Customizing Inventory Files¶
Ansible inventory files describe the details about the hosts in your platform deployment, as well as the component configuration details for your Agave Platform installation. The Agave Platform installation playbooks read your inventory file to know where and how to install Agave Platform components across your set of hosts.
Note
See Ansible documentation for details on the format of an inventory file, including basics on YAML syntax.
When you checkout the Agave Platform installer the a sample inventory file is included at the deploy/host_files/sandbox_hosts. This file is simply the default sandbox host file and has no custom configuration set. To successfully install Agave, you must replace the default contents of the file with your own desired configuration per your host topography and performance requirements.
The following sections describe commonly used variables to set in your inventory file during platform installation. Many of the Ansible variables described are optional. Accepting the default values for required variables should suffice for development environments, but for production environments, it is recommended you read through and become familiar with the various options available.
You can review Example Inventory Files for various examples to use as a starting point for your Agave Platform installation.
Configuring Agave Platform Variables¶
To assign environment variables during the Ansible install that apply more globally to your Agave Platform installation, indicate the desired variables in the inventory file on separate, single lines within the [docker-hosts:vars] section. For example:
[docker-hosts:vars]
tenant_id=sandbox
agave_core_smtps_provider=sendgrid
Note
If a parameter value in the Ansible inventory file contains special characters, such as “#”, “{” or “}”, you must double-escape the value (that is enclose the value in both single and double quotation marks). For example, to use “mypasswordwith###hashsigns” as a value for the variable agave_core_smtps_user_password, declare it as "'agave_core_smtps_user_password='"mypasswordwith###hashsigns"' in the Ansible host inventory file.
Auth Components¶
Agave is a multi-tenant platform, and each tenant deploys a dedicated auth component while the other components (core and persistence) are shared across tenants. The Ansible installer can support the installation and management of multiple tenants. Each tenant is identified by the value of tenant_id provided in the inventory file. The default values for the tenant_id is “sandbox”.
The following tables describe variables for use with the Ansible installer that can be used to customize the Auth components:
| Variable | Type | Description |
|---|---|---|
| tenant_id | string | A unique id for this tenant.
Note: This will be replaced by the ``agave_tenant_id``
*field in the near future. Both are currently *
required.
|
| agave_tenant_id | string | A unique id for this tenant.
Note: This will be replace the ``tenant_id``
*field in the near future. Both are currently *
required.
|
| tenant_public_domain_or_ip | string | The public domain name or ip address of the
auth server. This is the address you will use
to connect to your installation.
required.
|
| agave_env | string | (staging/prod). The Agave environment used for
this tenant. Determines the core services that
will be invoked. Note that the IP address for the
core services can be resolved by docker compose
using the extra_hosts stanza for platform
deployments that are not in DNS.
|
| host | string | The public domain that the platform should listen
to API requests on. For example, if this value is
api.example.org, then the core apps servicewill be available at
https://api.example.org/apps/v2.*Note: This will be replace by the *
``tenant_public_domain_or_ip`` field in the near future.
required.
|
| tenant_admin_role | string | The name of the tenant admine role.
|
| agave_profiles_url | string | URL for the profiles service. When the tenant uses
the Agave hosted identity, this URL should be of
the form
profiles.<tenant_id>.agave.tacc.utexas.edu/profilesand will be resolved automatically; however, for
other tenants such as Cyverse, this URL will be
different.
|
| haproxy_auth_version | string | Version of the HA Proxy auth service to use
(Defaults to latest).
|
| apim_httpd_version | string | Version of the auth httpd service to use
(Ddefaults to latest).
|
| apim19_base_version | string | Version of APIM 1.9 auth service to use
(Defaults to latest).
|
| agave_id_dedicated_version | string | Version of the Agave ID auth service to use
(Defaults to latest).
|
| agave_clients_dedicated_version | string | Version of the Agave clients auth service to use
(Defaults to latest).
|
| admin_services_nginx_version | string | Version of the admin nginx auth service to use
(Defaults to latest).
|
| flask_admin_services_version | string | Version of the admin auth service to use
(Defaults to latest).
|
| update_auth_dns | bool | Whether or not to update the
/etc/hosts filewith the location of the auth mysql server for the
auth containers. Use this when the host name/domain
for the mysql server is not in DNS.
|
| core_api_protocol | string | (http or https). Protocol the auth services will
use when communicating with the core services. Use
http unless the auth services must communicatewith the core services across a firewall.
|
| update_apim_core_dns | bool | Whether or not to update the /etc/hosts file with
the location of the core services within the APIM
container. Use this when the host name/domain for
the core services are not in DNS. NOTE: the APIM
now routes all requests to
<tenant_id>.api.<agave_env>.agaveapi.coso this is the value that must be in DNS.
|
| core_host | string | IP of the core host. Used only when
update_apim_core_dns is true.
|
| deploy_admin_password_grant | bool | Provides a grant type for delegating credentials on
behalf of other users.
|
| access_token_validity_time | string | Time, in seconds, that OAuth access_tokens are valid.
|
| apim_increase_global_timeout | bool | Whether or not to increase the APIM’s global
timeout config for APIs to respond. For very
large file uploads, it is possible that the
APIs will time out before responding to APIM,
resulting in a 502. However, setting this to
True will increase the timeout for all APIs.
It will be possible to just increase the files
API timeout in a future release.
|
| deploy_custom_oauth_app | bool | Whether to deploy a custom-branded version of the
OAuth login application. If true, install the
authenticationendpoint application (in adirectory with the same name) within the tenant
directory.
|
| boutique_apis | string | (Optional). A YAML list of API names from the
catalog of extended APIs available in the platform
(e.g., admin_services). Each API must be defined
as a template in the boutique_apis role, and the
name listed must match the name of the template
file minus the extension (e.g.
admin_servicesfor
admin_services.json.j2). |
| ha_deployment | bool | For use in h/a deployments of the auth component
requiring multiple hosts. Value True will deploy
an HA Proxy instance on each auth host to
facilitate an active-active architecture. Requires
additional configuration, see below.
*Note: ha_deployment=True is required, as the
deployment playbooks currently depend on it.
|
| hap_servers | string | YAML mapping of servers to use for HAProxy. At
least two entries are required, though it is
possible to run both servers on the same host
using IP addresses and ports on the Docker0
interface
Each entry must have the following properties:
* name: Name for the server; must be unique.
* ip: IP for the server, addressable by the
* port: Http port for the httpd instance for
this server. Must be reachable by
the HAProxy container(s).
* ssl_port: Https port for the httpd instance
for this server. Must be reachable by the
HAProxy container(s).
|
| mysql_host | string | The host of the Auth MySQL server
|
| mysql_port | string | The port of the Auth MySQL server
|
| use_hosted_id | bool | Whether or not to use Agave hosted identity
services. Cannont be used when the
use_hosted_idsetting is True. Use this config when Agave will
be administering its own LDAP.
|
| use_remote_userstore | bool | Whether to configure a remote userstore. Use this
config when the LDAP will be administered by a
third party.
* Cannot be used when the* use_hosted_id
setting is True. Currently, this configuration
supports read only LDAP databases.
|
| agave_id_read_only | bool | Whether the hosted id service should run in read
only mode.
|
| hosted_id_domain_name | string | A unique id for the agaveldap hosted userstore.
Use this config when Agave will be administering
its own LDAP.
|
| remote_id_domain_name | string | A unique id for the remote userstore.
