mirror of
https://github.com/samply/bridgehead.git
synced 2025-06-16 16:10:14 +02:00
Compare commits
11 Commits
feature/te
...
prototype/
| Author | SHA1 | Date | |
|---|---|---|---|
| 1f9c29647a | |||
| 7cd430ffd2 | |||
| 78e572d0db | |||
| b0507a7946 | |||
| 791be147e2 | |||
| bc0835ff4d | |||
| 96d99b2510 | |||
| 663ae628f3 | |||
| 91b9eeb316 | |||
| 3146a64fb7 | |||
| 7064bc6bf9 |
0
bbmri/modules/directory-sync.sh
Normal file → Executable file
0
bbmri/modules/directory-sync.sh
Normal file → Executable file
29
bbmri/vars
29
bbmri/vars
@ -1,25 +1,3 @@
|
||||
DEFAULT_LANGUAGE=EN
|
||||
DEFAULT_LANGUAGE_LOWER_CASE=${DEFAULT_LANGUAGE,,}
|
||||
|
||||
BROKER_ID=broker-test.bbmri-test.samply.de
|
||||
BROKER_URL=https://${BROKER_ID}
|
||||
PROXY_ID=${SITE_ID}.${BROKER_ID}
|
||||
PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
|
||||
PLATFORM=bbmri
|
||||
|
||||
BROKER_URL_FOR_PREREQ=$BROKER_URL
|
||||
|
||||
OIDC_USER_GROUP="BBMRI_$(capitalize_first_letter ${SITE_ID})"
|
||||
OIDC_ADMIN_GROUP="BBMRI_$(capitalize_first_letter ${SITE_ID})_Verwalter"
|
||||
OIDC_PUBLIC_CLIENT_ID="BBMRI_${SITE_ID}-public"
|
||||
# Use "test-realm-01" for testing
|
||||
OIDC_REALM="${OIDC_REALM:-test-realm-01}"
|
||||
OIDC_URL="https://login.verbis.dkfz.de"
|
||||
OIDC_ISSUER_URL="${OIDC_URL}/realms/${OIDC_REALM}"
|
||||
OIDC_GROUP_CLAIM="groups"
|
||||
|
||||
POSTGRES_TAG=15.6-alpine
|
||||
|
||||
# Makes sense for all European Biobanks
|
||||
: ${ENABLE_ERIC:=true}
|
||||
|
||||
@ -35,13 +13,6 @@ do
|
||||
source $module
|
||||
done
|
||||
|
||||
log DEBUG "sourcing ccp/modules/exporter-setup.sh"
|
||||
source ccp/modules/exporter-setup.sh
|
||||
|
||||
log DEBUG "sourcing ccp/modules/teiler-setup.sh"
|
||||
source ccp/modules/teiler-setup.sh
|
||||
|
||||
|
||||
SUPPORT_EMAIL=$ERIC_SUPPORT_EMAIL
|
||||
BROKER_URL_FOR_PREREQ="${ERIC_BROKER_URL:-$GBN_BROKER_URL}"
|
||||
|
||||
|
||||
9
bridgehead
Normal file → Executable file
9
bridgehead
Normal file → Executable file
@ -116,8 +116,6 @@ case "$ACTION" in
|
||||
loadVars
|
||||
hc_send log "Bridgehead $PROJECT startup: Checking requirements ..."
|
||||
checkRequirements
|
||||
# NOTE: for testing only, we will need to properly setup secret sync if we want to use this code
|
||||
# TODO: Adapt it for BBMRI (sync_secrets)
|
||||
sync_secrets
|
||||
hc_send log "Bridgehead $PROJECT startup: Requirements checked out. Now starting bridgehead ..."
|
||||
exec $COMPOSE -p $PROJECT -f ./minimal/docker-compose.yml -f ./$PROJECT/docker-compose.yml $OVERRIDE up --abort-on-container-exit
|
||||
@ -178,6 +176,13 @@ case "$ACTION" in
|
||||
;;
|
||||
postRun | postUpdate)
|
||||
;;
|
||||
send-file)
|
||||
loadVars
|
||||
log "WARNING" "Your are about to send a file to another bridgehead in your network!"
