diff --git a/README.md b/README.md index 2889ff0c..d0e462a7 100644 --- a/README.md +++ b/README.md @@ -318,6 +318,12 @@ To enable it, you will need to explicitly set the username and password variable DS_DIRECTORY_USER_NAME=your_directory_username DS_DIRECTORY_USER_PASS=your_directory_password ``` +Alternatively, if you have obtained a token from the Directory, you can insert the following into the configuration file: +``` +DS_DIRECTORY_USER_TOKEN=your_directory_token +``` +If you don't supply any authentification information (either login credentials or a token), Directory sync will not start. + Please contact your National Node or Directory support (directory-dev@helpdesk.bbmri-eric.eu) to obtain these credentials. The following environment variables can be used from within your config file to control the behavior of Directory sync: @@ -325,12 +331,13 @@ The following environment variables can be used from within your config file to | Variable | Purpose | Default if not specified | |:-----------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------------| | DS_DIRECTORY_URL | Base URL of the Directory | https://directory-backend.molgenis.net | -| DS_DIRECTORY_USER_NAME | User name for logging in to Directory **Mandatory** | | -| DS_DIRECTORY_USER_PASS | Password for logging in to Directory **Mandatory** | | +| DS_DIRECTORY_USER_NAME | User name for logging in to Directory | | +| DS_DIRECTORY_USER_PASS | Password for logging in to Directory | | +| DS_DIRECTORY_USER_TOKEN | Token for logging in to Directory | | | DS_DIRECTORY_DEFAULT_COLLECTION_ID | ID of collection to be used if not in samples | | | DS_DIRECTORY_ALLOW_STAR_MODEL | Set to 'True' to send star model info to Directory | True | | DS_FHIR_STORE_URL | URL for FHIR store | http://bridgehead-bbmri-blaze:8080 | -| DS_TIMER_CRON | Execution interval for Directory sync, [cron](https://crontab.guru) format | 0 22 * * * | +| DS_TIMER_CRON | Execution interval for Directory sync, [cron](https://crontab.guru) format | 30 22 * * * | | DS_IMPORT_BIOBANKS | Set to 'True' to import biobank metadata from Directory | True | | DS_IMPORT_COLLECTIONS | Set to 'True' to import collection metadata from Directory | True | diff --git a/bbmri/modules/directory-sync-compose.yml b/bbmri/modules/directory-sync-compose.yml index 834dd923..58e1c69a 100644 --- a/bbmri/modules/directory-sync-compose.yml +++ b/bbmri/modules/directory-sync-compose.yml @@ -7,7 +7,8 @@ services: DS_DIRECTORY_URL: ${DS_DIRECTORY_URL:-https://directory.bbmri-eric.eu} DS_DIRECTORY_USER_NAME: ${DS_DIRECTORY_USER_NAME} DS_DIRECTORY_USER_PASS: ${DS_DIRECTORY_USER_PASS} - DS_TIMER_CRON: ${DS_TIMER_CRON:-0 22 * * *} + DS_DIRECTORY_USER_TOKEN: ${DS_DIRECTORY_USER_TOKEN} + DS_TIMER_CRON: ${DS_TIMER_CRON:-30 22 * * *} DS_DIRECTORY_ALLOW_STAR_MODEL: ${DS_DIRECTORY_ALLOW_STAR_MODEL:-true} DS_DIRECTORY_MOCK: ${DS_DIRECTORY_MOCK} DS_DIRECTORY_DEFAULT_COLLECTION_ID: ${DS_DIRECTORY_DEFAULT_COLLECTION_ID} @@ -16,3 +17,6 @@ services: DS_IMPORT_COLLECTIONS: ${DS_IMPORT_COLLECTIONS:-true} depends_on: - "blaze" + volumes: + - /etc/localtime:/etc/localtime:ro # inherit host timezone + - /etc/timezone:/etc/timezone:ro # inherit host timezone name diff --git a/bbmri/modules/directory-sync.sh b/bbmri/modules/directory-sync.sh index 2765dfbb..01ce7df7 100755 --- a/bbmri/modules/directory-sync.sh +++ b/bbmri/modules/directory-sync.sh @@ -1,6 +1,6 @@ #!/bin/bash -if [ -n "${DS_DIRECTORY_USER_NAME}" ]; then +if [ -n "${DS_DIRECTORY_USER_NAME}" ] || [ -n "${DS_DIRECTORY_USER_TOKEN}" ]; then log INFO "Directory sync setup detected -- will start directory sync service." OVERRIDE+=" -f ./$PROJECT/modules/directory-sync-compose.yml" fi diff --git a/bbmri/modules/eric-compose.yml b/bbmri/modules/eric-compose.yml index 72baa6c7..e6ed0447 100644 --- a/bbmri/modules/eric-compose.yml +++ b/bbmri/modules/eric-compose.yml @@ -11,6 +11,7 @@ services: BLAZE_URL: "http://blaze:8080/fhir/" BEAM_PROXY_URL: http://beam-proxy-eric:8081 RETRY_COUNT: ${FOCUS_RETRY_COUNT} + OBFUSCATE_BBMRI_ERIC_WAY: "true" depends_on: - "beam-proxy-eric" - "blaze" diff --git a/bridgehead b/bridgehead index 9483767b..09b46f59 100755 --- a/bridgehead +++ b/bridgehead @@ -35,6 +35,9 @@ case "$PROJECT" in cce) #nothing extra to do ;; + pscc) + #nothing extra to do + ;; itcc) #nothing extra to do ;; @@ -44,6 +47,9 @@ case "$PROJECT" in dhki) #nothing extra to do ;; + nngm) + #nothing extra to do + ;; minimal) #nothing extra to do ;; diff --git a/cce/modules/lens-compose.yml b/cce/modules/lens-compose.yml index d9ec6e28..59d707ca 100644 --- a/cce/modules/lens-compose.yml +++ b/cce/modules/lens-compose.yml @@ -1,32 +1,46 @@ version: "3.7" services: - landing: + lens: container_name: lens_federated-search - image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID} + image: samply/cce-explorer:main + environment: + PUBLIC_SPOT_URL: https://${HOST}/prod labels: + - "traefik.http.services.lens.loadbalancer.server.port=3000" - "traefik.enable=true" - - "traefik.http.routers.landing.rule=PathPrefix(`/`)" - - "traefik.http.services.landing.loadbalancer.server.port=80" - - "traefik.http.routers.landing.tls=true" + - "traefik.http.routers.lens.rule=Host(`${HOST}`)" + - "traefik.http.routers.lens.tls=true" spot: - image: docker.verbis.dkfz.de/ccp-private/central-spot + image: samply/rustyspot:latest environment: + HTTP_PROXY: ${HTTP_PROXY_URL} + HTTPS_PROXY: ${HTTPS_PROXY_URL} + NO_PROXY: beam-proxy BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}" - BEAM_URL: http://beam-proxy:8081 - BEAM_PROXY_ID: ${SITE_ID} - BEAM_BROKER_ID: ${BROKER_ID} - BEAM_APP_ID: "focus" + BEAM_PROXY_URL: http://beam-proxy:8081 + BEAM_APP_ID: "spot.