Merge remote-tracking branch 'origin/test/pscc-spot' into test/pscc-spot

README.md

@@ -318,12 +318,6 @@ To enable it, you will need to explicitly set the username and password variable
 DS_DIRECTORY_USER_NAME=your_directory_username
 DS_DIRECTORY_USER_PASS=your_directory_password
 ```
-Alternatively, if you have obtained a token from the Directory, you can insert the following into the configuration file:
-```
-DS_DIRECTORY_USER_TOKEN=your_directory_token
-```
-If you don't supply any authentification information (either login credentials or a token), Directory sync will not start.
-
 Please contact your National Node or Directory support (directory-dev@helpdesk.bbmri-eric.eu) to obtain these credentials.
 
 The following environment variables can be used from within your config file to control the behavior of Directory sync:
@@ -331,13 +325,12 @@ The following environment variables can be used from within your config file to
 | Variable                           | Purpose                                                                                                                                                              | Default if not specified               |
 |:-----------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------------|
 | DS_DIRECTORY_URL                   | Base URL of the Directory                                                                                                                                            | https://directory-backend.molgenis.net |
-| DS_DIRECTORY_USER_NAME             | User name for logging in to Directory                                                                                                                                |                                        |
+| DS_DIRECTORY_USER_NAME             | User name for logging in to Directory **Mandatory**                                                                                                                  |                                        |
-| DS_DIRECTORY_USER_PASS             | Password for logging in to Directory                                                                                                                                 |                                        |
+| DS_DIRECTORY_USER_PASS             | Password for logging in to Directory **Mandatory**                                                                                                                   |                                        |
-| DS_DIRECTORY_USER_TOKEN            | Token for logging in to Directory                                                                                                                                    |                                        |
 | DS_DIRECTORY_DEFAULT_COLLECTION_ID | ID of collection to be used if not in samples                                                                                                                        |                                        |
 | DS_DIRECTORY_ALLOW_STAR_MODEL      | Set to 'True' to send star model info to Directory                                                                                                                   | True                                  |
 | DS_FHIR_STORE_URL                  | URL for FHIR store                                                                                                                                                   | http://bridgehead-bbmri-blaze:8080     |
-| DS_TIMER_CRON                      | Execution interval for Directory sync, [cron](https://crontab.guru) format                                                                                           | 30 22 * * *                            |
+| DS_TIMER_CRON                      | Execution interval for Directory sync, [cron](https://crontab.guru) format                                                                                           | 0 22 * * *                             |
 | DS_IMPORT_BIOBANKS                 | Set to 'True' to import biobank metadata from Directory                                                                                                              | True                                  |
 | DS_IMPORT_COLLECTIONS              | Set to 'True' to import collection metadata from Directory                                                                                                           | True                                  |
 

bbmri/modules/directory-sync-compose.yml

@@ -7,8 +7,7 @@ services:
       DS_DIRECTORY_URL: ${DS_DIRECTORY_URL:-https://directory.bbmri-eric.eu}
       DS_DIRECTORY_USER_NAME: ${DS_DIRECTORY_USER_NAME}
       DS_DIRECTORY_USER_PASS: ${DS_DIRECTORY_USER_PASS}
-      DS_DIRECTORY_USER_TOKEN: ${DS_DIRECTORY_USER_TOKEN}
+      DS_TIMER_CRON: ${DS_TIMER_CRON:-0 22 * * *}
-      DS_TIMER_CRON: ${DS_TIMER_CRON:-30 22 * * *}
       DS_DIRECTORY_ALLOW_STAR_MODEL: ${DS_DIRECTORY_ALLOW_STAR_MODEL:-true}
       DS_DIRECTORY_MOCK: ${DS_DIRECTORY_MOCK}
       DS_DIRECTORY_DEFAULT_COLLECTION_ID: ${DS_DIRECTORY_DEFAULT_COLLECTION_ID}
@@ -17,6 +16,3 @@ services:
       DS_IMPORT_COLLECTIONS: ${DS_IMPORT_COLLECTIONS:-true}
     depends_on:
       - "blaze"
-    volumes:
-      - /etc/localtime:/etc/localtime:ro # inherit host timezone
-      - /etc/timezone:/etc/timezone:ro   # inherit host timezone name

bbmri/modules/eric-compose.yml

@@ -11,7 +11,6 @@ services:
       BLAZE_URL: "http://blaze:8080/fhir/"
       BEAM_PROXY_URL: http://beam-proxy-eric:8081
       RETRY_COUNT: ${FOCUS_RETRY_COUNT}
-      OBFUSCATE_BBMRI_ERIC_WAY: "true"
     depends_on:
       - "beam-proxy-eric"
       - "blaze"

bridgehead

@@ -47,9 +47,6 @@ case "$PROJECT" in
 	dhki)
 		#nothing extra to do
 		;;
-	nngm)
-		#nothing extra to do
-		;;
 	minimal)
 		#nothing extra to do
 		;;

cce/modules/lens-compose.yml

@@ -1,44 +1,32 @@
 version: "3.7"
 services:
-  lens:
+  landing:
     container_name: lens_federated-search
-    image: samply/cce-explorer:main
+    image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID}
     labels:
-      - "traefik.http.services.lens.loadbalancer.server.port=3000"
       - "traefik.enable=true"
-      - "traefik.http.routers.lens.rule=Host(`${HOST}`)"
+      - "traefik.http.routers.landing.rule=PathPrefix(`/`)"
-      - "traefik.http.routers.lens.tls=true"
+      - "traefik.http.services.landing.loadbalancer.server.port=80"
+      - "traefik.http.routers.landing.tls=true"
 
   spot:
-    image: samply/rustyspot:latest
+    image: docker.verbis.dkfz.de/ccp-private/central-spot
     environment:
-      HTTP_PROXY: ${HTTP_PROXY_URL}
-      HTTPS_PROXY: ${HTTPS_PROXY_URL}
-      NO_PROXY: beam-proxy
       BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}"
-      BEAM_PROXY_URL: http://beam-proxy:8081
+      BEAM_URL: http://beam-proxy:8081
-      BEAM_APP_ID: "spot.${SITE_ID}.${BROKER_ID}"
+      BEAM_PROXY_ID: ${SITE_ID}
-      CORS_ORIGIN: "https://${HOST}"
+      BEAM_BROKER_ID: ${BROKER_ID}
-      SITES: ${SITES}
+      BEAM_APP_ID: "focus"
-      TRANSFORM: LENS
-      PROJECT: cce
-      BIND_ADDR: 0.0.0.0:8055
     depends_on:
       - "beam-proxy"
     labels:
       - "traefik.enable=true"
-      - "traefik.http.services.spot.loadbalancer.server.port=8055"
+      - "traefik.http.services.spot.loadbalancer.server.port=8080"
       - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST"
-      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowheaders=content-type"
       - "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}"
       - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true"
       - "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1"
-      - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/prod`)"
+      - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/backend`)"
-      - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/prod"
+      - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/backend"
       - "traefik.http.routers.spot.tls=true"
       - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot,auth"
-
-  beam-proxy:
-    environment:
-      APP_spot_KEY: ${FOCUS_BEAM_SECRET_SHORT}
-      

cce/vars

@@ -11,4 +11,4 @@ for module in $PROJECT/modules/*.sh
 do
     log DEBUG "sourcing $module"
     source $module
-done
+done

ccp/modules/dnpm-node-compose.yml

@@ -66,7 +66,6 @@ services:
       - HATEOAS_HOST=https://${HOST}
       - CONNECTOR_TYPE=broker
       - AUTHUP_URL=robot://system:${DNPM_AUTHUP_SECRET}@http://dnpm-authup:3000
-      - TZ=Europe/Berlin
     volumes:
       - /etc/bridgehead/dnpm/config:/dnpm_config
       - /var/cache/bridgehead/dnpm/backend-data:/dnpm_data

itcc/docker-compose.yml

@@ -34,7 +34,6 @@ services:
       EPSILON: 0.28
       QUERIES_TO_CACHE: '/queries_to_cache.conf'
       ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze}
-      CQL_PROJECTS_ENABLED: "itcc"
     volumes:
       - /srv/docker/bridgehead/itcc/queries_to_cache.conf:/queries_to_cache.conf:ro
     depends_on:

itcc/modules/lens-compose.yml

@@ -17,7 +17,6 @@ services:
       BEAM_PROXY_ID: ${SITE_ID}
       BEAM_BROKER_ID: ${BROKER_ID}
       BEAM_APP_ID: "focus"
-      PROJECT_METADATA: "itcc"
     depends_on:
       - "beam-proxy"
     labels:

lib/functions.sh

@@ -54,7 +54,7 @@ checkOwner(){
 
 printUsage() {
 	echo "Usage: bridgehead start|stop|logs|docker-logs|is-running|update|check|install|uninstall|adduser|enroll PROJECTNAME"
-	echo "PROJECTNAME should be one of ccp|bbmri|cce|itcc|kr|dhki|nngm"
+	echo "PROJECTNAME should be one of ccp|bbmri|cce|itcc|kr|dhki"
 }
 
 checkRequirements() {
@@ -337,7 +337,7 @@ function sync_secrets() {
 }
 
 function secret_sync_gitlab_token() {
-    if [[ "$PROJECT" != "dktk" && "$PROJECT" != "bbmri" ]]; then
+    if [ "$PROJECT" == "minimal" ]; then
         log "INFO" "Not running Secret Sync for project minimal"
         return
     fi

lib/prepare-system.sh

@@ -70,9 +70,6 @@ case "$PROJECT" in
 	dhki)
 		site_configuration_repository_middle="git.verbis.dkfz.de/dhki/"
 		;;
-	nngm)
-		site_configuration_repository_middle="git.verbis.dkfz.de/nngm/"
-		;;
 	minimal)
 		site_configuration_repository_middle="git.verbis.dkfz.de/minimal-bridgehead-configs/"
 		;;

minimal/modules/dnpm-node-compose.yml

@@ -66,7 +66,6 @@ services:
       - HATEOAS_HOST=https://${HOST}
       - CONNECTOR_TYPE=broker
       - AUTHUP_URL=robot://system:${DNPM_AUTHUP_SECRET}@http://dnpm-authup:3000
-      - TZ=Europe/Berlin
     volumes:
       - /etc/bridgehead/dnpm/config:/dnpm_config
       - /var/cache/bridgehead/dnpm/backend-data:/dnpm_data

nngm/docker-compose.yml

@@ -1,65 +0,0 @@
-version: "3.7"
-
-services:
-  blaze:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
-    container_name: bridgehead-nngm-blaze
-    environment:
-      BASE_URL: "http://bridgehead-nngm-blaze:8080"
-      JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m"
-      DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000}
-      DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP}
-      CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32}
-      ENFORCE_REFERENTIAL_INTEGRITY: "false"
-    volumes:
-      - "blaze-data:/app/data"
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.blaze_nngm.rule=PathPrefix(`/nngm-localdatamanagement`)"
-      - "traefik.http.middlewares.nngm_b_strip.stripprefix.prefixes=/nngm-localdatamanagement"
-      - "traefik.http.services.blaze_nngm.loadbalancer.server.port=8080"
-      - "traefik.http.routers.blaze_nngm.middlewares=nngm_b_strip,auth"
-      - "traefik.http.routers.blaze_nngm.tls=true"
-
-  focus:
-    image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG}
-    container_name: bridgehead-focus
-    environment:
-    - API_KEY=${FOCUS_BEAM_SECRET_SHORT}
-    - BEAM_APP_ID_LONG=focus.${PROXY_ID}
-    - PROXY_ID=${PROXY_ID}
-    - BLAZE_URL=http://bridgehead-nngm-blaze:8080/fhir/
-    - BEAM_PROXY_URL=http://beam-proxy:8081
-    - RETRY_COUNT=${FOCUS_RETRY_COUNT}
-    - EPSILON=0.28
-    - ENDPOINT_TYPE=${FOCUS_ENDPOINT_TYPE:-blaze}
-    - CQL_PROJECTS_ENABLED
-    depends_on:
-      - "beam-proxy"
-      - "blaze"
-
-  beam-proxy:
-    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:${BEAM_TAG}
-    container_name: bridgehead-beam-proxy
-    environment:
-      BROKER_URL: ${BROKER_URL}
-      PROXY_ID: ${PROXY_ID}
-      APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT}
-      PRIVKEY_FILE: /run/secrets/proxy.pem
-      ALL_PROXY: http://forward_proxy:3128
-      TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
-      ROOTCERT_FILE: /conf/root.crt.pem
-    secrets:
-      - proxy.pem
-    depends_on:
-      - "forward_proxy"
-    volumes:
-      - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
-      - /srv/docker/bridgehead/nngm/root.crt.pem:/conf/root.crt.pem:ro
-
-volumes:
-  blaze-data:
-
-secrets:
-  proxy.pem:
-    file: /etc/bridgehead/pki/${SITE_ID}.priv.pem

nngm/modules/exporter-compose.yml

@@ -1,72 +0,0 @@
-version: "3.7"
-
-services:
-  exporter:
-    image: docker.verbis.dkfz.de/ccp/dktk-exporter:latest
-    container_name: bridgehead-nngm-exporter
-    environment:
-      JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"
-      LOG_LEVEL: "INFO"
-      EXPORTER_API_KEY: "${EXPORTER_API_KEY}" # Set in exporter-setup.sh
-      CROSS_ORIGINS: "https://${HOST}"
-      EXPORTER_DB_USER: "exporter"
-      EXPORTER_DB_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh
-      EXPORTER_DB_URL: "jdbc:postgresql://exporter-db:5432/exporter"
-      HTTP_RELATIVE_PATH: "/nngm-exporter"
-      SITE: "${SITE_ID}"
-      HTTP_SERVLET_REQUEST_SCHEME: "https"
-      OPAL_PASSWORD: "${EXPORTER_OPAL_PASSWORD}"
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.exporter_nngm.rule=PathPrefix(`/nngm-exporter`)"
-      - "traefik.http.services.exporter_nngm.loadbalancer.server.port=8092"
-      - "traefik.http.routers.exporter_nngm.tls=true"
-      - "traefik.http.middlewares.exporter_nngm_strip.stripprefix.prefixes=/nngm-exporter"
-      - "traefik.http.routers.exporter_nngm.middlewares=exporter_nngm_strip"
-    volumes:
-      - "/var/cache/bridgehead/nngm/exporter-files:/app/exporter-files/output"
-
-  exporter-db:
-    image: docker.verbis.dkfz.de/cache/postgres:${POSTGRES_TAG}
-    container_name: bridgehead-nngm-exporter-db
-    environment:
-      POSTGRES_USER: "exporter"
-      POSTGRES_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh
-      POSTGRES_DB: "exporter"
-    volumes:
-      # Consider removing this volume once we find a solution to save Lens-queries to be executed in the explorer.
-      - "/var/cache/bridgehead/nngm/exporter-db:/var/lib/postgresql/data"
-
-  reporter:
-    image: docker.verbis.dkfz.de/ccp/dktk-reporter:latest
-    container_name: bridgehead-nngm-reporter
-    environment:
-      JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"
-      LOG_LEVEL: "INFO"
-      CROSS_ORIGINS: "https://${HOST}"
-      HTTP_RELATIVE_PATH: "/nngm-reporter"
-      SITE: "${SITE_ID}"
-      EXPORTER_API_KEY: "${EXPORTER_API_KEY}" # Set in exporter-setup.sh
-      EXPORTER_URL: "http://exporter:8092"
-      LOG_FHIR_VALIDATION: "false"
-      HTTP_SERVLET_REQUEST_SCHEME: "https"
-
-    # In this initial development state of the bridgehead, we are trying to have so many volumes as possible.
-    # However, in the first executions in the CCP sites, this volume seems to be very important. A report is
-    # a process that can take several hours, because it depends on the exporter.
-    # There is a risk that the bridgehead restarts, losing the already created export.
-
-    volumes:
-      - "/var/cache/bridgehead/nngm/reporter-files:/app/reports"
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.reporter_nngm.rule=PathPrefix(`/nngm-reporter`)"
-      - "traefik.http.services.reporter_nngm.loadbalancer.server.port=8095"
-      - "traefik.http.routers.reporter_nngm.tls=true"
-      - "traefik.http.middlewares.reporter_nngm_strip.stripprefix.prefixes=/nngm-reporter"
-      - "traefik.http.routers.reporter_nngm.middlewares=reporter_nngm_strip"
-
-  focus:
-    environment:
-      EXPORTER_URL: "http://exporter:8092"
-      EXPORTER_API_KEY: "${EXPORTER_API_KEY}"

nngm/modules/exporter-setup.sh

@@ -1,8 +0,0 @@
-#!/bin/bash -e
-
-if [ "$ENABLE_EXPORTER" == true ]; then
-  log INFO "Exporter setup detected -- will start Exporter service."
-  OVERRIDE+=" -f ./$PROJECT/modules/exporter-compose.yml"
-  EXPORTER_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
-  EXPORTER_API_KEY="$(echo \"This is a salt string to generate one consistent API KEY for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 64)"
-fi

nngm/modules/teiler-compose.yml

@@ -1,73 +0,0 @@
-version: "3.7"
-
-services:
-
-  teiler-orchestrator:
-    image: docker.verbis.dkfz.de/cache/samply/teiler-orchestrator:latest
-    container_name: bridgehead-teiler-orchestrator
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.teiler_orchestrator_nngm.rule=PathPrefix(`/nngm-teiler`)"
-      - "traefik.http.services.teiler_orchestrator_nngm.loadbalancer.server.port=9000"
-      - "traefik.http.routers.teiler_orchestrator_nngm.tls=true"
-      - "traefik.http.middlewares.teiler_orchestrator_nngm_strip.stripprefix.prefixes=/nngm-teiler"
-      - "traefik.http.routers.teiler_orchestrator_nngm.middlewares=teiler_orchestrator_nngm_strip"
-    environment:
-      TEILER_BACKEND_URL: "/nngm-teiler-backend"
-      TEILER_DASHBOARD_URL: "/nngm-teiler-dashboard"
-      DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE_LOWER_CASE}"
-      HTTP_RELATIVE_PATH: "/nngm-teiler"
-
-  teiler-dashboard:
-    image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:${TEILER_DASHBOARD_TAG}
-    container_name: bridgehead-teiler-dashboard
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.teiler_dashboard_nngm.rule=PathPrefix(`/nngm-teiler-dashboard`)"
-      - "traefik.http.services.teiler_dashboard_nngm.loadbalancer.server.port=80"
-      - "traefik.http.routers.teiler_dashboard_nngm.tls=true"
-      - "traefik.http.middlewares.teiler_dashboard_nngm_strip.stripprefix.prefixes=/nngm-teiler-dashboard"
-      - "traefik.http.routers.teiler_dashboard_nngm.middlewares=teiler_dashboard_nngm_strip"
-    environment:
-      DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
-      TEILER_BACKEND_URL: "/nngm-teiler-backend"
-      TEILER_DASHBOARD_URL: "/nngm-teiler-dashboard"
-      OIDC_URL: "${OIDC_URL}"
-      OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}"
-      OIDC_TOKEN_GROUP: "${OIDC_GROUP_CLAIM}"
-      TEILER_ADMIN_NAME: "${OPERATOR_FIRST_NAME} ${OPERATOR_LAST_NAME}"
-      TEILER_ADMIN_EMAIL: "${OPERATOR_EMAIL}"
-      TEILER_ADMIN_PHONE: "${OPERATOR_PHONE}"
-      TEILER_PROJECT: "${PROJECT}"
-      EXPORTER_API_KEY: "${EXPORTER_API_KEY}"
-      TEILER_ORCHESTRATOR_URL: "/nngm-teiler"
-      TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/nngm-teiler"
-      TEILER_USER: "${OIDC_USER_GROUP}"
-      TEILER_ADMIN: "${OIDC_ADMIN_GROUP}"
-      REPORTER_DEFAULT_TEMPLATE_ID: "ccp-qb"
-      EXPORTER_DEFAULT_TEMPLATE_ID: "ccp"
-
-
-# TODO: Replace dktk-teiler-backend with nngm-teiler-backend
-  teiler-backend:
-    image: docker.verbis.dkfz.de/ccp/dktk-teiler-backend:latest
-    container_name: bridgehead-teiler-backend
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.teiler_backend_nngm.rule=PathPrefix(`/nngm-teiler-backend`)"
-      - "traefik.http.services.teiler_backend_nngm.loadbalancer.server.port=8085"
-      - "traefik.http.routers.teiler_backend_nngm.tls=true"
-      - "traefik.http.middlewares.teiler_backend_nngm_strip.stripprefix.prefixes=/nngm-teiler-backend"
-      - "traefik.http.routers.teiler_backend_nngm.middlewares=teiler_backend_nngm_strip"
-    environment:
-      LOG_LEVEL: "INFO"
-      APPLICATION_PORT: "8085"
-      DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
-      TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/nngm-teiler"
-      TEILER_ORCHESTRATOR_URL: "/nngm-teiler"
-      TEILER_DASHBOARD_DE_URL: "/nngm-teiler-dashboard/de"
-      TEILER_DASHBOARD_EN_URL: "/nngm-teiler-dashboard/en"
-      HTTP_PROXY: "http://forward_proxy:3128"
-      ENABLE_MTBA: "${ENABLE_MTBA}"
-      ENABLE_DATASHIELD: "${ENABLE_DATASHIELD}"
-      IDMANAGER_UPLOAD_APIKEY: "${IDMANAGER_UPLOAD_APIKEY}" # Only used to check if the ID Manager is active

nngm/modules/teiler-setup.sh

@@ -1,8 +0,0 @@
-#!/bin/bash -e
-
-if [ "$ENABLE_TEILER" == true ];then
-  log INFO "Teiler setup detected -- will start Teiler services."
-  OVERRIDE+=" -f ./$PROJECT/modules/teiler-compose.yml"
-  TEILER_DEFAULT_LANGUAGE=DE
-  TEILER_DEFAULT_LANGUAGE_LOWER_CASE=${TEILER_DEFAULT_LANGUAGE,,}
-fi

nngm/root.crt.pem

@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDNTCCAh2gAwIBAgIUWHMDQFPJR5y8RKZ5FC72iOOla4kwDQYJKoZIhvcNAQEL
-BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjUxMDI3MTQwMjU1WhcNMzUx
-MDI1MTQwMzI1WjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAKoghRqAo6s9xjDao+ZC9HpZDBgzOgRMRHrl352k
-Y0Gti1p3m8ldwVQV+nlBE6g/Dowo+iaOwUBiHMHOI2BK7vqkGNp0tZ63ZKR4cyOD
-hCDOl71lWxjYD5XmF7l/SbrLFfET0EEorhLDDOMuWrNpxKFfKdvhld6K5BZ3oSfH
-/5W5y5jWRFWEYRzddzil2GOiU2vzAygA0I1nr5oHCgZoteDDXztAYHJ5vnPA9RNQ
-YFoe/5fVOiJo869zYyBwMuY/dV5ff7eIe/HRKzFLZ6iJEOJcBFWx/aWEvj5gSWxS
-x4OzkwoHsZOkRN9wSTXvdO5kPFzmPq8Nq7Hmw4tLVzP1eRECAwEAAaN7MHkwDgYD
-VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP9BHa86rz94
-nvMj2JhM5V3L3TWCMB8GA1UdIwQYMBaAFP9BHa86rz94nvMj2JhM5V3L3TWCMBYG
-A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQCkWBXRUGx5
-XFWEEAVbAMcEuXAr6+HtSs+NTORQ01LhNST8Z9HhOaAjfH/dJiLvOjHvOuiOK9y9
-ZGkIIwqkkbhlv1ZcfQBWXh+xDNbq9Q2MaIWY3ZzPTKFgNkxFcEF43MMB+o5pK1Bf
-jJIiSxuEfM0yHg9o+jc3V3XRhU9leXNPkfJezTGfVuWr/B/kTmnQ8zrOCapB+NnX
-vuu1ayNyXflDkj8Gg0X4TarxGhSP6Dpxd9ViEQD9DFG8q42bH0mYveHcAIUN0FJX
-4F2NChiL7dCSFFe6xKdRFDtNe12JrHRjU1rMAcxhYjBRbqt2o2HfDPajSJrhRheY
-T35rRWxDupkP
------END CERTIFICATE-----

nngm/vars

@@ -1,32 +0,0 @@
-BROKER_ID=broker.nngm.dkfz.de
-BROKER_URL=https://${BROKER_ID}
-PROXY_ID=${SITE_ID}.${BROKER_ID}
-FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
-FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
-# TODO: Add real nNGM-Support email
-SUPPORT_EMAIL=support-nngm@dkfz-heidelberg.de
-PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
-
-BROKER_URL_FOR_PREREQ=$BROKER_URL
-
-# TODO: Replace with nNGM OIDC Server
-OIDC_USER_GROUP="NNGM_$(capitalize_first_letter ${SITE_ID})"
-OIDC_ADMIN_GROUP="NNGM_$(capitalize_first_letter ${SITE_ID})_Verwalter"
-OIDC_PSP_GROUP="NNGM_$(capitalize_first_letter ${SITE_ID})_PSP"
-OIDC_PRIVATE_CLIENT_ID=${SITE_ID}-private
-OIDC_PUBLIC_CLIENT_ID=${SITE_ID}-public
-OIDC_URL="https://sso.verbis.dkfz.de/application/o/${OIDC_PUBLIC_CLIENT_ID}/"
-OIDC_PRIVATE_URL="https://sso.verbis.dkfz.de/application/o/${OIDC_PRIVATE_CLIENT_ID}/"
-OIDC_GROUP_CLAIM="groups"
-
-for module in $PROJECT/modules/*.sh
-do
-    log DEBUG "sourcing $module"
-    source $module
-done
-
-for module in modules/*.sh
-do
-    log DEBUG "sourcing $module"
-    source $module
-done

pscc/modules/lens-compose.yml

@@ -1,40 +1,45 @@
 version: "3.7"
 services:
   lens:
-    container_name: lens-federated-search
+    container_name: lens_federated-search
     image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID}
     labels:
-      - "traefik.http.services.lens.loadbalancer.server.port=3000"
       - "traefik.enable=true"
-      - "traefik.http.routers.lens.rule=Host(`${HOST}`)"
+      - "traefik.http.routers.landing.rule=PathPrefix(`/`)"
-      - "traefik.http.routers.lens.tls=true"
+      - "traefik.http.services.landing.loadbalancer.server.port=3000"
+      - "traefik.http.routers.landing.middlewares=auth"
+      - "traefik.http.routers.landing.tls=true"
 
   spot:
-    image: samply/rustyspot:latest
+    image: samply/rustyspot:main
     platform: linux/amd64
     environment:
-      HTTP_PROXY: ${HTTP_PROXY_URL}
-      HTTPS_PROXY: ${HTTPS_PROXY_URL}
-      NO_PROXY: beam-proxy
       BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}"
       BEAM_PROXY_URL: http://beam-proxy:8081
       BEAM_APP_ID: "spot.${SITE_ID}.${BROKER_ID}"
       CORS_ORIGIN: "https://${HOST}"
-      SITES: ${SITES}
+      SITES: "${SITE_ID}"
       TRANSFORM: LENS
-      PROJECT: pscc
       BIND_ADDR: 0.0.0.0:8055
+      RUST_LOG: "debug"
+      LOG_FILE: /logs/requests.log
+      PROJECT: pscc
+    volumes:
+      - /etc/bridgehead/logs:/logs
+      - /etc/bridgehead/query:/query:ro
     depends_on:
       - "beam-proxy"
     labels:
       - "traefik.enable=true"
       - "traefik.http.services.spot.loadbalancer.server.port=8055"
       - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST"
-      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowheaders=content-type"
       - "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}"
       - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true"
       - "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1"
-      - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/prod`)"
+      - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/backend`)"
-      - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/prod"
+      - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/backend"
       - "traefik.http.routers.spot.tls=true"
-      - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot,auth"
+      - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot"
+  beam-proxy:
+    environment:
+      APP_spot_KEY: ${FOCUS_BEAM_SECRET_SHORT}

pscc/root.crt.pem

@@ -1,20 +1,20 @@
 -----BEGIN CERTIFICATE-----
-MIIDNTCCAh2gAwIBAgIUVC1Y1tx0q5PNR33gArAyyBm8PMQwDQYJKoZIhvcNAQEL
+MIIDNTCCAh2gAwIBAgIUW34NEb7bl0+Ywx+I1VKtY5vpAOowDQYJKoZIhvcNAQEL
-BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjUxMTAzMTQxODQ5WhcNMzUx
+BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjQwMTIyMTMzNzEzWhcNMzQw
-MTAxMTQxOTE5WjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN
+MTE5MTMzNzQzWjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAMB1yd7zkh7Io/ReQYindBcAdA1b4ogdVnrdSLRN
+AQEBBQADggEPADCCAQoCggEBAL5UegLXTlq3XRRj8LyFs3aF0tpRPVoW9RXp5kFI
-N3zLSh6jN5KIXgs34BdRXx0so0m96q+9xlgacTXGRBn1Tu5SKMRyXdxnCLMzHAYU
+TnBvyO6qjNbMDT/xK+4iDtEX4QQUvsxAKxfXbe9i1jpdwjgH7JHaSGm2IjAiKLqO
-rNKhqF5HeZCYkVyh/tsAyFfDwZDVzsdX64V+0r5+raev2X0gJnlgmF83DIKjkVUS
+OXQQtguWwfNmmp96Ql13ArLj458YH08xMO/w2NFWGwB/hfARa4z/T0afFuc/tKJf
-2+c+3BnXa9LOdXks0qygJjvaFyi+5MA3DinLnmMLCQ3yAvaZYWyP3xCnGIoVrZFq
+XbGCG9xzJ9tmcG45QN8NChGhVvaTweNdVxGWlpHxmi0Mn8OM9CEuB7nPtTTiBuiu
-a+YioMCmHrbByuXPoZsXcFY7Z85LQkCtSVt1dH4kkN2/JehXG099nqwMqO8FpLZZ
+pRC2zVVmNjVp4ktkAqL7IHOz+/F5nhiz6tOika9oD3376Xj055lPznLcTQn2+4d7
-xG7/U3P/slX1MMLs97nqRCRoW7Cha2ci1NBYLll+34ekhxMCAwEAAaN7MHkwDgYD
+K7ZrBopCFxIQPjkgmYRLfPejbpdUjK1UVJw7hbWkqWqH7JMCAwEAAaN7MHkwDgYD
-VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJHTpnuyIGHw
+VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGjvRcaIP4HM
-yvC/mmh+S/JKYVrAMB8GA1UdIwQYMBaAFJHTpnuyIGHwyvC/mmh+S/JKYVrAMBYG
+poIguUAK9YL2n7fbMB8GA1UdIwQYMBaAFGjvRcaIP4HMpoIguUAK9YL2n7fbMBYG
-A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQAeDc/k28yb
+A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQCbzycJSaDm
-I5MLC/LdaA+MKsW2FWF9HT+tsbtltTaQIRnnkwfU/40Ius3gzUU5z+kPqq5+kxhy
+AXXNJqQ88djrKs5MDXS8RIjS/cu2ayuLaYDe+BzVmUXNA0Vt9nZGdaz63SLLcjpU
-3T646Rbau85Zw24gdNmiVKAAG5ntKoQ7XnyR/06PYyXNGLqnb6aKvbcIPoWtU/+2
+fNSxBfKbwmf7s30AK8Cnfj9q4W/BlBeVizUHQsg1+RQpDIdMrRQrwkXv8mfLw+w5
-8f5hHdQ/4271aHws7dKcBNWu9V5WmxMZ3YTfnBR5lEda+DhVwHqtmun8EpSbwthD
+3oaXNW6W/8KpBp/H8TBZ6myl6jCbeR3T8EMXBwipMGop/1zkbF01i98Xpqmhx2+l
-aLLIOHJpetr+KWUVFHQdGbO23Qg1Else0Akcn5Gzf/sKkVCVxjHE6jeo4ZwHtstG
+n+80ofPsSspOo5XmgCZym8CD/m/oFHmjcvOfpOCvDh4PZ+i37pmbSlCYoMpla3u/
-KMoff+ETC+DL5kMZ4CV5VaQ4HxVK7N0qiUxmijWe+EyRZseum1c0s2OEi2L52Q9K
+7MJMP5lugfLBYNDN2p+V4KbHP/cApCDT5UWLOeAWjgiZQtHH5ilDeYqEc1oPjyJt
-P4N3yD4ed4p/
+Rtup0MTxSJtN
 -----END CERTIFICATE-----

pscc/vars

@@ -1,4 +1,4 @@
-BROKER_ID=broker.pscc.org
+BROKER_ID=test-no-real-data.broker.samply.de
 BROKER_URL=https://${BROKER_ID}
 PROXY_ID=${SITE_ID}.${BROKER_ID}
 FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"

versions/acceptance

@@ -1,6 +1,6 @@
 FOCUS_TAG=develop
 BEAM_TAG=develop
-BLAZE_TAG=0.32
+BLAZE_TAG=main
 POSTGRES_TAG=15.13-alpine
 TEILER_DASHBOARD_TAG=develop
 MTBA_TAG=develop

versions/test

@@ -1,6 +1,6 @@
 FOCUS_TAG=develop
 BEAM_TAG=develop
-BLAZE_TAG=0.32
+BLAZE_TAG=main
 POSTGRES_TAG=15.13-alpine
 TEILER_DASHBOARD_TAG=develop
-MTBA_TAG=develop
+MTBA_TAG=develop