mirror of
https://github.com/samply/bridgehead.git
synced 2025-08-07 00:30:22 +02:00
Merge branch 'develop' into feature/add-pscc
This commit is contained in:
p.delpy@dkfz-heidelberg.de
@@ -32,9 +32,6 @@ services:
|
|||||||
DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
|
DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
|
||||||
TEILER_BACKEND_URL: "/bbmri-teiler-backend"
|
TEILER_BACKEND_URL: "/bbmri-teiler-backend"
|
||||||
TEILER_DASHBOARD_URL: "/bbmri-teiler-dashboard"
|
TEILER_DASHBOARD_URL: "/bbmri-teiler-dashboard"
|
||||||
OIDC_URL: "${OIDC_URL}"
|
|
||||||
OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}"
|
|
||||||
OIDC_TOKEN_GROUP: "${OIDC_GROUP_CLAIM}"
|
|
||||||
TEILER_ADMIN_NAME: "${OPERATOR_FIRST_NAME} ${OPERATOR_LAST_NAME}"
|
TEILER_ADMIN_NAME: "${OPERATOR_FIRST_NAME} ${OPERATOR_LAST_NAME}"
|
||||||
TEILER_ADMIN_EMAIL: "${OPERATOR_EMAIL}"
|
TEILER_ADMIN_EMAIL: "${OPERATOR_EMAIL}"
|
||||||
TEILER_ADMIN_PHONE: "${OPERATOR_PHONE}"
|
TEILER_ADMIN_PHONE: "${OPERATOR_PHONE}"
|
||||||
@@ -42,8 +39,6 @@ services:
|
|||||||
EXPORTER_API_KEY: "${EXPORTER_API_KEY}"
|
EXPORTER_API_KEY: "${EXPORTER_API_KEY}"
|
||||||
TEILER_ORCHESTRATOR_URL: "/bbmri-teiler"
|
TEILER_ORCHESTRATOR_URL: "/bbmri-teiler"
|
||||||
TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/bbmri-teiler"
|
TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/bbmri-teiler"
|
||||||
TEILER_USER: "${OIDC_USER_GROUP}"
|
|
||||||
TEILER_ADMIN: "${OIDC_ADMIN_GROUP}"
|
|
||||||
REPORTER_DEFAULT_TEMPLATE_ID: "bbmri-qb"
|
REPORTER_DEFAULT_TEMPLATE_ID: "bbmri-qb"
|
||||||
EXPORTER_DEFAULT_TEMPLATE_ID: "bbmri"
|
EXPORTER_DEFAULT_TEMPLATE_ID: "bbmri"
|
||||||
|
|
||||||
|
|||||||
@@ -32,9 +32,6 @@ services:
|
|||||||
DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
|
DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
|
||||||
TEILER_BACKEND_URL: "/cce-teiler-backend"
|
TEILER_BACKEND_URL: "/cce-teiler-backend"
|
||||||
TEILER_DASHBOARD_URL: "/cce-teiler-dashboard"
|
TEILER_DASHBOARD_URL: "/cce-teiler-dashboard"
|
||||||
OIDC_URL: "${OIDC_URL}"
|
|
||||||
OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}"
|
|
||||||
OIDC_TOKEN_GROUP: "${OIDC_GROUP_CLAIM}"
|
|
||||||
TEILER_ADMIN_NAME: "${OPERATOR_FIRST_NAME} ${OPERATOR_LAST_NAME}"
|
TEILER_ADMIN_NAME: "${OPERATOR_FIRST_NAME} ${OPERATOR_LAST_NAME}"
|
||||||
TEILER_ADMIN_EMAIL: "${OPERATOR_EMAIL}"
|
TEILER_ADMIN_EMAIL: "${OPERATOR_EMAIL}"
|
||||||
TEILER_ADMIN_PHONE: "${OPERATOR_PHONE}"
|
TEILER_ADMIN_PHONE: "${OPERATOR_PHONE}"
|
||||||
@@ -42,8 +39,6 @@ services:
|
|||||||
EXPORTER_API_KEY: "${EXPORTER_API_KEY}"
|
EXPORTER_API_KEY: "${EXPORTER_API_KEY}"
|
||||||
TEILER_ORCHESTRATOR_URL: "/cce-teiler"
|
TEILER_ORCHESTRATOR_URL: "/cce-teiler"
|
||||||
TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/cce-teiler"
|
TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/cce-teiler"
|
||||||
TEILER_USER: "${OIDC_USER_GROUP}"
|
|
||||||
TEILER_ADMIN: "${OIDC_ADMIN_GROUP}"
|
|
||||||
REPORTER_DEFAULT_TEMPLATE_ID: "cce-qb"
|
REPORTER_DEFAULT_TEMPLATE_ID: "cce-qb"
|
||||||
EXPORTER_DEFAULT_TEMPLATE_ID: "cce"
|
EXPORTER_DEFAULT_TEMPLATE_ID: "cce"
|
||||||
|
|
||||||
|
|||||||
@@ -25,7 +25,7 @@ services:
|
|||||||
APP_CONTEXT_PATH: "/opal"
|
APP_CONTEXT_PATH: "/opal"
|
||||||
OPAL_PRIVATE_KEY: "/run/secrets/opal-key.pem"
|
OPAL_PRIVATE_KEY: "/run/secrets/opal-key.pem"
|
||||||
OPAL_CERTIFICATE: "/run/secrets/opal-cert.pem"
|
OPAL_CERTIFICATE: "/run/secrets/opal-cert.pem"
|
||||||
OIDC_URL: "${OIDC_URL}"
|
OIDC_URL: "${OIDC_PRIVATE_URL}"
|
||||||
OIDC_CLIENT_ID: "${OIDC_PRIVATE_CLIENT_ID}"
|
OIDC_CLIENT_ID: "${OIDC_PRIVATE_CLIENT_ID}"
|
||||||
OIDC_CLIENT_SECRET: "${OIDC_CLIENT_SECRET}"
|
OIDC_CLIENT_SECRET: "${OIDC_CLIENT_SECRET}"
|
||||||
OIDC_ADMIN_GROUP: "${OIDC_ADMIN_GROUP}"
|
OIDC_ADMIN_GROUP: "${OIDC_ADMIN_GROUP}"
|
||||||
|
|||||||
@@ -43,7 +43,7 @@ services:
|
|||||||
- "traefik.http.routers.dnpm-auth.tls=true"
|
- "traefik.http.routers.dnpm-auth.tls=true"
|
||||||
|
|
||||||
dnpm-portal:
|
dnpm-portal:
|
||||||
image: ghcr.io/dnpm-dip/portal:latest
|
image: ghcr.io/dnpm-dip/portal:{DNPM_IMAGE_TAG:-latest}
|
||||||
container_name: bridgehead-dnpm-portal
|
container_name: bridgehead-dnpm-portal
|
||||||
environment:
|
environment:
|
||||||
- NUXT_API_URL=http://dnpm-backend:9000/
|
- NUXT_API_URL=http://dnpm-backend:9000/
|
||||||
@@ -58,7 +58,7 @@ services:
|
|||||||
|
|
||||||
dnpm-backend:
|
dnpm-backend:
|
||||||
container_name: bridgehead-dnpm-backend
|
container_name: bridgehead-dnpm-backend
|
||||||
image: ghcr.io/dnpm-dip/backend:latest
|
image: ghcr.io/dnpm-dip/backend:{DNPM_IMAGE_TAG:-latest}
|
||||||
environment:
|
environment:
|
||||||
- LOCAL_SITE=${ZPM_SITE}:${SITE_NAME} # Format: {Site-ID}:{Site-name}, e.g. UKT:Tübingen
|
- LOCAL_SITE=${ZPM_SITE}:${SITE_NAME} # Format: {Site-ID}:{Site-name}, e.g. UKT:Tübingen
|
||||||
- RD_RANDOM_DATA=${DNPM_SYNTH_NUM:--1}
|
- RD_RANDOM_DATA=${DNPM_SYNTH_NUM:--1}
|
||||||
|
|||||||
@@ -14,6 +14,7 @@ services:
|
|||||||
MAGICPL_CONNECTOR_APIKEY: ${IDMANAGER_READ_APIKEY}
|
MAGICPL_CONNECTOR_APIKEY: ${IDMANAGER_READ_APIKEY}
|
||||||
MAGICPL_CENTRAL_PATIENTLIST_APIKEY: ${IDMANAGER_CENTRAL_PATIENTLIST_APIKEY}
|
MAGICPL_CENTRAL_PATIENTLIST_APIKEY: ${IDMANAGER_CENTRAL_PATIENTLIST_APIKEY}
|
||||||
MAGICPL_CONTROLNUMBERGENERATOR_APIKEY: ${IDMANAGER_CONTROLNUMBERGENERATOR_APIKEY}
|
MAGICPL_CONTROLNUMBERGENERATOR_APIKEY: ${IDMANAGER_CONTROLNUMBERGENERATOR_APIKEY}
|
||||||
|
MAGICPL_OIDC_PROVIDER: ${OIDC_PRIVATE_URL}
|
||||||
depends_on:
|
depends_on:
|
||||||
- patientlist
|
- patientlist
|
||||||
- traefik-forward-auth
|
- traefik-forward-auth
|
||||||
@@ -71,12 +72,14 @@ services:
|
|||||||
- https_proxy=http://forward_proxy:3128
|
- https_proxy=http://forward_proxy:3128
|
||||||
- OAUTH2_PROXY_PROVIDER=oidc
|
- OAUTH2_PROXY_PROVIDER=oidc
|
||||||
- OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true
|
- OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true
|
||||||
- OAUTH2_PROXY_OIDC_ISSUER_URL=https://login.verbis.dkfz.de/realms/master
|
- OAUTH2_PROXY_OIDC_ISSUER_URL=${OIDC_PRIVATE_URL}
|
||||||
- OAUTH2_PROXY_CLIENT_ID=bridgehead-${SITE_ID}
|
- OAUTH2_PROXY_CLIENT_ID=${OIDC_PRIVATE_CLIENT_ID}
|
||||||
- OAUTH2_PROXY_CLIENT_SECRET=${IDMANAGER_AUTH_CLIENT_SECRET}
|
- OAUTH2_PROXY_CLIENT_SECRET=${OIDC_CLIENT_SECRET}
|
||||||
- OAUTH2_PROXY_COOKIE_SECRET=${IDMANAGER_AUTH_COOKIE_SECRET}
|
- OAUTH2_PROXY_COOKIE_SECRET=${IDMANAGER_AUTH_COOKIE_SECRET}
|
||||||
- OAUTH2_PROXY_COOKIE_NAME=_BRIDGEHEAD_oauth2_idm
|
- OAUTH2_PROXY_COOKIE_NAME=_BRIDGEHEAD_oauth2_idm
|
||||||
- OAUTH2_PROXY_COOKIE_DOMAINS=.${HOST}
|
- OAUTH2_PROXY_COOKIE_DOMAINS=.${HOST}
|
||||||
|
- OAUTH2_PROXY_COOKIE_REFRESH=4m
|
||||||
|
- OAUTH2_PROXY_COOKIE_EXPIRE=24h
|
||||||
- OAUTH2_PROXY_HTTP_ADDRESS=:4180