${SITE_ID}.${BROKER_ID}" + CORS_ORIGIN: "https://${HOST}" + SITES: ${SITES} + TRANSFORM: LENS + PROJECT: cce + BIND_ADDR: 0.0.0.0:8055 depends_on: - "beam-proxy" labels: - "traefik.enable=true" - - "traefik.http.services.spot.loadbalancer.server.port=8080" + - "traefik.http.services.spot.loadbalancer.server.port=8055" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST" + - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowheaders=content-type" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1" - - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/backend`)" - - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/backend" + - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/prod`)" + - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/prod" - "traefik.http.routers.spot.tls=true" - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot,auth" + + beam-proxy: + environment: + APP_spot_KEY: ${FOCUS_BEAM_SECRET_SHORT} + \ No newline at end of file diff --git a/cce/modules/osiris2fhir-setup.sh b/cce/modules/osiris2fhir-setup.sh new file mode 100644 index 00000000..ce1d6d73 --- /dev/null +++ b/cce/modules/osiris2fhir-setup.sh @@ -0,0 +1,6 @@ +#!/bin/bash +if [ -n "$ENABLE_OSIRIS2FHIR" ]; then + log INFO "OSIRIS2FHIR-REST setup detected -- will start osiris2fhir module." + OVERRIDE+=" -f ./pscc/modules/osiris2fhir-compose.yml" + LOCAL_SALT="$(echo \"local-random-salt\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" +fi \ No newline at end of file diff --git a/cce/vars b/cce/vars index 7d0c1a3c..9338bd56 100644 --- a/cce/vars +++ b/cce/vars @@ -11,4 +11,4 @@ for module in $PROJECT/modules/*.sh do log DEBUG "sourcing $module" source $module -done +done \ No newline at end of file diff --git a/ccp/modules/dnpm-node-compose.yml b/ccp/modules/dnpm-node-compose.yml index 297ab5b0..0a7bcd31 100644 --- a/ccp/modules/dnpm-node-compose.yml +++ b/ccp/modules/dnpm-node-compose.yml @@ -66,6 +66,7 @@ services: - HATEOAS_HOST=https://${HOST} - CONNECTOR_TYPE=broker - AUTHUP_URL=robot://system:${DNPM_AUTHUP_SECRET}@http://dnpm-authup:3000 + - TZ=Europe/Berlin volumes: - /etc/bridgehead/dnpm/config:/dnpm_config - /var/cache/bridgehead/dnpm/backend-data:/dnpm_data diff --git a/itcc/docker-compose.yml b/itcc/docker-compose.yml index 18adb6f9..49edff0a 100644 --- a/itcc/docker-compose.yml +++ b/itcc/docker-compose.yml @@ -15,7 +15,7 @@ services: - "blaze-data:/app/data" labels: - "traefik.enable=true" - - "traefik.http.routers.blaze_itcc.rule=PathPrefix(`/itcc-localdatamanagement`)" + - "traefik.http.routers.blaze_itcc.rule=Host(`${HOST}`) && PathPrefix(`/itcc-localdatamanagement`)" - "traefik.http.middlewares.itcc_b_strip.stripprefix.prefixes=/itcc-localdatamanagement" - "traefik.http.services.blaze_itcc.loadbalancer.server.port=8080" - "traefik.http.routers.blaze_itcc.middlewares=itcc_b_strip,auth" diff --git a/itcc/modules/itcc-omics-ingest.sh b/itcc/modules/itcc-omics-ingest.sh new file mode 100644 index 00000000..a078140a --- /dev/null +++ b/itcc/modules/itcc-omics-ingest.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +if [ -n "$ENABLE_OMICS" ];then + OVERRIDE+=" -f ./$PROJECT/modules/itcc-omics-ingest.yaml" + GENERATE_API_KEY="$(generate_simple_password 'omics')" +fi \ No newline at end of file diff --git a/itcc/modules/itcc-omics-ingest.yaml b/itcc/modules/itcc-omics-ingest.yaml new file mode 100644 index 00000000..81084331 --- /dev/null +++ b/itcc/modules/itcc-omics-ingest.yaml @@ -0,0 +1,14 @@ +services: + omics-endpoint: + image: ghcr.io/samply/itcc-omics-ingest:main + environment: + - API_KEY=${GENERATE_API_KEY} + volumes: + - /var/cache/bridgehead/omics/data:/data/uploads + labels: + - "traefik.http.routers.omics.rule=Host(`${HOST}`) && PathPrefix(`/api/omics`)" + - "traefik.enable=true" + - "traefik.http.services.omics.loadbalancer.server.port=6080" + - "traefik.http.routers.omics.tls=true" + - "traefik.http.middlewares.omics-stripprefix.stripprefix.prefixes=/api" + - "traefik.http.routers.omics.middlewares=omics-stripprefix" diff --git a/itcc/modules/lens-compose.yml b/itcc/modules/lens-compose.yml index d9ec6e28..5a5b78cc 100644 --- a/itcc/modules/lens-compose.yml +++ b/itcc/modules/lens-compose.yml @@ -1,32 +1,47 @@ version: "3.7" services: - landing: - container_name: lens_federated-search - image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID} + itcc-explorer: + container_name: lens_itcc_explorer + image: samply/itcc-explorer:main + environment: + HOST: "0.0.0.0" + BIND_ADDR: "0.0.0.0:3000" + PUBLIC_ENVIRONMENT: ${PUBLIC_ENVIRONMENT} labels: - "traefik.enable=true" - - "traefik.http.routers.landing.rule=PathPrefix(`/`)" - - "traefik.http.services.landing.loadbalancer.server.port=80" - - "traefik.http.routers.landing.tls=true" + - "traefik.http.routers.itcc.rule=Host(`${HOST}`) && PathPrefix(`/`)" + - "traefik.http.routers.itcc.entrypoints=websecure" + - "traefik.http.services.itcc.loadbalancer.server.port=3000" + - "traefik.http.routers.itcc.tls=true" spot: - image: docker.verbis.dkfz.de/ccp-private/central-spot + image: samply/rustyspot:latest environment: BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}" - BEAM_URL: http://beam-proxy:8081 + BEAM_PROXY_URL: http://beam-proxy:8081 BEAM_PROXY_ID: ${SITE_ID} BEAM_BROKER_ID: ${BROKER_ID} - BEAM_APP_ID: "focus" + BEAM_APP_ID: "spot.${SITE_ID}.${BROKER_ID}" + CORS_ORIGIN: "https://${HOST}" + SITES: ${SITES} + TRANSFORM: LENS + PROJECT: "itcc" + BIND_ADDR: 0.0.0.0:8055 depends_on: - "beam-proxy" labels: - "traefik.enable=true" - - "traefik.http.services.spot.loadbalancer.server.port=8080" + - "traefik.http.services.spot.loadbalancer.server.port=8055" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST" + - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowheaders=content-type" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1" - - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/backend`)" - - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/backend" + - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/prod`)" + - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/prod" - "traefik.http.routers.spot.tls=true" - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot,auth" + + beam-proxy: + environment: + APP_spot_KEY: ${FOCUS_BEAM_SECRET_SHORT} diff --git a/itcc/vars b/itcc/vars index b03403b8..3eee6525 100644 --- a/itcc/vars +++ b/itcc/vars @@ -6,6 +6,7 @@ FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64} SUPPORT_EMAIL=arturo.macias@dkfz-heidelberg.de PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem BROKER_URL_FOR_PREREQ=$BROKER_URL +PUBLIC_ENVIRONMENT=prod for module in $PROJECT/modules/*.sh do diff --git a/kr/docker-compose.yml b/kr/docker-compose.yml index 98632bde..3da9e53a 100644 --- a/kr/docker-compose.yml +++ b/kr/docker-compose.yml @@ -12,7 +12,8 @@ services: BASE_URL: "http://bridgehead-kr-blaze:8080" JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m" DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000} - DB_BLOCK_CACHE_SIZE: $BLAZE_MEMORY_CAP + DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP} + CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32} ENFORCE_REFERENTIAL_INTEGRITY: "false" volumes: - "blaze-data:/app/data" diff --git a/kr/modules/export-and-qb.curl-templates b/kr/modules/export-and-qb.curl-templates deleted file mode 100644 index 739c5af6..00000000 --- a/kr/modules/export-and-qb.curl-templates +++ /dev/null @@ -1,6 +0,0 @@ -# Full Excel Export -curl --location --request POST 'https://${HOST}/ccp-exporter/request?query=Patient&query-format=FHIR_PATH&template-id=ccp&output-format=EXCEL' \ ---header 'x-api-key: ${EXPORT_API_KEY}' - -# QB -curl --location --request POST 'https://${HOST}/ccp-reporter/generate?template-id=ccp' diff --git a/kr/modules/lens-compose.yml b/kr/modules/lens-compose.yml index b0b4573d..ea2b98d7 100644 --- a/kr/modules/lens-compose.yml +++ b/kr/modules/lens-compose.yml @@ -4,32 +4,41 @@ services: deploy: replicas: 1 #reactivate if lens is in use container_name: lens_federated-search - image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID} + image: docker.verbis.dkfz.de/ccp/kr-explorer:main + environment: + PUBLIC_SPOT_URL: https://${HOST}/prod labels: + - "traefik.http.services.lens.loadbalancer.server.port=3000" - "traefik.enable=true" - - "traefik.http.routers.landing.rule=PathPrefix(`/`)" - - "traefik.http.services.landing.loadbalancer.server.port=80" - - "traefik.http.routers.landing.tls=true" + - "traefik.http.routers.lens.rule=Host(`${HOST}`)" + - "traefik.http.routers.lens.tls=true" spot: - image: docker.verbis.dkfz.de/ccp-private/central-spot + image: samply/rustyspot:latest environment: BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}" - BEAM_URL: http://beam-proxy:8081 - BEAM_PROXY_ID: ${SITE_ID} - BEAM_BROKER_ID: ${BROKER_ID} - BEAM_APP_ID: "focus" - PROJECT_METADATA: "kr_supervisors" + BEAM_PROXY_URL: http://beam-proxy:8081 + BEAM_APP_ID: "spot.${SITE_ID}.