|
||||
read -p "Please name the bridgehead you want to send the file to (proxy-id): " RECEIVER_PROXY_ID
|
||||
read -p "Continue? (Y/N): " confirm && [[ $confirm == [yY] || $confirm == [yY][eE][sS] ]] || exit 1
|
||||
exec $COMPOSE -p $PROJECT -f ./modules/beam-file-compose.yml --profile beam-file-sender run beam-file-sender send --to beamfile.$RECEIVER_PROXY_ID /data/outfile
|
||||
;;
|
||||
*)
|
||||
printUsage
|
||||
exit 1
|
||||
|
||||
@ -1,30 +0,0 @@
|
||||
version: "3.7"
|
||||
|
||||
services:
|
||||
exporter:
|
||||
labels:
|
||||
# Main router
|
||||
- "traefik.http.routers.exporter_${PLATFORM}.priority=20"
|
||||
|
||||
# API router
|
||||
- "traefik.http.routers.exporter_${PLATFORM}_api.middlewares=exporter_${PLATFORM}_strip,exporter_auth"
|
||||
- "traefik.http.routers.exporter_${PLATFORM}_api.rule=PathRegexp(`/${PLATFORM}-exporter/.+`)"
|
||||
- "traefik.http.routers.exporter_${PLATFORM}_api.tls=true"
|
||||
- "traefik.http.routers.exporter_${PLATFORM}_api.priority=25"
|
||||
|
||||
# Shared middlewares
|
||||
- "traefik.http.middlewares.exporter_auth.basicauth.users=${EXPORTER_USER}"
|
||||
|
||||
reporter:
|
||||
labels:
|
||||
- "traefik.http.routers.reporter_${PLATFORM}.priority=20"
|
||||
|
||||
#- "traefik.http.routers.reporter_${PLATFORM}.middlewares=reporter_${PLATFORM}_strip,exporter_auth"
|
||||
- "traefik.http.routers.reporter_${PLATFORM}_api.middlewares=reporter_${PLATFORM}_strip,exporter_auth"
|
||||
- "traefik.http.routers.reporter_${PLATFORM}_api.rule=PathRegexp(`/${PLATFORM}-reporter/.+`)"
|
||||
- "traefik.http.routers.reporter_${PLATFORM}_api.tls=true"
|
||||
- "traefik.http.routers.reporter_${PLATFORM}_api.priority=25"
|
||||
#- "traefik.http.middlewares.reporter_auth.basicauth.users=${EXPORTER_USER}"
|
||||
|
||||
|
||||
|
||||
@ -3,7 +3,7 @@ version: "3.7"
|
||||
services:
|
||||
exporter:
|
||||
image: docker.verbis.dkfz.de/ccp/dktk-exporter:latest
|
||||
container_name: bridgehead-${PLATFORM}-exporter
|
||||
container_name: bridgehead-ccp-exporter
|
||||
environment:
|
||||
JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"
|
||||
LOG_LEVEL: "INFO"
|
||||
@ -12,39 +12,39 @@ services:
|
||||
EXPORTER_DB_USER: "exporter"
|
||||
EXPORTER_DB_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh
|
||||
EXPORTER_DB_URL: "jdbc:postgresql://exporter-db:5432/exporter"
|
||||
HTTP_RELATIVE_PATH: "/${PLATFORM}-exporter"
|
||||
HTTP_RELATIVE_PATH: "/ccp-exporter"
|
||||
SITE: "${SITE_ID}"
|
||||
HTTP_SERVLET_REQUEST_SCHEME: "https"
|
||||
OPAL_PASSWORD: "${EXPORTER_OPAL_PASSWORD}"
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.exporter_${PLATFORM}.rule=Path(`/${PLATFORM}-exporter/`)"
|
||||
- "traefik.http.services.exporter_${PLATFORM}.loadbalancer.server.port=8092"
|
||||
- "traefik.http.routers.exporter_${PLATFORM}.tls=true"
|
||||
- "traefik.http.middlewares.exporter_${PLATFORM}_strip.stripprefix.prefixes=/${PLATFORM}-exporter"
|
||||
- "traefik.http.routers.exporter_${PLATFORM}.middlewares=exporter_${PLATFORM}_strip"
|
||||
- "traefik.http.routers.exporter_ccp.rule=PathPrefix(`/ccp-exporter`)"
|
||||
- "traefik.http.services.exporter_ccp.loadbalancer.server.port=8092"
|
||||
- "traefik.http.routers.exporter_ccp.tls=true"
|
||||
- "traefik.http.middlewares.exporter_ccp_strip.stripprefix.prefixes=/ccp-exporter"
|
||||
- "traefik.http.routers.exporter_ccp.middlewares=exporter_ccp_strip"
|
||||
volumes:
|
||||
- "/var/cache/bridgehead/${PLATFORM}/exporter-files:/app/exporter-files/output"
|
||||
- "/var/cache/bridgehead/ccp/exporter-files:/app/exporter-files/output"
|
||||
|
||||
exporter-db:
|
||||
image: docker.verbis.dkfz.de/cache/postgres:${POSTGRES_TAG}
|
||||
container_name: bridgehead-${PLATFORM}-exporter-db
|
||||
container_name: bridgehead-ccp-exporter-db
|
||||
environment:
|
||||
POSTGRES_USER: "exporter"
|
||||
POSTGRES_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh
|
||||
POSTGRES_DB: "exporter"
|
||||
volumes:
|
||||
# Consider removing this volume once we find a solution to save Lens-queries to be executed in the explorer.
|
||||
- "/var/cache/bridgehead/${PLATFORM}/exporter-db:/var/lib/postgresql/data"
|
||||
- "/var/cache/bridgehead/ccp/exporter-db:/var/lib/postgresql/data"
|
||||
|
||||
reporter:
|
||||
image: docker.verbis.dkfz.de/ccp/dktk-reporter:latest
|
||||
container_name: bridgehead-${PLATFORM}-reporter
|
||||
container_name: bridgehead-ccp-reporter
|
||||
environment:
|
||||
JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"
|
||||
LOG_LEVEL: "INFO"
|
||||
CROSS_ORIGINS: "https://${HOST}"
|
||||
HTTP_RELATIVE_PATH: "/${PLATFORM}-reporter"
|
||||
HTTP_RELATIVE_PATH: "/ccp-reporter"
|
||||
SITE: "${SITE_ID}"
|
||||
EXPORTER_API_KEY: "${EXPORTER_API_KEY}" # Set in exporter-setup.sh
|
||||
EXPORTER_URL: "http://exporter:8092"
|
||||
@ -57,17 +57,16 @@ services:
