From 8fddb809a76078ecba0eac288983ddd13f281b46 Mon Sep 17 00:00:00 2001 From: Croft Date: Thu, 25 Jan 2024 13:49:46 +0100 Subject: [PATCH 01/19] Recommendation for standalone Bridgehead Requested by Zdenka --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index d892b19e..36c702e5 100644 --- a/README.md +++ b/README.md @@ -34,6 +34,10 @@ This repository is the starting point for any information and tools you will nee ## Requirements +We recommend a dedicated VM for the Bridgehead, with nothing else running on it. + +It may to be possible to run other apps on the same server, if they don't share common ports with the Bridgehead, and if they do not take up resources that the Bridgehead needs, like RAM. The Bridgehead may also have problems if other applications need older versions of git, Docker or curl. + The data protection group at your site will probably want to know exactly what our software does with patient data, and you may need to get their approval before you are allowed to install a Bridgehead. To help you with this, we have provided some data protection concepts: - [Germany](https://www.bbmri.de/biobanking/it/infrastruktur/datenschutzkonzept/) From e4bc34cce97aa731d379f46e421cb7a27e26ffc7 Mon Sep 17 00:00:00 2001 From: Croft Date: Wed, 21 Feb 2024 10:08:54 +0100 Subject: [PATCH 02/19] Amended following Tobias' comments --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 36c702e5..7017a5b5 100644 --- a/README.md +++ b/README.md @@ -34,9 +34,9 @@ This repository is the starting point for any information and tools you will nee ## Requirements -We recommend a dedicated VM for the Bridgehead, with nothing else running on it. +To guarantee a smooth operation of the Bridgehead, we recommend a dedicated VM for the Bridgehead, with no other applications running on it. -It may to be possible to run other apps on the same server, if they don't share common ports with the Bridgehead, and if they do not take up resources that the Bridgehead needs, like RAM. The Bridgehead may also have problems if other applications need older versions of git, Docker or curl. +It may to be possible to run other apps on the same server, if they don't share common ports with the Bridgehead, and if they do not take up resources that the Bridgehead needs, like RAM. The Bridgehead may also run into issues if other applications need incompatible versions of git, Docker, curl, or other dependencies. The data protection group at your site will probably want to know exactly what our software does with patient data, and you may need to get their approval before you are allowed to install a Bridgehead. To help you with this, we have provided some data protection concepts: From cfa85067f00d946398e9ef93b97f5374197d6fb0 Mon Sep 17 00:00:00 2001 From: "p.delpy@dkfz-heidelberg.de" Date: Thu, 25 Jul 2024 11:55:51 +0200 Subject: [PATCH 03/19] initialize develop; add itcc and cce --- bridgehead | 6 ++++ cce/docker-compose.yml | 63 +++++++++++++++++++++++++++++++++++ cce/modules/lens-compose.yml | 28 ++++++++++++++++ cce/modules/lens-setup.sh | 6 ++++ cce/root.crt.pem | 20 +++++++++++ cce/vars | 14 ++++++++ itcc/docker-compose.yml | 63 +++++++++++++++++++++++++++++++++++ itcc/modules/lens-compose.yml | 28 ++++++++++++++++ itcc/modules/lens-setup.sh | 5 +++ itcc/root.crt.pem | 20 +++++++++++ itcc/vars | 14 ++++++++ lib/functions.sh | 2 +- lib/prepare-system.sh | 6 ++++ 13 files changed, 274 insertions(+), 1 deletion(-) create mode 100644 cce/docker-compose.yml create mode 100644 cce/modules/lens-compose.yml create mode 100644 cce/modules/lens-setup.sh create mode 100644 cce/root.crt.pem create mode 100644 cce/vars create mode 100644 itcc/docker-compose.yml create mode 100644 itcc/modules/lens-compose.yml create mode 100644 itcc/modules/lens-setup.sh create mode 100644 itcc/root.crt.pem create mode 100644 itcc/vars diff --git a/bridgehead b/bridgehead index 85593b0c..702a3512 100755 --- a/bridgehead +++ b/bridgehead @@ -32,6 +32,12 @@ case "$PROJECT" in bbmri) #nothing extra to do ;; + cce) + #nothing extra to do + ;; + itcc) + #nothing extra to do + ;; minimal) #nothing extra to do ;; diff --git a/cce/docker-compose.yml b/cce/docker-compose.yml new file mode 100644 index 00000000..13c5f38b --- /dev/null +++ b/cce/docker-compose.yml @@ -0,0 +1,63 @@ +version: "3.7" + +services: + blaze: + image: docker.verbis.dkfz.de/cache/samply/blaze:0.28 + container_name: bridgehead-cce-blaze + environment: + BASE_URL: "http://bridgehead-cce-blaze:8080" + JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m" + DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000} + DB_BLOCK_CACHE_SIZE: $BLAZE_MEMORY_CAP + ENFORCE_REFERENTIAL_INTEGRITY: "false" + volumes: + - "blaze-data:/app/data" + labels: + - "traefik.enable=true" + - "traefik.http.routers.blaze_cce.rule=PathPrefix(`/cce-localdatamanagement`)" + - "traefik.http.middlewares.cce_b_strip.stripprefix.prefixes=/cce-localdatamanagement" + - "traefik.http.services.blaze_cce.loadbalancer.server.port=8080" + - "traefik.http.routers.blaze_cce.middlewares=cce_b_strip,auth" + - "traefik.http.routers.blaze_cce.tls=true" + + focus: + image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG} + container_name: bridgehead-focus + environment: + API_KEY: ${FOCUS_BEAM_SECRET_SHORT} + BEAM_APP_ID_LONG: focus.${PROXY_ID} + PROXY_ID: ${PROXY_ID} + BLAZE_URL: "http://bridgehead-cce-blaze:8080/fhir/" + BEAM_PROXY_URL: http://beam-proxy:8081 + RETRY_COUNT: ${FOCUS_RETRY_COUNT} + EPSILON: 0.28 + depends_on: + - "beam-proxy" + - "blaze" + + beam-proxy: + image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop + container_name: bridgehead-beam-proxy + environment: + BROKER_URL: ${BROKER_URL} + PROXY_ID: ${PROXY_ID} + APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT} + PRIVKEY_FILE: /run/secrets/proxy.pem + ALL_PROXY: http://forward_proxy:3128 + TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs + ROOTCERT_FILE: /conf/root.crt.pem + secrets: + - proxy.pem + depends_on: + - "forward_proxy" + volumes: + - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro + - /srv/docker/bridgehead/cce/root.crt.pem:/conf/root.crt.pem:ro + + +volumes: + blaze-data: + +secrets: + proxy.pem: + file: /etc/bridgehead/pki/${SITE_ID}.priv.pem diff --git a/cce/modules/lens-compose.yml b/cce/modules/lens-compose.yml new file mode 100644 index 00000000..6575578d --- /dev/null +++ b/cce/modules/lens-compose.yml @@ -0,0 +1,28 @@ +version: "3.7" +services: + landing: + container_name: lens_federated-search + image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID} + + spot: + image: docker.verbis.dkfz.de/ccp-private/central-spot + environment: + BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}" + BEAM_URL: http://beam-proxy:8081 + BEAM_PROXY_ID: ${SITE_ID} + BEAM_BROKER_ID: ${BROKER_ID} + BEAM_APP_ID: "focus" + PROJECT_METADATA: "cce_supervisors" + depends_on: + - "beam-proxy" + labels: + - "traefik.enable=true" + - "traefik.http.services.spot.loadbalancer.server.port=8080" + - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST" + - "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}" + - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true" + - "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1" + - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/backend`)" + - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/backend" + - "traefik.http.routers.spot.tls=true" + - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot" diff --git a/cce/modules/lens-setup.sh b/cce/modules/lens-setup.sh new file mode 100644 index 00000000..eb511b5c --- /dev/null +++ b/cce/modules/lens-setup.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +if [ -n "$ENABLE_LENS" ];then + OVERRIDE+=" -f ./$PROJECT/modules/lens-compose.yml" +fi +} \ No newline at end of file diff --git a/cce/root.crt.pem b/cce/root.crt.pem new file mode 100644 index 00000000..1f1265a5 --- /dev/null +++ b/cce/root.crt.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNTCCAh2gAwIBAgIUW34NEb7bl0+Ywx+I1VKtY5vpAOowDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjQwMTIyMTMzNzEzWhcNMzQw +MTE5MTMzNzQzWjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAL5UegLXTlq3XRRj8LyFs3aF0tpRPVoW9RXp5kFI +TnBvyO6qjNbMDT/xK+4iDtEX4QQUvsxAKxfXbe9i1jpdwjgH7JHaSGm2IjAiKLqO +OXQQtguWwfNmmp96Ql13ArLj458YH08xMO/w2NFWGwB/hfARa4z/T0afFuc/tKJf +XbGCG9xzJ9tmcG45QN8NChGhVvaTweNdVxGWlpHxmi0Mn8OM9CEuB7nPtTTiBuiu +pRC2zVVmNjVp4ktkAqL7IHOz+/F5nhiz6tOika9oD3376Xj055lPznLcTQn2+4d7 +K7ZrBopCFxIQPjkgmYRLfPejbpdUjK1UVJw7hbWkqWqH7JMCAwEAAaN7MHkwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGjvRcaIP4HM +poIguUAK9YL2n7fbMB8GA1UdIwQYMBaAFGjvRcaIP4HMpoIguUAK9YL2n7fbMBYG +A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQCbzycJSaDm +AXXNJqQ88djrKs5MDXS8RIjS/cu2ayuLaYDe+BzVmUXNA0Vt9nZGdaz63SLLcjpU +fNSxBfKbwmf7s30AK8Cnfj9q4W/BlBeVizUHQsg1+RQpDIdMrRQrwkXv8mfLw+w5 +3oaXNW6W/8KpBp/H8TBZ6myl6jCbeR3T8EMXBwipMGop/1zkbF01i98Xpqmhx2+l +n+80ofPsSspOo5XmgCZym8CD/m/oFHmjcvOfpOCvDh4PZ+i37pmbSlCYoMpla3u/ +7MJMP5lugfLBYNDN2p+V4KbHP/cApCDT5UWLOeAWjgiZQtHH5ilDeYqEc1oPjyJt +Rtup0MTxSJtN +-----END CERTIFICATE----- \ No newline at end of file diff --git a/cce/vars b/cce/vars new file mode 100644 index 00000000..b03403b8 --- /dev/null +++ b/cce/vars @@ -0,0 +1,14 @@ +BROKER_ID=test-no-real-data.broker.samply.de +BROKER_URL=https://${BROKER_ID} +PROXY_ID=${SITE_ID}.