${BROKER_ID}" + CORS_ORIGIN: "https://${HOST}" + SITES: ${SITES} + TRANSFORM: LENS + PROJECT: kr + BIND_ADDR: 0.0.0.0:8055 depends_on: - "beam-proxy" labels: - "traefik.enable=true" - - "traefik.http.services.spot.loadbalancer.server.port=8080" + - "traefik.http.services.spot.loadbalancer.server.port=8055" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST" + - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowheaders=content-type" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1" - - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/backend`)" - - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/backend" + - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/prod`)" + - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/prod" - "traefik.http.routers.spot.tls=true" - - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot" + - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot,auth" + + beam-proxy: + environment: + APP_spot_KEY: ${FOCUS_BEAM_SECRET_SHORT} diff --git a/kr/modules/obds2fhir-rest-compose.yml b/kr/modules/obds2fhir-rest-compose.yml index 833580d1..ec1737c8 100644 --- a/kr/modules/obds2fhir-rest-compose.yml +++ b/kr/modules/obds2fhir-rest-compose.yml @@ -3,7 +3,7 @@ version: "3.7" services: obds2fhir-rest: container_name: bridgehead-obds2fhir-rest - image: docker.verbis.dkfz.de/ccp/obds2fhir-rest:main + image: docker.verbis.dkfz.de/samply/obds2fhir-rest:main environment: IDTYPE: BK_${IDMANAGEMENT_FRIENDLY_ID}_L-ID MAINZELLISTE_APIKEY: ${IDMANAGER_LOCAL_PATIENTLIST_APIKEY} diff --git a/kr/vars b/kr/vars index d4e5a27a..f5c1e65e 100644 --- a/kr/vars +++ b/kr/vars @@ -3,7 +3,7 @@ BROKER_URL=https://${BROKER_ID} PROXY_ID=${SITE_ID}.${BROKER_ID} FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64} -SUPPORT_EMAIL=arturo.macias@dkfz-heidelberg.de +SUPPORT_EMAIL=p.delpy@dkfz-heidelberg.de PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem BROKER_URL_FOR_PREREQ=$BROKER_URL diff --git a/lib/functions.sh b/lib/functions.sh index c0f42576..520d86aa 100644 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -54,7 +54,7 @@ checkOwner(){ printUsage() { echo "Usage: bridgehead start|stop|logs|docker-logs|is-running|update|check|install|uninstall|adduser|enroll PROJECTNAME" - echo "PROJECTNAME should be one of ccp|bbmri|cce|itcc|kr|dhki" + echo "PROJECTNAME should be one of ccp|bbmri|cce|itcc|kr|dhki|nngm" } checkRequirements() { @@ -327,7 +327,7 @@ function sync_secrets() { -e ALL_PROXY=$HTTPS_PROXY_FULL_URL \ -e PROXY_ID=$proxy_id \ -e BROKER_URL=$broker_url \ - -e OIDC_PROVIDER=secret-sync-central.test-secret-sync.$broker_id \ + -e OIDC_PROVIDER=secret-sync-central.central-secret-sync.$broker_id \ -e SECRET_DEFINITIONS=$secret_sync_args \ docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest @@ -337,7 +337,7 @@ function sync_secrets() { } function secret_sync_gitlab_token() { - if [ "$PROJECT" == "minimal" ]; then + if [[ "$PROJECT" != "dktk" && "$PROJECT" != "bbmri" ]]; then log "INFO" "Not running Secret Sync for project minimal" return fi diff --git a/lib/prepare-system.sh b/lib/prepare-system.sh index b6aba52b..6ff4eb73 100755 --- a/lib/prepare-system.sh +++ b/lib/prepare-system.sh @@ -55,6 +55,9 @@ case "$PROJECT" in cce) site_configuration_repository_middle="git.verbis.dkfz.de/cce-sites/" ;; + pscc) + site_configuration_repository_middle="git.verbis.dkfz.de/pscc-sites/" + ;; itcc) site_configuration_repository_middle="git.verbis.dkfz.de/itcc-sites/" ;; @@ -67,6 +70,9 @@ case "$PROJECT" in dhki) site_configuration_repository_middle="git.verbis.dkfz.de/dhki/" ;; + nngm) + site_configuration_repository_middle="git.verbis.dkfz.de/nngm/" + ;; minimal) site_configuration_repository_middle="git.verbis.dkfz.de/minimal-bridgehead-configs/" ;; diff --git a/minimal/modules/dnpm-node-compose.yml b/minimal/modules/dnpm-node-compose.yml index 4ec8c4b3..938cc9ca 100644 --- a/minimal/modules/dnpm-node-compose.yml +++ b/minimal/modules/dnpm-node-compose.yml @@ -66,6 +66,7 @@ services: - HATEOAS_HOST=https://${HOST} - CONNECTOR_TYPE=broker - AUTHUP_URL=robot://system:${DNPM_AUTHUP_SECRET}@http://dnpm-authup:3000 + - TZ=Europe/Berlin volumes: - /etc/bridgehead/dnpm/config:/dnpm_config - /var/cache/bridgehead/dnpm/backend-data:/dnpm_data diff --git a/nngm/docker-compose.yml b/nngm/docker-compose.yml new file mode 100644 index 00000000..69cbabef --- /dev/null +++ b/nngm/docker-compose.yml @@ -0,0 +1,65 @@ +version: "3.7" + +services: + blaze: + image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG} + container_name: bridgehead-nngm-blaze + environment: + BASE_URL: "http://bridgehead-nngm-blaze:8080" + JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m" + DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000} + DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP} + CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32} + ENFORCE_REFERENTIAL_INTEGRITY: "false" + volumes: + - "blaze-data:/app/data" + labels: + - "traefik.enable=true" + - "traefik.http.routers.blaze_nngm.rule=PathPrefix(`/nngm-localdatamanagement`)" + - "traefik.http.middlewares.nngm_b_strip.stripprefix.prefixes=/nngm-localdatamanagement" + - "traefik.http.services.blaze_nngm.loadbalancer.server.port=8080" + - "traefik.http.routers.blaze_nngm.middlewares=nngm_b_strip,auth" + - "traefik.http.routers.blaze_nngm.tls=true" + + focus: + image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG} + container_name: bridgehead-focus + environment: + - API_KEY=${FOCUS_BEAM_SECRET_SHORT} + - BEAM_APP_ID_LONG=focus.