Merge branch 'main' into dktk-migration

ccp/docker-compose.yml

@@ -1,60 +1,8 @@
 version: "3.7"
 
 services:
-  traefik:
-    container_name: bridgehead-traefik
-    image: docker.verbis.dkfz.de/cache/traefik:latest
-    command:
-      - --entrypoints.web.address=:80
-      - --entrypoints.websecure.address=:443
-      - --providers.docker=true
-      - --providers.docker.exposedbydefault=false
-      - --providers.file.directory=/configuration/
-      - --api.dashboard=true
-      - --accesslog=true
-      - --entrypoints.web.http.redirections.entrypoint.to=websecure
-      - --entrypoints.web.http.redirections.entrypoint.scheme=https
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
-      - "traefik.http.routers.dashboard.entrypoints=websecure"
-      - "traefik.http.routers.dashboard.service=api@internal"
-      - "traefik.http.routers.dashboard.tls=true"
-      - "traefik.http.routers.dashboard.middlewares=auth"
-      - "traefik.http.middlewares.auth.basicauth.users=${LDM_LOGIN}"
-    ports:
-      - 80:80
-      - 443:443
-    volumes:
-      - /etc/bridgehead/traefik-tls:/certs:ro
-      - ../lib/traefik-configuration/:/configuration:ro
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-
-  forward_proxy:
-    container_name: bridgehead-forward-proxy
-    image: docker.verbis.dkfz.de/cache/samply/bridgehead-forward-proxy:latest
-    environment:
-      HTTPS_PROXY: ${HTTPS_PROXY_URL}
-      USERNAME: ${HTTPS_PROXY_USERNAME}
-      PASSWORD: ${HTTPS_PROXY_PASSWORD}
-    volumes:
-      - /etc/bridgehead/trusted-ca-certs:/docker/custom-certs/:ro
-
-  landing:
-    container_name: bridgehead-landingpage
-    image: docker.verbis.dkfz.de/cache/samply/bridgehead-landingpage:master
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.landing.rule=PathPrefix(`/`)"
-      - "traefik.http.services.landing.loadbalancer.server.port=80"
-      - "traefik.http.routers.landing.tls=true"
-    environment:
-      HOST: ${HOST}
-      PROJECT: ${PROJECT}
-      SITE_NAME: ${SITE_NAME}
-
   blaze:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:0.19
+    image: docker.verbis.dkfz.de/cache/samply/blaze:latest
     container_name: bridgehead-ccp-blaze
     environment:
       BASE_URL: "http://bridgehead-ccp-blaze:8080"
@@ -92,10 +40,8 @@ services:
     environment:
       BROKER_URL: ${BROKER_URL}
       PROXY_ID: ${PROXY_ID}
-      APP_0_ID: focus
-      APP_0_KEY: ${FOCUS_BEAM_SECRET_SHORT}
-      APP_1_ID: report-hub
-      APP_1_KEY: ${REPORTHUB_BEAM_SECRET_SHORT}
+      APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT}
+      APP_report-hub_KEY: ${REPORTHUB_BEAM_SECRET_SHORT}
       PRIVKEY_FILE: /run/secrets/proxy.pem
       ALL_PROXY: http://forward_proxy:3128
       TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs

ccp/exliquid-compose.yml

@@ -2,7 +2,7 @@ version: "3.7"
 
 services:
   exliquid-task-store:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:0.19
+    image: docker.verbis.dkfz.de/cache/samply/blaze:0.20
     container_name: bridgehead-exliquid-task-store
     environment:
       BASE_URL: "http://bridgehead-exliquid-task-store:8080"

ccp/modules/dnpm-compose.yml

@@ -0,0 +1,28 @@
+version: "3.7"
+
+services:
+  beam-proxy:
+    environment:
+      APP_dnpm-connect_KEY: ${DNPM_BEAM_SECRET_SHORT}
+  dnpm-beam-connect:
+    depends_on: [ beam-proxy ]
+    image: docker.verbis.dkfz.de/cache/samply/beam-connect:dnpm
+    container_name: bridgehead-dnpm-beam-connect
+    environment:
+      PROXY_URL: http://beam-proxy:8081
+      PROXY_APIKEY: ${DNPM_BEAM_SECRET_SHORT}
+      APP_ID: dnpm-connect.${PROXY_ID}
+      DISCOVERY_URL: "./conf/central_targets.json"
+      LOCAL_TARGETS_FILE: "./conf/connect_targets.json"
+      HTTP_PROXY: "http://forward_proxy:3128"
+      HTTPS_PROXY: "http://forward_proxy:3128"
+      NO_PROXY: beam-proxy,dnpm-backend
+      RUST_LOG: ${RUST_LOG:-info}
+    volumes:
+      - /etc/bridgehead/dnpm/local_targets.json:/conf/connect_targets.json:ro
+      - /etc/bridgehead/dnpm/central_targets.json:/conf/central_targets.json:ro
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.dnpm-connect.rule=PathPrefix(`/dnpm-connect`)"
+      - "traefik.http.services.dnpm-connect.loadbalancer.server.port=8062"
+      - "traefik.http.routers.dnpm-connect.tls=true"

ccp/modules/dnpm-setup.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+if [ -n "${ENABLE_DNPM}" ]; then
+	log DEBUG "DNPM setup detected (Beam.Connect) -- will start Beam.Connect for DNPM."
+	OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose.yml"
+
+	# Set variables required for Beam-Connect
+	DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password for DNPM. It is not required to be secret.\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
+	DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
+fi

ccp/vars

@@ -14,6 +14,13 @@ idManagementSetup
 # This will load nngm setup. Effective only if nngm configuration is defined.
 source $PROJECT/nngm-setup.sh
 nngmSetup
+
 source $PROJECT/exliquid-setup.sh
 exliquidSetup
 mtbaSetup
+
+for module in $PROJECT/modules/*.sh
+do
+    log DEBUG "sourcing $module"
+    source $module
+done