From e38511e1185b3ff9e4a42619d503be8140778159 Mon Sep 17 00:00:00 2001 From: Torben Brenner <76154651+torbrenner@users.noreply.github.com> Date: Thu, 20 Feb 2025 17:20:06 +0100 Subject: [PATCH 1/8] Add Codeowners File --- .github/CODEOWNERS | 1 + 1 file changed, 1 insertion(+) create mode 100644 .github/CODEOWNERS diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..67f8a04 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1 @@ +@samply/bridgehead-developers From 98121c17e87ab919065c6ef59fa3f8414c89f7e6 Mon Sep 17 00:00:00 2001 From: Torben Brenner <76154651+torbrenner@users.noreply.github.com> Date: Thu, 20 Feb 2025 17:27:40 +0100 Subject: [PATCH 2/8] Make Codeowners Rule apply to all Files in Repo --- .github/CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 67f8a04..39cdfb1 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1 +1 @@ -@samply/bridgehead-developers +* @samply/bridgehead-developers From ecb29830e4cb99969dab5f444846b611d2d45cac Mon Sep 17 00:00:00 2001 From: Tim Schumacher Date: Tue, 4 Mar 2025 14:45:23 +0100 Subject: [PATCH 3/8] Send the origin of /etc/bridgehead repo to Secret Sync This is to anticipate an upcoming change in Secret Sync that will allow it to support multiple GitLab servers, e.g. verbis GitLab and BBMRI GitLab. --- lib/functions.sh | 51 ++++++++++++++++++++++++++++++++++++++++ lib/update-bridgehead.sh | 38 +----------------------------- 2 files changed, 52 insertions(+), 37 deletions(-) diff --git a/lib/functions.sh b/lib/functions.sh index ffdc234..9cc7d99 100644 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -322,6 +322,57 @@ function sync_secrets() { set +a # Export variables in the regular way } +function secret_sync_gitlab_token() { + # Map the origin of the git repository /etc/bridgehead to the prefix recognized by Secret Sync + local gitlab + case "$(git -C /etc/bridgehead remote get-url origin)" in + *git.verbis.dkfz.de*) gitlab=verbis;; + *gitlab.bbmri-eric.eu*) gitlab=bbmri;; + *) + log "WARN" "Not running Secret Sync because the git repository /etc/bridgehead has unknown origin" + return + ;; + esac + + # Use Secret Sync to validate the GitLab token in /var/cache/bridgehead/secrets/gitlab_token. + # If it is missing or expired, Secret Sync will create a new token and write it to the file. + # The git credential helper reads the token from the file during git pull. + mkdir -p /var/cache/bridgehead/secrets + touch /var/cache/bridgehead/secrets/gitlab_token # the file has to exist to be mounted correctly in the Docker container + log "INFO" "Running Secret Sync for the GitLab token (gitlab=$gitlab)" + docker pull docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest # make sure we have the latest image + docker run --rm \ + -v /var/cache/bridgehead/secrets/gitlab_token:/usr/local/cache \ + -v $PRIVATEKEYFILENAME:/run/secrets/privkey.pem:ro \ + -v /srv/docker/bridgehead/$PROJECT/root.crt.pem:/run/secrets/root.crt.pem:ro \ + -v /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro \ + -e TLS_CA_CERTIFICATES_DIR=/conf/trusted-ca-certs \ + -e NO_PROXY=localhost,127.0.0.1 \ + -e ALL_PROXY=$HTTPS_PROXY_FULL_URL \ + -e PROXY_ID=$PROXY_ID \ + -e BROKER_URL=$BROKER_URL \ + -e GITLAB_PROJECT_ACCESS_TOKEN_PROVIDER=secret-sync-central.oidc-client-enrollment.$BROKER_ID \ + -e SECRET_DEFINITIONS=GitLabProjectAccessToken:BRIDGEHEAD_CONFIG_REPO_TOKEN:$gitlab \ + docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest + if [ $? -eq 0 ]; then + log "INFO" "Secret Sync was successful" + # In the past we used to hardcode tokens into the repository URL. We have to remove those now for the git credential helper to become effective. + CLEAN_REPO="$(git -C /etc/bridgehead remote get-url origin | sed -E 's|https://[^@]+@|https://|')" + git -C /etc/bridgehead remote set-url origin "$CLEAN_REPO" + # Set the git credential helper + git -C /etc/bridgehead config credential.helper /srv/docker/bridgehead/lib/gitlab-token-helper.sh + else + log "WARN" "Secret Sync failed" + # Remove the git credential helper + git -C /etc/bridgehead config --unset credential.helper + fi + + # In the past the git credential helper was also set for /srv/docker/bridgehead but never used. + # Let's remove it to avoid confusion. This line can be removed at some point the future when we + # believe that it was removed on all/most production servers. + git -C /srv/docker/bridgehead config --unset credential.helper +} + capitalize_first_letter() { input="$1" capitalized="$(tr '[:lower:]' '[:upper:]' <<< ${input:0:1})${input:1}" diff --git a/lib/update-bridgehead.sh b/lib/update-bridgehead.sh index ae09716..8ae3bde 100755 --- a/lib/update-bridgehead.sh +++ b/lib/update-bridgehead.sh @@ -33,43 +33,7 @@ export SITE_ID checkOwner /srv/docker/bridgehead bridgehead || fail_and_report 1 "Update failed: Wrong permissions in /srv/docker/bridgehead" checkOwner /etc/bridgehead bridgehead || fail_and_report 1 "Update failed: Wrong permissions in /etc/bridgehead" -# Use Secret Sync to validate the GitLab token in /var/cache/bridgehead/secrets/gitlab_token. -# If it is missing or expired, Secret Sync will create a new token and write it to the file. -# The git credential helper reads the token from the file during git pull. -mkdir -p /var/cache/bridgehead/secrets -touch /var/cache/bridgehead/secrets/gitlab_token # the file has to exist to be mounted correctly in the Docker container -log "INFO" "Running Secret Sync for the GitLab token" -docker pull docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest # make sure we have the latest image -docker run --rm \ - -v /var/cache/bridgehead/secrets/gitlab_token:/usr/local/cache \ - -v $PRIVATEKEYFILENAME:/run/secrets/privkey.pem:ro \ - -v /srv/docker/bridgehead/$PROJECT/root.crt.pem:/run/secrets/root.crt.pem:ro \ - -v /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro \ - -e TLS_CA_CERTIFICATES_DIR=/conf/trusted-ca-certs \ - -e NO_PROXY=localhost,127.0.0.1 \ - -e ALL_PROXY=$HTTPS_PROXY_FULL_URL \ - -e PROXY_ID=$PROXY_ID \ - -e BROKER_URL=$BROKER_URL \ - -e GITLAB_PROJECT_ACCESS_TOKEN_PROVIDER=secret-sync-central.oidc-client-enrollment.$BROKER_ID \ - -e SECRET_DEFINITIONS=GitLabProjectAccessToken:BRIDGEHEAD_CONFIG_REPO_TOKEN: \ - docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest -if [ $? -eq 0 ]; then - log "INFO" "Secret Sync was successful" - # In the past we used to hardcode tokens into the repository URL. We have to remove those now for the git credential helper to become effective. - CLEAN_REPO="$(git -C /etc/bridgehead remote get-url origin | sed -E 's|https://[^@]+@|https://|')" - git -C /etc/bridgehead remote set-url origin "$CLEAN_REPO" - # Set the git credential helper - git -C /etc/bridgehead config credential.helper /srv/docker/bridgehead/lib/gitlab-token-helper.sh -else - log "WARN" "Secret Sync failed" - # Remove the git credential helper - git -C /etc/bridgehead config --unset