dktk-fed

README.md

@@ -1 +1,23 @@
-# bridgehead
+# bridgehead
+
+This repository contains all tools to deploy a bridgehead with docker. If you have any questions about deploying a bridgehead, please contact us.
+
+There are some prerequisites, which need to be meet before starting a bridgehead. If you running a Windows or Mac OS machine you should read starting a bridgehead. If you running a Linux machine you can start or install a bridgehead.
+
+## Setup
+
+Clone this repository to /srv/docker/
+
+The first step is to copy the site.conf. It contains some configuration and secrets for your bridgehead.
+
+With cp site.dev.conf site.conf you can clone the template. You need to set the project accoriding to the which bridgehead you want to start. It's either a GBN/BBMRI-ERIC, DKTK, DKTK-FED or C4 Bridgehead.
+
+Each Project needs a .env file where all the settings are located. Each Project has a template for it in their respective folder. We offer you to setup the file with and also to manage it.
+
+### DKTK-FED
+
+For the DKTK Federate Search put dkkt-fed as project in the site.conf.
+
+## Starting the bridgehead
+
+./install_bridgehead

dktk-fed/docker-compose.yml

@@ -0,0 +1,52 @@
+version: "3.7"
+
+services:
+  traefik:
+    container_name: bridgehead_traefik
+    image: traefik:2.4
+    command:
+      - --api.insecure=true
+      - --entrypoints.web.address=:80
+      - --entrypoints.web-secure.address=:443
+      - --providers.docker=true
+    ports:
+      - 80:80
+      - 443:443
+      - 8080:8080
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ../auth/:/auth
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+  
+  landing:
+    container_name: bridgehead_landingpage
+    image: nginx:stable
+    volumes:
+      - ../landing/:/usr/share/nginx/html
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.landing.rule=PathPrefix(`/`)"
+      - "traefik.http.services.landing.loadbalancer.server.port=80"
+
+  blaze:
+    image: "samply/blaze:0.15"
+    container_name: bridgehead_dktk_blaze
+    environment:
+      BASE_URL: "http://blaze:8080"
+      JAVA_TOOL_OPTIONS: "-Xmx4g"
+      LOG_LEVEL: "debug"
+      ENFORCE_REFERENTIAL_INTEGRITY: "false"
+    volumes:
+    - "blaze-data:/app/data"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.middlewares.test-auth.basicauth.usersfile=/auth/dktk"
+      - "traefik.http.routers.blaze_dktk.rule=PathPrefix(`/dktk-localdatamanagement`)"
+      - "traefik.http.middlewares.dktk_b_strip.stripprefix.prefixes=/dktk-localdatamanagement"
+      - "traefik.http.services.blaze_dktk.loadbalancer.server.port=8080"
+      - "traefik.http.routers.blaze_dktk.middlewares=dktk_b_strip,test-auth"
+  
+
+volumes:
+  blaze-data:

install-bridgehead.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+### Note: Currently not complete, needs some features before useable for production
+
+source lib/functions.sh
+
+exitIfNotRoot
+
+if ! ./lib/prerequisites.sh; then
+    log "Prerequisites failed, exiting"
+    exit 1
+fi
+source site.conf
+
+echo -e "\nInstalling systemd units ..."
+cp -v \
+    lib/systemd/bridgehead\@.service \
+    lib/systemd/bridgehead-update\@.service \
+    lib/systemd/bridgehead-update\@.timer \
+    /etc/systemd/system/
+
+systemctl daemon-reload
+
+echo
+
+if ! systemctl is-active --quiet bridgehead@"${project}"; then
+    echo "Enabling autostart of bridgehead@${project}.service"
+    systemctl enable bridgehead@"${project}"
+    echo "Enabling nightly updates for bridgehead@${project}.service ..."
+    systemctl enable --now bridgehead-update@"${project}".timer
+fi
+
+echo -e "\nDone - now start your bridgehead by running\n\tsystemctl start bridgehead@${project}.service\nor by rebooting your machine."

lib/functions.sh

@@ -0,0 +1,12 @@
+#!/bin/bash -e
+
+exitIfNotRoot() {
+  if [ "$EUID" -ne 0 ]; then
+    echo "Please run as root"
+    exit 1
+  fi
+}
+
+log() {
+  echo "$(date +'%Y-%m-%d %T')" "$1:" "$2"
+}

lib/generate.sh

@@ -0,0 +1,88 @@
+#!/bin/bash
+
+cat > ../landing/index.html <<EOL
+<html lang="en">
+
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <meta name="description" content="">
+  <title>Bridgehead Overview</title>
+  <!-- Bootstrap core CSS -->
+  <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet"
+    integrity="sha384-1BmE4kWBq78iYhFldvKuhfTAU6auU8tT94WrHftjDbrCEXSU1oBoqyl2QvZ6jIW3" crossorigin="anonymous">
+  <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"
+    integrity="sha384-ka7Sk0Gln4gmtz2MlQnikT1wXgYsOg+OMhuP+IlRH9sENBO0LRn5q+8nbTov4+1p"
+    crossorigin="anonymous"></script>
+
+</head>
+
+<body>
+
+  <nav class="navbar navbar-light" style="background-color: #aad7f6;">
+    <h2 class="pb-2 border-bottom">Bridgehead ${site_name}</h2>
+  </nav>
+  <div class="container px-4 py-5" id="featured-3">
+    <div>
+      <h2>Components</h2>
+      <h3>Central</h3>
+      <table class="table">
+        <thead class="thead-dark">
+          <tr>
+            <th style="width: 50%">Group</th>
+            <th style="width: 50%">Service</th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <td>CCP-IT</td>
+            <td><a href="https://patientlist.ccp-it.dktk.dkfz.de">Zentrale Patientenliste</td>
+          </tr>
+          <tr>
+            <td>CCP-IT</td>
+            <td><a href="https://decentralsearch.ccp-it.dktk.dkfz.de">Dezentrale Suche</td>
+          </tr>
+          <tr>
+            <td>CCP-IT</td>
+            <td><a href="https://centralsearch.ccp-it.dktk.dkfz.de">Zentrale Suche</td>
+          </tr>
+          <tr>
+            <td>CCP-IT</td>
+            <td><a href="https://deployment.ccp-it.dktk.dkfz.de">Deployment-Server</td>
+          </tr>
+          <tr>
+            <td>CCP-IT</td>
+            <td><a href="https://dktk-kne.kgu.de">Zentraler Kontrollnummernerzeuger</td>
+          </tr>
+        </tbody>
+      </table>
+    </div>
+
+    <div>
+      <h3>Local</h3>
+      <table class="table">
+        <thead class="thead-dark">
+          <tr>
+            <th style="width: 50%">Project</th>
+            <th style="width: 50%">Services</th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <td>Bridgehead</td>
+            <td>Reverse Proxy <a href="http://e260-serv-05:8080/">Traefik</a></td>
+          </tr>
+          <tr>
+            <td>DKTK</td>
+            <td><a href="http://e260-serv-05/dktk-localdatamanagement/fhir/">Blaze</a></td>
+          </tr>
+        </tbody>
+      </table>
+    </div>
+    <footer class="footer mt-auto py-3 ">
+     <a href="https://dktk.dkfz.de/"><img src="https://www.oncoray.de/fileadmin/files/bilder_gruppen/DKTK/Logo_DKTK_neu_2016.jpg" height="10%" width="30%"></a> DKTK 2022
+    </footer>
+</body>
+
+</html>
+EOL

lib/prerequisites.sh

@@ -0,0 +1,54 @@
+#!/bin/bash
+
+
+## Check if user is a su
+echo "Welcome to the starting a bridgehead. We will get your instance up and running in no time"
+echo "First we will check if all prerequisites are met ..."
+prerequisites="git docker docker-compose cat"
+for prerequisite in $prerequisites; do
+  $prerequisite --version 2>&1
+  is_available=$?
+  if [ $is_available -gt 0 ]; then
+    log "ERROR" "Prerequisite not fulfilled - $prerequisite is not available!"
+    exit 79
+  fi
+  # TODO: Check for specific version
+done
+
+echo "Checking site.conf"
+
+#check if site.conf is created
+if [ ! -f site.conf ]; then
+  echo "Please create your specific site.conf file from the site.dev.conf"
+  exit
+fi
+
+#Load site specific variables
+source site.conf
+
+if [ -z "$site_name" ]; then
+  echo "Please set site_name"
+fi
+
+echo "Checking site-config module"
+
+## Download submodule
+if [ ! -d "site-config" ]; then
+  echo "Please set up the site-config folder. Instruction are in the readme."
+  exit
+else
+  echo "Site configuration is already loaded"
+fi
+
+#Check if a project is selected
+if [ -z "$project"  ]; then
+  echo "No project selected! Please add a Project in your local site.conf."
+  exit
+fi
+
+#check if project env is present
+if [ -d "site-config/${project}.env" ]; then
+   echo "Please copy the tempalte from ${project} and put it in the site-config folder"
+fi
+
+echo "All prerequisites are met!"

lib/systemd/bridgehead-update@.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=Bridgehead (%i) Update Service
+
+[Service]
+Type=oneshot
+WorkingDirectory=/srv/docker/bridgehead/
+ExecStart=/bin/bash -c "/srv/docker/bridgehead/update-bridgehead.sh %i"
+
+[Install]
+WantedBy=multi-user.target

lib/systemd/bridgehead-update@.timer

@@ -0,0 +1,8 @@
+[Unit]
+Description=Nightly Updates of Bridgehead (%i)
+
+[Timer]
+OnCalendar=*-*-* 03:00:00
+
+[Install]
+WantedBy=basic.target

lib/systemd/bridgehead@.service

@@ -0,0 +1,15 @@
+[Unit]
+Description=Bridgehead (%i) Service
+
+[Service]
+Restart=always
+RestartSec=30
+
+WorkingDirectory=/srv/docker/bridgehead/
+
+ExecStartPre=/bin/bash -c '`which docker-compose` -f %i/docker-compose.yml --env-file site-config/%i.env down'
+ExecStart=/bin/bash -c '`which docker-compose` -f %i/docker-compose.yml --env-file site-config/%i.env up'
+ExecStop=/bin/bash -c '`which docker-compose` -f %i/docker-compose.yml --env-file site-config/%i.env down'
+
+[Install]
+WantedBy=multi-user.target

site.dev.conf

@@ -0,0 +1,11 @@
+#!/bin/bash
+### This is the configuration file for secrets, only your site should know
+
+##Setting Network properties
+export HOSTIP=$(MSYS_NO_PATHCONV=1 docker run --rm --add-host=host.docker.internal:host-gateway ubuntu cat /etc/hosts | grep 'host.docker.internal' | awk '{print $1}');
+export HOST=
+
+export site_name=
+### Write the Project you want to start with the brigdehead
+##Exmaple project=dktk-fed
+export project=

start-bridgehead.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+### Note: Currently not complete, needs some features before useable for production
+
+source lib/functions.sh
+
+if ! lib/prerequisites.sh; then
+    log "Prerequisites failed, exiting"
+    exit
+fi
+source site.conf
+
+./lib/generate.sh
+
+log "Starting bridgehead"
+
+docker-compose -f ${project}/docker-compose.yml --env-file site-config/${project}.env up -d
+
+log "The bridgehead should be in online in a few seconds"

stop-bridgehead.sh

@@ -0,0 +1,8 @@
+#!/bin/bash -e
+
+source lib/functions.sh
+source site.conf
+
+log "Stopping bridgehead"
+
+docker-compose -f ${project}/docker-compose.yml --env-file site-config/${project}.env down

uninstall-bridgehead.sh

@@ -0,0 +1,10 @@
+#!/bin/bash -e
+
+source site.conf
+source lib/functions.sh
+
+echo "Stopping systemd services and removing bridgehead ..."
+
+systemctl disable --now bridgehead@${project}.service bridgehead-update@${project}.timer bridgehead-update@${project}.service
+
+rm -v /etc/systemd/system/{bridgehead\@.service,bridgehead-update\@.timer,bridgehead-update\@.service}

update-bridgehead.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+service="bridgehead"
+
+source lib/functions.sh
+
+if ! lib/prerequisites.sh; then
+    log "Prerequisites failed, exiting"
+    exit
+fi
+
+log "INFO" "Checking for updates of $service"
+# check prerequisites
+
+# check if updates are available
+old_git_hash="$(git rev-parse --verify HEAD)"
+git fetch 2>&1
+git pull 2>&1
+new_git_hash="$(git rev-parse --verify HEAD)"
+git_updated="false"
+if [ "$old_git_hash" != "$new_git_hash" ]; then
+  log "INFO" "Pulled new changes from origin"
+  git_updated="true"
+fi
+docker_updated="false"
+for image in $(docker ps --filter "name=$service" --format {{.Image}}); do
+  log "INFO" "Checking for Updates of Image: $image"
+  if docker pull $image | grep "Downloaded newer image"; then
+    log "INFO" "$image updated."
+    docker_updated="true"
+  fi
+done
+if [ $git_updated = "true" ] || [ $docker_updated = "true" ]; then
+  log "INFO" "Due to previous updates now restarting $service@$1"
+  systemctl restart "$service@$1.service"
+fi
+log "INFO" "checking updates finished"
+exit 0