From 146235236b41b04277f481c4ebd4ffdbc10f88df Mon Sep 17 00:00:00 2001 From: Gerhard Salvini Date: Thu, 6 Feb 2025 09:28:48 +0100 Subject: [PATCH] Removed stuff accumulated during testing phase Most of the things added during testing were not necessary and they were removed. This had the additional advantage that many files are now identical to their equivalents in the develop branch, making the diff more manageable. --- bbmri/docker-compose.yml | 2 +- bbmri/modules/exporter-setup.sh | 1 + bbmri/modules/feedback-agent-setup.sh | 3 -- bbmri/vars | 12 -------- ccp/modules/teiler-compose.yml | 6 ---- lib/functions.sh | 44 ++++++++------------------- minimal/modules/bbmri vars | 2 -- minimal/modules/ccp vars | 7 ----- 8 files changed, 15 insertions(+), 62 deletions(-) delete mode 100644 minimal/modules/bbmri vars delete mode 100644 minimal/modules/ccp vars diff --git a/bbmri/docker-compose.yml b/bbmri/docker-compose.yml index c24f8a0..1903c62 100644 --- a/bbmri/docker-compose.yml +++ b/bbmri/docker-compose.yml @@ -1,6 +1,6 @@ version: "3.7" -# This includes only the shared persistence for BBMRI-ERIC and GBN. Federation components are included as modules, see ccp vars. +# This includes only the shared persistence for BBMRI-ERIC and GBN. Federation components are included as modules, see vars. services: blaze: diff --git a/bbmri/modules/exporter-setup.sh b/bbmri/modules/exporter-setup.sh index 9b947a6..b49f978 100644 --- a/bbmri/modules/exporter-setup.sh +++ b/bbmri/modules/exporter-setup.sh @@ -5,4 +5,5 @@ if [ "$ENABLE_EXPORTER" == true ]; then OVERRIDE+=" -f ./$PROJECT/modules/exporter-compose.yml" EXPORTER_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" EXPORTER_API_KEY="$(echo \"This is a salt string to generate one consistent API KEY for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 64)" + POSTGRES_TAG=15.6-alpine fi diff --git a/bbmri/modules/feedback-agent-setup.sh b/bbmri/modules/feedback-agent-setup.sh index f9217a5..cab2202 100644 --- a/bbmri/modules/feedback-agent-setup.sh +++ b/bbmri/modules/feedback-agent-setup.sh @@ -1,9 +1,6 @@ #!/bin/bash -log INFO "######################################### Metadata feedback script was found by Bridgehead" - if [ "$ENABLE_FEEDBACK_AGENT" == true ]; then - log INFO "######################################### Metadata feedback setup detected -- will start Feedback service." OVERRIDE+=" -f ./$PROJECT/modules/feedback-agent-compose.yml" FEEDBACK_AGENT_BEAM_SECRET="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" FEEDBACK_AGENT_DB_PASSWORD="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" diff --git a/bbmri/vars b/bbmri/vars index 2f6f9ad..248fbee 100644 --- a/bbmri/vars +++ b/bbmri/vars @@ -7,18 +7,6 @@ FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64} PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem -OIDC_USER_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})" -OIDC_ADMIN_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})_Verwalter" -OIDC_PRIVATE_CLIENT_ID=${SITE_ID}-private -OIDC_PUBLIC_CLIENT_ID=${SITE_ID}-public -# Use "test-realm-01" for testing -OIDC_REALM="${OIDC_REALM:-master}" -OIDC_URL="https://login.verbis.dkfz.de" -OIDC_ISSUER_URL="${OIDC_URL}/realms/${OIDC_REALM}" -OIDC_GROUP_CLAIM="groups" - -POSTGRES_TAG=15.6-alpine - for module in $PROJECT/modules/*.sh do log DEBUG "sourcing $module" diff --git a/ccp/modules/teiler-compose.yml b/ccp/modules/teiler-compose.yml index c6bcd9d..f415ee9 100644 --- a/ccp/modules/teiler-compose.yml +++ b/ccp/modules/teiler-compose.yml @@ -47,12 +47,6 @@ services: TEILER_ADMIN: "${OIDC_ADMIN_GROUP}" REPORTER_DEFAULT_TEMPLATE_ID: "ccp-qb" EXPORTER_DEFAULT_TEMPLATE_ID: "ccp" - # Modification needed for running in a test mode - APPLICATION_PORT: "8080" - CONFIG_ENV_VAR_PATH: "/run/secrets/ccp.conf" - # Modification needed for running in a test mode - secrets: - - ccp.conf teiler-backend: diff --git a/lib/functions.sh b/lib/functions.sh index d8d7d68..ffdc234 100644 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -301,39 +301,21 @@ function sync_secrets() { if [[ $secret_sync_args == "" ]]; then return fi - - if [ "${ENABLE_ERIC}" == "true" ]; then - BROKER_ROOT_CERT=/srv/docker/bridgehead/bbmri/$ERIC_ROOT_CERT.crt.pem - PROXY_ID=$ERIC_PROXY_ID - BROKER_ID=$ERIC_BROKER_ID - elif [ "${ENABLE_GBN}" == "true" ]; then - BROKER_ROOT_CERT=/srv/docker/bridgehead/bbmri/$GBN_ROOT_CERT.crt.pem - PROXY_ID=$GBN_PROXY_ID - BROKER_ID=$GBN_BROKER_ID - # Modification needed for running in a test mode - elif [ "${PROJECT}" == "ccp" ]; then - BROKER_ROOT_CERT=/srv/docker/bridgehead/ccp/root.crt.pem - else - fail_and_report 1 "Could not start secret sync as the configuration does not seem to use beam" - fi - local broker_url="https://$BROKER_ID" mkdir -p /var/cache/bridgehead/secrets/ || fail_and_report 1 "Failed to create '/var/cache/bridgehead/secrets/'. Please run sudo './bridgehead install $PROJECT' again." touch /var/cache/bridgehead/secrets/oidc -# Modification needed for running in a test mode -# Commented out so that the Bridgehead can run without Beam. -# docker run --rm \ -# -v /var/cache/bridgehead/secrets/oidc:/usr/local/cache \ -# -v $PRIVATEKEYFILENAME:/run/secrets/privkey.pem:ro \ -# -v $BROKER_ROOT_CERT:/run/secrets/root.crt.pem:ro \ -# -v /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro \ -# -e TLS_CA_CERTIFICATES_DIR=/conf/trusted-ca-certs \ -# -e NO_PROXY=localhost,127.0.0.1 \ -# -e ALL_PROXY=$HTTPS_PROXY_FULL_URL \ -# -e PROXY_ID=$PROXY_ID \ -# -e BROKER_URL=$broker_url \ -# -e OIDC_PROVIDER=secret-sync-central.oidc-client-enrollment.$BROKER_ID \ -# -e SECRET_DEFINITIONS=$secret_sync_args \ -# docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest + docker run --rm \ + -v /var/cache/bridgehead/secrets/oidc:/usr/local/cache \ + -v $PRIVATEKEYFILENAME:/run/secrets/privkey.pem:ro \ + -v /srv/docker/bridgehead/$PROJECT/root.crt.pem:/run/secrets/root.crt.pem:ro \ + -v /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro \ + -e TLS_CA_CERTIFICATES_DIR=/conf/trusted-ca-certs \ + -e NO_PROXY=localhost,127.0.0.1 \ + -e ALL_PROXY=$HTTPS_PROXY_FULL_URL \ + -e PROXY_ID=$PROXY_ID \ + -e BROKER_URL=$BROKER_URL \ + -e OIDC_PROVIDER=secret-sync-central.oidc-client-enrollment.$BROKER_ID \ + -e SECRET_DEFINITIONS=$secret_sync_args \ + docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest set -a # Export variables as environment variables source /var/cache/bridgehead/secrets/oidc diff --git a/minimal/modules/bbmri vars b/minimal/modules/bbmri vars deleted file mode 100644 index ef2e36e..0000000 --- a/minimal/modules/bbmri vars +++ /dev/null @@ -1,2 +0,0 @@ -OIDC_USER_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})" -OIDC_ADMIN_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})_Verwalter" \ No newline at end of file diff --git a/minimal/modules/ccp vars b/minimal/modules/ccp vars deleted file mode 100644 index fa446f8..0000000 --- a/minimal/modules/ccp vars +++ /dev/null @@ -1,7 +0,0 @@ -OIDC_PRIVATE_CLIENT_ID=${SITE_ID}-private -OIDC_PUBLIC_CLIENT_ID=${SITE_ID}-public -# Use "test-realm-01" for testing -OIDC_REALM="${OIDC_REALM:-master}" -OIDC_URL="https://login.verbis.dkfz.de" -OIDC_ISSUER_URL="${OIDC_URL}/realms/${OIDC_REALM}" -OIDC_GROUP_CLAIM="groups"