forked from nickjer/singularity-r
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathSingularity-rstudio
215 lines (157 loc) · 7.23 KB
/
Singularity-rstudio
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
BootStrap: localimage
From: r-py.sif
%labels
Maintainer Moritz Lell
RStudio_Version 2024.09.0-375
%help
This container features R linked to OpenBLAS and RStudio Server and are
accompanied with scripts that faclitate managing multiple RStudio Server
instances and reproducible file paths of the analysis.
Change the working directory into the root directory of your analysis and
call (replace upper-case parts):
/PATH/TO/CONTAINER/createproject"
This creates a script in this directory from which you can call the
programs in the container. From there, your files will be found under
the path "/proj", independently from your machine. This makes it easier
for others to rerun your analysis because your machine-specific file
paths are not visible from within the container.
To start RStudio Server, use the script "rstudio" that is deployed with
this container:
./rstudio start
To see further options, call
./rstudio --help
For instructions to manually start RStudio server from the container,
you can also check the help page for rserver:
singularity run-help --app rserver
%apprun rserver
exec rserver "${@}"
%apphelp rserver
RStudio Server. Common parameters:
--www-address=... Network interface to listen to
--www-port=... Port to listen to
--auth-none=[0|1] Set to 0 to force user authentication
--auth-pam-helper Method to authenticate user.
--server-daemonize=[yes|no]
Whether to run in background.
--help Print all command line arguments beyond those mentioned
here
Host and port of RStudio server can be set by calling RStudio like this:
`rserver --www-address <HOST> --www-port <PORT>`. For HOST, 127.0.0.1 is
recommended, as this container provides no encryption of the connection to
RStudio. Use the tool
/usr/bin/find_port
in this container to find a free port in a given range.
When RStudio Server is run on a publicly accessable server, user
authentication could be nessecary. This image provides different means of
authentication, which can be chosen from by calling RStudio like this:
`rserver --auth-none 0 --auth-pam-helper XXXX`, where XXXX is one of
* rstudio_auth: The password is read from an environment variable named
`RSTUDIO_PASSWORD` that can be set by the user
* rstudio_auth_file: The password is read from a file whose path is defined
by the environment variable `RSTUDIO_PASSWORD_FILE`, which can be set by
the user. The password file can be created using the tool `rstudio_passwd`
that is included in this container.
* auth_ldap: User authentication is delegated to an LDAP server.
call `singularity <CONTAINER> run help_ldap_auth` for more info.
On a publicly accessable server, the HTTP connection to RStudio Server
must be encrypted by the user, as RStudio Server Community Edition only
provides unencrypted HTTP access. The easiest ad-hoc solution would be an
SSH tunnel `ssh -L 127.0.0.1:PORT:127.0.0.1:PORT USER@SERVER (note that some
machines resolve `localhost` to the IPv6 address ::1 and not to the IPv4
127.0.0.1 which might cause confusion). Another possibility is a HTTPS server
acting as a reverse proxy as described in
https://support.rstudio.com/hc/en-us/articles/200552326-Running-RStudio-Server-with-a-Proxy
Supported Methods for --auth-pam-helper:
========================================
rstudio_auth: Password is determined by environment variable RSTUDIO_PASSWORD
rstudio_auth_file: Password is saved in a file given by the environment
variable RSTUDIO_PASSWORD_FILE. Call rstudio_passwd to change.
ldap_auth: Authenticate using LDAP. Set environment variables like in this
example:
export LDAP_CERT_FILE=/path/to/trusted_root_cert.pem # optional, see [0]
export LDAP_HOST=some.ldap.server.org
export LDAP_USER_DN='CN=%s,CN=Users,DC=MyDomain,DC=com'
Use "singularity run --app help_ldap_auth" for further information on how to
use the LDAP authentication with RStudio Server.
________________
[0] A certificate file is only required if the default system
certificate store is not accepted by the LDAP server.
%setup
if [ -z "${DEBUG-}" ]; then
# make sure it doesn't fail
git status -s &>/dev/null
if [ ! "$(git status -s | wc -l)" = "0" ]; then
echo "Working dir dirty!" >&2
exit 1
fi
git rev-parse HEAD >"$SINGULARITY_ROOTFS/commit"
else
echo "debug" > "$SINGULARITY_ROOTFS/commit"
fi
install -Dv \
scripts/rstudio_auth.sh \
${SINGULARITY_ROOTFS}/usr/lib/rstudio-server/bin/rstudio_auth
install -Dv \
scripts/rstudio_auth_file.py \
${SINGULARITY_ROOTFS}/usr/lib/rstudio-server/bin/rstudio_auth_file
install -Dv \
scripts/ldap_auth.py \
${SINGULARITY_ROOTFS}/usr/lib/rstudio-server/bin/ldap_auth
install -Dv \
scripts/rstudio_passwd.py \
${SINGULARITY_ROOTFS}/usr/lib/rstudio-server/bin/rstudio_passwd
install -Dv \
scripts/find_port \
${SINGULARITY_ROOTFS}/usr/bin
%post
# Software versions
export RSTUDIO_VERSION=2024.09.0-375
# For ssl3, can remove if newer RStudio versions can do without this
# cat <<EOF >>/etc/apt/sources.list
#deb https://snapshot.debian.org/archive/debian-security/20240926T121404Z/ debian-security bookwork-#security main
#EOF
# Install RStudio Server
apt-get update -o Acquire::Check-Valid-Until=false
apt-get install -y --no-install-recommends \
ca-certificates python3-ldap3 \
wget \
gdebi-core \
git vim emacs-nox \
libssl3 # needed by RStudio but not in package deps metadata?
#wget "http://security.debian.org/debian-security/pool/updates/main/o/openssl/libssl-#dev_1.1.1n-0+deb10u6_amd64.deb"
#wget "http://security.debian.org/debian-security/pool/updates/main/o/openssl/#libssl1.1_1.1.1n-0+deb10u6_amd64.deb"
# dpkg -i libssl1.1_1.1.1n-0+deb10u6_amd64.deb
# dpkg -i libssl-dev_1.1.1n-0+deb10u6_amd64.deb
wget \
--no-verbose \
-O rstudio-server.deb \
"https://download2.rstudio.org/server/jammy/amd64/rstudio-server-${RSTUDIO_VERSION}-amd64.deb"
gdebi -n rstudio-server.deb
rm -f rstudio-server.deb
# Do not let OpenBLAS launch a thread per core, that exhausts resource
# limits when running many workers on machines with many cores
# RStudio server does not honor environment variables, so I need to
# set it here in addition to the environment variable already present in the
# base image.
echo "OMP_NUM_THREADS=1" >> /etc/R/Renviron.site
# RStudio server settings:
# Do not suspend idle sessions (resuming takes very long for big variables)
cat >> /etc/rstudio/rsession.conf <<EOF
session-timeout-minutes=0
EOF
# echo "create_date $(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> "SINGULARITY_LABELS"
# Write the current git commit as label
echo "git_commit $(cat /commit)" >> "$SINGULARITY_LABELS"
rm /commit
# Clean up
umount /var/lib/apt
umount /var/cache/apt
%environment
export PATH=/usr/lib/rstudio-server/bin:${PATH}
%apprun rstudio_passwd
exec /usr/lib/rstudio-server/bin/rstudio_passwd "${@}"
%apphelp rstudio_passwd
Save a password to access RStudio Server via the browser. Execute
`rstudio_passwd --help` for more information.
%apprun help_ldap_auth
exec /usr/lib/rstudio-server-bin/ldap_auth --help