samply/bridgehead
1
0
Fork 0
mirror of https://github.com/samply/bridgehead.git synced 2025-06-16 23:00:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: samply:test/obds2fhir-batch-import
Branches Tags
samply:main samply:transfair-cli samply:develop samply:feature/exporter-docu samply:test/teiler-dashboard samply:feature/add-pscc samply:feature/authentik samply:feature/teiler-for-ccp-and-bbmri samply:qr-bbmri-v2 samply:prototype/beamFile samply:test/exporter-no-python samply:cherry-pick-tmp-pr samply:test/obds2fhir-batch-import samply:ovis samply:test/airgapped-blaze samply:pr-secret-sync-gitlab-bbmri samply:feature/add-qb-to-cce samply:Threated-patch-1 samply:torbrenner-patch-1 samply:feat/routine-connector-minor-fixes samply:metadata_fb samply:feat/dnpm-dip samply:bugfix/test-old-blaze samply:dnpm-etl-rewrite samply:feature/qr-basic-auth samply:refactor/logging samply:feature/opal-client-for-new-token-manager samply:test/onkofdz samply:feature/addExporterAndTeilerToEric samply:set_env_variables_needed_for_fhir2sql samply:feature/externalize-versions samply:fix/kr-deactivate-landingpage samply:refactor/datashield-auth-config samply:refactor/independent-modules samply:feature/dnpm-extra-broker samply:revert-223-feat/add-dkfz-hector-ki-project samply:ehds2_develop samply:ehds2 samply:feature/auto-pr samply:qr_bbmri samply:feature/cBioPortal samply:feat/blaze-frontend samply:feat/central-rstudio samply:pro/lemedart samply:feature/feedback-agent samply:feature/component-moniotring samply:feature/cbioportal-datashield samply:documentation/blaze_resources samply:feat/cBioPortal samply:test-switch-branch samply:feature/nngm-rest samply:feature/opal samply:feature/snap samply:feature/accessTokenFromConfiguration
..
compare: samply:qr-bbmri-v2
Branches Tags
samply:transfair-cli samply:develop samply:feature/exporter-docu samply:main samply:test/teiler-dashboard samply:feature/add-pscc samply:feature/authentik samply:feature/teiler-for-ccp-and-bbmri samply:qr-bbmri-v2 samply:prototype/beamFile samply:test/exporter-no-python samply:cherry-pick-tmp-pr samply:test/obds2fhir-batch-import samply:ovis samply:test/airgapped-blaze samply:pr-secret-sync-gitlab-bbmri samply:feature/add-qb-to-cce samply:Threated-patch-1 samply:torbrenner-patch-1 samply:feat/routine-connector-minor-fixes samply:metadata_fb samply:feat/dnpm-dip samply:bugfix/test-old-blaze samply:dnpm-etl-rewrite samply:feature/qr-basic-auth samply:refactor/logging samply:feature/opal-client-for-new-token-manager samply:test/onkofdz samply:feature/addExporterAndTeilerToEric samply:set_env_variables_needed_for_fhir2sql samply:feature/externalize-versions samply:fix/kr-deactivate-landingpage samply:refactor/datashield-auth-config samply:refactor/independent-modules samply:feature/dnpm-extra-broker samply:revert-223-feat/add-dkfz-hector-ki-project samply:ehds2_develop samply:ehds2 samply:feature/auto-pr samply:qr_bbmri samply:feature/cBioPortal samply:feat/blaze-frontend samply:feat/central-rstudio samply:pro/lemedart samply:feature/feedback-agent samply:feature/component-moniotring samply:feature/cbioportal-datashield samply:documentation/blaze_resources samply:feat/cBioPortal samply:test-switch-branch samply:feature/nngm-rest samply:feature/opal samply:feature/snap samply:feature/accessTokenFromConfiguration

12 Commits
test/obds2 ... qr-bbmri-v

Author SHA1 Message Date
David Juarez
ae80e6bb9d Bugfix: teiler backend secret 2025-05-23 18:09:08 +02:00
David Juarez
6476529abd Teiler in BBMRI 2025-05-22 14:30:30 +02:00
djuarezgf
af08a9fb08 chore: change some teiler variables (#307) 2025-05-20 16:24:24 +02:00
djuarezgf
b95f0efbe7 fix: add own url to teiler dashboard to make it offline compatible (#305) 2025-05-20 09:39:14 +02:00
Torben Brenner
99567e2b40 fix: Ensure transfair can properly communicate with the fhir server for requests (#304) 2025-05-19 17:01:37 +02:00
Jan
96ff6043a1 feat: allow transfair to talk to services behind the proxy (#296) 2025-05-09 13:52:33 +02:00
Jan
844ce3386e chore(transfair): update transfair config (#298) 2025-05-09 11:30:26 +02:00
Martin Lablans
9782bf66b6 Code review: Move to /tmp/bridgehead/... 2025-05-08 09:18:02 +02:00
Tim Schumacher
87f0e8ad7f Use temp directory for secret sync cache 2025-05-08 09:18:02 +02:00
Jan
7365be3e7b chore(transfair): add option to disable tls verification (#295) 2025-04-17 12:01:45 +02:00
Enola Knezevic
c5d08c50a4 chore: add BBMRI ERIC acceptance env (#294) 2025-04-16 15:37:55 +02:00
Jan
72ecaadba8 fix: ssh-tunnel-setup.sh (#293) 2025-04-15 11:36:20 +02:00
18 changed files with 147 additions and 78 deletions
Expand all files Collapse all files

4
bbmri/modules/eric-setup.sh
View File

@ -10,6 +10,10 @@ if [ "${ENABLE_ERIC}" == "true" ]; then
export ERIC_BROKER_ID=broker.bbmri.samply.de export ERIC_BROKER_ID=broker.bbmri.samply.de
export ERIC_ROOT_CERT=eric export ERIC_ROOT_CERT=eric
;; ;;
"acceptance")
export ERIC_BROKER_ID=broker-acc.bbmri-acc.samply.de
export ERIC_ROOT_CERT=eric.acc
;;
"test") "test")
export ERIC_BROKER_ID=broker-test.bbmri-test.samply.de export ERIC_BROKER_ID=broker-test.bbmri-test.samply.de
export ERIC_ROOT_CERT=eric.test export ERIC_ROOT_CERT=eric.test

20
bbmri/modules/eric.acc.root.crt.pem Normal file
View File

@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDNTCCAh2gAwIBAgIUE/wu6FmI+KSMOalI65b+lI3HI4cwDQYJKoZIhvcNAQEL
BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjQwOTE2MTUyMzU0WhcNMzQw
OTE0MTUyNDI0WjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAOt1I1FQt2bI4Nnjtg8JBYid29cBIkDT4MMb45Jr
ays24y4R3WO7VJK9UjNduSq/A1jlA0W0A/szDf8Ojq6bBtg+uL92PTDjYH1QXwX0
c7eMo2tvvyyrs/cb2/ovDBQ1lpibcxVmVAv042ASmil3SdqKKXpv3ATnF9I7V4cv
fwB56FChaGIov5EK+9JOMjTx6oMlBEgUFR6qq/lSqM9my0HYwUFbX2W+nT9EKEIP
9UP1eyfRZR3E/+oticnm/cS20BGCbjoYrNgLthXKyaASuhGoElKs8EZ3h9MiI+u0
DpR0KpePhAkMLugBrgYWqkMwwD1684LfC4YVQrsLwzo5OW8CAwEAAaN7MHkwDgYD
VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFPbXs3g3lMjH
1JMe0a5aVbN7lB92MB8GA1UdIwQYMBaAFPbXs3g3lMjH1JMe0a5aVbN7lB92MBYG
A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQBM5RsXb2HN
FpC1mYfocXAn20Zu4d603qmc/IqkiOWbp36pWo+jk1AxejyRS9hEpQalgSnvcRPQ
1hPEhGU+wvI0WWVi/01iNjVbXmJNPQEouXQWAT17dyp9vqQkPw8LNzpSV/qdPgbT
Z9o3sZrjUsSLsK7A7Q5ky4ePkiJBaMsHeAD+wqGwpiJ4D2Xhp8e1v36TWM0qt2EA
gySx9isx/jeGGPBmDqYB9BCal5lrihPN56jd+5pCkyXeZqKWiiXFJKXwcwxctYZc
ADHIiTLLPXE8LHTUJAO51it1NAZ1S24aMzax4eWDXcWO7/ybbx5pkYkMd6EqlKHd
8riQJIhY4huX
-----END CERTIFICATE-----

29
bbmri/vars
View File

@ -1,3 +1,25 @@
DEFAULT_LANGUAGE=EN
DEFAULT_LANGUAGE_LOWER_CASE=${DEFAULT_LANGUAGE,,}
BROKER_ID=broker-test.bbmri-test.samply.de
BROKER_URL=https://${BROKER_ID}
PROXY_ID=${SITE_ID}.${BROKER_ID}
PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
PLATFORM=bbmri
BROKER_URL_FOR_PREREQ=$BROKER_URL
OIDC_USER_GROUP="BBMRI_$(capitalize_first_letter ${SITE_ID})"
OIDC_ADMIN_GROUP="BBMRI_$(capitalize_first_letter ${SITE_ID})_Verwalter"
OIDC_PUBLIC_CLIENT_ID="BBMRI_${SITE_ID}-public"
# Use "test-realm-01" for testing
OIDC_REALM="${OIDC_REALM:-test-realm-01}"
OIDC_URL="https://login.verbis.dkfz.de"
OIDC_ISSUER_URL="${OIDC_URL}/realms/${OIDC_REALM}"
OIDC_GROUP_CLAIM="groups"
POSTGRES_TAG=15.6-alpine
# Makes sense for all European Biobanks # Makes sense for all European Biobanks
: ${ENABLE_ERIC:=true} : ${ENABLE_ERIC:=true}
@ -13,6 +35,13 @@ do
source $module source $module
done done
log DEBUG "sourcing ccp/modules/exporter-setup.sh"
source ccp/modules/exporter-setup.sh
log DEBUG "sourcing ccp/modules/teiler-setup.sh"
source ccp/modules/teiler-setup.sh
SUPPORT_EMAIL=$ERIC_SUPPORT_EMAIL SUPPORT_EMAIL=$ERIC_SUPPORT_EMAIL
BROKER_URL_FOR_PREREQ="${ERIC_BROKER_URL:-$GBN_BROKER_URL}" BROKER_URL_FOR_PREREQ="${ERIC_BROKER_URL:-$GBN_BROKER_URL}"