${PROXY_ID} + - PROXY_ID=${PROXY_ID} + - BLAZE_URL=http://bridgehead-nngm-blaze:8080/fhir/ + - BEAM_PROXY_URL=http://beam-proxy:8081 + - RETRY_COUNT=${FOCUS_RETRY_COUNT} + - EPSILON=0.28 + - ENDPOINT_TYPE=${FOCUS_ENDPOINT_TYPE:-blaze} + - CQL_PROJECTS_ENABLED + depends_on: + - "beam-proxy" + - "blaze" + + beam-proxy: + image: docker.verbis.dkfz.de/cache/samply/beam-proxy:${BEAM_TAG} + container_name: bridgehead-beam-proxy + environment: + BROKER_URL: ${BROKER_URL} + PROXY_ID: ${PROXY_ID} + APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT} + PRIVKEY_FILE: /run/secrets/proxy.pem + ALL_PROXY: http://forward_proxy:3128 + TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs + ROOTCERT_FILE: /conf/root.crt.pem + secrets: + - proxy.pem + depends_on: + - "forward_proxy" + volumes: + - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro + - /srv/docker/bridgehead/nngm/root.crt.pem:/conf/root.crt.pem:ro + +volumes: + blaze-data: + +secrets: + proxy.pem: + file: /etc/bridgehead/pki/${SITE_ID}.priv.pem diff --git a/nngm/modules/exporter-compose.yml b/nngm/modules/exporter-compose.yml new file mode 100644 index 00000000..6a11353b --- /dev/null +++ b/nngm/modules/exporter-compose.yml @@ -0,0 +1,72 @@ +version: "3.7" + +services: + exporter: + image: docker.verbis.dkfz.de/ccp/dktk-exporter:latest + container_name: bridgehead-nngm-exporter + environment: + JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC" + LOG_LEVEL: "INFO" + EXPORTER_API_KEY: "${EXPORTER_API_KEY}" # Set in exporter-setup.sh + CROSS_ORIGINS: "https://${HOST}" + EXPORTER_DB_USER: "exporter" + EXPORTER_DB_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh + EXPORTER_DB_URL: "jdbc:postgresql://exporter-db:5432/exporter" + HTTP_RELATIVE_PATH: "/nngm-exporter" + SITE: "${SITE_ID}" + HTTP_SERVLET_REQUEST_SCHEME: "https" + OPAL_PASSWORD: "${EXPORTER_OPAL_PASSWORD}" + labels: + - "traefik.enable=true" + - "traefik.http.routers.exporter_nngm.rule=PathPrefix(`/nngm-exporter`)" + - "traefik.http.services.exporter_nngm.loadbalancer.server.port=8092" + - "traefik.http.routers.exporter_nngm.tls=true" + - "traefik.http.middlewares.exporter_nngm_strip.stripprefix.prefixes=/nngm-exporter" + - "traefik.http.routers.exporter_nngm.middlewares=exporter_nngm_strip" + volumes: + - "/var/cache/bridgehead/nngm/exporter-files:/app/exporter-files/output" + + exporter-db: + image: docker.verbis.dkfz.de/cache/postgres:${POSTGRES_TAG} + container_name: bridgehead-nngm-exporter-db + environment: + POSTGRES_USER: "exporter" + POSTGRES_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh + POSTGRES_DB: "exporter" + volumes: + # Consider removing this volume once we find a solution to save Lens-queries to be executed in the explorer. + - "/var/cache/bridgehead/nngm/exporter-db:/var/lib/postgresql/data" + + reporter: + image: docker.verbis.dkfz.de/ccp/dktk-reporter:latest + container_name: bridgehead-nngm-reporter + environment: + JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC" + LOG_LEVEL: "INFO" + CROSS_ORIGINS: "https://${HOST}" + HTTP_RELATIVE_PATH: "/nngm-reporter" + SITE: "${SITE_ID}" + EXPORTER_API_KEY: "${EXPORTER_API_KEY}" # Set in exporter-setup.sh + EXPORTER_URL: "http://exporter:8092" + LOG_FHIR_VALIDATION: "false" + HTTP_SERVLET_REQUEST_SCHEME: "https" + + # In this initial development state of the bridgehead, we are trying to have so many volumes as possible. + # However, in the first executions in the CCP sites, this volume seems to be very important. A report is + # a process that can take several hours, because it depends on the exporter. + # There is a risk that the bridgehead restarts, losing the already created export. + + volumes: + - "/var/cache/bridgehead/nngm/reporter-files:/app/reports" + labels: + - "traefik.enable=true" + - "traefik.http.routers.reporter_nngm.rule=PathPrefix(`/nngm-reporter`)" + - "traefik.http.services.reporter_nngm.loadbalancer.server.port=8095" + - "traefik.http.routers.reporter_nngm.tls=true" + - "traefik.http.middlewares.reporter_nngm_strip.stripprefix.prefixes=/nngm-reporter" + - "traefik.http.routers.reporter_nngm.middlewares=reporter_nngm_strip" + + focus: + environment: + EXPORTER_URL: "http://exporter:8092" + EXPORTER_API_KEY: "${EXPORTER_API_KEY}" diff --git a/nngm/modules/exporter-setup.sh b/nngm/modules/exporter-setup.sh new file mode 100644 index 00000000..9b947a60 --- /dev/null +++ b/nngm/modules/exporter-setup.sh @@ -0,0 +1,8 @@ +#!/bin/bash -e + +if [ "$ENABLE_EXPORTER" == true ]; then + log INFO "Exporter setup detected -- will start Exporter service." + OVERRIDE+=" -f ./$PROJECT/modules/exporter-compose.yml" + EXPORTER_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" + EXPORTER_API_KEY="$(echo \"This is a salt string to generate one consistent API KEY for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 64)" +fi diff --git a/nngm/modules/teiler-compose.yml b/nngm/modules/teiler-compose.yml new file mode 100644 index 00000000..47a2ecc6 --- /dev/null +++ b/nngm/modules/teiler-compose.yml @@ -0,0 +1,73 @@ +version: "3.7" + +services: + + teiler-orchestrator: + image: docker.verbis.dkfz.de/cache/samply/teiler-orchestrator:latest + container_name: bridgehead-teiler-orchestrator + labels: + - "traefik.enable=true" + - "traefik.http.routers.teiler_orchestrator_nngm.rule=PathPrefix(`/nngm-teiler`)" + - "traefik.http.services.teiler_orchestrator_nngm.loadbalancer.server.port=9000" + - "traefik.http.routers.teiler_orchestrator_nngm.tls=true" + - "traefik.http.middlewares.teiler_orchestrator_nngm_strip.stripprefix.prefixes=/nngm-teiler" + - "traefik.http.routers.teiler_orchestrator_nngm.middlewares=teiler_orchestrator_nngm_strip" + environment: + TEILER_BACKEND_URL: "/nngm-teiler-backend" + TEILER_DASHBOARD_URL: "/nngm-teiler-dashboard" + DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE_LOWER_CASE}" + HTTP_RELATIVE_PATH: "/nngm-teiler" + + teiler-dashboard: + image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:${TEILER_DASHBOARD_TAG} + container_name: bridgehead-teiler-dashboard + labels: + - "traefik.enable=true" + - "traefik.http.routers.teiler_dashboard_nngm.rule=PathPrefix(`/nngm-teiler-dashboard`)" + - "traefik.http.services.teiler_dashboard_nngm.loadbalancer.server.port=80" + - "traefik.http.routers.teiler_dashboard_nngm.tls=true" + - "traefik.http.middlewares.teiler_dashboard_nngm_strip.stripprefix.prefixes=/nngm-teiler-dashboard" + - "traefik.http.routers.teiler_dashboard_nngm.middlewares=teiler_dashboard_nngm_strip" + environment: + DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}" + TEILER_BACKEND_URL: "/nngm-teiler-backend" + TEILER_DASHBOARD_URL: "/nngm-teiler-dashboard" + OIDC_URL: "${OIDC_URL}" + OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}" + OIDC_TOKEN_GROUP: "${OIDC_GROUP_CLAIM}" + TEILER_ADMIN_NAME: "${OPERATOR_FIRST_NAME} ${OPERATOR_LAST_NAME}" + TEILER_ADMIN_EMAIL: "${OPERATOR_EMAIL}" + TEILER_ADMIN_PHONE: "${OPERATOR_PHONE}" + TEILER_PROJECT: "${PROJECT}" + EXPORTER_API_KEY: "${EXPORTER_API_KEY}" + TEILER_ORCHESTRATOR_URL: "/nngm-teiler" + TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/nngm-teiler" + TEILER_USER: "${OIDC_USER_GROUP}" + TEILER_ADMIN: "${OIDC_ADMIN_GROUP}" + REPORTER_DEFAULT_TEMPLATE_ID: "ccp-qb" + EXPORTER_DEFAULT_TEMPLATE_ID: "ccp" + + +# TODO: Replace dktk-teiler-backend with nngm-teiler-backend + teiler-backend: + image: docker.verbis.dkfz.de/ccp/dktk-teiler-backend:latest + container_name: bridgehead-teiler-backend + labels: + - "traefik.enable=true" + - "traefik.http.routers.teiler_backend_nngm.rule=PathPrefix(`/nngm-teiler-backend`)" + - "traefik.http.services.teiler_backend_nngm.loadbalancer.server.port=8085" + - "traefik.http.routers.teiler_backend_nngm.tls=true" + - "traefik.http.middlewares.teiler_backend_nngm_strip.stripprefix.prefixes=/nngm-teiler-backend" + - "traefik.http.routers.teiler_backend_nngm.middlewares=teiler_backend_nngm_strip" + environment: + LOG_LEVEL: "INFO" + APPLICATION_PORT: "8085" + DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}" + TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/nngm-teiler" + TEILER_ORCHESTRATOR_URL: "/nngm-teiler" + TEILER_DASHBOARD_DE_URL: "/nngm-teiler-dashboard/de" + TEILER_DASHBOARD_EN_URL: "/nngm-teiler-dashboard/en" + HTTP_PROXY: "http://forward_proxy:3128" + ENABLE_MTBA: "${ENABLE_MTBA}" + ENABLE_DATASHIELD: "${ENABLE_DATASHIELD}" + IDMANAGER_UPLOAD_APIKEY: "${IDMANAGER_UPLOAD_APIKEY}" # Only used to check if the ID Manager is active diff --git a/nngm/modules/teiler-setup.sh b/nngm/modules/teiler-setup.sh new file mode 100644 index 00000000..e74e429e --- /dev/null +++ b/nngm/modules/teiler-setup.sh @@ -0,0 +1,8 @@ +#!/bin/bash -e + +if [ "$ENABLE_TEILER" == true ];then + log INFO "Teiler setup detected -- will start Teiler services." + OVERRIDE+=" -f ./$PROJECT/modules/teiler-compose.yml" + TEILER_DEFAULT_LANGUAGE=DE + TEILER_DEFAULT_LANGUAGE_LOWER_CASE=${TEILER_DEFAULT_LANGUAGE,,} +fi diff --git a/nngm/root.crt.pem b/nngm/root.crt.pem new file mode 100644 index 00000000..dbf6fc3b --- /dev/null +++ b/nngm/root.crt.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNTCCAh2gAwIBAgIUWHMDQFPJR5y8RKZ5FC72iOOla4kwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjUxMDI3MTQwMjU1WhcNMzUx +MDI1MTQwMzI1WjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAKoghRqAo6s9xjDao+ZC9HpZDBgzOgRMRHrl352k +Y0Gti1p3m8ldwVQV+nlBE6g/Dowo+iaOwUBiHMHOI2BK7vqkGNp0tZ63ZKR4cyOD +hCDOl71lWxjYD5XmF7l/SbrLFfET0EEorhLDDOMuWrNpxKFfKdvhld6K5BZ3oSfH +/5W5y5jWRFWEYRzddzil2GOiU2vzAygA0I1nr5oHCgZoteDDXztAYHJ5vnPA9RNQ +YFoe/5fVOiJo869zYyBwMuY/dV5ff7eIe/HRKzFLZ6iJEOJcBFWx/aWEvj5gSWxS +x4OzkwoHsZOkRN9wSTXvdO5kPFzmPq8Nq7Hmw4tLVzP1eRECAwEAAaN7MHkwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP9BHa86rz94 +nvMj2JhM5V3L3TWCMB8GA1UdIwQYMBaAFP9BHa86rz94nvMj2JhM5V3L3TWCMBYG +A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQCkWBXRUGx5 +XFWEEAVbAMcEuXAr6+HtSs+NTORQ01LhNST8Z9HhOaAjfH/dJiLvOjHvOuiOK9y9 +ZGkIIwqkkbhlv1ZcfQBWXh+xDNbq9Q2MaIWY3ZzPTKFgNkxFcEF43MMB+o5pK1Bf +jJIiSxuEfM0yHg9o+jc3V3XRhU9leXNPkfJezTGfVuWr/B/kTmnQ8zrOCapB+NnX +vuu1ayNyXflDkj8Gg0X4TarxGhSP6Dpxd9ViEQD9DFG8q42bH0mYveHcAIUN0FJX +4F2NChiL7dCSFFe6xKdRFDtNe12JrHRjU1rMAcxhYjBRbqt2o2HfDPajSJrhRheY +T35rRWxDupkP +-----END CERTIFICATE----- \ No newline at end of file diff --git a/nngm/vars b/nngm/vars new file mode 100644 index 00000000..9468feea --- /dev/null +++ b/nngm/vars @@ -0,0 +1,32 @@ +BROKER_ID=broker.nngm.dkfz.de +BROKER_URL=https://${BROKER_ID} +PROXY_ID=${SITE_ID}.${BROKER_ID} +FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" +FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64} +# TODO: Add real nNGM-Support email +SUPPORT_EMAIL=support-nngm@dkfz-heidelberg.de +PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem + +BROKER_URL_FOR_PREREQ=$BROKER_URL + +# TODO: Replace with nNGM OIDC Server +OIDC_USER_GROUP="NNGM_$(capitalize_first_letter ${SITE_ID})" +OIDC_ADMIN_GROUP="NNGM_$(capitalize_first_letter ${SITE_ID})_Verwalter" +OIDC_PSP_GROUP="NNGM_$(capitalize_first_letter ${SITE_ID})_PSP" +OIDC_PRIVATE_CLIENT_ID=${SITE_ID}-private +OIDC_PUBLIC_CLIENT_ID=${SITE_ID}-public +OIDC_URL="https://sso.verbis.dkfz.de/application/o/${OIDC_PUBLIC_CLIENT_ID}/" +OIDC_PRIVATE_URL="https://sso.verbis.dkfz.de/application/o/${OIDC_PRIVATE_CLIENT_ID}/" +OIDC_GROUP_CLAIM="groups" + +for module in $PROJECT/modules/*.sh +do + log DEBUG "sourcing $module" + source $module +done + +for module in modules/*.sh +do + log DEBUG "sourcing $module" + source $module +done diff --git a/pscc/docker-compose.yml b/pscc/docker-compose.yml new file mode 100644 index 00000000..f3343d4f --- /dev/null +++ b/pscc/docker-compose.yml @@ -0,0 +1,67 @@ +version: "3.7" + +services: + blaze: + image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG} + container_name: bridgehead-pscc-blaze + environment: + BASE_URL: "http://bridgehead-pscc-blaze:8080" + JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m" + DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000} + DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP} + CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32} + ENFORCE_REFERENTIAL_INTEGRITY: "false" + volumes: + - "blaze-data:/app/data" + labels: + - "traefik.enable=true" + - "traefik.http.routers.blaze_pscc.rule=PathPrefix(`/pscc-localdatamanagement`)" + - "traefik.http.middlewares.pscc_b_strip.stripprefix.prefixes=/pscc-localdatamanagement" + - "traefik.http.services.blaze_pscc.loadbalancer.server.port=8080" + - "traefik.http.routers.blaze_pscc.middlewares=pscc_b_strip,auth" + - "traefik.http.routers.blaze_pscc.tls=true" + + focus: + image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG} + container_name: bridgehead-focus + environment: + API_KEY: ${FOCUS_BEAM_SECRET_SHORT} + BEAM_APP_ID_LONG: focus.${PROXY_ID} + PROXY_ID: ${PROXY_ID} + BLAZE_URL: "http://bridgehead-pscc-blaze:8080/fhir/" + BEAM_PROXY_URL: http://beam-proxy:8081 + RETRY_COUNT: ${FOCUS_RETRY_COUNT} + EPSILON: 0.28 + ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze} + depends_on: + - "beam-proxy" + - "blaze" + + beam-proxy: + image: docker.verbis.dkfz.de/cache/samply/beam-proxy:${BEAM_TAG} + container_name: bridgehead-beam-proxy + environment: + BROKER_URL: ${BROKER_URL} + PROXY_ID: ${PROXY_ID} + APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT} + PRIVKEY_FILE: /run/secrets/proxy.pem + ALL_PROXY: http://forward_proxy:3128 + TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs + ROOTCERT_FILE: /conf/root.crt.pem + secrets: + - proxy.pem + depends_on: + - "forward_proxy" + volumes: + - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro + - /srv/docker/bridgehead/pscc/root.crt.pem:/conf/root.crt.pem:ro + + landing: + profiles: [deactivated] + +volumes: + blaze-data: + +secrets: + proxy.pem: + file: /etc/bridgehead/pki/${SITE_ID}.priv.pem diff --git a/pscc/modules/lens-compose.yml b/pscc/modules/lens-compose.yml new file mode 100644 index 00000000..4571c7b2 --- /dev/null +++ b/pscc/modules/lens-compose.yml @@ -0,0 +1,40 @@ +version: "3.7" +services: + lens: + container_name: lens-federated-search + image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID} + labels: + - "traefik.http.services.lens.loadbalancer.server.port=3000" + - "traefik.enable=true" + - "traefik.http.routers.lens.rule=Host(`${HOST}`)" + - "traefik.http.routers.lens.tls=true" + + spot: + image: samply/rustyspot:latest + platform: linux/amd64 + environment: + HTTP_PROXY: ${HTTP_PROXY_URL} + HTTPS_PROXY: ${HTTPS_PROXY_URL} + NO_PROXY: beam-proxy + BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}" + BEAM_PROXY_URL: http://beam-proxy:8081 + BEAM_APP_ID: "spot.${SITE_ID}.