forked from nasa/harmony
-
Notifications
You must be signed in to change notification settings - Fork 0
/
env-defaults
482 lines (388 loc) · 20.9 KB
/
env-defaults
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
# Default Harmony Environment Variables - do not edit this file locally.
# Override any of the values here by setting a value in a .env file at the
# root level of this repository. All of the default values in this file
# should work for developing locally on Mac OS X.
###########################################################################
# No defaults possible #
# #
# Parameters must be overridden, no default value can be provided #
###########################################################################
# Random string used to sign cookies that should be consistent between
# load-balanced instances of Harmony. You can use
# `hexdump -n 128 -e '"%08x"' /dev/random`
# to generate a 128 byte random hex string (256 chars)
COOKIE_SECRET=
# Random string used for encrypting and decrypting Earthdata login tokens
# sent to backend services
# `hexdump -n 32 -e '"%08x"' /dev/random`
# to generate a 32 character random string
SHARED_SECRET_KEY=
# See the "OAuth 2 (Earthdata Login)" section below for a description
OAUTH_CLIENT_ID=
OAUTH_UID=
OAUTH_PASSWORD=
###########################################################################
# General Config #
# #
# Settings to control how Harmony behaves #
###########################################################################
# The host network interface to bind against. Set to 127.0.0.1 to limit to
# only on the localhost when running locally
HOST_BINDING='0.0.0.0'
