From 3e1659a38d3c4eb6bc64d960445d124c8a808d14 Mon Sep 17 00:00:00 2001 From: Tobias Kussel Date: Wed, 10 May 2023 10:54:05 +0000 Subject: [PATCH] Modularize DNPM components --- bbmri/docker-compose.yml | 52 ------------------ bbmri/modules/dnpm-compose-beamconnect.yml | 47 ++++++++++++++++ bbmri/modules/dnpm-compose-bwhc.yml | 54 +++++++++++++++++++ bbmri/modules/dnpm-setup.sh | 17 ++++++ bbmri/vars | 8 ++- bridgehead | 14 +++-- ccp/docker-compose.yml | 52 ------------------ ccp/modules/dnpm-compose-beamconnect.yml | 28 ++++++++++ ccp/modules/dnpm-compose-bwhc.yml | 54 +++++++++++++++++++ ccp/modules/dnpm-setup.sh | 17 ++++++ ccp/vars | 8 +-- lib/functions.sh | 2 +- lib/update-bridgehead.sh | 2 +- minimal/docker-compose.yml | 56 ++++++++++++++++++++ minimal/modules/dnpm-compose-beamconnect.yml | 47 ++++++++++++++++ minimal/modules/dnpm-compose-bwhc.yml | 54 +++++++++++++++++++ minimal/modules/dnpm-setup.sh | 17 ++++++ minimal/vars | 5 ++ 18 files changed, 421 insertions(+), 113 deletions(-) create mode 100644 bbmri/modules/dnpm-compose-beamconnect.yml create mode 100644 bbmri/modules/dnpm-compose-bwhc.yml create mode 100644 bbmri/modules/dnpm-setup.sh create mode 100644 ccp/modules/dnpm-compose-beamconnect.yml create mode 100644 ccp/modules/dnpm-compose-bwhc.yml create mode 100644 ccp/modules/dnpm-setup.sh create mode 100644 minimal/docker-compose.yml create mode 100644 minimal/modules/dnpm-compose-beamconnect.yml create mode 100644 minimal/modules/dnpm-compose-bwhc.yml create mode 100644 minimal/modules/dnpm-setup.sh create mode 100644 minimal/vars diff --git a/bbmri/docker-compose.yml b/bbmri/docker-compose.yml index d15f694..4255684 100644 --- a/bbmri/docker-compose.yml +++ b/bbmri/docker-compose.yml @@ -1,58 +1,6 @@ version: "3.7" services: - traefik: - container_name: bridgehead-traefik - image: docker.verbis.dkfz.de/cache/traefik:latest - command: - - --entrypoints.web.address=:80 - - --entrypoints.websecure.address=:443 - - --providers.docker=true - - --providers.docker.exposedbydefault=false - - --providers.file.directory=/configuration/ - - --api.dashboard=true - - --accesslog=true - - --entrypoints.web.http.redirections.entrypoint.to=websecure - - --entrypoints.web.http.redirections.entrypoint.scheme=https - labels: - - "traefik.enable=true" - - "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)" - - "traefik.http.routers.dashboard.entrypoints=websecure" - - "traefik.http.routers.dashboard.service=api@internal" - - "traefik.http.routers.dashboard.tls=true" - - "traefik.http.routers.dashboard.middlewares=auth" - - "traefik.http.middlewares.auth.basicauth.users=${LDM_LOGIN}" - ports: - - 80:80 - - 443:443 - volumes: - - /etc/bridgehead/traefik-tls:/certs:ro - - ../lib/traefik-configuration/:/configuration:ro - - /var/run/docker.sock:/var/run/docker.sock:ro - - forward_proxy: - container_name: bridgehead-forward-proxy - image: docker.verbis.dkfz.de/cache/samply/bridgehead-forward-proxy:latest - environment: - HTTPS_PROXY: ${HTTPS_PROXY_URL} - USERNAME: ${HTTPS_PROXY_USERNAME} - PASSWORD: ${HTTPS_PROXY_PASSWORD} - volumes: - - /etc/bridgehead/trusted-ca-certs:/docker/custom-certs/:ro - - landing: - container_name: bridgehead-landingpage - image: docker.verbis.dkfz.de/cache/samply/bridgehead-landingpage:master - labels: - - "traefik.enable=true" - - "traefik.http.routers.landing.rule=PathPrefix(`/`)" - - "traefik.http.services.landing.loadbalancer.server.port=80" - - "traefik.http.routers.landing.tls=true" - environment: - HOST: ${HOST} - PROJECT: ${PROJECT} - SITE_NAME: ${SITE_NAME} - blaze: image: docker.verbis.dkfz.de/cache/samply/blaze:0.19 container_name: bridgehead-bbmri-blaze diff --git a/bbmri/modules/dnpm-compose-beamconnect.yml b/bbmri/modules/dnpm-compose-beamconnect.yml new file mode 100644 index 0000000..9d3be80 --- /dev/null +++ b/bbmri/modules/dnpm-compose-beamconnect.yml @@ -0,0 +1,47 @@ +version: "3.7" + +services: + dnpm-beam-proxy: + image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop + container_name: bridgehead-dnpm-beam-proxy + environment: + BROKER_URL: ${BROKER_URL} + PROXY_ID: ${PROXY_ID} + APP_3_ID: dnpm-connect + APP_3_KEY: ${DNPM_BEAM_SECRET_SHORT} + PRIVKEY_FILE: /run/secrets/proxy.pem + ALL_PROXY: http://forward_proxy:3128 + TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs + ROOTCERT_FILE: /conf/root.crt.pem + secrets: + - proxy.pem + depends_on: + - "forward_proxy" + volumes: + - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro + - /srv/docker/bridgehead/ccp/root.crt.pem:/conf/root.crt.pem:ro + + dnpm-beam-connect: + depends_on: [ dnpm-beam-proxy ] + image: samply/beam-connect:sites-without-auth + environment: + PROXY_URL: http://dnpm-beam-proxy:8081 + PROXY_APIKEY: ${DNPM_BEAM_SECRET_SHORT} + APP_ID: dnpm-connect.${PROXY_ID} + DISCOVERY_URL: ${DNPM_DISCOVERY_URL} + LOCAL_TARGETS_FILE: /conf/connect_targets.json + HTTP_PROXY: http://forward_proxy:3128 + HTTPS_PROXY: http://forward_proxy:3128 + NO_PROXY: dnpm-beam-proxy,dnpm-backend + RUST_LOG: ${RUST_LOG:-info} + volumes: + - /etc/bridgehead/dnpm/local_targets.json:/conf/connect_targets.json:ro + labels: + - "traefik.enable=true" + - "traefik.http.routers.dnpm-connect.rule=PathPrefix(`/dnpm-connect`)" + - "traefik.http.services.dnpm-connect.loadbalancer.server.port=8062" + - "traefik.http.routers.dnpm-connect.tls=true" + +secrets: + proxy.pem: + file: /etc/bridgehead/pki/${SITE_ID}.priv.pem diff --git a/bbmri/modules/dnpm-compose-bwhc.yml b/bbmri/modules/dnpm-compose-bwhc.yml new file mode 100644 index 0000000..9ba1357 --- /dev/null +++ b/bbmri/modules/dnpm-compose-bwhc.yml @@ -0,0 +1,54 @@ +version: "3.7" + +services: + dnpm-frontend: + depends_on: [ dnpm-backend ] + build: + context: ../../dnpm/origin + dockerfile: Frontend.Dockerfile + network: host + args: + NUXT_HOST: 0.0.0.0 + NUXT_PORT: 3000 + BACKEND_PROTOCOL: ${DNPM_BMHC_BACKEND_PROTOCOL} + BACKEND_HOSTNAME: ${DNPM_BWHC_BACKEND_HOSTNAME} + BACKEND_PORT: 9000 + DNPM_BWHC_FRONTEND_ZIP: ${DNPM_BWHC_FRONTEND_ZIP} + HTTP_PROXY: ${http_proxy} + HTTPS_PROXY: ${https_proxy} + environment: + BACKEND_PROTOCOL: ${DNPM_BMHC_BACKEND_PROTOCOL} + BACKEND_HOSTNAME: ${DNPM_BWHC_BACKEND_HOSTNAME} + BACKEND_PORT: 9000 + no_proxy: dnpm-backend + labels: + - "traefik.enable=true" + - "traefik.http.routers.dnpm-frontend.rule=PathPrefix(`/dnpm-frontend`)" + - "traefik.http.services.dnpm-frontend.loadbalancer.server.port=3000" + - "traefik.http.routers.dnpm-frontend.tls=true" + + dnpm-backend: + build: + context: ../../dnpm/origin + dockerfile: Backend.Dockerfile + args: + BWHC_BASE_DIR: /bwhc-backend + DNPM_BWHC_BACKEND_ZIP: ${DNPM_BWHC_BACKEND_ZIP} + ports: + - 9000:9000 + environment: + APPLICATION_SECRET: ${DNPM_APPLICATION_SECRET} + ZPM_SITE: ${ZPM_SITE} + noproxy: dnpm-frontend,dnpm-beam-connect + # PLAY_HTTP_PORT: 9000 + # PLAY_HTTP_ADDRESS: 0.0.0.0 + volumes: + - ../dnpm/origin/logback.xml:/bwhc-backend/logback.xml:ro + - /etc/bridgehead/dnpm/bwhcConnectorConfig.xml:/bwhc-backend/bwhcConnectorConfig.xml:ro + - /etc/bridgehead/dnpm/production.conf:/bwhc-backend/production.conf:ro + - bwhc_data:/bwhc-backend/data/ + - bwhc_hgnc_data:/bwhc-backend/hgnc_data/ + +volumes: + bwhc_data: + bwhc_hgnc_data: diff --git a/bbmri/modules/dnpm-setup.sh b/bbmri/modules/dnpm-setup.sh new file mode 100644 index 0000000..9a3cbf4 --- /dev/null +++ b/bbmri/modules/dnpm-setup.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +if [ -n "${ENABLE_DNPM}" ]; then + log INFO "DNPM setup detected (Beam.Connect) -- will start Beam.Connect for DNPM." + OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose-beamconnect.yml" + + # Set variables required for Beam-Connect + DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" + DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" + DNPM_DISCOVERY_URL="https://dnpm.medizin.uni-tuebingen.de/sites" + + # Optionally, start bwhc as well. This is currently only experimental + if [ -n "${ENABLE_DNPM_BWHC}" ]; then + log INFO "DNPM setup detected (with Frontend/Backend) -- will start BWHC Frontend/Backend. This is highly experimental!" + OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose-bwhc.yml" + fi +fi diff --git a/bbmri/vars b/bbmri/vars index 434cb4f..be7805a 100644 --- a/bbmri/vars +++ b/bbmri/vars @@ -4,4 +4,10 @@ PROXY_ID_LONG=${SITE_ID}.${BROKER_ID} FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" FOCUS_RETRY_COUNT=32 SUPPORT_EMAIL=bridgehead@helpdesk.bbmri-eric.eu -PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem \ No newline at end of file +PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem + +for module in $PROJECT/modules/*.sh +do + log INFO "sourcing $module" + source $module +done diff --git a/bridgehead b/bridgehead index 13cb682..7ca7af1 100755 --- a/bridgehead +++ b/bridgehead @@ -32,6 +32,9 @@ case "$PROJECT" in bbmri) #nothing extra to do ;; + minimal) + #nothing extra to do + ;; *) printUsage exit 1 @@ -51,6 +54,11 @@ loadVars() { set +a OVERRIDE=${OVERRIDE:=""} + # minimal contains shared components, so potential overrides must be applied in every project + if [ -f "minimal/docker-compose.override.yml" ]; then + log INFO "Applying minimal/docker-compose.override.yml" + OVERRIDE+=" -f ./minimal/docker-compose.override.yml" + fi