From c70be3d5c94dcbaf5919de5d7a58c180510380ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Radovan=20Tom=C3=A1=C5=A1ik?= Date: Wed, 26 Oct 2022 16:18:10 +0200 Subject: [PATCH 01/45] Update README.md --- README.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/README.md b/README.md index 0bb72e1..ef0118d 100644 --- a/README.md +++ b/README.md @@ -132,6 +132,16 @@ If systemd is not installed, you can start the bridgehead. However, for producti ## Getting Started +### Quick Start + +```mkdir /etc/bridgehead/ && chown -R bridgehead . /etc/bridgehead/``` +```git clone https://github.com/samply/bridgehead.git -b feature/samplyBeam``` +### Migration +Run: +```docker-compose down``` +For the old installation of the BH. Then replace the docker volume name for the blaze store in the BH 2.0 docker-compose.yml with the docker volume of the old Blaze store. + + ### Installation If your system passed all checks from ["Requirements" section], you are now ready to download the bridgehead. From 5c65ae96383e358a141be986c35c403cca719604 Mon Sep 17 00:00:00 2001 From: PierreDelpy Date: Wed, 26 Oct 2022 14:33:38 +0000 Subject: [PATCH 02/45] add port quick solution for ssl cert verification with portnumber; genereate persistent connector password --- ccp/nngm-compose.yml | 2 ++ ccp/nngm-setup.sh | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/ccp/nngm-compose.yml b/ccp/nngm-compose.yml index c212fed..478af29 100644 --- a/ccp/nngm-compose.yml +++ b/ccp/nngm-compose.yml @@ -11,6 +11,8 @@ services: NNGM_CTS_APIKEY: ${NNGM_CTS_APIKEY} NNGM_CRYPTKEY: ${NNGM_CRYPTKEY} restart: always + ports: + - "8080:8080" labels: - "traefik.enable=true" - "traefik.http.routers.connector.rule=PathPrefix(`/ccp-connector`)" diff --git a/ccp/nngm-setup.sh b/ccp/nngm-setup.sh index 08a6d43..bd1b6aa 100644 --- a/ccp/nngm-setup.sh +++ b/ccp/nngm-setup.sh @@ -7,4 +7,5 @@ function nngmSetup() { fi } -CONNECTOR_POSTGRES_PASSWORD="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" +#CONNECTOR_POSTGRES_PASSWORD="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" +CONNECTOR_POSTGRES_PASSWORD="$(echo -n /etc/bridgehead/pki/mannheim.priv.pem | sha256sum | head -c 20)" From 5e5ed73c919621013e72492810995ac13543d038 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Radovan=20Tom=C3=A1=C5=A1ik?= Date: Wed, 26 Oct 2022 16:34:47 +0200 Subject: [PATCH 03/45] Update README.md --- README.md | 33 ++++++++++++++++++++------------- 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index ef0118d..055a008 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,7 @@ TOC - [docker](#dockerhttpsdocsdockercomget-docker) - [systemd](#systemd) 2. [Getting Started](#getting-started) + - [Quick Start](#quick-start) - [DKTK](#dktkc4) - [C4](#c4) - [GBA/BBMRI-ERIC](#gbabbmri-eric) @@ -134,15 +135,6 @@ If systemd is not installed, you can start the bridgehead. However, for producti ### Quick Start -```mkdir /etc/bridgehead/ && chown -R bridgehead . /etc/bridgehead/``` -```git clone https://github.com/samply/bridgehead.git -b feature/samplyBeam``` -### Migration -Run: -```docker-compose down``` -For the old installation of the BH. Then replace the docker volume name for the blaze store in the BH 2.0 docker-compose.yml with the docker volume of the old Blaze store. - - -### Installation If your system passed all checks from ["Requirements" section], you are now ready to download the bridgehead. @@ -155,10 +147,6 @@ sudo git clone https://github.com/samply/bridgehead.git /srv/docker/bridgehead; It is recomended to create a user for the bridgehead service. This should be done after clone the repository. Since not all linux distros support ```adduser```, we provide an action for the systemcall ```useradd```. You should try the first one, when the systm can't create the user you should try the second one. -``` shell -adduser --no-create-home --disabled-login --ingroup docker --gecos "" bridgehead -``` - ``` shell useradd -M -g docker -N -s /sbin/nologin bridgehead ``` @@ -168,6 +156,25 @@ After adding the User you need to change the ownership of the directory to the b ``` shell chown bridgehead /srv/docker/bridgehead/ -R ``` +Download the configuration repository: + +``` shell +sudo git clone https://github.com/samply/bridgehead-config.git -b fix/bbmri-config /etc/bridgehead; +``` +Change ownership: +``` shell +chown bridgehead /etc/bridgehead/ -R +``` +Modify SITE_ID and SITE_NAME in bbmri.conf +RUN: + + +```shell +sudo /etc/bridgehead/bridgehead enroll bbmri +``` +```shell +sudo /srv/docker/bridgehead/bridgehead start bbmri +``` ### Configuration From 5755baaf009e8c332750baf44048285ae93d74c6 Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Fri, 28 Oct 2022 10:06:43 +0200 Subject: [PATCH 04/45] Support docker compose as well as docker-compose --- bridgehead | 4 ++-- lib/prerequisites.sh | 8 +++++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/bridgehead b/bridgehead index e1e1d0b..b204383 100755 --- a/bridgehead +++ b/bridgehead @@ -63,10 +63,10 @@ case "$ACTION" in hc_send log "Bridgehead $PROJECT startup: Checking requirements ..." checkRequirements hc_send log "Bridgehead $PROJECT startup: Requirements checked out. Now starting bridgehead ..." - exec docker-compose -f ./$PROJECT/docker-compose.yml $OVERRIDE up --abort-on-container-exit + exec $COMPOSE -f ./$PROJECT/docker-compose.yml $OVERRIDE up --abort-on-container-exit ;; stop) - exec docker-compose -f ./$PROJECT/docker-compose.yml $OVERRIDE down + exec $COMPOSE -f ./$PROJECT/docker-compose.yml $OVERRIDE down ;; update) exec ./lib/update-bridgehead.sh $PROJECT diff --git a/lib/prerequisites.sh b/lib/prerequisites.sh index 2738620..dfd3cdd 100755 --- a/lib/prerequisites.sh +++ b/lib/prerequisites.sh @@ -10,9 +10,15 @@ fi checkOwner . bridgehead || exit 1 checkOwner /etc/bridgehead bridgehead || exit 1 +if [[ "$(docker compose version 2>/dev/null)" == *"Docker Compose version"* ]]; then + COMPOSE="docker compose" +else + COMPOSE="docker-compose" +fi + ## Check if user is a su log INFO "Checking if all prerequisites are met ..." -prerequisites="git docker docker-compose" +prerequisites="git docker $COMPOSE" for prerequisite in $prerequisites; do $prerequisite --version 2>&1 is_available=$? From 2aef5f29c304d157967f21eaefe78301692009c6 Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Fri, 28 Oct 2022 10:12:21 +0200 Subject: [PATCH 05/45] Move to functions.sh --- bridgehead | 2 ++ lib/functions.sh | 9 +++++++++ lib/prerequisites.sh | 6 ------ 3 files changed, 11 insertions(+), 6 deletions(-) diff --git a/bridgehead b/bridgehead index b204383..f18311a 100755 --- a/bridgehead +++ b/bridgehead @@ -58,6 +58,8 @@ if [ -f "$PROJECT/docker-compose.override.yml" ]; then OVERRIDE+=" -f ./$PROJECT/docker-compose.override.yml" fi +detectCompose + case "$ACTION" in start) hc_send log "Bridgehead $PROJECT startup: Checking requirements ..." diff --git a/lib/functions.sh b/lib/functions.sh index e3df4ad..b5a03a0 100755 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -2,6 +2,15 @@ source lib/log.sh +detectCompose() { + if [[ "$(docker compose version 2>/dev/null)" == *"Docker Compose version"* ]]; then + COMPOSE="docker compose" + else + COMPOSE="docker-compose" + # This is intended to fail on startup in the next prereq check. + fi +} + exitIfNotRoot() { if [ "$EUID" -ne 0 ]; then log "ERROR" "Please run as root" diff --git a/lib/prerequisites.sh b/lib/prerequisites.sh index dfd3cdd..d90d50e 100755 --- a/lib/prerequisites.sh +++ b/lib/prerequisites.sh @@ -10,12 +10,6 @@ fi checkOwner . bridgehead || exit 1 checkOwner /etc/bridgehead bridgehead || exit 1 -if [[ "$(docker compose version 2>/dev/null)" == *"Docker Compose version"* ]]; then - COMPOSE="docker compose" -else - COMPOSE="docker-compose" -fi - ## Check if user is a su log INFO "Checking if all prerequisites are met ..." prerequisites="git docker $COMPOSE" From 6293dc65f03c7cedd8b6649013afba9dd9d2ed15 Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Fri, 28 Oct 2022 10:17:14 +0200 Subject: [PATCH 06/45] Fail in prereqs if compose does not exist --- lib/prerequisites.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/prerequisites.sh b/lib/prerequisites.sh index d90d50e..962c123 100755 --- a/lib/prerequisites.sh +++ b/lib/prerequisites.sh @@ -2,6 +2,8 @@ source lib/functions.sh +detectCompose + if ! id "bridgehead" &>/dev/null; then log ERROR "User bridgehead does not exist. Please consult readme for installation." exit 1 From 3a668a1ccef395e8fada932bef6693edc23d8bf6 Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Fri, 28 Oct 2022 10:26:17 +0200 Subject: [PATCH 07/45] Generate consistent nNGM Connector password --- ccp/nngm-setup.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/ccp/nngm-setup.sh b/ccp/nngm-setup.sh index bd1b6aa..0a90813 100644 --- a/ccp/nngm-setup.sh +++ b/ccp/nngm-setup.sh @@ -5,7 +5,5 @@ function nngmSetup() { log INFO "nNGM setup detected -- will start nNGM Connector." OVERRIDE+="-f ./$PROJECT/nngm-compose.yml" fi + CONNECTOR_POSTGRES_PASSWORD="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -encrypt -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" } - -#CONNECTOR_POSTGRES_PASSWORD="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" -CONNECTOR_POSTGRES_PASSWORD="$(echo -n /etc/bridgehead/pki/mannheim.priv.pem | sha256sum | head -c 20)" From 0cba5d315ad4303df8f8393551d4c9afaa026c13 Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Fri, 28 Oct 2022 10:37:51 +0200 Subject: [PATCH 08/45] Sign, not encrypt, to avoid openssl salt --- ccp/nngm-setup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ccp/nngm-setup.sh b/ccp/nngm-setup.sh index 0a90813..501d8ce 100644 --- a/ccp/nngm-setup.sh +++ b/ccp/nngm-setup.sh @@ -5,5 +5,5 @@ function nngmSetup() { log INFO "nNGM setup detected -- will start nNGM Connector." OVERRIDE+="-f ./$PROJECT/nngm-compose.yml" fi - CONNECTOR_POSTGRES_PASSWORD="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -encrypt -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" + CONNECTOR_POSTGRES_PASSWORD="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" } From e2f92017c22e665e9ebf9d67f7dd28ccb58433b5 Mon Sep 17 00:00:00 2001 From: Croft Date: Fri, 28 Oct 2022 11:04:20 +0200 Subject: [PATCH 09/45] Correcting landing page indent Original indent was one space, should have been 2 spaces, otherwise you get parse errors. --- bbmri/docker-compose.yml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/bbmri/docker-compose.yml b/bbmri/docker-compose.yml index b891af7..42c6d20 100644 --- a/bbmri/docker-compose.yml +++ b/bbmri/docker-compose.yml @@ -39,18 +39,18 @@ services: volumes: - /etc/bridgehead/trusted-ca-certs:/docker/custom-certs/:ro - landing: - container_name: bridgehead-landingpage - image: samply/bridgehead-landingpage:master - labels: - - "traefik.enable=true" - - "traefik.http.routers.landing.rule=PathPrefix(`/`)" - - "traefik.http.services.landing.loadbalancer.server.port=80" - - "traefik.http.routers.landing.tls=true" - environment: - HOST: ${HOST} - PROJECT: ${PROJECT} - SITE_NAME: ${SITE_NAME} + landing: + container_name: bridgehead-landingpage + image: samply/bridgehead-landingpage:master + labels: + - "traefik.enable=true" + - "traefik.http.routers.landing.rule=PathPrefix(`/`)" + - "traefik.http.services.landing.loadbalancer.server.port=80" + - "traefik.http.routers.landing.tls=true" + environment: + HOST: ${HOST} + PROJECT: ${PROJECT} + SITE_NAME: ${SITE_NAME} blaze: image: "samply/blaze:0.18" From ef2965f72fa00cb9f75cb267441a0df61175b385 Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Fri, 28 Oct 2022 11:37:49 +0200 Subject: [PATCH 10/45] Make traefik use certificates at /etc/bridgehead/traefik-tls --- ccp/docker-compose.yml | 1 - lib/traefik-configuration/certificates.yaml | 8 +++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/ccp/docker-compose.yml b/ccp/docker-compose.yml index cd6baf0..edb35c5 100644 --- a/ccp/docker-compose.yml +++ b/ccp/docker-compose.yml @@ -8,7 +8,6 @@ services: - --entrypoints.web.address=:80 - --entrypoints.websecure.address=:443 - --providers.docker=true - - --providers.file.watch=true - --providers.file.directory=/configuration/ - --api.dashboard=true - --accesslog=true # print access-logs diff --git a/lib/traefik-configuration/certificates.yaml b/lib/traefik-configuration/certificates.yaml index 2644333..af392c9 100644 --- a/lib/traefik-configuration/certificates.yaml +++ b/lib/traefik-configuration/certificates.yaml @@ -1,4 +1,6 @@ tls: - certificates: - - certFile: /certs/fullchain.pem - keyFile: /certs/privkey.pem + stores: + default: + defaultCertificate: + certFile: /certs/fullchain.pem + keyFile: /certs/privkey.pem From 0dae36c9d9e21b1122621ebaf150469a058ef423 Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Fri, 28 Oct 2022 11:41:15 +0200 Subject: [PATCH 11/45] Reconcile BBMRI/CCP traefik configs. --- bbmri/docker-compose.yml | 3 +-- ccp/docker-compose.yml | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/bbmri/docker-compose.yml b/bbmri/docker-compose.yml index 42c6d20..c49fb6f 100644 --- a/bbmri/docker-compose.yml +++ b/bbmri/docker-compose.yml @@ -8,10 +8,9 @@ services: - --entrypoints.web.address=:80 - --entrypoints.websecure.address=:443 - --providers.docker=true - - --providers.file.watch=true - --providers.file.directory=/configuration/ - --api.dashboard=true - - --accesslog=true # print access-logs + - --accesslog=true - --entrypoints.web.http.redirections.entrypoint.to=websecure - --entrypoints.web.http.redirections.entrypoint.scheme=https labels: diff --git a/ccp/docker-compose.yml b/ccp/docker-compose.yml index edb35c5..2fb494c 100644 --- a/ccp/docker-compose.yml +++ b/ccp/docker-compose.yml @@ -10,7 +10,7 @@ services: - --providers.docker=true - --providers.file.directory=/configuration/ - --api.dashboard=true - - --accesslog=true # print access-logs + - --accesslog=true - --entrypoints.web.http.redirections.entrypoint.to=websecure - --entrypoints.web.http.redirections.entrypoint.scheme=https labels: From cfdcb8af86e26b1cacfe608d59c0f3f824635f54 Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Fri, 28 Oct 2022 11:53:50 +0200 Subject: [PATCH 12/45] Don't expose bridgehead http(s) services by default. --- bbmri/docker-compose.yml | 6 ++---- ccp/docker-compose.yml | 6 ++---- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/bbmri/docker-compose.yml b/bbmri/docker-compose.yml index c49fb6f..ee35119 100644 --- a/bbmri/docker-compose.yml +++ b/bbmri/docker-compose.yml @@ -8,12 +8,14 @@ services: - --entrypoints.web.address=:80 - --entrypoints.websecure.address=:443 - --providers.docker=true + - --providers.docker.exposedbydefault=false - --providers.file.directory=/configuration/ - --api.dashboard=true - --accesslog=true - --entrypoints.web.http.redirections.entrypoint.to=websecure - --entrypoints.web.http.redirections.entrypoint.scheme=https labels: + - "traefik.enable=true" - "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)" - "traefik.http.routers.dashboard.entrypoints=websecure" - "traefik.http.routers.dashboard.service=api@internal" @@ -82,8 +84,6 @@ services: depends_on: - "beam-proxy" - "blaze" - labels: - - "traefik.enable=false" beam-proxy: image: "samply/beam-proxy:develop" @@ -99,8 +99,6 @@ services: TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs secrets: - proxy.pem - labels: - - "traefik.enable=false" depends_on: - "forward_proxy" volumes: diff --git a/ccp/docker-compose.yml b/ccp/docker-compose.yml index 2fb494c..3074f31 100644 --- a/ccp/docker-compose.yml +++ b/ccp/docker-compose.yml @@ -8,12 +8,14 @@ services: - --entrypoints.web.address=:80 - --entrypoints.websecure.address=:443 - --providers.docker=true + - --providers.docker.exposedbydefault=false - --providers.file.directory=/configuration/ - --api.dashboard=true - --accesslog=true - --entrypoints.web.http.redirections.entrypoint.to=websecure - --entrypoints.web.http.redirections.entrypoint.scheme=https labels: + - "traefik.enable=true" - "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)" - "traefik.http.routers.dashboard.entrypoints=websecure" - "traefik.http.routers.dashboard.service=api@internal" @@ -82,8 +84,6 @@ services: depends_on: - "beam-proxy" - "blaze" - labels: - - "traefik.enable=false" beam-proxy: image: "samply/beam-proxy:develop" @@ -101,8 +101,6 @@ services: TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs secrets: - proxy.pem - labels: - - "traefik.enable=false" depends_on: - "forward_proxy" volumes: From 853e1d9283451911a2e5f228c0abb1b492d2f389 Mon Sep 17 00:00:00 2001 From: Martin Lablans <6804500+lablans@users.noreply.github.com> Date: Fri, 28 Oct 2022 14:26:57 +0200 Subject: [PATCH 13/45] Make compose check not fail --- lib/prerequisites.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/prerequisites.sh b/lib/prerequisites.sh index 962c123..859b690 100755 --- a/lib/prerequisites.sh +++ b/lib/prerequisites.sh @@ -14,7 +14,7 @@ checkOwner /etc/bridgehead bridgehead || exit 1 ## Check if user is a su log INFO "Checking if all prerequisites are met ..." -prerequisites="git docker $COMPOSE" +prerequisites="git docker" for prerequisite in $prerequisites; do $prerequisite --version 2>&1 is_available=$? From 292d71b6c267a1ac631c9d173acc00adbd618034 Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Fri, 28 Oct 2022 15:14:34 +0200 Subject: [PATCH 14/45] Support docker installation via snap, e.g. Ubuntu 22.04 --- lib/functions.sh | 16 ++++++++++++++++ lib/setup-bridgehead-units.sh | 6 ++++++ lib/systemd/bridgehead@.service | 2 +- 3 files changed, 23 insertions(+), 1 deletion(-) diff --git a/lib/functions.sh b/lib/functions.sh index b5a03a0..7367c66 100755 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -11,6 +11,22 @@ detectCompose() { fi } +# https://unix.stackexchange.com/questions/539147 +systemctl-exists() { + [ $(systemctl list-unit-files "${1}*" | wc -l) -gt 3 ] +} + +dockerUnitName() { + if systemctl-exists docker.service; then + echo "docker.service" + elif systemctl-exists snap.docker.dockerd.service; then + echo "snap.docker.dockerd.service" + else + log ERROR "Unable to detect docker systemd unit." + fail_and_report 1 "Unable to detect docker systemd unit." + fi +} + exitIfNotRoot() { if [ "$EUID" -ne 0 ]; then log "ERROR" "Please run as root" diff --git a/lib/setup-bridgehead-units.sh b/lib/setup-bridgehead-units.sh index 57f7df5..fa50fd5 100755 --- a/lib/setup-bridgehead-units.sh +++ b/lib/setup-bridgehead-units.sh @@ -40,6 +40,12 @@ cp -v \ lib/systemd/bridgehead-update\@.timer \ /etc/systemd/system/ +log INFO "Setting Docker unit ..." + +for file in $(find /etc/systemd/system -mindepth 1 -maxdepth 1 -type f -name "bridgehead*"); do + sed -i "s/DOCKER_UNIT_NAME/$(dockerUnitName)/g" $file +done + systemctl daemon-reload log INFO "Trying to update your bridgehead ..." diff --git a/lib/systemd/bridgehead@.service b/lib/systemd/bridgehead@.service index 7645793..253eb8a 100644 --- a/lib/systemd/bridgehead@.service +++ b/lib/systemd/bridgehead@.service @@ -1,6 +1,6 @@ [Unit] Description=Bridgehead (%i) -Requires=docker.service +Requires=DOCKER_UNIT_NAME [Service] User=bridgehead From 5e31da513925d5161aaac8633d7af3596ae50408 Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Fri, 28 Oct 2022 15:25:06 +0200 Subject: [PATCH 15/45] Unfortunately, we cannot support docker snap installations, cf. https://askubuntu.com/questions/1374480/docker-compose-installed-with-snap-gives-error-on-yml-file This reverts commit 292d71b6c267a1ac631c9d173acc00adbd618034. --- lib/functions.sh | 16 ---------------- lib/setup-bridgehead-units.sh | 6 ------ lib/systemd/bridgehead@.service | 2 +- 3 files changed, 1 insertion(+), 23 deletions(-) diff --git a/lib/functions.sh b/lib/functions.sh index 7367c66..b5a03a0 100755 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -11,22 +11,6 @@ detectCompose() { fi } -# https://unix.stackexchange.com/questions/539147 -systemctl-exists() { - [ $(systemctl list-unit-files "${1}*" | wc -l) -gt 3 ] -} - -dockerUnitName() { - if systemctl-exists docker.service; then - echo "docker.service" - elif systemctl-exists snap.docker.dockerd.service; then - echo "snap.docker.dockerd.service" - else - log ERROR "Unable to detect docker systemd unit." - fail_and_report 1 "Unable to detect docker systemd unit." - fi -} - exitIfNotRoot() { if [ "$EUID" -ne 0 ]; then log "ERROR" "Please run as root" diff --git a/lib/setup-bridgehead-units.sh b/lib/setup-bridgehead-units.sh index fa50fd5..57f7df5 100755 --- a/lib/setup-bridgehead-units.sh +++ b/lib/setup-bridgehead-units.sh @@ -40,12 +40,6 @@ cp -v \ lib/systemd/bridgehead-update\@.timer \ /etc/systemd/system/ -log INFO "Setting Docker unit ..." - -for file in $(find /etc/systemd/system -mindepth 1 -maxdepth 1 -type f -name "bridgehead*"); do - sed -i "s/DOCKER_UNIT_NAME/$(dockerUnitName)/g" $file -done - systemctl daemon-reload log INFO "Trying to update your bridgehead ..." diff --git a/lib/systemd/bridgehead@.service b/lib/systemd/bridgehead@.service index 253eb8a..7645793 100644 --- a/lib/systemd/bridgehead@.service +++ b/lib/systemd/bridgehead@.service @@ -1,6 +1,6 @@ [Unit] Description=Bridgehead (%i) -Requires=DOCKER_UNIT_NAME +Requires=docker.service [Service] User=bridgehead From b232fdb926236ba0e8ca817ea6e2ebca59a66f1e Mon Sep 17 00:00:00 2001 From: "p.delpy@dkfz-heidelberg.de" Date: Wed, 2 Nov 2022 09:30:57 +0100 Subject: [PATCH 16/45] remove http ports --- ccp/nngm-compose.