From 052f6f123925d60fc432cd1745a7e3fe3b07167e Mon Sep 17 00:00:00 2001 From: Patrick Skowronek Date: Thu, 23 Feb 2023 14:25:39 +0100 Subject: [PATCH] Added snap --- bridgehead | 3 ++ lib/prepare-system.sh | 3 ++ snap/docker-compose.yml | 83 +++++++++++++++++++++++++++++++++++++++++ snap/vars | 0 4 files changed, 89 insertions(+) create mode 100644 snap/docker-compose.yml create mode 100644 snap/vars diff --git a/bridgehead b/bridgehead index ecf4ec0..14ce2c9 100755 --- a/bridgehead +++ b/bridgehead @@ -32,6 +32,9 @@ case "$PROJECT" in bbmri) #nothing extra to do ;; + snap) + #nothing extra to do + ;; *) printUsage exit 1 diff --git a/lib/prepare-system.sh b/lib/prepare-system.sh index 2cba2e2..455fe40 100755 --- a/lib/prepare-system.sh +++ b/lib/prepare-system.sh @@ -36,6 +36,9 @@ case "$PROJECT" in bbmri) site_configuration_repository_middle="git.verbis.dkfz.de/bbmri-bridgehead-configs/" ;; + snap) + site_configuration_repository_middle="git.verbis.dkfz.de/bridgehead-configurations/bridgehead-config-" + ;; *) log ERROR "Internal error, this should not happen." exit 1 diff --git a/snap/docker-compose.yml b/snap/docker-compose.yml new file mode 100644 index 0000000..09d9ef9 --- /dev/null +++ b/snap/docker-compose.yml @@ -0,0 +1,83 @@ +version: "3.7" + +services: + traefik: + container_name: bridgehead-traefik + image: traefik:latest + command: + - --entrypoints.web.address=:80 + - --entrypoints.websecure.address=:443 + - --providers.docker=true + - --providers.docker.exposedbydefault=false + - --providers.file.directory=/configuration/ + - --api.dashboard=true + - --accesslog=true + - --entrypoints.web.http.redirections.entrypoint.to=websecure + - --entrypoints.web.http.redirections.entrypoint.scheme=https + labels: + - "traefik.enable=true" + - "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)" + - "traefik.http.routers.dashboard.entrypoints=websecure" + - "traefik.http.routers.dashboard.service=api@internal" + - "traefik.http.routers.dashboard.tls=true" + - "traefik.http.routers.dashboard.middlewares=auth" + - "traefik.http.middlewares.auth.basicauth.users=${LDM_LOGIN}" + ports: + - 80:80 + - 443:443 + volumes: + - /etc/bridgehead/traefik-tls:/certs:ro + - ../lib/traefik-configuration/:/configuration:ro + - /var/run/docker.sock:/var/run/docker.sock:ro + + forward_proxy: + container_name: bridgehead-forward-proxy + image: samply/bridgehead-forward-proxy:latest + environment: + HTTPS_PROXY: ${HTTPS_PROXY_URL} + USERNAME: ${HTTPS_PROXY_USERNAME} + PASSWORD: ${HTTPS_PROXY_PASSWORD} + volumes: + - /etc/bridgehead/trusted-ca-certs:/docker/custom-certs/:ro + + spot: + image: samply/spot:latest + container_name: bridgehead-spot + environment: + SECRET: ${SPOT_BEAM_SECRET_LONG} + APPID: spot + PROXY_ID: ${PROXY_ID} + LDM_URL: ${LDM_URL} + AUTH_USER: ${} + AUTH_PW: ${} + BEAM_PROXY: http://beam-proxy:8081 + depends_on: + - "beam-proxy" + + beam-proxy: + image: "samply/beam-proxy:develop" + container_name: bridgehead-beam-proxy + environment: + BROKER_URL: ${BROKER_URL} + PROXY_ID: ${PROXY_ID} + APP_0_ID: snap + APP_0_KEY: ${SPOT_BEAM_SECRET_SHORT} + PRIVKEY_FILE: /run/secrets/proxy.pem + ALL_PROXY: http://forward_proxy:3128 + TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs + ROOTCERT_FILE: /conf/root.crt.pem + secrets: + - proxy.pem + depends_on: + - "forward_proxy" + volumes: + - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro + - ./root.crt.pem:/conf/root.crt.pem:ro + + +volumes: + blaze-data: + +secrets: + proxy.pem: + file: /etc/bridgehead/pki/${SITE_ID}.priv.pem diff --git a/snap/vars b/snap/vars new file mode 100644 index 0000000..e69de29