mirror of https://github.com/samply/bridgehead.git
Merge pull request #104 from samply/bbmri-combined
BBMRI-ERIC / GBN combined Bridgehead
This commit is contained in:
Martin Lablans
GitHub
commit
7e6c310148
|
|
@ -1,8 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
function dirSetup() {
|
||||
if [ -n "$DS_DIRECTORY_USER_NAME" ]; then
|
||||
log INFO "Directory sync setup detected -- will start directory sync service."
|
||||
OVERRIDE+=" -f ./$PROJECT/directory-sync-compose.yml"
|
||||
fi
|
||||
}
|
||||
|
|
@ -1,5 +1,7 @@
|
|||
version: "3.7"
|
||||
|
||||
# This includes only the shared persistence for BBMRI-ERIC and GBN. Federation components are included as modules, see vars.
|
||||
|
||||
services:
|
||||
blaze:
|
||||
image: docker.verbis.dkfz.de/cache/samply/blaze:latest
|
||||
|
|
@ -19,42 +21,10 @@ services:
|
|||
- "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,auth"
|
||||
- "traefik.http.routers.blaze_ccp.tls=true"
|
||||
|
||||
focus:
|
||||
image: docker.verbis.dkfz.de/cache/samply/focus:main
|
||||
container_name: bridgehead-focus
|
||||
environment:
|
||||
API_KEY: ${FOCUS_BEAM_SECRET_SHORT}
|
||||
BEAM_APP_ID_LONG: focus.${PROXY_ID}
|
||||
PROXY_ID: ${PROXY_ID}
|
||||
BLAZE_URL: "http://bridgehead-bbmri-blaze:8080/fhir/"
|
||||
BEAM_PROXY_URL: http://beam-proxy:8081
|
||||
RETRY_COUNT: ${FOCUS_RETRY_COUNT}
|
||||
depends_on:
|
||||
- "beam-proxy"
|
||||
- "blaze"
|
||||
|
||||
beam-proxy:
|
||||
image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop
|
||||
container_name: bridgehead-beam-proxy
|
||||
environment:
|
||||
BROKER_URL: ${BROKER_URL}
|
||||
PROXY_ID: ${PROXY_ID}
|
||||
APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT}
|
||||
PRIVKEY_FILE: /run/secrets/proxy.pem
|
||||
ALL_PROXY: http://forward_proxy:3128
|
||||
TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
|
||||
ROOTCERT_FILE: /conf/root.crt.pem
|
||||
secrets:
|
||||
- proxy.pem
|
||||
depends_on:
|
||||
- "forward_proxy"
|
||||
volumes:
|
||||
- /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
|
||||
- /srv/docker/bridgehead/bbmri/root.crt.pem:/conf/root.crt.pem:ro
|
||||
|
||||
volumes:
|
||||
blaze-data:
|
||||
|
||||
# used in modules *-locator.yml
|
||||
secrets:
|
||||
proxy.pem:
|
||||
file: /etc/bridgehead/pki/${SITE_ID}.priv.pem
|
||||
|
|
|
|||
|
|
@ -0,0 +1,6 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [ -n "${DS_DIRECTORY_USER_NAME}" ]; then
|
||||
log INFO "Directory sync setup detected -- will start directory sync service."
|
||||
OVERRIDE+=" -f ./$PROJECT/modules/directory-sync-compose.yml"
|
||||
fi
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [ -n "${ENABLE_DNPM}" ]; then
|
||||
log DEBUG "DNPM setup detected (Beam.Connect) -- will start Beam and Beam.Connect for DNPM."
|
||||
log INFO "DNPM setup detected (Beam.Connect) -- will start Beam and Beam.Connect for DNPM."
|
||||
OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose.yml"
|
||||
|
||||
# Set variables required for Beam-Connect
|
||||
|
|
|
|||
|
|
@ -0,0 +1,36 @@
|
|||
version: "3.7"
|
||||
|
||||
services:
|
||||
focus-eric:
|
||||
image: docker.verbis.dkfz.de/cache/samply/focus:main
|
||||
container_name: bridgehead-focus-eric
|
||||
environment:
|
||||
API_KEY: ${ERIC_FOCUS_BEAM_SECRET_SHORT}
|
||||
BEAM_APP_ID_LONG: focus.${ERIC_PROXY_ID}
|
||||
PROXY_ID: ${ERIC_PROXY_ID}
|
||||
BLAZE_URL: "http://blaze:8080/fhir/"
|
||||
BEAM_PROXY_URL: http://beam-proxy-eric:8081
|
||||
RETRY_COUNT: ${FOCUS_RETRY_COUNT}
|
||||
depends_on:
|
||||
- "beam-proxy-eric"
|
||||
- "blaze"
|
||||
|
||||
beam-proxy-eric:
|
||||
image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop
|
||||
container_name: bridgehead-beam-proxy-eric
|
||||
environment:
|
||||
BROKER_URL: ${ERIC_BROKER_URL}
|
||||
PROXY_ID: ${ERIC_PROXY_ID}
|
||||
APP_focus_KEY: ${ERIC_FOCUS_BEAM_SECRET_SHORT}
|
||||
PRIVKEY_FILE: /run/secrets/proxy.pem
|
||||
ALL_PROXY: http://forward_proxy:3128
|
||||
TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
|
||||
ROOTCERT_FILE: /conf/root.crt.pem
|
||||
secrets:
|
||||
- proxy.pem
|
||||
depends_on:
|
||||
- "forward_proxy"
|
||||
volumes:
|
||||
- /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
|
||||
- /srv/docker/bridgehead/bbmri/modules/eric.root.crt.pem:/conf/root.crt.pem:ro
|
||||
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [ "${ENABLE_ERIC}" == "true" ]; then
|
||||
log INFO "BBMRI-ERIC setup detected -- will start services for BBMRI-ERIC."
|
||||
OVERRIDE+=" -f ./$PROJECT/modules/eric-compose.yml"
|
||||
|
||||
# Set required variables
|
||||
ERIC_BROKER_ID=broker.bbmri.samply.de
|
||||
ERIC_BROKER_URL=https://${ERIC_BROKER_ID}
|
||||
ERIC_PROXY_ID=${SITE_ID}.${ERIC_BROKER_ID}
|
||||
ERIC_FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
|
||||
ERIC_SUPPORT_EMAIL=bridgehead@helpdesk.bbmri-eric.eu
|
||||
fi
|
||||
|
|
@ -0,0 +1,36 @@
|
|||
version: "3.7"
|
||||
|
||||
services:
|
||||
focus-gbn:
|
||||
image: docker.verbis.dkfz.de/cache/samply/focus:main
|
||||
container_name: bridgehead-focus-gbn
|
||||
environment:
|
||||
API_KEY: ${GBN_FOCUS_BEAM_SECRET_SHORT}
|
||||
BEAM_APP_ID_LONG: focus.${GBN_PROXY_ID}
|
||||
PROXY_ID: ${GBN_PROXY_ID}
|
||||
BLAZE_URL: "http://blaze:8080/fhir/"
|
||||
BEAM_PROXY_URL: http://beam-proxy-gbn:8081
|
||||
RETRY_COUNT: ${FOCUS_RETRY_COUNT}
|
||||
depends_on:
|
||||
- "beam-proxy-gbn"
|
||||
- "blaze"
|
||||
|
||||
beam-proxy-gbn:
|
||||
image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop
|
||||
container_name: bridgehead-beam-proxy-gbn
|
||||
environment:
|
||||
BROKER_URL: ${GBN_BROKER_URL}
|
||||
PROXY_ID: ${GBN_PROXY_ID}
|
||||
APP_focus_KEY: ${GBN_FOCUS_BEAM_SECRET_SHORT}
|
||||
PRIVKEY_FILE: /run/secrets/proxy.pem
|
||||
ALL_PROXY: http://forward_proxy:3128
|
||||
TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
|
||||
ROOTCERT_FILE: /conf/root.crt.pem
|
||||
secrets:
|
||||
- proxy.pem
|
||||
depends_on:
|
||||
- "forward_proxy"
|
||||
volumes:
|
||||
- /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
|
||||
- /srv/docker/bridgehead/bbmri/modules/gbn.root.crt.pem:/conf/root.crt.pem:ro
|
||||
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [ "${ENABLE_GBN}" == "true" ]; then
|
||||
log INFO "GBN setup detected -- will start services for German Biobank Node."
|
||||
OVERRIDE+=" -f ./$PROJECT/modules/gbn-compose.yml"
|
||||
|
||||
# Set required variables
|
||||
GBN_BROKER_ID='#TODO#'
|
||||
GBN_BROKER_URL=https://${GBN_BROKER_ID}
|
||||
GBN_PROXY_ID=${SITE_ID}.${GBN_BROKER_ID}
|
||||
GBN_FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
|
||||
GBN_SUPPORT_EMAIL=todo@verbis.dkfz.de
|
||||
fi
|
||||
|
|
@ -0,0 +1 @@
|
|||
#TODO#
|
||||
36
bbmri/vars
36
bbmri/vars
|
|
@ -1,9 +1,10 @@
|
|||
BROKER_ID=broker.bbmri.samply.de
|
||||
BROKER_URL=https://${BROKER_ID}
|
||||
PROXY_ID=${SITE_ID}.${BROKER_ID}
|
||||
FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
|
||||
# Makes sense for all European Biobanks
|
||||
: ${ENABLE_ERIC:=true}
|
||||
|
||||
# Makes only sense for German Biobanks
|
||||
: ${ENABLE_GBN:=false}
|
||||
|
||||
FOCUS_RETRY_COUNT=32
|
||||
SUPPORT_EMAIL=bridgehead@helpdesk.bbmri-eric.eu
|
||||
PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
|
||||
|
||||
for module in $PROJECT/modules/*.sh
|
||||
|
|
@ -12,6 +13,25 @@ do
|
|||
source $module
|
||||
done
|
||||
|
||||
# This will load directory-sync setup.
|
||||
source $PROJECT/directory-sync.sh
|
||||
dirSetup
|
||||
SUPPORT_EMAIL=$ERIC_SUPPORT_EMAIL
|
||||
BROKER_URL_FOR_PREREQ=$ERIC_BROKER_URL
|
||||
|
||||
if [ -n "$GBN_SUPPORT_EMAIL" ]; then
|
||||
SUPPORT_EMAIL=$GBN_SUPPORT_EMAIL
|
||||
fi
|
||||
|
||||
function do_enroll {
|
||||
COUNT=0
|
||||
if [ "$ENABLE_ERIC" == "true" ]; then
|
||||
do_enroll_inner $ERIC_PROXY_ID $ERIC_SUPPORT_EMAIL
|
||||
COUNT=$((COUNT+1))
|
||||
fi
|
||||
if [ "$ENABLE_GBN" == "true" ]; then
|
||||
do_enroll_inner $GBN_PROXY_ID $GBN_SUPPORT_EMAIL
|
||||
COUNT=$((COUNT+1))
|
||||
fi
|
||||
if [ $COUNT -ge 2 ]; then
|
||||
echo
|
||||
echo "You just received $COUNT certificate signing requests (CSR). Please send $COUNT e-mails, with 1 CSR each, to the respective e-mail address."
|
||||
fi
|
||||
}
|
||||
17
bridgehead
17
bridgehead
|
|
@ -106,22 +106,7 @@ case "$ACTION" in
|
|||
enroll)
|
||||
loadVars
|
||||
|
||||
MANUAL_PROXY_ID="${3:-$PROXY_ID}"
|
||||
if [ -z "$MANUAL_PROXY_ID" ]; then
|
||||
log ERROR "No Proxy ID set"
|
||||
exit 1
|
||||
else
|
||||
log INFO "Enrolling Beam Proxy Id $MANUAL_PROXY_ID"
|
||||
fi
|
||||
|
||||
if [ -z "$SUPPORT_EMAIL" ]; then
|
||||
EMAIL_PARAM=""
|
||||
else
|
||||
EMAIL_PARAM="--admin-email $SUPPORT_EMAIL"
|
||||
fi
|
||||
|
||||
docker run --rm -ti -v /etc/bridgehead/pki:/etc/bridgehead/pki samply/beam-enroll:latest --output-file $PRIVATEKEYFILENAME --proxy-id $MANUAL_PROXY_ID $EMAIL_PARAM
|
||||
chmod 600 $PRIVATEKEYFILENAME
|
||||
do_enroll $PROXY_ID
|
||||
;;
|
||||
preRun | preUpdate)
|
||||
fixPermissions
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [ -n "${ENABLE_DNPM}" ]; then
|
||||
log DEBUG "DNPM setup detected (Beam.Connect) -- will start Beam.Connect for DNPM."
|
||||
log INFO "DNPM setup detected (Beam.Connect) -- will start Beam.Connect for DNPM."
|
||||
OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose.yml"
|
||||
|
||||
# Set variables required for Beam-Connect
|
||||
|
|
|
|||
2
ccp/vars
2
ccp/vars
|
|
@ -6,6 +6,8 @@ FOCUS_RETRY_COUNT=32
|
|||
SUPPORT_EMAIL=support-ccp@dkfz-heidelberg.de
|
||||
PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
|
||||
|
||||
BROKER_URL_FOR_PREREQ=$BROKER_URL
|
||||
|
||||
# This will load id-management setup. Effective only if id-management configuration is defined.
|
||||
source $PROJECT/modules/id-management-setup.sh
|
||||
idManagementSetup
|
||||
|
|
|
|||
|
|
@ -180,6 +180,26 @@ function bk_is_running {
|
|||
fi
|
||||
}
|
||||
|
||||
##Setting Network properties
|
||||
# currently not needed
|
||||
#export HOSTIP=$(MSYS_NO_PATHCONV=1 docker run --rm --add-host=host.docker.internal:host-gateway ubuntu cat /etc/hosts | grep 'host.docker.internal' | awk '{print $1}');
|
||||
function do_enroll_inner {
|
||||
PARAMS=""
|
||||
|
||||
MANUAL_PROXY_ID="${1:-$PROXY_ID}"
|
||||
if [ -z "$MANUAL_PROXY_ID" ]; then
|
||||
log ERROR "No Proxy ID set"
|
||||
exit 1
|
||||
else
|
||||
log INFO "Enrolling Beam Proxy Id $MANUAL_PROXY_ID"
|
||||
fi
|
||||
|
||||
SUPPORT_EMAIL="${2:-$SUPPORT_EMAIL}"
|
||||
if [ -n "$SUPPORT_EMAIL" ]; then
|
||||
PARAMS+="--admin-email $SUPPORT_EMAIL"
|
||||
fi
|
||||
|
||||
docker run --rm -ti -v /etc/bridgehead/pki:/etc/bridgehead/pki samply/beam-enroll:latest --output-file $PRIVATEKEYFILENAME --proxy-id $MANUAL_PROXY_ID $PARAMS
|
||||
chmod 600 $PRIVATEKEYFILENAME
|
||||
}
|
||||
|
||||
function do_enroll {
|
||||
do_enroll_inner $@
|
||||
}
|
||||
|
|
@ -62,17 +62,17 @@ if [ -e /etc/bridgehead/vault.conf ]; then
|
|||
fi
|
||||
fi
|
||||
|
||||
log INFO "Checking network access ($BROKER_URL) ..."
|
||||
log INFO "Checking network access ($BROKER_URL_FOR_PREREQ) ..."
|
||||
|
||||
source /etc/bridgehead/${PROJECT}.conf
|
||||
source ${PROJECT}/vars
|
||||
|
||||
set +e
|
||||
SERVERTIME="$(https_proxy=$HTTPS_PROXY_URL curl -m 5 -s -I $BROKER_URL 2>&1 | grep -i -e '^Date: ' | sed -e 's/^Date: //i')"
|
||||
SERVERTIME="$(https_proxy=$HTTPS_PROXY_URL curl -m 5 -s -I $BROKER_URL_FOR_PREREQ 2>&1 | grep -i -e '^Date: ' | sed -e 's/^Date: //i')"
|
||||
RET=$?
|
||||
set -e
|
||||
if [ $RET -ne 0 ]; then
|
||||
log WARN "Unable to connect to Samply.Beam broker at $BROKER_URL. Please check your proxy settings.\nThe currently configured proxy was \"$HTTPS_PROXY_URL\". This error is normal when using proxy authentication."
|
||||
log WARN "Unable to connect to Samply.Beam broker at $BROKER_URL_FOR_PREREQ. Please check your proxy settings.\nThe currently configured proxy was \"$HTTPS_PROXY_URL\". This error is normal when using proxy authentication."
|
||||
log WARN "Unable to check clock skew due to previous error."
|
||||
else
|
||||
log INFO "Checking clock skew ..."
|
||||
|
|
|
|||
Loading…
Reference in New Issue