diff --git a/README.md b/README.md index 3cd198e..0c7e1fb 100644 --- a/README.md +++ b/README.md @@ -284,7 +284,7 @@ There will be a delay before the effects of Directory sync become visible. First Your Bridgehead will automatically and regularly check for updates. Whenever something has been updates (e.g., one of the git repositories or one of the docker images), your Bridgehead is automatically restarted. This should happen automatically and does not need any configuration. -If you would like to understand what happens exactly and when, please check the systemd units deployed during the [installation](#base-installation) via `systemctl cat bridgehead-update@.service` and `systemctl cat bridgehead-update@.service` and `systemctl cat bridgehead-update@.timer`. ### Auto-Backups diff --git a/bbmri/docker-compose.yml b/bbmri/docker-compose.yml index e00ed67..8ad8211 100644 --- a/bbmri/docker-compose.yml +++ b/bbmri/docker-compose.yml @@ -1,60 +1,8 @@ version: "3.7" services: - traefik: - container_name: bridgehead-traefik - image: docker.verbis.dkfz.de/cache/traefik:latest - command: - - --entrypoints.web.address=:80 - - --entrypoints.websecure.address=:443 - - --providers.docker=true - - --providers.docker.exposedbydefault=false - - --providers.file.directory=/configuration/ - - --api.dashboard=true - - --accesslog=true - - --entrypoints.web.http.redirections.entrypoint.to=websecure - - --entrypoints.web.http.redirections.entrypoint.scheme=https - labels: - - "traefik.enable=true" - - "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)" - - "traefik.http.routers.dashboard.entrypoints=websecure" - - "traefik.http.routers.dashboard.service=api@internal" - - "traefik.http.routers.dashboard.tls=true" - - "traefik.http.routers.dashboard.middlewares=auth" - - "traefik.http.middlewares.auth.basicauth.users=${LDM_LOGIN}" - ports: - - 80:80 - - 443:443 - volumes: - - /etc/bridgehead/traefik-tls:/certs:ro - - ../lib/traefik-configuration/:/configuration:ro - - /var/run/docker.sock:/var/run/docker.sock:ro - - forward_proxy: - container_name: bridgehead-forward-proxy - image: docker.verbis.dkfz.de/cache/samply/bridgehead-forward-proxy:latest - environment: - HTTPS_PROXY: ${HTTPS_PROXY_URL} - USERNAME: ${HTTPS_PROXY_USERNAME} - PASSWORD: ${HTTPS_PROXY_PASSWORD} - volumes: - - /etc/bridgehead/trusted-ca-certs:/docker/custom-certs/:ro - - landing: - container_name: bridgehead-landingpage - image: docker.verbis.dkfz.de/cache/samply/bridgehead-landingpage:master - labels: - - "traefik.enable=true" - - "traefik.http.routers.landing.rule=PathPrefix(`/`)" - - "traefik.http.services.landing.loadbalancer.server.port=80" - - "traefik.http.routers.landing.tls=true" - environment: - HOST: ${HOST} - PROJECT: ${PROJECT} - SITE_NAME: ${SITE_NAME} - blaze: - image: docker.verbis.dkfz.de/cache/samply/blaze:0.19 + image: docker.verbis.dkfz.de/cache/samply/blaze:latest container_name: bridgehead-bbmri-blaze environment: BASE_URL: "http://bridgehead-bbmri-blaze:8080" @@ -91,8 +39,7 @@ services: environment: BROKER_URL: ${BROKER_URL} PROXY_ID: ${PROXY_ID} - APP_0_ID: focus - APP_0_KEY: ${FOCUS_BEAM_SECRET_SHORT} + APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT} PRIVKEY_FILE: /run/secrets/proxy.pem ALL_PROXY: http://forward_proxy:3128 TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs diff --git a/bbmri/modules/dnpm-compose.yml b/bbmri/modules/dnpm-compose.yml new file mode 100644 index 0000000..0cbc45f --- /dev/null +++ b/bbmri/modules/dnpm-compose.yml @@ -0,0 +1,48 @@ +version: "3.7" + +services: + dnpm-beam-proxy: + image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop + container_name: bridgehead-dnpm-beam-proxy + environment: + BROKER_URL: ${DNPM_BROKER_URL} + PROXY_ID: ${DNPM_PROXY_ID} + APP_dnpm-connect_KEY: ${DNPM_BEAM_SECRET_SHORT} + PRIVKEY_FILE: /run/secrets/proxy.pem + ALL_PROXY: http://forward_proxy:3128 + TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs + ROOTCERT_FILE: /conf/root.crt.pem + secrets: + - proxy.pem + depends_on: + - "forward_proxy" + volumes: + - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro + - /srv/docker/bridgehead/ccp/root.crt.pem:/conf/root.crt.pem:ro + + dnpm-beam-connect: + depends_on: [ dnpm-beam-proxy ] + image: docker.verbis.dkfz.de/cache/samply/beam-connect:dnpm + container_name: bridgehead-dnpm-beam-connect + environment: + PROXY_URL: http://dnpm-beam-proxy:8081 + PROXY_APIKEY: ${DNPM_BEAM_SECRET_SHORT} + APP_ID: dnpm-connect.${DNPM_PROXY_ID} + DISCOVERY_URL: "./conf/central_targets.json" + LOCAL_TARGETS_FILE: "./conf/connect_targets.json" + HTTP_PROXY: http://forward_proxy:3128 + HTTPS_PROXY: http://forward_proxy:3128 + NO_PROXY: dnpm-beam-proxy,dnpm-backend + RUST_LOG: ${RUST_LOG:-info} + volumes: + - /etc/bridgehead/dnpm/local_targets.json:/conf/connect_targets.json:ro + - /etc/bridgehead/dnpm/central_targets.json:/conf/central_targets.json:ro + labels: + - "traefik.enable=true" + - "traefik.http.routers.dnpm-connect.rule=PathPrefix(`/dnpm-connect`)" + - "traefik.http.services.dnpm-connect.loadbalancer.server.port=8062" + - "traefik.http.routers.dnpm-connect.tls=true" + +secrets: + proxy.pem: + file: /etc/bridgehead/pki/${SITE_ID}.priv.pem diff --git a/bbmri/modules/dnpm-setup.sh b/bbmri/modules/dnpm-setup.sh new file mode 100644 index 0000000..7b3be9a --- /dev/null +++ b/bbmri/modules/dnpm-setup.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +if [ -n "${ENABLE_DNPM}" ]; then + log DEBUG "DNPM setup detected (Beam.Connect) -- will start Beam and Beam.Connect for DNPM." + OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose.yml" + + # Set variables required for Beam-Connect + DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password for DNPM. It is not required to be secret.\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" + DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" + DNPM_BROKER_ID="broker.ccp-it.dktk.dkfz.de" + DNPM_BROKER_URL="https://${DNPM_BROKER_ID}" + DNPM_PROXY_ID="${SITE_ID}.${DNPM_BROKER_ID}" +fi diff --git a/bbmri/vars b/bbmri/vars index 2afc97f..21aeaec 100644 --- a/bbmri/vars +++ b/bbmri/vars @@ -6,6 +6,12 @@ FOCUS_RETRY_COUNT=32 SUPPORT_EMAIL=bridgehead@helpdesk.bbmri-eric.eu PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem +for module in $PROJECT/modules/*.sh +do + log DEBUG "sourcing $module" + source $module +done + # This will load directory-sync setup. source $PROJECT/directory-sync.sh dirSetup diff --git a/bridgehead b/bridgehead index 59287f4..8d25094 100755 --- a/bridgehead +++ b/bridgehead @@ -32,6 +32,9 @@ case "$PROJECT" in bbmri) #nothing extra to do ;; + minimal) + #nothing extra to do + ;; *) printUsage exit 1 @@ -51,6 +54,11 @@ loadVars() { set +a OVERRIDE=${OVERRIDE:=""} + # minimal contains shared components, so potential overrides must be applied in every project + if [ -f "minimal/docker-compose.override.yml" ]; then + log INFO "Applying Bridgehead common components override (minimal/docker-compose.override.yml)" + OVERRIDE+=" -f ./minimal/docker-compose.override.yml" + fi