Use this config when the LDAP will be administered
by a third party.
|
| ldap_name | string | URL or service discovery token for the hosted LDAP
instance (including port).
|
| auth_ldap_bind_dn | string | Account to bind to the LDAP db.
|
| ldap_base_search_dn | string | Base search directory for user accounts.
|
| agave_id_check_jwt | string | Whether or not to check the JWT; When this is False,
certain features will not be available such as the
“me” lookup feature since these features rely on
profile information in the JWT.
|
| jwt_header | string | Actual header name that will show up in
request.META; value depends on APIM
configuration, in particular the tenant id
specified in api-manager.xml.
|
| agave_id_apim_pub_key | string | Absolute path to the public key of the APIM
instance; used for verifying the signature of the
JWT.
|
| agave_id_user_admin_role | string | Role required to make updates to the LDAP database.
|
| agave_id_check_user_admin_role | bool | Whether or not the
agave_id_user_admin_rolebefore allowing updates to the LDAP db.
|
| agave_id_app_base | string | Sets the base URL for the hypermedia responses;
Typically this should be the same as host but
should include the protocol.
|
| cert_file | string | Should be a path relative to the httpd directory
contained within the tenant directory for this
tenant: e.g.
deploy/tenants/dev_staging/httpd |
| cert_key_file | string | Should be a path relative to the httpd directory
contained within the tenant directory for this
tenant.
|
| ssl_ca_cert_file | string | Add when mounting in a CA cert (not used for
self-signed certs). Should be a path relative to
the httpd directory contained within the tenant
directory for this tenant.
|
| use_custom_ldap | bool | Use this setting when using a remote userstore
and the ldap has a different schema then the hosted
Agave LDAP (for example, the iPlant and TACC LDAPs).
Note: Only certain schemas are supported. See the
agaveplatform/pyprofiles-api Github repo for more
details.
|
| agave_id_create_notifications | bool | Whether or not the auth services should send
notifications to beanstalk (see settings below).
The auth services must have access to the
beanstalk IP and port.
|
| beanstalk_server | string | IP address of beanstalk instance.
|
| beanstalk_port | string | Port of beanstalk instance.
|
| beanstalk_tube | string | Beanstalk tube name that the auth services will send
messages to.
|
| beanstalk_srv_code | string | Code for the service to use when generating messages.
There is one code per core service.
|
| tenant_uuid | string | The UUID of the tenant; this is only used by the
components when sending messages to beanstalk.
|
| virtualhosts | string | A yaml list of collections for configuring the
virtualhosts that the auth services will listen
on. Defining multiple configuration collections
allows the tenant auth server to respond to multiple
domains (e.g.
agave.example.com andsandbox.tenants.dev.agaveplatform.org). Eachconfiguration collection should define the
following fields:
* server_name: The domain to respond to.
* base_cert_path: The directory inside the
httpd container that will hold the certs. This
can be anything, and the agave_id container
will create the directory if it does not exist,
but it must be defined.
* cert_file: The cert file used by httpd;
this file must be installed within the
httpdfolder within the tenant folder.
* cert_key_file: The cert key file used by
httpd; this file must be installed within the
httpd folder within the tenant folder.* ssl_ca_cert_file: The CA bundle file used
by httpd; this file must be installed within the
httpd folder within the tenant folder. |
| deploy_admin_services | bool | Whether to deploy the tenant admin services
(Defaults to True).
|
| boutique_apis | string | (Optional) A YAML list of strings representing
additional APIs to deploy. Each API in the list
should be an API recognized by the
boutique_apisrole. These are the officially supported boutique
APIs. Additional APIs can be added to a the set
of officially supported APIs by simply adding an
<api>.json.j2 template to the
roles/boutique_apis/templatesdirectory. The JSON should be formatted as
required by the Admin services
/apis service.Note: this role requires the admin services to
be deployed on the auth host.
|
Core Components¶
The following tables describe variables for use with the Ansible installer that can be used to configure the Core components:
| Variable | Type | Description |
|---|---|---|
| tenant_id | string | A unique id for this tenant.
Note: This will be replaced by the ``agave_tenant_id``
*field in the near future. Both are currently *
required.
|
| agave_tenant_id | string | A unique id for this tenant.
Note: This will be replace the ``tenant_id``
*field in the near future. Both are currently *
required.
|
| tenant_public_domain_or_ip | string | The public domain name or ip address of the
auth server. This is the address you will use
to connect to your installation.
required.
|
| host | string | The public domain that the platform should listen
to API requests on. For example, if this value is
api.example.org, then the core apps servicewill be available at
https://api.example.org/apps/v2.*Note: This will be replace by the *
``tenant_public_domain_or_ip`` field in the near future.
required.
|
| mysql_core_host | string | Host or ip of the core services MySQL database.
|
| mysql_core_port | string | Port of the core services MySQL database.
|
| agave_core_messaging_provider | string | The type of message queue to use.
Default: beanstalk
|
| agave_core_messaging_host | string | Host for message queue server.
Default: messaging_host
|
| agave_core_messaging_port | string | Port for message queue server.
Default: messaging_port
|
| agave_core_smtps_provider | string | Type of SMTP server to use (for sending
notification emails, etc.). Use “sendgrid”
to enable emails sent via the SendGrid API,
requires account info).
Default: sendgrid
|
| agave_core_smtps_host | string | Host for the SMTP server. (Use
“smtp.sendgrid.net” if sendgrid provider is
configured.)
Default: smtp.sendgrid.net
|
| agave_core_smtps_port | string | Port for the SMTP server.
Default: 587
|
| agave_core_smtps_auth | bool | Whether auth is required.
Default: true
|
| agave_core_smtps_from_name | string | From name used in email communications.
Default: Agave Notifications
|
| agave_core_smtps_from_address | string | From address used in email communications.
Default: no-reply@agaveplatform.org
|
| deploy_core_apis | bool | Whether to deploy the front-end core APIs. Set
to False when running playbooks that impact
multiple servers and you do not want to modify
the core APIs.
Default: true
|
| kill_core_containers | bool | Whether to kill and restart the core containers
when deploying. Setting to false allows for
configuration updates and rolling deployments
rather than a full teardown and rebuild.
Default: false
|
| core_docker_private_registry | string | (Optional) Address of private registry from which
to pull the Docker images.
Default:
|
| core_docker_registry_account | string | (Optional) Username to use to access the private
registry.
Default:
|
| agave_core_api_only | bool | Whether to only deploy the core apis. Using this
feature you can deploy only the frontend API
to gain horizontal scaling while reducing your
memory consumption on the host.
Default: false
|
| agave_core_workers_only | bool | Whether to only deploy the core workers. Using
this feature you can deploy worker only hosts
to add capacity and scale throughput.
Default: false
|
| agave_core_version | string | Version of the core services to deploy
Default: 2.2.6
|
| agave_core_hostname | string | Externally resolvable public hostname where the
core science API reverse proxy lives.
Default: api.sandbox.agaveplatform.org
|
| agave_proxy_core_ip | string | Hostname for the core services.
Default: core api host ip address
|
| agave_core_iplant_proxy_service | string | Resolvable address of the core proxy. For single
core server deploys, should point to the core
server.
Default: “http://<core api host ip address>”
|
| agave_core_log_service | string | Internally resolvable address to the logging API
Default: “http://<core api host ip address>/logging”
|
| core_deploy_ssl_certs | bool | Whether or not to use custom SSL certs for core
services. If False, deployer will use stock (self-
signed) certs for core services. In general, this
is not an issue since the core services are not
directly exposed to external users (SNI for
external requests happens in the auth layer).
However, if you have the need to export core
services and/or terminate SSL in the core layer,
set this to True and provide ssl certs using the
agave_core_ssl_cert, agave_core_ssl_key
and agave_core_ca_cert.
Default: false
|
| agave_core_ssl_cert | string | Path in the container to core ssl cert. This file
should be placed in the
roles/agave_core/files/core-apis-ssldirectory.
