- File storage
- Web server
Anaconda Repository loads configuration files with the extension
.yaml from the following locations:
$PREFIX is the location where repository is installed.
Files are loaded from these directories in order, with later files overriding earlier files. Files are loaded from each directory in alphabetical order.
If an environment variable
ANACONDA_SERVER_CONFIG is set with the
path of a configuration file, this file is loaded after the three
already listed. Its settings override any conflicting settings in
the earlier files.
Each configuration setting variable can have its value set with the
anaconda-server-config --set command, or by editing a
EXAMPLE: To set a value named VALUE_ONE to 50, add this to a configuration file:
Or, you can set a value named VALUE_ONE to 50 with this command:
anaconda-server-config --set VALUE_ONE 50
The location of the server’s log file is defined in the supervisord configuration file
$PREFIX/etc/supervisord.conf by the
stdout_logfile config entry located in the [program:anaconda-server] section.
Advanced configuration of logging requires setting a LOGGING key on the server’s config.yaml. It uses Python’s logging module config structure.
A regular expression that defines the allowable user names.
For example, this setting specifies that user names contain only
lowercase letters, periods, plus and minus characters
NOTE: The default value for
translates to: at least one alphanumeric character or underscore, followed
by zero or more alphanumeric, dash or underscore characters.
NOTE: Escape any extra instances of the single quote character
\'. Do not use the slash and ampersand characters
&, which have special meanings in URLs.
NOTE: If USER_REGEX is changed and the server is restarted, existing usernames that do not match the new USER_REGEX do not cause errors.
Repository uses MongoDB as the database back end.
A MongoDB connection URI is used to connect to the MongoDB database server. It can be used to configure the hostname and port, as well as database authentication.
Repository can serve package contents from a local file-system, or from Amazon Web Services Simple Storage Service: AWS S3.
The storage mechanism to use. Valid choices are
file-system storage, or
s3, for AWS S3 storage.
When this option is set, Repository stores the files by full paths and not just
by hashes. This way a tensorflow file uploaded by the user Bob will be stored
NOTE: The storage path does not always contain the current file owner and their user name. This is because the file location on the storage does not change when you rename a user or transfer a file to a different user.
If configured to use file-system storage, the absolute path to a directory where Repository stores all uploaded packages.
If configured to use AWS S3 storage, the name of an AWS S3 bucket where Repository stores uploaded packages.
You can identify the name of your bucket by using
The S3 region that the bucket is located in. The available regions can be found in the Amazon AWS documentation.
The name and port number of the server. This option is required for subdomain support.
If set to
true, Repository serves
conda package from a
separate subdomain. Defaults to
SERVER_NAME: anaconda.srv:8080 subdomains: true
Allows access to conda packages at
As a cross-site scripting (XSS) protection, notebook content can be served from a separate domain name. If this option is configured, Repository only serves rendered notebooks from this domain.
Repository can serve content over HTTPS, using user-provided SSL certificates.
ssl_options: certfile: /etc/anaconda-server/server.crt keyfile: /etc/anaconda-server/server.key PREFERRED_URL_SCHEME: https
The preferred scheme that is used to generate URLs. Set this to
https if HTTPS is configured.
gunicorn: timeout: 60 workers: 5
The number of seconds for which a worker is allowed to process a request, before being forcefully terminated.
The method Repository uses to authenticate users. Valid choices are
NATIVE, for built-in authentication,
KERBEROS, for Kerberos,
Options for configuring LDAP authentication and group synchronization.
LDAP: # Replace with company LDAP server URI: 'ldap://<ldap.company.com>' # Replace <uid=%(username)s,ou=People,dc=company,dc=com> with your company specific LDAP Bind/Base DN # Bind directly to this Base DN. BIND_DN: '<uid=%(username)s,ou=People,dc=company,dc=com>' # password of the user specified in the BIND_DN BIND_AUTH: abc123456 USER_SEARCH: base: cn=Users,dc=example,dc=com filter: sAMAccountName=%(username)s # Map LDAP keys into application specific keys KEY_MAP: name: 'cn' company: 'o' location: 'l' email: 'mail' OPTIONS: OPT_NETWORK_TIMEOUT: 60 OPT_TIMEOUT: 60
NOTE: To use LDAP with SSL, set the
account_names_filter: false USER_REGEX: ^[a-z0-9_][a-z0-9_-.]+$ LDAP: [configuration continues as above with URI, BIND_DN, and so on]
Repository can be configured to send email for various reasons, including to reset forgotten usernames and passwords. Email can be sent using SMTP protocol, or through Amazon Web Services Simple Email Service (AWS SES).
The username to authenticate against the SMTP server before attempting to send email.
The password to authenticate against the SMTP server before attempting to send email.
If set to
true, Repository allows different users to share the
same email or secondary email. Defaults to
The method to use to generate the user avatar URL. Valid choices are:
- ‘gravatar’ to use the gravatar.com service
- ‘default’ to show a predefined static icon
- ‘static’ to use a custom static URL
A URL for a Gravatar compatible service. Default:
https://www.gravatar.com/. This URL is used as the prefix to build a
valid gravatar URL.
A static URL to use when
AVATAR_METHOD is set to
static. Defaults to
an empty string.
The timeout in seconds for the call to
constructor while building installers, parcels and management packs.
Defaults to 60 seconds.
To provide access to private packages while building an installer, a temporary token is created. It must
be valid during the call to
constructor and it should expire soon after the call completes.
CONSTRUCTOR_TOKEN_TIMEOUT sets the token’s valid lifetime in seconds. Defaults to 60 seconds.
This value should be greater than or equal to
A list of
constructor option names that are allowed to be included in the installer construction form. The
 (no options are allowed).
The prefix with which Cloudera parcels are generated.
The distributions for which Cloudera parcels are generated. Defaults to
['el5', 'el6', 'el7', 'lucid', 'precise', 'trusty', 'wheezy',
'jessie', 'squeeze', 'sles11', 'sles12'].
For example, if you want to support only Ubuntu:
PARCEL_DISTRO_SUFFIXES: - lucid - precise - trusty
The Repository accounts that environments installed with the
bundled Anaconda distributions pull
packages from. Defaults to
For example, to add an additional
DEFAULT_CHANNELS: - anaconda - r-channel - custom
constructor builds an installer it stores the configuration in this
temporary directory. The default is
None, which tells
create a temporary directory using Python’s
A list of standarized labels. If a user defines a label that is
not listed as standard, a warning notice will be shown in the package’s
page. Defaults to
['main', 'dev', 'alpha', 'beta', 'broken'].
The maximum size (in bytes) of the
repodata.json requests cache. Set to
0 to disable
repodata.json caching. Default: 1 Gb. When the maximum
size is reached, the 10 least recently used entries of the cache are evicted.
An integer that sets how many minutes the session will live. Only used when
REMEMBER_COOKIE_ENABLED is false. Default is 44640 (31 days).
Whether superusers should automatically be granted admin rights on organizations.
List of hostnames that are marked as safe when redirecting requests due to the presence of a “next” request parameter. It is mainly used under an Anaconda Enterprise Notebooks Single Sign-on Set-up. The default is  (no external redirects are safe).
A regular expression to match hostnames that are marked as safe when redirecting requests due to the presence of a “next” request parameter. It is mainly used under an Anaconda Enterprise Notebooks Single Sign-on Set-up. The default is ‘(?!)’ which matches nothing, so only local redirects are allowed.