diff --git a/README.md b/README.md index 3cd198eb..0c7e1fb0 100644 --- a/README.md +++ b/README.md @@ -284,7 +284,7 @@ There will be a delay before the effects of Directory sync become visible. First Your Bridgehead will automatically and regularly check for updates. Whenever something has been updates (e.g., one of the git repositories or one of the docker images), your Bridgehead is automatically restarted. This should happen automatically and does not need any configuration. -If you would like to understand what happens exactly and when, please check the systemd units deployed during the [installation](#base-installation) via `systemctl cat bridgehead-update@.service` and `systemctl cat bridgehead-update@.service` and `systemctl cat bridgehead-update@.timer`. ### Auto-Backups diff --git a/bbmri/docker-compose.yml b/bbmri/docker-compose.yml index e00ed673..8ad82116 100644 --- a/bbmri/docker-compose.yml +++ b/bbmri/docker-compose.yml @@ -1,60 +1,8 @@ version: "3.7" services: - traefik: - container_name: bridgehead-traefik - image: docker.verbis.dkfz.de/cache/traefik:latest - command: - - --entrypoints.web.address=:80 - - --entrypoints.websecure.address=:443 - - --providers.docker=true - - --providers.docker.exposedbydefault=false - - --providers.file.directory=/configuration/ - - --api.dashboard=true - - --accesslog=true - - --entrypoints.web.http.redirections.entrypoint.to=websecure - - --entrypoints.web.http.redirections.entrypoint.scheme=https - labels: - - "traefik.enable=true" - - "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)" - - "traefik.http.routers.dashboard.entrypoints=websecure" - - "traefik.http.routers.dashboard.service=api@internal" - - "traefik.http.routers.dashboard.tls=true" - - "traefik.http.routers.dashboard.middlewares=auth" - - "traefik.http.middlewares.auth.basicauth.users=${LDM_LOGIN}" - ports: - - 80:80 - - 443:443 - volumes: - - /etc/bridgehead/traefik-tls:/certs:ro - - ../lib/traefik-configuration/:/configuration:ro - - /var/run/docker.sock:/var/run/docker.sock:ro - - forward_proxy: - container_name: bridgehead-forward-proxy - image: docker.verbis.dkfz.de/cache/samply/bridgehead-forward-proxy:latest - environment: - HTTPS_PROXY: ${HTTPS_PROXY_URL} - USERNAME: ${HTTPS_PROXY_USERNAME} - PASSWORD: ${HTTPS_PROXY_PASSWORD} - volumes: - - /etc/bridgehead/trusted-ca-certs:/docker/custom-certs/:ro - - landing: - container_name: bridgehead-landingpage - image: docker.verbis.dkfz.de/cache/samply/bridgehead-landingpage:master - labels: - - "traefik.enable=true" - - "traefik.http.routers.landing.rule=PathPrefix(`/`)" - - "traefik.http.services.landing.loadbalancer.server.port=80" - - "traefik.http.routers.landing.tls=true" - environment: - HOST: ${HOST} - PROJECT: ${PROJECT} - SITE_NAME: ${SITE_NAME} - blaze: - image: docker.verbis.dkfz.de/cache/samply/blaze:0.19 + image: docker.verbis.dkfz.de/cache/samply/blaze:latest container_name: bridgehead-bbmri-blaze environment: BASE_URL: "http://bridgehead-bbmri-blaze:8080" @@ -91,8 +39,7 @@ services: environment: BROKER_URL: ${BROKER_URL} PROXY_ID: ${PROXY_ID} - APP_0_ID: focus - APP_0_KEY: ${FOCUS_BEAM_SECRET_SHORT} + APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT} PRIVKEY_FILE: /run/secrets/proxy.pem ALL_PROXY: http://forward_proxy:3128 TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs diff --git a/bbmri/modules/dnpm-compose.yml b/bbmri/modules/dnpm-compose.yml new file mode 100644 index 00000000..0cbc45f0 --- /dev/null +++ b/bbmri/modules/dnpm-compose.yml @@ -0,0 +1,48 @@ +version: "3.7" + +services: + dnpm-beam-proxy: + image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop + container_name: bridgehead-dnpm-beam-proxy + environment: + BROKER_URL: ${DNPM_BROKER_URL} + PROXY_ID: ${DNPM_PROXY_ID} + APP_dnpm-connect_KEY: ${DNPM_BEAM_SECRET_SHORT} + PRIVKEY_FILE: /run/secrets/proxy.pem + ALL_PROXY: http://forward_proxy:3128 + TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs + ROOTCERT_FILE: /conf/root.crt.pem + secrets: + - proxy.pem + depends_on: + - "forward_proxy" + volumes: + - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro + - /srv/docker/bridgehead/ccp/root.crt.pem:/conf/root.crt.pem:ro + + dnpm-beam-connect: + depends_on: [ dnpm-beam-proxy ] + image: docker.verbis.dkfz.de/cache/samply/beam-connect:dnpm + container_name: bridgehead-dnpm-beam-connect + environment: + PROXY_URL: http://dnpm-beam-proxy:8081 + PROXY_APIKEY: ${DNPM_BEAM_SECRET_SHORT} + APP_ID: dnpm-connect.${DNPM_PROXY_ID} + DISCOVERY_URL: "./conf/central_targets.json" + LOCAL_TARGETS_FILE: "./conf/connect_targets.json" + HTTP_PROXY: http://forward_proxy:3128 + HTTPS_PROXY: http://forward_proxy:3128 + NO_PROXY: dnpm-beam-proxy,dnpm-backend + RUST_LOG: ${RUST_LOG:-info} + volumes: + - /etc/bridgehead/dnpm/local_targets.json:/conf/connect_targets.json:ro + - /etc/bridgehead/dnpm/central_targets.json:/conf/central_targets.json:ro + labels: + - "traefik.enable=true" + - "traefik.http.routers.dnpm-connect.rule=PathPrefix(`/dnpm-connect`)" + - "traefik.http.services.dnpm-connect.loadbalancer.server.port=8062" + - "traefik.http.routers.dnpm-connect.tls=true" + +secrets: + proxy.pem: + file: /etc/bridgehead/pki/${SITE_ID}.priv.pem diff --git a/bbmri/modules/dnpm-setup.sh b/bbmri/modules/dnpm-setup.sh new file mode 100644 index 00000000..7b3be9a2 --- /dev/null +++ b/bbmri/modules/dnpm-setup.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +if [ -n "${ENABLE_DNPM}" ]; then + log DEBUG "DNPM setup detected (Beam.Connect) -- will start Beam and Beam.Connect for DNPM." + OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose.yml" + + # Set variables required for Beam-Connect + DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password for DNPM. It is not required to be secret.\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" + DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" + DNPM_BROKER_ID="broker.ccp-it.dktk.dkfz.de" + DNPM_BROKER_URL="https://${DNPM_BROKER_ID}" + DNPM_PROXY_ID="${SITE_ID}.${DNPM_BROKER_ID}" +fi diff --git a/bbmri/vars b/bbmri/vars index 2afc97fd..21aeaecf 100644 --- a/bbmri/vars +++ b/bbmri/vars @@ -6,6 +6,12 @@ FOCUS_RETRY_COUNT=32 SUPPORT_EMAIL=bridgehead@helpdesk.bbmri-eric.eu PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem +for module in $PROJECT/modules/*.sh +do + log DEBUG "sourcing $module" + source $module +done + # This will load directory-sync setup. source $PROJECT/directory-sync.sh dirSetup diff --git a/bridgehead b/bridgehead index 59287f4b..8d25094a 100755 --- a/bridgehead +++ b/bridgehead @@ -32,6 +32,9 @@ case "$PROJECT" in bbmri) #nothing extra to do ;; + minimal) + #nothing extra to do + ;; *) printUsage exit 1 @@ -51,6 +54,11 @@ loadVars() { set +a OVERRIDE=${OVERRIDE:=""} + # minimal contains shared components, so potential overrides must be applied in every project + if [ -f "minimal/docker-compose.override.yml" ]; then + log INFO "Applying Bridgehead common components override (minimal/docker-compose.override.yml)" + OVERRIDE+=" -f ./minimal/docker-compose.override.yml" + fi