Version 7 - History - Cluster configuration - Arvados

Cluster configuration » History » Version 7

Tom Clegg, 06/19/2018 08:34 PM

-Tom Clegg
+h1. Cluster configuration
 We are (2018) consolidating configuration from per-microservice yaml/json/ini files into a single cluster configuration document that is used by all components.
 * Long term: system nodes automatically keep their configs synchronized (using something like consul).
 * Short term: sysadmin uses tools like puppet and terraform to ensure /etc/arvados/config.yml is identical on all system nodes.
 * Hosts without config files (e.g., hosts outside the cluster) can retrieve the config document from the API server.
 h2. Discovery document
 Previously, we copied selected config values from the API server config into the API discovery document so clients could see them. When clients can get the configuration document itself, this won't be needed. The discovery document should advertise APIs provided by the server, not cluster configuration.
-Tom Clegg
+h2. Secrets
 Secrets like BlobSigningKey can be given literally in the config file (convenient for dev/test, consul-template, etc) or indirectly using a secret backend. Anticipated backends:
 * <code class="yaml">BlobSigningKey: foobar</code> &rArr; the secret is literally <code>foobar</code>
 * <code class="yaml">BlobSigningKey: "vault:foobar"</code> &rArr; the secret can be obtained from vault using the vault key "foobar"
 * <code class="yaml">BlobSigningKey: "file:/foobar"</code> &rArr; the secret can be read from the local file @/foobar@
 * <code class="yaml">BlobSigningKey: "env:FOOBAR"</code> &rArr; the secret can be read from the environment variable @FOOBAR@
-Tom Clegg
+h2. Example config file
 (Format not yet frozen!)
 <pre><code class="yaml">
 Clusters:
   xyzzy:
     BlobSigningKey: ungu355able
     BlobSignatureTTL: 172800
-Tom Clegg
+    SessionKey: 186005aa54cab1ca95a3738e6e954e0a35a96d3d13a8ea541f4156e8d067b4f3
-Tom Clegg
+    PostgreSQL:
       Host: localhost
       Port: 5432
       Username: arvados
       Password: s3cr3t
       Database: arvados_production
       Encoding: utf8
     HTTPRequestTimeout: 5m
-Tom Clegg
+    Defaults:
       CollectionReplication: 2
       TrashLifetime: 2w
     UserActivation:
       ActivateNewUsers: true
       AutoAdminUser: root@example.com
       UserProfileNotificationAddress: notify@example.com
       NewUserNotificationRecipients: []
       NewInactiveUserNotificationRecipients: []
     Limits:
       MaxRequestLogParamsSize: 2KB
       MaxRequestSize: 128MiB
       MaxIndexDatabaseRead: 128MiB
       MaxItemsPerResponse: 1000
     AuditLogs:
       MaxAge: 2w
       DeleteBatchSize: 100000
       UnloggedAttributes: []
     ContainerLogStream:
       BatchSize: 4KiB
       BatchTime: 1s
       ThrottlePeriod: 1m
       ThrottleThresholdSize: 64KiB
       ThrottleThresholdLines: 1024
       TruncateSize: 64MiB
       PartialLineThrottlePeriod: 5s
     Timers:
       TrashSweepInterval: 60s
     Scaling:
       MaxComputeNodes: 64
       EnablePreemptibleInstances: false
     DisableAPIMethods: []
     DockerImageFormats: ["v2"]
     Crunch1:
       Enable: true
       CrunchJobWrapper: none
       CrunchJobUser: crunch
       CrunchRefreshTrigge: /tmp/crunch_refresh_trigger
       DefaultDockerImage: false
-Tom Clegg
+    NodeProfiles:
       # Key is a profile name; can be specified on service prog command line, defaults to $(hostname)
       keep:
         # Don’t run other services automatically -- only specified ones
         Default: {Disable: true}
         Keepstore: {Listen: ":25107"}
       apiserver:
         Default: {Disable: true}
         RailsAPI: {Listen: ":9000", TLS: true}
         Controller: {Listen: ":9100"}
         Websocket: {Listen: ":9101"}
         Health: {Listen: ":9199"}
       keep:
         Default: {Disable: true}
         KeepProxy: {Listen: ":9102"}
         KeepWeb: {Listen: ":9103"}
       *:
         # This section used for a node whose profile name is not listed above
         Default: {Disable: false} # (this is the default behavior)
-Tom Clegg
+    Volumes:
       xyzzy-keep-0:
         Type: s3
         Region: us-east
         Bucket: xyzzy-keep-0
         # [rest of keepstore volume config goes here]
     Providers:
       AWS:
         # [credentials and stuff go here]
-Tom Clegg
+    WebRoutes:
-Tom Clegg
+      # “default” means route according to method/host/path (e.g., if host is a login shell, route there)
-Tom Clegg
+      xyzzy.arvadosapi.com: default
       # “collections” means always route to keep-web
       collections.xyzzy.arvadosapi.com: collections
       # leading * is a wildcard (longest match wins)
       "*--collections.xyzzy.arvadosapi.com": collections
       cloud.curoverse.com: workbench
       workbench.xyzzy.arvadosapi.com: workbench
       "*.xyzzy.arvadosapi.com": default
-Tom Clegg
+    InstanceTypes:
-Tom Clegg
+    - Name: m4.large
-Tom Clegg
+      VCPUs: 2
       RAM: 8000000000
-Tom Clegg
+      Scratch: 31000000000
-Tom Clegg
+      Price: 0.1
     - Name: m4.large-1t
-Tom Clegg
+      # same instance type as m4.large but our scripts attach more scratch
       ProviderType: m4.large
       VCPUs: 2
       RAM: 8000000000
-Tom Clegg
+      Scratch: 999000000000
       Price: 0.12
-Tom Clegg
+    - Name: m4.xlarge
       VCPUs: 4
-Tom Clegg
+      RAM: 16000000000
-Tom Clegg
+      Scratch: 78000000000
-Tom Clegg
+      Price: 0.2
     - Name: m4.8xlarge
       VCPUs: 40
       RAM: 160000000000
       Scratch: 156000000000
       Price: 2
     - Name: m4.16xlarge
       VCPUs: 64
-Tom Clegg
+      RAM: 256000000000
-Tom Clegg
+      Scratch: 310000000000
       Price: 3.2
     - Name: c4.large
       VCPUs: 2
       RAM: 3750000000
       Price: 0.1
     - Name: c4.8xlarge
       VCPUs: 36
       RAM: 60000000000
-Tom Clegg
+      Price: 1.591
-Tom Clegg
+</code></pre>

Project

General

Profile

Arvados

Cluster configuration » History » Version 7