refactor: explicitly set logging - to squash

README.md

@@ -254,8 +254,6 @@ sh bridgehead uninstall
 
 ## Site-specific configuration
 
-[How to Change Config Access Token](docs/update-access-token.md)
-
 ### HTTPS Access
 
 Even within your internal network, the Bridgehead enforces HTTPS for all services. During the installation, a self-signed, long-lived certificate was created for you. To increase security, you can simply replace the files under `/etc/bridgehead/traefik-tls` with ones from established certification authorities such as [Let's Encrypt](https://letsencrypt.org) or [DFN-AAI](https://www.aai.dfn.de).

bbmri/docker-compose.yml

@@ -4,7 +4,7 @@ version: "3.7"
 
 services:
   blaze:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:0.31
+    image: docker.verbis.dkfz.de/cache/samply/blaze:0.28
     container_name: bridgehead-bbmri-blaze
     environment:
       BASE_URL: "http://bridgehead-bbmri-blaze:8080"

cce/docker-compose.yml

@@ -2,7 +2,7 @@ version: "3.7"
 
 services:
   blaze:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:0.31
+    image: docker.verbis.dkfz.de/cache/samply/blaze:0.28
     container_name: bridgehead-cce-blaze
     environment:
       BASE_URL: "http://bridgehead-cce-blaze:8080"

ccp/docker-compose.yml

@@ -2,7 +2,7 @@ version: "3.7"
 
 services:
   blaze:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:0.31
+    image: docker.verbis.dkfz.de/cache/samply/blaze:0.28
     container_name: bridgehead-ccp-blaze
     environment:
       BASE_URL: "http://bridgehead-ccp-blaze:8080"
@@ -11,6 +11,7 @@ services:
       DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP}
       CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32}
       ENFORCE_REFERENTIAL_INTEGRITY: "false"
+      LOG_LEVEL: ${LOG_LEVEL_BLAZE:-WARN}
     volumes:
       - "blaze-data:/app/data"
     labels:
@@ -34,6 +35,7 @@ services:
       EPSILON: 0.28
       QUERIES_TO_CACHE: '/queries_to_cache.conf'
       ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze}
+      RUST_LOG: ${LOG_LEVEL_FOCUS:-WARN}
     volumes:
       - /srv/docker/bridgehead/ccp/queries_to_cache.conf:/queries_to_cache.conf
     depends_on:
@@ -51,6 +53,7 @@ services:
       ALL_PROXY: http://forward_proxy:3128
       TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
       ROOTCERT_FILE: /conf/root.crt.pem
+      RUST_LOG: ${LOG_LEVEL_FOCUS:-WARN}
     secrets:
       - proxy.pem
     depends_on:

ccp/modules/blaze-secondary-compose.yml

@@ -2,7 +2,7 @@ version: "3.7"
 
 services:
   blaze-secondary:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:0.31
+    image: docker.verbis.dkfz.de/cache/samply/blaze:0.28
     container_name: bridgehead-ccp-blaze-secondary
     environment:
       BASE_URL: "http://bridgehead-ccp-blaze-secondary:8080"
@@ -10,6 +10,7 @@ services:
       DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000}
       DB_BLOCK_CACHE_SIZE: $BLAZE_MEMORY_CAP
       ENFORCE_REFERENTIAL_INTEGRITY: "false"
+      LOG_LEVEL: ${LOG_LEVEL_BLAZE:-WARN}
     volumes:
       - "blaze-secondary-data:/app/data"
     labels:

ccp/modules/datashield-compose.yml

@@ -10,6 +10,7 @@ services:
       DISABLE_AUTH: "true" # https://rocker-project.org/images/versioned/rstudio.html#how-to-use
       HTTP_RELATIVE_PATH: "/rstudio"
       ALL_PROXY: "http://forward_proxy:3128" # https://rocker-project.org/use/networking.html
+      LOG_LEVEL: ${LOG_LEVEL_RSTUDIO:-WARN}
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.rstudio_ccp.rule=PathPrefix(`/rstudio`)"
@@ -54,6 +55,7 @@ services:
       BEAM_APP_ID: token-manager.${PROXY_ID}
       BEAM_SECRET: ${TOKEN_MANAGER_SECRET}
       BEAM_DATASHIELD_PROXY: request-manager
+      LOG_LEVEL: ${LOG_LEVEL_OPAL:-WARN}
     volumes:
       - "/var/cache/bridgehead/ccp/opal-metadata-db:/srv" # Opal metadata
     secrets:
@@ -75,6 +77,8 @@ services:
     image: docker.verbis.dkfz.de/ccp/dktk-rserver # datashield/rock-base + dsCCPhos
     tmpfs:
       - /srv
+    environment:
+      LOG_LEVEL: ${LOG_LEVEL_OPAL:-WARN}
 
   beam-connect:
     image: docker.verbis.dkfz.de/cache/samply/beam-connect:develop
@@ -87,6 +91,7 @@ services:
       DISCOVERY_URL: "./map/central.json"
       LOCAL_TARGETS_FILE: "./map/local.json"
       NO_AUTH: "true"
+      RUST_LOG: ${LOG_LEVEL_BEAMCONNECT:-WARN}
     secrets:
       - opal-cert.pem
     depends_on:

ccp/modules/dnpm-compose.yml

@@ -17,7 +17,7 @@ services:
       HTTP_PROXY: "http://forward_proxy:3128"
       HTTPS_PROXY: "http://forward_proxy:3128"
       NO_PROXY: beam-proxy,dnpm-backend,host.docker.internal${DNPM_ADDITIONAL_NO_PROXY}
-      RUST_LOG: ${RUST_LOG:-info}
+      RUST_LOG: ${LOG_LEVEL_BEAMCONNECTDNPM:-WARN}
       NO_AUTH: "true"
       TLS_CA_CERTIFICATES_DIR: ./conf/trusted-ca-certs
     extra_hosts:

ccp/modules/exporter-compose.yml

@@ -6,7 +6,6 @@ services:
     container_name: bridgehead-ccp-exporter
     environment:
       JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"
-      LOG_LEVEL: "INFO"
       EXPORTER_API_KEY: "${EXPORTER_API_KEY}" # Set in exporter-setup.sh
       CROSS_ORIGINS: "https://${HOST}"
       EXPORTER_DB_USER: "exporter"
@@ -16,6 +15,7 @@ services:
       SITE: "${SITE_ID}"
       HTTP_SERVLET_REQUEST_SCHEME: "https"
       OPAL_PASSWORD: "${EXPORTER_OPAL_PASSWORD}"
+      LOG_LEVEL: ${LOG_LEVEL_EXPORTER:-WARN}
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.exporter_ccp.rule=PathPrefix(`/ccp-exporter`)"
@@ -42,7 +42,6 @@ services:
     container_name: bridgehead-ccp-reporter
     environment:
       JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"
-      LOG_LEVEL: "INFO"
       CROSS_ORIGINS: "https://${HOST}"
       HTTP_RELATIVE_PATH: "/ccp-reporter"
       SITE: "${SITE_ID}"
@@ -50,6 +49,7 @@ services:
       EXPORTER_URL: "http://exporter:8092"
       LOG_FHIR_VALIDATION: "false"
       HTTP_SERVLET_REQUEST_SCHEME: "https"
+      LOG_LEVEL: ${LOG_LEVEL_REPORTER:-WARN}
 
     # In this initial development state of the bridgehead, we are trying to have so many volumes as possible.
     # However, in the first executions in the CCP sites, this volume seems to be very important. A report is
@@ -69,4 +69,4 @@ services:
   focus:
     environment:
       EXPORTER_URL: "http://exporter:8092"
-      EXPORTER_API_KEY: "${EXPORTER_API_KEY}"
+      AUTH_HEADER: "${EXPORTER_API_KEY}"

ccp/modules/id-management-compose.yml

@@ -14,6 +14,7 @@ services:
       MAGICPL_CONNECTOR_APIKEY: ${IDMANAGER_READ_APIKEY}
       MAGICPL_CENTRAL_PATIENTLIST_APIKEY: ${IDMANAGER_CENTRAL_PATIENTLIST_APIKEY}
       MAGICPL_CONTROLNUMBERGENERATOR_APIKEY: ${IDMANAGER_CONTROLNUMBERGENERATOR_APIKEY}
+      ML_LOG_LEVEL: ${LOG_LEVEL_IDMANAGER:-WARN}
     depends_on:
       - patientlist
       - traefik-forward-auth
@@ -44,6 +45,8 @@ services:
       - ML_UPLOAD_API_KEY=${IDMANAGER_UPLOAD_APIKEY}
       # Add Variables from /etc/patientlist-id-generators.env
       - PATIENTLIST_SEEDS_TRANSFORMED
+      - ML_LOG_LEVEL=${LOG_LEVEL_PATIENTLIST:-WARN}
+      #TODO confirm LOG_LEVEL
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.patientlist.rule=PathPrefix(`/patientlist`)"
@@ -102,11 +105,11 @@ services:
         condition: service_healthy
 
   ccp-patient-project-identificator:
-    image: docker.verbis.dkfz.de/cache/samply/ccp-patient-project-identificator
+    image: samply/ccp-patient-project-identificator
     container_name: bridgehead-ccp-patient-project-identificator
     environment:
       MAINZELLISTE_APIKEY: ${IDMANAGER_LOCAL_PATIENTLIST_APIKEY}
-      SITE_NAME: ${IDMANAGEMENT_FRIENDLY_ID}
+      SITE_NAME: ${SITE_NAME}
 
 volumes:
   patientlist-db-data:

ccp/modules/mtba-compose.yml

@@ -25,6 +25,7 @@ services:
       OIDC_CLIENT_SECRET: "${OIDC_CLIENT_SECRET}"
       OIDC_REALM: "${OIDC_REALM}"
       OIDC_URL: "${OIDC_URL}"
+      LOG_LEVEL: ${LOG_LEVEL_MTBA:-WARN}
 
     labels:
       - "traefik.enable=true"

ccp/modules/nngm-compose.yml

@@ -12,6 +12,8 @@ services:
       CTS_API_KEY: ${NNGM_CTS_APIKEY}
       CRYPT_KEY: ${NNGM_CRYPTKEY}
       #CTS_MAGICPL_SITE: ${SITE_ID}TODO
+      LOG_LEVEL: ${LOG_LEVEL_NNGM:-WARN}
+    restart: always
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.connector.rule=PathPrefix(`/nngm-connector`)"

ccp/modules/obds2fhir-rest-compose.yml

@@ -10,6 +10,8 @@ services:
       SALT: ${LOCAL_SALT}
       KEEP_INTERNAL_ID: ${KEEP_INTERNAL_ID:-false}
       MAINZELLISTE_URL: ${PATIENTLIST_URL:-http://patientlist:8080/patientlist}
+      LOG_LEVEL: ${LOG_LEVEL_REPORTER:-WARN}
+    restart: always
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.obds2fhir-rest.rule=PathPrefix(`/obds2fhir-rest`) || PathPrefix(`/adt2fhir-rest`)"

ccp/modules/teiler-compose.yml

@@ -17,6 +17,7 @@ services:
       TEILER_DASHBOARD_URL: "https://${HOST}/ccp-teiler-dashboard"
       DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE_LOWER_CASE}"
       HTTP_RELATIVE_PATH: "/ccp-teiler"
+      LOG_LEVEL: ${LOG_LEVEL_TEILER:-WARN}
 
   teiler-dashboard:
     image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop
@@ -47,6 +48,7 @@ services:
       TEILER_ADMIN: "${OIDC_ADMIN_GROUP}"
       REPORTER_DEFAULT_TEMPLATE_ID: "ccp-qb"
       EXPORTER_DEFAULT_TEMPLATE_ID: "ccp"
+      LOG_LEVEL: ${LOG_LEVEL_TEILER:-WARN}
 
 
   teiler-backend:
@@ -60,7 +62,6 @@ services:
       - "traefik.http.middlewares.teiler_backend_ccp_strip.stripprefix.prefixes=/ccp-teiler-backend"
       - "traefik.http.routers.teiler_backend_ccp.middlewares=teiler_backend_ccp_strip"
     environment:
-      LOG_LEVEL: "INFO"
       APPLICATION_PORT: "8085"
       APPLICATION_ADDRESS: "${HOST}"
       DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
@@ -73,6 +74,7 @@ services:
       HTTP_PROXY: "http://forward_proxy:3128"
       ENABLE_MTBA: "${ENABLE_MTBA}"
       ENABLE_DATASHIELD: "${ENABLE_DATASHIELD}"
+      LOG_LEVEL: ${LOG_LEVEL_TEILER:-WARN}
     secrets:
       - ccp.conf
 

dhki/docker-compose.yml

@@ -2,7 +2,7 @@ version: "3.7"
 
 services:
   blaze:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:0.31
+    image: docker.verbis.dkfz.de/cache/samply/blaze:0.28
     container_name: bridgehead-dhki-blaze
     environment:
       BASE_URL: "http://bridgehead-dhki-blaze:8080"

dhki/vars

@@ -17,12 +17,4 @@ do
 done
 
 idManagementSetup
-obds2fhirRestSetup
+obds2fhirRestSetup
-
-for module in modules/*.sh
-do
-    log DEBUG "sourcing $module"
-    source $module
-done
-
-transfairSetup

docs/update-access-token.md

@@ -1,42 +0,0 @@
-## How to Change Config Access Token
-
-### 1. Generate a New Access Token
-
-1. Go to your Git configuration repository provider, it might be either [git.verbis.dkfz.de](https://git.verbis.dkfz.de) or [gitlab.bbmri-eric.eu](https://gitlab.bbmri-eric.eu).  
-2. Navigate to the configuration repository for your site.  
-3. Go to **Settings → Access Tokens** to check if your Access Token is valid or expired.  
-   - **If expired**, create a new Access Token.  
-4. Configure the new Access Token with the following settings:  
-   - **Expiration date**: One year from today, minus one day.  
-   - **Role**: Developer.  
-   - **Scope**: Only `read_repository`.  
-5. Save the newly generated Access Token in a secure location.  
-
----
-
-### 2. Replace the Old Access Token
-
-1. Navigate to `/etc/bridgehead` in your system.  
-2. Run the following command to retrieve the current Git remote URL:  
-   ```bash
-   git remote get-url origin
-   ```
-   Example output:  
-   ```
-   https://name40dkfz-heidelberg.de:<old_access_token>@git.verbis.dkfz.de/bbmri-bridgehead-configs/test.git
-   ```
-3. Replace `<old_access_token>` with your new Access Token in the URL.  
-4. Set the updated URL using the following command:  
-   ```bash
-   git remote set-url origin https://name40dkfz-heidelberg.de:<new_access_token>@git.verbis.dkfz.de/bbmri-bridgehead-configs/test.git
-   
-   ```
-
-5. Start the Bridgehead update service by running:  
-   ```bash
-   systemctl start bridgehead-update@<project>
-   ```
-6. View the output to ensure the update process is successful:  
-   ```bash
-   journalctl -u bridgehead-update@<project> -f
-   ```

itcc/docker-compose.yml

@@ -2,7 +2,7 @@ version: "3.7"
 
 services:
   blaze:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:0.31
+    image: docker.verbis.dkfz.de/cache/samply/blaze:0.28
     container_name: bridgehead-itcc-blaze
     environment:
       BASE_URL: "http://bridgehead-itcc-blaze:8080"

kr/docker-compose.yml

@@ -6,7 +6,7 @@ services:
       replicas: 0 #deactivate landing page
 
   blaze:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:0.31
+    image: docker.verbis.dkfz.de/cache/samply/blaze:0.28
     container_name: bridgehead-kr-blaze
     environment:
       BASE_URL: "http://bridgehead-kr-blaze:8080"

kr/modules/obds2fhir-rest-compose.yml

@@ -10,6 +10,7 @@ services:
       SALT: ${LOCAL_SALT}
       KEEP_INTERNAL_ID: ${KEEP_INTERNAL_ID:-false}
       MAINZELLISTE_URL: ${PATIENTLIST_URL:-http://patientlist:8080/patientlist}
+    restart: always
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.obds2fhir-rest.rule=PathPrefix(`/obds2fhir-rest`) || PathPrefix(`/adt2fhir-rest`)"

lib/update-bridgehead.sh

@@ -58,8 +58,7 @@ for DIR in /etc/bridgehead $(pwd); do
     OUT=$(retry 5 git -c http.proxy=$HTTPS_PROXY_FULL_URL -c https.proxy=$HTTPS_PROXY_FULL_URL -C $DIR fetch 2>&1 && retry 5 git -c http.proxy=$HTTPS_PROXY_FULL_URL -c https.proxy=$HTTPS_PROXY_FULL_URL -C $DIR pull 2>&1)
   fi
   if [ $? -ne 0 ]; then
-    OUT_SAN=$(echo $OUT | sed -E 's|://[^:]+:[^@]+@|://credentials@|g')
+    report_error log "Unable to update git $DIR: $OUT"
-    report_error log "Unable to update git $DIR: $OUT_SAN"
   fi
 
   new_git_hash="$(git -C $DIR rev-parse --verify HEAD)"

