From c02da838c71985bf3697994efe660da11fa7221f Mon Sep 17 00:00:00 2001
From: Tobias Kussel <tobias.kussel@dkfz-heidelberg.de>
Date: Fri, 15 Dec 2023 09:41:11 +0000
Subject: [PATCH] Cleanup dnpm connect module

---
 bbmri/modules/dnpm-compose.yml   |  6 ++++--
 bbmri/modules/dnpm-setup.sh      |  1 -
 ccp/modules/dnpm-compose.yml     |  4 +++-
 ccp/modules/dnpm-setup.sh        |  1 -
 ccp/root-new.crt.pem             | 20 --------------------
 minimal/modules/dnpm-compose.yml |  6 ++++--
 minimal/modules/dnpm-setup.sh    |  5 ++++-
 7 files changed, 15 insertions(+), 28 deletions(-)
 delete mode 100644 ccp/root-new.crt.pem

diff --git a/bbmri/modules/dnpm-compose.yml b/bbmri/modules/dnpm-compose.yml
index 90f0c07..099bf0a 100644
--- a/bbmri/modules/dnpm-compose.yml
+++ b/bbmri/modules/dnpm-compose.yml
@@ -18,7 +18,7 @@ services:
       - "forward_proxy"
     volumes:
       - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
-      - /srv/docker/bridgehead/ccp/root-new.crt.pem:/conf/root.crt.pem:ro
+      - /srv/docker/bridgehead/ccp/root.crt.pem:/conf/root.crt.pem:ro
 
   dnpm-beam-connect:
     depends_on: [ dnpm-beam-proxy ]
@@ -32,9 +32,11 @@ services:
       LOCAL_TARGETS_FILE: "./conf/connect_targets.json"
       HTTP_PROXY: http://forward_proxy:3128
       HTTPS_PROXY: http://forward_proxy:3128
-      NO_PROXY: dnpm-beam-proxy,dnpm-backend
+      NO_PROXY: dnpm-beam-proxy,dnpm-backend, host.docker.internal
       RUST_LOG: ${RUST_LOG:-info}
       NO_AUTH: "true"
+    extra_host:
+      - "host.docker.internal:host-gateway"
     volumes:
       - /etc/bridgehead/dnpm/local_targets.json:/conf/connect_targets.json:ro
       - /etc/bridgehead/dnpm/central_targets.json:/conf/central_targets.json:ro
diff --git a/bbmri/modules/dnpm-setup.sh b/bbmri/modules/dnpm-setup.sh
index ce37632..72f3199 100644
--- a/bbmri/modules/dnpm-setup.sh
+++ b/bbmri/modules/dnpm-setup.sh
@@ -5,7 +5,6 @@ if [ -n "${ENABLE_DNPM}" ]; then
 	OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose.yml"
 
 	# Set variables required for Beam-Connect
-	DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password for DNPM. It is not required to be secret.\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
 	DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
 	DNPM_BROKER_ID="broker.ccp-it.dktk.dkfz.de"
 	DNPM_BROKER_URL="https://${DNPM_BROKER_ID}"
diff --git a/ccp/modules/dnpm-compose.yml b/ccp/modules/dnpm-compose.yml
index 87f2744..5a56e97 100644
--- a/ccp/modules/dnpm-compose.yml
+++ b/ccp/modules/dnpm-compose.yml
@@ -16,9 +16,11 @@ services:
       LOCAL_TARGETS_FILE: "./conf/connect_targets.json"
       HTTP_PROXY: "http://forward_proxy:3128"
       HTTPS_PROXY: "http://forward_proxy:3128"
-      NO_PROXY: beam-proxy,dnpm-backend
+      NO_PROXY: beam-proxy,dnpm-backend,host.docker.internal
       RUST_LOG: ${RUST_LOG:-info}
       NO_AUTH: "true"
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
     volumes:
       - /etc/bridgehead/dnpm/local_targets.json:/conf/connect_targets.json:ro
       - /etc/bridgehead/dnpm/central_targets.json:/conf/central_targets.json:ro
diff --git a/ccp/modules/dnpm-setup.sh b/ccp/modules/dnpm-setup.sh
index b3dd636..76c378a 100644
--- a/ccp/modules/dnpm-setup.sh
+++ b/ccp/modules/dnpm-setup.sh
@@ -5,6 +5,5 @@ if [ -n "${ENABLE_DNPM}" ]; then
 	OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose.yml"
 
 	# Set variables required for Beam-Connect
-	DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password for DNPM. It is not required to be secret.\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
 	DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
 fi
diff --git a/ccp/root-new.crt.pem b/ccp/root-new.crt.pem
deleted file mode 100644
index 100011d..0000000
--- a/ccp/root-new.crt.pem
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDNTCCAh2gAwIBAgIUN7yzueIZzwpe8PaPEIMY8zoH+eMwDQYJKoZIhvcNAQEL
-BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjMwNTIzMTAxNzIzWhcNMzMw
-NTIwMTAxNzUzWjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAN5JAj+HydSGaxvA0AOcrXVTZ9FfsH0cMVBlQb72
-bGZgrRvkqtB011TNXZfsHl7rPxCY61DcsDJfFq3+8VHT+S9HE0qV1bEwP+oA3xc4
-Opq77av77cNNOqDC7h+jyPhHcUaE33iddmrH9Zn2ofWTSkKHHu3PAe5udCrc2QnD
-4PLRF6gqiEY1mcGknJrXj1ff/X0nRY/m6cnHNXz0Cvh8oPOtbdfGgfZjID2/fJNP
-fNoNKqN+5oJAZ+ZZ9id9rBvKj1ivW3F2EoGjZF268SgZzc5QrM/D1OpSBQf5SF/V
-qUPcQTgt9ry3YR+SZYazLkfKMEOWEa0WsqJVgXdQ6FyergcCAwEAAaN7MHkwDgYD
-VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEa70kcseqU5
-bHx2zSt4bG21HokhMB8GA1UdIwQYMBaAFEa70kcseqU5bHx2zSt4bG21HokhMBYG
-A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQCGmE7NXW4T
-6J4mV3b132cGEMD7grx5JeiXK5EHMlswUS+Odz0NcBNzhUHdG4WVMbrilHbI5Ua+
-6jdKx5WwnqzjQvElP0MCw6sH/35gbokWgk1provOP99WOFRsQs+9Sm8M2XtMf9HZ
-m3wABwU/O+dhZZ1OT1PjSZD0OKWKqH/KvlsoF5R6P888KpeYFiIWiUNS5z21Jm8A
-ZcllJjiRJ60EmDwSUOQVJJSMOvtr6xTZDZLtAKSN8zN08lsNGzyrFwqjDwU0WTqp
-scMXEGBsWQjlvxqDnXyljepR0oqRIjOvgrWaIgbxcnu98tK/OdBGwlAPKNUW7Crr
-vO+eHxl9iqd4
------END CERTIFICATE-----
\ No newline at end of file
diff --git a/minimal/modules/dnpm-compose.yml b/minimal/modules/dnpm-compose.yml
index adf04a4..0b45bb8 100644
--- a/minimal/modules/dnpm-compose.yml
+++ b/minimal/modules/dnpm-compose.yml
@@ -18,7 +18,7 @@ services:
       - "forward_proxy"
     volumes:
       - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
-      - /srv/docker/bridgehead/ccp/root-new.crt.pem:/conf/root.crt.pem:ro
+      - /srv/docker/bridgehead/ccp/root.crt.pem:/conf/root.crt.pem:ro
 
   dnpm-beam-connect:
     depends_on: [ dnpm-beam-proxy ]
@@ -32,9 +32,11 @@ services:
       LOCAL_TARGETS_FILE: "./conf/connect_targets.json"
       HTTP_PROXY: http://forward_proxy:3128
       HTTPS_PROXY: http://forward_proxy:3128
-      NO_PROXY: dnpm-beam-proxy,dnpm-backend
+      NO_PROXY: dnpm-beam-proxy,dnpm-backend, host.docker.internal
       RUST_LOG: ${RUST_LOG:-info}
       NO_AUTH: "true"
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
     volumes:
       - /etc/bridgehead/dnpm/local_targets.json:/conf/connect_targets.json:ro
       - /etc/bridgehead/dnpm/central_targets.json:/conf/central_targets.json:ro
diff --git a/minimal/modules/dnpm-setup.sh b/minimal/modules/dnpm-setup.sh
index 7b3be9a..6de19b8 100644
--- a/minimal/modules/dnpm-setup.sh
+++ b/minimal/modules/dnpm-setup.sh
@@ -5,9 +5,12 @@ if [ -n "${ENABLE_DNPM}" ]; then
 	OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose.yml"
 
 	# Set variables required for Beam-Connect
-	DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password for DNPM. It is not required to be secret.\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
 	DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
 	DNPM_BROKER_ID="broker.ccp-it.dktk.dkfz.de"
 	DNPM_BROKER_URL="https://${DNPM_BROKER_ID}"
+	if [ -z ${BROKER_URL_FOR_PREREQ+x} ]; then
+		BROKER_URL_FOR_PREREQ=$DNPM_BROKER_URL
+		log DEBUG "No Broker for clock check set; using $DNPM_BROKER_URL"
+	fi
 	DNPM_PROXY_ID="${SITE_ID}.${DNPM_BROKER_ID}"
 fi