Added WIP spot and beam proxy

2022-09-07 11:09:53 +02:00 · 2022-09-07 11:09:53 +02:00 · 5c2c76e759
parent 33ffecb3a2
commit 5c2c76e759
2 changed files with 28 additions and 29 deletions
--- a/ccp/docker-compose.yml
+++ b/ccp/docker-compose.yml
@ -7,7 +7,8 @@ services:
    command:
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
-      - --providers.docker=true - --api.dashboard=true
+      - --providers.docker=true 
+      - --api.dashboard=true
      - --accesslog=true # print access-logs
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --entrypoints.web.http.redirections.entrypoint.scheme=https
@ -51,7 +52,7 @@ services:
    image: "samply/blaze:0.17"
    container_name: bridgehead-ccp-blaze
    environment:
-      BASE_URL: "http://blaze:8080"
+      BASE_URL: "http://bridgehead-ccp-blaze:8080"
      JAVA_TOOL_OPTIONS: "-Xmx4g"
      LOG_LEVEL: "debug"
      ENFORCE_REFERENTIAL_INTEGRITY: "false"
@ -66,33 +67,23 @@ services:
      - "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,ccp-auth"
      - "traefik.http.routers.blaze_ccp.tls=true"

-  task-store:
-    image: "samply/blaze:develop"
+  spot:
+    image: "docker.verbis.dkfz.de/ccp-private/local-spot@sha256:9a80eeef29f08ecec947fc2df55a65424255e6d60105fee8ee0ef77db27af01c"
    environment:
-      BASE_URL: "http://localhost:8083"
-      JAVA_TOOL_OPTIONS: "-Xmx1g"
-      LOG_LEVEL: "debug"
-    ports:
-    - "8083:8080"
-    volumes:
-    - "task-store-data:/app/data"
-
-  data-store:
-    image: "samply/blaze:develop"
-    environment:
-      BASE_URL: "http://localhost:8084"
-      JAVA_TOOL_OPTIONS: "-Xmx1g"
-      LOG_LEVEL: "debug"
-    ports:
-    - "8084:8080"
-    volumes:
-    - "data-store-data:/app/data"
-
-  # spot:
-  #   image: "samply/spot"
+      SECRET: ${SECRET}
+      APPID: ${APP_0_ID_SHORT}
+      PROXY_ID: ${PROXY_ID}
+      LDM_URL: ${LDM_URL}
+      BEAM_PROXY: http://beam-proxy:8081
+    depends_on:
+      - "beam-proxy"
+      - "blaze"
+    labels:
+      - "traefik.enable=false"

  beam-proxy:
    image: "samply/beam-proxy:develop"
+    container_name: bridgehead-beam-proxy
    environment:
      BROKER_URL: ${BROKER_URL}
      PROXY_ID: ${PROXY_ID}
@ -101,17 +92,20 @@ services:
      APP_1_ID: ${APP_1_ID_SHORT}
      APP_1_KEY: ${APP_1_KEY}
      PRIVKEY_FILE: /run/secrets/proxy.pem
+      http_proxy: http://bridgehead-forward-proxy:3128
+      https_proxy: http://bridgehead-forward-proxy:3128
    secrets:
      - proxy.pem
+    labels:
+      - "traefik.enable=false"
+    depends_on:
+      - "forward_proxy"


 volumes:
  blaze-data:
  bridgehead-proxy:
-  ccp-search-share-db-data:
-  task-store-data:
-  data-store-data:

 secrets:
  proxy.pem:
-    file: ./pki/${PROXY_ID_SHORT}.priv.pem
+    file: /etc/bridgehead/pki/${PROXY_ID_SHORT}.priv.pem
--- a/lib/prerequisites.sh
+++ b/lib/prerequisites.sh
@ -52,6 +52,11 @@ if [ ! -e "certs/traefik.crt" ]; then
  openssl req -x509 -newkey rsa:4096 -nodes -keyout certs/traefik.key -out certs/traefik.crt -days 3650 -subj "/CN=$HOST"
 fi

+if [ ! -e "etc/bridgehead/pki/*.priv.pem" ]; then
+    log ERROR "Privaste certificsate for beam is missing"
+    exit 1
+fi
+
 if [ -e /etc/bridgehead/vault.conf ]; then
 	if [ "$(stat -c "%a %U" /etc/bridgehead/vault.conf)" != "600 bridgehead" ]; then
 		log ERROR "/etc/bridgehead/vault.conf has wrong owner/permissions. To correct this issue, run chmod 600 /etc/bridgehead/vault.conf && chown bridgehead /etc/bridgehead/vault.conf."