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/ccp/nngm-compose.yml b/ccp/nngm-compose.yml index 478af29..c212fed 100644 --- a/ccp/nngm-compose.yml +++ b/ccp/nngm-compose.yml @@ -11,8 +11,6 @@ services: NNGM_CTS_APIKEY: ${NNGM_CTS_APIKEY} NNGM_CRYPTKEY: ${NNGM_CRYPTKEY} restart: always - ports: - - "8080:8080" labels: - "traefik.enable=true" - "traefik.http.routers.connector.rule=PathPrefix(`/ccp-connector`)" From 0e10205f1a97179a002b650f4eb31604860ccd5b Mon Sep 17 00:00:00 2001 From: Torben Brenner Date: Tue, 25 Oct 2022 15:30:14 +0200 Subject: [PATCH 17/45] fix: LDM Password is now generated at Installation --- lib/setup-bridgehead-units.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/lib/setup-bridgehead-units.sh b/lib/setup-bridgehead-units.sh index 57f7df5..f99bab0 100755 --- a/lib/setup-bridgehead-units.sh +++ b/lib/setup-bridgehead-units.sh @@ -33,6 +33,19 @@ Cmnd_Alias BRIDGEHEAD${PROJECT^^} = \\ bridgehead ALL= NOPASSWD: BRIDGEHEAD${PROJECT^^} EOF +log "INFO" "Now generating a password for the local datamangement. Please safe the password for your ETL process!" +generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" + +log "INFO" "Your generated credentials are:\n user: $PROJECT\n password: $generated_passwd" +parsed_passwd=$(docker run --rm -it httpd:latest htpasswd -nb $PROJECT $generated_passwd) + +mkdir /etc/systemd/system/bridgehead@${PROJECT}.service.d +cat < /etc/systemd/system/bridgehead@${PROJECT}.service.d/environment.conf +[Service] +Environment=bc_auth_users=${parsed_passwd} +EOF + + log "INFO" "Register system units for bridgehead and bridgehead-update" cp -v \ lib/systemd/bridgehead\@.service \ From ee3ea2b51416cbd2bf3c58dc333cea977cfb3e3e Mon Sep 17 00:00:00 2001 From: Patrick Skowronek Date: Wed, 26 Oct 2022 10:42:07 +0200 Subject: [PATCH 18/45] Updated README --- README.md | 129 +++++------------------------------------------------- 1 file changed, 12 insertions(+), 117 deletions(-) diff --git a/README.md b/README.md index 055a008..06ffcea 100644 --- a/README.md +++ b/README.md @@ -204,141 +204,36 @@ To shutdown the bridgehead just run. /srv/docker/bridgehead/bridgehead stop ``` -### Systemd service configuration +### Local Datamanagement Security For a server, we highly recommend that you install the system units for managing the bridgehead, provided by us. You can do this by executing the [bridgehead](./bridgehead) script: ``` shell sudo /srv/docker/bridgehead/bridgehead install ``` -This will install the systemd units to run and update the bridghead. - -Finally, you need to configure your sites secrets. These are places as configuration for each bridgehead system unit. Refer to the section for your specific project: - -For Every project you need to set the proxy this way, if you have one. This is done with the ```systemctl edit``` comand. - -``` shell -sudo systemctl edit bridgehead@.service; -sudo systemctl edit bridgehead-update@.service; -``` - -``` conf -[Service] -Environment=http_proxy= -Environment=https_proxy= -``` - -There a further configurations for each project. - -#### CCP(DKTK/C4) - -For the federate search please follow the basic auth configuration step. - -### DKTK/C4 - -You can create the site specific configuration with: - - -This will open your default editor allowing you to edit the docker system units configuration. Insert the following lines in the editor and define your machines secrets. You share some of the ID-Management secrets with the central patientlist (Mainz) and controlnumbergenerator (Frankfurt). Refer to the ["Configuration" section](#configuration) for this. - -``` conf -[Service] -Environment=http_proxy= -Environment=https_proxy= -``` - -To make the configuration effective, you need to tell systemd to reload the configuration and restart the docker service: - -``` shell -sudo systemctl daemon-reload; -sudo systemctl bridgehead@ccp.service; -``` - -You can create the site specific configuration with: - -``` shell -sudo systemctl edit bridgehead@c4.service; -``` - -This will open your default editor allowing you to edit the docker system units configuration. Insert the following lines in the editor and define your machines secrets. You share some of the ID-Management secrets with the central patientlist (Mainz) and controlnumbergenerator (Frankfurt). Refer to the ["Configuration" section](#configuration) for this. - -``` conf -[Service] -Environment=http_proxy= -Environment=https_proxy= -Environment=HOSTIP= -Environment=HOST= -Environment=HTTP_PROXY_USER= -Environment=HTTP_PROXY_PASSWORD= -Environment=HTTPS_PROXY_USER= -Environment=HTTPS_PROXY_PASSWORD= -Environment=CONNECTOR_POSTGRES_PASS= -Environment=ML_DB_PASS= -Environment=MAGICPL_API_KEY= -Environment=MAGICPL_MAINZELLISTE_API_KEY= -Environment=MAGICPL_API_KEY_CONNECTOR= -Environment=MAGICPL_MAINZELLISTE_CENTRAL_API_KEY= -Environment=MAGICPL_CENTRAL_API_KEY= -Environment=MAGICPL_OIDC_CLIENT_ID= -Environment=MAGICPL_OIDC_CLIENT_SECRET= -``` - -To make the configuration effective, you need to tell systemd to reload the configuration and restart the docker service: - -``` shell -sudo systemctl daemon-reload; -sudo systemctl bridgehead@c4.service; -``` -### GBA/BBMRI-ERIC - -You can create the site specific configuration with: - -``` shell -sudo systemctl edit bridgehead@gbn.service; -``` - -This will open your default editor allowing you to edit the docker system units configuration. Insert the following lines in the editor and define your machines secrets. - -``` conf -[Service] -Environment=HOSTIP= -Environment=HOST= -Environment=HTTP_PROXY_USER= -Environment=HTTP_PROXY_PASSWORD= -Environment=HTTPS_PROXY_USER= -Environment=HTTPS_PROXY_PASSWORD= -Environment=CONNECTOR_POSTGRES_PASS= -``` - -To make the configuration effective, you need to tell systemd to reload the configuration and restart the docker service: - -``` shell -sudo systemctl daemon-reload; -sudo systemctl bridgehead@gbn.service; -``` - -## Configuration +This will install the systemd units to run and update the bridghead. Also, this will generate a user and password for accessing the LDM. This will be shown only the first time you install the bridgehead. ### Basic Auth -For Data protection we use basic authenfication for some services. To access those services you need an username and password combination. If you start the bridgehead without basic auth, then those services are not accesbile. We provide a script which set the needed config for you, just run the script and follow the instructions. +For Data protection we use basic authenfication for some services. To access those services you need an username and password combination. +Cation: If you start the bridgehead without the authenfication, then those services are not accesbile. +We generate such a combination at the first install. Also, we provide a script which generates such a combination for you. ``` shell add_user.sh ``` -The result needs to be set in either in the systemd service or in your console. +The script will print the hashed user password combination. Please put the combination to the ```/etc/bridgehead/.local.conf``` +It should look like this -#### Console - -When just running the bridgehead you need to export the auth variable. Be aware that this export is only for the current session in the environment and after exit it will not be accessible anymore. - -``` shell -export bc_auth_user= +```conf +LDM_Password=':$...$.....