Adapt DNPM configuration

2023-05-15 13:43:01 +02:00 · 2023-05-15 13:43:01 +02:00 · c9806ad874
parent d87745443e
commit c9806ad874
6 changed files with 29 additions and 23 deletions
--- a/bbmri/modules/dnpm-compose-beamconnect.yml
+++ b/bbmri/modules/dnpm-compose-beamconnect.yml
@ -5,10 +5,10 @@ services:
    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop
    container_name: bridgehead-dnpm-beam-proxy
    environment:
-      BROKER_URL: ${BROKER_URL}
-      PROXY_ID: ${PROXY_ID}
-      APP_3_ID: dnpm-connect
-      APP_3_KEY: ${DNPM_BEAM_SECRET_SHORT}
+      BROKER_URL: ${DNPM_BROKER_URL}
+      PROXY_ID: ${DNPM_PROXY_ID}
+      APP_0_ID: dnpm-connect
+      APP_0_KEY: ${DNPM_BEAM_SECRET_SHORT}
      PRIVKEY_FILE: /run/secrets/proxy.pem
      ALL_PROXY: http://forward_proxy:3128
      TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
@ -27,15 +27,16 @@ services:
    environment:
      PROXY_URL: http://dnpm-beam-proxy:8081
      PROXY_APIKEY: ${DNPM_BEAM_SECRET_SHORT}
-      APP_ID: dnpm-connect.${PROXY_ID}
-      DISCOVERY_URL: ${DNPM_DISCOVERY_URL}
-      LOCAL_TARGETS_FILE: /conf/connect_targets.json
+      APP_ID: dnpm-connect.${DNPM_PROXY_ID}
+      DISCOVERY_URL: "./conf/central_targets.json"
+      LOCAL_TARGETS_FILE: "./conf/connect_targets.json"
      HTTP_PROXY: http://forward_proxy:3128
      HTTPS_PROXY: http://forward_proxy:3128
      NO_PROXY: dnpm-beam-proxy,dnpm-backend
      RUST_LOG: ${RUST_LOG:-info}
    volumes:
      - /etc/bridgehead/dnpm/local_targets.json:/conf/connect_targets.json:ro
+      - /etc/bridgehead/dnpm/central_targets.json:/conf/central_targets.json:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dnpm-connect.rule=PathPrefix(`/dnpm-connect`)"
--- a/bbmri/modules/dnpm-setup.sh
+++ b/bbmri/modules/dnpm-setup.sh
@ -7,7 +7,9 @@ if [ -n "${ENABLE_DNPM}" ]; then
 	# Set variables required for Beam-Connect
 	DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
 	DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
-	DNPM_DISCOVERY_URL="https://dnpm.medizin.uni-tuebingen.de/sites"
+	DNPM_BROKER_ID="broker.dev.ccp-it.dktk.dkfz.de"
+	DNPM_BROKER_URL="https://${DNPM_BROKER_ID}"
+	DNPM_PROXY_ID="${SITE_ID}.${DNPM_BROKER_ID}"

 	# Optionally, start bwhc as well. This is currently only experimental
 	if [ -n "${ENABLE_DNPM_BWHC}" ]; then
--- a/ccp/modules/dnpm-compose-beamconnect.yml
+++ b/ccp/modules/dnpm-compose-beamconnect.yml
@ -13,14 +13,15 @@ services:
      PROXY_URL: http://beam-proxy:8081
      PROXY_APIKEY: ${DNPM_BEAM_SECRET_SHORT}
      APP_ID: dnpm-connect.${PROXY_ID}
-      DISCOVERY_URL: ${DNPM_DISCOVERY_URL}
-      LOCAL_TARGETS_FILE: /conf/connect_targets.json
-      HTTP_PROXY: http://forward_proxy:3128
-      HTTPS_PROXY: http://forward_proxy:3128
+      DISCOVERY_URL: "./conf/central_targets.json"
+      LOCAL_TARGETS_FILE: "./conf/connect_targets.json"
+      HTTP_PROXY: "http://forward_proxy:3128"
+      HTTPS_PROXY: "http://forward_proxy:3128"
      NO_PROXY: beam-proxy,dnpm-backend
      RUST_LOG: ${RUST_LOG:-info}
    volumes:
      - /etc/bridgehead/dnpm/local_targets.json:/conf/connect_targets.json:ro
+      - /etc/bridgehead/dnpm/central_targets.json:/conf/central_targets.json:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dnpm-connect.rule=PathPrefix(`/dnpm-connect`)"
--- a/ccp/modules/dnpm-setup.sh
+++ b/ccp/modules/dnpm-setup.sh
@ -7,7 +7,6 @@ if [ -n "${ENABLE_DNPM}" ]; then
 	# Set variables required for Beam-Connect
 	DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
 	DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
-	DNPM_DISCOVERY_URL="https://dnpm.medizin.uni-tuebingen.de/sites"

