From bece71441ce9bf7106bdc96558411a72746af6e3 Mon Sep 17 00:00:00 2001
From: Martin Lablans <m.lablans@dkfz-heidelberg.de>
Date: Tue, 8 Nov 2022 10:39:11 +0100
Subject: [PATCH] Support DNPM

---
 ccp/vars                        |   4 ++
 dnpm/dnpm-compose.yml           | 104 ++++++++++++++++++++++++++++++++
 dnpm/dnpm-setup.sh              |  11 ++++
 dnpm/origin/Backend.Dockerfile  |  66 ++++++++++++++++++++
 dnpm/origin/Frontend.Dockerfile |  39 ++++++++++++
 dnpm/origin/logback.xml         |  37 ++++++++++++
 6 files changed, 261 insertions(+)
 create mode 100644 dnpm/dnpm-compose.yml
 create mode 100644 dnpm/dnpm-setup.sh
 create mode 100644 dnpm/origin/Backend.Dockerfile
 create mode 100644 dnpm/origin/Frontend.Dockerfile
 create mode 100644 dnpm/origin/logback.xml

diff --git a/ccp/vars b/ccp/vars
index f5f734e..c334d4e 100644
--- a/ccp/vars
+++ b/ccp/vars
@@ -11,3 +11,7 @@ PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
 # This will load nngm setup. Effective only if nngm configuration is defined.
 source $PROJECT/nngm-setup.sh
 nngmSetup
+
+# This will load DNPM setup. Effective only if DNPM configuration is defined in /etc/bridgehead/dnpm.
+source dnpm/dnpm-setup.sh
+dnpmSetup
diff --git a/dnpm/dnpm-compose.yml b/dnpm/dnpm-compose.yml
new file mode 100644
index 0000000..1904123
--- /dev/null
+++ b/dnpm/dnpm-compose.yml
@@ -0,0 +1,104 @@
+version: "3.7"
+
+secrets:
+  connect_targets.json:
+    file: /etc/bridgehead/dnpm/local_targets.json
+
+services:
+#  traefik:
+#    command:
+#      - --entrypoints.dnpm-frontend.address=:3000
+#      - --entrypoints.dnpm-backend.address=:9000
+#    ports:
+#      - 3000:3000
+#      - 9000:9000
+  beam-proxy:
+    environment:
+      APP_2_ID: dnpm
+      APP_2_KEY: ${DNPM_BEAM_SECRET_SHORT}
+
+  dnpm-beam-connect:
+    depends_on: [ beam-proxy ]
+    image: samply/beam-connect:sites-without-auth
+    environment:
+      PROXY_URL: http://beam-proxy:8081
+      PROXY_APIKEY: ${DNPM_BEAM_SECRET_SHORT}
+      APP_ID: dnpm.${PROXY_ID}
+      DISCOVERY_URL: ${DNPM_DISCOVERY_URL}
+      LOCAL_TARGETS_FILE: /run/secrets/connect_targets.json
+      HTTP_PROXY: http://forward_proxy:3128
+      HTTPS_PROXY: http://forward_proxy:3128
+      NO_PROXY: proxy,dnpm-backend
+      RUST_LOG: ${RUST_LOG:-info}
+    secrets:
+      - connect_targets.json
+# Enable this if you disable the internal DNPM backend/frontend
+#    ports:
+#      - 8062:8062
+# or the same via traefik:
+#    labels:
+#      - "traefik.enable=true"
+#      - "traefik.http.routers.connector.rule=PathPrefix(`/dnpm-connector`)"
+#      - "traefik.http.services.connector.loadbalancer.server.port=8062"
+#      - "traefik.http.routers.connector.tls=true"
+
+  dnpm-frontend:
+    depends_on: [ dnpm-backend ]
+    build:
+      context: ./dnpm/origin
+      dockerfile: Frontend.Dockerfile
+      args:
+        NUXT_HOST: 0.0.0.0
+        NUXT_PORT: 3000
+        BACKEND_PROTOCOL: http
+        BACKEND_HOSTNAME: localhost
+        BACKEND_PORT: 9000
+        DNPM_BWHC_FRONTEND_ZIP: ${DNPM_BWHC_FRONTEND_ZIP}
+    ports:
+        - 3000:3000
+    environment:
+        BACKEND_PROTOCOL: http
+        BACKEND_HOSTNAME: localhost
+        BACKEND_PORT: 9000
+        no_proxy: dnpm-backend
+#    labels:
+#      - "traefik.enable=true"
+#      - "traefik.http.routers.dnpm-frontend.entrypoints=dnpm-frontend"
+#      - "traefik.http.routers.dnpm-frontend.tls=true"
+#      - "traefik.http.services.dnpm-frontend.loadbalancer.server.port=3000"
+##      - "traefik.http.routers.dashboard.entrypoints=websecure"
+##      - "traefik.http.routers.dashboard.service=api@internal"
+##      - "traefik.http.routers.dashboard.tls=true"
+##      - "traefik.http.routers.dashboard.middlewares=auth"
+##      - "traefik.http.routers.dnpm-frontend.service=dnpm-frontend"
+
+  dnpm-backend:
+    build:
+      context: ./dnpm/origin
+      dockerfile: Backend.Dockerfile
+      args:
+        BWHC_BASE_DIR: /bwhc-backend
+        DNPM_BWHC_BACKEND_ZIP: ${DNPM_BWHC_BACKEND_ZIP}
+    ports:
+      - 9000:9000
+    environment:
+      APPLICATION_SECRET: ${DNPM_APPLICATION_SECRET}
+      ZPM_SITE: ${ZPM_SITE}
+      noproxy: dnpm-frontend,connect
+      # PLAY_HTTP_PORT: 9000
+      # PLAY_HTTP_ADDRESS: 0.0.0.0
+    volumes:
+      - ./origin/logback.xml:/bwhc-backend/logback.xml:ro
+      - /etc/bridgehead/dnpm/bwhcConnectorConfig.xml:/bwhc-backend/bwhcConnectorConfig.xml:ro
+      - /etc/bridgehead/dnpm/production.conf:/bwhc-backend/production.conf:ro
+      - bwhc_data:/bwhc-backend/data/
+      - bwhc_hgnc_data:/bwhc-backend/hgnc_data/
+#    labels:
+#      - "traefik.enable=true"
+#      - "traefik.http.routers.connector.rule=PathPrefix(`/dnpm-backend`)"
+#      - "traefik.http.services.connector.loadbalancer.server.port=9000"
+#      - "traefik.http.routers.connector.tls=true"
+
+volumes:
+  bwhc_data:
+  bwhc_hgnc_data:
diff --git a/dnpm/dnpm-setup.sh b/dnpm/dnpm-setup.sh
new file mode 100644
index 0000000..f8893a3
--- /dev/null
+++ b/dnpm/dnpm-setup.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+function dnpmSetup() {
+	if [ -e /etc/bridgehead/dnpm/local_targets.json ]; then
+		log INFO "DNPM setup detected -- will start DNPM Connector."
+		source /etc/bridgehead/dnpm/shared-but-secret-vars || fail_and_report 1 "Unable to load /etc/bridgehead/dnpm/shared-but-secret-vars"
+		OVERRIDE+="-f ./dnpm/dnpm-compose.yml"
+		DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
+		DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
+	fi
+}
diff --git a/dnpm/origin/Backend.Dockerfile b/dnpm/origin/Backend.Dockerfile
new file mode 100644
index 0000000..e37c008
--- /dev/null
+++ b/dnpm/origin/Backend.Dockerfile
@@ -0,0 +1,66 @@
+FROM openjdk:11-jre AS builder
+
+ARG DNPM_BWHC_BACKEND_ZIP
+
+# Change to latest release
+ARG VERSION=broker
+
+ARG BWHC_BASE_DIR=/bwhc-backend
+
+ENV BWHC_BASE_DIR=$BWHC_BASE_DIR
+ENV BWHC_USER_DB_DIR=$BWHC_BASE_DIR/data/user-db
+ENV BWHC_DATA_ENTRY_DIR=$BWHC_BASE_DIR/data/data-entry
+ENV BWHC_QUERY_DATA_DIR=$BWHC_BASE_DIR/data/query-data
+
+ADD ${DNPM_BWHC_BACKEND_ZIP} /
+RUN unzip $(basename ${DNPM_BWHC_BACKEND_ZIP}) && rm $(basename ${DNPM_BWHC_BACKEND_ZIP})
+
+WORKDIR $BWHC_BASE_DIR
+
+# Prepare config file to use environment variables from docker
+RUN sed -i -r "s/APPLICATION_SECRET(.*)/#APPLICATION_SECRET\1/" ./config
+RUN sed -i -r "s/ZPM_SITE(.*)/#ZPM_SITE\1/" ./config
+
+# Prepare config file to use fix environment variables for this image
+RUN sed -i -r "s~BWHC_DATA_ENTRY_DIR.*~BWHC_DATA_ENTRY_DIR=$BWHC_DATA_ENTRY_DIR~" ./config
+RUN sed -i -r "s~BWHC_QUERY_DATA_DIR.*~BWHC_QUERY_DATA_DIR=$BWHC_QUERY_DATA_DIR~" ./config
+RUN sed -i -r "s~BWHC_USER_DB_DIR.*~BWHC_USER_DB_DIR=$BWHC_USER_DB_DIR~" ./config
+
+RUN ./install.sh $BWHC_BASE_DIR
+
+RUN mv bwhc-rest-api-gateway-*/  bwhc-rest-api-gateway/
+
+FROM openjdk:11-jre
+
+ARG BWHC_BASE_DIR=/bwhc-backend
+
+ENV BWHC_BASE_DIR=$BWHC_BASE_DIR
+ENV BWHC_USER_DB_DIR=$BWHC_BASE_DIR/data/user-db
+ENV BWHC_DATA_ENTRY_DIR=$BWHC_BASE_DIR/data/data-entry
+ENV BWHC_QUERY_DATA_DIR=$BWHC_BASE_DIR/data/query-data
+ENV BWHC_CONNECTOR_CONFIG=$BWHC_BASE_DIR/bwhcConnectorConfig.xml
+
+COPY --from=builder $BWHC_BASE_DIR/config $BWHC_BASE_DIR/
+COPY --from=builder $BWHC_BASE_DIR/bwhcConnectorConfig.xml $BWHC_BASE_DIR/
+COPY --from=builder $BWHC_BASE_DIR/logback.xml $BWHC_BASE_DIR/
+COPY --from=builder $BWHC_BASE_DIR/production.conf $BWHC_BASE_DIR/
+COPY --from=builder $BWHC_BASE_DIR/bwhc-rest-api-gateway/ $BWHC_BASE_DIR/bwhc-rest-api-gateway/
+
+VOLUME $BWHC_BASE_DIR/data
+VOLUME $BWHC_BASE_DIR/hgnc_data
+
+EXPOSE ${BWHC_BACKEND_PORT}
+
+WORKDIR $BWHC_BASE_DIR
+
+CMD $BWHC_BASE_DIR/bwhc-rest-api-gateway/bin/bwhc-rest-api-gateway \
+    -Dplay.http.secret.key=$APPLICATION_SECRET \
+    -Dconfig.file=$BWHC_BASE_DIR/production.conf \
+    -Dlogger.file=$BWHC_BASE_DIR/logback.xml \
+    -Dpidfile.path=/dev/null \
+    -Dbwhc.zpm.site=$ZPM_SITE \
+    -Dbwhc.data.entry.dir=$BWHC_DATA_ENTRY_DIR \
+    -Dbwhc.query.data.dir=$BWHC_QUERY_DATA_DIR \
+    -Dbwhc.user.data.dir=$BWHC_USER_DB_DIR \
+    -Dbwhc.hgnc.dir=$BWHC_HGNC_DIR \
+    -Dbwhc.connector.configFile=$BWHC_CONNECTOR_CONFIG
diff --git a/dnpm/origin/Frontend.Dockerfile b/dnpm/origin/Frontend.Dockerfile
new file mode 100644
index 0000000..60f7d3d
--- /dev/null
+++ b/dnpm/origin/Frontend.Dockerfile
@@ -0,0 +1,39 @@
+FROM node:10-alpine
+
+ARG DNPM_BWHC_FRONTEND_ZIP
+
+# Change to latest release
+# Required for image build using local copy of zip file
+ARG VERSION=2207
+
+# nuxt host and port to be replaced in package.json. (See 2.3 in bwHCPrototypeManual)
+# NUXT_HOST should have a value with public available IP address from within container.
