Configuration reference

Anaconda Repository loads configuration files with the extension .yaml from the following locations:

  • /etc/binstar/
  • /etc/anaconda-server/
  • $PREFIX/etc/anaconda-server

NOTE: $PREFIX is the location where repository is installed.

Files are loaded from these directories in order, with later files overriding earlier files. Files are loaded from each directory in alphabetical order.

If an environment variable ANACONDA_SERVER_CONFIG is set with the path of a configuration file, this file is loaded after the three already listed. Its settings override any conflicting settings in the earlier files.

Each configuration setting variable can have its value set with the anaconda-server-config --set command, or by editing a configuration file.

EXAMPLE: To set a value named VALUE_ONE to 50, add this to a configuration file:

VALUE_ONE: 50

Or, you can set a value named VALUE_ONE to 50 with this command:

anaconda-server-config --set VALUE_ONE 50

Usernames

USER_REGEX

A regular expression that defines the allowable user names.

For example, this setting specifies that user names contain only lowercase letters, periods, plus and minus characters (., + and -):

USER_REGEX: '^[a-z.+-]+$'

NOTE: The default value for USER_REGEX is ^[a-z0-9_][a-z0-9_-]+$ which translates to: at least one alphanumeric character or underscore, followed by zero or more alphanumeric, dash or underscore characters.

NOTE: Escape any extra instances of the single quote character ' as \'. Do not use the slash and ampersand characters / and &, which have special meanings in URLs.

NOTE: If USER_REGEX is changed and the server is restarted, existing usernames that do not match the new USER_REGEX do not cause errors.

Database

Repository uses MongoDB as the database back end.

MONGO_URL

A MongoDB connection URI is used to connect to the MongoDB database server. It can be used to configure the hostname and port, as well as database authentication.

For example:

MONGO_URL: mongodb://anaconda-server:Pa55w0rd@mongodb.serv/

MONGO_DBNAME

The MongoDB database where Repository stores its data.

MQ_DBNAME

The MongoDB database where Repository stores data used for asynchronous processing.

MONGO_REPLICA_SET

The name of a MongoDB replica set Repository connects to after establishing a connection to the database server.

File storage

Repository can serve package contents from a local file-system, or from Amazon Web Services Simple Storage Service: AWS S3.

Storage_type

The storage mechanism to use. Valid choices are fs, for file-system storage, or s3, for AWS S3 storage.

keyname_full_path

When this option is set, Repository stores the files by full paths and not just by hashes. This way a tensorflow file uploaded by the user Bob will be stored on <fs_storage_root>/Bob/tensorflow/osx-64/tensorflow-1.1.0-np112py36_0.tar.bz2-594ac56e7e042600648defdb.

NOTE: The storage path does not always contain the current file owner and their user name. This is because the file location on the storage does not change when you rename a user or transfer a file to a different user.

Fs_storage_root

If configured to use file-system storage, the absolute path to a directory where Repository stores all uploaded packages.

PACKAGE_BUCKET_ID

If configured to use AWS S3 storage, the name of an AWS S3 bucket where Repository stores uploaded packages.

You can identify the name of your bucket by using <bucket> in your http://<bucket>.s3.amazonaws.com URL.

S3_REGION_NAME

The S3 region that the bucket is located in. The available regions can be found in the Amazon AWS documentation.

S3_SERVER_SIDE_ENCRYPTION

This variable can be set to AES256 to enable server-side encryption for packages stored in the S3 bucket.

Notebooks

MAX_IPYNB_SIZE

Specifies the maximum allowed size when uploading notebooks to the server. The default is 25 MB. This variable can be set in config.yaml.

Web server

SERVER_NAME

The name and port number of the server. This option is required for subdomain support.

For example:

SERVER_NAME: anaconda.srv:8080

port

The port number of the server. Defaults to 8080.

subdomains

If set to true, Repository serves conda package from a separate subdomain. Defaults to false.

For example:

SERVER_NAME: anaconda.srv:8080
subdomains: true

Allows access to conda packages at http://conda.anaconda.srv:8080/.

USER_CONTENT_DOMAIN

As a cross-site scripting (XSS) protection, notebook content can be served from a separate domain name. If this option is configured, Repository only serves rendered notebooks from this domain.

See Securing user-created content.

ssl_options

Repository can serve content over HTTPS, using user-provided SSL certificates.

For example:

ssl_options:
    certfile: /etc/anaconda-server/server.crt
    keyfile: /etc/anaconda-server/server.key
PREFERRED_URL_SCHEME: https

certfile

The absolute path to a PEM-formatted X.509 certificate file.

keyfile

The absolute path to a PEM-formatted private key for the associated certificate.

ssl_version

An integer that specifies the SSL protocol version as defined by Python’s ssl module:

PROTOCOL_SSLv2 = 0
PROTOCOL_SSLv23 = 2
PROTOCOL_SSLv3 = 1
PROTOCOL_TLS = 2
PROTOCOL_TLSv1 = 3

PROTOCOL_TLSv1_1 = 4
PROTOCOL_TLSv1_2 = 5

The default is 5 (TLS v1.2).

PREFERRED_URL_SCHEME

The preferred scheme that is used to generate URLs. Set this to https if HTTPS is configured.

gunicorn

Repository uses Gunicorn. The most commonly used options are timeout and workers. A complete list of settings can be found in Gunicorn’s documentation.

For example:

gunicorn:
    timeout: 60
    workers: 5

timeout

The number of seconds for which a worker is allowed to process a request, before being forcefully terminated.

Default: 120

workers

The number of workers that Gunicorn spawns to serve Repository. Defaults to 2 × the number of CPUs + 1.

Authentication

AUTH_TYPE

The method Repository uses to authenticate users. Valid choices are NATIVE, for built-in authentication, KERBEROS, for Kerberos, and LDAP.

LDAP

Options for configuring LDAP authentication and group synchronization.

For example:

LDAP:
    URI: ldap://ldap.server
    BIND_DN: cn=Anaconda Repository,cn=Users,dc=example,dc=com
    BIND_AUTH: Pa55w0rd

    USER_SEARCH:
        base: cn=Users,dc=example,dc=com
        filter: sAMAccountName=%(username)s

    KEY_MAP:
        name: cn

    OPTIONS:
        OPT_NETWORK_TIMEOUT: 60
        OPT_TIMEOUT: 60

See Using LDAP and TLS configuration options.

LOCK_DOWN

Makes all views with the exception of the login form and welcome page, unaccessible to anonymous users.

Email

Repository can be configured to send email for various reasons, including to reset forgotten usernames and passwords. Email can be sent using SMTP protocol, or through Amazon Web Services Simple Email Service (AWS SES).

SMTP_HOST

The hostname of the SMTP server.

SMTP_PORT

The port of the SMTP server.

SMTP_TLS

If set to true, Repository attempts an SSL connection to the SMTP server.

SMTP_USERNAME

The username to authenticate against the SMTP server before attempting to send email.

SMTP_PASSWORD

The password to authenticate against the SMTP server before attempting to send email.

USE_SES

If set to true, Repository sends email with AWS SES. To authenticate to AWS, the server should be configured with an appropriate IAM role, or have credentials specified in a Boto configuration file.

RETURN_ADDRESS

The From: email address that Repository uses as sender.

ALLOW_DUPLICATED_EMAILS

If set to true, Repository allows different users to share the same email or secondary email. Defaults to false.

require_email_validation

If set to true, Repository emails new users a unique token to validate their email address before permitting them to log in.

Advanced

AVATAR_METHOD

The method to use to generate the user avatar URL. Valid choices are:

  • ‘gravatar’ to use the gravatar.com service
  • ‘default’ to show a predefined static icon
  • ‘static’ to use a custom static URL

AVATAR_GRAVATAR_URL

A URL for a Gravatar compatible service. Default: https://www.gravatar.com/. This URL is used as the prefix to build a valid gravatar URL.

AVATAR_STATIC_URL

A static URL to use when AVATAR_METHOD is set to static. Defaults to an empty string.

PARCELS_ROOT

The prefix with which Cloudera parcels are generated. Defaults to /opt/cloudera/parcels.

PARCEL_DISTRO_SUFFIXES

The distributions for which Cloudera parcels are generated. Defaults to ['el5', 'el6', 'el7', 'lucid', 'precise', 'trusty', 'wheezy', 'jessie', 'squeeze', 'sles11', 'sles12'].

For example, if you want to support only Ubuntu:

PARCEL_DISTRO_SUFFIXES:
    - lucid
    - precise
    - trusty

DEFAULT_CHANNELS

The Repository accounts that environments installed with the bundled Anaconda distributions pull packages from. Defaults to ['anaconda', 'r-channel'].

For example, to add an additional custom account:

DEFAULT_CHANNELS:
    - anaconda
    - r-channel
    - custom

CONDA_CACHE_SIZE

The maximum size (in bytes) of the repodata.json requests cache. Set to 0 to disable repodata.json caching. Default: 1 Gb. When the maximum size is reached, the 10 least recently used entries of the cache are evicted.

CACHE_METHOD

The method used for caching repodata info. It can either be tempfile (the prior method of caching) or diskcache, which uses SQLite as a back-end. Default: diskcache.

READ_ONLY

Sets the site to read only mode where actions that modify the database won’t be executed.

NOTE: Logging in modifies the database, so in read only mode users and admins may not log in.

PERMANENT_SESSION_LIFETIME

An integer that sets how many minutes the session will live. Only used when REMEMBER_COOKIE_ENABLED is false. Default is 44640 (31 days).