Merge remote-tracking branch 'origin/main' into feature/dnpm-connect

README.md

@@ -7,8 +7,6 @@ This repository is the starting point for any information and tools you will nee
 1. [Requirements](#requirements)
     - [Hardware](#hardware)
     - [Software](#software)
-      - [Git](#git)
-      - [Docker](#docker)
     - [Network](#network)
 2. [Deployment](#deployment)
     - [Site name](#site-name)
@@ -242,6 +240,29 @@ All of the Bridgehead's outgoing connections are secured by transport encryption
 
 Your Bridgehead's actual data is not stored in the above directories, but in named docker volumes, see `docker volume ls` and `docker volume inspect <volume_name>`.
 
+### Directory sync
+
+This is an optional feature for bbmri projects. It keeps the [BBMRI Directory](https://directory.bbmri-eric.eu/) up to date with your local data eg. number of samples. It also updates the local FHIR store with the latest contact details etc. from the Directory.  You must explicitly set your country specific directory url, username and password to enable this feature.
+
+Full details can be found in [directory_sync_service](https://github.com/samply/directory_sync_service).
+
+To enable it, you will need to set these variables to the ```bbmri.conf``` file of your GitLab repository. Here is an example config:
+
+```
+### Directory sync service
+DS_DIRECTORY_URL=https://directory.bbmri-eric.eu
+DS_DIRECTORY_USER_NAME=your_directory_username
+DS_DIRECTORY_USER_PASS=qwdnqwswdvqHBVGFR9887
+DS_TIMER_CRON="0 22 * * *"
+```
+You must contact the Directory for your national node to find the URL, and to register as a user.
+
+Additionally, you should choose when you want Directory sync to run. In the example above, this is set to happen at 10 pm every evening. You can modify this to suit your requirements. The timer specification should follow the [cron](https://crontab.guru) convention.
+
+Once you edited the gitlab config. The bridgehead will autoupdate the config with the values and will sync the data.
+
+There will be a delay before the effects of Directory sync become visible. First, you will need to wait until the time you have specified in ```TIMER_CRON```. Second, the information will then be synchronized from your national node with the central European Directory. This can take up to 24 hours.
+
 ## Things you should know
 
 ### Auto-Updates

bbmri/directory-sync-compose.yml

@@ -0,0 +1,8 @@
+services:
+  directory_sync_service:
+    image: "docker.verbis.dkfz.de/cache/samply/directory_sync_service"
+    environment:
+      DS_DIRECTORY_URL: ${DS_DIRECTORY_URL}
+      DS_DIRECTORY_USER_NAME: ${DS_DIRECTORY_USER_NAME}
+      DS_DIRECTORY_PASS_CODE: ${DS_DIRECTORY_PASS_CODE}
+      DS_TIMER_CRON: ${DS_TIMER_CRON}

bbmri/directory-sync.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+function dirSetup() {
+	if [ -n "$DS_DIRECTORY_USER_NAME" ]; then
+		log INFO "Directory sync setup detected -- will start directory sync service."
+		OVERRIDE+=" -f ./$PROJECT/directory-sync-compose.yml"
+	fi
+}

bbmri/docker-compose.yml

@@ -24,8 +24,8 @@ services:
     container_name: bridgehead-focus
     environment:
       API_KEY: ${FOCUS_BEAM_SECRET_SHORT}
-      BEAM_APP_ID_LONG: focus.${PROXY_ID_LONG}
+      BEAM_APP_ID_LONG: focus.${PROXY_ID}
-      PROXY_ID: ${PROXY_ID_LONG}
+      PROXY_ID: ${PROXY_ID}
       BLAZE_URL: "http://bridgehead-bbmri-blaze:8080/fhir/"
       BEAM_PROXY_URL: http://beam-proxy:8081
       RETRY_COUNT: ${FOCUS_RETRY_COUNT}
@@ -38,7 +38,7 @@ services:
     container_name: bridgehead-beam-proxy
     environment:
       BROKER_URL: ${BROKER_URL}
-      PROXY_ID: ${PROXY_ID_LONG}
+      PROXY_ID: ${PROXY_ID}
       APP_0_ID: focus
       APP_0_KEY: ${FOCUS_BEAM_SECRET_SHORT}
       PRIVKEY_FILE: /run/secrets/proxy.pem

bbmri/vars

@@ -1,6 +1,6 @@
 BROKER_ID=broker.bbmri.samply.de
 BROKER_URL=https://${BROKER_ID}
-PROXY_ID_LONG=${SITE_ID}.${BROKER_ID}
+PROXY_ID=${SITE_ID}.${BROKER_ID}
 FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
 FOCUS_RETRY_COUNT=32
 SUPPORT_EMAIL=bridgehead@helpdesk.bbmri-eric.eu
@@ -11,3 +11,7 @@ do
     log INFO "sourcing $module"
     source $module
 done
+
+# This will load directory-sync setup.
+source $PROJECT/directory-sync.sh
+dirSetup

bridgehead

@@ -105,10 +105,6 @@ case "$ACTION" in
 		;;
 	enroll)
 		loadVars
-		if [ -e $PRIVATEKEYFILENAME ]; then
-			log ERROR "Private key already exists at $PRIVATEKEYFILENAME. Please delete first to proceed."
-			exit 1
-		fi
 		docker run --rm -ti -v /etc/bridgehead/pki:/etc/bridgehead/pki samply/beam-enroll:latest --output-file $PRIVATEKEYFILENAME --proxy-id $PROXY_ID --admin-email $SUPPORT_EMAIL
 		chmod 600 $PRIVATEKEYFILENAME
 		;;

ccp/modules/id-management-setup.sh

@@ -6,7 +6,7 @@ function idManagementSetup() {
 		OVERRIDE+=" -f ./$PROJECT/modules/id-management-compose.yml"
 
 		# Auto Generate local Passwords
-		PATIENTLIST_POSTGRES_PASSWORD="$(echo \"id-management-module-db-password-salt\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
+		PATIENTLIST_POSTGRES_PASSWORD="$(echo \"id-management-module-db-password-salt\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
 		IDMANAGER_LOCAL_PATIENTLIST_APIKEY="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
 
 		# Transform Seeds Configuration to pass it to the Mainzelliste Container

ccp/nngm-compose.yml

@@ -1,32 +1,24 @@
 version: "3.7"
+volumes:
+  nngm-rest:
 
 services:
   connector:
     container_name: bridgehead-connector
-    image: docker.verbis.dkfz.de/ccp/connector:bk2
+    image: docker.verbis.dkfz.de/ccp/nngm-rest:main
     environment:
-      POSTGRES_PASSWORD: ${CONNECTOR_POSTGRES_PASSWORD}
+      CTS_MAGICPL_API_KEY: ${NNGM_MAGICPL_APIKEY}
-      NNGM_MAGICPL_APIKEY: ${NNGM_MAGICPL_APIKEY}
+      CTS_API_KEY: ${NNGM_CTS_APIKEY}
-      NNGM_MAINZELLISTE_APIKEY: ${NNGM_MAINZELLISTE_APIKEY}
+      CRYPT_KEY: ${NNGM_CRYPTKEY}
-      NNGM_CTS_APIKEY: ${NNGM_CTS_APIKEY}
+      #CTS_MAGICPL_SITE: ${SITE_ID}TODO
-      NNGM_CRYPTKEY: ${NNGM_CRYPTKEY}
     restart: always
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.connector.rule=PathPrefix(`/ccp-connector`)"
+      - "traefik.http.routers.connector.rule=PathPrefix(`/nngm-connector`)"
+      - "traefik.http.middlewares.connector_strip.stripprefix.prefixes=/nngm-connector"
       - "traefik.http.services.connector.loadbalancer.server.port=8080"
       - "traefik.http.routers.connector.tls=true"
-
+      - "traefik.http.routers.connector.middlewares=connector_strip,auth"
-  connector_db:
-    image: docker.verbis.dkfz.de/cache/postgres:9.5-alpine
-    container_name: bridgehead-ccp-connector-db
     volumes:
-      - "connector_db_data:/var/lib/postgresql/data"
+      - nngm-rest:/var/log
-    environment:
-      POSTGRES_DB: "samplyconnector"
-      POSTGRES_USER: "samplyconnector"
-      POSTGRES_PASSWORD: ${CONNECTOR_POSTGRES_PASSWORD}
-    restart: always
 
-volumes:
-  connector_db_data:

ccp/nngm-setup.sh

@@ -1,12 +1,15 @@
 #!/bin/bash
+##nNGM vars:
+#NNGM_MAGICPL_APIKEY
+#NNGM_CTS_APIKEY
+#NNGM_CRYPTKEY
 
 function nngmSetup() {
 	if [ -n "$NNGM_CTS_APIKEY" ]; then
 		log INFO "nNGM setup detected -- will start nNGM Connector."
 		OVERRIDE+=" -f ./$PROJECT/nngm-compose.yml"
 	fi
-	CONNECTOR_POSTGRES_PASSWORD="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
+	}
-}
 
 function mtbaSetup() {
 	# TODO: Check if ID-Management Module is activated!