# Default value zero means tokens don't have expiration.
TokenLifetime: 0s
+ # If true (default) tokens issued through login are allowed to create
+ # new tokens.
+ # If false, tokens issued through login are not allowed to
+ # viewing/creating other tokens. New tokens can only be created
+ # by going through login again.
+ IssueTrustedTokens: true
+
# When the token is returned to a client, the token itself may
- # be restricted from manipulating other tokens based on whether
+ # be restricted from viewing/creating other tokens based on whether
# the client is "trusted" or not. The local Workbench1 and
# Workbench2 are trusted by default, but if this is a
# LoginCluster, you probably want to include the other Workbench
# Minimum time between two attempts to run the same container
MinRetryPeriod: 0s
+ # Container runtime: "docker" (default) or "singularity" (experimental)
+ RuntimeEngine: docker
+
Logging:
# When you run the db:delete_old_container_logs task, it will find
# containers that have been finished for at least this many seconds,
"Containers.MaxRetryAttempts": true,
"Containers.MinRetryPeriod": true,
"Containers.ReserveExtraRAM": true,
+ "Containers.RuntimeEngine": true,
"Containers.ShellAccess": true,
"Containers.ShellAccess.Admin": true,
"Containers.ShellAccess.User": true,
"Login.Test.Enable": true,
"Login.Test.Users": false,
"Login.TokenLifetime": false,
+ "Login.IssueTrustedTokens": false,
"Login.TrustedClients": false,
"Mail": true,
"Mail.EmailFrom": false,
# Default value zero means tokens don't have expiration.
TokenLifetime: 0s
+ # If true (default) tokens issued through login are allowed to create
+ # new tokens.
+ # If false, tokens issued through login are not allowed to
+ # viewing/creating other tokens. New tokens can only be created
+ # by going through login again.
+ IssueTrustedTokens: true
+
# When the token is returned to a client, the token itself may
- # be restricted from manipulating other tokens based on whether
+ # be restricted from viewing/creating other tokens based on whether
# the client is "trusted" or not. The local Workbench1 and
# Workbench2 are trusted by default, but if this is a
# LoginCluster, you probably want to include the other Workbench
# Minimum time between two attempts to run the same container
MinRetryPeriod: 0s
+ # Container runtime: "docker" (default) or "singularity" (experimental)
+ RuntimeEngine: docker
+
Logging:
# When you run the db:delete_old_container_logs task, it will find
# containers that have been finished for at least this many seconds,
"wget",
"xvfb",
)
+ if dev || test {
+ pkgs = append(pkgs,
+ "squashfs-tools", // for singularity
+ )
+ }
switch {
case osv.Debian && osv.Major >= 10:
pkgs = append(pkgs, "libcurl4")
} else {
err = inst.runBash(`
cd /tmp
+ rm -rf /var/lib/arvados/go/
wget --progress=dot:giga -O- https://storage.googleapis.com/golang/go`+goversion+`.linux-amd64.tar.gz | tar -C /var/lib/arvados -xzf -
ln -sf /var/lib/arvados/go/bin/* /usr/local/bin/
`, stdout, stderr)
}
}
+ singularityversion := "3.5.2"
+ if havesingularityversion, err := exec.Command("/var/lib/arvados/bin/singularity", "--version").CombinedOutput(); err == nil && strings.Contains(string(havesingularityversion), singularityversion) {
+ logger.Print("singularity " + singularityversion + " already installed")
+ } else if dev || test {
+ err = inst.runBash(`
+S=`+singularityversion+`
+tmp=/var/lib/arvados/tmp/singularity
+trap "rm -r ${tmp}" ERR EXIT
+cd /var/lib/arvados/tmp
+git clone https://github.com/sylabs/singularity
+cd singularity
+git checkout v${S}
+./mconfig --prefix=/var/lib/arvados
+make -C ./builddir
+make -C ./builddir install
+rm -r ${tmp}
+`, stdout, stderr)
+ if err != nil {
+ return 1
+ }
+ }
+
// The entry in /etc/locale.gen is "en_US.UTF-8"; once
// it's installed, locale -a reports it as
// "en_US.utf8".
RemoteTokenRefresh Duration
TokenLifetime Duration
TrustedClients map[string]struct{}
+ IssueTrustedTokens bool
}
Mail struct {
MailchimpAPIKey string
StaleLockTimeout Duration
SupportedDockerImageFormats StringSet
UsePreemptibleInstances bool
+ RuntimeEngine string
JobsAPI struct {
Enable string