Modularize DNPM components

minimal/docker-compose.yml

@@ -0,0 +1,56 @@
+version: "3.7"
+
+services:
+  traefik:
+    container_name: bridgehead-traefik
+    image: docker.verbis.dkfz.de/cache/traefik:latest
+    command:
+      - --entrypoints.web.address=:80
+      - --entrypoints.websecure.address=:443
+      - --providers.docker=true
+      - --providers.docker.exposedbydefault=false
+      - --providers.file.directory=/configuration/
+      - --api.dashboard=true
+      - --accesslog=true
+      - --entrypoints.web.http.redirections.entrypoint.to=websecure
+      - --entrypoints.web.http.redirections.entrypoint.scheme=https
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
+      - "traefik.http.routers.dashboard.entrypoints=websecure"
+      - "traefik.http.routers.dashboard.service=api@internal"
+      - "traefik.http.routers.dashboard.tls=true"
+      - "traefik.http.routers.dashboard.middlewares=auth"
+      - "traefik.http.middlewares.auth.basicauth.users=${LDM_LOGIN}"
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - /etc/bridgehead/traefik-tls:/certs:ro
+      - ../lib/traefik-configuration/:/configuration:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+
+  forward_proxy:
+    container_name: bridgehead-forward-proxy
+    image: docker.verbis.dkfz.de/cache/samply/bridgehead-forward-proxy:latest
+    environment:
+      HTTPS_PROXY: ${HTTPS_PROXY_URL}
+      USERNAME: ${HTTPS_PROXY_USERNAME}
+      PASSWORD: ${HTTPS_PROXY_PASSWORD}
+    volumes:
+      - /etc/bridgehead/trusted-ca-certs:/docker/custom-certs/:ro
+
+  landing:
+    container_name: bridgehead-landingpage
+    image: docker.verbis.dkfz.de/cache/samply/bridgehead-landingpage:master
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.landing.rule=PathPrefix(`/`)"
+      - "traefik.http.services.landing.loadbalancer.server.port=80"
+      - "traefik.http.routers.landing.tls=true"
+    environment:
+      HOST: ${HOST}
+      PROJECT: ${PROJECT}
+      SITE_NAME: ${SITE_NAME}
+
+

minimal/modules/dnpm-compose-beamconnect.yml

@@ -0,0 +1,47 @@
+version: "3.7"
+
+services:
+  dnpm-beam-proxy:
+    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop
+    container_name: bridgehead-dnpm-beam-proxy
+    environment:
+      BROKER_URL: ${BROKER_URL}
+      PROXY_ID: ${PROXY_ID}
+      APP_3_ID: dnpm-connect
+      APP_3_KEY: ${DNPM_BEAM_SECRET_SHORT}
+      PRIVKEY_FILE: /run/secrets/proxy.pem
+      ALL_PROXY: http://forward_proxy:3128
+      TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
+      ROOTCERT_FILE: /conf/root.crt.pem
+    secrets:
+      - proxy.pem
+    depends_on:
+      - "forward_proxy"
+    volumes:
+      - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
+      - /srv/docker/bridgehead/ccp/root.crt.pem:/conf/root.crt.pem:ro
+
+  dnpm-beam-connect:
+    depends_on: [ dnpm-beam-proxy ]
+    image: samply/beam-connect:sites-without-auth
+    environment:
+      PROXY_URL: http://dnpm-beam-proxy:8081
+      PROXY_APIKEY: ${DNPM_BEAM_SECRET_SHORT}
+      APP_ID: dnpm-connect.${PROXY_ID}
+      DISCOVERY_URL: ${DNPM_DISCOVERY_URL}
+      LOCAL_TARGETS_FILE: /conf/connect_targets.json
+      HTTP_PROXY: http://forward_proxy:3128
+      HTTPS_PROXY: http://forward_proxy:3128
+      NO_PROXY: dnpm-beam-proxy,dnpm-backend
+      RUST_LOG: ${RUST_LOG:-info}
+    volumes:
+      - /etc/bridgehead/dnpm/local_targets.json:/conf/connect_targets.json:ro
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.dnpm-connect.rule=PathPrefix(`/dnpm-connect`)"
+      - "traefik.http.services.dnpm-connect.loadbalancer.server.port=8062"
+      - "traefik.http.routers.dnpm-connect.tls=true"
+
+secrets:
+  proxy.pem:
+    file: /etc/bridgehead/pki/${SITE_ID}.priv.pem

