This commit is contained in:
Patrick Skowronek 2022-02-16 09:59:53 +01:00
parent 78a78eecaa
commit d344afe203
16 changed files with 378 additions and 1 deletions

View File

@ -1 +1,23 @@
# bridgehead
This repository contains all tools to deploy a bridgehead with docker. If you have any questions about deploying a bridgehead, please contact us.
There are some prerequisites, which need to be meet before starting a bridgehead. If you running a Windows or Mac OS machine you should read starting a bridgehead. If you running a Linux machine you can start or install a bridgehead.
## Setup
Clone this repository to /srv/docker/
The first step is to copy the site.conf. It contains some configuration and secrets for your bridgehead.
With cp site.dev.conf site.conf you can clone the template. You need to set the project accoriding to the which bridgehead you want to start. It's either a GBN/BBMRI-ERIC, DKTK, DKTK-FED or C4 Bridgehead.
Each Project needs a .env file where all the settings are located. Each Project has a template for it in their respective folder. We offer you to setup the file with and also to manage it.
### DKTK-FED
For the DKTK Federate Search put dkkt-fed as project in the site.conf.
## Starting the bridgehead
./install_bridgehead

0
auth/dktk Normal file
View File

View File

@ -0,0 +1,52 @@
version: "3.7"
services:
traefik:
container_name: bridgehead_traefik
image: traefik:2.4
command:
- --api.insecure=true
- --entrypoints.web.address=:80
- --entrypoints.web-secure.address=:443
- --providers.docker=true
ports:
- 80:80
- 443:443
- 8080:8080
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ../auth/:/auth
extra_hosts:
- "host.docker.internal:host-gateway"
landing:
container_name: bridgehead_landingpage
image: nginx:stable
volumes:
- ../landing/:/usr/share/nginx/html
labels:
- "traefik.enable=true"
- "traefik.http.routers.landing.rule=PathPrefix(`/`)"
- "traefik.http.services.landing.loadbalancer.server.port=80"
blaze:
image: "samply/blaze:0.15"
container_name: bridgehead_dktk_blaze
environment:
BASE_URL: "http://blaze:8080"
JAVA_TOOL_OPTIONS: "-Xmx4g"
LOG_LEVEL: "debug"
ENFORCE_REFERENTIAL_INTEGRITY: "false"
volumes:
- "blaze-data:/app/data"
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.test-auth.basicauth.usersfile=/auth/dktk"
- "traefik.http.routers.blaze_dktk.rule=PathPrefix(`/dktk-localdatamanagement`)"
- "traefik.http.middlewares.dktk_b_strip.stripprefix.prefixes=/dktk-localdatamanagement"
- "traefik.http.services.blaze_dktk.loadbalancer.server.port=8080"
- "traefik.http.routers.blaze_dktk.middlewares=dktk_b_strip,test-auth"
volumes:
blaze-data:

32
install-bridgehead.sh Normal file
View File

@ -0,0 +1,32 @@
#!/bin/bash
### Note: Currently not complete, needs some features before useable for production
source lib/functions.sh
exitIfNotRoot
if ! ./lib/prerequisites.sh; then
log "Prerequisites failed, exiting"
exit 1
fi
source site.conf
echo -e "\nInstalling systemd units ..."
cp -v \
lib/systemd/bridgehead\@.service \
lib/systemd/bridgehead-update\@.service \
lib/systemd/bridgehead-update\@.timer \
/etc/systemd/system/
systemctl daemon-reload
echo
if ! systemctl is-active --quiet bridgehead@"${project}"; then
echo "Enabling autostart of bridgehead@${project}.service"
systemctl enable bridgehead@"${project}"
echo "Enabling nightly updates for bridgehead@${project}.service ..."
systemctl enable --now bridgehead-update@"${project}".timer
fi
echo -e "\nDone - now start your bridgehead by running\n\tsystemctl start bridgehead@${project}.service\nor by rebooting your machine."