5
bridgehead
View File

@ -69,7 +69,7 @@ loadVars() {
if [ "$(git rev-parse --abbrev-ref HEAD)" == "main" ]; then if [ "$(git rev-parse --abbrev-ref HEAD)" == "main" ]; then
ENVIRONMENT="production" ENVIRONMENT="production"
else else
ENVIRONMENT="test" ENVIRONMENT="test" # we have acceptance environment in BBMRI ERIC and it would be more appropriate to default to that one in case the data they have in BH is real, but I'm gonna leave it as is for backward compatibility
fi fi
fi fi
# Source the versions of the images components # Source the versions of the images components
@ -80,6 +80,9 @@ loadVars() {
"test") "test")
source ./versions/test source ./versions/test
;; ;;
"acceptance")
source ./versions/acceptance
;;
*) *)
report_error 7 "Environment \"$ENVIRONMENT\" is unknown. Assuming production. FIX THIS!" report_error 7 "Environment \"$ENVIRONMENT\" is unknown. Assuming production. FIX THIS!"
source ./versions/prod source ./versions/prod

37
ccp/modules/exporter-compose.yml
View File

@ -3,7 +3,7 @@ version: "3.7"
services: services:
exporter: exporter:
image: docker.verbis.dkfz.de/ccp/dktk-exporter:latest image: docker.verbis.dkfz.de/ccp/dktk-exporter:latest
container_name: bridgehead-ccp-exporter container_name: bridgehead-${PLATFORM}-exporter
environment: environment:
JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC" JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"
LOG_LEVEL: "INFO" LOG_LEVEL: "INFO"
@ -12,39 +12,39 @@ services:
EXPORTER_DB_USER: "exporter" EXPORTER_DB_USER: "exporter"
EXPORTER_DB_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh EXPORTER_DB_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh
EXPORTER_DB_URL: "jdbc:postgresql://exporter-db:5432/exporter" EXPORTER_DB_URL: "jdbc:postgresql://exporter-db:5432/exporter"
HTTP_RELATIVE_PATH: "/ccp-exporter" HTTP_RELATIVE_PATH: "/${PLATFORM}-exporter"
SITE: "${SITE_ID}" SITE: "${SITE_ID}"
HTTP_SERVLET_REQUEST_SCHEME: "https" HTTP_SERVLET_REQUEST_SCHEME: "https"
OPAL_PASSWORD: "${EXPORTER_OPAL_PASSWORD}" OPAL_PASSWORD: "${EXPORTER_OPAL_PASSWORD}"
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.exporter_ccp.rule=PathPrefix(`/ccp-exporter`)" - "traefik.http.routers.exporter_${PLATFORM}.rule=PathPrefix(`/${PLATFORM}-exporter`)"
- "traefik.http.services.exporter_ccp.loadbalancer.server.port=8092" - "traefik.http.services.exporter_${PLATFORM}.loadbalancer.server.port=8092"
- "traefik.http.routers.exporter_ccp.tls=true" - "traefik.http.routers.exporter_${PLATFORM}.tls=true"
- "traefik.http.middlewares.exporter_ccp_strip.stripprefix.prefixes=/ccp-exporter" - "traefik.http.middlewares.exporter_${PLATFORM}_strip.stripprefix.prefixes=/${PLATFORM}-exporter"
- "traefik.http.routers.exporter_ccp.middlewares=exporter_ccp_strip" - "traefik.http.routers.exporter_${PLATFORM}.middlewares=exporter_${PLATFORM}_strip"
volumes: volumes:
- "/var/cache/bridgehead/ccp/exporter-files:/app/exporter-files/output" - "/var/cache/bridgehead/${PLATFORM}/exporter-files:/app/exporter-files/output"
exporter-db: exporter-db:
image: docker.verbis.dkfz.de/cache/postgres:${POSTGRES_TAG} image: docker.verbis.dkfz.de/cache/postgres:${POSTGRES_TAG}
container_name: bridgehead-ccp-exporter-db container_name: bridgehead-${PLATFORM}-exporter-db
environment: environment:
POSTGRES_USER: "exporter" POSTGRES_USER: "exporter"
POSTGRES_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh POSTGRES_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh
POSTGRES_DB: "exporter" POSTGRES_DB: "exporter"
volumes: volumes:
# Consider removing this volume once we find a solution to save Lens-queries to be executed in the explorer. # Consider removing this volume once we find a solution to save Lens-queries to be executed in the explorer.
- "/var/cache/bridgehead/ccp/exporter-db:/var/lib/postgresql/data" - "/var/cache/bridgehead/${PLATFORM}/exporter-db:/var/lib/postgresql/data"
reporter: reporter:
image: docker.verbis.dkfz.de/ccp/dktk-reporter:latest image: docker.verbis.dkfz.de/ccp/dktk-reporter:latest
container_name: bridgehead-ccp-reporter container_name: bridgehead-${PLATFORM}-reporter
environment: environment:
JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC" JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"
LOG_LEVEL: "INFO" LOG_LEVEL: "INFO"
CROSS_ORIGINS: "https://${HOST}" CROSS_ORIGINS: "https://${HOST}"
HTTP_RELATIVE_PATH: "/ccp-reporter" HTTP_RELATIVE_PATH: "/${PLATFORM}-reporter"
SITE: "${SITE_ID}" SITE: "${SITE_ID}"
EXPORTER_API_KEY: "${EXPORTER_API_KEY}" # Set in exporter-setup.sh EXPORTER_API_KEY: "${EXPORTER_API_KEY}" # Set in exporter-setup.sh
EXPORTER_URL: "http://exporter:8092" EXPORTER_URL: "http://exporter:8092"
@ -57,14 +57,15 @@ services:
# There is a risk that the bridgehead restarts, losing the already created export. # There is a risk that the bridgehead restarts, losing the already created export.
volumes: volumes:
- "/var/cache/bridgehead/ccp/reporter-files:/app/reports" - "/var/cache/bridgehead/${PLATFORM}/reporter-files:/app/reports"
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.reporter_ccp.rule=PathPrefix(`/ccp-reporter`)" - "traefik.http.routers.reporter_${PLATFORM}.rule=PathPrefix(`/${PLATFORM}-reporter`)"
- "traefik.http.services.reporter_ccp.loadbalancer.server.port=8095" - "traefik.http.services.reporter_${PLATFORM}.loadbalancer.server.port=8095"
- "traefik.http.routers.reporter_ccp.tls=true" - "traefik.http.routers.reporter_${PLATFORM}.tls=true"
- "traefik.http.middlewares.reporter_ccp_strip.stripprefix.prefixes=/ccp-reporter" - "traefik.http.middlewares.reporter_${PLATFORM}_strip.stripprefix.prefixes=/${PLATFORM}-reporter"
- "traefik.http.routers.reporter_ccp.middlewares=reporter_ccp_strip" - "traefik.http.routers.reporter_${PLATFORM}.middlewares=reporter_${PLATFORM}_strip"
focus: focus:
environment: environment:

