From 6dea7c8fef3701284fdd5f3723c3dc133e1b2815 Mon Sep 17 00:00:00 2001 From: DavidCroftDKFZ <46788708+DavidCroftDKFZ@users.noreply.github.com> Date: Wed, 5 Nov 2025 11:02:26 +0100 Subject: [PATCH 01/19] Directory sync: inherit host timezone (#354) Directory sync needs to be able to launch at specific times of day, and in order to do this in a predictable way, the timezone used inside the Docker container should be the same as the host. To do this, two files need to be mounted from the host. One file contains information about the time zone, the other file contains the file zone name. --- bbmri/modules/directory-sync-compose.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bbmri/modules/directory-sync-compose.yml b/bbmri/modules/directory-sync-compose.yml index 834dd923..e672c414 100644 --- a/bbmri/modules/directory-sync-compose.yml +++ b/bbmri/modules/directory-sync-compose.yml @@ -16,3 +16,6 @@ services: DS_IMPORT_COLLECTIONS: ${DS_IMPORT_COLLECTIONS:-true} depends_on: - "blaze" + volumes: + - /etc/localtime:/etc/localtime:ro # inherit host timezone + - /etc/timezone:/etc/timezone:ro # inherit host timezone name From 230ff1debbcd1412e1c247427c556b30ff059ce1 Mon Sep 17 00:00:00 2001 From: Pierre Delpy <75260699+PierreDelpy@users.noreply.github.com> Date: Wed, 5 Nov 2025 15:18:00 +0100 Subject: [PATCH 02/19] feat: add PSCC * add pscc and prepare lens2 deployment --------- Co-authored-by: p.delpy@dkfz-heidelberg.de Co-authored-by: Jan <59206115+Threated@users.noreply.github.com> --- bridgehead | 3 ++ cce/modules/lens-compose.yml | 35 ++++++++++-------- cce/vars | 2 +- itcc/docker-compose.yml | 1 + itcc/modules/lens-compose.yml | 1 + lib/functions.sh | 2 +- lib/prepare-system.sh | 3 ++ pscc/docker-compose.yml | 67 +++++++++++++++++++++++++++++++++++ pscc/modules/lens-compose.yml | 40 +++++++++++++++++++++ pscc/modules/lens-setup.sh | 5 +++ pscc/root.crt.pem | 20 +++++++++++ pscc/vars | 14 ++++++++ 12 files changed, 177 insertions(+), 16 deletions(-) create mode 100644 pscc/docker-compose.yml create mode 100644 pscc/modules/lens-compose.yml create mode 100644 pscc/modules/lens-setup.sh create mode 100644 pscc/root.crt.pem create mode 100644 pscc/vars diff --git a/bridgehead b/bridgehead index 9483767b..a384d850 100755 --- a/bridgehead +++ b/bridgehead @@ -35,6 +35,9 @@ case "$PROJECT" in cce) #nothing extra to do ;; + pscc) + #nothing extra to do + ;; itcc) #nothing extra to do ;; diff --git a/cce/modules/lens-compose.yml b/cce/modules/lens-compose.yml index d9ec6e28..cb173bcf 100644 --- a/cce/modules/lens-compose.yml +++ b/cce/modules/lens-compose.yml @@ -1,32 +1,39 @@ version: "3.7" services: - landing: + lens: container_name: lens_federated-search - image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID} + image: ghcr.io/samply/cce-explorer:pr-1 labels: + - "traefik.http.services.lens.loadbalancer.server.port=3000" - "traefik.enable=true" - - "traefik.http.routers.landing.rule=PathPrefix(`/`)" - - "traefik.http.services.landing.loadbalancer.server.port=80" - - "traefik.http.routers.landing.tls=true" + - "traefik.http.routers.lens.rule=Host(`${HOST}`)" + - "traefik.http.routers.lens.tls=true" spot: - image: docker.verbis.dkfz.de/ccp-private/central-spot + image: samply/rustyspot:latest environment: + HTTP_PROXY: ${HTTP_PROXY_URL} + HTTPS_PROXY: ${HTTPS_PROXY_URL} + NO_PROXY: beam-proxy BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}" - BEAM_URL: http://beam-proxy:8081 - BEAM_PROXY_ID: ${SITE_ID} - BEAM_BROKER_ID: ${BROKER_ID} - BEAM_APP_ID: "focus" + BEAM_PROXY_URL: http://beam-proxy:8081 + BEAM_APP_ID: "spot.${SITE_ID}.${BROKER_ID}" + CORS_ORIGIN: "https://${HOST}" + SITES: ${SITES} + TRANSFORM: LENS + PROJECT: cce + BIND_ADDR: 0.0.0.0:8055 depends_on: - "beam-proxy" labels: - "traefik.enable=true" - - "traefik.http.services.spot.loadbalancer.server.port=8080" + - "traefik.http.services.spot.loadbalancer.server.port=8055" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST" + - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowheaders=content-type" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1" - - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/backend`)" - - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/backend" + - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/prod`)" + - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/prod" - "traefik.http.routers.spot.tls=true" - - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot,auth" + - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot,auth" \ No newline at end of file diff --git a/cce/vars b/cce/vars index 7d0c1a3c..9338bd56 100644 --- a/cce/vars +++ b/cce/vars @@ -11,4 +11,4 @@ for module in $PROJECT/modules/*.sh do log DEBUG "sourcing $module" source $module -done +done \ No newline at end of file diff --git a/itcc/docker-compose.yml b/itcc/docker-compose.yml index 18adb6f9..f69c13d2 100644 --- a/itcc/docker-compose.yml +++ b/itcc/docker-compose.yml @@ -34,6 +34,7 @@ services: EPSILON: 0.28 QUERIES_TO_CACHE: '/queries_to_cache.conf' ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze} + CQL_PROJECTS_ENABLED: "itcc" volumes: - /srv/docker/bridgehead/itcc/queries_to_cache.conf:/queries_to_cache.conf:ro depends_on: diff --git a/itcc/modules/lens-compose.yml b/itcc/modules/lens-compose.yml index d9ec6e28..d19c372d 100644 --- a/itcc/modules/lens-compose.yml +++ b/itcc/modules/lens-compose.yml @@ -17,6 +17,7 @@ services: BEAM_PROXY_ID: ${SITE_ID} BEAM_BROKER_ID: ${BROKER_ID} BEAM_APP_ID: "focus" + PROJECT_METADATA: "itcc" depends_on: - "beam-proxy" labels: diff --git a/lib/functions.sh b/lib/functions.sh index c0f42576..7f2f78c3 100644 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -337,7 +337,7 @@ function sync_secrets() { } function secret_sync_gitlab_token() { - if [ "$PROJECT" == "minimal" ]; then + if [[ "$PROJECT" != "dktk" && "$PROJECT" != "bbmri" ]]; then log "INFO" "Not running Secret Sync for project minimal" return fi diff --git a/lib/prepare-system.sh b/lib/prepare-system.sh index b6aba52b..a4f68d20 100755 --- a/lib/prepare-system.sh +++ b/lib/prepare-system.sh @@ -55,6 +55,9 @@ case "$PROJECT" in cce) site_configuration_repository_middle="git.verbis.dkfz.de/cce-sites/" ;; + pscc) + site_configuration_repository_middle="git.verbis.dkfz.de/pscc-sites/" + ;; itcc) site_configuration_repository_middle="git.verbis.dkfz.de/itcc-sites/" ;; diff --git a/pscc/docker-compose.yml b/pscc/docker-compose.yml new file mode 100644 index 00000000..f3343d4f --- /dev/null +++ b/pscc/docker-compose.yml @@ -0,0 +1,67 @@ +version: "3.7" + +services: + blaze: + image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG} + container_name: bridgehead-pscc-blaze + environment: + BASE_URL: "http://bridgehead-pscc-blaze:8080" + JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m" + DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000} + DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP} + CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32} + ENFORCE_REFERENTIAL_INTEGRITY: "false" + volumes: + - "blaze-data:/app/data" + labels: + - "traefik.enable=true" + - "traefik.http.routers.blaze_pscc.rule=PathPrefix(`/pscc-localdatamanagement`)" + - "traefik.http.middlewares.pscc_b_strip.stripprefix.prefixes=/pscc-localdatamanagement" + - "traefik.http.services.blaze_pscc.loadbalancer.server.port=8080" + - "traefik.http.routers.blaze_pscc.middlewares=pscc_b_strip,auth" + - "traefik.http.routers.blaze_pscc.tls=true" + + focus: + image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG} + container_name: bridgehead-focus + environment: + API_KEY: ${FOCUS_BEAM_SECRET_SHORT} + BEAM_APP_ID_LONG: focus.${PROXY_ID} + PROXY_ID: ${PROXY_ID} + BLAZE_URL: "http://bridgehead-pscc-blaze:8080/fhir/" + BEAM_PROXY_URL: http://beam-proxy:8081 + RETRY_COUNT: ${FOCUS_RETRY_COUNT} + EPSILON: 0.28 + ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze} + depends_on: + - "beam-proxy" + - "blaze" + + beam-proxy: + image: docker.verbis.dkfz.de/cache/samply/beam-proxy:${BEAM_TAG} + container_name: bridgehead-beam-proxy + environment: + BROKER_URL: ${BROKER_URL} + PROXY_ID: ${PROXY_ID} + APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT} + PRIVKEY_FILE: /run/secrets/proxy.pem + ALL_PROXY: http://forward_proxy:3128 + TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs + ROOTCERT_FILE: /conf/root.crt.pem + secrets: + - proxy.pem + depends_on: + - "forward_proxy" + volumes: + - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro + - /srv/docker/bridgehead/pscc/root.crt.pem:/conf/root.crt.pem:ro + + landing: + profiles: [deactivated] + +volumes: + blaze-data: + +secrets: + proxy.pem: + file: /etc/bridgehead/pki/${SITE_ID}.priv.pem diff --git a/pscc/modules/lens-compose.yml b/pscc/modules/lens-compose.yml new file mode 100644 index 00000000..4571c7b2 --- /dev/null +++ b/pscc/modules/lens-compose.yml @@ -0,0 +1,40 @@ +version: "3.7" +services: + lens: + container_name: lens-federated-search + image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID} + labels: + - "traefik.http.services.lens.loadbalancer.server.port=3000" + - "traefik.enable=true" + - "traefik.http.routers.lens.rule=Host(`${HOST}`)" + - "traefik.http.routers.lens.tls=true" + + spot: + image: samply/rustyspot:latest + platform: linux/amd64 + environment: + HTTP_PROXY: ${HTTP_PROXY_URL} + HTTPS_PROXY: ${HTTPS_PROXY_URL} + NO_PROXY: beam-proxy + BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}" + BEAM_PROXY_URL: http://beam-proxy:8081 + BEAM_APP_ID: "spot.${SITE_ID}.${BROKER_ID}" + CORS_ORIGIN: "https://${HOST}" + SITES: ${SITES} + TRANSFORM: LENS + PROJECT: pscc + BIND_ADDR: 0.0.0.0:8055 + depends_on: + - "beam-proxy" + labels: + - "traefik.enable=true" + - "traefik.http.services.spot.loadbalancer.server.port=8055" + - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST" + - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowheaders=content-type" + - "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}" + - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true" + - "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1" + - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/prod`)" + - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/prod" + - "traefik.http.routers.spot.tls=true" + - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot,auth" \ No newline at end of file diff --git a/pscc/modules/lens-setup.sh b/pscc/modules/lens-setup.sh new file mode 100644 index 00000000..c19dc4bc --- /dev/null +++ b/pscc/modules/lens-setup.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +if [ -n "$ENABLE_LENS" ];then + OVERRIDE+=" -f ./$PROJECT/modules/lens-compose.yml" +fi \ No newline at end of file diff --git a/pscc/root.crt.pem b/pscc/root.crt.pem new file mode 100644 index 00000000..1f1265a5 --- /dev/null +++ b/pscc/root.crt.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNTCCAh2gAwIBAgIUW34NEb7bl0+Ywx+I1VKtY5vpAOowDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjQwMTIyMTMzNzEzWhcNMzQw +MTE5MTMzNzQzWjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAL5UegLXTlq3XRRj8LyFs3aF0tpRPVoW9RXp5kFI +TnBvyO6qjNbMDT/xK+4iDtEX4QQUvsxAKxfXbe9i1jpdwjgH7JHaSGm2IjAiKLqO +OXQQtguWwfNmmp96Ql13ArLj458YH08xMO/w2NFWGwB/hfARa4z/T0afFuc/tKJf +XbGCG9xzJ9tmcG45QN8NChGhVvaTweNdVxGWlpHxmi0Mn8OM9CEuB7nPtTTiBuiu +pRC2zVVmNjVp4ktkAqL7IHOz+/F5nhiz6tOika9oD3376Xj055lPznLcTQn2+4d7 +K7ZrBopCFxIQPjkgmYRLfPejbpdUjK1UVJw7hbWkqWqH7JMCAwEAAaN7MHkwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGjvRcaIP4HM +poIguUAK9YL2n7fbMB8GA1UdIwQYMBaAFGjvRcaIP4HMpoIguUAK9YL2n7fbMBYG +A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQCbzycJSaDm +AXXNJqQ88djrKs5MDXS8RIjS/cu2ayuLaYDe+BzVmUXNA0Vt9nZGdaz63SLLcjpU +fNSxBfKbwmf7s30AK8Cnfj9q4W/BlBeVizUHQsg1+RQpDIdMrRQrwkXv8mfLw+w5 +3oaXNW6W/8KpBp/H8TBZ6myl6jCbeR3T8EMXBwipMGop/1zkbF01i98Xpqmhx2+l +n+80ofPsSspOo5XmgCZym8CD/m/oFHmjcvOfpOCvDh4PZ+i37pmbSlCYoMpla3u/ +7MJMP5lugfLBYNDN2p+V4KbHP/cApCDT5UWLOeAWjgiZQtHH5ilDeYqEc1oPjyJt +Rtup0MTxSJtN +-----END CERTIFICATE----- \ No newline at end of file diff --git a/pscc/vars b/pscc/vars new file mode 100644 index 00000000..7849cbe0 --- /dev/null +++ b/pscc/vars @@ -0,0 +1,14 @@ +BROKER_ID=test-no-real-data.broker.samply.de +BROKER_URL=https://${BROKER_ID} +PROXY_ID=${SITE_ID}.${BROKER_ID} +FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" +FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64} +SUPPORT_EMAIL=denis.koether@dkfz-heidelberg.de +PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem +BROKER_URL_FOR_PREREQ=$BROKER_URL + +for module in $PROJECT/modules/*.sh +do + log DEBUG "sourcing $module" + source $module +done From 58d3e6487c0a8c338f762029650496ccdb529ab8 Mon Sep 17 00:00:00 2001 From: djuarezgf <46350150+djuarezgf@users.noreply.github.com> Date: Thu, 6 Nov 2025 16:47:50 +0100 Subject: [PATCH 03/19] feat: add nNGM project (#340) --- bridgehead | 3 ++ lib/functions.sh | 2 +- lib/prepare-system.sh | 3 ++ nngm/docker-compose.yml | 65 +++++++++++++++++++++++++++ nngm/modules/exporter-compose.yml | 72 ++++++++++++++++++++++++++++++ nngm/modules/exporter-setup.sh | 8 ++++ nngm/modules/teiler-compose.yml | 73 +++++++++++++++++++++++++++++++ nngm/modules/teiler-setup.sh | 8 ++++ nngm/root.crt.pem | 20 +++++++++ nngm/vars | 32 ++++++++++++++ 10 files changed, 285 insertions(+), 1 deletion(-) create mode 100644 nngm/docker-compose.yml create mode 100644 nngm/modules/exporter-compose.yml create mode 100644 nngm/modules/exporter-setup.sh create mode 100644 nngm/modules/teiler-compose.yml create mode 100644 nngm/modules/teiler-setup.sh create mode 100644 nngm/root.crt.pem create mode 100644 nngm/vars diff --git a/bridgehead b/bridgehead index a384d850..09b46f59 100755 --- a/bridgehead +++ b/bridgehead @@ -47,6 +47,9 @@ case "$PROJECT" in dhki) #nothing extra to do ;; + nngm) + #nothing extra to do + ;; minimal) #nothing extra to do ;; diff --git a/lib/functions.sh b/lib/functions.sh index 7f2f78c3..390a1c6e 100644 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -54,7 +54,7 @@ checkOwner(){ printUsage() { echo "Usage: bridgehead start|stop|logs|docker-logs|is-running|update|check|install|uninstall|adduser|enroll PROJECTNAME" - echo "PROJECTNAME should be one of ccp|bbmri|cce|itcc|kr|dhki" + echo "PROJECTNAME should be one of ccp|bbmri|cce|itcc|kr|dhki|nngm" } checkRequirements() { diff --git a/lib/prepare-system.sh b/lib/prepare-system.sh index a4f68d20..6ff4eb73 100755 --- a/lib/prepare-system.sh +++ b/lib/prepare-system.sh @@ -70,6 +70,9 @@ case "$PROJECT" in dhki) site_configuration_repository_middle="git.verbis.dkfz.de/dhki/" ;; + nngm) + site_configuration_repository_middle="git.verbis.dkfz.de/nngm/" + ;; minimal) site_configuration_repository_middle="git.verbis.dkfz.de/minimal-bridgehead-configs/" ;; diff --git a/nngm/docker-compose.yml b/nngm/docker-compose.yml new file mode 100644 index 00000000..69cbabef --- /dev/null +++ b/nngm/docker-compose.yml @@ -0,0 +1,65 @@ +version: "3.7" + +services: + blaze: + image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG} + container_name: bridgehead-nngm-blaze + environment: + BASE_URL: "http://bridgehead-nngm-blaze:8080" + JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m" + DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000} + DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP} + CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32} + ENFORCE_REFERENTIAL_INTEGRITY: "false" + volumes: + - "blaze-data:/app/data" + labels: + - "traefik.enable=true" + - "traefik.http.routers.blaze_nngm.rule=PathPrefix(`/nngm-localdatamanagement`)" + - "traefik.http.middlewares.nngm_b_strip.stripprefix.prefixes=/nngm-localdatamanagement" + - "traefik.http.services.blaze_nngm.loadbalancer.server.port=8080" + - "traefik.http.routers.blaze_nngm.middlewares=nngm_b_strip,auth" + - "traefik.http.routers.blaze_nngm.tls=true" + + focus: + image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG} + container_name: bridgehead-focus + environment: + - API_KEY=${FOCUS_BEAM_SECRET_SHORT} + - BEAM_APP_ID_LONG=focus.${PROXY_ID} + - PROXY_ID=${PROXY_ID} + - BLAZE_URL=http://bridgehead-nngm-blaze:8080/fhir/ + - BEAM_PROXY_URL=http://beam-proxy:8081 + - RETRY_COUNT=${FOCUS_RETRY_COUNT} + - EPSILON=0.28 + - ENDPOINT_TYPE=${FOCUS_ENDPOINT_TYPE:-blaze} + - CQL_PROJECTS_ENABLED + depends_on: + - "beam-proxy" + - "blaze" + + beam-proxy: + image: docker.verbis.dkfz.de/cache/samply/beam-proxy:${BEAM_TAG} + container_name: bridgehead-beam-proxy + environment: + BROKER_URL: ${BROKER_URL} + PROXY_ID: ${PROXY_ID} + APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT} + PRIVKEY_FILE: /run/secrets/proxy.pem + ALL_PROXY: http://forward_proxy:3128 + TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs + ROOTCERT_FILE: /conf/root.crt.pem + secrets: + - proxy.pem + depends_on: + - "forward_proxy" + volumes: + - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro + - /srv/docker/bridgehead/nngm/root.crt.pem:/conf/root.crt.pem:ro + +volumes: + blaze-data: + +secrets: + proxy.pem: + file: /etc/bridgehead/pki/${SITE_ID}.priv.pem diff --git a/nngm/modules/exporter-compose.yml b/nngm/modules/exporter-compose.yml new file mode 100644 index 00000000..6a11353b --- /dev/null +++ b/nngm/modules/exporter-compose.yml @@ -0,0 +1,72 @@ +version: "3.7" + +services: + exporter: + image: docker.verbis.dkfz.de/ccp/dktk-exporter:latest + container_name: bridgehead-nngm-exporter + environment: + JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC" + LOG_LEVEL: "INFO" + EXPORTER_API_KEY: "${EXPORTER_API_KEY}" # Set in exporter-setup.sh + CROSS_ORIGINS: "https://${HOST}" + EXPORTER_DB_USER: "exporter" + EXPORTER_DB_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh + EXPORTER_DB_URL: "jdbc:postgresql://exporter-db:5432/exporter" + HTTP_RELATIVE_PATH: "/nngm-exporter" + SITE: "${SITE_ID}" + HTTP_SERVLET_REQUEST_SCHEME: "https" + OPAL_PASSWORD: "${EXPORTER_OPAL_PASSWORD}" + labels: + - "traefik.enable=true" + - "traefik.http.routers.exporter_nngm.rule=PathPrefix(`/nngm-exporter`)" + - "traefik.http.services.exporter_nngm.loadbalancer.server.port=8092" + - "traefik.http.routers.exporter_nngm.tls=true" + - "traefik.http.middlewares.exporter_nngm_strip.stripprefix.prefixes=/nngm-exporter" + - "traefik.http.routers.exporter_nngm.middlewares=exporter_nngm_strip" + volumes: + - "/var/cache/bridgehead/nngm/exporter-files:/app/exporter-files/output" + + exporter-db: + image: docker.verbis.dkfz.de/cache/postgres:${POSTGRES_TAG} + container_name: bridgehead-nngm-exporter-db + environment: + POSTGRES_USER: "exporter" + POSTGRES_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh + POSTGRES_DB: "exporter" + volumes: + # Consider removing this volume once we find a solution to save Lens-queries to be executed in the explorer. + - "/var/cache/bridgehead/nngm/exporter-db:/var/lib/postgresql/data" + + reporter: + image: docker.verbis.dkfz.de/ccp/dktk-reporter:latest + container_name: bridgehead-nngm-reporter + environment: + JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC" + LOG_LEVEL: "INFO" + CROSS_ORIGINS: "https://${HOST}" + HTTP_RELATIVE_PATH: "/nngm-reporter" + SITE: "${SITE_ID}" + EXPORTER_API_KEY: "${EXPORTER_API_KEY}" # Set in exporter-setup.sh + EXPORTER_URL: "http://exporter:8092" + LOG_FHIR_VALIDATION: "false" + HTTP_SERVLET_REQUEST_SCHEME: "https" + + # In this initial development state of the bridgehead, we are trying to have so many volumes as possible. + # However, in the first executions in the CCP sites, this volume seems to be very important. A report is + # a process that can take several hours, because it depends on the exporter. + # There is a risk that the bridgehead restarts, losing the already created export. + + volumes: + - "/var/cache/bridgehead/nngm/reporter-files:/app/reports" + labels: + - "traefik.enable=true" + - "traefik.http.routers.reporter_nngm.rule=PathPrefix(`/nngm-reporter`)" + - "traefik.http.services.reporter_nngm.loadbalancer.server.port=8095" + - "traefik.http.routers.reporter_nngm.tls=true" + - "traefik.http.middlewares.reporter_nngm_strip.stripprefix.prefixes=/nngm-reporter" + - "traefik.http.routers.reporter_nngm.middlewares=reporter_nngm_strip" + + focus: + environment: + EXPORTER_URL: "http://exporter:8092" + EXPORTER_API_KEY: "${EXPORTER_API_KEY}" diff --git a/nngm/modules/exporter-setup.sh b/nngm/modules/exporter-setup.sh new file mode 100644 index 00000000..9b947a60 --- /dev/null +++ b/nngm/modules/exporter-setup.sh @@ -0,0 +1,8 @@ +#!/bin/bash -e + +if [ "$ENABLE_EXPORTER" == true ]; then + log INFO "Exporter setup detected -- will start Exporter service." + OVERRIDE+=" -f ./$PROJECT/modules/exporter-compose.yml" + EXPORTER_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" + EXPORTER_API_KEY="$(echo \"This is a salt string to generate one consistent API KEY for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 64)" +fi diff --git a/nngm/modules/teiler-compose.yml b/nngm/modules/teiler-compose.yml new file mode 100644 index 00000000..47a2ecc6 --- /dev/null +++ b/nngm/modules/teiler-compose.yml @@ -0,0 +1,73 @@ +version: "3.7" + +services: + + teiler-orchestrator: + image: docker.verbis.dkfz.de/cache/samply/teiler-orchestrator:latest + container_name: bridgehead-teiler-orchestrator + labels: + - "traefik.enable=true" + - "traefik.http.routers.teiler_orchestrator_nngm.rule=PathPrefix(`/nngm-teiler`)" + - "traefik.http.services.teiler_orchestrator_nngm.loadbalancer.server.port=9000" + - "traefik.http.routers.teiler_orchestrator_nngm.tls=true" + - "traefik.http.middlewares.teiler_orchestrator_nngm_strip.stripprefix.prefixes=/nngm-teiler" + - "traefik.http.routers.teiler_orchestrator_nngm.middlewares=teiler_orchestrator_nngm_strip" + environment: + TEILER_BACKEND_URL: "/nngm-teiler-backend" + TEILER_DASHBOARD_URL: "/nngm-teiler-dashboard" + DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE_LOWER_CASE}" + HTTP_RELATIVE_PATH: "/nngm-teiler" + + teiler-dashboard: + image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:${TEILER_DASHBOARD_TAG} + container_name: bridgehead-teiler-dashboard + labels: + - "traefik.enable=true" + - "traefik.http.routers.teiler_dashboard_nngm.rule=PathPrefix(`/nngm-teiler-dashboard`)" + - "traefik.http.services.teiler_dashboard_nngm.loadbalancer.server.port=80" + - "traefik.http.routers.teiler_dashboard_nngm.tls=true" + - "traefik.http.middlewares.teiler_dashboard_nngm_strip.stripprefix.prefixes=/nngm-teiler-dashboard" + - "traefik.http.routers.teiler_dashboard_nngm.middlewares=teiler_dashboard_nngm_strip" + environment: + DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}" + TEILER_BACKEND_URL: "/nngm-teiler-backend" + TEILER_DASHBOARD_URL: "/nngm-teiler-dashboard" + OIDC_URL: "${OIDC_URL}" + OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}" + OIDC_TOKEN_GROUP: "${OIDC_GROUP_CLAIM}" + TEILER_ADMIN_NAME: "${OPERATOR_FIRST_NAME} ${OPERATOR_LAST_NAME}" + TEILER_ADMIN_EMAIL: "${OPERATOR_EMAIL}" + TEILER_ADMIN_PHONE: "${OPERATOR_PHONE}" + TEILER_PROJECT: "${PROJECT}" + EXPORTER_API_KEY: "${EXPORTER_API_KEY}" + TEILER_ORCHESTRATOR_URL: "/nngm-teiler" + TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/nngm-teiler" + TEILER_USER: "${OIDC_USER_GROUP}" + TEILER_ADMIN: "${OIDC_ADMIN_GROUP}" + REPORTER_DEFAULT_TEMPLATE_ID: "ccp-qb" + EXPORTER_DEFAULT_TEMPLATE_ID: "ccp" + + +# TODO: Replace dktk-teiler-backend with nngm-teiler-backend + teiler-backend: + image: docker.verbis.dkfz.de/ccp/dktk-teiler-backend:latest + container_name: bridgehead-teiler-backend + labels: + - "traefik.enable=true" + - "traefik.http.routers.teiler_backend_nngm.rule=PathPrefix(`/nngm-teiler-backend`)" + - "traefik.http.services.teiler_backend_nngm.loadbalancer.server.port=8085" + - "traefik.http.routers.teiler_backend_nngm.tls=true" + - "traefik.http.middlewares.teiler_backend_nngm_strip.stripprefix.prefixes=/nngm-teiler-backend" + - "traefik.http.routers.teiler_backend_nngm.middlewares=teiler_backend_nngm_strip" + environment: + LOG_LEVEL: "INFO" + APPLICATION_PORT: "8085" + DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}" + TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/nngm-teiler" + TEILER_ORCHESTRATOR_URL: "/nngm-teiler" + TEILER_DASHBOARD_DE_URL: "/nngm-teiler-dashboard/de" + TEILER_DASHBOARD_EN_URL: "/nngm-teiler-dashboard/en" + HTTP_PROXY: "http://forward_proxy:3128" + ENABLE_MTBA: "${ENABLE_MTBA}" + ENABLE_DATASHIELD: "${ENABLE_DATASHIELD}" + IDMANAGER_UPLOAD_APIKEY: "${IDMANAGER_UPLOAD_APIKEY}" # Only used to check if the ID Manager is active diff --git a/nngm/modules/teiler-setup.sh b/nngm/modules/teiler-setup.sh new file mode 100644 index 00000000..e74e429e --- /dev/null +++ b/nngm/modules/teiler-setup.sh @@ -0,0 +1,8 @@ +#!/bin/bash -e + +if [ "$ENABLE_TEILER" == true ];then + log INFO "Teiler setup detected -- will start Teiler services." + OVERRIDE+=" -f ./$PROJECT/modules/teiler-compose.yml" + TEILER_DEFAULT_LANGUAGE=DE + TEILER_DEFAULT_LANGUAGE_LOWER_CASE=${TEILER_DEFAULT_LANGUAGE,,} +fi diff --git a/nngm/root.crt.pem b/nngm/root.crt.pem new file mode 100644 index 00000000..dbf6fc3b --- /dev/null +++ b/nngm/root.crt.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNTCCAh2gAwIBAgIUWHMDQFPJR5y8RKZ5FC72iOOla4kwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjUxMDI3MTQwMjU1WhcNMzUx +MDI1MTQwMzI1WjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAKoghRqAo6s9xjDao+ZC9HpZDBgzOgRMRHrl352k +Y0Gti1p3m8ldwVQV+nlBE6g/Dowo+iaOwUBiHMHOI2BK7vqkGNp0tZ63ZKR4cyOD +hCDOl71lWxjYD5XmF7l/SbrLFfET0EEorhLDDOMuWrNpxKFfKdvhld6K5BZ3oSfH +/5W5y5jWRFWEYRzddzil2GOiU2vzAygA0I1nr5oHCgZoteDDXztAYHJ5vnPA9RNQ +YFoe/5fVOiJo869zYyBwMuY/dV5ff7eIe/HRKzFLZ6iJEOJcBFWx/aWEvj5gSWxS +x4OzkwoHsZOkRN9wSTXvdO5kPFzmPq8Nq7Hmw4tLVzP1eRECAwEAAaN7MHkwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP9BHa86rz94 +nvMj2JhM5V3L3TWCMB8GA1UdIwQYMBaAFP9BHa86rz94nvMj2JhM5V3L3TWCMBYG +A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQCkWBXRUGx5 +XFWEEAVbAMcEuXAr6+HtSs+NTORQ01LhNST8Z9HhOaAjfH/dJiLvOjHvOuiOK9y9 +ZGkIIwqkkbhlv1ZcfQBWXh+xDNbq9Q2MaIWY3ZzPTKFgNkxFcEF43MMB+o5pK1Bf +jJIiSxuEfM0yHg9o+jc3V3XRhU9leXNPkfJezTGfVuWr/B/kTmnQ8zrOCapB+NnX +vuu1ayNyXflDkj8Gg0X4TarxGhSP6Dpxd9ViEQD9DFG8q42bH0mYveHcAIUN0FJX +4F2NChiL7dCSFFe6xKdRFDtNe12JrHRjU1rMAcxhYjBRbqt2o2HfDPajSJrhRheY +T35rRWxDupkP +-----END CERTIFICATE----- \ No newline at end of file diff --git a/nngm/vars b/nngm/vars new file mode 100644 index 00000000..9468feea --- /dev/null +++ b/nngm/vars @@ -0,0 +1,32 @@ +BROKER_ID=broker.nngm.dkfz.de +BROKER_URL=https://${BROKER_ID} +PROXY_ID=${SITE_ID}.${BROKER_ID} +FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" +FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64} +# TODO: Add real nNGM-Support email +SUPPORT_EMAIL=support-nngm@dkfz-heidelberg.de +PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem + +BROKER_URL_FOR_PREREQ=$BROKER_URL + +# TODO: Replace with nNGM OIDC Server +OIDC_USER_GROUP="NNGM_$(capitalize_first_letter ${SITE_ID})" +OIDC_ADMIN_GROUP="NNGM_$(capitalize_first_letter ${SITE_ID})_Verwalter" +OIDC_PSP_GROUP="NNGM_$(capitalize_first_letter ${SITE_ID})_PSP" +OIDC_PRIVATE_CLIENT_ID=${SITE_ID}-private +OIDC_PUBLIC_CLIENT_ID=${SITE_ID}-public +OIDC_URL="https://sso.verbis.dkfz.de/application/o/${OIDC_PUBLIC_CLIENT_ID}/" +OIDC_PRIVATE_URL="https://sso.verbis.dkfz.de/application/o/${OIDC_PRIVATE_CLIENT_ID}/" +OIDC_GROUP_CLAIM="groups" + +for module in $PROJECT/modules/*.sh +do + log DEBUG "sourcing $module" + source $module +done + +for module in modules/*.sh +do + log DEBUG "sourcing $module" + source $module +done From 394dcc256701f8613bae90df4b7ed133492f7925 Mon Sep 17 00:00:00 2001 From: DavidCroftDKFZ <46788708+DavidCroftDKFZ@users.noreply.github.com> Date: Tue, 11 Nov 2025 09:43:08 +0100 Subject: [PATCH 04/19] Directory sync: token login and cron change (#351) The Directory team have requested that we allow token login to the Directory, where a user uses LSAAI credentials to obtain a token from the Directory, and then uses this to authenticate Directory sync. This has been implemented via an environment variable, in an analogous way to the already existing username/password method. The default start time for the Directory sync has been shifted to 22:30, to prevent conflicts with the Bridgehead auto-update. Relevant changes have been made to the documentation. Co-authored-by: Torben Brenner <76154651+torbrenner@users.noreply.github.com> Co-authored-by: Jan <59206115+Threated@users.noreply.github.com> Co-authored-by: Martin Lablans <6804500+lablans@users.noreply.github.com> --- README.md | 13 ++++++++++--- bbmri/modules/directory-sync-compose.yml | 3 ++- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 2889ff0c..d0e462a7 100644 --- a/README.md +++ b/README.md @@ -318,6 +318,12 @@ To enable it, you will need to explicitly set the username and password variable DS_DIRECTORY_USER_NAME=your_directory_username DS_DIRECTORY_USER_PASS=your_directory_password ``` +Alternatively, if you have obtained a token from the Directory, you can insert the following into the configuration file: +``` +DS_DIRECTORY_USER_TOKEN=your_directory_token +``` +If you don't supply any authentification information (either login credentials or a token), Directory sync will not start. + Please contact your National Node or Directory support (directory-dev@helpdesk.bbmri-eric.eu) to obtain these credentials. The following environment variables can be used from within your config file to control the behavior of Directory sync: @@ -325,12 +331,13 @@ The following environment variables can be used from within your config file to | Variable | Purpose | Default if not specified | |:-----------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------------| | DS_DIRECTORY_URL | Base URL of the Directory | https://directory-backend.molgenis.net | -| DS_DIRECTORY_USER_NAME | User name for logging in to Directory **Mandatory** | | -| DS_DIRECTORY_USER_PASS | Password for logging in to Directory **Mandatory** | | +| DS_DIRECTORY_USER_NAME | User name for logging in to Directory | | +| DS_DIRECTORY_USER_PASS | Password for logging in to Directory | | +| DS_DIRECTORY_USER_TOKEN | Token for logging in to Directory | | | DS_DIRECTORY_DEFAULT_COLLECTION_ID | ID of collection to be used if not in samples | | | DS_DIRECTORY_ALLOW_STAR_MODEL | Set to 'True' to send star model info to Directory | True | | DS_FHIR_STORE_URL | URL for FHIR store | http://bridgehead-bbmri-blaze:8080 | -| DS_TIMER_CRON | Execution interval for Directory sync, [cron](https://crontab.guru) format | 0 22 * * * | +| DS_TIMER_CRON | Execution interval for Directory sync, [cron](https://crontab.guru) format | 30 22 * * * | | DS_IMPORT_BIOBANKS | Set to 'True' to import biobank metadata from Directory | True | | DS_IMPORT_COLLECTIONS | Set to 'True' to import collection metadata from Directory | True | diff --git a/bbmri/modules/directory-sync-compose.yml b/bbmri/modules/directory-sync-compose.yml index e672c414..58e1c69a 100644 --- a/bbmri/modules/directory-sync-compose.yml +++ b/bbmri/modules/directory-sync-compose.yml @@ -7,7 +7,8 @@ services: DS_DIRECTORY_URL: ${DS_DIRECTORY_URL:-https://directory.bbmri-eric.eu} DS_DIRECTORY_USER_NAME: ${DS_DIRECTORY_USER_NAME} DS_DIRECTORY_USER_PASS: ${DS_DIRECTORY_USER_PASS} - DS_TIMER_CRON: ${DS_TIMER_CRON:-0 22 * * *} + DS_DIRECTORY_USER_TOKEN: ${DS_DIRECTORY_USER_TOKEN} + DS_TIMER_CRON: ${DS_TIMER_CRON:-30 22 * * *} DS_DIRECTORY_ALLOW_STAR_MODEL: ${DS_DIRECTORY_ALLOW_STAR_MODEL:-true} DS_DIRECTORY_MOCK: ${DS_DIRECTORY_MOCK} DS_DIRECTORY_DEFAULT_COLLECTION_ID: ${DS_DIRECTORY_DEFAULT_COLLECTION_ID} From ab6e05826f71d17ef2c230de91dd06f1f13c06d3 Mon Sep 17 00:00:00 2001 From: Niklas Reimer Date: Wed, 12 Nov 2025 10:25:20 +0100 Subject: [PATCH 05/19] feat(dnpm): set timezone to Europe/Berlin (#359) --- ccp/modules/dnpm-node-compose.yml | 1 + minimal/modules/dnpm-node-compose.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/ccp/modules/dnpm-node-compose.yml b/ccp/modules/dnpm-node-compose.yml index 297ab5b0..0a7bcd31 100644 --- a/ccp/modules/dnpm-node-compose.yml +++ b/ccp/modules/dnpm-node-compose.yml @@ -66,6 +66,7 @@ services: - HATEOAS_HOST=https://${HOST} - CONNECTOR_TYPE=broker - AUTHUP_URL=robot://system:${DNPM_AUTHUP_SECRET}@http://dnpm-authup:3000 + - TZ=Europe/Berlin volumes: - /etc/bridgehead/dnpm/config:/dnpm_config - /var/cache/bridgehead/dnpm/backend-data:/dnpm_data diff --git a/minimal/modules/dnpm-node-compose.yml b/minimal/modules/dnpm-node-compose.yml index 4ec8c4b3..938cc9ca 100644 --- a/minimal/modules/dnpm-node-compose.yml +++ b/minimal/modules/dnpm-node-compose.yml @@ -66,6 +66,7 @@ services: - HATEOAS_HOST=https://${HOST} - CONNECTOR_TYPE=broker - AUTHUP_URL=robot://system:${DNPM_AUTHUP_SECRET}@http://dnpm-authup:3000 + - TZ=Europe/Berlin volumes: - /etc/bridgehead/dnpm/config:/dnpm_config - /var/cache/bridgehead/dnpm/backend-data:/dnpm_data From 56a8aac326737c5a95b90e74d5aa776725ec7836 Mon Sep 17 00:00:00 2001 From: Manoj Waikar Date: Wed, 19 Nov 2025 09:33:18 +0100 Subject: [PATCH 06/19] Add APP_spot_KEY env var under the beam-proxy section. (#358) --- cce/modules/lens-compose.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/cce/modules/lens-compose.yml b/cce/modules/lens-compose.yml index cb173bcf..de3430a9 100644 --- a/cce/modules/lens-compose.yml +++ b/cce/modules/lens-compose.yml @@ -36,4 +36,9 @@ services: - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/prod`)" - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/prod" - "traefik.http.routers.spot.tls=true" - - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot,auth" \ No newline at end of file + - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot,auth" + + beam-proxy: + environment: + APP_spot_KEY: ${FOCUS_BEAM_SECRET_SHORT} + \ No newline at end of file From e2569f47378415e11b6a64f9a30e00bd76de9cdb Mon Sep 17 00:00:00 2001 From: Manoj Waikar Date: Thu, 20 Nov 2025 14:34:33 +0100 Subject: [PATCH 07/19] Use the main image name for cce explorer. (#360) - instead of pr1 name --- cce/modules/lens-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cce/modules/lens-compose.yml b/cce/modules/lens-compose.yml index de3430a9..384606ae 100644 --- a/cce/modules/lens-compose.yml +++ b/cce/modules/lens-compose.yml @@ -2,7 +2,7 @@ version: "3.7" services: lens: container_name: lens_federated-search - image: ghcr.io/samply/cce-explorer:pr-1 + image: ghcr.io/samply/cce-explorer:main labels: - "traefik.http.services.lens.loadbalancer.server.port=3000" - "traefik.enable=true" From 57f49ab5fcf4ee2dde6c874bf03e4216a967eebb Mon Sep 17 00:00:00 2001 From: Pierre Delpy <75260699+PierreDelpy@users.noreply.github.com> Date: Fri, 21 Nov 2025 10:42:21 +0100 Subject: [PATCH 08/19] feat: migrate pscc to orange cloud broker (#361) --- pscc/root.crt.pem | 36 ++++++++++++++++++------------------ pscc/vars | 2 +- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/pscc/root.crt.pem b/pscc/root.crt.pem index 1f1265a5..1cfd0656 100644 --- a/pscc/root.crt.pem +++ b/pscc/root.crt.pem @@ -1,20 +1,20 @@ -----BEGIN CERTIFICATE----- -MIIDNTCCAh2gAwIBAgIUW34NEb7bl0+Ywx+I1VKtY5vpAOowDQYJKoZIhvcNAQEL -BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjQwMTIyMTMzNzEzWhcNMzQw -MTE5MTMzNzQzWjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBAL5UegLXTlq3XRRj8LyFs3aF0tpRPVoW9RXp5kFI -TnBvyO6qjNbMDT/xK+4iDtEX4QQUvsxAKxfXbe9i1jpdwjgH7JHaSGm2IjAiKLqO -OXQQtguWwfNmmp96Ql13ArLj458YH08xMO/w2NFWGwB/hfARa4z/T0afFuc/tKJf -XbGCG9xzJ9tmcG45QN8NChGhVvaTweNdVxGWlpHxmi0Mn8OM9CEuB7nPtTTiBuiu -pRC2zVVmNjVp4ktkAqL7IHOz+/F5nhiz6tOika9oD3376Xj055lPznLcTQn2+4d7 -K7ZrBopCFxIQPjkgmYRLfPejbpdUjK1UVJw7hbWkqWqH7JMCAwEAAaN7MHkwDgYD -VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGjvRcaIP4HM -poIguUAK9YL2n7fbMB8GA1UdIwQYMBaAFGjvRcaIP4HMpoIguUAK9YL2n7fbMBYG -A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQCbzycJSaDm -AXXNJqQ88djrKs5MDXS8RIjS/cu2ayuLaYDe+BzVmUXNA0Vt9nZGdaz63SLLcjpU -fNSxBfKbwmf7s30AK8Cnfj9q4W/BlBeVizUHQsg1+RQpDIdMrRQrwkXv8mfLw+w5 -3oaXNW6W/8KpBp/H8TBZ6myl6jCbeR3T8EMXBwipMGop/1zkbF01i98Xpqmhx2+l -n+80ofPsSspOo5XmgCZym8CD/m/oFHmjcvOfpOCvDh4PZ+i37pmbSlCYoMpla3u/ -7MJMP5lugfLBYNDN2p+V4KbHP/cApCDT5UWLOeAWjgiZQtHH5ilDeYqEc1oPjyJt -Rtup0MTxSJtN +MIIDNTCCAh2gAwIBAgIUVC1Y1tx0q5PNR33gArAyyBm8PMQwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjUxMTAzMTQxODQ5WhcNMzUx +MTAxMTQxOTE5WjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMB1yd7zkh7Io/ReQYindBcAdA1b4ogdVnrdSLRN +N3zLSh6jN5KIXgs34BdRXx0so0m96q+9xlgacTXGRBn1Tu5SKMRyXdxnCLMzHAYU +rNKhqF5HeZCYkVyh/tsAyFfDwZDVzsdX64V+0r5+raev2X0gJnlgmF83DIKjkVUS +2+c+3BnXa9LOdXks0qygJjvaFyi+5MA3DinLnmMLCQ3yAvaZYWyP3xCnGIoVrZFq +a+YioMCmHrbByuXPoZsXcFY7Z85LQkCtSVt1dH4kkN2/JehXG099nqwMqO8FpLZZ +xG7/U3P/slX1MMLs97nqRCRoW7Cha2ci1NBYLll+34ekhxMCAwEAAaN7MHkwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJHTpnuyIGHw +yvC/mmh+S/JKYVrAMB8GA1UdIwQYMBaAFJHTpnuyIGHwyvC/mmh+S/JKYVrAMBYG +A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQAeDc/k28yb +I5MLC/LdaA+MKsW2FWF9HT+tsbtltTaQIRnnkwfU/40Ius3gzUU5z+kPqq5+kxhy +3T646Rbau85Zw24gdNmiVKAAG5ntKoQ7XnyR/06PYyXNGLqnb6aKvbcIPoWtU/+2 +8f5hHdQ/4271aHws7dKcBNWu9V5WmxMZ3YTfnBR5lEda+DhVwHqtmun8EpSbwthD +aLLIOHJpetr+KWUVFHQdGbO23Qg1Else0Akcn5Gzf/sKkVCVxjHE6jeo4ZwHtstG +KMoff+ETC+DL5kMZ4CV5VaQ4HxVK7N0qiUxmijWe+EyRZseum1c0s2OEi2L52Q9K +P4N3yD4ed4p/ -----END CERTIFICATE----- \ No newline at end of file diff --git a/pscc/vars b/pscc/vars index 7849cbe0..b64965db 100644 --- a/pscc/vars +++ b/pscc/vars @@ -1,4 +1,4 @@ -BROKER_ID=test-no-real-data.broker.samply.de +BROKER_ID=broker.pscc.org BROKER_URL=https://${BROKER_ID} PROXY_ID=${SITE_ID}.${BROKER_ID} FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" From d0c87b40a6a60b1a6de7deccfdbc7917383485c8 Mon Sep 17 00:00:00 2001 From: Manoj Waikar Date: Fri, 21 Nov 2025 14:52:42 +0100 Subject: [PATCH 09/19] Use the cce-explorer:main image from docker hub (instead of ghcr). (#362) --- cce/modules/lens-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cce/modules/lens-compose.yml b/cce/modules/lens-compose.yml index 384606ae..1ea84364 100644 --- a/cce/modules/lens-compose.yml +++ b/cce/modules/lens-compose.yml @@ -2,7 +2,7 @@ version: "3.7" services: lens: container_name: lens_federated-search - image: ghcr.io/samply/cce-explorer:main + image: samply/cce-explorer:main labels: - "traefik.http.services.lens.loadbalancer.server.port=3000" - "traefik.enable=true" From a5120ba75be30b78f62243c113b0a10390ef440d Mon Sep 17 00:00:00 2001 From: Enola Knezevic <115070135+enola-dkfz@users.noreply.github.com> Date: Mon, 1 Dec 2025 12:50:07 +0100 Subject: [PATCH 10/19] obfuscate BBMRI ERIC way, test blaze version (#363) --- bbmri/modules/eric-compose.yml | 1 + versions/acceptance | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/bbmri/modules/eric-compose.yml b/bbmri/modules/eric-compose.yml index 72baa6c7..e6ed0447 100644 --- a/bbmri/modules/eric-compose.yml +++ b/bbmri/modules/eric-compose.yml @@ -11,6 +11,7 @@ services: BLAZE_URL: "http://blaze:8080/fhir/" BEAM_PROXY_URL: http://beam-proxy-eric:8081 RETRY_COUNT: ${FOCUS_RETRY_COUNT} + OBFUSCATE_BBMRI_ERIC_WAY: "true" depends_on: - "beam-proxy-eric" - "blaze" diff --git a/versions/acceptance b/versions/acceptance index 1c6a5ed3..89d509ec 100644 --- a/versions/acceptance +++ b/versions/acceptance @@ -1,6 +1,6 @@ FOCUS_TAG=develop BEAM_TAG=develop -BLAZE_TAG=main +BLAZE_TAG=0.32 POSTGRES_TAG=15.13-alpine TEILER_DASHBOARD_TAG=develop MTBA_TAG=develop \ No newline at end of file From dd3387c2f1bb54ba385bc5ff9395a7e4a70a5e85 Mon Sep 17 00:00:00 2001 From: Enola Knezevic <115070135+enola-dkfz@users.noreply.github.com> Date: Mon, 1 Dec 2025 12:54:57 +0100 Subject: [PATCH 11/19] test version blaze (#364) This is the one we need urgently --- versions/test | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/versions/test b/versions/test index 1c6a5ed3..b1a3a402 100644 --- a/versions/test +++ b/versions/test @@ -1,6 +1,6 @@ FOCUS_TAG=develop BEAM_TAG=develop -BLAZE_TAG=main +BLAZE_TAG=0.32 POSTGRES_TAG=15.13-alpine TEILER_DASHBOARD_TAG=develop -MTBA_TAG=develop \ No newline at end of file +MTBA_TAG=develop From 85cfc2514d4256cbaf71110ee8c2cdf1a00d1c3e Mon Sep 17 00:00:00 2001 From: Jan <59206115+Threated@users.noreply.github.com> Date: Thu, 11 Dec 2025 11:33:29 +0100 Subject: [PATCH 12/19] update beam proxy server used for oauth enrollment (#366) --- lib/functions.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/functions.sh b/lib/functions.sh index 390a1c6e..520d86aa 100644 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -327,7 +327,7 @@ function sync_secrets() { -e ALL_PROXY=$HTTPS_PROXY_FULL_URL \ -e PROXY_ID=$proxy_id \ -e BROKER_URL=$broker_url \ - -e OIDC_PROVIDER=secret-sync-central.test-secret-sync.$broker_id \ + -e OIDC_PROVIDER=secret-sync-central.central-secret-sync.$broker_id \ -e SECRET_DEFINITIONS=$secret_sync_args \ docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest From 7dc9e2e6633b8ef3734e112c71416488579fd17e Mon Sep 17 00:00:00 2001 From: Manoj Waikar Date: Tue, 13 Jan 2026 10:42:10 +0100 Subject: [PATCH 13/19] Changes to make deployed CCE explorer work properly. (#368) * Changes to make deployed CCE explorer work properly. In the lens environment section in services: - add PUBLIC_SPOT_URL value --- cce/modules/lens-compose.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cce/modules/lens-compose.yml b/cce/modules/lens-compose.yml index 1ea84364..59d707ca 100644 --- a/cce/modules/lens-compose.yml +++ b/cce/modules/lens-compose.yml @@ -3,6 +3,8 @@ services: lens: container_name: lens_federated-search image: samply/cce-explorer:main + environment: + PUBLIC_SPOT_URL: https://${HOST}/prod labels: - "traefik.http.services.lens.loadbalancer.server.port=3000" - "traefik.enable=true" From 6923ead6ce3347ee98aba2b23177d522593d0b30 Mon Sep 17 00:00:00 2001 From: Martin Jurk <96107909+Martin1088@users.noreply.github.com> Date: Wed, 28 Jan 2026 14:28:09 +0100 Subject: [PATCH 14/19] feat: itcc lens2 (#365) --- itcc/docker-compose.yml | 3 +-- itcc/modules/itcc-omics-ingest.sh | 6 +++++ itcc/modules/itcc-omics-ingest.yaml | 14 ++++++++++ itcc/modules/lens-compose.yml | 40 +++++++++++++++++++---------- itcc/vars | 2 ++ 5 files changed, 50 insertions(+), 15 deletions(-) create mode 100644 itcc/modules/itcc-omics-ingest.sh create mode 100644 itcc/modules/itcc-omics-ingest.yaml diff --git a/itcc/docker-compose.yml b/itcc/docker-compose.yml index f69c13d2..49edff0a 100644 --- a/itcc/docker-compose.yml +++ b/itcc/docker-compose.yml @@ -15,7 +15,7 @@ services: - "blaze-data:/app/data" labels: - "traefik.enable=true" - - "traefik.http.routers.blaze_itcc.rule=PathPrefix(`/itcc-localdatamanagement`)" + - "traefik.http.routers.blaze_itcc.rule=Host(`${HOST}`) && PathPrefix(`/itcc-localdatamanagement`)" - "traefik.http.middlewares.itcc_b_strip.stripprefix.prefixes=/itcc-localdatamanagement" - "traefik.http.services.blaze_itcc.loadbalancer.server.port=8080" - "traefik.http.routers.blaze_itcc.middlewares=itcc_b_strip,auth" @@ -34,7 +34,6 @@ services: EPSILON: 0.28 QUERIES_TO_CACHE: '/queries_to_cache.conf' ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze} - CQL_PROJECTS_ENABLED: "itcc" volumes: - /srv/docker/bridgehead/itcc/queries_to_cache.conf:/queries_to_cache.conf:ro depends_on: diff --git a/itcc/modules/itcc-omics-ingest.sh b/itcc/modules/itcc-omics-ingest.sh new file mode 100644 index 00000000..a078140a --- /dev/null +++ b/itcc/modules/itcc-omics-ingest.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +if [ -n "$ENABLE_OMICS" ];then + OVERRIDE+=" -f ./$PROJECT/modules/itcc-omics-ingest.yaml" + GENERATE_API_KEY="$(generate_simple_password 'omics')" +fi \ No newline at end of file diff --git a/itcc/modules/itcc-omics-ingest.yaml b/itcc/modules/itcc-omics-ingest.yaml new file mode 100644 index 00000000..81084331 --- /dev/null +++ b/itcc/modules/itcc-omics-ingest.yaml @@ -0,0 +1,14 @@ +services: + omics-endpoint: + image: ghcr.io/samply/itcc-omics-ingest:main + environment: + - API_KEY=${GENERATE_API_KEY} + volumes: + - /var/cache/bridgehead/omics/data:/data/uploads + labels: + - "traefik.http.routers.omics.rule=Host(`${HOST}`) && PathPrefix(`/api/omics`)" + - "traefik.enable=true" + - "traefik.http.services.omics.loadbalancer.server.port=6080" + - "traefik.http.routers.omics.tls=true" + - "traefik.http.middlewares.omics-stripprefix.stripprefix.prefixes=/api" + - "traefik.http.routers.omics.middlewares=omics-stripprefix" diff --git a/itcc/modules/lens-compose.yml b/itcc/modules/lens-compose.yml index d19c372d..5a5b78cc 100644 --- a/itcc/modules/lens-compose.yml +++ b/itcc/modules/lens-compose.yml @@ -1,33 +1,47 @@ version: "3.7" services: - landing: - container_name: lens_federated-search - image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID} + itcc-explorer: + container_name: lens_itcc_explorer + image: samply/itcc-explorer:main + environment: + HOST: "0.0.0.0" + BIND_ADDR: "0.0.0.0:3000" + PUBLIC_ENVIRONMENT: ${PUBLIC_ENVIRONMENT} labels: - "traefik.enable=true" - - "traefik.http.routers.landing.rule=PathPrefix(`/`)" - - "traefik.http.services.landing.loadbalancer.server.port=80" - - "traefik.http.routers.landing.tls=true" + - "traefik.http.routers.itcc.rule=Host(`${HOST}`) && PathPrefix(`/`)" + - "traefik.http.routers.itcc.entrypoints=websecure" + - "traefik.http.services.itcc.loadbalancer.server.port=3000" + - "traefik.http.routers.itcc.tls=true" spot: - image: docker.verbis.dkfz.de/ccp-private/central-spot + image: samply/rustyspot:latest environment: BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}" - BEAM_URL: http://beam-proxy:8081 + BEAM_PROXY_URL: http://beam-proxy:8081 BEAM_PROXY_ID: ${SITE_ID} BEAM_BROKER_ID: ${BROKER_ID} - BEAM_APP_ID: "focus" - PROJECT_METADATA: "itcc" + BEAM_APP_ID: "spot.${SITE_ID}.${BROKER_ID}" + CORS_ORIGIN: "https://${HOST}" + SITES: ${SITES} + TRANSFORM: LENS + PROJECT: "itcc" + BIND_ADDR: 0.0.0.0:8055 depends_on: - "beam-proxy" labels: - "traefik.enable=true" - - "traefik.http.services.spot.loadbalancer.server.port=8080" + - "traefik.http.services.spot.loadbalancer.server.port=8055" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST" + - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowheaders=content-type" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1" - - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/backend`)" - - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/backend" + - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/prod`)" + - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/prod" - "traefik.http.routers.spot.tls=true" - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot,auth" + + beam-proxy: + environment: + APP_spot_KEY: ${FOCUS_BEAM_SECRET_SHORT} diff --git a/itcc/vars b/itcc/vars index b03403b8..662703ed 100644 --- a/itcc/vars +++ b/itcc/vars @@ -6,6 +6,8 @@ FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64} SUPPORT_EMAIL=arturo.macias@dkfz-heidelberg.de PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem BROKER_URL_FOR_PREREQ=$BROKER_URL +PUBLIC_ENVIRONMENT=prod +SITES=itcc-inform,itcc-ither,itcc-mappyacts,itcc-profyle,itcc-smpaeds,itcc-zero for module in $PROJECT/modules/*.sh do From bff06a6bb0c2820b81d34f58948cbc20c19881d5 Mon Sep 17 00:00:00 2001 From: Pierre Delpy <75260699+PierreDelpy@users.noreply.github.com> Date: Tue, 10 Feb 2026 11:21:36 +0100 Subject: [PATCH 15/19] fix kr deployment (#370) --- kr/docker-compose.yml | 3 +- kr/modules/export-and-qb.curl-templates | 6 ---- kr/modules/lens-compose.yml | 37 +++++++++++++++---------- kr/modules/obds2fhir-rest-compose.yml | 2 +- kr/vars | 2 +- 5 files changed, 27 insertions(+), 23 deletions(-) delete mode 100644 kr/modules/export-and-qb.curl-templates diff --git a/kr/docker-compose.yml b/kr/docker-compose.yml index 98632bde..3da9e53a 100644 --- a/kr/docker-compose.yml +++ b/kr/docker-compose.yml @@ -12,7 +12,8 @@ services: BASE_URL: "http://bridgehead-kr-blaze:8080" JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m" DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000} - DB_BLOCK_CACHE_SIZE: $BLAZE_MEMORY_CAP + DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP} + CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32} ENFORCE_REFERENTIAL_INTEGRITY: "false" volumes: - "blaze-data:/app/data" diff --git a/kr/modules/export-and-qb.curl-templates b/kr/modules/export-and-qb.curl-templates deleted file mode 100644 index 739c5af6..00000000 --- a/kr/modules/export-and-qb.curl-templates +++ /dev/null @@ -1,6 +0,0 @@ -# Full Excel Export -curl --location --request POST 'https://${HOST}/ccp-exporter/request?query=Patient&query-format=FHIR_PATH&template-id=ccp&output-format=EXCEL' \ ---header 'x-api-key: ${EXPORT_API_KEY}' - -# QB -curl --location --request POST 'https://${HOST}/ccp-reporter/generate?template-id=ccp' diff --git a/kr/modules/lens-compose.yml b/kr/modules/lens-compose.yml index b0b4573d..ea2b98d7 100644 --- a/kr/modules/lens-compose.yml +++ b/kr/modules/lens-compose.yml @@ -4,32 +4,41 @@ services: deploy: replicas: 1 #reactivate if lens is in use container_name: lens_federated-search - image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID} + image: docker.verbis.dkfz.de/ccp/kr-explorer:main + environment: + PUBLIC_SPOT_URL: https://${HOST}/prod labels: + - "traefik.http.services.lens.loadbalancer.server.port=3000" - "traefik.enable=true" - - "traefik.http.routers.landing.rule=PathPrefix(`/`)" - - "traefik.http.services.landing.loadbalancer.server.port=80" - - "traefik.http.routers.landing.tls=true" + - "traefik.http.routers.lens.rule=Host(`${HOST}`)" + - "traefik.http.routers.lens.tls=true" spot: - image: docker.verbis.dkfz.de/ccp-private/central-spot + image: samply/rustyspot:latest environment: BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}" - BEAM_URL: http://beam-proxy:8081 - BEAM_PROXY_ID: ${SITE_ID} - BEAM_BROKER_ID: ${BROKER_ID} - BEAM_APP_ID: "focus" - PROJECT_METADATA: "kr_supervisors" + BEAM_PROXY_URL: http://beam-proxy:8081 + BEAM_APP_ID: "spot.${SITE_ID}.