Versions Compared

Old Version 7

changes.mady.by.user Nicole Deflaux

Saved on

compared with

New Version 8

changes.mady.by.user Nicole Deflaux

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • we have a pool of EC2 hosts running RStudio server behind a load balancer with CNAME rstudio.sagebase.org
  • our services and the custom RStudio auth plugin share a secret key for use in HMAC-SHA1 computation
  • if someone on Synapse wants to use RStudio, we redirect them to https://rstudio.sagebase.org:8787/auth-sign-in?securityToken=XXXXXXXX&expires=1317916890&signature=rucSbH0yNEcP9oM2XNlouVI3BH4%3Dassumption: not sure whether the securityToken is the Synapse sessionToken or batch API key, either way we may want to re-encrypt it if we are displaying it in clear text in the https url with HTTP header sessionToken:XXXXXXXX
    • stickiness is on the sessionToken header, it is also used to log the user into Synapse
  • this url must be used within 5 minutes to start an RStudio session
  • the RStudio auth plugin re-computes the signature on securityToken=XXXXXXXX& expires=1317916890&sessionToken:XXXXXXXX
  • if it doesn’t match, the user gets a helpful error message
  • if it does match, but the url has expired, the user gets a helpful error message
  • if it does match and the url is not expired
    • we use a stable method to compute a unix username from the Synapse securityToken, this username should be no longer than 32 characters
  • perform useradd and make the home directory
    • TODONeeds more thought: RStudio Server doesn't run as root so it may contact some daemon running on the box to do the things requiring root privilegeput a default , think about what the API between RStudio and the daemon should be
  • use a template .RProfile to install a .Rprofile in the new home directory to
      1. load and log them into the R Synapse client library(synapseClient); sessionToken(securityToken)
      2. add a package installation directory under the user's home dir if they want to install their own R packages
      3. perhaps configure utilization the shared cache of Synapse data (if we can sort out the data security issues)
  • When the users logs out, nuke that unix account and the home directory

...