${BROKER_ID}" + CORS_ORIGIN: "https://${HOST}" + SITES: ${SITES} + TRANSFORM: LENS + PROJECT: pscc + BIND_ADDR: 0.0.0.0:8055 + depends_on: + - "beam-proxy" + labels: + - "traefik.enable=true" + - "traefik.http.services.spot.loadbalancer.server.port=8055" + - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST" + - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowheaders=content-type" + - "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}" + - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true" + - "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1" + - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/prod`)" + - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/prod" + - "traefik.http.routers.spot.tls=true" + - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot,auth" \ No newline at end of file diff --git a/pscc/modules/lens-setup.sh b/pscc/modules/lens-setup.sh new file mode 100644 index 00000000..c19dc4bc --- /dev/null +++ b/pscc/modules/lens-setup.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +if [ -n "$ENABLE_LENS" ];then + OVERRIDE+=" -f ./$PROJECT/modules/lens-compose.yml" +fi \ No newline at end of file diff --git a/pscc/modules/osiris2fhir-compose.yml b/pscc/modules/osiris2fhir-compose.yml new file mode 100644 index 00000000..6b346d93 --- /dev/null +++ b/pscc/modules/osiris2fhir-compose.yml @@ -0,0 +1,15 @@ +services: + osiris2fhir: + container_name: bridgehead-osiris2fhir + image: docker.verbis.dkfz.de/ccp/osiris2fhir + environment: + FHIR_PROFILE: ${PROJECT:-pscc} + LOG_LEVEL: ${LOG_LEVEL:-INFO} + SALT: ${LOCAL_SALT} + labels: + - "traefik.enable=true" + - "traefik.http.routers.osiris2fhir.rule=PathPrefix(`/osiris2fhir`)" + - "traefik.http.middlewares.osiris2fhir_strip.stripprefix.prefixes=/osiris2fhir" + - "traefik.http.services.osiris2fhir.loadbalancer.server.port=8080" + - "traefik.http.routers.osiris2fhir.tls=true" + - "traefik.http.routers.osiris2fhir.middlewares=osiris2fhir_strip,auth" diff --git a/pscc/modules/osiris2fhir-setup.sh b/pscc/modules/osiris2fhir-setup.sh new file mode 100644 index 00000000..ce1d6d73 --- /dev/null +++ b/pscc/modules/osiris2fhir-setup.sh @@ -0,0 +1,6 @@ +#!/bin/bash +if [ -n "$ENABLE_OSIRIS2FHIR" ]; then + log INFO "OSIRIS2FHIR-REST setup detected -- will start osiris2fhir module." + OVERRIDE+=" -f ./pscc/modules/osiris2fhir-compose.yml" + LOCAL_SALT="$(echo \"local-random-salt\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" +fi \ No newline at end of file diff --git a/pscc/root.crt.pem b/pscc/root.crt.pem new file mode 100644 index 00000000..1cfd0656 --- /dev/null +++ b/pscc/root.crt.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNTCCAh2gAwIBAgIUVC1Y1tx0q5PNR33gArAyyBm8PMQwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjUxMTAzMTQxODQ5WhcNMzUx +MTAxMTQxOTE5WjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMB1yd7zkh7Io/ReQYindBcAdA1b4ogdVnrdSLRN +N3zLSh6jN5KIXgs34BdRXx0so0m96q+9xlgacTXGRBn1Tu5SKMRyXdxnCLMzHAYU +rNKhqF5HeZCYkVyh/tsAyFfDwZDVzsdX64V+0r5+raev2X0gJnlgmF83DIKjkVUS +2+c+3BnXa9LOdXks0qygJjvaFyi+5MA3DinLnmMLCQ3yAvaZYWyP3xCnGIoVrZFq +a+YioMCmHrbByuXPoZsXcFY7Z85LQkCtSVt1dH4kkN2/JehXG099nqwMqO8FpLZZ +xG7/U3P/slX1MMLs97nqRCRoW7Cha2ci1NBYLll+34ekhxMCAwEAAaN7MHkwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJHTpnuyIGHw +yvC/mmh+S/JKYVrAMB8GA1UdIwQYMBaAFJHTpnuyIGHwyvC/mmh+S/JKYVrAMBYG +A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQAeDc/k28yb +I5MLC/LdaA+MKsW2FWF9HT+tsbtltTaQIRnnkwfU/40Ius3gzUU5z+kPqq5+kxhy +3T646Rbau85Zw24gdNmiVKAAG5ntKoQ7XnyR/06PYyXNGLqnb6aKvbcIPoWtU/+2 +8f5hHdQ/4271aHws7dKcBNWu9V5WmxMZ3YTfnBR5lEda+DhVwHqtmun8EpSbwthD +aLLIOHJpetr+KWUVFHQdGbO23Qg1Else0Akcn5Gzf/sKkVCVxjHE6jeo4ZwHtstG +KMoff+ETC+DL5kMZ4CV5VaQ4HxVK7N0qiUxmijWe+EyRZseum1c0s2OEi2L52Q9K +P4N3yD4ed4p/ +-----END CERTIFICATE----- \ No newline at end of file diff --git a/pscc/vars b/pscc/vars new file mode 100644 index 00000000..b64965db --- /dev/null +++ b/pscc/vars @@ -0,0 +1,14 @@ +BROKER_ID=broker.pscc.org +BROKER_URL=https://${BROKER_ID} +PROXY_ID=${SITE_ID}.${BROKER_ID} +FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" +FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64} +SUPPORT_EMAIL=denis.koether@dkfz-heidelberg.de +PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem +BROKER_URL_FOR_PREREQ=$BROKER_URL + +for module in $PROJECT/modules/*.sh +do + log DEBUG "sourcing $module" + source $module +done diff --git a/versions/acceptance b/versions/acceptance index 1c6a5ed3..89d509ec 100644 --- a/versions/acceptance +++ b/versions/acceptance @@ -1,6 +1,6 @@ FOCUS_TAG=develop BEAM_TAG=develop -BLAZE_TAG=main +BLAZE_TAG=0.32 POSTGRES_TAG=15.13-alpine TEILER_DASHBOARD_TAG=develop MTBA_TAG=develop \ No newline at end of file diff --git a/versions/test b/versions/test index 1c6a5ed3..b1a3a402 100644 --- a/versions/test +++ b/versions/test @@ -1,6 +1,6 @@ FOCUS_TAG=develop BEAM_TAG=develop -BLAZE_TAG=main +BLAZE_TAG=0.32 POSTGRES_TAG=15.13-alpine TEILER_DASHBOARD_TAG=develop -MTBA_TAG=develop \ No newline at end of file +MTBA_TAG=develop