Default: api.sandbox.agaveplatform.org.crt
|
| agave_core_ssl_key | string | Path in the container to core ssl cert key. This
file should be placed in the
roles/agave_core/files/core-apis-ssldirectory.
Default: api.sandbox.agaveplatform.org.key
|
| agave_core_ca_cert | string | Path in the container to core ssl CA cert. This
file should be placed in the
roles/agave_core/files/core-apis-ssldirectory.
Default:
|
| core_deploy_httpd_balancer | bool | Whether or not to use an apache loadbalancer
on the core host in leu of a reverse proxy.
This enables an A/B HA deployment similar to
that done by the APIM deployment, but generally
suffers when services have slow response times
caused by remote system requests with
noticeable latency.
Default: false
|
| deploy_core_default_templates | string | Whether to use the default core compose
templates. Set to False to use a git repository
of compose files or True to use the default
templates.
Note:This variable must be set in the
core_configs.yml AS WELL AS in the inventoryfile for each core host. See the
staging_hostsfile for an example.
|
| core_compose_repo_uri | string | URI of the git repository containing the core
compose files (e.g.,
git@gitlab.com:devops/core-compose.git)
|
| core_compose_repo_key_file | string | File name for the SSH key to use to access the
git repository.
*Note: It is assumed that this file is in
roles/agave_core_compose_repo/filesso it should be mounted there.
|
| core_compose_repo_name | string | The name of the git repository containing the
core compose files (e.g. “core-compose”).
|
| core_compose_repo_path | string | Relative path inside the git repo to use for the
compose files. Note: Set this variable for each
core host in the inventory file.
|
| agave_core_java_mem_limit | string | The default memory limit set for each of the
Java core service containers. This is over-
ridden by each individual service.
Default: 2048m
|
| agave_core_php_mem_limit | string | The default memory limit set for each of the
PHP core service containers. This is over-
ridden by each individual service.
Default: 1024m
|
| agave_core_allow_relay_transfer | bool | If true, smaller files will be proxied with
a GET and PUT in all data transfers. Otherwise,
they will be proxied in memory via streaming
buffer copies. The former can be much faster
for bulk file operations and cross-protocol
transfers where dynamic window sizing and
parallel/striped transfers
Default: false
|
| agave_core_max_relay_transfer_size | int | Max file size in GB that can be relayed. Any
file larger than this will be copied in memory
through streaming buffers. If this is enabled,
then the host must have sufficient disk for every
worker process that moves data to simultaneously
be copying data.
Default: 1
|
| agave_core_max_page_size | int | Maximum number of results to return in a single
request.
Default: 250
|
| agave_core_default_page_size | int | Default number of results to return in a single
request when the limit query parameter has
not been passed in the HTTP request.
Default: 100
|
| agave_core_drain_all_queues | bool | If true, no workers will be started on the
target host. This effectively turns a container
into an API only container. If set to true,
there must be a worker container with this
value set to true or no async tasks such as
job submission, monitoring, notifications, etc
will be processed.
Default: false
|
| agave_core_dedicated_tenant_id | string | When running multiple denants within a single
deployment, setting this value to a tenant
code will force all core components with this
setting to only accept tasks for the named
tenant. Negation is also supported by
prepending the tenant code with an exclamation
mark.
Note: Setting this value will not preclude
other tenants from accepting work for this
tenant.
Default:
|
| agave_core_dedicated_system_ids | string | Set to a comma-separated list of Agave
systems to restirct all components with this
setting to restrict work to the named list.
Negation is supported by prepending the tenant
code with an exclamation mark. Exclusions
will take priority over inclusions.
Note: Setting this value will not preclude
other tenants from accepting work for this
tenant.
Default:
|
| agave_core_dedicated_user_ids | string | Set to a comma-separated list of Agave
usernames to restirct all components with this
setting to restrict work to the named users.
