mirror of
https://github.com/samply/bridgehead.git
synced 2025-09-11 10:21:23 +02:00
Compare commits
4 Commits
feature/ad
...
feat/selin
| Author | SHA1 | Date | |
|---|---|---|---|
|
add8886849 | ||
|
078c16e8dd | ||
|
98e0512a61 | ||
|
|
c530b55aa4 |
@@ -85,8 +85,6 @@ The following URLs need to be accessible (prefix with `https://`):
|
||||
* hub.docker.com
|
||||
* registry-1.docker.io
|
||||
* production.cloudflare.docker.com
|
||||
* GitHub Container Registry - (for use of DNPM:DIP)
|
||||
* ghcr.io
|
||||
* To report bridgeheads operational status
|
||||
* healthchecks.verbis.dkfz.de
|
||||
* only for DKTK/CCP
|
||||
@@ -97,7 +95,7 @@ The following URLs need to be accessible (prefix with `https://`):
|
||||
* only for German Biobank Node
|
||||
* broker.bbmri.de
|
||||
|
||||
> 📝 This URL list is subject to change. Instead of the individual names, we highly recommend whitelisting wildcard domains: *.dkfz.de, github.com, *.docker.com, *.docker.io, *.ghcr.io, *.samply.de, *.bbmri.de.
|
||||
> 📝 This URL list is subject to change. Instead of the individual names, we highly recommend whitelisting wildcard domains: *.dkfz.de, github.com, *.docker.com, *.docker.io, *.samply.de, *.bbmri.de.
|
||||
|
||||
> 📝 Ubuntu's pre-installed uncomplicated firewall (ufw) is known to conflict with Docker, more info [here](https://github.com/chaifeng/ufw-docker).
|
||||
|
||||
|
||||
@@ -26,7 +26,3 @@ services:
|
||||
volumes:
|
||||
blaze-data:
|
||||
|
||||
# used in modules *-locator.yml
|
||||
secrets:
|
||||
proxy.pem:
|
||||
file: /etc/bridgehead/pki/${SITE_ID}.priv.pem
|
||||
|
||||
@@ -26,11 +26,11 @@ services:
|
||||
ALL_PROXY: http://forward_proxy:3128
|
||||
TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
|
||||
ROOTCERT_FILE: /conf/root.crt.pem
|
||||
secrets:
|
||||
- proxy.pem
|
||||
depends_on:
|
||||
- "forward_proxy"
|
||||
volumes:
|
||||
- /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
|
||||
- /srv/docker/bridgehead/bbmri/modules/${ERIC_ROOT_CERT}.root.crt.pem:/conf/root.crt.pem:ro
|
||||
- /srv/docker/bridgehead/bbmri/modules/${ERIC_ROOT_CERT}.root.crt.pem:/conf/root.crt.pem:ro,Z
|
||||
# secrets don't seem to allow us to specify Z
|
||||
- /etc/bridgehead/pki/${SITE_ID}.priv.pem:/run/secrets/proxy.pem:ro
|
||||
|
||||
|
||||
@@ -36,7 +36,7 @@ services:
|
||||
- "traefik.http.middlewares.exporter_auth.basicauth.users=${EXPORTER_USER}"
|
||||
|
||||
volumes:
|
||||
- "/var/cache/bridgehead/bbmri/exporter-files:/app/exporter-files/output"
|
||||
- "/var/cache/bridgehead/bbmri/exporter-files:/app/exporter-files/output:z"
|
||||
|
||||
exporter-db:
|
||||
image: docker.verbis.dkfz.de/cache/postgres:${POSTGRES_TAG}
|
||||
@@ -47,7 +47,7 @@ services:
|
||||
POSTGRES_DB: "exporter"
|
||||
volumes:
|
||||
# Consider removing this volume once we find a solution to save Lens-queries to be executed in the explorer.
|
||||
- "/var/cache/bridgehead/bbmri/exporter-db:/var/lib/postgresql/data"
|
||||
- "/var/cache/bridgehead/bbmri/exporter-db:/var/lib/postgresql/data:Z"
|
||||
|
||||
reporter:
|
||||
image: docker.verbis.dkfz.de/ccp/dktk-reporter:latest
|
||||
@@ -69,7 +69,7 @@ services:
|
||||
# There is a risk that the bridgehead restarts, losing the already created export.
|
||||
|
||||
volumes:
|
||||
- "/var/cache/bridgehead/bbmri/reporter-files:/app/reports"
|
||||
- "/var/cache/bridgehead/bbmri/reporter-files:/app/reports:z"
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.reporter_bbmri.rule=PathPrefix(`/bbmri-reporter`)"
|
||||
|
||||
@@ -26,11 +26,11 @@ services:
|
||||
ALL_PROXY: http://forward_proxy:3128
|
||||
TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
|
||||
ROOTCERT_FILE: /conf/root.crt.pem
|
||||
secrets:
|
||||
- proxy.pem
|
||||
depends_on:
|
||||
- "forward_proxy"
|
||||
volumes:
|
||||
- /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
|
||||
- /srv/docker/bridgehead/bbmri/modules/${GBN_ROOT_CERT}.root.crt.pem:/conf/root.crt.pem:ro
|
||||
- /srv/docker/bridgehead/bbmri/modules/${GBN_ROOT_CERT}.root.crt.pem:/conf/root.crt.pem:ro,Z
|
||||
# secrets don't seem to allow us to specify Z
|
||||
- /etc/bridgehead/pki/${SITE_ID}.priv.pem:/run/secrets/proxy.pem:ro
|
||||
|
||||
|
||||
@@ -19,7 +19,7 @@ services:
|
||||
HTTP_RELATIVE_PATH: "/bbmri-teiler"
|
||||
|
||||
teiler-dashboard:
|
||||
image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:${TEILER_DASHBOARD_TAG}
|
||||
image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop
|
||||
container_name: bridgehead-teiler-dashboard
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
@@ -32,6 +32,9 @@ services:
|
||||
DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
|
||||
TEILER_BACKEND_URL: "/bbmri-teiler-backend"
|
||||
TEILER_DASHBOARD_URL: "/bbmri-teiler-dashboard"
|
||||
OIDC_URL: "${OIDC_URL}"
|
||||
OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}"
|
||||
OIDC_TOKEN_GROUP: "${OIDC_GROUP_CLAIM}"
|
||||
TEILER_ADMIN_NAME: "${OPERATOR_FIRST_NAME} ${OPERATOR_LAST_NAME}"
|
||||
TEILER_ADMIN_EMAIL: "${OPERATOR_EMAIL}"
|
||||
TEILER_ADMIN_PHONE: "${OPERATOR_PHONE}"
|
||||
@@ -39,6 +42,8 @@ services:
|
||||
EXPORTER_API_KEY: "${EXPORTER_API_KEY}"
|
||||
TEILER_ORCHESTRATOR_URL: "/bbmri-teiler"
|
||||
TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/bbmri-teiler"
|
||||
TEILER_USER: "${OIDC_USER_GROUP}"
|
||||
TEILER_ADMIN: "${OIDC_ADMIN_GROUP}"
|
||||
REPORTER_DEFAULT_TEMPLATE_ID: "bbmri-qb"
|
||||
EXPORTER_DEFAULT_TEMPLATE_ID: "bbmri"
|
||||
|
||||
|
||||
@@ -35,9 +35,6 @@ case "$PROJECT" in
|
||||
cce)
|
||||
#nothing extra to do
|
||||
;;
|
||||
pscc)
|
||||
#nothing extra to do
|
||||
;;
|
||||
itcc)
|
||||
#nothing extra to do
|
||||
;;
|
||||
|
||||
@@ -35,7 +35,7 @@ services:
|
||||
QUERIES_TO_CACHE: '/queries_to_cache.conf'
|
||||
ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze}
|
||||
volumes:
|
||||
- /srv/docker/bridgehead/cce/queries_to_cache.conf:/queries_to_cache.conf:ro
|
||||
- /srv/docker/bridgehead/cce/queries_to_cache.conf:/queries_to_cache.conf:ro,Z
|
||||
depends_on:
|
||||
- "beam-proxy"
|
||||
- "blaze"
|
||||
@@ -57,12 +57,10 @@ services:
|
||||
- "forward_proxy"
|
||||
volumes:
|
||||
- /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
|
||||
- /srv/docker/bridgehead/cce/root.crt.pem:/conf/root.crt.pem:ro
|
||||
- /srv/docker/bridgehead/cce/root.crt.pem:/conf/root.crt.pem:ro,Z
|
||||
# secrets don't seem to allow us to specify Z
|
||||
- /etc/bridgehead/pki/${SITE_ID}.priv.pem:/run/secrets/proxy.pem:ro
|
||||
|
||||
|
||||
volumes:
|
||||
blaze-data:
|
||||
|
||||
secrets:
|
||||
proxy.pem:
|
||||
file: /etc/bridgehead/pki/${SITE_ID}.priv.pem
|
||||
|
||||
@@ -37,7 +37,7 @@ services:
|
||||
- "traefik.http.middlewares.exporter_auth.basicauth.users=${EXPORTER_USER}"
|
||||
|
||||
volumes:
|
||||
- "/var/cache/bridgehead/cce/exporter-files:/app/exporter-files/output"
|
||||
- "/var/cache/bridgehead/cce/exporter-files:/app/exporter-files/output:z"
|
||||
|
||||
exporter-db:
|
||||
image: docker.verbis.dkfz.de/cache/postgres:${POSTGRES_TAG}
|
||||
@@ -48,7 +48,7 @@ services:
|
||||
POSTGRES_DB: "exporter"
|
||||
volumes:
