Opal/Armadillo Local Deployment

Dick Postma and Xavier Escribà Montagut

Overview

Goal: Deploy Opal/Armadillo locally using Docker Compose

Why start local?

• 🚀 Low friction - no DNS, firewalls, or cloud costs
• 🔒 Safe sandbox - HTTP only, no internet exposure
  
• 👩‍💻 Developer-friendly - iterate on DataSHIELD packages
• 📦 Portable - same foundation scales to production
• 🎓 Teaching aid - contained lab environment

Services & Roles

🏢 Opal (OBiBa DataSHIELD Server) - Main DataSHIELD server and admin UI

🔧 Rock (R Server) - Executes R/DataSHIELD calls from Opal

🗄️ MongoDB (Auxiliary Store) - Used by Opal for auxiliary features

File Structure

opal-local/
├── .env                    # Environment variables
├── docker-compose.yml     # Service definitions  
├── data/                   # Persistent data storage
│   ├── opal/              # Opal server data
│   └── mongo/             # MongoDB data
└── logs/                   # Opal logs

Local folders - easy data management!

Step 1: Environment Variables

Create .env file with admin password:

OPAL_ADMINISTRATOR_PASSWORD=ChangeMe123!

• OPAL_ADMINISTRATOR_PASSWORD: Password for the Opal administrator account

Step 2: Docker Compose (simplified)

services:
  opal:
    image: obiba/opal:latest
    ports:
      - "8080:8080"
      - "8443:8443"
    environment:
      - OPAL_ADMINISTRATOR_PASSWORD=${OPAL_ADMINISTRATOR_PASSWORD}
      - MONGO_HOST=mongo
      - MONGO_PORT=27017
      - ROCK_HOSTS=rock:8085
    volumes:
      - ./data/opal:/srv
      - ./logs:/var/log/opal
  mongo:
    image: mongo:6.0
    volumes:
      - ./data/mongo:/data/db
  rock:
    image: datashield/rock-base:latest
    environment:
      - ROCK_ID=new-stack-rock

Step 3: Deploy the Stack

# Create data directories
mkdir -p data/opal data/mongo logs

# Start all services
docker-compose up -d

# Check status
docker-compose ps

# Monitor logs
docker-compose logs

Clean restart (recommended): docker-compose down && docker-compose up -d

Access: Open http://localhost:8080 in your browser

Login: User administrator + password from .env

Step 4: Test DataSHIELD Connection

library(DSI)
library(DSOpal)
library(httr)
set_config(config(ssl_verifyhost = 0L, ssl_verifypeer = 0L))
library(dsBaseClient)

b <- DSI::newDSLoginBuilder()
b$append(
    server   = "local",
    url      = "http://localhost:8080",
    user     = "administrator",
    password = "ChangeMe123!",
    profile = "default"
)

logins <- b$build()
conns <- DSI::datashield.login(logins)
ds.ls()

Note: SSL verification disabled for local testing only!

Key Configuration Points

Network Setup

• All services on opalnet Docker network
• Exposed ports: 8080: HTTP, 8443: HTTPS (Opal)

Persistence

• Local folders preserve data across restarts
• Easy to backup, inspect, and manage
• Remove data/ folder to reset completely

Troubleshooting

Opal not reachable

• Check if port 8080 is available locally: lsof -i :8080 or netstat -an | grep 8080
• Verify container is running: docker-compose ps

Login fails

• Ensure OPAL_ADMINISTRATOR_PASSWORD set at first start
• Reset: docker-compose down, remove data/opal folder, restart

Summary

✅ Achieved: Local DataSHIELD stack with Docker Compose

🚀 Benefits:

• Quick setup and iteration
• Safe development environment
  
• Production-ready foundation
• Complete DataSHIELD functionality

🎯 Ready for: Going live with Nginx, TLS, and DNS!