Fix airgapped-blaze-compose.yml file.

- BASE_URL & traefik settings

cce/modules/airgapped-blaze-compose.yml

@@ -0,0 +1,25 @@
+version: "3.7"
+
+services:
+  blaze-airgapped:
+    image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
+    container_name: bridgehead-cce-blaze-airgapped
+    environment:
+      BASE_URL: "http://bridgehead-cce-blaze-airgapped:8080"
+      JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m"
+      DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000}
+      DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP}
+      CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32}
+      ENFORCE_REFERENTIAL_INTEGRITY: "false"
+    volumes:
+      - "blaze-airgapped-data:/app/data"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.blaze-airgapped_cce.rule=PathPrefix(`/cce-localdatamanagement-airgapped`)"
+      - "traefik.http.middlewares.cce_b-a_strip.stripprefix.prefixes=/cce-localdatamanagement-airgapped"
+      - "traefik.http.services.blaze-airgapped_cce.loadbalancer.server.port=8080"
+      - "traefik.http.routers.blaze-airgapped_cce.middlewares=cce_b-a_strip,auth"
+      - "traefik.http.routers.blaze-airgapped_cce.tls=true"
+
+volumes:
+  blaze-airgapped-data:

cce/modules/airgapped-blaze-setup.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+OVERRIDE+=" -f ./$PROJECT/modules/airgapped-blaze-compose.yml"

ccp/modules/obds2fhir-rest-compose.yml

@@ -3,7 +3,7 @@ version: "3.7"
 services:
   obds2fhir-rest:
     container_name: bridgehead-obds2fhir-rest
-    image: docker.verbis.dkfz.de/ccp/obds2fhir-rest:fixSampleImport
+    image: docker.verbis.dkfz.de/samply/obds2fhir-rest:main
     environment:
       IDTYPE: BK_${IDMANAGEMENT_FRIENDLY_ID}_L-ID
       MAINZELLISTE_APIKEY: ${IDMANAGER_LOCAL_PATIENTLIST_APIKEY}

ccp/vars

@@ -29,12 +29,4 @@ done
 idManagementSetup
 mtbaSetup
 obds2fhirRestSetup
-blazeSecondarySetup
+blazeSecondarySetup
-
-for module in modules/*.sh
-do
-    log DEBUG "sourcing $module"
-    source $module
-done
-
-transfairSetup

lib/functions.sh

@@ -334,19 +334,6 @@ function secret_sync_gitlab_token() {
             ;;
     esac
 
-    if [ "$PROJECT" == "bbmri" ]; then
-        # If the project is BBMRI, use the BBMRI-ERIC broker and not the GBN broker
-        proxy_id=$ERIC_PROXY_ID
-        broker_url=$ERIC_BROKER_URL
-        broker_id=$ERIC_BROKER_ID
-        root_crt_file="/srv/docker/bridgehead/bbmri/modules/${ERIC_ROOT_CERT}.root.crt.pem"
-    else
-        proxy_id=$PROXY_ID
-        broker_url=$BROKER_URL
-        broker_id=$BROKER_ID
-        root_crt_file="/srv/docker/bridgehead/$PROJECT/root.crt.pem"
-    fi
-
     # Use Secret Sync to validate the GitLab token in /var/cache/bridgehead/secrets/gitlab_token.
     # If it is missing or expired, Secret Sync will create a new token and write it to the file.
     # The git credential helper reads the token from the file during git pull.
@@ -357,14 +344,14 @@ function secret_sync_gitlab_token() {
     docker run --rm \
         -v /var/cache/bridgehead/secrets/gitlab_token:/usr/local/cache \
         -v $PRIVATEKEYFILENAME:/run/secrets/privkey.pem:ro \
-        -v $root_crt_file:/run/secrets/root.crt.pem:ro \
+        -v /srv/docker/bridgehead/$PROJECT/root.crt.pem:/run/secrets/root.crt.pem:ro \
         -v /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro \
         -e TLS_CA_CERTIFICATES_DIR=/conf/trusted-ca-certs \
         -e NO_PROXY=localhost,127.0.0.1 \
         -e ALL_PROXY=$HTTPS_PROXY_FULL_URL \
-        -e PROXY_ID=$proxy_id \
+        -e PROXY_ID=$PROXY_ID \
-        -e BROKER_URL=$broker_url \
+        -e BROKER_URL=$BROKER_URL \
-        -e GITLAB_PROJECT_ACCESS_TOKEN_PROVIDER=secret-sync-central.central-secret-sync.$broker_id \
+        -e GITLAB_PROJECT_ACCESS_TOKEN_PROVIDER=secret-sync-central.central-secret-sync.$BROKER_ID \
         -e SECRET_DEFINITIONS=GitLabProjectAccessToken:BRIDGEHEAD_CONFIG_REPO_TOKEN:$gitlab \
         docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest
     if [ $? -eq 0 ]; then