0
landing/index.html Normal file
View File

12
lib/functions.sh Normal file
View File

@ -0,0 +1,12 @@
#!/bin/bash -e
exitIfNotRoot() {
if [ "$EUID" -ne 0 ]; then
echo "Please run as root"
exit 1
fi
}
log() {
echo "$(date +'%Y-%m-%d %T')" "$1:" "$2"
}

88
lib/generate.sh Normal file
View File

@ -0,0 +1,88 @@
#!/bin/bash
cat > ../landing/index.html <<EOL
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="">
<title>Bridgehead Overview</title>
<!-- Bootstrap core CSS -->
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet"
integrity="sha384-1BmE4kWBq78iYhFldvKuhfTAU6auU8tT94WrHftjDbrCEXSU1oBoqyl2QvZ6jIW3" crossorigin="anonymous">
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"
integrity="sha384-ka7Sk0Gln4gmtz2MlQnikT1wXgYsOg+OMhuP+IlRH9sENBO0LRn5q+8nbTov4+1p"
crossorigin="anonymous"></script>
</head>
<body>
<nav class="navbar navbar-light" style="background-color: #aad7f6;">
<h2 class="pb-2 border-bottom">Bridgehead ${site_name}</h2>
</nav>
<div class="container px-4 py-5" id="featured-3">
<div>
<h2>Components</h2>
<h3>Central</h3>
<table class="table">
<thead class="thead-dark">
<tr>
<th style="width: 50%">Group</th>
<th style="width: 50%">Service</th>
</tr>
</thead>
<tbody>
<tr>
<td>CCP-IT</td>
<td><a href="https://patientlist.ccp-it.dktk.dkfz.de">Zentrale Patientenliste</td>
</tr>
<tr>
<td>CCP-IT</td>
<td><a href="https://decentralsearch.ccp-it.dktk.dkfz.de">Dezentrale Suche</td>
</tr>
<tr>
<td>CCP-IT</td>
<td><a href="https://centralsearch.ccp-it.dktk.dkfz.de">Zentrale Suche</td>
</tr>
<tr>
<td>CCP-IT</td>
<td><a href="https://deployment.ccp-it.dktk.dkfz.de">Deployment-Server</td>
</tr>
<tr>
<td>CCP-IT</td>
<td><a href="https://dktk-kne.kgu.de">Zentraler Kontrollnummernerzeuger</td>
</tr>
</tbody>
</table>
</div>
<div>
<h3>Local</h3>
<table class="table">
<thead class="thead-dark">
<tr>
<th style="width: 50%">Project</th>
<th style="width: 50%">Services</th>
</tr>
</thead>
<tbody>
<tr>
<td>Bridgehead</td>
<td>Reverse Proxy <a href="http://e260-serv-05:8080/">Traefik</a></td>
</tr>
<tr>
<td>DKTK</td>
<td><a href="http://e260-serv-05/dktk-localdatamanagement/fhir/">Blaze</a></td>
</tr>
</tbody>
</table>
</div>
<footer class="footer mt-auto py-3 ">
<a href="https://dktk.dkfz.de/"><img src="https://www.oncoray.de/fileadmin/files/bilder_gruppen/DKTK/Logo_DKTK_neu_2016.jpg" height="10%" width="30%"></a> DKTK 2022
</footer>
</body>
</html>
EOL

54
lib/prerequisites.sh Normal file
View File

@ -0,0 +1,54 @@
#!/bin/bash
## Check if user is a su
echo "Welcome to the starting a bridgehead. We will get your instance up and running in no time"
echo "First we will check if all prerequisites are met ..."
prerequisites="git docker docker-compose cat"
for prerequisite in $prerequisites; do
$prerequisite --version 2>&1
is_available=$?
if [ $is_available -gt 0 ]; then
log "ERROR" "Prerequisite not fulfilled - $prerequisite is not available!"
exit 79
fi
# TODO: Check for specific version
done
echo "Checking site.conf"
#check if site.conf is created
if [ ! -f site.conf ]; then
echo "Please create your specific site.conf file from the site.dev.conf"
exit
fi
#Load site specific variables
source site.conf
if [ -z "$site_name" ]; then
echo "Please set site_name"
fi
echo "Checking site-config module"
## Download submodule
if [ ! -d "site-config" ]; then
echo "Please set up the site-config folder. Instruction are in the readme."
exit
else
echo "Site configuration is already loaded"
fi
#Check if a project is selected
if [ -z "$project" ]; then
echo "No project selected! Please add a Project in your local site.conf."
exit
fi
#check if project env is present
if [ -d "site-config/${project}.env" ]; then
echo "Please copy the tempalte from ${project} and put it in the site-config folder"
fi
echo "All prerequisites are met!"

View File

@ -0,0 +1,10 @@
[Unit]
Description=Bridgehead (%i) Update Service
[Service]
Type=oneshot
WorkingDirectory=/srv/docker/bridgehead/
ExecStart=/bin/bash -c "/srv/docker/bridgehead/update-bridgehead.sh %i"
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,8 @@
[Unit]
Description=Nightly Updates of Bridgehead (%i)
[Timer]
OnCalendar=*-*-* 03:00:00
[Install]
WantedBy=basic.target

View File

@ -0,0 +1,15 @@
[Unit]
Description=Bridgehead (%i) Service
[Service]
Restart=always
RestartSec=30
WorkingDirectory=/srv/docker/bridgehead/
ExecStartPre=/bin/bash -c '`which docker-compose` -f %i/docker-compose.yml --env-file site-config/%i.env down'
ExecStart=/bin/bash -c '`which docker-compose` -f %i/docker-compose.yml --env-file site-config/%i.env up'
ExecStop=/bin/bash -c '`which docker-compose` -f %i/docker-compose.yml --env-file site-config/%i.env down'
[Install]
WantedBy=multi-user.target

11
site.dev.conf Normal file
View File

@ -0,0 +1,11 @@
#!/bin/bash
### This is the configuration file for secrets, only your site should know
##Setting Network properties
export HOSTIP=$(MSYS_NO_PATHCONV=1 docker run --rm --add-host=host.docker.internal:host-gateway ubuntu cat /etc/hosts | grep 'host.docker.internal' | awk '{print $1}');
export HOST=
export site_name=
### Write the Project you want to start with the brigdehead
##Exmaple project=dktk-fed
export project=

18
start-bridgehead.sh Normal file
View File

@ -0,0 +1,18 @@
#!/bin/bash
### Note: Currently not complete, needs some features before useable for production
source lib/functions.sh
if ! lib/prerequisites.sh; then
log "Prerequisites failed, exiting"
exit
fi
source site.conf
./lib/generate.sh
log "Starting bridgehead"
docker-compose -f ${project}/docker-compose.yml --env-file site-config/${project}.env up -d
log "The bridgehead should be in online in a few seconds"

8
stop-bridgehead.sh Normal file
View File

@ -0,0 +1,8 @@
#!/bin/bash -e
source lib/functions.sh
source site.conf
log "Stopping bridgehead"
docker-compose -f ${project}/docker-compose.yml --env-file site-config/${project}.env down

10
uninstall-bridgehead.sh Normal file
View File

@ -0,0 +1,10 @@
#!/bin/bash -e
source site.conf
source lib/functions.sh
echo "Stopping systemd services and removing bridgehead ..."
systemctl disable --now bridgehead@${project}.service bridgehead-update@${project}.timer bridgehead-update@${project}.service
rm -v /etc/systemd/system/{bridgehead\@.service,bridgehead-update\@.timer,bridgehead-update\@.service}

37
update-bridgehead.sh Normal file
View File

@ -0,0 +1,37 @@
#!/bin/bash
service="bridgehead"
source lib/functions.sh
if ! lib/prerequisites.sh; then
log "Prerequisites failed, exiting"
exit
fi
log "INFO" "Checking for updates of $service"
# check prerequisites
# check if updates are available
old_git_hash="$(git rev-parse --verify HEAD)"
git fetch 2>&1
git pull 2>&1
new_git_hash="$(git rev-parse --verify HEAD)"
git_updated="false"
if [ "$old_git_hash" != "$new_git_hash" ]; then
log "INFO" "Pulled new changes from origin"
git_updated="true"
fi
docker_updated="false"
for image in $(docker ps --filter "name=$service" --format {{.Image}}); do
log "INFO" "Checking for Updates of Image: $image"
if docker pull $image | grep "Downloaded newer image"; then
log "INFO" "$image updated."
docker_updated="true"
fi
done
if [ $git_updated = "true" ] || [ $docker_updated = "true" ]; then
log "INFO" "Due to previous updates now restarting $service@$1"
systemctl restart "$service@$1.service"
fi
log "INFO" "checking updates finished"
exit 0