diff --git a/bbmri/docker-compose.yml b/bbmri/docker-compose.yml index c24f8a0..1903c62 100644 --- a/bbmri/docker-compose.yml +++ b/bbmri/docker-compose.yml @@ -1,6 +1,6 @@ version: "3.7" -# This includes only the shared persistence for BBMRI-ERIC and GBN. Federation components are included as modules, see ccp vars. +# This includes only the shared persistence for BBMRI-ERIC and GBN. Federation components are included as modules, see vars. services: blaze: diff --git a/bbmri/modules/exporter-setup.sh b/bbmri/modules/exporter-setup.sh index 9b947a6..b49f978 100644 --- a/bbmri/modules/exporter-setup.sh +++ b/bbmri/modules/exporter-setup.sh @@ -5,4 +5,5 @@ if [ "$ENABLE_EXPORTER" == true ]; then OVERRIDE+=" -f ./$PROJECT/modules/exporter-compose.yml" EXPORTER_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" EXPORTER_API_KEY="$(echo \"This is a salt string to generate one consistent API KEY for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 64)" + POSTGRES_TAG=15.6-alpine fi diff --git a/bbmri/modules/feedback-agent-setup.sh b/bbmri/modules/feedback-agent-setup.sh index f9217a5..cab2202 100644 --- a/bbmri/modules/feedback-agent-setup.sh +++ b/bbmri/modules/feedback-agent-setup.sh @@ -1,9 +1,6 @@ #!/bin/bash -log INFO "######################################### Metadata feedback script was found by Bridgehead" - if [ "$ENABLE_FEEDBACK_AGENT" == true ]; then - log INFO "######################################### Metadata feedback setup detected -- will start Feedback service." OVERRIDE+=" -f ./$PROJECT/modules/feedback-agent-compose.yml" FEEDBACK_AGENT_BEAM_SECRET="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" FEEDBACK_AGENT_DB_PASSWORD="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" diff --git a/bbmri/vars b/bbmri/vars index 2f6f9ad..248fbee 100644 --- a/bbmri/vars +++ b/bbmri/vars @@ -7,18 +7,6 @@ FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64} PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem -OIDC_USER_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})" -OIDC_ADMIN_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})_Verwalter" -OIDC_PRIVATE_CLIENT_ID=${SITE_ID}-private -OIDC_PUBLIC_CLIENT_ID=${SITE_ID}-public -# Use "test-realm-01" for testing -OIDC_REALM="${OIDC_REALM:-master}" -OIDC_URL="https://login.verbis.dkfz.de" -OIDC_ISSUER_URL="${OIDC_URL}/realms/${OIDC_REALM}" -OIDC_GROUP_CLAIM="groups" - -POSTGRES_TAG=15.6-alpine - for module in $PROJECT/modules/*.sh do log DEBUG "sourcing $module" diff --git a/ccp/modules/teiler-compose.yml b/ccp/modules/teiler-compose.yml index c6bcd9d..f415ee9 100644 --- a/ccp/modules/teiler-compose.yml +++ b/ccp/modules/teiler-compose.yml @@ -47,12 +47,6 @@ services: TEILER_ADMIN: "${OIDC_ADMIN_GROUP}" REPORTER_DEFAULT_TEMPLATE_ID: "ccp-qb" EXPORTER_DEFAULT_TEMPLATE_ID: "ccp" - # Modification needed for running in a test mode - APPLICATION_PORT: "8080" - CONFIG_ENV_VAR_PATH: "/run/secrets/ccp.conf" - # Modification needed for running in a test mode - secrets: - - ccp.conf teiler-backend: diff --git a/lib/functions.sh b/lib/functions.sh index d8d7d68..ffdc234 100644 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -301,39 +301,21 @@ function sync_secrets() { if [[ $secret_sync_args == "" ]]; then return fi - - if [ "${ENABLE_ERIC}" == "true" ]; then - BROKER_ROOT_CERT=/srv/docker/bridgehead/bbmri/$ERIC_ROOT_CERT.crt.pem - PROXY_ID=$ERIC_PROXY_ID - BROKER_ID=$ERIC_BROKER_ID - elif [ "${ENABLE_GBN}" == "true" ]; then - BROKER_ROOT_CERT=/srv/docker/bridgehead/bbmri/$GBN_ROOT_CERT.crt.pem - PROXY_ID=$GBN_PROXY_ID - BROKER_ID=$GBN_BROKER_ID - # Modification needed for running in a test mode - elif [ "${PROJECT}" == "ccp" ]; then - BROKER_ROOT_CERT=/srv/docker/bridgehead/ccp/root.crt.pem - else - fail_and_report 1 "Could not start secret sync as the configuration does not seem to use beam" - fi - local broker_url="https://$BROKER_ID" mkdir -p /var/cache/bridgehead/secrets/ || fail_and_report 1 "Failed to create '/var/cache/bridgehead/secrets/'. Please run sudo './bridgehead install $PROJECT' again." touch /var/cache/bridgehead/secrets/oidc -# Modification needed for running in a test mode -# Commented out so that the Bridgehead can run without Beam. -# docker run --rm \ -# -v /var/cache/bridgehead/secrets/oidc:/usr/local/cache \ -# -v $PRIVATEKEYFILENAME:/run/secrets/privkey.pem:ro \ -# -v $BROKER_ROOT_CERT:/run/secrets/root.crt.pem:ro \ -# -v /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro \ -# -e TLS_CA_CERTIFICATES_DIR=/conf/trusted-ca-certs \ -# -e NO_PROXY=localhost,127.0.0.1 \ -# -e ALL_PROXY=$HTTPS_PROXY_FULL_URL \ -# -e PROXY_ID=$PROXY_ID \ -# -e BROKER_URL=$broker_url \ -# -e OIDC_PROVIDER=secret-sync-central.oidc-client-enrollment.$BROKER_ID \ -# -e SECRET_DEFINITIONS=$secret_sync_args \ -# docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest + docker run --rm \ + -v /var/cache/bridgehead/secrets/oidc:/usr/local/cache \ + -v $PRIVATEKEYFILENAME:/run/secrets/privkey.pem:ro \ + -v /srv/docker/bridgehead/$PROJECT/root.crt.pem:/run/secrets/root.crt.pem:ro \ + -v /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro \ + -e TLS_CA_CERTIFICATES_DIR=/conf/trusted-ca-certs \ + -e NO_PROXY=localhost,127.0.0.1 \ + -e ALL_PROXY=$HTTPS_PROXY_FULL_URL \ + -e PROXY_ID=$PROXY_ID \ + -e BROKER_URL=$BROKER_URL \ + -e OIDC_PROVIDER=secret-sync-central.oidc-client-enrollment.$BROKER_ID \ + -e SECRET_DEFINITIONS=$secret_sync_args \ + docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest set -a # Export variables as environment variables source /var/cache/bridgehead/secrets/oidc diff --git a/minimal/modules/bbmri vars b/minimal/modules/bbmri vars deleted file mode 100644 index ef2e36e..0000000 --- a/minimal/modules/bbmri vars +++ /dev/null @@ -1,2 +0,0 @@ -OIDC_USER_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})" -OIDC_ADMIN_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})_Verwalter" \ No newline at end of file diff --git a/minimal/modules/ccp vars b/minimal/modules/ccp vars deleted file mode 100644 index fa446f8..0000000 --- a/minimal/modules/ccp vars +++ /dev/null @@ -1,7 +0,0 @@ -OIDC_PRIVATE_CLIENT_ID=${SITE_ID}-private -OIDC_PUBLIC_CLIENT_ID=${SITE_ID}-public -# Use "test-realm-01" for testing -OIDC_REALM="${OIDC_REALM:-master}" -OIDC_URL="https://login.verbis.dkfz.de" -OIDC_ISSUER_URL="${OIDC_URL}/realms/${OIDC_REALM}" -OIDC_GROUP_CLAIM="groups"