if [ -f "$PROJECT/docker-compose.override.yml" ]; then log INFO "Applying $PROJECT/docker-compose.override.yml" OVERRIDE+=" -f ./$PROJECT/docker-compose.override.yml" @@ -66,13 +74,13 @@ case "$ACTION" in checkRequirements hc_send log "Bridgehead $PROJECT startup: Requirements checked out. Now starting bridgehead ..." export LDM_LOGIN=$(getLdmPassword) - exec $COMPOSE -f ./$PROJECT/docker-compose.yml $OVERRIDE up --abort-on-container-exit + exec $COMPOSE -f ./minimal/docker-compose.yml -f ./$PROJECT/docker-compose.yml $OVERRIDE up --abort-on-container-exit ;; stop) loadVars # HACK: This is tempoarily to properly shut down false bridgehead instances (bridgehead-ccp instead ccp) - $COMPOSE -p bridgehead-$PROJECT -f ./$PROJECT/docker-compose.yml $OVERRIDE down - exec $COMPOSE -f ./$PROJECT/docker-compose.yml $OVERRIDE down + $COMPOSE -p bridgehead-$PROJECT -f ./minimal/docker-compose.yml -f ./$PROJECT/docker-compose.yml $OVERRIDE down + exec $COMPOSE -f ./minimal/docker-compose.yml -f ./$PROJECT/docker-compose.yml $OVERRIDE down ;; is-running) bk_is_running diff --git a/ccp/docker-compose.yml b/ccp/docker-compose.yml index 209ee70..456eef1 100644 --- a/ccp/docker-compose.yml +++ b/ccp/docker-compose.yml @@ -1,58 +1,6 @@ version: "3.7" services: - traefik: - container_name: bridgehead-traefik - image: docker.verbis.dkfz.de/cache/traefik:latest - command: - - --entrypoints.web.address=:80 - - --entrypoints.websecure.address=:443 - - --providers.docker=true - - --providers.docker.exposedbydefault=false - - --providers.file.directory=/configuration/ - - --api.dashboard=true - - --accesslog=true - - --entrypoints.web.http.redirections.entrypoint.to=websecure - - --entrypoints.web.http.redirections.entrypoint.scheme=https - labels: - - "traefik.enable=true" - - "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)" - - "traefik.http.routers.dashboard.entrypoints=websecure" - - "traefik.http.routers.dashboard.service=api@internal" - - "traefik.http.routers.dashboard.tls=true" - - "traefik.http.routers.dashboard.middlewares=auth" - - "traefik.http.middlewares.auth.basicauth.users=${LDM_LOGIN}" - ports: - - 80:80 - - 443:443 - volumes: - - /etc/bridgehead/traefik-tls:/certs:ro - - ../lib/traefik-configuration/:/configuration:ro - - /var/run/docker.sock:/var/run/docker.sock:ro - - forward_proxy: - container_name: bridgehead-forward-proxy - image: docker.verbis.dkfz.de/cache/samply/bridgehead-forward-proxy:latest - environment: - HTTPS_PROXY: ${HTTPS_PROXY_URL} - USERNAME: ${HTTPS_PROXY_USERNAME} - PASSWORD: ${HTTPS_PROXY_PASSWORD} - volumes: - - /etc/bridgehead/trusted-ca-certs:/docker/custom-certs/:ro - - landing: - container_name: bridgehead-landingpage - image: docker.verbis.dkfz.de/cache/samply/bridgehead-landingpage:master - labels: - - "traefik.enable=true" - - "traefik.http.routers.landing.rule=PathPrefix(`/`)" - - "traefik.http.services.landing.loadbalancer.server.port=80" - - "traefik.http.routers.landing.tls=true" - environment: - HOST: ${HOST} - PROJECT: ${PROJECT} - SITE_NAME: ${SITE_NAME} - blaze: image: docker.verbis.dkfz.de/cache/samply/blaze:0.19 container_name: bridgehead-ccp-blaze diff --git a/ccp/modules/dnpm-compose-beamconnect.yml b/ccp/modules/dnpm-compose-beamconnect.yml new file mode 100644 index 0000000..8db45ac --- /dev/null +++ b/ccp/modules/dnpm-compose-beamconnect.yml @@ -0,0 +1,28 @@ +version: "3.7" + +services: + beam-proxy: + environment: + APP_3_ID: dnpm-connect + APP_3_KEY: ${DNPM_BEAM_SECRET_SHORT} + + dnpm-beam-connect: + depends_on: [ beam-proxy ] + image: samply/beam-connect:sites-without-auth + environment: + PROXY_URL: http://beam-proxy:8081 + PROXY_APIKEY: ${DNPM_BEAM_SECRET_SHORT} + APP_ID: dnpm-connect.${PROXY_ID} + DISCOVERY_URL: ${DNPM_DISCOVERY_URL} + LOCAL_TARGETS_FILE: /conf/connect_targets.json + HTTP_PROXY: http://forward_proxy:3128 + HTTPS_PROXY: http://forward_proxy:3128 + NO_PROXY: beam-proxy,dnpm-backend + RUST_LOG: ${RUST_LOG:-info} + volumes: + - /etc/bridgehead/dnpm/local_targets.json:/conf/connect_targets.json:ro + labels: + - "traefik.enable=true" + - "traefik.http.routers.dnpm-connect.rule=PathPrefix(`/dnpm-connect`)" + - "traefik.http.services.dnpm-connect.loadbalancer.server.port=8062" + - "traefik.http.routers.dnpm-connect.tls=true" diff --git a/ccp/modules/dnpm-compose-bwhc.yml b/ccp/modules/dnpm-compose-bwhc.yml new file mode 100644 index 0000000..9ba1357 --- /dev/null +++ b/ccp/modules/dnpm-compose-bwhc.yml @@ -0,0 +1,54 @@ +version: "3.7" + +services: + dnpm-frontend: + depends_on: [ dnpm-backend ] + build: + context: ../../dnpm/origin + dockerfile: Frontend.Dockerfile + network: host + args: + NUXT_HOST: 0.0.0.0 + NUXT_PORT: 3000 + BACKEND_PROTOCOL: ${DNPM_BMHC_BACKEND_PROTOCOL} + BACKEND_HOSTNAME: ${DNPM_BWHC_BACKEND_HOSTNAME} + BACKEND_PORT: 9000 + DNPM_BWHC_FRONTEND_ZIP: ${DNPM_BWHC_FRONTEND_ZIP} + HTTP_PROXY: ${http_proxy} + HTTPS_PROXY: ${https_proxy} + environment: + BACKEND_PROTOCOL: ${DNPM_BMHC_BACKEND_PROTOCOL} + BACKEND_HOSTNAME: ${DNPM_BWHC_BACKEND_HOSTNAME} + BACKEND_PORT: 9000 + no_proxy: dnpm-backend + labels: + - "traefik.enable=true" + - "traefik.http.routers.dnpm-frontend.rule=PathPrefix(`/dnpm-frontend`)" + - "traefik.http.services.dnpm-frontend.loadbalancer.server.port=3000" + - "traefik.http.routers.dnpm-frontend.tls=true" + + dnpm-backend: + build: + context: ../../dnpm/origin + dockerfile: Backend.Dockerfile + args: + BWHC_BASE_DIR: /bwhc-backend + DNPM_BWHC_BACKEND_ZIP: ${DNPM_BWHC_BACKEND_ZIP} + ports: + - 9000:9000 + environment: + APPLICATION_SECRET: ${DNPM_APPLICATION_SECRET} + ZPM_SITE: ${ZPM_SITE} + noproxy: dnpm-frontend,dnpm-beam-connect + # PLAY_HTTP_PORT: 9000 + # PLAY_HTTP_ADDRESS: 0.0.0.0 + volumes: + - ../dnpm/origin/logback.xml:/bwhc-backend/logback.xml:ro + - /etc/bridgehead/dnpm/bwhcConnectorConfig.xml:/bwhc-backend/bwhcConnectorConfig.xml:ro + - /etc/bridgehead/dnpm/production.conf:/bwhc-backend/production.conf:ro + - bwhc_data:/bwhc-backend/data/ + - bwhc_hgnc_data:/bwhc-backend/hgnc_data/ + +volumes: + bwhc_data: + bwhc_hgnc_data: diff --git a/ccp/modules/dnpm-setup.sh b/ccp/modules/dnpm-setup.sh new file mode 100644 index 0000000..9a3cbf4 --- /dev/null +++ b/ccp/modules/dnpm-setup.