Changes to make deployed CCE explorer work properly. (#368 )

* Changes to make deployed CCE explorer work properly. In the lens environment section in services: - add PUBLIC_SPOT_URL value
update beam proxy server used for oauth enrollment (#366 )
2026-04-17 18:30:14 +02:00 · 2026-01-28 13:52:38 +01:00 · 2026-01-28 13:52:38 +01:00 · 2026-01-28 13:52:38 +01:00 · 2026-01-28 13:52:38 +01:00 · 2026-01-28 13:52:38 +01:00
10 changed files with 56 additions and 26 deletions
--- a/bbmri/modules/eric-compose.yml
+++ b/bbmri/modules/eric-compose.yml
@@ -11,6 +11,7 @@ services:
      BLAZE_URL: "http://blaze:8080/fhir/"
      BEAM_PROXY_URL: http://beam-proxy-eric:8081
      RETRY_COUNT: ${FOCUS_RETRY_COUNT}
+      OBFUSCATE_BBMRI_ERIC_WAY: "true"
    depends_on:
      - "beam-proxy-eric"
      - "blaze"
--- a/cce/modules/airgapped-blaze-compose.yml
+++ b/cce/modules/airgapped-blaze-compose.yml
@@ -0,0 +1,25 @@
+version: "3.7"
+
+services:
+  blaze-airgapped:
+    image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
+    container_name: bridgehead-cce-blaze-airgapped
+    environment:
+      BASE_URL: "http://bridgehead-cce-blaze-airgapped:8080"
+      JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m"
+      DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000}
+      DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP}
+      CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32}
+      ENFORCE_REFERENTIAL_INTEGRITY: "false"
+    volumes:
+      - "blaze-airgapped-data:/app/data"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.blaze-airgapped_cce.rule=PathPrefix(`/cce-localdatamanagement-airgapped`)"
+      - "traefik.http.middlewares.cce_b-a_strip.stripprefix.prefixes=/cce-localdatamanagement-airgapped"
+      - "traefik.http.services.blaze-airgapped_cce.loadbalancer.server.port=8080"
+      - "traefik.http.routers.blaze-airgapped_cce.middlewares=cce_b-a_strip,auth"
+      - "traefik.http.routers.blaze-airgapped_cce.tls=true"
+
+volumes:
+  blaze-airgapped-data:
--- a/cce/modules/airgapped-blaze-setup.sh
+++ b/cce/modules/airgapped-blaze-setup.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+OVERRIDE+=" -f ./$PROJECT/modules/airgapped-blaze-compose.yml"
--- a/cce/modules/lens-compose.yml
+++ b/cce/modules/lens-compose.yml
@@ -2,7 +2,9 @@ version: "3.7"
 services:
  lens:
    container_name: lens_federated-search
-    image: ghcr.io/samply/cce-explorer:pr-1
+    image: samply/cce-explorer:main
+    environment:
+      PUBLIC_SPOT_URL: https://${HOST}/prod
    labels:
      - "traefik.http.services.lens.loadbalancer.server.port=3000"
      - "traefik.enable=true"
--- a/lib/functions.sh
+++ b/lib/functions.sh
@@ -327,7 +327,7 @@ function sync_secrets() {
        -e ALL_PROXY=$HTTPS_PROXY_FULL_URL \
        -e PROXY_ID=$proxy_id \
        -e BROKER_URL=$broker_url \
-        -e OIDC_PROVIDER=secret-sync-central.test-secret-sync.$broker_id \
+        -e OIDC_PROVIDER=secret-sync-central.central-secret-sync.$broker_id \
        -e SECRET_DEFINITIONS=$secret_sync_args \
        docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest

--- a/nngm/docker-compose.yml
+++ b/nngm/docker-compose.yml
@@ -22,8 +22,7 @@ services:
      - "traefik.http.routers.blaze_nngm.tls=true"

  focus:
-    #image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG}
-    image: ghcr.io/samply/focus:feature-nngm-v2
+    image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG}
    container_name: bridgehead-focus
    environment:
    - API_KEY=${FOCUS_BEAM_SECRET_SHORT}
--- a/pscc/root.crt.pem
+++ b/pscc/root.crt.pem
@@ -1,20 +1,20 @@
 -----BEGIN CERTIFICATE-----
-MIIDNTCCAh2gAwIBAgIUW34NEb7bl0+Ywx+I1VKtY5vpAOowDQYJKoZIhvcNAQEL
-BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjQwMTIyMTMzNzEzWhcNMzQw
-MTE5MTMzNzQzWjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAL5UegLXTlq3XRRj8LyFs3aF0tpRPVoW9RXp5kFI
-TnBvyO6qjNbMDT/xK+4iDtEX4QQUvsxAKxfXbe9i1jpdwjgH7JHaSGm2IjAiKLqO
-OXQQtguWwfNmmp96Ql13ArLj458YH08xMO/w2NFWGwB/hfARa4z/T0afFuc/tKJf
-XbGCG9xzJ9tmcG45QN8NChGhVvaTweNdVxGWlpHxmi0Mn8OM9CEuB7nPtTTiBuiu
-pRC2zVVmNjVp4ktkAqL7IHOz+/F5nhiz6tOika9oD3376Xj055lPznLcTQn2+4d7
-K7ZrBopCFxIQPjkgmYRLfPejbpdUjK1UVJw7hbWkqWqH7JMCAwEAAaN7MHkwDgYD
-VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGjvRcaIP4HM
-poIguUAK9YL2n7fbMB8GA1UdIwQYMBaAFGjvRcaIP4HMpoIguUAK9YL2n7fbMBYG
-A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQCbzycJSaDm
-AXXNJqQ88djrKs5MDXS8RIjS/cu2ayuLaYDe+BzVmUXNA0Vt9nZGdaz63SLLcjpU
-fNSxBfKbwmf7s30AK8Cnfj9q4W/BlBeVizUHQsg1+RQpDIdMrRQrwkXv8mfLw+w5
-3oaXNW6W/8KpBp/H8TBZ6myl6jCbeR3T8EMXBwipMGop/1zkbF01i98Xpqmhx2+l
-n+80ofPsSspOo5XmgCZym8CD/m/oFHmjcvOfpOCvDh4PZ+i37pmbSlCYoMpla3u/
-7MJMP5lugfLBYNDN2p+V4KbHP/cApCDT5UWLOeAWjgiZQtHH5ilDeYqEc1oPjyJt
-Rtup0MTxSJtN
+MIIDNTCCAh2gAwIBAgIUVC1Y1tx0q5PNR33gArAyyBm8PMQwDQYJKoZIhvcNAQEL
+BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjUxMTAzMTQxODQ5WhcNMzUx
+MTAxMTQxOTE5WjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAMB1yd7zkh7Io/ReQYindBcAdA1b4ogdVnrdSLRN
+N3zLSh6jN5KIXgs34BdRXx0so0m96q+9xlgacTXGRBn1Tu5SKMRyXdxnCLMzHAYU
+rNKhqF5HeZCYkVyh/tsAyFfDwZDVzsdX64V+0r5+raev2X0gJnlgmF83DIKjkVUS
+2+c+3BnXa9LOdXks0qygJjvaFyi+5MA3DinLnmMLCQ3yAvaZYWyP3xCnGIoVrZFq
+a+YioMCmHrbByuXPoZsXcFY7Z85LQkCtSVt1dH4kkN2/JehXG099nqwMqO8FpLZZ
+xG7/U3P/slX1MMLs97nqRCRoW7Cha2ci1NBYLll+34ekhxMCAwEAAaN7MHkwDgYD
+VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJHTpnuyIGHw
+yvC/mmh+S/JKYVrAMB8GA1UdIwQYMBaAFJHTpnuyIGHwyvC/mmh+S/JKYVrAMBYG
+A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQAeDc/k28yb
+I5MLC/LdaA+MKsW2FWF9HT+tsbtltTaQIRnnkwfU/40Ius3gzUU5z+kPqq5+kxhy
+3T646Rbau85Zw24gdNmiVKAAG5ntKoQ7XnyR/06PYyXNGLqnb6aKvbcIPoWtU/+2
+8f5hHdQ/4271aHws7dKcBNWu9V5WmxMZ3YTfnBR5lEda+DhVwHqtmun8EpSbwthD
+aLLIOHJpetr+KWUVFHQdGbO23Qg1Else0Akcn5Gzf/sKkVCVxjHE6jeo4ZwHtstG
+KMoff+ETC+DL5kMZ4CV5VaQ4HxVK7N0qiUxmijWe+EyRZseum1c0s2OEi2L52Q9K
+P4N3yD4ed4p/
 -----END CERTIFICATE-----
--- a/pscc/vars
+++ b/pscc/vars
@@ -1,4 +1,4 @@
-BROKER_ID=test-no-real-data.broker.samply.de
+BROKER_ID=broker.pscc.org
 BROKER_URL=https://${BROKER_ID}
 PROXY_ID=${SITE_ID}.${BROKER_ID}
 FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
--- a/versions/acceptance
