From 5c2c76e75979d4b94840bd2cdf673226c0473e62 Mon Sep 17 00:00:00 2001 From: Patrick Skowronek Date: Wed, 7 Sep 2022 11:09:53 +0200 Subject: [PATCH] Added WIP spot and beam proxy --- ccp/docker-compose.yml | 52 +++++++++++++++++++----------------------- lib/prerequisites.sh | 5 ++++ 2 files changed, 28 insertions(+), 29 deletions(-) diff --git a/ccp/docker-compose.yml b/ccp/docker-compose.yml index 75a06c3..860b689 100644 --- a/ccp/docker-compose.yml +++ b/ccp/docker-compose.yml @@ -7,7 +7,8 @@ services: command: - --entrypoints.web.address=:80 - --entrypoints.websecure.address=:443 - - --providers.docker=true - --api.dashboard=true + - --providers.docker=true + - --api.dashboard=true - --accesslog=true # print access-logs - --entrypoints.web.http.redirections.entrypoint.to=websecure - --entrypoints.web.http.redirections.entrypoint.scheme=https @@ -51,7 +52,7 @@ services: image: "samply/blaze:0.17" container_name: bridgehead-ccp-blaze environment: - BASE_URL: "http://blaze:8080" + BASE_URL: "http://bridgehead-ccp-blaze:8080" JAVA_TOOL_OPTIONS: "-Xmx4g" LOG_LEVEL: "debug" ENFORCE_REFERENTIAL_INTEGRITY: "false" @@ -65,34 +66,24 @@ services: - "traefik.http.services.blaze_ccp.loadbalancer.server.port=8080" - "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,ccp-auth" - "traefik.http.routers.blaze_ccp.tls=true" - - task-store: - image: "samply/blaze:develop" - environment: - BASE_URL: "http://localhost:8083" - JAVA_TOOL_OPTIONS: "-Xmx1g" - LOG_LEVEL: "debug" - ports: - - "8083:8080" - volumes: - - "task-store-data:/app/data" - data-store: - image: "samply/blaze:develop" + spot: + image: "docker.verbis.dkfz.de/ccp-private/local-spot@sha256:9a80eeef29f08ecec947fc2df55a65424255e6d60105fee8ee0ef77db27af01c" environment: - BASE_URL: "http://localhost:8084" - JAVA_TOOL_OPTIONS: "-Xmx1g" - LOG_LEVEL: "debug" - ports: - - "8084:8080" - volumes: - - "data-store-data:/app/data" - - # spot: - # image: "samply/spot" + SECRET: ${SECRET} + APPID: ${APP_0_ID_SHORT} + PROXY_ID: ${PROXY_ID} + LDM_URL: ${LDM_URL} + BEAM_PROXY: http://beam-proxy:8081 + depends_on: + - "beam-proxy" + - "blaze" + labels: + - "traefik.enable=false" beam-proxy: image: "samply/beam-proxy:develop" + container_name: bridgehead-beam-proxy environment: BROKER_URL: ${BROKER_URL} PROXY_ID: ${PROXY_ID} @@ -101,17 +92,20 @@ services: APP_1_ID: ${APP_1_ID_SHORT} APP_1_KEY: ${APP_1_KEY} PRIVKEY_FILE: /run/secrets/proxy.pem + http_proxy: http://bridgehead-forward-proxy:3128 + https_proxy: http://bridgehead-forward-proxy:3128 secrets: - proxy.pem + labels: + - "traefik.enable=false" + depends_on: + - "forward_proxy" volumes: blaze-data: bridgehead-proxy: - ccp-search-share-db-data: - task-store-data: - data-store-data: secrets: proxy.pem: - file: ./pki/${PROXY_ID_SHORT}.priv.pem + file: /etc/bridgehead/pki/${PROXY_ID_SHORT}.priv.pem diff --git a/lib/prerequisites.sh b/lib/prerequisites.sh index e04161b..0000406 100755 --- a/lib/prerequisites.sh +++ b/lib/prerequisites.sh @@ -52,6 +52,11 @@ if [ ! -e "certs/traefik.crt" ]; then openssl req -x509 -newkey rsa:4096 -nodes -keyout certs/traefik.key -out certs/traefik.crt -days 3650 -subj "/CN=$HOST" fi +if [ ! -e "etc/bridgehead/pki/*.priv.pem" ]; then + log ERROR "Privaste certificsate for beam is missing" + exit 1 +fi + if [ -e /etc/bridgehead/vault.conf ]; then if [ "$(stat -c "%a %U" /etc/bridgehead/vault.conf)" != "600 bridgehead" ]; then log ERROR "/etc/bridgehead/vault.conf has wrong owner/permissions. To correct this issue, run chmod 600 /etc/bridgehead/vault.conf && chown bridgehead /etc/bridgehead/vault.conf."