Added root cert

Fixed beam proxy var url

bbmri/docker-compose.yml

@@ -54,7 +54,7 @@ services:
       SITE_NAME: ${SITE_NAME}
 
   blaze:
-    image: "samply/blaze:0.18"
+    image: "samply/blaze:0.19"
     container_name: bridgehead-bbmri-blaze
     environment:
       BASE_URL: "http://bridgehead-bbmri-blaze:8080"

bridgehead

@@ -32,6 +32,9 @@ case "$PROJECT" in
 	bbmri)
 		#nothing extra to do
 		;;
+	snap)
+		#nothing extra to do
+		;;
 	*)
 		printUsage
 		exit 1

ccp/docker-compose.yml

@@ -54,7 +54,7 @@ services:
       SITE_NAME: ${SITE_NAME}
 
   blaze:
-    image: "samply/blaze:0.18"
+    image: "samply/blaze:0.19"
     container_name: bridgehead-ccp-blaze
     environment:
       BASE_URL: "http://bridgehead-ccp-blaze:8080"

ccp/exliquid-compose.yml

@@ -0,0 +1,34 @@
+version: "3.7"
+
+services:
+  exliquid-task-store:
+    image: "samply/blaze:0.19"
+    container_name: bridgehead-exliquid-task-store
+    environment:
+      BASE_URL: "http://bridgehead-exliquid-task-store:8080"
+      JAVA_TOOL_OPTIONS: "-Xmx1g"
+    volumes:
+    - "exliquid-task-store-data:/app/data"
+    labels:
+      - "traefik.enable=false"
+
+  exliquid-report-hub:
+    image: "samply/report-hub:latest"
+    container_name: bridgehead-exliquid-report-hub
+    environment:
+      SPRING_WEBFLUX_BASE_PATH: "/exliquid"
+      JAVA_TOOL_OPTIONS: "-Xmx1g"
+      APP_BEAM_APPID: "report-hub.${PROXY_ID}"
+      APP_BEAM_SECRET: ${REPORTHUB_BEAM_SECRET_SHORT}
+      APP_BEAM_PROXY_BASEURL: http://beam-proxy:8081
+      APP_TASKSTORE_BASEURL: "http://bridgehead-exliquid-task-store:8080/fhir"
+      APP_DATASTORE_BASEURL:  http://bridgehead-ccp-blaze:8080/fhir
+    restart: always
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.report-ccp.rule=PathPrefix(`/exliquid`)"
+      - "traefik.http.services.report-ccp.loadbalancer.server.port=8080"
+      - "traefik.http.routers.report-ccp.tls=true"
+
+volumes:
+  exliquid-task-store-data:

ccp/exliquid-setup.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+function exliquidSetup() {
+	case ${SITE_ID} in
+		berlin|dresden|essen|frankfurt|freiburg|luebeck|mainz|muenchen-lmu|muenchen-tu|mannheim|tuebingen)
+			EXLIQUID=1
+			;;
+		dktk-test)
+			EXLIQUID=1
+			;;
+		*)
+			EXLIQUID=0
+			;;
+	esac
+	if [[ $EXLIQUID -eq 1 ]]; then
+		log INFO "EXLIQUID setup detected -- will start Report-Hub."
+		OVERRIDE+=" -f ./$PROJECT/exliquid-compose.yml"
+	fi
+}

ccp/vars

@@ -11,3 +11,5 @@ PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
 # This will load nngm setup. Effective only if nngm configuration is defined.
 source $PROJECT/nngm-setup.sh
 nngmSetup
+source $PROJECT/exliquid-setup.sh
+exliquidSetup

lib/prepare-system.sh

@@ -36,6 +36,9 @@ case "$PROJECT" in
 	bbmri)
 		site_configuration_repository_middle="git.verbis.dkfz.de/bbmri-bridgehead-configs/"
 		;;
+	snap)
+		site_configuration_repository_middle="git.verbis.dkfz.de/bridgehead-configurations/bridgehead-config-"
+		;;
 	*)
 		log ERROR "Internal error, this should not happen."
         exit 1

lib/update-bridgehead.sh

@@ -38,7 +38,6 @@ for DIR in /etc/bridgehead $(pwd); do
   log "INFO" "Checking for updates to git repo $DIR ..."
   OUT="$(git -C $DIR status --porcelain)"
   if [ -n "$OUT" ]; then
-    log WARN "The working directory $DIR is modified. Changed files: $OUT"
     report_error log "The working directory $DIR is modified. Changed files: $OUT"
   fi
   if [ "$(git -C $DIR config --get credential.helper)" != "$CREDHELPER" ]; then

