From 07c0c4534e4067eec5cedd10d561dd8b584f4c35 Mon Sep 17 00:00:00 2001
From: Martin Lablans <m.lablans@dkfz-heidelberg.de>
Date: Tue, 25 Oct 2022 11:45:01 +0200
Subject: [PATCH 1/4] Make this work for BBMRI-ERIC

---
 bbmri/docker-compose.yml       | 116 +++++++++++++++++++++++++++++++++
 bbmri/vars                     |   7 ++
 bridgehead                     |   2 +-
 gbn/docker-compose.yml         | 100 ----------------------------
 lib/functions.sh               |   2 +-
 lib/remove-bridgehead-units.sh |   4 +-
 lib/setup-bridgehead-units.sh  |   4 +-
 7 files changed, 129 insertions(+), 106 deletions(-)
 create mode 100644 bbmri/docker-compose.yml
 create mode 100644 bbmri/vars
 delete mode 100644 gbn/docker-compose.yml

diff --git a/bbmri/docker-compose.yml b/bbmri/docker-compose.yml
new file mode 100644
index 0000000..825ec6a
--- /dev/null
+++ b/bbmri/docker-compose.yml
@@ -0,0 +1,116 @@
+version: "3.7"
+
+services:
+  traefik:
+    container_name: bridgehead-traefik
+    image: traefik:latest
+    command:
+      - --entrypoints.web.address=:80
+      - --entrypoints.websecure.address=:443
+      - --providers.docker=true
+      - --providers.file.watch=true
+      - --providers.file.directory=/configuration/
+      - --api.dashboard=true
+      - --accesslog=true # print access-logs
+      - --entrypoints.web.http.redirections.entrypoint.to=websecure
+      - --entrypoints.web.http.redirections.entrypoint.scheme=https
+    labels:
+      - "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
+      - "traefik.http.routers.dashboard.entrypoints=websecure"
+      - "traefik.http.routers.dashboard.service=api@internal"
+      - "traefik.http.routers.dashboard.tls=true"
+      - "traefik.http.routers.dashboard.middlewares=auth"
+      - "traefik.http.middlewares.auth.basicauth.users=${bc_auth_users}"
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - /etc/bridgehead/traefik-tls:/certs:ro
+      - ../lib/traefik-configuration/:/configuration:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+
+  forward_proxy:
+    container_name: bridgehead-forward-proxy
+    image: samply/bridgehead-forward-proxy:latest
+    environment:
+      HTTPS_PROXY: ${HTTPS_PROXY_URL}
+      USERNAME: ${HTTPS_PROXY_USERNAME}
+      PASSWORD: ${HTTPS_PROXY_PASSWORD}
+    volumes:
+      - /etc/bridgehead/trusted-ca-certs:/docker/custom-certs/:ro
+
+  landing:
+    container_name: bridgehead-landingpage
+    image: samply/bridgehead-landingpage:master
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.landing.rule=PathPrefix(`/`)"
+      - "traefik.http.services.landing.loadbalancer.server.port=80"
+      - "traefik.http.routers.landing.tls=true"
+    environment:
+      HOST: ${HOST}
+      PROJECT: ${PROJECT}
+      SITE_NAME: ${SITE_NAME}
+
+  blaze:
+    image: "samply/blaze:0.18"
+    container_name: bridgehead-ccp-blaze
+    environment:
+      BASE_URL: "http://bridgehead-ccp-blaze:8080"
+      JAVA_TOOL_OPTIONS: "-Xmx4g"
+      LOG_LEVEL: "debug"
+      ENFORCE_REFERENTIAL_INTEGRITY: "false"
+    volumes:
+      - "blaze-data:/app/data"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.middlewares.ccp-auth.basicauth.users=${bc_auth_users}"
+      - "traefik.http.routers.blaze_ccp.rule=PathPrefix(`/ccp-localdatamanagement`)"
+      - "traefik.http.middlewares.ccp_b_strip.stripprefix.prefixes=/ccp-localdatamanagement"
+      - "traefik.http.services.blaze_ccp.loadbalancer.server.port=8080"
+      - "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,ccp-auth"
+      - "traefik.http.routers.blaze_ccp.tls=true"
+
+  spot:
+    image: samply/spot:latest
+    container_name: bridgehead-spot
+    environment:
+      SECRET: ${SPOT_BEAM_SECRET_LONG}
+      APPID: spot
+      PROXY_ID: ${PROXY_ID}
+      LDM_URL: http://bridgehead-ccp-blaze:8080/fhir
+      BEAM_PROXY: http://beam-proxy:8081
+    depends_on:
+      - "beam-proxy"
+      - "blaze"
+    labels:
+      - "traefik.enable=false"
+
+  beam-proxy:
+    image: "samply/beam-proxy:develop"
+    container_name: bridgehead-beam-proxy
+    environment:
+      BROKER_URL: ${BROKER_URL}
+      PROXY_ID: ${PROXY_ID}
+      APP_0_ID: spot
+      APP_0_KEY: ${SPOT_BEAM_SECRET_SHORT}
+      PRIVKEY_FILE: /run/secrets/proxy.pem
+      RUST_LOG: debug
+      ALL_PROXY: http://forward_proxy:3128
+      TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
+    secrets:
+      - proxy.pem
+    labels:
+      - "traefik.enable=false"
+    depends_on:
+      - "forward_proxy"
+    volumes:
