From 8af5cf3f0162d3823ea90ba318c499cc0cb50f6c Mon Sep 17 00:00:00 2001 From: Croft Date: Mon, 12 Feb 2024 16:07:57 +0100 Subject: [PATCH 01/13] Changes made for EHDS2 The EHDS2 project has initiated a use case for antibiotic resistance under the control of the ECDC. This branch caters for the ECDC requirements. Specifically, it contains the ETL to transform the ECDC CSV format to FHIR, plus additional configuration options that have been packaged into the bbmri project. --- bbmri/docker-compose.yml | 2 +- bbmri/modules/ehds2-compose.yml | 59 +++++++++++++++++++++++++++ bbmri/modules/ehds2-setup.sh | 28 +++++++++++++ bbmri/modules/ehds2.root.crt.pem | 20 +++++++++ bbmri/modules/ehds2.test.root.crt.pem | 20 +++++++++ bbmri/vars | 11 +++++ 6 files changed, 139 insertions(+), 1 deletion(-) create mode 100644 bbmri/modules/ehds2-compose.yml create mode 100644 bbmri/modules/ehds2-setup.sh create mode 100644 bbmri/modules/ehds2.root.crt.pem create mode 100644 bbmri/modules/ehds2.test.root.crt.pem diff --git a/bbmri/docker-compose.yml b/bbmri/docker-compose.yml index 9bc05cc..c96ad89 100644 --- a/bbmri/docker-compose.yml +++ b/bbmri/docker-compose.yml @@ -1,6 +1,6 @@ version: "3.7" -# This includes only the shared persistence for BBMRI-ERIC and GBN. Federation components are included as modules, see vars. +# This includes only the shared persistence for BBMRI-ERIC and GBN and EHDS2. Federation components are included as modules, see vars. services: blaze: diff --git a/bbmri/modules/ehds2-compose.yml b/bbmri/modules/ehds2-compose.yml new file mode 100644 index 0000000..bc32166 --- /dev/null +++ b/bbmri/modules/ehds2-compose.yml @@ -0,0 +1,59 @@ +version: "3.7" + +services: + focus-ehds2: + image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG} + container_name: bridgehead-focus-ehds2 + environment: + API_KEY: ${EHDS2_FOCUS_BEAM_SECRET_SHORT} + BEAM_APP_ID_LONG: focus.${EHDS2_PROXY_ID} + PROXY_ID: ${EHDS2_PROXY_ID} + BLAZE_URL: "http://blaze:8080/fhir/" + BEAM_PROXY_URL: http://beam-proxy-ehds2:8081 + RETRY_COUNT: ${FOCUS_RETRY_COUNT} + depends_on: + - "beam-proxy-ehds2" + - "blaze" + + beam-proxy-ehds2: + image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop + container_name: bridgehead-beam-proxy-ehds2 + environment: + BROKER_URL: ${EHDS2_BROKER_URL} + PROXY_ID: ${EHDS2_PROXY_ID} + APP_focus_KEY: ${EHDS2_FOCUS_BEAM_SECRET_SHORT} + PRIVKEY_FILE: /run/secrets/proxy.pem + ALL_PROXY: http://forward_proxy:3128 + TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs + ROOTCERT_FILE: /conf/root.crt.pem + secrets: + - proxy.pem + depends_on: + - "forward_proxy" + volumes: + - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro + - /srv/docker/bridgehead/bbmri/modules/${EHDS2_ROOT_CERT}.root.crt.pem:/conf/root.crt.pem:ro + + # Convert ECDC CSV file into FHIR and push to Blaze + transfair: + container_name: transfair + image: samply/transfair + environment: + FHIR_INPUT_URL: "http://source_blaze:8080/fhir" + FHIR_OUTPUT_URL: "http://bridgehead-bbmri-blaze:8080/fhir" + PROFILE: "amr2fhir" + #WRITE_BUNDLES_TO_FILE: "true" + AMR_FILE_PATH: "/app/data" + restart: on-failure + command: sh -c "sleep 60 && rm -rf /app/test/* && java -jar transFAIR.jar && tail -f /dev/null" + #command: sh -c "rm -rf /app/test/* && java -jar transFAIR.jar" + volumes: + - /home/gerhard/Projects/EHDS2/PrototypeSpring2024/test/:/app/test/ + - /home/gerhard/Projects/EHDS2/PrototypeSpring2024/Data/:/app/data/ + + # Report on the data pushed to Blaze by TransFAIR + blazectl: + container_name: blazectl + image: samply/blazectl + command: sh -c "sleep 300 && echo Source store && blazectl --server http://bridgehead-bbmri-blaze:8080/fhir count-resources && tail -f /dev/null" + diff --git a/bbmri/modules/ehds2-setup.sh b/bbmri/modules/ehds2-setup.sh new file mode 100644 index 0000000..7e0e453 --- /dev/null +++ b/bbmri/modules/ehds2-setup.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +if [ "${ENABLE_EHDS2}" == "true" ]; then + log INFO "EHDS2 setup detected -- will start services for German Biobank Node." + OVERRIDE+=" -f ./$PROJECT/modules/ehds2-compose.yml" + + # The environment needs to be defined in /etc/bridgehead + case "$ENVIRONMENT" in + "production") + export EHDS2_BROKER_ID=broker.bbmri.samply.de + export EHDS2_ROOT_CERT=ehds2 + ;; + "test") + export EHDS2_BROKER_ID=broker.test.bbmri.samply.de + export EHDS2_ROOT_CERT=ehds2.test + ;; + *) + report_error 6 "Environment \"$ENVIRONMENT\" is unknown. Assuming production. FIX THIS!" + export EHDS2_BROKER_ID=broker.bbmri.samply.de + export EHDS2_ROOT_CERT=ehds2 + ;; + esac + + EHDS2_BROKER_URL=https://${EHDS2_BROKER_ID} + EHDS2_PROXY_ID=${SITE_ID}.${EHDS2_BROKER_ID} + EHDS2_FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" + EHDS2_SUPPORT_EMAIL=feedback@germanbiobanknode.de +fi diff --git a/bbmri/modules/ehds2.root.crt.pem b/bbmri/modules/ehds2.root.crt.pem new file mode 100644 index 0000000..eae0d4d --- /dev/null +++ b/bbmri/modules/ehds2.root.crt.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNTCCAh2gAwIBAgIUMy/n0zFRihhVR3aAD54LumzeYdwwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjIxMDI1MDczNTA4WhcNMzIx +MDIyMDczNTM3WjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAL3qWliHIlIT1Qlsyq/NKJ1uj6/AF0STNg5NTNpb +Xqe5rmUqs6jmQepputGStBVe5TthFw56whISv9FqD5s1PZUGyFikW1pJUnF7ZYRf +MfrJHRi1vUnD3Gw36FCot+i6BAxfw/rdp9hoqFZ6erRkULLaYZ5S2cDHN0DWc18V +3VgZ66ah8QXSx7ERRNa/eWRkHrPIYhyVSoKuyZfvbVgsYZADSlviCgIHPrGLerLr +ylNUyuTxJ5RKStOwPn7A+Jp7nRT+MRh9BphA7s6NuK9h+eVe1DiLbIETWyCEfN3Y +INpunatn3QDhqOIfNcuBArjsAj7mg8l5KNba8nUP4v0EJYECAwEAAaN7MHkwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMvc5Fizz1vO +MEG3MIsy7UY69ZNIMB8GA1UdIwQYMBaAFMvc5Fizz1vOMEG3MIsy7UY69ZNIMBYG +A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQBb8a5su820 +h8JStJC+KpvXmDrGkwx9bHlEZMgQQejIrwPLEbA32KBvNxdoUxF9q1Y773MKdqbc +cCJwzQXE/NPZ13hCGrEIXs8DgH52GhEB5592k5/bRNcAvUwbZSXPPiT0rgq/eUOt +BYhgN0ov7h1MC5L6CYB/rQwqck7JPlmrXTkh2gix4/dEdBRzsHsn/xlo8ay5QYHG +rx2Adit76eZu/MJoJNzl1r8MPxLqyAie3KcIU54A+UMozLrWEQP/TyOyWZdjUjJt +cBYgkKJTjwdRhc+ehI3kFo7b/a/Z/jl9szKsAPHozMixSi8lGnsYwN80oqeRvT7h +wcMUK+igv3/K +-----END CERTIFICATE----- diff --git a/bbmri/modules/ehds2.test.root.crt.pem b/bbmri/modules/ehds2.test.root.crt.pem new file mode 100644 index 0000000..2c4f9f1 --- /dev/null +++ b/bbmri/modules/ehds2.test.root.crt.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNTCCAh2gAwIBAgIUJ0g7k2vrdAwNTU38S1/mU8NO26MwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjMwNzEwMTIyMzQxWhcNMzMw +NzA3MTIyNDExWjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBALMvc/fApbsAl+/NXDszNgffNR5llAb9CfxzdnRn +ryoBqZdPevBYZZfKBARRKjFbXRDdPWbE7erDeo1LiCM6PObXCuT9wmGWJtvfkmqW +3Z/a75e4r360kceMEGVn4kWpi9dz8s7+oXVZURjW2r13h6pq6xQNZDNlXmpR8wHG +58TSrQC4n1vzdSwMWdptgOA8Sw8adR7ZJI1yNZpmynB2QolKKNESI7FcSKC/+b+H +LoPkseAwQG9yJo23qEw1GZS67B47iKIqX2wp9VLQobHw7ncrhKXQLSWq973k/Swp +7lBdfOsTouf72flLiF1HbdOLcFDmWgIbf5scj2HaQe8b/UcCAwEAAaN7MHkwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFHYxBJiJZieW +e6G1vwn6Q36/crgNMB8GA1UdIwQYMBaAFHYxBJiJZieWe6G1vwn6Q36/crgNMBYG +A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQCN6WVNYpWJ +6Z1Ee+otLZYMXhjyR6NUQ5s0aHiug97gB8mTiNlgXiiTgipCbofEmENgh1inYrPC +WfdXxqOaekSXCQW6nSO1KtBzEYtkN5LrN1cjKqt51P2DbkllinK37wwCS2Kfup1+ +yjhTRxrehSIfsMVK6bTUeSoc8etkgwErZpORhlpqZKWhmOwcMpgsYJJOLhUetqc1 +UNe/254bc0vqHEPT6VI/86c7qAmk1xR0RUfrnKAEqZtUeuoj2fe1L/6yOB16fxt5 +3V3oim7EO6eZCTjDo9fU5DaFiqSMe7WVdr03Na0cWet60XKRH/xaiC6gMWdHWcbh +vZdXnV1qjlM2 +-----END CERTIFICATE----- \ No newline at end of file diff --git a/bbmri/vars b/bbmri/vars index d1362fb..cd32b07 100644 --- a/bbmri/vars +++ b/bbmri/vars @@ -4,6 +4,9 @@ # Makes only sense for German Biobanks : ${ENABLE_GBN:=false} +# Makes only sense for EHDS2 project +: ${ENABLE_EHDS2:=false} + FOCUS_RETRY_COUNT=32 PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem @@ -20,6 +23,10 @@ if [ -n "$GBN_SUPPORT_EMAIL" ]; then SUPPORT_EMAIL=$GBN_SUPPORT_EMAIL fi +if [ -n "$EHDS2_SUPPORT_EMAIL" ]; then + SUPPORT_EMAIL=$EHDS2_SUPPORT_EMAIL +fi + function do_enroll { COUNT=0 if [ "$ENABLE_ERIC" == "true" ]; then @@ -30,6 +37,10 @@ function do_enroll { do_enroll_inner $GBN_PROXY_ID $GBN_SUPPORT_EMAIL COUNT=$((COUNT+1)) fi + if [ "$ENABLE_EHDS2" == "true" ]; then + do_enroll_inner $EHDS2_PROXY_ID $EHDS2_SUPPORT_EMAIL + COUNT=$((COUNT+1)) + fi if [ $COUNT -ge 2 ]; then echo echo "You just received $COUNT certificate signing requests (CSR). Please send $COUNT e-mails, with 1 CSR each, to the respective e-mail address." From d5760ed3d05cea68ef1a9a0a0f6c7f48c7f9db49 Mon Sep 17 00:00:00 2001 From: Croft Date: Mon, 12 Feb 2024 16:40:32 +0100 Subject: [PATCH 02/13] Modified instructions for ECDC Also included a template configuration file. --- README.md | 23 ++++++++---- bbmri/modules/bbmri.conf | 80 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 96 insertions(+), 7 deletions(-) create mode 100644 bbmri/modules/bbmri.conf diff --git a/README.md b/README.md index 05038ae..e6b62c2 100644 --- a/README.md +++ b/README.md @@ -108,6 +108,8 @@ Site names should adhere to the following conventions: ### GitLab repository +You can skip this section if you are doing an ECDC/EHDS2 installation. + In order to be able to install, you will need to have your own repository in GitLab for your site's configuration settings. This allows automated updates of the Bridgehead software. To request a new repository, please contact your research network administration or send an email to one of the project specific addresses: @@ -130,7 +132,20 @@ During the installation, your Bridgehead will download your site's configuration ### Base Installation -First, download your site specific configuration repository: +Clone the bridgehead repository: +```shell +sudo mkdir -p /srv/docker/ +sudo git clone https://github.com/samply/bridgehead.git /srv/docker/bridgehead +``` + +If this is ECDC/EHDS2 installation, copy the configuration file to the required location: +```shell +sudo mkdir -p /etc/bridgehead/ +sudo cp bbmri/modules/bbmri.conf /etc/bridgehead/ +sudo chown -R bridgehead:root /etc/bridgehead +``` + +If this is not an ECDC/EHDS2 installation, then download your site specific configuration repository: ```shell sudo mkdir -p /etc/bridgehead/ sudo git clone /etc/bridgehead/ @@ -149,12 +164,6 @@ Pay special attention to: - OPERATOR_LAST_NAME - OPERATOR_EMAIL -Clone the bridgehead repository: -```shell -sudo mkdir -p /srv/docker/ -sudo git clone https://github.com/samply/bridgehead.git /srv/docker/bridgehead -``` - Then, run the installation script: ```shell diff --git a/bbmri/modules/bbmri.conf b/bbmri/modules/bbmri.conf new file mode 100644 index 0000000..dda1f0c --- /dev/null +++ b/bbmri/modules/bbmri.conf @@ -0,0 +1,80 @@ +### DO NOT EDIT THIS FILE DIRECTLY. +### +### This file is collaboratively managed by yourself and the CCP-IT team at DKFZ. +### The Bridgehead will pull it from git every night and restart if required. +### To make any changes (or review changes by CCP-IT), please login here: +### [URL_TO_SITE_SPECIFIC_GIT_REPO] +### +### DO NOT EDIT THIS FILE DIRECTLY. + +### A note on Secrets: +### +### Variable with a value of will be fetched from a central component +### upon each bridgehead startup. +### Using the proven Vaultwarden password manager puts you in full control of +### who can read the passwords. In particular, as long as you don't declare a +### secret as shared ("SITE+DKFZ"), DKFZ cannot read these strings. +### We recommend putting credentials such as local passwords into the password +### store, not the git repo. Please keep your master password safe (vault.conf). + + +### Common Configuration of all Components +## This is the descriptive humanreadable name of your site (e.g. München LMU) +SITE_NAME=ECDC-Bridgehead- +## This is the id for your site used in machine to machine communication (e.g. muenchen-lmu) +SITE_ID=ecdc-bridgehead- +## This server's hostname, for access from other computers within your institution +## (e.g. mybridgehead.intern.myinstitution.org) +## Optional. If left empty, this is auto-generated via the `hostname` command. +HOST= + +## Proxy Configuration +# leave empty if not applyable +# ex.: http://my-proxy-host:my-proxy-port +HTTP_PROXY_URL= +HTTP_PROXY_USERNAME= +HTTP_PROXY_PASSWORD= +HTTPS_PROXY_URL=$HTTP_PROXY_URL +HTTPS_PROXY_USERNAME=$HTTP_PROXY_USERNAME +HTTPS_PROXY_PASSWORD=$HTTP_PROXY_PASSWORD + +## Maintenance Configuration +# By default, the bridgehead regularly performs certain housekeeping tasks such as pruning