Here are the steps to follow in order to set up our department compute server
Ask FSBS IT department to set up the latest LTS ubuntu server machine on their server infrastructure, with ports 22 (SSH), 80 (HTTP), and 443 (HTTPS) open. Request a url for the server, we will assume this is msserver.fss.uu.nl. Request a boot disk (/dev/sda) of about 100GB and a scratch / data disk (/dev/sdb) of about 2TB
Our contacts at the IT department are Halim Skori and Martijn van Ackooij
The data disk will contain the home directories of the users, as well as any data they have.
First, SSH into the server using the provided admin account (assumed to be labgenius)
ssh labgenius@msserver.fss.uu.nl
# now enter the password you received from IT
Then, check if the hard disk is there
sudo fdisk -l
Then, follow this guide to create an ext4 formatted partition on /dev/sdb. Note that you probably need to press G instead of O in the first step and some things may be slightly different.
Then, to mount the new /dev/sdb1 partition, you have to edit /etc/fstab (CAREFULLY), add the following:
# sdb1 mounted on data
/dev/sdb1 /data ext4 defaults 0 1
Now, create your own admin account (we’ll use erikjan):
ssh labgenius@msserver.fss.uu.nl
# now enter the password
sudo useradd -m -d /data/erikjan erikjan
sudo chown -R erikjan /data/erikjan
sudo chmod -R go-rw /data/erikjan
sudo adduser erikjan sudo
sudo passwd erikjan
Now log out of the default account and log into your own account.
Run the following commands to update everything and install the main required packages for our server.
# update and upgrade
sudo apt update
sudo apt upgrade
# change default shell to zsh for convenience
sudo apt install zsh
chsh -s /bin/zsh
# run the following if the server was in stalled in minimized mode
sudo unminimize
# install a boatload more software
# some of these are packages, some of these are libraries needed to install R packages
sudo apt install htop curl gdebi-core make build-essential libcurl4-openssl-dev zlib1g-dev libxml2-dev libfontconfig1-dev libharfbuzz-dev libfribidi-dev libfreetype6-dev libpng-dev libtiff5-dev libjpeg-dev gfortran libblas-dev liblapack-dev libapparmor-dev cmake libudunits2-dev libgdal-dev gdal-bin software-properties-common dirmngr cargo rustc pandoc
# now a reboot may be in order
sudo reboot
After the machine has rebooted, ssh into it again with your account.
Several scripts can make adminning a bit easier and more user-friendly. We’ve created a separate repo for this: vankesteren/adm.
To install the admin program, run:
sudo curl -fsSL https://raw.githubusercontent.com/vankesteren/adm/HEAD/install.sh | sh
There are two options for installing R, either via apt or by compiling from source. I will show both here, but for the latest server we need to do the latter to enable full use of the 240 cores. To see if this is still needed, keep an eye on this github issue For both methods, you should first set up the official R apt repository source. The below instructions come directly from CRAN here in November 2024 and may need to be adjusted for later versions of R.
# update indices
sudo apt update -qq
# install two helper packages we need
sudo apt install --no-install-recommends software-properties-common dirmngr
# add the signing key (by Michael Rutter) for these repos
# To verify key, run gpg --show-keys /etc/apt/trusted.gpg.d/cran_ubuntu_key.asc
# Fingerprint: E298A3A825C0D65DFD57CBB651716619E084DAB9
wget -qO- https://cloud.r-project.org/bin/linux/ubuntu/marutter_pubkey.asc | sudo tee -a /etc/apt/trusted.gpg.d/cran_ubuntu_key.asc
# add the R 4.0 repo from CRAN
sudo add-apt-repository "deb https://cloud.r-project.org/bin/linux/ubuntu $(lsb_release -cs)-cran40/"
Installing R through the package manager is now easy peasy:
sudo apt install --no-install-recommends r-base
Now there will be an R version in /usr/bin/R, and the installation will be at /usr/lib/R.
To use all the cores, we need to create a version of R with a higher-than-default number of simultaneously allowed “connections”. For this, we need to download the source code of R itself, then adjust a value in the file connections.c and then compile R.
More info on compiling R from source is here, and more info on this connections thing is here.
First, add the R source repository to the apt sources using the built-in nano text editor
# find the name of the source list
sudo ls /etc/apt/sources.list.d
# for me it's the file with the beautiful name archive_uri-https_cloud_r-project_org_bin_linux_ubuntu-noble.list
sudo nano /etc/apt/sources.list.d/archive_uri-https_cloud_r-project_org_bin_linux_ubuntu-noble.list
This file will look something like this:
deb https://cloud.r-project.org/bin/linux/ubuntu noble-cran40/
# deb-src https://cloud.r-project.org/bin/linux/ubuntu noble-cran40/
Remove the comment symbol to make it look like this:
deb https://cloud.r-project.org/bin/linux/ubuntu noble-cran40/
deb-src https://cloud.r-project.org/bin/linux/ubuntu noble-cran40/
To close and save the updated file, press ctrl+x to close it and then y to save.
Now, we can install build dependencies:
sudo apt update
sudo apt build-dep r-base
Now it’s time to download the R source code
# Update the version in the lines below
# download the sources
curl -O https://cran.r-project.org.com/src/base/R-4/R-4.4.2.tar.gz
# uncompress the source folder
tar -xzvf R-4.4.2.tar.gz
# move to that folder
cd R-4.4.2
Then, we are actually going to edit the source code:
sudo nano src/main/connections.c
Now scroll down to the line containing
static int NCONNECTIONS = 128; /* need one per cluster node */
and change the value 128 to something reasonable like 512. Then ctrl+x, y and we’re ready to build R!
# again change the R version to the correct one
./configure \
--prefix=/opt/R/4.4.2 \
--enable-R-shlib \
--enable-memory-profiling \
--with-blas \
--with-lapack
make -j 24
sudo make install
Done! Now you have R installed under /opt/R/4.4.2. You should make links to /usr/bin/ so you can run R by just typing R in the console, and so RStudio Server can find R:
sudo ln -s /opt/R/4.4.2/bin/R /usr/bin/R
sudo ln -s /opt/R/4.4.2/bin/Rscript /usr/bin/Rscript
Install basic packages in the main library that everyone gets to use:
sudo R
install.packages(c("tidyverse", "devtools"), Ncpus = 24)
q("no")
If there are issues with this, refer to the relevant server administration page.
RStudio server is installed basically as standard, following the main installation documentation here
# this will change based on the version of RStudio and the version of the server
wget https://download2.rstudio.org/server/jammy/amd64/rstudio-server-2024.12.1-563-amd64.deb
sudo gdebi rstudio-server-2024.12.1-563-amd64.deb
Then, the RStudio server will need to be configured as well.
sudo nano /etc/rstudio/rserver.conf
This file should look like this:
# Server Configuration File
www-port=8787
Then ctrl+x, y and move on to the next configuration file:
sudo nano /etc/rstudio/rsession.conf
Which should look like this:
# R Session Configuration File
session-timeout-minutes=0
# library path
r-libs-user=~/R/packages
Now, we should stop and restart RStudio server and it will be ready!
sudo rstudio-server stop
sudo rstudio-server verify-installation
sudo rstudio-server start
NB: the server will listen on port 8787, which is not accessible from outside the server itself. We need to set up a reverse proxy to make the RStudio service available. This is done in the next section.
We will use nginx to set up a reverse proxy and to enable secure connection over https to the server (over and above the required vpn security). This requires installing nginx and then configuring it using its native configuration file language for our specific purpose.
We want to make the server available through a secure connection over https. Therefore, we need to create SSL cryptographic that our nginx server can refer to. Those files will need to be in the following locations:
/etc/cert/msserver_fss_uu_nl.pem
/etc/cert/msserver.fss.uu.key
First, we will create the key file on the server. For this, run the following code:
openssl req -new -newkey rsa:3072 -nodes -keyout msserver.fss.uu.key -out msserver.fss.uu.csr
You will be asked interactively to fill out some additional information for the certificate signing authority to refer to. Fill out those. For name, input msserver.fss.uu.nl, and you can enter your own email in the email address field.
Move the key file to the required location:
sudo mkdir /etc/cert
sudo mv msserver.fss.uu.key /etc/cert/msserver.fss.uu.key
Then send the .csr as well as the .key file to the IT department so they can have the key signed. That will yield the .pem file, which should be uploaded and put in the correct location (/etc/cert/msserver_fss_uu_nl.pem).
Installing nginx is as easy as downloading it from the ubuntu repo:
sudo apt install nginx
This already enables the webserver which listens for incoming traffic and can then do stuff to serve different things.
To make nginx route traffic from http (port 80) and https (port 443) to Rstudio server (port 8787), we need to configure it. Configuration of nginx happens in configuration files in the folder /etc/nginx/sites-available/ and /etc/nginx/sites-enabled/.
First, create and edit a configuration file called reverse_proxy.conf in the sites-available directory:
sudo nano /etc/nginx/sites-available/reverse_proxy_https.conf
Then, ensure that the content of this file is the same as the file here: reverse_proxy_https.conf. A few things happen there:
Save the file (ctrl+x and then y) and then enable the site by creating a link to it in the sites-enabled directory:
sudo ln -s /etc/nginx/sites-available/reverse_proxy_https.conf /etc/nginx/sites-enabled/reverse_proxy.conf
As a fallback, we also have the HTTP-only version without SSL: reverse_proxy_http.conf. To enable this one, put this next to the https conf file, and route the link to that file instead. If/when you do: test and reload the config as follows:
sudo nginx -t
sudo systemctl reload nginx
RStudio server should now be available at https://msserver.fss.uu.nl from the university network or via VPN!
We have now set up the basic form of the department compute server. To operate the server, users need to receive an account, additional software needs to be installed and kept up-to-date, and the server needs to be generally maintained. Those ongoing activities are documented in the server administration guide.