${BROKER_ID} +FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" +FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64} +SUPPORT_EMAIL=arturo.macias@dkfz-heidelberg.de +PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem +BROKER_URL_FOR_PREREQ=$BROKER_URL + +for module in $PROJECT/modules/*.sh +do + log DEBUG "sourcing $module" + source $module +done diff --git a/itcc/docker-compose.yml b/itcc/docker-compose.yml new file mode 100644 index 00000000..197f4c50 --- /dev/null +++ b/itcc/docker-compose.yml @@ -0,0 +1,63 @@ +version: "3.7" + +services: + blaze: + image: docker.verbis.dkfz.de/cache/samply/blaze:0.28 + container_name: bridgehead-itcc-blaze + environment: + BASE_URL: "http://bridgehead-itcc-blaze:8080" + JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m" + DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000} + DB_BLOCK_CACHE_SIZE: $BLAZE_MEMORY_CAP + ENFORCE_REFERENTIAL_INTEGRITY: "false" + volumes: + - "blaze-data:/app/data" + labels: + - "traefik.enable=true" + - "traefik.http.routers.blaze_itcc.rule=PathPrefix(`/itcc-localdatamanagement`)" + - "traefik.http.middlewares.itcc_b_strip.stripprefix.prefixes=/itcc-localdatamanagement" + - "traefik.http.services.blaze_itcc.loadbalancer.server.port=8080" + - "traefik.http.routers.blaze_itcc.middlewares=itcc_b_strip,auth" + - "traefik.http.routers.blaze_itcc.tls=true" + + focus: + image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG} + container_name: bridgehead-focus + environment: + API_KEY: ${FOCUS_BEAM_SECRET_SHORT} + BEAM_APP_ID_LONG: focus.${PROXY_ID} + PROXY_ID: ${PROXY_ID} + BLAZE_URL: "http://bridgehead-itcc-blaze:8080/fhir/" + BEAM_PROXY_URL: http://beam-proxy:8081 + RETRY_COUNT: ${FOCUS_RETRY_COUNT} + EPSILON: 0.28 + depends_on: + - "beam-proxy" + - "blaze" + + beam-proxy: + image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop + container_name: bridgehead-beam-proxy + environment: + BROKER_URL: ${BROKER_URL} + PROXY_ID: ${PROXY_ID} + APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT} + PRIVKEY_FILE: /run/secrets/proxy.pem + ALL_PROXY: http://forward_proxy:3128 + TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs + ROOTCERT_FILE: /conf/root.crt.pem + secrets: + - proxy.pem + depends_on: + - "forward_proxy" + volumes: + - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro + - /srv/docker/bridgehead/itcc/root.crt.pem:/conf/root.crt.pem:ro + + +volumes: + blaze-data: + +secrets: + proxy.pem: + file: /etc/bridgehead/pki/${SITE_ID}.priv.pem diff --git a/itcc/modules/lens-compose.yml b/itcc/modules/lens-compose.yml new file mode 100644 index 00000000..85931066 --- /dev/null +++ b/itcc/modules/lens-compose.yml @@ -0,0 +1,28 @@ +version: "3.7" +services: + landing: + container_name: lens_federated-search + image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID} + + spot: + image: docker.verbis.dkfz.de/ccp-private/central-spot + environment: + BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}" + BEAM_URL: http://beam-proxy:8081 + BEAM_PROXY_ID: ${SITE_ID} + BEAM_BROKER_ID: ${BROKER_ID} + BEAM_APP_ID: "focus" + PROJECT_METADATA: "dktk_supervisors" + depends_on: + - "beam-proxy" + labels: + - "traefik.enable=true" + - "traefik.http.services.spot.loadbalancer.server.port=8080" + - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST" + - "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}" + - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true" + - "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1" + - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/backend`)" + - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/backend" + - "traefik.http.routers.spot.tls=true" + - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot" diff --git a/itcc/modules/lens-setup.sh b/itcc/modules/lens-setup.sh new file mode 100644 index 00000000..c19dc4bc --- /dev/null +++ b/itcc/modules/lens-setup.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +if [ -n "$ENABLE_LENS" ];then + OVERRIDE+=" -f ./$PROJECT/modules/lens-compose.yml" +fi \ No newline at end of file diff --git a/itcc/root.crt.pem b/itcc/root.crt.pem new file mode 100644 index 00000000..1f1265a5 --- /dev/null +++ b/itcc/root.crt.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNTCCAh2gAwIBAgIUW34NEb7bl0+Ywx+I1VKtY5vpAOowDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjQwMTIyMTMzNzEzWhcNMzQw +MTE5MTMzNzQzWjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAL5UegLXTlq3XRRj8LyFs3aF0tpRPVoW9RXp5kFI +TnBvyO6qjNbMDT/xK+4iDtEX4QQUvsxAKxfXbe9i1jpdwjgH7JHaSGm2IjAiKLqO +OXQQtguWwfNmmp96Ql13ArLj458YH08xMO/w2NFWGwB/hfARa4z/T0afFuc/tKJf +XbGCG9xzJ9tmcG45QN8NChGhVvaTweNdVxGWlpHxmi0Mn8OM9CEuB7nPtTTiBuiu +pRC2zVVmNjVp4ktkAqL7IHOz+/F5nhiz6tOika9oD3376Xj055lPznLcTQn2+4d7 +K7ZrBopCFxIQPjkgmYRLfPejbpdUjK1UVJw7hbWkqWqH7JMCAwEAAaN7MHkwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGjvRcaIP4HM +poIguUAK9YL2n7fbMB8GA1UdIwQYMBaAFGjvRcaIP4HMpoIguUAK9YL2n7fbMBYG +A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQCbzycJSaDm +AXXNJqQ88djrKs5MDXS8RIjS/cu2ayuLaYDe+BzVmUXNA0Vt9nZGdaz63SLLcjpU +fNSxBfKbwmf7s30AK8Cnfj9q4W/BlBeVizUHQsg1+RQpDIdMrRQrwkXv8mfLw+w5 +3oaXNW6W/8KpBp/H8TBZ6myl6jCbeR3T8EMXBwipMGop/1zkbF01i98Xpqmhx2+l +n+80ofPsSspOo5XmgCZym8CD/m/oFHmjcvOfpOCvDh4PZ+i37pmbSlCYoMpla3u/ +7MJMP5lugfLBYNDN2p+V4KbHP/cApCDT5UWLOeAWjgiZQtHH5ilDeYqEc1oPjyJt +Rtup0MTxSJtN +-----END CERTIFICATE----- \ No newline at end of file diff --git a/itcc/vars b/itcc/vars new file mode 100644 index 00000000..7d0c1a3c --- /dev/null +++ b/itcc/vars @@ -0,0 +1,14 @@ +BROKER_ID=test-no-real-data.broker.samply.de +BROKER_URL=https://${BROKER_ID} +PROXY_ID=${SITE_ID}.${BROKER_ID} +FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" +FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64} +SUPPORT_EMAIL=manoj.waikar@dkfz-heidelberg.de +PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem +BROKER_URL_FOR_PREREQ=$BROKER_URL + +for module in $PROJECT/modules/*.sh +do + log DEBUG "sourcing $module" + source $module +done diff --git a/lib/functions.sh b/lib/functions.sh index 5e69a047..dc5ec25a 100644 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -54,7 +54,7 @@ checkOwner(){ printUsage() { echo "Usage: bridgehead start|stop|logs|docker-logs|is-running|update|install|uninstall|adduser|enroll PROJECTNAME" - echo "PROJECTNAME should be one of ccp|bbmri" + echo "PROJECTNAME should be one of ccp|bbmri|cce|itcc" } checkRequirements() { diff --git a/lib/prepare-system.sh b/lib/prepare-system.sh index 156f7c87..f93b6f07 100755 --- a/lib/prepare-system.sh +++ b/lib/prepare-system.sh @@ -52,6 +52,12 @@ case "$PROJECT" in bbmri) site_configuration_repository_middle="git.verbis.dkfz.de/bbmri-bridgehead-configs/" ;; + cce) + site_configuration_repository_middle="git.verbis.dkfz.de/cce-sites/" + ;; + itcc) + site_configuration_repository_middle="git.verbis.dkfz.de/itcc-sites/" + ;; minimal) site_configuration_repository_middle="git.verbis.dkfz.de/minimal-bridgehead-configs/" ;; From 4ab10ff71dab58d641cf59e3f0da041fe3e1a282 Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Mon, 29 Jul 2024 13:50:30 +0200 Subject: [PATCH 04/19] In ENVIRONMENT=production, use main tag for Samply.Beam. --- bbmri/modules/eric-compose.yml | 2 +- bbmri/modules/gbn-compose.yml | 2 +- bridgehead | 3 +++ cce/docker-compose.yml | 2 +- ccp/docker-compose.yml | 2 +- itcc/docker-compose.yml | 2 +- minimal/modules/dnpm-compose.yml | 2 +- 7 files changed, 9 insertions(+), 6 deletions(-) diff --git a/bbmri/modules/eric-compose.yml b/bbmri/modules/eric-compose.yml index b7a1cd4b..72baa6c7 100644 --- a/bbmri/modules/eric-compose.yml +++ b/bbmri/modules/eric-compose.yml @@ -16,7 +16,7 @@ services: - "blaze" beam-proxy-eric: - image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop + image: docker.verbis.dkfz.de/cache/samply/beam-proxy:${BEAM_TAG} container_name: bridgehead-beam-proxy-eric environment: BROKER_URL: ${ERIC_BROKER_URL} diff --git a/bbmri/modules/gbn-compose.yml b/bbmri/modules/gbn-compose.yml index f1c624f3..94631ba2 100644 --- a/bbmri/modules/gbn-compose.yml +++ b/bbmri/modules/gbn-compose.yml @@ -16,7 +16,7 @@ services: - "blaze" beam-proxy-gbn: - image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop + image: docker.verbis.dkfz.de/cache/samply/beam-proxy:${BEAM_TAG} container_name: bridgehead-beam-proxy-gbn environment: BROKER_URL: ${GBN_BROKER_URL} diff --git a/bridgehead b/bridgehead index 702a3512..81b19b3b 100755 --- a/bridgehead +++ b/bridgehead @@ -80,13 +80,16 @@ loadVars() { case "$ENVIRONMENT" in "production") export FOCUS_TAG=main + export BEAM_TAG=main ;; "test") export FOCUS_TAG=develop + export BEAM_TAG=develop ;; *) report_error 7 "Environment \"$ENVIRONMENT\" is unknown. Assuming production. FIX THIS!" export FOCUS_TAG=main + export BEAM_TAG=main ;; esac } diff --git a/cce/docker-compose.yml b/cce/docker-compose.yml index 13c5f38b..87b6b1c1 100644 --- a/cce/docker-compose.yml +++ b/cce/docker-compose.yml @@ -36,7 +36,7 @@ services: - "blaze" beam-proxy: - image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop + image: docker.verbis.dkfz.de/cache/samply/beam-proxy:${BEAM_TAG} container_name: bridgehead-beam-proxy environment: BROKER_URL: ${BROKER_URL} diff --git a/ccp/docker-compose.yml b/ccp/docker-compose.yml index 52e7eb56..95ff9c3b 100644 --- a/ccp/docker-compose.yml +++ b/ccp/docker-compose.yml @@ -36,7 +36,7 @@ services: - "blaze" beam-proxy: - image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop + image: docker.verbis.dkfz.de/cache/samply/beam-proxy:${BEAM_TAG} container_name: bridgehead-beam-proxy environment: BROKER_URL: ${BROKER_URL} diff --git a/itcc/docker-compose.yml b/itcc/docker-compose.yml index 197f4c50..7aab26d5 100644 --- a/itcc/docker-compose.yml +++ b/itcc/docker-compose.yml @@ -36,7 +36,7 @@ services: - "blaze" beam-proxy: - image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop + image: docker.verbis.dkfz.de/cache/samply/beam-proxy:${BEAM_TAG} container_name: bridgehead-beam-proxy environment: BROKER_URL: ${BROKER_URL} diff --git a/minimal/modules/dnpm-compose.yml b/minimal/modules/dnpm-compose.yml index 238c72ca..646a4571 100644 --- a/minimal/modules/dnpm-compose.yml +++ b/minimal/modules/dnpm-compose.yml @@ -2,7 +2,7 @@ version: "3.7" services: dnpm-beam-proxy: - image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop + image: docker.verbis.dkfz.de/cache/samply/beam-proxy:${BEAM_TAG} container_name: bridgehead-dnpm-beam-proxy environment: BROKER_URL: ${DNPM_BROKER_URL} From 83b653e0c31dd1f63eac30297478b1273d440895 Mon Sep 17 00:00:00 2001 From: janskiba Date: Tue, 30 Jul 2024 14:17:22 +0000 Subject: [PATCH 05/19] feat: Configure beam-connect to trust ds-orchestrator beam proxy --- ccp/modules/datashield-setup.sh | 2 +- ccp/modules/datashield-sites.json | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/ccp/modules/datashield-setup.sh b/ccp/modules/datashield-setup.sh index 7a220506..9692fb9f 100644 --- a/ccp/modules/datashield-setup.sh +++ b/ccp/modules/datashield-setup.sh @@ -33,7 +33,7 @@ if [ "$ENABLE_DATASHIELD" == true ]; then echo "$sites" | docker_jq -n --args '[{ "external": "'"$SITE_ID"':443", "internal": "opal:8443", - "allowed": input | map("datashield-connect.