of old docker images to not run out of disk space. +# Set the following to false to opt-out. (Default: true) +#AUTO_HOUSEKEEPING= + +### Connector Configuration +## The operator of the specific site. +OPERATOR_FIRST_NAME= +OPERATOR_LAST_NAME= +OPERATOR_EMAIL= +OPERATOR_PHONE= +## SMTP Server +# ex.: mailhost.intern.klinik.de +MAIL_HOST= +MAIL_PORT= +# ex.: no-reply@bridgehead.intern.klinik.de +MAIL_FROM_ADDRESS= +MAIL_FROM_NAME= + +### Monitoring +# The apikey used for reporting to the central DKFZ monitoring. Leave empty to opt out. +MONITOR_APIKEY= + +### Biobanking (BBMRI) specifics +## We consider BBMRI as BBMRI-ERIC (European) and German Biobank Node (Germany). +## Obviously, all German biobanks are by definition also European. Thus, +## any Bridgehead will by default connect to the BBMRI-ERIC services but not +## the national ones. We aim to proceed similarly for other BBMRI-ERIC National Nodes. +## +## The default values are correct for biobanks outside Germany. +## For a biobank inside Germany, set ENABLE_GBN=true. +# Connect to the European services, e.g. BBMRI-ERIC Sample Locator (Default: true) +ENABLE_ERIC=false +# Connect to the German services, e.g. Biobank Node Sample Locator (Default: false) +# Set this to true in German biobanks! +ENABLE_GBN=false +# Connect to the ECDC services, e.g. ECDC Sample Locator (Default: false) +# Set this to true in ECDC national nodes! +ENABLE_EHDS2=true + From 9459e1a979dc85cd763dd4d9f858b739523b3a8c Mon Sep 17 00:00:00 2001 From: Croft Date: Tue, 13 Feb 2024 13:19:41 +0100 Subject: [PATCH 03/13] Inserted ECDC-specific URLs and certificates Also updated README to include instructions for manual Beam registration. --- README.md | 13 +++++++++ bbmri/modules/ehds2-compose.yml | 6 ++--- bbmri/modules/ehds2-setup.sh | 6 ++--- bbmri/modules/ehds2.root.crt.pem | 38 +++++++++++++-------------- bbmri/modules/ehds2.test.root.crt.pem | 36 ++++++++++++------------- 5 files changed, 55 insertions(+), 44 deletions(-) diff --git a/README.md b/README.md index e6b62c2..9623314 100644 --- a/README.md +++ b/README.md @@ -182,6 +182,19 @@ sudo ./bridgehead enroll ... and follow the instructions on the screen. Please send your default Collection ID and the display name of your site together with the certificate request when you enroll. You should then be prompted to do the next step: +Note: if you are doing an ECDC/EHDS2 installation, you will need to perform the Beam certificate signing yourself. Do not send an email to either of the email addreesses suggested by the bridgehead enroll procedure. Instead, log on to the VM where Beam is running and perform the following (you will need root permissions): +```shell +cd /srv/docker/beam-broker +sudo vi csr/ecdc-bridgehead-.csr +sudo pki-scripts/managepki sign --csr-file csr/ecdc-bridgehead-.csr --common-name=ecdc-bridgehead-.broker.bbmri.samply.de +``` + +You can check that the Bridgehead has connected to Beam with the following command: +```shell +curl -v https://ecdc-vm-ehds-test1.swedencentral.cloudapp.azure.com/v1/health/proxies + +``` + ### Starting and stopping your Bridgehead If you followed the above steps, your Bridgehead should already be configured to autostart (via systemd). If you would like to start/stop manually: diff --git a/bbmri/modules/ehds2-compose.yml b/bbmri/modules/ehds2-compose.yml index bc32166..f519c0a 100644 --- a/bbmri/modules/ehds2-compose.yml +++ b/bbmri/modules/ehds2-compose.yml @@ -40,13 +40,11 @@ services: image: samply/transfair environment: FHIR_INPUT_URL: "http://source_blaze:8080/fhir" - FHIR_OUTPUT_URL: "http://bridgehead-bbmri-blaze:8080/fhir" + FHIR_OUTPUT_URL: "http://blaze:8080/fhir" PROFILE: "amr2fhir" - #WRITE_BUNDLES_TO_FILE: "true" AMR_FILE_PATH: "/app/data" restart: on-failure command: sh -c "sleep 60 && rm -rf /app/test/* && java -jar transFAIR.jar && tail -f /dev/null" - #command: sh -c "rm -rf /app/test/* && java -jar transFAIR.jar" volumes: - /home/gerhard/Projects/EHDS2/PrototypeSpring2024/test/:/app/test/ - /home/gerhard/Projects/EHDS2/PrototypeSpring2024/Data/:/app/data/ @@ -55,5 +53,5 @@ services: blazectl: container_name: blazectl image: samply/blazectl - command: sh -c "sleep 300 && echo Source store && blazectl --server http://bridgehead-bbmri-blaze:8080/fhir count-resources && tail -f /dev/null" + command: sh -c "sleep 300 && echo Source store && blazectl --server http://blaze:8080/fhir count-resources && tail -f /dev/null" diff --git a/bbmri/modules/ehds2-setup.sh b/bbmri/modules/ehds2-setup.sh index 7e0e453..120ebce 100644 --- a/bbmri/modules/ehds2-setup.sh +++ b/bbmri/modules/ehds2-setup.sh @@ -7,16 +7,16 @@ if [ "${ENABLE_EHDS2}" == "true" ]; then # The environment needs to be defined in /etc/bridgehead case "$ENVIRONMENT" in "production") - export EHDS2_BROKER_ID=broker.bbmri.samply.de + export EHDS2_BROKER_ID=ecdc-vm-ehds-test1.swedencentral.cloudapp.azure.com export EHDS2_ROOT_CERT=ehds2 ;; "test") - export EHDS2_BROKER_ID=broker.test.bbmri.samply.de + export EHDS2_BROKER_ID=ecdc-vm-ehds-test1.swedencentral.cloudapp.azure.com export EHDS2_ROOT_CERT=ehds2.test ;; *) report_error 6 "Environment \"$ENVIRONMENT\" is unknown. Assuming production. FIX THIS!" - export EHDS2_BROKER_ID=broker.bbmri.samply.de + export EHDS2_BROKER_ID=ecdc-vm-ehds-test1.swedencentral.cloudapp.azure.com export EHDS2_ROOT_CERT=ehds2 ;; esac diff --git a/bbmri/modules/ehds2.root.crt.pem b/bbmri/modules/ehds2.root.crt.pem index eae0d4d..09b6891 100644 --- a/bbmri/modules/ehds2.root.crt.pem +++ b/bbmri/modules/ehds2.root.crt.pem @@ -1,20 +1,20 @@ -----BEGIN CERTIFICATE----- -MIIDNTCCAh2gAwIBAgIUMy/n0zFRihhVR3aAD54LumzeYdwwDQYJKoZIhvcNAQEL -BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjIxMDI1MDczNTA4WhcNMzIx -MDIyMDczNTM3WjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBAL3qWliHIlIT1Qlsyq/NKJ1uj6/AF0STNg5NTNpb -Xqe5rmUqs6jmQepputGStBVe5TthFw56whISv9FqD5s1PZUGyFikW1pJUnF7ZYRf -MfrJHRi1vUnD3Gw36FCot+i6BAxfw/rdp9hoqFZ6erRkULLaYZ5S2cDHN0DWc18V -3VgZ66ah8QXSx7ERRNa/eWRkHrPIYhyVSoKuyZfvbVgsYZADSlviCgIHPrGLerLr -ylNUyuTxJ5RKStOwPn7A+Jp7nRT+MRh9BphA7s6NuK9h+eVe1DiLbIETWyCEfN3Y -INpunatn3QDhqOIfNcuBArjsAj7mg8l5KNba8nUP4v0EJYECAwEAAaN7MHkwDgYD -VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMvc5Fizz1vO -MEG3MIsy7UY69ZNIMB8GA1UdIwQYMBaAFMvc5Fizz1vOMEG3MIsy7UY69ZNIMBYG -A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQBb8a5su820 -h8JStJC+KpvXmDrGkwx9bHlEZMgQQejIrwPLEbA32KBvNxdoUxF9q1Y773MKdqbc -cCJwzQXE/NPZ13hCGrEIXs8DgH52GhEB5592k5/bRNcAvUwbZSXPPiT0rgq/eUOt -BYhgN0ov7h1MC5L6CYB/rQwqck7JPlmrXTkh2gix4/dEdBRzsHsn/xlo8ay5QYHG -rx2Adit76eZu/MJoJNzl1r8MPxLqyAie3KcIU54A+UMozLrWEQP/TyOyWZdjUjJt -cBYgkKJTjwdRhc+ehI3kFo7b/a/Z/jl9szKsAPHozMixSi8lGnsYwN80oqeRvT7h -wcMUK+igv3/K ------END CERTIFICATE----- +MIIDNTCCAh2gAwIBAgIUamQJB/Uevzf3+qrDQOqA8mwkwX8wDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjQwMjA3MTQ1MTQxWhcNMzQw +MjA0MTQ1MjExWjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAKvI2XT0os20vG7d8FjRuMq9mALcQgLZvjAbQZbm +JyeVxRQP5HsSrBlBwaZWgmXWFfIPlwsEsTAUsCneAl4ZL3gQ6831nbmmpgThOEVy +rGBsbL6qlEWWplD/AGpcdEbAuDmuMSO9tKR6iRm+acTHJcXqsDm2HUUS7U+ManWY +S0dG10beJE2eVtEv5/fnFlVSn72VgAVgXVl7UA5E77zXK9GUAyQ6Oo7MET9zifZ/ +EifeSoEvLk+U7HRLgQbKz2ti6ABh0wnK7Ec2DjekMBXyeQz0tR+8dS53s5pqti7c +SUQMHmL4jKxvfQr7fr5wbJpFDu37Vif9GdND9WSDRcufuM8CAwEAAaN7MHkwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFKMF6QgDV4cV +WyQZn3EHKLUumXzuMB8GA1UdIwQYMBaAFKMF6QgDV4cVWyQZn3EHKLUumXzuMBYG +A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQAhhE0ht7Sp +inKLJSVZrdFHbAbRXnYcUz/3oyy/uw0YvF0dJAHz2sgbtCLMHzKU7NwotaEqZedA +I7688nI42aHggIkwa1CzmFo9ybQ2afgrYNeF+TcTQI6G+fFpeRT5I+FvA9hUI3r4 +Kp63Si7cpQS5uiHs90sv2SNMedo2Gf9VyJKB7NOReQJWsrw32ITi4QLNKHcHciKm +cpi/OqbR1YTJRoUrcC655G7bSKENzccdTWo8kBJgYLVbe+FohqgheqPqWpdH2zoR +OxOwviutfJTNvDyhXu8FrDc5tr9f5VjXv1hK2szYuvggwbybUBB9bLsx+fV79oZe +3zR0j5YwB28G +-----END CERTIFICATE----- \ No newline at end of file diff --git a/bbmri/modules/ehds2.test.root.crt.pem b/bbmri/modules/ehds2.test.root.crt.pem index 2c4f9f1..09b6891 100644 --- a/bbmri/modules/ehds2.test.root.crt.pem +++ b/bbmri/modules/ehds2.test.root.crt.pem @@ -1,20 +1,20 @@ -----BEGIN CERTIFICATE----- -MIIDNTCCAh2gAwIBAgIUJ0g7k2vrdAwNTU38S1/mU8NO26MwDQYJKoZIhvcNAQEL -BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjMwNzEwMTIyMzQxWhcNMzMw -NzA3MTIyNDExWjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBALMvc/fApbsAl+/NXDszNgffNR5llAb9CfxzdnRn -ryoBqZdPevBYZZfKBARRKjFbXRDdPWbE7erDeo1LiCM6PObXCuT9wmGWJtvfkmqW -3Z/a75e4r360kceMEGVn4kWpi9dz8s7+oXVZURjW2r13h6pq6xQNZDNlXmpR8wHG -58TSrQC4n1vzdSwMWdptgOA8Sw8adR7ZJI1yNZpmynB2QolKKNESI7FcSKC/+b+H -LoPkseAwQG9yJo23qEw1GZS67B47iKIqX2wp9VLQobHw7ncrhKXQLSWq973k/Swp -7lBdfOsTouf72flLiF1HbdOLcFDmWgIbf5scj2HaQe8b/UcCAwEAAaN7MHkwDgYD -VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFHYxBJiJZieW -e6G1vwn6Q36/crgNMB8GA1UdIwQYMBaAFHYxBJiJZieWe6G1vwn6Q36/crgNMBYG -A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQCN6WVNYpWJ -6Z1Ee+otLZYMXhjyR6NUQ5s0aHiug97gB8mTiNlgXiiTgipCbofEmENgh1inYrPC -WfdXxqOaekSXCQW6nSO1KtBzEYtkN5LrN1cjKqt51P2DbkllinK37wwCS2Kfup1+ -yjhTRxrehSIfsMVK6bTUeSoc8etkgwErZpORhlpqZKWhmOwcMpgsYJJOLhUetqc1 -UNe/254bc0vqHEPT6VI/86c7qAmk1xR0RUfrnKAEqZtUeuoj2fe1L/6yOB16fxt5 -3V3oim7EO6eZCTjDo9fU5DaFiqSMe7WVdr03Na0cWet60XKRH/xaiC6gMWdHWcbh -vZdXnV1qjlM2 +MIIDNTCCAh2gAwIBAgIUamQJB/Uevzf3+qrDQOqA8mwkwX8wDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjQwMjA3MTQ1MTQxWhcNMzQw +MjA0MTQ1MjExWjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAKvI2XT0os20vG7d8FjRuMq9mALcQgLZvjAbQZbm +JyeVxRQP5HsSrBlBwaZWgmXWFfIPlwsEsTAUsCneAl4ZL3gQ6831nbmmpgThOEVy +rGBsbL6qlEWWplD/AGpcdEbAuDmuMSO9tKR6iRm+acTHJcXqsDm2HUUS7U+ManWY +S0dG10beJE2eVtEv5/fnFlVSn72VgAVgXVl7UA5E77zXK9GUAyQ6Oo7MET9zifZ/ +EifeSoEvLk+U7HRLgQbKz2ti6ABh0wnK7Ec2DjekMBXyeQz0tR+8dS53s5pqti7c +SUQMHmL4jKxvfQr7fr5wbJpFDu37Vif9GdND9WSDRcufuM8CAwEAAaN7MHkwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFKMF6QgDV4cV +WyQZn3EHKLUumXzuMB8GA1UdIwQYMBaAFKMF6QgDV4cVWyQZn3EHKLUumXzuMBYG +A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQAhhE0ht7Sp +inKLJSVZrdFHbAbRXnYcUz/3oyy/uw0YvF0dJAHz2sgbtCLMHzKU7NwotaEqZedA +I7688nI42aHggIkwa1CzmFo9ybQ2afgrYNeF+TcTQI6G+fFpeRT5I+FvA9hUI3r4 +Kp63Si7cpQS5uiHs90sv2SNMedo2Gf9VyJKB7NOReQJWsrw32ITi4QLNKHcHciKm +cpi/OqbR1YTJRoUrcC655G7bSKENzccdTWo8kBJgYLVbe+FohqgheqPqWpdH2zoR +OxOwviutfJTNvDyhXu8FrDc5tr9f5VjXv1hK2szYuvggwbybUBB9bLsx+fV79oZe +3zR0j5YwB28G -----END CERTIFICATE----- \ No newline at end of file From a364a4b3f832981ab78b6a503680687fba28e525 Mon Sep 17 00:00:00 2001 From: Croft Date: Tue, 13 Feb 2024 13:35:52 +0100 Subject: [PATCH 04/13] Added instructions for getting EHDS2 branch --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 9623314..b260dd5 100644 --- a/README.md +++ b/README.md @@ -138,11 +138,13 @@ sudo mkdir -p /srv/docker/ sudo git clone https://github.com/samply/bridgehead.git /srv/docker/bridgehead ``` -If this is ECDC/EHDS2 installation, copy the configuration file to the required location: +If this is an ECDC/EHDS2 installation, switch to the ```ehds2``` branch and copy the configuration file to the required location: ```shell +cd /srv/docker/bridgehead +sudo git checkout ehds2 sudo mkdir -p /etc/bridgehead/ sudo cp bbmri/modules/bbmri.conf /etc/bridgehead/ -sudo chown -R bridgehead:root /etc/bridgehead +sudo chown -R bridgehead:root . /etc/bridgehead ``` If this is not an ECDC/EHDS2 installation, then download your site specific configuration repository: From 81e5a6ea3f2806956a62b966b7b3296c62658185 Mon Sep 17 00:00:00 2001 From: Croft Date: Tue, 13 Feb 2024 13:42:55 +0100 Subject: [PATCH 05/13] Explained the file edits for EHDS2 --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index b260dd5..bf9d032 100644 --- a/README.md +++ b/README.md @@ -145,6 +145,7 @@ sudo git checkout ehds2 sudo mkdir -p /etc/bridgehead/ sudo cp bbmri/modules/bbmri.conf /etc/bridgehead/ sudo chown -R bridgehead:root . /etc/bridgehead +sudo vi /etc/bridgehead/bbmri.conf # Modify to include national node name and admin contact details ``` If this is not an ECDC/EHDS2 installation, then download your site specific configuration repository: @@ -187,7 +188,7 @@ sudo ./bridgehead enroll Note: if you are doing an ECDC/EHDS2 installation, you will need to perform the Beam certificate signing yourself. Do not send an email to either of the email addreesses suggested by the bridgehead enroll procedure. Instead, log on to the VM where Beam is running and perform the following (you will need root permissions): ```shell cd /srv/docker/beam-broker -sudo vi csr/ecdc-bridgehead-.csr +sudo vi csr/ecdc-bridgehead-.csr # Copy and paste the certificate printed during the enroll sudo pki-scripts/managepki sign --csr-file csr/ecdc-bridgehead-.csr --common-name=ecdc-bridgehead-.broker.bbmri.samply.de ``` From 7c2e9af947ea5560c03310c9da124c874b69528b Mon Sep 17 00:00:00 2001 From: Croft Date: Tue, 13 Feb 2024 14:00:21 +0100 Subject: [PATCH 06/13] Set up sensible volumes for TransFAIR Also gave instructions to copy over data file. --- README.md | 3 +++ bbmri/modules/ehds2-compose.yml | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index bf9d032..e4a00cc 100644 --- a/README.md +++ b/README.md @@ -142,12 +142,15 @@ If this is an ECDC/EHDS2 installation, switch to the ```ehds2``` branch and copy ```shell cd /srv/docker/bridgehead sudo git checkout ehds2 +mkdir test data sudo mkdir -p /etc/bridgehead/ sudo cp bbmri/modules/bbmri.conf /etc/bridgehead/ sudo chown -R bridgehead:root . /etc/bridgehead sudo vi /etc/bridgehead/bbmri.conf # Modify to include national node name and admin contact details ``` +For an ECDC/EHDS2 installation, you will also need to copy your data in a ```.csv``` file to ```/srv/docker/bridgehead/data```. + If this is not an ECDC/EHDS2 installation, then download your site specific configuration repository: ```shell sudo mkdir -p /etc/bridgehead/ diff --git a/bbmri/modules/ehds2-compose.yml b/bbmri/modules/ehds2-compose.yml index f519c0a..ae0f2c5 100644 --- a/bbmri/modules/ehds2-compose.yml +++ b/bbmri/modules/ehds2-compose.yml @@ -46,8 +46,8 @@ services: restart: on-failure command: sh -c "sleep 60 && rm -rf /app/test/* && java -jar transFAIR.jar && tail -f /dev/null" volumes: - - /home/gerhard/Projects/EHDS2/PrototypeSpring2024/test/:/app/test/ - - /home/gerhard/Projects/EHDS2/PrototypeSpring2024/Data/:/app/data/ + - ./test/:/app/test/ + - ./data/:/app/data/ # Report on the data pushed to Blaze by TransFAIR blazectl: From b28a48da0a4a8a28419434449348963224b30915 Mon Sep 17 00:00:00 2001 From: Croft Date: Tue, 13 Feb 2024 14:02:19 +0100 Subject: [PATCH 07/13] Needed sudo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e4a00cc..73ba674 100644 --- a/README.md +++ b/README.md @@ -142,7 +142,7 @@ If this is an ECDC/EHDS2 installation, switch to the ```ehds2``` branch and copy ```shell cd /srv/docker/bridgehead sudo git checkout ehds2 -mkdir test data +sudo mkdir test data sudo mkdir -p /etc/bridgehead/ sudo cp bbmri/modules/bbmri.conf /etc/bridgehead/ sudo chown -R bridgehead:root . /etc/bridgehead From 5e8db39e2a9256324d03872ff5ad0b803224e5f8 Mon Sep 17 00:00:00 2001 From: Croft Date: Tue, 13 Feb 2024 14:05:48 +0100 Subject: [PATCH 08/13] Data needs to be readable --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 73ba674..613a40b 100644 --- a/README.md +++ b/README.md @@ -149,7 +149,7 @@ sudo chown -R bridgehead:root . /etc/bridgehead sudo vi /etc/bridgehead/bbmri.conf # Modify to include national node name and admin contact details ``` -For an ECDC/EHDS2 installation, you will also need to copy your data in a ```.csv``` file to ```/srv/docker/bridgehead/data```. +For an ECDC/EHDS2 installation, you will also need to copy your data in a ```.csv``` formatted file to ```/srv/docker/bridgehead/data```. Make sure it is readable by all. If this is not an ECDC/EHDS2 installation, then download your site specific configuration repository: ```shell From 4abe193c5874b6e02a42a9b0a0a4607439ed70f0 Mon Sep 17 00:00:00 2001 From: Croft Date: Tue, 13 Feb 2024 14:08:53 +0100 Subject: [PATCH 09/13] Made the file type more explicit. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 613a40b..acea451 100644 --- a/README.md +++ b/README.md @@ -149,7 +149,7 @@ sudo chown -R bridgehead:root . /etc/bridgehead sudo vi /etc/bridgehead/bbmri.conf # Modify to include national node name and admin contact details ``` -For an ECDC/EHDS2 installation, you will also need to copy your data in a ```.csv``` formatted file to ```/srv/docker/bridgehead/data```. Make sure it is readable by all. +For an ECDC/EHDS2 installation, you will also need to copy your data in a comma-separated value (CSV) formatted file to ```/srv/docker/bridgehead/data```. Make sure it is readable by all. Only files with the ending ```.csv``` will be read in, all other files will be ignored. If this is not an ECDC/EHDS2 installation, then download your site specific configuration repository: ```shell From a629d87a5f60253e7a569e8cadbc1f20b9a468d1 Mon Sep 17 00:00:00 2001 From: Patrick Skowronek Date: Wed, 14 Feb 2024 10:19:19 +0100 Subject: [PATCH 10/13] Inserted right urlInserted right urlInserted right urlInserted right urlInserted right urlInserted right urlInserted right urlInserted right urlInserted right url --- bbmri/vars | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bbmri/vars b/bbmri/vars index cd32b07..59e5044 100644 --- a/bbmri/vars +++ b/bbmri/vars @@ -7,6 +7,7 @@ # Makes only sense for EHDS2 project : ${ENABLE_EHDS2:=false} + FOCUS_RETRY_COUNT=32 PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem @@ -17,7 +18,7 @@ do done SUPPORT_EMAIL=$ERIC_SUPPORT_EMAIL -BROKER_URL_FOR_PREREQ="${ERIC_BROKER_URL:-$GBN_BROKER_URL}" +BROKER_URL_FOR_PREREQ="https://ecdc-vm-ehds-test1.swedencentral.cloudapp.azure.com" if [ -n "$GBN_SUPPORT_EMAIL" ]; then SUPPORT_EMAIL=$GBN_SUPPORT_EMAIL From 5bd9baaff7fa047a5049f98572fcd6aef506a4ed Mon Sep 17 00:00:00 2001 From: Croft Date: Wed, 14 Feb 2024 11:16:39 +0100 Subject: [PATCH 11/13] Corrected things that led to errors during install --- README.md | 3 ++- bbmri/modules/ehds2-compose.yml | 6 ------ 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index acea451..6b6f9ba 100644 --- a/README.md +++ b/README.md @@ -191,13 +191,14 @@ sudo ./bridgehead enroll Note: if you are doing an ECDC/EHDS2 installation, you will need to perform the Beam certificate signing yourself. Do not send an email to either of the email addreesses suggested by the bridgehead enroll procedure. Instead, log on to the VM where Beam is running and perform the following (you will need root permissions): ```shell cd /srv/docker/beam-broker +sudo mkdir -p csr sudo vi csr/ecdc-bridgehead-.csr # Copy and paste the certificate printed during the enroll sudo pki-scripts/managepki sign --csr-file csr/ecdc-bridgehead-.csr --common-name=ecdc-bridgehead-.broker.bbmri.samply.de ``` You can check that the Bridgehead has connected to Beam with the following command: ```shell -curl -v https://ecdc-vm-ehds-test1.swedencentral.cloudapp.azure.com/v1/health/proxies +pki-scripts/managepki list ``` diff --git a/bbmri/modules/ehds2-compose.yml b/bbmri/modules/ehds2-compose.yml index ae0f2c5..337f0af 100644 --- a/bbmri/modules/ehds2-compose.yml +++ b/bbmri/modules/ehds2-compose.yml @@ -49,9 +49,3 @@ services: - ./test/:/app/test/ - ./data/:/app/data/ - # Report on the data pushed to Blaze by TransFAIR - blazectl: - container_name: blazectl - image: samply/blazectl - command: sh -c "sleep 300 && echo Source store && blazectl --server http://blaze:8080/fhir count-resources && tail -f /dev/null" - From b6bfaba855283268300d6793e92eda3958a7432d Mon Sep 17 00:00:00 2001 From: Croft Date: Wed, 14 Feb 2024 11:17:28 +0100 Subject: [PATCH 12/13] Removed unnecessary chown --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 6b6f9ba..3206a32 100644 --- a/README.md +++ b/README.md @@ -145,7 +145,6 @@ sudo git checkout ehds2 sudo mkdir test data sudo mkdir -p /etc/bridgehead/ sudo cp bbmri/modules/bbmri.conf /etc/bridgehead/ -sudo chown -R bridgehead:root . /etc/bridgehead sudo vi /etc/bridgehead/bbmri.conf # Modify to include national node name and admin contact details ``` From 99956f34771702ea9f08f1051fd414cad1044945 Mon Sep 17 00:00:00 2001 From: Croft Date: Wed, 14 Feb 2024 13:10:07 +0100 Subject: [PATCH 13/13] Added instructions to get latest TransFAIR --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 3206a32..c0c8954 100644 --- a/README.md +++ b/README.md @@ -140,6 +140,10 @@ sudo git clone https://github.com/samply/bridgehead.git /srv/docker/bridgehead If this is an ECDC/EHDS2 installation, switch to the ```ehds2``` branch and copy the configuration file to the required location: ```shell +cd +git clone https://github.com/samply/transFAIR.git +cd transFAIR +docker build -t samply/transfair --no-cache . cd /srv/docker/bridgehead sudo git checkout ehds2 sudo mkdir test data