snap/docker-compose.yml

@@ -0,0 +1,83 @@
+version: "3.7"
+
+services:
+  traefik:
+    container_name: bridgehead-traefik
+    image: traefik:latest
+    command:
+      - --entrypoints.web.address=:80
+      - --entrypoints.websecure.address=:443
+      - --providers.docker=true
+      - --providers.docker.exposedbydefault=false
+      - --providers.file.directory=/configuration/
+      - --api.dashboard=true
+      - --accesslog=true
+      - --entrypoints.web.http.redirections.entrypoint.to=websecure
+      - --entrypoints.web.http.redirections.entrypoint.scheme=https
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
+      - "traefik.http.routers.dashboard.entrypoints=websecure"
+      - "traefik.http.routers.dashboard.service=api@internal"
+      - "traefik.http.routers.dashboard.tls=true"
+      - "traefik.http.routers.dashboard.middlewares=auth"
+      - "traefik.http.middlewares.auth.basicauth.users=${LDM_LOGIN}"
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - /etc/bridgehead/traefik-tls:/certs:ro
+      - ../lib/traefik-configuration/:/configuration:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+
+  forward_proxy:
+    container_name: bridgehead-forward-proxy
+    image: samply/bridgehead-forward-proxy:latest
+    environment:
+      HTTPS_PROXY: ${HTTPS_PROXY_URL}
+      USERNAME: ${HTTPS_PROXY_USERNAME}
+      PASSWORD: ${HTTPS_PROXY_PASSWORD}
+    volumes:
+      - /etc/bridgehead/trusted-ca-certs:/docker/custom-certs/:ro
+
+  spot:
+    image: docker.verbis.dkfz.de/ccp-private/aql-local-spot
+    container_name: bridgehead-spot
+    environment:
+      SECRET: ${SPOT_BEAM_SECRET_LONG}
+      APPID: spot
+      PROXY_ID: ${PROXY_ID}
+      LDM_URL: ${LDM_URL}
+      AUTH_USER: ${AUTH_USER}
+      AUTH_PW: ${AUTH_PW}
+      BEAM_PROXY: http://beam-proxy:8081
+    depends_on:
+      - "beam-proxy"
+
+  beam-proxy:
+    image: "samply/beam-proxy:develop"
+    container_name: bridgehead-beam-proxy
+    environment:
+      BROKER_URL: ${BROKER_URL}
+      PROXY_ID: ${PROXY_ID}
+      APP_0_ID: snap
+      APP_0_KEY: ${SPOT_BEAM_SECRET_SHORT}
+      PRIVKEY_FILE: /run/secrets/proxy.pem
+      ALL_PROXY: http://forward_proxy:3128
+      TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
+      ROOTCERT_FILE: /conf/root.crt.pem
+    secrets:
+      - proxy.pem
+    depends_on:
+      - "forward_proxy"
+    volumes:
+      - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
+      - ./root.crt.pem:/conf/root.crt.pem:ro
+
+
+volumes:
+  blaze-data:
+
+secrets:
+  proxy.pem:
+    file: /etc/bridgehead/pki/${SITE_ID}.priv.pem

snap/root.crt.pem

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIUMeGRSrNPhRdQ1tU7uK5+lUa4f38wDQYJKoZIhvcNAQEL
+BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjIwOTI5MTQxMjU1WhcNMzIw
+OTI2MTQxMzI1WjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAMYyroOUeb27mYzClOrjCmgIceLalsFA0aVCh5mZ
+KtP8+1U3oq/7exP30gXiJojxW7xoerfyQY9s0Sz5YYbxYbuskFOYEtyAILB/pxgd
++k+J3tlZKolpfmo7WT5tZiHxH/zjrtAYGnuB2xPHRMCWh/tHYrELgXQuilNol24y
+GBa1plTlARy0aKEDUHp87WLhD2qH7B8sFlLgo0+gunE1UtR2HMSPF45w3VXszyG6
+fJNrAj0yPnKy3Dm1BMO3jDO2e0A9lCQ71a4j4TeKePfCk1xCArSu6PpiwiacKplF
+c6CRR6KrWVm2g+8Y2hFcOBG/Py2xusm3PWbpylGq6vtFRkkCAwEAAaN7MHkwDgYD
+VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEFxD6BQwQO5
+xsJ+3cvZypsnh6dDMB8GA1UdIwQYMBaAFEFxD6BQwQO5xsJ+3cvZypsnh6dDMBYG
+A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQB5zTeIhV/3
+3Am6O144EFtnIeaZ2w0D6aEHqHAZp50vJv3+uQfOliCOzgw7VDxI4Zz2JALjlR/i
+uOYHsu3YIRMIOmPOjqrdDJa6auB0ufL4oUPfCRln7Fh0f3JVlz3BUoHsSDt949p4
+g0nnsciL2JHuzlqjn7Jyt3L7dAHrlFKulCcuidG5D3cqXrRCbF83f+k3TC/HRiNd
+25oMi7I4MP/SOCdfQGUGIsHIf/0hSm3pNjDOrC/XuI/8gh2f5io+Y8V+hMwMBcm4
+JbH8bdyBB+EIhsNbTwf2MWntD5bmg47sf7hh23aNvKXI67Li1pTI2t1CqiGnFR0U
+fCEpeaEAHs0k
+-----END CERTIFICATE-----

snap/vars

@@ -0,0 +1,9 @@
+BROKER_ID=broker.dev.ccp-it.dktk.dkfz.de
+BROKER_URL=https://${BROKER_ID}
+PROXY_ID=${SITE_ID}.${BROKER_ID}
+SPOT_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
+SPOT_BEAM_SECRET_LONG="ApiKey spot.${PROXY_ID} ${SPOT_BEAM_SECRET_SHORT}"
+REPORTHUB_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
+REPORTHUB_BEAM_SECRET_LONG="ApiKey report-hub.${PROXY_ID} ${REPORTHUB_BEAM_SECRET_SHORT}"
+SUPPORT_EMAIL=support-ccp@dkfz-heidelberg.de
+PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem