Changed: to use the generated passwords from cbioportal-setup.sh. Removed: local database files (they have been added in the database image named bridgehead-cbioportal-database)

bridgehead

@@ -96,8 +96,6 @@ case "$ACTION" in
 		;;
 	stop)
 		loadVars
-		# Kill stale secret-sync instances if present
-		docker kill $(docker ps -q --filter ancestor=docker.verbis.dkfz.de/cache/samply/secret-sync-local) 2>/dev/null || true
 		# HACK: This is temporarily to properly shut down false bridgehead instances (bridgehead-ccp instead ccp)
 		$COMPOSE -p bridgehead-$PROJECT -f ./minimal/docker-compose.yml -f ./$PROJECT/docker-compose.yml $OVERRIDE down
 		exec $COMPOSE -p $PROJECT -f ./minimal/docker-compose.yml -f ./$PROJECT/docker-compose.yml $OVERRIDE down

ccp/docker-compose.yml

@@ -19,30 +19,9 @@ services:
       - "traefik.http.services.blaze_ccp.loadbalancer.server.port=8080"
       - "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,auth"
       - "traefik.http.routers.blaze_ccp.tls=true"
-    
-  frontend:
-    image: "samply/blaze-frontend:latest"
-    environment:
-      ORIGIN: "https://${HOST}/ccp-blaze-frontend"
-      BACKEND_BASE_URL: "https://${HOST}/ccp-localdatamanagement"
-      AUTH_CLIENT_ID: "${OIDC_PRIVATE_CLIENT_ID}"
-      AUTH_CLIENT_SECRET: "${OIDC_CLIENT_SECRET}"
-      AUTH_ISSUER: "${OIDC_URL}"
-      AUTH_SECRET: "666df42c74ce1f4728fe2ffe99b146e0f2e4b4f9810594fcf68c0330495bca0f" # TODO: Generate
-      PROTOCOL_HEADER: "x-forwarded-proto"
-      HOST_HEADER: "x-forwarded-host"
-    depends_on:
-      - blaze
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.blaze_frontend.rule=PathPrefix(`/ccp-blaze-frontend`)"
-      - "traefik.http.middlewares.ccp_blaze_frontend_strip.stripprefix.prefixes=/ccp-blaze-frontend"
-      - "traefik.http.routers.blaze_ccp.middlewares=ccp_blaze_frontend_strip"
-      - "traefik.http.services.blaze_frontend.loadbalancer.server.port=3000"
-      - "traefik.http.routers.blaze_frontend.tls=true"
 
   focus:
-    image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG}
+    image: docker.verbis.dkfz.de/cache/samply/focus:0.4.1
     container_name: bridgehead-focus
     environment:
       API_KEY: ${FOCUS_BEAM_SECRET_SHORT}

ccp/modules/cbioportal-compose.yml

@@ -0,0 +1,60 @@
+version: '3.7'
+
+services:
+  cbioportal:
+    # image: docker.verbis.dkfz.de/ccp/dktk-cbioportal:latest
+    image: bridgehead-cbioportal
+    container_name: bridgehead-cbioportal
+    environment:
+      DB_PASSWORD: ${CBIOPORTAL_DB_PASSWORD}
+      # DB_PASSWORD: "password1234"
+      HTTP_RELATIVE_PATH: "/cbioportal"
+      UPLOAD_HTTP_RELATIVE_PATH: "/cbioportal-upload"
+      UPLOAD_FOLDER: "/app/uploads"
+      EXTRACTED_FOLDER: "/app/study"
+    depends_on:
+      - cbioportal-database
+      - cbioportal-session
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.cbioportal.rule=PathPrefix(`/cbioportal`)"
+      - "traefik.http.routers.cbioportal.service=cbioportal"
+      - "traefik.http.services.cbioportal.loadbalancer.server.port=8080"
+      - "traefik.http.routers.cbioportal.tls=true"
+      - "traefik.http.routers.cbioportal-upload.rule=PathPrefix(`/cbioportal-upload`)"    
+      - "traefik.http.routers.cbioportal-upload.service=cbioportal-upload"
+      - "traefik.http.routers.cbioportal-upload.tls=true"
+      - "traefik.http.services.cbioportal-upload.loadbalancer.server.port=8001" 
+      
+  cbioportal-database:
+    restart: unless-stopped
+    # image: docker.verbis.dkfz.de/ccp/dktk-cbioportal-database:latest
+    image: bridgehead-cbioportal-database
+    container_name: bridgehead-cbioportal-database
+    environment:
+      MYSQL_DATABASE: "cbioportal"
+      MYSQL_USER: "cbio_user"
+      MYSQL_PASSWORD: ${CBIOPORTAL_DB_PASSWORD}
+      MYSQL_ROOT_PASSWORD: ${CBIOPORTAL_DB_ROOT_PASSWORD}
+      # MYSQL_PASSWORD: "password1234"
+      # MYSQL_ROOT_PASSWORD: "password12"
+    volumes:
+     - /var/cache/bridgehead/ccp/cbioportal_db_data:/var/lib/mysql
+ 
+  cbioportal-session:
+    image: cbioportal/session-service:0.6.1
+    container_name: bridgehead-cbioportal-session
+    environment:
+      SERVER_PORT: 5000
+      JAVA_OPTS: -Dspring.data.mongodb.uri=mongodb://cbioportal-session-database:27017/session-service
+    depends_on:
+      - cbioportal-session-database
+
+  cbioportal-session-database:
+    image: mongo:4.2
+    container_name: bridgehead-cbioportal-session-database
+    environment:
+      MONGO_INITDB_DATABASE: session_service
+    volumes:
+      - /var/cache/bridgehead/ccp/cbioportal_session_db_data:/data/db
+      

ccp/modules/cbioportal-setup.sh

@@ -0,0 +1,10 @@
+#!/bin/bash -e
+
+
+ENABLE_CBIOPORTAL=true
+ if [ "$ENABLE_CBIOPORTAL" == true ]; then
+  log INFO "cBioPortal setup detected -- will start cBioPortal service."
+  OVERRIDE+=" -f ./$PROJECT/modules/cbioportal-compose.yml"
+  CBIOPORTAL_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for the cbioportal database. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
+  CBIOPORTAL_DB_ROOT_PASSWORD="$(echo \"This is a salt string to generate one consistent root password for the cbioportal database. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 64)" 
+ fi

ccp/modules/cbioportal.md

@@ -0,0 +1,10 @@
+# CBioPortal Data uploader
+
+
+## Usage
+
+We have integrated an API that allows you to upload data directly to cbioportal without the need to have cbioportal installed in your system.
+
+## Tech stack
+
+We used Flask to add this feature

ccp/modules/id-management-compose.yml

@@ -29,7 +29,6 @@ services:
     container_name: bridgehead-patientlist
     environment:
       - TOMCAT_REVERSEPROXY_FQDN=${HOST}
-      - TOMCAT_REVERSEPROXY_SSL=true
       - ML_SITE=${IDMANAGEMENT_FRIENDLY_ID}
       - ML_DB_PASS=${PATIENTLIST_POSTGRES_PASSWORD}
       - ML_API_KEY=${IDMANAGER_LOCAL_PATIENTLIST_APIKEY}

ccp/vars

@@ -17,7 +17,6 @@ OIDC_REALM="${OIDC_REALM:-master}"
 OIDC_URL="https://login.verbis.dkfz.de"
 OIDC_ISSUER_URL="${OIDC_URL}/realms/${OIDC_REALM}"
 OIDC_GROUP_CLAIM="groups"
-add_private_oidc_redirect_url "/ccp-localdatamanagement"
 
 POSTGRES_TAG=15.6-alpine
 

lib/functions.sh

@@ -164,15 +164,15 @@ setHostname() {
 optimizeBlazeMemoryUsage() {
 	if [ -z "$BLAZE_MEMORY_CAP" ]; then
 	   system_memory_in_mb=$(LC_ALL=C free -m | grep 'Mem:' | awk '{print $2}');
-	   export BLAZE_MEMORY_CAP=$(($system_memory_in_mb/4));
+	   export BLAZE_MEMORY_CAP=$(("$system_memory_in_mb"/4));
 	fi
 	if [ -z "$BLAZE_RESOURCE_CACHE_CAP" ]; then
-		available_system_memory_chunks=$((BLAZE_MEMORY_CAP / 1000))
-		if [ $available_system_memory_chunks -eq 0 ]; then
+		available_system_memory_chuncks=$((BLAZE_MEMORY_CAP / 1000))
+		if [ $available_system_memory_chuncks -eq 0 ]; then
 			log WARN "Only ${BLAZE_MEMORY_CAP} system memory available for Blaze. If your Blaze stores more than 128000 fhir ressources it will run significally slower."
 			export BLAZE_RESOURCE_CACHE_CAP=128000;
 		else
-			export BLAZE_RESOURCE_CACHE_CAP=$((available_system_memory_chunks * 312500))
+			export BLAZE_RESOURCE_CACHE_CAP=$((available_system_memory_chuncks * 312500))
 		fi
 	fi
 }
@@ -289,7 +289,7 @@ function sync_secrets() {
     if [[ $OIDC_PRIVATE_REDIRECT_URLS != "" ]]; then
         secret_sync_args="OIDC:OIDC_CLIENT_SECRET:private;$OIDC_PRIVATE_REDIRECT_URLS"
     fi
-    if [[ $OIDC_PUBLIC_REDIRECT_URLS != "" ]]; then
+    if [[ $OIDC_PRIVATE_REDIRECT_URLS != "" ]]; then
         if [[ $secret_sync_args == "" ]]; then
             secret_sync_args="OIDC:OIDC_PUBLIC:public;$OIDC_PUBLIC_REDIRECT_URLS"
         else