+      - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
+
+
+volumes:
+  blaze-data:
+
+secrets:
+  proxy.pem:
+    file: /etc/bridgehead/pki/${SITE_ID}.priv.pem
diff --git a/bbmri/vars b/bbmri/vars
new file mode 100644
index 0000000..8faa106
--- /dev/null
+++ b/bbmri/vars
@@ -0,0 +1,7 @@
+BROKER_ID=broker.bbmri.samply.de
+BROKER_URL=https://${BROKER_ID}
+PROXY_ID=${SITE_ID}.${BROKER_ID}
+SPOT_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
+SPOT_BEAM_SECRET_LONG="ApiKey spot.${PROXY_ID} ${SPOT_BEAM_SECRET_SHORT}"
+SUPPORT_EMAIL=tomasik@mail.muni.cz
+PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
diff --git a/bridgehead b/bridgehead
index 5548a7d..fe4bb19 100755
--- a/bridgehead
+++ b/bridgehead
@@ -32,7 +32,7 @@ case "$PROJECT" in
 	nngm)
 		#nothing extra to do
 		;;
-	gbn)
+	bbmri)
 		#nothing extra to do
 		;;
 	*)
diff --git a/gbn/docker-compose.yml b/gbn/docker-compose.yml
deleted file mode 100644
index 476d355..0000000
--- a/gbn/docker-compose.yml
+++ /dev/null
@@ -1,100 +0,0 @@
-version: '3.7'
-
-volumes:
-  gbn-connector-logs:
-  gbn-connector-db-data:
-  gbn-store-db-data:
-
-services:
-  traefik:
-    container_name: bridgehead-traefik
-    image: traefik:2
-    command:
-      - --entrypoints.web.address=:80
-      - --entrypoints.websecure.address=:443
-      - --providers.docker=true
-      - --api.dashboard=true
-      - --accesslog=true # print access-logs
-      - --entrypoints.web.http.redirections.entrypoint.to=websecure
-      - --entrypoints.web.http.redirections.entrypoint.scheme=https
-    labels:
-      - "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
-      - "traefik.http.routers.dashboard.entrypoints=websecure"
-      - "traefik.http.routers.dashboard.service=api@internal"
-      - "traefik.http.routers.dashboard.tls=true"
-      - "traefik.http.routers.dashboard.middlewares=auth"
-      - "traefik.http.middlewares.auth.basicauth.users=${bc_auth_users}"
-    ports:
-      - 80:80
-      - 443:443
-    volumes:
-      - ../certs:/tools/certs
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-    extra_hosts:
-      - "host.docker.internal:host-gateway"
-
-  forward_proxy:
-    container_name: bridgehead-forward-proxy
-    image: ubuntu/squid
-    environment:
-      http_proxy: ${http_proxy}
-      https_proxy: ${https_proxy}
-    volumes:
-      - "bridgehead-proxy:/var/log/squid"
-    
-  landing:
-    container_name: bridgehead-landingpage
-    image: samply/bridgehead-landingpage
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.landing.rule=PathPrefix(`/`)"
-      - "traefik.http.services.landing.loadbalancer.server.port=80"
-      - "traefik.http.routers.landing.tls=true"
-    environment:
-      HOST: ${HOST}
-      PROJECT: ${PROJECT}
-      SITE_NAME: ${SITE_NAME}
-
-  blaze:
-    image: "samply/blaze:0.17"
-    container_name: bridgehead-gbn-blaze
-    environment:
-      BASE_URL: "http://blaze:8080"
-      JAVA_TOOL_OPTIONS: "-Xmx4g"
-      LOG_LEVEL: "debug"
-      ENFORCE_REFERENTIAL_INTEGRITY: "false"
-    volumes:
-    - "blaze-data:/app/data"
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.middlewares.gbn-auth.basicauth.users=${bc_auth_users}"
-      - "traefik.http.routers.blaze_gbn.rule=PathPrefix(`/gbn-localdatamanagement`)"
-      - "traefik.http.middlewares.gbn_b_strip.stripprefix.prefixes=/gbn-localdatamanagement"
-      - "traefik.http.services.blaze_gbn.loadbalancer.server.port=8080"
-      - "traefik.http.routers.blaze_gbn.middlewares=gbn_b_strip,gbn-auth"
-      - "traefik.http.routers.blaze_gbn.tls=true"
-
-  gbn-connector:
-    container_name: bridgehead-gbn-connector
-    image: "samply/share-client:gbn-feature-environmentPreconfiguration"
-    environment:
-      POSTGRES_PASSWORD: ${CONNECTOR_POSTGRES_PASS}
-    volumes:
-      - "gbn-connector-logs:/usr/local/tomcat/logs"
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.gbn_connector.rule=PathPrefix(`/gbn-connector`)"
-      - "traefik.http.services.gbn_connector.loadbalancer.server.port=8080"
-    depends_on:
-      - "gbn-connector-db"
-    restart: "always"
-
-  gbn-connector-db:
-    image: "postgres:10.17"
-    environment:
-      POSTGRES_DB: "samply.connector"
-      POSTGRES_USER: "samply"
-      POSTGRES_PASSWORD: ${CONNECTOR_POSTGRES_PASS}
-    volumes:
-      - "gbn-connector-db-data:/var/lib/postgresql/data"
-    restart: "always"
diff --git a/lib/functions.sh b/lib/functions.sh
index 5059829..e26d452 100755
--- a/lib/functions.sh
+++ b/lib/functions.sh
@@ -20,7 +20,7 @@ checkOwner(){
 
 printUsage() {
 	echo "Usage: bridgehead start|stop|update|install|uninstall|enroll PROJECTNAME"
-	echo "PROJECTNAME should be one of ccp|nngm|gbn"
+	echo "PROJECTNAME should be one of ccp|nngm|bbmri"
 }
 
 checkRequirements() {
diff --git a/lib/remove-bridgehead-units.sh b/lib/remove-bridgehead-units.sh
index 36d1dad..fa63ef4 100755
--- a/lib/remove-bridgehead-units.sh
+++ b/lib/remove-bridgehead-units.sh
@@ -7,8 +7,8 @@ if [ $# -eq 0 ]; then
     exit 1
 fi
 
-if [ $1 != "ccp" ] && [ $1 != "nngm" ] && [ $1 != "gbn" ]; then
-    log "ERROR" "Please provide a supported project like ccp, gbn or nngm"
+if [ $1 != "ccp" ] && [ $1 != "nngm" ] && [ $1 != "bbmri" ]; then
+    log "ERROR" "Please provide a supported project like ccp, bbmri or nngm"
     exit 1
 fi
 
diff --git a/lib/setup-bridgehead-units.sh b/lib/setup-bridgehead-units.sh
index a96e583..57f7df5 100755
--- a/lib/setup-bridgehead-units.sh
+++ b/lib/setup-bridgehead-units.sh
@@ -9,8 +9,8 @@ if [ $# -eq 0 ]; then
     exit 1
 fi
 
-if [ $1 != "ccp" ] && [ $1 != "nngm" ] && [ $1 != "gbn" ]; then
-    log "ERROR" "Please provide a supported project like ccp, gbn or nngm"
+if [ $1 != "ccp" ] && [ $1 != "nngm" ] && [ $1 != "bbmri" ]; then
+    log "ERROR" "Please provide a supported project like ccp, bbmri or nngm"
     exit 1
 fi
 

