From 08ee32ac4075badb5a7081676e039f7c8e7428dd Mon Sep 17 00:00:00 2001 From: Patrick Skowronek Date: Mon, 16 May 2022 08:19:49 +0200 Subject: [PATCH] Updated Readme and some other improvements --- README.md | 54 +++++++---- bridgehead | 4 +- gbn/docker-compose.yml | 199 +++++++++++++++++++++-------------------- 3 files changed, 139 insertions(+), 118 deletions(-) diff --git a/README.md b/README.md index 6224956..0bb72e1 100644 --- a/README.md +++ b/README.md @@ -8,13 +8,17 @@ TOC 1. [About](#about) - [Projects](#projects) - [GBA/BBMRI-ERIC](#gbabbmri-eric) - - [DKTK/C4](#dktkc4) + - [CCP(DKTK/C4)](#ccpdktkc4) - [NNGM](#nngm) - [Bridgehead Components](#bridgehead-components) - - [Blaze Server](#blaze-serverhttpsgithubcomsamplyblaze) + - [Blaze Server](#blaze-serverhttpsgithubcomsamplyblaze) + - [Connector](#connector) 1. [Requirements](#requirements) - [Hardware](#hardware) - [System](#system-requirements) + - [git](#git) + - [docker](#dockerhttpsdocsdockercomget-docker) + - [systemd](#systemd) 2. [Getting Started](#getting-started) - [DKTK](#dktkc4) - [C4](#c4) @@ -32,9 +36,9 @@ TOC TODO: Insert comprehensive feature list of the bridgehead? Why would anyone install it? -### Projects +## Projects -#### GBA/BBMRI-ERIC +### GBA/BBMRI-ERIC The **Sample Locator** is a tool that allows researchers to make searches for samples over a large number of geographically distributed biobanks. Each biobank runs a so-called **Bridgehead** at its site, which makes it visible to the Sample Locator. The Bridgehead is designed to give a high degree of protection to patient data. Additionally, a tool called the [Negotiator][negotiator] puts you in complete control over which samples and which data are delivered to which researcher. @@ -44,11 +48,11 @@ The Bridgehead has two primary components: * The **Blaze Store**. This is a highly responsive FHIR data store, which you will need to fill with your data via an ETL chain. * The **Connector**. This is the communication portal to the Sample Locator, with specially designed features that make it possible to run it behind a corporate firewall without making any compromises on security. -#### CCP(DKTK/C4) +### CCP(DKTK/C4) TODO: -#### NNGM +### nNGM TODO: @@ -62,8 +66,6 @@ This holds the actual data being searched. This store must be filled by you, gen TODO: - - ## Requirements ### Hardware @@ -79,7 +81,14 @@ For running your bridgehead we recommend the follwing Hardware: Before starting the installation process, please ensure that following software is available on your system: -//Just install docker-compose und docker with version +#### Git + +Check if you have at leat git 2.0 installed on the system with: + +``` shell +git --version +``` + #### [Docker](https://docs.docker.com/get-docker/) To check your docker installation, you should execute the docker with --version: @@ -88,13 +97,13 @@ To check your docker installation, you should execute the docker with --version: docker --version ``` -The Version should be higher than "20.10.1". Otherwise you will have problems startin the bridgehead. The next step is to check ``` docker-compose``` with: +The Version should be higher than "20.10.1". Otherwise you will have problems starting the bridgehead. The next step is to check ``` docker-compose``` with: ``` shell docker-compose --version ``` -The recomended version is "2.XX" and higher. To futher check your docker-compose installation, please run the following command. +The recomended version is "2.XX" and higher. If docker-compose was not installed with docker follow these [instructions](https://docs.docker.com/compose/install/#install-compose-as-standalone-binary-on-linux-systems). To futher check your docker and docker-compose installation, please run the following command. ``` shell docker-compose -f - up < NOTE: If you are part of the CCP-IT we will provide you another link for the configuration. -Next, you need to configure a set of variables, specific for your site with not so high security concerns. You can visit the configuration template at [GitHub](https://github.com/samply/bridgehead-config). You can download the repositories contents and add them to the "bridgehead" directory. +Next, you need to configure a set of variables, specific for your site with not so high security concerns. You can clone the configuration template at [GitHub](https://github.com/samply/bridgehead-config). The confiugration of the bridgehead should be located in /etc/bridghead. ``` shell sudo git clone https://github.com/samply/bridgehead-config.git /etc/bridgehead; ``` +After cloning or forking the repository you need to add value to the template. If you are a part of the CCP-IT you will get an already filled out config repo. + ### Testing your bridgehead -Now you ready to run a bridgehead instance. To check if everything works, execute the following: +We recomend to run first with the start and stop script. If you have trouble starting the bridghead have a look at the troubleshooting section. + +Now you ready to run a bridgehead instance. The bridgehead scripts checks if your configuration is correct. To check if everything works, execute the following: ``` shell /srv/docker/bridgehead/bridgehead start ``` -You should now be able to access the landing page on your system, e.g "https:///" +You should now be able to access the landing page on your system, e.g "https:///". To shutdown the bridgehead just run. ``` shell /srv/docker/bridgehead/bridgehead stop ``` -We recomend to run first with the start and stop script and if aviable run the systemd service, which also enables automatic updates and more. If you have trouble starting the bridghead have a look at the troubleshooting section. - ### Systemd service configuration For a server, we highly recommend that you install the system units for managing the bridgehead, provided by us. You can do this by executing the [bridgehead](./bridgehead) script: @@ -176,6 +194,8 @@ For a server, we highly recommend that you install the system units for managing sudo /srv/docker/bridgehead/bridgehead install ``` +This will install the systemd units to run and update the bridghead. + Finally, you need to configure your sites secrets. These are places as configuration for each bridgehead system unit. Refer to the section for your specific project: For Every project you need to set the proxy this way, if you have one. This is done with the ```systemctl edit``` comand. diff --git a/bridgehead b/bridgehead index 0634d06..ef6bd8b 100755 --- a/bridgehead +++ b/bridgehead @@ -55,10 +55,10 @@ case "$ACTION" in exec ./lib/update-bridgehead.sh $PROJECT ;; install) - exec ./lib/setup-bridgehead-units.sh $project + exec ./lib/setup-bridgehead-units.sh $PROJECT ;; uninstall) - exec ./lib/remove-bridgehead-units.sh $project + exec ./lib/remove-bridgehead-units.sh $PROJECT ;; *) printUsage diff --git a/gbn/docker-compose.yml b/gbn/docker-compose.yml index c14883b..476d355 100644 --- a/gbn/docker-compose.yml +++ b/gbn/docker-compose.yml @@ -1,99 +1,100 @@ -version: '3.7' - -volumes: - gbn-connector-logs: - gbn-connector-db-data: - gbn-store-db-data: - -services: - traefik: - container_name: bridgehead-traefik - image: traefik:2 - command: - - --entrypoints.web.address=:80 - - --entrypoints.websecure.address=:443 - - --providers.docker=true - - --api.dashboard=true - - --accesslog=true # print access-logs - - --entrypoints.web.http.redirections.entrypoint.to=websecure - - --entrypoints.web.http.redirections.entrypoint.scheme=https - labels: - - "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)" - - "traefik.http.routers.dashboard.entrypoints=websecure" - - "traefik.http.routers.dashboard.service=api@internal" - - "traefik.http.routers.dashboard.tls=true" - - "traefik.http.routers.dashboard.middlewares=auth" - - "traefik.http.middlewares.auth.basicauth.users=${bc_auth_users}" - ports: - - 80:80 - - 443:443 - volumes: - - ../certs:/tools/certs - - /var/run/docker.sock:/var/run/docker.sock:ro - extra_hosts: - - "host.docker.internal:host-gateway" - - forward_proxy: - container_name: bridgehead-forward-proxy - image: ubuntu/squid - environment: - http_proxy: ${http_proxy} - https_proxy: ${https_proxy} - volumes: - - "bridgehead-proxy:/var/log/squid" - - landing: - container_name: bridgehead-landingpage - image: samply/bridgehead-landingpage - labels: - - "traefik.enable=true" - - "traefik.http.routers.landing.rule=PathPrefix(`/`)" - - "traefik.http.services.landing.loadbalancer.server.port=80" - - "traefik.http.routers.landing.tls=true" - environment: - HOST: ${HOST} - PROJECT: ${PROJECT} - SITE_NAME: ${SITE_NAME} - - blaze: - image: "samply/blaze:0.17" - container_name: bridgehead-ccp-blaze - environment: - BASE_URL: "http://blaze:8080" - JAVA_TOOL_OPTIONS: "-Xmx4g" - LOG_LEVEL: "debug" - ENFORCE_REFERENTIAL_INTEGRITY: "false" - volumes: - - "blaze-data:/app/data" - labels: - - "traefik.enable=true" - - "traefik.http.middlewares.ccp-auth.basicauth.users=${bc_auth_users}" - - "traefik.http.routers.blaze_ccp.rule=PathPrefix(`/ccp-localdatamanagement`)" - - "traefik.http.middlewares.ccp_b_strip.stripprefix.prefixes=/ccp-localdatamanagement" - - "traefik.http.services.blaze_ccp.loadbalancer.server.port=8080" - - "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,ccp-auth" - - "traefik.http.routers.blaze_ccp.tls=true" - - gbn-connector: - image: "samply/share-client:gbn-feature-environmentPreconfiguration" - environment: - POSTGRES_PASSWORD: ${CONNECTOR_POSTGRES_PASS} - volumes: - - "gbn-connector-logs:/usr/local/tomcat/logs" - labels: - - "traefik.enable=true" - - "traefik.http.routers.gbn_connector.rule=PathPrefix(`/gbn-connector`)" - - "traefik.http.services.gbn_connector.loadbalancer.server.port=8080" - depends_on: - - "gbn-connector-db" - restart: "always" - - gbn-connector-db: - image: "postgres:10.17" - environment: - POSTGRES_DB: "samply.connector" - POSTGRES_USER: "samply" - POSTGRES_PASSWORD: ${CONNECTOR_POSTGRES_PASS} - volumes: - - "gbn-connector-db-data:/var/lib/postgresql/data" - restart: "always" +version: '3.7' + +volumes: + gbn-connector-logs: + gbn-connector-db-data: + gbn-store-db-data: + +services: + traefik: + container_name: bridgehead-traefik + image: traefik:2 + command: + - --entrypoints.web.address=:80 + - --entrypoints.websecure.address=:443 + - --providers.docker=true + - --api.dashboard=true + - --accesslog=true # print access-logs + - --entrypoints.web.http.redirections.entrypoint.to=websecure + - --entrypoints.web.http.redirections.entrypoint.scheme=https + labels: + - "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)" + - "traefik.http.routers.dashboard.entrypoints=websecure" + - "traefik.http.routers.dashboard.service=api@internal" + - "traefik.http.routers.dashboard.tls=true" + - "traefik.http.routers.dashboard.middlewares=auth" + - "traefik.http.middlewares.auth.basicauth.users=${bc_auth_users}" + ports: + - 80:80 + - 443:443 + volumes: + - ../certs:/tools/certs + - /var/run/docker.sock:/var/run/docker.sock:ro + extra_hosts: + - "host.docker.internal:host-gateway" + + forward_proxy: + container_name: bridgehead-forward-proxy + image: ubuntu/squid + environment: + http_proxy: ${http_proxy} + https_proxy: ${https_proxy} + volumes: + - "bridgehead-proxy:/var/log/squid" + + landing: + container_name: bridgehead-landingpage + image: samply/bridgehead-landingpage + labels: + - "traefik.enable=true" + - "traefik.http.routers.landing.rule=PathPrefix(`/`)" + - "traefik.http.services.landing.loadbalancer.server.port=80" + - "traefik.http.routers.landing.tls=true" + environment: + HOST: ${HOST} + PROJECT: ${PROJECT} + SITE_NAME: ${SITE_NAME} + + blaze: + image: "samply/blaze:0.17" + container_name: bridgehead-gbn-blaze + environment: + BASE_URL: "http://blaze:8080" + JAVA_TOOL_OPTIONS: "-Xmx4g" + LOG_LEVEL: "debug" + ENFORCE_REFERENTIAL_INTEGRITY: "false" + volumes: + - "blaze-data:/app/data" + labels: + - "traefik.enable=true" + - "traefik.http.middlewares.gbn-auth.basicauth.users=${bc_auth_users}" + - "traefik.http.routers.blaze_gbn.rule=PathPrefix(`/gbn-localdatamanagement`)" + - "traefik.http.middlewares.gbn_b_strip.stripprefix.prefixes=/gbn-localdatamanagement" + - "traefik.http.services.blaze_gbn.loadbalancer.server.port=8080" + - "traefik.http.routers.blaze_gbn.middlewares=gbn_b_strip,gbn-auth" + - "traefik.http.routers.blaze_gbn.tls=true" + + gbn-connector: + container_name: bridgehead-gbn-connector + image: "samply/share-client:gbn-feature-environmentPreconfiguration" + environment: + POSTGRES_PASSWORD: ${CONNECTOR_POSTGRES_PASS} + volumes: + - "gbn-connector-logs:/usr/local/tomcat/logs" + labels: + - "traefik.enable=true" + - "traefik.http.routers.gbn_connector.rule=PathPrefix(`/gbn-connector`)" + - "traefik.http.services.gbn_connector.loadbalancer.server.port=8080" + depends_on: + - "gbn-connector-db" + restart: "always" + + gbn-connector-db: + image: "postgres:10.17" + environment: + POSTGRES_DB: "samply.connector" + POSTGRES_USER: "samply" + POSTGRES_PASSWORD: ${CONNECTOR_POSTGRES_PASS} + volumes: + - "gbn-connector-db-data:/var/lib/postgresql/data" + restart: "always"