 	# Optionally, start bwhc as well. This is currently only experimental
 	if [ -n "${ENABLE_DNPM_BWHC}" ]; then
--- a/minimal/modules/dnpm-compose-beamconnect.yml
+++ b/minimal/modules/dnpm-compose-beamconnect.yml
@ -5,14 +5,14 @@ services:
    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop
    container_name: bridgehead-dnpm-beam-proxy
    environment:
-      BROKER_URL: ${BROKER_URL}
-      PROXY_ID: ${PROXY_ID}
-      APP_3_ID: dnpm-connect
-      APP_3_KEY: ${DNPM_BEAM_SECRET_SHORT}
+      BROKER_URL: ${DNPM_BROKER_URL}
+      PROXY_ID: ${DNPM_PROXY_ID}
+      APP_0_ID: dnpm-connect
+      APP_0_KEY: ${DNPM_BEAM_SECRET_SHORT}
      PRIVKEY_FILE: /run/secrets/proxy.pem
      ALL_PROXY: http://forward_proxy:3128
-      TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
-      ROOTCERT_FILE: /conf/root.crt.pem
+      TLS_CA_CERTIFICATES_DIR: ./conf/trusted-ca-certs
+      ROOTCERT_FILE: ./conf/root.crt.pem
    secrets:
      - proxy.pem
    depends_on:
@ -27,15 +27,16 @@ services:
    environment:
      PROXY_URL: http://dnpm-beam-proxy:8081
      PROXY_APIKEY: ${DNPM_BEAM_SECRET_SHORT}
-      APP_ID: dnpm-connect.${PROXY_ID}
-      DISCOVERY_URL: ${DNPM_DISCOVERY_URL}
-      LOCAL_TARGETS_FILE: /conf/connect_targets.json
+      APP_ID: dnpm-connect.${DNPM_PROXY_ID}
+      DISCOVERY_URL: "./conf/central_targets.json"
+      LOCAL_TARGETS_FILE: "./conf/connect_targets.json"
      HTTP_PROXY: http://forward_proxy:3128
      HTTPS_PROXY: http://forward_proxy:3128
      NO_PROXY: dnpm-beam-proxy,dnpm-backend
      RUST_LOG: ${RUST_LOG:-info}
    volumes:
      - /etc/bridgehead/dnpm/local_targets.json:/conf/connect_targets.json:ro
+      - /etc/bridgehead/dnpm/central_targets.json:/conf/central_targets.json:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dnpm-connect.rule=PathPrefix(`/dnpm-connect`)"
--- a/minimal/modules/dnpm-setup.sh
+++ b/minimal/modules/dnpm-setup.sh
@ -7,7 +7,9 @@ if [ -n "${ENABLE_DNPM}" ]; then
 	# Set variables required for Beam-Connect
 	DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
 	DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
-	DNPM_DISCOVERY_URL="https://dnpm.medizin.uni-tuebingen.de/sites"
+	DNPM_BROKER_ID="broker.dev.ccp-it.dktk.dkfz.de"
+	DNPM_BROKER_URL="https://${DNPM_BROKER_ID}"
+	DNPM_PROXY_ID="${SITE_ID}.${DNPM_BROKER_ID}"

 	# Optionally, start bwhc as well. This is currently only experimental
 	if [ -n "${ENABLE_DNPM_BWHC}" ]; then