-
Notifications
You must be signed in to change notification settings - Fork 21
/
leonardo-example.conf
192 lines (165 loc) · 7.8 KB
/
leonardo-example.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
# Example config file for leonardo.
# Anything commented out here will have have defaults specified or is not necessary to run leo.
# All values can be modified for your specific google environment, database, and security certificates
# Google Cloud dataproc configuration
dataproc {
dataprocDefaultRegion = "YOUR_REGION" # the google region for your dataproc
#dataprocZone = "YOUR_ZONE" # Optional. The Google zone for the dataproc cluster.
# If not specified, Dataproc will automatically choose a zone
# within the configured region.
leoGoogleProject = "GOOGLE_PROJECT" # the name of the google project to use during cluster startup
# *this is not the project the cluster will be created in
clusterUrlBase = "https://YOUR_DOMAIN/notebooks" # the base url to access your cluster
# This tag is used to associate the cluster's master with Leonardo's firewall rule.
networkTag = "leonardo"
# Optional. If defined, reads the labels on the Google project in which the cluster is launched, and looks
# up the value of this key in the labels to determine the VPC network in which to launch it.
# This config parameter takes precedence over vpcNetwork below.
#projectVPCNetworkLabel = "vpc-network-name"
# Optional. If defined, reads the labels on the Google project in which the cluster is launched, and looks
# up the value of this key in the labels to determine the VPC subnetwork in which to launch it.
# This config parameter takes precedence over vpcSubnet below.
#projectVPCSubnetLabel = "vpc-subnetwork-name"
# Optional. The VPC network of the cluster, and the network the firewall rule is applied to.
# If unset, the default network of the project is used, if it exists.
# A full URL, partial URI, or short name are valid. Examples:
# - https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default
# - projects/[project_id]/regions/global/default
# - default
#vpcNetwork = "default"
# Optional. The subnet on which the cluster is launched. If BOTH vpcNetwork and vpcSubnet are specified,
# only vpcSubnet is passed to Dataproc. If vpcSubnet is unset, a project-default is used.
# If the subnet is in a shared VPC, this field can accept a partial URI (ex.
# "projects/[projectId]/regions/us-east1/sub0") in addition to the short-name form "sub0".
#vpcSubnet = "default"
# Optional. The custom dataproc image to use. If not specified Leo will choose a public Dataproc
# image appropriate for the docker image being installed.
# See: https://cloud.google.com/dataproc/docs/guides/dataproc-images
#customDataprocImage = "projects/[project_id]/global/images/[image_name]"
}
# These are the cluster defaults that have already been configured.
# You should only set them in your config if you want a different value
#clusterDefaults {
#numberOfWorkers = 0 # Standard, non-preemptible workers; Can't be 1
#masterMachineType = "n1-standard-4"
#masterDiskSize = 100 # Minimum is 10
#workerMachineType = "n1-standard-4"
#workerDiskSize = 100 # Minimum is 10
#numberOfWorkerLocalSSDs = 0 # Can be 0-8
#numberOfPreemptibleWorkers = 0 # Must be 0 if number of workers is 0
#}
# Database connection information
mysql {
db {
url = "jdbc:mysql://YOUR_DB_HOST/leonardo?requireSSL=true&useSSL=true&rewriteBatchedStatements=true&nullNamePatternMatchesAll=true"
user = "USER_NAME"
password = "PASSWORD"
}
}
# To use the swagger page, supply a service account id and realm
#swagger {
#googleClientId = ""
#realm = ""
#}
# Secure, 2-way communication between leo and jupyter
# See https://github.com/DataBiosphere/leonardo/CERTIFICATES.md for info on setting up the certificates
# Jupyter proxy server configuration
proxy {
# Should match the jupyter wildcard cert specified in command above
jupyterDomain = "JUPYTER_DOMAIN_NAME"
}
# Keys and certificate authorities for cluster
clusterFiles {
configFolderPath = "/etc/"
jupyterServerCrt = "jupyter-server.crt"
jupyterServerKey = "jupyter-server.key"
jupyterRootCaPem = "rootCA.pem"
jupyterRootCaKey = "rootCA.key"
}
akka {
loglevel = INFO
http {
server.idle-timeout = 1 hour
client.idle-timeout = 1 hour
server.request-timeout = 60 seconds
parsing.max-content-length = 64m
}
#Add your ssl config info below
ssl-config {
# Key store with leo client credentials
keyManager = {
stores = [
{
type = "PKCS12"
path = "/etc/leo-client.p12"
password = "PW_KEYSTORE"
}
]
}
trustManager = {
stores = [
# Certificate store that recognizes the jupyter certificate
{
type = "PEM"
path = "/etc/rootCA.pem"
},
# Default trust store - no need to modify
{
path: ${java.home}/lib/security/cacerts
password = "changeit"
}
]
}
}
}
# Authorization implementation config
auth {
# To use your own provider implementation, subclass org.broadinstitute.dsde.workbench.leonardo.model.LeoAuthProvider and provide the class name here
providerClass = "org.broadinstitute.dsde.workbench.leonardo.auth.AllowlistAuthProvider" # A default auth provider
providerConfig { # Do not remove providerConfig, even if empty
# Any provider specific config should be specified here
# For the allowlist provider, specify a comma separated list of user emails that should be allowed access
allowlist = [EMAIL1,EMAIL2]
# Amount of time Leo will wait for a provider response before timing out.
# This should be set less than akka.http.server.request-timeout.
# This option is supported for ANY provider implementation. If not specified, the default is 30 seconds.
providerTimeout = 30 seconds
# Permissions used for IamProxyAuthProvider. The `resourcemanager.projects.update` permission is shared by
# project owners and project editors, while the `resourcemanager.projects.setIamPolicy` is only given to
# project owners and organization admin roles.
# requiredProjectIamPermissions = ["resourcemanager.projects.update"]
# Application name used by the IamProxyAuthProvider (should match application name used by the dataproc config).
# applicationName = "firecloud:leonardo"
}
}
# Implement and specify a class that will provide appropriate service accounts
serviceAccounts {
# To implement your own service account provisioning, subclass org.broadinstitute.dsde.workbench.leonardo.model.ServiceAccountProvider
# and specify your concrete class here
providerConfig { # Do not remove config, even if empty
# Specify any config information your class needs here
# Amount of time Leo will wait for a provider response before timing out.
# This should be set less than akka.http.server.request-timeout.
# This option is supported for ANY provider implementation. If not specified, the default is 30 seconds.
providerTimeout = 30 seconds
}
}
#Configs to auto stop cluster after idle period
autoFreeze {
#This is used to enable auto freeze
enableAutoFreeze = true
#This is the duration after which the date accessed is persisted in the ClusterDateAccessedActor
dateAccessedMonitorScheduler = 1 minute
#Idle duration after which the cluster is frozen/stopped automatically
autoFreezeAfter = 30 minutes
#This is the polling period to poll for clusters that can be auto stopped/frozen
autoFreezeCheckScheduler = 1 minutes
}
# Configures the "zombie cluster" monitor, which periodically sweeps the database and checks for clusters
# and projects that no longer exist in Google.
zombieClusterMonitor {
# Whether the zombie cluster monitor is enabled
enableZombieClusterMonitor = true
# The period to check for zombie clusters and projects
pollPeriod = 30 minutes
}