|
||||
# Consider removing this volume once we find a solution to save Lens-queries to be executed in the explorer.
|
||||
- "/var/cache/bridgehead/cce/exporter-db:/var/lib/postgresql/data"
|
||||
- "/var/cache/bridgehead/cce/exporter-db:/var/lib/postgresql/data:Z"
|
||||
|
||||
reporter:
|
||||
image: docker.verbis.dkfz.de/ccp/dktk-reporter:latest
|
||||
@@ -70,7 +70,7 @@ services:
|
||||
# There is a risk that the bridgehead restarts, losing the already created export.
|
||||
|
||||
volumes:
|
||||
- "/var/cache/bridgehead/cce/reporter-files:/app/reports"
|
||||
- "/var/cache/bridgehead/cce/reporter-files:/app/reports:z"
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.reporter_cce.rule=PathPrefix(`/cce-reporter`)"
|
||||
|
||||
@@ -19,7 +19,7 @@ services:
|
||||
HTTP_RELATIVE_PATH: "/cce-teiler"
|
||||
|
||||
teiler-dashboard:
|
||||
image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:${TEILER_DASHBOARD_TAG}
|
||||
image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop
|
||||
container_name: bridgehead-teiler-dashboard
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
@@ -32,6 +32,9 @@ services:
|
||||
DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
|
||||
TEILER_BACKEND_URL: "/cce-teiler-backend"
|
||||
TEILER_DASHBOARD_URL: "/cce-teiler-dashboard"
|
||||
OIDC_URL: "${OIDC_URL}"
|
||||
OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}"
|
||||
OIDC_TOKEN_GROUP: "${OIDC_GROUP_CLAIM}"
|
||||
TEILER_ADMIN_NAME: "${OPERATOR_FIRST_NAME} ${OPERATOR_LAST_NAME}"
|
||||
TEILER_ADMIN_EMAIL: "${OPERATOR_EMAIL}"
|
||||
TEILER_ADMIN_PHONE: "${OPERATOR_PHONE}"
|
||||
@@ -39,6 +42,8 @@ services:
|
||||
EXPORTER_API_KEY: "${EXPORTER_API_KEY}"
|
||||
TEILER_ORCHESTRATOR_URL: "/cce-teiler"
|
||||
TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/cce-teiler"
|
||||
TEILER_USER: "${OIDC_USER_GROUP}"
|
||||
TEILER_ADMIN: "${OIDC_ADMIN_GROUP}"
|
||||
REPORTER_DEFAULT_TEMPLATE_ID: "cce-qb"
|
||||
EXPORTER_DEFAULT_TEMPLATE_ID: "cce"
|
||||
|
||||
|
||||
@@ -35,7 +35,7 @@ services:
|
||||
QUERIES_TO_CACHE: '/queries_to_cache.conf'
|
||||
ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze}
|
||||
volumes:
|
||||
- /srv/docker/bridgehead/ccp/queries_to_cache.conf:/queries_to_cache.conf:ro
|
||||
- /srv/docker/bridgehead/ccp/queries_to_cache.conf:/queries_to_cache.conf:ro,Z
|
||||
depends_on:
|
||||
- "beam-proxy"
|
||||
- "blaze"
|
||||
@@ -57,11 +57,9 @@ services:
|
||||
- "forward_proxy"
|
||||
volumes:
|
||||
- /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
|
||||
- /srv/docker/bridgehead/ccp/root.crt.pem:/conf/root.crt.pem:ro
|
||||
- /srv/docker/bridgehead/ccp/root.crt.pem:/conf/root.crt.pem:ro,Z
|
||||
# secrets don't seem to allow us to specify Z
|
||||
- /etc/bridgehead/pki/${SITE_ID}.priv.pem:/run/secrets/proxy.pem:ro
|
||||
|
||||
volumes:
|
||||
blaze-data:
|
||||
|
||||
secrets:
|
||||
proxy.pem:
|
||||
file: /etc/bridgehead/pki/${SITE_ID}.priv.pem
|
||||
|
||||
@@ -25,7 +25,7 @@ services:
|
||||
APP_CONTEXT_PATH: "/opal"
|
||||
OPAL_PRIVATE_KEY: "/run/secrets/opal-key.pem"
|
||||
OPAL_CERTIFICATE: "/run/secrets/opal-cert.pem"
|
||||
OIDC_URL: "${OIDC_PRIVATE_URL}"
|
||||
OIDC_URL: "${OIDC_URL}"
|
||||
OIDC_CLIENT_ID: "${OIDC_PRIVATE_CLIENT_ID}"
|
||||
OIDC_CLIENT_SECRET: "${OIDC_CLIENT_SECRET}"
|
||||
OIDC_ADMIN_GROUP: "${OIDC_ADMIN_GROUP}"
|
||||
@@ -35,10 +35,10 @@ services:
|
||||
BEAM_SECRET: ${TOKEN_MANAGER_SECRET}
|
||||
BEAM_DATASHIELD_PROXY: request-manager
|
||||
volumes:
|
||||
- "/var/cache/bridgehead/ccp/opal-metadata-db:/srv" # Opal metadata
|
||||
secrets:
|
||||
- opal-cert.pem
|
||||
- opal-key.pem
|
||||
- "/var/cache/bridgehead/ccp/opal-metadata-db:/srv:Z" # Opal metadata
|
||||
# secrets don't seem to allow us to specify Z/z
|
||||
- /tmp/bridgehead/opal-cert.pem:/run/secrets/opal-cert.pem:z
|
||||
- /tmp/bridgehead/opal-key.pem:/run/secrets/opal-key.pem:Z
|
||||
|
||||
opal-db:
|
||||
container_name: bridgehead-opal-db
|
||||
@@ -48,7 +48,7 @@ services:
|
||||
POSTGRES_USER: "opal"
|
||||
POSTGRES_DB: "opal"
|
||||
volumes:
|
||||
- "/var/cache/bridgehead/ccp/opal-db:/var/lib/postgresql/data" # Opal project data (imported from exporter)
|
||||
- "/var/cache/bridgehead/ccp/opal-db:/var/lib/postgresql/data:Z" # Opal project data (imported from exporter)
|
||||
|
||||
opal-rserver:
|
||||
container_name: bridgehead-opal-rserver
|
||||
@@ -67,20 +67,14 @@ services:
|
||||
DISCOVERY_URL: "./map/central.json"
|
||||
LOCAL_TARGETS_FILE: "./map/local.json"
|
||||
NO_AUTH: "true"
|
||||
secrets:
|
||||
- opal-cert.pem
|
||||
depends_on:
|
||||
- beam-proxy
|
||||
volumes:
|
||||
- /tmp/bridgehead/opal-map/:/map/:ro
|
||||
- /tmp/bridgehead/opal-map/:/map/:ro,Z
|
||||
# secrets don't seem to allow us to specify Z/z
|
||||
- /tmp/bridgehead/opal-cert.pem:/run/secrets/opal-cert.pem:z
|
||||
|
||||
beam-proxy:
|
||||
environment:
|
||||
APP_datashield-connect_KEY: ${DATASHIELD_CONNECT_SECRET}
|
||||
APP_token-manager_KEY: ${TOKEN_MANAGER_SECRET}
|
||||
|
||||
secrets:
|
||||
opal-cert.pem:
|
||||
file: /tmp/bridgehead/opal-cert.pem
|
||||
opal-key.pem:
|
||||
file: /tmp/bridgehead/opal-key.pem
|
||||
|
||||
@@ -25,7 +25,7 @@ services:
|
||||
volumes:
|
||||
- /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
|
||||
- /etc/bridgehead/dnpm/local_targets.json:/conf/connect_targets.json:ro
|
||||
- /srv/docker/bridgehead/minimal/modules/dnpm-central-targets.json:/conf/central_targets.json:ro
|
||||
- /srv/docker/bridgehead/minimal/modules/dnpm-central-targets.json:/conf/central_targets.json:ro,Z
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.dnpm-connect.rule=PathPrefix(`/dnpm-connect`)"
|
||||
|
||||
@@ -12,13 +12,13 @@ services:
|
||||
MYSQL_ROOT_HOST: "%"
|
||||
MYSQL_ROOT_PASSWORD: ${DNPM_MYSQL_ROOT_PASSWORD}
|
||||
volumes:
|
||||
- /var/cache/bridgehead/dnpm/mysql:/var/lib/mysql
|
||||
- /var/cache/bridgehead/dnpm/mysql:/var/lib/mysql:Z
|
||||
|
||||
dnpm-authup:
|
||||
image: authup/authup:latest
|
||||
container_name: bridgehead-dnpm-authup
|
||||
volumes:
|
||||
- /var/cache/bridgehead/dnpm/authup:/usr/src/app/writable
|
||||
- /var/cache/bridgehead/dnpm/authup:/usr/src/app/writable:Z
|
||||
depends_on:
|
||||
dnpm-mysql:
|
||||
condition: service_healthy
|
||||
@@ -43,7 +43,7 @@ services:
|
||||
- "traefik.http.routers.dnpm-auth.tls=true"
|
||||
|
||||
dnpm-portal:
|
||||
image: ghcr.io/dnpm-dip/portal:${DNPM_IMAGE_TAG:-latest}
|
||||
image: ghcr.io/dnpm-dip/portal:latest
|
||||
container_name: bridgehead-dnpm-portal
|
||||
environment:
|
||||
- NUXT_API_URL=http://dnpm-backend:9000/
|
||||
@@ -58,7 +58,7 @@ services:
|
||||
|
||||
dnpm-backend:
|
||||
container_name: bridgehead-dnpm-backend
|
||||
image: ghcr.io/dnpm-dip/backend:${DNPM_IMAGE_TAG:-latest}
|
||||
image: ghcr.io/dnpm-dip/backend:latest
|
||||
environment:
|
||||
- LOCAL_SITE=${ZPM_SITE}:${SITE_NAME} # Format: {Site-ID}:{Site-name}, e.g. UKT:Tübingen
|
||||
- RD_RANDOM_DATA=${DNPM_SYNTH_NUM:--1}
|
||||
@@ -68,7 +68,7 @@ services:
|
||||
- AUTHUP_URL=robot://system:${DNPM_AUTHUP_SECRET}@http://dnpm-authup:3000
|
||||
volumes:
|
||||
- /etc/bridgehead/dnpm/config:/dnpm_config
|
||||
- /var/cache/bridgehead/dnpm/backend-data:/dnpm_data
|
||||
- /var/cache/bridgehead/dnpm/backend-data:/dnpm_data:Z
|
||||
depends_on:
|
||||
dnpm-authup:
|
||||
condition: service_healthy
|
||||
|
||||
@@ -24,7 +24,7 @@ services:
|
||||
- "traefik.http.middlewares.exporter_ccp_strip.stripprefix.prefixes=/ccp-exporter"
|
||||
- "traefik.http.routers.exporter_ccp.middlewares=exporter_ccp_strip"
|
||||
volumes:
|
||||
- "/var/cache/bridgehead/ccp/exporter-files:/app/exporter-files/output"
|
||||
- "/var/cache/bridgehead/ccp/exporter-files:/app/exporter-files/output:z"
|
||||
|
||||
exporter-db:
|
||||
image: docker.verbis.dkfz.de/cache/postgres:${POSTGRES_TAG}
|
||||
@@ -35,7 +35,7 @@ services:
|
||||
POSTGRES_DB: "exporter"
|
||||
volumes:
|
||||
# Consider removing this volume once we find a solution to save Lens-queries to be executed in the explorer.
|
||||
- "/var/cache/bridgehead/ccp/exporter-db:/var/lib/postgresql/data"
|
||||
- "/var/cache/bridgehead/ccp/exporter-db:/var/lib/postgresql/data:Z"
|
||||
|
||||
reporter:
|
||||
image: docker.verbis.dkfz.de/ccp/dktk-reporter:latest
|
||||
@@ -57,7 +57,7 @@ services:
|
||||
# There is a risk that the bridgehead restarts, losing the already created export.
|
||||
|
||||
volumes:
|
||||
- "/var/cache/bridgehead/ccp/reporter-files:/app/reports"
|
||||
- "/var/cache/bridgehead/ccp/reporter-files:/app/reports:z"
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.reporter_ccp.rule=PathPrefix(`/ccp-reporter`)"
|
||||
|
||||
@@ -22,7 +22,7 @@ services:
|
||||
POSTGRES_PASSWORD: "${DASHBOARD_DB_PASSWORD}" # Set in dashboard-setup.sh
|
||||
POSTGRES_DB: "dashboard"
|
||||
volumes:
|
||||
- "/var/cache/bridgehead/ccp/dashboard-db:/var/lib/postgresql/data"
|
||||
- "/var/cache/bridgehead/ccp/dashboard-db:/var/lib/postgresql/data:Z"
|
||||
|
||||
focus:
|
||||
environment:
|
||||
|
||||
@@ -14,7 +14,6 @@ services:
|
||||
MAGICPL_CONNECTOR_APIKEY: ${IDMANAGER_READ_APIKEY}
|
||||
MAGICPL_CENTRAL_PATIENTLIST_APIKEY: ${IDMANAGER_CENTRAL_PATIENTLIST_APIKEY}
|
||||
MAGICPL_CONTROLNUMBERGENERATOR_APIKEY: ${IDMANAGER_CONTROLNUMBERGENERATOR_APIKEY}
|
||||
MAGICPL_OIDC_PROVIDER: ${OIDC_PRIVATE_URL}
|
||||
depends_on:
|
||||
- patientlist
|
||||
- traefik-forward-auth
|
||||
@@ -63,7 +62,7 @@ services:
|
||||
volumes:
|
||||
- "patientlist-db-data:/var/lib/postgresql/data"
|
||||
# NOTE: Add backups here. This is only imported if /var/lib/bridgehead/data/patientlist/ is empty!!!
|
||||
- "/tmp/bridgehead/patientlist/:/docker-entrypoint-initdb.d/"
|
||||
- "/tmp/bridgehead/patientlist/:/docker-entrypoint-initdb.d/:Z"
|
||||
|
||||
traefik-forward-auth:
|
||||
image: docker.verbis.dkfz.de/cache/oauth2-proxy/oauth2-proxy:latest
|
||||
@@ -72,14 +71,12 @@ services:
|
||||
- https_proxy=http://forward_proxy:3128
|
||||
- OAUTH2_PROXY_PROVIDER=oidc
|
||||
- OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true
|
||||
- OAUTH2_PROXY_OIDC_ISSUER_URL=${OIDC_PRIVATE_URL}
|
||||
- OAUTH2_PROXY_CLIENT_ID=${OIDC_PRIVATE_CLIENT_ID}
|
||||
- OAUTH2_PROXY_CLIENT_SECRET=${OIDC_CLIENT_SECRET}
|
||||
- OAUTH2_PROXY_OIDC_ISSUER_URL=https://login.verbis.dkfz.de/realms/master
|
||||
- OAUTH2_PROXY_CLIENT_ID=bridgehead-${SITE_ID}
|
||||
- OAUTH2_PROXY_CLIENT_SECRET=${IDMANAGER_AUTH_CLIENT_SECRET}
|
||||
- OAUTH2_PROXY_COOKIE_SECRET=${IDMANAGER_AUTH_COOKIE_SECRET}
|
||||
- OAUTH2_PROXY_COOKIE_NAME=_BRIDGEHEAD_oauth2_idm
|
||||
- OAUTH2_PROXY_COOKIE_DOMAINS=.${HOST}
|
||||
- OAUTH2_PROXY_COOKIE_REFRESH=4m
|
||||
- OAUTH2_PROXY_COOKIE_EXPIRE=24h
|
||||
- OAUTH2_PROXY_HTTP_ADDRESS=:4180
|
||||
- OAUTH2_PROXY_REVERSE_PROXY=true
|
||||
- OAUTH2_PROXY_WHITELIST_DOMAINS=.${HOST}
|
||||
@@ -90,8 +87,8 @@ services:
|
||||
- OAUTH2_PROXY_SET_AUTHORIZATION_HEADER=true
|
||||
- OAUTH2_PROXY_SET_XAUTHREQUEST=true
|
||||
# Keycloak has an expiration time of 60s therefore oauth2-proxy needs to refresh after that
|
||||
- OAUTH2_PROXY_ALLOWED_GROUPS=${OIDC_PSP_GROUP}
|
||||
- OAUTH2_PROXY_OIDC_GROUPS_CLAIM=${OIDC_GROUP_CLAIM}
|
||||
- OAUTH2_PROXY_COOKIE_REFRESH=60s
|
||||
- OAUTH2_PROXY_ALLOWED_GROUPS=DKTK-CCP-PPSN
|
||||
- OAUTH2_PROXY_PROXY_PREFIX=/oauth2-idm
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
|
||||
@@ -14,8 +14,6 @@ function idManagementSetup() {
|
||||
|
||||
# Ensure old ids are working !!!
|
||||
export IDMANAGEMENT_FRIENDLY_ID=$(legacyIdMapping "$SITE_ID")
|
||||
|
||||
add_private_oidc_redirect_url "/oauth2-idm/callback"
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
@@ -2,7 +2,7 @@ version: "3.7"
|
||||
|
||||
services:
|
||||
mtba:
|
||||
image: docker.verbis.dkfz.de/cache/samply/mtba:${MTBA_TAG}
|
||||
image: docker.verbis.dkfz.de/cache/samply/mtba:develop
|
||||
container_name: bridgehead-mtba
|
||||
environment:
|
||||
BLAZE_STORE_URL: http://blaze:8080
|
||||
@@ -22,14 +22,8 @@ services:
|
||||
HTTP_RELATIVE_PATH: "/mtba"
|
||||
OIDC_ADMIN_GROUP: "${OIDC_ADMIN_GROUP}"
|
||||
OIDC_CLIENT_ID: "${OIDC_PRIVATE_CLIENT_ID}"
|
||||
# TODO: Add following variables after moving to Authentik:
|
||||
#OIDC_CLIENT_SECRET: "${OIDC_CLIENT_SECRET}"
|
||||
#OIDC_URL: "${OIDC_URL}"
|
||||
# TODO: Remove following variables after moving to Authentik:
|
||||
# Please add KECLOAK_CLIENT_SECRET in ccp.conf
|
||||
OIDC_CLIENT_SECRET: "${KEYCLOAK_CLIENT_SECRET}"
|
||||
OIDC_URL: "https://login.verbis.dkfz.de/realms/test-realm-01"
|
||||
OIDC_ADMIN_URL: "https://login.verbis.dkfz.de/admin/realms/test-realm-01"
|
||||
OIDC_CLIENT_SECRET: "${OIDC_CLIENT_SECRET}"
|
||||
OIDC_URL: "${OIDC_URL}"
|
||||
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
@@ -38,8 +32,8 @@ services:
|
||||
- "traefik.http.routers.mtba_ccp.tls=true"
|
||||
|
||||
volumes:
|
||||
- /var/cache/bridgehead/ccp/mtba/input:/app/input
|
||||
- /var/cache/bridgehead/ccp/mtba/persist:/app/persist
|
||||
- /var/cache/bridgehead/ccp/mtba/input:/app/input:z
|
||||
- /var/cache/bridgehead/ccp/mtba/persist:/app/persist:z
|
||||
|
||||
# TODO: Include CBioPortal in Deployment ...
|
||||
# NOTE: CBioPortal can't load data while the system is running. So after import of data bridgehead needs to be restarted!
|
||||
|
||||
@@ -19,7 +19,7 @@ services:
|
||||
HTTP_RELATIVE_PATH: "/ccp-teiler"
|
||||
|
||||
teiler-dashboard:
|
||||
image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:${TEILER_DASHBOARD_TAG}
|
||||
image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop
|
||||
container_name: bridgehead-teiler-dashboard
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
|
||||
4
ccp/vars
4
ccp/vars
@@ -10,11 +10,9 @@ BROKER_URL_FOR_PREREQ=$BROKER_URL
|
||||
|
||||
OIDC_USER_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})"
|
||||
OIDC_ADMIN_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})_Verwalter"
|
||||
OIDC_PSP_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})_PSP"
|
||||
OIDC_PRIVATE_CLIENT_ID=${SITE_ID}-private
|
||||
OIDC_PUBLIC_CLIENT_ID=${SITE_ID}-public
|
||||
OIDC_URL="https://sso.verbis.dkfz.de/application/o/${OIDC_PUBLIC_CLIENT_ID}/"
|
||||
OIDC_PRIVATE_URL="https://sso.verbis.dkfz.de/application/o/${OIDC_PRIVATE_CLIENT_ID}/"
|
||||
OIDC_URL="https://login.verbis.dkfz.de/realms/test-realm-01"
|
||||
OIDC_GROUP_CLAIM="groups"
|
||||
|
||||
for module in $PROJECT/modules/*.sh
|
||||
|
||||
@@ -33,13 +33,13 @@ services:
|
||||
EPSILON: 0.28
|
||||
QUERIES_TO_CACHE: '/queries_to_cache.conf'
|
||||
volumes:
|
||||
- /srv/docker/bridgehead/dhki/queries_to_cache.conf:/queries_to_cache.conf:ro
|
||||
- /srv/docker/bridgehead/dhki/queries_to_cache.conf:/queries_to_cache.conf:ro,Z
|
||||
depends_on:
|
||||
- "beam-proxy"
|
||||
- "blaze"
|
||||
|
||||
beam-proxy:
|
||||
image: docker.verbis.dkfz.de/cache/samply/beam-proxy:${BEAM_TAG}
|
||||
image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop
|
||||
container_name: bridgehead-beam-proxy
|
||||
environment:
|
||||
BROKER_URL: ${BROKER_URL}
|
||||
@@ -55,12 +55,10 @@ services:
|
||||
- "forward_proxy"
|
||||
volumes:
|
||||
- /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
|
||||
- /srv/docker/bridgehead/dhki/root.crt.pem:/conf/root.crt.pem:ro
|
||||
- /srv/docker/bridgehead/dhki/root.crt.pem:/conf/root.crt.pem:ro,Z
|
||||
# secrets don't seem to allow us to specify Z
|
||||
- /etc/bridgehead/pki/${SITE_ID}.priv.pem:/run/secrets/proxy.pem:ro
|
||||
|
||||
|
||||
volumes:
|
||||
blaze-data:
|
||||
|
||||
secrets:
|
||||
proxy.pem:
|
||||
file: /etc/bridgehead/pki/${SITE_ID}.priv.pem
|
||||
|
||||
@@ -35,7 +35,7 @@ services:
|
||||
QUERIES_TO_CACHE: '/queries_to_cache.conf'
|
||||
ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze}
|
||||
volumes:
|
||||
- /srv/docker/bridgehead/itcc/queries_to_cache.conf:/queries_to_cache.conf:ro
|
||||
- /srv/docker/bridgehead/itcc/queries_to_cache.conf:/queries_to_cache.conf:ro,Z
|
||||
depends_on:
|
||||
- "beam-proxy"
|
||||
- "blaze"
|
||||
@@ -51,18 +51,14 @@ services:
|
||||
ALL_PROXY: http://forward_proxy:3128
|
||||
TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
|
||||
ROOTCERT_FILE: /conf/root.crt.pem
|
||||
secrets:
|
||||
- proxy.pem
|
||||
depends_on:
|
||||
- "forward_proxy"
|
||||
volumes:
|
||||
- /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
|
||||
- /srv/docker/bridgehead/itcc/root.crt.pem:/conf/root.crt.pem:ro
|
||||
- /srv/docker/bridgehead/itcc/root.crt.pem:/conf/root.crt.pem:ro,Z
|
||||
# secrets don't seem to allow us to specify Z
|
||||
- /etc/bridgehead/pki/${SITE_ID}.priv.pem:/run/secrets/proxy.pem:ro
|
||||
|
||||
|
||||
volumes:
|
||||
blaze-data:
|
||||
|
||||
secrets:
|
||||
proxy.pem:
|
||||
file: /etc/bridgehead/pki/${SITE_ID}.priv.pem
|
||||
|
||||
@@ -40,7 +40,7 @@ services:
|
||||
- "blaze"
|
||||
|
||||
beam-proxy:
|
||||
image: docker.verbis.dkfz.de/cache/samply/beam-proxy:${BEAM_TAG}
|
||||
image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop
|
||||
container_name: bridgehead-beam-proxy
|
||||
environment:
|
||||
BROKER_URL: ${BROKER_URL}
|
||||
@@ -56,12 +56,10 @@ services:
|
||||
- "forward_proxy"
|
||||
volumes:
|
||||
- /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
|
||||
- /srv/docker/bridgehead/kr/root.crt.pem:/conf/root.crt.pem:ro
|
||||
- /srv/docker/bridgehead/kr/root.crt.pem:/conf/root.crt.pem:ro,Z
|
||||
# secrets don't seem to allow us to specify Z
|
||||
- /etc/bridgehead/pki/${SITE_ID}.priv.pem:/run/secrets/proxy.pem:ro
|
||||
|
||||
|
||||
volumes:
|
||||
blaze-data:
|
||||
|
||||
secrets:
|
||||
proxy.pem:
|
||||
file: /etc/bridgehead/pki/${SITE_ID}.priv.pem
|
||||
|
||||
@@ -1,10 +1,9 @@
|
||||
version: "3.7"
|
||||
|
||||
services:
|
||||
|
||||
exporter:
|
||||
image: docker.verbis.dkfz.de/ccp/dktk-exporter:latest
|
||||
container_name: bridgehead-kr-exporter
|
||||
container_name: bridgehead-ccp-exporter
|
||||
environment:
|
||||
JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"
|
||||
LOG_LEVEL: "INFO"
|
||||
@@ -13,51 +12,39 @@ services:
|
||||
EXPORTER_DB_USER: "exporter"
|
||||
EXPORTER_DB_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh
|
||||
EXPORTER_DB_URL: "jdbc:postgresql://exporter-db:5432/exporter"
|
||||
HTTP_RELATIVE_PATH: "/kr-exporter"
|
||||
HTTP_RELATIVE_PATH: "/ccp-exporter"
|
||||
SITE: "${SITE_ID}"
|
||||
HTTP_SERVLET_REQUEST_SCHEME: "https"
|
||||
OPAL_PASSWORD: "${EXPORTER_OPAL_PASSWORD}"
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.exporter_kr.rule=PathPrefix(`/kr-exporter`)"
|
||||
- "traefik.http.services.exporter_kr.loadbalancer.server.port=8092"
|
||||
- "traefik.http.routers.exporter_kr.tls=true"
|
||||
- "traefik.http.middlewares.exporter_kr_strip.stripprefix.prefixes=/kr-exporter"
|
||||
- "traefik.http.routers.exporter_kr.middlewares=exporter_kr_strip"
|
||||
# Main router
|
||||
- "traefik.http.routers.exporter_kr.priority=20"
|
||||
|
||||
# API router
|
||||
- "traefik.http.routers.exporter_kr_api.middlewares=exporter_kr_strip,exporter_auth"
|
||||
- "traefik.http.routers.exporter_kr_api.rule=PathRegexp(`/kr-exporter/.+`)"
|
||||
- "traefik.http.routers.exporter_kr_api.tls=true"
|
||||
- "traefik.http.routers.exporter_kr_api.priority=25"
|
||||
|
||||
# Shared middlewares
|
||||
- "traefik.http.middlewares.exporter_auth.basicauth.users=${EXPORTER_USER}"
|
||||
|
||||
- "traefik.http.routers.exporter_ccp.rule=PathPrefix(`/ccp-exporter`)"
|
||||
- "traefik.http.services.exporter_ccp.loadbalancer.server.port=8092"
|
||||
- "traefik.http.routers.exporter_ccp.tls=true"
|
||||
- "traefik.http.middlewares.exporter_ccp_strip.stripprefix.prefixes=/ccp-exporter"
|
||||
- "traefik.http.routers.exporter_ccp.middlewares=exporter_ccp_strip"
|
||||
volumes:
|
||||
- "/var/cache/bridgehead/kr/exporter-files:/app/exporter-files/output"
|
||||
- "/var/cache/bridgehead/ccp/exporter-files:/app/exporter-files/output:z"
|
||||
|
||||
exporter-db:
|
||||
image: docker.verbis.dkfz.de/cache/postgres:${POSTGRES_TAG}
|
||||
container_name: bridgehead-kr-exporter-db
|
||||
container_name: bridgehead-ccp-exporter-db
|
||||
environment:
|
||||
POSTGRES_USER: "exporter"
|
||||
POSTGRES_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh
|
||||
POSTGRES_DB: "exporter"
|
||||
volumes:
