git.arvados.org - arvados.git/blob - lib/config/config.default.yml

2 #

3 # SPDX-License-Identifier: AGPL-3.0

4

5 # Do not use this file for site configuration. Create

6 # /etc/arvados/config.yml instead.

7 #

8 # The order of precedence (highest to lowest):

9 # 1. Legacy component-specific config files (deprecated)

10 # 2. /etc/arvados/config.yml

11 # 3. config.default.yml

12

13 Clusters:

14 xxxxx:

15 SystemRootToken: ""

16

17 # Token to be included in all healthcheck requests. Disabled by default.

18 # Server expects request header of the format "Authorization: Bearer xxx"

19 ManagementToken: ""

20

21 Services:

22 RailsAPI:

23 InternalURLs: {}

24 GitHTTP:

25 InternalURLs: {}

26 ExternalURL: ""

27 Keepstore:

28 InternalURLs: {}

29 Controller:

30 InternalURLs: {}

31 ExternalURL: ""

32 Websocket:

33 InternalURLs: {}

34 ExternalURL: ""

35 Keepbalance:

36 InternalURLs: {}

37 GitHTTP:

38 InternalURLs: {}

39 ExternalURL: ""

40 GitSSH:

41 ExternalURL: ""

42 DispatchCloud:

43 InternalURLs: {}

44 SSO:

45 ExternalURL: ""

46 Keepproxy:

47 InternalURLs: {}

48 ExternalURL: ""

49 WebDAV:

50 InternalURLs: {}

51 ExternalURL: ""

52 WebDAVDownload:

53 InternalURLs: {}

54 ExternalURL: ""

55 Keepstore:

56 InternalURLs: {}

57 Composer:

58 ExternalURL: ""

59 WebShell:

60 ExternalURL: ""

61 Workbench1:

62 InternalURLs: {}

63 ExternalURL: ""

64 Workbench2:

65 ExternalURL: ""

66 PostgreSQL:

67 # max concurrent connections per arvados server daemon

68 ConnectionPool: 32

69 Connection:

70 # All parameters here are passed to the PG client library in a connection string;

71 # see https://www.postgresql.org/docs/current/static/libpq-connect.html#LIBPQ-PARAMKEYWORDS

72 Host: ""

73 Port: 0

74 User: ""

75 Password: ""

76 DBName: ""

77 API:

78 # Maximum size (in bytes) allowed for a single API request. This

79 # limit is published in the discovery document for use by clients.

80 # Note: You must separately configure the upstream web server or

81 # proxy to actually enforce the desired maximum request size on the

82 # server side.

83 MaxRequestSize: 134217728

84

85 # Limit the number of bytes read from the database during an index

86 # request (by retrieving and returning fewer rows than would

87 # normally be returned in a single response).

88 # Note 1: This setting never reduces the number of returned rows to

89 # zero, no matter how big the first data row is.

90 # Note 2: Currently, this is only checked against a specific set of

91 # columns that tend to get large (collections.manifest_text,

92 # containers.mounts, workflows.definition). Other fields (e.g.,

93 # "properties" hashes) are not counted against this limit.

94 MaxIndexDatabaseRead: 134217728

95

96 # Maximum number of items to return when responding to a APIs that

97 # can return partial result sets using limit and offset parameters

98 # (e.g., *.index, groups.contents). If a request specifies a "limit"

99 # parameter higher than this value, this value is used instead.

100 MaxItemsPerResponse: 1000

101

102 # API methods to disable. Disabled methods are not listed in the

103 # discovery document, and respond 404 to all requests.

104 # Example: ["jobs.create", "pipeline_instances.create"]

105 DisabledAPIs: []

106

107 # Interval (seconds) between asynchronous permission view updates. Any

108 # permission-updating API called with the 'async' parameter schedules a an

109 # update on the permission view in the future, if not already scheduled.

110 AsyncPermissionsUpdateInterval: 20

111

112 Users:

113 # Config parameters to automatically setup new users. If enabled,

114 # this users will be able to self-activate. Enable this if you want

115 # to run an open instance where anyone can create an account and use

116 # the system without requiring manual approval.

117 #

118 # The params auto_setup_new_users_with_* are meaningful only when auto_setup_new_users is turned on.

119 # auto_setup_name_blacklist is a list of usernames to be blacklisted for auto setup.

