samply/bridgehead
1
0
Fork 0
mirror of https://github.com/samply/bridgehead.git synced 2025-06-16 20:40:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add BBMRI broker configuration

Browse Source
This commit is contained in:
David Juarez
2025-05-26 14:53:57 +02:00
parent 92ea700ea6
commit 7c5bbefe74
3 changed files with 28 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bbmri/modules/teiler-setup.sh
View File

@ -5,5 +5,5 @@ if [ "$ENABLE_TEILER" == true ];then
OVERRIDE+=" -f ./$PROJECT/modules/teiler-compose.yml" OVERRIDE+=" -f ./$PROJECT/modules/teiler-compose.yml"
TEILER_DEFAULT_LANGUAGE=EN TEILER_DEFAULT_LANGUAGE=EN
TEILER_DEFAULT_LANGUAGE_LOWER_CASE=${TEILER_DEFAULT_LANGUAGE,,} TEILER_DEFAULT_LANGUAGE_LOWER_CASE=${TEILER_DEFAULT_LANGUAGE,,}
add_public_oidc_redirect_url "/ccp-teiler/*" # add_public_oidc_redirect_url "/ccp-teiler/*"
fi fi

9
bbmri/vars
View File

@ -1,3 +1,10 @@
BROKER_ID=broker-test.bbmri-test.samply.de
BROKER_URL=https://${BROKER_ID}
PROXY_ID=${SITE_ID}.${BROKER_ID}
PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
BROKER_URL_FOR_PREREQ=$BROKER_URL
echo $PRIVATEKEYFILENAME
# Makes sense for all European Biobanks # Makes sense for all European Biobanks
: ${ENABLE_ERIC:=true} : ${ENABLE_ERIC:=true}
@ -5,7 +12,7 @@
: ${ENABLE_GBN:=false} : ${ENABLE_GBN:=false}
FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64} FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
# TODO: Adapt Teiler to work without exporter. Then, remove the following OIDC configuration: # TODO: Adapt Teiler to work without exporter. Then, remove the following OIDC configuration:
OIDC_USER_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})" OIDC_USER_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})"

23
lib/functions.sh
View File

@ -301,19 +301,34 @@ function sync_secrets() {
if [[ $secret_sync_args == "" ]]; then if [[ $secret_sync_args == "" ]]; then
return return
fi fi
if [ "$PROJECT" == "bbmri" ]; then
# If the project is BBMRI, use the BBMRI-ERIC broker and not the GBN broker
proxy_id=$ERIC_PROXY_ID
broker_url=$ERIC_BROKER_URL
broker_id=$ERIC_BROKER_ID
root_crt_file="/srv/docker/bridgehead/bbmri/modules/${ERIC_ROOT_CERT}.root.crt.pem"
else
proxy_id=$PROXY_ID
broker_url=$BROKER_URL
broker_id=$BROKER_ID
root_crt_file="/srv/docker/bridgehead/$PROJECT/root.crt.pem"
fi
mkdir -p /var/cache/bridgehead/secrets/ || fail_and_report 1 "Failed to create '/var/cache/bridgehead/secrets/'. Please run sudo './bridgehead install $PROJECT' again." mkdir -p /var/cache/bridgehead/secrets/ || fail_and_report 1 "Failed to create '/var/cache/bridgehead/secrets/'. Please run sudo './bridgehead install $PROJECT' again."
touch /var/cache/bridgehead/secrets/oidc touch /var/cache/bridgehead/secrets/oidc
echo $PRIVATEKEYFILENAME
docker run --rm \ docker run --rm \
-v /var/cache/bridgehead/secrets/oidc:/usr/local/cache \ -v /var/cache/bridgehead/secrets/oidc:/usr/local/cache \
-v $PRIVATEKEYFILENAME:/run/secrets/privkey.pem:ro \ -v $PRIVATEKEYFILENAME:/run/secrets/privkey.pem:ro \
-v /srv/docker/bridgehead/$PROJECT/root.crt.pem:/run/secrets/root.crt.pem:ro \ -v $root_crt_file:/run/secrets/root.crt.pem:ro \
-v /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro \ -v /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro \
-e TLS_CA_CERTIFICATES_DIR=/conf/trusted-ca-certs \ -e TLS_CA_CERTIFICATES_DIR=/conf/trusted-ca-certs \
-e NO_PROXY=localhost,127.0.0.1 \ -e NO_PROXY=localhost,127.0.0.1 \
-e ALL_PROXY=$HTTPS_PROXY_FULL_URL \ -e ALL_PROXY=$HTTPS_PROXY_FULL_URL \
-e PROXY_ID=$PROXY_ID \ -e PROXY_ID=$proxy_id \
-e BROKER_URL=$BROKER_URL \ -e BROKER_URL=$broker_url \
-e OIDC_PROVIDER=secret-sync-central.central-secret-sync.$BROKER_ID \ -e OIDC_PROVIDER=secret-sync-central.central-secret-sync.$broker_id \
-e SECRET_DEFINITIONS=$secret_sync_args \ -e SECRET_DEFINITIONS=$secret_sync_args \
docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest