-
Notifications
You must be signed in to change notification settings - Fork 0
/
cdmtaskservice_config.toml.jinja
100 lines (77 loc) · 4.51 KB
/
cdmtaskservice_config.toml.jinja
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
[Authentication]
# The URL of a KBase auth2 service
url = "{{ KBCTS_KBASE_AUTH2_URL or "https://ci.kbase.us/services/auth" }}"
# KBase auth2 custom roles that signify that a user is an admin for the CDM task service
# This is a comma delimited list, e.g. "KBASE_ADMIN, CDM_TASK_SERVICE_ADMIN"
admin_roles_full = "{{ KBCTS_KBASE_AUTH2_ADMIN_ROLES or ""}}"
# KBase auth2 custom role that signifies a user is a KBase staff member.
# This role is required to use the CDM task service.
kbase_staff_role = "{{ KBCTS_KBASE_STAFF_ROLE or "KBASE_STAFF"}}"
# KBase auth2 custom role that signifies a user possesses a NERSC account.
# This role is required to use the CDM task service.
has_nersc_account_role = "{{ KBCTS_HAS_NERSC_ACCOUNT_ROLE or "HAS_NERSC_ACCOUNT"}}"
[NERSC]
# The path to a NERSC Superfacility API (SFAPI) credential file. The file is expected to have
# the client ID as the first line and the client private key in PEM format as the remaining lines.
# Client credentials can be obtained from
# https://iris.nersc.gov -> Profile -> Superfacility API Clients
# Clients must have "red" level permissions.
# Since clients expire every 2 or 30 days, depending on whether extended lifetime clients have
# been approved for the user, the service periodically checks for updates to this file and
# reloads the contents if changed.
sfapi_cred_path = "{{ KBCTS_SFAPI_CRED_PATH or "" }}"
# The user associated with the client credentials. The user's default shell must be bash.
# If the client credentials are updated but the user doesn't match they will not be accepted.
# It is advised to create a collaboration user for the service.
# The user's scratch directory will be shared with the file_group below.
# The jaws.conf file will be created in the user's home directory on service startup, overwriting
# any extant file.
sfapi_user = "{{ KBCTS_SFAPI_USER or "" }}"
# Where to store remote code at NERSC. This must be writeable by the service account.
remote_code_dir = "{{ KBCTS_NERSC_REMOTE_CODE_DIR or "/global/cfs/cdirs/kbase/cdm_task_service" }}"
# The group with which to share downloaded data files. The JAWS user that will run jobs must
# be in the same group so it can read the input files.
file_group = "{{ KBCTS_NERSC_FILE_GROUP or "kbase" }}"
[JAWS]
# The JGI JAWS token to use to run jobs. This can be obtained from a JAWS representative.
token = "{{ KBCTS_JAWS_TOKEN or "" }}"
# The JAWS group to use to run jobs.
group = "{{ KBCTS_JAWS_GROUP or "kbase" }}"
[S3]
# The connection parameters for the S3 instance to use for data source and storage.
# See S3 requirements in the README.
# The URL of the S3 instance accessible to the service.
url = "{{ KBCTS_S3_URL or "" }}"
# The URL of the same S3 instance accessible to external, remote code. This may not be accessible
# to the service.
external_url = "{{ KBCTS_S3_EXTERNAL_URL or "" }}"
# Set to `false` to skip connection verification of the external URL at service startup.
# If the external url is accessible to the service set to `true` or any other string to verify
# the URL at startup.
verify_external_url = "{{ KBCTS_VERIFY_S3_EXTERNAL_URL or "true"}}"
# The S3 access key.
access_key = "{{ KBCTS_S3_ACCESS_KEY or "" }}"
# The S3 secret key.
access_secret = "{{ KBCTS_S3_ACCESS_SECRET or "" }}"
# Setting allow_insecure = true (and only the exact string "true") skips checking the validity of the
# SSL certificate for both the standard and external urls, leaving the service vulnerable
# to Man in the Middle attacks.
allow_insecure = "{{ KBCTS_S3_ALLOW_INSECURE or "false"}}"
[MongoDB]
# The connection parameters for MongoDB. User and password are optional. Retry writes
# sets the Mongo DB retrywrites parameter on only if the value of the key is the exact string
# "true". See https://www.mongodb.com/docs/manual/core/retryable-writes/
mongo_host = "{{ KBCTS_MONGO_HOST or "mongodb://localhost:27017" }}"
mongo_db = "{{ KBCTS_MONGO_DB or "cdmtaskservice" }}"
mongo_user = "{{ KBCTS_MONGO_USER or "" }}"
mongo_pwd = "{{ KBCTS_MONGO_PWD or "" }}"
mongo_retrywrites = "{{ KBCTS_MONGO_RETRYWRITES or "" }}"
[Images]
# The path to a crane executable. See the read me for details.
crane_path = "{{ KBCTS_CRANE_PATH or "" }}"
[Service]
# The root URL of the service. This is used to construct callback URLs for remote code.
root_url = "{{ KBCTS_SERVICE_ROOT_URL or "https://ci.kbase.us/services/cts" }}"
# If the service is behind a reverse proxy that rewrites the service path, that path needs
# to be defined here in order for the OpenAPI documentation to function.
root_path = "{{ KBCTS_SERVICE_ROOT_PATH or "" }}"