samply
/
bridgehead
mirror of https://github.com/samply/bridgehead.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #104 from samply/bbmri-combined 

BBMRI-ERIC / GBN combined Bridgehead
This commit is contained in:
Martin Lablans 2023-08-09 08:42:10 +02:00 committed by GitHub
parent eeacf6cc11 54d83736c3
commit 7e6c310148
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 167 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
bbmri/directory-sync.sh
View File

@ -1,8 +0,0 @@
#!/bin/bash
function dirSetup() {
if [ -n "$DS_DIRECTORY_USER_NAME" ]; then
log INFO "Directory sync setup detected -- will start directory sync service."
OVERRIDE+=" -f ./$PROJECT/directory-sync-compose.yml"
fi
}

36
bbmri/docker-compose.yml
View File

@ -1,5 +1,7 @@
version: "3.7" version: "3.7"
# This includes only the shared persistence for BBMRI-ERIC and GBN. Federation components are included as modules, see vars.
services: services:
blaze: blaze:
image: docker.verbis.dkfz.de/cache/samply/blaze:latest image: docker.verbis.dkfz.de/cache/samply/blaze:latest
@ -19,42 +21,10 @@ services:
- "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,auth" - "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,auth"
- "traefik.http.routers.blaze_ccp.tls=true" - "traefik.http.routers.blaze_ccp.tls=true"
focus:
image: docker.verbis.dkfz.de/cache/samply/focus:main
container_name: bridgehead-focus
environment:
API_KEY: ${FOCUS_BEAM_SECRET_SHORT}
BEAM_APP_ID_LONG: focus.${PROXY_ID}
PROXY_ID: ${PROXY_ID}
BLAZE_URL: "http://bridgehead-bbmri-blaze:8080/fhir/"
BEAM_PROXY_URL: http://beam-proxy:8081
RETRY_COUNT: ${FOCUS_RETRY_COUNT}
depends_on:
- "beam-proxy"
- "blaze"
beam-proxy:
image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop
container_name: bridgehead-beam-proxy
environment:
BROKER_URL: ${BROKER_URL}
PROXY_ID: ${PROXY_ID}
APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT}
PRIVKEY_FILE: /run/secrets/proxy.pem
ALL_PROXY: http://forward_proxy:3128
TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
ROOTCERT_FILE: /conf/root.crt.pem
secrets:
- proxy.pem
depends_on:
- "forward_proxy"
volumes:
- /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
- /srv/docker/bridgehead/bbmri/root.crt.pem:/conf/root.crt.pem:ro
volumes: volumes:
blaze-data: blaze-data:
# used in modules *-locator.yml
secrets: secrets:
proxy.pem: proxy.pem:
file: /etc/bridgehead/pki/${SITE_ID}.priv.pem file: /etc/bridgehead/pki/${SITE_ID}.priv.pem

0
bbmri/directory-sync-compose.yml → bbmri/modules/directory-sync-compose.yml
View File

6
bbmri/modules/directory-sync.sh Executable file
View File

@ -0,0 +1,6 @@
#!/bin/bash
if [ -n "${DS_DIRECTORY_USER_NAME}" ]; then
log INFO "Directory sync setup detected -- will start directory sync service."
OVERRIDE+=" -f ./$PROJECT/modules/directory-sync-compose.yml"
fi

2
bbmri/modules/dnpm-setup.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
if [ -n "${ENABLE_DNPM}" ]; then if [ -n "${ENABLE_DNPM}" ]; then
log DEBUG "DNPM setup detected (Beam.Connect) -- will start Beam and Beam.Connect for DNPM." log INFO "DNPM setup detected (Beam.Connect) -- will start Beam and Beam.Connect for DNPM."
OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose.yml" OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose.yml"
# Set variables required for Beam-Connect # Set variables required for Beam-Connect

36
bbmri/modules/eric-compose.yml Normal file
View File

@ -0,0 +1,36 @@
version: "3.7"
services:
focus-eric:
image: docker.verbis.dkfz.de/cache/samply/focus:main
container_name: bridgehead-focus-eric
environment:
API_KEY: ${ERIC_FOCUS_BEAM_SECRET_SHORT}
BEAM_APP_ID_LONG: focus.${ERIC_PROXY_ID}
PROXY_ID: ${ERIC_PROXY_ID}
BLAZE_URL: "http://blaze:8080/fhir/"
BEAM_PROXY_URL: http://beam-proxy-eric:8081
RETRY_COUNT: ${FOCUS_RETRY_COUNT}
depends_on:
- "beam-proxy-eric"
- "blaze"
beam-proxy-eric:
image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop
container_name: bridgehead-beam-proxy-eric
environment:
BROKER_URL: ${ERIC_BROKER_URL}
PROXY_ID: ${ERIC_PROXY_ID}
APP_focus_KEY: ${ERIC_FOCUS_BEAM_SECRET_SHORT}
PRIVKEY_FILE: /run/secrets/proxy.pem
ALL_PROXY: http://forward_proxy:3128
TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
ROOTCERT_FILE: /conf/root.crt.pem
secrets:
- proxy.pem
depends_on:
- "forward_proxy"
volumes:
- /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
- /srv/docker/bridgehead/bbmri/modules/eric.root.crt.pem:/conf/root.crt.pem:ro

13
bbmri/modules/eric-setup.sh Normal file
View File

@ -0,0 +1,13 @@
#!/bin/bash
if [ "${ENABLE_ERIC}" == "true" ]; then
log INFO "BBMRI-ERIC setup detected -- will start services for BBMRI-ERIC."
OVERRIDE+=" -f ./$PROJECT/modules/eric-compose.yml"
# Set required variables
ERIC_BROKER_ID=broker.bbmri.samply.de
ERIC_BROKER_URL=https://${ERIC_BROKER_ID}
ERIC_PROXY_ID=${SITE_ID}.${ERIC_BROKER_ID}
ERIC_FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
ERIC_SUPPORT_EMAIL=bridgehead@helpdesk.bbmri-eric.eu
fi

0
bbmri/root.crt.pem → bbmri/modules/eric.root.crt.pem
View File

36
bbmri/modules/gbn-compose.yml Normal file
View File

@ -0,0 +1,36 @@
version: "3.7"
services:
focus-gbn:
image: docker.verbis.dkfz.de/cache/samply/focus:main
container_name: bridgehead-focus-gbn
environment:
API_KEY: ${GBN_FOCUS_BEAM_SECRET_SHORT}
BEAM_APP_ID_LONG: focus.${GBN_PROXY_ID}
PROXY_ID: ${GBN_PROXY_ID}
BLAZE_URL: "http://blaze:8080/fhir/"
BEAM_PROXY_URL: http://beam-proxy-gbn:8081
RETRY_COUNT: ${FOCUS_RETRY_COUNT}
depends_on:
- "beam-proxy-gbn"
- "blaze"
beam-proxy-gbn:
image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop
container_name: bridgehead-beam-proxy-gbn
environment:
BROKER_URL: ${GBN_BROKER_URL}
PROXY_ID: ${GBN_PROXY_ID}
APP_focus_KEY: ${GBN_FOCUS_BEAM_SECRET_SHORT}
PRIVKEY_FILE: /run/secrets/proxy.pem
ALL_PROXY: http://forward_proxy:3128
TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
ROOTCERT_FILE: /conf/root.crt.pem
secrets:
- proxy.pem
depends_on:
- "forward_proxy"
volumes:
- /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
- /srv/docker/bridgehead/bbmri/modules/gbn.root.crt.pem:/conf/root.crt.pem:ro

13
bbmri/modules/gbn-setup.sh Normal file
View File

@ -0,0 +1,13 @@
#!/bin/bash
if [ "${ENABLE_GBN}" == "true" ]; then
log INFO "GBN setup detected -- will start services for German Biobank Node."
OVERRIDE+=" -f ./$PROJECT/modules/gbn-compose.yml"
# Set required variables
GBN_BROKER_ID='#TODO#'
GBN_BROKER_URL=https://${GBN_BROKER_ID}
GBN_PROXY_ID=${SITE_ID}.${GBN_BROKER_ID}
GBN_FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
GBN_SUPPORT_EMAIL=todo@verbis.dkfz.de
fi

1
bbmri/modules/gbn.root.crt.pem Normal file
View File

@ -0,0 +1 @@
#TODO#

36
bbmri/vars
View File

@ -1,9 +1,10 @@
BROKER_ID=broker.bbmri.samply.de # Makes sense for all European Biobanks
BROKER_URL=https://${BROKER_ID} : ${ENABLE_ERIC:=true}
PROXY_ID=${SITE_ID}.${BROKER_ID}
FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" # Makes only sense for German Biobanks
: ${ENABLE_GBN:=false}
FOCUS_RETRY_COUNT=32 FOCUS_RETRY_COUNT=32
SUPPORT_EMAIL=bridgehead@helpdesk.bbmri-eric.eu
PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
for module in $PROJECT/modules/*.sh for module in $PROJECT/modules/*.sh
@ -12,6 +13,25 @@ do
source $module source $module
done done
# This will load directory-sync setup. SUPPORT_EMAIL=$ERIC_SUPPORT_EMAIL
source $PROJECT/directory-sync.sh BROKER_URL_FOR_PREREQ=$ERIC_BROKER_URL
dirSetup
if [ -n "$GBN_SUPPORT_EMAIL" ]; then
SUPPORT_EMAIL=$GBN_SUPPORT_EMAIL
fi
function do_enroll {
COUNT=0
if [ "$ENABLE_ERIC" == "true" ]; then
do_enroll_inner $ERIC_PROXY_ID $ERIC_SUPPORT_EMAIL
COUNT=$((COUNT+1))
fi
if [ "$ENABLE_GBN" == "true" ]; then
do_enroll_inner $GBN_PROXY_ID $GBN_SUPPORT_EMAIL
COUNT=$((COUNT+1))
fi
if [ $COUNT -ge 2 ]; then
echo
echo "You just received $COUNT certificate signing requests (CSR). Please send $COUNT e-mails, with 1 CSR each, to the respective e-mail address."
fi
}

17
bridgehead
View File

@ -106,22 +106,7 @@ case "$ACTION" in
enroll) enroll)
loadVars loadVars
MANUAL_PROXY_ID="${3:-$PROXY_ID}" do_enroll $PROXY_ID
if [ -z "$MANUAL_PROXY_ID" ]; then
log ERROR "No Proxy ID set"
exit 1
else
log INFO "Enrolling Beam Proxy Id $MANUAL_PROXY_ID"
fi
if [ -z "$SUPPORT_EMAIL" ]; then
EMAIL_PARAM=""
else
EMAIL_PARAM="--admin-email $SUPPORT_EMAIL"
fi
docker run --rm -ti -v /etc/bridgehead/pki:/etc/bridgehead/pki samply/beam-enroll:latest --output-file $PRIVATEKEYFILENAME --proxy-id $MANUAL_PROXY_ID $EMAIL_PARAM
chmod 600 $PRIVATEKEYFILENAME
;; ;;
preRun | preUpdate) preRun | preUpdate)
fixPermissions fixPermissions

2
ccp/modules/dnpm-setup.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
if [ -n "${ENABLE_DNPM}" ]; then if [ -n "${ENABLE_DNPM}" ]; then
log DEBUG "DNPM setup detected (Beam.Connect) -- will start Beam.Connect for DNPM." log INFO "DNPM setup detected (Beam.Connect) -- will start Beam.Connect for DNPM."
OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose.yml" OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose.yml"
# Set variables required for Beam-Connect # Set variables required for Beam-Connect

2
ccp/vars
View File

@ -6,6 +6,8 @@ FOCUS_RETRY_COUNT=32
SUPPORT_EMAIL=support-ccp@dkfz-heidelberg.de SUPPORT_EMAIL=support-ccp@dkfz-heidelberg.de
PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
BROKER_URL_FOR_PREREQ=$BROKER_URL
# This will load id-management setup. Effective only if id-management configuration is defined. # This will load id-management setup. Effective only if id-management configuration is defined.
source $PROJECT/modules/id-management-setup.sh source $PROJECT/modules/id-management-setup.sh
idManagementSetup idManagementSetup

26
lib/functions.sh
View File

@ -180,6 +180,26 @@ function bk_is_running {
fi fi
} }
##Setting Network properties function do_enroll_inner {
# currently not needed PARAMS=""
#export HOSTIP=$(MSYS_NO_PATHCONV=1 docker run --rm --add-host=host.docker.internal:host-gateway ubuntu cat /etc/hosts | grep 'host.docker.internal' | awk '{print $1}');
MANUAL_PROXY_ID="${1:-$PROXY_ID}"
if [ -z "$MANUAL_PROXY_ID" ]; then
log ERROR "No Proxy ID set"
exit 1
else
log INFO "Enrolling Beam Proxy Id $MANUAL_PROXY_ID"
fi
SUPPORT_EMAIL="${2:-$SUPPORT_EMAIL}"
if [ -n "$SUPPORT_EMAIL" ]; then
PARAMS+="--admin-email $SUPPORT_EMAIL"
fi
docker run --rm -ti -v /etc/bridgehead/pki:/etc/bridgehead/pki samply/beam-enroll:latest --output-file $PRIVATEKEYFILENAME --proxy-id $MANUAL_PROXY_ID $PARAMS
chmod 600 $PRIVATEKEYFILENAME
}
function do_enroll {
do_enroll_inner $@
}

6
lib/prerequisites.sh
View File

@ -62,17 +62,17 @@ if [ -e /etc/bridgehead/vault.conf ]; then
fi fi
fi fi
log INFO "Checking network access ($BROKER_URL) ..." log INFO "Checking network access ($BROKER_URL_FOR_PREREQ) ..."
source /etc/bridgehead/${PROJECT}.conf source /etc/bridgehead/${PROJECT}.conf
source ${PROJECT}/vars source ${PROJECT}/vars
set +e set +e
SERVERTIME="$(https_proxy=$HTTPS_PROXY_URL curl -m 5 -s -I $BROKER_URL 2>&1 | grep -i -e '^Date: ' | sed -e 's/^Date: //i')" SERVERTIME="$(https_proxy=$HTTPS_PROXY_URL curl -m 5 -s -I $BROKER_URL_FOR_PREREQ 2>&1 | grep -i -e '^Date: ' | sed -e 's/^Date: //i')"
RET=$? RET=$?
set -e set -e
if [ $RET -ne 0 ]; then if [ $RET -ne 0 ]; then
log WARN "Unable to connect to Samply.Beam broker at $BROKER_URL. Please check your proxy settings.\nThe currently configured proxy was \"$HTTPS_PROXY_URL\". This error is normal when using proxy authentication." log WARN "Unable to connect to Samply.Beam broker at $BROKER_URL_FOR_PREREQ. Please check your proxy settings.\nThe currently configured proxy was \"$HTTPS_PROXY_URL\". This error is normal when using proxy authentication."
log WARN "Unable to check clock skew due to previous error." log WARN "Unable to check clock skew due to previous error."
else else
log INFO "Checking clock skew ..." log INFO "Checking clock skew ..."