X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/f3e3a6cc4b72120f856e14f3039b1c0c1f0326bd..f30c8ed35e3e1ad7cb3cb51fc6d83f56a04ae8de:/lib/config/generated_config.go

diff --git a/lib/config/generated_config.go b/lib/config/generated_config.go
index 57204cf36a..817585c0fe 100644
--- a/lib/config/generated_config.go
+++ b/lib/config/generated_config.go
@@ -18,6 +18,8 @@ var DefaultYAML = []byte(`# Copyright (C) The Arvados Authors. All rights reserv
 
 Clusters:
   xxxxx:
+    # Token used internally by Arvados components to authenticate to
+    # one another. Use a string of at least 50 random alphanumerics.
     SystemRootToken: ""
 
     # Token to be included in all healthcheck requests. Disabled by default.
@@ -201,7 +203,7 @@ Clusters:
       # * 1.1) fits comfortably in memory. On a host dedicated to running
       # Keepstore, divide total memory by 88MiB to suggest a suitable value.
       # For example, if grep MemTotal /proc/meminfo reports MemTotal: 7125440
-      # kB, compute 7125440 / (88 * 1024)=79 and configure MaxBuffers: 79
+      # kB, compute 7125440 / (88 * 1024)=79 and set MaxKeepBlobBuffers: 79
       MaxKeepBlobBuffers: 128
 
       # API methods to disable. Disabled methods are not listed in the
@@ -218,11 +220,6 @@ Clusters:
       # serving a single incoming multi-cluster (federated) request.
       MaxRequestAmplification: 4
 
-      # RailsSessionSecretToken is a string of alphanumeric characters
-      # used by Rails to sign session tokens. IMPORTANT: This is a
-      # site secret. It should be at least 50 characters.
-      RailsSessionSecretToken: ""
-
       # Maximum wall clock time to spend handling an incoming request.
       RequestTimeout: 5m
 
@@ -264,9 +261,6 @@ Clusters:
 
       # The e-mail address of the user you would like to become marked as an admin
       # user on their first login.
-      # In the default configuration, authentication happens through the Arvados SSO
-      # server, which uses OAuth2 against Google's servers, so in that case this
-      # should be an address associated with a Google account.
       AutoAdminUserWithEmail: ""
 
       # If AutoAdminFirstUser is set to true, the first user to log in when no
@@ -282,9 +276,10 @@ Clusters:
       NewUserNotificationRecipients: {}
       NewInactiveUserNotificationRecipients: {}
 
-      # Set AnonymousUserToken to enable anonymous user access. You can get
-      # the token by running "bundle exec ./script/get_anonymous_user_token.rb"
-      # in the directory where your API server is running.
+      # Set AnonymousUserToken to enable anonymous user access. Populate this
+      # field with a long random string. Then run "bundle exec
+      # ./script/get_anonymous_user_token.rb" in the directory where your API
+      # server is running to record the token in the database.
       AnonymousUserToken: ""
 
       # If a new user has an alternate email address (local@domain)
@@ -293,6 +288,20 @@ Clusters:
       # address is used.
       PreferDomainForUsername: ""
 
+      UserSetupMailText: |
+        <% if not @user.full_name.empty? -%>
+        <%= @user.full_name %>,
+        <% else -%>
+        Hi there,
+        <% end -%>
+
+        Your Arvados account has been set up.  You can log in at
+
+        <%= Rails.configuration.Services.Workbench1.ExternalURL %>
+
+        Thanks,
+        Your Arvados administrator.
+
     AuditLogs:
       # Time to keep audit logs, in seconds. (An audit log is a row added
       # to the "logs" table in the PostgreSQL database each time an
@@ -719,6 +728,17 @@ Clusters:
       # Default value zero means tokens don't have expiration.
       TokenLifetime: 0s
 
+      # When the token is returned to a client, the token itself may
+      # be restricted from manipulating other tokens based on whether
+      # the client is "trusted" or not.  The local Workbench1 and
+      # Workbench2 are trusted by default, but if this is a
+      # LoginCluster, you probably want to include the other Workbench
+      # instances in the federation in this list.
+      TrustedClients:
+        SAMPLE:
+          "https://workbench.federate1.example": {}
+          "https://workbench.federate2.example": {}
+
     Git:
       # Path to git or gitolite-shell executable. Each authenticated
       # request will execute this program with the single argument "http-backend"
@@ -854,6 +874,26 @@ Clusters:
         # period.
         LogUpdateSize: 32MiB
 
+      ShellAccess:
+        # An admin user can use "arvados-client shell" to start an
+        # interactive shell (with any user ID) in any running
+        # container.
+        Admin: false
+
+        # Any user can use "arvados-client shell" to start an
+        # interactive shell (with any user ID) in any running
+        # container that they started, provided it isn't also
+        # associated with a different user's container request.
+        #
+        # Interactive sessions make it easy to alter the container's
+        # runtime environment in ways that aren't recorded or
+        # reproducible. Consider the implications for automatic
+        # container reuse before enabling and using this feature. In
+        # particular, note that starting an interactive session does
+        # not disqualify a container from being reused by a different
+        # user/workflow in the future.
+        User: false
+
       SLURM:
         PrioritySpread: 0
         SbatchArgumentsList: []
@@ -944,6 +984,11 @@ Clusters:
         # Time before repeating SIGTERM when killing a container.
         TimeoutSignal: 5s
 
+        # Time to give up on a process (most likely arv-mount) that
+        # still holds a container lockfile after its main supervisor
+        # process has exited, and declare the instance broken.
+        TimeoutStaleRunLock: 5s
+
         # Time to give up on SIGTERM and write off the worker.
         TimeoutTERM: 2m
 
@@ -951,6 +996,12 @@ Clusters:
         # unlimited).
         MaxCloudOpsPerSecond: 0
 
+        # Maximum concurrent node creation operations (0 = unlimited). This is
+        # recommended by Azure in certain scenarios (see
+        # https://docs.microsoft.com/en-us/azure/virtual-machines/linux/capture-image)
+        # and can be used with other cloud providers too, if desired.
+        MaxConcurrentInstanceCreateOps: 0
+
         # Interval between cloud provider syncs/updates ("list all
         # instances").
         SyncInterval: 1m
@@ -1015,7 +1066,7 @@ Clusters:
         # Cloud-specific driver parameters.
         DriverParameters:
 
-          # (ec2) Credentials.
+          # (ec2) Credentials. Omit or leave blank if using IAM role.
           AccessKeyID: ""
           SecretAccessKey: ""
 
@@ -1338,6 +1389,10 @@ Clusters:
       VocabularyURL: ""
       FileViewersConfigURL: ""
 
+      # Idle time after which the user's session will be auto closed.
+      # This feature is disabled when set to zero.
+      IdleTimeout: 0s
+
       # Workbench welcome screen, this is HTML text that will be
       # incorporated directly onto the page.
       WelcomePageHTML: |