$...............' ``` -Cation: you need to escape occrring dollar signs. +You can use the ```add_bc_auth_user.sh``` script to generate an another user and add it to the ```.local.conf``` wiht comma seperation. + +## Configuration #### systemd From ce386f5a2a156f41ea371d3e5262ea601c717b15 Mon Sep 17 00:00:00 2001 From: Torben Brenner Date: Wed, 26 Oct 2022 10:48:55 +0200 Subject: [PATCH 19/45] fix: Moved LDM Password to /etc/bridgehead --- ccp/docker-compose.yml | 4 ++-- lib/setup-bridgehead-units.sh | 19 +++++++++---------- 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/ccp/docker-compose.yml b/ccp/docker-compose.yml index 3074f31..dfc7d34 100644 --- a/ccp/docker-compose.yml +++ b/ccp/docker-compose.yml @@ -21,7 +21,7 @@ services: - "traefik.http.routers.dashboard.service=api@internal" - "traefik.http.routers.dashboard.tls=true" - "traefik.http.routers.dashboard.middlewares=auth" - - "traefik.http.middlewares.auth.basicauth.users=${bc_auth_users}" + - "traefik.http.middlewares.auth.basicauth.users=${LDM_LOGIN}" ports: - 80:80 - 443:443 @@ -65,7 +65,7 @@ services: - "blaze-data:/app/data" labels: - "traefik.enable=true" - - "traefik.http.middlewares.ccp-auth.basicauth.users=${bc_auth_users}" + - "traefik.http.middlewares.ccp-auth.basicauth.users=${LDM_LOGIN}" - "traefik.http.routers.blaze_ccp.rule=PathPrefix(`/ccp-localdatamanagement`)" - "traefik.http.middlewares.ccp_b_strip.stripprefix.prefixes=/ccp-localdatamanagement" - "traefik.http.services.blaze_ccp.loadbalancer.server.port=8080" diff --git a/lib/setup-bridgehead-units.sh b/lib/setup-bridgehead-units.sh index f99bab0..7518f3a 100755 --- a/lib/setup-bridgehead-units.sh +++ b/lib/setup-bridgehead-units.sh @@ -33,18 +33,17 @@ Cmnd_Alias BRIDGEHEAD${PROJECT^^} = \\ bridgehead ALL= NOPASSWD: BRIDGEHEAD${PROJECT^^} EOF -log "INFO" "Now generating a password for the local datamangement. Please safe the password for your ETL process!" -generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" +# TODO: Determine wether this should be located in setup-bridgehead (triggered through bridgehead install) or in update bridgehead (triggered every hour) +if [ -z "$LDM_LOGIN" ]; then + log "INFO" "Now generating a password for the local datamangement. Please safe the password for your ETL process!" + generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" -log "INFO" "Your generated credentials are:\n user: $PROJECT\n password: $generated_passwd" -parsed_passwd=$(docker run --rm -it httpd:latest htpasswd -nb $PROJECT $generated_passwd) - -mkdir /etc/systemd/system/bridgehead@${PROJECT}.service.d -cat < /etc/systemd/system/bridgehead@${PROJECT}.service.d/environment.conf -[Service] -Environment=bc_auth_users=${parsed_passwd} -EOF + log "INFO" "Your generated credentials are:\n user: $PROJECT\n password: $generated_passwd" + parsed_passwd=$(docker run --rm -it httpd:latest htpasswd -nb $PROJECT $generated_passwd | tr -d '\n') + log "INFO" "These credentials are now written to /etc/bridgehead/${PROJECT}.local.conf" + echo "LDM_LOGIN='${parsed_passwd}'" >> /etc/bridgehead/${PROJECT}.local.conf; +fi log "INFO" "Register system units for bridgehead and bridgehead-update" cp -v \ From 7ea5e928fcf81f693b7e1e7bcd95b4b4bdcf8233 Mon Sep 17 00:00:00 2001 From: "p.delpy@dkfz-heidelberg.de" Date: Thu, 3 Nov 2022 09:26:01 +0100 Subject: [PATCH 20/45] Removed add_bc_user.sh --- README.md | 20 +++----------------- bbmri/docker-compose.yml | 4 ++-- lib/add_bc_user.sh | 10 ---------- lib/setup-bridgehead-units.sh | 5 +++-- 4 files changed, 8 insertions(+), 31 deletions(-) delete mode 100755 lib/add_bc_user.sh diff --git a/README.md b/README.md index 06ffcea..0e4c762 100644 --- a/README.md +++ b/README.md @@ -215,23 +215,9 @@ This will install the systemd units to run and update the bridghead. Also, this ### Basic Auth -For Data protection we use basic authenfication for some services. To access those services you need an username and password combination. -Cation: If you start the bridgehead without the authenfication, then those services are not accesbile. -We generate such a combination at the first install. Also, we provide a script which generates such a combination for you. - -``` shell -add_user.sh -``` - -The script will print the hashed user password combination. Please put the combination to the ```/etc/bridgehead/.local.conf``` - -It should look like this - -```conf -LDM_Password=':$...$.....$...............' -``` - -You can use the ```add_bc_auth_user.sh``` script to generate an another user and add it to the ```.local.conf``` wiht comma seperation. +For Data protection we use basic authentification for some services. To access those services you need an username and password combination. +Caution: If you start the bridgehead without the authentification, then those services are not accessible. +We generate such a combination at the first install (`/etc/bridgehead/.local.conf`). ## Configuration diff --git a/bbmri/docker-compose.yml b/bbmri/docker-compose.yml index ee35119..4188714 100644 --- a/bbmri/docker-compose.yml +++ b/bbmri/docker-compose.yml @@ -21,7 +21,7 @@ services: - "traefik.http.routers.dashboard.service=api@internal" - "traefik.http.routers.dashboard.tls=true" - "traefik.http.routers.dashboard.middlewares=auth" - - "traefik.http.middlewares.auth.basicauth.users=${bc_auth_users}" + - "traefik.http.middlewares.auth.basicauth.users=${LDM_LOGIN}" ports: - 80:80 - 443:443 @@ -65,7 +65,7 @@ services: - "blaze-data:/app/data" labels: - "traefik.enable=true" - - "traefik.http.middlewares.ccp-auth.basicauth.users=${bc_auth_users}" + - "traefik.http.middlewares.ccp-auth.basicauth.users=${LDM_LOGIN}" - "traefik.http.routers.blaze_ccp.rule=PathPrefix(`/bbmri-localdatamanagement`)" - "traefik.http.middlewares.ccp_b_strip.stripprefix.prefixes=/bbmri-localdatamanagement" - "traefik.http.services.blaze_ccp.loadbalancer.server.port=8080" diff --git a/lib/add_bc_user.sh b/lib/add_bc_user.sh deleted file mode 100755 index 8185658..0000000 --- a/lib/add_bc_user.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash -e -source lib/functions.sh - -log "INFO" "This script add's a user with password to the bridghead" - -read -p 'Username: ' bc_user -read -sp 'Password: ' bc_password - -log "INFO" "\nPlease export the line in the your environment. Please replace the dollar signs with with \\\$" -docker run --rm -it httpd:latest htpasswd -nb $bc_user $bc_password diff --git a/lib/setup-bridgehead-units.sh b/lib/setup-bridgehead-units.sh index 7518f3a..820d6f6 100755 --- a/lib/setup-bridgehead-units.sh +++ b/lib/setup-bridgehead-units.sh @@ -39,10 +39,11 @@ if [ -z "$LDM_LOGIN" ]; then generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" log "INFO" "Your generated credentials are:\n user: $PROJECT\n password: $generated_passwd" - parsed_passwd=$(docker run --rm -it httpd:latest htpasswd -nb $PROJECT $generated_passwd | tr -d '\n') + parsed_passwd=$(docker run --rm -it httpd:latest htpasswd -nb $PROJECT $generated_passwd | tr -d '\n' | tr -d '\r') + printf "##Localdatamanagement basic auth\n#User: $PROJECT\n#Password: $generated_passwd\n" >> /etc/bridgehead/${PROJECT}.local.conf; log "INFO" "These credentials are now written to /etc/bridgehead/${PROJECT}.local.conf" - echo "LDM_LOGIN='${parsed_passwd}'" >> /etc/bridgehead/${PROJECT}.local.conf; + echo -n "LDM_LOGIN='${parsed_passwd}'" >> /etc/bridgehead/${PROJECT}.local.conf; fi log "INFO" "Register system units for bridgehead and bridgehead-update" From 038d8d69f69be0576516eb78a2ceb23835de06e3 Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Thu, 3 Nov 2022 17:19:15 +0100 Subject: [PATCH 21/45] Make LDM password nicer --- bbmri/docker-compose.yml | 3 +-- bridgehead | 1 + ccp/docker-compose.yml | 3 +-- lib/functions.sh | 7 +++++++ lib/setup-bridgehead-units.sh | 7 ++----- 5 files changed, 12 insertions(+), 9 deletions(-) diff --git a/bbmri/docker-compose.yml b/bbmri/docker-compose.yml index 4188714..b1a47b5 100644 --- a/bbmri/docker-compose.yml +++ b/bbmri/docker-compose.yml @@ -65,11 +65,10 @@ services: - "blaze-data:/app/data" labels: - "traefik.enable=true" - - "traefik.http.middlewares.ccp-auth.basicauth.users=${LDM_LOGIN}" - "traefik.http.routers.blaze_ccp.rule=PathPrefix(`/bbmri-localdatamanagement`)" - "traefik.http.middlewares.ccp_b_strip.stripprefix.prefixes=/bbmri-localdatamanagement" - "traefik.http.services.blaze_ccp.loadbalancer.server.port=8080" - - "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,ccp-auth" + - "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,auth" - "traefik.http.routers.blaze_ccp.tls=true" spot: diff --git a/bridgehead b/bridgehead index f18311a..3297c65 100755 --- a/bridgehead +++ b/bridgehead @@ -59,6 +59,7 @@ if [ -f "$PROJECT/docker-compose.override.yml" ]; then fi detectCompose +setLdmPassword case "$ACTION" in start) diff --git a/ccp/docker-compose.yml b/ccp/docker-compose.yml index dfc7d34..989cc84 100644 --- a/ccp/docker-compose.yml +++ b/ccp/docker-compose.yml @@ -65,11 +65,10 @@ services: - "blaze-data:/app/data" labels: - "traefik.enable=true" - - "traefik.http.middlewares.ccp-auth.basicauth.users=${LDM_LOGIN}" - "traefik.http.routers.blaze_ccp.rule=PathPrefix(`/ccp-localdatamanagement`)" - "traefik.http.middlewares.ccp_b_strip.stripprefix.prefixes=/ccp-localdatamanagement" - "traefik.http.services.blaze_ccp.loadbalancer.server.port=8080" - - "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,ccp-auth" + - "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,auth" - "traefik.http.routers.blaze_ccp.tls=true" spot: diff --git a/lib/functions.sh b/lib/functions.sh index b5a03a0..3dd47cb 100755 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -11,6 +11,13 @@ detectCompose() { fi } +setLdmPassword() { + if [ -z "$LDM_PASSWORD" ]; then + log DEBUG "Transforming LDM_PASSWORD into LDM_LOGIN ..." + LDM_LOGIN=$(docker run --rm -it httpd:alpine htpasswd -nb $PROJECT $LDM_PASSWORD | tr -d '\n' | tr -d '\r') + fi +} + exitIfNotRoot() { if [ "$EUID" -ne 0 ]; then log "ERROR" "Please run as root" diff --git a/lib/setup-bridgehead-units.sh b/lib/setup-bridgehead-units.sh index 820d6f6..519f224 100755 --- a/lib/setup-bridgehead-units.sh +++ b/lib/setup-bridgehead-units.sh @@ -35,15 +35,12 @@ EOF # TODO: Determine wether this should be located in setup-bridgehead (triggered through bridgehead install) or in update bridgehead (triggered every hour) if [ -z "$LDM_LOGIN" ]; then - log "INFO" "Now generating a password for the local datamangement. Please safe the password for your ETL process!" + log "INFO" "Now generating a password for the local data management. Please save the password for your ETL process!" generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" log "INFO" "Your generated credentials are:\n user: $PROJECT\n password: $generated_passwd" parsed_passwd=$(docker run --rm -it httpd:latest htpasswd -nb $PROJECT $generated_passwd | tr -d '\n' | tr -d '\r') - printf "##Localdatamanagement basic auth\n#User: $PROJECT\n#Password: $generated_passwd\n" >> /etc/bridgehead/${PROJECT}.local.conf; - - log "INFO" "These credentials are now written to /etc/bridgehead/${PROJECT}.local.conf" - echo -n "LDM_LOGIN='${parsed_passwd}'" >> /etc/bridgehead/${PROJECT}.local.conf; + echo -e "## Local Data Management Basic Authentication\n# User: $PROJECT\nLDM_PASSWORD=$generated_passwd" >> /etc/bridgehead/${PROJECT}.local.conf; fi log "INFO" "Register system units for bridgehead and bridgehead-update" From 6394e1fa822a6b295740866458a246542d64bcc1 Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Thu, 3 Nov 2022 17:23:25 +0100 Subject: [PATCH 22/45] Check for LDM_PASSWORD --- lib/functions.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/functions.sh b/lib/functions.sh index 3dd47cb..e55d31a 100755 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -12,7 +12,7 @@ detectCompose() { } setLdmPassword() { - if [ -z "$LDM_PASSWORD" ]; then + if [ -n "$LDM_PASSWORD" ]; then log DEBUG "Transforming LDM_PASSWORD into LDM_LOGIN ..." LDM_LOGIN=$(docker run --rm -it httpd:alpine htpasswd -nb $PROJECT $LDM_PASSWORD | tr -d '\n' | tr -d '\r') fi From a9864a928c70c1ae42ac8c6b5eb297b3aafb8c91 Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Thu, 3 Nov 2022 17:26:29 +0100 Subject: [PATCH 23/45] Remove unnecessary docker run --- lib/setup-bridgehead-units.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/setup-bridgehead-units.sh b/lib/setup-bridgehead-units.sh index 519f224..34ab6dc 100755 --- a/lib/setup-bridgehead-units.sh +++ b/lib/setup-bridgehead-units.sh @@ -39,7 +39,6 @@ if [ -z "$LDM_LOGIN" ]; then generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" log "INFO" "Your generated credentials are:\n user: $PROJECT\n password: $generated_passwd" - parsed_passwd=$(docker run --rm -it httpd:latest htpasswd -nb $PROJECT $generated_passwd | tr -d '\n' | tr -d '\r') echo -e "## Local Data Management Basic Authentication\n# User: $PROJECT\nLDM_PASSWORD=$generated_passwd" >> /etc/bridgehead/${PROJECT}.local.conf; fi From 729d4e2c1e242798c80d57ef360f169fb435644c Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Thu, 3 Nov 2022 17:29:52 +0100 Subject: [PATCH 24/45] Check against LDM_PASSWORD --- bridgehead | 2 +- lib/setup-bridgehead-units.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/bridgehead b/bridgehead index 3297c65..babfaab 100755 --- a/bridgehead +++ b/bridgehead @@ -59,13 +59,13 @@ if [ -f "$PROJECT/docker-compose.override.yml" ]; then fi detectCompose -setLdmPassword case "$ACTION" in start) hc_send log "Bridgehead $PROJECT startup: Checking requirements ..." checkRequirements hc_send log "Bridgehead $PROJECT startup: Requirements checked out. Now starting bridgehead ..." + setLdmPassword exec $COMPOSE -f ./$PROJECT/docker-compose.yml $OVERRIDE up --abort-on-container-exit ;; stop) diff --git a/lib/setup-bridgehead-units.sh b/lib/setup-bridgehead-units.sh index 34ab6dc..c5bb421 100755 --- a/lib/setup-bridgehead-units.sh +++ b/lib/setup-bridgehead-units.sh @@ -34,7 +34,7 @@ bridgehead ALL= NOPASSWD: BRIDGEHEAD${PROJECT^^} EOF # TODO: Determine wether this should be located in setup-bridgehead (triggered through bridgehead install) or in update bridgehead (triggered every hour) -if [ -z "$LDM_LOGIN" ]; then +if [ -z "$LDM_PASSWORD" ]; then log "INFO" "Now generating a password for the local data management. Please save the password for your ETL process!" generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" From 3ead08fae146b78edd50097f13ef00dec9b78c19 Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Thu, 3 Nov 2022 17:38:46 +0100 Subject: [PATCH 25/45] Add export --- lib/functions.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/functions.sh b/lib/functions.sh index e55d31a..0a0ab0a 100755 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -14,7 +14,7 @@ detectCompose() { setLdmPassword() { if [ -n "$LDM_PASSWORD" ]; then log DEBUG "Transforming LDM_PASSWORD into LDM_LOGIN ..." - LDM_LOGIN=$(docker run --rm -it httpd:alpine htpasswd -nb $PROJECT $LDM_PASSWORD | tr -d '\n' | tr -d '\r') + export LDM_LOGIN=$(docker run --rm -it httpd:alpine htpasswd -nb $PROJECT $LDM_PASSWORD | tr -d '\n' | tr -d '\r') fi } From 6cd682e42c4b1d2c6fd4e55d2cd789a4a7855416 Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Thu, 3 Nov 2022 17:41:05 +0100 Subject: [PATCH 26/45] Add export --- bridgehead | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bridgehead b/bridgehead index babfaab..fc454fd 100755 --- a/bridgehead +++ b/bridgehead @@ -65,7 +65,9 @@ case "$ACTION" in hc_send log "Bridgehead $PROJECT startup: Checking requirements ..." checkRequirements hc_send log "Bridgehead $PROJECT startup: Requirements checked out. Now starting bridgehead ..." + set -a setLdmPassword + set +a exec $COMPOSE -f ./$PROJECT/docker-compose.yml $OVERRIDE up --abort-on-container-exit ;; stop) From 62b8cabb31bb6019f0a74a04b24538201b374ebb Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Thu, 3 Nov 2022 18:14:11 +0100 Subject: [PATCH 27/45] Fix getting LDM_LOGIN --- bridgehead | 4 +--- lib/functions.sh | 7 ++++--- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/bridgehead b/bridgehead index fc454fd..68e8933 100755 --- a/bridgehead +++ b/bridgehead @@ -65,9 +65,7 @@ case "$ACTION" in hc_send log "Bridgehead $PROJECT startup: Checking requirements ..." checkRequirements hc_send log "Bridgehead $PROJECT startup: Requirements checked out. Now starting bridgehead ..." - set -a - setLdmPassword - set +a + export LDM_LOGIN=$(getLdmPassword) exec $COMPOSE -f ./$PROJECT/docker-compose.yml $OVERRIDE up --abort-on-container-exit ;; stop) diff --git a/lib/functions.sh b/lib/functions.sh index 0a0ab0a..6c81d7b 100755 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -11,10 +11,11 @@ detectCompose() { fi } -setLdmPassword() { +getLdmPassword() { if [ -n "$LDM_PASSWORD" ]; then - log DEBUG "Transforming LDM_PASSWORD into LDM_LOGIN ..." - export LDM_LOGIN=$(docker run --rm -it httpd:alpine htpasswd -nb $PROJECT $LDM_PASSWORD | tr -d '\n' | tr -d '\r') + docker run --rm httpd:alpine htpasswd -nb $PROJECT $LDM_PASSWORD | tr -d '\n' | tr -d '\r' + else + echo -n "" fi } From 1b0fd61863a81626fae76bf18699c7b88043169b Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Thu, 3 Nov 2022 18:15:45 +0100 Subject: [PATCH 28/45] Make local passwords longer --- lib/setup-bridgehead-units.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/setup-bridgehead-units.sh b/lib/setup-bridgehead-units.sh index c5bb421..d258c0b 100755 --- a/lib/setup-bridgehead-units.sh +++ b/lib/setup-bridgehead-units.sh @@ -36,7 +36,7 @@ EOF # TODO: Determine wether this should be located in setup-bridgehead (triggered through bridgehead install) or in update bridgehead (triggered every hour) if [ -z "$LDM_PASSWORD" ]; then log "INFO" "Now generating a password for the local data management. Please save the password for your ETL process!" - generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" + generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 32)" log "INFO" "Your generated credentials are:\n user: $PROJECT\n password: $generated_passwd" echo -e "## Local Data Management Basic Authentication\n# User: $PROJECT\nLDM_PASSWORD=$generated_passwd" >> /etc/bridgehead/${PROJECT}.local.conf; From 6b2168ff1111d5e9dd679c623b633ba2664ba268 Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Fri, 4 Nov 2022 13:09:11 +0100 Subject: [PATCH 29/45] Allow to read hostname from config file --- bridgehead | 1 + lib/functions.sh | 9 +++++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/bridgehead b/bridgehead index 68e8933..3054ebd 100755 --- a/bridgehead +++ b/bridgehead @@ -59,6 +59,7 @@ if [ -f "$PROJECT/docker-compose.override.yml" ]; then fi detectCompose +setHostname case "$ACTION" in start) diff --git a/lib/functions.sh b/lib/functions.sh index 6c81d7b..1ac7d60 100755 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -125,12 +125,17 @@ fail_and_report() { exit $1 } +setHostname() { + if [ -z "$HOST" ]; then + export HOST=$(hostname -f) + log DEBUG "Using auto-detected hostname $HOST." + fi +} + ##Setting Network properties # currently not needed #export HOSTIP=$(MSYS_NO_PATHCONV=1 docker run --rm --add-host=host.docker.internal:host-gateway ubuntu cat /etc/hosts | grep 'host.docker.internal' | awk '{print $1}'); -export HOST=$(hostname -f) - export PRODUCTION="false"; if [ "$(git branch --show-current)" == "main" ]; then export PRODUCTION="true"; From 9b3acb48995dee6334929537a3d4e999d9d5a0f3 Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Fri, 4 Nov 2022 15:26:27 +0100 Subject: [PATCH 30/45] Report git errors --- lib/functions.sh | 6 +++++- lib/update-bridgehead.sh | 9 +++++---- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/lib/functions.sh b/lib/functions.sh index 6c81d7b..bceb34a 100755 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -119,9 +119,13 @@ fixPermissions() { source lib/monitoring.sh -fail_and_report() { +report_error() { log ERROR "$2" hc_send $1 "$2" +} + +fail_and_report() { + report_error $@ exit $1 } diff --git a/lib/update-bridgehead.sh b/lib/update-bridgehead.sh index 7212d13..636c585 100755 --- a/lib/update-bridgehead.sh +++ b/lib/update-bridgehead.sh @@ -43,12 +43,13 @@ for DIR in /etc/bridgehead $(pwd); do old_git_hash="$(git -C $DIR rev-parse --verify HEAD)" if [ -z "$HTTP_PROXY_URL" ]; then log "INFO" "Git is using no proxy!" - git -C $DIR fetch 2>&1 - git -C $DIR pull 2>&1 + OUT=$(git -C $DIR fetch 2>&1 && git -C $DIR pull 2>&1) else log "INFO" "Git is using proxy ${HTTP_PROXY_URL} from ${CONFFILE}" - git -c http.proxy=$HTTP_PROXY_URL -c https.proxy=$HTTPS_PROXY_URL -C $DIR fetch 2>&1 - git -c http.proxy=$HTTP_PROXY_URL -c https.proxy=$HTTPS_PROXY_URL -C $DIR pull 2>&1 + OUT=$(git -c http.proxy=$HTTP_PROXY_URL -c https.proxy=$HTTPS_PROXY_URL -C $DIR fetch 2>&1 && git -c http.proxy=$HTTP_PROXY_URL -c https.proxy=$HTTPS_PROXY_URL -C $DIR pull 2>&1) + fi + if [ $? -ne 0 ]; then + report_error 1 "Unable to update git $DIR: $OUT" fi new_git_hash="$(git -C $DIR rev-parse --verify HEAD)" if [ "$old_git_hash" != "$new_git_hash" ]; then From ebc1b87dc2b24e01dfac6c0e28ff2c996da82923 Mon Sep 17 00:00:00 2001 From: Torben Brenner Date: Fri, 4 Nov 2022 15:54:08 +0100 Subject: [PATCH 31/45] feature: Added warning for modified working directories --- lib/update-bridgehead.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/update-bridgehead.sh b/lib/update-bridgehead.sh index 636c585..a62f7fa 100755 --- a/lib/update-bridgehead.sh +++ b/lib/update-bridgehead.sh @@ -51,6 +51,11 @@ for DIR in /etc/bridgehead $(pwd); do if [ $? -ne 0 ]; then report_error 1 "Unable to update git $DIR: $OUT" fi + OUT="$(git -C $DIR status --porcelain)" + if [ -n "$OUT" ]; then + report_error 1 "The workingdirectory in $DIR is modified. Following files are changed: $OUT" + fi + new_git_hash="$(git -C $DIR rev-parse --verify HEAD)" if [ "$old_git_hash" != "$new_git_hash" ]; then CHANGE="Updated git repository in ${DIR} from commit $old_git_hash to $new_git_hash" From 8c18426d283545323d73d96145f18ec3255695d8 Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Fri, 4 Nov 2022 16:12:08 +0100 Subject: [PATCH 32/45] Move warning up --- lib/update-bridgehead.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/update-bridgehead.sh b/lib/update-bridgehead.sh index a62f7fa..69b3887 100755 --- a/lib/update-bridgehead.sh +++ b/lib/update-bridgehead.sh @@ -36,6 +36,11 @@ CHANGES="" git_updated="false" for DIR in /etc/bridgehead $(pwd); do log "INFO" "Checking for updates to git repo $DIR ..." + OUT="$(git -C $DIR status --porcelain)" + if [ -n "$OUT" ]; then + log WARN "The working directory $DIR is modified. Changed files: $OUT" + report_error 1 "The working directory $DIR is modified. Changed files: $OUT" + fi if [ "$(git -C $DIR config --get credential.helper)" != "$CREDHELPER" ]; then log "INFO" "Configuring repo to use bridgehead git credential helper." git -C $DIR config credential.helper "$CREDHELPER" @@ -51,10 +56,6 @@ for DIR in /etc/bridgehead $(pwd); do if [ $? -ne 0 ]; then report_error 1 "Unable to update git $DIR: $OUT" fi - OUT="$(git -C $DIR status --porcelain)" - if [ -n "$OUT" ]; then - report_error 1 "The workingdirectory in $DIR is modified. Following files are changed: $OUT" - fi new_git_hash="$(git -C $DIR rev-parse --verify HEAD)" if [ "$old_git_hash" != "$new_git_hash" ]; then From ceda942731361772f88eb4d890cd01a6e32a317e Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Fri, 4 Nov 2022 16:12:24 +0100 Subject: [PATCH 33/45] Remove errors in old git versions --- lib/functions.sh | 5 ----- 1 file changed, 5 deletions(-) diff --git a/lib/functions.sh b/lib/functions.sh index bceb34a..b308abb 100755 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -134,8 +134,3 @@ fail_and_report() { #export HOSTIP=$(MSYS_NO_PATHCONV=1 docker run --rm --add-host=host.docker.internal:host-gateway ubuntu cat /etc/hosts | grep 'host.docker.internal' | awk '{print $1}'); export HOST=$(hostname -f) - -export PRODUCTION="false"; -if [ "$(git branch --show-current)" == "main" ]; then - export PRODUCTION="true"; -fi From 3234a81aa216b400d7db0beb7885148e5489ee8b Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Fri, 4 Nov 2022 16:18:30 +0100 Subject: [PATCH 34/45] Report current git commits --- lib/prerequisites.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/prerequisites.sh b/lib/prerequisites.sh index 859b690..c2a4e34 100755 --- a/lib/prerequisites.sh +++ b/lib/prerequisites.sh @@ -71,7 +71,10 @@ else exit 1 fi -log INFO "Success - all prerequisites are met!" -hc_send log "Success - all prerequisites are met!" +COMMIT_ETC=$(git -C /etc/bridgehead rev-parse HEAD | cut -c -8) +COMMIT_SRV=$(git -C /srv/docker/bridgehead rev-parse HEAD | cut -c -8) + +log INFO "Success - all prerequisites are met! Git commits: etc:$COMMIT_ETC srv:$COMMIT_SRV" +hc_send log "Success - all prerequisites are met! Git commits: etc:$COMMIT_ETC srv:$COMMIT_SRV" exit 0 From 895ee372964fb208ad96dff352991ee4507e957c Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Fri, 4 Nov 2022 17:18:09 +0100 Subject: [PATCH 35/45] Report git commits in user agent to monitoring --- lib/monitoring.sh | 11 +++++++++-- lib/prerequisites.sh | 7 ++----- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/lib/monitoring.sh b/lib/monitoring.sh index 8744d7f..07509fd 100755 --- a/lib/monitoring.sh +++ b/lib/monitoring.sh @@ -11,6 +11,7 @@ function hc_set_service(){ } UPTIME= +USER_AGENT="git-unknown" function hc_send(){ if [ -n "$MONITOR_APIKEY" ]; then @@ -32,10 +33,16 @@ function hc_send(){ UPTIME=$(docker ps -a --format 'table {{.Names}} \t{{.RunningFor}} \t {{.Status}} \t {{.Image}}' --filter name=bridgehead || echo "Unable to get docker statistics") fi + if [ -z "$USER_AGENT" ]; then + COMMIT_ETC=$(git -C /etc/bridgehead rev-parse HEAD | cut -c -8) + COMMIT_SRV=$(git -C /srv/docker/bridgehead rev-parse HEAD | cut -c -8) + USER_AGENT="srv:$COMMIT_SRV etc:$COMMIT_ETC" + fi + if [ -n "$2" ]; then MSG="$2\n\nDocker stats:\n$UPTIME" - echo -e "$MSG" | https_proxy=$HTTPS_PROXY_URL curl -s -o /dev/null -X POST --data-binary @- "$HCURL"/"$1" || log WARN "Monitoring failed: Unable to send data to $HCURL/$1" + echo -e "$MSG" | https_proxy=$HTTPS_PROXY_URL curl -A "$USER_AGENT" -s -o /dev/null -X POST --data-binary @- "$HCURL"/"$1" || log WARN "Monitoring failed: Unable to send data to $HCURL/$1" else - https_proxy=$HTTPS_PROXY_URL curl -s -o /dev/null "$HCURL"/"$1" || log WARN "Monitoring failed: Unable to send data to $HCURL/$1" + https_proxy=$HTTPS_PROXY_URL curl -A "$USER_AGENT" -s -o /dev/null "$HCURL"/"$1" || log WARN "Monitoring failed: Unable to send data to $HCURL/$1" fi } diff --git a/lib/prerequisites.sh b/lib/prerequisites.sh index c2a4e34..859b690 100755 --- a/lib/prerequisites.sh +++ b/lib/prerequisites.sh @@ -71,10 +71,7 @@ else exit 1 fi -COMMIT_ETC=$(git -C /etc/bridgehead rev-parse HEAD | cut -c -8) -COMMIT_SRV=$(git -C /srv/docker/bridgehead rev-parse HEAD | cut -c -8) - -log INFO "Success - all prerequisites are met! Git commits: etc:$COMMIT_ETC srv:$COMMIT_SRV" -hc_send log "Success - all prerequisites are met! Git commits: etc:$COMMIT_ETC srv:$COMMIT_SRV" +log INFO "Success - all prerequisites are met!" +hc_send log "Success - all prerequisites are met!" exit 0 From b28fb2881cea5782b80c9e8d4367592fd400eccd Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Fri, 4 Nov 2022 17:20:17 +0100 Subject: [PATCH 36/45] Bugfix --- lib/monitoring.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/monitoring.sh b/lib/monitoring.sh index 07509fd..daa388f 100755 --- a/lib/monitoring.sh +++ b/lib/monitoring.sh @@ -11,7 +11,7 @@ function hc_set_service(){ } UPTIME= -USER_AGENT="git-unknown" +USER_AGENT= function hc_send(){ if [ -n "$MONITOR_APIKEY" ]; then From 865870ea9118af2d8a0886e4ce5dfb0cce09bf65 Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Fri, 4 Nov 2022 17:24:23 +0100 Subject: [PATCH 37/45] Until all BBMRI-ERIC bridgeheads are onboarded with git, don't consider missing git info an error --- lib/update-bridgehead.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/update-bridgehead.sh b/lib/update-bridgehead.sh index 69b3887..3201fc5 100755 --- a/lib/update-bridgehead.sh +++ b/lib/update-bridgehead.sh @@ -39,7 +39,7 @@ for DIR in /etc/bridgehead $(pwd); do OUT="$(git -C $DIR status --porcelain)" if [ -n "$OUT" ]; then log WARN "The working directory $DIR is modified. Changed files: $OUT" - report_error 1 "The working directory $DIR is modified. Changed files: $OUT" + report_error log "The working directory $DIR is modified. Changed files: $OUT" fi if [ "$(git -C $DIR config --get credential.helper)" != "$CREDHELPER" ]; then log "INFO" "Configuring repo to use bridgehead git credential helper." @@ -54,7 +54,7 @@ for DIR in /etc/bridgehead $(pwd); do OUT=$(git -c http.proxy=$HTTP_PROXY_URL -c https.proxy=$HTTPS_PROXY_URL -C $DIR fetch 2>&1 && git -c http.proxy=$HTTP_PROXY_URL -c https.proxy=$HTTPS_PROXY_URL -C $DIR pull 2>&1) fi if [ $? -ne 0 ]; then - report_error 1 "Unable to update git $DIR: $OUT" + report_error log "Unable to update git $DIR: $OUT" fi new_git_hash="$(git -C $DIR rev-parse --verify HEAD)" From bece71441ce9bf7106bdc96558411a72746af6e3 Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Tue, 8 Nov 2022 10:39:11 +0100 Subject: [PATCH 38/45] Support DNPM --- ccp/vars | 4 ++ dnpm/dnpm-compose.yml | 104 ++++++++++++++++++++++++++++++++ dnpm/dnpm-setup.sh | 11 ++++ dnpm/origin/Backend.Dockerfile | 66 ++++++++++++++++++++ dnpm/origin/Frontend.Dockerfile | 39 ++++++++++++ dnpm/origin/logback.xml | 37 ++++++++++++ 6 files changed, 261 insertions(+) create mode 100644 dnpm/dnpm-compose.yml create mode 100644 dnpm/dnpm-setup.sh create mode 100644 dnpm/origin/Backend.Dockerfile create mode 100644 dnpm/origin/Frontend.Dockerfile create mode 100644 dnpm/origin/logback.xml diff --git a/ccp/vars b/ccp/vars index f5f734e..c334d4e 100644 --- a/ccp/vars +++ b/ccp/vars @@ -11,3 +11,7 @@ PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem # This will load nngm setup. Effective only if nngm configuration is defined. source $PROJECT/nngm-setup.sh nngmSetup + +# This will load DNPM setup. Effective only if DNPM configuration is defined in /etc/bridgehead/dnpm. +source dnpm/dnpm-setup.sh +dnpmSetup diff --git a/dnpm/dnpm-compose.yml b/dnpm/dnpm-compose.yml new file mode 100644 index 0000000..1904123 --- /dev/null +++ b/dnpm/dnpm-compose.yml @@ -0,0 +1,104 @@ +version: "3.7" + +secrets: + connect_targets.json: + file: /etc/bridgehead/dnpm/local_targets.json + +services: +# traefik: +# command: +# - --entrypoints.dnpm-frontend.address=:3000 +# - --entrypoints.dnpm-backend.address=:9000 +# ports: +# - 3000:3000 +# - 9000:9000 + beam-proxy: + environment: + APP_2_ID: dnpm + APP_2_KEY: ${DNPM_BEAM_SECRET_SHORT} + + dnpm-beam-connect: + depends_on: [ beam-proxy ] + image: samply/beam-connect:sites-without-auth + environment: + PROXY_URL: http://beam-proxy:8081 + PROXY_APIKEY: ${DNPM_BEAM_SECRET_SHORT} + APP_ID: dnpm.${PROXY_ID} + DISCOVERY_URL: ${DNPM_DISCOVERY_URL} + LOCAL_TARGETS_FILE: /run/secrets/connect_targets.json + HTTP_PROXY: http://forward_proxy:3128 + HTTPS_PROXY: http://forward_proxy:3128 + NO_PROXY: proxy,dnpm-backend + RUST_LOG: ${RUST_LOG:-info} + secrets: + - connect_targets.json +# Enable this if you disable the internal DNPM backend/frontend +# ports: +# - 8062:8062 +# or the same via traefik: +# labels: +# - "traefik.enable=true" +# - "traefik.http.routers.connector.rule=PathPrefix(`/dnpm-connector`)" +# - "traefik.http.services.connector.loadbalancer.server.port=8062" +# - "traefik.http.routers.connector.tls=true" + + dnpm-frontend: + depends_on: [ dnpm-backend ] + build: + context: ./dnpm/origin + dockerfile: Frontend.Dockerfile + args: + NUXT_HOST: 0.0.0.0 + NUXT_PORT: 3000 + BACKEND_PROTOCOL: http + BACKEND_HOSTNAME: localhost + BACKEND_PORT: 9000 + DNPM_BWHC_FRONTEND_ZIP: ${DNPM_BWHC_FRONTEND_ZIP} + ports: + - 3000:3000 + environment: + BACKEND_PROTOCOL: http + BACKEND_HOSTNAME: localhost + BACKEND_PORT: 9000 + no_proxy: dnpm-backend +# labels: +# - "traefik.enable=true" +# - "traefik.http.routers.dnpm-frontend.entrypoints=dnpm-frontend" +# - "traefik.http.routers.dnpm-frontend.tls=true" +# - "traefik.http.services.dnpm-frontend.loadbalancer.server.port=3000" +## - "traefik.http.routers.dashboard.entrypoints=websecure" +## - "traefik.http.routers.dashboard.service=api@internal" +## - "traefik.http.routers.dashboard.tls=true" +## - "traefik.http.routers.dashboard.middlewares=auth" +## - "traefik.http.routers.dnpm-frontend.service=dnpm-frontend" + + dnpm-backend: + build: + context: ./dnpm/origin + dockerfile: Backend.Dockerfile + args: + BWHC_BASE_DIR: /bwhc-backend + DNPM_BWHC_BACKEND_ZIP: ${DNPM_BWHC_BACKEND_ZIP} + ports: + - 9000:9000 + environment: + APPLICATION_SECRET: ${DNPM_APPLICATION_SECRET} + ZPM_SITE: ${ZPM_SITE} + noproxy: dnpm-frontend,connect + # PLAY_HTTP_PORT: 9000 + # PLAY_HTTP_ADDRESS: 0.0.0.0 + volumes: + - ./origin/logback.xml:/bwhc-backend/logback.xml:ro + - /etc/bridgehead/dnpm/bwhcConnectorConfig.xml:/bwhc-backend/bwhcConnectorConfig.xml:ro + - /etc/bridgehead/dnpm/production.conf:/bwhc-backend/production.conf:ro + - bwhc_data:/bwhc-backend/data/ + - bwhc_hgnc_data:/bwhc-backend/hgnc_data/ +# labels: +# - "traefik.enable=true" +# - "traefik.http.routers.connector.rule=PathPrefix(`/dnpm-backend`)" +# - "traefik.http.services.connector.loadbalancer.server.port=9000" +# - "traefik.http.routers.connector.tls=true" + +volumes: + bwhc_data: + bwhc_hgnc_data: diff --git a/dnpm/dnpm-setup.sh b/dnpm/dnpm-setup.sh new file mode 100644 index 0000000..f8893a3 --- /dev/null +++ b/dnpm/dnpm-setup.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +function dnpmSetup() { + if [ -e /etc/bridgehead/dnpm/local_targets.json ]; then + log INFO "DNPM setup detected -- will start DNPM Connector." + source /etc/bridgehead/dnpm/shared-but-secret-vars || fail_and_report 1 "Unable to load /etc/bridgehead/dnpm/shared-but-secret-vars" + OVERRIDE+="-f ./dnpm/dnpm-compose.yml" + DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" + DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" + fi +} diff --git a/dnpm/origin/Backend.Dockerfile b/dnpm/origin/Backend.Dockerfile new file mode 100644 index 0000000..e37c008 --- /dev/null +++ b/dnpm/origin/Backend.Dockerfile @@ -0,0 +1,66 @@ +FROM openjdk:11-jre AS builder + +ARG DNPM_BWHC_BACKEND_ZIP + +# Change to latest release +ARG VERSION=broker + +ARG BWHC_BASE_DIR=/bwhc-backend + +ENV BWHC_BASE_DIR=$BWHC_BASE_DIR +ENV BWHC_USER_DB_DIR=$BWHC_BASE_DIR/data/user-db +ENV BWHC_DATA_ENTRY_DIR=$BWHC_BASE_DIR/data/data-entry +ENV BWHC_QUERY_DATA_DIR=$BWHC_BASE_DIR/data/query-data + +ADD ${DNPM_BWHC_BACKEND_ZIP} / +RUN unzip $(basename ${DNPM_BWHC_BACKEND_ZIP}) && rm $(basename ${DNPM_BWHC_BACKEND_ZIP}) + +WORKDIR $BWHC_BASE_DIR + +# Prepare config file to use environment variables from docker +RUN sed -i -r "s/APPLICATION_SECRET(.*)/#APPLICATION_SECRET\1/" ./config +RUN sed -i -r "s/ZPM_SITE(.*)/#ZPM_SITE\1/" ./config + +# Prepare config file to use fix environment variables for this image +RUN sed -i -r "s~BWHC_DATA_ENTRY_DIR.*~BWHC_DATA_ENTRY_DIR=$BWHC_DATA_ENTRY_DIR~" ./config +RUN sed -i -r "s~BWHC_QUERY_DATA_DIR.*~BWHC_QUERY_DATA_DIR=$BWHC_QUERY_DATA_DIR~" ./config +RUN sed -i -r "s~BWHC_USER_DB_DIR.*~BWHC_USER_DB_DIR=$BWHC_USER_DB_DIR~" ./config + +RUN ./install.sh $BWHC_BASE_DIR + +RUN mv bwhc-rest-api-gateway-*/ bwhc-rest-api-gateway/ + +FROM openjdk:11-jre + +ARG BWHC_BASE_DIR=/bwhc-backend + +ENV BWHC_BASE_DIR=$BWHC_BASE_DIR +ENV BWHC_USER_DB_DIR=$BWHC_BASE_DIR/data/user-db +ENV BWHC_DATA_ENTRY_DIR=$BWHC_BASE_DIR/data/data-entry +ENV BWHC_QUERY_DATA_DIR=$BWHC_BASE_DIR/data/query-data +ENV BWHC_CONNECTOR_CONFIG=$BWHC_BASE_DIR/bwhcConnectorConfig.xml + +COPY --from=builder $BWHC_BASE_DIR/config $BWHC_BASE_DIR/ +COPY --from=builder $BWHC_BASE_DIR/bwhcConnectorConfig.xml $BWHC_BASE_DIR/ +COPY --from=builder $BWHC_BASE_DIR/logback.xml $BWHC_BASE_DIR/ +COPY --from=builder $BWHC_BASE_DIR/production.conf $BWHC_BASE_DIR/ +COPY --from=builder $BWHC_BASE_DIR/bwhc-rest-api-gateway/ $BWHC_BASE_DIR/bwhc-rest-api-gateway/ + +VOLUME $BWHC_BASE_DIR/data +VOLUME $BWHC_BASE_DIR/hgnc_data + +EXPOSE ${BWHC_BACKEND_PORT} + +WORKDIR $BWHC_BASE_DIR + +CMD $BWHC_BASE_DIR/bwhc-rest-api-gateway/bin/bwhc-rest-api-gateway \ + -Dplay.http.secret.key=$APPLICATION_SECRET \ + -Dconfig.file=$BWHC_BASE_DIR/production.conf \ + -Dlogger.file=$BWHC_BASE_DIR/logback.xml \ + -Dpidfile.path=/dev/null \ + -Dbwhc.zpm.site=$ZPM_SITE \ + -Dbwhc.data.entry.dir=$BWHC_DATA_ENTRY_DIR \ + -Dbwhc.query.data.dir=$BWHC_QUERY_DATA_DIR \ + -Dbwhc.user.data.dir=$BWHC_USER_DB_DIR \ + -Dbwhc.hgnc.dir=$BWHC_HGNC_DIR \ + -Dbwhc.connector.configFile=$BWHC_CONNECTOR_CONFIG diff --git a/dnpm/origin/Frontend.Dockerfile b/dnpm/origin/Frontend.Dockerfile new file mode 100644 index 0000000..60f7d3d --- /dev/null +++ b/dnpm/origin/Frontend.Dockerfile @@ -0,0 +1,39 @@ +FROM node:10-alpine + +ARG DNPM_BWHC_FRONTEND_ZIP + +# Change to latest release +# Required for image build using local copy of zip file +ARG VERSION=2207 + +# nuxt host and port to be replaced in package.json. (See 2.3 in bwHCPrototypeManual) +# NUXT_HOST should have a value with public available IP address from within container. +# If changing NUXT_PORT, also change exposed port. +ARG NUXT_HOST=0.0.0.0 +ARG NUXT_PORT=3000 + +# Backend access setup. (See 2.4 in bwHCPrototypeManual) +ARG BACKEND_PROTOCOL=http +ARG BACKEND_HOSTNAME=localhost +ARG BACKEND_PORT=8080 + +ADD ${DNPM_BWHC_FRONTEND_ZIP} / +RUN unzip $(basename ${DNPM_BWHC_FRONTEND_ZIP}) && rm $(basename ${DNPM_BWHC_FRONTEND_ZIP}) + +WORKDIR /bwhc-frontend + +RUN npm install + +# Prepare package.json +RUN sed -i -r "s/^(\s*)\"host\"[^,]*(,?)/\1\"host\": \"$NUXT_HOST\"\2/" ./package.json +RUN sed -i -r "s/^(\s*)\"port\"[^,]*(,?)/\1\"port\": \"$NUXT_PORT\"\2/" ./package.json + +# Prepare nuxt.config.js +RUN sed -i -r "s/^(\s*)baseUrl[^,]*(,?)/\1baseUrl: process.env.BASE_URL || '$BACKEND_PROTOCOL:\/\/$BACKEND_HOSTNAME'\2/" ./nuxt.config.js +RUN sed -i -r "s/^(\s*)port[^,]*(,?)/\1port: process.env.port || ':$BACKEND_PORT'\2/" ./nuxt.config.js + +RUN npm run generate + +EXPOSE $NUXT_PORT + +CMD npm start diff --git a/dnpm/origin/logback.xml b/dnpm/origin/logback.xml new file mode 100644 index 0000000..c25cda6 --- /dev/null +++ b/dnpm/origin/logback.xml @@ -0,0 +1,37 @@ + + + + + + + + + + %d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n + + + + + + + + + + From 3a5444dec05eeef7fe4cb31d00058c8a5297f501 Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Tue, 8 Nov 2022 10:55:18 +0100 Subject: [PATCH 39/45] Allow to run DNPM with Connect or with BWHC included --- dnpm/dnpm-compose-beamconnect.yml | 29 +++++++++ dnpm/dnpm-compose-bwhc.yml | 48 ++++++++++++++ dnpm/dnpm-compose.yml | 104 ------------------------------ dnpm/dnpm-setup.sh | 10 ++- 4 files changed, 84 insertions(+), 107 deletions(-) create mode 100644 dnpm/dnpm-compose-beamconnect.yml create mode 100644 dnpm/dnpm-compose-bwhc.yml delete mode 100644 dnpm/dnpm-compose.yml diff --git a/dnpm/dnpm-compose-beamconnect.yml b/dnpm/dnpm-compose-beamconnect.yml new file mode 100644 index 0000000..57c46eb --- /dev/null +++ b/dnpm/dnpm-compose-beamconnect.yml @@ -0,0 +1,29 @@ +version: "3.7" + +services: + beam-proxy: + environment: + APP_2_ID: dnpm + APP_2_KEY: ${DNPM_BEAM_SECRET_SHORT} + + dnpm-beam-connect: + depends_on: [ beam-proxy ] + image: samply/beam-connect:sites-without-auth + environment: + PROXY_URL: http://beam-proxy:8081 + PROXY_APIKEY: ${DNPM_BEAM_SECRET_SHORT} + APP_ID: dnpm.${PROXY_ID} + DISCOVERY_URL: ${DNPM_DISCOVERY_URL} + LOCAL_TARGETS_FILE: /run/secrets/connect_targets.json + HTTP_PROXY: http://forward_proxy:3128 + HTTPS_PROXY: http://forward_proxy:3128 + NO_PROXY: beam-proxy,dnpm-backend + RUST_LOG: ${RUST_LOG:-info} + secrets: + - connect_targets.json + ports: + - 8062:8062 + +secrets: + connect_targets.json: + file: /etc/bridgehead/dnpm/local_targets.json diff --git a/dnpm/dnpm-compose-bwhc.yml b/dnpm/dnpm-compose-bwhc.yml new file mode 100644 index 0000000..1953ca5 --- /dev/null +++ b/dnpm/dnpm-compose-bwhc.yml @@ -0,0 +1,48 @@ +version: "3.7" + +services: + dnpm-frontend: + depends_on: [ dnpm-backend ] + build: + context: ./dnpm/origin + dockerfile: Frontend.Dockerfile + args: + NUXT_HOST: 0.0.0.0 + NUXT_PORT: 3000 + BACKEND_PROTOCOL: http + BACKEND_HOSTNAME: localhost + BACKEND_PORT: 9000 + DNPM_BWHC_FRONTEND_ZIP: ${DNPM_BWHC_FRONTEND_ZIP} + ports: + - 3000:3000 + environment: + BACKEND_PROTOCOL: http + BACKEND_HOSTNAME: localhost + BACKEND_PORT: 9000 + no_proxy: dnpm-backend + + dnpm-backend: + build: + context: ./dnpm/origin + dockerfile: Backend.Dockerfile + args: + BWHC_BASE_DIR: /bwhc-backend + DNPM_BWHC_BACKEND_ZIP: ${DNPM_BWHC_BACKEND_ZIP} + ports: + - 9000:9000 + environment: + APPLICATION_SECRET: ${DNPM_APPLICATION_SECRET} + ZPM_SITE: ${ZPM_SITE} + noproxy: dnpm-frontend,connect + # PLAY_HTTP_PORT: 9000 + # PLAY_HTTP_ADDRESS: 0.0.0.0 + volumes: + - ./origin/logback.xml:/bwhc-backend/logback.xml:ro + - /etc/bridgehead/dnpm/bwhcConnectorConfig.xml:/bwhc-backend/bwhcConnectorConfig.xml:ro + - /etc/bridgehead/dnpm/production.conf:/bwhc-backend/production.conf:ro + - bwhc_data:/bwhc-backend/data/ + - bwhc_hgnc_data:/bwhc-backend/hgnc_data/ + +volumes: + bwhc_data: + bwhc_hgnc_data: diff --git a/dnpm/dnpm-compose.yml b/dnpm/dnpm-compose.yml deleted file mode 100644 index 1904123..0000000 --- a/dnpm/dnpm-compose.yml +++ /dev/null @@ -1,104 +0,0 @@ -version: "3.7" - -secrets: - connect_targets.json: - file: /etc/bridgehead/dnpm/local_targets.json - -services: -# traefik: -# command: -# - --entrypoints.dnpm-frontend.address=:3000 -# - --entrypoints.dnpm-backend.address=:9000 -# ports: -# - 3000:3000 -# - 9000:9000 - beam-proxy: - environment: - APP_2_ID: dnpm - APP_2_KEY: ${DNPM_BEAM_SECRET_SHORT} - - dnpm-beam-connect: - depends_on: [ beam-proxy ] - image: samply/beam-connect:sites-without-auth - environment: - PROXY_URL: http://beam-proxy:8081 - PROXY_APIKEY: ${DNPM_BEAM_SECRET_SHORT} - APP_ID: dnpm.${PROXY_ID} - DISCOVERY_URL: ${DNPM_DISCOVERY_URL} - LOCAL_TARGETS_FILE: /run/secrets/connect_targets.json - HTTP_PROXY: http://forward_proxy:3128 - HTTPS_PROXY: http://forward_proxy:3128 - NO_PROXY: proxy,dnpm-backend - RUST_LOG: ${RUST_LOG:-info} - secrets: - - connect_targets.json -# Enable this if you disable the internal DNPM backend/frontend -# ports: -# - 8062:8062 -# or the same via traefik: -# labels: -# - "traefik.enable=true" -# - "traefik.http.routers.connector.rule=PathPrefix(`/dnpm-connector`)" -# - "traefik.http.services.connector.loadbalancer.server.port=8062" -# - "traefik.http.routers.connector.tls=true" - - dnpm-frontend: - depends_on: [ dnpm-backend ] - build: - context: ./dnpm/origin - dockerfile: Frontend.Dockerfile - args: - NUXT_HOST: 0.0.0.0 - NUXT_PORT: 3000 - BACKEND_PROTOCOL: http - BACKEND_HOSTNAME: localhost - BACKEND_PORT: 9000 - DNPM_BWHC_FRONTEND_ZIP: ${DNPM_BWHC_FRONTEND_ZIP} - ports: - - 3000:3000 - environment: - BACKEND_PROTOCOL: http - BACKEND_HOSTNAME: localhost - BACKEND_PORT: 9000 - no_proxy: dnpm-backend -# labels: -# - "traefik.enable=true" -# - "traefik.http.routers.dnpm-frontend.entrypoints=dnpm-frontend" -# - "traefik.http.routers.dnpm-frontend.tls=true" -# - "traefik.http.services.dnpm-frontend.loadbalancer.server.port=3000" -## - "traefik.http.routers.dashboard.entrypoints=websecure" -## - "traefik.http.routers.dashboard.service=api@internal" -## - "traefik.http.routers.dashboard.tls=true" -## - "traefik.http.routers.dashboard.middlewares=auth" -## - "traefik.http.routers.dnpm-frontend.service=dnpm-frontend" - - dnpm-backend: - build: - context: ./dnpm/origin - dockerfile: Backend.Dockerfile - args: - BWHC_BASE_DIR: /bwhc-backend - DNPM_BWHC_BACKEND_ZIP: ${DNPM_BWHC_BACKEND_ZIP} - ports: - - 9000:9000 - environment: - APPLICATION_SECRET: ${DNPM_APPLICATION_SECRET} - ZPM_SITE: ${ZPM_SITE} - noproxy: dnpm-frontend,connect - # PLAY_HTTP_PORT: 9000 - # PLAY_HTTP_ADDRESS: 0.0.0.0 - volumes: - - ./origin/logback.xml:/bwhc-backend/logback.xml:ro - - /etc/bridgehead/dnpm/bwhcConnectorConfig.xml:/bwhc-backend/bwhcConnectorConfig.xml:ro - - /etc/bridgehead/dnpm/production.conf:/bwhc-backend/production.conf:ro - - bwhc_data:/bwhc-backend/data/ - - bwhc_hgnc_data:/bwhc-backend/hgnc_data/ -# labels: -# - "traefik.enable=true" -# - "traefik.http.routers.connector.rule=PathPrefix(`/dnpm-backend`)" -# - "traefik.http.services.connector.loadbalancer.server.port=9000" -# - "traefik.http.routers.connector.tls=true" - -volumes: - bwhc_data: - bwhc_hgnc_data: diff --git a/dnpm/dnpm-setup.sh b/dnpm/dnpm-setup.sh index f8893a3..360a7cc 100644 --- a/dnpm/dnpm-setup.sh +++ b/dnpm/dnpm-setup.sh @@ -2,10 +2,14 @@ function dnpmSetup() { if [ -e /etc/bridgehead/dnpm/local_targets.json ]; then - log INFO "DNPM setup detected -- will start DNPM Connector." - source /etc/bridgehead/dnpm/shared-but-secret-vars || fail_and_report 1 "Unable to load /etc/bridgehead/dnpm/shared-but-secret-vars" - OVERRIDE+="-f ./dnpm/dnpm-compose.yml" + log INFO "DNPM setup detected (Beam.Connect) -- will start Beam.Connect for DNPM." + OVERRIDE+=" -f ./dnpm/dnpm-compose-beamconnect.yml" DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" + if [ -e /etc/bridgehead/dnpm/bwhcConnectorConfig.xml ]; then + log INFO "DNPM setup detected (with Frontend/Backend) -- will start BWHC Frontend/Backend." + source /etc/bridgehead/dnpm/shared-but-secret-vars || fail_and_report 1 "Unable to load /etc/bridgehead/dnpm/shared-but-secret-vars" + OVERRIDE+=" -f ./dnpm/dnpm-compose-bwhc.yml" + fi fi } From 6c2d970d01ed07f3cdacf9bc9d607a026c0efba6 Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Tue, 8 Nov 2022 10:56:45 +0100 Subject: [PATCH 40/45] Support DNPM Discovery URL --- dnpm/dnpm-setup.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dnpm/dnpm-setup.sh b/dnpm/dnpm-setup.sh index 360a7cc..3b94a86 100644 --- a/dnpm/dnpm-setup.sh +++ b/dnpm/dnpm-setup.sh @@ -6,9 +6,10 @@ function dnpmSetup() { OVERRIDE+=" -f ./dnpm/dnpm-compose-beamconnect.yml" DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" + source /etc/bridgehead/dnpm/shared-but-secret-vars || fail_and_report 1 "Unable to load /etc/bridgehead/dnpm/shared-but-secret-vars" + export DNPM_DISCOVERY_URL if [ -e /etc/bridgehead/dnpm/bwhcConnectorConfig.xml ]; then log INFO "DNPM setup detected (with Frontend/Backend) -- will start BWHC Frontend/Backend." - source /etc/bridgehead/dnpm/shared-but-secret-vars || fail_and_report 1 "Unable to load /etc/bridgehead/dnpm/shared-but-secret-vars" OVERRIDE+=" -f ./dnpm/dnpm-compose-bwhc.yml" fi fi From 455d45603c974acca24c79ac61342eae24fcbc96 Mon Sep 17 00:00:00 2001 From: Tobias Kussel Date: Tue, 8 Nov 2022 12:45:29 +0000 Subject: [PATCH 41/45] Fix dnpm volume mounting path --- dnpm/dnpm-compose-bwhc.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnpm/dnpm-compose-bwhc.yml b/dnpm/dnpm-compose-bwhc.yml index 1953ca5..4e7343c 100644 --- a/dnpm/dnpm-compose-bwhc.yml +++ b/dnpm/dnpm-compose-bwhc.yml @@ -37,7 +37,7 @@ services: # PLAY_HTTP_PORT: 9000 # PLAY_HTTP_ADDRESS: 0.0.0.0 volumes: - - ./origin/logback.xml:/bwhc-backend/logback.xml:ro + - ../dnpm/origin/logback.xml:/bwhc-backend/logback.xml:ro - /etc/bridgehead/dnpm/bwhcConnectorConfig.xml:/bwhc-backend/bwhcConnectorConfig.xml:ro - /etc/bridgehead/dnpm/production.conf:/bwhc-backend/production.conf:ro - bwhc_data:/bwhc-backend/data/ From e11b24bf70e9f9883aea5c44792866f56cad9ad0 Mon Sep 17 00:00:00 2001 From: Tobias Kussel Date: Wed, 9 Nov 2022 09:46:30 +0000 Subject: [PATCH 42/45] Fix dnpm build context --- dnpm/dnpm-compose-bwhc.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnpm/dnpm-compose-bwhc.yml b/dnpm/dnpm-compose-bwhc.yml index 4e7343c..9ff0f47 100644 --- a/dnpm/dnpm-compose-bwhc.yml +++ b/dnpm/dnpm-compose-bwhc.yml @@ -4,7 +4,7 @@ services: dnpm-frontend: depends_on: [ dnpm-backend ] build: - context: ./dnpm/origin + context: ../dnpm/origin dockerfile: Frontend.Dockerfile args: NUXT_HOST: 0.0.0.0 @@ -23,7 +23,7 @@ services: dnpm-backend: build: - context: ./dnpm/origin + context: ../dnpm/origin dockerfile: Backend.Dockerfile args: BWHC_BASE_DIR: /bwhc-backend From b6f0cd7a135c61ee451bf936a00f45fc70a9e3c4 Mon Sep 17 00:00:00 2001 From: Tobias Kussel Date: Wed, 9 Nov 2022 10:43:08 +0000 Subject: [PATCH 43/45] Set HTTP(S) Proxy for bwhc frontend build --- dnpm/dnpm-compose-bwhc.yml | 2 ++ dnpm/origin/Frontend.Dockerfile | 3 +++ 2 files changed, 5 insertions(+) diff --git a/dnpm/dnpm-compose-bwhc.yml b/dnpm/dnpm-compose-bwhc.yml index 9ff0f47..c40b4d8 100644 --- a/dnpm/dnpm-compose-bwhc.yml +++ b/dnpm/dnpm-compose-bwhc.yml @@ -13,6 +13,8 @@ services: BACKEND_HOSTNAME: localhost BACKEND_PORT: 9000 DNPM_BWHC_FRONTEND_ZIP: ${DNPM_BWHC_FRONTEND_ZIP} + HTTP_PROXY: ${http_proxy} + HTTPS_PROXY: ${https_proxy} ports: - 3000:3000 environment: diff --git a/dnpm/origin/Frontend.Dockerfile b/dnpm/origin/Frontend.Dockerfile index 60f7d3d..1d4bb30 100644 --- a/dnpm/origin/Frontend.Dockerfile +++ b/dnpm/origin/Frontend.Dockerfile @@ -17,6 +17,9 @@ ARG BACKEND_PROTOCOL=http ARG BACKEND_HOSTNAME=localhost ARG BACKEND_PORT=8080 +ARG HTTP_PROXY="" +ARG HTTPS_PROXY="" + ADD ${DNPM_BWHC_FRONTEND_ZIP} / RUN unzip $(basename ${DNPM_BWHC_FRONTEND_ZIP}) && rm $(basename ${DNPM_BWHC_FRONTEND_ZIP}) From bec42764bbd7a740cd6fa170de9605c1da808bf7 Mon Sep 17 00:00:00 2001 From: Tobias Kussel Date: Wed, 9 Nov 2022 11:39:21 +0000 Subject: [PATCH 44/45] Build the dnpm frontend in host network mode --- dnpm/dnpm-compose-bwhc.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/dnpm/dnpm-compose-bwhc.yml b/dnpm/dnpm-compose-bwhc.yml index c40b4d8..d8f4ebb 100644 --- a/dnpm/dnpm-compose-bwhc.yml +++ b/dnpm/dnpm-compose-bwhc.yml @@ -6,6 +6,7 @@ services: build: context: ../dnpm/origin dockerfile: Frontend.Dockerfile + network: host args: NUXT_HOST: 0.0.0.0 NUXT_PORT: 3000 From 4a53bb3fb269d0ab392d462c120fcf73a183c886 Mon Sep 17 00:00:00 2001 From: Tobias Kussel Date: Wed, 9 Nov 2022 12:36:58 +0000 Subject: [PATCH 45/45] Expose dnpm backend hostname --- dnpm/dnpm-compose-bwhc.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/dnpm/dnpm-compose-bwhc.yml b/dnpm/dnpm-compose-bwhc.yml index d8f4ebb..60fe3f0 100644 --- a/dnpm/dnpm-compose-bwhc.yml +++ b/dnpm/dnpm-compose-bwhc.yml @@ -10,8 +10,8 @@ services: args: NUXT_HOST: 0.0.0.0 NUXT_PORT: 3000 - BACKEND_PROTOCOL: http - BACKEND_HOSTNAME: localhost + BACKEND_PROTOCOL: ${DNPM_BMHC_BACKEND_PROTOCOL} + BACKEND_HOSTNAME: ${DNPM_BWHC_BACKEND_HOSTNAME} BACKEND_PORT: 9000 DNPM_BWHC_FRONTEND_ZIP: ${DNPM_BWHC_FRONTEND_ZIP} HTTP_PROXY: ${http_proxy} @@ -19,8 +19,8 @@ services: ports: - 3000:3000 environment: - BACKEND_PROTOCOL: http - BACKEND_HOSTNAME: localhost + BACKEND_PROTOCOL: ${DNPM_BMHC_BACKEND_PROTOCOL} + BACKEND_HOSTNAME: ${DNPM_BWHC_BACKEND_HOSTNAME} BACKEND_PORT: 9000 no_proxy: dnpm-backend