Cluster configuration » History » Version 16
Tom Clegg, 01/16/2019 09:17 PM
1 | 1 | Tom Clegg | h1. Cluster configuration |
---|---|---|---|
2 | |||
3 | We are (2018) consolidating configuration from per-microservice yaml/json/ini files into a single cluster configuration document that is used by all components. |
||
4 | * Long term: system nodes automatically keep their configs synchronized (using something like consul). |
||
5 | * Short term: sysadmin uses tools like puppet and terraform to ensure /etc/arvados/config.yml is identical on all system nodes. |
||
6 | * Hosts without config files (e.g., hosts outside the cluster) can retrieve the config document from the API server. |
||
7 | |||
8 | h2. Discovery document |
||
9 | |||
10 | Previously, we copied selected config values from the API server config into the API discovery document so clients could see them. When clients can get the configuration document itself, this won't be needed. The discovery document should advertise APIs provided by the server, not cluster configuration. |
||
11 | |||
12 | 7 | Tom Clegg | h2. Secrets |
13 | |||
14 | Secrets like BlobSigningKey can be given literally in the config file (convenient for dev/test, consul-template, etc) or indirectly using a secret backend. Anticipated backends: |
||
15 | * <code class="yaml">BlobSigningKey: foobar</code> ⇒ the secret is literally <code>foobar</code> |
||
16 | * <code class="yaml">BlobSigningKey: "vault:foobar"</code> ⇒ the secret can be obtained from vault using the vault key "foobar" |
||
17 | * <code class="yaml">BlobSigningKey: "file:/foobar"</code> ⇒ the secret can be read from the local file @/foobar@ |
||
18 | * <code class="yaml">BlobSigningKey: "env:FOOBAR"</code> ⇒ the secret can be read from the environment variable @FOOBAR@ |
||
19 | |||
20 | 1 | Tom Clegg | h2. Example config file |
21 | |||
22 | (Format not yet frozen!) |
||
23 | |||
24 | <pre><code class="yaml"> |
||
25 | Clusters: |
||
26 | xyzzy: |
||
27 | 16 | Tom Clegg | ManagementToken: eec1999ccb6d75840a2c09bc70b6d3cbc990744e |
28 | 1 | Tom Clegg | BlobSigningKey: ungu355able |
29 | BlobSignatureTTL: 172800 |
||
30 | 6 | Tom Clegg | SessionKey: 186005aa54cab1ca95a3738e6e954e0a35a96d3d13a8ea541f4156e8d067b4f3 |
31 | 4 | Tom Clegg | PostgreSQL: |
32 | 11 | Tom Clegg | ConnectionPool: 32 # max concurrent connections per arvados server daemon |
33 | 10 | Tom Clegg | Connection: |
34 | # All parameters here are passed to the PG client library in a connection string; |
||
35 | # see https://www.postgresql.org/docs/current/static/libpq-connect.html#LIBPQ-PARAMKEYWORDS |
||
36 | Host: localhost |
||
37 | Port: 5432 |
||
38 | User: arvados |
||
39 | Password: s3cr3t |
||
40 | DBName: arvados_production |
||
41 | client_encoding: utf8 |
||
42 | fallback_application_name: arvados |
||
43 | 4 | Tom Clegg | HTTPRequestTimeout: 5m |
44 | 6 | Tom Clegg | Defaults: |
45 | CollectionReplication: 2 |
||
46 | TrashLifetime: 2w |
||
47 | UserActivation: |
||
48 | ActivateNewUsers: true |
||
49 | AutoAdminUser: root@example.com |
||
50 | UserProfileNotificationAddress: notify@example.com |
||
51 | 8 | Tom Clegg | NewUserNotificationRecipients: {} |
52 | NewInactiveUserNotificationRecipients: {} |
||
53 | 15 | Tom Clegg | RequestLimits: |
54 | 6 | Tom Clegg | MaxRequestLogParamsSize: 2KB |
55 | MaxRequestSize: 128MiB |
||
56 | MaxIndexDatabaseRead: 128MiB |
||
57 | 1 | Tom Clegg | MaxItemsPerResponse: 1000 |
58 | 15 | Tom Clegg | MultiClusterRequestConcurrency: 4 |
59 | 14 | Tom Clegg | LogLevel: info |
60 | CloudVMs: |
||
61 | BootTimeout: 20m |
||
62 | Driver: Amazon |
||
63 | DriverParameters: |
||
64 | 13 | Lucas Di Pentima | Region: us-east-1 |
65 | 14 | Tom Clegg | APITimeout: 20s |
66 | EC2Key: abcdef |
||
67 | EC2Secret: abcdefghijklmnopqrstuvwxyz |
||
68 | StorageKey: abcdef |
||
69 | StorageSecret: abcdefghijklmnopqrstuvwxyz |
||
70 | ImageID: ami-0a01b48b88d14541e |
||
71 | SubnetID: subnet-24f5ae62 |
||
72 | SecurityGroups: sg-3ec53e2a |
||
73 | 13 | Lucas Di Pentima | AuditLogs: |
74 | MaxAge: 2w |
||
75 | 6 | Tom Clegg | DeleteBatchSize: 100000 |
76 | UnloggedAttributes: {} # example: {"manifest_text": true} |
||
77 | ContainerLogStream: |
||
78 | 8 | Tom Clegg | BatchSize: 4KiB |
79 | 6 | Tom Clegg | BatchTime: 1s |
80 | ThrottlePeriod: 1m |
||
81 | ThrottleThresholdSize: 64KiB |
||
82 | ThrottleThresholdLines: 1024 |
||
83 | TruncateSize: 64MiB |
||
84 | PartialLineThrottlePeriod: 5s |
||
85 | Timers: |
||
86 | TrashSweepInterval: 60s |
||
87 | 14 | Tom Clegg | ContainerDispatchPollInterval: 10s |
88 | APIRequestTimeout: 20s |
||
89 | 6 | Tom Clegg | Scaling: |
90 | MaxComputeNodes: 64 |
||
91 | EnablePreemptibleInstances: false |
||
92 | 8 | Tom Clegg | DisableAPIMethods: {} # example: {"jobs.create": true} |
93 | DockerImageFormats: {"v2": true} |
||
94 | 6 | Tom Clegg | Crunch1: |
95 | Enable: true |
||
96 | CrunchJobWrapper: none |
||
97 | CrunchJobUser: crunch |
||
98 | 12 | Tom Clegg | CrunchRefreshTrigger: /tmp/crunch_refresh_trigger |
99 | 6 | Tom Clegg | DefaultDockerImage: false |
100 | 4 | Tom Clegg | NodeProfiles: |
101 | # Key is a profile name; can be specified on service prog command line, defaults to $(hostname) |
||
102 | keep: |
||
103 | # Don’t run other services automatically -- only specified ones |
||
104 | Default: {Disable: true} |
||
105 | Keepstore: {Listen: ":25107"} |
||
106 | apiserver: |
||
107 | Default: {Disable: true} |
||
108 | RailsAPI: {Listen: ":9000", TLS: true} |
||
109 | Controller: {Listen: ":9100"} |
||
110 | 1 | Tom Clegg | Websocket: {Listen: ":9101"} |
111 | Health: {Listen: ":9199"} |
||
112 | keep: |
||
113 | Default: {Disable: true} |
||
114 | KeepProxy: {Listen: ":9102"} |
||
115 | KeepWeb: {Listen: ":9103"} |
||
116 | *: |
||
117 | # This section used for a node whose profile name is not listed above |
||
118 | 13 | Lucas Di Pentima | Default: {Disable: false} # (this is the default behavior) |
119 | Volumes: |
||
120 | xyzzy-keep-0: |
||
121 | Type: s3 |
||
122 | Region: us-east |
||
123 | Bucket: xyzzy-keep-0 |
||
124 | # [rest of keepstore volume config goes here] |
||
125 | 4 | Tom Clegg | WebRoutes: |
126 | 5 | Tom Clegg | # “default” means route according to method/host/path (e.g., if host is a login shell, route there) |
127 | 4 | Tom Clegg | xyzzy.arvadosapi.com: default |
128 | # “collections” means always route to keep-web |
||
129 | collections.xyzzy.arvadosapi.com: collections |
||
130 | # leading * is a wildcard (longest match wins) |
||
131 | "*--collections.xyzzy.arvadosapi.com": collections |
||
132 | cloud.curoverse.com: workbench |
||
133 | workbench.xyzzy.arvadosapi.com: workbench |
||
134 | "*.xyzzy.arvadosapi.com": default |
||
135 | 3 | Tom Clegg | InstanceTypes: |
136 | 8 | Tom Clegg | m4.large: |
137 | VCPUs: 2 |
||
138 | RAM: 8000000000 |
||
139 | Scratch: 31000000000 |
||
140 | Price: 0.1 |
||
141 | m4.large-1t: |
||
142 | # same instance type as m4.large but our scripts attach more scratch |
||
143 | ProviderType: m4.large |
||
144 | VCPUs: 2 |
||
145 | RAM: 8000000000 |
||
146 | Scratch: 999000000000 |
||
147 | Price: 0.12 |
||
148 | m4.xlarge: |
||
149 | VCPUs: 4 |
||
150 | RAM: 16000000000 |
||
151 | Scratch: 78000000000 |
||
152 | Price: 0.2 |
||
153 | m4.8xlarge: |
||
154 | VCPUs: 40 |
||
155 | RAM: 160000000000 |
||
156 | Scratch: 156000000000 |
||
157 | Price: 2 |
||
158 | m4.16xlarge: |
||
159 | VCPUs: 64 |
||
160 | RAM: 256000000000 |
||
161 | Scratch: 310000000000 |
||
162 | Price: 3.2 |
||
163 | c4.large: |
||
164 | VCPUs: 2 |
||
165 | RAM: 3750000000 |
||
166 | Price: 0.1 |
||
167 | c4.8xlarge: |
||
168 | VCPUs: 36 |
||
169 | RAM: 60000000000 |
||
170 | Price: 1.591 |
||
171 | 9 | Tom Clegg | RemoteClusters: |
172 | xrrrr: |
||
173 | Host: xrrrr.arvadosapi.com |
||
174 | Proxy: true # proxy requests to xrrrr on behalf of our clients |
||
175 | AuthProvider: true # users authenticated by xrrrr can use our cluster |
||
176 | 1 | Tom Clegg | </code></pre> |