|
||||
# Consider removing this volume once we find a solution to save Lens-queries to be executed in the explorer.
|
||||
- "/var/cache/bridgehead/kr/exporter-db:/var/lib/postgresql/data"
|
||||
- "/var/cache/bridgehead/ccp/exporter-db:/var/lib/postgresql/data:Z"
|
||||
|
||||
reporter:
|
||||
image: docker.verbis.dkfz.de/ccp/dktk-reporter:latest
|
||||
container_name: bridgehead-kr-reporter
|
||||
container_name: bridgehead-ccp-reporter
|
||||
environment:
|
||||
JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"
|
||||
LOG_LEVEL: "INFO"
|
||||
CROSS_ORIGINS: "https://${HOST}"
|
||||
HTTP_RELATIVE_PATH: "/kr-reporter"
|
||||
HTTP_RELATIVE_PATH: "/ccp-reporter"
|
||||
SITE: "${SITE_ID}"
|
||||
EXPORTER_API_KEY: "${EXPORTER_API_KEY}" # Set in exporter-setup.sh
|
||||
EXPORTER_URL: "http://exporter:8092"
|
||||
@@ -65,23 +52,16 @@ services:
|
||||
HTTP_SERVLET_REQUEST_SCHEME: "https"
|
||||
|
||||
# In this initial development state of the bridgehead, we are trying to have so many volumes as possible.
|
||||
# However, in the first executions in the kr sites, this volume seems to be very important. A report is
|
||||
# However, in the first executions in the CCP sites, this volume seems to be very important. A report is
|
||||
# a process that can take several hours, because it depends on the exporter.
|
||||
# There is a risk that the bridgehead restarts, losing the already created export.
|
||||
|
||||
volumes:
|
||||
- "/var/cache/bridgehead/kr/reporter-files:/app/reports"
|
||||
- "/var/cache/bridgehead/ccp/reporter-files:/app/reports:z"
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.reporter_kr.rule=PathPrefix(`/kr-reporter`)"
|
||||
- "traefik.http.services.reporter_kr.loadbalancer.server.port=8095"
|
||||
- "traefik.http.routers.reporter_kr.tls=true"
|
||||
- "traefik.http.middlewares.reporter_kr_strip.stripprefix.prefixes=/kr-reporter"
|
||||
- "traefik.http.routers.reporter_kr.middlewares=reporter_kr_strip"
|
||||
- "traefik.http.routers.reporter_kr.priority=20"
|
||||
|
||||
- "traefik.http.routers.reporter_kr_api.middlewares=reporter_kr_strip,exporter_auth"
|
||||
- "traefik.http.routers.reporter_kr_api.rule=PathRegexp(`/kr-reporter/.+`)"
|
||||
- "traefik.http.routers.reporter_kr_api.tls=true"
|
||||
- "traefik.http.routers.reporter_kr_api.priority=25"
|
||||
|
||||
- "traefik.http.routers.reporter_ccp.rule=PathPrefix(`/ccp-reporter`)"
|
||||
- "traefik.http.services.reporter_ccp.loadbalancer.server.port=8095"
|
||||
- "traefik.http.routers.reporter_ccp.tls=true"
|
||||
- "traefik.http.middlewares.reporter_ccp_strip.stripprefix.prefixes=/ccp-reporter"
|
||||
- "traefik.http.routers.reporter_ccp.middlewares=reporter_ccp_strip"
|
||||
|
||||
15
kr/modules/exporter.md
Normal file
15
kr/modules/exporter.md
Normal file
@@ -0,0 +1,15 @@
|
||||
# Exporter and Reporter
|
||||
|
||||
|
||||
## Exporter
|
||||
The exporter is a REST API that exports the data of the different databases of the bridgehead in a set of tables.
|
||||
It can accept different output formats as CSV, Excel, JSON or XML. It can also export data into Opal.
|
||||
|
||||
## Exporter-DB
|
||||
It is a database to save queries for its execution in the exporter.
|
||||
The exporter manages also the different executions of the same query in through the database.
|
||||
|
||||
## Reporter
|
||||
This component is a plugin of the exporter that allows to create more complex Excel reports described in templates.
|
||||
It is compatible with different template engines as Groovy, Thymeleaf,...
|
||||
It is perfect to generate a document as our traditional CCP quality report.
|
||||
@@ -7,58 +7,70 @@ services:
|
||||
container_name: bridgehead-teiler-orchestrator
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.teiler_orchestrator_kr.rule=PathPrefix(`/kr-teiler`)"
|
||||
- "traefik.http.services.teiler_orchestrator_kr.loadbalancer.server.port=9000"
|
||||
- "traefik.http.routers.teiler_orchestrator_kr.tls=true"
|
||||
- "traefik.http.middlewares.teiler_orchestrator_kr_strip.stripprefix.prefixes=/kr-teiler"
|
||||
- "traefik.http.routers.teiler_orchestrator_kr.middlewares=teiler_orchestrator_kr_strip"
|
||||
- "traefik.http.routers.teiler_orchestrator_ccp.rule=PathPrefix(`/ccp-teiler`)"
|
||||
- "traefik.http.services.teiler_orchestrator_ccp.loadbalancer.server.port=9000"
|
||||
- "traefik.http.routers.teiler_orchestrator_ccp.tls=true"
|
||||
- "traefik.http.middlewares.teiler_orchestrator_ccp_strip.stripprefix.prefixes=/ccp-teiler"
|
||||
- "traefik.http.routers.teiler_orchestrator_ccp.middlewares=teiler_orchestrator_ccp_strip"
|
||||
environment:
|
||||
TEILER_BACKEND_URL: "/kr-teiler-backend"
|
||||
TEILER_DASHBOARD_URL: "/kr-teiler-dashboard"
|
||||
TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend"
|
||||
TEILER_DASHBOARD_URL: "https://${HOST}/ccp-teiler-dashboard"
|
||||
DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE_LOWER_CASE}"
|
||||
HTTP_RELATIVE_PATH: "/kr-teiler"
|
||||
HTTP_RELATIVE_PATH: "/ccp-teiler"
|
||||
|
||||
teiler-dashboard:
|
||||
image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:${TEILER_DASHBOARD_TAG}
|
||||
image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop
|
||||
container_name: bridgehead-teiler-dashboard
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.teiler_dashboard_kr.rule=PathPrefix(`/kr-teiler-dashboard`)"
|
||||
- "traefik.http.services.teiler_dashboard_kr.loadbalancer.server.port=80"
|
||||
- "traefik.http.routers.teiler_dashboard_kr.tls=true"
|
||||
- "traefik.http.middlewares.teiler_dashboard_kr_strip.stripprefix.prefixes=/kr-teiler-dashboard"
|
||||
- "traefik.http.routers.teiler_dashboard_kr.middlewares=teiler_dashboard_kr_strip"
|
||||
- "traefik.http.routers.teiler_dashboard_ccp.rule=PathPrefix(`/ccp-teiler-dashboard`)"
|
||||
- "traefik.http.services.teiler_dashboard_ccp.loadbalancer.server.port=80"
|
||||
- "traefik.http.routers.teiler_dashboard_ccp.tls=true"
|
||||
- "traefik.http.middlewares.teiler_dashboard_ccp_strip.stripprefix.prefixes=/ccp-teiler-dashboard"
|
||||
- "traefik.http.routers.teiler_dashboard_ccp.middlewares=teiler_dashboard_ccp_strip"
|
||||
environment:
|
||||
DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
|
||||
TEILER_BACKEND_URL: "/kr-teiler-backend"
|
||||
TEILER_DASHBOARD_URL: "/kr-teiler-dashboard"
|
||||
TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend"
|
||||
TEILER_DASHBOARD_URL: "https://${HOST}/ccp-teiler-dashboard"
|
||||
OIDC_URL: "${OIDC_URL}"
|
||||
OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}"
|
||||
OIDC_TOKEN_GROUP: "${OIDC_GROUP_CLAIM}"
|
||||
TEILER_ADMIN_NAME: "${OPERATOR_FIRST_NAME} ${OPERATOR_LAST_NAME}"
|
||||
TEILER_ADMIN_EMAIL: "${OPERATOR_EMAIL}"
