X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/b9b4502bcddeccd794614bf6979d643f9f350877..c2989afb1ed2397676212804272cb128236758cf:/services/api/config/application.default.yml

diff --git a/services/api/config/application.default.yml b/services/api/config/application.default.yml
index c2f89582fc..dcf270e3fb 100644
--- a/services/api/config/application.default.yml
+++ b/services/api/config/application.default.yml
@@ -1,3 +1,7 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
 # Do not use this file for site configuration. Create application.yml
 # instead (see application.yml.example).
 #
@@ -89,10 +93,12 @@ common:
   ### Overriding default advertised hostnames/URLs
   ###
 
-  # If not false, this is the hostname that will be used for root_url and
-  # advertised in the discovery document.  By default, use the default Rails
-  # logic for deciding on a hostname.
+  # If not false, this is the hostname, port, and protocol that will be used
+  # for root_url and advertised in the discovery document.  By default, use
+  # the default Rails logic for deciding on a hostname.
   host: false
+  port: false
+  protocol: false
 
   # Base part of SSH git clone url given with repository resources. If
   # true, the default "git@git.(uuid_prefix).arvadosapi.com:" is
@@ -113,7 +119,11 @@ common:
   ### New user and & email settings
   ###
 
-  # Config parameters to automatically setup new users.
+  # Config parameters to automatically setup new users.  If enabled,
+  # this users will be able to self-activate.  Enable this if you want
+  # to run an open instance where anyone can create an account and use
+  # the system without requiring manual approval.
+  #
   # The params auto_setup_new_users_with_* are meaningful only when auto_setup_new_users is turned on.
   # auto_setup_name_blacklist is a list of usernames to be blacklisted for auto setup.
   auto_setup_new_users: false
@@ -121,7 +131,9 @@ common:
   auto_setup_new_users_with_repository: false
   auto_setup_name_blacklist: [arvados, git, gitolite, gitolite-admin, root, syslog]
 
-  # When new_users_are_active is set to true, the user agreement check is skipped.
+  # When new_users_are_active is set to true, new users will be active
+  # immediately.  This skips the "self-activate" step which enforces
+  # user agreements.  Should only be enabled for development.
   new_users_are_active: false
 
   # The e-mail address of the user you would like to become marked as an admin
@@ -267,6 +279,17 @@ common:
 
   crunch_log_partial_line_throttle_period: 5
 
+  # Container logs are written to Keep and saved in a collection,
+  # which is updated periodically while the container runs.  This
+  # value sets the interval (given in seconds) between collection
+  # updates.
+  crunch_log_update_period: 1800
+
+  # The log collection is also updated when the specified amount of
+  # log data (given in bytes) is produced in less than one update
+  # period.
+  crunch_log_update_size: 33554432
+
   # Attributes to suppress in events and audit logs.  Notably,
   # specifying ["manifest_text"] here typically makes the database
   # smaller and faster.
@@ -281,10 +304,22 @@ common:
   # Example: ["jobs.create", "pipeline_instances.create"]
   disable_api_methods: []
 
+  # Enable the legacy Jobs API.
+  # auto -- (default) enable the Jobs API only if it has been used before
+  #         (i.e., there are job records in the database)
+  # true -- enable the Jobs API despite lack of existing records.
+  # false -- disable the Jobs API despite presence of existing records.
+  enable_legacy_jobs_api: auto
+
   ###
   ### Crunch, DNS & compute node management
   ###
 
+  # Preemptible instance support (e.g. AWS Spot Instances)
+  # When true, child containers will get created with the preemptible
+  # scheduling parameter parameter set.
+  preemptible_instances: false
+
   # Docker image to be used when none found in runtime_constraints of a job
   default_docker_image_for_jobs: false
 
@@ -378,15 +413,44 @@ common:
   # original job reuse behavior, and is still the default).
   reuse_job_if_outputs_differ: false
 
+  ###
+  ### Federation support.
+  ###
+
+  # You can enable use of this cluster by users who are authenticated
+  # by a remote Arvados site. Control which remote hosts are trusted
+  # to authenticate which user IDs by configuring remote_hosts,
+  # remote_hosts_via_dns, or both. The default configuration disables
+  # remote authentication.
+
+  # Map known prefixes to hosts. For example, if user IDs beginning
+  # with "zzzzz-" should be authenticated by the Arvados server at
+  # "zzzzz.example.com", use:
+  #
+  # remote_hosts:
+  #   zzzzz: zzzzz.example.com
+  remote_hosts: {}
+
+  # Use {prefix}.arvadosapi.com for any prefix not given in
+  # remote_hosts above.
+  remote_hosts_via_dns: false
+
+  # List of cluster prefixes.  These are "trusted" clusters, users
+  # from the clusters listed here will be automatically setup and
+  # activated.  This is separate from the settings
+  # auto_setup_new_users and new_users_are_active.
+  auto_activate_users_from: []
+
   ###
   ### Remaining assorted configuration options.
   ###
 
   arvados_theme: default
 
-  # Permit insecure (OpenSSL::SSL::VERIFY_NONE) connections to the Single Sign
-  # On (sso) server.  Should only be enabled during development when the SSO
-  # server is using a self-signed cert.
+  # Permit insecure (OpenSSL::SSL::VERIFY_NONE) connections to the
+  # Single Sign On (sso) server and remote Arvados sites.  Should only
+  # be enabled during development when the SSO server is using a
+  # self-signed cert.
   sso_insecure: false
 
   ## Set Time.zone default to the specified zone and make Active
@@ -422,6 +486,11 @@ common:
   # "git log".
   source_version: false
 
+  # Override the automatic package version string. With the default version of
+  # false, the package version is read from package-build.version in Rails.root
+  # (included in vendor packages).
+  package_version: false
+
   # Enable asynchronous permission graph rebuild.  Must run
   # script/permission-updater.rb as a separate process.  When the permission
   # cache is invalidated, the background process will update the permission
@@ -438,6 +507,28 @@ common:
   # Default value for keep_cache_ram of a container's runtime_constraints.
   container_default_keep_cache_ram: 268435456
 
+  # Token to be included in all healthcheck requests. Disabled by default.
+  # Server expects request header of the format "Authorization: Bearer xxx"
+  ManagementToken: false
+
+  # URL of keep-web service.  Provides read/write access to collections via
+  # HTTP and WebDAV protocols.
+  #
+  # Example:
+  # keep_web_service_url: https://download.uuid_prefix.arvadosapi.com/
+  keep_web_service_url: false
+
+  # If true, enable collection versioning.
+  # When a collection's preserve_version field is true or the current version
+  # is older than the amount of seconds defined on preserve_version_if_idle,
+  # a snapshot of the collection's previous state is created and linked to
+  # the current collection.
+  collection_versioning: false
+  #   0 = auto-create a new version on every update.
+  #  -1 = never auto-create new versions.
+  # > 0 = auto-create a new version when older than the specified number of seconds.
+  preserve_version_if_idle: -1
+
 development:
   force_ssl: false
   cache_classes: false