From 230ff1debbcd1412e1c247427c556b30ff059ce1 Mon Sep 17 00:00:00 2001 From: Pierre Delpy <75260699+PierreDelpy@users.noreply.github.com> Date: Wed, 5 Nov 2025 15:18:00 +0100 Subject: [PATCH] feat: add PSCC * add pscc and prepare lens2 deployment --------- Co-authored-by: p.delpy@dkfz-heidelberg.de Co-authored-by: Jan <59206115+Threated@users.noreply.github.com> --- bridgehead | 3 ++ cce/modules/lens-compose.yml | 35 ++++++++++-------- cce/vars | 2 +- itcc/docker-compose.yml | 1 + itcc/modules/lens-compose.yml | 1 + lib/functions.sh | 2 +- lib/prepare-system.sh | 3 ++ pscc/docker-compose.yml | 67 +++++++++++++++++++++++++++++++++++ pscc/modules/lens-compose.yml | 40 +++++++++++++++++++++ pscc/modules/lens-setup.sh | 5 +++ pscc/root.crt.pem | 20 +++++++++++ pscc/vars | 14 ++++++++ 12 files changed, 177 insertions(+), 16 deletions(-) create mode 100644 pscc/docker-compose.yml create mode 100644 pscc/modules/lens-compose.yml create mode 100644 pscc/modules/lens-setup.sh create mode 100644 pscc/root.crt.pem create mode 100644 pscc/vars diff --git a/bridgehead b/bridgehead index 9483767..a384d85 100755 --- a/bridgehead +++ b/bridgehead @@ -35,6 +35,9 @@ case "$PROJECT" in cce) #nothing extra to do ;; + pscc) + #nothing extra to do + ;; itcc) #nothing extra to do ;; diff --git a/cce/modules/lens-compose.yml b/cce/modules/lens-compose.yml index d9ec6e2..cb173bc 100644 --- a/cce/modules/lens-compose.yml +++ b/cce/modules/lens-compose.yml @@ -1,32 +1,39 @@ version: "3.7" services: - landing: + lens: container_name: lens_federated-search - image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID} + image: ghcr.io/samply/cce-explorer:pr-1 labels: + - "traefik.http.services.lens.loadbalancer.server.port=3000" - "traefik.enable=true" - - "traefik.http.routers.landing.rule=PathPrefix(`/`)" - - "traefik.http.services.landing.loadbalancer.server.port=80" - - "traefik.http.routers.landing.tls=true" + - "traefik.http.routers.lens.rule=Host(`${HOST}`)" + - "traefik.http.routers.lens.tls=true" spot: - image: docker.verbis.dkfz.de/ccp-private/central-spot + image: samply/rustyspot:latest environment: + HTTP_PROXY: ${HTTP_PROXY_URL} + HTTPS_PROXY: ${HTTPS_PROXY_URL} + NO_PROXY: beam-proxy BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}" - BEAM_URL: http://beam-proxy:8081 - BEAM_PROXY_ID: ${SITE_ID} - BEAM_BROKER_ID: ${BROKER_ID} - BEAM_APP_ID: "focus" + BEAM_PROXY_URL: http://beam-proxy:8081 + BEAM_APP_ID: "spot.${SITE_ID}.${BROKER_ID}" + CORS_ORIGIN: "https://${HOST}" + SITES: ${SITES} + TRANSFORM: LENS + PROJECT: cce + BIND_ADDR: 0.0.0.0:8055 depends_on: - "beam-proxy" labels: - "traefik.enable=true" - - "traefik.http.services.spot.loadbalancer.server.port=8080" + - "traefik.http.services.spot.loadbalancer.server.port=8055" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST" + - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowheaders=content-type" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true" - "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1" - - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/backend`)" - - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/backend" + - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/prod`)" + - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/prod" - "traefik.http.routers.spot.tls=true" - - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot,auth" + - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot,auth" \ No newline at end of file diff --git a/cce/vars b/cce/vars index 7d0c1a3..9338bd5 100644 --- a/cce/vars +++ b/cce/vars @@ -11,4 +11,4 @@ for module in $PROJECT/modules/*.sh do log DEBUG "sourcing $module" source $module -done +done \ No newline at end of file diff --git a/itcc/docker-compose.yml b/itcc/docker-compose.yml index 18adb6f..f69c13d 100644 --- a/itcc/docker-compose.yml +++ b/itcc/docker-compose.yml @@ -34,6 +34,7 @@ services: EPSILON: 0.28 QUERIES_TO_CACHE: '/queries_to_cache.conf' ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze} + CQL_PROJECTS_ENABLED: "itcc" volumes: - /srv/docker/bridgehead/itcc/queries_to_cache.conf:/queries_to_cache.conf:ro depends_on: diff --git a/itcc/modules/lens-compose.yml b/itcc/modules/lens-compose.yml index d9ec6e2..d19c372 100644 --- a/itcc/modules/lens-compose.yml +++ b/itcc/modules/lens-compose.yml @@ -17,6 +17,7 @@ services: BEAM_PROXY_ID: ${SITE_ID} BEAM_BROKER_ID: ${BROKER_ID} BEAM_APP_ID: "focus" + PROJECT_METADATA: "itcc" depends_on: - "beam-proxy" labels: diff --git a/lib/functions.sh b/lib/functions.sh index c0f4257..7f2f78c 100644 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -337,7 +337,7 @@ function sync_secrets() { } function secret_sync_gitlab_token() { - if [ "$PROJECT" == "minimal" ]; then + if [[ "$PROJECT" != "dktk" && "$PROJECT" != "bbmri" ]]; then log "INFO" "Not running Secret Sync for project minimal" return fi diff --git a/lib/prepare-system.sh b/lib/prepare-system.sh index b6aba52..a4f68d2 100755 --- a/lib/prepare-system.sh +++ b/lib/prepare-system.sh @@ -55,6 +55,9 @@ case "$PROJECT" in cce) site_configuration_repository_middle="git.verbis.dkfz.de/cce-sites/" ;; + pscc) + site_configuration_repository_middle="git.verbis.dkfz.de/pscc-sites/" + ;; itcc) site_configuration_repository_middle="git.verbis.dkfz.de/itcc-sites/" ;; diff --git a/pscc/docker-compose.yml b/pscc/docker-compose.yml new file mode 100644 index 0000000..f3343d4 --- /dev/null +++ b/pscc/docker-compose.yml @@ -0,0 +1,67 @@ +version: "3.7" + +services: + blaze: + image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG} + container_name: bridgehead-pscc-blaze + environment: + BASE_URL: "http://bridgehead-pscc-blaze:8080" + JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m" + DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000} + DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP} + CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32} + ENFORCE_REFERENTIAL_INTEGRITY: "false" + volumes: + - "blaze-data:/app/data" + labels: + - "traefik.enable=true" + - "traefik.http.routers.blaze_pscc.rule=PathPrefix(`/pscc-localdatamanagement`)" + - "traefik.http.middlewares.pscc_b_strip.stripprefix.prefixes=/pscc-localdatamanagement" + - "traefik.http.services.blaze_pscc.loadbalancer.server.port=8080" + - "traefik.http.routers.blaze_pscc.middlewares=pscc_b_strip,auth" + - "traefik.http.routers.blaze_pscc.tls=true" + + focus: + image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG} + container_name: bridgehead-focus + environment: + API_KEY: ${FOCUS_BEAM_SECRET_SHORT} + BEAM_APP_ID_LONG: focus.${PROXY_ID} + PROXY_ID: ${PROXY_ID} + BLAZE_URL: "http://bridgehead-pscc-blaze:8080/fhir/" + BEAM_PROXY_URL: http://beam-proxy:8081 + RETRY_COUNT: ${FOCUS_RETRY_COUNT} + EPSILON: 0.28 + ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze} + depends_on: + - "beam-proxy" + - "blaze" + + beam-proxy: + image: docker.verbis.dkfz.de/cache/samply/beam-proxy:${BEAM_TAG} + container_name: bridgehead-beam-proxy + environment: + BROKER_URL: ${BROKER_URL} + PROXY_ID: ${PROXY_ID} + APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT} + PRIVKEY_FILE: /run/secrets/proxy.pem + ALL_PROXY: http://forward_proxy:3128 + TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs + ROOTCERT_FILE: /conf/root.crt.pem + secrets: + - proxy.pem + depends_on: + - "forward_proxy" + volumes: + - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro + - /srv/docker/bridgehead/pscc/root.crt.pem:/conf/root.crt.pem:ro + + landing: + profiles: [deactivated] + +volumes: + blaze-data: + +secrets: + proxy.pem: + file: /etc/bridgehead/pki/${SITE_ID}.priv.pem diff --git a/pscc/modules/lens-compose.yml b/pscc/modules/lens-compose.yml new file mode 100644 index 0000000..4571c7b --- /dev/null +++ b/pscc/modules/lens-compose.yml @@ -0,0 +1,40 @@ +version: "3.7" +services: + lens: + container_name: lens-federated-search + image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID} + labels: + - "traefik.http.services.lens.loadbalancer.server.port=3000" + - "traefik.enable=true" + - "traefik.http.routers.lens.rule=Host(`${HOST}`)" + - "traefik.http.routers.lens.tls=true" + + spot: + image: samply/rustyspot:latest + platform: linux/amd64 + environment: + HTTP_PROXY: ${HTTP_PROXY_URL} + HTTPS_PROXY: ${HTTPS_PROXY_URL} + NO_PROXY: beam-proxy + BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}" + BEAM_PROXY_URL: http://beam-proxy:8081 + BEAM_APP_ID: "spot.${SITE_ID}.${BROKER_ID}" + CORS_ORIGIN: "https://${HOST}" + SITES: ${SITES} + TRANSFORM: LENS + PROJECT: pscc + BIND_ADDR: 0.0.0.0:8055 + depends_on: + - "beam-proxy" + labels: + - "traefik.enable=true" + - "traefik.http.services.spot.loadbalancer.server.port=8055" + - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST" + - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowheaders=content-type" + - "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}" + - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true" + - "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1" + - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/prod`)" + - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/prod" + - "traefik.http.routers.spot.tls=true" + - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot,auth" \ No newline at end of file diff --git a/pscc/modules/lens-setup.sh b/pscc/modules/lens-setup.sh new file mode 100644 index 0000000..c19dc4b --- /dev/null +++ b/pscc/modules/lens-setup.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +if [ -n "$ENABLE_LENS" ];then + OVERRIDE+=" -f ./$PROJECT/modules/lens-compose.yml" +fi \ No newline at end of file diff --git a/pscc/root.crt.pem b/pscc/root.crt.pem new file mode 100644 index 0000000..1f1265a --- /dev/null +++ b/pscc/root.crt.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNTCCAh2gAwIBAgIUW34NEb7bl0+Ywx+I1VKtY5vpAOowDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjQwMTIyMTMzNzEzWhcNMzQw +MTE5MTMzNzQzWjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAL5UegLXTlq3XRRj8LyFs3aF0tpRPVoW9RXp5kFI +TnBvyO6qjNbMDT/xK+4iDtEX4QQUvsxAKxfXbe9i1jpdwjgH7JHaSGm2IjAiKLqO +OXQQtguWwfNmmp96Ql13ArLj458YH08xMO/w2NFWGwB/hfARa4z/T0afFuc/tKJf +XbGCG9xzJ9tmcG45QN8NChGhVvaTweNdVxGWlpHxmi0Mn8OM9CEuB7nPtTTiBuiu +pRC2zVVmNjVp4ktkAqL7IHOz+/F5nhiz6tOika9oD3376Xj055lPznLcTQn2+4d7 +K7ZrBopCFxIQPjkgmYRLfPejbpdUjK1UVJw7hbWkqWqH7JMCAwEAAaN7MHkwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGjvRcaIP4HM +poIguUAK9YL2n7fbMB8GA1UdIwQYMBaAFGjvRcaIP4HMpoIguUAK9YL2n7fbMBYG +A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQCbzycJSaDm +AXXNJqQ88djrKs5MDXS8RIjS/cu2ayuLaYDe+BzVmUXNA0Vt9nZGdaz63SLLcjpU +fNSxBfKbwmf7s30AK8Cnfj9q4W/BlBeVizUHQsg1+RQpDIdMrRQrwkXv8mfLw+w5 +3oaXNW6W/8KpBp/H8TBZ6myl6jCbeR3T8EMXBwipMGop/1zkbF01i98Xpqmhx2+l +n+80ofPsSspOo5XmgCZym8CD/m/oFHmjcvOfpOCvDh4PZ+i37pmbSlCYoMpla3u/ +7MJMP5lugfLBYNDN2p+V4KbHP/cApCDT5UWLOeAWjgiZQtHH5ilDeYqEc1oPjyJt +Rtup0MTxSJtN +-----END CERTIFICATE----- \ No newline at end of file diff --git a/pscc/vars b/pscc/vars new file mode 100644 index 0000000..7849cbe --- /dev/null +++ b/pscc/vars @@ -0,0 +1,14 @@ +BROKER_ID=test-no-real-data.broker.samply.de +BROKER_URL=https://${BROKER_ID} +PROXY_ID=${SITE_ID}.${BROKER_ID} +FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" +FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64} +SUPPORT_EMAIL=denis.koether@dkfz-heidelberg.de +PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem +BROKER_URL_FOR_PREREQ=$BROKER_URL + +for module in $PROJECT/modules/*.sh +do + log DEBUG "sourcing $module" + source $module +done