Merge branch 'main' into feature/dnpm-connect

2023-06-28 11:45:45 +02:00 · 2023-06-28 11:45:45 +02:00 · 3304d2818d
parent 12991e4796 499360712b
commit 3304d2818d
6 changed files with 37 additions and 23 deletions
--- a/README.md
+++ b/README.md
@ -8,6 +8,7 @@ This repository is the starting point for any information and tools you will nee
    - [Hardware](#hardware)
    - [Software](#software)
    - [Network](#network)
+    - [Register with the Directory](#register-with-the-directory)
 2. [Deployment](#deployment)
    - [Site name](#site-name)
    - [Projects](#projects)
@ -57,10 +58,24 @@ Note for Ubuntu: Please note that snap versions of Docker are not supported.

 ### Network

-Since it needs to carry sensitive patient data, Bridgeheads are intended to be deployed within your institution's secure network and behave well even in networks in strict security settings, e.g. firewall rules. The only connectivity required is an outgoing HTTPS proxy. TLS termination is supported, too (see [below](#tls-terminating-proxies))
+A running Bridgehead requires an outgoing HTTPS proxy to communicate with the central components.
+
+Additionally, your site might use its own proxy. You should discuss this with your local systems administration. If a proxy is being used, you will need to note down the URL of the proxy. If it is a secure proxy, then you will also need to make a note of its username and password. This information will be used later on during the installation process.
+
+Note that git and Docker may also need to be configured to use this proxy. This is a job for your systems administrators.
+
+If there is a site firewall, this needs to be configured so that git and Docker can reach the outside world. Another job for the systems administrators.

 Note for Ubuntu: Please note that the uncomplicated firewall (ufw) is known to conflict with Docker [here](https://github.com/chaifeng/ufw-docker).

+### Register with the Directory
+
+If you run a biobank, you should register with the [Directory](https://directory.bbmri-eric.eu), a BBMRI project that catalogs biobanks.
+
+To do this, contact the BBMRI national node for the country where your biobank is based, see [the list of nodes](http://www.bbmri-eric.eu/national-nodes/).
+
+Once you have registered, **you should choose one of your sample collections as a default collection for your biobank**. This is the collection that will be automatically used to label any samples that have not been assigned a collection ID in your ETL process. Make a note of this ID, you will need it later on in the installation process.
+
 ## Deployment

 ### Site name
@ -140,7 +155,7 @@ cd /srv/docker/bridgehead
 sudo ./bridgehead enroll <PROJECT>
 ```

-... and follow the instructions on the screen. You should then be prompted to do the next step:
+... and follow the instructions on the screen. Please send your default Collection ID and the display name of your site together with the certificate request when you enroll. You should then be prompted to do the next step:

 ### Starting and stopping your Bridgehead

--- a/bbmri/docker-compose.yml
+++ b/bbmri/docker-compose.yml
@ -2,7 +2,7 @@ version: "3.7"

 services:
  blaze:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:0.19
+    image: docker.verbis.dkfz.de/cache/samply/blaze:latest
    container_name: bridgehead-bbmri-blaze
    environment:
      BASE_URL: "http://bridgehead-bbmri-blaze:8080"
@ -20,7 +20,7 @@ services:
      - "traefik.http.routers.blaze_ccp.tls=true"

  focus:
-    image: docker.verbis.dkfz.de/cache/samply/focus:develop
+    image: docker.verbis.dkfz.de/cache/samply/focus:main
    container_name: bridgehead-focus
    environment:
      API_KEY: ${FOCUS_BEAM_SECRET_SHORT}
@ -39,8 +39,7 @@ services:
    environment:
      BROKER_URL: ${BROKER_URL}
      PROXY_ID: ${PROXY_ID}
-      APP_0_ID: focus
-      APP_0_KEY: ${FOCUS_BEAM_SECRET_SHORT}
+      APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT}
      PRIVKEY_FILE: /run/secrets/proxy.pem
      ALL_PROXY: http://forward_proxy:3128
      TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
--- a/ccp/docker-compose.yml
+++ b/ccp/docker-compose.yml
@ -2,7 +2,7 @@ version: "3.7"

 services:
  blaze:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:0.19
+    image: docker.verbis.dkfz.de/cache/samply/blaze:latest
    container_name: bridgehead-ccp-blaze
    environment:
      BASE_URL: "http://bridgehead-ccp-blaze:8080"
@ -19,15 +19,17 @@ services:
      - "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,auth"
      - "traefik.http.routers.blaze_ccp.tls=true"

-  spot:
-    image: docker.verbis.dkfz.de/cache/samply/spot:latest
-    container_name: bridgehead-spot
+  focus:
+    image: docker.verbis.dkfz.de/cache/samply/focus:main
+    container_name: bridgehead-focus
    environment:
-      SECRET: ${SPOT_BEAM_SECRET_LONG}
-      APPID: spot
+      API_KEY: ${FOCUS_BEAM_SECRET_SHORT}
+      BEAM_APP_ID_LONG: focus.${PROXY_ID}
      PROXY_ID: ${PROXY_ID}
-      LDM_URL: http://bridgehead-ccp-blaze:8080/fhir
-      BEAM_PROXY: http://beam-proxy:8081
+      BLAZE_URL: "http://bridgehead-ccp-blaze:8080/fhir/"
+      BEAM_PROXY_URL: http://beam-proxy:8081
+      RETRY_COUNT: ${FOCUS_RETRY_COUNT}
+      OBFUSCATE: "no"
    depends_on:
      - "beam-proxy"
      - "blaze"
@ -38,10 +40,8 @@ services:
    environment:
      BROKER_URL: ${BROKER_URL}
      PROXY_ID: ${PROXY_ID}
-      APP_0_ID: spot
-      APP_0_KEY: ${SPOT_BEAM_SECRET_SHORT}
-      APP_1_ID: report-hub
-      APP_1_KEY: ${REPORTHUB_BEAM_SECRET_SHORT}
+      APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT}
+      APP_report-hub_KEY: ${REPORTHUB_BEAM_SECRET_SHORT}
      PRIVKEY_FILE: /run/secrets/proxy.pem
      ALL_PROXY: http://forward_proxy:3128
      TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
--- a/ccp/exliquid-compose.yml
+++ b/ccp/exliquid-compose.yml
@ -2,7 +2,7 @@ version: "3.7"

 services:
  exliquid-task-store:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:0.19
+    image: docker.verbis.dkfz.de/cache/samply/blaze:0.20
    container_name: bridgehead-exliquid-task-store
    environment:
      BASE_URL: "http://bridgehead-exliquid-task-store:8080"
--- a/ccp/vars
+++ b/ccp/vars
@ -1,8 +1,8 @@
 BROKER_ID=broker.dev.ccp-it.dktk.dkfz.de
 BROKER_URL=https://${BROKER_ID}
 PROXY_ID=${SITE_ID}.${BROKER_ID}
-SPOT_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
-SPOT_BEAM_SECRET_LONG="ApiKey spot.${PROXY_ID} ${SPOT_BEAM_SECRET_SHORT}"
+FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
+FOCUS_RETRY_COUNT=32
 REPORTHUB_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
 REPORTHUB_BEAM_SECRET_LONG="ApiKey report-hub.${PROXY_ID} ${REPORTHUB_BEAM_SECRET_SHORT}"
 SUPPORT_EMAIL=support-ccp@dkfz-heidelberg.de
--- a/lib/monitoring.sh
+++ b/lib/monitoring.sh
@ -47,8 +47,8 @@ function hc_send(){

    if [ -n "$2" ]; then
        MSG="$2\n\nDocker stats:\n$UPTIME"
-        echo -e "$MSG" | https_proxy=$HTTPS_PROXY_URL curl -A "$USER_AGENT" -s -o /dev/null -X POST --data-binary @- "$HCURL"/"$1" || log WARN "Monitoring failed: Unable to send data to $HCURL/$1"
+        echo -e "$MSG" | https_proxy=$HTTPS_PROXY_URL curl --max-time 5 -A "$USER_AGENT" -s -o /dev/null -X POST --data-binary @- "$HCURL"/"$1" || log WARN "Monitoring failed: Unable to send data to $HCURL/$1"
    else
-        https_proxy=$HTTPS_PROXY_URL curl -A "$USER_AGENT" -s -o /dev/null "$HCURL"/"$1" || log WARN "Monitoring failed: Unable to send data to $HCURL/$1"
+        https_proxy=$HTTPS_PROXY_URL curl --max-time 5 -A "$USER_AGENT" -s -o /dev/null "$HCURL"/"$1" || log WARN "Monitoring failed: Unable to send data to $HCURL/$1"
    fi
 }