From e24be0d32592623ae2fc0e3d7f3618437036d72a Mon Sep 17 00:00:00 2001 From: Jakub Lidke Date: Wed, 30 Aug 2023 11:50:24 +0200 Subject: [PATCH] chore: cleanup deployment docker-compose.yaml and env-sample.env. added 'DNPM' prefix for better integration into productive environment. --- README.md | 4 +-- deploy/docker-compose.yaml | 72 ++++++++++++++++++++++---------------- deploy/env-sample.env | 56 ++++++++++++----------------- 3 files changed, 66 insertions(+), 66 deletions(-) diff --git a/README.md b/README.md index 8290dd1..908b1de 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,7 @@ als Patienten-Pseudonym verwendet. Wurde die Verwendung von gPAS konfiguriert, so sind weitere Angaben zu konfigurieren. * `APP_PSEUDONYMIZE_GPAS_URI`: URI der gPAS-Instanz inklusive Endpoint ( - z.B. `http://localhost:8080/ttp-fhir/fhir/gpas/$pseudonymizeAllowCreate`) + z.B. `http://localhost:8080/ttp-fhir/fhir/gpas/$$pseudonymizeAllowCreate`) * `APP_PSEUDONYMIZE_GPAS_TARGET`: gPas Domänenname * `APP_PSEUDONYMIZE_GPAS_USERNAME`: gPas Basic-Auth Benutzername * `APP_PSEUDONYMIZE_GPAS_PASSWORD`: gPas Basic-Auth Passwort @@ -124,7 +124,7 @@ Diese Anwendung ist auch als Docker-Image verfügbar: https://github.com/CCC-MF/ ### Images lokal bauen ```bash -docker build . -t "imageName" +./gradlew bootBuildImage ``` ## Deployment diff --git a/deploy/docker-compose.yaml b/deploy/docker-compose.yaml index 5e9d8ef..d575d09 100644 --- a/deploy/docker-compose.yaml +++ b/deploy/docker-compose.yaml @@ -4,42 +4,52 @@ services: dnpm-etl-processor: image: ghcr.io/ccc-mf/etl-processor:latest environment: - SPRING_KAFKA_SECURITY_PROTOCOL: ${SPRING_KAFKA_SECURITY_PROTOCOL} - SPRING_KAFKA_SSL_TRUST-STORE-TYPE: ${SPRING_KAFKA_SSL_TRUST_STORE_TYPE} - SPRING_KAFKA_SSL_TRUST-STORE-LOCATION: ${SPRING_KAFKA_SSL_TRUST_STORE_LOCATION} - SPRING_KAFKA_SSL_TRUST-STORE-PASSWORD: ${SPRING_KAFKA_SSL_TRUST_STORE_PASSWORD} - SPRING_KAFKA_SSL_KEY-STORE-TYPE: ${SPRING_KAFKA_SSL_KEY_STORE_TYPE} - SPRING_KAFKA_SSL_KEY-STORE-LOCATION: ${KAFKA_KEY_STORE_LOCATION} + LOGGING_LEVEL_DEV: ${DNPM_LOG_LEVEL:-INFO} + SPRING_KAFKA_SECURITY_PROTOCOL: ${DNPM_KAFKA_SECURITY_PROTOCOL:-SSL} + SPRING_KAFKA_SSL_TRUST-STORE-TYPE: PKCS12 + SPRING_KAFKA_SSL_TRUST-STORE-LOCATION: /opt/dnpm-processor/ssl/truststore.jks + SPRING_KAFKA_SSL_TRUST-STORE-PASSWORD: ${KAFKA_TRUST_STORE_PASSWORD} + SPRING_KAFKA_SSL_KEY-STORE-TYPE: PKCS12 + SPRING_KAFKA_SSL_KEY-STORE-LOCATION: /opt/dnpm-processor/ssl/keystore.jks SPRING_KAFKA_SSL_KEY-STORE-PASSWORD: ${DNPM_PROCESSOR_KEY_STORE_PASSWORD} - SPRING_KAFKA_PRODUCER_COMPRESSION-TYPE: ${SPRING_KAFKA_PRODUCER_COMPRESSION_TYPE} - APP_KAFKA_TOPIC: ${APP_KAFKA_TOPIC} - APP_KAFKA_SERVERS: ${APP_KAFKA_SERVERS} - APP_KAFKA_GROUP_ID: ${APP_KAFKA_GROUP_ID} - APP_KAFKA_RESPONSE_TOPIC: ${APP_KAFKA_RESPONSE_TOPIC} - APP_REST_URI: ${APP_REST_URI} - SPRING_DATASOURCE_URL: ${SPRING_DATASOURCE_URL} - SPRING_DATASOURCE_PASSWORD: ${SPRING_DATASOURCE_PASSWORD} - SPRING_DATASOURCE_USERNAME: ${SPRING_DATASOURCE_USERNAME} - APP_PSEUDONYMIZE_GPAS_SSLCALOCATION: ${APP_PSEUDONYMIZE_GPAS_SSLCALOCATION} - APP_PSEUDONYMIZE_GPAS_PASSWORD: ${APP_PSEUDONYMIZE_GPAS_PASSWORD} - APP_PSEUDONYMIZE_GPAS_USERNAME: ${APP_PSEUDONYMIZE_GPAS_USERNAME} - APP_PSEUDONYMIZE_GPAS_TARGET: ${APP_PSEUDONYMIZE_GPAS_TARGET} - APP_PSEUDONYMIZE_GPAS_URI: ${APP_PSEUDONYMIZE_GPAS_URI} - APP_PSEUDONYMIZE_PREFIX: ${APP_PSEUDONYMIZE_PREFIX} - APP_PSEUDONYMIZE_GENERATOR: ${APP_PSEUDONYMIZE_GENERATOR} + SPRING_KAFKA_PRODUCER_COMPRESSION-TYPE: gzip + APP_KAFKA_TOPIC: ${DNPM_KAFKA_TOPIC} + APP_KAFKA_SERVERS: ${KAFKA_BROKERS} + APP_KAFKA_GROUP_ID: ${DNPM_KAFKA_GROUP_ID} + APP_KAFKA_RESPONSE_TOPIC: ${DNPM_KAFKA_RESPONSE_TOPIC} + APP_REST_URI: ${DNPM_BWHC_REST_URI} + SPRING_DATASOURCE_URL: ${DNPM_DATASOURCE_URL} + SPRING_DATASOURCE_PASSWORD: ${DNPM_MARIADB_USER_PW} + SPRING_DATASOURCE_USERNAME: ${DNPM_MARIADB_DB} + APP_PSEUDONYMIZE_GPAS_SSLCALOCATION: /workspace/opt/dnpm-processor/ssl/mosaic.crt + APP_PSEUDONYMIZE_GPAS_PASSWORD: ${DNPM_PSEUDONYMIZE_GPAS_PASSWORD} + APP_PSEUDONYMIZE_GPAS_USERNAME: ${DNPM_PSEUDONYMIZE_GPAS_USERNAME} + APP_PSEUDONYMIZE_GPAS_TARGET: ${DNPM_PSEUDONYMIZE_GPAS_TARGET} + APP_PSEUDONYMIZE_GPAS_URI: ${DNPM_PSEUDONYMIZE_GPAS_URI} + APP_PSEUDONYMIZE_PREFIX: ${DNPM_APP_PSEUDONYMIZE_PREFIX} + APP_PSEUDONYMIZER: ${DNPM_PSEUDONYMIZE_GENERATOR} + volumes: + - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro + #- ${DNPM_TO_SSL_KEYSTORE_LOCATION}:/workspace/opt/dnpm-processor/ssl/keystore.jks:ro + #- ${KAFKA_TRUST_STORE_LOCATION}:/workspace/opt/dnpm-processor/ssl/truststore.jks:ro + #- ${DNPM_PSEUDONYMIZE_GPAS_SSLCALOCATION}:/workspace/opt/dnpm-processor/ssl/mosaic.crt depends_on: - - db + - dnpm-monitor-db ports: - - "${MONITORING_HTTP_PORT:-8080}:8080" + - "${DNPM_MONITORING_HTTP_PORT:-8080}:8080" - db: + # todo add volume + dnpm-monitor-db: image: mariadb:10 environment: - MARIADB_DATABASE: ${MARIADB_DB} - MARIADB_USER: ${MARIADB_USER} - MARIADB_PASSWORD: ${MARIADB_USER_PW} - MARIADB_ROOT_PASSWORD: ${MARIADB_ROOT_PW} - ports: - - "3306:3306" + MARIADB_DATABASE: ${DNPM_MARIADB_DB} + MARIADB_USER: ${DNPM_MARIADB_USER} + MARIADB_PASSWORD: ${DNPM_MARIADB_USER_PW} + MARIADB_ROOT_PASSWORD: ${DNPM_MARIADB_ROOT_PW} + expose: + - "3306" + + diff --git a/deploy/env-sample.env b/deploy/env-sample.env index 7399f7b..998400a 100644 --- a/deploy/env-sample.env +++ b/deploy/env-sample.env @@ -1,50 +1,40 @@ # monitoring access port -MONITORING_HTTP_PORT=8088 +DNPM_MONITORING_HTTP_PORT=8088 +DNPM_LOG_LEVEL=INFO # GPAS or BUILDIN -APP_PSEUDONYMIZE_GENERATOR=BUILDIN -APP_PSEUDONYMIZE_PREFIX= -APP_PSEUDONYMIZE_GPAS_URI= -APP_PSEUDONYMIZE_GPAS_TARGET= -APP_PSEUDONYMIZE_GPAS_USERNAME= -APP_PSEUDONYMIZE_GPAS_PASSWORD= +DNPM_PSEUDONYMIZE_GENERATOR=BUILDIN +DNPM_APP_PSEUDONYMIZE_PREFIX=ANONYM +DNPM_PSEUDONYMIZE_GPAS_URI= +DNPM_PSEUDONYMIZE_GPAS_TARGET= +DNPM_PSEUDONYMIZE_GPAS_USERNAME= +DNPM_PSEUDONYMIZE_GPAS_PASSWORD= # path to ca root cert if needed -APP_PSEUDONYMIZE_GPAS_SSLCALOCATION= +DNPM_PSEUDONYMIZE_GPAS_SSLCALOCATION= -MARIADB_DB=dnpm_monitoring -MARIADB_USER=$MARIADB_DB -MARIADB_USER_PW=MySuperSecurePassword111 -MARIADB_ROOT_PW=MySuperDuperSecurePassword111 +DNPM_MARIADB_DB=dnpm_monitoring +DNPM_MARIADB_USER=$DNPM_MARIADB_DB +DNPM_MARIADB_USER_PW=MySuperSecurePassword111 +DNPM_MARIADB_ROOT_PW=MySuperDuperSecurePassword111 # monitoring data db -SPRING_DATASOURCE_URL=jdbc:mariadb://db:3306/$MARIADB_DB -SPRING_DATASOURCE_PASSWORD=$MARIADB_USER_PW -SPRING_DATASOURCE_USERNAME=dnpm_monitoring +DNPM_DATASOURCE_URL=jdbc:mariadb://dnpm-monitor-db:3306/$DNPM_MARIADB_DB ## TARGET SYSTEMS CONFIG -# DIRECT BWHC # in case of direct access to bwhc enter endpoint url here -APP_REST_URI= +DNPM_BWHC_REST_URI= -## Apache KAFKA if APP_KAFKA_SERVERS and APP_KAFKA_TOPIC have value 'false' kafka support is disabled -# list of broker instances -APP_KAFKA_SERVERS=false - -# produce mtb files to this topic -APP_KAFKA_TOPIC=false +# produce mtb files to this topic - values 'false' disabling kafka processing +DNPM_KAFKA_TOPIC=false +KAFKA_BROKERS=false +DNPM_KAFKA_SECURITY_PROTOCOL=PLAINTEXT # here we receive responses from bwhc -APP_KAFKA_RESPONSE_TOPIC=dnpm-response -APP_KAFKA_GROUP_ID=dnpm +DNPM_KAFKA_RESPONSE_TOPIC=dnpm-response +DNPM_KAFKA_GROUP_ID=dnpm # SSL or PLAINTEXT -SPRING_KAFKA_SECURITY_PROTOCOL=PLAINTEXT -SPRING_KAFKA_SSL_TRUST_STORE_TYPE=PKCS12 -SPRING_KAFKA_SSL_TRUST_STORE_LOCATION=file://opt/kafka-certs/ca.p12 -SPRING_KAFKA_SSL_TRUST_STORE_PASSWORD= -SPRING_KAFKA_SSL_KEY_STORE_TYPE=PKCS12 -SPRING_KAFKA_SSL_KEY_STORE_LOCATION=file://opt/kafka-certs/user.p12 DNPM_PROCESSOR_KEY_STORE_PASSWORD= -SPRING_KAFKA_PRODUCER_COMPRESSION_TYPE=gzip -KAFKA_KEY_STORE_LOCATION=file://opt/kafka-certs/user.p12 +DNPM_TO_SSL_KEYSTORE_LOCATION= +