bridgehead/ccp/modules/datashield-compose.yml

version: "3.7"

services:
  ############################################ DataSHIELD Client (Rocker R-Studio)
  rstudio:
    container_name: bridgehead-rstudio
    image: docker.verbis.dkfz.de/ccp/dktk-rstudio:latest
    #TODO: Connect with Keycloak: https://rocker-project.org/images/versioned/rstudio.html
    environment:
      USER: "ruser"
      PASSWORD: "${RSTUDIO_PASSWORD}"
      HTTP_RELATIVE_PATH: "/rstudio"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.rstudio_ccp.rule=PathPrefix(`/rstudio`)"
      - "traefik.http.services.rstudio_ccp.loadbalancer.server.port=8787"
      - "traefik.http.routers.rstudio_ccp.tls=true"
      - "traefik.http.middlewares.rstudio_ccp_strip.stripprefix.prefixes=/rstudio"
      - "traefik.http.routers.rstudio_ccp.middlewares=rstudio_ccp_strip"
      #volumes:
      #- "bridgehead-rstudio-config:/home/rstudio/.config/rstudio"
      #- "bridgehead-rstudio-workspace:/home/rstudio/workspace"

  ############################################ DataSHIELD Server (Opal)
  opal:
    container_name: bridgehead-opal
    image: docker.verbis.dkfz.de/ccp/dktk-opal:latest
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.opal_ccp.rule=PathPrefix(`/opal`)"
      - "traefik.http.services.opal_ccp.loadbalancer.server.port=8080"
      - "traefik.http.routers.opal_ccp.tls=true"
    links:
      - opal-rserver
      - opal-db
    environment:
      JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"
      # OPAL_ADMINISTRATOR_USER: "administrator" # Please, don't remove this line. It is informative.
      OPAL_ADMINISTRATOR_PASSWORD: "${OPAL_ADMINISTRATOR_PASSWORD}"
      POSTGRESDATA_HOST: "opal-db"
      POSTGRESDATA_DATABASE: "opal"
      POSTGRESDATA_USER: "opal"
      POSTGRESDATA_PASSWORD: "${OPAL_DB_PASSWORD}"
      ROCK_HOSTS: "opal-rserver:8085"
      APP_URL: "https://${HOST}/opal"
      APP_CONTEXT_PATH: "/opal"
      OPAL_PRIVATE_KEY: "/run/secrets/opal-key.pem"
      OPAL_CERTIFICATE: "/run/secrets/opal-cert.pem"
    secrets:
      - opal-cert.pem
      - opal-key.pem

  #    volumes:
  #      - "bridgehead-opal:/srv"


  opal-db: # Data
    container_name: bridgehead-opal-db
    image: postgres:15.1-alpine
    environment:
      POSTGRES_PASSWORD: "${OPAL_DB_PASSWORD}"
      POSTGRES_USER: "opal"
      POSTGRES_DB: "opal"
  #    volumes:
  #      - "bridgehead-opal-db:/var/lib/postgresql/data"

  opal-rserver:
    container_name: bridgehead-opal-rserver
    image: datashield/rock-base:6.2-R4.2  # https://datashield.discourse.group/t/ds-aggregate-method-error/416/4

  beam-connect:
    # We want to switch to this image if the changes from fix-connect are merged
    # image: docker.verbis.dkfz.de/cache/samply/beam-connect:no-auth
    image: samply/beam-connect:fix-connect
    container_name: bridgehead-datashield-connect
    ports:
      - 8062:8062
    environment:
      PROXY_URL: "http://beam-proxy:8081"
      TLS_CA_CERTIFICATES_DIR: /run/secrets
      APP_ID: datashield-connect.${SITE_ID}.${BROKER_ID}
      PROXY_APIKEY: ${DATASHIELD_CONNECT_SECRET}
      DISCOVERY_URL: "./map/central.json"
      LOCAL_TARGETS_FILE: "./map/local.json"
    secrets:
      - opal-cert.pem
    depends_on:
      - beam-proxy
    volumes:
      - /etc/bridgehead/datashield-connect/:/map:ro

  beam-proxy:
    environment:
      APP_2_ID: datashield-connect
      APP_2_KEY: ${DATASHIELD_CONNECT_SECRET}

#volumes:
#  bridgehead-rstudio-config:
#    name: "bridgehead-rstudio-config"
#  bridgehead-rstudio-workspace:
#    name: "bridgehead-rstudio-workspace"
#  bridgehead-opal-db:
#    name: "bridgehead-opal-db"
#  bridgehead-opal:
#    name: "bridgehead-opal"

secrets:
  opal-cert.pem:
    file: /etc/bridgehead/trusted-ca-certs/opal-cert.pem:ro
  opal-key.pem:
    file: /etc/bridgehead/trusted-ca-certs/opal-key.pem:ro
Add DataSHIELD 2023-04-12 09:46:35 +02:00			`version: "3.7"`

