Updated Readme and some other improvements

This commit is contained in:
Patrick Skowronek 2022-05-16 08:19:49 +02:00
parent 14b3f2d61b
commit 08ee32ac40
3 changed files with 139 additions and 118 deletions

View File

@ -8,13 +8,17 @@ TOC
1. [About](#about)
- [Projects](#projects)
- [GBA/BBMRI-ERIC](#gbabbmri-eric)
- [DKTK/C4](#dktkc4)
- [CCP(DKTK/C4)](#ccpdktkc4)
- [NNGM](#nngm)
- [Bridgehead Components](#bridgehead-components)
- [Blaze Server](#blaze-serverhttpsgithubcomsamplyblaze)
- [Blaze Server](#blaze-serverhttpsgithubcomsamplyblaze)
- [Connector](#connector)
1. [Requirements](#requirements)
- [Hardware](#hardware)
- [System](#system-requirements)
- [git](#git)
- [docker](#dockerhttpsdocsdockercomget-docker)
- [systemd](#systemd)
2. [Getting Started](#getting-started)
- [DKTK](#dktkc4)
- [C4](#c4)
@ -32,9 +36,9 @@ TOC
TODO: Insert comprehensive feature list of the bridgehead? Why would anyone install it?
### Projects
## Projects
#### GBA/BBMRI-ERIC
### GBA/BBMRI-ERIC
The **Sample Locator** is a tool that allows researchers to make searches for samples over a large number of geographically distributed biobanks. Each biobank runs a so-called **Bridgehead** at its site, which makes it visible to the Sample Locator. The Bridgehead is designed to give a high degree of protection to patient data. Additionally, a tool called the [Negotiator][negotiator] puts you in complete control over which samples and which data are delivered to which researcher.
@ -44,11 +48,11 @@ The Bridgehead has two primary components:
* The **Blaze Store**. This is a highly responsive FHIR data store, which you will need to fill with your data via an ETL chain.
* The **Connector**. This is the communication portal to the Sample Locator, with specially designed features that make it possible to run it behind a corporate firewall without making any compromises on security.
#### CCP(DKTK/C4)
### CCP(DKTK/C4)
TODO:
#### NNGM
### nNGM
TODO:
@ -62,8 +66,6 @@ This holds the actual data being searched. This store must be filled by you, gen
TODO:
## Requirements
### Hardware
@ -79,7 +81,14 @@ For running your bridgehead we recommend the follwing Hardware:
Before starting the installation process, please ensure that following software is available on your system:
//Just install docker-compose und docker with version
#### Git
Check if you have at leat git 2.0 installed on the system with:
``` shell
git --version
```
#### [Docker](https://docs.docker.com/get-docker/)
To check your docker installation, you should execute the docker with --version:
@ -88,13 +97,13 @@ To check your docker installation, you should execute the docker with --version:
docker --version
```
The Version should be higher than "20.10.1". Otherwise you will have problems startin the bridgehead. The next step is to check ``` docker-compose``` with:
The Version should be higher than "20.10.1". Otherwise you will have problems starting the bridgehead. The next step is to check ``` docker-compose``` with:
``` shell
docker-compose --version
```
The recomended version is "2.XX" and higher. To futher check your docker-compose installation, please run the following command.
The recomended version is "2.XX" and higher. If docker-compose was not installed with docker follow these [instructions](https://docs.docker.com/compose/install/#install-compose-as-standalone-binary-on-linux-systems). To futher check your docker and docker-compose installation, please run the following command.
``` shell
docker-compose -f - up <<EOF
@ -117,12 +126,14 @@ To check if systemd is available on your system, please execute
systemctl --version
```
If systemd is not installed, you can start the bridgehead but for productive use we recomend using systemd.
If systemd is not installed, you can start the bridgehead. However, for productive use we recomend using systemd.
---
## Getting Started
### Installation
If your system passed all checks from ["Requirements" section], you are now ready to download the bridgehead.
First, clone the repository to the directory "/srv/docker/bridgehead":
@ -140,6 +151,11 @@ adduser --no-create-home --disabled-login --ingroup docker --gecos "" bridgehead
``` shell
useradd -M -g docker -N -s /sbin/nologin bridgehead
```
After adding the User you need to change the ownership of the directory to the bridgehead user.
``` shell
chown bridgehead /srv/docker/bridgehead/ -R
```
@ -147,28 +163,30 @@ chown bridgehead /srv/docker/bridgehead/ -R
> NOTE: If you are part of the CCP-IT we will provide you another link for the configuration.
Next, you need to configure a set of variables, specific for your site with not so high security concerns. You can visit the configuration template at [GitHub](https://github.com/samply/bridgehead-config). You can download the repositories contents and add them to the "bridgehead" directory.
Next, you need to configure a set of variables, specific for your site with not so high security concerns. You can clone the configuration template at [GitHub](https://github.com/samply/bridgehead-config). The confiugration of the bridgehead should be located in /etc/bridghead.
``` shell
sudo git clone https://github.com/samply/bridgehead-config.git /etc/bridgehead;
```
After cloning or forking the repository you need to add value to the template. If you are a part of the CCP-IT you will get an already filled out config repo.
### Testing your bridgehead
Now you ready to run a bridgehead instance. To check if everything works, execute the following:
We recomend to run first with the start and stop script. If you have trouble starting the bridghead have a look at the troubleshooting section.
Now you ready to run a bridgehead instance. The bridgehead scripts checks if your configuration is correct. To check if everything works, execute the following:
``` shell
/srv/docker/bridgehead/bridgehead start <Project>
```
You should now be able to access the landing page on your system, e.g "https://<your-host>/"
You should now be able to access the landing page on your system, e.g "https://<your-host>/".
To shutdown the bridgehead just run.
``` shell
/srv/docker/bridgehead/bridgehead stop <Project>
```
We recomend to run first with the start and stop script and if aviable run the systemd service, which also enables automatic updates and more. If you have trouble starting the bridghead have a look at the troubleshooting section.
### Systemd service configuration
For a server, we highly recommend that you install the system units for managing the bridgehead, provided by us. You can do this by executing the [bridgehead](./bridgehead) script:
@ -176,6 +194,8 @@ For a server, we highly recommend that you install the system units for managing
sudo /srv/docker/bridgehead/bridgehead install <Project>
```
This will install the systemd units to run and update the bridghead.
Finally, you need to configure your sites secrets. These are places as configuration for each bridgehead system unit. Refer to the section for your specific project:
For Every project you need to set the proxy this way, if you have one. This is done with the ```systemctl edit``` comand.

View File

@ -55,10 +55,10 @@ case "$ACTION" in
exec ./lib/update-bridgehead.sh $PROJECT
;;
install)
exec ./lib/setup-bridgehead-units.sh $project
exec ./lib/setup-bridgehead-units.sh $PROJECT
;;
uninstall)
exec ./lib/remove-bridgehead-units.sh $project
exec ./lib/remove-bridgehead-units.sh $PROJECT
;;
*)
printUsage

View File

@ -1,99 +1,100 @@
version: '3.7'
volumes:
gbn-connector-logs:
gbn-connector-db-data:
gbn-store-db-data:
services:
traefik:
container_name: bridgehead-traefik
image: traefik:2
command:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --providers.docker=true
- --api.dashboard=true
- --accesslog=true # print access-logs
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
labels:
- "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
- "traefik.http.routers.dashboard.entrypoints=websecure"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.dashboard.tls=true"
- "traefik.http.routers.dashboard.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=${bc_auth_users}"
ports:
- 80:80
- 443:443
volumes:
- ../certs:/tools/certs
- /var/run/docker.sock:/var/run/docker.sock:ro
extra_hosts:
- "host.docker.internal:host-gateway"
forward_proxy:
container_name: bridgehead-forward-proxy
image: ubuntu/squid
environment:
http_proxy: ${http_proxy}
https_proxy: ${https_proxy}
volumes:
- "bridgehead-proxy:/var/log/squid"
landing:
container_name: bridgehead-landingpage
image: samply/bridgehead-landingpage
labels:
- "traefik.enable=true"
- "traefik.http.routers.landing.rule=PathPrefix(`/`)"
- "traefik.http.services.landing.loadbalancer.server.port=80"
- "traefik.http.routers.landing.tls=true"
environment:
HOST: ${HOST}
PROJECT: ${PROJECT}
SITE_NAME: ${SITE_NAME}
blaze:
image: "samply/blaze:0.17"
container_name: bridgehead-ccp-blaze
environment:
BASE_URL: "http://blaze:8080"
JAVA_TOOL_OPTIONS: "-Xmx4g"
LOG_LEVEL: "debug"
ENFORCE_REFERENTIAL_INTEGRITY: "false"
volumes:
- "blaze-data:/app/data"
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.ccp-auth.basicauth.users=${bc_auth_users}"
- "traefik.http.routers.blaze_ccp.rule=PathPrefix(`/ccp-localdatamanagement`)"
- "traefik.http.middlewares.ccp_b_strip.stripprefix.prefixes=/ccp-localdatamanagement"
- "traefik.http.services.blaze_ccp.loadbalancer.server.port=8080"
- "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,ccp-auth"
- "traefik.http.routers.blaze_ccp.tls=true"
gbn-connector:
image: "samply/share-client:gbn-feature-environmentPreconfiguration"
environment:
POSTGRES_PASSWORD: ${CONNECTOR_POSTGRES_PASS}
volumes:
- "gbn-connector-logs:/usr/local/tomcat/logs"
labels:
- "traefik.enable=true"
- "traefik.http.routers.gbn_connector.rule=PathPrefix(`/gbn-connector`)"
- "traefik.http.services.gbn_connector.loadbalancer.server.port=8080"
depends_on:
- "gbn-connector-db"
restart: "always"
gbn-connector-db:
image: "postgres:10.17"
environment:
POSTGRES_DB: "samply.connector"
POSTGRES_USER: "samply"
POSTGRES_PASSWORD: ${CONNECTOR_POSTGRES_PASS}
volumes:
- "gbn-connector-db-data:/var/lib/postgresql/data"
restart: "always"
version: '3.7'
volumes:
gbn-connector-logs:
gbn-connector-db-data:
gbn-store-db-data:
services:
traefik:
container_name: bridgehead-traefik
image: traefik:2
command:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --providers.docker=true
- --api.dashboard=true
- --accesslog=true # print access-logs
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
labels:
- "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
- "traefik.http.routers.dashboard.entrypoints=websecure"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.dashboard.tls=true"
- "traefik.http.routers.dashboard.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=${bc_auth_users}"
ports:
- 80:80
- 443:443
volumes:
- ../certs:/tools/certs
- /var/run/docker.sock:/var/run/docker.sock:ro
extra_hosts:
- "host.docker.internal:host-gateway"
forward_proxy:
container_name: bridgehead-forward-proxy
image: ubuntu/squid
environment:
http_proxy: ${http_proxy}
https_proxy: ${https_proxy}
volumes:
- "bridgehead-proxy:/var/log/squid"
landing:
container_name: bridgehead-landingpage
image: samply/bridgehead-landingpage
labels:
- "traefik.enable=true"
- "traefik.http.routers.landing.rule=PathPrefix(`/`)"
- "traefik.http.services.landing.loadbalancer.server.port=80"
- "traefik.http.routers.landing.tls=true"
environment:
HOST: ${HOST}
PROJECT: ${PROJECT}
SITE_NAME: ${SITE_NAME}
blaze:
image: "samply/blaze:0.17"
container_name: bridgehead-gbn-blaze
environment:
BASE_URL: "http://blaze:8080"
JAVA_TOOL_OPTIONS: "-Xmx4g"
LOG_LEVEL: "debug"
ENFORCE_REFERENTIAL_INTEGRITY: "false"
volumes:
- "blaze-data:/app/data"
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.gbn-auth.basicauth.users=${bc_auth_users}"
- "traefik.http.routers.blaze_gbn.rule=PathPrefix(`/gbn-localdatamanagement`)"
- "traefik.http.middlewares.gbn_b_strip.stripprefix.prefixes=/gbn-localdatamanagement"
- "traefik.http.services.blaze_gbn.loadbalancer.server.port=8080"
- "traefik.http.routers.blaze_gbn.middlewares=gbn_b_strip,gbn-auth"
- "traefik.http.routers.blaze_gbn.tls=true"
gbn-connector:
container_name: bridgehead-gbn-connector
image: "samply/share-client:gbn-feature-environmentPreconfiguration"
environment:
POSTGRES_PASSWORD: ${CONNECTOR_POSTGRES_PASS}
volumes:
- "gbn-connector-logs:/usr/local/tomcat/logs"
labels:
- "traefik.enable=true"
- "traefik.http.routers.gbn_connector.rule=PathPrefix(`/gbn-connector`)"
- "traefik.http.services.gbn_connector.loadbalancer.server.port=8080"
depends_on:
- "gbn-connector-db"
restart: "always"
gbn-connector-db:
image: "postgres:10.17"
environment:
POSTGRES_DB: "samply.connector"
POSTGRES_USER: "samply"
POSTGRES_PASSWORD: ${CONNECTOR_POSTGRES_PASS}
volumes:
- "gbn-connector-db-data:/var/lib/postgresql/data"
restart: "always"