diff --git a/README.md b/README.md index 8daab1f..0c7e1fb 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,7 @@ This repository is the starting point for any information and tools you will nee - [Hardware](#hardware) - [Software](#software) - [Network](#network) + - [Register with the Directory](#register-with-the-directory) 2. [Deployment](#deployment) - [Site name](#site-name) - [Projects](#projects) @@ -57,10 +58,24 @@ Note for Ubuntu: Please note that snap versions of Docker are not supported. ### Network -Since it needs to carry sensitive patient data, Bridgeheads are intended to be deployed within your institution's secure network and behave well even in networks in strict security settings, e.g. firewall rules. The only connectivity required is an outgoing HTTPS proxy. TLS termination is supported, too (see [below](#tls-terminating-proxies)) +A running Bridgehead requires an outgoing HTTPS proxy to communicate with the central components. + +Additionally, your site might use its own proxy. You should discuss this with your local systems administration. If a proxy is being used, you will need to note down the URL of the proxy. If it is a secure proxy, then you will also need to make a note of its username and password. This information will be used later on during the installation process. + +Note that git and Docker may also need to be configured to use this proxy. This is a job for your systems administrators. + +If there is a site firewall, this needs to be configured so that git and Docker can reach the outside world. Another job for the systems administrators. Note for Ubuntu: Please note that the uncomplicated firewall (ufw) is known to conflict with Docker [here](https://github.com/chaifeng/ufw-docker). +### Register with the Directory + +If you run a biobank, you should register with the [Directory](https://directory.bbmri-eric.eu), a BBMRI project that catalogs biobanks. + +To do this, contact the BBMRI national node for the country where your biobank is based, see [the list of nodes](http://www.bbmri-eric.eu/national-nodes/). + +Once you have registered, **you should choose one of your sample collections as a default collection for your biobank**. This is the collection that will be automatically used to label any samples that have not been assigned a collection ID in your ETL process. Make a note of this ID, you will need it later on in the installation process. + ## Deployment ### Site name @@ -140,7 +155,7 @@ cd /srv/docker/bridgehead sudo ./bridgehead enroll ``` -... and follow the instructions on the screen. You should then be prompted to do the next step: +... and follow the instructions on the screen. Please send your default Collection ID and the display name of your site together with the certificate request when you enroll. You should then be prompted to do the next step: ### Starting and stopping your Bridgehead diff --git a/bbmri/docker-compose.yml b/bbmri/docker-compose.yml index d3d156e..8ad8211 100644 --- a/bbmri/docker-compose.yml +++ b/bbmri/docker-compose.yml @@ -2,7 +2,7 @@ version: "3.7" services: blaze: - image: docker.verbis.dkfz.de/cache/samply/blaze:0.19 + image: docker.verbis.dkfz.de/cache/samply/blaze:latest container_name: bridgehead-bbmri-blaze environment: BASE_URL: "http://bridgehead-bbmri-blaze:8080" @@ -20,7 +20,7 @@ services: - "traefik.http.routers.blaze_ccp.tls=true" focus: - image: docker.verbis.dkfz.de/cache/samply/focus:develop + image: docker.verbis.dkfz.de/cache/samply/focus:main container_name: bridgehead-focus environment: API_KEY: ${FOCUS_BEAM_SECRET_SHORT} @@ -39,8 +39,7 @@ services: environment: BROKER_URL: ${BROKER_URL} PROXY_ID: ${PROXY_ID} - APP_0_ID: focus - APP_0_KEY: ${FOCUS_BEAM_SECRET_SHORT} + APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT} PRIVKEY_FILE: /run/secrets/proxy.pem ALL_PROXY: http://forward_proxy:3128 TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs diff --git a/ccp/docker-compose.yml b/ccp/docker-compose.yml index 456eef1..7b7e129 100644 --- a/ccp/docker-compose.yml +++ b/ccp/docker-compose.yml @@ -2,7 +2,7 @@ version: "3.7" services: blaze: - image: docker.verbis.dkfz.de/cache/samply/blaze:0.19 + image: docker.verbis.dkfz.de/cache/samply/blaze:latest container_name: bridgehead-ccp-blaze environment: BASE_URL: "http://bridgehead-ccp-blaze:8080" @@ -19,15 +19,17 @@ services: - "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,auth" - "traefik.http.routers.blaze_ccp.tls=true" - spot: - image: docker.verbis.dkfz.de/cache/samply/spot:latest - container_name: bridgehead-spot + focus: + image: docker.verbis.dkfz.de/cache/samply/focus:main + container_name: bridgehead-focus environment: - SECRET: ${SPOT_BEAM_SECRET_LONG} - APPID: spot + API_KEY: ${FOCUS_BEAM_SECRET_SHORT} + BEAM_APP_ID_LONG: focus.${PROXY_ID} PROXY_ID: ${PROXY_ID} - LDM_URL: http://bridgehead-ccp-blaze:8080/fhir - BEAM_PROXY: http://beam-proxy:8081 + BLAZE_URL: "http://bridgehead-ccp-blaze:8080/fhir/" + BEAM_PROXY_URL: http://beam-proxy:8081 + RETRY_COUNT: ${FOCUS_RETRY_COUNT} + OBFUSCATE: "no" depends_on: - "beam-proxy" - "blaze" @@ -38,10 +40,8 @@ services: environment: BROKER_URL: ${BROKER_URL} PROXY_ID: ${PROXY_ID} - APP_0_ID: spot - APP_0_KEY: ${SPOT_BEAM_SECRET_SHORT} - APP_1_ID: report-hub - APP_1_KEY: ${REPORTHUB_BEAM_SECRET_SHORT} + APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT} + APP_report-hub_KEY: ${REPORTHUB_BEAM_SECRET_SHORT} PRIVKEY_FILE: /run/secrets/proxy.pem ALL_PROXY: http://forward_proxy:3128 TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs diff --git a/ccp/exliquid-compose.yml b/ccp/exliquid-compose.yml index d5bb351..becf99a 100644 --- a/ccp/exliquid-compose.yml +++ b/ccp/exliquid-compose.yml @@ -2,7 +2,7 @@ version: "3.7" services: exliquid-task-store: - image: docker.verbis.dkfz.de/cache/samply/blaze:0.19 + image: docker.verbis.dkfz.de/cache/samply/blaze:0.20 container_name: bridgehead-exliquid-task-store environment: BASE_URL: "http://bridgehead-exliquid-task-store:8080" diff --git a/ccp/vars b/ccp/vars index a180d82..f3ef8ce 100644 --- a/ccp/vars +++ b/ccp/vars @@ -1,8 +1,8 @@ BROKER_ID=broker.dev.ccp-it.dktk.dkfz.de BROKER_URL=https://${BROKER_ID} PROXY_ID=${SITE_ID}.${BROKER_ID} -SPOT_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" -SPOT_BEAM_SECRET_LONG="ApiKey spot.${PROXY_ID} ${SPOT_BEAM_SECRET_SHORT}" +FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" +FOCUS_RETRY_COUNT=32 REPORTHUB_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" REPORTHUB_BEAM_SECRET_LONG="ApiKey report-hub.${PROXY_ID} ${REPORTHUB_BEAM_SECRET_SHORT}" SUPPORT_EMAIL=support-ccp@dkfz-heidelberg.de diff --git a/lib/monitoring.sh b/lib/monitoring.sh index 87e66bc..c3eb9fc 100755 --- a/lib/monitoring.sh +++ b/lib/monitoring.sh @@ -47,8 +47,8 @@ function hc_send(){ if [ -n "$2" ]; then MSG="$2\n\nDocker stats:\n$UPTIME" - echo -e "$MSG" | https_proxy=$HTTPS_PROXY_URL curl -A "$USER_AGENT" -s -o /dev/null -X POST --data-binary @- "$HCURL"/"$1" || log WARN "Monitoring failed: Unable to send data to $HCURL/$1" + echo -e "$MSG" | https_proxy=$HTTPS_PROXY_URL curl --max-time 5 -A "$USER_AGENT" -s -o /dev/null -X POST --data-binary @- "$HCURL"/"$1" || log WARN "Monitoring failed: Unable to send data to $HCURL/$1" else - https_proxy=$HTTPS_PROXY_URL curl -A "$USER_AGENT" -s -o /dev/null "$HCURL"/"$1" || log WARN "Monitoring failed: Unable to send data to $HCURL/$1" + https_proxy=$HTTPS_PROXY_URL curl --max-time 5 -A "$USER_AGENT" -s -o /dev/null "$HCURL"/"$1" || log WARN "Monitoring failed: Unable to send data to $HCURL/$1" fi }