X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/ae60ced94e3ba9e80c994880886b11eefffd39c2..73eb047a9a1eb83d10c84cc959fdd049b7fd5fab:/lib/config/generated_config.go?ds=sidebyside
diff --git a/lib/config/generated_config.go b/lib/config/generated_config.go
index d18251b27f..68dea169f8 100644
--- a/lib/config/generated_config.go
+++ b/lib/config/generated_config.go
@@ -374,13 +374,26 @@ Clusters:
# collection's replication_desired attribute is nil.
DefaultReplication: 2
- # Lifetime (in seconds) of blob permission signatures generated by
- # the API server. This determines how long a client can take (after
- # retrieving a collection record) to retrieve the collection data
- # from Keep. If the client needs more time than that (assuming the
- # collection still has the same content and the relevant user/token
- # still has permission) the client can retrieve the collection again
- # to get fresh signatures.
+ # BlobSigningTTL determines the minimum lifetime of transient
+ # data, i.e., blocks that are not referenced by
+ # collections. Unreferenced blocks exist for two reasons:
+ #
+ # 1) A data block must be written to a disk/cloud backend device
+ # before a collection can be created/updated with a reference to
+ # it.
+ #
+ # 2) Deleting or updating a collection can remove the last
+ # remaining reference to a data block.
+ #
+ # If BlobSigningTTL is too short, long-running
+ # processes/containers will fail when they take too long (a)
+ # between writing blocks and writing collections that reference
+ # them, or (b) between reading collections and reading the
+ # referenced blocks.
+ #
+ # If BlobSigningTTL is too long, data will still be stored long
+ # after the referring collections are deleted, and you will
+ # needlessly fill up disks or waste money on cloud storage.
#
# Modifying BlobSigningTTL invalidates existing signatures; see
# BlobSigningKey note above.
@@ -388,6 +401,36 @@ Clusters:
# The default is 2 weeks.
BlobSigningTTL: 336h
+ # When running keep-balance, this is the destination filename for
+ # the list of lost block hashes if there are any, one per line.
+ # Updated automically during each successful run.
+ BlobMissingReport: ""
+
+ # keep-balance operates periodically, i.e.: do a
+ # scan/balance operation, sleep, repeat.
+ #
+ # BalancePeriod determines the interval between start times of
+ # successive scan/balance operations. If a scan/balance operation
+ # takes longer than RunPeriod, the next one will follow it
+ # immediately.
+ #
+ # If SIGUSR1 is received during an idle period between operations,
+ # the next operation will start immediately.
+ BalancePeriod: 10m
+
+ # Limits the number of collections retrieved by keep-balance per
+ # API transaction. If this is zero, page size is
+ # determined by the API server's own page size limits (see
+ # API.MaxItemsPerResponse and API.MaxIndexDatabaseRead).
+ BalanceCollectionBatch: 0
+
+ # The size of keep-balance's internal queue of
+ # collections. Higher values use more memory and improve throughput
+ # by allowing keep-balance to fetch the next page of collections
+ # while the current page is still being processed. If this is zero
+ # or omitted, pages are processed serially.
+ BalanceCollectionBuffers: 1000
+
# Default lifetime for ephemeral collections: 2 weeks. This must not
# be less than BlobSigningTTL.
DefaultTrashLifetime: 336h
@@ -456,8 +499,29 @@ Clusters:
Login:
# These settings are provided by your OAuth2 provider (eg
# Google) used to perform upstream authentication.
- ProviderAppSecret: ""
ProviderAppID: ""
+ ProviderAppSecret: ""
+
+ # (Experimental) Authenticate with Google, bypassing the
+ # SSO-provider gateway service. Use the Google Cloud console to
+ # enable the People API (APIs and Services > Enable APIs and
+ # services > Google People API > Enable), generate a Client ID
+ # and secret (APIs and Services > Credentials > Create
+ # credentials > OAuth client ID > Web application) and add your
+ # controller's /login URL (e.g.,
+ # "https://zzzzz.example.com/login") as an authorized redirect
+ # URL.
+ #
+ # Requires EnableBetaController14287. ProviderAppID must be
+ # blank.
+ GoogleClientID: ""
+ GoogleClientSecret: ""
+
+ # Allow users to log in to existing accounts using any verified
+ # email address listed by their Google account. If true, the
+ # Google People API must be enabled in order for Google login to
+ # work. If false, only the primary email address will be used.
+ GoogleAlternateEmailAddresses: true
# The cluster ID to delegate the user database. When set,
# logins on this cluster will be redirected to the login cluster
@@ -1020,6 +1084,31 @@ Clusters:
VocabularyURL: ""
FileViewersConfigURL: ""
+ # Workbench welcome screen, this is HTML text that will be
+ # incorporated directly onto the page.
+ WelcomePageHTML: |
+ 
+ Please log in.
+
+ The "Log in" button below will show you a sign-in
+ page. After you log in, you will be redirected back to
+ Arvados Workbench.
+
+ If you have never used Arvados Workbench before, logging in
+ for the first time will automatically create a new
+ account.
+
+ Arvados Workbench uses your name and email address only for
+ identification, and does not retrieve any other personal
+ information.
+
+ InactivePageHTML: |
+
+ Hi! You're logged in, but...
+ Your account is inactive.
+ An administrator must activate your account before you can get
+ any further.
+
# Use experimental controller code (see https://dev.arvados.org/issues/14287)
EnableBetaController14287: false
`)