lib/install-bridgehead.sh

@@ -41,14 +41,6 @@ if [ ! -z "$NNGM_CTS_APIKEY" ] && [ -z "$NNGM_AUTH" ]; then
   add_basic_auth_user "nngm" $generated_passwd "NNGM_AUTH" $PROJECT
 fi
 
-if [ -z "$TRANSFAIR_AUTH" ]; then
-  if [[ -n "$TTP_URL" || -n "$EXCHANGE_ID_SYSTEM" ]]; then
-    log "INFO" "Now generating basic auth user for transfair API (see adduser in bridgehead for more information). "
-    generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 32)"
-    add_basic_auth_user "transfair" $generated_passwd "TRANSFAIR_AUTH" $PROJECT
-  fi
-fi
-
 log "INFO" "Registering system units for bridgehead and bridgehead-update"
 cp -v \
     lib/systemd/bridgehead\@.service \

modules/ssh-tunnel-compose.yml

@@ -1,17 +0,0 @@
-version: "3.7"
-
-services:
-  ssh-tunnel:
-    image: docker.verbis.dkfz.de/cache/samply/ssh-tunnel
-    container_name: bridgehead-ccp-ssh-tunnel
-    environment:
-      SSH_TUNNEL_USERNAME: "${SSH_TUNNEL_USERNAME}"
-      SSH_TUNNEL_HOST: "${SSH_TUNNEL_HOST}"
-      SSH_TUNNEL_PORT: "${SSH_TUNNEL_PORT:-22}"
-    volumes:
-      - "/etc/bridgehead/ssh-tunnel.conf:/ssh-tunnel.conf:ro"
-    secrets:
-      - privkey
-secrets:
-  privkey:
-    file: /etc/bridgehead/pki/ssh-tunnel.priv.pem

modules/ssh-tunnel-setup.sh

@@ -1,6 +0,0 @@
-#!/bin/bash
-
-if [ -n "$ENABLE_SSH_TUNNEL" ]; then
-	log INFO "SSH Tunnel setup detected -- will start SSH Tunnel."
-	OVERRIDE+=" -f ./$PROJECT/modules/ssh-tunnel-compose.yml"
-fi

modules/ssh-tunnel.md

@@ -1,19 +0,0 @@
-# SSH Tunnel Module
-
-This module enables SSH tunneling capabilities for the Bridgehead installation.
-The primary use case for this is to connect bridgehead components that are hosted externally due to security concerns.
-To connect the new components to the locally running bridgehead infra one is supposed to write a docker-compose.override.yml changing the urls to point to the corresponding forwarded port of the ssh-tunnel container.
-
-## Configuration Variables
-
-- `ENABLE_SSH_TUNNEL`: Required to enable the module
-- `SSH_TUNNEL_USERNAME`: Username for SSH connection
-- `SSH_TUNNEL_HOST`: Target host for SSH tunnel
-- `SSH_TUNNEL_PORT`: SSH port (defaults to 22)
-
-## Configuration Files
-
-The module requires the following files to be present:
-
-- `/etc/bridgehead/ssh-tunnel.conf`: SSH tunnel configuration file. Detailed information can be found [here](https://github.com/samply/ssh-tunnel?tab=readme-ov-file#configuration).
-- `/etc/bridgehead/pki/ssh-tunnel.priv.pem`: The SSH private key used to connect to the `SSH_TUNNEL_HOST`. **Passphrases for the key are not supported!**

modules/transfair-compose.yml

@@ -5,12 +5,8 @@ services:
     container_name: bridgehead-transfair
     environment:
       # NOTE: Those 3 variables need only to be passed if their set, otherwise transfair will complain about empty url values
-      - TTP_URL
+      - INSTITUTE_TTP_URL
-      - TTP_ML_API_KEY
+      - INSTITUTE_TTP_API_KEY
-      - TTP_GW_SOURCE
-      - TTP_GW_DOMAIN
-      - TTP_TYPE
-      - TTP_AUTH
       - PROJECT_ID_SYSTEM
       - FHIR_REQUEST_URL=${FHIR_REQUEST_URL}
       - FHIR_INPUT_URL=${FHIR_INPUT_URL}
@@ -25,17 +21,6 @@ services:
     volumes:
       - /var/cache/bridgehead/${PROJECT}/transfair:/transfair
       - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.middlewares.transfair-strip.stripprefix.prefixes=/transfair"
-      - "traefik.http.routers.transfair.middlewares=transfair-strip,transfair-auth"
-      - "traefik.http.routers.transfair.rule=PathPrefix(`/transfair`)"
-      - "traefik.http.services.transfair.loadbalancer.server.port=8080"
-      - "traefik.http.routers.transfair.tls=true"
-  
-  traefik:
-    labels:
-      - "traefik.http.middlewares.transfair-auth.basicauth.users=${TRANSFAIR_AUTH}"
 
   transfair-input-blaze:
     image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
@@ -49,13 +34,6 @@ services:
     volumes:
       - "transfair-input-blaze-data:/app/data"
     profiles: ["transfair-input-blaze"]
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.transfair-input-blaze.rule=PathPrefix(`/data-delivery`)"
-      - "traefik.http.middlewares.transfair-input-strip.stripprefix.prefixes=/data-delivery"
-      - "traefik.http.services.transfair-input-blaze.loadbalancer.server.port=8080"
-      - "traefik.http.routers.transfair-input-blaze.middlewares=transfair-input-strip,transfair-auth"
-      - "traefik.http.routers.transfair-input-blaze.tls=true"
 
   transfair-request-blaze:
     image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
@@ -69,13 +47,6 @@ services:
     volumes:
       - "transfair-request-blaze-data:/app/data"
     profiles: ["transfair-request-blaze"]
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.transfair-request-blaze.rule=PathPrefix(`/data-requests`)"
-      - "traefik.http.middlewares.transfair-request-strip.stripprefix.prefixes=/data-requests"
-      - "traefik.http.services.transfair-request-blaze.loadbalancer.server.port=8080"
-      - "traefik.http.routers.transfair-request-blaze.middlewares=transfair-request-strip,transfair-auth"
-      - "traefik.http.routers.transfair-request-blaze.tls=true"
 
 volumes:
   transfair-input-blaze-data:

modules/transfair-setup.sh

@@ -1,7 +1,7 @@
 #!/bin/bash -e
 
 function transfairSetup() {
-    if [[ -n "$TTP_URL" || -n "$EXCHANGE_ID_SYSTEM" ]]; then
+    if [[ -n "$INSTITUTE_TTP_URL" || -n "$EXCHANGE_ID_SYSTEM" ]]; then
         echo "Starting transfair."
 	    OVERRIDE+=" -f ./modules/transfair-compose.yml"
 	    if [ -n "$FHIR_INPUT_URL" ]; then
@@ -18,14 +18,5 @@ function transfairSetup() {
 		    FHIR_REQUEST_URL="http://transfair-requests-blaze:8080"
 		    OVERRIDE+=" --profile transfair-request-blaze"
 	    fi
-	    if [ -n "$TTP_GW_SOURCE" ]; then
-		    log INFO "TransFAIR configured with greifswald as ttp"
-		    TTP_TYPE="greifswald"
-	    elif [ -n "$TTP_ML_API_KEY" ]; then
-		    log INFO "TransFAIR configured with mainzelliste as ttp"
-		    TTP_TYPE="mainzelliste"
-        else
-		    log INFO "TransFAIR configured without ttp"
-	    fi
     fi
 }