From 03211d86709b01f7194ed708d003414a45c3abd5 Mon Sep 17 00:00:00 2001 From: Filiz Kluba Date: Wed, 20 May 2026 11:22:08 +0200 Subject: [PATCH 1/4] chore: move dev-setups in dev-setups/ --- .../dsf-docker-dev-setup-3dic-ttp}/README.md | 0 .../db/init-db.sh | 0 .../dic1/bpe/log/README.md | 0 .../dic1/bpe/process/README.md | 0 .../dic1/fhir/log/README.md | 0 .../dic1/ui/logo.svg | 0 .../dic1/ui/logo_dark.svg | 0 .../dic2/bpe/log/README.md | 0 .../dic2/bpe/process/README.md | 0 .../dic2/fhir/log/README.md | 0 .../dic2/ui/logo.svg | 0 .../dic2/ui/logo_dark.svg | 0 .../dic3/bpe/log/README.md | 0 .../dic3/bpe/process/README.md | 0 .../dic3/fhir/log/README.md | 0 .../dic3/ui/logo.svg | 0 .../dic3/ui/logo_dark.svg | 0 .../docker-build.bat | 4 +- .../docker-build.sh | 4 +- .../docker-compose.yml | 65 +++++++++---------- .../forward-proxy/Dockerfile | 0 .../forward-proxy/tinyproxy.conf | 0 .../keycloak/dic1.json | 0 .../keycloak/dic2.json | 0 .../keycloak/dic3.json | 0 .../keycloak/ttp.json | 0 .../proxy/conf.d/dic1.conf | 0 .../proxy/conf.d/dic2.conf | 0 .../proxy/conf.d/dic3.conf | 0 .../proxy/conf.d/ttp.conf | 0 .../proxy/nginx.conf | 0 .../secrets/db_dic1_bpe_user.password | 0 .../secrets/db_dic1_bpe_user_engine.password | 0 .../secrets/db_dic1_fhir_user.password | 0 ...b_dic1_fhir_user_permanent_delete.password | 0 .../secrets/db_dic2_bpe_user.password | 0 .../secrets/db_dic2_bpe_user_engine.password | 0 .../secrets/db_dic2_fhir_user.password | 0 ...b_dic2_fhir_user_permanent_delete.password | 0 .../secrets/db_dic3_bpe_user.password | 0 .../secrets/db_dic3_bpe_user_engine.password | 0 .../secrets/db_dic3_fhir_user.password | 0 ...b_dic3_fhir_user_permanent_delete.password | 0 .../secrets/db_liquibase.password | 0 .../secrets/db_ttp_bpe_user.password | 0 .../secrets/db_ttp_bpe_user_engine.password | 0 .../secrets/db_ttp_fhir_user.password | 0 ...db_ttp_fhir_user_permanent_delete.password | 0 .../secrets/oidc_client_dic1_bpe.secret | 0 .../secrets/oidc_client_dic1_fhir.secret | 0 .../secrets/oidc_client_dic2_bpe.secret | 0 .../secrets/oidc_client_dic2_fhir.secret | 0 .../secrets/oidc_client_dic3_bpe.secret | 0 .../secrets/oidc_client_dic3_fhir.secret | 0 .../secrets/oidc_client_ttp_bpe.secret | 0 .../secrets/oidc_client_ttp_fhir.secret | 0 .../ttp/bpe/log/README.md | 0 .../ttp/bpe/process/README.md | 0 .../ttp/fhir/conf/bundle.xml | 0 .../ttp/fhir/log/README.md | 0 .../ttp/ui/logo.svg | 0 .../ttp/ui/logo_dark.svg | 0 .../ui/bpe_mod.css | 0 .../ui/fhir_mod.css | 0 .../bpe/docker-compose.yml | 0 .../dsf-docker-dev-setup}/bpe/log/README.md | 0 .../bpe/process/README.md | 0 .../bpe/secrets/db_liquibase.password | 0 .../bpe/secrets/db_user.password | 0 .../bpe/secrets/db_user_engine.password | 0 .../dsf-docker-dev-setup}/docker-build.bat | 8 +-- .../dsf-docker-dev-setup}/docker-build.sh | 8 +-- .../fhir/conf/bundle.xml | 0 .../fhir/docker-compose.yml | 0 .../dsf-docker-dev-setup}/fhir/log/README.md | 0 .../fhir/secrets/db_liquibase.password | 0 .../fhir/secrets/db_user.password | 0 .../secrets/db_user_permanent_delete.password | 0 78 files changed, 41 insertions(+), 48 deletions(-) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/README.md (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/db/init-db.sh (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/dic1/bpe/log/README.md (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/dic1/bpe/process/README.md (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/dic1/fhir/log/README.md (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/dic1/ui/logo.svg (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/dic1/ui/logo_dark.svg (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/dic2/bpe/log/README.md (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/dic2/bpe/process/README.md (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/dic2/fhir/log/README.md (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/dic2/ui/logo.svg (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/dic2/ui/logo_dark.svg (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/dic3/bpe/log/README.md (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/dic3/bpe/process/README.md (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/dic3/fhir/log/README.md (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/dic3/ui/logo.svg (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/dic3/ui/logo_dark.svg (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/docker-build.bat (80%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/docker-build.sh (79%) mode change 100755 => 100644 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/docker-compose.yml (96%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/forward-proxy/Dockerfile (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/forward-proxy/tinyproxy.conf (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/keycloak/dic1.json (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/keycloak/dic2.json (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/keycloak/dic3.json (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/keycloak/ttp.json (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/proxy/conf.d/dic1.conf (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/proxy/conf.d/dic2.conf (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/proxy/conf.d/dic3.conf (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/proxy/conf.d/ttp.conf (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/proxy/nginx.conf (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic1_bpe_user.password (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic1_bpe_user_engine.password (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic1_fhir_user.password (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic1_fhir_user_permanent_delete.password (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic2_bpe_user.password (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic2_bpe_user_engine.password (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic2_fhir_user.password (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic2_fhir_user_permanent_delete.password (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic3_bpe_user.password (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic3_bpe_user_engine.password (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic3_fhir_user.password (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic3_fhir_user_permanent_delete.password (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/db_liquibase.password (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/db_ttp_bpe_user.password (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/db_ttp_bpe_user_engine.password (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/db_ttp_fhir_user.password (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/db_ttp_fhir_user_permanent_delete.password (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/oidc_client_dic1_bpe.secret (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/oidc_client_dic1_fhir.secret (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/oidc_client_dic2_bpe.secret (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/oidc_client_dic2_fhir.secret (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/oidc_client_dic3_bpe.secret (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/oidc_client_dic3_fhir.secret (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/oidc_client_ttp_bpe.secret (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/oidc_client_ttp_fhir.secret (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/ttp/bpe/log/README.md (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/ttp/bpe/process/README.md (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/ttp/fhir/conf/bundle.xml (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/ttp/fhir/log/README.md (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/ttp/ui/logo.svg (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/ttp/ui/logo_dark.svg (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/ui/bpe_mod.css (100%) rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/ui/fhir_mod.css (100%) rename {dsf-docker-dev-setup => dsf-dev-setups/dsf-docker-dev-setup}/bpe/docker-compose.yml (100%) rename {dsf-docker-dev-setup => dsf-dev-setups/dsf-docker-dev-setup}/bpe/log/README.md (100%) rename {dsf-docker-dev-setup => dsf-dev-setups/dsf-docker-dev-setup}/bpe/process/README.md (100%) rename {dsf-docker-dev-setup => dsf-dev-setups/dsf-docker-dev-setup}/bpe/secrets/db_liquibase.password (100%) rename {dsf-docker-dev-setup => dsf-dev-setups/dsf-docker-dev-setup}/bpe/secrets/db_user.password (100%) rename {dsf-docker-dev-setup => dsf-dev-setups/dsf-docker-dev-setup}/bpe/secrets/db_user_engine.password (100%) rename {dsf-docker-dev-setup => dsf-dev-setups/dsf-docker-dev-setup}/docker-build.bat (70%) rename {dsf-docker-dev-setup => dsf-dev-setups/dsf-docker-dev-setup}/docker-build.sh (69%) mode change 100755 => 100644 rename {dsf-docker-dev-setup => dsf-dev-setups/dsf-docker-dev-setup}/fhir/conf/bundle.xml (100%) rename {dsf-docker-dev-setup => dsf-dev-setups/dsf-docker-dev-setup}/fhir/docker-compose.yml (100%) rename {dsf-docker-dev-setup => dsf-dev-setups/dsf-docker-dev-setup}/fhir/log/README.md (100%) rename {dsf-docker-dev-setup => dsf-dev-setups/dsf-docker-dev-setup}/fhir/secrets/db_liquibase.password (100%) rename {dsf-docker-dev-setup => dsf-dev-setups/dsf-docker-dev-setup}/fhir/secrets/db_user.password (100%) rename {dsf-docker-dev-setup => dsf-dev-setups/dsf-docker-dev-setup}/fhir/secrets/db_user_permanent_delete.password (100%) diff --git a/dsf-docker-dev-setup-3dic-ttp/README.md b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/README.md similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/README.md rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/README.md diff --git a/dsf-docker-dev-setup-3dic-ttp/db/init-db.sh b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/db/init-db.sh similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/db/init-db.sh rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/db/init-db.sh diff --git a/dsf-docker-dev-setup-3dic-ttp/dic1/bpe/log/README.md b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic1/bpe/log/README.md similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/dic1/bpe/log/README.md rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic1/bpe/log/README.md diff --git a/dsf-docker-dev-setup-3dic-ttp/dic1/bpe/process/README.md b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic1/bpe/process/README.md similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/dic1/bpe/process/README.md rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic1/bpe/process/README.md diff --git a/dsf-docker-dev-setup-3dic-ttp/dic1/fhir/log/README.md b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic1/fhir/log/README.md similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/dic1/fhir/log/README.md rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic1/fhir/log/README.md diff --git a/dsf-docker-dev-setup-3dic-ttp/dic1/ui/logo.svg b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic1/ui/logo.svg similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/dic1/ui/logo.svg rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic1/ui/logo.svg diff --git a/dsf-docker-dev-setup-3dic-ttp/dic1/ui/logo_dark.svg b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic1/ui/logo_dark.svg similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/dic1/ui/logo_dark.svg rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic1/ui/logo_dark.svg diff --git a/dsf-docker-dev-setup-3dic-ttp/dic2/bpe/log/README.md b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic2/bpe/log/README.md similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/dic2/bpe/log/README.md rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic2/bpe/log/README.md diff --git a/dsf-docker-dev-setup-3dic-ttp/dic2/bpe/process/README.md b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic2/bpe/process/README.md similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/dic2/bpe/process/README.md rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic2/bpe/process/README.md diff --git a/dsf-docker-dev-setup-3dic-ttp/dic2/fhir/log/README.md b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic2/fhir/log/README.md similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/dic2/fhir/log/README.md rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic2/fhir/log/README.md diff --git a/dsf-docker-dev-setup-3dic-ttp/dic2/ui/logo.svg b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic2/ui/logo.svg similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/dic2/ui/logo.svg rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic2/ui/logo.svg diff --git a/dsf-docker-dev-setup-3dic-ttp/dic2/ui/logo_dark.svg b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic2/ui/logo_dark.svg similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/dic2/ui/logo_dark.svg rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic2/ui/logo_dark.svg diff --git a/dsf-docker-dev-setup-3dic-ttp/dic3/bpe/log/README.md b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic3/bpe/log/README.md similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/dic3/bpe/log/README.md rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic3/bpe/log/README.md diff --git a/dsf-docker-dev-setup-3dic-ttp/dic3/bpe/process/README.md b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic3/bpe/process/README.md similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/dic3/bpe/process/README.md rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic3/bpe/process/README.md diff --git a/dsf-docker-dev-setup-3dic-ttp/dic3/fhir/log/README.md b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic3/fhir/log/README.md similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/dic3/fhir/log/README.md rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic3/fhir/log/README.md diff --git a/dsf-docker-dev-setup-3dic-ttp/dic3/ui/logo.svg b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic3/ui/logo.svg similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/dic3/ui/logo.svg rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic3/ui/logo.svg diff --git a/dsf-docker-dev-setup-3dic-ttp/dic3/ui/logo_dark.svg b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic3/ui/logo_dark.svg similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/dic3/ui/logo_dark.svg rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic3/ui/logo_dark.svg diff --git a/dsf-docker-dev-setup-3dic-ttp/docker-build.bat b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/docker-build.bat similarity index 80% rename from dsf-docker-dev-setup-3dic-ttp/docker-build.bat rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/docker-build.bat index 1cbc373ce..c09d07424 100644 --- a/dsf-docker-dev-setup-3dic-ttp/docker-build.bat +++ b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/docker-build.bat @@ -17,7 +17,7 @@ @echo off echo datasharingframework/bpe ... -docker build --pull -t datasharingframework/bpe ..\dsf-bpe\dsf-bpe-server-jetty\docker +docker build --pull -t datasharingframework/bpe ..\..\dsf-bpe\dsf-bpe-server-jetty\docker echo datasharingframework/fhir ... -docker build --pull -t datasharingframework/fhir ..\dsf-fhir\dsf-fhir-server-jetty\docker \ No newline at end of file +docker build --pull -t datasharingframework/fhir ..\..\dsf-fhir\dsf-fhir-server-jetty\docker \ No newline at end of file diff --git a/dsf-docker-dev-setup-3dic-ttp/docker-build.sh b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/docker-build.sh old mode 100755 new mode 100644 similarity index 79% rename from dsf-docker-dev-setup-3dic-ttp/docker-build.sh rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/docker-build.sh index ff0d46727..00eee485a --- a/dsf-docker-dev-setup-3dic-ttp/docker-build.sh +++ b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/docker-build.sh @@ -17,7 +17,7 @@ echo datasharingframework/bpe ... -docker build --pull -t datasharingframework/bpe ../dsf-bpe/dsf-bpe-server-jetty/docker +docker build --pull -t datasharingframework/bpe ../../dsf-bpe/dsf-bpe-server-jetty/docker echo datasharingframework/fhir ... -docker build --pull -t datasharingframework/fhir ../dsf-fhir/dsf-fhir-server-jetty/docker \ No newline at end of file +docker build --pull -t datasharingframework/fhir ../../dsf-fhir/dsf-fhir-server-jetty/docker \ No newline at end of file diff --git a/dsf-docker-dev-setup-3dic-ttp/docker-compose.yml b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/docker-compose.yml similarity index 96% rename from dsf-docker-dev-setup-3dic-ttp/docker-compose.yml rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/docker-compose.yml index 7cbd9d76b..bc273102d 100644 --- a/dsf-docker-dev-setup-3dic-ttp/docker-compose.yml +++ b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/docker-compose.yml @@ -113,14 +113,7 @@ services: networks: - internet command: >- - start - --db dev-file - --hostname keycloak - --import-realm - --https-certificate-file=/run/secrets/keycloak.chain.crt - --https-certificate-key-file=/run/secrets/keycloak.key.plain - --spi-truststore-file-file=/run/secrets/keycloak_trust_store.jks - --spi-truststore-file-password=password + start --db dev-file --hostname keycloak --import-realm --https-certificate-file=/run/secrets/keycloak.chain.crt --https-certificate-key-file=/run/secrets/keycloak.key.plain --spi-truststore-file-file=/run/secrets/keycloak_trust_store.jks --spi-truststore-file-password=password forward-proxy: build: ./forward-proxy @@ -132,11 +125,11 @@ services: internet: dic1-fhir: - build: ../dsf-fhir/dsf-fhir-server-jetty/docker + build: ../../dsf-fhir/dsf-fhir-server-jetty/docker image: datasharingframework/fhir restart: "no" ports: - - 127.0.0.1:5001:5001 + - 127.0.0.1:5001:5001 secrets: - db_liquibase.password - db_dic1_fhir_user.password @@ -218,11 +211,11 @@ services: - keycloak dic2-fhir: - build: ../dsf-fhir/dsf-fhir-server-jetty/docker + build: ../../dsf-fhir/dsf-fhir-server-jetty/docker image: datasharingframework/fhir restart: "no" ports: - - 127.0.0.1:5002:5002 + - 127.0.0.1:5002:5002 secrets: - db_liquibase.password - db_dic2_fhir_user.password @@ -299,11 +292,11 @@ services: - keycloak dic3-fhir: - build: ../dsf-fhir/dsf-fhir-server-jetty/docker + build: ../../dsf-fhir/dsf-fhir-server-jetty/docker image: datasharingframework/fhir restart: "no" ports: - - 127.0.0.1:5003:5003 + - 127.0.0.1:5003:5003 secrets: - db_liquibase.password - db_dic3_fhir_user.password @@ -378,11 +371,11 @@ services: - keycloak ttp-fhir: - build: ../dsf-fhir/dsf-fhir-server-jetty/docker + build: ../../dsf-fhir/dsf-fhir-server-jetty/docker image: datasharingframework/fhir restart: "no" ports: - - 127.0.0.1:5004:5004 + - 127.0.0.1:5004:5004 secrets: - db_liquibase.password - db_ttp_fhir_user.password @@ -450,7 +443,7 @@ services: DEV_DSF_SERVER_AUTH_OIDC_AUTHORIZATION_CODE_FLOW: 'true' DEV_DSF_SERVER_AUTH_OIDC_BACK_CHANNEL_LOGOUT: 'true' DEV_DSF_SERVER_AUTH_OIDC_BEARER_TOKEN: 'true' - DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_REALM_BASE_URL: https://keycloak:8443/realms/ttp + DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_REALM_BASE_URL: https://keycloak:8443/realms/ttp DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_CLIENT_TRUST_SERVER_CERTIFICATE_CAS: /run/secrets/root_ca.crt DEV_DSF_SERVER_AUTH_OIDC_CLIENT_ID: ttp-fhir DEV_DSF_SERVER_AUTH_OIDC_CLIENT_SECRET_FILE: /run/secrets/oidc_client_ttp_fhir.secret @@ -465,7 +458,7 @@ services: - keycloak dic1-bpe: - build: ../dsf-bpe/dsf-bpe-server-jetty/docker + build: ../../dsf-bpe/dsf-bpe-server-jetty/docker image: datasharingframework/bpe restart: "no" ports: @@ -585,7 +578,7 @@ services: - forward-proxy dic2-bpe: - build: ../dsf-bpe/dsf-bpe-server-jetty/docker + build: ../../dsf-bpe/dsf-bpe-server-jetty/docker image: datasharingframework/bpe restart: "no" ports: @@ -674,7 +667,7 @@ services: - keycloak dic3-bpe: - build: ../dsf-bpe/dsf-bpe-server-jetty/docker + build: ../../dsf-bpe/dsf-bpe-server-jetty/docker image: datasharingframework/bpe restart: "no" ports: @@ -763,7 +756,7 @@ services: - keycloak ttp-bpe: - build: ../dsf-bpe/dsf-bpe-server-jetty/docker + build: ../../dsf-bpe/dsf-bpe-server-jetty/docker image: datasharingframework/bpe restart: "no" ports: @@ -837,7 +830,7 @@ services: DEV_DSF_SERVER_AUTH_OIDC_AUTHORIZATION_CODE_FLOW: 'true' DEV_DSF_SERVER_AUTH_OIDC_BACK_CHANNEL_LOGOUT: 'true' DEV_DSF_SERVER_AUTH_OIDC_BEARER_TOKEN: 'true' - DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_REALM_BASE_URL: https://keycloak:8443/realms/ttp + DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_REALM_BASE_URL: https://keycloak:8443/realms/ttp DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_CLIENT_TRUST_SERVER_CERTIFICATE_CAS: /run/secrets/root_ca.crt DEV_DSF_SERVER_AUTH_OIDC_CLIENT_ID: ttp-bpe DEV_DSF_SERVER_AUTH_OIDC_CLIENT_SECRET_FILE: /run/secrets/oidc_client_ttp_bpe.secret @@ -901,7 +894,7 @@ secrets: db_liquibase.password: file: ./secrets/db_liquibase.password - + db_dic1_bpe_user.password: file: ./secrets/db_dic1_bpe_user.password db_dic1_bpe_user_engine.password: @@ -910,7 +903,7 @@ secrets: file: ./secrets/db_dic1_fhir_user.password db_dic1_fhir_user_permanent_delete.password: file: ./secrets/db_dic1_fhir_user_permanent_delete.password - + db_dic2_bpe_user.password: file: ./secrets/db_dic2_bpe_user.password db_dic2_bpe_user_engine.password: @@ -919,7 +912,7 @@ secrets: file: ./secrets/db_dic2_fhir_user.password db_dic2_fhir_user_permanent_delete.password: file: ./secrets/db_dic2_fhir_user_permanent_delete.password - + db_dic3_bpe_user.password: file: ./secrets/db_dic3_bpe_user.password db_dic3_bpe_user_engine.password: @@ -928,7 +921,7 @@ secrets: file: ./secrets/db_dic3_fhir_user.password db_dic3_fhir_user_permanent_delete.password: file: ./secrets/db_dic3_fhir_user_permanent_delete.password - + db_ttp_bpe_user.password: file: ./secrets/db_ttp_bpe_user.password db_ttp_bpe_user_engine.password: @@ -955,67 +948,67 @@ secrets: file: ./secrets/oidc_client_dic3_bpe.secret oidc_client_ttp_bpe.secret: file: ./secrets/oidc_client_ttp_bpe.secret - + networks: dic1-fhir-frontend: driver: bridge ipam: driver: default config: - - subnet: 172.20.0.0/29 + - subnet: 172.20.0.0/29 dic1-fhir-backend: dic2-fhir-frontend: driver: bridge ipam: driver: default config: - - subnet: 172.20.0.8/29 + - subnet: 172.20.0.8/29 dic2-fhir-backend: dic3-fhir-frontend: driver: bridge ipam: driver: default config: - - subnet: 172.20.0.16/29 + - subnet: 172.20.0.16/29 dic3-fhir-backend: ttp-fhir-frontend: driver: bridge ipam: driver: default config: - - subnet: 172.20.0.24/29 + - subnet: 172.20.0.24/29 ttp-fhir-backend: dic1-bpe-frontend: driver: bridge ipam: driver: default config: - - subnet: 172.20.0.32/29 + - subnet: 172.20.0.32/29 dic1-bpe-backend: dic2-bpe-frontend: driver: bridge ipam: driver: default config: - - subnet: 172.20.0.40/29 + - subnet: 172.20.0.40/29 dic2-bpe-backend: dic3-bpe-frontend: driver: bridge ipam: driver: default config: - - subnet: 172.20.0.48/29 + - subnet: 172.20.0.48/29 dic3-bpe-backend: ttp-bpe-frontend: driver: bridge ipam: driver: default config: - - subnet: 172.20.0.56/29 + - subnet: 172.20.0.56/29 ttp-bpe-backend: internet: forward-proxy: volumes: postgresql: - name: postgresql \ No newline at end of file + name: postgresql diff --git a/dsf-docker-dev-setup-3dic-ttp/forward-proxy/Dockerfile b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/forward-proxy/Dockerfile similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/forward-proxy/Dockerfile rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/forward-proxy/Dockerfile diff --git a/dsf-docker-dev-setup-3dic-ttp/forward-proxy/tinyproxy.conf b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/forward-proxy/tinyproxy.conf similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/forward-proxy/tinyproxy.conf rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/forward-proxy/tinyproxy.conf diff --git a/dsf-docker-dev-setup-3dic-ttp/keycloak/dic1.json b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/keycloak/dic1.json similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/keycloak/dic1.json rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/keycloak/dic1.json diff --git a/dsf-docker-dev-setup-3dic-ttp/keycloak/dic2.json b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/keycloak/dic2.json similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/keycloak/dic2.json rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/keycloak/dic2.json diff --git a/dsf-docker-dev-setup-3dic-ttp/keycloak/dic3.json b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/keycloak/dic3.json similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/keycloak/dic3.json rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/keycloak/dic3.json diff --git a/dsf-docker-dev-setup-3dic-ttp/keycloak/ttp.json b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/keycloak/ttp.json similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/keycloak/ttp.json rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/keycloak/ttp.json diff --git a/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic1.conf b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic1.conf similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic1.conf rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic1.conf diff --git a/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic2.conf b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic2.conf similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic2.conf rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic2.conf diff --git a/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic3.conf b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic3.conf similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic3.conf rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic3.conf diff --git a/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/ttp.conf b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/ttp.conf similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/ttp.conf rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/ttp.conf diff --git a/dsf-docker-dev-setup-3dic-ttp/proxy/nginx.conf b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/proxy/nginx.conf similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/proxy/nginx.conf rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/proxy/nginx.conf diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_bpe_user.password b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_bpe_user.password similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_bpe_user.password rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_bpe_user.password diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_bpe_user_engine.password b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_bpe_user_engine.password similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_bpe_user_engine.password rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_bpe_user_engine.password diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_fhir_user.password b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_fhir_user.password similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_fhir_user.password rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_fhir_user.password diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_fhir_user_permanent_delete.password b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_fhir_user_permanent_delete.password similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_fhir_user_permanent_delete.password rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_fhir_user_permanent_delete.password diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_bpe_user.password b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_bpe_user.password similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_bpe_user.password rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_bpe_user.password diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_bpe_user_engine.password b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_bpe_user_engine.password similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_bpe_user_engine.password rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_bpe_user_engine.password diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_fhir_user.password b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_fhir_user.password similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_fhir_user.password rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_fhir_user.password diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_fhir_user_permanent_delete.password b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_fhir_user_permanent_delete.password similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_fhir_user_permanent_delete.password rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_fhir_user_permanent_delete.password diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_bpe_user.password b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_bpe_user.password similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_bpe_user.password rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_bpe_user.password diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_bpe_user_engine.password b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_bpe_user_engine.password similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_bpe_user_engine.password rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_bpe_user_engine.password diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_fhir_user.password b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_fhir_user.password similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_fhir_user.password rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_fhir_user.password diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_fhir_user_permanent_delete.password b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_fhir_user_permanent_delete.password similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_fhir_user_permanent_delete.password rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_fhir_user_permanent_delete.password diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/db_liquibase.password b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_liquibase.password similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/secrets/db_liquibase.password rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_liquibase.password diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_bpe_user.password b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_bpe_user.password similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_bpe_user.password rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_bpe_user.password diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_bpe_user_engine.password b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_bpe_user_engine.password similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_bpe_user_engine.password rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_bpe_user_engine.password diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_fhir_user.password b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_fhir_user.password similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_fhir_user.password rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_fhir_user.password diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_fhir_user_permanent_delete.password b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_fhir_user_permanent_delete.password similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_fhir_user_permanent_delete.password rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_fhir_user_permanent_delete.password diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic1_bpe.secret b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic1_bpe.secret similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic1_bpe.secret rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic1_bpe.secret diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic1_fhir.secret b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic1_fhir.secret similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic1_fhir.secret rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic1_fhir.secret diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic2_bpe.secret b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic2_bpe.secret similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic2_bpe.secret rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic2_bpe.secret diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic2_fhir.secret b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic2_fhir.secret similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic2_fhir.secret rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic2_fhir.secret diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic3_bpe.secret b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic3_bpe.secret similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic3_bpe.secret rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic3_bpe.secret diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic3_fhir.secret b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic3_fhir.secret similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic3_fhir.secret rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic3_fhir.secret diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_ttp_bpe.secret b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_ttp_bpe.secret similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_ttp_bpe.secret rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_ttp_bpe.secret diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_ttp_fhir.secret b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_ttp_fhir.secret similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_ttp_fhir.secret rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_ttp_fhir.secret diff --git a/dsf-docker-dev-setup-3dic-ttp/ttp/bpe/log/README.md b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/bpe/log/README.md similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/ttp/bpe/log/README.md rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/bpe/log/README.md diff --git a/dsf-docker-dev-setup-3dic-ttp/ttp/bpe/process/README.md b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/bpe/process/README.md similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/ttp/bpe/process/README.md rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/bpe/process/README.md diff --git a/dsf-docker-dev-setup-3dic-ttp/ttp/fhir/conf/bundle.xml b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/fhir/conf/bundle.xml similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/ttp/fhir/conf/bundle.xml rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/fhir/conf/bundle.xml diff --git a/dsf-docker-dev-setup-3dic-ttp/ttp/fhir/log/README.md b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/fhir/log/README.md similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/ttp/fhir/log/README.md rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/fhir/log/README.md diff --git a/dsf-docker-dev-setup-3dic-ttp/ttp/ui/logo.svg b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/ui/logo.svg similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/ttp/ui/logo.svg rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/ui/logo.svg diff --git a/dsf-docker-dev-setup-3dic-ttp/ttp/ui/logo_dark.svg b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/ui/logo_dark.svg similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/ttp/ui/logo_dark.svg rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/ui/logo_dark.svg diff --git a/dsf-docker-dev-setup-3dic-ttp/ui/bpe_mod.css b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ui/bpe_mod.css similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/ui/bpe_mod.css rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ui/bpe_mod.css diff --git a/dsf-docker-dev-setup-3dic-ttp/ui/fhir_mod.css b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ui/fhir_mod.css similarity index 100% rename from dsf-docker-dev-setup-3dic-ttp/ui/fhir_mod.css rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ui/fhir_mod.css diff --git a/dsf-docker-dev-setup/bpe/docker-compose.yml b/dsf-dev-setups/dsf-docker-dev-setup/bpe/docker-compose.yml similarity index 100% rename from dsf-docker-dev-setup/bpe/docker-compose.yml rename to dsf-dev-setups/dsf-docker-dev-setup/bpe/docker-compose.yml diff --git a/dsf-docker-dev-setup/bpe/log/README.md b/dsf-dev-setups/dsf-docker-dev-setup/bpe/log/README.md similarity index 100% rename from dsf-docker-dev-setup/bpe/log/README.md rename to dsf-dev-setups/dsf-docker-dev-setup/bpe/log/README.md diff --git a/dsf-docker-dev-setup/bpe/process/README.md b/dsf-dev-setups/dsf-docker-dev-setup/bpe/process/README.md similarity index 100% rename from dsf-docker-dev-setup/bpe/process/README.md rename to dsf-dev-setups/dsf-docker-dev-setup/bpe/process/README.md diff --git a/dsf-docker-dev-setup/bpe/secrets/db_liquibase.password b/dsf-dev-setups/dsf-docker-dev-setup/bpe/secrets/db_liquibase.password similarity index 100% rename from dsf-docker-dev-setup/bpe/secrets/db_liquibase.password rename to dsf-dev-setups/dsf-docker-dev-setup/bpe/secrets/db_liquibase.password diff --git a/dsf-docker-dev-setup/bpe/secrets/db_user.password b/dsf-dev-setups/dsf-docker-dev-setup/bpe/secrets/db_user.password similarity index 100% rename from dsf-docker-dev-setup/bpe/secrets/db_user.password rename to dsf-dev-setups/dsf-docker-dev-setup/bpe/secrets/db_user.password diff --git a/dsf-docker-dev-setup/bpe/secrets/db_user_engine.password b/dsf-dev-setups/dsf-docker-dev-setup/bpe/secrets/db_user_engine.password similarity index 100% rename from dsf-docker-dev-setup/bpe/secrets/db_user_engine.password rename to dsf-dev-setups/dsf-docker-dev-setup/bpe/secrets/db_user_engine.password diff --git a/dsf-docker-dev-setup/docker-build.bat b/dsf-dev-setups/dsf-docker-dev-setup/docker-build.bat similarity index 70% rename from dsf-docker-dev-setup/docker-build.bat rename to dsf-dev-setups/dsf-docker-dev-setup/docker-build.bat index 5d797e7d1..b263e5ca5 100644 --- a/dsf-docker-dev-setup/docker-build.bat +++ b/dsf-dev-setups/dsf-docker-dev-setup/docker-build.bat @@ -17,13 +17,13 @@ @echo off echo datasharingframework/bpe ... -docker build --pull -t datasharingframework/bpe ..\dsf-bpe\dsf-bpe-server-jetty\docker +docker build --pull -t datasharingframework/bpe ..\..\dsf-bpe\dsf-bpe-server-jetty\docker echo datasharingframework/fhir ... -docker build --pull -t datasharingframework/fhir ..\dsf-fhir\dsf-fhir-server-jetty\docker +docker build --pull -t datasharingframework/fhir ..\..\dsf-fhir\dsf-fhir-server-jetty\docker echo datasharingframework/bpe_proxy ... -docker build --pull -t datasharingframework/bpe_proxy ..\dsf-docker\bpe_proxy +docker build --pull -t datasharingframework/bpe_proxy ..\..\dsf-docker\bpe_proxy echo datasharingframework/fhir_proxy ... -docker build --pull -t datasharingframework/fhir_proxy ..\dsf-docker\fhir_proxy +docker build --pull -t datasharingframework/fhir_proxy ..\..\dsf-docker\fhir_proxy diff --git a/dsf-docker-dev-setup/docker-build.sh b/dsf-dev-setups/dsf-docker-dev-setup/docker-build.sh old mode 100755 new mode 100644 similarity index 69% rename from dsf-docker-dev-setup/docker-build.sh rename to dsf-dev-setups/dsf-docker-dev-setup/docker-build.sh index 4fecada35..1f182d238 --- a/dsf-docker-dev-setup/docker-build.sh +++ b/dsf-dev-setups/dsf-docker-dev-setup/docker-build.sh @@ -17,13 +17,13 @@ echo datasharingframework/bpe ... -docker build --pull -t datasharingframework/bpe ../dsf-bpe/dsf-bpe-server-jetty/docker +docker build --pull -t datasharingframework/bpe ../../dsf-bpe/dsf-bpe-server-jetty/docker echo datasharingframework/fhir ... -docker build --pull -t datasharingframework/fhir ../dsf-fhir/dsf-fhir-server-jetty/docker +docker build --pull -t datasharingframework/fhir ../../dsf-fhir/dsf-fhir-server-jetty/docker echo datasharingframework/bpe_proxy ... -docker build --pull -t datasharingframework/bpe_proxy ../dsf-docker/bpe_proxy +docker build --pull -t datasharingframework/bpe_proxy ../../dsf-docker/bpe_proxy echo datasharingframework/fhir_proxy ... -docker build --pull -t datasharingframework/fhir_proxy ../dsf-docker/fhir_proxy +docker build --pull -t datasharingframework/fhir_proxy ../../dsf-docker/fhir_proxy diff --git a/dsf-docker-dev-setup/fhir/conf/bundle.xml b/dsf-dev-setups/dsf-docker-dev-setup/fhir/conf/bundle.xml similarity index 100% rename from dsf-docker-dev-setup/fhir/conf/bundle.xml rename to dsf-dev-setups/dsf-docker-dev-setup/fhir/conf/bundle.xml diff --git a/dsf-docker-dev-setup/fhir/docker-compose.yml b/dsf-dev-setups/dsf-docker-dev-setup/fhir/docker-compose.yml similarity index 100% rename from dsf-docker-dev-setup/fhir/docker-compose.yml rename to dsf-dev-setups/dsf-docker-dev-setup/fhir/docker-compose.yml diff --git a/dsf-docker-dev-setup/fhir/log/README.md b/dsf-dev-setups/dsf-docker-dev-setup/fhir/log/README.md similarity index 100% rename from dsf-docker-dev-setup/fhir/log/README.md rename to dsf-dev-setups/dsf-docker-dev-setup/fhir/log/README.md diff --git a/dsf-docker-dev-setup/fhir/secrets/db_liquibase.password b/dsf-dev-setups/dsf-docker-dev-setup/fhir/secrets/db_liquibase.password similarity index 100% rename from dsf-docker-dev-setup/fhir/secrets/db_liquibase.password rename to dsf-dev-setups/dsf-docker-dev-setup/fhir/secrets/db_liquibase.password diff --git a/dsf-docker-dev-setup/fhir/secrets/db_user.password b/dsf-dev-setups/dsf-docker-dev-setup/fhir/secrets/db_user.password similarity index 100% rename from dsf-docker-dev-setup/fhir/secrets/db_user.password rename to dsf-dev-setups/dsf-docker-dev-setup/fhir/secrets/db_user.password diff --git a/dsf-docker-dev-setup/fhir/secrets/db_user_permanent_delete.password b/dsf-dev-setups/dsf-docker-dev-setup/fhir/secrets/db_user_permanent_delete.password similarity index 100% rename from dsf-docker-dev-setup/fhir/secrets/db_user_permanent_delete.password rename to dsf-dev-setups/dsf-docker-dev-setup/fhir/secrets/db_user_permanent_delete.password From 979bddb51ca646bb0bb917608890e5bbdc0d1039 Mon Sep 17 00:00:00 2001 From: Filiz Kluba Date: Wed, 20 May 2026 11:25:56 +0200 Subject: [PATCH 2/4] chore(dev-setup): add development environment for podman/quadlet - create readme with setup instructions - configuration does not affect production environment --- dsf-dev-setups/dsf-podman-dev-setup/README.md | 302 ++++++++++++++++++ .../dsf-bpe-passwords.yaml.tpl | 8 + .../dsf-podman-dev-setup/dsf-bpe.target | 7 + .../dsf-bpe/dsf-backend.network | 2 + .../dsf-bpe/dsf-bpe-app.kube | 16 + .../dsf-bpe/dsf-bpe-app.yaml | 80 +++++ .../dsf-bpe/dsf-bpe-db.kube | 13 + .../dsf-bpe/dsf-bpe-db.yaml | 63 ++++ .../dsf-bpe/dsf-client-cert.yaml | 15 + .../dsf-fhir-passwords.yaml.tpl | 8 + .../dsf-podman-dev-setup/dsf-fhir.target | 7 + .../dsf-fhir/dsf-app.kube | 16 + .../dsf-fhir/dsf-app.yaml | 60 ++++ .../dsf-fhir/dsf-backend.network | 2 + .../dsf-fhir/dsf-client-cert.yaml | 15 + .../dsf-podman-dev-setup/dsf-fhir/dsf-db.kube | 13 + .../dsf-podman-dev-setup/dsf-fhir/dsf-db.yaml | 62 ++++ .../dsf-fhir/dsf-frontend.network | 2 + .../dsf-fhir/dsf-proxy.kube | 16 + .../dsf-fhir/dsf-proxy.yaml | 40 +++ .../dsf-fhir/dsf-ssl-cert.yaml | 18 ++ 21 files changed, 765 insertions(+) create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/README.md create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe-passwords.yaml.tpl create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe.target create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-backend.network create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.kube create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.yaml create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.kube create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.yaml create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-client-cert.yaml create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir-passwords.yaml.tpl create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir.target create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-app.kube create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-app.yaml create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-backend.network create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-client-cert.yaml create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-db.kube create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-db.yaml create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-frontend.network create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-proxy.kube create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-proxy.yaml create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-ssl-cert.yaml diff --git a/dsf-dev-setups/dsf-podman-dev-setup/README.md b/dsf-dev-setups/dsf-podman-dev-setup/README.md new file mode 100644 index 000000000..835c4311a --- /dev/null +++ b/dsf-dev-setups/dsf-podman-dev-setup/README.md @@ -0,0 +1,302 @@ +# DSF Kube + +A rootless Podman setup for the Data Sharing Framework (DSF), designed as an intermediate step towards Kubernetes. It uses native Quadlet integration into systemd and Kubernetes-compatible YAML manifests. + +## Improvements over the original Docker Compose setup + +- Explicit registry prefix (e.g. `docker.io`) to avoid ambiguity +- More descriptive image tags (e.g. `postgres:18.3-alpine3.23`) +- Rootless Podman with user namespace isolation +- Engine-managed volumes instead of bind-mounts +- Fixed sysctl settings for the proxy container +- Official enterprise Linux support (SLES, RHEL, Ubuntu) +- Native init system integration via Quadlet instead of a central daemon + +## Additional requirements compared to the original setup + +- Podman >= 5.0 (Ubuntu 24+, SLES 16, RHEL 9+) +- `passt` (any version) +- Rootless service account with configured SubUIDs and SubGIDs + +## Preparation + +### Install dependencies + +```bash +# Ubuntu +apt install podman passt + +# SLES +zypper install podman passt + +# Alma Linux / RHEL +dnf install podman passt +``` + +### Allow unprivileged ports (required for the FHIR proxy on port 443) + +```bash +echo "net.ipv4.ip_unprivileged_port_start=80" > /etc/sysctl.d/99-user_priv_ports.conf +sysctl --system +``` + +### Create a service account + +To use a separate partition for application data, mount that partition on `/home` before creating the user. + +```bash +useradd -r -m -s /bin/bash podman + +# Add to systemd-journal group for log access +usermod -a -G systemd-journal podman + +# Configure SubUIDs and SubGIDs (adjust ranges for additional accounts) +usermod --add-subgids 100000-165536 --add-subuids 100000-165536 podman + +# Enable persistent user session (services survive logout) +loginctl enable-linger podman + +# Configure XDG_RUNTIME_DIR for rootless podman and systemd --user +cat >> /home/podman/.bashrc << 'EOF' +export XDG_RUNTIME_DIR=/run/user/$(id -u) +EOF + +# Switch into the service account context +sudo --login -u podman +``` + +--- + +## FHIR-Deployment + +### Secrets und Zertifikate + +Edit the certificate YAML files and insert the PEM contents: + +```bash +# Server certificate (Certificate A): SSL cert, key and chain +vi ./dsf-fhir/dsf-ssl-cert.yaml + +# Client certificate (Certificate B): used by the FHIR app to authenticate +vi ./dsf-fhir/dsf-client-cert.yaml +``` + +Generate and apply database passwords: + +```bash +# For using own passwords encode them as base64 and set them as env +export DB_LIQUIBASE_PASSWORD=$(openssl rand -base64 30 | tr -d '\n') +export DB_USER_PASSWORD=$(openssl rand -base64 16 | tr -d '\n') +export DB_USER_PERMANENT_DELETE_PASSWORD=$(openssl rand -base64 16 | tr -d '\n') + +envsubst < dsf-fhir/dsf-fhir-passwords.yaml.tpl > dsf-fhir-passwords.yaml +podman kube play dsf-fhir-passwords.yaml +rm dsf-fhir-passwords.yaml +``` + +### Install Quadlet units and create directories + +```bash +# Install Quadlet units +podman quadlet install ./dsf-fhir + +# Install systemd target +install -m 640 ./dsf-fhir.target ~/.config/systemd/user/dsf-fhir.target + +# Create log directory with correct permissions +mkdir -p ~/.local/state/dsf/fhir/log +podman unshare chown root:2101 ~/.local/state/dsf/fhir/log +podman unshare chmod 770 ~/.local/state/dsf/fhir/log +``` + +### Configuration + +Edit the Kubernetes YAML and set the required environment variables: + +| Variable | Description | +| --------------------------------------------------- | --------------------------------------------------------------------- | +| `DEV_DSF_FHIR_SERVER_BASE_URL` | External FQDN of the FHIR server, e.g. `https://dsf.example.com/fhir` | +| `DEV_DSF_FHIR_SERVER_ORGANIZATION_IDENTIFIER_VALUE` | Organization identifier, e.g. `dsf.example.com` | +| `DEV_DSF_FHIR_SERVER_ROLECONFIG` | Role configuration for browser and API access | +| `HTTPS_SERVER_NAME_PORT` | FQDN and port of the FHIR server, e.g. `dsf.example.com:443` | + +See the [FHIR server configuration reference](https://dsf.dev/operations/latest/fhir/configuration) for all available parameters. + +### Start and stop + +```bash +# Start +systemctl --user daemon-reload +systemctl --user enable --now dsf-fhir.target + +# Restart (e.g. after configuration changes or certificate renewal) +systemctl --user restart dsf-fhir.target + +# Stop +systemctl --user disable --now dsf-fhir.target +``` + +### Verify startup + +Check the logs for successful startup: + +```bash +journalctl --user -u dsf-app.service -f +``` + +Expected on successful startup: +- FHIR server is reachable and responding on port 443 +- Proxy presents the correct server certificate (Certificate A) + +Test TLS from a remote host: + +```bash +openssl s_client -connect dsf.example.com:443 +# Expected: server certificate shown, connection ends with: +# tlsv13 alert certificate required +``` + +--- + +## BPE Server Deployment + +### Secrets and certificates + +Edit the certificate YAML file: + +```bash +# Client certificate (Certificate B): same certificate as used by the FHIR server +vi ./dsf-bpe/dsf-client-cert.yaml +``` + +Generate and apply database passwords: + +```bash +# For using own passwords encode them as base64 and set them as env +export DB_LIQUIBASE_PASSWORD=$(openssl rand -base64 30 | tr -d '\n') +export DB_USER_PASSWORD=$(openssl rand -base64 16 | tr -d '\n') +export DB_USER_CAMUNDA=$(openssl rand -base64 16 | tr -d '\n') + +envsubst < dsf-bpe/dsf-bpe-passwords.yaml.tpl > dsf-bpe-passwords.yaml +podman kube play dsf-bpe-passwords.yaml +rm dsf-bpe-passwords.yaml +``` + +### Install Quadlet units and create directories + +```bash +# Install Quadlet units +podman quadlet install ./dsf-bpe + +# Install systemd target +install -m 640 ./dsf-bpe.target ~/.config/systemd/user/dsf-bpe.target + +# Create log directory with correct permissions +mkdir -p ~/.local/state/dsf/bpe/log +podman unshare chown root:2202 ~/.local/state/dsf/bpe/log +podman unshare chmod 770 ~/.local/state/dsf/bpe/log + +# Create process plugin directory +mkdir -p ~/.config/dsf-bpe/process +podman unshare chown root:2202 ~/.config/dsf-bpe/process +podman unshare chmod 650 ~/.config/dsf-bpe/process +``` + +### Configuration + +Edit the Kubernetes YAML and set the required environment variables: + +| Variable | Description | +| ---------------------------------- | --------------------------------------------------------------------------------- | +| `DEV_DSF_BPE_FHIR_SERVER_BASE_URL` | Base URL of the corresponding FHIR server, e.g. `https://dsf.example.com/fhir` | +| `DEV_DSF_BPE_PROCESS_EXCLUDED` | Pipe-separated list of process IDs to exclude, e.g. `dsfdev_updateAllowList\|1.0` | + +See the [BPE server configuration reference](https://dsf.dev/operations/latest/bpe/configuration) for all available parameters. + +### Start and stop + +```bash +# Start +systemctl --user daemon-reload +systemctl --user enable --now dsf-bpe.target + +# Restart (e.g. after configuration changes or plugin updates) +systemctl --user restart dsf-bpe.target + +# Stop +systemctl --user disable --now dsf-bpe.target +``` + +### Verify startup + +```bash +journalctl --user -u dsf-bpe-app.service -f +``` + +Expected on successful startup: +- BPE downloaded Task resources from the DSF FHIR server +- BPE downloaded a Subscription resource from the DSF FHIR server +- BPE established a WebSocket connection to the DSF FHIR server + +If TLS issues occur, test the connection manually: + +```bash +podman run -it --rm alpine/openssl s_client dsf.example.com:443 +# Expected: server certificate shown, ends with tlsv13 alert certificate required +``` + +--- + +## Certificate renewal + +Both FHIR and BPE use certificate YAML files (`dsf-ssl-cert.yaml`, `dsf-client-cert.yaml`) that can be updated in place. After updating the PEM contents, restart the affected service: + +```bash +# FHIR proxy (server certificate) +systemctl --user restart dsf-proxy.service + +# FHIR app or BPE app (client certificate) +systemctl --user restart dsf-app.service +systemctl --user restart dsf-bpe-app.service +``` + +--- + +## Roadmap + +1. **Multiline config as mounted YAML** — Load Spring Boot configuration as a mounted `config.yaml` instead of environment variables for better readability of multiline values such as role configurations: + ```yaml + - name: spring-application-config + mountPath: /config + ``` + +2. **Unified naming** — Avoid duplicate names between BPE and FHIR to support single-instance dev setups. + +3. **Migrate to Deployments** — Replace `kind: Pod` with `kind: Deployment` (replicas: 1) for a smoother migration path to Kubernetes. + +4. **One secret per password** — Currently all DB passwords are bundled in a single Kubernetes Secret. Splitting them improves least-privilege access. + +5. **Unprivileged proxy port** — Find a solution that avoids the `net.ipv4.ip_unprivileged_port_start=80` sysctl requirement, e.g. by using a higher container port with host port mapping or a setcap-based approach. + +--- + +### Kubernetes Migration Notes + +The Kubernetes YAML files under `dsf-fhir` and `dsf-bpe` can be used as a starting point for a Kubernetes deployment with minor additions: + +- Add `namespace` to each resource +- Replace ConfigMap-based private keys with proper `kind: Secret` resources +- Replace `hostPath` volumes with appropriate `PersistentVolumeClaim` resources + For this we need a different solution for managing logs then the log-directory. +- Replace `hostPort` with a proper `Service` of type `LoadBalancer` or `NodePort` +- Consider a sidecar or init container approach for process plugins +- Instead of deploying plugins as jar files via bind-mount, publish them as OCI images and mount them into the container. + +### Notes on certificate handling + +In this setup, certificate keys are provided as ConfigMaps. This has the following advantages in the Podman/Quadlet context: + +- Editable as plain text (PEM format) +- Reusable across multiple pods via the `--configmap` option in `podman kube play` + +In a production Kubernetes deployment, private keys should be stored as `kind: Secret` instead of ConfigMap to benefit from Kubernetes secret management, RBAC, and optional encryption at rest. diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe-passwords.yaml.tpl b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe-passwords.yaml.tpl new file mode 100644 index 000000000..4e1b12258 --- /dev/null +++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe-passwords.yaml.tpl @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: dsf-bpe-passwords +stringData: + db_liquibase.password: "${DB_LIQUIBASE_PASSWORD}" + db_user.password: "${DB_USER_PASSWORD}" + db_user_camunda.password: "${DB_USER_CAMUNDA}" \ No newline at end of file diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe.target b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe.target new file mode 100644 index 000000000..8e27441bb --- /dev/null +++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe.target @@ -0,0 +1,7 @@ +[Unit] +Description=DSF FHIR Server +Wants=dsf-bpe-app.service +After=dsf-bpe-app.service + +[Install] +WantedBy=default.target diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-backend.network b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-backend.network new file mode 100644 index 000000000..dc672fa89 --- /dev/null +++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-backend.network @@ -0,0 +1,2 @@ +[Network] +NetworkName=dsf-backend \ No newline at end of file diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.kube b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.kube new file mode 100644 index 000000000..9297ce780 --- /dev/null +++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.kube @@ -0,0 +1,16 @@ +[Unit] +Description=DSF BPE Application +PartOf=dsf-bpe.target +After=dsf-bpe-db.service +Wants=dsf-db.service + +[Kube] +Yaml=%h/.config/containers/systemd/dsf-bpe-app.yaml +ConfigMap=%h/.config/containers/systemd/dsf-client-cert.yaml +Network=dsf-bpe-backend.network + +[Service] +Restart=on-failure + +[Install] +WantedBy=dsf-bpe.target \ No newline at end of file diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.yaml b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.yaml new file mode 100644 index 000000000..c73a33514 --- /dev/null +++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.yaml @@ -0,0 +1,80 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: dsf-bpe-cache + annotations: + volume.podman.io/uid: "0" + volume.podman.io/gid: "2202" + volume.podman.io/mount-options: "uid=0,gid=2202,mode=0770" +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: dsf-bpe-config +data: + TZ: "Europe/Berlin" + DEV_DSF_BPE_DB_URL: "jdbc:postgresql://dsf-bpe-db/bpe" + DEV_DSF_BPE_DB_LIQUIBASE_PASSWORD_FILE: "/run/secrets/db/db_liquibase.password" + DEV_DSF_BPE_DB_USER_PASSWORD_FILE: "/run/secrets/db/db_user.password" + DEV_DSF_BPE_DB_USER_ENGINE_PASSWORD_FILE: "/run/secrets/db/db_user_camunda.password" + DEV_DSF_BPE_FHIR_CLIENT_CERTIFICATE: "/run/secrets/cert/client_certificate.pem" + DEV_DSF_BPE_FHIR_CLIENT_CERTIFICATE_PRIVATE_KEY: "/run/secrets/cert/client_certificate_private_key.pem" + DEV_DSF_BPE_FHIR_CLIENT_CERTIFICATE_PRIVATE_KEY_PASSWORD_FILE: "/run/secrets/cert/client_certificate_private_key.pem.password" + # TODO specify the base url of this DSF FHIR server + DEV_DSF_BPE_FHIR_SERVER_BASE_URL: "https://dsf.todo.organization.com/fhir" + # DEV_DSF_BPE_PROCESS_EXCLUDED: | + # dsfdev_updateAllowList|1.0 +--- +apiVersion: v1 +kind: Pod +metadata: + name: dsf-bpe-app + labels: + app: dsf-bpe-app +spec: + restartPolicy: OnFailure + containers: + - name: dsf-bpe-app + image: ghcr.io/datasharingframework/bpe:2.1.0 + envFrom: + - configMapRef: + name: dsf-bpe-config + volumeMounts: + - name: db-passwords + mountPath: /run/secrets/db + readOnly: true + - name: client-cert + mountPath: /run/secrets/cert + readOnly: true + - name: bpe-log + mountPath: /opt/bpe/log + - name: bpe-process + mountPath: /opt/bpe/process + readOnly: true + - name: bpe-cache + mountPath: /opt/bpe/cache + volumes: + - name: bpe-log + hostPath: + path: /home/podman/.local/state/dsf/bpe/log + type: Directory + - name: bpe-process + hostPath: + path: /home/podman/.config/dsf-bpe/process + type: Directory + - name: db-passwords + secret: + secretName: dsf-bpe-passwords + - name: client-cert + configMap: + name: dsf-client-cert + - name: bpe-cache + persistentVolumeClaim: + claimName: dsf-bpe-cache diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.kube b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.kube new file mode 100644 index 000000000..1ff6aefb3 --- /dev/null +++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.kube @@ -0,0 +1,13 @@ +[Unit] +Description=DSF BPE Database +PartOf=dsf-bpe.target + +[Kube] +Yaml=%h/.config/containers/systemd/dsf-bpe-db.yaml +Network=dsf-backend.network + +[Service] +Restart=on-failure + +[Install] +WantedBy=dsf-bpe.target diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.yaml b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.yaml new file mode 100644 index 000000000..a11fb68f3 --- /dev/null +++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.yaml @@ -0,0 +1,63 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: dsf-bpe-db-data + annotations: + volume.podman.io/driver: local + volume.podman.io/uid: "70" + volume.podman.io/gid: "70" + volume.podman.io/mount-options: "uid=70,gid=70,mode=0770" +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi +--- +apiVersion: v1 +kind: Pod +metadata: + name: dsf-bpe-db + labels: + app: dsf-bpe-db +spec: + restartPolicy: OnFailure + containers: + - name: dsf-bpe-db + image: docker.io/library/postgres:18.3-alpine3.23 + env: + - name: TZ + value: Europe/Berlin + - name: POSTGRES_USER + value: liquibase_user + - name: POSTGRES_DB + value: bpe + - name: POSTGRES_PASSWORD_FILE + value: /run/secrets/db_liquibase.password + livenessProbe: + exec: + command: + - pg_isready + - -U + - liquibase_user + - -d + - bpe + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + volumeMounts: + - name: db-data + mountPath: /var/lib/postgresql + - name: db-passwords + mountPath: /run/secrets/db_liquibase.password + subPath: db_liquibase.password + readOnly: true + volumes: + - name: db-data + persistentVolumeClaim: + claimName: dsf-bpe-db-data + - name: db-passwords + secret: + secretName: dsf-bpe-passwords diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-client-cert.yaml b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-client-cert.yaml new file mode 100644 index 000000000..edbaad91e --- /dev/null +++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-client-cert.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: dsf-client-cert +data: + client_certificate.pem: | + -----BEGIN CERTIFICATE----- + MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw + ... + -----END CERTIFICATE----- + client_certificate_private_key.pem: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + client_certificate_private_key.pem.password: "dein-passwort" diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir-passwords.yaml.tpl b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir-passwords.yaml.tpl new file mode 100644 index 000000000..40afe8167 --- /dev/null +++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir-passwords.yaml.tpl @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: dsf-fhir-passwords +stringData: + db_liquibase.password: "${DB_LIQUIBASE_PASSWORD}" + db_user.password: "${DB_USER_PASSWORD}" + db_user_permanent_delete.password: "${DB_USER_PERMANENT_DELETE_PASSWORD}" \ No newline at end of file diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir.target b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir.target new file mode 100644 index 000000000..2903ded98 --- /dev/null +++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir.target @@ -0,0 +1,7 @@ +[Unit] +Description=DSF FHIR Server +Wants=dsf-proxy.service +After=dsf-proxy.service + +[Install] +WantedBy=default.target \ No newline at end of file diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-app.kube b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-app.kube new file mode 100644 index 000000000..0af71d7b9 --- /dev/null +++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-app.kube @@ -0,0 +1,16 @@ +[Unit] +Description=DSF FHIR App +After=dsf-db.service +Wants=dsf-db.service +PartOf=dsf-fhir.target + +[Kube] +Yaml=%h/.config/containers/systemd/dsf-app.yaml +ConfigMap=%h/.config/containers/systemd/dsf-client-cert.yaml +Network=dsf-backend.network + +[Service] +Restart=on-failure + +[Install] +WantedBy=dsf-fhir.target \ No newline at end of file diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-app.yaml b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-app.yaml new file mode 100644 index 000000000..c2d1947e3 --- /dev/null +++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-app.yaml @@ -0,0 +1,60 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: dsf-fhir-config +data: + TZ: "Europe/Berlin" + DEV_DSF_FHIR_DB_URL: "jdbc:postgresql://dsf-db/fhir" + DEV_DSF_FHIR_DB_LIQUIBASE_PASSWORD_FILE: "/run/secrets/db/db_liquibase.password" + DEV_DSF_FHIR_DB_USER_PASSWORD_FILE: "/run/secrets/db/db_user.password" + DEV_DSF_FHIR_DB_USER_PERMANENT_DELETE_PASSWORD_FILE: "/run/secrets/db/db_user_permanent_delete.password" + DEV_DSF_FHIR_CLIENT_CERTIFICATE: "/run/secrets/cert/client_certificate.pem" + DEV_DSF_FHIR_CLIENT_CERTIFICATE_PRIVATE_KEY: "/run/secrets/cert/client_certificate_private_key.pem" + DEV_DSF_FHIR_CLIENT_CERTIFICATE_PRIVATE_KEY_PASSWORD_FILE: "/run/secrets/cert/client_certificate_private_key.pem.password" + DEV_DSF_FHIR_SERVER_ORGANIZATION_IDENTIFIER_VALUE: "todo.organization.com" + # TODO specify the base url of this DSF FHIR server + DEV_DSF_FHIR_SERVER_BASE_URL: "https://dsf.todo.organization.com/fhir" + # TODO specify the SHA-512 thumbprint of the Client-Certificate as lower case HEX (Regex: ^[a-f0-9]{128}$) + # certtool --fingerprint --hash=sha512 --infile=client_certificate.pem + # or simply get it from allowlist management tool + DEV_DSF_FHIR_SERVER_ORGANIZATION_THUMBPRINT: "" + # TODO specify role configuration to allow access to the UI via web-browser or REST API for specific users, see documentation at dsf.dev + DEV_DSF_FHIR_SERVER_ROLECONFIG: | + "" +--- +apiVersion: v1 +kind: Pod +metadata: + name: dsf-app + labels: + app: dsf-app-pod +spec: + restartPolicy: OnFailure + containers: + - name: dsf-app + image: ghcr.io/datasharingframework/fhir:2.1.0 + envFrom: + - configMapRef: + name: dsf-fhir-config + volumeMounts: + - mountPath: /opt/fhir/log + name: fhir-log + - name: db-passwords + mountPath: /run/secrets/db + readOnly: true + - name: client-cert + mountPath: /run/secrets/cert + readOnly: true + + volumes: + - name: fhir-log + hostPath: + path: /home/podman/.local/state/dsf/fhir/log + type: Directory + - name: db-passwords + secret: + secretName: dsf-fhir-passwords + - name: client-cert + configMap: + name: dsf-client-cert diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-backend.network b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-backend.network new file mode 100644 index 000000000..dc672fa89 --- /dev/null +++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-backend.network @@ -0,0 +1,2 @@ +[Network] +NetworkName=dsf-backend \ No newline at end of file diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-client-cert.yaml b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-client-cert.yaml new file mode 100644 index 000000000..edbaad91e --- /dev/null +++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-client-cert.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: dsf-client-cert +data: + client_certificate.pem: | + -----BEGIN CERTIFICATE----- + MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw + ... + -----END CERTIFICATE----- + client_certificate_private_key.pem: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + client_certificate_private_key.pem.password: "dein-passwort" diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-db.kube b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-db.kube new file mode 100644 index 000000000..460405bfa --- /dev/null +++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-db.kube @@ -0,0 +1,13 @@ +[Unit] +Description=DSF FHIR DB +PartOf=dsf-fhir.target + +[Kube] +Yaml=%h/.config/containers/systemd/dsf-db.yaml +Network=dsf-backend.network + +[Service] +Restart=on-failure + +[Install] +WantedBy=dsf-fhir.target diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-db.yaml b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-db.yaml new file mode 100644 index 000000000..69cb365c8 --- /dev/null +++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-db.yaml @@ -0,0 +1,62 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: dsf-db-data + annotations: + volume.podman.io/driver: local + volume.podman.io/gid: "70" + volume.podman.io/uid: "70" + volume.podman.io/mount-options: "uid=70,gid=70,mode=0770" +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi +--- +apiVersion: v1 +kind: Pod +metadata: + labels: + app: dsf-db + name: dsf-db +spec: + containers: + - image: docker.io/library/postgres:18.3-alpine3.23 + name: dsf-db + livenessProbe: + exec: + command: + - pg_isready + - -U + - liquibase_user + - -d + - fhir + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + env: + - name: POSTGRES_DB + value: fhir + - name: POSTGRES_PASSWORD_FILE + value: /run/secrets/db_liquibase.password + - name: POSTGRES_USER + value: liquibase_user + - name: TZ + value: Europe/Berlin + volumeMounts: + - mountPath: /var/lib/postgresql + name: postgres-data-pvc + - name: db-passwords + mountPath: /run/secrets/db_liquibase.password + subPath: db_liquibase.password + readOnly: true + volumes: + - name: postgres-data-pvc + persistentVolumeClaim: + claimName: dsf-db-data + - name: db-passwords + secret: + secretName: dsf-fhir-passwords \ No newline at end of file diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-frontend.network b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-frontend.network new file mode 100644 index 000000000..8bf0a4829 --- /dev/null +++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-frontend.network @@ -0,0 +1,2 @@ +[Network] +NetworkName=dsf-frontend \ No newline at end of file diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-proxy.kube b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-proxy.kube new file mode 100644 index 000000000..d0227e3d8 --- /dev/null +++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-proxy.kube @@ -0,0 +1,16 @@ +[Unit] +Description=DSF FHIR Proxy +PartOf=dsf-fhir.target +After=dsf-app.service + +[Kube] +Yaml=%h/.config/containers/systemd/dsf-proxy.yaml +ConfigMap=%h/.config/containers/systemd/dsf-ssl-cert.yaml +Network=dsf-frontend.network +Network=dsf-backend.network + +[Service] +Restart=on-failure + +[Install] +WantedBy=dsf-fhir.target \ No newline at end of file diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-proxy.yaml b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-proxy.yaml new file mode 100644 index 000000000..1e7bad633 --- /dev/null +++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-proxy.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: v1 +kind: Pod +metadata: + name: dsf-proxy + labels: + app: dsf-proxy +spec: + restartPolicy: OnFailure + securityContext: + sysctls: + - name: net.ipv4.ip_unprivileged_port_start + value: "80" + containers: + - name: dsf-proxy + image: ghcr.io/datasharingframework/fhir_proxy:2.1.0 + env: + - name: TZ + value: Europe/Berlin + - name: APP_SERVER_IP + value: dsf-app + - name: HTTPS_SERVER_NAME_PORT + value: "dsf.todo.organization.com:443" + - name: SSL_CERTIFICATE_FILE + value: /run/secrets/ssl_certificate_file.pem + - name: SSL_CERTIFICATE_KEY_FILE + value: /run/secrets/ssl_certificate_key_file.pem + - name: SSL_CERTIFICATE_CHAIN_FILE + value: /run/secrets/ssl_certificate_chain_file.pem + ports: + - containerPort: 443 + hostPort: 443 + volumeMounts: + - name: ssl-cert + mountPath: /run/secrets + readOnly: true + volumes: + - name: ssl-cert + configMap: + name: dsf-ssl-cert diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-ssl-cert.yaml b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-ssl-cert.yaml new file mode 100644 index 000000000..0c0500497 --- /dev/null +++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-ssl-cert.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: dsf-ssl-cert +data: + ssl_certificate_file.pem: | + -----BEGIN CERTIFICATE----- + MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw + ... + -----END CERTIFICATE----- + ssl_certificate_chain_file.pem: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + ssl_certificate_key_file.pem: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- From 11815c84193e9c8b4029cba2eacd73de94e15b7f Mon Sep 17 00:00:00 2001 From: Filiz Kluba Date: Wed, 20 May 2026 11:41:26 +0200 Subject: [PATCH 3/4] chore(fix-dev): update postgres version for podman-dev-setup --- dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.yaml | 2 +- dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-db.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.yaml b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.yaml index a11fb68f3..8a0fe07eb 100644 --- a/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.yaml +++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.yaml @@ -25,7 +25,7 @@ spec: restartPolicy: OnFailure containers: - name: dsf-bpe-db - image: docker.io/library/postgres:18.3-alpine3.23 + image: docker.io/library/postgres:18.4-alpine3.23 env: - name: TZ value: Europe/Berlin diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-db.yaml b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-db.yaml index 69cb365c8..35030b000 100644 --- a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-db.yaml +++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-db.yaml @@ -23,7 +23,7 @@ metadata: name: dsf-db spec: containers: - - image: docker.io/library/postgres:18.3-alpine3.23 + - image: docker.io/library/postgres:18.4-alpine3.23 name: dsf-db livenessProbe: exec: From 08cc4159b441af39a94a4bd667b48ded02c92692 Mon Sep 17 00:00:00 2001 From: Filiz Kluba Date: Wed, 20 May 2026 11:53:38 +0200 Subject: [PATCH 4/4] chore(dev-setup): remove log bind-mount on dev-quadlet - is already managed by the journalctl --- dsf-dev-setups/dsf-podman-dev-setup/README.md | 12 ------------ .../dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.yaml | 6 ------ .../dsf-podman-dev-setup/dsf-fhir/dsf-app.yaml | 6 ------ 3 files changed, 24 deletions(-) diff --git a/dsf-dev-setups/dsf-podman-dev-setup/README.md b/dsf-dev-setups/dsf-podman-dev-setup/README.md index 835c4311a..41bca1b09 100644 --- a/dsf-dev-setups/dsf-podman-dev-setup/README.md +++ b/dsf-dev-setups/dsf-podman-dev-setup/README.md @@ -102,11 +102,6 @@ podman quadlet install ./dsf-fhir # Install systemd target install -m 640 ./dsf-fhir.target ~/.config/systemd/user/dsf-fhir.target - -# Create log directory with correct permissions -mkdir -p ~/.local/state/dsf/fhir/log -podman unshare chown root:2101 ~/.local/state/dsf/fhir/log -podman unshare chmod 770 ~/.local/state/dsf/fhir/log ``` ### Configuration @@ -191,11 +186,6 @@ podman quadlet install ./dsf-bpe # Install systemd target install -m 640 ./dsf-bpe.target ~/.config/systemd/user/dsf-bpe.target -# Create log directory with correct permissions -mkdir -p ~/.local/state/dsf/bpe/log -podman unshare chown root:2202 ~/.local/state/dsf/bpe/log -podman unshare chmod 770 ~/.local/state/dsf/bpe/log - # Create process plugin directory mkdir -p ~/.config/dsf-bpe/process podman unshare chown root:2202 ~/.config/dsf-bpe/process @@ -286,8 +276,6 @@ The Kubernetes YAML files under `dsf-fhir` and `dsf-bpe` can be used as a starti - Add `namespace` to each resource - Replace ConfigMap-based private keys with proper `kind: Secret` resources -- Replace `hostPath` volumes with appropriate `PersistentVolumeClaim` resources - For this we need a different solution for managing logs then the log-directory. - Replace `hostPort` with a proper `Service` of type `LoadBalancer` or `NodePort` - Consider a sidecar or init container approach for process plugins - Instead of deploying plugins as jar files via bind-mount, publish them as OCI images and mount them into the container. diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.yaml b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.yaml index c73a33514..062eed9b9 100644 --- a/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.yaml +++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.yaml @@ -53,18 +53,12 @@ spec: - name: client-cert mountPath: /run/secrets/cert readOnly: true - - name: bpe-log - mountPath: /opt/bpe/log - name: bpe-process mountPath: /opt/bpe/process readOnly: true - name: bpe-cache mountPath: /opt/bpe/cache volumes: - - name: bpe-log - hostPath: - path: /home/podman/.local/state/dsf/bpe/log - type: Directory - name: bpe-process hostPath: path: /home/podman/.config/dsf-bpe/process diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-app.yaml b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-app.yaml index c2d1947e3..3cdb46e8c 100644 --- a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-app.yaml +++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-app.yaml @@ -38,8 +38,6 @@ spec: - configMapRef: name: dsf-fhir-config volumeMounts: - - mountPath: /opt/fhir/log - name: fhir-log - name: db-passwords mountPath: /run/secrets/db readOnly: true @@ -48,10 +46,6 @@ spec: readOnly: true volumes: - - name: fhir-log - hostPath: - path: /home/podman/.local/state/dsf/fhir/log - type: Directory - name: db-passwords secret: secretName: dsf-fhir-passwords