|
||||
TEILER_ADMIN_PHONE: "${OPERATOR_PHONE}"
|
||||
TEILER_PROJECT: "${PROJECT}"
|
||||
EXPORTER_API_KEY: "${EXPORTER_API_KEY}"
|
||||
TEILER_ORCHESTRATOR_URL: "/kr-teiler"
|
||||
TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/kr-teiler"
|
||||
TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler"
|
||||
TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/ccp-teiler"
|
||||
TEILER_USER: "${OIDC_USER_GROUP}"
|
||||
TEILER_ADMIN: "${OIDC_ADMIN_GROUP}"
|
||||
REPORTER_DEFAULT_TEMPLATE_ID: "ccp-qb"
|
||||
EXPORTER_DEFAULT_TEMPLATE_ID: "ccp"
|
||||
|
||||
|
||||
teiler-backend:
|
||||
image: docker.verbis.dkfz.de/ccp/kr-teiler-backend:latest
|
||||
image: docker.verbis.dkfz.de/ccp/dktk-teiler-backend:latest
|
||||
container_name: bridgehead-teiler-backend
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.teiler_backend_kr.rule=PathPrefix(`/kr-teiler-backend`)"
|
||||
- "traefik.http.services.teiler_backend_kr.loadbalancer.server.port=8085"
|
||||
- "traefik.http.routers.teiler_backend_kr.tls=true"
|
||||
- "traefik.http.middlewares.teiler_backend_kr_strip.stripprefix.prefixes=/kr-teiler-backend"
|
||||
- "traefik.http.routers.teiler_backend_kr.middlewares=teiler_backend_kr_strip"
|
||||
- "traefik.http.routers.teiler_backend_ccp.rule=PathPrefix(`/ccp-teiler-backend`)"
|
||||
- "traefik.http.services.teiler_backend_ccp.loadbalancer.server.port=8085"
|
||||
- "traefik.http.routers.teiler_backend_ccp.tls=true"
|
||||
- "traefik.http.middlewares.teiler_backend_ccp_strip.stripprefix.prefixes=/ccp-teiler-backend"
|
||||
- "traefik.http.routers.teiler_backend_ccp.middlewares=teiler_backend_ccp_strip"
|
||||
environment:
|
||||
LOG_LEVEL: "INFO"
|
||||
APPLICATION_PORT: "8085"
|
||||
APPLICATION_ADDRESS: "${HOST}"
|
||||
DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
|
||||
TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/kr-teiler"
|
||||
TEILER_ORCHESTRATOR_URL: "/kr-teiler"
|
||||
TEILER_DASHBOARD_DE_URL: "/kr-teiler-dashboard/de"
|
||||
TEILER_DASHBOARD_EN_URL: "/kr-teiler-dashboard/en"
|
||||
CONFIG_ENV_VAR_PATH: "/run/secrets/ccp.conf"
|
||||
TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/ccp-teiler"
|
||||
TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler"
|
||||
TEILER_DASHBOARD_DE_URL: "https://${HOST}/ccp-teiler-dashboard/de"
|
||||
TEILER_DASHBOARD_EN_URL: "https://${HOST}/ccp-teiler-dashboard/en"
|
||||
HTTP_PROXY: "http://forward_proxy:3128"
|
||||
ENABLE_MTBA: "${ENABLE_MTBA}"
|
||||
ENABLE_DATASHIELD: "${ENABLE_DATASHIELD}"
|
||||
volumes:
|
||||
# secrets don't seem to allow us to specify Z
|
||||
- /etc/bridgehead/ccp.conf:/run/secrets/ccp.conf:ro
|
||||
|
||||
@@ -3,6 +3,7 @@
|
||||
if [ "$ENABLE_TEILER" == true ];then
|
||||
log INFO "Teiler setup detected -- will start Teiler services."
|
||||
OVERRIDE+=" -f ./$PROJECT/modules/teiler-compose.yml"
|
||||
TEILER_DEFAULT_LANGUAGE=EN
|
||||
TEILER_DEFAULT_LANGUAGE=DE
|
||||
TEILER_DEFAULT_LANGUAGE_LOWER_CASE=${TEILER_DEFAULT_LANGUAGE,,}
|
||||
add_public_oidc_redirect_url "/ccp-teiler/*"
|
||||
fi
|
||||
|
||||
19
kr/modules/teiler.md
Normal file
19
kr/modules/teiler.md
Normal file
@@ -0,0 +1,19 @@
|
||||
# Teiler
|
||||
This module orchestrates the different microfrontends of the bridgehead as a single page application.
|
||||
|
||||
## Teiler Orchestrator
|
||||
Single SPA component that consists on the root HTML site of the single page application and a javascript code that
|
||||
gets the information about the microfrontend calling the teiler backend and is responsible for registering them. With the
|
||||
resulting mapping, it can initialize, mount and unmount the required microfrontends on the fly.
|
||||
|
||||
The microfrontends run independently in different containers and can be based on different frameworks (Angular, Vue, React,...)
|
||||
This microfrontends can run as single alone but need an extension with Single-SPA (https://single-spa.js.org/docs/ecosystem).
|
||||
There are also available three templates (Angular, Vue, React) to be directly extended to be used directly in the teiler.
|
||||
|
||||
## Teiler Dashboard
|
||||
It consists on the main dashboard and a set of embedded services.
|
||||
### Login
|
||||
user and password in ccp.local.conf
|
||||
|
||||
## Teiler Backend
|
||||
In this component, the microfrontends are configured.
|
||||
@@ -36,6 +36,32 @@ setupProxy() {
|
||||
export HTTPS_PROXY_HOST HTTPS_PROXY_PORT HTTPS_PROXY_FULL_URL
|
||||
}
|
||||
|
||||
checkAndSetSelinux() {
|
||||
# This is needed for the systemd service to start on SELinux systems.
|
||||
if ! command -v sestatus > /dev/null 2>&1; then
|
||||
echo "SELinux not available; nothing to do"
|
||||
return
|
||||
fi
|
||||
if ! sestatus | grep "SELinux status:" | grep enabled > /dev/null; then
|
||||
echo "SELinux disabled; nothing to do"
|
||||
return
|
||||
fi
|
||||
current_mode="$(sestatus | grep 'Current mode:' | tr -s ' ' | cut -d' ' -f 3)"
|
||||
echo "SELinux is active and ${current_mode}, checking for labels..."
|
||||
# TODO: perhaps split this into checkSelinux (without the need for root) and setSelinux (needing root)
|
||||
# "stat /srv/docker/bridgehead/bridgehead --printf %C" could be used for a check that doesn't need root
|
||||
exitIfNotRoot
|
||||
labels_for_srv="$(semanage fcontext --list | grep -e ^/srv)"
|
||||
echo "Found the following labels for /srv:"
|
||||
echo "${labels_for_srv}"
|
||||
if ! echo "${labels_for_srv}" | grep -e ^/srv/docker/bridgehead/bridgehead > /dev/null; then
|
||||
echo "Adding a label for /srv/docker/bridgehead/bridgehead..."
|
||||
semanage fcontext --add --type bin_t /srv/docker/bridgehead/bridgehead
|
||||
fi
|
||||
restorecon -v /srv/docker/bridgehead/bridgehead # this survives a reboot
|
||||
# TODO: check if this survives updates
|
||||
}
|
||||
|
||||
exitIfNotRoot() {
|
||||
if [ "$EUID" -ne 0 ]; then
|
||||
log "ERROR" "Please run as root"
|
||||
@@ -301,33 +327,19 @@ function sync_secrets() {
|
||||
if [[ $secret_sync_args == "" ]]; then
|
||||
return
|
||||
fi
|
||||
|
||||
if [ "$PROJECT" == "bbmri" ]; then
|
||||
# If the project is BBMRI, use the BBMRI-ERIC broker and not the GBN broker
|
||||
proxy_id=$ERIC_PROXY_ID
|
||||
broker_url=$ERIC_BROKER_URL
|
||||
broker_id=$ERIC_BROKER_ID
|
||||
root_crt_file="/srv/docker/bridgehead/bbmri/modules/${ERIC_ROOT_CERT}.root.crt.pem"
|
||||
else
|
||||
proxy_id=$PROXY_ID
|
||||
broker_url=$BROKER_URL
|
||||
broker_id=$BROKER_ID
|
||||
root_crt_file="/srv/docker/bridgehead/$PROJECT/root.crt.pem"
|
||||
fi
|
||||
|
||||
mkdir -p /var/cache/bridgehead/secrets/ || fail_and_report 1 "Failed to create '/var/cache/bridgehead/secrets/'. Please run sudo './bridgehead install $PROJECT' again."