			`services:`
			`############################################ DataSHIELD Client (Rocker R-Studio)`
Experiment 2023-04-12 15:51:30 +02:00			`rstudio:`
			`container_name: bridgehead-rstudio`
Add DataSHIELD 2023-04-12 09:46:35 +02:00			`image: docker.verbis.dkfz.de/ccp/dktk-rstudio:latest`
			`#TODO: Connect with Keycloak: https://rocker-project.org/images/versioned/rstudio.html`
			`environment:`
			`USER: "ruser"`
			`PASSWORD: "${RSTUDIO_PASSWORD}"`
Experiment 2023-04-12 15:51:30 +02:00			`HTTP_RELATIVE_PATH: "/rstudio"`
Add DataSHIELD 2023-04-12 09:46:35 +02:00			`labels:`
			`- "traefik.enable=true"`
			- "traefik.http.routers.rstudio_ccp.rule=PathPrefix(`/rstudio`)"
			`- "traefik.http.services.rstudio_ccp.loadbalancer.server.port=8787"`
			`- "traefik.http.routers.rstudio_ccp.tls=true"`
			`- "traefik.http.middlewares.rstudio_ccp_strip.stripprefix.prefixes=/rstudio"`
			`- "traefik.http.routers.rstudio_ccp.middlewares=rstudio_ccp_strip"`
Remove unnecessary volumes 2023-04-27 10:52:25 +02:00			`#volumes:`
Experiment 2023-04-12 15:51:30 +02:00			`#- "bridgehead-rstudio-config:/home/rstudio/.config/rstudio"`
Remove mongo db 2023-04-26 16:34:15 +02:00			`#- "bridgehead-rstudio-workspace:/home/rstudio/workspace"`
Add DataSHIELD 2023-04-12 09:46:35 +02:00
			`############################################ DataSHIELD Server (Opal)`
Experiment 2023-04-12 15:51:30 +02:00			`opal:`
			`container_name: bridgehead-opal`
Add opal certificate 2023-05-16 16:40:22 +02:00			`image: docker.verbis.dkfz.de/ccp/dktk-opal:latest`
Add DataSHIELD 2023-04-12 09:46:35 +02:00			`labels:`
			`- "traefik.enable=true"`
			- "traefik.http.routers.opal_ccp.rule=PathPrefix(`/opal`)"
Experiment 2023-04-12 15:51:30 +02:00			`- "traefik.http.services.opal_ccp.loadbalancer.server.port=8080"`
Add DataSHIELD 2023-04-12 09:46:35 +02:00			`- "traefik.http.routers.opal_ccp.tls=true"`
			`links:`
Experiment 2023-04-12 15:51:30 +02:00			`- opal-rserver`
			`- opal-db`
Add DataSHIELD 2023-04-12 09:46:35 +02:00			`environment:`
			`JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"`
Remove unnecessary volumes 2023-04-27 10:52:25 +02:00			`# OPAL_ADMINISTRATOR_USER: "administrator" # Please, don't remove this line. It is informative.`
Add DataSHIELD 2023-04-12 09:46:35 +02:00			`OPAL_ADMINISTRATOR_PASSWORD: "${OPAL_ADMINISTRATOR_PASSWORD}"`
Experiment 2023-04-12 15:51:30 +02:00			`POSTGRESDATA_HOST: "opal-db"`
Add DataSHIELD 2023-04-12 09:46:35 +02:00			`POSTGRESDATA_DATABASE: "opal"`
			`POSTGRESDATA_USER: "opal"`
			`POSTGRESDATA_PASSWORD: "${OPAL_DB_PASSWORD}"`
Experiment 2023-04-12 15:51:30 +02:00			`ROCK_HOSTS: "opal-rserver:8085"`
Remove mongo db 2023-04-26 16:34:15 +02:00			`APP_URL: "https://${HOST}/opal"`
			`APP_CONTEXT_PATH: "/opal"`
Add opal certificate 2023-05-16 16:40:22 +02:00			`OPAL_PRIVATE_KEY: "/run/secrets/opal-key.pem"`
			`OPAL_CERTIFICATE: "/run/secrets/opal-cert.pem"`
			`secrets:`
			`- opal-cert.pem`
			`- opal-key.pem`
Experiment 2023-04-12 15:51:30 +02:00
Remove unnecessary volumes 2023-04-27 10:52:25 +02:00			`# volumes:`
			`# - "bridgehead-opal:/srv"`
Add DataSHIELD 2023-04-12 09:46:35 +02:00

Experiment 2023-04-12 15:51:30 +02:00			`opal-db: # Data`
			`container_name: bridgehead-opal-db`
Add DataSHIELD 2023-04-12 09:46:35 +02:00			`image: postgres:15.1-alpine`
			`environment:`
			`POSTGRES_PASSWORD: "${OPAL_DB_PASSWORD}"`
			`POSTGRES_USER: "opal"`
			`POSTGRES_DB: "opal"`
Remove unnecessary volumes 2023-04-27 10:52:25 +02:00			`# volumes:`
			`# - "bridgehead-opal-db:/var/lib/postgresql/data"`
Add DataSHIELD 2023-04-12 09:46:35 +02:00
Experiment 2023-04-12 15:51:30 +02:00			`opal-rserver:`
			`container_name: bridgehead-opal-rserver`
Add DataSHIELD 2023-04-12 09:46:35 +02:00			`image: datashield/rock-base:6.2-R4.2 # https://datashield.discourse.group/t/ds-aggregate-method-error/416/4`

beam connect and move beam-connect config 2023-04-25 13:58:04 +02:00			`beam-connect:`
change to dockerhub image 2023-05-24 11:03:46 +02:00			`# We want to switch to this image if the changes from fix-connect are merged`
			`# image: docker.verbis.dkfz.de/cache/samply/beam-connect:no-auth`
			`image: samply/beam-connect:fix-connect`
beam connect and move beam-connect config 2023-04-25 13:58:04 +02:00			`container_name: bridgehead-datashield-connect`
expose beam connect ports 2023-04-25 16:30:55 +02:00			`ports:`
			`- 8062:8062`
beam connect and move beam-connect config 2023-04-25 13:58:04 +02:00			`environment:`
			`PROXY_URL: "http://beam-proxy:8081"`
Change beam-connect version and load opal cert 2023-05-24 10:51:12 +02:00			`TLS_CA_CERTIFICATES_DIR: /run/secrets`
Fix beam connect app id 2023-04-25 14:12:58 +02:00			`APP_ID: datashield-connect.${SITE_ID}.${BROKER_ID}`
beam connect and move beam-connect config 2023-04-25 13:58:04 +02:00			`PROXY_APIKEY: ${DATASHIELD_CONNECT_SECRET}`
			`DISCOVERY_URL: "./map/central.json"`
			`LOCAL_TARGETS_FILE: "./map/local.json"`
Change beam-connect version and load opal cert 2023-05-24 10:51:12 +02:00			`secrets:`
			`- opal-cert.pem`
beam connect and move beam-connect config 2023-04-25 13:58:04 +02:00			`depends_on:`
Remove unnecessary volumes 2023-04-27 10:52:25 +02:00			`- beam-proxy`
beam connect and move beam-connect config 2023-04-25 13:58:04 +02:00			`volumes:`
			`- /etc/bridgehead/datashield-connect/:/map:ro`

			`beam-proxy:`
			`environment:`
			`APP_2_ID: datashield-connect`
			`APP_2_KEY: ${DATASHIELD_CONNECT_SECRET}`

Remove unnecessary volumes 2023-04-27 10:52:25 +02:00			`#volumes:`
Experiment 2023-04-12 15:51:30 +02:00			`# bridgehead-rstudio-config:`
			`# name: "bridgehead-rstudio-config"`
Remove mongo db 2023-04-26 16:34:15 +02:00			`# bridgehead-rstudio-workspace:`
			`# name: "bridgehead-rstudio-workspace"`
Remove unnecessary volumes 2023-04-27 10:52:25 +02:00			`# bridgehead-opal-db:`
			`# name: "bridgehead-opal-db"`
Remove mongo db 2023-04-26 16:34:15 +02:00			`# bridgehead-opal:`
			`# name: "bridgehead-opal"`
Add opal certificate 2023-05-16 16:40:22 +02:00
			`secrets:`
			`opal-cert.pem:`
Change beam-connect version and load opal cert 2023-05-24 10:51:12 +02:00			`file: /etc/bridgehead/trusted-ca-certs/opal-cert.pem:ro`
Add opal certificate 2023-05-16 16:40:22 +02:00			`opal-key.pem:`
Change beam-connect version and load opal cert 2023-05-24 10:51:12 +02:00			`file: /etc/bridgehead/trusted-ca-certs/opal-key.pem:ro`