This is an emacs24 orgmode document to enable building an R GIS server on centos 6.2 amd64 using the Australian National Research Cloud.
I use centos rather than ubuntu because we are forced to use redhat for production servers at the ANU Research School of Population Health.
It is probably preferable to build this using ubuntu and most of this should work by replacing `yum install’ with `apt-get’.
- Log on to the reserach cloud using your Australian University details http://www.nectar.org.au/research-cloud/.
- Under images and snapshots launch the centos 6.2 amd64 image
- give your server a name
- select all http, icmp and ssh under security
- specify a ssh keypair http://support.rc.nectar.org.au/demos/launching_123.html
- launch and note the ip address
- go to the access and security section and edit the http rule
- add a rule to allow access from port 8080 to 9000 with 0.0.0.0/0 (CIDR)
- Note that this allows access to the whole world, we will think about securing the server later
If using Windows make sure you have git installed. Opening a git bash shell will enable you to connect to your server using ssh. Then the contents of the following orgmode chunks can be evaluated on the remote server. If your on linux then orgmode can execute these chunks using C-c C-c.
In the next chunk, insert the relevant ip address and you may have to answer yes to the question about adding this RSA fingerprint to your list.
TODO why can i get in without using -i keypairname?
/etc/ssh/sshd_config under authentication remark out #RSAAuthentication yes #PubkeyAuthentication yes and then scroll down to
#PasswordAuthentication yes #PermitEmptyPasswords no PasswordAuthentication yes
Example of one of Daves.
Port 13456 #Protocol 2,1 Protocol 2 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress ::
#LoginGraceTime 2m PermitRootLogin yes #StrictModes yes #MaxAuthTries 6
#RSAAuthentication yes #PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys
#RhostsRSAAuthentication no
#HostbasedAuthentication no
IgnoreUserKnownHosts no
#IgnoreRhosts yes
#PasswordAuthentication yes #PermitEmptyPasswords no PasswordAuthentication no
now try to update the yum package manager
open the firewall port to allow access to port 22 only from specified ip address
TODO I’d like to restrict ssh access to the ncephgis VPN group, and add the restriction to use keypair’s.
-A INPUT -s vpn.ip.range.0/255.255.255.0 -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
service iptables restart
vi /etc/ssh/sshd_config
#LoginGraceTime 2m PermitRootLogin yes #StrictModes yes #MaxAuthTries 6
#PasswordAuthentication yes #PermitEmptyPasswords no
add sudoers #http://helmingstay.blogspot.com.au/2012/02/adduser-myusername-adduser-myusername.html
## disable root login
## now log in as myusername via another terminal to make sure it works, and then log out as root
see the section below after the Rstudio server is set up
after setting up the Rstudio server and the ssl/https
vi /etc/selinux/config
SELINUX=enforcing
chkconfig –list | grep on acpid 0:off 1:off 2:on 3:on 4:on 5:on 6:off auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off cgconfig 0:off 1:off 2:off 3:off 4:off 5:off 6:off cups 0:off 1:off 2:on 3:on 4:on 5:on 6:off fcoe 0:off 1:off 2:on 3:on 4:on 5:on 6:off httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off ip6tables 0:off 1:off 2:on 3:on 4:on 5:on 6:off iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off iscsi 0:off 1:off 2:off 3:on 4:on 5:on 6:off iscsid 0:off 1:off 2:off 3:on 4:on 5:on 6:off lldpad 0:off 1:off 2:on 3:on 4:on 5:on 6:off lvm2-monitor 0:off 1:on 2:on 3:on 4:on 5:on 6:off messagebus 0:off 1:off 2:on 3:on 4:on 5:on 6:off netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off network 0:off 1:off 2:on 3:on 4:on 5:on 6:off nfslock 0:off 1:off 2:off 3:on 4:on 5:on 6:off portreserve 0:off 1:off 2:on 3:on 4:on 5:on 6:off restorecond 0:off 1:off 2:off 3:off 4:off 5:off 6:off rpcbind 0:off 1:off 2:on 3:on 4:on 5:on 6:off rpcgssd 0:off 1:off 2:off 3:on 4:on 5:on 6:off rpcidmapd 0:off 1:off 2:off 3:on 4:on 5:on 6:off rstudio-server 0:off 1:off 2:on 3:on 4:on 5:on 6:off rsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off udev-post 0:off 1:on 2:on 3:on 4:on 5:on 6:off
chkconfig `servicename’ on
chkconfig `servicename’ off
note the size and partitions
firewall access NB emacs does this badly! use a terminal?
