Project

General

Profile

Cluster configuration » History » Version 16

Tom Clegg, 01/16/2019 09:17 PM

1 1 Tom Clegg
h1. Cluster configuration
2
3
We are (2018) consolidating configuration from per-microservice yaml/json/ini files into a single cluster configuration document that is used by all components.
4
* Long term: system nodes automatically keep their configs synchronized (using something like consul).
5
* Short term: sysadmin uses tools like puppet and terraform to ensure /etc/arvados/config.yml is identical on all system nodes.
6
* Hosts without config files (e.g., hosts outside the cluster) can retrieve the config document from the API server.
7
8
h2. Discovery document
9
10
Previously, we copied selected config values from the API server config into the API discovery document so clients could see them. When clients can get the configuration document itself, this won't be needed. The discovery document should advertise APIs provided by the server, not cluster configuration.
11
12 7 Tom Clegg
h2. Secrets
13
14
Secrets like BlobSigningKey can be given literally in the config file (convenient for dev/test, consul-template, etc) or indirectly using a secret backend. Anticipated backends:
15
* <code class="yaml">BlobSigningKey: foobar</code> &rArr; the secret is literally <code>foobar</code>
16
* <code class="yaml">BlobSigningKey: "vault:foobar"</code> &rArr; the secret can be obtained from vault using the vault key "foobar"
17
* <code class="yaml">BlobSigningKey: "file:/foobar"</code> &rArr; the secret can be read from the local file @/foobar@
18
* <code class="yaml">BlobSigningKey: "env:FOOBAR"</code> &rArr; the secret can be read from the environment variable @FOOBAR@
19
20 1 Tom Clegg
h2. Example config file
21
22
(Format not yet frozen!)
23
24
<pre><code class="yaml">
25
Clusters:
26
  xyzzy:
27 16 Tom Clegg
    ManagementToken: eec1999ccb6d75840a2c09bc70b6d3cbc990744e
28 1 Tom Clegg
    BlobSigningKey: ungu355able
29
    BlobSignatureTTL: 172800
30 6 Tom Clegg
    SessionKey: 186005aa54cab1ca95a3738e6e954e0a35a96d3d13a8ea541f4156e8d067b4f3
31 4 Tom Clegg
    PostgreSQL:
32 11 Tom Clegg
      ConnectionPool: 32 # max concurrent connections per arvados server daemon
33 10 Tom Clegg
      Connection:
34
        # All parameters here are passed to the PG client library in a connection string;
35
        # see https://www.postgresql.org/docs/current/static/libpq-connect.html#LIBPQ-PARAMKEYWORDS
36
        Host: localhost
37
        Port: 5432
38
        User: arvados
39
        Password: s3cr3t
40
        DBName: arvados_production
41
        client_encoding: utf8
42
        fallback_application_name: arvados
43 4 Tom Clegg
    HTTPRequestTimeout: 5m
44 6 Tom Clegg
    Defaults:
45
      CollectionReplication: 2
46
      TrashLifetime: 2w
47
    UserActivation:
48
      ActivateNewUsers: true
49
      AutoAdminUser: root@example.com
50
      UserProfileNotificationAddress: notify@example.com
51 8 Tom Clegg
      NewUserNotificationRecipients: {}
52
      NewInactiveUserNotificationRecipients: {}
53 15 Tom Clegg
    RequestLimits:
54 6 Tom Clegg
      MaxRequestLogParamsSize: 2KB
55
      MaxRequestSize: 128MiB
56
      MaxIndexDatabaseRead: 128MiB
57 1 Tom Clegg
      MaxItemsPerResponse: 1000
58 15 Tom Clegg
      MultiClusterRequestConcurrency: 4
59 14 Tom Clegg
    LogLevel: info
60
    CloudVMs:
61
      BootTimeout: 20m
62
      Driver: Amazon
63
      DriverParameters:
64 13 Lucas Di Pentima
        Region: us-east-1
65 14 Tom Clegg
        APITimeout: 20s
66
        EC2Key: abcdef
67
        EC2Secret: abcdefghijklmnopqrstuvwxyz
68
        StorageKey: abcdef
69
        StorageSecret: abcdefghijklmnopqrstuvwxyz
70
        ImageID: ami-0a01b48b88d14541e
71
        SubnetID: subnet-24f5ae62
72
        SecurityGroups: sg-3ec53e2a
73 13 Lucas Di Pentima
    AuditLogs:
74
      MaxAge: 2w
