Some fixes after review with Martin

This commit is contained in:
Patrick Skowronek 2022-05-09 12:57:24 +02:00
parent 445add6d30
commit dc8b8b3339
11 changed files with 58 additions and 51 deletions

View File

@ -44,7 +44,7 @@ The Bridgehead has two primary components:
* The **Blaze Store**. This is a highly responsive FHIR data store, which you will need to fill with your data via an ETL chain. * The **Blaze Store**. This is a highly responsive FHIR data store, which you will need to fill with your data via an ETL chain.
* The **Connector**. This is the communication portal to the Sample Locator, with specially designed features that make it possible to run it behind a corporate firewall without making any compromises on security. * The **Connector**. This is the communication portal to the Sample Locator, with specially designed features that make it possible to run it behind a corporate firewall without making any compromises on security.
#### CPP(DKTK/C4) #### CCP(DKTK/C4)
TODO: TODO:
@ -79,6 +79,7 @@ For running your bridgehead we recommend the follwing Hardware:
Before starting the installation process, please ensure that following software is available on your system: Before starting the installation process, please ensure that following software is available on your system:
//Remove
#### [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git) #### [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
To check that you have a working git installation, please run To check that you have a working git installation, please run
@ -90,6 +91,8 @@ rm -rf Hello-World;
``` ```
If you see the output "Hello World!" your installation should be working. If you see the output "Hello World!" your installation should be working.
//Just install docker-compose und docker with version
#### [Docker](https://docs.docker.com/get-docker/) #### [Docker](https://docs.docker.com/get-docker/)
To check your docker installation, you can try to execute dockers "Hello World" Image. The command is: To check your docker installation, you can try to execute dockers "Hello World" Image. The command is:
@ -149,10 +152,15 @@ sudo git clone https://github.com/samply/bridgehead.git /srv/docker/bridgehead;
When using the systemd services we you need to create a bridgehead user for security reasons. This should be done after clone the repository. Since not all linux distros support ```adduser```, we provide a action for the systemcall ```useradd```. When using the systemd services we you need to create a bridgehead user for security reasons. This should be done after clone the repository. Since not all linux distros support ```adduser```, we provide a action for the systemcall ```useradd```.
//
``` shell ``` shell
adduser --no-create-home --disabled-login --ingroup docker --gecos "" bridgehead adduser --no-create-home --disabled-login --ingroup docker --gecos "" bridgehead
```
``` shell
useradd -M -g docker -N -s /sbin/nologin bridgehead useradd -M -g docker -N -s /sbin/nologin bridgehead
chown bridghead /srv/docker/bridgehead/ -R chown bridgehead /srv/docker/bridgehead/ -R
``` ```
@ -216,7 +224,7 @@ To make the configuration effective, you need to tell systemd to reload the conf
``` shell ``` shell
sudo systemctl daemon-reload; sudo systemctl daemon-reload;
sudo systemctl bridgehead@cpp.service; sudo systemctl bridgehead@ccp.service;
``` ```
### DKTK/C4 ### DKTK/C4

View File

@ -3,7 +3,7 @@ version: "3.7"
services: services:
traefik: traefik:
container_name: bridgehead-traefik container_name: bridgehead-traefik
image: traefik:2.4 image: traefik:2
command: command:
- --entrypoints.web.address=:80 - --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443 - --entrypoints.websecure.address=:443
@ -60,11 +60,11 @@ services:
- "blaze-data:/app/data" - "blaze-data:/app/data"
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.middlewares.cpp-auth.basicauth.users=${bc_auth_users}" - "traefik.http.middlewares.ccp-auth.basicauth.users=${bc_auth_users}"
- "traefik.http.routers.blaze_ccp.rule=PathPrefix(`/ccp-localdatamanagement`)" - "traefik.http.routers.blaze_ccp.rule=PathPrefix(`/ccp-localdatamanagement`)"
- "traefik.http.middlewares.ccp_b_strip.stripprefix.prefixes=/ccp-localdatamanagement" - "traefik.http.middlewares.ccp_b_strip.stripprefix.prefixes=/ccp-localdatamanagement"
