samply
/
bridgehead
mirror of https://github.com/samply/bridgehead.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat: Add token-manager to beam

This commit is contained in:
janskiba 2023-12-12 09:53:14 +00:00 committed by juarez
parent 0a2dbb4b2d
commit 371097377a
2 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ccp/modules/datashield-compose.yml
View File

@ -51,6 +51,8 @@ services:
KEYCLOAK_ADMIN_GROUP: "${KEYCLOAK_ADMIN_GROUP}" KEYCLOAK_ADMIN_GROUP: "${KEYCLOAK_ADMIN_GROUP}"
TOKEN_MANAGER_PASSWORD: "${TOKEN_MANAGER_OPAL_PASSWORD}" TOKEN_MANAGER_PASSWORD: "${TOKEN_MANAGER_OPAL_PASSWORD}"
EXPORTER_PASSWORD: "${EXPORTER_OPAL_PASSWORD}" EXPORTER_PASSWORD: "${EXPORTER_OPAL_PASSWORD}"
BEAM_APP_ID: token-manager.${PROXY_ID}
BEAM_SECRET: ${TOKEN_MANAGER_SECRET}
secrets: secrets:
- opal-cert.pem - opal-cert.pem
- opal-key.pem - opal-key.pem
@ -106,6 +108,7 @@ services:
beam-proxy: beam-proxy:
environment: environment:
APP_datashield-connect_KEY: ${DATASHIELD_CONNECT_SECRET} APP_datashield-connect_KEY: ${DATASHIELD_CONNECT_SECRET}
APP_token-manager_KEY: ${TOKEN_MANAGER_SECRET}
secrets: secrets:
opal-cert.pem: opal-cert.pem:

1
ccp/modules/datashield-setup.sh
View File

@ -9,6 +9,7 @@ if [ "$ENABLE_DATASHIELD" == true ]; then
OPAL_ADMIN_PASSWORD="$(generate_password \"admin password for Opal\")" OPAL_ADMIN_PASSWORD="$(generate_password \"admin password for Opal\")"
RSTUDIO_ADMIN_PASSWORD="$(generate_password \"admin password for R-Studio\")" RSTUDIO_ADMIN_PASSWORD="$(generate_password \"admin password for R-Studio\")"
DATASHIELD_CONNECT_SECRET="$(echo \"This is a salt string to generate one consistent password as the DataShield Connect secret. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" DATASHIELD_CONNECT_SECRET="$(echo \"This is a salt string to generate one consistent password as the DataShield Connect secret. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
TOKEN_MANAGER_SECRET="$(echo \"This is a salt string to generate one consistent password as the Token Manger secret. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
if [ ! -e /tmp/bridgehead/opal-cert.pem ]; then if [ ! -e /tmp/bridgehead/opal-cert.pem ]; then
mkdir -p /tmp/bridgehead/ mkdir -p /tmp/bridgehead/
chown -R bridgehead:docker /tmp/bridgehead/ chown -R bridgehead:docker /tmp/bridgehead/