############################################################################# # Mandatory vars (will be enforced by BIRDHOUSE_COMPOSE) # Can add new vars but do not remove, else automated deployment will break # # Do NOT use environment variables in here since when BIRDHOUSE_COMPOSE runs # inside a container, the environment vars do not have the same value. # # Any default value that can pose a security concern or that are strongly # recommended to be modified should use '__DEFAULT__{var}' definition, and # have those default definitions defined in 'default.env'. This will ensure # that these example values are flagged by the script if left unmodified # (see also: 'check_default_vars' in 'birdhouse/read-configs.include.sh'). ############################################################################# # Override data persistence root directory # export BIRDHOUSE_DATA_PERSIST_ROOT="/data/custom/path" # otherwise use value of 'default.env', directory must exist # Root directory for all files that are persisted on disk and may contain links (ie. the files # are "shared" between subdirectories). This means that the subdirectory structure is fixed. #export BIRDHOUSE_DATA_PERSIST_SHARED_ROOT='${BIRDHOUSE_DATA_PERSIST_ROOT}' # otherwise use the value from 'default.env', must exist export BIRDHOUSE_SSL_CERTIFICATE="${__DEFAULT__BIRDHOUSE_SSL_CERTIFICATE}" # *absolute* path to the nginx ssl certificate, path and key bundle export BIRDHOUSE_FQDN="${__DEFAULT__BIRDHOUSE_FQDN}" # Fully qualified domain name of this Birdhouse installation export BIRDHOUSE_DOC_URL="${__DEFAULT__BIRDHOUSE_DOC_URL}" # URL where /doc gets redirected export MAGPIE_SECRET="${__DEFAULT__MAGPIE_SECRET}" export MAGPIE_ADMIN_USERNAME="${__DEFAULT__MAGPIE_ADMIN_USERNAME}" # Magpie now requires a password length of at least 12 characters # For initial bootstrap only, change in the Magpie Web UI after initial boostrap. export MAGPIE_ADMIN_PASSWORD="${__DEFAULT__MAGPIE_ADMIN_PASSWORD}" export TWITCHER_PROTECTED_PATH="/twitcher/ows/proxy" export BIRDHOUSE_SUPPORT_EMAIL="${__DEFAULT__BIRDHOUSE_SUPPORT_EMAIL}" export BIRDHOUSE_POSTGRES_USERNAME="${__DEFAULT__BIRDHOUSE_POSTGRES_USERNAME}" export BIRDHOUSE_POSTGRES_PASSWORD="${__DEFAULT__BIRDHOUSE_POSTGRES_PASSWORD}" export POSTGRES_MAGPIE_USERNAME="${__DEFAULT__POSTGRES_MAGPIE_USERNAME}" export POSTGRES_MAGPIE_PASSWORD="${__DEFAULT__POSTGRES_MAGPIE_PASSWORD}" export GEOSERVER_ADMIN_USER="${__DEFAULT__GEOSERVER_ADMIN_USER}" export GEOSERVER_ADMIN_PASSWORD="${__DEFAULT__GEOSERVER_ADMIN_PASSWORD}" ############################################################################# # Optional vars ############################################################################# # Extra dirs possibly containing: # * `docker-compose-extra.yml` file to override the default docker-compose.yml file # * `default.env` file to provide extra defaults for each component # * `pre-docker-compose-up` script to execute before `docker-compose up` # * `post-docker-compose-up` script to execute after `docker-compose up` # # Useful to split configs into different dirs leveraging docker-compose # override capabilities, see https://docs.docker.com/compose/extends/. # # Relative paths are relative to the main docker-compose.yml file. # # Possible use-cases: # # * Split config to have all private and sensitive infos in a different # config dir. # # * Manage different env (prod, stating, dev, ...) with each env specific # config in its own dir leaving the default config dir with generic/common # config only. # # * Assemble different combinations of components/functionalities by including # only the config/docker-compose fragment necessary. # # Last dir/component in the BIRDHOUSE_EXTRA_CONF_DIRS list have highest override # precedence, example: # # * Last docker-compose volume mount to same destination win over the # previous docker-compose volume mount. # # * Last default.env can change the values of all previous default.env. # # * Last pre/post docker-compose-up script can potentially undo actions # from previous scripts. # # Suggested to keep the private-config-repo last in the list to be able to # override anything. # # Note that a component listed in BIRDHOUSE_DEFAULT_CONF_DIRS and BIRDHOUSE_EXTRA_CONF_DIRS # will load any dependant components (defined in the COMPONENT_DEPENDENCIES # variable) immediately after the specified component. # # Format: space separated list of dirs # #export BIRDHOUSE_EXTRA_CONF_DIRS="/path/to/dir1 ./path/to/dir2 dir3 dir4" #export BIRDHOUSE_EXTRA_CONF_DIRS=" # ./components/canarie-api # ./components/geoserver # ./components/finch # ./components/raven # ./components/hummingbird # ./components/thredds # ./components/portainer # ./components/jupyterhub # ./components/monitoring # ./components/weaver # ./components/scheduler # ./components/s3 # ./optional-components/canarie-api-full-monitoring # ./optional-components/emu # ./optional-components/testthredds # ./optional-components/generic_bird # ./optional-components/all-public-access # ./optional-components/secure-thredds # ./optional-components/database-external-ports # ./optional-components/wps-healthchecks # ./optional-components/test-weaver # ./optional-components/test-geoserver-secured-access # ./optional-components/mount-thredds-to-s3 # /path/to/private-config-repo #" ############################################################# # Scheduler Job and autodeploy variables ############################################################# # If the scheduler component is enabled in BIRDHOUSE_EXTRA_CONF_DIRS you can select which jobs you # would like to enable by the components whose names start with scheduler-job in the optional-components # directory. # # Additional configuration options for these jobs can be found below. # # Autodeploy options: # # Extra repos, than the current repo, the autodeploy should keep up-to-date. # Any changes to these extra repos will also trigger autodeploy. # # Useful to save the instantiated version of this env.local config file and # any custom docker-compose-extra.yml from the previous BIRDHOUSE_EXTRA_CONF_DIRS var. # # Note: # # * These extra repos should be git repos for the out-of-date detection to # work to trigger autodeploy. If you just have a regular folder, do not add # it here, out-of-date detection currently only works for git repos. # # * To preserve write permissions for your user, run once for this repo and # once each time BIRDHOUSE_AUTODEPLOY_EXTRA_REPOS changes: # deployment/fix-write-perm # # Format: space separated list of full path to dirs #export BIRDHOUSE_AUTODEPLOY_EXTRA_REPOS="/path/to/dir1 /path/to/dir2 /path/to/dir3" #export BIRDHOUSE_AUTODEPLOY_EXTRA_REPOS="/path/to/private-config-containing-env.local" # For each git repo in BIRDHOUSE_AUTODEPLOY_EXTRA_REPOS that use ssh to clone/fetch # instead of https, provide its corresponding ssh deploy key in this dir. # # See instructions in deployment/deploy.sh or # https://developer.github.com/v3/guides/managing-deploy-keys/#deploy-keys for # how to create deploy key for your git repos. # # The autodeploy mechanism runs inside its own container so environment # variables are not the same inside and outside the container. Do not use # any environment vars, use their fully resolved values. # # Format of keys inside the dir: {repo-name-1}_deploy_key, # {repo-name-2}_deploy_key, ... # # If '{repo-name}_deploy_key' file is not found, default to # 'id_rsa_git_ssh_read_only' so if multiple private repos share the same ssh # deploy key, you can just name that shared key id_rsa_git_ssh_read_only and # create {repo-name}_deploy_key only for repo specific key. # # Example of keys inside the dir: dir1_deploy_key, dir2_deploy_key, # private-config-containing-env.local_deploy_key, # id_rsa_git_ssh_read_only # #export BIRDHOUSE_AUTODEPLOY_DEPLOY_KEY_ROOT_DIR="/path/to/ssh-deploy-keys-for-all-repos" # Frequency to trigger the various autodeploy tasks. # See default.env for default. # # For all possible syntax, see implementation at # https://github.com/Ouranosinc/docker-crontab/blob/3ac8cfa363b3f2ffdd0ead6089d355ff84521dc9/docker-entrypoint#L137-L184 # # Ex: # - daily at 5:07 AM: "7 5 * * *" # - daily at midnight: "0 0 * * *" or "@daily"/"@midnight" # - hourly: ""0 * * * *" or "@hourly" # - every 2 hours: "*/120 * * * *" or "@every 2h" # - every 5 minutes: "*/5 * * * *" or "@every 5m" # # "Platform" are all the git repos in BIRDHOUSE_AUTODEPLOY_EXTRA_REPOS. #export BIRDHOUSE_AUTODEPLOY_PLATFORM_FREQUENCY="@every 5m" # # "Notebook" are all the tutorial notebooks on Jupyter. #export BIRDHOUSE_AUTODEPLOY_NOTEBOOK_FREQUENCY="@every 5m" # Add more jobs to ./components/scheduler/config.yml # # Potential usages: other deployment, backup jobs on the same machine # #export BIRDHOUSE_AUTODEPLOY_EXTRA_SCHEDULER_JOBS="" # The scheduler runs as the root user so new/updated files will be owned by root after the code is updated. # If BIRDHOUSE_AUTODEPLOY_CODE_OWNERSHIP if set, the ownership of all files and directories in this repo will be set to that user # after each autodeploy update. # BIRDHOUSE_AUTODEPLOY_CODE_OWNERSHIP should contain uids instead of usernames since usernames within a docker container will # not necessarily line up with those on the host system. # BIRDHOUSE_AUTODEPLOY_CODE_OWNERSHIP should be set to a constant value (eg. "1000" not "$(id -u)") since this will be evaluated # within the autodeploy docker container as the root user. #export BIRDHOUSE_AUTODEPLOY_CODE_OWNERSHIP="1000:1000" # Mount point on host machine for the scheduler to write data from log rotations # (note: if using 'BIRDHOUSE_DATA_PERSIST_ROOT', it must be defined earlier, either in this file or from 'default.env') #export BIRDHOUSE_LOGROTATE_DATA_DIR='${BIRDHOUSE_DATA_PERSIST_ROOT}/logrotate' # These variables configure the scheduler-job-clean_old_files component # # For all options below: # - variables that end with SCHEDULER_JOB_CLEAN_OLD_FILES_ENABLED will enable the a clean_old_files job for the relevant component if set to 'true' # - variables that end with DELETE_FILES_OLDER_THAN set a number of days. Files older than this number of days will be deleted every time # the scheduler-job-clean_old_files scheduler job runs. # - variables that end with DELETE_FILES_TIME_MODE is used by the find command to calculate the age of a file: # - atime: delete files that haven't been accessed in X days # - mtime: delete files that haven't been modified in X days # - mmin: delete files that haven't been modified in X minutes # - ctime: delete files that were created more than X days ago # - variables that end with SCHEDULER_JOB_CLEAN_OLD_FILES_FREQUENCY set the frequency at which the relevant clean old files job should be run. This # value is a string that conforms to the cron schedule format. # # Note that this will also delete directories that match the DELETE_FILES_TIME_MODE and DELETE_FILES_OLDER_THAN filters only if that directory # is empty once the scheduler-job-clean_old_files scheduler job finishes running. # # Delete old WPS output files generated by the finch WPS component #export SCHEDULER_JOB_CLEAN_OLD_FILES_FINCH_OLDER_THAN= # unset by default if this job is enabled this must be set to an integer #export SCHEDULER_JOB_CLEAN_OLD_FILES_FINCH_TIME_MODE=atime #export SCHEDULER_JOB_CLEAN_OLD_FILES_FINCH_FREQUENCY="5 4 * * 0" # weekly on Sunday at 4:05 #export SCHEDULER_JOB_CLEAN_OLD_FILES_FINCH_ENABLED=false # # Delete old WPS output files generated by the hummingbird WPS component #export SCHEDULER_JOB_CLEAN_OLD_FILES_HUMMINGBIRD_OLDER_THAN= # unset by default if this job is enabled this must be set to an integer #export SCHEDULER_JOB_CLEAN_OLD_FILES_HUMMINGBIRD_TIME_MODE=atime #export SCHEDULER_JOB_CLEAN_OLD_FILES_HUMMINGBIRD_FREQUENCY="10 4 * * 0" # weekly on Sunday at 4:10 #export SCHEDULER_JOB_CLEAN_OLD_FILES_HUMMINGBIRD_ENABLED=false # # Delete old WPS output files generated by the raven WPS component #export SCHEDULER_JOB_CLEAN_OLD_FILES_RAVEN_OLDER_THAN= # unset by default if this job is enabled this must be set to an integer #export SCHEDULER_JOB_CLEAN_OLD_FILES_RAVEN_TIME_MODE=atime #export SCHEDULER_JOB_CLEAN_OLD_FILES_RAVEN_FREQUENCY="10 4 * * 0" # weekly on Sunday at 4:10 #export SCHEDULER_JOB_CLEAN_OLD_FILES_RAVEN_ENABLED=false # # Delete old log files generated by the thredds component #export SCHEDULER_JOB_CLEAN_OLD_FILES_THREDDS_OLDER_THAN= # unset by default if this job is enabled this must be set to an integer #export SCHEDULER_JOB_CLEAN_OLD_FILES_THREDDS_TIME_MODE=mtime #export SCHEDULER_JOB_CLEAN_OLD_FILES_THREDDS_FREQUENCY="20 4 * * 0" # weekly on Sunday at 4:20 #export SCHEDULER_JOB_CLEAN_OLD_FILES_THREDDS_ENABLED=false # These variables configure the scheduler-job-backup component # Schedule for when to run the job to automatically back up data #export SCHEDULER_JOB_BACKUP_FREQUENCY='1 1 * * *' # at 1:01 am daily # Extra arguments to pass to the 'bin/birdhouse backup create' command when backing up data # The example below backs up everything (application data, user data, and log data for all components as well as birdhouse and docker logs # and the local environment file). #SCHEDULER_JOB_BACKUP_ARGS='-a \* -u \* -l \* --birdhouse-logs --local-env-file' ############################################################# # proxy access variables ############################################################# # Content of "location /" in file config/proxy/conf.d/all-services.include.template # Useful to have a custom homepage. # Default: #export BIRDHOUSE_PROXY_ROOT_LOCATION="return 302 https://\$host/magpie;" # Note that the default homepage will become the jupyterhub login page if the jupyterhub component is enabled. # If the jupyterhub component is not enabled, it is highly recommended to create a custom homepage since the magpie # landing page is not the most user-friendly option. # Sample, remember to add this /data/homepage volume mount to proxy container. # See PR https://github.com/bird-house/birdhouse-deploy-ouranos/pull/11. #export BIRDHOUSE_PROXY_ROOT_LOCATION="alias /data/homepage/;" # List of possible parameters for Nginx listen directive: # https://nginx.org/en/docs/http/ngx_http_core_module.html#listen # One useful param is "http2" to enable HTTP/2 protocol. #export PROXY_LISTEN_443_PARAMS="" #export PROXY_LISTEN_80_PARAMS="" # Public (on the internet) fully qualified domain name of this Birdhouse # installation. This is optional so default to the same internal BIRDHOUSE_FQDN if # not set. #export BIRDHOUSE_FQDN_PUBLIC="$BIRDHOUSE_FQDN" # If BIRDHOUSE_ALLOW_UNSECURE_HTTP is enabled, port 80 will not redirect to 443 # anymore and will have the same service definitions as 443. # # This is so we can use pagekite proper SSL certificate. Pagekite will # hit port 80 instead of 443 and will be the one providing the SSL cert. # # Port 443 is still active with whatever the SSL cert it was given before. # # Set to "True" to allow traffic on unsecure port 80. # This is for debugging only, do Not set this on a Production server. # #export BIRDHOUSE_ALLOW_UNSECURE_HTTP="" # CORS settings for the proxy to control which origins are allowed to access the service endpoints. # Set to "*" to allow all origins by default. # If explicitly set to empty string or omitted, it will also employ "*" by default. # If you want to restrict access, set this to the space-delimited allowed domain(s). # Can use other variables if needed (e.g.: '${BIRDHOUSE_PROXY_SCHEME}://${BIRDHOUSE_FQDN_PUBLIC}'). # Consider that adjusting this parameter could require other CORS-related settings to be adjusted as well # for specific components, such as the 'STAC_CORS_ORIGINS' variable for STAC. Refer to its documentation for details. #export BIRDHOUSE_PROXY_CORS_ALLOW_ORIGIN="*" ############################################################# # JupyterHub variables ############################################################# # Jupyter single-user server images #export JUPYTERHUB_DOCKER_NOTEBOOK_IMAGES="pavics/workflow-tests:py312-260415 \ # pavics/crim-jupyter-eo:0.3.0 \ # pavics/crim-jupyter-nlp:0.4.0 \ # birdhouse/pavics-jupyter-base:mlflow-proxy" # Name of the images displayed on the JupyterHub image selection page # The name order must correspond to the order of the JUPYTERHUB_DOCKER_NOTEBOOK_IMAGES variable, # and both variables should have the same number of entries. # Note that the selection names are also used as directory names for the tutorial-notebooks directories mounted when # starting the corresponding image. The name can use the '' or the ':' format. The version will be # excluded when mounting the corresponding directory. #export JUPYTERHUB_IMAGE_SELECTION_NAMES="pavics \ # eo-crim:0.3.0 \ # nlp-crim \ # mlflow-crim" # allow jupyterhub user selection of which notebook image to run # see https://jupyter-docker-stacks.readthedocs.io/en/latest/using/selecting.html # Note: the JUPYTERHUB_ENABLE_MULTI_NOTEBOOKS setting is DEPRECATED. Use the JUPYTERHUB_ALLOWED_IMAGES variable below instead #export JUPYTERHUB_ENABLE_MULTI_NOTEBOOKS=" #c.DockerSpawner.allowed_images = { # os.environ['JUPYTERHUB_IMAGE_SELECTION_NAMES'].split()[0]: os.environ['JUPYTERHUB_DOCKER_NOTEBOOK_IMAGES'].split()[0], # os.environ['JUPYTERHUB_IMAGE_SELECTION_NAMES'].split()[1]: os.environ['JUPYTERHUB_DOCKER_NOTEBOOK_IMAGES'].split()[1], # os.environ['JUPYTERHUB_IMAGE_SELECTION_NAMES'].split()[2]: os.environ['JUPYTERHUB_DOCKER_NOTEBOOK_IMAGES'].split()[2], # os.environ['JUPYTERHUB_IMAGE_SELECTION_NAMES'].split()[3]: os.environ['JUPYTERHUB_DOCKER_NOTEBOOK_IMAGES'].split()[3], # 'jupyter/scipy-notebook': 'jupyter/scipy-notebook', # 'jupyter/r-notebook': 'jupyter/r-notebook', # 'jupyter/tensorflow-notebook': 'jupyter/tensorflow-notebook', # 'jupyter/datascience-notebook': 'jupyter/datascience-notebook', # 'jupyter/pyspark-notebook': 'jupyter/pyspark-notebook', # 'jupyter/all-spark-notebook': 'jupyter/all-spark-notebook', #} #" # allow jupyterhub user selection of which jupyterlab images to run # see https://jupyter-docker-stacks.readthedocs.io/en/latest/using/selecting.html # JUPYTERHUB_ALLOWED_IMAGES is a yaml or JSON mapping of image names to jupyterlab docker image tags. # By default (if JUPYTERHUB_ALLOWED_IMAGES is not set) then the user will be allowed to select all images # defined by the JUPYTERHUB_DOCKER_NOTEBOOK_IMAGES and JUPYTERHUB_IMAGE_SELECTION_NAMES. # # For example, if the JUPYTERHUB_DOCKER_NOTEBOOK_IMAGES and JUPYTERHUB_IMAGE_SELECTION_NAMES are defined as # show above, then leaving JUPYTERHUB_ALLOWED_IMAGES unset is equivalent to: # #export JUPYTERHUB_ALLOWED_IMAGES=' #pavics: "pavics/workflow-tests:py311-250423-update250730" #eo-crim:0.3.0: "pavics/crim-jupyter-eo:0.3.0" #nlp-crim: "pavics/crim-jupyter-nlp:0.4.0" #mlflow-crim: "birdhouse/pavics-jupyter-base:mlflow-proxy" #' # # To get the same settings as the (deprecated) JUPYTERHUB_ENABLE_MULTI_NOTEBOOKS settings above you can # set the variable as: # #export JUPYTERHUB_ALLOWED_IMAGES=' #pavics: "pavics/workflow-tests:py311-250423-update250730" #eo-crim:0.3.0: "pavics/crim-jupyter-eo:0.3.0" #nlp-crim: "pavics/crim-jupyter-nlp:0.4.0" #mlflow-crim: "birdhouse/pavics-jupyter-base:mlflow-proxy" #jupyter/scipy-notebook: jupyter/scipy-notebook #jupyter/r-notebook: jupyter/r-notebook #jupyter/tensorflow-notebook: jupyter/tensorflow-notebook #jupyter/pyspark-notebook: jupyter/pyspark-notebook #jupyter/all-spark-notebook: jupyter/all-spark-notebook #' # Load jobs to automatically deploy the custom notebooks from the specific images # # Ensure we always use the "latest" version of the "cronjob generation code" # Path to a checked out repo of "pavics-jupyter-base" (https://github.com/bird-house/pavics-jupyter-base) # which contains the config required for the cronjob generation #CHECKOUT_PAVICS_JUPYTER_BASE="/path/to/checkout/pavics-jupyter-base" #export BIRDHOUSE_AUTODEPLOY_EXTRA_REPOS="$BIRDHOUSE_AUTODEPLOY_EXTRA_REPOS $CHECKOUT_PAVICS_JUPYTER_BASE" # Config for the generation of cronjobs, found on external repo #DEPLOY_DATA_PAVICS_JUPYTER_ENV="$CHECKOUT_PAVICS_JUPYTER_BASE/scheduler-jobs/deploy_data_pavics_jupyter.env" # Generates a cronjob for each image found in DOCKERNOTEBOOK_IMAGES #if [ -f "$DEPLOY_DATA_PAVICS_JUPYTER_ENV" ]; then # . $DEPLOY_DATA_PAVICS_JUPYTER_ENV #fi # Activates mounting a tutorial-notebooks subfolder that has the same name as the spawned image on JupyterHub # This variable is only useful if there are more than one image in JUPYTERHUB_DOCKER_NOTEBOOK_IMAGES # and JUPYTERHUB_ENABLE_MULTI_NOTEBOOKS is set with a proper c.DockerSpawner.image_whitelist # matching the images in JUPYTERHUB_DOCKER_NOTEBOOK_IMAGES and their corresponding JUPYTERHUB_IMAGE_SELECTION_NAMES. # export JUPYTERHUB_MOUNT_IMAGE_SPECIFIC_NOTEBOOKS=true # The parent folder where all the user notebooks will be stored. # For example, a user named "bob" will have his data in $JUPYTERHUB_USER_DATA_DIR/bob # and this folder will be mounted when he logs into JupyterHub. # (note: if using 'BIRDHOUSE_DATA_PERSIST_ROOT', it must be defined earlier, either in this file or from 'default.env') #export JUPYTERHUB_USER_DATA_DIR="$BIRDHOUSE_DATA_PERSIST_ROOT/jupyterhub_user_data" # Path to the file containing the clientID for the google drive extension for jupyterlab # This file will be mounted into JupyterLab instances. # It should contain the following data : {"clientId":""} # To setup a project and find the clientID, check the doc at : # https://github.com/jupyterlab/jupyterlab-google-drive/blob/master/docs/setup.md #export JUPYTER_GOOGLE_DRIVE_SETTINGS= # URL to terms and conditions for logging into Jupyter. # If this option is set, the login button will be disabled until user check the # checkbox agreeing to the terms and conditions. #export JUPYTER_LOGIN_TERMS_URL="https://host/path/to/terms" # Path to custom README for welcoming and guiding new users to Jupyterhub. # If this path is changed, users will have to restart their personal Jupyter # server for the change to take effect. #export JUPYTERHUB_README="/path/to/README.ipynb" # Previous default value. #export JUPYTERHUB_README="$JUPYTERHUB_USER_DATA_DIR/README.ipynb" #if [ ! -f "$JUPYTERHUB_README" ]; then # # Do not volume-mount non existing file on disk, will create false empty dir. # # This would happen if the autodeploy of JUPYTERHUB_README has not had the # # chance to run yet. # export JUPYTERHUB_README="" #fi # Timeout (in seconds, default: 3 days) to shut down the user server when no kernels or terminals # are running and there is no activity. If undefined or set to zero, the feature will not be enabled. #export JUPYTER_IDLE_SERVER_CULL_TIMEOUT=259200 # Timeout (in seconds, default: 1 day) after which individual # user kernels/terminals are considered idle and ready to be culled. #export