|
||||
touch /var/cache/bridgehead/secrets/oidc
|
||||
docker run --rm \
|
||||
-v /var/cache/bridgehead/secrets/oidc:/usr/local/cache \
|
||||
-v $PRIVATEKEYFILENAME:/run/secrets/privkey.pem:ro \
|
||||
-v $root_crt_file:/run/secrets/root.crt.pem:ro \
|
||||
-v /srv/docker/bridgehead/$PROJECT/root.crt.pem:/run/secrets/root.crt.pem:ro \
|
||||
-v /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro \
|
||||
-e TLS_CA_CERTIFICATES_DIR=/conf/trusted-ca-certs \
|
||||
-e NO_PROXY=localhost,127.0.0.1 \
|
||||
-e ALL_PROXY=$HTTPS_PROXY_FULL_URL \
|
||||
-e PROXY_ID=$proxy_id \
|
||||
-e BROKER_URL=$broker_url \
|
||||
-e OIDC_PROVIDER=secret-sync-central.test-secret-sync.$broker_id \
|
||||
-e PROXY_ID=$PROXY_ID \
|
||||
-e BROKER_URL=$BROKER_URL \
|
||||
-e OIDC_PROVIDER=secret-sync-central.central-secret-sync.$BROKER_ID \
|
||||
-e SECRET_DEFINITIONS=$secret_sync_args \
|
||||
docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest
|
||||
|
||||
|
||||
@@ -3,6 +3,7 @@
|
||||
source lib/functions.sh
|
||||
|
||||
exitIfNotRoot
|
||||
checkAndSetSelinux
|
||||
|
||||
if [ $# -eq 0 ]; then
|
||||
log "ERROR" "Please provide a Project as argument"
|
||||
|
||||
@@ -55,9 +55,6 @@ case "$PROJECT" in
|
||||
cce)
|
||||
site_configuration_repository_middle="git.verbis.dkfz.de/cce-sites/"
|
||||
;;
|
||||
pscc)
|
||||
site_configuration_repository_middle="git.verbis.dkfz.de/pscc-sites/"
|
||||
;;
|
||||
itcc)
|
||||
site_configuration_repository_middle="git.verbis.dkfz.de/itcc-sites/"
|
||||
;;
|
||||
|
||||
@@ -25,6 +25,12 @@ services:
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
security_opt:
|
||||
# allow access to the docker socket on systems with SELinux
|
||||
- "label:type:container_runtime_t"
|
||||
cap_add:
|
||||
# Allow binding to ports <1024 without root
|
||||
- NET_BIND_SERVICE
|
||||
volumes:
|
||||
- /etc/bridgehead/traefik-tls:/certs:ro
|
||||
- ../lib/traefik-configuration/:/configuration:ro
|
||||
@@ -59,4 +65,3 @@ services:
|
||||
PROJECT: ${PROJECT}
|
||||
SITE_NAME: ${SITE_NAME}
|
||||
ENVIRONMENT: ${ENVIRONMENT}
|
||||
profiles: [deactivated]
|
||||
|
||||
@@ -12,13 +12,13 @@ services:
|
||||
ALL_PROXY: http://forward_proxy:3128
|
||||
TLS_CA_CERTIFICATES_DIR: ./conf/trusted-ca-certs
|
||||
ROOTCERT_FILE: ./conf/root.crt.pem
|
||||
secrets:
|
||||
- proxy.pem
|
||||
depends_on:
|
||||
- "forward_proxy"
|
||||
volumes:
|
||||
- /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
|
||||
- /srv/docker/bridgehead/ccp/root.crt.pem:/conf/root.crt.pem:ro
|
||||
- /srv/docker/bridgehead/ccp/root.crt.pem:/conf/root.crt.pem:ro,Z
|
||||
# secrets don't seem to allow us to specify Z
|
||||
- /etc/bridgehead/pki/${SITE_ID}.priv.pem:/run/secrets/proxy.pem:ro
|
||||
|
||||
dnpm-beam-connect:
|
||||
depends_on: [ dnpm-beam-proxy ]
|
||||
@@ -41,7 +41,7 @@ services:
|
||||
volumes:
|
||||
- /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
|
||||
- /etc/bridgehead/dnpm/local_targets.json:/conf/connect_targets.json:ro
|
||||
- /srv/docker/bridgehead/minimal/modules/dnpm-central-targets.json:/conf/central_targets.json:ro
|
||||
- /srv/docker/bridgehead/minimal/modules/dnpm-central-targets.json:/conf/central_targets.json:ro,Z
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.dnpm-connect.rule=PathPrefix(`/dnpm-connect`)"
|
||||
@@ -53,7 +53,3 @@ services:
|
||||
dnpm-echo:
|
||||
image: docker.verbis.dkfz.de/cache/samply/bridgehead-echo:latest
|
||||
container_name: bridgehead-dnpm-echo
|
||||
|
||||
secrets:
|
||||
proxy.pem:
|
||||
file: /etc/bridgehead/pki/${SITE_ID}.priv.pem
|
||||
|
||||
@@ -12,13 +12,13 @@ services:
|
||||
MYSQL_ROOT_HOST: "%"
|
||||
MYSQL_ROOT_PASSWORD: ${DNPM_MYSQL_ROOT_PASSWORD}
|
||||
volumes:
|
||||
- /var/cache/bridgehead/dnpm/mysql:/var/lib/mysql
|
||||
- /var/cache/bridgehead/dnpm/mysql:/var/lib/mysql:Z
|
||||
|
||||
dnpm-authup:
|
||||
image: authup/authup:latest
|
||||
container_name: bridgehead-dnpm-authup
|
||||
volumes:
|
||||
- /var/cache/bridgehead/dnpm/authup:/usr/src/app/writable
|
||||
- /var/cache/bridgehead/dnpm/authup:/usr/src/app/writable:Z
|
||||
depends_on:
|
||||
dnpm-mysql:
|
||||
condition: service_healthy
|
||||
@@ -43,7 +43,7 @@ services:
|
||||
- "traefik.http.routers.dnpm-auth.tls=true"
|
||||
|
||||
dnpm-portal:
|
||||
image: ghcr.io/dnpm-dip/portal:${DNPM_IMAGE_TAG:-latest}
|
||||
image: ghcr.io/dnpm-dip/portal:latest
|
||||
container_name: bridgehead-dnpm-portal
|
||||
environment:
|
||||
- NUXT_API_URL=http://dnpm-backend:9000/
|
||||
@@ -58,7 +58,7 @@ services:
|
||||
|
||||
dnpm-backend:
|
||||
container_name: bridgehead-dnpm-backend
|
||||
image: ghcr.io/dnpm-dip/backend:${DNPM_IMAGE_TAG:-latest}
|
||||
image: ghcr.io/dnpm-dip/backend:latest
|
||||
environment:
|
||||
- LOCAL_SITE=${ZPM_SITE}:${SITE_NAME} # Format: {Site-ID}:{Site-name}, e.g. UKT:Tübingen
|
||||
- RD_RANDOM_DATA=${DNPM_SYNTH_NUM:--1}
|
||||
@@ -68,7 +68,7 @@ services:
|
||||
- AUTHUP_URL=robot://system:${DNPM_AUTHUP_SECRET}@http://dnpm-authup:3000
|
||||
volumes:
|
||||
- /etc/bridgehead/dnpm/config:/dnpm_config
|
||||
- /var/cache/bridgehead/dnpm/backend-data:/dnpm_data
|
||||
- /var/cache/bridgehead/dnpm/backend-data:/dnpm_data:Z
|
||||
depends_on:
|
||||
dnpm-authup:
|
||||
condition: service_healthy
|
||||
|
||||
@@ -10,8 +10,4 @@ services:
|
||||
SSH_TUNNEL_PORT: "${SSH_TUNNEL_PORT:-22}"
|
||||
volumes:
|
||||
- "/etc/bridgehead/ssh-tunnel.conf:/ssh-tunnel.conf:ro"
|
||||
secrets:
|
||||
- privkey
|
||||
secrets:
|
||||
privkey:
|
||||
file: /etc/bridgehead/pki/ssh-tunnel.priv.pem
|
||||
- "/etc/bridgehead/pki/ssh-tunnel.priv.pem:/run/secrets/privkey:ro"
|
||||
|
||||
@@ -27,7 +27,7 @@ services:
|
||||
- NO_PROXY=${TRANSFAIR_NO_PROXIES}
|
||||
- ALL_PROXY=http://forward_proxy:3128
|
||||
volumes:
|
||||
- /var/cache/bridgehead/${PROJECT}/transfair:/transfair
|
||||
- /var/cache/bridgehead/${PROJECT}/transfair:/transfair:Z
|
||||
- /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
|
||||
@@ -1,65 +0,0 @@
|
||||
version: "3.7"
|
||||
|
||||
services:
|
||||
blaze:
|
||||
image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
|
||||
container_name: bridgehead-pscc-blaze
|
||||
environment:
|
||||
BASE_URL: "http://bridgehead-pscc-blaze:8080"
|
||||
JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m"
|
||||
DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000}
|
||||
DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP}
|
||||
CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32}
|
||||
ENFORCE_REFERENTIAL_INTEGRITY: "false"
|
||||
volumes:
|
||||
- "blaze-data:/app/data"
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.blaze_pscc.rule=PathPrefix(`/pscc-localdatamanagement`)"
|
||||
- "traefik.http.middlewares.pscc_b_strip.stripprefix.prefixes=/pscc-localdatamanagement"
|
||||
- "traefik.http.services.blaze_pscc.loadbalancer.server.port=8080"
|
||||
- "traefik.http.routers.blaze_pscc.middlewares=pscc_b_strip,auth"
|
||||
- "traefik.http.routers.blaze_pscc.tls=true"
|
||||
|
||||
focus:
|
||||
image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG}
|
||||
container_name: bridgehead-focus
|
||||
environment:
|
||||
API_KEY: ${FOCUS_BEAM_SECRET_SHORT}
|
||||
BEAM_APP_ID_LONG: focus.${PROXY_ID}
|
||||
PROXY_ID: ${PROXY_ID}
|
||||
BLAZE_URL: "http://bridgehead-pscc-blaze:8080/fhir/"
|
||||
BEAM_PROXY_URL: http://beam-proxy:8081
|
||||
RETRY_COUNT: ${FOCUS_RETRY_COUNT}
|
||||
EPSILON: 0.28
|
||||
ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze}
|
||||
depends_on:
|
||||
- "beam-proxy"
|
||||
- "blaze"
|
||||
|
||||
beam-proxy:
|
||||
image: docker.verbis.dkfz.de/cache/samply/beam-proxy:${BEAM_TAG}
|
||||
container_name: bridgehead-beam-proxy
|
||||
environment:
|
||||
BROKER_URL: ${BROKER_URL}
|
||||
PROXY_ID: ${PROXY_ID}
|
||||
APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT}
|
||||
PRIVKEY_FILE: /run/secrets/proxy.pem
|
||||
ALL_PROXY: http://forward_proxy:3128
|
||||
TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
|
||||
ROOTCERT_FILE: /conf/root.crt.pem
|
||||
secrets:
|
||||
- proxy.pem
|
||||
depends_on:
|
||||
- "forward_proxy"
|
||||
volumes:
|
||||
- /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
|
||||
- /srv/docker/bridgehead/pscc/root.crt.pem:/conf/root.crt.pem:ro
|
||||
|
||||
|
||||
volumes:
|
||||
blaze-data:
|
||||
|
||||
secrets:
|
||||
proxy.pem:
|
||||
file: /etc/bridgehead/pki/${SITE_ID}.priv.pem
|
||||
@@ -1,34 +0,0 @@
|
||||
version: "3.7"
|
||||
services:
|
||||
landing:
|
||||
container_name: lens_federated-search
|
||||
image: docker.verbis.dkfz.de/dashboard/pscc-explorer
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.landing.rule=PathPrefix(`/`)"
|
||||
- "traefik.http.services.landing.loadbalancer.server.port=5173"
|
||||
- "traefik.http.routers.landing.middlewares=auth"
|
||||
- "traefik.http.routers.landing.tls=true"
|
||||
|
||||
# spot:
|
||||
# image: docker.verbis.dkfz.de/ccp-private/central-spot
|
||||
# environment:
|
||||
# BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}"
|
||||
# BEAM_URL: http://beam-proxy:8081
|
||||
# BEAM_PROXY_ID: ${SITE_ID}
|
||||
# BEAM_BROKER_ID: ${BROKER_ID}
|
||||
# BEAM_APP_ID: "focus"
|
||||
# PROJECT_METADATA: "cce_supervisors"
|
||||
# depends_on:
|
||||
# - "beam-proxy"
|
||||
# labels:
|
||||
# - "traefik.enable=true"
|
||||
# - "traefik.http.services.spot.loadbalancer.server.port=8080"
|
||||
# - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST"
|
||||
# - "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}"
|
||||
# - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true"
|
||||
# - "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1"
|
||||
# - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/backend`)"
|
||||
# - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/backend"
|
||||
# - "traefik.http.routers.spot.tls=true"
|
||||
# - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot"
|
||||
@@ -1,5 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ -n "$ENABLE_LENS" ];then
|
||||
OVERRIDE+=" -f ./$PROJECT/modules/lens-compose.yml"
|
||||
fi
|
||||
@@ -1,20 +0,0 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDNTCCAh2gAwIBAgIUW34NEb7bl0+Ywx+I1VKtY5vpAOowDQYJKoZIhvcNAQEL
|
||||
BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjQwMTIyMTMzNzEzWhcNMzQw
|
||||
MTE5MTMzNzQzWjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN
|
||||
AQEBBQADggEPADCCAQoCggEBAL5UegLXTlq3XRRj8LyFs3aF0tpRPVoW9RXp5kFI
|
||||
TnBvyO6qjNbMDT/xK+4iDtEX4QQUvsxAKxfXbe9i1jpdwjgH7JHaSGm2IjAiKLqO
|
||||
OXQQtguWwfNmmp96Ql13ArLj458YH08xMO/w2NFWGwB/hfARa4z/T0afFuc/tKJf
|
||||
XbGCG9xzJ9tmcG45QN8NChGhVvaTweNdVxGWlpHxmi0Mn8OM9CEuB7nPtTTiBuiu
|
||||
pRC2zVVmNjVp4ktkAqL7IHOz+/F5nhiz6tOika9oD3376Xj055lPznLcTQn2+4d7
|
||||
K7ZrBopCFxIQPjkgmYRLfPejbpdUjK1UVJw7hbWkqWqH7JMCAwEAAaN7MHkwDgYD
|
||||
VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGjvRcaIP4HM
|
||||
poIguUAK9YL2n7fbMB8GA1UdIwQYMBaAFGjvRcaIP4HMpoIguUAK9YL2n7fbMBYG
|
||||
A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQCbzycJSaDm
|
||||
AXXNJqQ88djrKs5MDXS8RIjS/cu2ayuLaYDe+BzVmUXNA0Vt9nZGdaz63SLLcjpU
|
||||
fNSxBfKbwmf7s30AK8Cnfj9q4W/BlBeVizUHQsg1+RQpDIdMrRQrwkXv8mfLw+w5
|
||||
3oaXNW6W/8KpBp/H8TBZ6myl6jCbeR3T8EMXBwipMGop/1zkbF01i98Xpqmhx2+l
|
||||
n+80ofPsSspOo5XmgCZym8CD/m/oFHmjcvOfpOCvDh4PZ+i37pmbSlCYoMpla3u/
|
||||
7MJMP5lugfLBYNDN2p+V4KbHP/cApCDT5UWLOeAWjgiZQtHH5ilDeYqEc1oPjyJt
|
||||
Rtup0MTxSJtN
|
||||
-----END CERTIFICATE-----
|
||||
14
pscc/vars
14
pscc/vars
@@ -1,14 +0,0 @@
|
||||
BROKER_ID=test-no-real-data.broker.samply.de
|
||||
BROKER_URL=https://${BROKER_ID}
|
||||
PROXY_ID=${SITE_ID}.${BROKER_ID}
|
||||
FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
|
||||
FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
|
||||
SUPPORT_EMAIL=denis.koether@dkfz-heidelberg.de
|
||||
PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
|
||||
BROKER_URL_FOR_PREREQ=$BROKER_URL
|
||||
|
||||
for module in $PROJECT/modules/*.sh
|
||||
do
|
||||
log DEBUG "sourcing $module"
|
||||
source $module
|
||||
done
|
||||
@@ -2,5 +2,3 @@ FOCUS_TAG=develop
|
||||
BEAM_TAG=develop
|
||||
BLAZE_TAG=main
|
||||
POSTGRES_TAG=15.13-alpine
|
||||
TEILER_DASHBOARD_TAG=develop
|
||||
MTBA_TAG=develop
|
||||
@@ -2,5 +2,3 @@ FOCUS_TAG=main
|
||||
BEAM_TAG=main
|
||||
BLAZE_TAG=0.32
|
||||
POSTGRES_TAG=15.13-alpine
|
||||
TEILER_DASHBOARD_TAG=main
|
||||
MTBA_TAG=main
|
||||
@@ -2,5 +2,3 @@ FOCUS_TAG=develop
|
||||
BEAM_TAG=develop
|
||||
BLAZE_TAG=main
|
||||
POSTGRES_TAG=15.13-alpine
|
||||
TEILER_DASHBOARD_TAG=develop
|
||||
MTBA_TAG=develop
|
||||
Reference in New Issue
Block a user