\(.).'"$BROKER_ID"'") + "allowed": input | map("\(.).'"$BROKER_ID"'") }]' >/tmp/bridgehead/opal-map/local.json if [ "$USER" == "root" ]; then chown -R bridgehead:docker /tmp/bridgehead diff --git a/ccp/modules/datashield-sites.json b/ccp/modules/datashield-sites.json index 07e29660..600534d8 100644 --- a/ccp/modules/datashield-sites.json +++ b/ccp/modules/datashield-sites.json @@ -10,5 +10,6 @@ "essen", "dktk-datashield-test", "dktk-test", - "mannheim" + "mannheim", + "central-ds-orchestrator" ] From 33a2505517fe4d59e9b61d151083910f1369002f Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Thu, 1 Aug 2024 09:51:49 +0200 Subject: [PATCH 06/19] Move down, rephrase --- README.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 7017a5b5..467bbe95 100644 --- a/README.md +++ b/README.md @@ -34,10 +34,6 @@ This repository is the starting point for any information and tools you will nee ## Requirements -To guarantee a smooth operation of the Bridgehead, we recommend a dedicated VM for the Bridgehead, with no other applications running on it. - -It may to be possible to run other apps on the same server, if they don't share common ports with the Bridgehead, and if they do not take up resources that the Bridgehead needs, like RAM. The Bridgehead may also run into issues if other applications need incompatible versions of git, Docker, curl, or other dependencies. - The data protection group at your site will probably want to know exactly what our software does with patient data, and you may need to get their approval before you are allowed to install a Bridgehead. To help you with this, we have provided some data protection concepts: - [Germany](https://www.bbmri.de/biobanking/it/infrastruktur/datenschutzkonzept/) @@ -50,6 +46,8 @@ Hardware requirements strongly depend on the specific use-cases of your network - 32 GB RAM - 160GB Hard Drive, SSD recommended +We recommend using a dedicated VM for the Bridgehead, with no other applications running on it. While the Bridgehead can, in principle, run on a shared VM, you might run into surprising problems such as resource conflicts (e.g., two apps using tcp port 443). + ### Software You are strongly recommended to install the Bridgehead under a Linux operating system (but see the section [Non-Linux OS](#non-linux-os)). You will need root (administrator) priveleges on this machine in order to perform the deployment. We recommend the newest Ubuntu LTS server release. From 4568e32ffa6bf29310482eab862e3a9673d2022b Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Wed, 4 Sep 2024 09:26:37 +0200 Subject: [PATCH 07/19] readme: Data protection group --> officer --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6958db68..2534ee7d 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ This repository is the starting point for any information and tools you will nee ## Requirements -The data protection group at your site will probably want to know exactly what our software does with patient data, and you may need to get their approval before you are allowed to install a Bridgehead. To help you with this, we have provided some data protection concepts: +The data protection officer at your site will probably want to know exactly what our software does with patient data, and you may need to get their approval before you are allowed to install a Bridgehead. To help you with this, we have provided some data protection concepts: - [Germany](https://www.bbmri.de/biobanking/it/infrastruktur/datenschutzkonzept/) From 6465dcb0ad4d456688febe9ba160afbf47f57eff Mon Sep 17 00:00:00 2001 From: Torben Brenner Date: Fri, 16 Aug 2024 12:18:22 +0200 Subject: [PATCH 08/19] feat: added dhki project --- bridgehead | 3 ++ dhki/docker-compose.yml | 66 ++++++++++++++++++++++++++++++++++++++ dhki/queries_to_cache.conf | 2 ++ dhki/root.crt.pem | 20 ++++++++++++ dhki/vars | 11 +++++++ lib/prepare-system.sh | 3 ++ 6 files changed, 105 insertions(+) create mode 100644 dhki/docker-compose.yml create mode 100644 dhki/queries_to_cache.conf create mode 100644 dhki/root.crt.pem create mode 100644 dhki/vars diff --git a/bridgehead b/bridgehead index 37b3047c..eae0648f 100755 --- a/bridgehead +++ b/bridgehead @@ -38,6 +38,9 @@ case "$PROJECT" in itcc) #nothing extra to do ;; + dhki) + #nothing extra to do + ;; minimal) #nothing extra to do ;; diff --git a/dhki/docker-compose.yml b/dhki/docker-compose.yml new file mode 100644 index 00000000..ee8cd17d --- /dev/null +++ b/dhki/docker-compose.yml @@ -0,0 +1,66 @@ +version: "3.7" + +services: + blaze: + image: docker.verbis.dkfz.de/cache/samply/blaze:0.28 + container_name: bridgehead-dhki-blaze + environment: + BASE_URL: "http://bridgehead-dhki-blaze:8080" + JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m" + DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000} + DB_BLOCK_CACHE_SIZE: $BLAZE_MEMORY_CAP + ENFORCE_REFERENTIAL_INTEGRITY: "false" + volumes: + - "blaze-data:/app/data" + labels: + - "traefik.enable=true" + - "traefik.http.routers.blaze_dhki.rule=PathPrefix(`/dhki-localdatamanagement`)" + - "traefik.http.middlewares.dhki_b_strip.stripprefix.prefixes=/dhki-localdatamanagement" + - "traefik.http.services.blaze_dhki.loadbalancer.server.port=8080" + - "traefik.http.routers.blaze_dhki.middlewares=dhki_b_strip,auth" + - "traefik.http.routers.blaze_dhki.tls=true" + + focus: + image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG} + container_name: bridgehead-focus + environment: + API_KEY: ${FOCUS_BEAM_SECRET_SHORT} + BEAM_APP_ID_LONG: focus.${PROXY_ID} + PROXY_ID: ${PROXY_ID} + BLAZE_URL: "http://bridgehead-dhki-blaze:8080/fhir/" + BEAM_PROXY_URL: http://beam-proxy:8081 + RETRY_COUNT: ${FOCUS_RETRY_COUNT} + EPSILON: 0.28 + QUERIES_TO_CACHE: '/queries_to_cache.conf' + volumes: + - /srv/docker/bridgehead/dhki/queries_to_cache.conf:/queries_to_cache.conf + depends_on: + - "beam-proxy" + - "blaze" + + beam-proxy: + image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop + container_name: bridgehead-beam-proxy + environment: + BROKER_URL: ${BROKER_URL} + PROXY_ID: ${PROXY_ID} + APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT} + PRIVKEY_FILE: /run/secrets/proxy.pem + ALL_PROXY: http://forward_proxy:3128 + TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs + ROOTCERT_FILE: /conf/root.crt.pem + secrets: + - proxy.pem + depends_on: + - "forward_proxy" + volumes: + - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro + - /srv/docker/bridgehead/dhki/root.crt.pem:/conf/root.crt.pem:ro + + +volumes: + blaze-data: + +secrets: + proxy.pem: + file: /etc/bridgehead/pki/${SITE_ID}.priv.pem diff --git a/dhki/queries_to_cache.conf b/dhki/queries_to_cache.conf new file mode 100644 index 00000000..b9503125 --- /dev/null +++ b/dhki/queries_to_cache.conf @@ -0,0 +1,2 @@ +bGlicmFyeSBSZXRyaWV2ZQp1c2luZyBGSElSIHZlcnNpb24gJzQuMC4wJwppbmNsdWRlIEZISVJIZWxwZXJzIHZlcnNpb24gJzQuMC4wJwoKY29kZXN5c3RlbSBsb2luYzogJ2h0dHA6Ly9sb2luYy5vcmcnCgpjb250ZXh0IFBhdGllbnQKCgpES1RLX1NUUkFUX0dFTkRFUl9TVFJBVElGSUVSCgpES1RLX1NUUkFUX1BSSU1BUllfRElBR05PU0lTX05PX1NPUlRfU1RSQVRJRklFUgpES1RLX1NUUkFUX0FHRV9DTEFTU19TVFJBVElGSUVSCgpES1RLX1NUUkFUX0RFQ0VBU0VEX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfRElBR05PU0lTX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfU1BFQ0lNRU5fU1RSQVRJRklFUgoKREtUS19TVFJBVF9QUk9DRURVUkVfU1RSQVRJRklFUgoKREtUS19TVFJBVF9NRURJQ0FUSU9OX1NUUkFUSUZJRVIKCiAgREtUS19TVFJBVF9ISVNUT0xPR1lfU1RSQVRJRklFUgpES1RLX1NUUkFUX0RFRl9JTl9JTklUSUFMX1BPUFVMQVRJT04KdHJ1ZQ== +bGlicmFyeSBSZXRyaWV2ZQp1c2luZyBGSElSIHZlcnNpb24gJzQuMC4wJwppbmNsdWRlIEZISVJIZWxwZXJzIHZlcnNpb24gJzQuMC4wJwoKY29kZXN5c3RlbSBsb2luYzogJ2h0dHA6Ly9sb2luYy5vcmcnCmNvZGVzeXN0ZW0gaWNkMTA6ICdodHRwOi8vZmhpci5kZS9Db2RlU3lzdGVtL2JmYXJtL2ljZC0xMC1nbScKY29kZXN5c3RlbSBtb3JwaDogJ3VybjpvaWQ6Mi4xNi44NDAuMS4xMTM4ODMuNi40My4xJwoKY29udGV4dCBQYXRpZW50CgoKREtUS19TVFJBVF9HRU5ERVJfU1RSQVRJRklFUgoKREtUS19TVFJBVF9QUklNQVJZX0RJQUdOT1NJU19OT19TT1JUX1NUUkFUSUZJRVIKREtUS19TVFJBVF9BR0VfQ0xBU1NfU1RSQVRJRklFUgoKREtUS19TVFJBVF9ERUNFQVNFRF9TVFJBVElGSUVSCgpES1RLX1NUUkFUX0RJQUdOT1NJU19TVFJBVElGSUVSCgpES1RLX1NUUkFUX1NQRUNJTUVOX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfUFJPQ0VEVVJFX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfTUVESUNBVElPTl9TVFJBVElGSUVSCgogIERLVEtfU1RSQVRfSElTVE9MT0dZX1NUUkFUSUZJRVIKREtUS19TVFJBVF9ERUZfSU5fSU5JVElBTF9QT1BVTEFUSU9OKGV4aXN0cyBbQ29uZGl0aW9uOiBDb2RlICdDNjEnIGZyb20gaWNkMTBdKSBhbmQgCigoZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzgxNDAvMycpIG9yIAooZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzgxNDcvMycpIG9yIAooZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzg0ODAvMycpIG9yIAooZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzg1MDAvMycpKQ== \ No newline at end of file diff --git a/dhki/root.crt.pem b/dhki/root.crt.pem new file mode 100644 index 00000000..8d58dae5 --- /dev/null +++ b/dhki/root.crt.