From 0d998ab8716a2e2c5c92fa84e65ccc608524ccef Mon Sep 17 00:00:00 2001
From: Torben Brenner <t.brenner@dkfz-heidelberg.de>
Date: Fri, 27 Jan 2023 10:55:44 +0100
Subject: [PATCH] refactor: Move persistent data to named volumes

---
 README.md                             | 1 -
 ccp/modules/id-management-compose.yml | 5 ++++-
 ccp/modules/id-management.md          | 6 +++---
 ccp/mtba-compose.yml                  | 5 ++++-
 lib/install-bridgehead.sh             | 9 ++-------
 5 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/README.md b/README.md
index 134e1ae..e1d3286 100644
--- a/README.md
+++ b/README.md
@@ -128,7 +128,6 @@ All of the Bridgehead's outgoing connections are secured by transport encryption
   - `/etc/bridgehead/traefik-tls` contains your Bridgehead's reverse proxies TLS certificates for [HTTPS access](#https-access).
   - `/etc/bridgehead/pki` contains your Bridgehead's private key (e.g., but not limited to Samply.Beam), generated as part of the [Samply.Beam enrollment](#register-with-samplybeam).
   - `/etc/bridgehead/trusted-ca-certs` contains third-party certificates to be trusted by the Bridgehead. For example, you want to place the certificates of your [TLS-terminating proxy](#network) here.
-  - `/var/lib/bridgehead/data` contains persistent data of the bridgehead
   - `/var/cache/bridgehead/backup` contains automatically created backups of the databases.
 
 Your Bridgehead's actual data is not stored in the above directories, but in named docker volumes, see `docker volume ls` and `docker volume inspect <volume_name>`.
diff --git a/ccp/modules/id-management-compose.yml b/ccp/modules/id-management-compose.yml
index 896663b..72aebcc 100644
--- a/ccp/modules/id-management-compose.yml
+++ b/ccp/modules/id-management-compose.yml
@@ -71,6 +71,9 @@ services:
       POSTGRES_DB: "mainzelliste"
       POSTGRES_PASSWORD: ${PATIENTLIST_POSTGRES_PASSWORD}
     volumes:
-      - "/var/lib/bridgehead/data/patientlist:/var/lib/postgresql/data"
+      - "patientlist-db-data:/var/lib/postgresql/data"
       # NOTE: Add backups here. This is only imported if /var/lib/bridgehead/data/patientlist/ is empty!!!
       - "/tmp/bridgehead/patientlist/:/docker-entrypoint-initdb.d/"
+
+volumes:
+  patientlist-db-data:
diff --git a/ccp/modules/id-management.md b/ccp/modules/id-management.md
index c45b95a..e18d3f8 100644
--- a/ccp/modules/id-management.md
+++ b/ccp/modules/id-management.md
@@ -26,7 +26,7 @@ Upon configuration, the Bridgehead will spawn the following services:
 
 - The `bridgehead-id-manager` at https://bridgehead.local/id-manager, provides a common interface for creating pseudonyms in the bridgehead.
 - The `bridgehead-patientlist` at https://bridgehead.local/patientlist is a local instance of the open-source software [Mainzelliste](https://mainzelliste.de). This service's primary task is to map patients IDAT to pseudonyms identifying them along the different CCP projects.
-- The `bridgehead-patientlist-db` is only accessible within the Bridgehead itself. This is a local postgresql instance storing the database for `bridgehead-patientlist`. The data is persisted in `/var/lib/bridgehead/data/patientlist` and backups are automatically created in `/var/cache/bridgehead/backup/bridgehead-patientlist-db`.
+- The `bridgehead-patientlist-db` is only accessible within the Bridgehead itself. This is a local postgresql instance storing the database for `bridgehead-patientlist`. The data is persisted as a named volume `patientlist-db-data` and backups are automatically created in `/var/cache/bridgehead/backup/bridgehead-patientlist-db`.
 
 ### How to import an existing database (e.g from Legacy Windows or from Backups)
 First you must shutdown your local bridgehead instance:
@@ -36,10 +36,10 @@ systemctl stop bridgehead@ccp
 
 Next you need to remove the current patientlist database:
 ```
-rm -rf /var/lib/bridgehead/data/patientlist
+docker volume rm patientlist-db-data;
 ```
 
-Third, you need to place your postgres dump in the import directory `/tmp/bridgehead/patientlist/some-dump.sql`. This will only be imported, then /var/lib/bridgehead/data/patientlist is empty. 
+Third, you need to place your postgres dump in the import directory `/tmp/bridgehead/patientlist/some-dump.sql`. This will only be imported, then the volume `patientlist-db-data` was removed previously. 
 > NOTE: Please create the postgres dump with the options "--no-owner" and "--no-privileges". Additionally ensure the dump is created in the plain format (SQL).
 
 After this, you can restart your bridgehead and the dump will be imported:
diff --git a/ccp/mtba-compose.yml b/ccp/mtba-compose.yml
index 1c62989..857ff34 100644
--- a/ccp/mtba-compose.yml
+++ b/ccp/mtba-compose.yml
@@ -24,10 +24,13 @@ services:
       - "traefik.http.routers.mtba.tls=true"
     volumes:
       # This directory persists the FHIR Resources that are needed to import data into blaze.
-      - /var/lib/bridgehead/data/mtba:/app/mtba-files/persist
+      - mtba-data:/app/mtba-files/persist
       # Place new import files in this directory
       - /tmp/bridgehead/mtba/:/app/mtba-files/input
 
   # TODO: Include CBioPortal in Deployment ...
   # NOTE: CBioPortal can't load data while the system is running. So after import of data bridgehead needs to be restarted!
   # TODO: Find a trigger to let mtba signal a restart for CBioPortal
+
+volumes:
+  mtba-data:
diff --git a/lib/install-bridgehead.sh b/lib/install-bridgehead.sh
index 04503e3..f1aff73 100755
--- a/lib/install-bridgehead.sh
+++ b/lib/install-bridgehead.sh
@@ -22,8 +22,8 @@ Cmnd_Alias BRIDGEHEAD${PROJECT^^} = \\
     /bin/systemctl stop bridgehead@${PROJECT}.service, \\
     /bin/systemctl restart bridgehead@${PROJECT}.service, \\
     /bin/systemctl restart bridgehead@*.service, \\
-    /bin/chown -R bridgehead /etc/bridgehead /srv/docker/bridgehead /var/lib/bridgehead /var/cache/bridgehead, \\
-    /usr/bin/chown -R bridgehead /etc/bridgehead /srv/docker/bridgehead /var/lib/bridgehead /var/cache/bridgehead
+    /bin/chown -R bridgehead /etc/bridgehead /srv/docker/bridgehead /var/cache/bridgehead, \\
+    /usr/bin/chown -R bridgehead /etc/bridgehead /srv/docker/bridgehead /var/cache/bridgehead
 
 bridgehead ALL= NOPASSWD: BRIDGEHEAD${PROJECT^^}
 EOF
@@ -37,11 +37,6 @@ if [ -z "$LDM_PASSWORD" ]; then
   echo -e "## Local Data Management Basic Authentication\n# User: $PROJECT\nLDM_PASSWORD=$generated_passwd" >> /etc/bridgehead/${PROJECT}.local.conf;
 fi
 
-log "INFO" "Creating directory /var/lib/bridgehead for storage of persistent data."
-mkdir -p /var/lib/bridgehead
-chown -R bridgehead /var/lib/bridgehead
-
-
 log "INFO" "Creating directory /var/cache/bridgehead for storage of backups."
 mkdir -p /var/cache/bridgehead
 chown -R bridgehead /var/cache/bridgehead