credential.helper -fi - -# In the past the git credential helper was also set for /srv/docker/bridgehead but never used. -# Let's remove it to avoid confusion. This line can be removed at some point the future when we -# believe that it was removed on all/most production servers. -git -C /srv/docker/bridgehead config --unset credential.helper +secret_sync_gitlab_token CHANGES="" From e396e00178f8d765ad30fa9374f67f5e92c629de Mon Sep 17 00:00:00 2001 From: Pierre Delpy <75260699+PierreDelpy@users.noreply.github.com> Date: Fri, 7 Mar 2025 12:20:38 +0100 Subject: [PATCH 4/8] Fix/ccp cql cache (#279) * fix: adapt focus caching to new cql and add focus caching for cce and itcc --------- Co-authored-by: p.delpy@dkfz-heidelberg.de --- cce/docker-compose.yml | 7 ++++++- cce/queries_to_cache.conf | 2 ++ ccp/queries_to_cache.conf | 4 ++-- itcc/docker-compose.yml | 7 ++++++- itcc/queries_to_cache.conf | 2 ++ 5 files changed, 18 insertions(+), 4 deletions(-) create mode 100644 cce/queries_to_cache.conf create mode 100644 itcc/queries_to_cache.conf diff --git a/cce/docker-compose.yml b/cce/docker-compose.yml index 0641af7..1ce28f6 100644 --- a/cce/docker-compose.yml +++ b/cce/docker-compose.yml @@ -8,7 +8,8 @@ services: BASE_URL: "http://bridgehead-cce-blaze:8080" JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m" DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000} - DB_BLOCK_CACHE_SIZE: $BLAZE_MEMORY_CAP + DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP} + CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32} ENFORCE_REFERENTIAL_INTEGRITY: "false" volumes: - "blaze-data:/app/data" @@ -31,6 +32,10 @@ services: BEAM_PROXY_URL: http://beam-proxy:8081 RETRY_COUNT: ${FOCUS_RETRY_COUNT} EPSILON: 0.28 + QUERIES_TO_CACHE: '/queries_to_cache.conf' + ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze} + volumes: + - /srv/docker/bridgehead/cce/queries_to_cache.conf:/queries_to_cache.conf depends_on: - "beam-proxy" - "blaze" diff --git a/cce/queries_to_cache.conf b/cce/queries_to_cache.conf new file mode 100644 index 0000000..8606e7c --- /dev/null +++ b/cce/queries_to_cache.conf @@ -0,0 +1,2 @@ +bGlicmFyeSBSZXRyaWV2ZQp1c2luZyBGSElSIHZlcnNpb24gJzQuMC4wJwppbmNsdWRlIEZISVJIZWxwZXJzIHZlcnNpb24gJzQuMC4wJwpjb2Rlc3lzdGVtIFNhbXBsZU1hdGVyaWFsVHlwZTogJ2h0dHBzOi8vZmhpci5iYm1yaS5kZS9Db2RlU3lzdGVtL1NhbXBsZU1hdGVyaWFsVHlwZScKCmNvZGVzeXN0ZW0gbG9pbmM6ICdodHRwOi8vbG9pbmMub3JnJwoKY29udGV4dCBQYXRpZW50CgpES1RLX1NUUkFUX0dFTkRFUl9TVFJBVElGSUVSCgpES1RLX1NUUkFUX0FHRV9TVFJBVElGSUVSCgpES1RLX1NUUkFUX0RFQ0VBU0VEX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfRElBR05PU0lTX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfU1BFQ0lNRU5fU1RSQVRJRklFUgoKREtUS19TVFJBVF9QUk9DRURVUkVfU1RSQVRJRklFUgoKREtUS19TVFJBVF9NRURJQ0FUSU9OX1NUUkFUSUZJRVIKREtUS19TVFJBVF9ERUZfSU5fSU5JVElBTF9QT1BVTEFUSU9OCnRydWU= +bGlicmFyeSBSZXRyaWV2ZQp1c2luZyBGSElSIHZlcnNpb24gJzQuMC4wJwppbmNsdWRlIEZISVJIZWxwZXJzIHZlcnNpb24gJzQuMC4wJwpjb2Rlc3lzdGVtIFNhbXBsZU1hdGVyaWFsVHlwZTogJ2h0dHBzOi8vZmhpci5iYm1yaS5kZS9Db2RlU3lzdGVtL1NhbXBsZU1hdGVyaWFsVHlwZScKCmNvZGVzeXN0ZW0gbG9pbmM6ICdodHRwOi8vbG9pbmMub3JnJwpjb2Rlc3lzdGVtIGljZDEwOiAnaHR0cDovL2ZoaXIuZGUvQ29kZVN5c3RlbS9iZmFybS9pY2QtMTAtZ20nCmNvZGVzeXN0ZW0gbW9ycGg6ICd1cm46b2lkOjIuMTYuODQwLjEuMTEzODgzLjYuNDMuMScKCmNvbnRleHQgUGF0aWVudAoKREtUS19TVFJBVF9HRU5ERVJfU1RSQVRJRklFUgoKREtUS19TVFJBVF9BR0VfU1RSQVRJRklFUgoKREtUS19TVFJBVF9ERUNFQVNFRF9TVFJBVElGSUVSCgpES1RLX1NUUkFUX0RJQUdOT1NJU19TVFJBVElGSUVSCgpES1RLX1NUUkFUX1NQRUNJTUVOX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfUFJPQ0VEVVJFX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfTUVESUNBVElPTl9TVFJBVElGSUVSCkRLVEtfU1RSQVRfREVGX0lOX0lOSVRJQUxfUE9QVUxBVElPTgooKGV4aXN0cyBbQ29uZGl0aW9uOiBDb2RlICdDNjEnIGZyb20gaWNkMTBdKSBhbmQKKChleGlzdHMgZnJvbSBbT2JzZXJ2YXRpb246IENvZGUgJzU5ODQ3LTQnIGZyb20gbG9pbmNdIE8Kd2hlcmUgTy52YWx1ZS5jb2RpbmcuY29kZSBjb250YWlucyAnODE0MC8zJykgb3IKKGV4aXN0cyBmcm9tIFtPYnNlcnZhdGlvbjogQ29kZSAnNTk4NDctNCcgZnJvbSBsb2luY10gTwp3aGVyZSBPLnZhbHVlLmNvZGluZy5jb2RlIGNvbnRhaW5zICc4MTQ3LzMnKSBvcgooZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzg0ODAvMycpIG9yCihleGlzdHMgZnJvbSBbT2JzZXJ2YXRpb246IENvZGUgJzU5ODQ3LTQnIGZyb20gbG9pbmNdIE8Kd2hlcmUgTy52YWx1ZS5jb2RpbmcuY29kZSBjb250YWlucyAnODUwMC8zJykpKQ== diff --git a/ccp/queries_to_cache.conf b/ccp/queries_to_cache.conf index b950312..ea58d2b 100644 --- a/ccp/queries_to_cache.conf +++ b/ccp/queries_to_cache.conf @@ -1,2 +1,2 @@ -bGlicmFyeSBSZXRyaWV2ZQp1c2luZyBGSElSIHZlcnNpb24gJzQuMC4wJwppbmNsdWRlIEZISVJIZWxwZXJzIHZlcnNpb24gJzQuMC4wJwoKY29kZXN5c3RlbSBsb2luYzogJ2h0dHA6Ly9sb2luYy5vcmcnCgpjb250ZXh0IFBhdGllbnQKCgpES1RLX1NUUkFUX0dFTkRFUl9TVFJBVElGSUVSCgpES1RLX1NUUkFUX1BSSU1BUllfRElBR05PU0lTX05PX1NPUlRfU1RSQVRJRklFUgpES1RLX1NUUkFUX0FHRV9DTEFTU19TVFJBVElGSUVSCgpES1RLX1NUUkFUX0RFQ0VBU0VEX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfRElBR05PU0lTX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfU1BFQ0lNRU5fU1RSQVRJRklFUgoKREtUS19TVFJBVF9QUk9DRURVUkVfU1RSQVRJRklFUgoKREtUS19TVFJBVF9NRURJQ0FUSU9OX1NUUkFUSUZJRVIKCiAgREtUS19TVFJBVF9ISVNUT0xPR1lfU1RSQVRJRklFUgpES1RLX1NUUkFUX0RFRl9JTl9JTklUSUFMX1BPUFVMQVRJT04KdHJ1ZQ== -bGlicmFyeSBSZXRyaWV2ZQp1c2luZyBGSElSIHZlcnNpb24gJzQuMC4wJwppbmNsdWRlIEZISVJIZWxwZXJzIHZlcnNpb24gJzQuMC4wJwoKY29kZXN5c3RlbSBsb2luYzogJ2h0dHA6Ly9sb2luYy5vcmcnCmNvZGVzeXN0ZW0gaWNkMTA6ICdodHRwOi8vZmhpci5kZS9Db2RlU3lzdGVtL2JmYXJtL2ljZC0xMC1nbScKY29kZXN5c3RlbSBtb3JwaDogJ3VybjpvaWQ6Mi4xNi44NDAuMS4xMTM4ODMuNi40My4xJwoKY29udGV4dCBQYXRpZW50CgoKREtUS19TVFJBVF9HRU5ERVJfU1RSQVRJRklFUgoKREtUS19TVFJBVF9QUklNQVJZX0RJQUdOT1NJU19OT19TT1JUX1NUUkFUSUZJRVIKREtUS19TVFJBVF9BR0VfQ0xBU1NfU1RSQVRJRklFUgoKREtUS19TVFJBVF9ERUNFQVNFRF9TVFJBVElGSUVSCgpES1RLX1NUUkFUX0RJQUdOT1NJU19TVFJBVElGSUVSCgpES1RLX1NUUkFUX1NQRUNJTUVOX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfUFJPQ0VEVVJFX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfTUVESUNBVElPTl9TVFJBVElGSUVSCgogIERLVEtfU1RSQVRfSElTVE9MT0dZX1NUUkFUSUZJRVIKREtUS19TVFJBVF9ERUZfSU5fSU5JVElBTF9QT1BVTEFUSU9OKGV4aXN0cyBbQ29uZGl0aW9uOiBDb2RlICdDNjEnIGZyb20gaWNkMTBdKSBhbmQgCigoZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzgxNDAvMycpIG9yIAooZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzgxNDcvMycpIG9yIAooZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzg0ODAvMycpIG9yIAooZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzg1MDAvMycpKQ== \ No newline at end of file +bGlicmFyeSBSZXRyaWV2ZQp1c2luZyBGSElSIHZlcnNpb24gJzQuMC4wJwppbmNsdWRlIEZISVJIZWxwZXJzIHZlcnNpb24gJzQuMC4wJwoKY29kZXN5c3RlbSBsb2luYzogJ2h0dHA6Ly9sb2luYy5vcmcnCgpjb250ZXh0IFBhdGllbnQKCgpES1RLX1NUUkFUX0dFTkRFUl9TVFJBVElGSUVSCgpES1RLX1NUUkFUX1BSSU1BUllfRElBR05PU0lTX05PX1NPUlRfU1RSQVRJRklFUgpES1RLX1NUUkFUX0FHRV9DTEFTU19TVFJBVElGSUVSCgpES1RLX1NUUkFUX0RFQ0VBU0VEX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfRElBR05PU0lTX1NUUkFUSUZJRVIKCkRLVEtfUkVQTEFDRV9TUEVDSU1FTl9TVFJBVElGSUVSaWYgSW5Jbml0aWFsUG9wdWxhdGlvbiB0aGVuIFtTcGVjaW1lbl0gZWxzZSB7fSBhcyBMaXN0