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNTCCAh2gAwIBAgIUSWUPebUMNfJvPKMjdgX+WiH+OXgwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjQwMTA1MDg1NTM4WhcNMzQw +MTAyMDg1NjA4WjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAL/nvo9Bn1/6Z/K4BKoLM6/mVziM4cmXTVx4npVz +pnptwPPFU4rz47akRZ6ZMD5MO0bsyvaxG1nwVrW3aAGC42JIGTdZHKwMKrd35sxw +k3YlGJagGUs+bKHUCL55OcSmyDWlh/UhA8+eeJWjOt9u0nYXv+vi+N4JSHA0oC9D +bTF1v+7blrTQagf7PTPSF3pe22iXOjJYdOkZMWoMoNAjn6F958fkLNLY3csOZwvP +/3eyNNawyAEPWeIm33Zk630NS8YHggz6WCqwXvuaKb6910mRP8jgauaYsqgsOyDt +pbWuvk//aZWdGeN9RNsAA8eGppygiwm/m9eRC6I0shDwv6ECAwEAAaN7MHkwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFn/dbW1J3ry +7TBzbKo3H4vJr2MiMB8GA1UdIwQYMBaAFFn/dbW1J3ry7TBzbKo3H4vJr2MiMBYG +A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQCa2V8B8aad +XNDS1EUIi9oMdvGvkolcdFwx9fI++qu9xSIaZs5GETHck3oYKZF0CFP5ESnKDn5w +enWgm5M0y+hVZppzB163WmET1efBXwrdyn8j4336NjX352h63JGWCaI2CfZ1qG1p +kf5W9CVXllSFaJe5r994ovgyHvK2ucWwe8l8iMJbQhH79oKi/9uJMCD6aUXnpg1K +nPHW1lsVx6foqYWijdBdtFU2i7LSH2OYo0nb1PgRnY/SABV63JHfJnqW9dZy4f7G +rpsvvrmFrKmEnCZH0n6qveY3Z5bMD94Yx0ebkCTYEqAw3pV65gwxrzBTpEg6dgF0 +eG0eKFUS0REJ +-----END CERTIFICATE----- diff --git a/dhki/vars b/dhki/vars new file mode 100644 index 00000000..52f89611 --- /dev/null +++ b/dhki/vars @@ -0,0 +1,11 @@ +BROKER_ID=broker.hector.dkfz.de +BROKER_URL=https://${BROKER_ID} +PROXY_ID=${SITE_ID}.${BROKER_ID} +FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" +FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64} +SUPPORT_EMAIL=support-ccp@dkfz-heidelberg.de +PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem + +BROKER_URL_FOR_PREREQ=$BROKER_URL + +POSTGRES_TAG=15.6-alpine diff --git a/lib/prepare-system.sh b/lib/prepare-system.sh index f93b6f07..ecd29a5b 100755 --- a/lib/prepare-system.sh +++ b/lib/prepare-system.sh @@ -57,6 +57,9 @@ case "$PROJECT" in ;; itcc) site_configuration_repository_middle="git.verbis.dkfz.de/itcc-sites/" + ;; + dhki) + site_configuration_repository_middle="git.verbis.dkfz.de/dhki/" ;; minimal) site_configuration_repository_middle="git.verbis.dkfz.de/minimal-bridgehead-configs/" From 735e064b030a7a7a35cdc14e467545fb80598627 Mon Sep 17 00:00:00 2001 From: Pierre Delpy <75260699+PierreDelpy@users.noreply.github.com> Date: Thu, 12 Sep 2024 09:19:21 +0200 Subject: [PATCH 09/19] Update queries_to_cache.conf --- dhki/queries_to_cache.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dhki/queries_to_cache.conf b/dhki/queries_to_cache.conf index b9503125..53597fe0 100644 --- a/dhki/queries_to_cache.conf +++ b/dhki/queries_to_cache.conf @@ -1,2 +1,2 @@ -bGlicmFyeSBSZXRyaWV2ZQp1c2luZyBGSElSIHZlcnNpb24gJzQuMC4wJwppbmNsdWRlIEZISVJIZWxwZXJzIHZlcnNpb24gJzQuMC4wJwoKY29kZXN5c3RlbSBsb2luYzogJ2h0dHA6Ly9sb2luYy5vcmcnCgpjb250ZXh0IFBhdGllbnQKCgpES1RLX1NUUkFUX0dFTkRFUl9TVFJBVElGSUVSCgpES1RLX1NUUkFUX1BSSU1BUllfRElBR05PU0lTX05PX1NPUlRfU1RSQVRJRklFUgpES1RLX1NUUkFUX0FHRV9DTEFTU19TVFJBVElGSUVSCgpES1RLX1NUUkFUX0RFQ0VBU0VEX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfRElBR05PU0lTX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfU1BFQ0lNRU5fU1RSQVRJRklFUgoKREtUS19TVFJBVF9QUk9DRURVUkVfU1RSQVRJRklFUgoKREtUS19TVFJBVF9NRURJQ0FUSU9OX1NUUkFUSUZJRVIKCiAgREtUS19TVFJBVF9ISVNUT0xPR1lfU1RSQVRJRklFUgpES1RLX1NUUkFUX0RFRl9JTl9JTklUSUFMX1BPUFVMQVRJT04KdHJ1ZQ== -bGlicmFyeSBSZXRyaWV2ZQp1c2luZyBGSElSIHZlcnNpb24gJzQuMC4wJwppbmNsdWRlIEZISVJIZWxwZXJzIHZlcnNpb24gJzQuMC4wJwoKY29kZXN5c3RlbSBsb2luYzogJ2h0dHA6Ly9sb2luYy5vcmcnCmNvZGVzeXN0ZW0gaWNkMTA6ICdodHRwOi8vZmhpci5kZS9Db2RlU3lzdGVtL2JmYXJtL2ljZC0xMC1nbScKY29kZXN5c3RlbSBtb3JwaDogJ3VybjpvaWQ6Mi4xNi44NDAuMS4xMTM4ODMuNi40My4xJwoKY29udGV4dCBQYXRpZW50CgoKREtUS19TVFJBVF9HRU5ERVJfU1RSQVRJRklFUgoKREtUS19TVFJBVF9QUklNQVJZX0RJQUdOT1NJU19OT19TT1JUX1NUUkFUSUZJRVIKREtUS19TVFJBVF9BR0VfQ0xBU1NfU1RSQVRJRklFUgoKREtUS19TVFJBVF9ERUNFQVNFRF9TVFJBVElGSUVSCgpES1RLX1NUUkFUX0RJQUdOT1NJU19TVFJBVElGSUVSCgpES1RLX1NUUkFUX1NQRUNJTUVOX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfUFJPQ0VEVVJFX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfTUVESUNBVElPTl9TVFJBVElGSUVSCgogIERLVEtfU1RSQVRfSElTVE9MT0dZX1NUUkFUSUZJRVIKREtUS19TVFJBVF9ERUZfSU5fSU5JVElBTF9QT1BVTEFUSU9OKGV4aXN0cyBbQ29uZGl0aW9uOiBDb2RlICdDNjEnIGZyb20gaWNkMTBdKSBhbmQgCigoZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzgxNDAvMycpIG9yIAooZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzgxNDcvMycpIG9yIAooZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzg0ODAvMycpIG9yIAooZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzg1MDAvMycpKQ== \ No newline at end of file +bGlicmFyeSBSZXRyaWV2ZQp1c2luZyBGSElSIHZlcnNpb24gJzQuMC4wJwppbmNsdWRlIEZISVJIZWxwZXJzIHZlcnNpb24gJzQuMC4wJwpjb2Rlc3lzdGVtIFNhbXBsZU1hdGVyaWFsVHlwZTogJ2h0dHBzOi8vZmhpci5iYm1yaS5kZS9Db2RlU3lzdGVtL1NhbXBsZU1hdGVyaWFsVHlwZScKCmNvZGVzeXN0ZW0gbG9pbmM6ICdodHRwOi8vbG9pbmMub3JnJwoKY29udGV4dCBQYXRpZW50CgpES1RLX1NUUkFUX0dFTkRFUl9TVFJBVElGSUVSCgpES1RLX1NUUkFUX0FHRV9TVFJBVElGSUVSCgpES1RLX1NUUkFUX0RFQ0VBU0VEX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfRElBR05PU0lTX1NUUkFUSUZJRVIKCkRIS0lfU1RSQVRfU1BFQ0lNRU5fU1RSQVRJRklFUgoKREtUS19TVFJBVF9QUk9DRURVUkVfU1RSQVRJRklFUgoKREhLSV9TVFJBVF9NRURJQ0FUSU9OX1NUUkFUSUZJRVIKCkRIS0lfU1RSQVRfRU5DT1VOVEVSX1NUUkFUSUZJRVIKREtUS19TVFJBVF9ERUZfSU5fSU5JVElBTF9QT1BVTEFUSU9OCnRydWU= +bGlicmFyeSBSZXRyaWV2ZQp1c2luZyBGSElSIHZlcnNpb24gJzQuMC4wJwppbmNsdWRlIEZISVJIZWxwZXJzIHZlcnNpb24gJzQuMC4wJwpjb2Rlc3lzdGVtIFNhbXBsZU1hdGVyaWFsVHlwZTogJ2h0dHBzOi8vZmhpci5iYm1yaS5kZS9Db2RlU3lzdGVtL1NhbXBsZU1hdGVyaWFsVHlwZScKCmNvZGVzeXN0ZW0gbG9pbmM6ICdodHRwOi8vbG9pbmMub3JnJwpjb2Rlc3lzdGVtIGljZDEwOiAnaHR0cDovL2ZoaXIuZGUvQ29kZVN5c3RlbS9iZmFybS9pY2QtMTAtZ20nCmNvZGVzeXN0ZW0gbW9ycGg6ICd1cm46b2lkOjIuMTYuODQwLjEuMTEzODgzLjYuNDMuMScKCmNvbnRleHQgUGF0aWVudAoKREtUS19TVFJBVF9HRU5ERVJfU1RSQVRJRklFUgoKREtUS19TVFJBVF9BR0VfU1RSQVRJRklFUgoKREtUS19TVFJBVF9ERUNFQVNFRF9TVFJBVElGSUVSCgpES1RLX1NUUkFUX0RJQUdOT1NJU19TVFJBVElGSUVSCgpESEtJX1NUUkFUX1NQRUNJTUVOX1NUUkFUSUZJRVIKCkRLVEtfU1RSQVRfUFJPQ0VEVVJFX1NUUkFUSUZJRVIKCkRIS0lfU1RSQVRfTUVESUNBVElPTl9TVFJBVElGSUVSCgpESEtJX1NUUkFUX0VOQ09VTlRFUl9TVFJBVElGSUVSCkRLVEtfU1RSQVRfREVGX0lOX0lOSVRJQUxfUE9QVUxBVElPTgooKChleGlzdHMgW0NvbmRpdGlvbjogQ29kZSAnQzM0LjknIGZyb20gaWNkMTBdKSBvcgooZXhpc3RzIFtDb25kaXRpb246IENvZGUgJ0MzNC44JyBmcm9tIGljZDEwXSkgb3IKKGV4aXN0cyBbQ29uZGl0aW9uOiBDb2RlICdDMzQuMCcgZnJvbSBpY2QxMF0pIG9yCihleGlzdHMgW0NvbmRpdGlvbjogQ29kZSAnQzM0LjInIGZyb20gaWNkMTBdKSBvcgooZXhpc3RzIFtDb25kaXRpb246IENvZGUgJ0MzNC4xJyBmcm9tIGljZDEwXSkgb3IKKGV4aXN0cyBbQ29uZGl0aW9uOiBDb2RlICdDMzQuMycgZnJvbSBpY2QxMF0pKSBhbmQKKChleGlzdHMgZnJvbSBbT2JzZXJ2YXRpb246IENvZGUgJzU5ODQ3LTQnIGZyb20gbG9pbmNdIE8Kd2hlcmUgTy52YWx1ZS5jb2RpbmcuY29kZSBjb250YWlucyAnODE0MC8zJykgb3IKKGV4aXN0cyBmcm9tIFtPYnNlcnZhdGlvbjogQ29kZSAnNTk4NDctNCcgZnJvbSBsb2luY10gTwp3aGVyZSBPLnZhbHVlLmNvZGluZy5jb2RlIGNvbnRhaW5zICc4MTQxLzMnKSBvcgooZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzgxNDMvMycpIG9yCihleGlzdHMgZnJvbSBbT2JzZXJ2YXRpb246IENvZGUgJzU5ODQ3LTQnIGZyb20gbG9pbmNdIE8Kd2hlcmUgTy52YWx1ZS5jb2RpbmcuY29kZSBjb250YWlucyAnODE0Ny8zJykgb3IKKGV4aXN0cyBmcm9tIFtPYnNlcnZhdGlvbjogQ29kZSAnNTk4NDctNCcgZnJvbSBsb2luY10gTwp3aGVyZSBPLnZhbHVlLmNvZGluZy5jb2RlIGNvbnRhaW5zICc4MjUwLzMnKSBvcgooZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzgyNTEvMycpIG9yCihleGlzdHMgZnJvbSBbT2JzZXJ2YXRpb246IENvZGUgJzU5ODQ3LTQnIGZyb20gbG9pbmNdIE8Kd2hlcmUgTy52YWx1ZS5jb2RpbmcuY29kZSBjb250YWlucyAnODI1Mi8zJykgb3IKKGV4aXN0cyBmcm9tIFtPYnNlcnZhdGlvbjogQ29kZSAnNTk4NDctNCcgZnJvbSBsb2luY10gTwp3aGVyZSBPLnZhbHVlLmNvZGluZy5jb2RlIGNvbnRhaW5zICc4MjUzLzMnKSBvcgooZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzgyNTUvMycpIG9yCihleGlzdHMgZnJvbSBbT2JzZXJ2YXRpb246IENvZGUgJzU5ODQ3LTQnIGZyb20gbG9pbmNdIE8Kd2hlcmUgTy52YWx1ZS5jb2RpbmcuY29kZSBjb250YWlucyAnODI2MC8zJykgb3IKKGV4aXN0cyBmcm9tIFtPYnNlcnZhdGlvbjogQ29kZSAnNTk4NDctNCcgZnJvbSBsb2luY10gTwp3aGVyZSBPLnZhbHVlLmNvZGluZy5jb2RlIGNvbnRhaW5zICc4MzEwLzMnKSBvcgooZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzgzMzMvMycpIG9yCihleGlzdHMgZnJvbSBbT2JzZXJ2YXRpb246IENvZGUgJzU5ODQ3LTQnIGZyb20gbG9pbmNdIE8Kd2hlcmUgTy52YWx1ZS5jb2RpbmcuY29kZSBjb250YWlucyAnODQ3MC8zJykgb3IKKGV4aXN0cyBmcm9tIFtPYnNlcnZhdGlvbjogQ29kZSAnNTk4NDctNCcgZnJvbSBsb2luY10gTwp3aGVyZSBPLnZhbHVlLmNvZGluZy5jb2RlIGNvbnRhaW5zICc4NDgwLzMnKSBvcgooZXhpc3RzIGZyb20gW09ic2VydmF0aW9uOiBDb2RlICc1OTg0Ny00JyBmcm9tIGxvaW5jXSBPCndoZXJlIE8udmFsdWUuY29kaW5nLmNvZGUgY29udGFpbnMgJzg0OTAvMycpIG9yCihleGlzdHMgZnJvbSBbT2JzZXJ2YXRpb246IENvZGUgJzU5ODQ3LTQnIGZyb20gbG9pbmNdIE8Kd2hlcmUgTy52YWx1ZS5jb2RpbmcuY29kZSBjb250YWlucyAnODU1MC8zJykgb3IKKGV4aXN0cyBmcm9tIFtPYnNlcnZhdGlvbjogQ29kZSAnNTk4NDctNCcgZnJvbSBsb2luY10gTwp3aGVyZSBPLnZhbHVlLmNvZGluZy5jb2RlIGNvbnRhaW5zICc4MDUyLzMnKSkp From f0bdb5c1463541c0d070aef5324e955d06d9dc51 Mon Sep 17 00:00:00 2001 From: "p.delpy@dkfz-heidelberg.de" Date: Thu, 12 Sep 2024 09:24:48 +0200 Subject: [PATCH 10/19] fix: re-add modules --- ccp/modules/id-management-setup.sh | 2 +- ccp/modules/obds2fhir-rest-setup.sh | 2 +- dhki/vars | 9 +++++++++ lib/update-bridgehead.sh | 1 + 4 files changed, 12 insertions(+), 2 deletions(-) diff --git a/ccp/modules/id-management-setup.sh b/ccp/modules/id-management-setup.sh index 31659560..333b5125 100644 --- a/ccp/modules/id-management-setup.sh +++ b/ccp/modules/id-management-setup.sh @@ -3,7 +3,7 @@ function idManagementSetup() { if [ -n "$IDMANAGER_UPLOAD_APIKEY" ]; then log INFO "id-management setup detected -- will start id-management (mainzelliste & magicpl)." - OVERRIDE+=" -f ./$PROJECT/modules/id-management-compose.yml" + OVERRIDE+=" -f ./ccp/modules/id-management-compose.yml" # Auto Generate local Passwords PATIENTLIST_POSTGRES_PASSWORD="$(echo \"id-management-module-db-password-salt\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" diff --git a/ccp/modules/obds2fhir-rest-setup.sh b/ccp/modules/obds2fhir-rest-setup.sh index 677ea637..6120f318 100644 --- a/ccp/modules/obds2fhir-rest-setup.sh +++ b/ccp/modules/obds2fhir-rest-setup.sh @@ -7,7 +7,7 @@ function obds2fhirRestSetup() { log ERROR "Missing ID-Management Module! Fix this by setting up ID Management:" PATIENTLIST_URL=" " fi - OVERRIDE+=" -f ./$PROJECT/modules/obds2fhir-rest-compose.yml" + OVERRIDE+=" -f ./ccp/modules/obds2fhir-rest-compose.yml" LOCAL_SALT="$(echo \"local-random-salt\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" fi } diff --git a/dhki/vars b/dhki/vars index 52f89611..df3dd550 100644 --- a/dhki/vars +++ b/dhki/vars @@ -9,3 +9,12 @@ PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem BROKER_URL_FOR_PREREQ=$BROKER_URL POSTGRES_TAG=15.6-alpine + +for module in $PROJECT/modules/*.sh +do + log DEBUG "sourcing $module" + source $module +done + +idManagementSetup +obds2fhirRestSetup \ No newline at end of file diff --git a/lib/update-bridgehead.sh b/lib/update-bridgehead.sh index 44655b16..16638b64 100755 --- a/lib/update-bridgehead.sh +++ b/lib/update-bridgehead.sh @@ -10,6 +10,7 @@ if [ "$AUTO_HOUSEKEEPING" == "true" ]; then docker system prune -a -f else A="$A Not cleaning docker images since BK is not running." + docker system prune -f fi hc_send log "$A" log INFO "$A" From 77c870ab22a991feed54707396010c98a5cad694 Mon Sep 17 00:00:00 2001 From: "p.delpy@dkfz-heidelberg.de" Date: Thu, 12 Sep 2024 09:29:30 +0200 Subject: [PATCH 11/19] fix: fix bash path --- dhki/vars | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dhki/vars b/dhki/vars index df3dd550..b728925f 100644 --- a/dhki/vars +++ b/dhki/vars @@ -10,7 +10,7 @@ BROKER_URL_FOR_PREREQ=$BROKER_URL POSTGRES_TAG=15.6-alpine -for module in $PROJECT/modules/*.sh +for module in ccp/modules/*.sh do log DEBUG "sourcing $module" source $module From 969f1e724293922402c32f322fce9d5b95434da7 Mon Sep 17 00:00:00 2001 From: "p.delpy@dkfz-heidelberg.de" Date: Thu, 12 Sep 2024 09:41:19 +0200 Subject: [PATCH 12/19] fix: remove accidental commit --- lib/update-bridgehead.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/update-bridgehead.sh b/lib/update-bridgehead.sh index 16638b64..44655b16 100755 --- a/lib/update-bridgehead.sh +++ b/lib/update-bridgehead.sh @@ -10,7 +10,6 @@ if [ "$AUTO_HOUSEKEEPING" == "true" ]; then docker system prune -a -f else A="$A Not cleaning docker images since BK is not running." - docker system prune -f fi hc_send log "$A" log INFO "$A" From 65359c2ee692f9c7b7acdf85dbb8178cb0e85ca8 Mon Sep 17 00:00:00 2001 From: Pierre Delpy <75260699+PierreDelpy@users.noreply.github.com> Date: Thu, 12 Sep 2024 10:04:53 +0200 Subject: [PATCH 13/19] Feature/pilot projects backup (#227) add pilot projects --- bridgehead | 3 + cce/modules/lens-compose.yml | 5 ++ cce/modules/lens-setup.sh | 3 +- cce/vars | 2 +- itcc/modules/lens-compose.yml | 5 ++ itcc/vars | 2 +- kr/docker-compose.yml | 63 +++++++++++++++++++ kr/modules/export-and-qb.curl-templates | 6 ++ kr/modules/exporter-compose.yml | 67 ++++++++++++++++++++ kr/modules/exporter-setup.sh | 8 +++ kr/modules/exporter.md | 15 +++++ kr/modules/lens-compose.yml | 33 ++++++++++ kr/modules/lens-setup.sh | 5 ++ kr/modules/obds2fhir-rest-compose.yml | 20 ++++++ kr/modules/obds2fhir-rest-setup.sh | 13 ++++ kr/modules/teiler-compose.yml | 81 +++++++++++++++++++++++++ kr/modules/teiler-setup.sh | 9 +++ kr/modules/teiler.md | 19 ++++++ kr/root.crt.pem | 20 ++++++ kr/vars | 16 +++++ lib/functions.sh | 2 +- lib/prepare-system.sh | 6 ++ 22 files changed, 398 insertions(+), 5 deletions(-) create mode 100644 kr/docker-compose.yml create mode 100644 kr/modules/export-and-qb.curl-templates create mode 100644 kr/modules/exporter-compose.yml create mode 100644 kr/modules/exporter-setup.sh create mode 100644 kr/modules/exporter.md create mode 100644 kr/modules/lens-compose.yml create mode 100644 kr/modules/lens-setup.sh create mode 100644 kr/modules/obds2fhir-rest-compose.yml create mode 100644 kr/modules/obds2fhir-rest-setup.sh create mode 100644 kr/modules/teiler-compose.yml create mode 100644 kr/modules/teiler-setup.sh create mode 100644 kr/modules/teiler.md create mode 100644 kr/root.crt.pem create mode 100644 kr/vars diff --git a/bridgehead b/bridgehead index eae0648f..d5d3a20d 100755 --- a/bridgehead +++ b/bridgehead @@ -38,6 +38,9 @@ case "$PROJECT" in itcc) #nothing extra to do ;; + kr) + #nothing extra to do + ;; dhki) #nothing extra to do ;; diff --git a/cce/modules/lens-compose.yml b/cce/modules/lens-compose.yml index 6575578d..12b95cea 100644 --- a/cce/modules/lens-compose.yml +++ b/cce/modules/lens-compose.yml @@ -3,6 +3,11 @@ services: landing: container_name: lens_federated-search image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID} + labels: + - "traefik.enable=true" + - "traefik.http.routers.landing.rule=PathPrefix(`/`)" + - "traefik.http.services.landing.loadbalancer.server.port=80" + - "traefik.http.routers.landing.tls=true" spot: image: docker.verbis.dkfz.de/ccp-private/central-spot diff --git a/cce/modules/lens-setup.sh b/cce/modules/lens-setup.sh index eb511b5c..c19dc4bc 100644 --- a/cce/modules/lens-setup.sh +++ b/cce/modules/lens-setup.sh @@ -2,5 +2,4 @@ if [ -n "$ENABLE_LENS" ];then OVERRIDE+=" -f ./$PROJECT/modules/lens-compose.yml" -fi -} \ No newline at end of file +fi \ No newline at end of file diff --git a/cce/vars b/cce/vars index b03403b8..7d0c1a3c 100644 --- a/cce/vars +++ b/cce/vars @@ -3,7 +3,7 @@ BROKER_URL=https://${BROKER_ID} PROXY_ID=${SITE_ID}.${BROKER_ID} FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64} -SUPPORT_EMAIL=arturo.macias@dkfz-heidelberg.de +SUPPORT_EMAIL=manoj.waikar@dkfz-heidelberg.de PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem BROKER_URL_FOR_PREREQ=$BROKER_URL diff --git a/itcc/modules/lens-compose.yml b/itcc/modules/lens-compose.yml index 85931066..2bbddbe5 100644 --- a/itcc/modules/lens-compose.yml +++ b/itcc/modules/lens-compose.yml @@ -3,6 +3,11 @@ services: landing: container_name: lens_federated-search image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID} + labels: + - "traefik.enable=true" + - "traefik.http.routers.landing.rule=PathPrefix(`/`)" + - "traefik.http.services.landing.loadbalancer.server.port=80" + - "traefik.http.routers.landing.tls=true" spot: image: docker.verbis.dkfz.de/ccp-private/central-spot diff --git a/itcc/vars b/itcc/vars index 7d0c1a3c..b03403b8 100644 --- a/itcc/vars +++ b/itcc/vars @@ -3,7 +3,7 @@ BROKER_URL=https://${BROKER_ID} PROXY_ID=${SITE_ID}.${BROKER_ID} FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64} -SUPPORT_EMAIL=manoj.waikar@dkfz-heidelberg.de +SUPPORT_EMAIL=arturo.macias@dkfz-heidelberg.de PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem BROKER_URL_FOR_PREREQ=$BROKER_URL diff --git a/kr/docker-compose.yml b/kr/docker-compose.yml new file mode 100644 index 00000000..d875a241 --- /dev/null +++ b/kr/docker-compose.yml @@ -0,0 +1,63 @@ +version: "3.7" + +services: + blaze: + image: docker.verbis.dkfz.de/cache/samply/blaze:0.28 + container_name: bridgehead-kr-blaze + environment: + BASE_URL: "http://bridgehead-kr-blaze:8080" + JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m" + DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000} + DB_BLOCK_CACHE_SIZE: $BLAZE_MEMORY_CAP + ENFORCE_REFERENTIAL_INTEGRITY: "false" + volumes: + - "blaze-data:/app/data" + labels: + - "traefik.enable=true" + - "traefik.http.routers.blaze_kr.rule=PathPrefix(`/kr-localdatamanagement`)" + - "traefik.http.middlewares.kr_b_strip.stripprefix.prefixes=/kr-localdatamanagement" + - "traefik.http.services.blaze_kr.loadbalancer.server.port=8080" + - "traefik.http.routers.blaze_kr.middlewares=kr_b_strip,auth" + - "traefik.http.routers.blaze_kr.tls=true" + + focus: + image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG} + container_name: bridgehead-focus + environment: + API_KEY: ${FOCUS_BEAM_SECRET_SHORT} + BEAM_APP_ID_LONG: focus.${PROXY_ID} + PROXY_ID: ${PROXY_ID} + BLAZE_URL: "http://bridgehead-kr-blaze:8080/fhir/" + BEAM_PROXY_URL: http://beam-proxy:8081 + RETRY_COUNT: ${FOCUS_RETRY_COUNT} + EPSILON: 0.28 + depends_on: + - "beam-proxy" + - "blaze" + + beam-proxy: + image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop + container_name: bridgehead-beam-proxy + environment: + BROKER_URL: ${BROKER_URL} + PROXY_ID: ${PROXY_ID} + APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT} + PRIVKEY_FILE: /run/secrets/proxy.pem + ALL_PROXY: http://forward_proxy:3128 + TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs + ROOTCERT_FILE: /conf/root.crt.pem + secrets: + - proxy.pem + depends_on: + - "forward_proxy" + volumes: + - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro + - /srv/docker/bridgehead/kr/root.crt.pem:/conf/root.crt.pem:ro + + +volumes: + blaze-data: + +secrets: + proxy.pem: + file: /etc/bridgehead/pki/${SITE_ID}.priv.pem diff --git a/kr/modules/export-and-qb.curl-templates b/kr/modules/export-and-qb.curl-templates new file mode 100644 index 00000000..739c5af6 --- /dev/null +++ b/kr/modules/export-and-qb.curl-templates @@ -0,0 +1,6 @@ +# Full Excel Export +curl --location --request POST 'https://${HOST}/ccp-exporter/request?query=Patient&query-format=FHIR_PATH&template-id=ccp&output-format=EXCEL' \ +--header 'x-api-key: ${EXPORT_API_KEY}' + +# QB +curl --location --request POST 'https://${HOST}/ccp-reporter/generate?template-id=ccp' diff --git a/kr/modules/exporter-compose.yml b/kr/modules/exporter-compose.yml new file mode 100644 index 00000000..d5eb2274 --- /dev/null +++ b/kr/modules/exporter-compose.yml @@ -0,0 +1,67 @@ +version: "3.7" + +services: + exporter: + image: docker.verbis.dkfz.de/ccp/dktk-exporter:latest + container_name: bridgehead-ccp-exporter + environment: + JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC" + LOG_LEVEL: "INFO" + EXPORTER_API_KEY: "${EXPORTER_API_KEY}" # Set in exporter-setup.sh + CROSS_ORIGINS: "https://${HOST}" + EXPORTER_DB_USER: "exporter" + EXPORTER_DB_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh + EXPORTER_DB_URL: "jdbc:postgresql://exporter-db:5432/exporter" + HTTP_RELATIVE_PATH: "/ccp-exporter" + SITE: "${SITE_ID}" + HTTP_SERVLET_REQUEST_SCHEME: "https" + OPAL_PASSWORD: "${EXPORTER_OPAL_PASSWORD}" + labels: + - "traefik.enable=true" + - "traefik.http.routers.exporter_ccp.rule=PathPrefix(`/ccp-exporter`)" + - "traefik.http.services.exporter_ccp.loadbalancer.server.port=8092" + - "traefik.http.routers.exporter_ccp.tls=true" + - "traefik.http.middlewares.exporter_ccp_strip.stripprefix.prefixes=/ccp-exporter" + - "traefik.http.routers.exporter_ccp.middlewares=exporter_ccp_strip" + volumes: + - "/var/cache/bridgehead/ccp/exporter-files:/app/exporter-files/output" + + exporter-db: + image: docker.verbis.dkfz.de/cache/postgres:${POSTGRES_TAG} + container_name: bridgehead-ccp-exporter-db + environment: + POSTGRES_USER: "exporter" + POSTGRES_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh + POSTGRES_DB: "exporter" + volumes: + # Consider removing this volume once we find a solution to save Lens-queries to be executed in the explorer. + - "/var/cache/bridgehead/ccp/exporter-db:/var/lib/postgresql/data" + + reporter: + image: docker.verbis.dkfz.de/ccp/dktk-reporter:latest + container_name: bridgehead-ccp-reporter + environment: + JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC" + LOG_LEVEL: "INFO" + CROSS_ORIGINS: "https://${HOST}" + HTTP_RELATIVE_PATH: "/ccp-reporter" + SITE: "${SITE_ID}" + EXPORTER_API_KEY: "${EXPORTER_API_KEY}" # Set in exporter-setup.sh + EXPORTER_URL: "http://exporter:8092" + LOG_FHIR_VALIDATION: "false" + HTTP_SERVLET_REQUEST_SCHEME: "https" + + # In this initial development state of the bridgehead, we are trying to have so many volumes as possible. + # However, in the first executions in the CCP sites, this volume seems to be very important. A report is + # a process that can take several hours, because it depends on the exporter. + # There is a risk that the bridgehead restarts, losing the already created export. + + volumes: + - "/var/cache/bridgehead/ccp/reporter-files:/app/reports" + labels: + - "traefik.enable=true" + - "traefik.http.routers.reporter_ccp.rule=PathPrefix(`/ccp-reporter`)" + - "traefik.http.services.reporter_ccp.loadbalancer.server.port=8095" + - "traefik.http.routers.reporter_ccp.tls=true" + - "traefik.http.middlewares.reporter_ccp_strip.stripprefix.prefixes=/ccp-reporter" + - "traefik.http.routers.reporter_ccp.middlewares=reporter_ccp_strip" diff --git a/kr/modules/exporter-setup.sh b/kr/modules/exporter-setup.sh new file mode 100644 index 00000000..9b947a60 --- /dev/null +++ b/kr/modules/exporter-setup.sh @@ -0,0 +1,8 @@ +#!/bin/bash -e + +if [ "$ENABLE_EXPORTER" == true ]; then + log INFO "Exporter setup detected -- will start Exporter service." + OVERRIDE+=" -f ./$PROJECT/modules/exporter-compose.yml" + EXPORTER_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" + EXPORTER_API_KEY="$(echo \"This is a salt string to generate one consistent API KEY for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 64)" +fi diff --git a/kr/modules/exporter.md b/kr/modules/exporter.md new file mode 100644 index 00000000..24e81b05 --- /dev/null +++ b/kr/modules/exporter.md @@ -0,0 +1,15 @@ +# Exporter and Reporter + + +## Exporter +The exporter is a REST API that exports the data of the different databases of the bridgehead in a set of tables. +It can accept different output formats as CSV, Excel, JSON or XML. It can also export data into Opal. + +## Exporter-DB +It is a database to save queries for its execution in the exporter. +The exporter manages also the different executions of the same query in through the database. + +## Reporter +This component is a plugin of the exporter that allows to create more complex Excel reports described in templates. +It is compatible with different template engines as Groovy, Thymeleaf,... +It is perfect to generate a document as our traditional CCP quality report. diff --git a/kr/modules/lens-compose.yml b/kr/modules/lens-compose.yml new file mode 100644 index 00000000..180dd676 --- /dev/null +++ b/kr/modules/lens-compose.yml @@ -0,0 +1,33 @@ +version: "3.7" +services: + landing: + container_name: lens_federated-search + image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID} + labels: + - "traefik.enable=true" + - "traefik.http.routers.landing.rule=PathPrefix(`/`)" + - "traefik.http.services.landing.loadbalancer.server.port=80" + - "traefik.http.routers.landing.tls=true" + + spot: + image: docker.verbis.dkfz.de/ccp-private/central-spot + environment: + BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}" + BEAM_URL: http://beam-proxy:8081 + BEAM_PROXY_ID: ${SITE_ID} + BEAM_BROKER_ID: ${BROKER_ID} + BEAM_APP_ID: "focus" + PROJECT_METADATA: "kr_supervisors" + depends_on: + - "beam-proxy" + labels: + - "traefik.enable=true" + - "traefik.http.services.spot.loadbalancer.server.port=8080" + - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST" + - "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}" + - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true" + - "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1" + - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/backend`)" + - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/backend" + - "traefik.http.routers.spot.tls=true" + - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot" diff --git a/kr/modules/lens-setup.sh b/kr/modules/lens-setup.sh new file mode 100644 index 00000000..c19dc4bc --- /dev/null +++ b/kr/modules/lens-setup.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +if [ -n "$ENABLE_LENS" ];then + OVERRIDE+=" -f ./$PROJECT/modules/lens-compose.yml" +fi \ No newline at end of file diff --git a/kr/modules/obds2fhir-rest-compose.yml b/kr/modules/obds2fhir-rest-compose.yml new file mode 100644 index 00000000..f201e23f --- /dev/null +++ b/kr/modules/obds2fhir-rest-compose.yml @@ -0,0 +1,20 @@ +version: "3.7" + +services: + obds2fhir-rest: + container_name: bridgehead-obds2fhir-rest + image: docker.verbis.dkfz.de/ccp/obds2fhir-rest:main + environment: + IDTYPE: BK_${IDMANAGEMENT_FRIENDLY_ID}_L-ID + MAINZELLISTE_APIKEY: ${IDMANAGER_LOCAL_PATIENTLIST_APIKEY} + SALT: ${LOCAL_SALT} + KEEP_INTERNAL_ID: ${KEEP_INTERNAL_ID:-false} + MAINZELLISTE_URL: ${PATIENTLIST_URL:-http://patientlist:8080/patientlist} + restart: always + labels: + - "traefik.enable=true" + - "traefik.http.routers.obds2fhir-rest.rule=PathPrefix(`/obds2fhir-rest`) || PathPrefix(`/adt2fhir-rest`)" + - "traefik.http.middlewares.obds2fhir-rest_strip.stripprefix.prefixes=/obds2fhir-rest,/adt2fhir-rest" + - "traefik.http.services.obds2fhir-rest.loadbalancer.server.port=8080" + - "traefik.http.routers.obds2fhir-rest.tls=true" + - "traefik.http.routers.obds2fhir-rest.middlewares=obds2fhir-rest_strip,auth" diff --git a/kr/modules/obds2fhir-rest-setup.sh b/kr/modules/obds2fhir-rest-setup.sh new file mode 100644 index 00000000..677ea637 --- /dev/null +++ b/kr/modules/obds2fhir-rest-setup.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +function obds2fhirRestSetup() { + if [ -n "$ENABLE_OBDS2FHIR_REST" ]; then + log INFO "oBDS2FHIR-REST setup detected -- will start obds2fhir-rest module." + if [ ! -n "$IDMANAGER_UPLOAD_APIKEY" ]; then + log ERROR "Missing ID-Management Module! Fix this by setting up ID Management:" + PATIENTLIST_URL=" " + fi + OVERRIDE+=" -f ./$PROJECT/modules/obds2fhir-rest-compose.yml" + LOCAL_SALT="$(echo \"local-random-salt\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" + fi +} diff --git a/kr/modules/teiler-compose.yml b/kr/modules/teiler-compose.yml new file mode 100644 index 00000000..f415ee97 --- /dev/null +++ b/kr/modules/teiler-compose.yml @@ -0,0 +1,81 @@ +version: "3.7" + +services: + + teiler-orchestrator: + image: docker.verbis.dkfz.de/cache/samply/teiler-orchestrator:latest + container_name: bridgehead-teiler-orchestrator + labels: + - "traefik.enable=true" + - "traefik.http.routers.teiler_orchestrator_ccp.rule=PathPrefix(`/ccp-teiler`)" + - "traefik.http.services.teiler_orchestrator_ccp.loadbalancer.server.port=9000" + - "traefik.http.routers.teiler_orchestrator_ccp.tls=true" + - "traefik.http.middlewares.teiler_orchestrator_ccp_strip.stripprefix.prefixes=/ccp-teiler" + - "traefik.http.routers.teiler_orchestrator_ccp.middlewares=teiler_orchestrator_ccp_strip" + environment: + TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend" + TEILER_DASHBOARD_URL: "https://${HOST}/ccp-teiler-dashboard" + DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE_LOWER_CASE}" + HTTP_RELATIVE_PATH: "/ccp-teiler" + + teiler-dashboard: + image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop + container_name: bridgehead-teiler-dashboard + labels: + - "traefik.enable=true" + - "traefik.http.routers.teiler_dashboard_ccp.rule=PathPrefix(`/ccp-teiler-dashboard`)" + - "traefik.http.services.teiler_dashboard_ccp.loadbalancer.server.port=80" + - "traefik.http.routers.teiler_dashboard_ccp.tls=true" + - "traefik.http.middlewares.teiler_dashboard_ccp_strip.stripprefix.prefixes=/ccp-teiler-dashboard" + - "traefik.http.routers.teiler_dashboard_ccp.middlewares=teiler_dashboard_ccp_strip" + environment: + DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}" + TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend" + OIDC_URL: "${OIDC_URL}" + OIDC_REALM: "${OIDC_REALM}" + OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}" + OIDC_TOKEN_GROUP: "${OIDC_GROUP_CLAIM}" + TEILER_ADMIN_NAME: "${OPERATOR_FIRST_NAME} ${OPERATOR_LAST_NAME}" + TEILER_ADMIN_EMAIL: "${OPERATOR_EMAIL}" + TEILER_ADMIN_PHONE: "${OPERATOR_PHONE}" + TEILER_PROJECT: "${PROJECT}" + EXPORTER_API_KEY: "${EXPORTER_API_KEY}" + TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler" + TEILER_DASHBOARD_HTTP_RELATIVE_PATH: "/ccp-teiler-dashboard" + TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/ccp-teiler" + TEILER_USER: "${OIDC_USER_GROUP}" + TEILER_ADMIN: "${OIDC_ADMIN_GROUP}" + REPORTER_DEFAULT_TEMPLATE_ID: "ccp-qb" + EXPORTER_DEFAULT_TEMPLATE_ID: "ccp" + + + teiler-backend: + image: docker.verbis.dkfz.de/ccp/dktk-teiler-backend:latest + container_name: bridgehead-teiler-backend + labels: + - "traefik.enable=true" + - "traefik.http.routers.teiler_backend_ccp.rule=PathPrefix(`/ccp-teiler-backend`)" + - "traefik.http.services.teiler_backend_ccp.loadbalancer.server.port=8085" + - "traefik.http.routers.teiler_backend_ccp.tls=true" + - "traefik.http.middlewares.teiler_backend_ccp_strip.stripprefix.prefixes=/ccp-teiler-backend" + - "traefik.http.routers.teiler_backend_ccp.middlewares=teiler_backend_ccp_strip" + environment: + LOG_LEVEL: "INFO" + APPLICATION_PORT: "8085" + APPLICATION_ADDRESS: "${HOST}" + DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}" + CONFIG_ENV_VAR_PATH: "/run/secrets/ccp.conf" + TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/ccp-teiler" + TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler" + TEILER_DASHBOARD_DE_URL: "https://${HOST}/ccp-teiler-dashboard/de" + TEILER_DASHBOARD_EN_URL: "https://${HOST}/ccp-teiler-dashboard/en" + CENTRAX_URL: "${CENTRAXX_URL}" + HTTP_PROXY: "http://forward_proxy:3128" + ENABLE_MTBA: "${ENABLE_MTBA}" + ENABLE_DATASHIELD: "${ENABLE_DATASHIELD}" + secrets: + - ccp.conf + +secrets: + ccp.conf: + file: /etc/bridgehead/ccp.conf diff --git a/kr/modules/teiler-setup.sh b/kr/modules/teiler-setup.sh new file mode 100644 index 00000000..eed3f81f --- /dev/null +++ b/kr/modules/teiler-setup.sh @@ -0,0 +1,9 @@ +#!/bin/bash -e + +if [ "$ENABLE_TEILER" == true ];then + log INFO "Teiler setup detected -- will start Teiler services." + OVERRIDE+=" -f ./$PROJECT/modules/teiler-compose.yml" + TEILER_DEFAULT_LANGUAGE=DE + TEILER_DEFAULT_LANGUAGE_LOWER_CASE=${TEILER_DEFAULT_LANGUAGE,,} + add_public_oidc_redirect_url "/ccp-teiler/*" +fi diff --git a/kr/modules/teiler.md b/kr/modules/teiler.md new file mode 100644 index 00000000..51e94e46 --- /dev/null +++ b/kr/modules/teiler.md @@ -0,0 +1,19 @@ +# Teiler +This module orchestrates the different microfrontends of the bridgehead as a single page application. + +## Teiler Orchestrator +Single SPA component that consists on the root HTML site of the single page application and a javascript code that +gets the information about the microfrontend calling the teiler backend and is responsible for registering them. With the +resulting mapping, it can initialize, mount and unmount the required microfrontends on the fly. + +The microfrontends run independently in different containers and can be based on different frameworks (Angular, Vue, React,...) +This microfrontends can run as single alone but need an extension with Single-SPA (https://single-spa.js.org/docs/ecosystem). +There are also available three templates (Angular, Vue, React) to be directly extended to be used directly in the teiler. + +## Teiler Dashboard +It consists on the main dashboard and a set of embedded services. +### Login +user and password in ccp.local.conf + +## Teiler Backend +In this component, the microfrontends are configured. diff --git a/kr/root.crt.pem b/kr/root.crt.pem new file mode 100644 index 00000000..1f1265a5 --- /dev/null +++ b/kr/root.crt.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNTCCAh2gAwIBAgIUW34NEb7bl0+Ywx+I1VKtY5vpAOowDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjQwMTIyMTMzNzEzWhcNMzQw +MTE5MTMzNzQzWjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAL5UegLXTlq3XRRj8LyFs3aF0tpRPVoW9RXp5kFI +TnBvyO6qjNbMDT/xK+4iDtEX4QQUvsxAKxfXbe9i1jpdwjgH7JHaSGm2IjAiKLqO +OXQQtguWwfNmmp96Ql13ArLj458YH08xMO/w2NFWGwB/hfARa4z/T0afFuc/tKJf +XbGCG9xzJ9tmcG45QN8NChGhVvaTweNdVxGWlpHxmi0Mn8OM9CEuB7nPtTTiBuiu +pRC2zVVmNjVp4ktkAqL7IHOz+/F5nhiz6tOika9oD3376Xj055lPznLcTQn2+4d7 +K7ZrBopCFxIQPjkgmYRLfPejbpdUjK1UVJw7hbWkqWqH7JMCAwEAAaN7MHkwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGjvRcaIP4HM +poIguUAK9YL2n7fbMB8GA1UdIwQYMBaAFGjvRcaIP4HMpoIguUAK9YL2n7fbMBYG +A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQCbzycJSaDm +AXXNJqQ88djrKs5MDXS8RIjS/cu2ayuLaYDe+BzVmUXNA0Vt9nZGdaz63SLLcjpU +fNSxBfKbwmf7s30AK8Cnfj9q4W/BlBeVizUHQsg1+RQpDIdMrRQrwkXv8mfLw+w5 +3oaXNW6W/8KpBp/H8TBZ6myl6jCbeR3T8EMXBwipMGop/1zkbF01i98Xpqmhx2+l +n+80ofPsSspOo5XmgCZym8CD/m/oFHmjcvOfpOCvDh4PZ+i37pmbSlCYoMpla3u/ +7MJMP5lugfLBYNDN2p+V4KbHP/cApCDT5UWLOeAWjgiZQtHH5ilDeYqEc1oPjyJt +Rtup0MTxSJtN +-----END CERTIFICATE----- \ No newline at end of file diff --git a/kr/vars b/kr/vars new file mode 100644 index 00000000..d4e5a27a --- /dev/null +++ b/kr/vars @@ -0,0 +1,16 @@ +BROKER_ID=test-no-real-data.broker.samply.de +BROKER_URL=https://${BROKER_ID} +PROXY_ID=${SITE_ID}.${BROKER_ID} +FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" +FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64} +SUPPORT_EMAIL=arturo.macias@dkfz-heidelberg.de +PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem +BROKER_URL_FOR_PREREQ=$BROKER_URL + +for module in $PROJECT/modules/*.sh +do + log DEBUG "sourcing $module" + source $module +done + +obds2fhirRestSetup \ No newline at end of file diff --git a/lib/functions.sh b/lib/functions.sh index dc5ec25a..68be4c92 100644 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -54,7 +54,7 @@ checkOwner(){ printUsage() { echo "Usage: bridgehead start|stop|logs|docker-logs|is-running|update|install|uninstall|adduser|enroll PROJECTNAME" - echo "PROJECTNAME should be one of ccp|bbmri|cce|itcc" + echo "PROJECTNAME should be one of ccp|bbmri|cce|itcc|kr|dhki" } checkRequirements() { diff --git a/lib/prepare-system.sh b/lib/prepare-system.sh index ecd29a5b..b6aba52b 100755 --- a/lib/prepare-system.sh +++ b/lib/prepare-system.sh @@ -61,6 +61,12 @@ case "$PROJECT" in dhki) site_configuration_repository_middle="git.verbis.dkfz.de/dhki/" ;; + kr) + site_configuration_repository_middle="git.verbis.dkfz.de/krebsregister-sites/" + ;; + dhki) + site_configuration_repository_middle="git.verbis.dkfz.de/dhki/" + ;; minimal) site_configuration_repository_middle="git.verbis.dkfz.de/minimal-bridgehead-configs/" ;; From 24da24d05ed062e3fdda8e69aa5701b9cfdf9433 Mon Sep 17 00:00:00 2001 From: Martin Lablans <6804500+lablans@users.noreply.github.com> Date: Tue, 1 Oct 2024 10:40:24 +0200 Subject: [PATCH 14/19] Traefik dashboard Deactivate traefik dashboard by default. Add trailing slash to PathPrefix to clarify the URL the dashboard is available at. --- minimal/docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/minimal/docker-compose.yml b/minimal/docker-compose.yml index 6e8818f3..dc763314 100644 --- a/minimal/docker-compose.yml +++ b/minimal/docker-compose.yml @@ -10,13 +10,13 @@ services: - --providers.docker=true - --providers.docker.exposedbydefault=false - --providers.file.directory=/configuration/ - - --api.dashboard=true + - --api.dashboard=false - --accesslog=true - --entrypoints.web.http.redirections.entrypoint.to=websecure - --entrypoints.web.http.redirections.entrypoint.scheme=https labels: - "traefik.enable=true" - - "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)" + - "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard/`)" - "traefik.http.routers.dashboard.entrypoints=websecure" - "traefik.http.routers.dashboard.service=api@internal" - "traefik.http.routers.dashboard.tls=true" From eb2955872f6541def1bcff8c07385ad3ad58fe29 Mon Sep 17 00:00:00 2001 From: Torben Brenner Date: Tue, 1 Oct 2024 13:30:23 +0200 Subject: [PATCH 15/19] fix: allow usage of centraxx interface without login Before this change CentraXX was redirected to the central login servers then interacting with the id-management --- ccp/modules/datashield-compose.yml | 2 +- ccp/modules/id-management-compose.yml | 13 +++++++++++-- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/ccp/modules/datashield-compose.yml b/ccp/modules/datashield-compose.yml index 5e92db33..404cda96 100644 --- a/ccp/modules/datashield-compose.yml +++ b/ccp/modules/datashield-compose.yml @@ -151,7 +151,7 @@ services: --pass-access-token=false labels: - "traefik.enable=true" - - "traefik.http.routers.oauth2_proxy.rule=Host(`${HOST}`) && PathPrefix(`/oauth2`)" + - "traefik.http.routers.oauth2_proxy.rule=PathPrefix(`/oauth2`)" - "traefik.http.services.oauth2_proxy.loadbalancer.server.port=4180" - "traefik.http.routers.oauth2_proxy.tls=true" environment: diff --git a/ccp/modules/id-management-compose.yml b/ccp/modules/id-management-compose.yml index f9156cf7..ce0a58a4 100644 --- a/ccp/modules/id-management-compose.yml +++ b/ccp/modules/id-management-compose.yml @@ -19,10 +19,18 @@ services: - traefik-forward-auth labels: - "traefik.enable=true" + # Router with Authentication - "traefik.http.routers.id-manager.rule=PathPrefix(`/id-manager`)" - - "traefik.http.services.id-manager.loadbalancer.server.port=8080" - "traefik.http.routers.id-manager.tls=true" - "traefik.http.routers.id-manager.middlewares=traefik-forward-auth-idm" + - "traefik.http.routers.id-manager.service=id-manager-service" + # Router without Authentication + - "traefik.http.routers.id-manager-compatibility.rule=PathPrefix(`/id-manager/paths/translator/getIds`)" + - "traefik.http.routers.id-manager-compatibility.tls=true" + - "traefik.http.routers.id-manager-compatibility.service=id-manager-service" + # Definition of Service + - "traefik.http.services.id-manager-service.loadbalancer.server.port=8080" + - "traefik.http.services.id-manager-service.loadbalancer.server.scheme=http" patientlist: image: docker.verbis.dkfz.de/bridgehead/mainzelliste @@ -57,7 +65,7 @@ services: - "/tmp/bridgehead/patientlist/:/docker-entrypoint-initdb.d/" traefik-forward-auth: - image: docker.verbis.dkfz.de/cache/oauth2-proxy/oauth2-proxy:v7.6.0 + image: docker.verbis.dkfz.de/cache/oauth2-proxy/oauth2-proxy:latest environment: - http_proxy=http://forward_proxy:3128 - https_proxy=http://forward_proxy:3128 @@ -67,6 +75,7 @@ services: - OAUTH2_PROXY_CLIENT_ID=bridgehead-${SITE_ID} - OAUTH2_PROXY_CLIENT_SECRET=${IDMANAGER_AUTH_CLIENT_SECRET} - OAUTH2_PROXY_COOKIE_SECRET=${IDMANAGER_AUTH_COOKIE_SECRET} + - OAUTH2_PROXY_COOKIE_NAME=_BRIDGEHEAD_oauth2_idm - OAUTH2_PROXY_COOKIE_DOMAINS=.