if [ -f "$PROJECT/docker-compose.override.yml" ]; then log INFO "Applying $PROJECT/docker-compose.override.yml" OVERRIDE+=" -f ./$PROJECT/docker-compose.override.yml" @@ -66,13 +74,13 @@ case "$ACTION" in checkRequirements hc_send log "Bridgehead $PROJECT startup: Requirements checked out. Now starting bridgehead ..." export LDM_LOGIN=$(getLdmPassword) - exec $COMPOSE -f ./$PROJECT/docker-compose.yml $OVERRIDE up --abort-on-container-exit + exec $COMPOSE -f ./minimal/docker-compose.yml -f ./$PROJECT/docker-compose.yml $OVERRIDE up --abort-on-container-exit ;; stop) loadVars - # HACK: This is tempoarily to properly shut down false bridgehead instances (bridgehead-ccp instead ccp) - $COMPOSE -p bridgehead-$PROJECT -f ./$PROJECT/docker-compose.yml $OVERRIDE down - exec $COMPOSE -f ./$PROJECT/docker-compose.yml $OVERRIDE down + # HACK: This is temporarily to properly shut down false bridgehead instances (bridgehead-ccp instead ccp) + $COMPOSE -p bridgehead-$PROJECT -f ./minimal/docker-compose.yml -f ./$PROJECT/docker-compose.yml $OVERRIDE down + exec $COMPOSE -f ./minimal/docker-compose.yml -f ./$PROJECT/docker-compose.yml $OVERRIDE down ;; is-running) bk_is_running @@ -97,7 +105,22 @@ case "$ACTION" in ;; enroll) loadVars - docker run --rm -ti -v /etc/bridgehead/pki:/etc/bridgehead/pki docker.verbis.dkfz.de/cache/samply/beam-enroll:latest --output-file $PRIVATEKEYFILENAME --proxy-id $PROXY_ID --admin-email $SUPPORT_EMAIL + + MANUAL_PROXY_ID="${3:-$PROXY_ID}" + if [ -z "$MANUAL_PROXY_ID" ]; then + log ERROR "No Proxy ID set" + exit 1 + else + log INFO "Enrolling Beam Proxy Id $MANUAL_PROXY_ID" + fi + + if [ -z "$SUPPORT_EMAIL" ]; then + EMAIL_PARAM="" + else + EMAIL_PARAM="--admin-email $SUPPORT_EMAIL" + fi + + docker run --rm -ti -v /etc/bridgehead/pki:/etc/bridgehead/pki docker.verbis.dkfz.de/cache/samply/beam-enroll:latest --output-file $PRIVATEKEYFILENAME --proxy-id $MANUAL_PROXY_ID $EMAIL_PARAM chmod 600 $PRIVATEKEYFILENAME ;; preRun | preUpdate) diff --git a/ccp/docker-compose.yml b/ccp/docker-compose.yml index 624766df..7b7e1292 100644 --- a/ccp/docker-compose.yml +++ b/ccp/docker-compose.yml @@ -1,60 +1,8 @@ version: "3.7" services: - traefik: - container_name: bridgehead-traefik - image: docker.verbis.dkfz.de/cache/traefik:latest - command: - - --entrypoints.web.address=:80 - - --entrypoints.websecure.address=:443 - - --providers.docker=true - - --providers.docker.exposedbydefault=false - - --providers.file.directory=/configuration/ - - --api.dashboard=true - - --accesslog=true - - --entrypoints.web.http.redirections.entrypoint.to=websecure - - --entrypoints.web.http.redirections.entrypoint.scheme=https - labels: - - "traefik.enable=true" - - "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)" - - "traefik.http.routers.dashboard.entrypoints=websecure" - - "traefik.http.routers.dashboard.service=api@internal" - - "traefik.http.routers.dashboard.tls=true" - - "traefik.http.routers.dashboard.middlewares=auth" - - "traefik.http.middlewares.auth.basicauth.users=${LDM_LOGIN}" - ports: - - 80:80 - - 443:443 - volumes: - - /etc/bridgehead/traefik-tls:/certs:ro - - ../lib/traefik-configuration/:/configuration:ro - - /var/run/docker.sock:/var/run/docker.sock:ro - - forward_proxy: - container_name: bridgehead-forward-proxy - image: docker.verbis.dkfz.de/cache/samply/bridgehead-forward-proxy:latest - environment: - HTTPS_PROXY: ${HTTPS_PROXY_URL} - USERNAME: ${HTTPS_PROXY_USERNAME} - PASSWORD: ${HTTPS_PROXY_PASSWORD} - volumes: - - /etc/bridgehead/trusted-ca-certs:/docker/custom-certs/:ro - - landing: - container_name: bridgehead-landingpage - image: docker.verbis.dkfz.de/cache/samply/bridgehead-landingpage:master - labels: - - "traefik.enable=true" - - "traefik.http.routers.landing.rule=PathPrefix(`/`)" - - "traefik.http.services.landing.loadbalancer.server.port=80" - - "traefik.http.routers.landing.tls=true" - environment: - HOST: ${HOST} - PROJECT: ${PROJECT} - SITE_NAME: ${SITE_NAME} - blaze: - image: docker.verbis.dkfz.de/cache/samply/blaze:0.19 + image: docker.verbis.dkfz.de/cache/samply/blaze:latest container_name: bridgehead-ccp-blaze environment: BASE_URL: "http://bridgehead-ccp-blaze:8080" @@ -92,10 +40,8 @@ services: environment: BROKER_URL: ${BROKER_URL} PROXY_ID: ${PROXY_ID} - APP_0_ID: focus - APP_0_KEY: ${FOCUS_BEAM_SECRET_SHORT} - APP_1_ID: report-hub - APP_1_KEY: ${REPORTHUB_BEAM_SECRET_SHORT} + APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT} + APP_report-hub_KEY: ${REPORTHUB_BEAM_SECRET_SHORT} PRIVKEY_FILE: /run/secrets/proxy.pem ALL_PROXY: http://forward_proxy:3128 TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs diff --git a/ccp/exliquid-compose.yml b/ccp/exliquid-compose.yml index d5bb3513..becf99a2 100644 --- a/ccp/exliquid-compose.yml +++ b/ccp/exliquid-compose.yml @@ -2,7 +2,7 @@ version: "3.7" services: exliquid-task-store: - image: docker.verbis.dkfz.de/cache/samply/blaze:0.19 + image: docker.verbis.dkfz.de/cache/samply/blaze:0.20 container_name: bridgehead-exliquid-task-store environment: BASE_URL: "http://bridgehead-exliquid-task-store:8080" diff --git a/ccp/modules/dnpm-compose.yml b/ccp/modules/dnpm-compose.yml new file mode 100644 index 00000000..9286d329 --- /dev/null +++ b/ccp/modules/dnpm-compose.yml @@ -0,0 +1,28 @@ +version: "3.7" + +services: + beam-proxy: + environment: + APP_dnpm-connect_KEY: ${DNPM_BEAM_SECRET_SHORT} + dnpm-beam-connect: + depends_on: [ beam-proxy ] + image: docker.verbis.dkfz.de/cache/samply/beam-connect:dnpm + container_name: bridgehead-dnpm-beam-connect + environment: + PROXY_URL: http://beam-proxy:8081 + PROXY_APIKEY: ${DNPM_BEAM_SECRET_SHORT} + APP_ID: dnpm-connect.${PROXY_ID} + DISCOVERY_URL: "./conf/central_targets.json" + LOCAL_TARGETS_FILE: "./conf/connect_targets.json" + HTTP_PROXY: "http://forward_proxy:3128" + HTTPS_PROXY: "http://forward_proxy:3128" + NO_PROXY: beam-proxy,dnpm-backend + RUST_LOG: ${RUST_LOG:-info} + volumes: + - /etc/bridgehead/dnpm/local_targets.json:/conf/connect_targets.json:ro + - /etc/bridgehead/dnpm/central_targets.json:/conf/central_targets.json:ro + labels: + - "traefik.enable=true" + - "traefik.http.routers.dnpm-connect.rule=PathPrefix(`/dnpm-connect`)" + - "traefik.http.services.dnpm-connect.loadbalancer.server.port=8062" + - "traefik.http.routers.dnpm-connect.tls=true" diff --git a/ccp/modules/dnpm-setup.sh b/ccp/modules/dnpm-setup.sh new file mode 100644 index 00000000..04659ebe --- /dev/null +++ b/ccp/modules/dnpm-setup.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +if [ -n "${ENABLE_DNPM}" ]; then + log DEBUG "DNPM setup detected (Beam.Connect) -- will start Beam.Connect for DNPM." + OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose.yml" + + # Set variables required for Beam-Connect + DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password for DNPM. It is not required to be secret.