version: 1 # GLOBAL CONFIGURATION auth-server: # Common authentication client settings for all services url: https://anaconda.example.com:30080/auth realm: AnacondaPlatform realm-key: '' db: # Database client configuration drivername: postgresql # Database driver (default postgresql, which is currently the only driver supported) host: postgres # Database hostname port: 5432 username: postgres password: '' auth-escrow: # Common authentication client settings for all services url: https://anaconda.example.com:30091/api/v1 https: # Common HTTPS client and server settings for all services certificate-authority: /etc/ssl/certs/ca-certificates.crt # Path to Certificate Authority bundle for private CA or self-signed certificates # certificate-authority: /etc/ssl/certs/DST_Root_CA_X3.pem # For lets encrypt images: app: apiserver:5000/ap-app:5.0.1-1896-g6d27a29 app_proxy: apiserver:5000/ap-app-proxy:5.0.1-1896-g6d27a29 editor: apiserver:5000/ap-editor:5.0.1-1896-g6d27a29 kubernetes: server: https://kubernetes.default.svc.cluster.local use_service_account: true max_cores_per_app: 2 max_ram_mb_per_app: 2048 license: number: PASTE_LICENSE_CODE_OR_CLIENT_ID_HERE # key: PASTE_OFFLINE_KEY_HERE_FOR_OFFLINE_ACTIVATION working-directory: /tmp/anaconda security: x: 207 y: 705 z: 278 analytics: enabled: true # PER-SERVICE CONFIGURATION auth: # Authentication server configuration port: 9080 db: database: anaconda_auth https: # HTTPS configuration keystore: /etc/secrets/certs/keystore.jks # Name of server keystore in Java keystore (.jks) format keystore-password: anaconda # Keystore password defined when generating the Java keystore key-alias: auth # Name of the key in the keystore truststore: null # (optional) Path to the trust store to use for outgoing HTTPS requests (e.g. for LDAPS) truststore-password: null # (optional) Truststore password defined when generating the Java keystore debug: False # If true, enable use of a pregenerated SSL key for testing. DO NOT SET TO TRUE IN PRODUCTION. api: # Service settings for auth-api port: 9090 limit: 12 https: key: /etc/secrets/certs/server.key certificate: /etc/secrets/certs/server.crt escrow: # Service settings for auth-escrow port: 9091 db: database: anaconda_auth_escrow hosts: # List of hosts (host:port pairs) to allow in API request headers - anaconda.example.com:30091 prefix: '' # URL prefix https: key: /etc/secrets/certs/server.key certificate: /etc/secrets/certs/server.crt auth-server: client-secret: ed7ec3ff-c535-455b-b431-5ed97d78b8be client-id: anaconda-platform deploy: # Deployment server configuration port: 8081 prefix: '' # URL prefix url: https://anaconda.example.com:30081/ # Deployment server URL https: key: /etc/secrets/certs/server.key certificate: /etc/secrets/certs/server.crt hosts: # List of hosts (host:port pairs) to allow in API request headers - anaconda.example.com:30081 db: database: anaconda_deploy users: '*' # Users/groups who have permission to access deployed apps deployers: # Users/groups who have permission to deploy here users: [] groups: - developers roles: [] superusers: # Users/groups who have unrestricted access users: [] groups: [] roles: [] auth-server: client-id: anaconda-deploy apps-host: anaconda.example.com # Hostname where apps are deployed, if different from the one in kubernetes.server auth-proxy: # Settings for deployed app proxy client-id: anaconda-deploy-proxy # Client ID of the proxy, as registered in the auth service dns-server: 10.100.0.4 # IP address of DNS server used by the app proxy. Default is the internal kubernetes resolver. https: key: /etc/secrets/certs/server.key certificate: /etc/secrets/certs/server.crt debug: False # If true, enable debugging. DO NOT SET TO TRUE IN PRODUCTION. spaces: # Spaces server configuration port: 8090 prefix: '' # URL prefix url: https://anaconda.example.com:30095/ # Spaces server URL https: key: /etc/secrets/certs/server.key certificate: /etc/secrets/certs/server.crt hosts: # List of hosts (host:port pairs) to allow in API request headers - anaconda.example.com:30095 db: database: anaconda_spaces users: '*' # Users/groups who have permission to create spaces superusers: # Users/groups who have unrestricted access users: [] groups: [] roles: [] auth-server: client-id: anaconda-spaces-api spaces-host: anaconda.example.com # Hostname where spaces are hosted, if different from the one in kubernetes.server auth-proxy: # Settings for spaces access control proxy client-id: anaconda-spaces # Client ID of the proxy, as registered in the auth service dns-server: 10.100.0.4 # IP address of DNS server used by the app proxy. Default is the internal kubernetes resolver. https: key: /etc/secrets/certs/server.key certificate: /etc/secrets/certs/server.crt debug: False # If true, enable debugging. DO NOT SET TO TRUE IN PRODUCTION. storage: # Storage server configuration host: anaconda.example.com # full hostname of the storage server port: 8086 prefix: '' # URL prefix hosts: # List of hosts (host:port pairs) to allow in API request headers - anaconda.example.com:30086 url: https://anaconda.example.com:30086 # Base URL of storage server db: database: anaconda_storage https: key: /etc/secrets/certs/server.key certificate: /etc/secrets/certs/server.crt git: default: name: Example.com Anaconda Enterprise Server # human-readable name of this git server type: internal # server type. There is support for "internal" and planned support for "github" and "gitlab". url: https://anaconda.example.com:30088 # URL of git server repository: '{name}-{id}' # Template for repository names; use {name}, {id}, and {owner} as placeholders. auth-header: Anaconda-User # Name of HTTP header for proxy authentication (internal server type only) username: anaconda # Username of git service account # no password needed when using auth-header proxy: url: https://anaconda.example.com:30085 # URL of git proxy client-id: anaconda-git-proxy # Auth client ID of this proxy dns-server: 10.100.0.4 # IP address of DNS server used by the git proxy. run-as-user: www-data # System user account to run the proxy under api-key: f49fece0b2ef8d122d4a2473278465f7c77781617428b7e18401f2d0139b39e7 # secret api key to allow storage service API calls through the proxy. Should be uniquely generated for each installation. port: 8095 probe-port: 8096 https: key: /etc/secrets/certs/server.key certificate: /etc/secrets/certs/server.crt objects: projects: # storage location for objects in projects. You may use placeholders {name} {owner} and {id} for project name, project owner and project ID. bucket: anaconda-projects path: projects/{owner}-{id} global: # storage location for global objects (available to all logged-in users) bucket: anaconda-objects path: 'global/' public: # storage location for public objects (available to everyone without logging in) bucket: anaconda-objects path: 'public/' users: '*' # Users/groups who can create projects creators: # Users/groups who can create new projects users: [] groups: - developers roles: [] superusers: # Users/groups who have unrestricted access users: [] groups: [] roles: [] repository: # Repository server configuration port: 8089 hosts: # List of hosts (host:port pairs) to allow in API request headers - anaconda.example.com:30089 prefix: '' # URL prefix db: database: anaconda_repository https: key: /etc/secrets/certs/server.key certificate: /etc/secrets/certs/server.crt users: '*' # Users/groups who can access the repository uploaders: # Users/groups who can create and upload packages users: [] groups: - developers roles: [] superusers: # Users/groups who have unrestricted access users: [] groups: [] roles: [] bucket: anaconda-repository # S3/object storage bucket to store repository files auth-escrow: url: https://anaconda.example.com:30091/api/v1 cleanup-upload-seconds: 3600 # How long an unfinished upload will be kept before being cleaned up cleanup-period-seconds: 73 # How frequently the server will check for files that should be removed from disk index-update-cooldown-seconds: 7 # How much time without new uploads is required before index will be rebuilt index-update-period-seconds: 23 # How frequently the server will check for channels that require rebuilding of index information (repodata.json) s3: # configuration for the object-storage service host: 0.0.0.0 # full hostname of the object store server S3 API port: 8087 https: key: /etc/secrets/certs/server.key certificate: /etc/secrets/certs/server.crt access-key: 's3-access-key' secret-key: 's3-secret-key' directory: /export s3-client: # configuration for clients to the object storage service endpoint-url: https://anaconda.example.com:30087 # AWS endpoint URL access-key: 's3-access-key' secret-key: 's3-secret-key' region-name: 'us-east-1' # the AWS region where your S3 bucket is located git: url: https://anaconda.example.com:30088 # externally visible URL of the git server host: anaconda.example.com # full hostname of the git server port: 8088 https: key: /etc/secrets/certs/server.key certificate: /etc/secrets/certs/server.crt db: database: anaconda_git directory: /export # directory where git server will store its data username: anaconda # OS username that the git server should run under lfs-secret: AohzzmIZVHYSTYJ7HM1E1GWhjRYCTcfLdxHHGR8fKCM # LFS authentication token secret. Should be uniquely generated for each installation. secret-key: E3P99Z3XRAXaoJHGygmCjZ613pIZ9nvg6SnVRrPHTBU # git server secret key. Should be uniquely generated for each installation. conda: # Common conda settings for editing sessions and deployments channels: # List of channels to put in .condarc - defaults default-channels: [] # List of channels that should be used for channel 'defaults' channel-alias: https://anaconda.example.com:30089/conda # Default conda URL prefix for channels given by name only offline_docs: url: https://anaconda.example.com:30071 # Docs server URL hosts: # List of hosts (host:port pairs) to allow in API request headers - anaconda.example.com:30071 port: 8091 https: key: /etc/secrets/certs/server.key certificate: /etc/secrets/certs/server.crt directory: docs/_build/ # The path relative to the base directory of the static docs. prefix: '' # URL prefix ui: # Anaconda Platform UI server configuration base-url: / # URL prefix cookie-secret: this-is-a-very-insecure-secret # secret key used to sign session cookies cookie-session: name: anaconda-platform-ui-session-v1 cookie-next: name: anaconda-platform-ui-next-v1 db: database: anaconda_ui debug: False # If true, enable debugging. DO NOT SET TO TRUE IN PRODUCTION. host: anaconda.example.com # full hostname of the UI server public-url: https://anaconda.example.com:30090/ # User-facing URL of site, if different than host/port https: key: /etc/secrets/certs/server.key certificate: /etc/secrets/certs/server.crt port: 6990 auth-server: client-secret: ed7ec3ff-c535-455b-b431-5ed97d78b8be client-id: anaconda-platform services: anaconda-storage: storage: icon: fa-anaconda label: Storage url: https://anaconda.example.com:30086/api/v1 anaconda-deploy: deploy: icon: fa-anaconda label: Deploy url: https://anaconda.example.com:30081/api/v1 anaconda-spaces: spaces: icon: fa-anaconda label: Spaces url: https://anaconda.example.com:30095/api/v1 options: spaces: tools: notebook: default: true label: Jupyter Notebook Classic packages: [notebook] lab-pre: label: JupyterLab packages: [jupyterlab] sync: label: Anaconda Project Sync packages: [anaconda-platform-sync] templates: jupyter-5: label: Jupyter Notebook Classic tools: - notebook - sync jupyterlab: label: JupyterLab default: true tools: - lab-pre - sync anaconda-repo5: repo: html-url: https://anaconda.example.com:30089 icon: fa-anaconda label: Repo Service url: https://anaconda.example.com:30089/api auth-api: auth-api: icon: fa-anaconda label: Auth API url: https://anaconda.example.com:30082/api/v1 documentation: offline_docs: html-url: https://anaconda.example.com:30071 icon: fa-anaconda label: Documentation url: https://anaconda.example.com:30071 help: # Help links docs: label: Anaconda Documentation - Home external: true href: https://anaconda.example.com:30071 position: 0 started: label: Getting Started with Anaconda Enterprise external: true href: https://anaconda.example.com:30071/user-guide/getting-started.html position: 1 release: label: Release Notes external: true href: https://anaconda.example.com:30071/release-notes.html position: 2 support: label: Support external: true href: https://anaconda.example.com:30071/help-support.html position: 3 feedback: label: Feedback external: true href: https://continuum.typeform.com/to/TnHsme position: 4 postgresql: # PostgreSQL server configuration port: 7080