# The port on which to run the Harmony frontend
PORT=3000
# The port on which to run the Harmony backend that receives service
# callbacks
BACKEND_PORT=3001
# The port on which a worker container listens for work from the manager container
WORKER_PORT=5001
# The base URL for the service callbacks. This needs to be accessible from
# wherever the service is run. The Harmony CI/CD scripts sets this to the
# backend load balancer when running on AWS. The default is set for
# running Harmony in Kubernetes.
CALLBACK_URL_ROOT=http://harmony:3001
# When running locally on a Mac or Linux (not in Kubernetes), use the appropriate value below.
# Mac OS X:
# CALLBACK_URL_ROOT=http://host.docker.internal:3001
# Linux:
# CALLBACK_URL_ROOT=http://localhost:3001
# The CMR Endpoint to use (e.g. URL for local, SIT, UAT, or production)
CMR_ENDPOINT=https://cmr.uat.earthdata.nasa.gov
# For testing: Whether to use Localstack instead of AWS S3. Options are "true" or "false".
USE_LOCALSTACK=true
# Hostname for harmony to use to connect to Localstack
LOCALSTACK_HOST=localstack
# Hostname for K8S pods to connect to Localstack
LOCALSTACK_K8S_HOST=localstack
# If set to true, only include EDL cookies if the request is made via https.
USE_HTTPS=false
# Whether to run example service endpoints under /example. Useful for
# testing HTTP backends without actual service calls. See example/http-service.js
EXAMPLE_SERVICES=true
# Identifier so backends know which Harmony client submitted the request
CLIENT_ID=harmony-local
# When set to true log messages are logged as a text string instead of the default
# JSON format. Useful when running harmony locally and viewing logs via a terminal.
TEXT_LOGGER=true
# When set to true log all database queries performed by knex
DEBUG_KNEX=false
# Log level (error, warn, info, debug)
LOG_LEVEL=debug
# Default number of results in a page
DEFAULT_RESULT_PAGE_SIZE=2000
# Default number of jobs listed in a page
DEFAULT_JOB_LIST_PAGE_SIZE=10
# TODO change this to a smaller number when aggregating services are updated to handle paged catalogs
# See HARNONY-1178
AGGREGATE_STAC_CATALOG_MAX_PAGE_SIZE=1000000
# Maximum number of results in a page
MAX_PAGE_SIZE=2000
# Number of granules allowed for a synchronous request. When the request exceeds
# this number it will be processed asynchronously. If a service provides a
# value in services.yml for maximum_sync_granules it will override this value.
MAX_SYNCHRONOUS_GRANULES=1
# The maximum allowed granules in any request synchronous or asynchronous. If a service
# attempts to configure a value greater than this limit for either maximum_async_granules
# or maximum_async_granules we will override the configuration to limit to this value.
MAX_GRANULE_LIMIT=2100
# The threshold of the number of granules in a request that will trigger auto-pausing with preview
PREVIEW_THRESHOLD=100
# String to identify the type of environment. Options:
# - "development" for local development.
# - "production" for deployments with a separate postgres server (SIT, UAT, Production).
# - "test" for unit / integration tests
# This is a conventional identifier to switch application behavior but is
# currently only used to determine which database connection to use in
# db/knexfile.js and whether to deploy the alert manager
NODE_ENV=development
# Connection string to use to connect to the database. Used for
# NODE_ENV="production" databases. For development and test, this is
# ignored, using a sqlite3 file instead
DATABASE_URL=
# A bucket with brief lifecycle where temporary uploads (shapefiles) are stored while
# requests are in flight
UPLOAD_BUCKET=local-upload-bucket
# An IAM role that allows access to a bucket and prefix where outputs for asynchronous
# requests are stored by backend services.
SAME_REGION_ACCESS_ROLE=same-region-access-role
# The CMR concept ID for the group whose users can access the admin interface
ADMIN_GROUP_ID=AG1222736883-EEDTEST
# The time (in seconds) between invocations of the job reaper service
JOB_REAPER_PERIOD_SEC=360
# Jobs older than this many minutes that are running are checked by the job reaper
REAPABLE_JOB_AGE_MINUTES=60
# The time (in seconds) between invocations of the work reaper service
WORK_REAPER_PERIOD_SEC=360
# WorkItems and WorkflowSteps (in a terminal state) older than this many minutes are checked by the work reaper
REAPABLE_WORK_AGE_MINUTES=1440
# The time (in seconds) between invocations of the work failer service
WORK_FAILER_PERIOD_SEC=360
# WorkItems and associated job (in a running state) older than this many minutes are set to failed by the work failer
FAILABLE_WORK_AGE_MINUTES=240
# The number of seconds to allow a pod to continue processing an active request before terminating a pod
DEFAULT_POD_GRACE_PERIOD_SECS=14400
# The number of ms to wait between polling to check whether a synchronous request completed
SYNC_REQUEST_POLL_INTERVAL_MS=100
# Local development: Use the following to set the Kubernetes context used by start scripts
# minikube users should set it to "minikube"
KUBE_CONTEXT=docker-desktop
# How long (in ms) to let a worker run on a work item before timing out and reporting an error
# default is 4 hours
WORKER_TIMEOUT=14400000
###########################################################################
# Service Config #
# #
# Variables defined in config/services.yml that get passed to backend #
# services on invocation #
# #
# IMAGE_PULL_POLICY configuration: #
# In deployed environments the pull policy used for images is 'Always' #
# to ensure an up to date image is pulled as part of deploying. When #
# developing locally the pull policy used is 'IfNotPresent' to #
# prevent Kubernetes from pulling the image and overwriting any locally #
# built images. Note if you want to pull an image update rather than #
# building it you need to run `docker pull <IMAGE>` to update your local #
# copy. #
###########################################################################
# The service runner image used as a sidecar for polling for work for
SERVICE_RUNNER_REQUESTS_CPU=128m
SERVICE_RUNNER_REQUESTS_MEMORY=128Mi
SERVICE_RUNNER_LIMITS_CPU=1024m
SERVICE_RUNNER_LIMITS_MEMORY=512Mi
SERVICE_RUNNER_IMAGE=harmonyservices/service-runner:latest
# backend services
HARMONY_GDAL_ADAPTER_IMAGE=ghcr.io/nasa/harmony-gdal-adapter:latest
HARMONY_GDAL_ADAPTER_REQUESTS_CPU=128m
HARMONY_GDAL_ADAPTER_REQUESTS_MEMORY=128Mi
HARMONY_GDAL_ADAPTER_LIMITS_CPU=128m
HARMONY_GDAL_ADAPTER_LIMITS_MEMORY=8Gi
HARMONY_GDAL_ADAPTER_INVOCATION_ARGS='python -m gdal_subsetter'
HARMONY_SERVICE_EXAMPLE_IMAGE=harmonyservices/service-example:latest
HARMONY_SERVICE_EXAMPLE_REQUESTS_CPU=128m
HARMONY_SERVICE_EXAMPLE_REQUESTS_MEMORY=128Mi
HARMONY_SERVICE_EXAMPLE_LIMITS_CPU=128m
HARMONY_SERVICE_EXAMPLE_LIMITS_MEMORY=512Mi
HARMONY_SERVICE_EXAMPLE_INVOCATION_ARGS='python -m harmony_service_example'
HARMONY_NETCDF_TO_ZARR_IMAGE=harmonyservices/netcdf-to-zarr:latest
HARMONY_NETCDF_TO_ZARR_REQUESTS_CPU=128m
HARMONY_NETCDF_TO_ZARR_REQUESTS_MEMORY=128Mi
HARMONY_NETCDF_TO_ZARR_LIMITS_CPU=128m
HARMONY_NETCDF_TO_ZARR_LIMITS_MEMORY=512Mi
HARMONY_NETCDF_TO_ZARR_INVOCATION_ARGS='python -m harmony_netcdf_to_zarr'
SWOT_REPROJECT_IMAGE=sds/swot-reproject:latest
SWOT_REPROJECT_REQUESTS_CPU=128m
SWOT_REPROJECT_REQUESTS_MEMORY=128Mi
SWOT_REPROJECT_LIMITS_CPU=128m
SWOT_REPROJECT_LIMITS_MEMORY=512Mi
SWOT_REPROJECT_INVOCATION_ARGS='python swotrepr.py'
VAR_SUBSETTER_IMAGE=sds/variable-subsetter:latest
VAR_SUBSETTER_REQUESTS_CPU=128m
VAR_SUBSETTER_REQUESTS_MEMORY=128Mi
VAR_SUBSETTER_LIMITS_CPU=128m
VAR_SUBSETTER_LIMITS_MEMORY=512Mi
VAR_SUBSETTER_INVOCATION_ARGS='python subsetter.py'
SDS_MASKFILL_IMAGE=sds/maskfill-harmony:latest
SDS_MASKFILL_REQUESTS_CPU=128m
SDS_MASKFILL_REQUESTS_MEMORY=128Mi
SDS_MASKFILL_LIMITS_CPU=128m
SDS_MASKFILL_LIMITS_MEMORY=512Mi
SDS_MASKFILL_INVOCATION_ARGS='python harmony_adapter.py'
TRAJECTORY_SUBSETTER_IMAGE=sds/trajectory-subsetter:latest
TRAJECTORY_SUBSETTER_REQUESTS_CPU=128m
TRAJECTORY_SUBSETTER_REQUESTS_MEMORY=128Mi
TRAJECTORY_SUBSETTER_LIMITS_CPU=128m
TRAJECTORY_SUBSETTER_LIMITS_MEMORY=512Mi
TRAJECTORY_SUBSETTER_INVOCATION_ARGS='python harmony_service/adapter.py'
PODAAC_CONCISE_IMAGE=ghcr.io/podaac/concise:sit
PODAAC_CONCISE_REQUESTS_CPU=128m
PODAAC_CONCISE_REQUESTS_MEMORY=128Mi
PODAAC_CONCISE_LIMITS_CPU=128m
PODAAC_CONCISE_LIMITS_MEMORY=512Mi
PODAAC_CONCISE_INVOCATION_ARGS='concise_harmony'
PODAAC_L2_SUBSETTER_IMAGE=ghcr.io/podaac/l2ss-py:sit
PODAAC_L2_SUBSETTER_REQUESTS_CPU=128m
PODAAC_L2_SUBSETTER_REQUESTS_MEMORY=128Mi
PODAAC_L2_SUBSETTER_LIMITS_CPU=128m
PODAAC_L2_SUBSETTER_LIMITS_MEMORY=512Mi
PODAAC_L2_SUBSETTER_INVOCATION_ARGS='./docker-entrypoint.sh'
PODAAC_PS3_IMAGE=podaac/podaac-cloud/podaac-shapefile-subsetter:latest
PODAAC_PS3_REQUESTS_CPU=128m
PODAAC_PS3_REQUESTS_MEMORY=128Mi
PODAAC_PS3_LIMITS_CPU=128m
PODAAC_PS3_LIMITS_MEMORY=512Mi
PODAAC_NETCDF_CONVERTER_IMAGE=podaac/podaac-cloud/podaac-netcdf-converter:latest
PODAAC_NETCDF_CONVERTER_REQUESTS_CPU=128m
PODAAC_NETCDF_CONVERTER_REQUESTS_MEMORY=128Mi
PODAAC_NETCDF_CONVERTER_LIMITS_CPU=128m
PODAAC_NETCDF_CONVERTER_LIMITS_MEMORY=512Mi
QUERY_CMR_IMAGE=harmonyservices/query-cmr:latest
QUERY_CMR_REQUESTS_CPU=128m
QUERY_CMR_REQUESTS_MEMORY=128Mi
QUERY_CMR_LIMITS_CPU=128m
QUERY_CMR_LIMITS_MEMORY=512Mi
GIOVANNI_ADAPTER_IMAGE=harmonyservices/giovanni-adapter:latest
GIOVANNI_ADAPTER_REQUESTS_CPU=128m
GIOVANNI_ADAPTER_REQUESTS_MEMORY=128Mi
GIOVANNI_ADAPTER_LIMITS_CPU=128m
GIOVANNI_ADAPTER_LIMITS_MEMORY=512Mi
GIOVANNI_ADAPTER_INVOCATION_ARGS='node tasks/giovanni-adapter/app/cli'
# The services to deploy locally. A comma-separated list of services that the bin/deploy-services
# script should attempt to deploy. By default only a couple of harmony example services are deployed.
# When specifying another service to be deployed make sure the name matches the prefix for the
# sidecar file in tasks/service-runner-config and the name of the service in that file. For example
# to deploy the SWOT reprojection service which has a sidecar file swot-reproject-sidecar.yaml
# and service-name of swot-reproject, specify swot-reproject. query-cmr is required for all services,
# so it will always be deployed, and does not need to be specified. Make sure if the image for the
# service is not publicly available that you have built the docker image locally, otherwise the
# service will fail to start.
LOCALLY_DEPLOYED_SERVICES=harmony-service-example,harmony-netcdf-to-zarr
# page size to use with CMR calls
CMR_MAX_PAGE_SIZE=2000
# Prefix before "harmonyservices/task-name" for built-in tasks like query-cmr, e.g. an ECR location
# If not blank, it should end in a slash if there is a slash before "harmony"
BUILT_IN_TASK_PREFIX=
# Version to use for all built-in tasks. "latest" (local / sandbox), "sit", "uat", or "prod"
BUILT_IN_TASK_VERSION=latest
# AWS region where harmony is deployed, irrelevant for local development
AWS_DEFAULT_REGION=us-west-2
# The object store used for storing shapefiles. Only S3 is supported currently.
OBJECT_STORE_TYPE=s3
# The bucket where final service output data will be staged
# Default: A bucket created for use in localstack
STAGING_BUCKET=local-staging-bucket
# The bucket where intermediate service artifacts will be staged
# Default: A bucket created for use in localstack
ARTIFACT_BUCKET=local-artifact-bucket
# The DNS entry to use for the host exposing the Harmony back end API for callbacks. This
# default is appropriate for when Harmony is running in Kubernetes.
BACKEND_HOST=harmony
# For local development outside of Kubernetes:
# Mac OS X:
# BACKEND_HOST=host.docker.internal
# Linux:
# BACKEND_HOST=localhost
# Maximum number of non-file fields to accept when providing a shapefile to harmony
MAX_POST_FIELDS=100
# Maximum size (in bytes) for shapefiles
MAX_POST_FILE_SIZE=2000000000
# Maximum number of multipart parts to accept when providing a shapefile
MAX_POST_FILE_PARTS=100
# The location on the file system to save the work items that will be mounted into the
# containers for any services to read and save STAC catalogs.
HOST_VOLUME_PATH=
###########################################################################
# Prometheus Config #
# #
# This section is irrelevant for local development unless you are a #
# harmony core developer who plans to deploy Prometheus locally #
###########################################################################
# For Prometheus time variables, "m" postfix means "minutes".
# https://prometheus.io/docs/prometheus/latest/querying/basics/#time-durations
# For k8s CPU or memory variables, see this link for unit explanations:
# https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#meaning-of-cpu
# Prometheus deployment variables
PROMETHEUS_REQUESTS_CPU=128m
PROMETHEUS_REQUESTS_MEMORY=150Mi
PROMETHEUS_REQUESTS_EPHEMERAL_STORAGE=600Mi
PROMETHEUS_LIMITS_CPU=128m
PROMETHEUS_LIMITS_MEMORY=600Mi
PROMETHEUS_LIMITS_EPHEMERAL_STORAGE=2000Mi
PROMETHEUS_PROMETHEUS_SCRAPE_INTERVAL=15s
PROMETHEUS_POD_MANAGER_SCRAPE_INTERVAL=15s
# See https://prometheus.io/docs/prometheus/latest/storage/ for details on retention metrics.
# How long to keep prometheus metrics before cleaning up
PROMETHEUS_RETENTION_TIME=180d
# Maximum amount of space to use for Prometheus metrics before deleting oldest metrics
# Be sure to set this value to less than PROMETHEUS_LIMITS_EPHEMERAL_STORAGE otherwise the
# pod may be evicted due to running out of ephemeral space.
PROMETHEUS_RETENTION_SIZE=1750MB
# how many consecutive minutes to sample in the PromQL query for KubernetesPodNotHealthy
PROMETHEUS_POD_NOT_HEALTHY_DURATION=10m
# how long the specified alert must be firing before being sent to the Alert Manager
PROMETHEUS_POD_NOT_HEALTHY_WAIT_FOR=5m
PROMETHEUS_NODE_NOT_READY_WAIT_FOR=10m
# Alert manager variables (irrelevant to local development).
# To see/test whether alerts are firing locally, kubectl port-forward {prometheus-pod} 9090:9090 -n monitoring
# and navigate to the prometheus UI http://localhost:9090/alerts
ALERT_MANAGER_REQUESTS_CPU=500m
ALERT_MANAGER_REQUESTS_MEMORY=500M
ALERT_MANAGER_LIMITS_CPU=1
ALERT_MANAGER_LIMITS_MEMORY=1Gi
ALERT_MANAGER_TOPIC_ARN=
###########################################################################
# Horizontal Pod Autoscaling Config #
# #
# Variables that are used to configure scaling for service pods #
# #
###########################################################################
HPA_MIN_REPLICAS=1
HPA_MAX_REPLICAS=10
# See https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/#Quantity
# for an explanation of the "m" suffix (e.g. 1.5 will be serialized as "1500m")
HPA_TARGET_VALUE=10000m
#############################################################################
# OAuth 2 (Earthdata Login) #
# #
# Variables used to configure OAuth 2 authentication for Harmony data users #
# #
# To use Earthdata Login, you must first set up a new application using the #
# Earthdata Login UI. #
# https://wiki.earthdata.nasa.gov/display/EL/How+To+Register+An+Application #
#############################################################################
# Variable Description Example
#--------------------------------------------------------------------------------------
# OAUTH_CLIENT_ID EDL App Client ID rCjHBluumLhppiIX5iZxoQ
# OAUTH_UID EDL App UID harmony_kbeam
# OAUTH_PASSWORD EDL App Password top_secret
# OAUTH_REDIRECT_URI Valid EDL App Redirect URL http://localhost:3000/oauth2/redirect
# OAUTH_HOST Earthdata Login URL https://uat.urs.earthdata.nasa.gov
# Notes:
# The OAUTH_REDIRECT_URI needs to be provided verbatim when setting up the
# Earthdata Login app. Each EDL app has a list of valid Redirect URLs, and
# Harmony requires a URI endpoint of "/oauth2/redirect" for all environments.
# When running Harmony locally, for example, add a Redirect URL of
# `http://localhost:3000/oauth2/redirect`. Use HTTPS for non-local instances.
#
# The OAUTH_HOST is used by the Harmony API as well as Harmony services.
# This should be the same EDL environment as used by backend data sources.
# For example, if OAUTH_HOST points to UAT EDL, downloading data from a
# TEA endpoint that's integrated with PROD EDL will fail.
OAUTH_REDIRECT_URI=http://localhost:3000/oauth2/redirect
OAUTH_HOST=https://uat.urs.earthdata.nasa.gov
###########################################################################
# Fallback Authentication #
###########################################################################
# When using data that cannot accept Earthdata Login tokens from
# Harmony, either because of application group setup or because they
# use a different Earthdata Login endpoint (e.g. Data needs production
# while Harmony and CMR need UAT), these provide a
# minimally-privileged EDL user login for fetching remote data behind
# Earthdata Login. This user should exist in all environments being
# used to fetch data.
# CAUTION: This fallback authentication switch should normally be
# disabled.
# CAUTION: This EDL user should *not* have accepted any EDL
# application EULAs. Doing so can result in users getting data for
# which they have not personally accepted the EULA.
# CAUTION: Enabling this could result in skewed metrics since
# downloads will appear to be done by Harmony--not the actual
# end-user--if the fallback authentication is used (e.g., a backend
# data source doesn't yet support EDL federated tokens).
FALLBACK_AUTHN_ENABLED=false
EDL_USERNAME=
EDL_PASSWORD=
###########################################################################
# Test Suite #
# #
# Settings for altering the behavior of the test suite that are not used #
# elsewhere in the application. #
###########################################################################
# How to handle fixtures for remote calls in the test suite:
# record (default): Perform and record new calls. Replay existing calls.
# bloody: Perform and record all calls. Never play back.
# replay: Always play back. Throw an error if a call is not recorded.
# cheat: Play back cached calls. Perform and do not cache any new calls
REPLAY=record
# True if server logs should be allowed to go to STDOUT. When false
# (default), they are routed to logs/test.log and suppressed in STDOUT
LOG_STDOUT=false