|
||||
# There is a risk that the bridgehead restarts, losing the already created export.
|
||||
|
||||
volumes:
|
||||
- "/var/cache/bridgehead/${PLATFORM}/reporter-files:/app/reports"
|
||||
- "/var/cache/bridgehead/ccp/reporter-files:/app/reports"
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.reporter_${PLATFORM}.rule=Path(`/${PLATFORM}-reporter`)"
|
||||
- "traefik.http.services.reporter_${PLATFORM}.loadbalancer.server.port=8095"
|
||||
- "traefik.http.routers.reporter_${PLATFORM}.tls=true"
|
||||
- "traefik.http.middlewares.reporter_${PLATFORM}_strip.stripprefix.prefixes=/${PLATFORM}-reporter"
|
||||
- "traefik.http.routers.reporter_${PLATFORM}.middlewares=reporter_${PLATFORM}_strip"
|
||||
- "traefik.http.routers.reporter_ccp.rule=PathPrefix(`/ccp-reporter`)"
|
||||
- "traefik.http.services.reporter_ccp.loadbalancer.server.port=8095"
|
||||
- "traefik.http.routers.reporter_ccp.tls=true"
|
||||
- "traefik.http.middlewares.reporter_ccp_strip.stripprefix.prefixes=/ccp-reporter"
|
||||
- "traefik.http.routers.reporter_ccp.middlewares=reporter_ccp_strip"
|
||||
|
||||
|
||||
# focus:
|
||||
# environment:
|
||||
# EXPORTER_URL: "http://exporter:8092"
|
||||
# EXPORTER_API_KEY: "${EXPORTER_API_KEY}"
|
||||
focus:
|
||||
environment:
|
||||
EXPORTER_URL: "http://exporter:8092"
|
||||
EXPORTER_API_KEY: "${EXPORTER_API_KEY}"
|
||||
|
||||
@ -2,10 +2,7 @@
|
||||
|
||||
if [ "$ENABLE_EXPORTER" == true ]; then
|
||||
log INFO "Exporter setup detected -- will start Exporter service."
|
||||
OVERRIDE+=" -f ./ccp/modules/exporter-compose.yml"
|
||||
OVERRIDE+=" -f ./$PROJECT/modules/exporter-compose.yml"
|
||||
EXPORTER_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
|
||||
EXPORTER_API_KEY="$(echo \"This is a salt string to generate one consistent API KEY for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 64)"
|
||||
if [ "$EXPORTER_USER" == true ]; then
|
||||
OVERRIDE+=" -f ./ccp/modules/exporter-auth-compose.yml"
|
||||
fi
|
||||
fi
|
||||
|
||||
@ -7,31 +7,31 @@ services:
|
||||
container_name: bridgehead-teiler-orchestrator
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.teiler_orchestrator_${PLATFORM}.rule=PathPrefix(`/${PLATFORM}-teiler`)"
|
||||
- "traefik.http.services.teiler_orchestrator_${PLATFORM}.loadbalancer.server.port=9000"
|
||||
- "traefik.http.routers.teiler_orchestrator_${PLATFORM}.tls=true"
|
||||
- "traefik.http.middlewares.teiler_orchestrator_${PLATFORM}_strip.stripprefix.prefixes=/${PLATFORM}-teiler"
|
||||
- "traefik.http.routers.teiler_orchestrator_${PLATFORM}.middlewares=teiler_orchestrator_${PLATFORM}_strip"
|
||||
- "traefik.http.routers.teiler_orchestrator_ccp.rule=PathPrefix(`/ccp-teiler`)"
|
||||
- "traefik.http.services.teiler_orchestrator_ccp.loadbalancer.server.port=9000"
|
||||
- "traefik.http.routers.teiler_orchestrator_ccp.tls=true"
|
||||
- "traefik.http.middlewares.teiler_orchestrator_ccp_strip.stripprefix.prefixes=/ccp-teiler"
|
||||
- "traefik.http.routers.teiler_orchestrator_ccp.middlewares=teiler_orchestrator_ccp_strip"
|
||||
environment:
|
||||
TEILER_BACKEND_URL: "https://${HOST}/${PLATFORM}-teiler-backend"
|
||||
TEILER_DASHBOARD_URL: "https://${HOST}/${PLATFORM}-teiler-dashboard"
|
||||
DEFAULT_LANGUAGE: "${DEFAULT_LANGUAGE_LOWER_CASE}"
|
||||
HTTP_RELATIVE_PATH: "/${PLATFORM}-teiler"
|
||||
TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend"
|
||||
TEILER_DASHBOARD_URL: "https://${HOST}/ccp-teiler-dashboard"
|
||||
DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE_LOWER_CASE}"
|
||||
HTTP_RELATIVE_PATH: "/ccp-teiler"
|
||||
|
||||
teiler-dashboard:
|
||||
image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop
|
||||
container_name: bridgehead-teiler-dashboard
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.teiler_dashboard_${PLATFORM}.rule=PathPrefix(`/${PLATFORM}-teiler-dashboard`)"
|
||||
- "traefik.http.services.teiler_dashboard_${PLATFORM}.loadbalancer.server.port=80"
|
||||
- "traefik.http.routers.teiler_dashboard_${PLATFORM}.tls=true"
|
||||
- "traefik.http.middlewares.teiler_dashboard_${PLATFORM}_strip.stripprefix.prefixes=/${PLATFORM}-teiler-dashboard"
|
||||
- "traefik.http.routers.teiler_dashboard_${PLATFORM}.middlewares=teiler_dashboard_${PLATFORM}_strip"
|
||||
- "traefik.http.routers.teiler_dashboard_ccp.rule=PathPrefix(`/ccp-teiler-dashboard`)"
|
||||
- "traefik.http.services.teiler_dashboard_ccp.loadbalancer.server.port=80"
|
||||
- "traefik.http.routers.teiler_dashboard_ccp.tls=true"
|
||||
- "traefik.http.middlewares.teiler_dashboard_ccp_strip.stripprefix.prefixes=/ccp-teiler-dashboard"
|
||||
- "traefik.http.routers.teiler_dashboard_ccp.middlewares=teiler_dashboard_ccp_strip"
|
||||
environment:
|
||||
DEFAULT_LANGUAGE: "${DEFAULT_LANGUAGE}"
|
||||
TEILER_BACKEND_URL: "https://${HOST}/${PLATFORM}-teiler-backend"
|
||||
TEILER_DASHBOARD_URL: "https://${HOST}/${PLATFORM}-teiler-dashboard"
|
||||
DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
|
||||
TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend"
|
||||
TEILER_DASHBOARD_URL: "https://${HOST}/ccp-teiler-dashboard"
|
||||
OIDC_URL: "${OIDC_URL}"
|
||||
OIDC_REALM: "${OIDC_REALM}"
|
||||
OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}"
|
||||
@ -41,34 +41,41 @@ services:
|
||||
TEILER_ADMIN_PHONE: "${OPERATOR_PHONE}"
|
||||
TEILER_PROJECT: "${PROJECT}"
|
||||
EXPORTER_API_KEY: "${EXPORTER_API_KEY}"
|
||||
TEILER_ORCHESTRATOR_URL: "https://${HOST}/${PLATFORM}-teiler"
|
||||
TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/${PLATFORM}-teiler"
|
||||
TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler"
|
||||
TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/ccp-teiler"
|
||||
TEILER_USER: "${OIDC_USER_GROUP}"
|
||||
TEILER_ADMIN: "${OIDC_ADMIN_GROUP}"
|
||||
REPORTER_DEFAULT_TEMPLATE_ID: "${PLATFORM}-qb"
|
||||
EXPORTER_DEFAULT_TEMPLATE_ID: "${PLATFORM}"
|
||||
REPORTER_DEFAULT_TEMPLATE_ID: "ccp-qb"
|
||||
EXPORTER_DEFAULT_TEMPLATE_ID: "ccp"
|
||||
|
||||
|
||||
teiler-backend:
|
||||
image: docker.verbis.dkfz.de/ccp/${PROJECT}-teiler-backend:latest
|
||||
image: docker.verbis.dkfz.de/ccp/dktk-teiler-backend:latest
|
||||
container_name: bridgehead-teiler-backend
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.teiler_backend_${PLATFORM}.rule=PathPrefix(`/${PLATFORM}-teiler-backend`)"
|
||||
- "traefik.http.services.teiler_backend_${PLATFORM}.loadbalancer.server.port=8085"
|
||||
- "traefik.http.routers.teiler_backend_${PLATFORM}.tls=true"
|
||||
- "traefik.http.middlewares.teiler_backend_${PLATFORM}_strip.stripprefix.prefixes=/${PLATFORM}-teiler-backend"
|
||||
- "traefik.http.routers.teiler_backend_${PLATFORM}.middlewares=teiler_backend_${PLATFORM}_strip"
|
||||
- "traefik.http.routers.teiler_backend_ccp.rule=PathPrefix(`/ccp-teiler-backend`)"
|
||||
- "traefik.http.services.teiler_backend_ccp.loadbalancer.server.port=8085"
|
||||
- "traefik.http.routers.teiler_backend_ccp.tls=true"
|
||||
- "traefik.http.middlewares.teiler_backend_ccp_strip.stripprefix.prefixes=/ccp-teiler-backend"
|
||||
- "traefik.http.routers.teiler_backend_ccp.middlewares=teiler_backend_ccp_strip"
|
||||
environment:
|
||||
LOG_LEVEL: "INFO"
|
||||
APPLICATION_PORT: "8085"
|
||||
APPLICATION_ADDRESS: "${HOST}"
|
||||
DEFAULT_LANGUAGE: "${DEFAULT_LANGUAGE}"
|
||||
TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/${PLATFORM}-teiler"
|
||||
TEILER_ORCHESTRATOR_URL: "https://${HOST}/${PLATFORM}-teiler"
|
||||
TEILER_DASHBOARD_DE_URL: "https://${HOST}/${PLATFORM}-teiler-dashboard/de"
|
||||
TEILER_DASHBOARD_EN_URL: "https://${HOST}/${PLATFORM}-teiler-dashboard/en"
|
||||
DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
|
||||
CONFIG_ENV_VAR_PATH: "/run/secrets/ccp.conf"
|
||||
TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/ccp-teiler"
|
||||
TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler"
|
||||
TEILER_DASHBOARD_DE_URL: "https://${HOST}/ccp-teiler-dashboard/de"
|
||||
TEILER_DASHBOARD_EN_URL: "https://${HOST}/ccp-teiler-dashboard/en"
|
||||
HTTP_PROXY: "http://forward_proxy:3128"
|
||||
ENABLE_MTBA: "${ENABLE_MTBA}"
|
||||
ENABLE_DATASHIELD: "${ENABLE_DATASHIELD}"
|
||||
IDMANAGER_UPLOAD_APIKEY: "${IDMANAGER_UPLOAD_APIKEY}" # Only used to check if the ID Manager is active
|
||||
secrets:
|
||||
- ccp.conf
|
||||
|
||||
secrets:
|
||||
ccp.conf:
|
||||
file: /etc/bridgehead/ccp.conf
|
||||
|
||||
@ -2,6 +2,8 @@
|
||||
|
||||
if [ "$ENABLE_TEILER" == true ];then
|
||||
log INFO "Teiler setup detected -- will start Teiler services."
