X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/c5f67bbc40e8f6a98854b1bf67fc6a98cff80790..18286a31cb3d42d445f40cceaee12c71e4eee79a:/lib/config/config.default.yml diff --git a/lib/config/config.default.yml b/lib/config/config.default.yml index 411296cbea..d4870919ea 100644 --- a/lib/config/config.default.yml +++ b/lib/config/config.default.yml @@ -184,12 +184,21 @@ Clusters: MaxItemsPerResponse: 1000 # Maximum number of concurrent requests to accept in a single - # service process, or 0 for no limit. Currently supported only - # by keepstore. + # service process, or 0 for no limit. MaxConcurrentRequests: 0 - # Maximum number of 64MiB memory buffers per keepstore server - # process, or 0 for no limit. + # Maximum number of 64MiB memory buffers per Keepstore server process, or + # 0 for no limit. When this limit is reached, up to + # (MaxConcurrentRequests - MaxKeepBlobBuffers) HTTP requests requiring + # buffers (like GET and PUT) will wait for buffer space to be released. + # Any HTTP requests beyond MaxConcurrentRequests will receive an + # immediate 503 response. + # + # MaxKeepBlobBuffers should be set such that (MaxKeepBlobBuffers * 64MiB + # * 1.1) fits comfortably in memory. On a host dedicated to running + # Keepstore, divide total memory by 88MiB to suggest a suitable value. + # For example, if grep MemTotal /proc/meminfo reports MemTotal: 7125440 + # kB, compute 7125440 / (88 * 1024)=79 and configure MaxBuffers: 79 MaxKeepBlobBuffers: 128 # API methods to disable. Disabled methods are not listed in the @@ -541,6 +550,29 @@ Clusters: # work. If false, only the primary email address will be used. GoogleAlternateEmailAddresses: true + # (Experimental) Use PAM to authenticate logins, using the + # specified PAM service name. + # + # Cannot be used in combination with OAuth2 (ProviderAppID) or + # Google (GoogleClientID). Cannot be used on a cluster acting as + # a LoginCluster. + PAM: false + PAMService: arvados + + # Domain name (e.g., "example.com") to use to construct the + # user's email address if PAM authentication returns a username + # with no "@". If empty, use the PAM username as the user's + # email address, whether or not it contains "@". + # + # Note that the email address is used as the primary key for + # user records when logging in. Therefore, if you change + # PAMDefaultEmailDomain after the initial installation, you + # should also update existing user records to reflect the new + # domain. Otherwise, next time those users log in, they will be + # given new accounts instead of accessing their existing + # accounts. + PAMDefaultEmailDomain: "" + # The cluster ID to delegate the user database. When set, # logins on this cluster will be redirected to the login cluster # (login cluster must appear in RemoteClusters with Proxy: true) @@ -1196,3 +1228,8 @@ Clusters: # implementation. Note that it also disables some new federation # features and will be removed in a future release. ForceLegacyAPI14: false + +# (Experimental) Restart services automatically when config file +# changes are detected. Only supported by `arvados-server boot` in +# dev/test mode. +AutoReloadConfig: false