WIP blaze frontend

switch focus of ccp to tag

bridgehead

@@ -96,6 +96,8 @@ case "$ACTION" in
 		;;
 	stop)
 		loadVars
+		# Kill stale secret-sync instances if present
+		docker kill $(docker ps -q --filter ancestor=docker.verbis.dkfz.de/cache/samply/secret-sync-local) 2>/dev/null || true
 		# HACK: This is temporarily to properly shut down false bridgehead instances (bridgehead-ccp instead ccp)
 		$COMPOSE -p bridgehead-$PROJECT -f ./minimal/docker-compose.yml -f ./$PROJECT/docker-compose.yml $OVERRIDE down
 		exec $COMPOSE -p $PROJECT -f ./minimal/docker-compose.yml -f ./$PROJECT/docker-compose.yml $OVERRIDE down

ccp/docker-compose.yml

@@ -19,9 +19,30 @@ services:
       - "traefik.http.services.blaze_ccp.loadbalancer.server.port=8080"
       - "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,auth"
       - "traefik.http.routers.blaze_ccp.tls=true"
+    
+  frontend:
+    image: "samply/blaze-frontend:latest"
+    environment:
+      ORIGIN: "https://${HOST}/ccp-blaze-frontend"
+      BACKEND_BASE_URL: "https://${HOST}/ccp-localdatamanagement"
+      AUTH_CLIENT_ID: "${OIDC_PRIVATE_CLIENT_ID}"
+      AUTH_CLIENT_SECRET: "${OIDC_CLIENT_SECRET}"
+      AUTH_ISSUER: "${OIDC_URL}"
+      AUTH_SECRET: "666df42c74ce1f4728fe2ffe99b146e0f2e4b4f9810594fcf68c0330495bca0f" # TODO: Generate
+      PROTOCOL_HEADER: "x-forwarded-proto"
+      HOST_HEADER: "x-forwarded-host"
+    depends_on:
+      - blaze
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.blaze_frontend.rule=PathPrefix(`/ccp-blaze-frontend`)"
+      - "traefik.http.middlewares.ccp_blaze_frontend_strip.stripprefix.prefixes=/ccp-blaze-frontend"
+      - "traefik.http.routers.blaze_ccp.middlewares=ccp_blaze_frontend_strip"
+      - "traefik.http.services.blaze_frontend.loadbalancer.server.port=3000"
+      - "traefik.http.routers.blaze_frontend.tls=true"
 
   focus:
-    image: docker.verbis.dkfz.de/cache/samply/focus:0.4.1
+    image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG}
     container_name: bridgehead-focus
     environment:
       API_KEY: ${FOCUS_BEAM_SECRET_SHORT}

ccp/modules/cbioportal-compose.yml

@@ -1,60 +0,0 @@
-version: '3.7'
-
-services:
-  cbioportal:
-    # image: docker.verbis.dkfz.de/ccp/dktk-cbioportal:latest
-    image: bridgehead-cbioportal
-    container_name: bridgehead-cbioportal
-    environment:
-      DB_PASSWORD: ${CBIOPORTAL_DB_PASSWORD}
-      # DB_PASSWORD: "password1234"
-      HTTP_RELATIVE_PATH: "/cbioportal"
-      UPLOAD_HTTP_RELATIVE_PATH: "/cbioportal-upload"
-      UPLOAD_FOLDER: "/app/uploads"
-      EXTRACTED_FOLDER: "/app/study"
-    depends_on:
-      - cbioportal-database
-      - cbioportal-session
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.cbioportal.rule=PathPrefix(`/cbioportal`)"
-      - "traefik.http.routers.cbioportal.service=cbioportal"
-      - "traefik.http.services.cbioportal.loadbalancer.server.port=8080"
-      - "traefik.http.routers.cbioportal.tls=true"
-      - "traefik.http.routers.cbioportal-upload.rule=PathPrefix(`/cbioportal-upload`)"    
-      - "traefik.http.routers.cbioportal-upload.service=cbioportal-upload"
-      - "traefik.http.routers.cbioportal-upload.tls=true"
-      - "traefik.http.services.cbioportal-upload.loadbalancer.server.port=8001" 
-      
-  cbioportal-database:
-    restart: unless-stopped
-    # image: docker.verbis.dkfz.de/ccp/dktk-cbioportal-database:latest
-    image: bridgehead-cbioportal-database
-    container_name: bridgehead-cbioportal-database
-    environment:
-      MYSQL_DATABASE: "cbioportal"
-      MYSQL_USER: "cbio_user"
-      MYSQL_PASSWORD: ${CBIOPORTAL_DB_PASSWORD}
-      MYSQL_ROOT_PASSWORD: ${CBIOPORTAL_DB_ROOT_PASSWORD}
-      # MYSQL_PASSWORD: "password1234"
-      # MYSQL_ROOT_PASSWORD: "password12"
-    volumes:
-     - /var/cache/bridgehead/ccp/cbioportal_db_data:/var/lib/mysql
- 
-  cbioportal-session:
-    image: cbioportal/session-service:0.6.1
-    container_name: bridgehead-cbioportal-session
-    environment:
-      SERVER_PORT: 5000
-      JAVA_OPTS: -Dspring.data.mongodb.uri=mongodb://cbioportal-session-database:27017/session-service
-    depends_on:
-      - cbioportal-session-database
-
-  cbioportal-session-database:
-    image: mongo:4.2
-    container_name: bridgehead-cbioportal-session-database
-    environment:
-      MONGO_INITDB_DATABASE: session_service
-    volumes:
-      - /var/cache/bridgehead/ccp/cbioportal_session_db_data:/data/db
-      

