From dc8b8b33395834131da1fb73c3954324263d41b1 Mon Sep 17 00:00:00 2001 From: Patrick Skowronek Date: Mon, 9 May 2022 12:57:24 +0200 Subject: [PATCH 1/4] Some fixes after review with Martin --- README.md | 14 +++++++++++--- ccp/docker-compose.yml | 10 +++++----- gbn/docker-compose.yml | 8 ++++---- lib/add_bc_user.sh | 7 ++++--- lib/generate.sh | 2 +- lib/prerequisites.sh | 32 ++++++++++++++++---------------- lib/remove-bridgehead-units.sh | 6 +++--- lib/setup-bridgehead-units.sh | 8 ++++---- lib/systemd/bridgehead@.service | 8 ++++---- start-bridgehead.sh | 10 ++++------ stop-bridgehead.sh | 4 ++-- 11 files changed, 58 insertions(+), 51 deletions(-) diff --git a/README.md b/README.md index 40db817..dc5c657 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,7 @@ The Bridgehead has two primary components: * The **Blaze Store**. This is a highly responsive FHIR data store, which you will need to fill with your data via an ETL chain. * The **Connector**. This is the communication portal to the Sample Locator, with specially designed features that make it possible to run it behind a corporate firewall without making any compromises on security. -#### CPP(DKTK/C4) +#### CCP(DKTK/C4) TODO: @@ -79,6 +79,7 @@ For running your bridgehead we recommend the follwing Hardware: Before starting the installation process, please ensure that following software is available on your system: +//Remove #### [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git) To check that you have a working git installation, please run @@ -90,6 +91,8 @@ rm -rf Hello-World; ``` If you see the output "Hello World!" your installation should be working. + +//Just install docker-compose und docker with version #### [Docker](https://docs.docker.com/get-docker/) To check your docker installation, you can try to execute dockers "Hello World" Image. The command is: @@ -149,10 +152,15 @@ sudo git clone https://github.com/samply/bridgehead.git /srv/docker/bridgehead; When using the systemd services we you need to create a bridgehead user for security reasons. This should be done after clone the repository. Since not all linux distros support ```adduser```, we provide a action for the systemcall ```useradd```. +// + ``` shell adduser --no-create-home --disabled-login --ingroup docker --gecos "" bridgehead +``` + +``` shell useradd -M -g docker -N -s /sbin/nologin bridgehead -chown bridghead /srv/docker/bridgehead/ -R +chown bridgehead /srv/docker/bridgehead/ -R ``` @@ -216,7 +224,7 @@ To make the configuration effective, you need to tell systemd to reload the conf ``` shell sudo systemctl daemon-reload; -sudo systemctl bridgehead@cpp.service; +sudo systemctl bridgehead@ccp.service; ``` ### DKTK/C4 diff --git a/ccp/docker-compose.yml b/ccp/docker-compose.yml index b374ad7..3cdeb2e 100644 --- a/ccp/docker-compose.yml +++ b/ccp/docker-compose.yml @@ -3,7 +3,7 @@ version: "3.7" services: traefik: container_name: bridgehead-traefik - image: traefik:2.4 + image: traefik:2 command: - --entrypoints.web.address=:80 - --entrypoints.websecure.address=:443 @@ -60,11 +60,11 @@ services: - "blaze-data:/app/data" labels: - "traefik.enable=true" - - "traefik.http.middlewares.cpp-auth.basicauth.users=${bc_auth_users}" + - "traefik.http.middlewares.ccp-auth.basicauth.users=${bc_auth_users}" - "traefik.http.routers.blaze_ccp.rule=PathPrefix(`/ccp-localdatamanagement`)" - "traefik.http.middlewares.ccp_b_strip.stripprefix.prefixes=/ccp-localdatamanagement" - "traefik.http.services.blaze_ccp.loadbalancer.server.port=8080" - - "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,cpp-auth" + - "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,ccp-auth" - "traefik.http.routers.blaze_ccp.tls=true" ccp-search-share: @@ -73,7 +73,7 @@ services: environment: APP_BASE_URL: "http://dktk-fed-search-share:8080" APP_BROKER_BASEURL: "https://dktk-fed-search.verbis.dkfz.de/broker/rest/searchbroker" - APP_BROKER_MAIL: ${CCP_MAIL} + APP_BROKER_MAIL: ${CCP_SEARCHBROKER_USERNAME} APP_STORE_BASEURL: "http://bridgehead-ccp-blaze:8080/fhir" SPRING_DATASOURCE_URL: "jdbc:postgresql://bridgehead-ccp-share-db:5432/dktk-fed-search-share" JAVA_TOOL_OPTIONS: "-Xmx1g" @@ -86,7 +86,7 @@ services: - blaze labels: - "traefik.enable=true" - - "traefik.http.routers.dktk-fed-search.rule=PathPrefix(`/cpp-connector`)" + - "traefik.http.routers.dktk-fed-search.rule=PathPrefix(`/ccp-connector`)" - "traefik.http.services.dktk-fed-search.loadbalancer.server.port=8080" ccp-search-share-db: diff --git a/gbn/docker-compose.yml b/gbn/docker-compose.yml index 9eac49b..a3bdb1c 100644 --- a/gbn/docker-compose.yml +++ b/gbn/docker-compose.yml @@ -1,4 +1,4 @@ -version: '3.4' +version: '3.7' volumes: gbn-connector-logs: @@ -8,7 +8,7 @@ volumes: services: traefik: container_name: bridgehead-traefik - image: traefik:2.4 + image: traefik:2 command: - --entrypoints.web.address=:80 - --entrypoints.websecure.address=:443 @@ -65,11 +65,11 @@ services: - "blaze-data:/app/data" labels: - "traefik.enable=true" - - "traefik.http.middlewares.cpp-auth.basicauth.users=${bc_auth_users}" + - "traefik.http.middlewares.ccp-auth.basicauth.users=${bc_auth_users}" - "traefik.http.routers.blaze_ccp.rule=PathPrefix(`/ccp-localdatamanagement`)" - "traefik.http.middlewares.ccp_b_strip.stripprefix.prefixes=/ccp-localdatamanagement" - "traefik.http.services.blaze_ccp.loadbalancer.server.port=8080" - - "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,cpp-auth" + - "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,ccp-auth" - "traefik.http.routers.blaze_ccp.tls=true" gbn-connector: diff --git a/lib/add_bc_user.sh b/lib/add_bc_user.sh index 1adca14..744fe11 100755 --- a/lib/add_bc_user.sh +++ b/lib/add_bc_user.sh @@ -1,14 +1,15 @@ #!/bin/bash -e +source lib/functions.sh -echo "This script add's a user with password to the bridghead" +log "This script add's a user with password to the bridghead" if [ $# -eq 0 ]; then - echo "No arguments provided, please provide the project name" + log "No arguments provided, please provide the project name" exit 1 fi if [ ! -f /etc/systemd/system/bridgehead@$1.service.d/override.conf ]; then - echo "Please create a Service first, with setup-bridgehead-units.sh" + log "Please create a Service first, with setup-bridgehead-units.sh" exit fi diff --git a/lib/generate.sh b/lib/generate.sh index 548b00a..f393057 100755 --- a/lib/generate.sh +++ b/lib/generate.sh @@ -40,7 +40,7 @@ then " LOCAL_SERVICES+=" CCP - Blaze + Blaze " fi diff --git a/lib/prerequisites.sh b/lib/prerequisites.sh index e473a16..8e0d4bc 100755 --- a/lib/prerequisites.sh +++ b/lib/prerequisites.sh @@ -2,8 +2,8 @@ ## Check if user is a su -echo "Welcome to the starting a bridgehead. We will get your instance up and running in no time" -echo "First we will check if all prerequisites are met ..." +log "Welcome to the starting a bridgehead. We will get your instance up and running in no time" +log "First we will check if all prerequisites are met ..." prerequisites="git docker docker-compose" for prerequisite in $prerequisites; do $prerequisite --version 2>&1 @@ -15,54 +15,54 @@ for prerequisite in $prerequisites; do # TODO: Check for specific version done -echo "Checking /etc/bridgehead/" +log "Checking /etc/bridgehead/" ## Download submodule if [ ! -d "/etc/bridgehead/" ]; then - echo "Please set up the config folder. Instruction are in the readme." + log "Please set up the config folder. Instruction are in the readme." exit 1 else - echo "Done" + log "Done" fi -echo "Checking /etc/bridgehead/site.conf" +log "Checking /etc/bridgehead/site.conf" #check if site.conf is created if [ ! -f /etc/bridgehead/site.conf ]; then - echo "Please create your specific site.conf file from the site.dev.conf" + log "Please create your specific site.conf file from the site.dev.conf" exit 1 else - echo "Done" + log "Done" fi #Load site specific variables source /etc/bridgehead/site.conf if [ -z "$site_name" ]; then - echo "Please set site_name" + log "Please set site_name" exit 1 fi -echo "Checking project config" +log "Checking project config" #check if project env is present if [ -d "/etc/bridgehead/${project}.env" ]; then - echo "Please copy the tempalte from ${project} and put it in the /etc/bridgehead-config/ folder" + log "Please copy the tempalte from ${project} and put it in the /etc/bridgehead-config/ folder" exit 1 else - echo "Done" + log "Done" fi -echo "Checking ssl cert" +log "Checking ssl cert" ## Create SSL Cert if [ ! -d "/certs" ]; then - echo "SSL cert missing, now we create one. Please consider getting a signed one" + log "SSL cert missing, now we create one. Please consider getting a signed one" mkdir certs fi -if [ -d "/etc/bridgehead/traefik.crt" ]; then +if [ -d "certs/traefik.crt" ]; then openssl req -x509 -newkey rsa:4096 -nodes -keyout certs/traefik.key -out certs/traefik.crt -days 365 fi -echo "All prerequisites are met!" +log "All prerequisites are met!" diff --git a/lib/remove-bridgehead-units.sh b/lib/remove-bridgehead-units.sh index b8c34a2..c73478e 100755 --- a/lib/remove-bridgehead-units.sh +++ b/lib/remove-bridgehead-units.sh @@ -3,12 +3,12 @@ source lib/functions.sh if [ $# -eq 0 ]; then - echo "Please provide a Project as argument" + log "Please provide a Project as argument" exit 1 fi if [ $1 != "ccp" ] && [ $1 != "nngm" ] && [ $1 != "gbn" ]; then - echo "Please provide a supported project like ccp, gbn or nngm" + log "Please provide a supported project like ccp, gbn or nngm" exit 1 fi @@ -19,7 +19,7 @@ if ! ./lib/prerequisites.sh; then exit 1 fi -echo "Stopping systemd services and removing bridgehead ..." +log "Stopping systemd services and removing bridgehead ..." systemctl disable --now bridgehead@${project}.service bridgehead-update@${project}.timer bridgehead-update@${project}.service diff --git a/lib/setup-bridgehead-units.sh b/lib/setup-bridgehead-units.sh index cd37a6c..a44b3f6 100755 --- a/lib/setup-bridgehead-units.sh +++ b/lib/setup-bridgehead-units.sh @@ -5,12 +5,12 @@ source lib/functions.sh exitIfNotRoot if [ $# -eq 0 ]; then - echo "Please provide a Project as argument" + log "Please provide a Project as argument" exit 1 fi if [ $1 != "ccp" ] && [ $1 != "nngm" ] && [ $1 != "gbn" ]; then - echo "Please provide a supported project like ccp, gbn or nngm" + log "Please provide a supported project like ccp, gbn or nngm" exit 1 fi @@ -33,9 +33,9 @@ systemctl daemon-reload echo if ! systemctl is-active --quiet bridgehead@"${project}"; then - echo "Enabling autostart of bridgehead@${project}.service" + log "Enabling autostart of bridgehead@${project}.service" systemctl enable bridgehead@"${project}" - echo "Enabling nightly updates for bridgehead@${project}.service ..." + log "Enabling nightly updates for bridgehead@${project}.service ..." systemctl enable --now bridgehead-update@"${project}".timer fi diff --git a/lib/systemd/bridgehead@.service b/lib/systemd/bridgehead@.service index 12b069a..d286df9 100644 --- a/lib/systemd/bridgehead@.service +++ b/lib/systemd/bridgehead@.service @@ -8,9 +8,9 @@ RestartSec=30 WorkingDirectory=/srv/docker/bridgehead/ -ExecStart=/srv/docker/bridgehead/start-bridgehead.sh %i -RemainAfterExit=true -ExecStop=/srv/docker/bridgehead/stop-bridgehead.sh %i +ExecStartPre=exec /srv/docker/bridgehead/stop-bridgehead.sh %i +ExecStart=exec /srv/docker/bridgehead/start-bridgehead.sh %i +ExecStop=exec /srv/docker/bridgehead/stop-bridgehead.sh %i [Install] -WantedBy=multi-user.target +WantedBy=multi-user.target diff --git a/start-bridgehead.sh b/start-bridgehead.sh index ce59651..e4ac691 100755 --- a/start-bridgehead.sh +++ b/start-bridgehead.sh @@ -1,20 +1,18 @@ #!/bin/bash -### Note: Currently not complete, needs some features before useable for production +source lib/functions.sh if [ $# -eq 0 ]; then - echo "Please provide a Project as argument" + log "Please provide a Project as argument" exit 1 fi if [ $1 != "ccp" ] && [ $1 != "nngm" ] && [ $1 != "gbn" ]; then - echo "Please provide a supported project like ccp, gbn or nngm" + log "Please provide a supported project like ccp, gbn or nngm" exit 1 fi export project=$1 -source lib/functions.sh - if ! lib/prerequisites.sh; then log "Validating Prerequisites failed, please fix the occurring error" exit 1 @@ -22,7 +20,7 @@ fi source /etc/bridgehead/site.conf -./lib/generate.sh +####./lib/generate.sh log "Starting bridgehead" diff --git a/stop-bridgehead.sh b/stop-bridgehead.sh index 33b1e54..6b3928d 100755 --- a/stop-bridgehead.sh +++ b/stop-bridgehead.sh @@ -3,12 +3,12 @@ source lib/functions.sh if [ $# -eq 0 ]; then - echo "Please provide a Project as argument" + log "Please provide a Project as argument" exit 1 fi if [ $1 != "ccp" ] && [$1 != "nngm"] && [ $1 != "gbn" ]; then - echo "Please provide a supported project like ccp, gbn or nngm" + log "Please provide a supported project like ccp, gbn or nngm" exit 1 fi From 7be87cc3ad06b83159cc4d90066486041238e729 Mon Sep 17 00:00:00 2001 From: Patrick Skowronek Date: Mon, 9 May 2022 13:44:36 +0200 Subject: [PATCH 2/4] Fixed prerequisites --- lib/prerequisites.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/prerequisites.sh b/lib/prerequisites.sh index 8e0d4bc..0d323ab 100755 --- a/lib/prerequisites.sh +++ b/lib/prerequisites.sh @@ -1,5 +1,6 @@ #!/bin/bash +source lib/functions.sh ## Check if user is a su log "Welcome to the starting a bridgehead. We will get your instance up and running in no time" From fb583b474c51b802eb5a2586905be729004efa4c Mon Sep 17 00:00:00 2001 From: Patrick Skowronek Date: Mon, 9 May 2022 13:52:20 +0200 Subject: [PATCH 3/4] Added correct version of traefik --- ccp/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ccp/docker-compose.yml b/ccp/docker-compose.yml index 3cdeb2e..826906b 100644 --- a/ccp/docker-compose.yml +++ b/ccp/docker-compose.yml @@ -3,7 +3,7 @@ version: "3.7" services: traefik: container_name: bridgehead-traefik - image: traefik:2 + image: traefik:latest command: - --entrypoints.web.address=:80 - --entrypoints.websecure.address=:443 From acd6b94df6d68c1e66393eff8f2a96eea55b3356 Mon Sep 17 00:00:00 2001 From: Patrick Skowronek Date: Tue, 10 May 2022 09:09:58 +0200 Subject: [PATCH 4/4] Use correct link to dockerhub --- ccp/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ccp/docker-compose.yml b/ccp/docker-compose.yml index 826906b..c67e302 100644 --- a/ccp/docker-compose.yml +++ b/ccp/docker-compose.yml @@ -68,7 +68,7 @@ services: - "traefik.http.routers.blaze_ccp.tls=true" ccp-search-share: - image: "ghcr.io/samply/dktk-fed-search-share:main" + image: "samply/dktk-fed-search-share" container_name: bridgehead-ccp-share environment: APP_BASE_URL: "http://dktk-fed-search-share:8080"