Added extra stuff for EHDS2

This includes docker-compose files that include transfair plus
configuration variables specific to EHDS2.

bbmri/docker-compose.yml

@@ -1,6 +1,6 @@
 version: "3.7"
 
-# This includes only the shared persistence for BBMRI-ERIC and GBN. Federation components are included as modules, see vars.
+# This includes only the shared persistence for BBMRI-ERIC and GBN and EHDS2. Federation components are included as modules, see vars.
 
 services:
   blaze:
@@ -20,6 +20,8 @@ services:
       - "traefik.http.services.blaze_ccp.loadbalancer.server.port=8080"
       - "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,auth"
       - "traefik.http.routers.blaze_ccp.tls=true"
+    ports:
+      - "8081:8080"
 
 volumes:
   blaze-data:

bbmri/modules/ehds2-compose.yml

@@ -0,0 +1,60 @@
+version: "3.7"
+
+services:
+  focus-ehds2:
+    #image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG}
+    image: samply/focus
+    container_name: bridgehead-focus-ehds2
+    environment:
+      API_KEY: ${EHDS2_FOCUS_BEAM_SECRET_SHORT}
+      BEAM_APP_ID_LONG: focus.${EHDS2_PROXY_ID}
+      PROXY_ID: ${EHDS2_PROXY_ID}
+      BLAZE_URL: "http://blaze:8080/fhir/"
+      BEAM_PROXY_URL: http://beam-proxy-ehds2:8081
+      RETRY_COUNT: ${FOCUS_RETRY_COUNT}
+    depends_on:
+      - "beam-proxy-ehds2"
+      - "blaze"
+
+  beam-proxy-ehds2:
+    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop
+    container_name: bridgehead-beam-proxy-ehds2
+    environment:
+      BROKER_URL: ${EHDS2_BROKER_URL}
+      PROXY_ID: ${EHDS2_PROXY_ID}
+      APP_focus_KEY: ${EHDS2_FOCUS_BEAM_SECRET_SHORT}
+      PRIVKEY_FILE: /run/secrets/proxy.pem
+      ALL_PROXY: http://forward_proxy:3128
+      TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
+      ROOTCERT_FILE: /conf/root.crt.pem
+    secrets:
+      - proxy.pem
+    depends_on:
+      - "forward_proxy"
+    volumes:
+      - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
+      - /srv/docker/bridgehead/bbmri/modules/${EHDS2_ROOT_CERT}.root.crt.pem:/conf/root.crt.pem:ro
+
+  # Convert ECDC CSV file into FHIR and push to Blaze
+  transfair:
+    container_name: transfair
+    image: samply/transfair
+    environment:
+      FHIR_INPUT_URL: "http://source_blaze:8080/fhir"
+      FHIR_OUTPUT_URL: "http://bridgehead-bbmri-blaze:8080/fhir"
+      PROFILE: "amr2fhir"
+      #WRITE_BUNDLES_TO_FILE: "true"
+      AMR_FILE_PATH: "/app/data"
+    restart: on-failure
+    command: sh -c "sleep 60 && rm -rf /app/test/* && java -jar transFAIR.jar && tail -f /dev/null"
+    #command: sh -c "rm -rf /app/test/* && java -jar transFAIR.jar"
+    volumes:
+      - /home/gerhard/Projects/EHDS2/PrototypeSpring2024/test/:/app/test/
+      - /home/gerhard/Projects/EHDS2/PrototypeSpring2024/Data/:/app/data/
+
+  # Report on the data pushed to Blaze by TransFAIR
+  blazectl:
+    container_name: blazectl
+    image: samply/blazectl
+    command: sh -c "sleep 300 && echo Source store && blazectl --server http://bridgehead-bbmri-blaze:8080/fhir count-resources && tail -f /dev/null"
+

bbmri/modules/ehds2-setup.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+
+if [ "${ENABLE_EHDS2}" == "true" ]; then
+	log INFO "EHDS2 setup detected -- will start services for German Biobank Node."
+	OVERRIDE+=" -f ./$PROJECT/modules/ehds2-compose.yml"
+
+	# The environment needs to be defined in /etc/bridgehead
+	case "$ENVIRONMENT" in
+		"production")
+			export EHDS2_BROKER_ID=broker.bbmri.samply.de
+			export EHDS2_ROOT_CERT=ehds2
+			;;
+		"test")
+			export EHDS2_BROKER_ID=broker.test.bbmri.samply.de
+			export EHDS2_ROOT_CERT=ehds2.test
+			;;
+		*)
+			report_error 6 "Environment \"$ENVIRONMENT\" is unknown. Assuming production. FIX THIS!"
+			export EHDS2_BROKER_ID=broker.bbmri.samply.de
+			export EHDS2_ROOT_CERT=ehds2
+			;;
+	esac
+	
+	EHDS2_BROKER_URL=https://${EHDS2_BROKER_ID}
+	EHDS2_PROXY_ID=${SITE_ID}.${EHDS2_BROKER_ID}
+	EHDS2_FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
+	EHDS2_SUPPORT_EMAIL=feedback@germanbiobanknode.de
+fi

bbmri/modules/ehds2.root.crt.pem

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIUMy/n0zFRihhVR3aAD54LumzeYdwwDQYJKoZIhvcNAQEL
+BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjIxMDI1MDczNTA4WhcNMzIx
+MDIyMDczNTM3WjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAL3qWliHIlIT1Qlsyq/NKJ1uj6/AF0STNg5NTNpb
+Xqe5rmUqs6jmQepputGStBVe5TthFw56whISv9FqD5s1PZUGyFikW1pJUnF7ZYRf
+MfrJHRi1vUnD3Gw36FCot+i6BAxfw/rdp9hoqFZ6erRkULLaYZ5S2cDHN0DWc18V
+3VgZ66ah8QXSx7ERRNa/eWRkHrPIYhyVSoKuyZfvbVgsYZADSlviCgIHPrGLerLr
+ylNUyuTxJ5RKStOwPn7A+Jp7nRT+MRh9BphA7s6NuK9h+eVe1DiLbIETWyCEfN3Y
+INpunatn3QDhqOIfNcuBArjsAj7mg8l5KNba8nUP4v0EJYECAwEAAaN7MHkwDgYD
+VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMvc5Fizz1vO
+MEG3MIsy7UY69ZNIMB8GA1UdIwQYMBaAFMvc5Fizz1vOMEG3MIsy7UY69ZNIMBYG
+A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQBb8a5su820
+h8JStJC+KpvXmDrGkwx9bHlEZMgQQejIrwPLEbA32KBvNxdoUxF9q1Y773MKdqbc
+cCJwzQXE/NPZ13hCGrEIXs8DgH52GhEB5592k5/bRNcAvUwbZSXPPiT0rgq/eUOt
+BYhgN0ov7h1MC5L6CYB/rQwqck7JPlmrXTkh2gix4/dEdBRzsHsn/xlo8ay5QYHG
+rx2Adit76eZu/MJoJNzl1r8MPxLqyAie3KcIU54A+UMozLrWEQP/TyOyWZdjUjJt
+cBYgkKJTjwdRhc+ehI3kFo7b/a/Z/jl9szKsAPHozMixSi8lGnsYwN80oqeRvT7h
+wcMUK+igv3/K
+-----END CERTIFICATE-----

bbmri/modules/ehds2.test.root.crt.pem

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIUJ0g7k2vrdAwNTU38S1/mU8NO26MwDQYJKoZIhvcNAQEL
+BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjMwNzEwMTIyMzQxWhcNMzMw
+NzA3MTIyNDExWjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALMvc/fApbsAl+/NXDszNgffNR5llAb9CfxzdnRn
+ryoBqZdPevBYZZfKBARRKjFbXRDdPWbE7erDeo1LiCM6PObXCuT9wmGWJtvfkmqW
+3Z/a75e4r360kceMEGVn4kWpi9dz8s7+oXVZURjW2r13h6pq6xQNZDNlXmpR8wHG
+58TSrQC4n1vzdSwMWdptgOA8Sw8adR7ZJI1yNZpmynB2QolKKNESI7FcSKC/+b+H
+LoPkseAwQG9yJo23qEw1GZS67B47iKIqX2wp9VLQobHw7ncrhKXQLSWq973k/Swp
+7lBdfOsTouf72flLiF1HbdOLcFDmWgIbf5scj2HaQe8b/UcCAwEAAaN7MHkwDgYD
+VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFHYxBJiJZieW
+e6G1vwn6Q36/crgNMB8GA1UdIwQYMBaAFHYxBJiJZieWe6G1vwn6Q36/crgNMBYG
+A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQCN6WVNYpWJ
+6Z1Ee+otLZYMXhjyR6NUQ5s0aHiug97gB8mTiNlgXiiTgipCbofEmENgh1inYrPC
+WfdXxqOaekSXCQW6nSO1KtBzEYtkN5LrN1cjKqt51P2DbkllinK37wwCS2Kfup1+
+yjhTRxrehSIfsMVK6bTUeSoc8etkgwErZpORhlpqZKWhmOwcMpgsYJJOLhUetqc1
+UNe/254bc0vqHEPT6VI/86c7qAmk1xR0RUfrnKAEqZtUeuoj2fe1L/6yOB16fxt5
+3V3oim7EO6eZCTjDo9fU5DaFiqSMe7WVdr03Na0cWet60XKRH/xaiC6gMWdHWcbh
+vZdXnV1qjlM2
+-----END CERTIFICATE-----

bbmri/vars

@@ -4,6 +4,9 @@
 # Makes only sense for German Biobanks
 : ${ENABLE_GBN:=false}
 
+# Makes only sense for EHDS2 project
+: ${ENABLE_EHDS2:=false}
+
 FOCUS_RETRY_COUNT=32
 PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
 
@@ -20,6 +23,10 @@ if [ -n "$GBN_SUPPORT_EMAIL" ]; then
     SUPPORT_EMAIL=$GBN_SUPPORT_EMAIL
 fi
 
+if [ -n "$EHDS2_SUPPORT_EMAIL" ]; then
+    SUPPORT_EMAIL=$EHDS2_SUPPORT_EMAIL
+fi
+
 function do_enroll {
     COUNT=0
     if [ "$ENABLE_ERIC" == "true" ]; then
@@ -30,6 +37,10 @@ function do_enroll {
         do_enroll_inner $GBN_PROXY_ID $GBN_SUPPORT_EMAIL
         COUNT=$((COUNT+1))
     fi
+    if [ "$ENABLE_EHDS2" == "true" ]; then
+        do_enroll_inner $EHDS2_PROXY_ID $EHDS2_SUPPORT_EMAIL
+        COUNT=$((COUNT+1))
+    fi
     if [ $COUNT -ge 2 ]; then
         echo
         echo "You just received $COUNT certificate signing requests (CSR). Please send $COUNT e-mails, with 1 CSR each, to the respective e-mail address."