ccp/modules/cbioportal-setup.sh

@@ -1,10 +0,0 @@
-#!/bin/bash -e
-
-
-ENABLE_CBIOPORTAL=true
- if [ "$ENABLE_CBIOPORTAL" == true ]; then
-  log INFO "cBioPortal setup detected -- will start cBioPortal service."
-  OVERRIDE+=" -f ./$PROJECT/modules/cbioportal-compose.yml"
-  CBIOPORTAL_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for the cbioportal database. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
-  CBIOPORTAL_DB_ROOT_PASSWORD="$(echo \"This is a salt string to generate one consistent root password for the cbioportal database. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 64)" 
- fi

ccp/modules/cbioportal.md

@@ -1,10 +0,0 @@
-# CBioPortal Data uploader
-
-
-## Usage
-
-We have integrated an API that allows you to upload data directly to cbioportal without the need to have cbioportal installed in your system.
-
-## Tech stack
-
-We used Flask to add this feature

ccp/modules/id-management-compose.yml

@@ -29,6 +29,7 @@ services:
     container_name: bridgehead-patientlist
     environment:
       - TOMCAT_REVERSEPROXY_FQDN=${HOST}
+      - TOMCAT_REVERSEPROXY_SSL=true
       - ML_SITE=${IDMANAGEMENT_FRIENDLY_ID}
       - ML_DB_PASS=${PATIENTLIST_POSTGRES_PASSWORD}
       - ML_API_KEY=${IDMANAGER_LOCAL_PATIENTLIST_APIKEY}

ccp/vars

@@ -17,6 +17,7 @@ OIDC_REALM="${OIDC_REALM:-master}"
 OIDC_URL="https://login.verbis.dkfz.de"
 OIDC_ISSUER_URL="${OIDC_URL}/realms/${OIDC_REALM}"
 OIDC_GROUP_CLAIM="groups"
+add_private_oidc_redirect_url "/ccp-localdatamanagement"
 
 POSTGRES_TAG=15.6-alpine
 

lib/functions.sh

@@ -164,15 +164,15 @@ setHostname() {
 optimizeBlazeMemoryUsage() {
 	if [ -z "$BLAZE_MEMORY_CAP" ]; then
 	   system_memory_in_mb=$(LC_ALL=C free -m | grep 'Mem:' | awk '{print $2}');
-	   export BLAZE_MEMORY_CAP=$(("$system_memory_in_mb"/4));
+	   export BLAZE_MEMORY_CAP=$(($system_memory_in_mb/4));
 	fi
 	if [ -z "$BLAZE_RESOURCE_CACHE_CAP" ]; then
-		available_system_memory_chuncks=$((BLAZE_MEMORY_CAP / 1000))
+		available_system_memory_chunks=$((BLAZE_MEMORY_CAP / 1000))
-		if [ $available_system_memory_chuncks -eq 0 ]; then
+		if [ $available_system_memory_chunks -eq 0 ]; then
 			log WARN "Only ${BLAZE_MEMORY_CAP} system memory available for Blaze. If your Blaze stores more than 128000 fhir ressources it will run significally slower."
 			export BLAZE_RESOURCE_CACHE_CAP=128000;
 		else
-			export BLAZE_RESOURCE_CACHE_CAP=$((available_system_memory_chuncks * 312500))
+			export BLAZE_RESOURCE_CACHE_CAP=$((available_system_memory_chunks * 312500))
 		fi
 	fi
 }
@@ -289,7 +289,7 @@ function sync_secrets() {
     if [[ $OIDC_PRIVATE_REDIRECT_URLS != "" ]]; then
         secret_sync_args="OIDC:OIDC_CLIENT_SECRET:private;$OIDC_PRIVATE_REDIRECT_URLS"
     fi
-    if [[ $OIDC_PRIVATE_REDIRECT_URLS != "" ]]; then
+    if [[ $OIDC_PUBLIC_REDIRECT_URLS != "" ]]; then
         if [[ $secret_sync_args == "" ]]; then
             secret_sync_args="OIDC:OIDC_PUBLIC:public;$OIDC_PUBLIC_REDIRECT_URLS"
         else