Negation is supported by prepending the tenant
code with an exclamation mark. Exclusions
will take priority over inclusions.
Note: Setting this value will not preclude
other tenants from accepting work for this
tenant.
Default:
|
| agave_core_jobs_mem_limit | string | Max memory for the jobs container. This
should be at least 8GB for a worker.
API only deployment can be significantly
less. This value Will bound xmx in the
JVM was well. General rule of thumb is
0.5 core and 1GB memory per data-centric
task per container. High job rates can
grow JVM system utilization upwards of
1CPU and 2GB memory per transfer task,
so plan accordingly.
If your resources allow, set
agave_core_jobs_mem_limit to False to
uncap the memory on this container.
Default: 8192m
|
| core_deploy_jobs | bool | Should the Jobs container be deployed.
Default: true
|
| agave_core_job_max_staging_tasks | int | The maximum number of job statging
tasks to run concurrently.
Default: 5
|
| agave_core_job_max_archiving_tasks | int | The maximum number of job archiving
tasks to run concurrently.
Default: 5
|
| agave_core_job_max_monitoring_tasks | int | The maximum number of job monitoring
tasks to run concurrently.
Default: 2
|
| agave_core_job_max_submission_tasks | int | The maximum number of job submission
tasks to run concurrently.
Default: 1
|
| agave_core_files_mem_limit | string | Max memory for the files container. This
should be at least 8GB for a worker. API
only deployment can be significantly
less. This value Will bound xmx on the
JVM was well. General rule of thumb is
0.5 core and 1GB memory per data-centric
task per container. High job rates can
grow JVM system utilization upwards of
1CPU and 2GB memory per transfer task,
so plan accordingly.
If your resources allow, set
agave_core_files_mem_limit to False
to uncap the memory on this container.
Default: 8192m
|
| core_deploy_files | bool | Should the Files container be deployed.
Default: true
|
| agave_core_files_max_staging_tasks | int | The maximum number of file transfer
tasks to run concurrently.
Default: 5
|
| agave_core_files_max_transform_tasks | int | The maximum number of file transform
tasks to run concurrently.
Default: 5
|
| agave_core_systems_mem_limit | string | Max memory for systems container. 2GB
should be enough under normal usage.
Default: 2048m
|
| core_deploy_systems | bool | Should the Systems container be deployed.
Default: true
|
| agave_core_apps_mem_limit | string | Max memory for apps container. 2GB
should be enough under normal usage. For
single host deployments and worker
containers, this can be bumped up to 4GB
based on the number of publishing and
cloning tasks.
Default: 4096m
|
| core_deploy_apps | bool | Should the Apps container be deployed.
Default: true
|
| agave_core_apps_max_publishing_tasks | int | The maximum number of app publishing
tasks to run concurrently.
Default: 1
|
| agave_core_apps_max_cloning_tasks | int | The maximum number of apps cloning tasks
to run concurrently.
Default: 1
|
| agave_core_monitors_mem_limit | string | Max memory for monitors container. 2GB
should be enough under normal usage. For
single host deployments and worker
containers, this can be bumped up to 8GB
based on the number of monitoring tasks
and frequency with which they run.
Default: 4096m
|
| core_deploy_monitors | bool | Should the Monitors container be deployed.
Default: true
|
| agave_core_monitor_min_check_interval | int | The minimum time between checks that users
can configure.
Default: 0
|
| agave_core_monitors_max_tasks | int | The maximum number of monitoring tasks to
run concurrently.
Default: 1
|
| agave_core_monitors_max_retries | int | The maximum number of retires attempts
the service will make when performing a
synchronous monitoring check initiated
by the user.
Default: 3
|
| agave_core_profiles_mem_limit | string | Max memory for custom profiles container.
2GB should be enough under normal usage. Add
containers if you run out of memory.
Default: 1024m
|
| core_deploy_custom_profiles | bool | Should the Profiles container be deployed.