minimal/modules/nngm-compose.yml

@@ -11,6 +11,7 @@ services:
       CTS_API_KEY: ${NNGM_CTS_APIKEY}
       CRYPT_KEY: ${NNGM_CRYPTKEY}
       #CTS_MAGICPL_SITE: ${SITE_ID}TODO
+    restart: always
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.connector.rule=PathPrefix(`/nngm-connector`)"

modules/transfair-compose.yml

@@ -1,51 +0,0 @@
-
-services:
-  transfair:
-    image: docker.verbis.dkfz.de/cache/samply/transfair:latest
-    container_name: bridgehead-transfair
-    environment:
-      # NOTE: Those 3 variables need only to be passed if their set, otherwise transfair will complain about empty url values
-      - INSTITUTE_TTP_URL
-      - INSTITUTE_TTP_API_KEY
-      - PROJECT_ID_SYSTEM
-      - FHIR_REQUEST_URL=${FHIR_REQUEST_URL}
-      - FHIR_INPUT_URL=${FHIR_INPUT_URL}
-      - FHIR_OUTPUT_URL=${FHIR_OUTPUT_URL:-http://blaze:8080}
-      - FHIR_REQUEST_CREDENTIALS=${FHIR_REQUEST_CREDENTIALS}
-      - FHIR_INPUT_CREDENTIALS=${FHIR_INPUT_CREDENTIALS}
-      - FHIR_OUTPUT_CREDENTIALS=${FHIR_OUTPUT_CREDENTIALS}
-      - EXCHANGE_ID_SYSTEM=${EXCHANGE_ID_SYSTEM:-SESSION_ID}
-      - DATABASE_URL=sqlite://transfair/data_requests.sql?mode=rwc
-      - RUST_LOG=${RUST_LOG:-info}
-    volumes:
-      - /var/cache/bridgehead/${PROJECT}/transfair:/transfair
-
-  transfair-input-blaze:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:0.28
-    container_name: bridgehead-transfair-input-blaze
-    environment:
-      BASE_URL: "http://bridgehead-transfair-input-blaze:8080"
-      JAVA_TOOL_OPTIONS: "-Xmx1024m"
-      DB_BLOCK_CACHE_SIZE: 1024
-      CQL_EXPR_CACHE_SIZE: 8
-      ENFORCE_REFERENTIAL_INTEGRITY: "false"
-    volumes:
-      - "transfair-input-blaze-data:/app/data"
-    profiles: ["transfair-input-blaze"]
-
-  transfair-request-blaze:
-    image: docker.verbis.dkfz.de/cache/samply/blaze:0.28
-    container_name: bridgehead-transfair-requests-blaze
-    environment:
-      BASE_URL: "http://bridgehead-transfair-requests-blaze:8080"
-      JAVA_TOOL_OPTIONS: "-Xmx1024m"
-      DB_BLOCK_CACHE_SIZE: 1024
-      CQL_EXPR_CACHE_SIZE: 8
-      ENFORCE_REFERENTIAL_INTEGRITY: "false"
-    volumes:
-      - "transfair-request-blaze-data:/app/data"
-    profiles: ["transfair-request-blaze"]
-
-volumes:
-  transfair-input-blaze-data:
-  transfair-request-blaze-data:

modules/transfair-setup.sh

@@ -1,22 +0,0 @@
-#!/bin/bash -e
-
-function transfairSetup() {
-    if [[ -n "$INSTITUTE_TTP_URL" || -n "$EXCHANGE_ID_SYSTEM" ]]; then
-        echo "Starting transfair."
-	    OVERRIDE+=" -f ./modules/transfair-compose.yml"
-	    if [ -n "$FHIR_INPUT_URL" ]; then
-		    log INFO "TransFAIR input fhir store set to external $FHIR_INPUT_URL"
-	    else
-		    log INFO "TransFAIR input fhir store not set writing to internal blaze"
-		    FHIR_INPUT_URL="http://transfair-input-blaze:8080"
-		    OVERRIDE+=" --profile transfair-input-blaze"
-	    fi
-	    if [ -n "$FHIR_REQUEST_URL" ]; then
-		    log INFO "TransFAIR request fhir store set to external $FHIR_REQUEST_URL"
-	    else
-		    log INFO "TransFAIR request fhir store not set writing to internal blaze"
-		    FHIR_REQUEST_URL="http://transfair-requests-blaze:8080"
-		    OVERRIDE+=" --profile transfair-request-blaze"
-	    fi
-    fi
-}