\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" + DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" +fi diff --git a/ccp/vars b/ccp/vars index 65708298..412abf74 100644 --- a/ccp/vars +++ b/ccp/vars @@ -14,6 +14,13 @@ idManagementSetup # This will load nngm setup. Effective only if nngm configuration is defined. source $PROJECT/nngm-setup.sh nngmSetup + source $PROJECT/exliquid-setup.sh exliquidSetup mtbaSetup + +for module in $PROJECT/modules/*.sh +do + log DEBUG "sourcing $module" + source $module +done diff --git a/lib/functions.sh b/lib/functions.sh index ac5ae6b2..a243842e 100644 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -171,7 +171,7 @@ function retry { function bk_is_running { detectCompose - RUNNING="$($COMPOSE -p $PROJECT -f ./$PROJECT/docker-compose.yml $OVERRIDE ps -q)" + RUNNING="$($COMPOSE -p $PROJECT -f minimal/docker-compose.yml -f ./$PROJECT/docker-compose.yml $OVERRIDE ps -q)" NUMBEROFRUNNING=$(echo "$RUNNING" | wc -l) if [ $NUMBEROFRUNNING -ge 2 ]; then return 0 diff --git a/lib/prepare-system.sh b/lib/prepare-system.sh index c0caa79f..1bddf3ec 100755 --- a/lib/prepare-system.sh +++ b/lib/prepare-system.sh @@ -52,6 +52,9 @@ case "$PROJECT" in bbmri) site_configuration_repository_middle="git.verbis.dkfz.de/bbmri-bridgehead-configs/" ;; + minimal) + site_configuration_repository_middle="git.verbis.dkfz.de/minimal-bridgehead-configs/" + ;; *) log ERROR "Internal error, this should not happen." exit 1 diff --git a/lib/update-bridgehead.sh b/lib/update-bridgehead.sh index bce720de..89db3694 100755 --- a/lib/update-bridgehead.sh +++ b/lib/update-bridgehead.sh @@ -86,7 +86,7 @@ done # Check docker updates log "INFO" "Checking for updates to running docker images ..." docker_updated="false" -for IMAGE in $(cat $PROJECT/docker-compose.yml ${OVERRIDE//-f/} | grep -v "^#" | grep "image:" | sed -e 's_^.*image: \(.*\).*$_\1_g; s_\"__g'); do +for IMAGE in $(cat $PROJECT/docker-compose.yml ${OVERRIDE//-f/} minimal/docker-compose.yml | grep -v "^#" | grep "image:" | sed -e 's_^.*image: \(.*\).*$_\1_g; s_\"__g'); do log "INFO" "Checking for Updates of Image: $IMAGE" if docker pull $IMAGE | grep "Downloaded newer image"; then CHANGE="Image $IMAGE updated." diff --git a/minimal/docker-compose.yml b/minimal/docker-compose.yml new file mode 100644 index 00000000..cd4c2e5c --- /dev/null +++ b/minimal/docker-compose.yml @@ -0,0 +1,56 @@ +version: "3.7" + +services: + traefik: + container_name: bridgehead-traefik + image: docker.verbis.dkfz.de/cache/traefik:latest + command: + - --entrypoints.web.address=:80 + - --entrypoints.websecure.address=:443 + - --providers.docker=true + - --providers.docker.exposedbydefault=false + - --providers.file.directory=/configuration/ + - --api.dashboard=true + - --accesslog=true + - --entrypoints.web.http.redirections.entrypoint.to=websecure + - --entrypoints.web.http.redirections.entrypoint.scheme=https + labels: + - "traefik.enable=true" + - "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)" + - "traefik.http.routers.dashboard.entrypoints=websecure" + - "traefik.http.routers.dashboard.service=api@internal" + - "traefik.http.routers.dashboard.tls=true" + - "traefik.http.routers.dashboard.middlewares=auth" + - "traefik.http.middlewares.auth.basicauth.users=${LDM_LOGIN}" + ports: + - 80:80 + - 443:443 + volumes: + - /etc/bridgehead/traefik-tls:/certs:ro + - ../lib/traefik-configuration/:/configuration:ro + - /var/run/docker.sock:/var/run/docker.sock:ro + + forward_proxy: + container_name: bridgehead-forward-proxy + image: docker.verbis.dkfz.de/cache/samply/bridgehead-forward-proxy:latest + environment: + HTTPS_PROXY: ${HTTPS_PROXY_URL} + USERNAME: ${HTTPS_PROXY_USERNAME} + PASSWORD: ${HTTPS_PROXY_PASSWORD} + volumes: + - /etc/bridgehead/trusted-ca-certs:/docker/custom-certs/:ro + + landing: + container_name: bridgehead-landingpage + image: docker.verbis.dkfz.de/cache/samply/bridgehead-landingpage:master + labels: + - "traefik.enable=true" + - "traefik.http.routers.landing.rule=PathPrefix(`/`)" + - "traefik.http.services.landing.loadbalancer.server.port=80" + - "traefik.http.routers.landing.tls=true" + environment: + HOST: ${HOST} + PROJECT: ${PROJECT} + SITE_NAME: ${SITE_NAME} + + diff --git a/minimal/modules/dnpm-compose.yml b/minimal/modules/dnpm-compose.yml new file mode 100644 index 00000000..276f5ff0 --- /dev/null +++ b/minimal/modules/dnpm-compose.yml @@ -0,0 +1,48 @@ +version: "3.7" + +services: + dnpm-beam-proxy: + image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop + container_name: bridgehead-dnpm-beam-proxy + environment: + BROKER_URL: ${DNPM_BROKER_URL} + PROXY_ID: ${DNPM_PROXY_ID} + APP_dnpm-connect_KEY: ${DNPM_BEAM_SECRET_SHORT} + PRIVKEY_FILE: /run/secrets/proxy.pem + ALL_PROXY: http://forward_proxy:3128 + TLS_CA_CERTIFICATES_DIR: ./conf/trusted-ca-certs + ROOTCERT_FILE: ./conf/root.crt.pem + secrets: + - proxy.pem + depends_on: + - "forward_proxy" + volumes: + - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro + - /srv/docker/bridgehead/ccp/root.crt.pem:/conf/root.crt.pem:ro + + dnpm-beam-connect: + depends_on: [ dnpm-beam-proxy ] + image: docker.verbis.dkfz.de/cache/samply/beam-connect:dnpm + container_name: bridgehead-dnpm-beam-connect + environment: + PROXY_URL: http://dnpm-beam-proxy:8081 + PROXY_APIKEY: ${DNPM_BEAM_SECRET_SHORT} + APP_ID: dnpm-connect.${DNPM_PROXY_ID} + DISCOVERY_URL: "./conf/central_targets.json" + LOCAL_TARGETS_FILE: "./conf/connect_targets.json" + HTTP_PROXY: http://forward_proxy:3128 + HTTPS_PROXY: http://forward_proxy:3128 + NO_PROXY: dnpm-beam-proxy,dnpm-backend + RUST_LOG: ${RUST_LOG:-info} + volumes: + - /etc/bridgehead/dnpm/local_targets.json:/conf/connect_targets.json:ro + - /etc/bridgehead/dnpm/central_targets.json:/conf/central_targets.json:ro + labels: + - "traefik.enable=true" + - "traefik.http.routers.dnpm-connect.rule=PathPrefix(`/dnpm-connect`)" + - "traefik.http.services.dnpm-connect.loadbalancer.server.port=8062" + - "traefik.http.routers.dnpm-connect.tls=true" + +secrets: + proxy.pem: + file: /etc/bridgehead/pki/${SITE_ID}.priv.pem diff --git a/minimal/modules/dnpm-setup.sh b/minimal/modules/dnpm-setup.sh new file mode 100644 index 00000000..7b3be9a2 --- /dev/null +++ b/minimal/modules/dnpm-setup.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +if [ -n "${ENABLE_DNPM}" ]; then + log DEBUG "DNPM setup detected (Beam.Connect) -- will start Beam and Beam.Connect for DNPM." + OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose.yml" + + # Set variables required for Beam-Connect + DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password for DNPM. It is not required to be secret.\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" + DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" + DNPM_BROKER_ID="broker.ccp-it.dktk.dkfz.de" + DNPM_BROKER_URL="https://${DNPM_BROKER_ID}" + DNPM_PROXY_ID="${SITE_ID}.${DNPM_BROKER_ID}" +fi diff --git a/minimal/vars b/minimal/vars new file mode 100644 index 00000000..11d07ff5 --- /dev/null +++ b/minimal/vars @@ -0,0 +1,6 @@ +for module in $PROJECT/modules/*.sh +do + log DEBUG "sourcing $module" + source $module +done +PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem