diff --git a/README.md b/README.md index 9d95d32..550f563 100644 --- a/README.md +++ b/README.md @@ -7,8 +7,6 @@ This repository is the starting point for any information and tools you will nee 1. [Requirements](#requirements) - [Hardware](#hardware) - [Software](#software) - - [Git](#git) - - [Docker](#docker) - [Network](#network) 2. [Deployment](#deployment) - [Site name](#site-name) @@ -242,6 +240,29 @@ All of the Bridgehead's outgoing connections are secured by transport encryption Your Bridgehead's actual data is not stored in the above directories, but in named docker volumes, see `docker volume ls` and `docker volume inspect `. +### Directory sync + +This is an optional feature for bbmri projects. It keeps the [BBMRI Directory](https://directory.bbmri-eric.eu/) up to date with your local data eg. number of samples. It also updates the local FHIR store with the latest contact details etc. from the Directory. You must explicitly set your country specific directory url, username and password to enable this feature. + +Full details can be found in [directory_sync_service](https://github.com/samply/directory_sync_service). + +To enable it, you will need to set these variables to the ```bbmri.conf``` file of your GitLab repository. Here is an example config: + +``` +### Directory sync service +DS_DIRECTORY_URL=https://directory.bbmri-eric.eu +DS_DIRECTORY_USER_NAME=your_directory_username +DS_DIRECTORY_USER_PASS=qwdnqwswdvqHBVGFR9887 +DS_TIMER_CRON="0 22 * * *" +``` +You must contact the Directory for your national node to find the URL, and to register as a user. + +Additionally, you should choose when you want Directory sync to run. In the example above, this is set to happen at 10 pm every evening. You can modify this to suit your requirements. The timer specification should follow the [cron](https://crontab.guru) convention. + +Once you edited the gitlab config. The bridgehead will autoupdate the config with the values and will sync the data. + +There will be a delay before the effects of Directory sync become visible. First, you will need to wait until the time you have specified in ```TIMER_CRON```. Second, the information will then be synchronized from your national node with the central European Directory. This can take up to 24 hours. + ## Things you should know ### Auto-Updates diff --git a/bbmri/directory-sync-compose.yml b/bbmri/directory-sync-compose.yml new file mode 100644 index 0000000..9776ecb --- /dev/null +++ b/bbmri/directory-sync-compose.yml @@ -0,0 +1,8 @@ +services: + directory_sync_service: + image: "docker.verbis.dkfz.de/cache/samply/directory_sync_service" + environment: + DS_DIRECTORY_URL: ${DS_DIRECTORY_URL} + DS_DIRECTORY_USER_NAME: ${DS_DIRECTORY_USER_NAME} + DS_DIRECTORY_PASS_CODE: ${DS_DIRECTORY_PASS_CODE} + DS_TIMER_CRON: ${DS_TIMER_CRON} diff --git a/bbmri/directory-sync.sh b/bbmri/directory-sync.sh new file mode 100755 index 0000000..2eeef4a --- /dev/null +++ b/bbmri/directory-sync.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +function dirSetup() { + if [ -n "$DS_DIRECTORY_USER_NAME" ]; then + log INFO "Directory sync setup detected -- will start directory sync service." + OVERRIDE+=" -f ./$PROJECT/directory-sync-compose.yml" + fi +} diff --git a/bbmri/docker-compose.yml b/bbmri/docker-compose.yml index 4255684..d3d156e 100644 --- a/bbmri/docker-compose.yml +++ b/bbmri/docker-compose.yml @@ -24,8 +24,8 @@ services: container_name: bridgehead-focus environment: API_KEY: ${FOCUS_BEAM_SECRET_SHORT} - BEAM_APP_ID_LONG: focus.${PROXY_ID_LONG} - PROXY_ID: ${PROXY_ID_LONG} + BEAM_APP_ID_LONG: focus.${PROXY_ID} + PROXY_ID: ${PROXY_ID} BLAZE_URL: "http://bridgehead-bbmri-blaze:8080/fhir/" BEAM_PROXY_URL: http://beam-proxy:8081 RETRY_COUNT: ${FOCUS_RETRY_COUNT} @@ -38,7 +38,7 @@ services: container_name: bridgehead-beam-proxy environment: BROKER_URL: ${BROKER_URL} - PROXY_ID: ${PROXY_ID_LONG} + PROXY_ID: ${PROXY_ID} APP_0_ID: focus APP_0_KEY: ${FOCUS_BEAM_SECRET_SHORT} PRIVKEY_FILE: /run/secrets/proxy.pem diff --git a/bbmri/vars b/bbmri/vars index be7805a..b5be616 100644 --- a/bbmri/vars +++ b/bbmri/vars @@ -1,6 +1,6 @@ BROKER_ID=broker.bbmri.samply.de BROKER_URL=https://${BROKER_ID} -PROXY_ID_LONG=${SITE_ID}.${BROKER_ID} +PROXY_ID=${SITE_ID}.${BROKER_ID} FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" FOCUS_RETRY_COUNT=32 SUPPORT_EMAIL=bridgehead@helpdesk.bbmri-eric.eu @@ -11,3 +11,7 @@ do log INFO "sourcing $module" source $module done + +# This will load directory-sync setup. +source $PROJECT/directory-sync.sh +dirSetup diff --git a/bridgehead b/bridgehead index 7ca7af1..8d35708 100755 --- a/bridgehead +++ b/bridgehead @@ -105,10 +105,6 @@ case "$ACTION" in ;; enroll) loadVars - if [ -e $PRIVATEKEYFILENAME ]; then - log ERROR "Private key already exists at $PRIVATEKEYFILENAME. Please delete first to proceed." - exit 1 - fi docker run --rm -ti -v /etc/bridgehead/pki:/etc/bridgehead/pki samply/beam-enroll:latest --output-file $PRIVATEKEYFILENAME --proxy-id $PROXY_ID --admin-email $SUPPORT_EMAIL chmod 600 $PRIVATEKEYFILENAME ;; diff --git a/ccp/modules/id-management-setup.sh b/ccp/modules/id-management-setup.sh index ba8ad45..1e24891 100644 --- a/ccp/modules/id-management-setup.sh +++ b/ccp/modules/id-management-setup.sh @@ -6,7 +6,7 @@ function idManagementSetup() { OVERRIDE+=" -f ./$PROJECT/modules/id-management-compose.yml" # Auto Generate local Passwords - PATIENTLIST_POSTGRES_PASSWORD="$(echo \"id-management-module-db-password-salt\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" + PATIENTLIST_POSTGRES_PASSWORD="$(echo \"id-management-module-db-password-salt\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" IDMANAGER_LOCAL_PATIENTLIST_APIKEY="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" # Transform Seeds Configuration to pass it to the Mainzelliste Container diff --git a/ccp/nngm-compose.yml b/ccp/nngm-compose.yml index bd189fb..47bfa70 100644 --- a/ccp/nngm-compose.yml +++ b/ccp/nngm-compose.yml @@ -1,32 +1,24 @@ version: "3.7" +volumes: + nngm-rest: services: connector: container_name: bridgehead-connector - image: docker.verbis.dkfz.de/ccp/connector:bk2 + image: docker.verbis.dkfz.de/ccp/nngm-rest:main environment: - POSTGRES_PASSWORD: ${CONNECTOR_POSTGRES_PASSWORD} - NNGM_MAGICPL_APIKEY: ${NNGM_MAGICPL_APIKEY} - NNGM_MAINZELLISTE_APIKEY: ${NNGM_MAINZELLISTE_APIKEY} - NNGM_CTS_APIKEY: ${NNGM_CTS_APIKEY} - NNGM_CRYPTKEY: ${NNGM_CRYPTKEY} + CTS_MAGICPL_API_KEY: ${NNGM_MAGICPL_APIKEY} + CTS_API_KEY: ${NNGM_CTS_APIKEY} + CRYPT_KEY: ${NNGM_CRYPTKEY} + #CTS_MAGICPL_SITE: ${SITE_ID}TODO restart: always labels: - "traefik.enable=true" - - "traefik.http.routers.connector.rule=PathPrefix(`/ccp-connector`)" + - "traefik.http.routers.connector.rule=PathPrefix(`/nngm-connector`)" + - "traefik.http.middlewares.connector_strip.stripprefix.prefixes=/nngm-connector" - "traefik.http.services.connector.loadbalancer.server.port=8080" - "traefik.http.routers.connector.tls=true" - - connector_db: - image: docker.verbis.dkfz.de/cache/postgres:9.5-alpine - container_name: bridgehead-ccp-connector-db + - "traefik.http.routers.connector.middlewares=connector_strip,auth" volumes: - - "connector_db_data:/var/lib/postgresql/data" - environment: - POSTGRES_DB: "samplyconnector" - POSTGRES_USER: "samplyconnector" - POSTGRES_PASSWORD: ${CONNECTOR_POSTGRES_PASSWORD} - restart: always + - nngm-rest:/var/log -volumes: - connector_db_data: diff --git a/ccp/nngm-setup.sh b/ccp/nngm-setup.sh index ba2e77f..bcc4cd1 100644 --- a/ccp/nngm-setup.sh +++ b/ccp/nngm-setup.sh @@ -1,12 +1,15 @@ #!/bin/bash +##nNGM vars: +#NNGM_MAGICPL_APIKEY +#NNGM_CTS_APIKEY +#NNGM_CRYPTKEY function nngmSetup() { if [ -n "$NNGM_CTS_APIKEY" ]; then log INFO "nNGM setup detected -- will start nNGM Connector." OVERRIDE+=" -f ./$PROJECT/nngm-compose.yml" fi - CONNECTOR_POSTGRES_PASSWORD="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" -} + } function mtbaSetup() { # TODO: Check if ID-Management Module is activated!