might take a little while before your browser can connect, allow a couple of minutes
sudo openssl genrsa -out /etc/pki/tls/private/rstudio.ivan.com.key 1024
sudo openssl req -new -key /etc/pki/tls/private/rstudio.ivan.com.key -x509 -out /etc/pki/tls/certs/rstudio.ivan.com.crt -days 365
#vi /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/rstudio.ivan.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/rstudio.ivan.com.key
#sudo vi /etc/httpd/conf/httpd.conf
Include etc/httpd/sites
<VirtualHost *:80>
ServerName rstudio.ivan.com RedirectMatch ^(.*)$ https://rstudio.ivan.com$1
</VirtualHost>
<Proxy *> Allow from localhost </Proxy>
ProxyPass / http://localhost:8787/ ProxyPassReverse / http://localhost:8787/
sudo chkconfig httpd on
www-address=127.0.0.1
log on to Rstudio at your.new.ip.address and copy the following into a new RNW sweave file (might need to modify the sweave options in tools, something to do with tex2dvi?)
- in rstudio
- tools / options / version control
- create rsa key, ok, ok
- view pub key, copy, paste to your github account
kudos2 Joe Guillaume and Francis Markham
make sure libgraphviz-dev is installed. It is needed for some header files (e.g. gvc.h) sudo apt-get install libgraphviz-dev then sudo R source(‘http://bioconductor.org/biocLite.R’) biocLite(“Rgraphviz”, configure.args=c(“–with-graphviz=/usr”)) the reason is that at least on my comp the dot program was in /usr/bin, but not in /usr/local/bin as Rgraphviz defaults
try newnode_test from [email protected]:ivanhanigan/disentangle.git
The following is a work in progress and doesn’t work yet (however do install postgres if you want to use RPostgreSQL package to connect to other databases)
kudos2 http://wiki.postgresql.org/wiki/YUM_Installation vi /etc/yum.repos.d/CentOS-Base.repo append: exclude=postgresql* to [base] and [updates] sections
kudos2 http://www.davidghedini.com/pg/entry/install_postgresql_9_on_centos
NB skipped 4 Placing the binary directory in the path for postgres will allow you to invoke pg_ctl and other commands from the shell. Set postgres Password
Configure PostgreSQL 9 pg_hba.conf File edit your pg_hba.conf file under /var/lib/pgsql/9.1/data I added a super user from my ip address and allowed all the local ip addresses access host all postgres my.desk.ip.address/32 md5 host all all 150.203.74.0/24 md5 the restart
make it listen for the world Locate the postgresql.conf file under /var/lib/pgsql/9.1/data. listen addresses ‘*’
GIVING UP yum erase postgresql91*
vi /etc/yum.repos.d/CentOS-Base.repo
curl -O http://yum.postgresql.org/9.1/redhat/rhel-6-x86_64/pgdg-centos91-9.1-4.noarch.rpm rpm -ivh pgdg-centos91-9.1-4.noarch.rpm
yum install postgresql91-server postgresql91 postgresql91-devel postgresql91-libs postgresql91-contrib
ln -s /usr/pgsql-9.1/bin/pg_config /usr/bin
R install.packages(‘RPostgreSQL’)
This is optional but useful for complex GIS projects.
yum install xterm yum install x11vnc.x86_64 yum groupinstall “X Window System”
kudos2 http://jonebird.com/2011/12/29/installing-emacs-v24-on-fedora/
# yum install gcc
cd /usr/local/share
wget http://alpha.gnu.org/gnu/emacs/pretest/emacs-24.1-rc.tar.gz
gunzip < emacs-24.1-rc.tar.gz | tar xf -
cd emacs-24.1
sudo yum -y install atk-devel cairo-devel freetype-devel \
fontconfig-devel dbus-devel giflib-devel glibc-devel gtk2-devel \
libpng-devel libjpeg-devel libtiff-devel libX11-devel libXau-devel \
libXdmcp-devel libXrender-devel libXt-devel libXpm-devel \
ncurses-devel xorg-x11-proto-devel zlib-devel librsvg2-devel \
m17n-lib-devel libotf-devel autoconf automake bzip2 cairo texinfo \
gzip GConf2-devel alsa-lib-devel desktop-file-utils python2-devel \
python3-devel util-linux
./configure --prefix=/usr/local/emacs24 --with-dbus --with-gif=no --with-jpeg --with-png \
--with-rsvg --with-tiff --with-xft --with-xpm --with-x-toolkit=gtk
make
./src/emacs --version # Look good? The INSTALL doc suggests testing: ./src/emacs -Q
sudo make install
sudo alternatives --install /usr/bin/emacs emacs /usr/local/emacs24/bin/emacs 20000
sudo alternatives --install /usr/bin/emacsclient emacsclient /usr/local/emacs24/bin/emacsclient 20000#http://kieranhealy.org/emacs-starter-kit.html
#step 0.4 Note your user name or the name of your computer. #[ivan_hanigan@i-000015bf ~]$ whoami #ivan_hanigan #[ivan_hanigan@i-000015bf ~]$ hostname #i-000015bf #set up step 2:
ls
rm -r ~/.emacs.d
rm ~/.emacs git clone git://github.com/kjhealy/emacs-starter-kit ~/.emacs.d
cd ~/.emacs.d/ git submodule init git submodule update
#5. Finally, change the name of the starter kit’s kjhealy.org to that of %your-username%.org or %your-systemname%.org, based on the information you noted in 0.3 above. These files are where you can add in any of your own existing or future customizations without breaking the starter kit’s overall setup. #6. Launch Emacs. #When you first start Emacs after installing the starter-kit, it will try to contact the ELPA repository in order to download and install some additional packages. Please be patient with it. If it doesn’t get everything first time around, just quit and relaunch Emacs, and it will try again. #7. (Optional.) Once Emacs is up and running, do M-x starter-kit-compile to byte-compile the kit’s files, for slightly faster loading. mkdir ~/texmf mkdir ~/texmf/tex cd ~/texmf/tex wget https://raw.github.com/kjhealy/latex-custom-kjh/master/needs-org-mode/org-preamble-pdflatex.sty wget https://raw.github.com/kjhealy/latex-custom-kjh/master/needs-org-mode/org-preamble.sty wget https://raw.github.com/kjhealy/latex-custom-kjh/master/needs-org-mode/org-preamble-xelatex.sty
yum install texlive* #wget https://raw.github.com/kjhealy/latex-custom-kjh/master/needs-memoir/memoir-article-styles.sty sudo texhash
try install pygments rpm -ivh http://pypi.python.org/packages/any/s/setuptools/setuptools-0.6c11-1.src.rpm
cd ~/texmf/tex wget http://www.tug.org/texlive/devsrc/Master/texmf-dist/tex/latex/bera/beramono.sty sudo texhash wget http://www.tex.ac.uk/CTAN/macros/latex/contrib/etoolbox/etoolbox.sty sudo texhash wget http://mirrors.ctan.org/macros/latex/exptl/biblatex/latex/biblatex.sty wget http://mirrors.ctan.org/macros/latex/contrib/logreq/logreq.sty wget http://mirrors.ctan.org/macros/latex/contrib/logreq/logreq.def sudo texhash
cd /usr/local/share/emacs-24.1/site-lisp
wget http://ess.r-project.org/downloads/ess/ess-5.13.tgz gunzip < ess-5.13.tgz | tar xf - cd ess.5.13 make make install
Again using XLauch lets test ESS with Emacs. Firstly logged in as “dave” we need to create .emacs file with the following #(load “/usr/local/share/emacs-24.1/site-lisp/ess-5.13/lisp/ess-site”)
(load “/usr/local/share/emacs-24.1/site-lisp/ess-5.13/lisp/ess-site”) ; Must have org-mode loaded before we can configure org-babel (require ‘org-install)
; Some initial langauges we want org-babel to support (org-babel-do-load-languages ‘org-babel-load-languages ‘( (sh . t) (python . t) (R . t) (ruby . t) (ditaa . t) (dot . t) (octave . t) (sqlite . t) (perl . t) ))
; Add short cut keys for the org-agenda (global-set-key “\C-cl” ‘org-store-link) (global-set-key “\C-cc” ‘org-capture) (global-set-key “\C-ca” ‘org-agenda)
#this file will need to be in each users home directory. #add any orgmode additions too? or is that in init.el? #create ~/org/overview.org #also add to ~/.emacs (find-file “~/org/overview.org”) ;;disable the splash screen (to enable it agin, replace the t with 0) (setq inhibit-splash-screen t) (setq org-startup-truncated nil) ;;enable syntax highlighting (global-font-lock-mode t) (transient-mark-mode 1)
(define-skeleton org-skeleton “Header info for a emacs-org file.” “Title: ” “#+TITLE:” str ” \n” “#+AUTHOR: Ivan Hanigan\n” “#+email: [email protected]\n” “#+LaTeX_CLASS: article\n” “#+LaTeX_CLASS_OPTIONS: [a4paper]\n” “-----” ) (global-set-key [C-S-f4] ‘org-skeleton)
(define-skeleton newnode-skeleton “Info for a newnode chunk.” “Title: ” “#+name:” str “\n” “#+begin_src R :session R :tangle analysis/transformations_overview.r :exports none :eval no\n” “\n” “newnode(dsc=’” str “’, clearpage = F, ttype=’transformations’, nosectionheading = T,\n” ” o = ‘” str “’,append = T,end_doc = F,\n” ” notes=”,echoCode = FALSE,\n” ” code=NA)\n” “#+end_src\n” ) (global-set-key [?\C-x ?\C-/] ‘newnode-skeleton)
(define-skeleton chunk-skeleton “Info for a code chunk.” “Title: ” “#+name:” str “\n” “#+begin_src R :session R :tangle go.r :exports none :eval no\n” “\n” “#+end_src\n” ) (global-set-key [?\C-x ?\C-\] ‘chunk-skeleton)
(define-skeleton insertgraph-skeleton “Info for a insertgraph.” “graph file: ” “\begin{figure}[!h]\n” “\centering\n” “\includegraphics[width=\textwidth]{” str “}\n”
“\caption{” str “}\n” “\label{fig:” str “}\n” “\end{figure}\n” “\clearpage\n” ) (global-set-key [?\C-x ?\C-.] ‘insertgraph-skeleton)
try hist(rnorm(1000,1,2))
cd usr/local/share/emacs-24.1/site-lisp
wget http://ess.r-project.org/downloads/ess/ess-5.14.tgz gunzip < ess-5.14.tgz | tar xf - cd ess.5.14 make make install
Again using XLauch lets test ESS with Emacs. Firstly logged in as “dave” we need to create .emacs file with the following (load “/usr/local/share/emacs-24.1/site-lisp/ess-5.14/lisp/ess”) this file will need to be in each users home directory.