samply/bridgehead
1
0
Fork 0
mirror of https://github.com/samply/bridgehead.git synced 2025-11-04 06:00:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

Added Configuration for Local ID-Management

Browse Source
This commit is contained in:
Torben Brenner
2022-12-07 15:46:19 +01:00
parent 3236128ca1
commit 99c0e7f283
4 changed files with 96 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
ccp/modules/id-management-compose.yml Normal file
View File

@@ -0,0 +1,75 @@
version: "3.7"
services:
id-manager:
image: docker.verbis.dkfz.de/bridgehead/magicpl
environment:
TOMCAT_REVERSEPROXY_FQDN: ${HOST}
MAGICPL_SITE: ${SITE_ID}
MAGICPL_ALLOWED_ORIGINS: https://${HOST}
MAGICPL_LOCAL_PATIENTLIST_APIKEY: ${IDMANAGER_LOCAL_PATIENTLIST_APIKEY}
MAGICPL_CENTRAXX_APIKEY: ${IDMANAGER_CENTRAXX_APIKEY}
MAGICPL_CONNECTOR_APIKEY: ${IDMANAGER_CONNECTOR_APIKEY}
MAGICPL_CENTRAL_PATIENTLIST_APIKEY: ${IDMANAGER_CENTRAL_PATIENTLIST_APIKEY}
MAGICPL_CONTROLNUMBERGENERATOR_APIKEY: ${IDMANAGER_CONTROLNUMBERGENERATOR_APIKEY}
MAGICPL_OIDC_CLIENT_ID: ${IDMANAGER_AUTH_CLIENT_ID}
MAGICPL_OIDC_CLIENT_SECRET: ${IDMANAGER_AUTH_CLIENT_SECRET}
depends_on:
- patientlist
labels:
- "traefik.enable=true"
- "traefik.http.routers.id-manager.rule=PathPrefix(`/id-manager`)"
- "traefik.http.services.id-manager.loadbalancer.server.port=8080"
- "traefik.http.routers.id-manager.tls=true"
patientlist:
image: docker.verbis.dkfz.de/bridgehead/mainzelliste
environment:
- TOMCAT_REVERSEPROXY_FQDN=${HOST}
- ML_SITE=${SITE_ID}
- ML_DB_PASS=${PATIENTLIST_POSTGRES_PASSWORD}
- ML_API_KEY=${IDMANAGER_LOCAL_PATIENTLIST_APIKEY}
# Add Variables from /etc/patientlist-id-generators.env
- ML_BK_IDGENERATOR_RANDOM_1
- ML_BK_IDGENERATOR_RANDOM_2
- ML_BK_IDGENERATOR_RANDOM_3
- ML_MDS_IDGENERATOR_RANDOM_1
- ML_MDS_IDGENERATOR_RANDOM_2
- ML_MDS_IDGENERATOR_RANDOM_3
- ML_DKTK000001985_IDGENERATOR_RANDOM_1
- ML_DKTK000001985_IDGENERATOR_RANDOM_2
- ML_DKTK000001985_IDGENERATOR_RANDOM_3
- ML_DKTK000001986_IDGENERATOR_RANDOM_1
- ML_DKTK000001986_IDGENERATOR_RANDOM_2
- ML_DKTK000001986_IDGENERATOR_RANDOM_3
- ML_DKTK000001950_IDGENERATOR_RANDOM_1
- ML_DKTK000001950_IDGENERATOR_RANDOM_2
- ML_DKTK000001950_IDGENERATOR_RANDOM_3
- ML_DKTK000001951_IDGENERATOR_RANDOM_1
- ML_DKTK000001951_IDGENERATOR_RANDOM_2
- ML_DKTK000001951_IDGENERATOR_RANDOM_3
- ML_DKTK999999999_IDGENERATOR_RANDOM_1
- ML_DKTK999999999_IDGENERATOR_RANDOM_2
- ML_DKTK999999999_IDGENERATOR_RANDOM_3
- ML_DKTK000002089_IDGENERATOR_RANDOM_1
- ML_DKTK000002089_IDGENERATOR_RANDOM_2
- ML_DKTK000002089_IDGENERATOR_RANDOM_3
labels:
- "traefik.enable=true"
- "traefik.http.routers.patientlist.rule=PathPrefix(`/patientlist`)"
- "traefik.http.services.patientlist.loadbalancer.server.port=8080"
- "traefik.http.routers.patientlist.tls=true"
depends_on:
- patientlist-db
patientlist-db:
image: postgres:14-alpine
environment:
POSTGRES_USER: "mainzelliste"
POSTGRES_DB: "mainzelliste"
POSTGRES_PASSWORD: ${PATIENTLIST_POSTGRES_PASSWORD}
volumes:
- "patientlist-db-data:/var/lib/postgresql/data"
volumes:
patientlist-db-data:

17
ccp/modules/id-management-setup.sh Normal file
View File

@@ -0,0 +1,17 @@
#!/bin/bash
function idManagementSetup() {
if [ -n "$ENABLE_ID_MANAGEMENT" ]; then
log INFO "id-management setup detected -- will start id-management (mainzelliste & magicpl)."
OVERRIDE+=" -f ./$PROJECT/modules/id-management-compose.yml"
# Auto Generate local Passwords
PATIENTLIST_POSTGRES_PASSWORD="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
IDMANAGER_LOCAL_PATIENTLIST_APIKEY="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
# Source the ID Generators Configuration
source /etc/bridgehead/patientlist-id-generators.env
log INFO "ID-Management Generator 1: ${ML_BK_IDGENERATOR_RANDOM_1}"
fi
}

3
ccp/vars
View File

@@ -8,6 +8,9 @@ REPORTHUB_BEAM_SECRET_LONG="ApiKey report-hub.${PROXY_ID} ${REPORTHUB_BEAM_SECRE
SUPPORT_EMAIL=support-ccp@dkfz-heidelberg.de SUPPORT_EMAIL=support-ccp@dkfz-heidelberg.de
PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
# This will load id-management setup. Effective only if id-management configuration is defined.
source $PROJECT/modules/id-management-setup.sh
idManagementSetup
# This will load nngm setup. Effective only if nngm configuration is defined. # This will load nngm setup. Effective only if nngm configuration is defined.
source $PROJECT/nngm-setup.sh source $PROJECT/nngm-setup.sh
nngmSetup nngmSetup

2
lib/functions.sh
View File

@@ -131,7 +131,7 @@ fail_and_report() {
setHostname() { setHostname() {
if [ -z "$HOST" ]; then if [ -z "$HOST" ]; then
export HOST=$(hostname -f) export HOST=$(hostname -f | tr "[:upper:]" "[:lower:]")
log DEBUG "Using auto-detected hostname $HOST." log DEBUG "Using auto-detected hostname $HOST."
fi fi
} }