120 AutoSetupNewUsers: false

121 AutoSetupNewUsersWithVmUUID: ""

122 AutoSetupNewUsersWithRepository: false

123 AutoSetupUsernameBlacklist: [arvados, git, gitolite, gitolite-admin, root, syslog]

124

125 # When new_users_are_active is set to true, new users will be active

126 # immediately. This skips the "self-activate" step which enforces

127 # user agreements. Should only be enabled for development.

128 NewUsersAreActive: false

129

130 # The e-mail address of the user you would like to become marked as an admin

131 # user on their first login.

132 # In the default configuration, authentication happens through the Arvados SSO

133 # server, which uses OAuth2 against Google's servers, so in that case this

134 # should be an address associated with a Google account.

135 AutoAdminUserWithEmail: ""

136

137 # If auto_admin_first_user is set to true, the first user to log in when no

138 # other admin users exist will automatically become an admin user.

139 AutoAdminFirstUser: false

140

141 # Email address to notify whenever a user creates a profile for the

142 # first time

143 UserProfileNotificationAddress: ""

144 AdminNotifierEmailFrom: arvados@example.com

145 EmailSubjectPrefix: "[ARVADOS] "

146 UserNotifierEmailFrom: arvados@example.com

147 NewUserNotificationRecipients: []

148 NewInactiveUserNotificationRecipients: []

149

150 AuditLogs:

151 # Time to keep audit logs, in seconds. (An audit log is a row added

152 # to the "logs" table in the PostgreSQL database each time an

153 # Arvados object is created, modified, or deleted.)

154 #

155 # Currently, websocket event notifications rely on audit logs, so

156 # this should not be set lower than 600 (5 minutes).

157 MaxAge: 1209600

158

159 # Maximum number of log rows to delete in a single SQL transaction.

160 #

161 # If max_audit_log_delete_batch is 0, log entries will never be

162 # deleted by Arvados. Cleanup can be done by an external process

163 # without affecting any Arvados system processes, as long as very

164 # recent (<5 minutes old) logs are not deleted.

165 #

166 # 100000 is a reasonable batch size for most sites.

167 MaxDeleteBatch: 0

168

169 # Attributes to suppress in events and audit logs. Notably,

170 # specifying ["manifest_text"] here typically makes the database

171 # smaller and faster.

172 #

173 # Warning: Using any non-empty value here can have undesirable side

174 # effects for any client or component that relies on event logs.

175 # Use at your own risk.

176 UnloggedAttributes: []

177

178 SystemLogs:

179 # Maximum characters of (JSON-encoded) query parameters to include

180 # in each request log entry. When params exceed this size, they will

181 # be JSON-encoded, truncated to this size, and logged as

182 # params_truncated.

183 MaxRequestLogParamsSize: 2000

184

185 Collections:

186 # Allow clients to create collections by providing a manifest with

187 # unsigned data blob locators. IMPORTANT: This effectively disables

188 # access controls for data stored in Keep: a client who knows a hash

189 # can write a manifest that references the hash, pass it to

190 # collections.create (which will create a permission link), use

191 # collections.get to obtain a signature for that data locator, and

192 # use that signed locator to retrieve the data from Keep. Therefore,

193 # do not turn this on if your users expect to keep data private from

194 # one another!

195 BlobSigning: true

196

197 # blob_signing_key is a string of alphanumeric characters used to

198 # generate permission signatures for Keep locators. It must be

199 # identical to the permission key given to Keep. IMPORTANT: This is

200 # a site secret. It should be at least 50 characters.

201 #

202 # Modifying blob_signing_key will invalidate all existing

203 # signatures, which can cause programs to fail (e.g., arv-put,

204 # arv-get, and Crunch jobs). To avoid errors, rotate keys only when

205 # no such processes are running.

206 BlobSigningKey: ""

207

208 # Default replication level for collections. This is used when a

209 # collection's replication_desired attribute is nil.

210 DefaultReplication: 2

211

212 # Lifetime (in seconds) of blob permission signatures generated by

213 # the API server. This determines how long a client can take (after

214 # retrieving a collection record) to retrieve the collection data

215 # from Keep. If the client needs more time than that (assuming the

216 # collection still has the same content and the relevant user/token

217 # still has permission) the client can retrieve the collection again

218 # to get fresh signatures.

219 #

220 # This must be exactly equal to the -blob-signature-ttl flag used by

221 # keepstore servers. Otherwise, reading data blocks and saving

222 # collections will fail with HTTP 403 permission errors.

223 #

224 # Modifying blob_signature_ttl invalidates existing signatures; see

225 # blob_signing_key note above.

226 #

227 # The default is 2 weeks.

228 BlobSigningTTL: 1209600

229

230 # Default lifetime for ephemeral collections: 2 weeks. This must not

231 # be less than blob_signature_ttl.

232 DefaultTrashLifetime: 1209600

233

234 # Interval (seconds) between trash sweeps. During a trash sweep,

235 # collections are marked as trash if their trash_at time has

236 # arrived, and deleted if their delete_at time has arrived.

237 TrashSweepInterval: 60

238

239 # If true, enable collection versioning.

240 # When a collection's preserve_version field is true or the current version

241 # is older than the amount of seconds defined on preserve_version_if_idle,

242 # a snapshot of the collection's previous state is created and linked to

243 # the current collection.

244 CollectionVersioning: false

245

246 # 0 = auto-create a new version on every update.

247 # -1 = never auto-create new versions.

248 # > 0 = auto-create a new version when older than the specified number of seconds.

249 PreserveVersionIfIdle: -1

250

251 Login:

252 # These settings are provided by your OAuth2 provider (e.g.,

253 # sso-provider).

254 ProviderAppSecret: ""

255 ProviderAppID: ""

256

257 Git:

258 # Git repositories must be readable by api server, or you won't be

259 # able to submit crunch jobs. To pass the test suites, put a clone

260 # of the arvados tree in {git_repositories_dir}/arvados.git or

261 # {git_repositories_dir}/arvados/.git

262 Repositories: /var/lib/arvados/git/repositories

263

264 TLS:

265 Insecure: false

266

267 Containers:

268 # List of supported Docker Registry image formats that compute nodes

269 # are able to use. `arv keep docker` will error out if a user tries

270 # to store an image with an unsupported format. Use an empty array

271 # to skip the compatibility check (and display a warning message to

272 # that effect).

273 #

274 # Example for sites running docker < 1.10: ["v1"]

275 # Example for sites running docker >= 1.10: ["v2"]

276 # Example for disabling check: []

277 SupportedDockerImageFormats: ["v2"]

278

279 # Include details about job reuse decisions in the server log. This

280 # causes additional database queries to run, so it should not be

281 # enabled unless you expect to examine the resulting logs for

282 # troubleshooting purposes.

283 LogReuseDecisions: false

284

285 # Default value for keep_cache_ram of a container's runtime_constraints.

286 DefaultKeepCacheRAM: 268435456

287

288 # Number of times a container can be unlocked before being

289 # automatically cancelled.

290 MaxDispatchAttempts: 5

291

292 # Default value for container_count_max for container requests. This is the

293 # number of times Arvados will create a new container to satisfy a container

294 # request. If a container is cancelled it will retry a new container if

295 # container_count < container_count_max on any container requests associated

296 # with the cancelled container.

297 MaxRetryAttempts: 3

298

299 # The maximum number of compute nodes that can be in use simultaneously

300 # If this limit is reduced, any existing nodes with slot number >= new limit

301 # will not be counted against the new limit. In other words, the new limit

302 # won't be strictly enforced until those nodes with higher slot numbers

303 # go down.

304 MaxComputeVMs: 64

305

306 # Preemptible instance support (e.g. AWS Spot Instances)

307 # When true, child containers will get created with the preemptible

308 # scheduling parameter parameter set.

309 UsePreemptibleInstances: false

310

311 # Include details about job reuse decisions in the server log. This

312 # causes additional database queries to run, so it should not be

313 # enabled unless you expect to examine the resulting logs for

314 # troubleshooting purposes.

315 LogReuseDecisions: false

316

317 Logging:

318 # When you run the db:delete_old_container_logs task, it will find

319 # containers that have been finished for at least this many seconds,

320 # and delete their stdout, stderr, arv-mount, crunch-run, and

321 # crunchstat logs from the logs table.

322 MaxAge: 720h

323

324 # These two settings control how frequently log events are flushed to the

325 # database. Log lines are buffered until either crunch_log_bytes_per_event

326 # has been reached or crunch_log_seconds_between_events has elapsed since

327 # the last flush.

328 LogBytesPerEvent: 4096

329 LogSecondsBetweenEvents: 1

330

331 # The sample period for throttling logs, in seconds.

332 LogThrottlePeriod: 60

333

334 # Maximum number of bytes that job can log over crunch_log_throttle_period

335 # before being silenced until the end of the period.

336 LogThrottleBytes: 65536

337

338 # Maximum number of lines that job can log over crunch_log_throttle_period

339 # before being silenced until the end of the period.

340 LogThrottleLines: 1024

341

342 # Maximum bytes that may be logged by a single job. Log bytes that are

343 # silenced by throttling are not counted against this total.

344 LimitLogBytesPerJob: 67108864

345

346 LogPartialLineThrottlePeriod: 5

347

348 # Container logs are written to Keep and saved in a collection,

349 # which is updated periodically while the container runs. This

350 # value sets the interval (given in seconds) between collection

351 # updates.

352 LogUpdatePeriod: 1800

353

354 # The log collection is also updated when the specified amount of

355 # log data (given in bytes) is produced in less than one update

356 # period.

357 LogUpdateSize: 33554432

358

359 SLURM:

360 Managed:

361 # Path to dns server configuration directory

362 # (e.g. /etc/unbound.d/conf.d). If false, do not write any config

363 # files or touch restart.txt (see below).

364 DNSServerConfDir: ""

365

366 # Template file for the dns server host snippets. See

367 # unbound.template in this directory for an example. If false, do

368 # not write any config files.

369 DNSServerConfTemplate: ""

370

371 # String to write to {dns_server_conf_dir}/restart.txt (with a

372 # trailing newline) after updating local data. If false, do not

373 # open or write the restart.txt file.

374 DNSServerReloadCommand: ""

375

376 # Command to run after each DNS update. Template variables will be

377 # substituted; see the "unbound" example below. If false, do not run

378 # a command.

379 DNSServerUpdateCommand: ""

380

381 ComputeNodeDomain: ""

382 ComputeNodeNameservers:

383 - 192.168.1.1

384

385 # Hostname to assign to a compute node when it sends a "ping" and the

386 # hostname in its Node record is nil.

387 # During bootstrapping, the "ping" script is expected to notice the

388 # hostname given in the ping response, and update its unix hostname

389 # accordingly.

390 # If false, leave the hostname alone (this is appropriate if your compute

391 # nodes' hostnames are already assigned by some other mechanism).

392 #

393 # One way or another, the hostnames of your node records should agree

394 # with your DNS records and your /etc/slurm-llnl/slurm.conf files.

395 #

396 # Example for compute0000, compute0001, ....:

397 # assign_node_hostname: compute%<slot_number>04d

398 # (See http://ruby-doc.org/core-2.2.2/Kernel.html#method-i-format for more.)

399 AssignNodeHostname: "compute%<slot_number>d"

400

401 JobsAPI:

402 # Enable the legacy Jobs API. This value must be a string.

403 # 'auto' -- (default) enable the Jobs API only if it has been used before

404 # (i.e., there are job records in the database)

405 # 'true' -- enable the Jobs API despite lack of existing records.

406 # 'false' -- disable the Jobs API despite presence of existing records.

407 Enable: 'auto'

408

409 # Git repositories must be readable by api server, or you won't be

410 # able to submit crunch jobs. To pass the test suites, put a clone

411 # of the arvados tree in {git_repositories_dir}/arvados.git or

412 # {git_repositories_dir}/arvados/.git

413 GitInternalDir: /var/lib/arvados/internal.git

414

415 # Docker image to be used when none found in runtime_constraints of a job

416 DefaultDockerImage: ""

417

418 # none or slurm_immediate

419 CrunchJobWrapper: none

420

421 # username, or false = do not set uid when running jobs.

422 CrunchJobUser: crunch

423

424 # The web service must be able to create/write this file, and

425 # crunch-job must be able to stat() it.

426 CrunchRefreshTrigger: /tmp/crunch_refresh_trigger

427

428 # Control job reuse behavior when two completed jobs match the

429 # search criteria and have different outputs.

430 #

431 # If true, in case of a conflict, reuse the earliest job (this is

432 # similar to container reuse behavior).

433 #

434 # If false, in case of a conflict, do not reuse any completed job,

435 # but do reuse an already-running job if available (this is the

436 # original job reuse behavior, and is still the default).

437 ReuseJobIfOutputsDiffer: false

438

439 Mail:

440 MailchimpAPIKey: ""

441 MailchimpListID: ""

442 SendUserSetupNotificationEmail: ""

443 IssueReporterEmailFrom: ""

444 IssueReporterEmailTo: ""

445 SupportEmailAddress: ""

446 EmailFrom: ""

447 RemoteClusters:

448 "*":

449 Proxy: false

450 ActivateUsers: false