|
||||
OVERRIDE+=" -f ./ccp/modules/teiler-compose.yml"
|
||||
OVERRIDE+=" -f ./$PROJECT/modules/teiler-compose.yml"
|
||||
TEILER_DEFAULT_LANGUAGE=DE
|
||||
TEILER_DEFAULT_LANGUAGE_LOWER_CASE=${TEILER_DEFAULT_LANGUAGE,,}
|
||||
add_public_oidc_redirect_url "/ccp-teiler/*"
|
||||
fi
|
||||
|
||||
@ -1,3 +1,2 @@
|
||||
bGlicmFyeSBSZXRyaWV2ZQp1c2luZyBGSElSIHZlcnNpb24gJzQuMC4wJwppbmNsdWRlIEZISVJIZWxwZXJzIHZlcnNpb24gJzQuMC4wJwoKY29kZXN5c3RlbSBsb2luYzogJ2h0dHA6Ly9sb2luYy5vcmcnCgpjb250ZXh0IFBhdGllbnQKCgpES1RLX1NUUkFUX0dFTkRFUl9TVFJBVElGSUVSCgpES1RLX1NUUkFUX1BSSU1BUllfRElBR05PU0lTX05PX1NPUlRfU1RSQVRJRklFUgpES1RLX1NUUkFUX0FHRV9DTEFTU19TVFJBVElGSUVSCgpES1RLX1NUUkFUX0RFQ0VBU0VEX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfRElBR05PU0lTX1NUUkFUSUZJRVIKCkRLVEtfUkVQTEFDRV9TUEVDSU1FTl9TVFJBVElGSUVSaWYgSW5Jbml0aWFsUG9wdWxhdGlvbiB0aGVuIFtTcGVjaW1lbl0gZWxzZSB7fSBhcyBMaXN0PFNwZWNpbWVuPgpES1RLX1NUUkFUX1BST0NFRFVSRV9TVFJBVElGSUVSCgpES1RLX1NUUkFUX01FRElDQVRJT05fU1RSQVRJRklFUgoKICBES1RLX1JFUExBQ0VfSElTVE9MT0dZX1NUUkFUSUZJRVIKIGlmIGhpc3RvLmNvZGUuY29kaW5nLndoZXJlKGNvZGUgPSAnNTk4NDctNCcpLmNvZGUuZmlyc3QoKSBpcyBudWxsIHRoZW4gMCBlbHNlIDEKREtUS19TVFJBVF9ERUZfSU5fSU5JVElBTF9QT1BVTEFUSU9OCnRydWU=
|
||||
bGlicmFyeSBSZXRyaWV2ZQp1c2luZyBGSElSIHZlcnNpb24gJzQuMC4wJwppbmNsdWRlIEZISVJIZWxwZXJzIHZlcnNpb24gJzQuMC4wJwoKY29kZXN5c3RlbSBsb2luYzogJ2h0dHA6Ly9sb2luYy5vcmcnCmNvZGVzeXN0ZW0gaWNkMTA6ICdodHRwOi8vZmhpci5kZS9Db2RlU3lzdGVtL2JmYXJtL2ljZC0xMC1nbScKY29kZXN5c3RlbSBtb3JwaDogJ3VybjpvaWQ6Mi4xNi44NDAuMS4xMTM4ODMuNi40My4xJwoKY29udGV4dCBQYXRpZW50CgoKREtUS19TVFJBVF9HRU5ERVJfU1RSQVRJRklFUgoKREtUS19TVFJBVF9QUklNQVJZX0RJQUdOT1NJU19OT19TT1JUX1NUUkFUSUZJRVIKREtUS19TVFJBVF9BR0VfQ0xBU1NfU1RSQVRJRklFUgoKREtUS19TVFJBVF9ERUNFQVNFRF9TVFJBVElGSUVSCgpES1RLX1NUUkFUX0RJQUdOT1NJU19TVFJBVElGSUVSCgpES1RLX1JFUExBQ0VfU1BFQ0lNRU5fU1RSQVRJRklFUmlmIEluSW5pdGlhbFBvcHVsYXRpb24gdGhlbiBbU3BlY2ltZW5dIGVsc2Uge30gYXMgTGlzdDxTcGVjaW1lbj4KREtUS19TVFJBVF9QUk9DRURVUkVfU1RSQVRJRklFUgoKREtUS19TVFJBVF9NRURJQ0FUSU9OX1NUUkFUSUZJRVIKCiAgREtUS19SRVBMQUNFX0hJU1RPTE9HWV9TVFJBVElGSUVSCiBpZiBoaXN0by5jb2RlLmNvZGluZy53aGVyZShjb2RlID0gJzU5ODQ3LTQnKS5jb2RlLmZpcnN0KCkgaXMgbnVsbCB0aGVuIDAgZWxzZSAxCkRLVEtfU1RSQVRfREVGX0lOX0lOSVRJQUxfUE9QVUxBVElPTihleGlzdHMgW0NvbmRpdGlvbjogQ29kZSAnQzYxJyBmcm9tIGljZDEwXSkgYW5kIAooKGV4aXN0cyBmcm9tIFtPYnNlcnZhdGlvbjogQ29kZSAnNTk4NDctNCcgZnJvbSBsb2luY10gTwp3aGVyZSBPLnZhbHVlLmNvZGluZy5jb2RlIGNvbnRhaW5zICc4MTQwLzMnKSBvciAKKGV4aXN0cyBmcm9tIFtPYnNlcnZhdGlvbjogQ29kZSAnNTk4NDctNCcgZnJvbSBsb2luY10gTwp3aGVyZSBPLnZhbHVlLmNvZGluZy5jb2RlIGNvbnRhaW5zICc4MTQ3LzMnKSBvciAKKGV4aXN0cyBmcm9tIFtPYnNlcnZhdGlvbjogQ29kZSAnNTk4NDctNCcgZnJvbSBsb2luY10gTwp3aGVyZSBPLnZhbHVlLmNvZGluZy5jb2RlIGNvbnRhaW5zICc4NDgwLzMnKSBvciAKKGV4aXN0cyBmcm9tIFtPYnNlcnZhdGlvbjogQ29kZSAnNTk4NDctNCcgZnJvbSBsb2luY10gTwp3aGVyZSBPLnZhbHVlLmNvZGluZy5jb2RlIGNvbnRhaW5zICc4NTAwLzMnKSk=
