keepstore -help entry for -dump-config is unclear
command help states that
-dump-config write current configuration to stdout and exit (useful for migrating from command line flags to config file)
but it does not do that. Instead, it seems that
--dump-config "builds" a config extrapolating default values if it can't find an existing config file.
Checking keepstore config on keep4.c97qk, I get
BlobSignatureTTL: 336h0m0s BlobSigningKeyFile: "" Debug: false EnableDelete: false Listen: :25107 LogFormat: json ManagementToken: "" MaxBuffers: 128 MaxRequests: 0 PIDFile: "" RequireSignatures: true SystemAuthTokenFile: "" TrashCheckInterval: 24h0m0s TrashLifetime: 336h0m0s Volumes: 
while the current command line is
keepstore -enforce-permissions=true \ -permission-key-file=/etc/keepstore/permission.key \ -data-manager-token-file=/etc/keepstore/datamanager.key \ -listen=:25107 \ -max-buffers=22 \ -serialize=true \ -readonly=true \ -serialize=false \ -readonly=false \ -never-delete=false \ -azure-storage-account-key-file=/etc/keepstore/azure_storage_account.key \ -azure-storage-account-name=curoversec97qkblob \ -azure-storage-container-volume=c97qk-keep-0
#1 Updated by Tom Clegg about 3 years ago
Looks like we need a better way to explain what this does.
If you have no config file, and you run
keepstore with no arguments, then its configuration will consist entirely of defaults.
Thus, if you have no config file, and you run
keepstore --dump-config with no other arguments, then it will output a configuration file consisting entirely of defaults.
The intended use is
keepstore -enforce-permissions=true \ -permission-key-file=/etc/keepstore/permission.key \ -data-manager-token-file=/etc/keepstore/datamanager.key \ -listen=:25107 \ ... \ -dump-config > /etc/arvados/keepstore/keepstore.yml
This translates your legacy command line flags to a config file. Once you've done that, you can (and should) change your run script to just