Versions Compared

Old Version 12

changes.mady.by.user David Burdick

Saved on

compared with

New Version 13

changes.mady.by.user David Burdick

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Here's an idea for a quick and dirty approach to web-based R for Synapse. If we make the implementation of the auth-plugin for RStudio sound simple and generic enough, perhaps they would be willing to write it for us? Image Removed  Image Added

  • we have a pool of EC2 hosts running RStudio server behind a load balancer with CNAME rstudio.sagebase.org
  • our services and the custom RStudio auth plugin share a secret key for use in HMAC-SHA1 computation
  • if someone on Synapse wants to use RStudio, we redirect them to https://rstudio.sagebase.org:8787/auth-sign-in?expires=1317916890&signature=rucSbH0yNEcP9oM2XNlouVI3BH4%3D with HTTP header sessionToken:XXXXXXXX
    • stickiness is on the sessionToken header, it is also used to log the user into Synapse
  • this url must be used within 5 minutes to start an RStudio session
  • the RStudio auth plugin re-computes the signature on expires=1317916890&sessionToken:XXXXXXXX
  • if it doesn’t match, the user gets a helpful error message
  • if it does match, but the url has expired, the user gets a helpful error message
  • if it does match and the url is not expired
    • use a stable method to compute a unix username from the Synapse securityToken, this username should be no longer than 32 characters
    • perform useradd and make the home directory
      • Needs more thought: RStudio Server doesn't run as root so it may contact some daemon running on the box to do the things requiring root privilege, think about what the API between RStudio and the daemon should be
    • use a template .RProfile to install a .Rprofile in the new home directory to
      1. load and log them into the R Synapse client library(synapseClient); sessionToken(securityToken)
      2. add a package installation directory under the user's home dir if they want to install their own R packages
      3. perhaps configure utilization the shared cache of Synapse data (if we can sort out the data security issues)
  • When the users logs out, nuke that unix account and the home directory

...