|
- OAUTH2_PROXY_HTTP_ADDRESS=:4180
|
||||||
- OAUTH2_PROXY_REVERSE_PROXY=true
|
- OAUTH2_PROXY_REVERSE_PROXY=true
|
||||||
- OAUTH2_PROXY_WHITELIST_DOMAINS=.${HOST}
|
- OAUTH2_PROXY_WHITELIST_DOMAINS=.${HOST}
|
||||||
@@ -87,8 +90,8 @@ services:
|
|||||||
- OAUTH2_PROXY_SET_AUTHORIZATION_HEADER=true
|
- OAUTH2_PROXY_SET_AUTHORIZATION_HEADER=true
|
||||||
- OAUTH2_PROXY_SET_XAUTHREQUEST=true
|
- OAUTH2_PROXY_SET_XAUTHREQUEST=true
|
||||||
# Keycloak has an expiration time of 60s therefore oauth2-proxy needs to refresh after that
|
# Keycloak has an expiration time of 60s therefore oauth2-proxy needs to refresh after that
|
||||||
- OAUTH2_PROXY_COOKIE_REFRESH=60s
|
- OAUTH2_PROXY_ALLOWED_GROUPS=${OIDC_PSP_GROUP}
|
||||||
- OAUTH2_PROXY_ALLOWED_GROUPS=DKTK-CCP-PPSN
|
- OAUTH2_PROXY_OIDC_GROUPS_CLAIM=${OIDC_GROUP_CLAIM}
|
||||||
- OAUTH2_PROXY_PROXY_PREFIX=/oauth2-idm
|
- OAUTH2_PROXY_PROXY_PREFIX=/oauth2-idm
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
|
|||||||
@@ -14,6 +14,8 @@ function idManagementSetup() {
|
|||||||
|
|
||||||
# Ensure old ids are working !!!
|
# Ensure old ids are working !!!
|
||||||
export IDMANAGEMENT_FRIENDLY_ID=$(legacyIdMapping "$SITE_ID")
|
export IDMANAGEMENT_FRIENDLY_ID=$(legacyIdMapping "$SITE_ID")
|
||||||
|
|
||||||
|
add_private_oidc_redirect_url "/oauth2-idm/callback"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -22,8 +22,14 @@ services:
|
|||||||
HTTP_RELATIVE_PATH: "/mtba"
|
HTTP_RELATIVE_PATH: "/mtba"
|
||||||
OIDC_ADMIN_GROUP: "${OIDC_ADMIN_GROUP}"
|
OIDC_ADMIN_GROUP: "${OIDC_ADMIN_GROUP}"
|
||||||
OIDC_CLIENT_ID: "${OIDC_PRIVATE_CLIENT_ID}"
|
OIDC_CLIENT_ID: "${OIDC_PRIVATE_CLIENT_ID}"
|
||||||
OIDC_CLIENT_SECRET: "${OIDC_CLIENT_SECRET}"
|
# TODO: Add following variables after moving to Authentik:
|
||||||
OIDC_URL: "${OIDC_URL}"
|
#OIDC_CLIENT_SECRET: "${OIDC_CLIENT_SECRET}"
|
||||||
|
#OIDC_URL: "${OIDC_URL}"
|
||||||
|
# TODO: Remove following variables after moving to Authentik:
|
||||||
|
# Please add KECLOAK_CLIENT_SECRET in ccp.conf
|
||||||
|
OIDC_CLIENT_SECRET: "${KEYCLOAK_CLIENT_SECRET}"
|
||||||
|
OIDC_URL: "https://login.verbis.dkfz.de/realms/test-realm-01"
|
||||||
|
OIDC_ADMIN_URL: "https://login.verbis.dkfz.de/admin/realms/test-realm-01"
|
||||||
|
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
|
|||||||
4
ccp/vars
4
ccp/vars
@@ -10,9 +10,11 @@ BROKER_URL_FOR_PREREQ=$BROKER_URL
|
|||||||
|
|
||||||
OIDC_USER_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})"
|
OIDC_USER_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})"
|
||||||
OIDC_ADMIN_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})_Verwalter"
|
OIDC_ADMIN_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})_Verwalter"
|
||||||
|
OIDC_PSP_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})_PSP"
|
||||||
OIDC_PRIVATE_CLIENT_ID=${SITE_ID}-private
|
OIDC_PRIVATE_CLIENT_ID=${SITE_ID}-private
|
||||||
OIDC_PUBLIC_CLIENT_ID=${SITE_ID}-public
|
OIDC_PUBLIC_CLIENT_ID=${SITE_ID}-public
|
||||||
OIDC_URL="https://login.verbis.dkfz.de/realms/test-realm-01"
|
OIDC_URL="https://sso.verbis.dkfz.de/application/o/${OIDC_PUBLIC_CLIENT_ID}/"
|
||||||
|
OIDC_PRIVATE_URL="https://sso.verbis.dkfz.de/application/o/${OIDC_PRIVATE_CLIENT_ID}/"
|
||||||
OIDC_GROUP_CLAIM="groups"
|
OIDC_GROUP_CLAIM="groups"
|
||||||
|
|
||||||
for module in $PROJECT/modules/*.sh
|
for module in $PROJECT/modules/*.sh
|
||||||
|
|||||||
@@ -1,9 +1,10 @@
|
|||||||
version: "3.7"
|
version: "3.7"
|
||||||
|
|
||||||
services:
|
services:
|
||||||
|
|
||||||
exporter:
|
exporter:
|
||||||
image: docker.verbis.dkfz.de/ccp/dktk-exporter:latest
|
image: docker.verbis.dkfz.de/ccp/dktk-exporter:latest
|
||||||
container_name: bridgehead-ccp-exporter
|
container_name: bridgehead-kr-exporter
|
||||||
environment:
|
environment:
|
||||||
JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"
|
JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"
|
||||||
LOG_LEVEL: "INFO"
|
LOG_LEVEL: "INFO"
|
||||||
@@ -12,39 +13,51 @@ services:
|
|||||||
EXPORTER_DB_USER: "exporter"
|
EXPORTER_DB_USER: "exporter"
|
||||||
EXPORTER_DB_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh
|
EXPORTER_DB_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh
|
||||||
EXPORTER_DB_URL: "jdbc:postgresql://exporter-db:5432/exporter"
|
EXPORTER_DB_URL: "jdbc:postgresql://exporter-db:5432/exporter"
|
||||||
HTTP_RELATIVE_PATH: "/ccp-exporter"
|
HTTP_RELATIVE_PATH: "/kr-exporter"
|
||||||
SITE: "${SITE_ID}"
|
SITE: "${SITE_ID}"
|
||||||
HTTP_SERVLET_REQUEST_SCHEME: "https"
|
HTTP_SERVLET_REQUEST_SCHEME: "https"
|
||||||
OPAL_PASSWORD: "${EXPORTER_OPAL_PASSWORD}"
|
OPAL_PASSWORD: "${EXPORTER_OPAL_PASSWORD}"
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.routers.exporter_ccp.rule=PathPrefix(`/ccp-exporter`)"
|
- "traefik.http.routers.exporter_kr.rule=PathPrefix(`/kr-exporter`)"
|
||||||
- "traefik.http.services.exporter_ccp.loadbalancer.server.port=8092"
|
- "traefik.http.services.exporter_kr.loadbalancer.server.port=8092"
|
||||||
- "traefik.http.routers.exporter_ccp.tls=true"
|
- "traefik.http.routers.exporter_kr.tls=true"
|
||||||
- "traefik.http.middlewares.exporter_ccp_strip.stripprefix.prefixes=/ccp-exporter"
|
- "traefik.http.middlewares.exporter_kr_strip.stripprefix.prefixes=/kr-exporter"
|
||||||
- "traefik.http.routers.exporter_ccp.middlewares=exporter_ccp_strip"
|
- "traefik.http.routers.exporter_kr.middlewares=exporter_kr_strip"
|
||||||
|
# Main router
|
||||||
|
- "traefik.http.routers.exporter_kr.priority=20"
|
||||||
|
|
||||||
|
# API router
|
||||||
|
- "traefik.http.routers.exporter_kr_api.middlewares=exporter_kr_strip,exporter_auth"
|
||||||
|
- "traefik.http.routers.exporter_kr_api.rule=PathRegexp(`/kr-exporter/.+`)"
|
||||||
|
- "traefik.http.routers.exporter_kr_api.tls=true"
|
||||||
|
- "traefik.http.routers.exporter_kr_api.priority=25"
|
||||||
|
|
||||||
|
# Shared middlewares
|
||||||
|
- "traefik.http.middlewares.exporter_auth.basicauth.users=${EXPORTER_USER}"
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
- "/var/cache/bridgehead/ccp/exporter-files:/app/exporter-files/output"
|
- "/var/cache/bridgehead/kr/exporter-files:/app/exporter-files/output"
|
||||||
|
|
||||||
exporter-db:
|
exporter-db:
|
||||||
image: docker.verbis.dkfz.de/cache/postgres:${POSTGRES_TAG}
|
image: docker.verbis.dkfz.de/cache/postgres:${POSTGRES_TAG}
|
||||||
container_name: bridgehead-ccp-exporter-db
|
container_name: bridgehead-kr-exporter-db
|
||||||
environment:
|
environment:
|
||||||
POSTGRES_USER: "exporter"
|
POSTGRES_USER: "exporter"
|
||||||
POSTGRES_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh
|
POSTGRES_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh
|
||||||
POSTGRES_DB: "exporter"
|
POSTGRES_DB: "exporter"
|
||||||
volumes:
|
volumes:
|
||||||
# Consider removing this volume once we find a solution to save Lens-queries to be executed in the explorer.
|
# Consider removing this volume once we find a solution to save Lens-queries to be executed in the explorer.
|
||||||
- "/var/cache/bridgehead/ccp/exporter-db:/var/lib/postgresql/data"
|
- "/var/cache/bridgehead/kr/exporter-db:/var/lib/postgresql/data"
|
||||||
|
|
||||||
reporter:
|
reporter:
|
||||||
image: docker.verbis.dkfz.de/ccp/dktk-reporter:latest
|
image: docker.verbis.dkfz.de/ccp/dktk-reporter:latest
|
||||||
container_name: bridgehead-ccp-reporter
|
container_name: bridgehead-kr-reporter
|
||||||
environment:
|
environment:
|
||||||
JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"
|
JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"
|
||||||
LOG_LEVEL: "INFO"
|
LOG_LEVEL: "INFO"
|
||||||
CROSS_ORIGINS: "https://${HOST}"
|
CROSS_ORIGINS: "https://${HOST}"
|
||||||
HTTP_RELATIVE_PATH: "/ccp-reporter"
|
HTTP_RELATIVE_PATH: "/kr-reporter"
|
||||||
SITE: "${SITE_ID}"
|
SITE: "${SITE_ID}"
|
||||||
EXPORTER_API_KEY: "${EXPORTER_API_KEY}" # Set in exporter-setup.sh
|
EXPORTER_API_KEY: "${EXPORTER_API_KEY}" # Set in exporter-setup.sh
|
||||||
EXPORTER_URL: "http://exporter:8092"
|
EXPORTER_URL: "http://exporter:8092"
|
||||||
@@ -52,16 +65,23 @@ services:
|
|||||||
HTTP_SERVLET_REQUEST_SCHEME: "https"
|
HTTP_SERVLET_REQUEST_SCHEME: "https"
|
||||||
|
|
||||||
# In this initial development state of the bridgehead, we are trying to have so many volumes as possible.
|
# In this initial development state of the bridgehead, we are trying to have so many volumes as possible.
|
||||||
# However, in the first executions in the CCP sites, this volume seems to be very important. A report is
|
# However, in the first executions in the kr sites, this volume seems to be very important. A report is
|
||||||
# a process that can take several hours, because it depends on the exporter.
|
# a process that can take several hours, because it depends on the exporter.
|
||||||
# There is a risk that the bridgehead restarts, losing the already created export.
|
# There is a risk that the bridgehead restarts, losing the already created export.
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
- "/var/cache/bridgehead/ccp/reporter-files:/app/reports"
|
- "/var/cache/bridgehead/kr/reporter-files:/app/reports"
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.routers.reporter_ccp.rule=PathPrefix(`/ccp-reporter`)"
|
- "traefik.http.routers.reporter_kr.rule=PathPrefix(`/kr-reporter`)"
|
||||||
- "traefik.http.services.reporter_ccp.loadbalancer.server.port=8095"
|
- "traefik.http.services.reporter_kr.loadbalancer.server.port=8095"
|
||||||
- "traefik.http.routers.reporter_ccp.tls=true"
|
- "traefik.http.routers.reporter_kr.tls=true"
|
||||||
- "traefik.http.middlewares.reporter_ccp_strip.stripprefix.prefixes=/ccp-reporter"
|
- "traefik.http.middlewares.reporter_kr_strip.stripprefix.prefixes=/kr-reporter"
|
||||||
- "traefik.http.routers.reporter_ccp.middlewares=reporter_ccp_strip"
|
- "traefik.http.routers.reporter_kr.middlewares=reporter_kr_strip"
|
||||||
|
- "traefik.http.routers.reporter_kr.priority=20"
|
||||||
|
|
||||||
|
- "traefik.http.routers.reporter_kr_api.middlewares=reporter_kr_strip,exporter_auth"
|
||||||
|
- "traefik.http.routers.reporter_kr_api.rule=PathRegexp(`/kr-reporter/.+`)"
|
||||||
|
- "traefik.http.routers.reporter_kr_api.tls=true"
|
||||||
|
- "traefik.http.routers.reporter_kr_api.priority=25"
|
||||||
|
|
||||||
|
|||||||
@@ -1,15 +0,0 @@
|
|||||||
# Exporter and Reporter
|
|
||||||
|
|
||||||
|
|
||||||
## Exporter
|
|
||||||
The exporter is a REST API that exports the data of the different databases of the bridgehead in a set of tables.
|
|
||||||
It can accept different output formats as CSV, Excel, JSON or XML. It can also export data into Opal.
|
|
||||||
|
|
||||||
## Exporter-DB
|
|
||||||
It is a database to save queries for its execution in the exporter.
|
|
||||||
The exporter manages also the different executions of the same query in through the database.
|
|
||||||
|
|
||||||
## Reporter
|
|
||||||
This component is a plugin of the exporter that allows to create more complex Excel reports described in templates.
|
|
||||||
It is compatible with different template engines as Groovy, Thymeleaf,...
|
|
||||||
It is perfect to generate a document as our traditional CCP quality report.
|
|
||||||
@@ -7,73 +7,58 @@ services:
|
|||||||
container_name: bridgehead-teiler-orchestrator
|
container_name: bridgehead-teiler-orchestrator
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.routers.teiler_orchestrator_ccp.rule=PathPrefix(`/ccp-teiler`)"
|
- "traefik.http.routers.teiler_orchestrator_kr.rule=PathPrefix(`/kr-teiler`)"
|
||||||
- "traefik.http.services.teiler_orchestrator_ccp.loadbalancer.server.port=9000"
|
- "traefik.http.services.teiler_orchestrator_kr.loadbalancer.server.port=9000"
|
||||||
- "traefik.http.routers.teiler_orchestrator_ccp.tls=true"
|
- "traefik.http.routers.teiler_orchestrator_kr.tls=true"
|
||||||
- "traefik.http.middlewares.teiler_orchestrator_ccp_strip.stripprefix.prefixes=/ccp-teiler"
|
- "traefik.http.middlewares.teiler_orchestrator_kr_strip.stripprefix.prefixes=/kr-teiler"
|
||||||
- "traefik.http.routers.teiler_orchestrator_ccp.middlewares=teiler_orchestrator_ccp_strip"
|
- "traefik.http.routers.teiler_orchestrator_kr.middlewares=teiler_orchestrator_kr_strip"
|
||||||
environment:
|
environment:
|
||||||
TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend"
|
TEILER_BACKEND_URL: "/kr-teiler-backend"
|
||||||
TEILER_DASHBOARD_URL: "https://${HOST}/ccp-teiler-dashboard"
|
TEILER_DASHBOARD_URL: "/kr-teiler-dashboard"
|
||||||
DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE_LOWER_CASE}"
|
DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE_LOWER_CASE}"
|
||||||
HTTP_RELATIVE_PATH: "/ccp-teiler"
|
HTTP_RELATIVE_PATH: "/kr-teiler"
|
||||||
|
|
||||||
teiler-dashboard:
|
teiler-dashboard:
|
||||||
image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop
|
image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop
|
||||||
container_name: bridgehead-teiler-dashboard
|
container_name: bridgehead-teiler-dashboard
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.routers.teiler_dashboard_ccp.rule=PathPrefix(`/ccp-teiler-dashboard`)"
|
- "traefik.http.routers.teiler_dashboard_kr.rule=PathPrefix(`/kr-teiler-dashboard`)"
|
||||||
- "traefik.http.services.teiler_dashboard_ccp.loadbalancer.server.port=80"
|
- "traefik.http.services.teiler_dashboard_kr.loadbalancer.server.port=80"
|
||||||
- "traefik.http.routers.teiler_dashboard_ccp.tls=true"
|
- "traefik.http.routers.teiler_dashboard_kr.tls=true"
|
||||||
- "traefik.http.middlewares.teiler_dashboard_ccp_strip.stripprefix.prefixes=/ccp-teiler-dashboard"
|
- "traefik.http.middlewares.teiler_dashboard_kr_strip.stripprefix.prefixes=/kr-teiler-dashboard"
|
||||||
- "traefik.http.routers.teiler_dashboard_ccp.middlewares=teiler_dashboard_ccp_strip"
|
- "traefik.http.routers.teiler_dashboard_kr.middlewares=teiler_dashboard_kr_strip"
|
||||||
environment:
|
environment:
|
||||||
DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
|
DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
|
||||||
TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend"
|
TEILER_BACKEND_URL: "/kr-teiler-backend"
|
||||||
TEILER_DASHBOARD_URL: "https://${HOST}/ccp-teiler-dashboard"
|
TEILER_DASHBOARD_URL: "/kr-teiler-dashboard"
|
||||||
OIDC_URL: "${OIDC_URL}"
|
|
||||||
OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}"
|
|
||||||
OIDC_TOKEN_GROUP: "${OIDC_GROUP_CLAIM}"
|
|
||||||
TEILER_ADMIN_NAME: "${OPERATOR_FIRST_NAME} ${OPERATOR_LAST_NAME}"
|
TEILER_ADMIN_NAME: "${OPERATOR_FIRST_NAME} ${OPERATOR_LAST_NAME}"
|
||||||
TEILER_ADMIN_EMAIL: "${OPERATOR_EMAIL}"
|
TEILER_ADMIN_EMAIL: "${OPERATOR_EMAIL}"
|
||||||
TEILER_ADMIN_PHONE: "${OPERATOR_PHONE}"
|
TEILER_ADMIN_PHONE: "${OPERATOR_PHONE}"
|
||||||
TEILER_PROJECT: "${PROJECT}"
|
TEILER_PROJECT: "${PROJECT}"
|
||||||
EXPORTER_API_KEY: "${EXPORTER_API_KEY}"
|
EXPORTER_API_KEY: "${EXPORTER_API_KEY}"
|
||||||
TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler"
|
TEILER_ORCHESTRATOR_URL: "/kr-teiler"
|
||||||
TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/ccp-teiler"
|
TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/kr-teiler"
|
||||||
TEILER_USER: "${OIDC_USER_GROUP}"
|
|
||||||
TEILER_ADMIN: "${OIDC_ADMIN_GROUP}"
|
|
||||||
REPORTER_DEFAULT_TEMPLATE_ID: "ccp-qb"
|
REPORTER_DEFAULT_TEMPLATE_ID: "ccp-qb"
|
||||||
EXPORTER_DEFAULT_TEMPLATE_ID: "ccp"
|
EXPORTER_DEFAULT_TEMPLATE_ID: "ccp"
|
||||||
|
|
||||||
|
|
||||||
teiler-backend:
|
teiler-backend:
|
||||||
image: docker.verbis.dkfz.de/ccp/dktk-teiler-backend:latest
|
image: docker.verbis.dkfz.de/ccp/kr-teiler-backend:latest
|
||||||
container_name: bridgehead-teiler-backend
|
container_name: bridgehead-teiler-backend
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.routers.teiler_backend_ccp.rule=PathPrefix(`/ccp-teiler-backend`)"
|
- "traefik.http.routers.teiler_backend_kr.rule=PathPrefix(`/kr-teiler-backend`)"
|
||||||
- "traefik.http.services.teiler_backend_ccp.loadbalancer.server.port=8085"
|
- "traefik.http.services.teiler_backend_kr.loadbalancer.server.port=8085"
|
||||||
- "traefik.http.routers.teiler_backend_ccp.tls=true"
|
- "traefik.http.routers.teiler_backend_kr.tls=true"
|
||||||
- "traefik.http.middlewares.teiler_backend_ccp_strip.stripprefix.prefixes=/ccp-teiler-backend"
|
- "traefik.http.middlewares.teiler_backend_kr_strip.stripprefix.prefixes=/kr-teiler-backend"
|
||||||
- "traefik.http.routers.teiler_backend_ccp.middlewares=teiler_backend_ccp_strip"
|
- "traefik.http.routers.teiler_backend_kr.middlewares=teiler_backend_kr_strip"
|
||||||
environment:
|
environment:
|
||||||
LOG_LEVEL: "INFO"
|
LOG_LEVEL: "INFO"
|
||||||
APPLICATION_PORT: "8085"
|
APPLICATION_PORT: "8085"
|
||||||
APPLICATION_ADDRESS: "${HOST}"
|
|
||||||
DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
|
DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
|
||||||
CONFIG_ENV_VAR_PATH: "/run/secrets/ccp.conf"
|
TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/kr-teiler"
|
||||||
TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/ccp-teiler"
|
TEILER_ORCHESTRATOR_URL: "/kr-teiler"
|
||||||
TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler"
|
TEILER_DASHBOARD_DE_URL: "/kr-teiler-dashboard/de"
|
||||||
TEILER_DASHBOARD_DE_URL: "https://${HOST}/ccp-teiler-dashboard/de"
|
TEILER_DASHBOARD_EN_URL: "/kr-teiler-dashboard/en"
|
||||||
TEILER_DASHBOARD_EN_URL: "https://${HOST}/ccp-teiler-dashboard/en"
|
|
||||||
HTTP_PROXY: "http://forward_proxy:3128"
|
HTTP_PROXY: "http://forward_proxy:3128"
|
||||||
ENABLE_MTBA: "${ENABLE_MTBA}"
|
|
||||||
ENABLE_DATASHIELD: "${ENABLE_DATASHIELD}"
|
|
||||||
secrets:
|
|
||||||
- ccp.conf
|
|
||||||
|
|
||||||
secrets:
|
|
||||||
ccp.conf:
|
|
||||||
file: /etc/bridgehead/ccp.conf
|
|
||||||
|
|||||||
@@ -3,7 +3,6 @@
|
|||||||
if [ "$ENABLE_TEILER" == true ];then
|
if [ "$ENABLE_TEILER" == true ];then
|
||||||
log INFO "Teiler setup detected -- will start Teiler services."
|
log INFO "Teiler setup detected -- will start Teiler services."
|
||||||
OVERRIDE+=" -f ./$PROJECT/modules/teiler-compose.yml"
|
OVERRIDE+=" -f ./$PROJECT/modules/teiler-compose.yml"
|
||||||
TEILER_DEFAULT_LANGUAGE=DE
|
TEILER_DEFAULT_LANGUAGE=EN
|
||||||
TEILER_DEFAULT_LANGUAGE_LOWER_CASE=${TEILER_DEFAULT_LANGUAGE,,}
|
TEILER_DEFAULT_LANGUAGE_LOWER_CASE=${TEILER_DEFAULT_LANGUAGE,,}
|
||||||
add_public_oidc_redirect_url "/ccp-teiler/*"
|
|
||||||
fi
|
fi
|
||||||
|
|||||||
@@ -1,19 +0,0 @@
|
|||||||
# Teiler
|
|
||||||
This module orchestrates the different microfrontends of the bridgehead as a single page application.
|
|
||||||
|
|
||||||
## Teiler Orchestrator
|
|
||||||
Single SPA component that consists on the root HTML site of the single page application and a javascript code that
|
|
||||||
gets the information about the microfrontend calling the teiler backend and is responsible for registering them. With the
|
|
||||||
resulting mapping, it can initialize, mount and unmount the required microfrontends on the fly.
|
|
||||||
|
|
||||||
The microfrontends run independently in different containers and can be based on different frameworks (Angular, Vue, React,...)
|
|
||||||
This microfrontends can run as single alone but need an extension with Single-SPA (https://single-spa.js.org/docs/ecosystem).
|
|
||||||
There are also available three templates (Angular, Vue, React) to be directly extended to be used directly in the teiler.
|
|
||||||
|
|
||||||
## Teiler Dashboard
|
|
||||||
It consists on the main dashboard and a set of embedded services.
|
|
||||||
### Login
|
|
||||||
user and password in ccp.local.conf
|
|
||||||
|
|
||||||
## Teiler Backend
|
|
||||||
In this component, the microfrontends are configured.
