Configuration
The file ROCK_HOME/conf/application.yml is to be edited to match your server needs. This file is written in YAML format allowing to specify a hierarchy within the configuration keys. The YAML format uses indentations to express the different levels of this hierarchy. The file is already pre-filled with default values (to be modified to match your configuration), just be aware that you should not modify the indentations. In the following documentation, the configuration keys will be presented using the dot-notation (levels are separated by dots) for readability.
After this configuration file has been updated, restart the application so that new settings are effective.
HTTP Server Configuration
Rock server is a web application and as such, you need to specify on which ports the web server should listen to incoming requests.
Property |
Description |
---|---|
|
HTTP port number. Generally speaking this port should not be exposed to the web. Use proxy instead (Apache2, Nginx, etc.). |
Details about the server.*
properties can be found in the official Spring Boot - Server Properties documentation. More specifically, the server.ssl.*
properties allows to setup a HTTPS communication channel (default is HTTP). Note also that Rock uses Jetty as the internal web server.
Cluster Node Configuration
Rock server identification, required when clusters are built.
Property |
Description |
---|---|
|
Rock server unique identifier, unique in the cluster. |
|
Name of the cluster to which the R server belongs. Default is “default”. |
|
Comma separated tag names, for informative purpose. |
|
Public URL of this R server, required for self-registration only. |
Consul Configuration
Consul provides a service discovery and health checking infrastructure. It can be used to make Rock servers available to thrid-party applications. These settings allow Rock to self-register itself against a Consul server.
Property |
Description |
---|---|
|
Consul server URL. |
|
Consul registration token (highly recommended in production) |
|
Rock service interval check in seconds. |
Opal Configuration
Opal has an internal App registry to which Rock can self-register itself.
Property |
Description |
---|---|
|
Opal server URL. |
|
Opal app registration token (required). |
R Server Configuration
R environment properties.
Property |
Description |
---|---|
|
File path to the R executable. |
|
Comma separated list of URLs to R CRAN repositories, to install packages. |
|
Managed R sessions timeout, in minutes. Any R sessions without activity during this laps of time will be removed automatically. Default is |
Users Configuration
Property |
Description |
---|---|
|
List of users, with attributes |
Note
When no valid user is defined, the default user setup is applied: user administrator
with password password
(with administrator role).
The user passwords can be hashed, using the Bcrypt algorithm. In this case, the hashed password will be preceded by the prefix {bcrypt}. Make sure also to quote the secret value so that the $ signs do not get interpreted. There are many bcrypt hashers available online, for instance bcrypt.online. As an example:
security:
users:
# administrator, can do all
- id: administrator
secret: "{bcrypt}$2y$10$Ds/CB6jlY5a4/NU4.RvRI.9oZ16Bp6hx/Xcct1c2XFwYRdMbTHJVu"
roles: administrator
AppArmor Configuration
Rock can apply an RAppArmor profile on R session creation. Requires RAppArmor to be properly installed and configured.
Property |
Description |
---|---|
|
Enable/disable the RAppArmor functionality. |
|
The name the AppArmor profile to apply on R session creation. |
|
Whether the AppArmor profile is to be applied to the administrator as well. Default is |
R Configuration
The file ROCK_HOME/conf/Rprofile.R will be executed when the R server main process is started. For an enhanced security (mainly for protecting the server from abusive usage), you can limit the host’s resources usage with the unix R package and its rlimit functions.