${HOST} - OAUTH2_PROXY_HTTP_ADDRESS=:4180 - OAUTH2_PROXY_REVERSE_PROXY=true From 599bcfcec4723ae4ec5f56b2d553d27dbf750ea2 Mon Sep 17 00:00:00 2001 From: Pierre Delpy <75260699+PierreDelpy@users.noreply.github.com> Date: Wed, 2 Oct 2024 07:53:20 +0200 Subject: [PATCH 16/19] Feature/send branch to healthchecks (#232) feature: log git branches to healthchecks and code refactoring --- lib/prerequisites.sh | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/lib/prerequisites.sh b/lib/prerequisites.sh index 235826ae..2c1e186e 100755 --- a/lib/prerequisites.sh +++ b/lib/prerequisites.sh @@ -3,14 +3,16 @@ source lib/functions.sh detectCompose +CONFIG_DIR="/etc/bridgehead/" +COMPONENT_DIR="/srv/docker/bridgehead/" if ! id "bridgehead" &>/dev/null; then log ERROR "User bridgehead does not exist. Please run bridgehead install $PROJECT" exit 1 fi -checkOwner /srv/docker/bridgehead bridgehead || exit 1 -checkOwner /etc/bridgehead bridgehead || exit 1 +checkOwner "${CONFIG_DIR}" bridgehead || exit 1 +checkOwner "${COMPONENT_DIR}" bridgehead || exit 1 ## Check if user is a su log INFO "Checking if all prerequisites are met ..." @@ -32,31 +34,31 @@ fi log INFO "Checking configuration ..." ## Download submodule -if [ ! -d "/etc/bridgehead/" ]; then - fail_and_report 1 "Please set up the config folder at /etc/bridgehead. Instruction are in the readme." +if [ ! -d "${CONFIG_DIR}" ]; then + fail_and_report 1 "Please set up the config folder at ${CONFIG_DIR}. Instruction are in the readme." fi # TODO: Check all required variables here in a generic loop #check if project env is present -if [ -d "/etc/bridgehead/${PROJECT}.conf" ]; then - fail_and_report 1 "Project config not found. Please copy the template from ${PROJECT} and put it under /etc/bridgehead-config/${PROJECT}.conf." +if [ -d "${CONFIG_DIR}${PROJECT}.conf" ]; then + fail_and_report 1 "Project config not found. Please copy the template from ${PROJECT} and put it under ${CONFIG_DIR}${PROJECT}.conf." fi # TODO: Make sure you're in the right directory, or, even better, be independent from the working directory. log INFO "Checking ssl cert for accessing bridgehead via https" -if [ ! -d "/etc/bridgehead/traefik-tls" ]; then +if [ ! -d "${CONFIG_DIR}traefik-tls" ]; then log WARN "TLS certs for accessing bridgehead via https missing, we'll now create a self-signed one. Please consider getting an officially signed one (e.g. via Let's Encrypt ...) and put into /etc/bridgehead/traefik-tls" mkdir -p /etc/bridgehead/traefik-tls fi -if [ ! -e "/etc/bridgehead/traefik-tls/fullchain.pem" ]; then +if [ ! -e "${CONFIG_DIR}traefik-tls/fullchain.pem" ]; then openssl req -x509 -newkey rsa:4096 -nodes -keyout /etc/bridgehead/traefik-tls/privkey.pem -out /etc/bridgehead/traefik-tls/fullchain.pem -days 3650 -subj "/CN=$HOST" fi -if [ -e /etc/bridgehead/vault.conf ]; then +if [ -e "${CONFIG_DIR}"vault.conf ]; then if [ "$(stat -c "%a %U" /etc/bridgehead/vault.conf)" != "600 bridgehead" ]; then fail_and_report 1 "/etc/bridgehead/vault.conf has wrong owner/permissions. To correct this issue, run chmod 600 /etc/bridgehead/vault.conf && chown bridgehead /etc/bridgehead/vault.conf." fi @@ -64,7 +66,7 @@ fi log INFO "Checking network access ($BROKER_URL_FOR_PREREQ) ..." -source /etc/bridgehead/${PROJECT}.conf +source "${CONFIG_DIR}${PROJECT}".conf source ${PROJECT}/vars if [ "${PROJECT}" != "minimal" ]; then @@ -92,10 +94,10 @@ if [ "${PROJECT}" != "minimal" ]; then fi fi checkPrivKey() { - if [ -e /etc/bridgehead/pki/${SITE_ID}.priv.pem ]; then + if [ -e "${CONFIG_DIR}pki/${SITE_ID}.priv.pem" ]; then log INFO "Success - private key found." else - log ERROR "Unable to find private key at /etc/bridgehead/pki/${SITE_ID}.priv.pem. To fix, please run\n bridgehead enroll ${PROJECT}\nand follow the instructions." + log ERROR "Unable to find private key at ${CONFIG_DIR}pki/${SITE_ID}.priv.pem. To fix, please run\n bridgehead enroll ${PROJECT}\nand follow the instructions." return 1 fi return 0 @@ -107,6 +109,11 @@ else checkPrivKey || exit 1 fi +for dir in "${CONFIG_DIR}" "${COMPONENT_DIR}"; do + log INFO "Checking branch: $(cd $dir && echo "$dir $(git branch --show-current)")" + hc_send log "Checking branch: $(cd $dir && echo "$dir $(git branch --show-current)")" +done + log INFO "Success - all prerequisites are met!" hc_send log "Success - all prerequisites are met!" From 072ee348fcc9a1172271cb4f1393d85bdfe2685c Mon Sep 17 00:00:00 2001 From: Pierre Delpy <75260699+PierreDelpy@users.noreply.github.com> Date: Wed, 9 Oct 2024 09:24:27 +0200 Subject: [PATCH 17/19] fix: deactivate landingpage for KR project (#234) fix: deactivate landingpage for KR project --- kr/docker-compose.yml | 4 ++++ kr/modules/lens-compose.yml | 2 ++ 2 files changed, 6 insertions(+) diff --git a/kr/docker-compose.yml b/kr/docker-compose.yml index d875a241..47a9db64 100644 --- a/kr/docker-compose.yml +++ b/kr/docker-compose.yml @@ -1,6 +1,10 @@ version: "3.7" services: + landing: + deploy: + replicas: 0 #deactivate landing page + blaze: image: docker.verbis.dkfz.de/cache/samply/blaze:0.28 container_name: bridgehead-kr-blaze diff --git a/kr/modules/lens-compose.yml b/kr/modules/lens-compose.yml index 180dd676..b0b4573d 100644 --- a/kr/modules/lens-compose.yml +++ b/kr/modules/lens-compose.yml @@ -1,6 +1,8 @@ version: "3.7" services: landing: + deploy: + replicas: 1 #reactivate if lens is in use container_name: lens_federated-search image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID} labels: From 3312ca8a646bee1bb07677e145df56531450fe4c Mon Sep 17 00:00:00 2001 From: patrickskowronekdkfz <86347677+patrickskowronekdkfz@users.noreply.github.com> Date: Thu, 10 Oct 2024 14:34:28 +0200 Subject: [PATCH 18/19] feat: added blaze cql cache (#236) --- bbmri/docker-compose.yml | 3 ++- ccp/docker-compose.yml | 3 ++- lib/functions.sh | 2 ++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/bbmri/docker-compose.yml b/bbmri/docker-compose.yml index ac8df45e..000df01a 100644 --- a/bbmri/docker-compose.yml +++ b/bbmri/docker-compose.yml @@ -10,7 +10,8 @@ services: BASE_URL: "http://bridgehead-bbmri-blaze:8080" JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m" DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000} - DB_BLOCK_CACHE_SIZE: $BLAZE_MEMORY_CAP + DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP} + CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32} ENFORCE_REFERENTIAL_INTEGRITY: "false" volumes: - "blaze-data:/app/data" diff --git a/ccp/docker-compose.yml b/ccp/docker-compose.yml index fcabc9bd..fa1dc419 100644 --- a/ccp/docker-compose.yml +++ b/ccp/docker-compose.yml @@ -8,7 +8,8 @@ services: BASE_URL: "http://bridgehead-ccp-blaze:8080" JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m" DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000} - DB_BLOCK_CACHE_SIZE: $BLAZE_MEMORY_CAP + DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP} + CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32} ENFORCE_REFERENTIAL_INTEGRITY: "false" volumes: - "blaze-data:/app/data" diff --git a/lib/functions.sh b/lib/functions.sh index 68be4c92..3fcae384 100644 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -171,8 +171,10 @@ optimizeBlazeMemoryUsage() { if [ $available_system_memory_chunks -eq 0 ]; then log WARN "Only ${BLAZE_MEMORY_CAP} system memory available for Blaze. If your Blaze stores more than 128000 fhir ressources it will run significally slower." export BLAZE_RESOURCE_CACHE_CAP=128000; + export BLAZE_CQL_CACHE_CAP=32; else export BLAZE_RESOURCE_CACHE_CAP=$((available_system_memory_chunks * 312500)) + export BLAZE_CQL_CACHE_CAP=$((($system_memory_in_mb/4)/16)); fi fi } From 7aaee5e7d53d5eb1e148d43776200ef760c79308 Mon Sep 17 00:00:00 2001 From: Pierre Delpy <75260699+PierreDelpy@users.noreply.github.com> Date: Tue, 15 Oct 2024 13:03:42 +0200 Subject: [PATCH 19/19] feat: add auto archiving action (#238) * feat: add auto archiving action --------- Co-authored-by: p.delpy@dkfz-heidelberg.de Co-authored-by: Martin Lablans <6804500+lablans@users.noreply.github.com> --- .github/scripts/rename_inactive_branches.py | 39 +++++++++++++++++++ .../workflows/rename-inactive-branches.yml | 27 +++++++++++++ 2 files changed, 66 insertions(+) create mode 100644 .github/scripts/rename_inactive_branches.py create mode 100644 .github/workflows/rename-inactive-branches.yml diff --git a/.github/scripts/rename_inactive_branches.py b/.github/scripts/rename_inactive_branches.py new file mode 100644 index 00000000..b9bd3597 --- /dev/null +++ b/.github/scripts/rename_inactive_branches.py @@ -0,0 +1,39 @@ +import os +import requests +from datetime import datetime, timedelta + +# Configuration +GITHUB_TOKEN = os.getenv('GITHUB_TOKEN') +REPO = 'samply/bridgehead' +HEADERS = {'Authorization': f'token {GITHUB_TOKEN}', 'Accept': 'application/vnd.github.v3+json'} +API_URL = f'https://api.github.com/repos/{REPO}/branches' +INACTIVE_DAYS = 365 +CUTOFF_DATE = datetime.now() - timedelta(days=INACTIVE_DAYS) + +# Fetch all branches +def get_branches(): + response = requests.get(API_URL, headers=HEADERS) + response.raise_for_status() + return response.json() if response.status_code == 200 else [] + +# Rename inactive branches +def rename_branch(old_name, new_name): + rename_url = f'https://api.github.com/repos/{REPO}/branches/{old_name}/rename' + response = requests.post(rename_url, json={'new_name': new_name}, headers=HEADERS) + response.raise_for_status() + print(f"Renamed branch {old_name} to {new_name}" if response.status_code == 201 else f"Failed to rename {old_name}: {response.status_code}") + +# Check if the branch is inactive +def is_inactive(commit_url): + last_commit_date = requests.get(commit_url, headers=HEADERS).json()['commit']['committer']['date'] + return datetime.strptime(last_commit_date, '%Y-%m-%dT%H:%M:%SZ') < CUTOFF_DATE + +# Rename inactive branches +def main(): + for branch in get_branches(): + if is_inactive(branch['commit']['url']): + #rename_branch(branch['name'], f"archived/{branch['name']}") + print(f"[LOG] Branch '{branch['name']}' is inactive and would be renamed to 'archived/{branch['name']}'") + +if __name__ == "__main__": + main() \ No newline at end of file diff --git a/.github/workflows/rename-inactive-branches.yml b/.github/workflows/rename-inactive-branches.yml new file mode 100644 index 00000000..9bcca79e --- /dev/null +++ b/.github/workflows/rename-inactive-branches.yml @@ -0,0 +1,27 @@ +name: Cleanup - Rename Inactive Branches + +on: + schedule: + - cron: '0 0 * * 0' # Runs every Sunday at midnight + +jobs: + archive-stale-branches: + runs-on: ubuntu-latest + + steps: + - name: Checkout Repository + uses: actions/checkout@v2 + + - name: Set up Python + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install Libraries + run: pip install requests + + - name: Run Script to Rename Inactive Branches + run: | + python .github/scripts/rename_inactive_branches.py + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file