From aa595d2ea250afc49d8bb9e30faa325bbbd86887 Mon Sep 17 00:00:00 2001
From: Martin Lablans <m.lablans@dkfz-heidelberg.de>
Date: Tue, 25 Oct 2022 12:07:07 +0200
Subject: [PATCH 2/4] Remove landing page for BBMRI

---
 bbmri/docker-compose.yml | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/bbmri/docker-compose.yml b/bbmri/docker-compose.yml
index 825ec6a..4b22589 100644
--- a/bbmri/docker-compose.yml
+++ b/bbmri/docker-compose.yml
@@ -39,18 +39,18 @@ services:
     volumes:
       - /etc/bridgehead/trusted-ca-certs:/docker/custom-certs/:ro
 
-  landing:
-    container_name: bridgehead-landingpage
-    image: samply/bridgehead-landingpage:master
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.landing.rule=PathPrefix(`/`)"
-      - "traefik.http.services.landing.loadbalancer.server.port=80"
-      - "traefik.http.routers.landing.tls=true"
-    environment:
-      HOST: ${HOST}
-      PROJECT: ${PROJECT}
-      SITE_NAME: ${SITE_NAME}
+#  landing:
+#    container_name: bridgehead-landingpage
+#    image: samply/bridgehead-landingpage:master
+#    labels:
+#      - "traefik.enable=true"
+#      - "traefik.http.routers.landing.rule=PathPrefix(`/`)"
+#      - "traefik.http.services.landing.loadbalancer.server.port=80"
+#      - "traefik.http.routers.landing.tls=true"
+#    environment:
+#      HOST: ${HOST}
+#      PROJECT: ${PROJECT}
+#      SITE_NAME: ${SITE_NAME}
 
   blaze:
     image: "samply/blaze:0.18"

From b18b98e7929557b4a190cfc504a03a1abb60a9b0 Mon Sep 17 00:00:00 2001
From: Martin Lablans <6804500+lablans@users.noreply.github.com>
Date: Wed, 26 Oct 2022 10:10:31 +0200
Subject: [PATCH 3/4] Make bridgehead-update ignore commented out docker images

---
 lib/update-bridgehead.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/update-bridgehead.sh b/lib/update-bridgehead.sh
index e64abd6..7212d13 100755
--- a/lib/update-bridgehead.sh
+++ b/lib/update-bridgehead.sh
@@ -75,7 +75,7 @@ done
 # Check docker updates
 log "INFO" "Checking for updates to running docker images ..."
 docker_updated="false"
-for IMAGE in $(cat $PROJECT/docker-compose.yml | grep "image:" | sed -e 's_^.*image: \(.*\).*$_\1_g; s_\"__g'); do
+for IMAGE in $(cat $PROJECT/docker-compose.yml | grep -v "^#" | grep "image:" | sed -e 's_^.*image: \(.*\).*$_\1_g; s_\"__g'); do
   log "INFO" "Checking for Updates of Image: $IMAGE"
   if docker pull $IMAGE | grep "Downloaded newer image"; then
     CHANGE="Image $IMAGE updated."

From d2848342893fcce331852f0cd81a10f325b4422e Mon Sep 17 00:00:00 2001
From: Martin Lablans <6804500+lablans@users.noreply.github.com>
Date: Wed, 26 Oct 2022 10:13:38 +0200
Subject: [PATCH 4/4] Use official BBMRI-ERIC support e-mail

---
 bbmri/vars | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bbmri/vars b/bbmri/vars
index 8faa106..6fb693d 100644
--- a/bbmri/vars
+++ b/bbmri/vars
@@ -3,5 +3,5 @@ BROKER_URL=https://${BROKER_ID}
 PROXY_ID=${SITE_ID}.${BROKER_ID}
 SPOT_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
 SPOT_BEAM_SECRET_LONG="ApiKey spot.${PROXY_ID} ${SPOT_BEAM_SECRET_SHORT}"
-SUPPORT_EMAIL=tomasik@mail.muni.cz
+SUPPORT_EMAIL=bridgehead@helpdesk.bbmri-eric.eu
 PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem