From 8af5cf3f0162d3823ea90ba318c499cc0cb50f6c Mon Sep 17 00:00:00 2001 From: Croft Date: Mon, 12 Feb 2024 16:07:57 +0100 Subject: [PATCH] Changes made for EHDS2 The EHDS2 project has initiated a use case for antibiotic resistance under the control of the ECDC. This branch caters for the ECDC requirements. Specifically, it contains the ETL to transform the ECDC CSV format to FHIR, plus additional configuration options that have been packaged into the bbmri project. --- bbmri/docker-compose.yml | 2 +- bbmri/modules/ehds2-compose.yml | 59 +++++++++++++++++++++++++++ bbmri/modules/ehds2-setup.sh | 28 +++++++++++++ bbmri/modules/ehds2.root.crt.pem | 20 +++++++++ bbmri/modules/ehds2.test.root.crt.pem | 20 +++++++++ bbmri/vars | 11 +++++ 6 files changed, 139 insertions(+), 1 deletion(-) create mode 100644 bbmri/modules/ehds2-compose.yml create mode 100644 bbmri/modules/ehds2-setup.sh create mode 100644 bbmri/modules/ehds2.root.crt.pem create mode 100644 bbmri/modules/ehds2.test.root.crt.pem diff --git a/bbmri/docker-compose.yml b/bbmri/docker-compose.yml index 9bc05cc..c96ad89 100644 --- a/bbmri/docker-compose.yml +++ b/bbmri/docker-compose.yml @@ -1,6 +1,6 @@ version: "3.7" -# This includes only the shared persistence for BBMRI-ERIC and GBN. Federation components are included as modules, see vars. +# This includes only the shared persistence for BBMRI-ERIC and GBN and EHDS2. Federation components are included as modules, see vars. services: blaze: diff --git a/bbmri/modules/ehds2-compose.yml b/bbmri/modules/ehds2-compose.yml new file mode 100644 index 0000000..bc32166 --- /dev/null +++ b/bbmri/modules/ehds2-compose.yml @@ -0,0 +1,59 @@ +version: "3.7" + +services: + focus-ehds2: + image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG} + container_name: bridgehead-focus-ehds2 + environment: + API_KEY: ${EHDS2_FOCUS_BEAM_SECRET_SHORT} + BEAM_APP_ID_LONG: focus.${EHDS2_PROXY_ID} + PROXY_ID: ${EHDS2_PROXY_ID} + BLAZE_URL: "http://blaze:8080/fhir/" + BEAM_PROXY_URL: http://beam-proxy-ehds2:8081 + RETRY_COUNT: ${FOCUS_RETRY_COUNT} + depends_on: + - "beam-proxy-ehds2" + - "blaze" + + beam-proxy-ehds2: + image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop + container_name: bridgehead-beam-proxy-ehds2 + environment: + BROKER_URL: ${EHDS2_BROKER_URL} + PROXY_ID: ${EHDS2_PROXY_ID} + APP_focus_KEY: ${EHDS2_FOCUS_BEAM_SECRET_SHORT} + PRIVKEY_FILE: /run/secrets/proxy.pem + ALL_PROXY: http://forward_proxy:3128 + TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs + ROOTCERT_FILE: /conf/root.crt.pem + secrets: + - proxy.pem + depends_on: + - "forward_proxy" + volumes: + - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro + - /srv/docker/bridgehead/bbmri/modules/${EHDS2_ROOT_CERT}.root.crt.pem:/conf/root.crt.pem:ro + + # Convert ECDC CSV file into FHIR and push to Blaze + transfair: + container_name: transfair + image: samply/transfair + environment: + FHIR_INPUT_URL: "http://source_blaze:8080/fhir" + FHIR_OUTPUT_URL: "http://bridgehead-bbmri-blaze:8080/fhir" + PROFILE: "amr2fhir" + #WRITE_BUNDLES_TO_FILE: "true" + AMR_FILE_PATH: "/app/data" + restart: on-failure + command: sh -c "sleep 60 && rm -rf /app/test/* && java -jar transFAIR.jar && tail -f /dev/null" + #command: sh -c "rm -rf /app/test/* && java -jar transFAIR.jar" + volumes: + - /home/gerhard/Projects/EHDS2/PrototypeSpring2024/test/:/app/test/ + - /home/gerhard/Projects/EHDS2/PrototypeSpring2024/Data/:/app/data/ + + # Report on the data pushed to Blaze by TransFAIR + blazectl: + container_name: blazectl + image: samply/blazectl + command: sh -c "sleep 300 && echo Source store && blazectl --server http://bridgehead-bbmri-blaze:8080/fhir count-resources && tail -f /dev/null" + diff --git a/bbmri/modules/ehds2-setup.sh b/bbmri/modules/ehds2-setup.sh new file mode 100644 index 0000000..7e0e453 --- /dev/null +++ b/bbmri/modules/ehds2-setup.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +if [ "${ENABLE_EHDS2}" == "true" ]; then + log INFO "EHDS2 setup detected -- will start services for German Biobank Node." + OVERRIDE+=" -f ./$PROJECT/modules/ehds2-compose.yml" + + # The environment needs to be defined in /etc/bridgehead + case "$ENVIRONMENT" in + "production") + export EHDS2_BROKER_ID=broker.bbmri.samply.de + export EHDS2_ROOT_CERT=ehds2 + ;; + "test") + export EHDS2_BROKER_ID=broker.test.bbmri.samply.de + export EHDS2_ROOT_CERT=ehds2.test + ;; + *) + report_error 6 "Environment \"$ENVIRONMENT\" is unknown. Assuming production. FIX THIS!" + export EHDS2_BROKER_ID=broker.bbmri.samply.de + export EHDS2_ROOT_CERT=ehds2 + ;; + esac + + EHDS2_BROKER_URL=https://${EHDS2_BROKER_ID} + EHDS2_PROXY_ID=${SITE_ID}.${EHDS2_BROKER_ID} + EHDS2_FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" + EHDS2_SUPPORT_EMAIL=feedback@germanbiobanknode.de +fi diff --git a/bbmri/modules/ehds2.root.crt.pem b/bbmri/modules/ehds2.root.crt.pem new file mode 100644 index 0000000..eae0d4d --- /dev/null +++ b/bbmri/modules/ehds2.root.crt.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNTCCAh2gAwIBAgIUMy/n0zFRihhVR3aAD54LumzeYdwwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjIxMDI1MDczNTA4WhcNMzIx +MDIyMDczNTM3WjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAL3qWliHIlIT1Qlsyq/NKJ1uj6/AF0STNg5NTNpb +Xqe5rmUqs6jmQepputGStBVe5TthFw56whISv9FqD5s1PZUGyFikW1pJUnF7ZYRf +MfrJHRi1vUnD3Gw36FCot+i6BAxfw/rdp9hoqFZ6erRkULLaYZ5S2cDHN0DWc18V +3VgZ66ah8QXSx7ERRNa/eWRkHrPIYhyVSoKuyZfvbVgsYZADSlviCgIHPrGLerLr +ylNUyuTxJ5RKStOwPn7A+Jp7nRT+MRh9BphA7s6NuK9h+eVe1DiLbIETWyCEfN3Y +INpunatn3QDhqOIfNcuBArjsAj7mg8l5KNba8nUP4v0EJYECAwEAAaN7MHkwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMvc5Fizz1vO +MEG3MIsy7UY69ZNIMB8GA1UdIwQYMBaAFMvc5Fizz1vOMEG3MIsy7UY69ZNIMBYG +A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQBb8a5su820 +h8JStJC+KpvXmDrGkwx9bHlEZMgQQejIrwPLEbA32KBvNxdoUxF9q1Y773MKdqbc +cCJwzQXE/NPZ13hCGrEIXs8DgH52GhEB5592k5/bRNcAvUwbZSXPPiT0rgq/eUOt +BYhgN0ov7h1MC5L6CYB/rQwqck7JPlmrXTkh2gix4/dEdBRzsHsn/xlo8ay5QYHG +rx2Adit76eZu/MJoJNzl1r8MPxLqyAie3KcIU54A+UMozLrWEQP/TyOyWZdjUjJt +cBYgkKJTjwdRhc+ehI3kFo7b/a/Z/jl9szKsAPHozMixSi8lGnsYwN80oqeRvT7h +wcMUK+igv3/K +-----END CERTIFICATE----- diff --git a/bbmri/modules/ehds2.test.root.crt.pem b/bbmri/modules/ehds2.test.root.crt.pem new file mode 100644 index 0000000..2c4f9f1 --- /dev/null +++ b/bbmri/modules/ehds2.test.root.crt.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNTCCAh2gAwIBAgIUJ0g7k2vrdAwNTU38S1/mU8NO26MwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjMwNzEwMTIyMzQxWhcNMzMw +NzA3MTIyNDExWjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBALMvc/fApbsAl+/NXDszNgffNR5llAb9CfxzdnRn +ryoBqZdPevBYZZfKBARRKjFbXRDdPWbE7erDeo1LiCM6PObXCuT9wmGWJtvfkmqW +3Z/a75e4r360kceMEGVn4kWpi9dz8s7+oXVZURjW2r13h6pq6xQNZDNlXmpR8wHG +58TSrQC4n1vzdSwMWdptgOA8Sw8adR7ZJI1yNZpmynB2QolKKNESI7FcSKC/+b+H +LoPkseAwQG9yJo23qEw1GZS67B47iKIqX2wp9VLQobHw7ncrhKXQLSWq973k/Swp +7lBdfOsTouf72flLiF1HbdOLcFDmWgIbf5scj2HaQe8b/UcCAwEAAaN7MHkwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFHYxBJiJZieW +e6G1vwn6Q36/crgNMB8GA1UdIwQYMBaAFHYxBJiJZieWe6G1vwn6Q36/crgNMBYG +A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQCN6WVNYpWJ +6Z1Ee+otLZYMXhjyR6NUQ5s0aHiug97gB8mTiNlgXiiTgipCbofEmENgh1inYrPC +WfdXxqOaekSXCQW6nSO1KtBzEYtkN5LrN1cjKqt51P2DbkllinK37wwCS2Kfup1+ +yjhTRxrehSIfsMVK6bTUeSoc8etkgwErZpORhlpqZKWhmOwcMpgsYJJOLhUetqc1 +UNe/254bc0vqHEPT6VI/86c7qAmk1xR0RUfrnKAEqZtUeuoj2fe1L/6yOB16fxt5 +3V3oim7EO6eZCTjDo9fU5DaFiqSMe7WVdr03Na0cWet60XKRH/xaiC6gMWdHWcbh +vZdXnV1qjlM2 +-----END CERTIFICATE----- \ No newline at end of file diff --git a/bbmri/vars b/bbmri/vars index d1362fb..cd32b07 100644 --- a/bbmri/vars +++ b/bbmri/vars @@ -4,6 +4,9 @@ # Makes only sense for German Biobanks : ${ENABLE_GBN:=false} +# Makes only sense for EHDS2 project +: ${ENABLE_EHDS2:=false} + FOCUS_RETRY_COUNT=32 PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem @@ -20,6 +23,10 @@ if [ -n "$GBN_SUPPORT_EMAIL" ]; then SUPPORT_EMAIL=$GBN_SUPPORT_EMAIL fi +if [ -n "$EHDS2_SUPPORT_EMAIL" ]; then + SUPPORT_EMAIL=$EHDS2_SUPPORT_EMAIL +fi + function do_enroll { COUNT=0 if [ "$ENABLE_ERIC" == "true" ]; then @@ -30,6 +37,10 @@ function do_enroll { do_enroll_inner $GBN_PROXY_ID $GBN_SUPPORT_EMAIL COUNT=$((COUNT+1)) fi + if [ "$ENABLE_EHDS2" == "true" ]; then + do_enroll_inner $EHDS2_PROXY_ID $EHDS2_SUPPORT_EMAIL + COUNT=$((COUNT+1)) + fi if [ $COUNT -ge 2 ]; then echo echo "You just received $COUNT certificate signing requests (CSR). Please send $COUNT e-mails, with 1 CSR each, to the respective e-mail address."