+++ b/versions/acceptance
@@ -1,6 +1,6 @@
 FOCUS_TAG=develop
 BEAM_TAG=develop
-BLAZE_TAG=main
+BLAZE_TAG=0.32
 POSTGRES_TAG=15.13-alpine
 TEILER_DASHBOARD_TAG=develop
 MTBA_TAG=develop
--- a/versions/test
+++ b/versions/test
@@ -1,6 +1,6 @@
 FOCUS_TAG=develop
 BEAM_TAG=develop
-BLAZE_TAG=main
+BLAZE_TAG=0.32
 POSTGRES_TAG=15.13-alpine
 TEILER_DASHBOARD_TAG=develop
-MTBA_TAG=develop
+MTBA_TAG=develop
Author	SHA1	Message	Date
Manoj Waikar	fae2f29cef	Changes to make deployed CCE explorer work properly. (#368 ) * Changes to make deployed CCE explorer work properly. In the lens environment section in services: - add PUBLIC_SPOT_URL value	2026-01-28 13:52:38 +01:00
Jan	bfb37e5515	update beam proxy server used for oauth enrollment (#366 )	2026-01-28 13:52:38 +01:00
Enola Knezevic	37a7e971ae	test version blaze (#364 ) This is the one we need urgently	2026-01-28 13:52:38 +01:00
Enola Knezevic	c85339acca	obfuscate BBMRI ERIC way, test blaze version (#363 )	2026-01-28 13:52:38 +01:00
Manoj Waikar	4e0cf29348	Use the cce-explorer:main image from docker hub (instead of ghcr). (#362 )	2026-01-28 13:52:38 +01:00
Pierre Delpy	b1365bd939	feat: migrate pscc to orange cloud broker (#361 )	2026-01-28 13:52:38 +01:00
Manoj Waikar	b726af8907	Use the main image name for cce explorer. (#360 ) - instead of pr1 name	2026-01-28 13:52:38 +01:00
Manoj Waikar	8abec14e0a	Add APP_spot_KEY env var under the beam-proxy section. (#358 )	2026-01-28 13:52:38 +01:00
Niklas Reimer	4dbc84efb5	feat(dnpm): set timezone to Europe/Berlin (#359 )	2026-01-28 13:52:38 +01:00
DavidCroftDKFZ	390f91d722	Directory sync: token login and cron change (#351 ) The Directory team have requested that we allow token login to the Directory, where a user uses LSAAI credentials to obtain a token from the Directory, and then uses this to authenticate Directory sync. This has been implemented via an environment variable, in an analogous way to the already existing username/password method. The default start time for the Directory sync has been shifted to 22:30, to prevent conflicts with the Bridgehead auto-update. Relevant changes have been made to the documentation. Co-authored-by: Torben Brenner <76154651+torbrenner@users.noreply.github.com> Co-authored-by: Jan <59206115+Threated@users.noreply.github.com> Co-authored-by: Martin Lablans <6804500+lablans@users.noreply.github.com>	2026-01-28 13:52:38 +01:00
djuarezgf	92b03a868c	feat: add nNGM project (#340 )	2026-01-28 13:52:38 +01:00
Pierre Delpy	fca56976e6	feat: add PSCC * add pscc and prepare lens2 deployment --------- Co-authored-by: p.delpy@dkfz-heidelberg.de <p.delpy@dkfz-heidelberg.de> Co-authored-by: Jan <59206115+Threated@users.noreply.github.com>	2026-01-28 13:52:38 +01:00
DavidCroftDKFZ	e96b77bb77	Directory sync: inherit host timezone (#354 ) Directory sync needs to be able to launch at specific times of day, and in order to do this in a predictable way, the timezone used inside the Docker container should be the same as the host. To do this, two files need to be mounted from the host. One file contains information about the time zone, the other file contains the file zone name.	2026-01-28 13:52:38 +01:00
djuarezgf	790a90787e	docs: add initial documentation for Samply.Exporter and Samply.Teiler (#350 )	2026-01-28 13:52:38 +01:00
Tim Schumacher	e1bcaaea3d	Update focus tags: no project specific images anymore	2026-01-28 13:52:38 +01:00
Jan	8f2fd1af1f	fix: don't run secret sync for minimal (#349 )	2026-01-28 13:52:38 +01:00
Jan	e440945f34	feat: add bridgehead check command (#342 )	2026-01-28 13:52:38 +01:00
Jan	54d6fec7d1	fix: only pass CQL_PROJECTS_ENABLED to focus if set (#344 )	2026-01-28 13:52:38 +01:00
Jan	313c3f65b3	feat: allow cql queries for exliquid (#343 )	2026-01-28 13:52:38 +01:00
Tim Schumacher	d2df758017	feat: add scout module (#339 )	2026-01-28 13:52:38 +01:00
Jan	6d7659c049	feat(dnpm): change to new `api-gateway` image (#337 )	2026-01-28 13:52:38 +01:00
Jan	50ae129083	chore: add more options to transfair (#325 )	2026-01-28 13:52:37 +01:00
Jan	31c588afc2	fix: adapt to transfair cli changes (#319 )	2026-01-28 13:52:37 +01:00
djuarezgf	e728def9d4	Replace hardcoded image: ...:develop references with version variables (#335 ) * added: Teiler Dashboard Version * added: MTBA Version * added: beam proxy tag version	2026-01-28 13:52:37 +01:00
Paul-Christian Volkmer	f4ed80a00c	docs: Add ghcr.io to URL list (#321 )	2026-01-28 13:52:37 +01:00
Jan	ed5f319d79	fix(dnpm): fix env subsitution (#333 )	2026-01-28 13:52:37 +01:00
djuarezgf	5ce1f6391b	mtba: fallback to keycloak test server pending migration	2026-01-28 13:52:37 +01:00
djuarezgf	3589dede55	feat: migrate PSP to Authentik (#329 )	2026-01-28 13:52:37 +01:00
Jan	893f0332f9	feat(dnpm): allow setting custom dnpm image tag (#326 )	2026-01-28 13:52:37 +01:00
djuarezgf	1b15a31c1b	Fixed: Authentik URL for Opal (#328 ) * Fixed: Authentik URL for Opal * Removed: Unnecessary OIDC config in CCE and BBMRI * KR with basic auth instead of OIDC	2026-01-28 13:52:37 +01:00
djuarezgf	9b3a21b0c3	feat: migrate OIDC Configuration from Keycloak to Authentik (#327 ) * Change: Authentik instead of Keycloak in CCP Co-authored-by: Jan <59206115+Threated@users.noreply.github.com> --------- Co-authored-by: Jan <59206115+Threated@users.noreply.github.com>	2026-01-28 13:52:37 +01:00
Jan	7cfa81d821	feat: remove local rstudio (#322 )	2026-01-28 13:52:37 +01:00
djuarezgf	28fd775ba1	CCE Teiler and Export (#323 ) * Added Exporter to CCE * Add Teiler to CCE * Add EXPORTER_USER to adduser function	2026-01-28 13:52:37 +01:00
Pierre Delpy	145b685d1c	fix: add obfuscation and basic auth to spot in cce and itcc (#324 ) Co-authored-by: p.delpy@dkfz-heidelberg.de <p.delpy@dkfz-heidelberg.de>	2026-01-28 13:52:37 +01:00
djuarezgf	68b599e305	Use relative paths in teiler (#320 )	2026-01-28 13:52:37 +01:00
Tobias Kussel	957514042c	docs: close Exporter code block in readme (#318 )	2026-01-28 13:52:37 +01:00
djuarezgf	99d76e7d08	fix: Create Exporter User only if Exporter is enabled (#317 )	2026-01-28 13:52:37 +01:00
Enola Knezevic	d911698986	chore: update eric.acc.root.crt.pem (#316 )	2026-01-28 13:52:37 +01:00