minimal/modules/dnpm-compose-bwhc.yml

@@ -0,0 +1,54 @@
+version: "3.7"
+
+services:
+  dnpm-frontend:
+    depends_on: [ dnpm-backend ]
+    build:
+      context: ../../dnpm/origin
+      dockerfile: Frontend.Dockerfile
+      network: host
+      args:
+        NUXT_HOST: 0.0.0.0
+        NUXT_PORT: 3000
+        BACKEND_PROTOCOL: ${DNPM_BMHC_BACKEND_PROTOCOL}
+        BACKEND_HOSTNAME: ${DNPM_BWHC_BACKEND_HOSTNAME}
+        BACKEND_PORT: 9000
+        DNPM_BWHC_FRONTEND_ZIP: ${DNPM_BWHC_FRONTEND_ZIP}
+        HTTP_PROXY: ${http_proxy}
+        HTTPS_PROXY: ${https_proxy}
+    environment:
+        BACKEND_PROTOCOL: ${DNPM_BMHC_BACKEND_PROTOCOL}
+        BACKEND_HOSTNAME: ${DNPM_BWHC_BACKEND_HOSTNAME}
+        BACKEND_PORT: 9000
+        no_proxy: dnpm-backend
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.dnpm-frontend.rule=PathPrefix(`/dnpm-frontend`)"
+      - "traefik.http.services.dnpm-frontend.loadbalancer.server.port=3000"
+      - "traefik.http.routers.dnpm-frontend.tls=true"
+
+  dnpm-backend:
+    build:
+      context: ../../dnpm/origin
+      dockerfile: Backend.Dockerfile
+      args:
+        BWHC_BASE_DIR: /bwhc-backend
+        DNPM_BWHC_BACKEND_ZIP: ${DNPM_BWHC_BACKEND_ZIP}
+    ports:
+      - 9000:9000
+    environment:
+      APPLICATION_SECRET: ${DNPM_APPLICATION_SECRET}
+      ZPM_SITE: ${ZPM_SITE}
+      noproxy: dnpm-frontend,dnpm-beam-connect
+      # PLAY_HTTP_PORT: 9000
+      # PLAY_HTTP_ADDRESS: 0.0.0.0
+    volumes:
+      - ../dnpm/origin/logback.xml:/bwhc-backend/logback.xml:ro
+      - /etc/bridgehead/dnpm/bwhcConnectorConfig.xml:/bwhc-backend/bwhcConnectorConfig.xml:ro
+      - /etc/bridgehead/dnpm/production.conf:/bwhc-backend/production.conf:ro
+      - bwhc_data:/bwhc-backend/data/
+      - bwhc_hgnc_data:/bwhc-backend/hgnc_data/
+
+volumes:
+  bwhc_data:
+  bwhc_hgnc_data:

minimal/modules/dnpm-setup.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+if [ -n "${ENABLE_DNPM}" ]; then
+	log INFO "DNPM setup detected (Beam.Connect) -- will start Beam.Connect for DNPM."
+	OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose-beamconnect.yml"
+
+	# Set variables required for Beam-Connect
+	DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
+	DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
+	DNPM_DISCOVERY_URL="https://dnpm.medizin.uni-tuebingen.de/sites"
+
+	# Optionally, start bwhc as well. This is currently only experimental
+	if [ -n "${ENABLE_DNPM_BWHC}" ]; then
+		log INFO "DNPM setup detected (with Frontend/Backend) -- will start BWHC Frontend/Backend. This is highly experimental!"
+		OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose-bwhc.yml"
+	fi
+fi

minimal/vars

@@ -0,0 +1,5 @@
+for module in $PROJECT/modules/*.sh
+do
+    log INFO "sourcing $module"
+    source $module
+done