- "traefik.http.services.blaze_ccp.loadbalancer.server.port=8080" - "traefik.http.services.blaze_ccp.loadbalancer.server.port=8080"
- "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,cpp-auth" - "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,ccp-auth"
- "traefik.http.routers.blaze_ccp.tls=true" - "traefik.http.routers.blaze_ccp.tls=true"
ccp-search-share: ccp-search-share:
@ -73,7 +73,7 @@ services:
environment: environment:
APP_BASE_URL: "http://dktk-fed-search-share:8080" APP_BASE_URL: "http://dktk-fed-search-share:8080"
APP_BROKER_BASEURL: "https://dktk-fed-search.verbis.dkfz.de/broker/rest/searchbroker" APP_BROKER_BASEURL: "https://dktk-fed-search.verbis.dkfz.de/broker/rest/searchbroker"
APP_BROKER_MAIL: ${CCP_MAIL} APP_BROKER_MAIL: ${CCP_SEARCHBROKER_USERNAME}
APP_STORE_BASEURL: "http://bridgehead-ccp-blaze:8080/fhir" APP_STORE_BASEURL: "http://bridgehead-ccp-blaze:8080/fhir"
SPRING_DATASOURCE_URL: "jdbc:postgresql://bridgehead-ccp-share-db:5432/dktk-fed-search-share" SPRING_DATASOURCE_URL: "jdbc:postgresql://bridgehead-ccp-share-db:5432/dktk-fed-search-share"
JAVA_TOOL_OPTIONS: "-Xmx1g" JAVA_TOOL_OPTIONS: "-Xmx1g"
@ -86,7 +86,7 @@ services:
- blaze - blaze
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.dktk-fed-search.rule=PathPrefix(`/cpp-connector`)" - "traefik.http.routers.dktk-fed-search.rule=PathPrefix(`/ccp-connector`)"
- "traefik.http.services.dktk-fed-search.loadbalancer.server.port=8080" - "traefik.http.services.dktk-fed-search.loadbalancer.server.port=8080"
ccp-search-share-db: ccp-search-share-db:

View File

@ -1,4 +1,4 @@
version: '3.4' version: '3.7'
volumes: volumes:
gbn-connector-logs: gbn-connector-logs:
@ -8,7 +8,7 @@ volumes:
services: services:
traefik: traefik:
container_name: bridgehead-traefik container_name: bridgehead-traefik
image: traefik:2.4 image: traefik:2
command: command:
- --entrypoints.web.address=:80 - --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443 - --entrypoints.websecure.address=:443
@ -65,11 +65,11 @@ services:
- "blaze-data:/app/data" - "blaze-data:/app/data"
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.middlewares.cpp-auth.basicauth.users=${bc_auth_users}" - "traefik.http.middlewares.ccp-auth.basicauth.users=${bc_auth_users}"
- "traefik.http.routers.blaze_ccp.rule=PathPrefix(`/ccp-localdatamanagement`)" - "traefik.http.routers.blaze_ccp.rule=PathPrefix(`/ccp-localdatamanagement`)"
- "traefik.http.middlewares.ccp_b_strip.stripprefix.prefixes=/ccp-localdatamanagement" - "traefik.http.middlewares.ccp_b_strip.stripprefix.prefixes=/ccp-localdatamanagement"
- "traefik.http.services.blaze_ccp.loadbalancer.server.port=8080" - "traefik.http.services.blaze_ccp.loadbalancer.server.port=8080"
- "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,cpp-auth" - "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,ccp-auth"
- "traefik.http.routers.blaze_ccp.tls=true" - "traefik.http.routers.blaze_ccp.tls=true"
gbn-connector: gbn-connector:

View File

@ -1,14 +1,15 @@
#!/bin/bash -e #!/bin/bash -e
source lib/functions.sh
echo "This script add's a user with password to the bridghead" log "This script add's a user with password to the bridghead"
if [ $# -eq 0 ]; then if [ $# -eq 0 ]; then
echo "No arguments provided, please provide the project name" log "No arguments provided, please provide the project name"
exit 1 exit 1
fi fi
if [ ! -f /etc/systemd/system/bridgehead@$1.service.d/override.conf ]; then if [ ! -f /etc/systemd/system/bridgehead@$1.service.d/override.conf ]; then
echo "Please create a Service first, with setup-bridgehead-units.sh" log "Please create a Service first, with setup-bridgehead-units.sh"
exit exit
fi fi

View File

@ -40,7 +40,7 @@ then
" "
LOCAL_SERVICES+=" <tr> LOCAL_SERVICES+=" <tr>
<td>CCP</td> <td>CCP</td>
<td><a href=\"https://${HOST}/cpp-localdatamanagement/fhir/\">Blaze</a></td> <td><a href=\"https://${HOST}/ccp-localdatamanagement/fhir/\">Blaze</a></td>
</tr> </tr>
" "
fi fi

View File

@ -2,8 +2,8 @@
## Check if user is a su ## Check if user is a su
echo "Welcome to the starting a bridgehead. We will get your instance up and running in no time" log "Welcome to the starting a bridgehead. We will get your instance up and running in no time"
echo "First we will check if all prerequisites are met ..." log "First we will check if all prerequisites are met ..."
prerequisites="git docker docker-compose" prerequisites="git docker docker-compose"
for prerequisite in $prerequisites; do for prerequisite in $prerequisites; do
$prerequisite --version 2>&1 $prerequisite --version 2>&1
@ -15,54 +15,54 @@ for prerequisite in $prerequisites; do
# TODO: Check for specific version # TODO: Check for specific version
done done
echo "Checking /etc/bridgehead/" log "Checking /etc/bridgehead/"
## Download submodule ## Download submodule
if [ ! -d "/etc/bridgehead/" ]; then if [ ! -d "/etc/bridgehead/" ]; then
echo "Please set up the config folder. Instruction are in the readme." log "Please set up the config folder. Instruction are in the readme."
exit 1 exit 1
else else
echo "Done" log "Done"
fi fi
echo "Checking /etc/bridgehead/site.conf" log "Checking /etc/bridgehead/site.conf"
#check if site.conf is created #check if site.conf is created
if [ ! -f /etc/bridgehead/site.conf ]; then if [ ! -f /etc/bridgehead/site.conf ]; then
echo "Please create your specific site.conf file from the site.dev.conf" log "Please create your specific site.conf file from the site.dev.conf"
exit 1 exit 1
else else
echo "Done" log "Done"
fi fi
#Load site specific variables #Load site specific variables
source /etc/bridgehead/site.conf source /etc/bridgehead/site.conf
if [ -z "$site_name" ]; then if [ -z "$site_name" ]; then
echo "Please set site_name" log "Please set site_name"
exit 1 exit 1
fi fi
echo "Checking project config" log "Checking project config"
#check if project env is present #check if project env is present
if [ -d "/etc/bridgehead/${project}.env" ]; then if [ -d "/etc/bridgehead/${project}.env" ]; then
echo "Please copy the tempalte from ${project} and put it in the /etc/bridgehead-config/ folder" log "Please copy the tempalte from ${project} and put it in the /etc/bridgehead-config/ folder"
exit 1 exit 1
else else
echo "Done" log "Done"
fi fi
echo "Checking ssl cert" log "Checking ssl cert"
## Create SSL Cert ## Create SSL Cert
if [ ! -d "/certs" ]; then if [ ! -d "/certs" ]; then
echo "SSL cert missing, now we create one. Please consider getting a signed one" log "SSL cert missing, now we create one. Please consider getting a signed one"
mkdir certs mkdir certs
fi fi
if [ -d "/etc/bridgehead/traefik.crt" ]; then if [ -d "certs/traefik.crt" ]; then
openssl req -x509 -newkey rsa:4096 -nodes -keyout certs/traefik.key -out certs/traefik.crt -days 365 openssl req -x509 -newkey rsa:4096 -nodes -keyout certs/traefik.key -out certs/traefik.crt -days 365
fi fi
echo "All prerequisites are met!" log "All prerequisites are met!"

View File

@ -3,12 +3,12 @@
source lib/functions.sh source lib/functions.sh
if [ $# -eq 0 ]; then if [ $# -eq 0 ]; then
echo "Please provide a Project as argument" log "Please provide a Project as argument"
exit 1 exit 1
fi fi
if [ $1 != "ccp" ] && [ $1 != "nngm" ] && [ $1 != "gbn" ]; then if [ $1 != "ccp" ] && [ $1 != "nngm" ] && [ $1 != "gbn" ]; then
echo "Please provide a supported project like ccp, gbn or nngm" log "Please provide a supported project like ccp, gbn or nngm"
exit 1 exit 1
fi fi
@ -19,7 +19,7 @@ if ! ./lib/prerequisites.sh; then
exit 1 exit 1
fi fi
echo "Stopping systemd services and removing bridgehead ..." log "Stopping systemd services and removing bridgehead ..."