75 6 Tom Clegg
      DeleteBatchSize: 100000
76
      UnloggedAttributes: {} # example: {"manifest_text": true}
77
    ContainerLogStream:
78 8 Tom Clegg
      BatchSize: 4KiB
79 6 Tom Clegg
      BatchTime: 1s
80
      ThrottlePeriod: 1m
81
      ThrottleThresholdSize: 64KiB
82
      ThrottleThresholdLines: 1024
83
      TruncateSize: 64MiB
84
      PartialLineThrottlePeriod: 5s
85
    Timers:
86
      TrashSweepInterval: 60s
87 14 Tom Clegg
      ContainerDispatchPollInterval: 10s
88
      APIRequestTimeout: 20s
89 6 Tom Clegg
    Scaling:
90
      MaxComputeNodes: 64
91
      EnablePreemptibleInstances: false
92 8 Tom Clegg
    DisableAPIMethods: {} # example: {"jobs.create": true}
93
    DockerImageFormats: {"v2": true}
94 6 Tom Clegg
    Crunch1:
95
      Enable: true
96
      CrunchJobWrapper: none
97
      CrunchJobUser: crunch
98 12 Tom Clegg
      CrunchRefreshTrigger: /tmp/crunch_refresh_trigger
99 6 Tom Clegg
      DefaultDockerImage: false
100 4 Tom Clegg
    NodeProfiles:
101
      # Key is a profile name; can be specified on service prog command line, defaults to $(hostname)
102
      keep:
103
        # Don’t run other services automatically -- only specified ones
104
        Default: {Disable: true}
105
        Keepstore: {Listen: ":25107"}
106
      apiserver:
107
        Default: {Disable: true}
108
        RailsAPI: {Listen: ":9000", TLS: true}
109
        Controller: {Listen: ":9100"}
110 1 Tom Clegg
        Websocket: {Listen: ":9101"}
111
        Health: {Listen: ":9199"}
112
      keep:
113
        Default: {Disable: true}
114
        KeepProxy: {Listen: ":9102"}
115
        KeepWeb: {Listen: ":9103"}
116
      *:
117
        # This section used for a node whose profile name is not listed above
118 13 Lucas Di Pentima
        Default: {Disable: false} # (this is the default behavior)
119
    Volumes:
120
      xyzzy-keep-0:
121
        Type: s3
122
        Region: us-east
123
        Bucket: xyzzy-keep-0
124
        # [rest of keepstore volume config goes here]
125 4 Tom Clegg
    WebRoutes:
126 5 Tom Clegg
      # “default” means route according to method/host/path (e.g., if host is a login shell, route there)
127 4 Tom Clegg
      xyzzy.arvadosapi.com: default
128
      # “collections” means always route to keep-web
129
      collections.xyzzy.arvadosapi.com: collections
130
      # leading * is a wildcard (longest match wins)
131
      "*--collections.xyzzy.arvadosapi.com": collections
132
      cloud.curoverse.com: workbench
133
      workbench.xyzzy.arvadosapi.com: workbench
134
      "*.xyzzy.arvadosapi.com": default
135 3 Tom Clegg
    InstanceTypes:
136 8 Tom Clegg
      m4.large:
137
        VCPUs: 2
138
        RAM: 8000000000
139
        Scratch: 31000000000
140
        Price: 0.1
141
      m4.large-1t:
142
        # same instance type as m4.large but our scripts attach more scratch
143
        ProviderType: m4.large
144
        VCPUs: 2
145
        RAM: 8000000000
146
        Scratch: 999000000000
147
        Price: 0.12
148
      m4.xlarge:
149
        VCPUs: 4
150
        RAM: 16000000000
151
        Scratch: 78000000000
152
        Price: 0.2
153
      m4.8xlarge:
154
        VCPUs: 40
155
        RAM: 160000000000
156
        Scratch: 156000000000
157
        Price: 2
158
      m4.16xlarge:
159
        VCPUs: 64
160
        RAM: 256000000000
161
        Scratch: 310000000000
162
        Price: 3.2
163
      c4.large:
164
        VCPUs: 2
165
        RAM: 3750000000
166
        Price: 0.1
167
      c4.8xlarge:
168
        VCPUs: 36
169
        RAM: 60000000000
170
        Price: 1.591
171 9 Tom Clegg
    RemoteClusters:
172
      xrrrr:
173
        Host: xrrrr.arvadosapi.com
174
        Proxy: true        # proxy requests to xrrrr on behalf of our clients
175
        AuthProvider: true # users authenticated by xrrrr can use our cluster
176 1 Tom Clegg
</code></pre>