=============================
Customizing a cluster profile
=============================

Although the default cluster profile described in the
:doc:`installation guide <../../../install/index>` is appropriate for most
environments and use cases, you can customize profile settings as needed.

**Cluster profiles** are used to define information about a cluster before it is
created, including the cluster name, nodes in the cluster, and other platform
component options. Cluster files are located in the
``~/.continuum/adam/profile.d/`` directory.

**Cluster definitions** are used to identify information about a running
cluster, including the cluster name, nodes in the cluster, and other platform
component options. Cluster definitions are located in the
``~/.continuum/adam/cluster.d/`` directory.

.. contents::
   :local:
   :depth: 1

Sample profile showing all settings
===================================

A cluster profile located at
``~/.continuum/adam/profile.d/cluster.yaml`` with all
configurable settings is shown below:

.. code-block:: yaml

    name: cluster
    provider: bare

    bare:
      username: centos
      # password: anaconda  # Optional
      port: 22
      keypair: ~/.ssh/my-private-key
      nodes:
      - host: node1.company.com
      - host: node2.company.com
      - host: node3.company.com
      - host: node4.company.com

    security:
      flush_iptables: false
      selinux_context: false
      selinux_permissive: false

    network:
      http_proxy: http://server:port/
      # https_proxy: http://server:port/

    system:
      tmp_dir: /tmp

    plugins:
      conda:
        anaconda_hash: md5=d72add23bc937ccdfc7de4f47deff843
        anaconda_url: http://repo.continuum.io/archive/Anaconda2-4.4.0-Linux-x86_64.sh
        channel_alias: https://conda.anaconda.org/
        channels:
        - defaults
        - anaconda-adam
        conda_canary: false
        enabled: true
        miniconda_hash: md5=7097150146dd3b83c805223663ebffcc
        miniconda_url: http://repo.continuum.io/miniconda/Miniconda2-4.3.21-Linux-x86_64.sh
        rootdir: /opt/continuum
        ssl_verify: False

      dask:
        bokeh_port: 8787
        bokeh_whitelist: '''*'''
        enabled: false
        host: 0.0.0.0
        http_port: 9786
        nprocs: 1
        port: 8786

      enterprise-notebooks:
        admin_email: admin@yourdomain.com
        admin_password: anaconda
        admin_user: wakari
        directory: /opt/wakari
        elasticsearch_fn: elasticsearch-1.7.2.noarch.rpm
        enabled: false
        enterprise_notebooks_version: 4.0.0
        gateway_port: 8089
        java_fn: jre-8u65-linux-x64.rpm
        mongodb_fn: mongodb-org-2.6.8-1.x86_64.rpm
        mongodb_mongos_fn: mongodb-org-mongos-2.6.8-1.x86_64.rpm
        mongodb_server_fn: mongodb-org-server-2.6.8-1.x86_64.rpm
        mongodb_shell_fn: mongodb-org-shell-2.6.8-1.x86_64.rpm
        mongodb_tools_fn: mongodb-org-tools-2.6.8-1.x86_64.rpm
        mongodb_version: 2.6.8
        nginx_fn: nginx-1.6.2-1.el6.ngx.x86_64.rpm
        root_download_url: https://820451f3d8380952ce65-4cc6343b423784e82fd202bb87cf87cf.ssl.cf1.rackcdn.com/
        user: wakari

      jupyter:
        dashboards_server:
          enabled: false
          ip: 0.0.0.0
          port: 3000
          user: anaconda
        enabled: false
        kernel_gateway:
          enabled: false
          ip: 0.0.0.0
          port: 7000
          user: anaconda
        notebook:
          directory: ~/notebooks
          enabled: false
          ip: 0.0.0.0
          password: 'anaconda'
          port: 8888
          user: anaconda

      repository:
        binstar_server_version: 2.21.0
        channel: main
        email: youremail@anaconda.com
        enabled: false
        mongodb_fn: mongodb-org-2.6.8-1.x86_64.rpm
        mongodb_mongos_fn: mongodb-org-mongos-2.6.8-1.x86_64.rpm
        mongodb_server_fn: mongodb-org-server-2.6.8-1.x86_64.rpm
        mongodb_shell_fn: mongodb-org-shell-2.6.8-1.x86_64.rpm
        mongodb_tools_fn: mongodb-org-tools-2.6.8-1.x86_64.rpm
        mongodb_version: 2.6.9
        password: anaconda
        port: 8080
        root_download_url: https://820451f3d8380952ce65-4cc6343b423784e82fd202bb87cf87cf.ssl.cf1.rackcdn.com/
        server_user: anaconda-server
        superuser: superuser
        token: qu-a49e2e69-1047-4eab-a879-a2ee9c198381

      salt_settings:
        acl:
        - anaconda
        job_pub_port: 14505
        minion_pub_port: 14510
        minion_pull_port: 14511
        minion_ret_port: 14506
        rest_port: 18000
        salt_groupname: anaconda
        salt_password: anaconda
        salt_username: anaconda
        service_scripts: false

Cluster name
============

The ``name`` setting specifies the name of the cluster and is
used by the ``-n`` option in Anaconda Adam commands.

EXAMPLE: To create a new cluster named "cluster" from a profile
named "profile":

.. code-block:: bash

    $ adam up -n cluster profile

SSH authentication
==================

To connect to remote machines via SSH, Adam requires a valid
username, port--default is 22--and an authentication method.
Adam supports the following SSH authentication methods:

* Password.
* Key pair--full path to your private key.
* Encrypted key pair--full path to your public key and ssh-agent.
  The private key must first be added to a running ssh-agent.
  Use the ``agent_pubkey`` setting to specify the full path to
  the associated public key.

For more information about system and account requirements, see
:ref:`adam-reqs-access-security`.

EXAMPLE: To use SSH with a username and password:

.. code-block:: yaml

    bare:
      username: centos
      password: anaconda

EXAMPLE: To use SSH with a key pair:

.. code-block:: yaml

    bare:
      username: centos
      keypair: /full/path/to/key.rsa

EXAMPLE: To use SSH with an encrypted key pair:

.. code-block:: yaml

    bare:
      username: centos
      agent_pubkey: /full/path/to/key.pub


Node specification
==================

The ``nodes`` setting defines the nodes that exist within the
cluster. By default, the first node in the list of nodes is
defined as the head node and the remaining nodes are defined as
compute nodes.

Each host must be able to connect to the other hosts via the
specified FQDN or IP address.

TIP: We recommended using the node's FQDN that matches the
hostname on each machine:

EXAMPLE:

.. code-block:: yaml

    bare:
      nodes:
      - host: node1.company.com
      - host: node2.company.com
      - host: node3.company.com
      - host: node4.company.com


Security settings
=================

The ``security`` settings let you configure IPTables and SELinux.

To flush iptables, reset ``flush_iptables`` to ``true``. Default value:
``false``.

.. code-block:: yaml

    security:
      flush_iptables: false

To set SELinux to permissive, reset ``selinux_permissive`` to ``true``. Default
value: ``false``.

.. code-block:: yaml

    security:
      selinux_permissive: false

To set SELinux contexts, reset ``selinux_context`` to ``true``. Default value:
``false``.

.. code-block:: yaml

    security:
      selinux_context: false


Network settings--proxy configuration
=====================================

The ``network`` settings let you install Adam to nodes that
access the internet via an HTTP or HTTPS proxy.

To specify an HTTP proxy:

.. code-block:: yaml

    network:
      http_proxy: http://server:port/

NOTE: Replace ``server:port`` with the actual server and port.

To specify an HTTPS proxy:

.. code-block:: yaml

    network:
      https_proxy: http://server:port/

NOTE: Replace ``server:port`` with the actual server and port.


Conda settings
==============

These are the default settings for configuring conda:

.. code-block:: yaml

    conda:
        anaconda_hash: md5=d72add23bc937ccdfc7de4f47deff843
        anaconda_url: http://repo.continuum.io/archive/Anaconda2-4.4.0-Linux-x86_64.sh
        channel_alias: https://conda.anaconda.org/
        channels:
        - defaults
        - anaconda-adam
        enabled: true
        miniconda_hash: md5=7097150146dd3b83c805223663ebffcc
        miniconda_url: http://repo.continuum.io/miniconda/Miniconda2-4.3.21-Linux-x86_64.sh
        rootdir: /opt/continuum
        ssl_verify: False

You can set `ssl_verify
<http://conda.pydata.org/docs/install/central.html#ssl-verification-ssl-verify>`_
to:

* ``False``--no SSL verification--default.
* ``True``--SSL verification is used and conda verifies
  certificates for SSL connections.
* ``[cert path]``--the string path to a certificate to be used
  to verify SSL connections.

Salt settings
=============

Salt is the configuration management system used by Adam. The
``salt_settings`` let you configure the network options, access
control list and API user credentials used by Salt.

Use the settings below to specify the ports used by the Salt
master, minions and REST API:

.. code-block:: yaml

    plugins:
      salt_settings:
        job_pub_port: 14505
        minion_pub_port: 14510
        minion_pull_port: 14511
        minion_ret_port: 14506
        rest_port: 18000

Use the ``acl`` setting to specify an access control list that
defines non-root system users who can execute Salt commands:

.. code-block:: yaml

    plugins:
      salt_settings:
        acl:
        - anaconda

Use the settings below to specify the username, password and
group that gets created across the cluster and owns the
directory and files located in the root installation
directory--default: ``/opt/continuum``:

.. code-block:: yaml

    plugins:
      salt_settings:
        salt_username: anaconda
        salt_password: anaconda
        salt_groupname: anaconda

If you do not want to store a clear text password in the cluster
profile or cluster definition file, set ``salt_password`` to an
empty string:

.. code-block:: yaml

    plugins:
      salt_settings:
        salt_username: anaconda
        salt_password: ''
        salt_groupname: anaconda

In this case, Adam prompts for a password in the CLI and only
stores the password in memory for the duration of the command or
job.

System settings
===============

The ``tmp_dir`` setting lets you specify the download directory
where temporary installers are downloaded--default: ``/tmp``:

.. code-block:: yaml

    system:
      tmp_dir: /tmp