2
ccp/modules/exporter-setup.sh
View File

@ -2,7 +2,7 @@
if [ "$ENABLE_EXPORTER" == true ]; then if [ "$ENABLE_EXPORTER" == true ]; then
log INFO "Exporter setup detected -- will start Exporter service." log INFO "Exporter setup detected -- will start Exporter service."
OVERRIDE+=" -f ./$PROJECT/modules/exporter-compose.yml" OVERRIDE+=" -f ./ccp/modules/exporter-compose.yml"
EXPORTER_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" EXPORTER_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
EXPORTER_API_KEY="$(echo \"This is a salt string to generate one consistent API KEY for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 64)" EXPORTER_API_KEY="$(echo \"This is a salt string to generate one consistent API KEY for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 64)"
fi fi

2
ccp/modules/obds2fhir-rest-compose.yml
View File

@ -3,7 +3,7 @@ version: "3.7"
services: services:
obds2fhir-rest: obds2fhir-rest:
container_name: bridgehead-obds2fhir-rest container_name: bridgehead-obds2fhir-rest
image: docker.verbis.dkfz.de/ccp/obds2fhir-rest:fixSampleImport image: docker.verbis.dkfz.de/samply/obds2fhir-rest:main
environment: environment:
IDTYPE: BK_${IDMANAGEMENT_FRIENDLY_ID}_L-ID IDTYPE: BK_${IDMANAGEMENT_FRIENDLY_ID}_L-ID
MAINZELLISTE_APIKEY: ${IDMANAGER_LOCAL_PATIENTLIST_APIKEY} MAINZELLISTE_APIKEY: ${IDMANAGER_LOCAL_PATIENTLIST_APIKEY}

73
ccp/modules/teiler-compose.yml
View File

@ -7,30 +7,31 @@ services:
container_name: bridgehead-teiler-orchestrator container_name: bridgehead-teiler-orchestrator
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.teiler_orchestrator_ccp.rule=PathPrefix(`/ccp-teiler`)" - "traefik.http.routers.teiler_orchestrator_${PLATFORM}.rule=PathPrefix(`/${PLATFORM}-teiler`)"
- "traefik.http.services.teiler_orchestrator_ccp.loadbalancer.server.port=9000" - "traefik.http.services.teiler_orchestrator_${PLATFORM}.loadbalancer.server.port=9000"
- "traefik.http.routers.teiler_orchestrator_ccp.tls=true" - "traefik.http.routers.teiler_orchestrator_${PLATFORM}.tls=true"
- "traefik.http.middlewares.teiler_orchestrator_ccp_strip.stripprefix.prefixes=/ccp-teiler" - "traefik.http.middlewares.teiler_orchestrator_${PLATFORM}_strip.stripprefix.prefixes=/${PLATFORM}-teiler"
- "traefik.http.routers.teiler_orchestrator_ccp.middlewares=teiler_orchestrator_ccp_strip" - "traefik.http.routers.teiler_orchestrator_${PLATFORM}.middlewares=teiler_orchestrator_${PLATFORM}_strip"
environment: environment:
TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend" TEILER_BACKEND_URL: "https://${HOST}/${PLATFORM}-teiler-backend"
TEILER_DASHBOARD_URL: "https://${HOST}/ccp-teiler-dashboard" TEILER_DASHBOARD_URL: "https://${HOST}/${PLATFORM}-teiler-dashboard"
DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE_LOWER_CASE}" DEFAULT_LANGUAGE: "${DEFAULT_LANGUAGE_LOWER_CASE}"
HTTP_RELATIVE_PATH: "/ccp-teiler" HTTP_RELATIVE_PATH: "/${PLATFORM}-teiler"
teiler-dashboard: teiler-dashboard:
image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop
container_name: bridgehead-teiler-dashboard container_name: bridgehead-teiler-dashboard
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.teiler_dashboard_ccp.rule=PathPrefix(`/ccp-teiler-dashboard`)" - "traefik.http.routers.teiler_dashboard_${PLATFORM}.rule=PathPrefix(`/${PLATFORM}-teiler-dashboard`)"
- "traefik.http.services.teiler_dashboard_ccp.loadbalancer.server.port=80" - "traefik.http.services.teiler_dashboard_${PLATFORM}.loadbalancer.server.port=80"
- "traefik.http.routers.teiler_dashboard_ccp.tls=true" - "traefik.http.routers.teiler_dashboard_${PLATFORM}.tls=true"
- "traefik.http.middlewares.teiler_dashboard_ccp_strip.stripprefix.prefixes=/ccp-teiler-dashboard" - "traefik.http.middlewares.teiler_dashboard_${PLATFORM}_strip.stripprefix.prefixes=/${PLATFORM}-teiler-dashboard"
- "traefik.http.routers.teiler_dashboard_ccp.middlewares=teiler_dashboard_ccp_strip" - "traefik.http.routers.teiler_dashboard_${PLATFORM}.middlewares=teiler_dashboard_${PLATFORM}_strip"
environment: environment:
DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}" DEFAULT_LANGUAGE: "${DEFAULT_LANGUAGE}"
TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend" TEILER_BACKEND_URL: "https://${HOST}/${PLATFORM}-teiler-backend"
TEILER_DASHBOARD_URL: "https://${HOST}/${PLATFORM}-teiler-dashboard"
OIDC_URL: "${OIDC_URL}" OIDC_URL: "${OIDC_URL}"
OIDC_REALM: "${OIDC_REALM}" OIDC_REALM: "${OIDC_REALM}"
OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}" OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}"
@ -40,42 +41,40 @@ services:
TEILER_ADMIN_PHONE: "${OPERATOR_PHONE}" TEILER_ADMIN_PHONE: "${OPERATOR_PHONE}"
TEILER_PROJECT: "${PROJECT}" TEILER_PROJECT: "${PROJECT}"
EXPORTER_API_KEY: "${EXPORTER_API_KEY}" EXPORTER_API_KEY: "${EXPORTER_API_KEY}"
TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler" TEILER_ORCHESTRATOR_URL: "https://${HOST}/${PLATFORM}-teiler"
TEILER_DASHBOARD_HTTP_RELATIVE_PATH: "/ccp-teiler-dashboard" TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/${PLATFORM}-teiler"
TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/ccp-teiler"
TEILER_USER: "${OIDC_USER_GROUP}" TEILER_USER: "${OIDC_USER_GROUP}"
TEILER_ADMIN: "${OIDC_ADMIN_GROUP}" TEILER_ADMIN: "${OIDC_ADMIN_GROUP}"
REPORTER_DEFAULT_TEMPLATE_ID: "ccp-qb" REPORTER_DEFAULT_TEMPLATE_ID: "${PLATFORM}-qb"
EXPORTER_DEFAULT_TEMPLATE_ID: "ccp" EXPORTER_DEFAULT_TEMPLATE_ID: "${PLATFORM}"
teiler-backend: teiler-backend:
image: docker.verbis.dkfz.de/ccp/dktk-teiler-backend:latest image: docker.verbis.dkfz.de/ccp/${PROJECT}-teiler-backend:latest
container_name: bridgehead-teiler-backend container_name: bridgehead-teiler-backend
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.teiler_backend_ccp.rule=PathPrefix(`/ccp-teiler-backend`)" - "traefik.http.routers.teiler_backend_${PLATFORM}.rule=PathPrefix(`/${PLATFORM}-teiler-backend`)"
- "traefik.http.services.teiler_backend_ccp.loadbalancer.server.port=8085" - "traefik.http.services.teiler_backend_${PLATFORM}.loadbalancer.server.port=8085"
- "traefik.http.routers.teiler_backend_ccp.tls=true" - "traefik.http.routers.teiler_backend_${PLATFORM}.tls=true"
- "traefik.http.middlewares.teiler_backend_ccp_strip.stripprefix.prefixes=/ccp-teiler-backend" - "traefik.http.middlewares.teiler_backend_${PLATFORM}_strip.stripprefix.prefixes=/${PLATFORM}-teiler-backend"
- "traefik.http.routers.teiler_backend_ccp.middlewares=teiler_backend_ccp_strip" - "traefik.http.routers.teiler_backend_${PLATFORM}.middlewares=teiler_backend_${PLATFORM}_strip"
environment: environment:
LOG_LEVEL: "INFO" LOG_LEVEL: "INFO"
APPLICATION_PORT: "8085" APPLICATION_PORT: "8085"
APPLICATION_ADDRESS: "${HOST}" APPLICATION_ADDRESS: "${HOST}"
DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}" DEFAULT_LANGUAGE: "${DEFAULT_LANGUAGE}"
CONFIG_ENV_VAR_PATH: "/run/secrets/ccp.conf" CONFIG_ENV_VAR_PATH: "/run/secrets/project-conf"
TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/ccp-teiler" TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/${PLATFORM}-teiler"
TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler" TEILER_ORCHESTRATOR_URL: "https://${HOST}/${PLATFORM}-teiler"
TEILER_DASHBOARD_DE_URL: "https://${HOST}/ccp-teiler-dashboard/de" TEILER_DASHBOARD_DE_URL: "https://${HOST}/${PLATFORM}-teiler-dashboard/de"
TEILER_DASHBOARD_EN_URL: "https://${HOST}/ccp-teiler-dashboard/en" TEILER_DASHBOARD_EN_URL: "https://${HOST}/${PLATFORM}-teiler-dashboard/en"
CENTRAX_URL: "${CENTRAXX_URL}"
HTTP_PROXY: "http://forward_proxy:3128" HTTP_PROXY: "http://forward_proxy:3128"
ENABLE_MTBA: "${ENABLE_MTBA}" ENABLE_MTBA: "${ENABLE_MTBA}"
ENABLE_DATASHIELD: "${ENABLE_DATASHIELD}" ENABLE_DATASHIELD: "${ENABLE_DATASHIELD}"
secrets: secrets:
- ccp.conf - project-conf
secrets: secrets:
ccp.conf: project-conf:
file: /etc/bridgehead/ccp.conf file: "/etc/bridgehead/${PROJECT}.conf"