if [ -f "$PROJECT/docker-compose.override.yml" ]; then log INFO "Applying $PROJECT/docker-compose.override.yml" OVERRIDE+=" -f ./$PROJECT/docker-compose.override.yml" @@ -66,13 +74,13 @@ case "$ACTION" in checkRequirements hc_send log "Bridgehead $PROJECT startup: Requirements checked out. Now starting bridgehead ..." export LDM_LOGIN=$(getLdmPassword) - exec $COMPOSE -f ./$PROJECT/docker-compose.yml $OVERRIDE up --abort-on-container-exit + exec $COMPOSE -f ./minimal/docker-compose.yml -f ./$PROJECT/docker-compose.yml $OVERRIDE up --abort-on-container-exit ;; stop) loadVars - # HACK: This is tempoarily to properly shut down false bridgehead instances (bridgehead-ccp instead ccp) - $COMPOSE -p bridgehead-$PROJECT -f ./$PROJECT/docker-compose.yml $OVERRIDE down - exec $COMPOSE -f ./$PROJECT/docker-compose.yml $OVERRIDE down + # HACK: This is temporarily to properly shut down false bridgehead instances (bridgehead-ccp instead ccp) + $COMPOSE -p bridgehead-$PROJECT -f ./minimal/docker-compose.yml -f ./$PROJECT/docker-compose.yml $OVERRIDE down + exec $COMPOSE -f ./minimal/docker-compose.yml -f ./$PROJECT/docker-compose.yml $OVERRIDE down ;; is-running) bk_is_running @@ -97,7 +105,22 @@ case "$ACTION" in ;; enroll) loadVars - docker run --rm -ti -v /etc/bridgehead/pki:/etc/bridgehead/pki docker.verbis.dkfz.de/cache/samply/beam-enroll:latest --output-file $PRIVATEKEYFILENAME --proxy-id $PROXY_ID --admin-email $SUPPORT_EMAIL + + MANUAL_PROXY_ID="${3:-$PROXY_ID}" + if [ -z "$MANUAL_PROXY_ID" ]; then + log ERROR "No Proxy ID set" + exit 1 + else + log INFO "Enrolling Beam Proxy Id $MANUAL_PROXY_ID" + fi + + if [ -z "$SUPPORT_EMAIL" ]; then + EMAIL_PARAM="" + else + EMAIL_PARAM="--admin-email $SUPPORT_EMAIL" + fi + + docker run --rm -ti -v /etc/bridgehead/pki:/etc/bridgehead/pki docker.verbis.dkfz.de/cache/samply/beam-enroll:latest --output-file $PRIVATEKEYFILENAME --proxy-id $MANUAL_PROXY_ID $EMAIL_PARAM chmod 600 $PRIVATEKEYFILENAME ;; preRun | preUpdate) diff --git a/ccp/docker-compose.yml b/ccp/docker-compose.yml index 624766d..7b7e129 100644 --- a/ccp/docker-compose.yml +++ b/ccp/docker-compose.yml @@ -1,60 +1,8 @@ version: "3.7" services: - traefik: - container_name: bridgehead-traefik - image: docker.verbis.dkfz.de/cache/traefik:latest - command: - - --entrypoints.web.address=:80 - - --entrypoints.websecure.address=:443 - - --providers.docker=true - - --providers.docker.exposedbydefault=false - - --providers.file.directory=/configuration/ - - --api.dashboard=true - - --accesslog=true - - --entrypoints.web.http.redirections.entrypoint.to=websecure - - --entrypoints.web.http.redirections.entrypoint.scheme=https - labels: - - "traefik.enable=true" - - "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)" - - "traefik.http.routers.dashboard.entrypoints=websecure" - - "traefik.http.routers.dashboard.service=api@internal" - - "traefik.http.routers.dashboard.tls=true" - - "traefik.http.routers.dashboard.middlewares=auth" - - "traefik.http.middlewares.auth.basicauth.users=${LDM_LOGIN}" - ports: - - 80:80 - - 443:443 - volumes: - - /etc/bridgehead/traefik-tls:/certs:ro - - ../lib/traefik-configuration/:/configuration:ro - - /var/run/docker.sock:/var/run/docker.sock:ro - - forward_proxy: - container_name: bridgehead-forward-proxy - image: docker.verbis.dkfz.de/cache/samply/bridgehead-forward-proxy:latest - environment: - HTTPS_PROXY: ${HTTPS_PROXY_URL} - USERNAME: ${HTTPS_PROXY_USERNAME} - PASSWORD: ${HTTPS_PROXY_PASSWORD} - volumes: - - /etc/bridgehead/trusted-ca-certs:/docker/custom-certs/:ro - - landing: - container_name: bridgehead-landingpage - image: docker.verbis.dkfz.de/cache/samply/bridgehead-landingpage:master - labels: - - "traefik.enable=true" - - "traefik.http.routers.landing.rule=PathPrefix(`/`)" - - "traefik.http.services.landing.loadbalancer.server.port=80" - - "traefik.http.routers.landing.tls=true" - environment: - HOST: ${HOST} - PROJECT: ${PROJECT} - SITE_NAME: ${SITE_NAME} - blaze: - image: docker.verbis.dkfz.de/cache/samply/blaze:0.19 + image: docker.verbis.dkfz.de/cache/samply/blaze:latest container_name: bridgehead-ccp-blaze environment: BASE_URL: "http://bridgehead-ccp-blaze:8080" @@ -92,10 +40,8 @@ services: environment: BROKER_URL: ${BROKER_URL} PROXY_ID: ${PROXY_ID} - APP_0_ID: focus - APP_0_KEY: ${FOCUS_BEAM_SECRET_SHORT} - APP_1_ID: report-hub - APP_1_KEY: ${REPORTHUB_BEAM_SECRET_SHORT} + APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT} + APP_report-hub_KEY: ${REPORTHUB_BEAM_SECRET_SHORT} PRIVKEY_FILE: /run/secrets/proxy.pem ALL_PROXY: http://forward_proxy:3128 TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs diff --git a/ccp/exliquid-compose.yml b/ccp/exliquid-compose.yml index d5bb351..becf99a 100644 --- a/ccp/exliquid-compose.yml +++ b/ccp/exliquid-compose.yml @@ -2,7 +2,7 @@ version: "3.7" services: exliquid-task-store: - image: docker.verbis.dkfz.de/cache/samply/blaze:0.19 + image: docker.verbis.dkfz.de/cache/samply/blaze:0.20 container_name: bridgehead-exliquid-task-store environment: BASE_URL: "http://bridgehead-exliquid-task-store:8080" diff --git a/ccp/modules/dnpm-compose.yml b/ccp/modules/dnpm-compose.yml new file mode 100644 index 0000000..9286d32 --- /dev/null +++ b/ccp/modules/dnpm-compose.yml @@ -0,0 +1,28 @@ +version: "3.7" + +services: + beam-proxy: + environment: + APP_dnpm-connect_KEY: ${DNPM_BEAM_SECRET_SHORT} + dnpm-beam-connect: + depends_on: [ beam-proxy ] + image: docker.verbis.dkfz.de/cache/samply/beam-connect:dnpm + container_name: bridgehead-dnpm-beam-connect + environment: + PROXY_URL: http://beam-proxy:8081 + PROXY_APIKEY: ${DNPM_BEAM_SECRET_SHORT} + APP_ID: dnpm-connect.${PROXY_ID} + DISCOVERY_URL: "./conf/central_targets.json" + LOCAL_TARGETS_FILE: "./conf/connect_targets.json" + HTTP_PROXY: "http://forward_proxy:3128" + HTTPS_PROXY: "http://forward_proxy:3128" + NO_PROXY: beam-proxy,dnpm-backend + RUST_LOG: ${RUST_LOG:-info} + volumes: + - /etc/bridgehead/dnpm/local_targets.json:/conf/connect_targets.json:ro + - /etc/bridgehead/dnpm/central_targets.json:/conf/central_targets.json:ro + labels: + - "traefik.enable=true" + - "traefik.http.routers.dnpm-connect.rule=PathPrefix(`/dnpm-connect`)" + - "traefik.http.services.dnpm-connect.loadbalancer.server.port=8062" + - "traefik.http.routers.dnpm-connect.tls=true" diff --git a/ccp/modules/dnpm-setup.sh b/ccp/modules/dnpm-setup.sh new file mode 100644 index 0000000..04659eb --- /dev/null +++ b/ccp/modules/dnpm-setup.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +if [ -n "${ENABLE_DNPM}" ]; then + log DEBUG "DNPM setup detected (Beam.Connect) -- will start Beam.Connect for DNPM." + OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose.yml" + + # Set variables required for Beam-Connect + DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password for DNPM. It is not required to be secret.