samply/bridgehead
1
0
Fork 0
mirror of https://github.com/samply/bridgehead.git synced 2025-07-01 06:20:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: remove local rstudio (#322)

Browse Source
This commit is contained in:
Jan
2025-06-27 10:55:53 +02:00
committed by GitHub
parent a1cdc2659d
commit 4c6f9e0f13
4 changed files with 6 additions and 119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
ccp/modules/datashield-setup.sh
View File

@ -5,17 +5,12 @@ if [ "$ENABLE_DATASHIELD" == true ]; then
if [ -z "${ENABLE_EXPORTER}" ] || [ "${ENABLE_EXPORTER}" != "true" ]; then
log WARN "The ENABLE_EXPORTER variable is either not set or not set to 'true'."
fi
OAUTH2_CALLBACK=/oauth2/callback
OAUTH2_PROXY_SECRET="$(echo \"This is a salt string to generate one consistent encryption key for the oauth2_proxy. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 32)"
add_private_oidc_redirect_url "${OAUTH2_CALLBACK}"
log INFO "DataSHIELD setup detected -- will start DataSHIELD services."
OVERRIDE+=" -f ./$PROJECT/modules/datashield-compose.yml"
EXPORTER_OPAL_PASSWORD="$(generate_password \"exporter in Opal\")"
TOKEN_MANAGER_OPAL_PASSWORD="$(generate_password \"Token Manager in Opal\")"
OPAL_DB_PASSWORD="$(echo \"Opal DB\" | generate_simple_password)"
OPAL_ADMIN_PASSWORD="$(generate_password \"admin password for Opal\")"
RSTUDIO_ADMIN_PASSWORD="$(generate_password \"admin password for R-Studio\")"
DATASHIELD_CONNECT_SECRET="$(echo \"DataShield Connect\" | generate_simple_password)"
TOKEN_MANAGER_SECRET="$(echo \"Token Manager\" | generate_simple_password)"
if [ ! -e /tmp/bridgehead/opal-cert.pem ]; then
@ -23,18 +18,13 @@ if [ "$ENABLE_DATASHIELD" == true ]; then
openssl req -x509 -newkey rsa:4096 -nodes -keyout /tmp/bridgehead/opal-key.pem -out /tmp/bridgehead/opal-cert.pem -days 3650 -subj "/CN=opal/C=DE"
fi
mkdir -p /tmp/bridgehead/opal-map
sites="$(cat ./$PROJECT/modules/datashield-sites.json)"
echo "$sites" | docker_jq -n --args '{"sites": input | map({
"name": .,
"id": .,
"virtualhost": "\(.):443",
"beamconnect": "datashield-connect.\(.).'"$BROKER_ID"'"
})}' $sites >/tmp/bridgehead/opal-map/central.json
echo "$sites" | docker_jq -n --args '[{
"external": "'"$SITE_ID"':443",
echo '{"sites": []}' >/tmp/bridgehead/opal-map/central.json
# Only allow connections from the central beam proxy that is used by all coder workspaces
echo '[{
"external": "'$SITE_ID':443",
"internal": "opal:8443",
"allowed": input | map("\(.).'"$BROKER_ID"'")
}]' >/tmp/bridgehead/opal-map/local.json
"allowed": ["central-ds-orchestrator.'$BROKER_ID'"]
}]' > /tmp/bridgehead/opal-map/local.json
if [ "$USER" == "root" ]; then
chown -R bridgehead:docker /tmp/bridgehead
chmod g+wr /tmp/bridgehead/opal-map/*