4
ccp/modules/teiler-setup.sh
View File

@ -2,8 +2,6 @@
if [ "$ENABLE_TEILER" == true ];then if [ "$ENABLE_TEILER" == true ];then
log INFO "Teiler setup detected -- will start Teiler services." log INFO "Teiler setup detected -- will start Teiler services."
OVERRIDE+=" -f ./$PROJECT/modules/teiler-compose.yml" OVERRIDE+=" -f ./ccp/modules/teiler-compose.yml"
TEILER_DEFAULT_LANGUAGE=DE
TEILER_DEFAULT_LANGUAGE_LOWER_CASE=${TEILER_DEFAULT_LANGUAGE,,}
add_public_oidc_redirect_url "/ccp-teiler/*" add_public_oidc_redirect_url "/ccp-teiler/*"
fi fi

4
ccp/vars
View File

@ -1,3 +1,6 @@
DEFAULT_LANGUAGE=EN
DEFAULT_LANGUAGE_LOWER_CASE=${DEFAULT_LANGUAGE,,}
BROKER_ID=broker.ccp-it.dktk.dkfz.de BROKER_ID=broker.ccp-it.dktk.dkfz.de
BROKER_URL=https://${BROKER_ID} BROKER_URL=https://${BROKER_ID}
PROXY_ID=${SITE_ID}.${BROKER_ID} PROXY_ID=${SITE_ID}.${BROKER_ID}
@ -5,6 +8,7 @@ FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | h
FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64} FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
SUPPORT_EMAIL=support-ccp@dkfz-heidelberg.de SUPPORT_EMAIL=support-ccp@dkfz-heidelberg.de
PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
PLATFORM=bbmri
BROKER_URL_FOR_PREREQ=$BROKER_URL BROKER_URL_FOR_PREREQ=$BROKER_URL