Default: false
|
| agave_core_tags_mem_limit | string | Max memory for tags API container.
2GB should be enough under normal usage. Add
containers if you run out of memory.
Default: 2048m
|
| core_deploy_tags | bool | Should the Tags container be deployed.
Default: false
|
| agave_core_uuids_mem_limit | string | Max memory for uuids API container.
2GB should be enough under normal usage. Add
containers if you run out of memory.
Default: 2048m
|
| core_deploy_uuids | bool | Should the uuids container be deployed.
Default: false
|
| agave_core_postits_mem_limit | string | Max memory for posttis API container.
2GB should be enough under normal usage. Add
containers if you run out of memory.
Default: 2048m
|
| core_deploy_posttis | bool | Should the posttis container be deployed.
Default: false
|
| agave_core_usage_mem_limit | string | Max memory for usage API container.
2GB should be enough under normal usage. Add
containers if you run out of memory.
Default: 1024m
|
| core_deploy_usage | bool | Should the usage container be deployed.
Default: false
|
| agave_core_tenants_mem_limit | string | Max memory for tenants API container.
2GB should be enough under normal usage. Add
containers if you run out of memory.
Default: 1024m
|
| core_deploy_tenants | bool | Should the tenants container be deployed.
Default: false
|
| agave_core_logging_mem_limit | string | Max memory for the logging container. PHP
services rarely need more than 2GB.
Default: 1024m
|
| core_deploy_logging | bool | Should the logging API be deployed.
Default: true
|
| agave_core_docs_mem_limit | string | Max memory for the documentation container.
This should almost never need more than 512m
Default: 512m
|
| core_deploy_docs | bool | Should the API documentation be deployed.
Default: false
|
| agave_core_metadata_mem_limit | string | Max memory for metadata container. 4GB
should be enough under normal usage. If
request size is particularly large, bump
the memory by a couple gig. Anything over
4GB, and you should scale out the
containers rather than bumping this one
in size.
Default: 4096m
|
| core_deploy_metadata | bool | Should the metadata API be deployed.
Default: true
|
| agave_core_metadata_db_host | string | Mongo host for core services.
Default: same as mongodb_host
|
| agave_core_metadata_db_port | string | Mongo port for core services.
Default: same as mongodb_port
|
| agave_core_metadata_db_user | string | Mongo user for core services.
Default: same as mongodb_user
|
| agave_core_notifications_mem_limit | string | Max memory for notifications container. 2GB
should be enough under normal usage. Split
out a worker container and bump threads
before bumping memory above 4GB. The load
here comes from event processing, not the
API.
Default: 2048m
|
| core_deploy_notifications | bool | Should the Notifications container be deployed.
Default: true
|
| agave_core_notifications_max_notification_tasks | int | The number of notification processing
workers to start up.
Default: 2
|
| agave_core_notification_queue | string | Beanstalk queue for core services. (e.g.
“staging.notifications.queue”)
|
| agave_core_notification_topic | string | Beanstalk topic for core services. (e.g.
“staging.notifications.topic”)
|
| agave_core_notification_failed_db_host | string | Hostname of the mongodb to store failed
notification messages in.
Default: same as mongodb_host
|
| agave_core_notification_failed_db_port | string | Port of the mongodb to store failed
notification messages in.
Default: same as mongodb_port
|
| agave_core_notification_failed_db_user | string | Username of the mongodb to store failed
notification messages in.
Default: same as mongodb_user
|
| agave_core_notification_failed_db_password | string | Password of the mongodb to store failed
notification messages in.
Default: same as mongodb_password
|
| agave_core_notification_failed_db_scheme | string | Database scheme of the mongodb to store
failed notification messages in.
Default: notifications
|
| agave_core_realtime_mem_limit | string | Max memory for realtime container. 2GB
should be enough under normal usage.
Default: 2048m
|
| core_deploy_realtime | bool | Should the Realtime container be deployed.
Default: false
|
| agave_core_realtime_provider | string | Type of backend service to use for realtime API.
Currently value “fanout”, “pushpin”, and “none”
are supported.
Default: none
|
| agave_core_realtime_service | string | Addressable location of the backend streaming
server for realtime API.
Default:
|
| agave_core_realtime_service_realm_id | string | Realm id when using the fanout backend.
Default:
|
| agave_core_realtime_service_realm_key | string | Realm key when using the fanout backend.
Default:
|
| core_deploy_stats | bool | Whether to deploy the stats container.
Note: This container is currently optimized
for Agave’s production environment and
requires a Pingdom account, among other
configurations.
|
Core Components¶
The following tables describe variables for use with the Ansible installer that can be used to configure the Core components:
| Variable | Type | Description |
|---|---|---|
| mysql_core_host | string | Host or ip of the core services MySQL database.
Default: db host ip address
|
| mysql_core_port | string | Port of the core services MySQL database.
Default: 3301
|
| messaging_provider | string | Which messaging service to deploy
Default: beanstalk
|
| messaging_host | string | Host for Beanstalk server.
Default: db host ip address
|
| messaging_port | string | Port for Beanstalk server.
Default: 11300
|
| mongodb_host | string | Mongo host for core services.
Default: db host ip address
|
| mongodb_port | string | Mongo port for core services.
Default: 27107
|
| core_deploy_maildev | string | SMTP target for the maildev relay. (Use
“smtp.sendgrid.net” if sendgrid provider is
configured.)
Default: smtp.sendgrid.net
|
| agave_core_smtps_host | string | SMTP target for the maildev relay. (Use
“smtp.sendgrid.net” if sendgrid provider is
configured.)
Default: smtp.sendgrid.net
|
| agave_core_smtps_port | string | SMTP target host for the maildev server.
Default: 587
|
| agave_core_smtps_auth | bool | Whether auth is required for the SMTP
target host. This will also determine
whether auth is needed by the maildev
relay.
Default: true
|
| agave_core_smtps_from_name | string | From name used in email communications.
Default: Agave Notifications
|
| agave_core_smtps_from_address | string | From address used in email communications.
Default: no-reply@agaveplatform.org
|
Configuring Agave Platform Secrets¶
Several secrets are configurable by the Ansible installer for the Auth and Core components. The following sections list those variables and their locations.
Danger
A sample password file is provided for your reference. In practice, you should encrypt the password file using ansible-vault. The installer will automatically decrypt the file when it runs, thereby keeping your secrets safe.
Auth Components¶
Here we list the required configuration fields for the tenants/<tenant_id>/<tenant_id>_passwords file and a description of their use. This file will always be imported after the tenants/<tenant_id>/<tenant_id>.yml file, thus these values will take precedence.
| Variable | Type | Description |
|---|---|---|
| auth_ldap_bind_password | string | The password used to bing to the hosted LDAP.
Should be configured when use_hosted_id is
True.
|
| remote_auth_ldap_bind_password | string | The password used to bind to the remote LDAP.
Should be configured when use_remote_userstore
is True.
|
| apim_admin_pass | string | The password for the APIM admin account.
Note: this must first be reset using the APIM
password reset form within the carbon admin
application. Changing this setting prior to
updating the password via the web form will
break the APIM.
|
| mysql_tenant_user | string | The username that APIM should use to authenticate
to MySQL.
|
| mysql_tenant_pass | string | The password that APIM should use to authenticate
to MySQL.
|
Core Components¶
Here we list the required configuration fields for the agave_core_config/<tenant_id>_passwords file and a description of their use. This file will always be imported after the agave_core_config/<tenant_id>.yml file, thus these values will take precedence.
DB Components¶
Here we list the required database component configuration fields to be included in the agave_core_config/<tenant_id>_passwords file and a description of their use.