samply
/
bridgehead
mirror of https://github.com/samply/bridgehead.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'version-1' into feature/landingpage-as-container

This commit is contained in:
Patrick Skowronek 2022-05-10 14:00:58 +02:00
parent 66120a4ae7 95b2fdae08
commit 25cee2ff5b
6 changed files with 46 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
README.md
View File

@ -44,7 +44,7 @@ The Bridgehead has two primary components:
* The **Blaze Store**. This is a highly responsive FHIR data store, which you will need to fill with your data via an ETL chain.
* The **Connector**. This is the communication portal to the Sample Locator, with specially designed features that make it possible to run it behind a corporate firewall without making any compromises on security.
#### CPP(DKTK/C4)
#### CCP(DKTK/C4)
TODO:
@ -72,13 +72,14 @@ For running your bridgehead we recommend the follwing Hardware:
- 4 CPU cores
- At least 8 GB Ram
- 100GB Hard Drive, recomended is a SSD
- 100GB Hard Drive, SSD recommended
### System Requirements
Before starting the installation process, please ensure that following software is available on your system:
//Remove
#### [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
To check that you have a working git installation, please run
@ -90,6 +91,8 @@ rm -rf Hello-World;
```
If you see the output "Hello World!" your installation should be working.
//Just install docker-compose und docker with version
#### [Docker](https://docs.docker.com/get-docker/)
To check your docker installation, you can try to execute dockers "Hello World" Image. The command is:
@ -149,10 +152,15 @@ sudo git clone https://github.com/samply/bridgehead.git /srv/docker/bridgehead;
When using the systemd services we you need to create a bridgehead user for security reasons. This should be done after clone the repository. Since not all linux distros support ```adduser```, we provide a action for the systemcall ```useradd```.
//
``` shell
adduser --no-create-home --disabled-login --ingroup docker --gecos "" bridgehead
```
``` shell
useradd -M -g docker -N -s /sbin/nologin bridgehead
chown bridghead /srv/docker/bridgehead/ -R
chown bridgehead /srv/docker/bridgehead/ -R
```
@ -165,23 +173,23 @@ sudo git clone https://github.com/samply/bridgehead-config.git /etc/bridgehead;
You should now be able to run a bridgehead instance. To check if everything works, execute the following:
``` shell
sudo ./start-bridgehead.sh <project>;
/srv/docker/bridgehead/bridgehead start <project>
```
You should now be able to access the landing page on your system, e.g "https://<your-host>/"
To shutdown the bridgehead just run.
``` shell
sudo ./stop-bridgehead.sh <project>;
/srv/docker/bridgehead/bridgehead stop <project>
```
We recomend to run firstly with the start and stop script and if aviable run the systemd service, which also enables automatic updates and more.
We recommend to run first with the start and stop script and if aviable run the systemd service, which also enables automatic updates and more.
### Systemd service
For a server, we highly recommend that you install the system units for managing the bridgehead, provided by us. You can do this by executing the [setup-bridgehead-units.sh](./lib/setup-bridgehead-units.sh) script:
For a server, we highly recommend that you install the system units for managing the bridgehead, provided by us. You can do this by executing the [bridgehead](./bridgehead) script:
``` shell
sudo ./lib/setup-bridgehead-units.sh <project>
sudo /srv/docker/bridgehead/bridgehead install <project>
```
Finally, you need to configure your sites secrets. These are places as configuration for each bridgeheads system unit. Refer to the section for your specific project:
@ -216,7 +224,7 @@ To make the configuration effective, you need to tell systemd to reload the conf
``` shell
sudo systemctl daemon-reload;
sudo systemctl bridgehead@cpp.service;
sudo systemctl bridgehead@ccp.service;
```
### DKTK/C4
@ -376,34 +384,34 @@ sudo systemctl start bridgehead-update@<dktk/c4/gbn>
#### Remove the Bridgehead System Units
If, for some reason you want to remove the installed bridgehead units, we added a [script](./lib/remove-bridgehead-units.sh) you can execute:
If, for some reason you want to remove the installed bridgehead units, we added a command to [bridgehead](./bridgehead):
``` shell
sudo ./lib/remove-bridgehead-units.sh
sudo /srv/docker/bridgehead/bridgehead uninstall <project>
```
### On Developers Machine
For developers, we provide additional scripts for starting and stopping the specif bridgehead:
#### Start
#### Start or stop
This shell script start a specified bridgehead. Choose between "dktk", "c4" and "gbn".
This command starts a specified bridgehead. Choose between "dktk", "c4" and "gbn".
``` shell
./start-bridgehead <dktk/c4/gbn>
/srv/docker/bridgehead/bridgehead start <dktk/c4/gbn>
```
#### Stop
This shell script stops a specified bridgehead. Choose between "dktk", "c4" and "gbn".
This command stops a specified bridgehead. Choose between "dktk", "c4" and "gbn".
``` shell
./stop-bridgehead <dktk/c4/gbn>
/srv/docker/bridgehead/bridgehead stop <dktk/c4/gbn>
```
#### Update
This shell script updates the configuration for all bridgeheads installed on your system.
``` shell
./update-bridgehead
/srv/docker/bridgehead/bridgehead update
```
> NOTE: If you want to regularly update your developing instance, you can create a CRON job that executes this script.

12
ccp/docker-compose.yml
View File

@ -3,7 +3,7 @@ version: "3.7"
services:
traefik:
container_name: bridgehead-traefik
image: traefik:2.4
image: traefik:latest
command:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
@ -62,20 +62,20 @@ services:
- "blaze-data:/app/data"
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.cpp-auth.basicauth.users=${bc_auth_users}"
- "traefik.http.middlewares.ccp-auth.basicauth.users=${bc_auth_users}"
- "traefik.http.routers.blaze_ccp.rule=PathPrefix(`/ccp-localdatamanagement`)"
- "traefik.http.middlewares.ccp_b_strip.stripprefix.prefixes=/ccp-localdatamanagement"
- "traefik.http.services.blaze_ccp.loadbalancer.server.port=8080"
- "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,cpp-auth"
- "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,ccp-auth"
- "traefik.http.routers.blaze_ccp.tls=true"
ccp-search-share:
image: "ghcr.io/samply/dktk-fed-search-share:main"
image: "samply/dktk-fed-search-share"
container_name: bridgehead-ccp-share
environment:
APP_BASE_URL: "http://dktk-fed-search-share:8080"
APP_BROKER_BASEURL: "https://dktk-fed-search.verbis.dkfz.de/broker/rest/searchbroker"
APP_BROKER_MAIL: ${CCP_MAIL}
APP_BROKER_MAIL: ${CCP_SEARCHBROKER_USERNAME}
APP_STORE_BASEURL: "http://bridgehead-ccp-blaze:8080/fhir"
SPRING_DATASOURCE_URL: "jdbc:postgresql://bridgehead-ccp-share-db:5432/dktk-fed-search-share"
JAVA_TOOL_OPTIONS: "-Xmx1g"
@ -88,7 +88,7 @@ services:
- blaze
labels:
- "traefik.enable=true"
- "traefik.http.routers.dktk-fed-search.rule=PathPrefix(`/cpp-connector`)"
- "traefik.http.routers.dktk-fed-search.rule=PathPrefix(`/ccp-connector`)"
- "traefik.http.services.dktk-fed-search.loadbalancer.server.port=8080"
ccp-search-share-db:

8
gbn/docker-compose.yml
View File

@ -1,4 +1,4 @@
version: '3.4'
version: '3.7'
volumes:
gbn-connector-logs:
@ -8,7 +8,7 @@ volumes:
services:
traefik:
container_name: bridgehead-traefik
image: traefik:2.4
image: traefik:2
command:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
@ -67,11 +67,11 @@ services:
- "blaze-data:/app/data"
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.cpp-auth.basicauth.users=${bc_auth_users}"
- "traefik.http.middlewares.ccp-auth.basicauth.users=${bc_auth_users}"
- "traefik.http.routers.blaze_ccp.rule=PathPrefix(`/ccp-localdatamanagement`)"
- "traefik.http.middlewares.ccp_b_strip.stripprefix.prefixes=/ccp-localdatamanagement"
- "traefik.http.services.blaze_ccp.loadbalancer.server.port=8080"
- "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,cpp-auth"
- "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,ccp-auth"
- "traefik.http.routers.blaze_ccp.tls=true"
gbn-connector:

7
lib/add_bc_user.sh
View File

@ -1,14 +1,15 @@
#!/bin/bash -e
source lib/functions.sh
echo "This script add's a user with password to the bridghead"
log "This script add's a user with password to the bridghead"
if [ $# -eq 0 ]; then
echo "No arguments provided, please provide the project name"
log "No arguments provided, please provide the project name"
exit 1
fi
if [ ! -f /etc/systemd/system/bridgehead@$1.service.d/override.conf ]; then
echo "Please create a Service first, with setup-bridgehead-units.sh"
log "Please create a Service first, with setup-bridgehead-units.sh"
exit
fi

6
lib/remove-bridgehead-units.sh
View File

@ -3,12 +3,12 @@
source lib/functions.sh
if [ $# -eq 0 ]; then
echo "Please provide a Project as argument"
log "Please provide a Project as argument"
exit 1
fi
if [ $1 != "ccp" ] && [ $1 != "nngm" ] && [ $1 != "gbn" ]; then
echo "Please provide a supported project like ccp, gbn or nngm"
log "Please provide a supported project like ccp, gbn or nngm"
exit 1
fi
@ -16,7 +16,7 @@ export project=$1
#checkRequirements // not needed when uninstalling
echo "Stopping systemd services and removing bridgehead ..."
log "Stopping systemd services and removing bridgehead ..."
systemctl disable --now bridgehead@${project}.service bridgehead-update@${project}.timer bridgehead-update@${project}.service

8
lib/setup-bridgehead-units.sh
View File

@ -5,12 +5,12 @@ source lib/functions.sh
exitIfNotRoot
if [ $# -eq 0 ]; then
echo "Please provide a Project as argument"
log "Please provide a Project as argument"
exit 1
fi
if [ $1 != "ccp" ] && [ $1 != "nngm" ] && [ $1 != "gbn" ]; then
echo "Please provide a supported project like ccp, gbn or nngm"
log "Please provide a supported project like ccp, gbn or nngm"
exit 1
fi
@ -30,9 +30,9 @@ systemctl daemon-reload
echo
if ! systemctl is-active --quiet bridgehead@"${project}"; then
echo "Enabling autostart of bridgehead@${project}.service"
log "Enabling autostart of bridgehead@${project}.service"
systemctl enable bridgehead@"${project}"
echo "Enabling nightly updates for bridgehead@${project}.service ..."
log "Enabling nightly updates for bridgehead@${project}.service ..."
systemctl enable --now bridgehead-update@"${project}".timer
fi