|
||||
ORGANOID_DASHBOARD_PUBLIC
|
||||
bGlicmFyeSBSZXRyaWV2ZQp1c2luZyBGSElSIHZlcnNpb24gJzQuMC4wJwppbmNsdWRlIEZISVJIZWxwZXJzIHZlcnNpb24gJzQuMC4wJwoKY29kZXN5c3RlbSBsb2luYzogJ2h0dHA6Ly9sb2luYy5vcmcnCmNvZGVzeXN0ZW0gaWNkMTA6ICdodHRwOi8vZmhpci5kZS9Db2RlU3lzdGVtL2JmYXJtL2ljZC0xMC1nbScKY29kZXN5c3RlbSBtb3JwaDogJ3VybjpvaWQ6Mi4xNi44NDAuMS4xMTM4ODMuNi40My4xJwoKY29udGV4dCBQYXRpZW50CgoKREtUS19TVFJBVF9HRU5ERVJfU1RSQVRJRklFUgoKREtUS19TVFJBVF9QUklNQVJZX0RJQUdOT1NJU19OT19TT1JUX1NUUkFUSUZJRVIKREtUS19TVFJBVF9BR0VfQ0xBU1NfU1RSQVRJRklFUgoKREtUS19TVFJBVF9ERUNFQVNFRF9TVFJBVElGSUVSCgpES1RLX1NUUkFUX0RJQUdOT1NJU19TVFJBVElGSUVSCgpES1RLX1JFUExBQ0VfU1BFQ0lNRU5fU1RSQVRJRklFUmlmIEluSW5pdGlhbFBvcHVsYXRpb24gdGhlbiBbU3BlY2ltZW5dIGVsc2Uge30gYXMgTGlzdDxTcGVjaW1lbj4KREtUS19TVFJBVF9QUk9DRURVUkVfU1RSQVRJRklFUgoKREtUS19TVFJBVF9NRURJQ0FUSU9OX1NUUkFUSUZJRVIKCiAgREtUS19SRVBMQUNFX0hJU1RPTE9HWV9TVFJBVElGSUVSCiBpZiBoaXN0by5jb2RlLmNvZGluZy53aGVyZShjb2RlID0gJzU5ODQ3LTQnKS5jb2RlLmZpcnN0KCkgaXMgbnVsbCB0aGVuIDAgZWxzZSAxCkRLVEtfU1RSQVRfREVGX0lOX0lOSVRJQUxfUE9QVUxBVElPTihleGlzdHMgW0NvbmRpdGlvbjogQ29kZSAnQzYxJyBmcm9tIGljZDEwXSkgYW5kIAooKGV4aXN0cyBmcm9tIFtPYnNlcnZhdGlvbjogQ29kZSAnNTk4NDctNCcgZnJvbSBsb2luY10gTwp3aGVyZSBPLnZhbHVlLmNvZGluZy5jb2RlIGNvbnRhaW5zICc4MTQwLzMnKSBvciAKKGV4aXN0cyBmcm9tIFtPYnNlcnZhdGlvbjogQ29kZSAnNTk4NDctNCcgZnJvbSBsb2luY10gTwp3aGVyZSBPLnZhbHVlLmNvZGluZy5jb2RlIGNvbnRhaW5zICc4MTQ3LzMnKSBvciAKKGV4aXN0cyBmcm9tIFtPYnNlcnZhdGlvbjogQ29kZSAnNTk4NDctNCcgZnJvbSBsb2luY10gTwp3aGVyZSBPLnZhbHVlLmNvZGluZy5jb2RlIGNvbnRhaW5zICc4NDgwLzMnKSBvciAKKGV4aXN0cyBmcm9tIFtPYnNlcnZhdGlvbjogQ29kZSAnNTk4NDctNCcgZnJvbSBsb2luY10gTwp3aGVyZSBPLnZhbHVlLmNvZGluZy5jb2RlIGNvbnRhaW5zICc4NTAwLzMnKSk=
|
||||
5
ccp/vars
5
ccp/vars
@ -1,6 +1,3 @@
|
||||
DEFAULT_LANGUAGE=EN
|
||||
DEFAULT_LANGUAGE_LOWER_CASE=${DEFAULT_LANGUAGE,,}
|
||||
|
||||
BROKER_ID=broker.ccp-it.dktk.dkfz.de
|
||||
BROKER_URL=https://${BROKER_ID}
|
||||
PROXY_ID=${SITE_ID}.${BROKER_ID}
|
||||
@ -8,7 +5,6 @@ FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | h
|
||||
FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
|
||||
SUPPORT_EMAIL=support-ccp@dkfz-heidelberg.de
|
||||
PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
|
||||
PLATFORM=ccp
|
||||
|
||||
BROKER_URL_FOR_PREREQ=$BROKER_URL
|
||||
|
||||
@ -35,7 +31,6 @@ mtbaSetup
|
||||
obds2fhirRestSetup
|
||||
blazeSecondarySetup
|
||||
|
||||
|
||||
for module in modules/*.sh
|
||||
do
|
||||
log DEBUG "sourcing $module"
|
||||
|
||||
@ -45,6 +45,7 @@ services:
|
||||
BROKER_URL: ${BROKER_URL}
|
||||
PROXY_ID: ${PROXY_ID}
|
||||
APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT}
|
||||
APP_beamfilesend_KEY: ${BEAM_FILE_SEND_SECRET}
|
||||
PRIVKEY_FILE: /run/secrets/proxy.pem
|
||||
ALL_PROXY: http://forward_proxy:3128
|
||||
TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
|
||||
|
||||
@ -5,6 +5,7 @@ FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | h
|
||||
FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
|
||||
SUPPORT_EMAIL=support-ccp@dkfz-heidelberg.de
|
||||
PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
|
||||
BEAM_FILE_SEND_SECRET="$(echo \"beam-file-send-salt\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
|
||||
|
||||
BROKER_URL_FOR_PREREQ=$BROKER_URL
|
||||
|
||||
@ -25,4 +26,5 @@ do
|
||||
source $module
|
||||
done
|
||||
|
||||
transfairSetup
|
||||
transfairSetup
|
||||
beamFileSetup
|
||||
|
||||
@ -15,7 +15,7 @@ services:
|
||||
environment:
|
||||
TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend"
|
||||
TEILER_DASHBOARD_URL: "https://${HOST}/ccp-teiler-dashboard"
|
||||
DEFAULT_LANGUAGE: "${DEFAULT_LANGUAGE_LOWER_CASE}"
|
||||
DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE_LOWER_CASE}"
|
||||
HTTP_RELATIVE_PATH: "/ccp-teiler"
|
||||
|
||||
teiler-dashboard:
|
||||
@ -29,7 +29,7 @@ services:
|
||||
- "traefik.http.middlewares.teiler_dashboard_ccp_strip.stripprefix.prefixes=/ccp-teiler-dashboard"
|
||||
- "traefik.http.routers.teiler_dashboard_ccp.middlewares=teiler_dashboard_ccp_strip"
|
||||
environment:
|
||||
DEFAULT_LANGUAGE: "${DEFAULT_LANGUAGE}"
|
||||
DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
|
||||
TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend"
|
||||
TEILER_DASHBOARD_URL: "https://${HOST}/ccp-teiler-dashboard"
|
||||
OIDC_URL: "${OIDC_URL}"
|
||||
@ -63,7 +63,7 @@ services:
|
||||
LOG_LEVEL: "INFO"
|
||||
APPLICATION_PORT: "8085"
|
||||
APPLICATION_ADDRESS: "${HOST}"
|
||||
DEFAULT_LANGUAGE: "${DEFAULT_LANGUAGE}"
|
||||
DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
|
||||
CONFIG_ENV_VAR_PATH: "/run/secrets/ccp.conf"
|
||||
TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/ccp-teiler"
|
||||
TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler"
|
||||
|
||||
@ -3,5 +3,7 @@
|
||||
if [ "$ENABLE_TEILER" == true ];then
|
||||
log INFO "Teiler setup detected -- will start Teiler services."
