: "1.0" + + arvados_theme: default + + # Default: do not advertise a websocket server. + websocket_address: false + + # You can run the websocket server separately from the regular HTTP service + # by setting "ARVADOS_WEBSOCKETS=ws-only" in the environment before running + # the websocket server. When you do this, you need to set the following + # configuration variable so that the primary server can give out the correct + # address of the dedicated websocket server: + #websocket_address: wss://127.0.0.1:3333/websocket + + # Amount of time (in seconds) for which a blob permission signature + # remains valid. Default: 2 weeks (1209600 seconds) + blob_signing_ttl: 1209600 + + # Allow clients to create collections by providing a manifest with + # unsigned data blob locators. IMPORTANT: This effectively disables + # access controls for data stored in Keep: a client who knows a hash + # can write a manifest that references the hash, pass it to + # collections.create (which will create a permission link), use + # collections.get to obtain a signature for that data locator, and + # use that signed locator to retrieve the data from Keep. Therefore, + # do not turn this on if your users expect to keep data private from + # one another! + permit_create_collection_with_unsigned_manifest: false