+# If changing NUXT_PORT, also change exposed port.
+ARG NUXT_HOST=0.0.0.0
+ARG NUXT_PORT=3000
+
+# Backend access setup. (See 2.4 in bwHCPrototypeManual)
+ARG BACKEND_PROTOCOL=http
+ARG BACKEND_HOSTNAME=localhost
+ARG BACKEND_PORT=8080
+
+ADD ${DNPM_BWHC_FRONTEND_ZIP} /
+RUN unzip $(basename ${DNPM_BWHC_FRONTEND_ZIP}) && rm $(basename ${DNPM_BWHC_FRONTEND_ZIP})
+
+WORKDIR /bwhc-frontend
+
+RUN npm install
+
+# Prepare package.json
+RUN sed -i -r "s/^(\s*)\"host\"[^,]*(,?)/\1\"host\": \"$NUXT_HOST\"\2/" ./package.json
+RUN sed -i -r "s/^(\s*)\"port\"[^,]*(,?)/\1\"port\": \"$NUXT_PORT\"\2/" ./package.json
+
+# Prepare nuxt.config.js
+RUN sed -i -r "s/^(\s*)baseUrl[^,]*(,?)/\1baseUrl: process.env.BASE_URL || '$BACKEND_PROTOCOL:\/\/$BACKEND_HOSTNAME'\2/" ./nuxt.config.js
+RUN sed -i -r "s/^(\s*)port[^,]*(,?)/\1port: process.env.port || ':$BACKEND_PORT'\2/" ./nuxt.config.js
+
+RUN npm run generate
+
+EXPOSE $NUXT_PORT
+
+CMD npm start
diff --git a/dnpm/origin/logback.xml b/dnpm/origin/logback.xml
new file mode 100644
index 0000000..c25cda6
--- /dev/null
+++ b/dnpm/origin/logback.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<configuration scan="true">
+
+  <property name="LOG_DIR"  value="./bwhc_logs/"/>
+  <property name="LOG_FILE" value="bwhealthcloud"/>
+
+  <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+    <encoder>
+      <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+    </encoder>
+  </appender>
+
+<!--
+  <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${LOG_DIR}/${LOG_FILE}.log</file>
+
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${LOG_DIR}/${LOG_FILE}-%d{yyyy-MM-dd}.log</fileNamePattern>
+
+      <maxHistory>30</maxHistory>
+      <totalSizeCap>3GB</totalSizeCap>
+    </rollingPolicy>
+
+    <encoder>
+      <pattern>%d [%thread] %-5level %logger{36} - %msg%n</pattern>
+    </encoder>
+  </appender>
+-->
+  <root level="DEBUG">
+    <appender-ref ref="STDOUT"/>
+<!--
+    <appender-ref ref="FILE"/>
+-->
+  </root>
+
+</configuration>