\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" + DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" +fi diff --git a/ccp/vars b/ccp/vars index 6570829..412abf7 100644 --- a/ccp/vars +++ b/ccp/vars @@ -14,6 +14,13 @@ idManagementSetup # This will load nngm setup. Effective only if nngm configuration is defined. source $PROJECT/nngm-setup.sh nngmSetup + source $PROJECT/exliquid-setup.sh exliquidSetup mtbaSetup + +for module in $PROJECT/modules/*.sh +do + log DEBUG "sourcing $module" + source $module +done diff --git a/lib/functions.sh b/lib/functions.sh index ac5ae6b..a243842 100644 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -171,7 +171,7 @@ function retry { function bk_is_running { detectCompose - RUNNING="$($COMPOSE -p $PROJECT -f ./$PROJECT/docker-compose.yml $OVERRIDE ps -q)" + RUNNING="$($COMPOSE -p $PROJECT -f minimal/docker-compose.yml -f ./$PROJECT/docker-compose.yml $OVERRIDE ps -q)" NUMBEROFRUNNING=$(echo "$RUNNING" | wc -l) if [ $NUMBEROFRUNNING -ge 2 ]; then return 0 diff --git a/lib/prepare-system.sh b/lib/prepare-system.sh index c0caa79..1bddf3e 100755 --- a/lib/prepare-system.sh +++ b/lib/prepare-system.sh @@ -52,6 +52,9 @@ case "$PROJECT" in bbmri) site_configuration_repository_middle="git.verbis.dkfz.de/bbmri-bridgehead-configs/" ;; + minimal) + site_configuration_repository_middle="git.verbis.dkfz.de/minimal-bridgehead-configs/" + ;; *) log ERROR "Internal error, this should not happen." exit 1 diff --git a/lib/update-bridgehead.sh b/lib/update-bridgehead.sh index bce720d..89db369 100755 --- a/lib/update-bridgehead.sh +++ b/lib/update-bridgehead.sh @@ -86,7 +86,7 @@ done # Check docker updates log "INFO" "Checking for updates to running docker images ..." docker_updated="false" -for IMAGE in $(cat $PROJECT/docker-compose.yml ${OVERRIDE//-f/} | grep -v "^#" | grep "image:" | sed -e 's_^.*image: \(.*\).*$_\1_g; s_\"__g'); do +for IMAGE in $(cat $PROJECT/docker-compose.yml ${OVERRIDE//-f/} minimal/docker-compose.yml | grep -v "^#" | grep "image:" | sed -e 's_^.*image: \(.*\).*$_\1_g; s_\"__g'); do log "INFO" "Checking for Updates of Image: $IMAGE" if docker pull $IMAGE | grep "Downloaded newer image"; then CHANGE="Image $IMAGE updated." diff --git a/minimal/docker-compose.yml b/minimal/docker-compose.yml new file mode 100644 index 0000000..cd4c2e5 --- /dev/null +++ b/minimal/docker-compose.yml @@ -0,0 +1,56 @@ +version: "3.7" + +services: + traefik: + container_name: bridgehead-traefik + image: docker.verbis.dkfz.de/cache/traefik:latest + command: + - --entrypoints.web.address=:80 + - --entrypoints.websecure.address=:443 + - --providers.docker=true + - --providers.docker.exposedbydefault=false + - --providers.file.directory=/configuration/ + - --api.dashboard=true + - --accesslog=true + - --entrypoints.web.http.redirections.entrypoint.to=websecure + - --entrypoints.web.http.redirections.entrypoint.scheme=https + labels: + - "traefik.enable=true" + - "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)" + - "traefik.http.routers.dashboard.entrypoints=websecure" + - "traefik.http.routers.dashboard.service=api@internal" + - "traefik.http.routers.dashboard.tls=true" + - "traefik.http.routers.dashboard.middlewares=auth" + - "traefik.http.middlewares.auth.basicauth.users=${LDM_LOGIN}" + ports: + - 80:80 + - 443:443 + volumes: + - /etc/bridgehead/traefik-tls:/certs:ro + - ../lib/traefik-configuration/:/configuration:ro + - /var/run/docker.sock:/var/run/docker.sock:ro + + forward_proxy: + container_name: bridgehead-forward-proxy + image: docker.verbis.dkfz.de/cache/samply/bridgehead-forward-proxy:latest + environment: + HTTPS_PROXY: ${HTTPS_PROXY_URL} + USERNAME: ${HTTPS_PROXY_USERNAME} + PASSWORD: ${HTTPS_PROXY_PASSWORD} + volumes: + - /etc/bridgehead/trusted-ca-certs:/docker/custom-certs/:ro + + landing: + container_name: bridgehead-landingpage + image: docker.verbis.dkfz.de/cache/samply/bridgehead-landingpage:master + labels: + - "traefik.enable=true" + - "traefik.http.routers.landing.rule=PathPrefix(`/`)" + - "traefik.http.services.landing.loadbalancer.server.port=80" + - "traefik.http.routers.landing.tls=true" + environment: + HOST: ${HOST} + PROJECT: ${PROJECT} + SITE_NAME: ${SITE_NAME} + + diff --git a/minimal/modules/dnpm-compose.yml b/minimal/modules/dnpm-compose.yml new file mode 100644 index 0000000..276f5ff --- /dev/null +++ b/minimal/modules/dnpm-compose.yml @@ -0,0 +1,48 @@ +version: "3.7" + +services: + dnpm-beam-proxy: + image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop + container_name: bridgehead-dnpm-beam-proxy + environment: + BROKER_URL: ${DNPM_BROKER_URL} + PROXY_ID: ${DNPM_PROXY_ID} + APP_dnpm-connect_KEY: ${DNPM_BEAM_SECRET_SHORT} + PRIVKEY_FILE: /run/secrets/proxy.pem + ALL_PROXY: http://forward_proxy:3128 + TLS_CA_CERTIFICATES_DIR: ./conf/trusted-ca-certs + ROOTCERT_FILE: ./conf/root.crt.pem + secrets: + - proxy.pem + depends_on: + - "forward_proxy" + volumes: + - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro + - /srv/docker/bridgehead/ccp/root.crt.pem:/conf/root.crt.pem:ro + + dnpm-beam-connect: + depends_on: [ dnpm-beam-proxy ] + image: docker.verbis.dkfz.de/cache/samply/beam-connect:dnpm + container_name: bridgehead-dnpm-beam-connect + environment: + PROXY_URL: http://dnpm-beam-proxy:8081 + PROXY_APIKEY: ${DNPM_BEAM_SECRET_SHORT} + APP_ID: dnpm-connect.${DNPM_PROXY_ID} + DISCOVERY_URL: "./conf/central_targets.json" + LOCAL_TARGETS_FILE: "./conf/connect_targets.json" + HTTP_PROXY: http://forward_proxy:3128 + HTTPS_PROXY: http://forward_proxy:3128 + NO_PROXY: dnpm-beam-proxy,dnpm-backend + RUST_LOG: ${RUST_LOG:-info} + volumes: + - /etc/bridgehead/dnpm/local_targets.json:/conf/connect_targets.json:ro + - /etc/bridgehead/dnpm/central_targets.json:/conf/central_targets.json:ro + labels: + - "traefik.enable=true" + - "traefik.http.routers.dnpm-connect.rule=PathPrefix(`/dnpm-connect`)" + - "traefik.http.services.dnpm-connect.loadbalancer.server.port=8062" + - "traefik.http.routers.dnpm-connect.tls=true" + +secrets: + proxy.pem: + file: /etc/bridgehead/pki/${SITE_ID}.priv.pem diff --git a/minimal/modules/dnpm-setup.sh b/minimal/modules/dnpm-setup.sh new file mode 100644 index 0000000..7b3be9a --- /dev/null +++ b/minimal/modules/dnpm-setup.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +if [ -n "${ENABLE_DNPM}" ]; then + log DEBUG "DNPM setup detected (Beam.Connect) -- will start Beam and Beam.Connect for DNPM." + OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose.yml" + + # Set variables required for Beam-Connect + DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password for DNPM. It is not required to be secret.\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" + DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" + DNPM_BROKER_ID="broker.ccp-it.dktk.dkfz.de" + DNPM_BROKER_URL="https://${DNPM_BROKER_ID}" + DNPM_PROXY_ID="${SITE_ID}.${DNPM_BROKER_ID}" +fi diff --git a/minimal/vars b/minimal/vars new file mode 100644 index 0000000..11d07ff --- /dev/null +++ b/minimal/vars @@ -0,0 +1,6 @@ +for module in $PROJECT/modules/*.sh +do + log DEBUG "sourcing $module" + source $module +done +PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem