Skip to content

Commit

Permalink
Fixes to secrets in webapi and solr
Browse files Browse the repository at this point in the history
  • Loading branch information
@alondhe
alondhe committed Sep 8, 2023
1 parent 45dd3c4 commit 3fd318b
Show file tree
Hide file tree
Showing 15 changed files with 53 additions and 32 deletions.
11 changes: 5 additions & 6 deletions .github/workflows/default.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,14 @@ name: Broadsea Default Profile (Linux and Mac)
on: push
jobs:
default:
#env:
# ENV_FILE: ./.env
# LOCALHOST_URL: http://127.0.0.1
env:
ENV_FILE: ./.env
LOCALHOST_URL: http://127.0.0.1
strategy:
matrix:
os:
- ubuntu-22.04
# - macos-12
- macos-12
runs-on: ${{ matrix.os }}
steps:
- name: Setup Docker on macOS
Expand All @@ -27,10 +27,9 @@ jobs:
run: |
sudo apt-get update
sudo apt-get install --yes --no-install-recommends postgresql-client
PGPASSWORD=$(<./secrets/webapi/WEBAPI_DATASOURCE_PASSWORD) psql -h 127.0.0.1 -p 5432 -U postgres -c "select * from webapi.source limit 1"
PGPASSWORD=$(cat ./secrets/webapi/WEBAPI_DATASOURCE_PASSWORD) psql -h 127.0.0.1 -p 5432 -U postgres -c "select * from webapi.source limit 1"
- name: Build webapi profile, sleep 3 mins
run: |
cd $GITHUB_WORKSPACE
docker-compose --env-file .env --profile webapi-from-image up -d
sleep 180
docker logs ohdsi-webapi
14 changes: 2 additions & 12 deletions compose/ohdsi-webapi.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@ services:
volumes:
- ../cacerts:/usr/local/openjdk-8/lib/security/cacerts:ro # add a cacerts file if using LDAPS
- ${WEBAPI_ADDITIONAL_JDBC_FILE_PATH}:/var/lib/ohdsi/webapi/lib/additional/broadsea_mounted.jar
- ../webapi/docker-entrypoint.sh:/entrypoint.sh
entrypoint: ["/bin/sh","/entrypoint.sh"]
secrets:
- WEBAPI_DATASOURCE_PASSWORD
- SECURITY_LDAP_SYSTEM_PASSWORD
Expand All @@ -25,18 +27,6 @@ services:
- SECURITY_SAML_KEYMANAGER_STOREPASSWORD
- SECURITY_SAML_KEYMANAGER_PASSWORDS_ARACHNENETWORK
environment:
JAVA_OPTS:
-DWEBAPI_DATASOURCE_PASSWORD="$$(</run/secrets/WEBAPI_DATASOURCE_PASSWORD)"
-DFLYWAY_DATASOURCE_PASSWORD="$$(</run/secrets/WEBAPI_DATASOURCE_PASSWORD)"
-DSECURITY_LDAP_SYSTEM_PASSWORD="$$(</run/secrets/SECURITY_LDAP_SYSTEM_PASSWORD)"
-DSECURITY_DB_DATASOURCE_PASSWORD="$$(</run/secrets/SECURITY_DB_DATASOURCE_PASSWORD)"
-DSECURITY_AD_SYSTEM_PASSWORD="$$(</run/secrets/SECURITY_AD_SYSTEM_PASSWORD)"
-DSECURITY_OAUTH_GOOGLE_APISECRET="$$(</run/secrets/SECURITY_OAUTH_GOOGLE_APISECRET)"
-DSECURITY_OAUTH_FACEBOOK_APISECRET="$$(</run/secrets/SECURITY_OAUTH_FACEBOOK_APISECRET)"
-DSECURITY_OAUTH_GITHUB_APISECRET="$$(</run/secrets/SECURITY_OAUTH_GITHUB_APISECRET)"
-DSECURITY_SAML_KEYMANAGER_STOREPASSWORD="$$(</run/secrets/SECURITY_SAML_KEYMANAGER_STOREPASSWORD)"
-DSECURITY_SAML_KEYMANAGER_PASSWORDS_ARACHNENETWORK="$$(</run/secrets/SECURITY_SAML_KEYMANAGER_PASSWORDS_ARACHNENETWORK)"

CLASSPATH: ":/var/lib/ohdsi/webapi/lib/additional/broadsea_mounted.jar"
DATASOURCE_DRIVERCLASSNAME: org.postgresql.Driver
DATASOURCE_URL: ${WEBAPI_DATASOURCE_URL}
Expand Down
12 changes: 6 additions & 6 deletions docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,15 +138,15 @@ services:
secrets:
- SOLR_VOCAB_JDBC_PASSWORD
environment:
SOLR_OPTS:
-DVOCAB_VERSION=${SOLR_VOCAB_VERSION}
-DVOCAB_JDBC_DRIVER_PATH=${SOLR_VOCAB_JDBC_DRIVER_PATH}
-DVOCAB_JDBC_URL=${SOLR_VOCAB_JDBC_URL}
-DVOCAB_JDBC_USER=${SOLR_VOCAB_JDBC_USER}
-DVOCAB_JDBC_PASSWORD="$$(</run/secrets/SOLR_VOCAB_JDBC_PASSWORD)"
SOLR_VOCAB_VERSION: ${SOLR_VOCAB_VERSION}
SOLR_VOCAB_JDBC_DRIVER_PATH: ${SOLR_VOCAB_JDBC_DRIVER_PATH}
SOLR_VOCAB_JDBC_URL: ${SOLR_VOCAB_JDBC_URL}
SOLR_VOCAB_JDBC_USER: ${SOLR_VOCAB_JDBC_USER}
volumes:
- ${SOLR_VOCAB_JDBC_FILE_PATH}:/opt/solr-8.11.1/server/lib/solr_jdbc_driver.jar:ro
- ./solr:/tmp/solr_config:ro
- ./solr/docker-entrypoint.sh:/entrypoint.sh
entrypoint: ["/bin/sh", "/entrypoint.sh"]
labels:
- "traefik.enable=true"
command:
Expand Down
2 changes: 1 addition & 1 deletion secrets/hades/HADES_PASSWORD
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
mypass
mypass
2 changes: 1 addition & 1 deletion secrets/omop_vocab/VOCAB_PG_PASSWORD
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
mypass
mypass
2 changes: 1 addition & 1 deletion secrets/openldap/OPENLDAP_ACCOUNT_PASSWORDS
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
broadsea
broadsea
2 changes: 1 addition & 1 deletion secrets/openldap/OPENLDAP_ADMIN_PASSWORD
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
ldapadmin
ldapadmin
2 changes: 1 addition & 1 deletion secrets/phoebe/PHOEBE_PG_PASSWORD
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
mypass
mypass
2 changes: 1 addition & 1 deletion secrets/postprocessing/CDM_CONNECTIONDETAILS_PASSWORD
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
mypass
mypass
1 change: 1 addition & 0 deletions secrets/solr_vocab/SOLR_VOCAB_JDBC_PASSWORD
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
mypass
1 change: 1 addition & 0 deletions secrets/webapi/SECURITY_DB_DATASOURCE_PASSWORD
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
mypass
2 changes: 1 addition & 1 deletion secrets/webapi/SECURITY_LDAP_SYSTEM_PASSWORD
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
ldapadmin
ldapadmin
2 changes: 1 addition & 1 deletion secrets/webapi/WEBAPI_DATASOURCE_PASSWORD
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
mypass
mypass
11 changes: 11 additions & 0 deletions solr/docker-entrypoint.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
#!/bin/sh
set -e


export SOLR_OPTS="-DVOCAB_VERSION=${SOLR_VOCAB_VERSION} \
-DVOCAB_JDBC_DRIVER_PATH=${SOLR_VOCAB_JDBC_DRIVER_PATH} \
-DVOCAB_JDBC_URL=${SOLR_VOCAB_JDBC_URL} \
-DVOCAB_JDBC_USER=${SOLR_VOCAB_JDBC_USER} \
-DVOCAB_JDBC_PASSWORD=$(cat /run/secrets/SOLR_VOCAB_JDBC_PASSWORD)"

solr-precreate ${SOLR_VOCAB_VERSION} /tmp/solr_config
19 changes: 19 additions & 0 deletions webapi/docker-entrypoint.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
#!/bin/sh
set -e

export DATASOURCE_PASSWORD="$(cat /run/secrets/WEBAPI_DATASOURCE_PASSWORD)"
export FLYWAY_DATASOURCE_PASSWORD="$(cat /run/secrets/WEBAPI_DATASOURCE_PASSWORD)"
export SECURITY_LDAP_SYSTEM_PASSWORD="$(cat /run/secrets/SECURITY_LDAP_SYSTEM_PASSWORD)"
export SECURITY_DB_DATASOURCE_PASSWORD="$(cat /run/secrets/SECURITY_DB_DATASOURCE_PASSWORD)"
export SECURITY_AD_SYSTEM_PASSWORD="$(cat /run/secrets/SECURITY_AD_SYSTEM_PASSWORD)"
export SECURITY_OAUTH_GOOGLE_APISECRET="$(cat /run/secrets/SECURITY_OAUTH_GOOGLE_APISECRET)"
export SECURITY_OAUTH_FACEBOOK_APISECRET="$(cat /run/secrets/SECURITY_OAUTH_FACEBOOK_APISECRET)"
export SECURITY_OAUTH_GITHUB_APISECRET="$(cat /run/secrets/SECURITY_OAUTH_GITHUB_APISECRET)"
export SECURITY_SAML_KEYMANAGER_STOREPASSWORD="$(cat /run/secrets/SECURITY_SAML_KEYMANAGER_STOREPASSWORD)"
export SECURITY_SAML_KEYMANAGER_PASSWORDS_ARACHNENETWORK="$(cat /run/secrets/SECURITY_SAML_KEYMANAGER_PASSWORDS_ARACHNENETWORK)"

cd /var/lib/ohdsi/webapi
exec java ${DEFAULT_JAVA_OPTS} ${JAVA_OPTS} \
-cp ".:WebAPI.jar:WEB-INF/lib/*.jar${CLASSPATH}" \
org.springframework.boot.loader.WarLauncher

0 comments on commit 3fd318b

Please sign in to comment.