systemctl disable --now bridgehead@${project}.service bridgehead-update@${project}.timer bridgehead-update@${project}.service systemctl disable --now bridgehead@${project}.service bridgehead-update@${project}.timer bridgehead-update@${project}.service

View File

@ -5,12 +5,12 @@ source lib/functions.sh
exitIfNotRoot exitIfNotRoot
if [ $# -eq 0 ]; then if [ $# -eq 0 ]; then
echo "Please provide a Project as argument" log "Please provide a Project as argument"
exit 1 exit 1
fi fi
if [ $1 != "ccp" ] && [ $1 != "nngm" ] && [ $1 != "gbn" ]; then if [ $1 != "ccp" ] && [ $1 != "nngm" ] && [ $1 != "gbn" ]; then
echo "Please provide a supported project like ccp, gbn or nngm" log "Please provide a supported project like ccp, gbn or nngm"
exit 1 exit 1
fi fi
@ -33,9 +33,9 @@ systemctl daemon-reload
echo echo
if ! systemctl is-active --quiet bridgehead@"${project}"; then if ! systemctl is-active --quiet bridgehead@"${project}"; then
echo "Enabling autostart of bridgehead@${project}.service" log "Enabling autostart of bridgehead@${project}.service"
systemctl enable bridgehead@"${project}" systemctl enable bridgehead@"${project}"
echo "Enabling nightly updates for bridgehead@${project}.service ..." log "Enabling nightly updates for bridgehead@${project}.service ..."
systemctl enable --now bridgehead-update@"${project}".timer systemctl enable --now bridgehead-update@"${project}".timer
fi fi

View File

@ -8,9 +8,9 @@ RestartSec=30
WorkingDirectory=/srv/docker/bridgehead/ WorkingDirectory=/srv/docker/bridgehead/
ExecStart=/srv/docker/bridgehead/start-bridgehead.sh %i ExecStartPre=exec /srv/docker/bridgehead/stop-bridgehead.sh %i
RemainAfterExit=true ExecStart=exec /srv/docker/bridgehead/start-bridgehead.sh %i
ExecStop=/srv/docker/bridgehead/stop-bridgehead.sh %i ExecStop=exec /srv/docker/bridgehead/stop-bridgehead.sh %i
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

View File

@ -1,20 +1,18 @@
#!/bin/bash #!/bin/bash
### Note: Currently not complete, needs some features before useable for production source lib/functions.sh
if [ $# -eq 0 ]; then if [ $# -eq 0 ]; then
echo "Please provide a Project as argument" log "Please provide a Project as argument"
exit 1 exit 1
fi fi
if [ $1 != "ccp" ] && [ $1 != "nngm" ] && [ $1 != "gbn" ]; then if [ $1 != "ccp" ] && [ $1 != "nngm" ] && [ $1 != "gbn" ]; then
echo "Please provide a supported project like ccp, gbn or nngm" log "Please provide a supported project like ccp, gbn or nngm"
exit 1 exit 1
fi fi
export project=$1 export project=$1
source lib/functions.sh
if ! lib/prerequisites.sh; then if ! lib/prerequisites.sh; then
log "Validating Prerequisites failed, please fix the occurring error" log "Validating Prerequisites failed, please fix the occurring error"
exit 1 exit 1
@ -22,7 +20,7 @@ fi
source /etc/bridgehead/site.conf source /etc/bridgehead/site.conf
./lib/generate.sh ####./lib/generate.sh
log "Starting bridgehead" log "Starting bridgehead"

View File

@ -3,12 +3,12 @@
source lib/functions.sh source lib/functions.sh
if [ $# -eq 0 ]; then if [ $# -eq 0 ]; then
echo "Please provide a Project as argument" log "Please provide a Project as argument"
exit 1 exit 1
fi fi
if [ $1 != "ccp" ] && [$1 != "nngm"] && [ $1 != "gbn" ]; then if [ $1 != "ccp" ] && [$1 != "nngm"] && [ $1 != "gbn" ]; then
echo "Please provide a supported project like ccp, gbn or nngm" log "Please provide a supported project like ccp, gbn or nngm"
exit 1 exit 1
fi fi