|
||||
OVERRIDE+=" -f ./$PROJECT/modules/teiler-compose.yml"
|
||||
TEILER_DEFAULT_LANGUAGE=DE
|
||||
TEILER_DEFAULT_LANGUAGE_LOWER_CASE=${TEILER_DEFAULT_LANGUAGE,,}
|
||||
add_public_oidc_redirect_url "/ccp-teiler/*"
|
||||
fi
|
||||
|
||||
0
lib/gitlab-token-helper.sh
Normal file → Executable file
0
lib/gitlab-token-helper.sh
Normal file → Executable file
0
lib/install-bridgehead.sh
Normal file → Executable file
0
lib/install-bridgehead.sh
Normal file → Executable file
0
lib/monitoring.sh
Normal file → Executable file
0
lib/monitoring.sh
Normal file → Executable file
0
lib/prepare-system.sh
Normal file → Executable file
0
lib/prepare-system.sh
Normal file → Executable file
1
lib/prerequisites.sh
Normal file → Executable file
1
lib/prerequisites.sh
Normal file → Executable file
@ -70,7 +70,6 @@ source "${CONFIG_DIR}${PROJECT}".conf
|
||||
source ${PROJECT}/vars
|
||||
|
||||
if [ "${PROJECT}" != "minimal" ]; then
|
||||
#if false; then # TODO: Adapt it for BBMRI
|
||||
set +e
|
||||
SERVERTIME="$(https_proxy=$HTTPS_PROXY_FULL_URL curl -m 5 -s -I $BROKER_URL_FOR_PREREQ 2>&1 | grep -i -e '^Date: ' | sed -e 's/^Date: //i')"
|
||||
RET=$?
|
||||
|
||||
0
lib/uninstall-bridgehead.sh
Normal file → Executable file
0
lib/uninstall-bridgehead.sh
Normal file → Executable file
0
lib/update-bridgehead.sh
Normal file → Executable file
0
lib/update-bridgehead.sh
Normal file → Executable file
@ -10,7 +10,7 @@ services:
|
||||
- --providers.docker=true
|
||||
- --providers.docker.exposedbydefault=false
|
||||
- --providers.file.directory=/configuration/
|
||||
- --api.dashboard=true # TODO: Adapt it for CCP
|
||||
- --api.dashboard=false
|
||||
- --accesslog=true
|
||||
- --entrypoints.web.http.redirections.entrypoint.to=websecure
|
||||
- --entrypoints.web.http.redirections.entrypoint.scheme=https
|
||||
|
||||
35
modules/beam-file-compose.yml
Normal file
35
modules/beam-file-compose.yml
Normal file
@ -0,0 +1,35 @@
|
||||
# NOTE: Current implementation is restricted to a bridgehead only being able to either upload or download data
|
||||
services:
|
||||
beam-file-sender:
|
||||
image: samply/beam-file:${BEAM_FILE_TAG}
|
||||
container_name: bridgehead-beam-file-sender
|
||||
environment:
|
||||
- BEAM_ID=beamfilesend.${PROXY_ID}
|
||||
- BEAM_SECRET=${BEAM_FILE_SEND_SECRET}
|
||||
- BEAM_URL=http://beam-proxy:8081
|
||||
- BIND_ADDR=0.0.0.0:8085
|
||||
- API_KEY=${BEAM_FILE_API_KEY}
|
||||
# Only uncomment if your are sure what to do
|
||||
# ports:
|
||||
# - 8085:8085
|
||||
volumes:
|
||||
- /var/cache/bridgehead/beam-file-out/:/data
|
||||
profiles: ["beam-file-sender"]
|
||||
|
||||
beam-file-receiver:
|
||||
image: samply/beam-file:${BEAM_FILE_TAG}
|
||||
container_name: bridgehead-beam-file-receiver
|
||||
environment:
|
||||
- BEAM_ID=beamfile.${PROXY_ID}
|
||||
- BEAM_SECRET=${BEAM_FILE_SECRET}
|
||||
- BEAM_URL=http://beam-proxy:8081
|
||||
- API_KEY=${BEAM_FILE_API_KEY}
|
||||
command: ["receive", "save", "--outdir", "/data"]
|
||||
volumes:
|
||||
- /var/cache/bridgehead/beam-file/:/data
|
||||
profiles: ["beam-file-receiver"]
|
||||
|
||||
beam-proxy:
|
||||
environment:
|
||||
APP_beamfile_KEY: ${BEAM_FILE_SECRET}
|
||||
profiles: ["beam-file-receiver"]
|
||||
11
modules/beam-file-setup.sh
Normal file
11
modules/beam-file-setup.sh
Normal file
@ -0,0 +1,11 @@
|
||||
#!/bin/bash -e
|
||||
|
||||
function beamFileSetup() {
|
||||
if [ -n "$ENABLE_BEAM_FILE_RECEIVER" ]; then
|
||||
echo "Starting beam file in receiver mode"
|
||||
OVERRIDE+=" -f ./modules/beam-file-compose.yml --profile beam-file-receiver"
|
||||
BEAM_FILE_SECRET="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
|
||||
BEAM_FILE_API_KEY="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
|
||||
log INFO "Beam File in Receiver Mode available uses ApiKey ${BEAM_FILE_API_KEY}"
|
||||
fi
|
||||
}
|
||||
0
modules/transfair-setup.sh
Normal file → Executable file
0
modules/transfair-setup.sh
Normal file → Executable file
@ -1,3 +1,4 @@
|
||||
FOCUS_TAG=develop
|
||||
BEAM_TAG=develop
|
||||
BLAZE_TAG=main
|
||||
BLAZE_TAG=main
|
||||
BEAM_FILE_TAG=task-based-files
|
||||
|
||||
Reference in New Issue
Block a user