JUPYTER_IDLE_KERNEL_CULL_TIMEOUT=86400 # Interval (in seconds) on which to check for idle kernels exceeding the cull timeout value. # Enabled only if 'JUPYTER_IDLE_KERNEL_CULL_TIMEOUT' is provided and greater than zero. # If this value is not provided, equal to zero, or is set higher than 'JUPYTER_IDLE_KERNEL_CULL_TIMEOUT', # it will be automatically reduced by half of the timeout value to ensure that it can be effective. #export JUPYTER_IDLE_KERNEL_CULL_INTERVAL=0 # The following variables can be used to configure additional authentication settings for jupyterhub # # 32 byte hex-encoded key used to encrypt a user's authentication state in the juptyerhub database. # If set, jupyterhub will periodically check if the user still has permission to access jupyterhub (according to Magpie) # This may be a semicolon-separated list of encryption keys. If there are multiple keys present, the first key is always # used to persist any new auth_state. # To generate a key the following command can be used: `openssl rand -hex 32` # See for more details: https://jupyterhub.readthedocs.io/en/stable/reference/authenticators.html#authentication-state #export JUPYTERHUB_CRYPT_KEY= # # Jupyterhub will check if the current logged in user still has permission to access jupyterhub (according to Magpie) # if their authentication information is older that this value (in seconds). This value is only applied if # JUPYTERHUB_CRYPT_KEY is set. #export JUPYTERHUB_AUTHENTICATOR_REFRESH_AGE=60 # Resource limits for JupyterLab containers. Resource limits can be set per Magpie user or group. # The value for this variable is a yaml or JSON array of mappings with the following keys: "type" (either "user" # or "group"), "name" (the name of the group or user to apply the limits to) and "limits" (see below). For example: # export JUPYTERHUB_RESOURCE_LIMITS=' # [ # {"type": "user", "name": "user1", "limits": {"mem_limit": "30G"}}, # {"type": "group", "name": "group1", "limits": {"mem_limit": "10G", "cpu_limit": 1}}, # {"type": "group", "name": "group2", "limits": {"cpu_limit": 3, "gpu_ids": [0, 3, 4]}}, # {"type": "user", "name": "user2", "limits": {"gpu_ids": ["1", "2", "3"], "gpu_count": 2}} # ] #' # Supported limits are: "mem_limit", "cpu_limit", "gpu_count", "gpu_ids". # For a JSON schema describing the structure of this JSON array see # birdhouse/components/jupyterhub/resource-limit.schema.json # See the Jupyterhub Dockerspawner documentation # for details and supported values for mem_limit and cpu_limit. # - https://jupyterhub-dockerspawner.readthedocs.io/en/latest/api/index.html#dockerspawner.DockerSpawner.cpu_limit # - https://jupyterhub-dockerspawner.readthedocs.io/en/latest/api/index.html#dockerspawner.DockerSpawner.mem_limit # gpu_ids are an array of the GPU uuids or zero based indexes of the GPUs that you want to make available # to the user or group. GPU uuids and indexes can be discovered by running the `nvidia-smi --list-gpus` command or similar # (such as `amd-smi list` for AMD GPUs). Uuids are preferred as they remain stable across the life of the GPU. Mixing indexes and uuids # is possible but discouraged since it makes it possible to select the same GPU multiple times. # If gpu_count is also specified, this is an integer indicating how many GPUs to make available to that user or group. # If gpu_count is not specified, then exactly one GPU will be randomly selected. # For example, if {"gpu_ids": ["1","2","6"], "gpu_count": 2} then two GPUs will be randomly selected from the gpu_ids list. # Note that this will not create the groups in Magpie, that must be done manually. # Note that if a user belongs to multiple groups, later values in `JUPYTERHUB_RESOURCE_LIMITS` will take # precedence. For example, if a user named user1 belongs to group1 and group2 then the following limits will apply: # - mem_limit=10G (because group1 is later in the list) # - cpu_limit=3 (because group2 is later in the list) # - gpu_ids=0,3,4 #export JUPYTERHUB_RESOURCE_LIMITS= # Allow for adding new config or override existing config in # config/jupyterhub/jupyterhub_config.py.template. # #export JUPYTERHUB_CONFIG_OVERRIDE=" # # Sample below will allow for sharing notebooks between Jupyter users. # Note all shares are public. # ### public-read paths # ## /data/jupyterhub_user_data/public-share/ #public_read_on_disk = join(jupyterhub_data_dir, 'public-share') # ## /notebook_dir/public-share/ #public_read_in_container = join(notebook_dir, 'public-share') # #c.DockerSpawner.volumes.update({public_read_on_disk: { # 'bind': public_read_in_container, # 'mode': 'ro', #}}) # ### public-share paths # ## /data/jupyterhub_user_data/public-share/{username}-public #public_share_on_disk = join(public_read_on_disk, '{username}-public') # ## /notebook_dir/mypublic-share #public_share_in_container = join(notebook_dir, 'mypublic-share') # #c.DockerSpawner.volumes.update({public_share_on_disk: { # 'bind': public_share_in_container, # 'mode': 'rw', #}}) # ## If enabling the public-share paths above, make sure that the paths in the container don't conflict ## with the PUBLIC_WORKSPACE_WPS_OUTPUTS_SUBDIR path. # ### create dir with proper permissions # #def custom_create_dir_hook(spawner): # username = spawner.user.name # # perso_public_share_dir = public_share_on_disk.format(username=username) # # for dir_to_create in [public_read_on_disk, perso_public_share_dir]: # if not os.path.exists(dir_to_create): # os.mkdir(dir_to_create, 0o755) # # subprocess.call(['chown', '-R', '1000:1000', public_read_on_disk]) # #c.Spawner.pre_spawn_hook = custom_create_dir_hook #" # Usernames that should be given admin access in jupyterhub # By default, only the MAGPIE_ADMIN_USERNAME user is given admin access. Update this variable only if you wish # to give additional users admin access by default. # Note that you can also give users admin access through the jupyterhub UI. # This option is DEPRECATED (assign jupyterhub admin users to magpie group named JUPYTERHUB_ADMIN_GROUP_NAME in magpie instead) #export JUPYTERHUB_ADMIN_USERS='{\"${MAGPIE_ADMIN_USERNAME}\", \"othername\"}' # python set syntax # Users that belong to this group will have admin permissions when they log in to jupyterhub. # By setting this variable this group will be created if it doesn't exist # By default, only the MAGPIE_ADMIN_USERNAME user is given admin access. #export JUPYTERHUB_ADMIN_GROUP_NAME=jupyterhub-admin # Extra PyWPS config for **all** WPS services (currently only Flyingpigeon, Finch and Raven supported). # export BIRDHOUSE_EXTRA_PYWPS_CONFIG=" # [logging] # level = DEBUG # " ############################################################# # THREDDS variables ############################################################# # Name of organization hosting the Thredds server #export THREDDS_ORGANIZATION="Birdhouse" #export THREDDS_DATASET_LOCATION_ON_CONTAINER='/birdhouse-ncml' # this default is for backward compatibility #export THREDDS_SERVICE_DATA_LOCATION_ON_CONTAINER='/birdhouse-data' # this default is for backward compatibility #export THREDDS_DATASET_LOCATION_ON_HOST='${BIRDHOUSE_DATA_PERSIST_ROOT}/ncml' # this default is for backward compatibility #export THREDDS_SERVICE_DATA_LOCATION_ON_HOST='${BIRDHOUSE_DATA_PERSIST_ROOT}/datasets' # this default is for backward compatibility #export THREDDS_DATASET_LOCATION_NAME='Datasets' # this default is for backward compatibility #export THREDDS_SERVICE_DATA_LOCATION_NAME='Birdhouse' # this default is for backward compatibility #export THREDDS_DATASET_URL_PATH='datasets' # this default is for backward compatibility #export THREDDS_SERVICE_DATA_URL_PATH='birdhouse' # this default is for backward compatibility # Additional catalogs for THREDDS. Add as many datasetScan XML blocks as needed to THREDDS_ADDITIONAL_CATALOG. # Each block defines a new top-level catalog. See birdhouse/components/thredds/catalog.xml.template for more information. export THREDDS_ADDITIONAL_CATALOG='' #export THREDDS_ADDITIONAL_CATALOG=' # # # # all # # # # # # # # # # # # #' # It is possible to define additional compound services in the THREDDS_ADDITIONAL_CATALOG variable as well. # This may be useful if you are creating a catalog that only provides a subset of the services defined in the # compound service named "all" (see birdhouse/components/thredds/catalog.xml.template). # DO NOT define any non-compound services in THREDDS_ADDITIONAL_CATALOG that is not an exact copy of one of the # variables defined in "all"! Especially, do not change the "base" attribute of any existing service. # Doing so may break the way that access permissions are enforced when accessing data through this service. # Additional file filters to add for the Service Data THREDDS dataset. By default, the Service Data dataset will only # serve files with the following extensions: .nc .ncml .txt .md .rst .csv # If you need this dataset to serve other files you should update the THREDDS_SERVICE_DATA_EXTRA_FILE_FILTERS to add # additional file filters. # This may be useful to set if a WPS outputs files to the wps_outputs/ directory (hosted under the Service Data dataset) # in a file format other than one of the defaults. # See the example below which would also enable serving .png and .h5 files. #export THREDDS_SERVICE_DATA_EXTRA_FILE_FILTERS=" # # #" # Set this variable to customize the body of the XML element for the main THREDDS dataset. This is typically # the dataset where you would store most of the data served by THREDDS (additional datasets can be configured by setting the # THREDDS_ADDITIONAL_CATALOG variable). # By default, the main dataset will only serve files with the following extensions: .nc .ncml .txt .md .rst .csv and will use # the THREDDS service named "all" (see components/thredds/catalog.xml.template). However this can be customized if desired. # See the example below which would change the configuration to serve .h5, .md, and .json files. # See the THREDDS documentation for the element for all configuration options. #export THREDDS_DATASET_DATASETSCAN_BODY=" # # all # # # # # # # #" # Files served by THREDDS are considered to either contain data or metadata (or both). The THREDDS Magpie service allows # us to handle access permissions different for metadata vs. data. Magpie let's users with "browse" permissions access # metadata but only users with "read" permissions can access data. # By accessing files through different THREDDS services (see THREDDS documentation), we can either read the metadata with # "browse" permissions or the data itself with "read" permissions. For example, by default a NetCDF file can be accessed # using the NCML service to get its metadata or through the NCSS service to access the data itself. # # If you have a file that you would like to be treated as metadata (Magpie will allow users with "browse" permissions to # access it) no matter which THREDDS service is used to access it, add the file pattern to the `THREDDS_MAGPIE_EXTRA_METADATA_PREFIXES` # variable. Similarly, if you have a file that you would like to be treated as data no matter which THREDDS service is used # to access it, add the file pattern to the `THREDDS_MAGPIE_EXTRA_DATA_PREFIXES` variable. # # For example, if you want all files with a .h5 extension to be treated as data files in all cases, add '".+\\.h5"' to the # `THREDDS_MAGPIE_EXTRA_DATA_PREFIXES` variable. Note that values are regular expressions (python) where slashes are double # escaped. Expressions should be surrounded by double quotes and if multiple expressions are included they should be comma # delimited. # # Current defaults are: #export THREDDS_MAGPIE_EXTRA_METADATA_PREFIXES='".+\\.txt", ".+\\.md", ".+\\.rst"' #export THREDDS_MAGPIE_EXTRA_DATA_PREFIXES='' ############################################################# # Magpie variables (user/group/permission management) ############################################################# # Allow using Github as external AuthN/AuthZ provider with Magpie # To setup Github as login, goto under section [OAuth Apps] # and create a new Magpie application with configurations: # # Homepage URL: ${BIRDHOUSE_PROXY_SCHEME}://${BIRDHOUSE_FQDN} # Authorization callback URL: ${BIRDHOUSE_PROXY_SCHEME}://${BIRDHOUSE_FQDN}/magpie/providers/github/signin # # Then, specify obtained Github client ID/Secret for this Magpie OAuth App with following variables. # #export MAGPIE_GITHUB_CLIENT_ID=#### #export MAGPIE_GITHUB_CLIENT_SECRET=#### # Magpie DB name #export MAGPIE_DB_NAME="magpiedb" # Magpie user registration and approvals # For more details, see : # https://pavics-magpie.readthedocs.io/en/latest/configuration.html#user-registration-and-approval-configuration # https://pavics-magpie.readthedocs.io/en/latest/authentication.html#user-registration #export MAGPIE_USER_REGISTRATION_ENABLED=false #export MAGPIE_USER_REGISTRATION_SUBMISSION_EMAIL_TEMPLATE="" #export MAGPIE_USER_REGISTRATION_APPROVAL_ENABLED=false #export MAGPIE_USER_REGISTRATION_APPROVAL_EMAIL_RECIPIENT="" #export MAGPIE_USER_REGISTRATION_APPROVAL_EMAIL_TEMPLATE="" #export MAGPIE_USER_REGISTRATION_APPROVED_EMAIL_TEMPLATE="" #export MAGPIE_USER_REGISTRATION_DECLINED_EMAIL_TEMPLATE="" #export MAGPIE_USER_REGISTRATION_NOTIFY_ENABLED=false #export MAGPIE_USER_REGISTRATION_NOTIFY_EMAIL_RECIPIENT="" #export MAGPIE_USER_REGISTRATION_NOTIFY_EMAIL_TEMPLATE="" # Magpie user assignment to groups with terms & conditions #export MAGPIE_GROUP_TERMS_SUBMISSION_EMAIL_TEMPLATE="" #export MAGPIE_GROUP_TERMS_APPROVED_EMAIL_TEMPLATE="" # Magpie smtp server configuration # See https://pavics-magpie.readthedocs.io/en/latest/configuration.html#application-settings #export MAGPIE_SMTP_FROM="" #export MAGPIE_SMTP_HOST="" #export MAGPIE_SMTP_PORT="465" #export MAGPIE_SMTP_SSL=true #export MAGPIE_SMTP_PASSWORD="" # Network mode settings. See for details: # https://pavics-magpie.readthedocs.io/en/latest/configuration.html#network-mode-settings # Note: if MAGPIE_NETWORK_CREATE_MISSING_PEM_FILE is false you can manually create a private key # by running: # bin/birdhouse compose run --rm magpie magpie_create_private_key # For usage options, run the command above with the `--help` flag at the end. #export MAGPIE_NETWORK_ENABLED=true # Note: by default network mode is off (false) #export MAGPIE_NETWORK_INSTANCE_NAME=thisinstance # Note: this must be a unique name in the network so no default is set #export MAGPIE_NETWORK_DEFAULT_TOKEN_EXPIRY=86400 #export MAGPIE_NETWORK_INTERNAL_TOKEN_EXPIRY=30 #export MAGPIE_NETWORK_TOKEN_NAME=magpie_token #export MAGPIE_NETWORK_PROVIDER=magpie_network #export MAGPIE_NETWORK_NAME_PREFIX=magpie_network_ #export MAGPIE_NETWORK_GROUP_NAME=magpie_network #export MAGPIE_NETWORK_PEM_FILES=key.pem # These files must be relative paths from the MAGPIE_NETWORK_PEM_DIR directory #export MAGPIE_NETWORK_PEM_PASSWORDS= #export MAGPIE_NETWORK_CREATE_MISSING_PEM_FILE=true # Set to 'false' if using self-signed SSL certificate #export BIRDHOUSE_VERIFY_SSL="true" # Jupyter public demo account with limited computing resources for security reasons #export JUPYTER_DEMO_USER="demo" # Changing any limits requires restarting the jupyter user server #export JUPYTER_DEMO_USER_MEM_LIMIT="2G" # ex: 2G, 500M #export JUPYTER_DEMO_USER_CPU_LIMIT="0.5" # 50% of 1 CPU # See config/jupyterhub/custom_templates/login.html.template #export JUPYTER_LOGIN_BANNER_TOP_SECTION="" #export JUPYTER_LOGIN_BANNER_BOTTOM_SECTION="" ############################################################# # Processing/data services variables ############################################################# # Raven to use the local Geoserver instead of the default production. # See raven/default.env for more info. #export RAVEN_GEO_URL="${BIRDHOUSE_PROXY_SCHEME}://${BIRDHOUSE_FQDN}/geoserver/" # Mount point on host machine to store mongodb server data # (note: if using 'BIRDHOUSE_DATA_PERSIST_ROOT', it must be defined earlier, either in this file or from 'default.env') #export MONGODB_DATA_DIR='${BIRDHOUSE_DATA_PERSIST_ROOT}/mongodb_persist' # Mount point on host machine for cowbird to store data from its mongodb server # (note: if using 'BIRDHOUSE_DATA_PERSIST_ROOT', it must be defined earlier, either in this file or from 'default.env') #export COWBIRD_MONGODB_DATA_DIR='${BIRDHOUSE_DATA_PERSIST_ROOT}/mongodb_cowbird_persist' # Mount point on host machine to store postgres server data # (note: if using 'BIRDHOUSE_DATA_PERSIST_ROOT', it must be defined earlier, either in this file or from 'default.env') #export POSTGRES_DATA_DIR='${BIRDHOUSE_DATA_PERSIST_ROOT}/frontend_persist' # Mount point on host machine for weaver to store data from its mongodb server # (note: if using 'BIRDHOUSE_DATA_PERSIST_ROOT', it must be defined earlier, either in this file or from 'default.env') #export WEAVER_MONGODB_DATA_DIR='${BIRDHOUSE_DATA_PERSIST_ROOT}/mongodb_weaver_persist' # If "True", Weaver providers that are no longer working (not responding when deployed) and are not named in # WEAVER_WPS_PROVIDERS will be unregistered. This is useful when deploying Weaver with fewer providers than a previous # deployment. #export WEAVER_UNREGISTER_DROPPED_PROVIDERS="True" # If "True", requests to the geoserver endpoint will not be authorized through twitcher/magpie # (note: this is NOT recommended but will slightly improve performance when accessing geoserver endpoints) #export GEOSERVER_SKIP_AUTH=True ############################################################################# # Monitoring components configs ############################################################################# # # Below are Mandatory if monitoring component is enabled: #export GRAFANA_ADMIN_PASSWORD=changeme! #export ALERTMANAGER_ADMIN_EMAIL_RECEIVER="user1@example.com,user2@example.com" #export ALERTMANAGER_SMTP_SERVER="smtp.example.com:25" # Below are optional for monitoring component #export ALERTMANAGER_EXTRA_GLOBAL="" #export ALERTMANAGER_EXTRA_ROUTES="" #export ALERTMANAGER_EXTRA_INHIBITION="" #export ALERTMANAGER_EXTRA_RECEIVERS="" # Below are for the prometheus-longterm-metrics optional component #export PROMETHEUS_LONGTERM_RETENTION_TIME=1y # Below are for the thanos optional component # Change these from the default for added security #export THANOS_MINIO_ROOT_USER="${__DEFAULT__THANOS_MINIO_ROOT_USER}" #export THANOS_MINIO_ROOT_PASSWORD="${__DEFAULT__THANOS_MINIO_ROOT_PASSWORD}" # Below are for the prometheus-log-parser optional component #export PROMETHEUS_LOG_PARSER_POLL_DELAY=1 # time in seconds #export PROMETHEUS_LOG_PARSER_TAIL=true ############################################################################# # Emu optional vars ############################################################################# # To enable emu: add './optional-components/emu' to BIRDHOUSE_EXTRA_CONF_DIRS above. # Emu WPS service image if that testing component is enabled #export EMU_IMAGE="tlvu/emu:watchdog" ############################################################################# # Deprecated vars (for components in the ./deprecated-components directory) ############################################################################# export TOMCAT_NCWMS_PASSWORD="${__DEFAULT__TOMCAT_NCWMS_PASSWORD}" export CATALOG_USERNAME="${__DEFAULT__CATALOG_USERNAME}" export CATALOG_PASSWORD="${__DEFAULT__CATALOG_PASSWORD}" export CATALOG_THREDDS_SERVICE="thredds" export PHOENIX_PASSWORD="${__DEFAULT__PHOENIX_PASSWORD}" export PHOENIX_PASSWORD_HASH="${__DEFAULT__PHOENIX_PASSWORD_HASH}" ############################################################################# # Compose vars # https://docs.docker.com/compose/environment-variables/envvars/ # https://docs.docker.com/compose/environment-variables/envvars-precedence/ # https://docs.docker.com/engine/reference/commandline/cli/#environment-variables ############################################################################# # Sets the command to run in order to execute docker compose commands. If you are using a # (very very) old version of docker you may need to override this in the local environment file # as 'docker-compose'. #export DOCKER_COMPOSE='docker compose' # Remove orphans containers, useful when disabling components. # Harmless when left enabled all the time. # Not working at the time of this writing, see https://github.com/docker/compose/issues/11374. # Use BIRDHOUSE_COMPOSE_UP_EXTRA_OPTS below as a work-around. #export COMPOSE_REMOVE_ORPHANS=true # Extra options for 'docker-compose up'. # --remove-orphans useful when disabling components. Harmless when left enabled all the time. #export BIRDHOUSE_COMPOSE_UP_EXTRA_OPTS="--remove-orphans" ############################################################################# # Backup variables # # Used when running the 'bin/birdhouse backup' command and also used by the # optional-components/scheduler-job-backup component. ############################################################################# # The location of a restic environment file (default: ./birdhouse/restic.env). This file contains all the environment variables # used to configure the restic service. See the restic documentation and restic.env.example for details. # Note that setting the RESTIC_PASSWORD_COMMAND variable in this file is not supported by birdhouse, please use the RESTIC_PASSWORD or # RESTIC_PASSWORD_FILE variables instead. #export BIRDHOUSE_BACKUP_RESTIC_ENV_FILE='${COMPOSE_DIR}/restic.env' # The location of a directory that contains an SSH key used to access a remote machine where the restic repository is hosted. # This is only required if the restic repository is accessed using the sftp protocol. # For example: export BIRDHOUSE_BACKUP_SSH_KEY_DIR='${HOME}/.ssh/birdhouse_restic/' #export BIRDHOUSE_BACKUP_SSH_KEY_DIR= # Additional options to pass to the 'restic backup' command when running the 'birdhouse backup create' command. # For example: BIRDHOUSE_BACKUP_RESTIC_BACKUP_ARGS='--skip-if-unchanged --exclude-file "file-i-do-not-want-backedup.txt"' #export BIRDHOUSE_BACKUP_RESTIC_BACKUP_ARGS= # Additional options to pass to the `restic forget` command after running the backup job. This allows you to ensure that restic deletes # old backups according to your backup retention policy. If this is set, then restic will also run the `restic prune` command after # every backup to clean up old backup files. # For example, to store backups daily for 1 week, weekly for 1 month, and monthly for a year: # BIRDHOUSE_BACKUP_RESTIC_FORGET_ARGS='--keep-daily=7 --keep-weekly=4 --keep-monthly=12' #export BIRDHOUSE_BACKUP_RESTIC_FORGET_ARGS= # When restoring representative data to the stac service, use this variable to set the STAC version used by the populator. # This must match the "stac_version" value in the current STAC catalog. #export PYSTAC_STAC_VERSION_OVERRIDE=1.0.0