djuarezgf	949fe02f79	docs: add Teiler and Exporter to the main README.md (#315 ) Co-authored-by: Tobias Kussel <TKussel@users.noreply.github.com>	2026-01-28 13:52:37 +01:00
djuarezgf	b6a14da80b	feat: add Teiler and Exporter in BBMRI (#312 ) Co-authored-by: Jan <59206115+Threated@users.noreply.github.com>	2026-01-28 13:52:37 +01:00
Martin Lablans	b4296349cd	chore: externalize POSTGRES_TAG and bump postgres to 15.13 (#313 )	2026-01-28 13:52:37 +01:00
Tim Schumacher	64a14a0048	Cache public organoid dashboard SQL query (#309 )	2026-01-28 13:52:37 +01:00
DavidCroftDKFZ	3a2fd51bf5	docs: add faq (#288 )	2026-01-28 13:52:37 +01:00
DavidCroftDKFZ	f54ef47f57	docs: Control import from Directory, improve README (#297 )	2026-01-28 13:52:37 +01:00
DavidCroftDKFZ	b7cdacb00b	Added section relating to clearing data from Blaze (#303 )	2026-01-28 13:52:37 +01:00
djuarezgf	4b700f8c34	chore: change some teiler variables (#307 )	2026-01-28 13:52:37 +01:00
djuarezgf	600131862c	fix: add own url to teiler dashboard to make it offline compatible (#305 )	2026-01-28 13:52:37 +01:00
Torben Brenner	97eb50b93f	fix: Ensure transfair can properly communicate with the fhir server for requests (#304 )	2026-01-28 13:52:37 +01:00
Jan	63f402269c	feat: allow transfair to talk to services behind the proxy (#296 )	2026-01-28 13:52:37 +01:00
Jan	95272dd7ac	chore(transfair): update transfair config (#298 )	2026-01-28 13:52:37 +01:00
Martin Lablans	f4b6c9aa84	Code review: Move to /tmp/bridgehead/...	2026-01-28 13:52:37 +01:00
Tim Schumacher	1e027b6952	Use temp directory for secret sync cache	2026-01-28 13:52:37 +01:00
Jan	5d5962ae2d	chore(transfair): add option to disable tls verification (#295 )	2026-01-28 13:52:37 +01:00
Enola Knezevic	689cc68e93	chore: add BBMRI ERIC acceptance env (#294 )	2026-01-28 13:52:37 +01:00
Jan	beba01354d	fix: ssh-tunnel-setup.sh (#293 )	2026-01-28 13:52:37 +01:00
Jan	ce1665050c	feat: ssh tunnel (#292 ) * Added ccp module for a ssh tunnel Usage details under https://github.com/samply/ssh-tunnel * chore: update ssh-tunnel image to harbor * feat: ssh tunnel support diffrent port * chore: fix indentation * chore: move to top level modules * docs: add ssh-tunnel docs --------- Co-authored-by: Tobias Kussel <tobias.kussel@dkfz-heidelberg.de>	2026-01-28 13:52:37 +01:00
Jan	acb7de11e7	chore(transfair): add new gw option (#291 )	2026-01-28 13:52:37 +01:00
Jan	53bee0e5e7	feat: expose transfair via traefik (#290 ) Note: Requires a bridgehead install to generate the basic auth user	2026-01-28 13:52:37 +01:00
Tim Schumacher	e00e371421	Fix GitLab token syncing for BBMRI	2026-01-28 13:52:37 +01:00
janskiba	9d96a2ddb0	feat: add transfair setup to ccp	2026-01-28 13:52:37 +01:00
janskiba	f198e18c70	chore!: update transfair config	2026-01-28 13:52:37 +01:00
Manoj Waikar	82841a6f04	Fix airgapped-blaze-compose.yml file. - BASE_URL & traefik settings	2025-03-25 15:23:16 +01:00
Manoj Waikar	ba6f2c3b11	Modify container name (as it was a duplicate).	2025-03-24 09:50:06 +01:00
Manoj Waikar	39a4231c1f	Add airgapped-blaze-{compose,setup} files in cce modules. - for testing out airgapped-blaze at VHIO	2025-03-21 15:15:03 +01:00