${BROKER_ID}" + CORS_ORIGIN: "https://${HOST}" + SITES: ${SITES} + TRANSFORM: LENS + PROJECT: kr + BIND_ADDR: 0.0.0.0:8055 depends_on: - "beam-proxy" labels: - "traefik.enable=true" - - "traefik.http.services.spot.loadbalancer.server.port=8080" + - "traefik.http.services.spot.loadbalancer.server.port=8055" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST" + - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowheaders=content-type" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1" - - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/backend`)" - - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/backend" + - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/prod`)" + - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/prod" - "traefik.http.routers.spot.tls=true" - - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot" + - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot,auth" + + beam-proxy: + environment: + APP_spot_KEY: ${FOCUS_BEAM_SECRET_SHORT} diff --git a/kr/modules/obds2fhir-rest-compose.yml b/kr/modules/obds2fhir-rest-compose.yml index 833580d1..ec1737c8 100644 --- a/kr/modules/obds2fhir-rest-compose.yml +++ b/kr/modules/obds2fhir-rest-compose.yml @@ -3,7 +3,7 @@ version: "3.7" services: obds2fhir-rest: container_name: bridgehead-obds2fhir-rest - image: docker.verbis.dkfz.de/ccp/obds2fhir-rest:main + image: docker.verbis.dkfz.de/samply/obds2fhir-rest:main environment: IDTYPE: BK_${IDMANAGEMENT_FRIENDLY_ID}_L-ID MAINZELLISTE_APIKEY: ${IDMANAGER_LOCAL_PATIENTLIST_APIKEY} diff --git a/kr/vars b/kr/vars index d4e5a27a..f5c1e65e 100644 --- a/kr/vars +++ b/kr/vars @@ -3,7 +3,7 @@ BROKER_URL=https://${BROKER_ID} PROXY_ID=${SITE_ID}.${BROKER_ID} FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64} -SUPPORT_EMAIL=arturo.macias@dkfz-heidelberg.de +SUPPORT_EMAIL=p.delpy@dkfz-heidelberg.de PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem BROKER_URL_FOR_PREREQ=$BROKER_URL From 7a9f80537b6fe5cb93713211cd27cc4ed9ca6ed3 Mon Sep 17 00:00:00 2001 From: Martin Jurk <96107909+Martin1088@users.noreply.github.com> Date: Tue, 10 Feb 2026 16:04:33 +0100 Subject: [PATCH 16/19] sites moved to etc itcc.comf (#369) --- itcc/vars | 1 - 1 file changed, 1 deletion(-) diff --git a/itcc/vars b/itcc/vars index 662703ed..3eee6525 100644 --- a/itcc/vars +++ b/itcc/vars @@ -7,7 +7,6 @@ SUPPORT_EMAIL=arturo.macias@dkfz-heidelberg.de PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem BROKER_URL_FOR_PREREQ=$BROKER_URL PUBLIC_ENVIRONMENT=prod -SITES=itcc-inform,itcc-ither,itcc-mappyacts,itcc-profyle,itcc-smpaeds,itcc-zero for module in $PROJECT/modules/*.sh do From 9d3ec957a2020484848bf919c1487cbd8483e06e Mon Sep 17 00:00:00 2001 From: DavidCroftDKFZ <46788708+DavidCroftDKFZ@users.noreply.github.com> Date: Fri, 20 Feb 2026 09:27:47 +0100 Subject: [PATCH 17/19] Activate Directory token login (#371) Right now, Directory sync will only be activated if a username has been specified. It also needs to run if a login token has been specified, hence the change in this commit. --- bbmri/modules/directory-sync.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bbmri/modules/directory-sync.sh b/bbmri/modules/directory-sync.sh index 2765dfbb..01ce7df7 100755 --- a/bbmri/modules/directory-sync.sh +++ b/bbmri/modules/directory-sync.sh @@ -1,6 +1,6 @@ #!/bin/bash -if [ -n "${DS_DIRECTORY_USER_NAME}" ]; then +if [ -n "${DS_DIRECTORY_USER_NAME}" ] || [ -n "${DS_DIRECTORY_USER_TOKEN}" ]; then log INFO "Directory sync setup detected -- will start directory sync service." OVERRIDE+=" -f ./$PROJECT/modules/directory-sync-compose.yml" fi From c1de9b8314d5b3b2e159be95ce22e48f873a0c76 Mon Sep 17 00:00:00 2001 From: Pierre Delpy <75260699+PierreDelpy@users.noreply.github.com> Date: Tue, 24 Feb 2026 12:09:39 +0100 Subject: [PATCH 18/19] WIP: enable osiris2fhir in PSCC for GR (#372) enable osiris2fhir in PSCC for GR --- pscc/modules/osiris2fhir-compose.yml | 13 +++++++++++++ pscc/modules/osiris2fhir-setup.sh | 6 ++++++ 2 files changed, 19 insertions(+) create mode 100644 pscc/modules/osiris2fhir-compose.yml create mode 100644 pscc/modules/osiris2fhir-setup.sh diff --git a/pscc/modules/osiris2fhir-compose.yml b/pscc/modules/osiris2fhir-compose.yml new file mode 100644 index 00000000..a5fbffbe --- /dev/null +++ b/pscc/modules/osiris2fhir-compose.yml @@ -0,0 +1,13 @@ +services: + osiris2fhir: + container_name: bridgehead-osiris2fhir + image: docker.verbis.dkfz.de/ccp/osiris2fhir:${SITE_ID} + environment: + SALT: ${LOCAL_SALT} + labels: + - "traefik.enable=true" + - "traefik.http.routers.osiris2fhir.rule=PathPrefix(`/osiris2fhir`)" + - "traefik.http.middlewares.osiris2fhir_strip.stripprefix.prefixes=/osiris2fhir" + - "traefik.http.services.osiris2fhir.loadbalancer.server.port=8080" + - "traefik.http.routers.osiris2fhir.tls=true" + - "traefik.http.routers.osiris2fhir.middlewares=osiris2fhir_strip,auth" diff --git a/pscc/modules/osiris2fhir-setup.sh b/pscc/modules/osiris2fhir-setup.sh new file mode 100644 index 00000000..852a3a85 --- /dev/null +++ b/pscc/modules/osiris2fhir-setup.sh @@ -0,0 +1,6 @@ +#!/bin/bash +if [ -n "$ENABLE_OSIRIS2FHIR" ]; then + log INFO "oBDS2FHIR-REST setup detected -- will start osiris2fhir module." + OVERRIDE+=" -f ./pscc/modules/osiris2fhir-compose.yml" + LOCAL_SALT="$(echo \"local-random-salt\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" +fi \ No newline at end of file From bbda99254fadc62040628a7efe5b9e84e7d11137 Mon Sep 17 00:00:00 2001 From: Pierre Delpy <75260699+PierreDelpy@users.noreply.github.com> Date: Tue, 17 Mar 2026 15:54:25 +0100 Subject: [PATCH 19/19] feature: add osiris2fhir in cce and minor fixes (#374) --- cce/modules/osiris2fhir-setup.sh | 6 ++++++ pscc/modules/osiris2fhir-compose.yml | 4 +++- pscc/modules/osiris2fhir-setup.sh | 2 +- 3 files changed, 10 insertions(+), 2 deletions(-) create mode 100644 cce/modules/osiris2fhir-setup.sh diff --git a/cce/modules/osiris2fhir-setup.sh b/cce/modules/osiris2fhir-setup.sh new file mode 100644 index 00000000..ce1d6d73 --- /dev/null +++ b/cce/modules/osiris2fhir-setup.sh @@ -0,0 +1,6 @@ +#!/bin/bash +if [ -n "$ENABLE_OSIRIS2FHIR" ]; then + log INFO "OSIRIS2FHIR-REST setup detected -- will start osiris2fhir module." + OVERRIDE+=" -f ./pscc/modules/osiris2fhir-compose.yml" + LOCAL_SALT="$(echo \"local-random-salt\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" +fi \ No newline at end of file diff --git a/pscc/modules/osiris2fhir-compose.yml b/pscc/modules/osiris2fhir-compose.yml index a5fbffbe..6b346d93 100644 --- a/pscc/modules/osiris2fhir-compose.yml +++ b/pscc/modules/osiris2fhir-compose.yml @@ -1,8 +1,10 @@ services: osiris2fhir: container_name: bridgehead-osiris2fhir - image: docker.verbis.dkfz.de/ccp/osiris2fhir:${SITE_ID} + image: docker.verbis.dkfz.de/ccp/osiris2fhir environment: + FHIR_PROFILE: ${PROJECT:-pscc} + LOG_LEVEL: ${LOG_LEVEL:-INFO} SALT: ${LOCAL_SALT} labels: - "traefik.enable=true" diff --git a/pscc/modules/osiris2fhir-setup.sh b/pscc/modules/osiris2fhir-setup.sh index 852a3a85..ce1d6d73 100644 --- a/pscc/modules/osiris2fhir-setup.sh +++ b/pscc/modules/osiris2fhir-setup.sh @@ -1,6 +1,6 @@ #!/bin/bash if [ -n "$ENABLE_OSIRIS2FHIR" ]; then - log INFO "oBDS2FHIR-REST setup detected -- will start osiris2fhir module." + log INFO "OSIRIS2FHIR-REST setup detected -- will start osiris2fhir module." OVERRIDE+=" -f ./pscc/modules/osiris2fhir-compose.yml" LOCAL_SALT="$(echo \"local-random-salt\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" fi \ No newline at end of file