Use onkofdz specific broker

minimal/modules/onko.root.pem

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIUcGXxIZMxUOoI2kf8FArsOvQfvwwwDQYJKoZIhvcNAQEL
+BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjQxMDMxMDkxOTUwWhcNMzQx
+MDI5MDkyMDIwWjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALX+8X4r2mWki4HLs2E5dXR9oGL+8Zos1s9Rmeaz
+FgxnpKf6wlop4ZlJd01Pgi3HNFo7XPFi76zalRsHS+rWN3tOy6r5KIjCYiqPb3AY
+luZuy7jAQOBGHKODVfJH1QCRqsvEwRbOU6nNFAkMcjSxt5+PmwB1U7+Kvmly4sYI
+i4t/gyVvcfEsiZ5LYQ7IpEf+or2Ugpb6j4KlTn+gKFzSfgl+yRhE0bnFEf0eBa+r
+HLLpq4hL16+pb6/WZ4DfM9QDioX6Tj2Hje9Va4RJ2dROENuq5sJugdE28hH9qEwE
+2bmKh6qvblgwkI3rJFkYH+scBtLEUH0KJY+SZ1iYHkoEaCkCAwEAAaN7MHkwDgYD
+VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFOe/txl3B7Sd
+NFE+615Z3rfzqBR4MB8GA1UdIwQYMBaAFOe/txl3B7SdNFE+615Z3rfzqBR4MBYG
+A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQA3kVJlBOHn
+Tscsk1FKLYNWE/fr3oUNPUYzXi4lln+UNdRHSdXUPzBp4B5oIi3uymdYg2Rzq9Su
+/xjE7++thgQJ37l/DpCm/TUmUFfH5ZqcaMPA+L21mw9G129teCP1nVuXjtYhwnBk
+fRiz1tzpO1rZCxC+vxIhcPeYSKbaAQTywtJu0MpduGFrfIwLtrxa4GLRQFD06KPx
+Ijq6Pt6kC2abcYtKCMCWmpzttQAq4csWbmWINKkD6GMkuJVpzEx3csg8rCyPCaX0
+HedLiKRqaSOzDRnIWfD2CQX6qMg8TNtnxFnZTlc9honxnwcGaeLZKNEg+1oPA40V
+NOffBIMF4DAV
+-----END CERTIFICATE-----

minimal/modules/onkofdz-compose.yml

@@ -0,0 +1,91 @@
+version: "3.7"
+
+services:
+  beam-proxy:
+    image: samply/beam-proxy:develop-sockets
+    container_name: bridgehead-beam-proxy
+    environment:
+      BROKER_URL: ${BROKER_URL}
+      PROXY_ID: ${PROXY_ID}
+      PRIVKEY_FILE: /run/secrets/proxy.pem
+      ALL_PROXY: http://forward_proxy:3128
+      TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
+      ROOTCERT_FILE: /conf/root.crt.pem
+      APP_beamsel_KEY: ${BEAMSEL_SECRET}
+    secrets:
+      - proxy.pem
+    depends_on:
+      - "forward_proxy"
+    volumes:
+      - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
+      - /srv/docker/bridgehead/minimal/modules/onko.root.pem:/conf/root.crt.pem:ro
+  postgres:
+    image: postgres:9.5-alpine
+    container_name: bridgehead-onkofdz-postgres
+    environment:
+      POSTGRES_DB: mainzelliste-sel
+      POSTGRES_USER: mainzelliste-sel
+      POSTGRES_PASSWORD: ${MAINZELLISTE_DB_PASSWORD}
+    volumes:
+      # - ./postgres-logs:/var/log/postgresql
+      - ml-data:/var/lib/postgresql/data
+    depends_on:
+      - secureepilinker
+  mainzelliste:
+    image: medicalinformatics/mainzelliste:secureepilinker-alpha
+    container_name: bridgehead-onkofdz-mainzelliste
+    environment:
+      ML_API_KEY: ${LOCAL_SEL_API_KEY}
+      ML_DB_HOST: postgres
+      ML_DB_PORT: 5432
+      ML_DB_USER: mainzelliste-sel
+      ML_DB_NAME: mainzelliste-sel
+      ML_DB_PASS: ${MAINZELLISTE_DB_PASSWORD}
+      ML_LOCAL_ID: ${SITE_ID}
+      ML_LOCAL_SEL_URL: http://secureepilinker:8161
+      ML_LOCAL_CALLBACK_LINK_URL: http://mainzelliste:8080/Communicator/linkCallback
+      ML_LOCAL_CALLBACK_MATCH_URL: http://mainzelliste:8080/Communicator/matchCallback/${REMOTE_SEL_SITE}
+      ML_LOCAL_DATA_SERVICE_URL: http://mainzelliste:8080/Communicator/getAllRecords
+      ML_LOCAL_AUTHENTICATION_TYPE: apiKey
+      ML_LOCAL_API_KEY: ${LOCAL_SEL_API_KEY}
+      ML_SERVER_0_REMOTEID: ${REMOTE_SEL_SITE}
+      ML_SERVER_0_IDTYPE: link-${SITE_ID}-${REMOTE_SEL_SITE}
+      ML_SERVER_0_REMOTE_SEL_URL: http://beamsel:8080
+      ML_SERVER_0_APIKEY: ${REMOTE_SEL_API_KEY}
+      ### Linkage Service not used for matching
+      ML_SERVER_0_LINKAGE_SERVICE_BASE_URL: ${LS_SEL_URL}
+      ML_SERVER_0_LINKAGE_SERVICE_AUTH_TYPE: apiKey
+      ML_SERVER_0_LINKAGE_SERVICE_SHARED_KEY: ${LS_SEL_SHARED_KEY}
+      ML_LOG_MODE: stdout #stdout=stdout everything else =logging in mainzelliste.log
+      ML_LOG_LEVEL: INFO
+      no_proxy: "localhost,secureepilinker"
+    volumes:
+      # - ./logs:/usr/local/tomcat/logs/
+      - /etc/bridgehead/onkofdz/config/mainzelliste.conf.docker:/run/secrets/mainzelliste.docker.conf
+      - /etc/bridgehead/onkofdz/config/sel.conf.docker:/run/secrets/sel.docker.conf
+    depends_on:
+      - postgres
+      - secureepilinker
+  secureepilinker:
+    image: docker.verbis.dkfz.de/onkofdz/secureepilinker:beamsel
+    container_name: bridgehead-onkofdz-secureepilinker
+    environment:
+      no_proxy: "mainzelliste,beamsel"
+    volumes:
+      - "/etc/bridgehead/onkofdz/config/epilinker.serverconf.json:/data/serverconf.json"
+    command: '-vvvv'
+  beamsel:
+    image: docker.verbis.dkfz.de/onkofdz/beam-sel
+    container_name: bridgehead-onkofdz-beamsel
+    environment:
+      BEAM_URL: "http://beam-proxy:8081"
+      BEAM_SECRET: ${BEAMSEL_SECRET}
+      BEAM_ID: beamsel.${PROXY_ID}
+      SEL_ADDR: "secureepilinker:8161"
+    depends_on:
+      - secureepilinker
+volumes:
+  ml-data:
+secrets:
+  proxy.pem:
+    file: /etc/bridgehead/pki/${SITE_ID}.priv.pem

minimal/modules/onkofdz-setup.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+if [ -n "${ENABLE_ONKOFDZ}" ]; then
+  BROKER_ID=test.broker.onkofdz.samply.de
+  BROKER_URL=https://${BROKER_ID}
+  PROXY_ID=${SITE_ID}.${BROKER_ID}
+  BEAMSEL_SECRET="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
+  SUPPORT_EMAIL=tobias.kussel@dkfz-heidelberg.de
+  PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
+
+  BROKER_URL_FOR_PREREQ=$BROKER_URL
+
+  log INFO "Loading OnkoFDZ module"
+  OVERRIDE+=" -f ./$PROJECT/modules/onkofdz-compose.yml"
+fi