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +if [ -n "${ENABLE_DNPM}" ]; then + log INFO "DNPM setup detected (Beam.Connect) -- will start Beam.Connect for DNPM." + OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose-beamconnect.yml" + + # Set variables required for Beam-Connect + DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" + DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" + DNPM_DISCOVERY_URL="https://dnpm.medizin.uni-tuebingen.de/sites" + + # Optionally, start bwhc as well. This is currently only experimental + if [ -n "${ENABLE_DNPM_BWHC}" ]; then + log INFO "DNPM setup detected (with Frontend/Backend) -- will start BWHC Frontend/Backend. This is highly experimental!" + OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose-bwhc.yml" + fi +fi diff --git a/ccp/vars b/ccp/vars index 456dda9..2a295f4 100644 --- a/ccp/vars +++ b/ccp/vars @@ -19,6 +19,8 @@ source $PROJECT/exliquid-setup.sh exliquidSetup mtbaSetup -# This will load DNPM setup. Effective only if DNPM configuration is defined in /etc/bridgehead/dnpm. -source dnpm/dnpm-setup.sh -dnpmSetup +for module in $PROJECT/modules/*.sh +do + log INFO "sourcing $module" + source $module +done diff --git a/lib/functions.sh b/lib/functions.sh index ac5ae6b..a243842 100644 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -171,7 +171,7 @@ function retry { function bk_is_running { detectCompose - RUNNING="$($COMPOSE -p $PROJECT -f ./$PROJECT/docker-compose.yml $OVERRIDE ps -q)" + RUNNING="$($COMPOSE -p $PROJECT -f minimal/docker-compose.yml -f ./$PROJECT/docker-compose.yml $OVERRIDE ps -q)" NUMBEROFRUNNING=$(echo "$RUNNING" | wc -l) if [ $NUMBEROFRUNNING -ge 2 ]; then return 0 diff --git a/lib/update-bridgehead.sh b/lib/update-bridgehead.sh index bce720d..89db369 100755 --- a/lib/update-bridgehead.sh +++ b/lib/update-bridgehead.sh @@ -86,7 +86,7 @@ done # Check docker updates log "INFO" "Checking for updates to running docker images ..." docker_updated="false" -for IMAGE in $(cat $PROJECT/docker-compose.yml ${OVERRIDE//-f/} | grep -v "^#" | grep "image:" | sed -e 's_^.*image: \(.*\).*$_\1_g; s_\"__g'); do +for IMAGE in $(cat $PROJECT/docker-compose.yml ${OVERRIDE//-f/} minimal/docker-compose.yml | grep -v "^#" | grep "image:" | sed -e 's_^.*image: \(.*\).*$_\1_g; s_\"__g'); do log "INFO" "Checking for Updates of Image: $IMAGE" if docker pull $IMAGE | grep "Downloaded newer image"; then CHANGE="Image $IMAGE updated." diff --git a/minimal/docker-compose.yml b/minimal/docker-compose.yml new file mode 100644 index 0000000..cd4c2e5 --- /dev/null +++ b/minimal/docker-compose.yml @@ -0,0 +1,56 @@ +version: "3.7" + +services: + traefik: + container_name: bridgehead-traefik + image: docker.verbis.dkfz.de/cache/traefik:latest + command: + - --entrypoints.web.address=:80 + - --entrypoints.websecure.address=:443 + - --providers.docker=true + - --providers.docker.exposedbydefault=false + - --providers.file.directory=/configuration/ + - --api.dashboard=true + - --accesslog=true + - --entrypoints.web.http.redirections.entrypoint.to=websecure + - --entrypoints.web.http.redirections.entrypoint.scheme=https + labels: + - "traefik.enable=true" + - "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)" + - "traefik.http.routers.dashboard.entrypoints=websecure" + - "traefik.http.routers.dashboard.service=api@internal" + - "traefik.http.routers.dashboard.tls=true" + - "traefik.http.routers.dashboard.middlewares=auth" + - "traefik.http.middlewares.auth.basicauth.users=${LDM_LOGIN}" + ports: + - 80:80 + - 443:443 + volumes: + - /etc/bridgehead/traefik-tls:/certs:ro + - ../lib/traefik-configuration/:/configuration:ro + - /var/run/docker.sock:/var/run/docker.sock:ro + + forward_proxy: + container_name: bridgehead-forward-proxy + image: docker.verbis.dkfz.de/cache/samply/bridgehead-forward-proxy:latest + environment: + HTTPS_PROXY: ${HTTPS_PROXY_URL} + USERNAME: ${HTTPS_PROXY_USERNAME} + PASSWORD: ${HTTPS_PROXY_PASSWORD} + volumes: + - /etc/bridgehead/trusted-ca-certs:/docker/custom-certs/:ro + + landing: + container_name: bridgehead-landingpage + image: docker.verbis.dkfz.de/cache/samply/bridgehead-landingpage:master + labels: + - "traefik.enable=true" + - "traefik.http.routers.landing.rule=PathPrefix(`/`)" + - "traefik.http.services.landing.loadbalancer.server.port=80" + - "traefik.http.routers.landing.tls=true" + environment: + HOST: ${HOST} + PROJECT: ${PROJECT} + SITE_NAME: ${SITE_NAME} + + diff --git a/minimal/modules/dnpm-compose-beamconnect.yml b/minimal/modules/dnpm-compose-beamconnect.yml new file mode 100644 index 0000000..9d3be80 --- /dev/null +++ b/minimal/modules/dnpm-compose-beamconnect.yml @@ -0,0 +1,47 @@ +version: "3.7" + +services: + dnpm-beam-proxy: + image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop + container_name: bridgehead-dnpm-beam-proxy + environment: + BROKER_URL: ${BROKER_URL} + PROXY_ID: ${PROXY_ID} + APP_3_ID: dnpm-connect + APP_3_KEY: ${DNPM_BEAM_SECRET_SHORT} + PRIVKEY_FILE: /run/secrets/proxy.pem + ALL_PROXY: http://forward_proxy:3128 + TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs + ROOTCERT_FILE: /conf/root.crt.pem + secrets: + - proxy.pem + depends_on: + - "forward_proxy" + volumes: + - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro + - /srv/docker/bridgehead/ccp/root.crt.pem:/conf/root.crt.pem:ro + + dnpm-beam-connect: + depends_on: [ dnpm-beam-proxy ] + image: samply/beam-connect:sites-without-auth + environment: + PROXY_URL: http://dnpm-beam-proxy:8081 + PROXY_APIKEY: ${DNPM_BEAM_SECRET_SHORT} + APP_ID: dnpm-connect.${PROXY_ID} + DISCOVERY_URL: ${DNPM_DISCOVERY_URL} + LOCAL_TARGETS_FILE: /conf/connect_targets.json + HTTP_PROXY: http://forward_proxy:3128 + HTTPS_PROXY: http://forward_proxy:3128 + NO_PROXY: dnpm-beam-proxy,dnpm-backend + RUST_LOG: ${RUST_LOG:-info} + volumes: + - /etc/bridgehead/dnpm/local_targets.json:/conf/connect_targets.json:ro + labels: + - "traefik.enable=true" + - "traefik.http.routers.dnpm-connect.rule=PathPrefix(`/dnpm-connect`)" + - "traefik.http.services.dnpm-connect.loadbalancer.server.port=8062" + - "traefik.http.routers.dnpm-connect.tls=true" + +secrets: + proxy.pem: + file: /etc/bridgehead/pki/${SITE_ID}.priv.pem diff --git a/minimal/modules/dnpm-compose-bwhc.yml b/minimal/modules/dnpm-compose-bwhc.yml new file mode 100644 index 0000000..9ba1357 --- /dev/null +++ b/minimal/modules/dnpm-compose-bwhc.yml @@ -0,0 +1,54 @@ +version: "3.7" + +services: + dnpm-frontend: + depends_on: [ dnpm-backend ] + build: + context: ../../dnpm/origin + dockerfile: Frontend.Dockerfile + network: host + args: + NUXT_HOST: 0.0.0.0 + NUXT_PORT: 3000 + BACKEND_PROTOCOL: ${DNPM_BMHC_BACKEND_PROTOCOL} + BACKEND_HOSTNAME: ${DNPM_BWHC_BACKEND_HOSTNAME} + BACKEND_PORT: 9000 + DNPM_BWHC_FRONTEND_ZIP: ${DNPM_BWHC_FRONTEND_ZIP} + HTTP_PROXY: ${http_proxy} + HTTPS_PROXY: ${https_proxy} + environment: + BACKEND_PROTOCOL: ${DNPM_BMHC_BACKEND_PROTOCOL} + BACKEND_HOSTNAME: ${DNPM_BWHC_BACKEND_HOSTNAME} + BACKEND_PORT: 9000 + no_proxy: dnpm-backend + labels: + - "traefik.enable=true" + - "traefik.http.routers.dnpm-frontend.rule=PathPrefix(`/dnpm-frontend`)" + - "traefik.http.services.dnpm-frontend.loadbalancer.server.port=3000" + - "traefik.http.routers.dnpm-frontend.tls=true" + + dnpm-backend: + build: + context: ../../dnpm/origin + dockerfile: Backend.Dockerfile + args: + BWHC_BASE_DIR: /bwhc-backend + DNPM_BWHC_BACKEND_ZIP: ${DNPM_BWHC_BACKEND_ZIP} + ports: + - 9000:9000 + environment: + APPLICATION_SECRET: ${DNPM_APPLICATION_SECRET} + ZPM_SITE: ${ZPM_SITE} + noproxy: dnpm-frontend,dnpm-beam-connect + # PLAY_HTTP_PORT: 9000 + # PLAY_HTTP_ADDRESS: 0.0.0.0 + volumes: + - ../dnpm/origin/logback.xml:/bwhc-backend/logback.xml:ro + - /etc/bridgehead/dnpm/bwhcConnectorConfig.xml:/bwhc-backend/bwhcConnectorConfig.xml:ro + - /etc/bridgehead/dnpm/production.conf:/bwhc-backend/production.conf:ro + - bwhc_data:/bwhc-backend/data/ + - bwhc_hgnc_data:/bwhc-backend/hgnc_data/ + +volumes: + bwhc_data: + bwhc_hgnc_data: diff --git a/minimal/modules/dnpm-setup.sh b/minimal/modules/dnpm-setup.sh new file mode 100644 index 0000000..9a3cbf4 --- /dev/null +++ b/minimal/modules/dnpm-setup.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +if [ -n "${ENABLE_DNPM}" ]; then + log INFO "DNPM setup detected (Beam.Connect) -- will start Beam.Connect for DNPM." + OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose-beamconnect.yml" + + # Set variables required for Beam-Connect + DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" + DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" + DNPM_DISCOVERY_URL="https://dnpm.medizin.uni-tuebingen.de/sites" + + # Optionally, start bwhc as well. This is currently only experimental + if [ -n "${ENABLE_DNPM_BWHC}" ]; then + log INFO "DNPM setup detected (with Frontend/Backend) -- will start BWHC Frontend/Backend. This is highly experimental!" + OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose-bwhc.yml" + fi +fi diff --git a/minimal/vars b/minimal/vars new file mode 100644 index 0000000..acca503 --- /dev/null +++ b/minimal/vars @@ -0,0 +1,5 @@ +for module in $PROJECT/modules/*.sh +do + log INFO "sourcing $module" + source $module +done