|
|
||||||
@@ -301,19 +301,33 @@ function sync_secrets() {
|
|||||||
if [[ $secret_sync_args == "" ]]; then
|
if [[ $secret_sync_args == "" ]]; then
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ "$PROJECT" == "bbmri" ]; then
|
||||||
|
# If the project is BBMRI, use the BBMRI-ERIC broker and not the GBN broker
|
||||||
|
proxy_id=$ERIC_PROXY_ID
|
||||||
|
broker_url=$ERIC_BROKER_URL
|
||||||
|
broker_id=$ERIC_BROKER_ID
|
||||||
|
root_crt_file="/srv/docker/bridgehead/bbmri/modules/${ERIC_ROOT_CERT}.root.crt.pem"
|
||||||
|
else
|
||||||
|
proxy_id=$PROXY_ID
|
||||||
|
broker_url=$BROKER_URL
|
||||||
|
broker_id=$BROKER_ID
|
||||||
|
root_crt_file="/srv/docker/bridgehead/$PROJECT/root.crt.pem"
|
||||||
|
fi
|
||||||
|
|
||||||
mkdir -p /var/cache/bridgehead/secrets/ || fail_and_report 1 "Failed to create '/var/cache/bridgehead/secrets/'. Please run sudo './bridgehead install $PROJECT' again."
|
mkdir -p /var/cache/bridgehead/secrets/ || fail_and_report 1 "Failed to create '/var/cache/bridgehead/secrets/'. Please run sudo './bridgehead install $PROJECT' again."
|
||||||
touch /var/cache/bridgehead/secrets/oidc
|
touch /var/cache/bridgehead/secrets/oidc
|
||||||
docker run --rm \
|
docker run --rm \
|
||||||
-v /var/cache/bridgehead/secrets/oidc:/usr/local/cache \
|
-v /var/cache/bridgehead/secrets/oidc:/usr/local/cache \
|
||||||
-v $PRIVATEKEYFILENAME:/run/secrets/privkey.pem:ro \
|
-v $PRIVATEKEYFILENAME:/run/secrets/privkey.pem:ro \
|
||||||
-v /srv/docker/bridgehead/$PROJECT/root.crt.pem:/run/secrets/root.crt.pem:ro \
|
-v $root_crt_file:/run/secrets/root.crt.pem:ro \
|
||||||
-v /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro \
|
-v /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro \
|
||||||
-e TLS_CA_CERTIFICATES_DIR=/conf/trusted-ca-certs \
|
-e TLS_CA_CERTIFICATES_DIR=/conf/trusted-ca-certs \
|
||||||
-e NO_PROXY=localhost,127.0.0.1 \
|
-e NO_PROXY=localhost,127.0.0.1 \
|
||||||
-e ALL_PROXY=$HTTPS_PROXY_FULL_URL \
|
-e ALL_PROXY=$HTTPS_PROXY_FULL_URL \
|
||||||
-e PROXY_ID=$PROXY_ID \
|
-e PROXY_ID=$proxy_id \
|
||||||
-e BROKER_URL=$BROKER_URL \
|
-e BROKER_URL=$broker_url \
|
||||||
-e OIDC_PROVIDER=secret-sync-central.central-secret-sync.$BROKER_ID \
|
-e OIDC_PROVIDER=secret-sync-central.test-secret-sync.$broker_id \
|
||||||
-e SECRET_DEFINITIONS=$secret_sync_args \
|
-e SECRET_DEFINITIONS=$secret_sync_args \
|
||||||
docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest
|
docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest
|
||||||
|
|
||||||
|
|||||||
@@ -43,7 +43,7 @@ services:
|
|||||||
- "traefik.http.routers.dnpm-auth.tls=true"
|
- "traefik.http.routers.dnpm-auth.tls=true"
|
||||||
|
|
||||||
dnpm-portal:
|
dnpm-portal:
|
||||||
image: ghcr.io/dnpm-dip/portal:latest
|
image: ghcr.io/dnpm-dip/portal:{DNPM_IMAGE_TAG:-latest}
|
||||||
container_name: bridgehead-dnpm-portal
|
container_name: bridgehead-dnpm-portal
|
||||||
environment:
|
environment:
|
||||||
- NUXT_API_URL=http://dnpm-backend:9000/
|
- NUXT_API_URL=http://dnpm-backend:9000/
|
||||||
@@ -58,7 +58,7 @@ services:
|
|||||||
|
|
||||||
dnpm-backend:
|
dnpm-backend:
|
||||||
container_name: bridgehead-dnpm-backend
|
container_name: bridgehead-dnpm-backend
|
||||||
image: ghcr.io/dnpm-dip/backend:latest
|
image: ghcr.io/dnpm-dip/backend:{DNPM_IMAGE_TAG:-latest}
|
||||||
environment:
|
environment:
|
||||||
- LOCAL_SITE=${ZPM_SITE}:${SITE_NAME} # Format: {Site-ID}:{Site-name}, e.g. UKT:Tübingen
|
- LOCAL_SITE=${ZPM_SITE}:${SITE_NAME} # Format: {Site-ID}:{Site-name}, e.g. UKT:Tübingen
|
||||||
- RD_RANDOM_DATA=${DNPM_SYNTH_NUM:--1}
|
- RD_RANDOM_DATA=${DNPM_SYNTH_NUM:--1}
|
||||||
|
|||||||
Reference in New Issue
Block a user