PFNwZWNpbWVuPgpES1RLX1NUUkFUX1BST0NFRFVSRV9TVFJBVElGSUVSCgpES1RLX1NUUkFUX01FRElDQVRJT05fU1RSQVRJRklFUgoKICBES1RLX1JFUExBQ0VfSElTVE9MT0dZX1NUUkFUSUZJRVIKIGlmIGhpc3RvLmNvZGUuY29kaW5nLndoZXJlKGNvZGUgPSAnNTk4NDctNCcpLmNvZGUuZmlyc3QoKSBpcyBudWxsIHRoZW4gMCBlbHNlIDEKREtUS19TVFJBVF9ERUZfSU5fSU5JVElBTF9QT1BVTEFUSU9OCnRydWU= +bGlicmFyeSBSZXRyaWV2ZQp1c2luZyBGSElSIHZlcnNpb24gJzQuMC4wJwppbmNsdWRlIEZISVJIZWxwZXJzIHZlcnNpb24gJzQuMC4wJwoKY29kZXN5c3RlbSBsb2luYzogJ2h0dHA6Ly9sb2luYy5vcmcnCmNvZGVzeXN0ZW0gaWNkMTA6ICdodHRwOi8vZmhpci5kZS9Db2RlU3lzdGVtL2JmYXJtL2ljZC0xMC1nbScKY29kZXN5c3RlbSBtb3JwaDogJ3VybjpvaWQ6Mi4xNi44NDAuMS4xMTM4ODMuNi40My4xJwoKY29udGV4dCBQYXRpZW50CgoKREtUS19TVFJBVF9HRU5ERVJfU1RSQVRJRklFUgoKREtUS19TVFJBVF9QUklNQVJZX0RJQUdOT1NJU19OT19TT1JUX1NUUkFUSUZJRVIKREtUS19TVFJBVF9BR0VfQ0xBU1NfU1RSQVRJRklFUgoKREtUS19TVFJBVF9ERUNFQVNFRF9TVFJBVElGSUVSCgpES1RLX1NUUkFUX0RJQUdOT1NJU19TVFJBVElGSUVSCgpES1RLX1JFUExBQ0VfU1BFQ0lNRU5fU1RSQVRJRklFUmlmIEluSW5pdGlhbFBvcHVsYXRpb24gdGhlbiBbU3BlY2ltZW5dIGVsc2Uge30gYXMgTGlzdDxTcGVjaW1lbj4KREtUS19TVFJBVF9QUk9DRURVUkVfU1RSQVRJRklFUgoKREtUS19TVFJBVF9NRURJQ0FUSU9OX1NUUkFUSUZJRVIKCiAgREtUS19SRVBMQUNFX0hJU1RPTE9HWV9TVFJBVElGSUVSCiBpZiBoaXN0by5jb2RlLmNvZGluZy53aGVyZShjb2RlID0gJzU5ODQ3LTQnKS5jb2RlLmZpcnN0KCkgaXMgbnVsbCB0aGVuIDAgZWxzZSAxCkRLVEtfU1RSQVRfREVGX0lOX0lOSVRJQUxfUE9QVUxBVElPTihleGlzdHMgW0NvbmRpdGlvbjogQ29kZSAnQzYxJyBmcm9tIGljZDEwXSkgYW5kIAooKGV4aXN0cyBmcm9tIFtPYnNlcnZhdGlvbjogQ29kZSAnNTk4NDctNCcgZnJvbSBsb2luY10gTwp3aGVyZSBPLnZhbHVlLmNvZGluZy5jb2RlIGNvbnRhaW5zICc4MTQwLzMnKSBvciAKKGV4aXN0cyBmcm9tIFtPYnNlcnZhdGlvbjogQ29kZSAnNTk4NDctNCcgZnJvbSBsb2luY10gTwp3aGVyZSBPLnZhbHVlLmNvZGluZy5jb2RlIGNvbnRhaW5zICc4MTQ3LzMnKSBvciAKKGV4aXN0cyBmcm9tIFtPYnNlcnZhdGlvbjogQ29kZSAnNTk4NDctNCcgZnJvbSBsb2luY10gTwp3aGVyZSBPLnZhbHVlLmNvZGluZy5jb2RlIGNvbnRhaW5zICc4NDgwLzMnKSBvciAKKGV4aXN0cyBmcm9tIFtPYnNlcnZhdGlvbjogQ29kZSAnNTk4NDctNCcgZnJvbSBsb2luY10gTwp3aGVyZSBPLnZhbHVlLmNvZGluZy5jb2RlIGNvbnRhaW5zICc4NTAwLzMnKSk= \ No newline at end of file diff --git a/itcc/docker-compose.yml b/itcc/docker-compose.yml index c9bce0c..879b7b9 100644 --- a/itcc/docker-compose.yml +++ b/itcc/docker-compose.yml @@ -8,7 +8,8 @@ services: BASE_URL: "http://bridgehead-itcc-blaze:8080" JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m" DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000} - DB_BLOCK_CACHE_SIZE: $BLAZE_MEMORY_CAP + DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP} + CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32} ENFORCE_REFERENTIAL_INTEGRITY: "false" volumes: - "blaze-data:/app/data" @@ -31,6 +32,10 @@ services: BEAM_PROXY_URL: http://beam-proxy:8081 RETRY_COUNT: ${FOCUS_RETRY_COUNT} EPSILON: 0.28 + QUERIES_TO_CACHE: '/queries_to_cache.conf' + ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze} + volumes: + - /srv/docker/bridgehead/itcc/queries_to_cache.conf:/queries_to_cache.conf depends_on: - "beam-proxy" - "blaze" diff --git a/itcc/queries_to_cache.conf b/itcc/queries_to_cache.conf new file mode 100644 index 0000000..9935a47 --- /dev/null +++ b/itcc/queries_to_cache.conf @@ -0,0 +1,2 @@ +bGlicmFyeSBSZXRyaWV2ZQp1c2luZyBGSElSIHZlcnNpb24gJzQuMC4wJwppbmNsdWRlIEZISVJIZWxwZXJzIHZlcnNpb24gJzQuMC4wJwpjb2Rlc3lzdGVtIFNhbXBsZU1hdGVyaWFsVHlwZTogJ2h0dHBzOi8vZmhpci5iYm1yaS5kZS9Db2RlU3lzdGVtL1NhbXBsZU1hdGVyaWFsVHlwZScKCmNvZGVzeXN0ZW0gbG9pbmM6ICdodHRwOi8vbG9pbmMub3JnJwoKY29udGV4dCBQYXRpZW50CkRLVEtfU1RSQVRfR0VOREVSX1NUUkFUSUZJRVIKICBES1RLX1NUUkFUX0RJQUdOT1NJU19TVFJBVElGSUVSCiAgSVRDQ19TVFJBVF9BR0VfQ0xBU1NfU1RSQVRJRklFUgogIERLVEtfU1RSQVRfREVGX0lOX0lOSVRJQUxfUE9QVUxBVElPTgp0cnVl +bGlicmFyeSBSZXRyaWV2ZQp1c2luZyBGSElSIHZlcnNpb24gJzQuMC4wJwppbmNsdWRlIEZISVJIZWxwZXJzIHZlcnNpb24gJzQuMC4wJwpjb2Rlc3lzdGVtIFNhbXBsZU1hdGVyaWFsVHlwZTogJ2h0dHBzOi8vZmhpci5iYm1yaS5kZS9Db2RlU3lzdGVtL1NhbXBsZU1hdGVyaWFsVHlwZScKCmNvZGVzeXN0ZW0gbG9pbmM6ICdodHRwOi8vbG9pbmMub3JnJwpjb2Rlc3lzdGVtIG1vbGVjdWxhck1hcmtlcjogJ2h0dHA6Ly93d3cuZ2VuZW5hbWVzLm9yZycKCmNvbnRleHQgUGF0aWVudApES1RLX1NUUkFUX0dFTkRFUl9TVFJBVElGSUVSCiAgREtUS19TVFJBVF9ESUFHTk9TSVNfU1RSQVRJRklFUgogIElUQ0NfU1RSQVRfQUdFX0NMQVNTX1NUUkFUSUZJRVIKICBES1RLX1NUUkFUX0RFRl9JTl9JTklUSUFMX1BPUFVMQVRJT04KKGV4aXN0cyBmcm9tIFtPYnNlcnZhdGlvbjogQ29kZSAnNjk1NDgtNicgZnJvbSBsb2luY10gTwp3aGVyZSBPLmNvbXBvbmVudC53aGVyZShjb2RlLmNvZGluZyBjb250YWlucyBDb2RlICc0ODAxOC02JyBmcm9tIGxvaW5jKS52YWx1ZS5jb2RpbmcgY29udGFpbnMgQ29kZSAnQlJBRicgZnJvbSBtb2xlY3VsYXJNYXJrZXIp From 83555540f5f95bab7381e9881c3ae516ef200fc6 Mon Sep 17 00:00:00 2001 From: Tim Schumacher Date: Mon, 10 Mar 2025 12:08:19 +0100 Subject: [PATCH 5/8] chore: update central Secret Sync proxy ID (#280) --- lib/functions.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/functions.sh b/lib/functions.sh index 9cc7d99..44b000c 100644 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -313,7 +313,7 @@ function sync_secrets() { -e ALL_PROXY=$HTTPS_PROXY_FULL_URL \ -e PROXY_ID=$PROXY_ID \ -e BROKER_URL=$BROKER_URL \ - -e OIDC_PROVIDER=secret-sync-central.oidc-client-enrollment.$BROKER_ID \ + -e OIDC_PROVIDER=secret-sync-central.central-secret-sync.$BROKER_ID \ -e SECRET_DEFINITIONS=$secret_sync_args \ docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest @@ -351,7 +351,7 @@ function secret_sync_gitlab_token() { -e ALL_PROXY=$HTTPS_PROXY_FULL_URL \ -e PROXY_ID=$PROXY_ID \ -e BROKER_URL=$BROKER_URL \ - -e GITLAB_PROJECT_ACCESS_TOKEN_PROVIDER=secret-sync-central.oidc-client-enrollment.$BROKER_ID \ + -e GITLAB_PROJECT_ACCESS_TOKEN_PROVIDER=secret-sync-central.central-secret-sync.$BROKER_ID \ -e SECRET_DEFINITIONS=GitLabProjectAccessToken:BRIDGEHEAD_CONFIG_REPO_TOKEN:$gitlab \ docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest if [ $? -eq 0 ]; then From 5d94bac0e2326b495f24695c18a385e3f03cf871 Mon Sep 17 00:00:00 2001 From: Martin Lablans <6804500+lablans@users.noreply.github.com> Date: Mon, 10 Mar 2025 16:03:05 +0100 Subject: [PATCH 6/8] Mount queries_to_cache.conf readonly (#282) --- cce/docker-compose.yml | 2 +- ccp/docker-compose.yml | 2 +- dhki/docker-compose.yml | 2 +- itcc/docker-compose.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cce/docker-compose.yml b/cce/docker-compose.yml index 1ce28f6..c9fdabd 100644 --- a/cce/docker-compose.yml +++ b/cce/docker-compose.yml @@ -35,7 +35,7 @@ services: QUERIES_TO_CACHE: '/queries_to_cache.conf' ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze} volumes: - - /srv/docker/bridgehead/cce/queries_to_cache.conf:/queries_to_cache.conf + - /srv/docker/bridgehead/cce/queries_to_cache.conf:/queries_to_cache.conf:ro depends_on: - "beam-proxy" - "blaze" diff --git a/ccp/docker-compose.yml b/ccp/docker-compose.yml index 871eec2..1471d15 100644 --- a/ccp/docker-compose.yml +++ b/ccp/docker-compose.yml @@ -35,7 +35,7 @@ services: QUERIES_TO_CACHE: '/queries_to_cache.conf' ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze} volumes: - - /srv/docker/bridgehead/ccp/queries_to_cache.conf:/queries_to_cache.conf + - /srv/docker/bridgehead/ccp/queries_to_cache.conf:/queries_to_cache.conf:ro depends_on: - "beam-proxy" - "blaze" diff --git a/dhki/docker-compose.yml b/dhki/docker-compose.yml index d37f1a2..c386078 100644 --- a/dhki/docker-compose.yml +++ b/dhki/docker-compose.yml @@ -33,7 +33,7 @@ services: EPSILON: 0.28 QUERIES_TO_CACHE: '/queries_to_cache.conf' volumes: - - /srv/docker/bridgehead/dhki/queries_to_cache.conf:/queries_to_cache.conf + - /srv/docker/bridgehead/dhki/queries_to_cache.conf:/queries_to_cache.conf:ro depends_on: - "beam-proxy" - "blaze" diff --git a/itcc/docker-compose.yml b/itcc/docker-compose.yml index 879b7b9..289c8df 100644 --- a/itcc/docker-compose.yml +++ b/itcc/docker-compose.yml @@ -35,7 +35,7 @@ services: QUERIES_TO_CACHE: '/queries_to_cache.conf' ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze} volumes: - - /srv/docker/bridgehead/itcc/queries_to_cache.conf:/queries_to_cache.conf + - /srv/docker/bridgehead/itcc/queries_to_cache.conf:/queries_to_cache.conf:ro depends_on: - "beam-proxy" - "blaze" From 82ced89b334673af55f02ed632b9efaa46ee9b7c Mon Sep 17 00:00:00 2001 From: Jan <59206115+Threated@users.noreply.github.com> Date: Wed, 12 Mar 2025 12:52:00 +0100 Subject: [PATCH 7/8] chore: unify blaze versioning and upgrade to 0.32 (#277) --- bbmri/docker-compose.yml | 2 +- cce/docker-compose.yml | 2 +- ccp/docker-compose.yml | 2 +- ccp/modules/blaze-secondary-compose.yml | 2 +- dhki/docker-compose.yml | 2 +- itcc/docker-compose.yml | 2 +- kr/docker-compose.yml | 2 +- modules/transfair-compose.yml | 4 ++-- versions/prod | 3 ++- versions/test | 3 ++- 10 files changed, 13 insertions(+), 11 deletions(-) diff --git a/bbmri/docker-compose.yml b/bbmri/docker-compose.yml index 1903c62..334b048 100644 --- a/bbmri/docker-compose.yml +++ b/bbmri/docker-compose.yml @@ -4,7 +4,7 @@ version: "3.7" services: blaze: - image: docker.verbis.dkfz.de/cache/samply/blaze:0.31 + image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG} container_name: bridgehead-bbmri-blaze environment: BASE_URL: "http://bridgehead-bbmri-blaze:8080" diff --git a/cce/docker-compose.yml b/cce/docker-compose.yml index c9fdabd..99039e7 100644 --- a/cce/docker-compose.yml +++ b/cce/docker-compose.yml @@ -2,7 +2,7 @@ version: "3.7" services: blaze: - image: docker.verbis.dkfz.de/cache/samply/blaze:0.31 + image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG} container_name: bridgehead-cce-blaze environment: BASE_URL: "http://bridgehead-cce-blaze:8080" diff --git a/ccp/docker-compose.yml b/ccp/docker-compose.yml index 1471d15..030fcc1 100644 --- a/ccp/docker-compose.yml +++ b/ccp/docker-compose.yml @@ -2,7 +2,7 @@ version: "3.7" services: blaze: - image: docker.verbis.dkfz.de/cache/samply/blaze:0.31 + image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG} container_name: bridgehead-ccp-blaze environment: BASE_URL: "http://bridgehead-ccp-blaze:8080" diff --git a/ccp/modules/blaze-secondary-compose.yml b/ccp/modules/blaze-secondary-compose.yml index ad748a6..c60ebf5 100644 --- a/ccp/modules/blaze-secondary-compose.yml +++ b/ccp/modules/blaze-secondary-compose.yml @@ -2,7 +2,7 @@ version: "3.7" services: blaze-secondary: - image: docker.verbis.dkfz.de/cache/samply/blaze:0.31 + image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG} container_name: bridgehead-ccp-blaze-secondary environment: BASE_URL: "http://bridgehead-ccp-blaze-secondary:8080" diff --git a/dhki/docker-compose.yml b/dhki/docker-compose.yml index c386078..c8df043 100644 --- a/dhki/docker-compose.yml +++ b/dhki/docker-compose.yml @@ -2,7 +2,7 @@ version: "3.7" services: blaze: - image: docker.verbis.dkfz.de/cache/samply/blaze:0.31 + image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG} container_name: bridgehead-dhki-blaze environment: BASE_URL: "http://bridgehead-dhki-blaze:8080" diff --git a/itcc/docker-compose.yml b/itcc/docker-compose.yml index 289c8df..18adb6f 100644 --- a/itcc/docker-compose.yml +++ b/itcc/docker-compose.yml @@ -2,7 +2,7 @@ version: "3.7" services: blaze: - image: docker.verbis.dkfz.de/cache/samply/blaze:0.31 + image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG} container_name: bridgehead-itcc-blaze environment: BASE_URL: "http://bridgehead-itcc-blaze:8080" diff --git a/kr/docker-compose.yml b/kr/docker-compose.yml index 17b36b7..2d5390a 100644 --- a/kr/docker-compose.yml +++ b/kr/docker-compose.yml @@ -6,7 +6,7 @@ services: replicas: 0 #deactivate landing page blaze: - image: docker.verbis.dkfz.de/cache/samply/blaze:0.31 + image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG} container_name: bridgehead-kr-blaze environment: BASE_URL: "http://bridgehead-kr-blaze:8080" diff --git a/modules/transfair-compose.yml b/modules/transfair-compose.yml index 9af09a6..d23a033 100644 --- a/modules/transfair-compose.yml +++ b/modules/transfair-compose.yml @@ -21,7 +21,7 @@ services: - /var/cache/bridgehead/${PROJECT}/transfair:/transfair transfair-input-blaze: - image: docker.verbis.dkfz.de/cache/samply/blaze:0.28 + image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG} container_name: bridgehead-transfair-input-blaze environment: BASE_URL: "http://bridgehead-transfair-input-blaze:8080" @@ -34,7 +34,7 @@ services: profiles: ["transfair-input-blaze"] transfair-request-blaze: - image: docker.verbis.dkfz.de/cache/samply/blaze:0.28 + image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG} container_name: bridgehead-transfair-requests-blaze environment: BASE_URL: "http://bridgehead-transfair-requests-blaze:8080" diff --git a/versions/prod b/versions/prod index 1dd754f..bd04f6b 100644 --- a/versions/prod +++ b/versions/prod @@ -1,2 +1,3 @@ FOCUS_TAG=main -BEAM_TAG=main \ No newline at end of file +BEAM_TAG=main +BLAZE_TAG=0.32 \ No newline at end of file diff --git a/versions/test b/versions/test index 10ae062..7d66e03 100644 --- a/versions/test +++ b/versions/test @@ -1,2 +1,3 @@ FOCUS_TAG=develop -BEAM_TAG=develop \ No newline at end of file +BEAM_TAG=develop +BLAZE_TAG=main \ No newline at end of file From 6f3aba1eaab46364af635a965f8087dda170515b Mon Sep 17 00:00:00 2001 From: Torben Brenner <76154651+torbrenner@users.noreply.github.com> Date: Wed, 12 Mar 2025 15:45:55 +0100 Subject: [PATCH 8/8] feat: support self-signed cert on ttp (#283) --- modules/transfair-compose.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/transfair-compose.yml b/modules/transfair-compose.yml index d23a033..4ee2ff9 100644 --- a/modules/transfair-compose.yml +++ b/modules/transfair-compose.yml @@ -17,8 +17,10 @@ services: - EXCHANGE_ID_SYSTEM=${EXCHANGE_ID_SYSTEM:-SESSION_ID} - DATABASE_URL=sqlite://transfair/data_requests.sql?mode=rwc - RUST_LOG=${RUST_LOG:-info} + - TLS_CA_CERTIFICATES_DIR=/conf/trusted-ca-certs volumes: - /var/cache/bridgehead/${PROJECT}/transfair:/transfair + - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro transfair-input-blaze: image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}