9
kr/modules/teiler-compose.yml
View File

@ -15,7 +15,7 @@ services:
environment: environment:
TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend" TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend"
TEILER_DASHBOARD_URL: "https://${HOST}/ccp-teiler-dashboard" TEILER_DASHBOARD_URL: "https://${HOST}/ccp-teiler-dashboard"
DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE_LOWER_CASE}" DEFAULT_LANGUAGE: "${DEFAULT_LANGUAGE_LOWER_CASE}"
HTTP_RELATIVE_PATH: "/ccp-teiler" HTTP_RELATIVE_PATH: "/ccp-teiler"
teiler-dashboard: teiler-dashboard:
@ -29,8 +29,9 @@ services:
- "traefik.http.middlewares.teiler_dashboard_ccp_strip.stripprefix.prefixes=/ccp-teiler-dashboard" - "traefik.http.middlewares.teiler_dashboard_ccp_strip.stripprefix.prefixes=/ccp-teiler-dashboard"
- "traefik.http.routers.teiler_dashboard_ccp.middlewares=teiler_dashboard_ccp_strip" - "traefik.http.routers.teiler_dashboard_ccp.middlewares=teiler_dashboard_ccp_strip"
environment: environment:
DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}" DEFAULT_LANGUAGE: "${DEFAULT_LANGUAGE}"
TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend" TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend"
TEILER_DASHBOARD_URL: "https://${HOST}/ccp-teiler-dashboard"
OIDC_URL: "${OIDC_URL}" OIDC_URL: "${OIDC_URL}"
OIDC_REALM: "${OIDC_REALM}" OIDC_REALM: "${OIDC_REALM}"
OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}" OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}"
@ -41,7 +42,6 @@ services:
TEILER_PROJECT: "${PROJECT}" TEILER_PROJECT: "${PROJECT}"
EXPORTER_API_KEY: "${EXPORTER_API_KEY}" EXPORTER_API_KEY: "${EXPORTER_API_KEY}"
TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler" TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler"
TEILER_DASHBOARD_HTTP_RELATIVE_PATH: "/ccp-teiler-dashboard"
TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/ccp-teiler" TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/ccp-teiler"
TEILER_USER: "${OIDC_USER_GROUP}" TEILER_USER: "${OIDC_USER_GROUP}"
TEILER_ADMIN: "${OIDC_ADMIN_GROUP}" TEILER_ADMIN: "${OIDC_ADMIN_GROUP}"
@ -63,13 +63,12 @@ services:
LOG_LEVEL: "INFO" LOG_LEVEL: "INFO"
APPLICATION_PORT: "8085" APPLICATION_PORT: "8085"
APPLICATION_ADDRESS: "${HOST}" APPLICATION_ADDRESS: "${HOST}"
DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}" DEFAULT_LANGUAGE: "${DEFAULT_LANGUAGE}"
CONFIG_ENV_VAR_PATH: "/run/secrets/ccp.conf" CONFIG_ENV_VAR_PATH: "/run/secrets/ccp.conf"
TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/ccp-teiler" TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/ccp-teiler"
TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler" TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler"
TEILER_DASHBOARD_DE_URL: "https://${HOST}/ccp-teiler-dashboard/de" TEILER_DASHBOARD_DE_URL: "https://${HOST}/ccp-teiler-dashboard/de"
TEILER_DASHBOARD_EN_URL: "https://${HOST}/ccp-teiler-dashboard/en" TEILER_DASHBOARD_EN_URL: "https://${HOST}/ccp-teiler-dashboard/en"
CENTRAX_URL: "${CENTRAXX_URL}"
HTTP_PROXY: "http://forward_proxy:3128" HTTP_PROXY: "http://forward_proxy:3128"
ENABLE_MTBA: "${ENABLE_MTBA}" ENABLE_MTBA: "${ENABLE_MTBA}"
ENABLE_DATASHIELD: "${ENABLE_DATASHIELD}" ENABLE_DATASHIELD: "${ENABLE_DATASHIELD}"

2
kr/modules/teiler-setup.sh
View File

@ -3,7 +3,5 @@
if [ "$ENABLE_TEILER" == true ];then if [ "$ENABLE_TEILER" == true ];then
log INFO "Teiler setup detected -- will start Teiler services." log INFO "Teiler setup detected -- will start Teiler services."
OVERRIDE+=" -f ./$PROJECT/modules/teiler-compose.yml" OVERRIDE+=" -f ./$PROJECT/modules/teiler-compose.yml"
TEILER_DEFAULT_LANGUAGE=DE
TEILER_DEFAULT_LANGUAGE_LOWER_CASE=${TEILER_DEFAULT_LANGUAGE,,}
add_public_oidc_redirect_url "/ccp-teiler/*" add_public_oidc_redirect_url "/ccp-teiler/*"
fi fi

11
lib/functions.sh
View File

@ -347,18 +347,21 @@ function secret_sync_gitlab_token() {
root_crt_file="/srv/docker/bridgehead/$PROJECT/root.crt.pem" root_crt_file="/srv/docker/bridgehead/$PROJECT/root.crt.pem"
fi fi
# Use Secret Sync to validate the GitLab token in /var/cache/bridgehead/secrets/gitlab_token. # Create a temporary directory for Secret Sync that is valid per boot
secret_sync_tempdir="/tmp/bridgehead/secret-sync.boot-$(cat /proc/sys/kernel/random/boot_id)"
mkdir -p $secret_sync_tempdir
# Use Secret Sync to validate the GitLab token in $secret_sync_tempdir/cache.
# If it is missing or expired, Secret Sync will create a new token and write it to the file. # If it is missing or expired, Secret Sync will create a new token and write it to the file.
# The git credential helper reads the token from the file during git pull. # The git credential helper reads the token from the file during git pull.
mkdir -p /var/cache/bridgehead/secrets
touch /var/cache/bridgehead/secrets/gitlab_token # the file has to exist to be mounted correctly in the Docker container
log "INFO" "Running Secret Sync for the GitLab token (gitlab=$gitlab)" log "INFO" "Running Secret Sync for the GitLab token (gitlab=$gitlab)"
docker pull docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest # make sure we have the latest image docker pull docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest # make sure we have the latest image
docker run --rm \ docker run --rm \
-v /var/cache/bridgehead/secrets/gitlab_token:/usr/local/cache \
-v $PRIVATEKEYFILENAME:/run/secrets/privkey.pem:ro \ -v $PRIVATEKEYFILENAME:/run/secrets/privkey.pem:ro \
-v $root_crt_file:/run/secrets/root.crt.pem:ro \ -v $root_crt_file:/run/secrets/root.crt.pem:ro \
-v /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro \ -v /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro \
-v $secret_sync_tempdir:/secret-sync/ \
-e CACHE_PATH=/secret-sync/gitlab-token \
-e TLS_CA_CERTIFICATES_DIR=/conf/trusted-ca-certs \ -e TLS_CA_CERTIFICATES_DIR=/conf/trusted-ca-certs \
-e NO_PROXY=localhost,127.0.0.1 \ -e NO_PROXY=localhost,127.0.0.1 \
-e ALL_PROXY=$HTTPS_PROXY_FULL_URL \ -e ALL_PROXY=$HTTPS_PROXY_FULL_URL \

2
lib/gitlab-token-helper.sh
View File

@ -2,7 +2,7 @@
[ "$1" = "get" ] || exit [ "$1" = "get" ] || exit
source /var/cache/bridgehead/secrets/gitlab_token source "/tmp/bridgehead/secret-sync.boot-$(cat /proc/sys/kernel/random/boot_id)/gitlab-token"
# Any non-empty username works, only the token matters # Any non-empty username works, only the token matters
cat << EOF cat << EOF

2
modules/ssh-tunnel-setup.sh
View File

@ -2,5 +2,5 @@
if [ -n "$ENABLE_SSH_TUNNEL" ]; then if [ -n "$ENABLE_SSH_TUNNEL" ]; then
log INFO "SSH Tunnel setup detected -- will start SSH Tunnel." log INFO "SSH Tunnel setup detected -- will start SSH Tunnel."
OVERRIDE+=" -f ./$PROJECT/modules/ssh-tunnel-compose.yml" OVERRIDE+=" -f ./modules/ssh-tunnel-compose.yml"
fi fi

10
modules/transfair-compose.yml
View File

@ -8,7 +8,8 @@ services:
- TTP_URL - TTP_URL
- TTP_ML_API_KEY - TTP_ML_API_KEY
- TTP_GW_SOURCE - TTP_GW_SOURCE
- TTP_GW_DOMAIN - TTP_GW_EPIX_DOMAIN
- TTP_GW_GPAS_DOMAIN
- TTP_TYPE - TTP_TYPE
- TTP_AUTH - TTP_AUTH
- PROJECT_ID_SYSTEM - PROJECT_ID_SYSTEM
@ -22,6 +23,9 @@ services:
- DATABASE_URL=sqlite://transfair/data_requests.sql?mode=rwc - DATABASE_URL=sqlite://transfair/data_requests.sql?mode=rwc
- RUST_LOG=${RUST_LOG:-info} - RUST_LOG=${RUST_LOG:-info}
- TLS_CA_CERTIFICATES_DIR=/conf/trusted-ca-certs - TLS_CA_CERTIFICATES_DIR=/conf/trusted-ca-certs
- TLS_DISABLE=${TRANSFAIR_TLS_DISABLE:-false}
- NO_PROXY=${TRANSFAIR_NO_PROXIES}
- ALL_PROXY=http://forward_proxy:3128
volumes: volumes:
- /var/cache/bridgehead/${PROJECT}/transfair:/transfair - /var/cache/bridgehead/${PROJECT}/transfair:/transfair
- /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
@ -59,9 +63,9 @@ services:
transfair-request-blaze: transfair-request-blaze:
image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG} image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
container_name: bridgehead-transfair-requests-blaze container_name: bridgehead-transfair-request-blaze
environment: environment:
BASE_URL: "http://bridgehead-transfair-requests-blaze:8080" BASE_URL: "http://bridgehead-transfair-request-blaze:8080"
JAVA_TOOL_OPTIONS: "-Xmx1024m" JAVA_TOOL_OPTIONS: "-Xmx1024m"
DB_BLOCK_CACHE_SIZE: 1024 DB_BLOCK_CACHE_SIZE: 1024
CQL_EXPR_CACHE_SIZE: 8 CQL_EXPR_CACHE_SIZE: 8

6
modules/transfair-setup.sh
View File

@ -15,7 +15,7 @@ function transfairSetup() {
log INFO "TransFAIR request fhir store set to external $FHIR_REQUEST_URL" log INFO "TransFAIR request fhir store set to external $FHIR_REQUEST_URL"
else else
log INFO "TransFAIR request fhir store not set writing to internal blaze" log INFO "TransFAIR request fhir store not set writing to internal blaze"
FHIR_REQUEST_URL="http://transfair-requests-blaze:8080" FHIR_REQUEST_URL="http://transfair-request-blaze:8080"
OVERRIDE+=" --profile transfair-request-blaze" OVERRIDE+=" --profile transfair-request-blaze"
fi fi
if [ -n "$TTP_GW_SOURCE" ]; then if [ -n "$TTP_GW_SOURCE" ]; then
@ -27,5 +27,9 @@ function transfairSetup() {
else else
log INFO "TransFAIR configured without ttp" log INFO "TransFAIR configured without ttp"
fi fi
TRANSFAIR_NO_PROXIES="transfair-input-blaze,blaze,transfair-requests-blaze"
if [ -n "${TRANSFAIR_NO_PROXY}" ]; then
TRANSFAIR_NO_PROXIES+=",${TRANSFAIR_NO_PROXY}"
fi
fi fi
} }

3
versions/acceptance Normal file
View File

@ -0,0 +1,3 @@
FOCUS_TAG=develop
BEAM_TAG=develop
BLAZE_TAG=main