From 2cf87aa16b13ea4beb769c478080092f8b0e8ca7 Mon Sep 17 00:00:00 2001 From: 456130 <456130@mail.muni.cz> Date: Tue, 11 Jun 2019 23:18:21 +0200 Subject: [PATCH] init --- builds/SAML-K8S/Dockerfile | 65 +++++ builds/SAML-K8S/README.md | 14 ++ builds/SAML-K8S/before_build.sh | 4 + builds/SAML-K8S/helper.sh | 92 +++++++ ...http_cbiood.edirex.ics.muni.cz_mellon.cert | 18 ++ .../http_cbiood.edirex.ics.muni.cz_mellon.key | 28 +++ .../http_cbiood.edirex.ics.muni.cz_mellon.xml | 28 +++ builds/SAML-K8S/idp-metadata.xml | 55 +++++ builds/SAML-K8S/mellon.conf | 3 + builds/SAML-K8S/proxy.conf | 25 ++ builds/SAML-K8S/start.sh | 25 ++ builds/SAML-K8S/supervisord.conf | 24 ++ builds/cbioapp/Dockerfile | 45 ++++ builds/cbioapp/context.xml | 37 +++ builds/cbioapp/log4j.properties | 19 ++ builds/cbioapp/logo_EurOPDX.png | Bin 0 -> 10869 bytes builds/cbioapp/portal.properties | 218 ++++++++++++++++ builds/cbioapp/settings.xml | 10 + builds/cbioapp/start.sh | 8 + builds/cbiodb/.gitlab-ci.yml | 28 +++ builds/cbiodb/Dockerfile | 24 ++ builds/cbiodb/README.md | 1 + builds/cbiodb/env/.env | 5 + builds/cbiodb/files/init_db | 51 ++++ builds/cbiodb/files/run_db | 10 + builds/cbiodb/mysql/conf/mysql.conf | 57 +++++ .../docker-entrypoint-initdb.d/.gitignore | 4 + builds/job/Dockerfile | 4 + yaml/cbio-api/api-deployment.yml | 47 ++++ yaml/cbio-api/api-service.yml | 17 ++ yaml/cbio-api/identifier.yml | 7 + yaml/cbio-api/registerIdentifier.yml | 14 ++ yaml/cbio-app/cbio-replicaset.yml | 52 ++++ yaml/cbio-app/cbio-service.yml | 25 ++ yaml/cbio-db/cbiodb-replicaset.yml | 71 ++++++ yaml/cbio-db/cbiodb-service.yml | 25 ++ yaml/cbio-db/config.yml | 29 +++ yaml/cbio-db/secret.yml | 8 + yaml/cbio-delete/deletecronjob.yml | 34 +++ yaml/cbio-on-demand-namespace.yml | 4 + yaml/cbio-security/security.yml | 54 ++++ yaml/cbio-security/service-api.yml | 17 ++ yaml/cbio-security/service-proxy.yml | 17 ++ yaml/complete/bind.yml | 30 +++ yaml/complete/cbio-setup.yml | 233 ++++++++++++++++++ yaml/complete/cbiood.crt | 22 ++ yaml/complete/ingress-api.yml | 13 + yaml/complete/ingress-proxy.yml | 14 ++ yaml/complete/role.yml | 8 + yaml/complete/serviceAccount.yml | 5 + 50 files changed, 1648 insertions(+) create mode 100644 builds/SAML-K8S/Dockerfile create mode 100644 builds/SAML-K8S/README.md create mode 100755 builds/SAML-K8S/before_build.sh create mode 100755 builds/SAML-K8S/helper.sh create mode 100644 builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.cert create mode 100644 builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.key create mode 100644 builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.xml create mode 100644 builds/SAML-K8S/idp-metadata.xml create mode 100644 builds/SAML-K8S/mellon.conf create mode 100644 builds/SAML-K8S/proxy.conf create mode 100644 builds/SAML-K8S/start.sh create mode 100644 builds/SAML-K8S/supervisord.conf create mode 100644 builds/cbioapp/Dockerfile create mode 100644 builds/cbioapp/context.xml create mode 100644 builds/cbioapp/log4j.properties create mode 100644 builds/cbioapp/logo_EurOPDX.png create mode 100644 builds/cbioapp/portal.properties create mode 100644 builds/cbioapp/settings.xml create mode 100644 builds/cbioapp/start.sh create mode 100644 builds/cbiodb/.gitlab-ci.yml create mode 100644 builds/cbiodb/Dockerfile create mode 100644 builds/cbiodb/README.md create mode 100644 builds/cbiodb/env/.env create mode 100644 builds/cbiodb/files/init_db create mode 100644 builds/cbiodb/files/run_db create mode 100644 builds/cbiodb/mysql/conf/mysql.conf create mode 100644 builds/cbiodb/mysql/docker-entrypoint-initdb.d/.gitignore create mode 100644 builds/job/Dockerfile create mode 100644 yaml/cbio-api/api-deployment.yml create mode 100644 yaml/cbio-api/api-service.yml create mode 100644 yaml/cbio-api/identifier.yml create mode 100644 yaml/cbio-api/registerIdentifier.yml create mode 100644 yaml/cbio-app/cbio-replicaset.yml create mode 100644 yaml/cbio-app/cbio-service.yml create mode 100644 yaml/cbio-db/cbiodb-replicaset.yml create mode 100644 yaml/cbio-db/cbiodb-service.yml create mode 100644 yaml/cbio-db/config.yml create mode 100644 yaml/cbio-db/secret.yml create mode 100644 yaml/cbio-delete/deletecronjob.yml create mode 100644 yaml/cbio-on-demand-namespace.yml create mode 100644 yaml/cbio-security/security.yml create mode 100644 yaml/cbio-security/service-api.yml create mode 100644 yaml/cbio-security/service-proxy.yml create mode 100644 yaml/complete/bind.yml create mode 100644 yaml/complete/cbio-setup.yml create mode 100644 yaml/complete/cbiood.crt create mode 100644 yaml/complete/ingress-api.yml create mode 100644 yaml/complete/ingress-proxy.yml create mode 100644 yaml/complete/role.yml create mode 100644 yaml/complete/serviceAccount.yml diff --git a/builds/SAML-K8S/Dockerfile b/builds/SAML-K8S/Dockerfile new file mode 100644 index 0000000..70b99c8 --- /dev/null +++ b/builds/SAML-K8S/Dockerfile @@ -0,0 +1,65 @@ +FROM ubuntu:18.04 + +LABEL maintainer="456130@mail.muni.cz" + +# apache2 and mellon module installation +RUN apt-get update &&\ + apt-get install -y apache2 &&\ + apt-get install -y libapache2-mod-auth-mellon &&\ + apt-get clean + +RUN ln -sf /proc/self/fd/1 /var/log/apache2/access.log && \ + ln -sf /proc/self/fd/2 /var/log/apache2/error.log + +COPY ./proxy.conf /etc/apache2/sites-available/proxy.conf +COPY ./http_cbiood.edirex.ics.muni.cz_mellon.key \ + ./http_cbiood.edirex.ics.muni.cz_mellon.cert \ + /etc/apache2/mellon/ +COPY mellon.conf mellon.conf +COPY start.sh start.sh +COPY idp-metadata.xml idp-metadata.xml +COPY http_cbiood.edirex.ics.muni.cz_mellon.xml /sp-metadata.xml + + +RUN rm -rf /etc/apache2/sites-enabled/* + +RUN a2enmod proxy && \ + a2enmod proxy_http && \ + a2enmod rewrite && \ + a2enmod ssl && \ + a2enmod headers && \ + a2ensite proxy.conf && \ + mkdir /etc/apache2/ssl &&\ + mkdir /etc/apache2/sites-enabled/routes + + + +ENV TZ=Europe/Prague + +RUN chmod +x start.sh + +EXPOSE 80 + +#Flask +RUN apt-get install -y python3 && \ + apt-get install -y python3-pip && \ + pip3 install Flask + +ENV LC_ALL=C.UTF-8 \ + LANG=C.UTF-8 \ + FLASK_APP=/secure-routing/app/app.py + + +COPY ./secure-routing /secure-routing +COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf + +RUN mkdir -p /var/log/supervisor + +#supervisor +RUN apt-get update && \ + apt-get install -y supervisor && \ + apt-get clean + +EXPOSE 5000 + +CMD [ "/start.sh" ] diff --git a/builds/SAML-K8S/README.md b/builds/SAML-K8S/README.md new file mode 100644 index 0000000..ca57ff3 --- /dev/null +++ b/builds/SAML-K8S/README.md @@ -0,0 +1,14 @@ +# APACHE SAML Configuration + + +# Build +command: + docker build -t <repo>/<image-name>:<tag> +example: + docker build -t lpivo/k8s-saml:t1 . + docker build --build-arg SOURCE=/mylocation/secure-routing \ + -t lpivo/k8s-saml:t1 . +args: + SOURCE -> location of python app source code + -> default=./secure-routing + diff --git a/builds/SAML-K8S/before_build.sh b/builds/SAML-K8S/before_build.sh new file mode 100755 index 0000000..2d8a993 --- /dev/null +++ b/builds/SAML-K8S/before_build.sh @@ -0,0 +1,4 @@ +#!/bin/sh +#Run if you dont have sp metadata which are registered on idp +#create metadata +./helper.sh "http://cbiood.edirex.ics.muni.cz/mellon" "http://cbiood.edirex.ics.muni.cz/mellon" diff --git a/builds/SAML-K8S/helper.sh b/builds/SAML-K8S/helper.sh new file mode 100755 index 0000000..fe02979 --- /dev/null +++ b/builds/SAML-K8S/helper.sh @@ -0,0 +1,92 @@ +#!/usr/bin/env bash +set -e + +PROG="$(basename "$0")" + +printUsage() { + echo "Usage: $PROG ENTITY-ID ENDPOINT-URL" + echo "" + echo "Example:" + echo " $PROG urn:someservice https://sp.example.org/mellon" + echo "" +} + +if [ "$#" -lt 2 ]; then + printUsage + exit 1 +fi + +ENTITYID="$1" +if [ -z "$ENTITYID" ]; then + echo "$PROG: An entity ID is required." >&2 + exit 1 +fi + +BASEURL="$2" +if [ -z "$BASEURL" ]; then + echo "$PROG: The URL to the MellonEndpointPath is required." >&2 + exit 1 +fi + +if ! echo "$BASEURL" | grep -q '^https\?://'; then + echo "$PROG: The URL must start with \"http://\" or \"https://\"." >&2 + exit 1 +fi + +HOST="$(echo "$BASEURL" | sed 's#^[a-z]*://\([^:/]*\).*#\1#')" +BASEURL="$(echo "$BASEURL" | sed 's#/$##')" + +OUTFILE="$(echo "$ENTITYID" | sed 's/[^0-9A-Za-z.]/_/g' | sed 's/__*/_/g')" +echo "Output files:" +echo "Private key: $OUTFILE.key" +echo "Certificate: $OUTFILE.cert" +echo "Metadata: $OUTFILE.xml" +echo "Host: $HOST" +echo +echo "Endpoints:" +echo "SingleLogoutService: $BASEURL/logout" +echo "AssertionConsumerService: $BASEURL/postResponse" +echo + +# No files should not be readable by the rest of the world. +umask 0077 + +TEMPLATEFILE="$(mktemp -t mellon_create_sp.XXXXXXXXXX)" + +cat >"$TEMPLATEFILE" <<EOF +RANDFILE = /dev/urandom +[req] +default_bits = 2048 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +prompt = no +policy = policy_anything +[req_distinguished_name] +commonName = $HOST +EOF + +openssl req -utf8 -batch -config "$TEMPLATEFILE" -new -x509 -days 3652 -nodes -out "$OUTFILE.cert" -keyout "$OUTFILE.key" 2>/dev/null + +rm -f "$TEMPLATEFILE" + +CERT="$(grep -v '^-----' "$OUTFILE.cert")" + +cat >"$OUTFILE.xml" <<EOF +<EntityDescriptor entityID="$ENTITYID" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> + <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <KeyDescriptor use="signing"> + <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> + <ds:X509Data> + <ds:X509Certificate>$CERT</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </KeyDescriptor> + <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="$BASEURL/logout"/> + <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="$BASEURL/postResponse" index="0"/> + </SPSSODescriptor> +</EntityDescriptor> +EOF + +umask 0777 +chmod go+r "$OUTFILE.xml" +chmod go+r "$OUTFILE.cert" diff --git a/builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.cert b/builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.cert new file mode 100644 index 0000000..ab52fd5 --- /dev/null +++ b/builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.cert @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzzCCAbcCFBT9Z4ukaoX5prNGPZ526Sdxc95vMA0GCSqGSIb3DQEBCwUAMCQx +IjAgBgNVBAMMGWNiaW9vZC5lZGlyZXguaWNzLm11bmkuY3owHhcNMTkwNDE3MDkz +MjIwWhcNMjkwNDE2MDkzMjIwWjAkMSIwIAYDVQQDDBljYmlvb2QuZWRpcmV4Lmlj +cy5tdW5pLmN6MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3NQgk74l +XyXwwdH5/mF6hQPbVNmuIkAI8c4JVsZcXzpzObhL+89y2XROteLvxqVSmCXH7x9h +dwhaLzKCWQiUTNIXauimQHfRtyUGPisxcNzYf/sV3ecB/J9/ug5wtnfqAf8UWHB7 +QeTBGBgSgUlTZ7S4r5CB4sReFKtJuiiK1F9OUpDe2RInbZMuEiTgqkX1o6J0ABZA +8xoW2XMxMoxI6mcI8sXlI2KJa351eWfS9cJ+m8RZEFT5DLF1kqeckah1tsdYxAD8 +SB1B2yV256baJjpgQEfXYDchLTh49HD2sEom5hKwuTWiB26wGTGTsr8a75jous7M +nz/wg3GlzDd/AQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQDTCSD2ipchyE4xHvTJ +X12T15QLKrvvPnNZM2/LF2nAhR+JRjBKgHbMnuDWu6quwQ+uJiKASaM+hi+9XJqh +SQZjvmUAvTzqUncjQ170bqfip5+JmUPYj0PIwD58Xnb28nXDOmQ4XxvP2i4YEdwW +coUto0qkLusqz/ZPU8qQmPL18XB8zgewzgVbRBESy1lUtJSr53AwMjGstlqx4dMx +DBSyGA2GO6dkVSqto9kBZ7s87kxxNCrA/tQZmB5km3CZwEyx6hCKyJqQw+Huh+Ex +TO9R3dX2NRDztD8ZMQks+Uf6PfV/lqOpciHOE2FuiK8cceWzJgEueI6l6AXTxcnR +pcO5 +-----END CERTIFICATE----- diff --git a/builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.key b/builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.key new file mode 100644 index 0000000..6482e0a --- /dev/null +++ b/builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc1CCTviVfJfDB +0fn+YXqFA9tU2a4iQAjxzglWxlxfOnM5uEv7z3LZdE614u/GpVKYJcfvH2F3CFov +MoJZCJRM0hdq6KZAd9G3JQY+KzFw3Nh/+xXd5wH8n3+6DnC2d+oB/xRYcHtB5MEY +GBKBSVNntLivkIHixF4Uq0m6KIrUX05SkN7ZEidtky4SJOCqRfWjonQAFkDzGhbZ +czEyjEjqZwjyxeUjYolrfnV5Z9L1wn6bxFkQVPkMsXWSp5yRqHW2x1jEAPxIHUHb +JXbnptomOmBAR9dgNyEtOHj0cPawSibmErC5NaIHbrAZMZOyvxrvmOi6zsyfP/CD +caXMN38BAgMBAAECggEAW8kv4Tjff7TdZTJJnpoVusPnnlT8M/A5x4fECfVY35wD +2LHpoziOnCPjs2YoE4ET23mYqKN6d2dZVNTBqRAP0/5fDWi18YXb/Su+dIivfCHP +OyK57AngoYgKJuNppe4hrcLASiI2mSTjvYgD6Qj5SdmsCg0eb4r/L8giVOYVDj/o +4jm4x7GNTyRN20P4h+tfum3kYHjvmDrL6RWunaChR6+Y33JGO7pW/q6uhonZCUxX +vUqkZ/UKuMRa43lFWWo2QHt2f0ELRjtZwFA9LSqBnf6rZ/p7dubN7g5+l57PScAT +4vWYsC5JLT8OM989w4urvVae4jrN3DafOg13qnV6IQKBgQD8lf4psasvIfE6isAL +uh3nRLV7cpU1YFfZM17j2lleXlHmqu+9oXK5oCtAXoXLvh4N33F5BskXOByKwAMP ++0XDdM7rhVqQdyOe/WYObcCQqCMeuj+XxGyhwRoXjTX3yzwZN9oGAlIhRvGsaLnc +3dANzsVKVVMDuzR+BfLNEW/UIwKBgQDf0D8mhHUh8Mu01HCZlOwQHuRCxje9mNN+ +fuTJ977X0tJw2z3t74yLN5x2Y/U0OQUxHXBBhqNjsWeMF9kFAZn1mMqTCVlo0NZz +UNXC3wZAY//cVtY4E8M8Fl4q6bLF+byAYdIoSrWNkznElTM0425EwSvE9SS4qQ8G +Ebad3JBwiwKBgQDu3YYLtfp2SzoOq9JsBKls4RxjTvvuC1toi10sS3yCct4vLu4j +vf95rg/ZAsqy3+saIXn1A0a+T5EmYelDftP9wIRCVM1Nm22zWF3gPUiDRI5Z67Zh +9x7oZW4gYals2eTO0HO9hQpYb/fynONQDPBJboZDAqfL+ojsuQFhjyDbUwKBgFqO +sw6Np6ss9+9ZyZmKtR0ssqUF+MXBEUnsY/wIPvKqfbVmMB+WvmISBT+t4CfaLmya +AbKxnGiY/lGj0I6DAF1sDgMCVGfhn/OWsHchsDDbhUoM5K5Z6LPmRQHN/yS1kHzN +l6/v0pfPCx+sUsTChPpSwrf1jH8fAFIvVpl3BgZTAoGATZbsq6cX3lbq0EFnLY/G +nhTXoyrywxrnhMUfhhxuSBY7ENFrjf/p5lXum3UuY730ss2nKHkfzZHne0+r9D1/ +Y1wPE/4HYyJ5p3Z45fOwoEz0Ik9hNrzs0mVRaCni7ZyVso+iavJIAu4jTYaxjYfp +2l5/pzZ5owWLz0OZk1BAYUA= +-----END PRIVATE KEY----- diff --git a/builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.xml b/builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.xml new file mode 100644 index 0000000..64daa78 --- /dev/null +++ b/builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.xml @@ -0,0 +1,28 @@ +<EntityDescriptor entityID="http://cbiood.edirex.ics.muni.cz/mellon" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> + <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <KeyDescriptor use="signing"> + <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> + <ds:X509Data> + <ds:X509Certificate>MIICzzCCAbcCFBT9Z4ukaoX5prNGPZ526Sdxc95vMA0GCSqGSIb3DQEBCwUAMCQx +IjAgBgNVBAMMGWNiaW9vZC5lZGlyZXguaWNzLm11bmkuY3owHhcNMTkwNDE3MDkz +MjIwWhcNMjkwNDE2MDkzMjIwWjAkMSIwIAYDVQQDDBljYmlvb2QuZWRpcmV4Lmlj +cy5tdW5pLmN6MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3NQgk74l +XyXwwdH5/mF6hQPbVNmuIkAI8c4JVsZcXzpzObhL+89y2XROteLvxqVSmCXH7x9h +dwhaLzKCWQiUTNIXauimQHfRtyUGPisxcNzYf/sV3ecB/J9/ug5wtnfqAf8UWHB7 +QeTBGBgSgUlTZ7S4r5CB4sReFKtJuiiK1F9OUpDe2RInbZMuEiTgqkX1o6J0ABZA +8xoW2XMxMoxI6mcI8sXlI2KJa351eWfS9cJ+m8RZEFT5DLF1kqeckah1tsdYxAD8 +SB1B2yV256baJjpgQEfXYDchLTh49HD2sEom5hKwuTWiB26wGTGTsr8a75jous7M +nz/wg3GlzDd/AQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQDTCSD2ipchyE4xHvTJ +X12T15QLKrvvPnNZM2/LF2nAhR+JRjBKgHbMnuDWu6quwQ+uJiKASaM+hi+9XJqh +SQZjvmUAvTzqUncjQ170bqfip5+JmUPYj0PIwD58Xnb28nXDOmQ4XxvP2i4YEdwW +coUto0qkLusqz/ZPU8qQmPL18XB8zgewzgVbRBESy1lUtJSr53AwMjGstlqx4dMx +DBSyGA2GO6dkVSqto9kBZ7s87kxxNCrA/tQZmB5km3CZwEyx6hCKyJqQw+Huh+Ex +TO9R3dX2NRDztD8ZMQks+Uf6PfV/lqOpciHOE2FuiK8cceWzJgEueI6l6AXTxcnR +pcO5</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </KeyDescriptor> + <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://cbiood.edirex.ics.muni.cz/mellon/logout"/> + <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://cbiood.edirex.ics.muni.cz/mellon/postResponse" index="0"/> + </SPSSODescriptor> +</EntityDescriptor> diff --git a/builds/SAML-K8S/idp-metadata.xml b/builds/SAML-K8S/idp-metadata.xml new file mode 100644 index 0000000..a18d65b --- /dev/null +++ b/builds/SAML-K8S/idp-metadata.xml @@ -0,0 +1,55 @@ +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" + xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + entityID="https://login.europdx.eu/idp/"> + <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <md:Extensions> + <shibmd:Scope regexp="false">europdx.eu</shibmd:Scope> + <mdui:UIInfo><mdui:DisplayName xml:lang="en">EuroPDX research infrastructure AAI</mdui:DisplayName> + <mdui:Description xml:lang="en"> + This service is identity provider for EuroPDX community. + </mdui:Description> + <mdui:InformationURL xml:lang="en">https://europdx.eu</mdui:InformationURL> + <mdui:PrivacyStatementURL xml:lang="en">https://TBA</mdui:PrivacyStatementURL> + <mdui:Keywords xml:lang="en">EuroPDX proxy biology life sciences</mdui:Keywords> + <mdui:Logo width="96" height="96"> + https://login.elixir-czech.org/media/elixir-96x96.jpg + </mdui:Logo> + </mdui:UIInfo> + </md:Extensions> + <md:KeyDescriptor use="signing"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate> + MIIEUTCCAzmgAwIBAgIJALuWjo0j1/fcMA0GCSqGSIb3DQEBCwUAMIG+MQswCQYDVQQGEwJDWjEQMA4GA1UECAwHTW9yYXZpYTENMAsGA1UEBwwEQnJubzEbMBkGA1UECgwSTWFzYXJ5ayBVbml2ZXJzaXR5MSYwJAYDVQQLDB1JbnN0aXR1dGUgb2YgQ29tcHV0ZXIgU2NpZW5jZTEbMBkGA1UEAwwSKi5lbGl4aXItY3plY2gub3JnMSwwKgYJKoZIhvcNAQkBFh1hYWktY29udGFjdEBlbGl4aXItZXVyb3BlLm9yZzAeFw0xNjA4MTAwODA5MTNaFw0yNjA4MDgwODA5MTNaMIG+MQswCQYDVQQGEwJDWjEQMA4GA1UECAwHTW9yYXZpYTENMAsGA1UEBwwEQnJubzEbMBkGA1UECgwSTWFzYXJ5ayBVbml2ZXJzaXR5MSYwJAYDVQQLDB1JbnN0aXR1dGUgb2YgQ29tcHV0ZXIgU2NpZW5jZTEbMBkGA1UEAwwSKi5lbGl4aXItY3plY2gub3JnMSwwKgYJKoZIhvcNAQkBFh1hYWktY29udGFjdEBlbGl4aXItZXVyb3BlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvZy0XHUJ/NW/ffIuSMzcpWJp+6gL3OXhl7oG8MPZHe1JmzgBrxQ9sLzFhRl34NVfSA8flN+nKbcekp8jpeoTY/hnr/IWIWNDYfg3xLCQxCSoN/QiSqrr8FizSam8IT2vTu+BUvnCngrwia/upGCHb7hivsEDfTroQcAEPDe/S9uVWCvv5ERGwfBKgH3+06xjrdGVpFNzoy+9m+/ZLkdqmPHVc6E87o2hy0jLrV+g55nCxwJ79Z5LTLPcn2WHkg0nWoh1BITYoyfg503OpUL1ja+IL7FlofIb0s6YfV0a1duSrwc7nG/V7KFjrWJS5RCh74SfWTaGiSN5XcqdwJsgECAwEAAaNQME4wHQYDVR0OBBYEFN/3g/caCmGJG1w+35mgGhAzryLnMB8GA1UdIwQYMBaAFN/3g/caCmGJG1w+35mgGhAzryLnMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAGlWHgjzeZ7VLn7ajPRr36aK/oXTOTetvzI7XcepAhDB/8suLabq55rV6ydtmuzA18ZJ/cdcb+LoIp/rqyY24siGYrNjwbjTgz9ai3legz5lFq7qnjYuAbGhc2OX4uJmzk/+jL5npKuMxkQSjgSqscYoBXsbNyJ/ou7PTXmalGkbFsr2ch0q1/McWSpDLAVzWTf1yZ85h3UYdxRyK0Evt4MWHYJ3DITK7xELYqNDg/Nrlr9So1sojSd1QIJ2yvOl8l9McMWlDwd31rPdNiT589F/UrryPEG2Xiapo75DgSyshNUOYxHKub4FYvDAZLjStjcmvhzeZo1v35jqLINp/bg= + </ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:KeyDescriptor use="encryption"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate> + MIIEUTCCAzmgAwIBAgIJALuWjo0j1/fcMA0GCSqGSIb3DQEBCwUAMIG+MQswCQYDVQQGEwJDWjEQMA4GA1UECAwHTW9yYXZpYTENMAsGA1UEBwwEQnJubzEbMBkGA1UECgwSTWFzYXJ5ayBVbml2ZXJzaXR5MSYwJAYDVQQLDB1JbnN0aXR1dGUgb2YgQ29tcHV0ZXIgU2NpZW5jZTEbMBkGA1UEAwwSKi5lbGl4aXItY3plY2gub3JnMSwwKgYJKoZIhvcNAQkBFh1hYWktY29udGFjdEBlbGl4aXItZXVyb3BlLm9yZzAeFw0xNjA4MTAwODA5MTNaFw0yNjA4MDgwODA5MTNaMIG+MQswCQYDVQQGEwJDWjEQMA4GA1UECAwHTW9yYXZpYTENMAsGA1UEBwwEQnJubzEbMBkGA1UECgwSTWFzYXJ5ayBVbml2ZXJzaXR5MSYwJAYDVQQLDB1JbnN0aXR1dGUgb2YgQ29tcHV0ZXIgU2NpZW5jZTEbMBkGA1UEAwwSKi5lbGl4aXItY3plY2gub3JnMSwwKgYJKoZIhvcNAQkBFh1hYWktY29udGFjdEBlbGl4aXItZXVyb3BlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvZy0XHUJ/NW/ffIuSMzcpWJp+6gL3OXhl7oG8MPZHe1JmzgBrxQ9sLzFhRl34NVfSA8flN+nKbcekp8jpeoTY/hnr/IWIWNDYfg3xLCQxCSoN/QiSqrr8FizSam8IT2vTu+BUvnCngrwia/upGCHb7hivsEDfTroQcAEPDe/S9uVWCvv5ERGwfBKgH3+06xjrdGVpFNzoy+9m+/ZLkdqmPHVc6E87o2hy0jLrV+g55nCxwJ79Z5LTLPcn2WHkg0nWoh1BITYoyfg503OpUL1ja+IL7FlofIb0s6YfV0a1duSrwc7nG/V7KFjrWJS5RCh74SfWTaGiSN5XcqdwJsgECAwEAAaNQME4wHQYDVR0OBBYEFN/3g/caCmGJG1w+35mgGhAzryLnMB8GA1UdIwQYMBaAFN/3g/caCmGJG1w+35mgGhAzryLnMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAGlWHgjzeZ7VLn7ajPRr36aK/oXTOTetvzI7XcepAhDB/8suLabq55rV6ydtmuzA18ZJ/cdcb+LoIp/rqyY24siGYrNjwbjTgz9ai3legz5lFq7qnjYuAbGhc2OX4uJmzk/+jL5npKuMxkQSjgSqscYoBXsbNyJ/ou7PTXmalGkbFsr2ch0q1/McWSpDLAVzWTf1yZ85h3UYdxRyK0Evt4MWHYJ3DITK7xELYqNDg/Nrlr9So1sojSd1QIJ2yvOl8l9McMWlDwd31rPdNiT589F/UrryPEG2Xiapo75DgSyshNUOYxHKub4FYvDAZLjStjcmvhzeZo1v35jqLINp/bg= + </ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.europdx.eu/proxy/saml2/idp/SingleLogoutService.php"/> + <md:NameIDFormat> + urn:oasis:names:tc:SAML:2.0:nameid-format:persistent + </md:NameIDFormat> + <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.europdx.eu/proxy/saml2/idp/SSOService.php"/> +</md:IDPSSODescriptor> +<md:Organization> + <md:OrganizationName xml:lang="en">EuroPDX</md:OrganizationName> + <md:OrganizationDisplayName xml:lang="en">EuroPDX</md:OrganizationDisplayName> + <md:OrganizationURL xml:lang="en">https://europdx.eu</md:OrganizationURL> +</md:Organization> +<md:ContactPerson contactType="technical"> + <md:GivenName>EuroPDX</md:GivenName> + <md:SurName>AAI</md:SurName> + <md:EmailAddress>vyskocilpavel@muni.cz</md:EmailAddress> +</md:ContactPerson> +</md:EntityDescriptor> diff --git a/builds/SAML-K8S/mellon.conf b/builds/SAML-K8S/mellon.conf new file mode 100644 index 0000000..d56a641 --- /dev/null +++ b/builds/SAML-K8S/mellon.conf @@ -0,0 +1,3 @@ +AuthType Mellon +MellonEnable auth +Require valid-user diff --git a/builds/SAML-K8S/proxy.conf b/builds/SAML-K8S/proxy.conf new file mode 100644 index 0000000..c7de943 --- /dev/null +++ b/builds/SAML-K8S/proxy.conf @@ -0,0 +1,25 @@ +include /etc/apache2/fqdn.conf +<VirtualHost *:80> + ServerName ${SERVERNAME} + ServerAdmin ${EMAILADMIN} + + ErrorLog "/var/log/apache2/error.log" + CustomLog "/var/log/apache2/access.log" common + TransferLog "/var/log/apache2/access.log" + + ProxyPreserveHost On + <Location / > + MellonSPPrivateKeyFile /etc/apache2/mellon/sp_key.pem + MellonSPCertFile /etc/apache2/mellon/sp_cert.pem + MellonSPMetadataFile /etc/apache2/mellon/sp-metadata.xml + MellonIdPMetadataFile /etc/apache2/mellon/idp-metadata.xml + + # Mapping of attribute names to something readable + MellonSetEnv "name" "urn:oid:2.16.840.1.113730.3.1.241" + MellonSetEnv "mail" "urn:oid:0.9.2342.19200300.100.1.3" + MellonSetEnv "eppn" "urn:oid:1.3.6.1.4.1.5923.1.1.1.6" + MellonSetEnv "entitlement" "urn:oid:1.3.6.1.4.1.5923.1.1.1.7" + MellonSetEnv "eduPersonUniqueId" "urn:oid:1.3.6.1.4.1.5923.1.1.1.13" + </Location> + IncludeOptional /etc/apache2/sites-enabled/routes/*.conf +</Virtualhost> diff --git a/builds/SAML-K8S/start.sh b/builds/SAML-K8S/start.sh new file mode 100644 index 0000000..d06b155 --- /dev/null +++ b/builds/SAML-K8S/start.sh @@ -0,0 +1,25 @@ +#!/bin/sh +mellon=/etc/apache2/mellon +mellonconf=/etc/apache2/sites-enabled/mellon/ + +cd /$mellon + +# move mellon metadata +mv /sp-metadata.xml /${mellon}/sp-metadata.xml +mv /idp-metadata.xml $mellon +mv ${mellon}/*.cert ${mellon}/sp_cert.pem +mv ${mellon}/*.key ${mellon}/sp_key.pem + +# mellon conf +mkdir $mellonconf +mv /mellon.conf ${mellonconf} + +# create fqdn.conf +echo "Define FQDN ${HOST}" >/etc/apache2/fqdn.conf +echo "Define EMAILADMIN ${ADMIN_USER}" >> /etc/apache2/fqdn.conf + +# run Apache +#/usr/sbin/apache2ctl -D FOREGROUND + +#run supervisor +/usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf diff --git a/builds/SAML-K8S/supervisord.conf b/builds/SAML-K8S/supervisord.conf new file mode 100644 index 0000000..66c07fd --- /dev/null +++ b/builds/SAML-K8S/supervisord.conf @@ -0,0 +1,24 @@ +[supervisorctl] + +[supervisord] +nodaemon=true + +[program:flaskAPI] +stdout_logfile=/dev/stdout +stdout_maxbytes=0 +stdout_logfile_maxbytes=0 +command=flask run --host=0.0.0.0 + +[program:apache2] +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 +stdout_maxbytes=0 +stderr_maxbytes=0 +stdout_logfile_maxbytes=0 +stdout_logfile=/dev/stdout + +user=root +killasgroup=true +stopasgroup=true + +command=/usr/sbin/apache2ctl -D FOREGROUND diff --git a/builds/cbioapp/Dockerfile b/builds/cbioapp/Dockerfile new file mode 100644 index 0000000..74132b3 --- /dev/null +++ b/builds/cbioapp/Dockerfile @@ -0,0 +1,45 @@ +ARG TAG=2.0.0 +FROM cbioportal/cbioportal:$TAG AS build +MAINTAINER Luboslav Pivarc <456130@muni.cz> +COPY ./log4j.properties /cbioportal/src/main/resources/log4j.properties +COPY ./portal.properties /cbioportal/src/main/resources/portal.properties +COPY ./settings.xml /root/.m2/settings.xml +COPY ./context.xml /usr/local/tomcat/conf/context.xml +COPY ./logo_EurOPDX.png /cbioportal/portal/src/main/webapp/images/logo_EurOPDX.png + +RUN mvn -DskipTests clean install + +RUN ls $PORTAL_HOME/portal/target/ + +FROM tomcat:8-jre8 +MAINTAINER Luboslav Pivarc <456130@muni.cz> +ENV APP_NAME="cbioportal" \ + PORTAL_HOME="/cbioportal" +#======== Install Prerequisites ===============# +RUN apt-get update && apt-get install -y --no-install-recommends \ + libmysql-java \ + patch \ + python3 \ + python3-jinja2 \ + python3-mysqldb \ + python3-requests \ + && ln -s /usr/share/java/mysql-connector-java.jar "$CATALINA_HOME"/lib/ \ + && rm -rf $CATALINA_HOME/webapps/examples \ + && rm -rf /var/lib/apt/lists/* + +#======== Copy from first stage ===========================# + +COPY --from=build $PORTAL_HOME/portal/target/cbioportal.war $CATALINA_HOME/webapps/cbioportal.war +COPY --from=build $PORTAL_HOME/core/src/main/scripts/ $PORTAL_HOME/core/src/main/scripts/ +COPY --from=build $PORTAL_HOME/scripts/target/scripts*.jar $PORTAL_HOME/scripts/target/ + +COPY --from=build /usr/local/tomcat/conf/context.xml /usr/local/tomcat/conf/context.xml +COPY --from=build /cbioportal/src/main/resources/portal.properties /cbioportal/portal.properties +COPY ./data-loading /etc/data-loading +COPY ./start.sh /start.sh + +RUN chmod +x /start.sh +WORKDIR $PORTAL_HOME +EXPOSE 8080 +#======== symbol links & subtitute db host & run app ===============# +CMD /start.sh diff --git a/builds/cbioapp/context.xml b/builds/cbioapp/context.xml new file mode 100644 index 0000000..1da4e84 --- /dev/null +++ b/builds/cbioapp/context.xml @@ -0,0 +1,37 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<!-- The contents of this file will be loaded for each web application --> +<Context> + + <!-- Default set of monitored resources. If one of these changes, the --> + <!-- web application will be reloaded. --> + <WatchedResource>WEB-INF/web.xml</WatchedResource> + <WatchedResource>${catalina.base}/conf/web.xml</WatchedResource> + + <!-- Uncomment this to disable session persistence across Tomcat restarts --> + <!-- + <Manager pathname="" /> + --> + + <Resource name="jdbc/cbioportal" auth="Container" type="javax.sql.DataSource" + maxActive="100" maxIdle="30" maxWait="10000" + username="cbio" password="P@ssword1" + driverClassName="com.mysql.jdbc.Driver" + connectionProperties="zeroDateTimeBehavior=convertToNull;" + url="jdbc:mysql://cbiodb:3306/cbioportal"/> +</Context> diff --git a/builds/cbioapp/log4j.properties b/builds/cbioapp/log4j.properties new file mode 100644 index 0000000..964f33b --- /dev/null +++ b/builds/cbioapp/log4j.properties @@ -0,0 +1,19 @@ +# Change INFO to DEBUG, if you want to see debugging info on underlying libraries we use. +log4j.rootLogger=INFO, a + +# Change INFO to DEBUG, if you want see debugging info on our packages and spring security packages. +log4j.category.org.mskcc=INFO +log4j.logger.org.springframework.security=INFO + +# Use the JVM option, e.g.: "java -DPORTAL_HOME=/pathto/portal_homedir", +# or - "java -DPORTAL_HOME=$PORTAL_HOME", where PORTAL_HOME is shell (environment) variable. + +## IMPORTANT - THRESHOLD SHOULD NOT BE DEBUG FOR PRODUCTION, CREDENTIALS CAN BE DISPLAYED! + +log4j.appender.a = org.apache.log4j.rolling.RollingFileAppender +log4j.appender.a.rollingPolicy = org.apache.log4j.rolling.TimeBasedRollingPolicy +log4j.appender.a.rollingPolicy.FileNamePattern = ${java.io.tmpdir}/cbioportal.log.%d.gz +log4j.appender.a.File = ${java.io.tmpdir}/cbioportal.log +log4j.appender.a.layout = org.apache.log4j.PatternLayout +log4j.appender.a.layout.ConversionPattern = %d{yyyy-MM-dd HH:mm:ss} [%t] %-5p %c - %m%n +log4j.appender.a.append = true \ No newline at end of file diff --git a/builds/cbioapp/logo_EurOPDX.png b/builds/cbioapp/logo_EurOPDX.png new file mode 100644 index 0000000000000000000000000000000000000000..1aa9f993c49b96914889a84078e44a0feeb813ed GIT binary patch literal 10869 zcmeAS@N?(olHy`uVBq!ia0y~yV2op6V2I*iV_;zTaMo@I0|SF(iEBhjaDG}zd16s2 zgJVj5QmTSyZen_BP-<dIW#P$G8wLhuwak!+k_cZPtK|G#y+n{2y^7od1`x2ZuP8`N z&Q2{+NJ>r5%(GQ`zk9!uLS~AsQn;zFfp39xYDT6<RZ(him0w75Rd%vvijuvZf=z{0 zMQ%ZEYDuC(MQ%=Bu~mhw64+d;ykaYmu)dN4SV>8?trEmh5xxNm&iO^D3Z{Byy2%EH zCJN@3dWNQE=9cC<3PuKoCi(^z`bGx229{Q)##RPK3Q(YAr(jc*l4cd;;s&*=C?(BS zDWjyMz)D}gyu4hm+*mKaC|%#s($Z4jz)0W7NVg~@O}Dr*uOzWTH?LS3W`av<adJ^+ zK}lwQo&w0k#H9Sv5?duDsIe8f1#n~YilM=joS&;-kyxN_sAmB362z~$1-`!cmFDKc zRTq~8r6Sym)!^cg%7Rq=pw#00(xT+lpwu*FkedpuoQqNuOY)0C^7C_Gp%{>nUy@&( zkzb(T><kVy1`yp;U%Vok6fUtcTFyyB9?yyR3*7h9!@+ycGK%oHm#6ANQ=6DJEt z7YiptLst_gS0g72OIJfPCsRWULo;)jUYGpj(%jU%5}4i;gkDRWdO^tn6eLzIsYRJ( zsVQzn`MC;UZ(C*Jc8eKK^PqZDaJ$7Er(S(K1si=(<RV2jOeo034a5YeOHdlMQ$QsC z)Vvg1r6MJJyZTwZCJYQ}Pd!~6Ln>~)iRGLlV*1UG_k?YOIhRH=`#g?y+V_~0I+Py0 zQrOg`q;&j12m33o)hjx>#LpOXG-+!oH2seaabUDODt%N~aHsxM=R}5`FaLk{-G6P< ziYq1GOTLGgR{oK@I(d)R(x8*mr%#`LMC*3ihfc4Rr%v@cDW*P*Z{v#BWtqyD-f;Ng zDvh4&JriQOZ*cw3wLDx{?{V`I=kmYpH5Pwf@0?uqCbVsmS96qI`IOX^zrxx|SEWWq z{$SZ!u$FUO--cH|c2~8f${y+Gu-p)O<WEJ%{hs@`KRj1s$vbsoL!HwbuM_KBZhY_f z{pr}l>;Ho${kgg>_OnRLtmPX#${Olfjqjg6s2#pGO1R7TJ#XPoi=&nQW%uY!s(<o# zd&#=}8jp|dF!>-*$(_34%KD%B+;yBa^ZGxP7*tGdJa**L<+E*5*bTNZ^=)G^Fmt@H zQPpGJtPdBh8UtgGtz-4@Kfd`M<NmvK8MoIO+C9$suz6`j%KpWL=MR^PRoF;<+-`WM zx={1^+yh(0rsp3pK5%)$|DRGjPd~BtYd!O-q2V3p4xcMpJzlj8=e~coo?<#-%Dpcs zmus@NeSh#=_rWU78WZWyy@#UXPD_60GI{EL`)T@rkqL`dv+VQu!D#Z$a>qADi?h5Q z|N6!980(mR#y7k!`0%-+{jJ$f%^vps95elIoNPGmm^Rhlal4J)`sxNf)4#7L*2nkH zGUhQ^s?M8Zb3^Ke%6joSJ;v`|hA*r%h37E;OUya{F_t-M3Cn};7eBB!tz~%jU*zJU zdY6B<-Iy}{7&j-&vE{MUaqVF;3O;zf;qS6JwtRUn1n-|*KevtX-WT?}MKW)_omanD zyhgBLKJ$-n+yx)Mefw>&O=6X2uV90fNX#*@dD_k;Le|r~59V)p+!m8xAS$1+JG?_^ z;o|2EyZ&<@a{ut^tl8>I8@IkQz7UyIC3nY;Yp3ml)J3BIbz(S{*_L&mcq6b*OSV*W zrMXPk<#W|4JH&oid@u|wd&bXHlfLEj`FX<6f3Nj$klg63rN4jm(TaRNhlaAt=E-~d zCzomq->Lg)d+LO#*ekWeUuU~~zS~=#)jmId^#>d8mLI<CP5)be*u=0qnmygokbXJm z)24Qgw>Qh#mNr%~zF%OQ|LxUs9@egT8I!KZwK|zscLc2dX>Z{8{`H;C*mCt(H}%V< zoO{3d6c~RfeIRUeguOw(<GE$VkJ3pOHfTQxlC2T?5mJ!+A@o7B$#$F8>U(Z+Nr56< zlP8u(|I7B6d42jH^QnA6?y?!X-R8wjDT?jgpIIjHPRZM#Zi1A0irit-^NHGiYA>cu z6uh%gO0cSAi*sEW%hI_~skeF3oJ&4uRb-rRxy}25jl1OLiMlOL3pZ?U+|kf!eM4O9 z@T;QhSLRf%JaKx3Uh>Pr8*Jxw8RS!2?_QXb)Vtto-Kxx-H#TvX7}if+#8$uMiR1HY zWvZWyE<W8Cck1ryMB^u`mj`&C5$XMQ|ADeelFZF3uKUbR*y`NA`GC9I^Pjrm?w-!; zZ}r-~zi9TZ=bw1)#NiHwt)a<}ef5<hcJ8dW*izuR%3*rR;m>cK%z3iitEJVKnq?eW z_q{lAk>O?4)ut7VZcEml|Gb~ohQ<DM<Nb>rf^({GzT@OvAm;AgDP|>oprS^|@q3L{ zqny&?CbnH{6_@+1vJcJQ`FgM1(nr#N&p%%m-Q(@=`z5qaKfvVGT&<kPC5ult2WTEq zyUq4zq1zH|hIb0HZSJ00<~q~H^s#>7|FxbBv9rvNt=PbOyVt_LFj_!*72`dVg~z3z zr)vK7ns;g5OIh}~H$wAFw>|%n%p9<1j!W_8r*gA=a`g{B*zIkVX1<vrce$=iqI0sx zyvZep1H~2}m?|_QH*3@Jj7JuRcjVr0y~(hC;iV<srVsbuvEBRp(WNsHzZd3mMkSkG zOlNmVj#<&UPJRkk)At1@Q<kai>V2F)OD&0YYkkvmrkZS3hucf9AGNn}`SqyQjxQ_O z^uTPpD;~mj=hc5!`wRd3-Z168knfK|#?|VNO&<EnDEJDW?y<P^{83v!<DBJF8A|+* zKb7PcoaH!=rwFXKWS80>_xVrq=cUbv*4N-#%%{#2=3gR}A1m%V^`3zGY4b(>`qPEo zH;YW~HnDT4>V3p;x68<C)dImt{&xb4rROuoIeRM4U0b+O-l)9R@pkTxHJyt09U1Q( zZVK^ai0Cf3xuVnVu;Opo3dQ$~`}vlMyT^W5J<IQkUrd3qDc=X#HHS{mE-g|1^s)GY z^lHX?CJT;BKmTYgx27}h_2M<_I1E0#n)BJ1IU;pmcj1*3_T;?jHyvBc6SUU__c!E+ zlogyv)!v)V_fpfQ+RJK7<Ywzg&5O>ypHDkxTHFj;)yMVQB`oaJBRTHdx>j4;on9CI zZCuv0&$zf-I&A9qj?a_J9y~iAotJa|<J8+v)AK+7RM+-VevrC%*9p}>M<h(1e^0&t zkcsbaH{<=66ZTHHwVD0JCRv{E9?y+G{C#=pA2Z_~UwwTGR)s72n_lk9{rpv3eedMY zk&EVCUi))`mE<X@4AI;_db9V6=d!JDv$bB^{@lg+{<5EYQvb<&uX@rh8e}Xt@8aiv z(<gstJ-ht$wcdxVUirs2UH0!cJNbB-PV?_GXa2@22OoR<@2lOfDOT}G?~EUmKk!{{ z>oV=-2Yt8Atlz)v;9PL>YJ0QIhn8nE$`#7Z-bKD=+O_As>C*eg&8uJUxcc~A$xjBy zixoTX7~WQ`>G{&qx#-ob=RTnq&wiNqP{^$NzwHf^`IFgV+^TNR-ykCzDE(|7n>l~R zr0c)_&D?2!gkw+Lt&qC)?bm*EpMRa;v6O$UC(DOh3_BPeob<e7ZsW#qB}3ieozQe! zQ8~u>k3V+k?MU~u>aFPQHUGKgPvf$m?W;dLGl@-NiG6NRz;|G~UsKzOrH;`i52rGJ zkS*nAE@Ru^_sVRsz0o}u#-8A*-#--yeQ%L`b)jtM!b^MQzVB(-67OvuU~pjeEU$CD zAyR4{pX)8#CZ0Zb&$#LxmxJU~eg`>Y<_jBLz4ur4{CK3s@MOBy9_3l$Kgw8cl!;wP zt*yK2Ecx)ox^%0iCdPYDg88@pf2G40t=_o1c_$}FY{`x%(>I?gx%spI()mU4ENidt z+!GvL*u2R%u9e|Q;C9uA$4r>wni988QsMdVSB>j~tWNvPpw1N!4JSPa>%V<TP^2f^ z`P0dr&)?{L$mKuxVrBG=1J0ty?JueHSI_ecc(^xlu1jyCm(<k2oeWPts`&o6#W3yr zdbvWDdqQvP9X_ybDAGQAbJj$r=hkhS@BhxI?q-`iEyd*C6`}Ufv%g+Ce&_%7{Y=a+ zkD~9|+vWEEY&ceV@kUp3QvH{$ObXRk=B@6G6FE>N;bo?FV&$>x4dvMl^CxG1Hr>9T zRc_KbhX<h#Ur*Va74TST`YNUGTB|c`qTO6$cIhn74*wB#B<x52Y019d&ZnmNS-kD| zqdvLnjMw8$&%&y=Gn6d0`@7}+nLAVe&VF+7&4Vq)f!!;zF8h?+FWhZ3g=3NBivr&} z;fyu&Wmg6qW7v23LS|{m!`kY%M=II#oKIf%60>p>{<33->do1!e@j;63;C%=X2x8* zD?jUEvA@iB-|%<BJX3QHNPj8%yt_Bt{Pn-tm)=J`i(X_c&JZXbYkKg!lrFdKyGaVa z1k!K1?67Bvm9yOF9-o=_bw}V*OUYp8tPCrM@7)!z*Qwb^?am0;!gjw*hJjbFE^}$; zyeaQyMKW2hi)7jm*=M0QuahCSe#-MX%nKdPJc-JB@m1)~>dTY(yB^&;yX?hdrf4md zIX@I%RL!0AF{>edaxr_}zssEF{)|4~7y0bG6TV&1e*3j0)6XAf_mVX}Fk4FNWZT(` zJHE>VM2Slkdj9b>&N-YJXL<Ns;rEM1Z<cz?tJm>qs>%BC_;ME*zOwo<*Yii*m&<Zm z3-+B)UE<5y*sUM6YQy>6jB(DYYJMs;@lC%=CtLkql;QI7S8cua)90JtR7)5;UpeA? zTKRa;#V2LUl;@p3y3?pwrQB$;vm1ZJgQxpuH2cieG+bL@vCnfWN1<lgH18j;G~TTh znqb6r>zVpahIanTTlT&4O-W+7q<uABy`6Jc%*3$stQ|W&S|=Bt&6sBq&{%$Xo_V#d z`Hsk>TS1d%|2}u-DPKVJ<s~{=M=jobl`a%oA?=X3XXX09Mm=8({hcmXCp<4$ZuC6p z*Rcn`5A-iH){t1=#t{0%WI++*S@ZTobADJF_Bxmw&-^O7z&rf!#Z$E_O`q#dJ9+i& z;-`vt>hCqK`Y6T4_qKCm;m_W(pKEl&n<|y`zt4PHwm_csZ;w8^hTM|CU1jP89sc@l z-L{WDhg6s*s86?O`X=#YbK{&3IStn*=zCs|IQ2tk{;oeqvL5fXVtkr<{f))yb5~<x zPVExxt@WREUHq=u9L_>}mV`^9>*u$hh?w%Rd&1(`s(U5<3MN{L{b}OLmr8B89<ZRn zT;uTV88I_1WT?;Zk5js|^Kq^R!;4G2`8}6r8%|&KVc!*3^$3T3w(cTQI;WnAO`0G* zFHio!jf%_7B~pv;?~yvC##F&Obw=NX7WGFnR)|mir^4N*QqkhSaINs%<%f=+c&)Li zbqQmf^FHOf7j~SP?E6{!r^ftUwG3y{>{hDYo%lu7s*aQ4<lm*YD>}X~UZ{H|WEXH! zFjDUbt6uWNveuGc3~Uvb8{W;HD*Z`9E$nMxSZSr<Jo%MNqh@`$`cX~8eTV&HMW^~N z>UWh=9({6K8ZUA9YKy=01Jft&ml)q4v^%vpPx77F=bu4d$1@L2Kgzjl&Kl{}U)(JM zC%=2J^%8#}%ir5Ja+hV#?>xnjUlp{J;d$*`wLc#6PcNR`CSi17c9B(_@II4sUv?b& zn$lm<l(#XB=fsC8j|AnE{xkl#W^`b7U5Mp@%J`S*4{CMOV@!M9wrq>7`xY1cHOOmM zb9jA+^X<KS)1z%&*iLaCxfrCs)c$I-^0M&M?-tB^GF@gep4;sgz4GnkKeCfgJY2i* z2gib=zSHk~`}bhe7gfV$M@!;92s~V=U7PF~%(s0{+)LY1spj{F2WCs%nya*c=aWHN zX3ybMA;C^>yV@Qt6Pxv6eNyCH_0{*|f`4%a@9Ozz(mBK2;gD^-2=k5p2S4kL56rH) z#Oo@YJK0wA!2M6szCTXdoxJa9`0RE-k;nE|@Bd0%e#xKrM6h0(p(K;@(@&9#Womu@ z9wes(ooC1w@-+V$q<iqZrTGEgSJqG8ov(ftJpIY<ht~gNh39Q^ulRl8%z?A_qO%t* zKR$u4Kkxlp#ZO8O+f|mYbBQ@q@oaJ4dbW4>f3IP@_vF&Dl<XC;(IOYvZYr#h|Fkc1 zXUyNHWsh{j*UyceRVjVBR_1%gjuWa~a=h^x&MOxkpZfci<FCN;y+S1~XMXCsG=K8( z!}j_9E@_PWZ1OkEZudxk^8A%TUB?23_f}8q_MCmmS#vBm^TLJ__lsM!pVq{#x)bhw zHh=p3x!=@J{c^c|HuRw@SDs0qI=}lwwu952pLuDMdgEujx^N1o;u6>Y4+7<slvD1< zGw<nKCONtIhvV~|E`QgCo^BEn|CM{Ty`bz{pGijiWRr)n^YYA=)Mch*lx)AA*<SA> z{I{?1$P(tf(hmlrc7bm07xSEo&3Ei{|1+22)cVOEq-+mpn-rE9R;y;{r8%B@BdwSC zrt$YQm5b-jwilTH*&ez<+~1|+_{AN*83l8H&sjcO{La^$?xra^igH&|b7ls{9*<L9 z#xj>PeM;l8C5-Q0CcJBOSU*uuZqa1MY4cqs%H@7xwsBEYn7i;~h4_-wZ?&vf?4M_x zv3%JjO_sJj+gjJeeOu*Ns*@1S=Jqq};{Fe9t0Y}J(odTHDR=W&=bF>{f7_ggJM5R_ zyllDr&)H69U(vfIa(S#aLVp@=)lYQ3er>w=nxlXFeJj+}U)6@>XBsY%x%bdbl*@MA zm)UJBUGL`3-2J{&t@7uo+DnbX6X$5YvwyK^Ver({vs-mc&!5^*cVh01tw-9q_uVNh zDXsY+Jn@<2wA7DZ8m679{&?(5+0UEY{025>7#gm621JF3oZ^&MOZA;@`|e5Uyso^5 zJZHJfT^V=1S#!MV0qgYNWnO6q8Ec+<xEIZLTVns{zHs;!2j=&0wH)0(Npx0ozcHU_ zR$Fv#SK4&(g2}ygdfz`pO!Euhu2Ug<;IC%G-|B`RRWaK|OZgP1cHW;Ercol|@K5BA zUHr-b?XCaq*lbE0wmk`EzO%z}%@e&q^^8X=|85K0cJu8Y?fLgR_q|tVc&7j0EW_j6 zAG-|>C!NoHd+2F-%XH@Or1hOYyne(=KD^5Cpglb$LdNvSBG30<GaO#}%sdreciNnJ z#iEyg=CNPDdL+>EQCR=}WeWR4_Pl6+v+Yw~-BBBj&-o`#zjtJdv%kckSz*3i|6N4< zBvIWh%J+Hx<saC3PnKDl|Cx_|tpb1lCo{dLYnA8ZBpsi|oLfH6kYkF}#&zX=$DVRK zly!faH>Z~4<r!bsWjiID&HR>!MPGDniSxUoxOVmXc00#ay6=6@-PD~GwWwV<Mz8X1 zad36bG`_U<>a@Fl^Y3krNU=LDb+>sP!wb9o4ePITl<rY<cym?5VY<V#_lic*OMjRo zT)eRNjB;$#hVIA*-?C;{S+?Jnzoh=f^69%IG3`R9S8Ec3i`2@p?UrofIm+zMaDVFe zGiR1chZ|pf<Xx;R^-KJ6?0Pwe>lH>z=4J3bVCvL9*vk-i-<@$+4*QnZuhizgWUFvy z;y>Qgn&CJ5jo|-9I%0;)+FUM8IcfPt_)VSbX{Ic{@}TI@jg_heLVfGPmD~K^8eSBu ztJt-5$35e!O$UAJcio)O%-Zsj??~ypEy?Pyca&Czonb$p$ed}v<!w@Pt>#kSPrMoD z79Kz3!ti95#N`JyrzGV*%BJ$)y}~~`Y%OOe=acBO98=v-^|$zNueWXRp1fvLF5C3$ zS^E}F&|+QRCR?ojwPWRmsQ9=5zVGwfN?t$w7qvsKZ_6p~d*31zxAN{ck6L)azv7zG zpE!deuXA;Lk1tf5R^GQQ^vk|aeXgksuGw0zbx$n(`Qo<8{zvksE1$5>+xz~Zq-|~a zvKtGgou9f@r*z8H#H$;0UVA+G9uQ-EFjQb#=l;{F5n+~fF6TBX?&%QRC;svFN9i@& zlnS!l+O~3T-0$#Byk+f6gGIHSvM-)qIFf9_d;a?Ao>cY?A=Y0n^BgaVkH5sqvngQF zzDw)<ZnviEd~mc3ZmvJ=+){URUrbnz<kJHa6rCMa8}!}x?h0KVQgP1j(jq?QJ#9Ra zRtb&Mt0!Jqv-I}AFVc+nW$R9rOMZUIBWWZOqNQ_Z)9R?LtG--$vEq*JvKWs^oIA^T zKS&v+oCtVypxpGp^gbr>Y?pJ6f7~ZTKbmeM9o($w+{Wa;HT$~ChfAg*+uwiofADK{ z*xH*9+W*WlzRn|QBvQe&;F9YXwhehZKLl$1ioG$(@7R@u6B8D0S#ao(uJr2A)xV_c z;uZ>8a(>KK2!AF0QUYw|rM4sNGrJc@Wx2d~e1}1*Xr<mO!vonTCM+yrj(<1J-Q4Kz zKJ70}7XD|1mpVbsTXg7<ZZyce#h2c%Iu_b0Ibn8Y!}SS@&TT^M`?wkR-O<{%(CrD+ z5&!l(t1g|GZ)hrEl%k=#vh3}wI~DV+AE#!zOlv+Lu{Fy#an<LvJ12Q0jiyXvad^7% zt4(BNd04dU2Z6;OrHrPiU0I%K*YC7Tu4dV<*FV!)80Qtbr~fyXn|rZ%I{)W;v%{af zJ!x{WW@qH@zj8`%7g_cm&e+q&^HaJcd*z3?jfY(xXC)-RYdsTO@7`?Rutwg0`@iJ{ zy8`T=)@GeGXefRglD6W_(&^$kT|wKfZaHaL{5NFQiQlX{3Y0%{Pu!j_H09aL9ed`# z`hK+d=b5t=Y1-2*-n~CHS-N5`lhOTOFQirW?3tjp{p0MGFaM?<`aVPB>3og@4<D}H z`t+9ktjBrm2F31c7c!l)nej#Qa;)mrCkHm)T6g&T`KiAbuDN<J-}zaRrI+2$1Ke^? zLUtcCjX4zldxOu+db#L0wPS8>l}yLHOiZ4?T%q%W^Fhe^m(N@d#7*Dx>2JlElbUtR zu?vkp@d{PW;*@qjDzcy5y4Pi{-))gIq9OduCEtH9<G9WBVXu3`_L+?LrZl`yVt9Sl ztA2*A|Lq_0DN#!wO?k8_<HTPX-noYta-I8NqTD3&{lk;6BIUP&74N5N)!f=3zvZOY zqKoqtrJnj+Zkgn)ar?ON44Jz#?24FUrGNb6`S4V6wfk+8hgK~0N7f$B|26AUN??kx z+YPDS$mVB<ghPJpkY-|Y-=M7^Uo<iG`3cE?%}Wn2nY8iAMGb$CgMZ)fy!LYU)~#D? zlfB+;-?lySsp8J-1QP#PGw%<7TwZ$7?7CI%-Hz1?To2Ta<a!-(XIvl@@mu3B<6Pex z_Y^Lx-JHjl`j~}T>;+rMwO+lC?3^3ky8W4!bm`GXXP<oQl=6%eqbHBwG@N;F_-wNL z`|{XZg-we0d*AQieEClM*-e>U?|MI5K6UwQ$6mvGX=YSUO)299-@qv+<xZ&HZFM`< zRhqN>`u1iS(>q2Jey*MIMa%2oc89Y5_L#_(&59H6Mj!hAVEc+Uq5iQNvphHJ_APvG z^dX1wGPkV57eT$7Wejc-{f6=i4!@>f)O=*+ShmV{o3UO$r^D?`>qixnKGfzV=zbSk z^7+8_Re#UF{LT8Y{K38JIiJ*5Z{WTC&RN>Y!oS<XzhU-VpX98WliqdrmF#@TYrZv; zTW<b=te-PV?6y}myw{P_X88~syy`%AS9z<5%31#JUQg411cV%s`B~e%Cq(ylt@ILy z|ExPF@XQYHc)OZ+hFMfq*c<0N$8~Z}=x$#6y`yG<N7b8!mcMUs7u_~hILpa<PAz<6 z>*tWGzYESs|F|31>aU^3d-Q&DPLzM?^0Pwq<&XDHdS18f`)}DoWfgtJ%5yg-eVaMa zt9Qf2OFKh~H{Y+C;S_OGkFh*qUu=rp<WI8?*|<oF9Llt+Wctpt<>Wo3_XSP5J#(LF z6y#s5`w`3bcpszLO!bfor3|)1{}Z{NZ(k^V?&hpN<<qN*dUSj4mkL}uxw$p<v5~>2 z-lxC$iaq<E*Y8z0pIm#hal`eaCdEpZ_5?i1I`LQc%KYW7??rxB@}KzoAn;lJ#*e4& z9Ct93-e9;XZzJFN$@!ZM7~h`fowIYfj{kSt_}0DhKjgwYESv7{X>PdvGw6E7f*1QU z%_jeT?G@SE?!(KV)cDm!Q@rofCe{a@bBq_r&Q0s@XJxtDasG|o*VgnIf3@yEtT@;* z{X<V=#WnvOMt^u2&9}{s{1X@SU9M-w50$$oCxumuKgeD4&qmgAq8hv0l$)WqQmT6; zta~aaoNlWLdRDpUYnFva)yi$#<htKU-VGFd-PLx`>p*Xtv?u==Mc4YwhKa@Rba#F? zTxsx!<GA3H1M1v6TpQYXXP^Ejb;AA3q$Z_~C$Dbt&#?U+;5q$g!qQ}A$>tKyW5!qJ z8*i(;#OQM4Y?|lVJ<CF7?N*I__EqwvyYcL4U+pW8cdPF2Ws%wRR<@Bn)WM2nVfcZy z2e&V5?7wy*Y|5AQliMb$KK-fIDE>0VbKfSH;s-|#?Yv|Vxs2uNZB~~X1{v06c{)xE z$?NaO+|zfedG2&)`w7+qGnO-bxUFT=JYV(v;%{~mA9-EZEi-u{&l0eiCE?tpg;gqh zJ)F-?d7jpJ#%<%ov|Doa9<S72pY*(RBigg-aF^z9twmSeI!YJl|L{I(fBLPF<XhWm zM;e))2jwwz)N;h}#c|X{?K@v-w)6FqD(y$lJ9K7#{atx+iNE;F(@WNVcl_fs`%OC2 z3a?Y1?rWFGl^?Z@Ke6}pfy+zIPV3*oEIO}SL0qA3#*_M;C*ockY=0x<x@zMLg*gXK zr~jSBQvE(I(|ED%k*tnqx5K~v(hUthy#L~jXWq>fp>395Q<NHQFHi3HAChA3sOJAh z^SQ_2?h6qozHa@yS7g)VB~9)*8`k`I@Ayu8_MM^=f@j1tKc#bi__C4LbtZoqS9r6( z^N-^{tS@!z9=X4HQAK`Jq528G&5Ta=7sXcG^%MSJ5p|%b&-wT1zD+gKH@8eQpLni2 zu%sj0DR1Z7O6DVFcO5QuWn_PMcN2Ds?=-s~vV}M6+~3T;1(6Kl^FBq#zqzZ=eWO<A zdz{j(E@?rVOyfPwFW+o?`Z|vBm)fGrty2=S*YO_sS!;dEL`ik74C5BtCuuh>?T!{< zRCnNMo)cRft)o2IJ(F$ob4{))_D|)veHlHHn@T)RE_!cjcDZ-kw}ngYzHNTfueYh@ z|JQ9rJv}zlvU1Mup7P8kefHTZ*_69}`f+KKJD+rKarmtB{KMbWi#@l!j(g_ro2Ox| zufBQ$=RSrj(y1XAZ!f-EeC00Nrn!aZ|6F3a_daL;^-iySE;&1M12p|v<25CpaSNK5 z-)O59oV9vo#7wi>;yX<*Nw<Eve(MY)f2GfaJ=~Rk4s&~73npEO*P0rz^NF%p)%}la z_EsDV`}+J%^|ZxGZcj4YBBh=h+lk*6)^@7Cb6xoR^Xe1pH#V=kz&88XvYcfT=ihy| z{iwgN?u=*Lx7hS2eUes})iD()i#mSVHrS-n%1x~z%jufr_tkGJCm!Y$w?36E`fl^> z=GR%LrXK$1Y9@R-anZ(iQv#cdJ>tXKu4O0xcqYHA<u8++O6LLTw>EB-naZbFABb6> z+PW*Ibndyb<0lS!hT7&_+nsZ2(x#hhO27R&`|YCqr(c{6-`oxP`8M5*oO;E1s>_F^ zogd^HUX>duU3$puo;Tn5o&A*$h4)W|Fu&)EK6+pEut8W=SOt?@|J?|^*63J<8@U~C zSC(?DczUWmLYcQ>vq?<W<nm0lZ!04Gg?^vqsysLGlIN6;MKeNHX1z9<vqksR@tmW@ z`;JtXOei{iINz_ucKO8qwCLTZCjEb_SJ=8JQsd{e*RIU-v>bj*-j}YNq3ZBwN6Y7( z?=$Cx$DXQ*G<>#}D`{Q9>;*CJnWSc$P7ZFr<-_Xbldvn)>uJ)TH`Sp<E9Z3O3F!sC zwFx=%;-t2o$k7+tQbnsb%h=lUFxc@q>~VP|ar=zBriL`rhtmvK^^bfBy`OAyw^NPl zMBfrk*6+1bwH{mz+}4nnY_jC0nSzaL+tiN?cRdW#uL!<fyXx!=`AHAAOt$#4Tx?eA z{H@ayGdE4QfA=Nh&eWs}DN3^b+isXyGOn;Wu-)R8Uh0I0Ohux~b5~|exO}8XVB<#L zEt$WWkA6G%gWqP4(vNwk1>()Q0#-j_ymzi>?TU@3t)5zRhAr@#zUQ8=<(m`T-XD0v z<I@==Osmf&pJAJDc6({mG<Lp<N`;UAn!8_maLb;WnfGtSBEAaCQ_lB(cOSF1o_cyE z<D&Zv0iB6+GTuC1_;*wDLz|%V6PMTgs(-M(@c;LVHtu03LVd4HdU)c(yJYqTosQ*6 z3mfH`)7D=S$h<J+BWv!)2ZBZ_cBc=EeVxm#u_yA(=Tik@(R<7vE$v{d+u?m@VquBR znvyv^710N_N6-1$WwNW;lp$T-GT^dpaNDalKb7ac$a(og%4_ilE3MhLUM0>d+Q(co z^X!?4imN}pF%r#56Waaq$l93xqACCFw(j2@GLgw)cFmEedaOsR>V+JZZ1Qt>Gvm#K z$F@JGEn8gVas2J>OYdjjWADvLb4;&v{S+AK=4xMU)BS9!@{zN?;oFtJ>le<rH|M<7 zwWB7RV%#>(5wV?m-fP=TN9KLI53tmo)7%qq=R{2F^U{oY(F_iEIqJk?81{+Z;l3m5 z6MXFQ1I~n5J2RI3$Y0c89`xd?jOag;*}ZyVNzA)EE!7NN9<O@6&~{VP9EGB?thI)v zDL2<$^|E;L+h<+4<)=FlmHsg*(lyH7EA@+>bWi=A61``VUvKH7xSwqDo_1nhkKgL> zp5?AsnV72dw^;W4V%~xUy7Kc+e2qH(_xkQ7+mA1eIX~&o?bBV`c0JR(KVNt?|Eeo* z?f=FzZVqQK`+BgwaASi3V-IiH5??d9S*q9DC&XDw??}DzsyfB*8S~CEr$3Hnky!^O zT0J#g^FP4kKp&riuKwZt-+w=|^6$D>@_-?>FYI*oyn~5$wt-bQUnQ*+I8bi7qdVa& zvs{|7wX9Ob)mWdRH$S*oX1r&K*L-Gk?P#!YYSx0!Uu1P^LVoeHNc4+cKJd(fA$==P zwfwQKMHd%EB)*Vy4&B@RENq`a`t9i_tLnY2nr-{OZ1?>2{qd=XtkxXgb`{T^>&{ad z*S#fU!G8ZOyF{6unViw@+Md9v;qgAIa(%@azMKUzLcNFg&i8&kMe~;SSpj94_aD}p zY^eNEy;@gxmULd&!{kkSbE3c4KYQ{(=VN88{<G<um&EmKGksS6bZ(wVg8GW$Pq|Zd z{bf2Y%zYIXqc75{6}*M_`G-E^3tt*zwf5b%R`IQSeEse-)=4h?r^^4gZ|I8)xTohE zcjTdE?5V0v&MX_&PC569gR${q(EOEw=bZjjFrM6|<Q?qlE2(&9`*mjVQ`7khS>7$x zz8jU<f82}RSmyi>uX$VD#mYWd>l}M8n#5-1=BB@^b7kQtnO)uM9Id#$ZpMVL99R>4 zA!H?M@xK>AhFeWT?oFO37<@r#<?}1g)D`#k#+lu-+4_IYTk%U0<{1YPH|v<@=^i** za$jg)K-*No-|_BG-(590CRn#~Pm1kIncYX9{aASRXwJeV+k-wC3jefl+_G5NwYfH~ z>W{W-+)b0qIWMnTtdTs+sc~n2(509R>ALbOB6`)^S+^CvQ0x0E&T-?9&aCQrhx1;# z@xL(1W4wQD()|-$TMTCv{qdH(yw;DQyKWk<OL3z65y@L8^{PXkc+9l0?*13_Z?!VF zTg$(oxJxVNYVQ62a?!(_$$$JD|5VNPow-bQ*VMV1yfg2~3qRR?`{4AsH=~ov*C{B} zuFlxVn^W|7Y4OgGwyV>w-29y@wdm7}EpMOR546%z_tjXZEV_NQ7{lDnOPVbX8O~BJ zxcL3rOh0%2gsMCD^a}N@r>0f7DZjkJH~E-f|D=9F`|}gkncnSGk~Tb^Gg0t757V;6 zdbi&HojPmxm4(4q=l?tR`f22R>nHbH{(StDtNd?gw@c-W$JfLP&ZphnpHz^UwOfjT zuhZ@S#2bq;SFcr7e(L<BR%c`JWX>C>3+I<P-FtI<wt~=Y6>0Xn_n%oldcn9s{GqOo z=h4t@GK=;-yz`gm;g|5WjUS4AHGeiA`Qz~U==DuA4ojY&n8A8v?hB#gik9x?*A?qx ztfo)C*>CQs@-FSlp<5OQ9wtc6`jg<LnU}R%rdu^d^wIs;GrVnH(=Bd2U3G4EOvBc$ zo@FIbwbq8-K9&MpCj%b6P!-)KZ9XwELiOwOeY};+D!gLWu|(Zkq3xCK_BLyRrrdvl zvpNhB=h(L#nL2spoRWLW&!){j;$wJ+@q`R#oUZK4fLXFUAEdfkcf4rc=5g!dDv$SP zQ~M|HDdRN`d6TiIe@1qO{#vc4r%o#0T46pz=#y-$z8W)=ZtaWAOHX2$o;$B&++byE qY4O`X`h&;P_<gg(zWit6Vc7im=j$hXmMef3f_l38xvX<aXaWFMrqM6} literal 0 HcmV?d00001 diff --git a/builds/cbioapp/portal.properties b/builds/cbioapp/portal.properties new file mode 100644 index 0000000..c39b3cc --- /dev/null +++ b/builds/cbioapp/portal.properties @@ -0,0 +1,218 @@ +# app name +app.name=cbioportal1 + +# database +db.user=cbio +db.password=P@ssword1 +db.host=cbiodb +db.portal_db_name=cbioportal +db.driver=com.mysql.jdbc.Driver +db.connection_string=jdbc:mysql://cbiodb/ +db.tomcat_resource_name=jdbc/cbioportal +# this should normally be set to false. In some cases you could set this to true (e.g. for testing a feature of a newer release that is not related to the schema change in expected db version above): +db.suppress_schema_version_mismatch_errors=false +app.version=${timestamp} +db.version=${db.version} + +# web page cosmetics +skin.title=EurOPDX cBioPortal +skin.email_contact=it at europdx eu +skin.authorization_message=Access to this portal is only available to authorized users of EurOPDX consortium. +skin.example_study_queries=tcga\ntcga -provisional\ntcga -moratorium\ntcga OR icgc\n-"cell line"\nprostate mskcc\nesophageal OR stomach\nserous\nbreast +skin.data_sets_header=The portal currently contains data from the following cancer genomics studies. The table below lists the number of available samples per data type and tumor. +skin.data_sets_footer= +#skin.examples_right_column_html=<ul><li><a href="case.do#/patient?studyId=ucec_tcga_pub&caseId=TCGA-BK-A0CC">Patient view of an endometrial cancer case</a></li></ul> + +# documentation pages +#skin.documentation.baseurl=https://raw.githubusercontent.com/cBioPortal/cbioportal/master/docs/ +skin.documentation.baseurl=https://gitlab.ics.muni.cz/europdx/cbioportal/cbio-public-info/raw/master/ +skin.documentation.markdown=true +skin.documentation.faq=FAQ.md +skin.documentation.about=About-Us.md +skin.documentation.skin.news=News.md +skin.documentation.oql=Onco-Query-Language.md + +# setting controlling the logos +skin.right_logo=logo_EurOPDX.png +skin.tag_line_image=tag_line.png + +# setting controlling which tabs to hide. +skin.show_news_tab=true +skin.show_data_tab=true +skin.show_web_api_tab=true +skin.show_r_matlab_tab=true +skin.show_tutorials_tab=false +skin.show_faqs_tab=true +skin.show_tools_tab=true +skin.show_about_tab=true + +# settings controlling the whats new blurb +skin.right_nav.whats_new_blurb=<a class="twitter-timeline" href="https://twitter.com/europdx" data-tweet-limit="1"> Tweets by @EurOPDX </a> + +# setting controlling the blurb +skin.blurb=<p>Welcome to the european instance of cBioPortal which provides <b>visualization</b>, <b>analysis</b> and <b>download</b> of large-scale cancer genomics datasets of EurOPDX consortium. This portal is run by <a href="https://www.cerit-sc.cz/about/news/cerit-sc-member-participates-in-eu-h2020-project-as-the-it-task-leader">Masaryk University</a> for <a href="https://cordis.europa.eu/project/rcn/212589_en.html">EDIReX: European Distributed Infrastructure for Research on patient-derived cancer Xenografts</a> project with kind support of cBioPortal developers from Weill Cornell Medicine (WCM, New York, NY, USA).</p><p>Please adhere to <u><a href="http://cancergenome.nih.gov/abouttcga/policies/publicationguidelines"> the TCGA publication guidelines</a></u> when using TCGA data in your publications.</p> <p><b>Please cite</b> <a href="http://www.ncbi.nlm.nih.gov/pubmed/23550210">Gao et al. <i>Sci. Signal.</i> 2013</a> & <a href="http://cancerdiscovery.aacrjournals.org/content/2/5/401.abstract">Cerami et al. <i>Cancer Discov.</i> 2012</a> when publishing results based on cBioPortal.</p> + +# setting controlling the footer +skin.footer= | <a href="http://www.mskcc.org/mskcc/html/44.cfm">MSKCC</a> | <a href="http://europdx.eu/">EurOPDX</a> | <a href="http://www.ics.muni.cz/">ICS MU</a> + +# setting controlling html for the contact +skin.login.contact_html=If you think you have received this message in error, please contact us at <a style="color:#FF0000" href="mailto:europdx-cbioportal@googlegroups.com">europdx-cbioportal@googlegroups.com</a> + +# setting controlling the saml registration +skin.login.saml.registration_html=Sign in + +# settings controlling what to show in the right navigation bar +skin.right_nav.show_data_sets=true +skin.right_nav.show_examples=true +skin.right_nav.show_testimonials=false + +# settings controlling what to show in the right navigation bar +skin.study_view.link_text=To build your own case set, try out our enhanced Study View. + +# authentication +## is authorization enabled at all? (true, false) +authorization=false +## enable and set this property to specify a study group to be used to identify public studies for which no specific authorization entries are needed in the `authorities` table +# always_show_study_group= +## which method of authentication to use (false, googleplus, saml, openid, ad, ldap, noauthsessionservice) +authenticate=false +## Should the permissions for groups and users be filtered by this instance's app.name? +## (true means the system only handles "CBIOPORTAL:someGroupPermission" groups, false means "someGroupPermission" works) +filter_groups_by_appname=true +## settings to connect to googleplus auth infrastructure +googleplus.consumer.key= +googleplus.consumer.secret= + +## SAML settings +saml.sp.metadata.entityid= +saml.idp.metadata.location= +saml.idp.metadata.entityid= +# saml keystore settings: +saml.keystore.location= +saml.keystore.password= +saml.keystore.private-key.key= +saml.keystore.private-key.password= +saml.keystore.default-key= +# How to send SAML request messages to the IDP. +# Set to "specificBinding" to configure specific binding: +saml.idp.comm.binding.settings=defaultBinding +# Configure the specific binding if above is specificBinding. Leave empty if defaultBinding. +# Options: bindings:HTTP-POST, bindings:HTTP-Redirect, bindings:PAOS, profiles:holder-of-key:SSO:browser +saml.idp.comm.binding.type= +# Change this to configure your custom UserDetails parser (default: org.cbioportal.security.spring.authentication.saml.SAMLUserDetailsServiceImpl) +saml.custom.userservice.class=org.cbioportal.security.spring.authentication.saml.SAMLUserDetailsServiceImpl +# Change this to configure to configure a custom logout URL: (default: /login.jsp?logout_success=true) +saml.logout.url=/login.jsp?logout_success=true + +## settings to connect to an Active Directory domain controller +ad.domain= +ad.url= +## configuration for the LDAP access +ldap.user_search_base=DC=example,DC=com +ldap.url=ldap://ldap.example.com +ldap.manager.dn=CN=manager-user,DC=example,DC=com +ldap.manager.password=PASSWORD +## The following attributes for are good for ActiveDirectory, for OpenLDAP use "uid" for username +ldap.attributes.username=sAMAccountName +#ldap.attributes.username=uid +ldap.attributes.last_name=sn +ldap.attributes.given_name=givenName +ldap.attributes.email=mail + +# study view settings +# always show studies with this group +always_show_study_group= +mdacc.heatmap.study.meta.url=//bioinformatics.mdanderson.org/study2url?studyid= +mdacc.heatmap.study.url=//bioinformatics.mdanderson.org/TCGA/NGCHMPortal/? + +# patient view settings +patient_view_placeholder=false +patient_view_genomic_overview_cna_cutoff=0.2,1.5 +digitalslidearchive.iframe.url=http://cancer.digitalslidearchive.net/index_mskcc.php?slide_name= +digitalslidearchive.meta.url=http://cancer.digitalslidearchive.net/local_php/get_slide_list_from_db_groupid_not_needed.php?slide_name_filter= +tumor_image.url=http://cbio.mskcc.org/cancergenomics/tcga-tumor-images/ +tcga_path_report.url=https://github.com/cbioportal/datahub/raw/master/tcga/pathology_reports/pathology_reports.txt +mdacc.heatmap.patient.url=//bioinformatics.mdanderson.org/TCGA/NGCHMPortal/?participant= +mdacc.heatmap.meta.url=//bioinformatics.mdanderson.org/participant2maps?participant= + +# various url's +segfile.url=http://cbio.mskcc.org/cancergenomics/gdac-portal/seg/ + +# Enable OncoKB annotation (true, false) +show.oncokb=true + +# Enable Chang's hotspot list (true, false) +show.hotspot=true +hotspots.url=http://cancerhotspots.org/api/ + +# Enable Civic variant annotation (true, false) +show.civic=false + +# Link to My Cancer Genome. Please disable (set to false) when using cBioPortal with patient identifiable data due My Cancer Genome license restrictions. +mycancergenome.show=true + +# igv bam linking +igv.bam.linking= +# colon delimited +igv.bam.linking.studies= +openssl.binary= +signature.key= +encryption.key= +broad.bam.url= +broad.bam.checking.url= + +# pathway settings +include_networks=true +pathway_commons.url=http://www.pathwaycommons.org/pc2 + +# bitly, please use your bitly user and apiKey +bitly.url= +# the new API uses the v3 of bitly API, and a java library to make the API call, so you only need to provide the access token +bitly.access.token= + +# google analytics +google_analytics_profile_id=UA-120520301-1 + +# genomespace linking +genomespace=true + +# set this to true if you update cancer studies in your production database without shutting the web server +recache_study_after_update=false + +# session-service url: http://[host]:[port]/[session_service_app]/api/sessions/[portal_instance]/ +# example session-service url: http://localhost:8080/session_service/api/sessions/public_portal/ +# see: https://github.com/cBioPortal/session-service +# excluding this value or setting it to an empty string will revert to the previous bookmarking method +# WARNING: do not use session service with authenticate=false +# either use authentication or change to authenticate=noauthsessionservice +session.service.url= +# Only allow requests from here: +# e.g. session.service.origin=http://dashi-dev.cbio.mskcc.org:8080 +session.service.origin=* + +# disabled tabs, | delimited +# possible values: cancer_types_summary, mutual_exclusivity, plots, mutations, co_expression, enrichments, survival, network, download, bookmark, IGV +disabled_tabs= + +# study ids and categories to force to top of study selector +# format is category1#study1a,study1b,study1c;category2#study2 +priority_studies= + +# species and genomic information +species=human +ncbi.build=37 +ucsc.build=hg19 + +# default view in oncoprint (sample, patient (default)) +oncoprint.defaultview=patient + +# OncoPrint driver mutation annotations +# oncoprint.custom_driver_annotation.binary.menu_label=Custom driver annotation +# oncoprint.custom_driver_annotation.tiers.menu_label=Custom driver tiers +# oncoprint.custom_driver_annotation.default=true +# oncoprint.custom_driver_tiers_annotation.default=true +# oncoprint.oncokb_hotspots.default=custom +# oncoprint.hide_vus.default=false + +# Custom gene sets +# querypage.setsofgenes.location=file:/<path> diff --git a/builds/cbioapp/settings.xml b/builds/cbioapp/settings.xml new file mode 100644 index 0000000..55f7437 --- /dev/null +++ b/builds/cbioapp/settings.xml @@ -0,0 +1,10 @@ +<?xml version="1.0"?> +<settings> + <servers> + <server> + <id>settingsKey</id> + <username>cbio</username> + <password>P@ssword1</password> + </server> + </servers> +</settings> \ No newline at end of file diff --git a/builds/cbioapp/start.sh b/builds/cbioapp/start.sh new file mode 100644 index 0000000..f3d2532 --- /dev/null +++ b/builds/cbioapp/start.sh @@ -0,0 +1,8 @@ +#!/bin/sh +find $PWD/core/src/main/scripts/ -type f -executable \! -name '*.pl' -print0 | xargs -0 -- ln -st /usr/local/bin + +sed -i "s/cbiodb/${DBHOST}/g" /cbioportal/portal.properties && +sed -i "s/cbiodb/$DBHOST/g" /usr/local/tomcat/conf/context.xml + +mv $CATALINA_HOME/webapps/cbioportal.war $CATALINA_HOME/webapps/${MOVE}.war +sh $CATALINA_HOME/bin/catalina.sh run diff --git a/builds/cbiodb/.gitlab-ci.yml b/builds/cbiodb/.gitlab-ci.yml new file mode 100644 index 0000000..08a0000 --- /dev/null +++ b/builds/cbiodb/.gitlab-ci.yml @@ -0,0 +1,28 @@ +# This file is a template, and might need editing before it works on your project. +# Official docker image. +image: docker:latest + +services: + - docker:dind + +before_script: + - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY + +build-master: + stage: build + script: +# - export DOCKER_CONTENT_TRUST=1 + - docker build --pull -t "$CI_REGISTRY_IMAGE" . + - docker push "$CI_REGISTRY_IMAGE" + only: + - master + +build: + stage: build + script: +# - export DOCKER_CONTENT_TRUST=1 + - docker build --pull -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG" . + - export DOCKER_CONTENT_TRUST=0 + - docker push "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG" + except: + - master diff --git a/builds/cbiodb/Dockerfile b/builds/cbiodb/Dockerfile new file mode 100644 index 0000000..c81e2ab --- /dev/null +++ b/builds/cbiodb/Dockerfile @@ -0,0 +1,24 @@ +FROM registry.gitlab.ics.muni.cz:443/2780/mysql +MAINTAINER Luboslav Pivarc <456130@muni.cz> + +# Copy the database schema to the /data directory +COPY files/run_db files/init_db /tmp/ +RUN chmod +x /tmp/run_db && chmod +x /tmp/init_db +#ADD http://dior.ics.muni.cz/~cuda/seed-cbioportal_hg19_v2.4.0.sql /tmp/ +#ADD http://dior.ics.muni.cz/~cuda/cgds.sql /tmp/ + +ADD https://raw.githubusercontent.com/cBioPortal/cbioportal/v2.0.0/db-scripts/src/main/resources/cgds.sql /tmp/ +ADD ./seed-cbioportal_hg19_v2.7.3.sql /tmp/ + +# init_db will create the default +# database from epcis_schema.sql, then +# stop mysqld, and finally copy the /var/lib/mysql directory +# to default_mysql_db.tar.gz +RUN /tmp/init_db + +# run_db starts mysqld, but first it checks +# to see if the /var/lib/mysql directory is empty, if +# it is it is seeded with default_mysql_db.tar.gz before +# the mysql is fired up + +ENTRYPOINT "/tmp/run_db" diff --git a/builds/cbiodb/README.md b/builds/cbiodb/README.md new file mode 100644 index 0000000..10c3e8a --- /dev/null +++ b/builds/cbiodb/README.md @@ -0,0 +1 @@ +# Cbioportal database \ No newline at end of file diff --git a/builds/cbiodb/env/.env b/builds/cbiodb/env/.env new file mode 100644 index 0000000..d5b67e3 --- /dev/null +++ b/builds/cbiodb/env/.env @@ -0,0 +1,5 @@ +MYSQL_ROOT_PASSWORD=P@ssword1 +MYSQL_USER=cbio +MYSQL_PASSWORD=P@ssword1 +MYSQL_DATABASE=cbioportal + diff --git a/builds/cbiodb/files/init_db b/builds/cbiodb/files/init_db new file mode 100644 index 0000000..67bcd18 --- /dev/null +++ b/builds/cbiodb/files/init_db @@ -0,0 +1,51 @@ +#!/bin/bash + +# Initialize MySQL database. +# ADD this file into the container via Dockerfile. +# Assuming you specify a VOLUME ["/var/lib/mysql"] or `-v /var/lib/mysql` on the `docker run` command… +# Once built, do e.g. `docker run your_image /path/to/docker-mysql-initialize.sh` +# Again, make sure MySQL is persisting data outside the container for this to have any effect. + +set -e +set -x + +#mysql_install_db --datadir=/var/lib/mysql +/usr/sbin/mysqld -u mysql --initialize-insecure + +# Start the MySQL daemon in the background. +#/usr/sbin/mysqld & +/usr/sbin/mysqld -u mysql & +mysql_pid=$! + +#until mysqladmin ping >/dev/null 2>&1; do +# echo -n "."; sleep 0.2 +#done +sleep 20 +echo "probouzim se" + +# Permit root login without password from outside container. +#mysql -e "GRANT ALL ON *.* TO root@'%' IDENTIFIED BY '' WITH GRANT OPTION" + +mysql -e "GRANT ALL ON *.* to cbio@'%' IDENTIFIED BY 'P@ssword1';" + + +# create the default database from the ADDed file. + +mysql -e "create database cbioportal;" +cat /tmp/cgds.sql | mysql cbioportal +# cat /tmp/seed-cbioportal_hg19_v2.4.0.sql |mysql cbioportal +cat /tmp/seed-cbioportal_hg19_v2.7.3.sql |mysql cbioportal + +# Tell the MySQL daemon to shutdown. +mysqladmin shutdown + +# Wait for the MySQL daemon to exit. +wait $mysql_pid + +# create a tar file with the database as it currently exists +#tar czvf default_mysql.tar.gz /var/lib/mysql + +# the tarfile contains the initialized state of the database. +# when the container is started, if the database is empty (/var/lib/mysql) +# then it is unpacked from default_mysql.tar.gz from +# the ENTRYPOINT /tmp/run_db script diff --git a/builds/cbiodb/files/run_db b/builds/cbiodb/files/run_db new file mode 100644 index 0000000..9998897 --- /dev/null +++ b/builds/cbiodb/files/run_db @@ -0,0 +1,10 @@ +#!/bin/bash +# start db + +set -e +set -x + +# first, if the /var/lib/mysql directory is empty, unpack it from our predefined db +# [ "$(ls -A /var/lib/mysql)" ] && echo "Running with existing database in /var/lib/mysql" || ( echo 'Populate initial db'; tar xpzvf default_mysql.tar.gz ) + +/usr/sbin/mysqld -u mysql \ No newline at end of file diff --git a/builds/cbiodb/mysql/conf/mysql.conf b/builds/cbiodb/mysql/conf/mysql.conf new file mode 100644 index 0000000..7d079f5 --- /dev/null +++ b/builds/cbiodb/mysql/conf/mysql.conf @@ -0,0 +1,57 @@ +# Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + +# +# The MySQL Server configuration file. +# +# For explanations see +# http://dev.mysql.com/doc/mysql/en/server-system-variables.html + +[mysqld] +pid-file = /var/run/mysqld/mysqld.pid +socket = /var/run/mysqld/mysqld.sock +datadir = /var/lib/mysql +#log-error = /var/log/mysql/error.log +# By default we only accept connections from localhost +#bind-address = 127.0.0.1 +# Disabling symbolic-links is recommended to prevent assorted security risks +symbolic-links=0 + +# +# * Fine Tuning +# + +key_buffer_size = 4G +max_heap_table_size = 512M +tmp_table_size = 512M +max_allowed_packet = 256M +thread_stack = 256K +thread_cache_size = 20 +# This replaces the startup script and checks MyISAM tables if needed +# the first time they are touched +myisam-recover-options = BACKUP +max_connections = 214 +#table_cache = 64 +#thread_concurrency = 10 +# +# * Query Cache Configuration +# +query_cache_limit = 1M +query_cache_size = 0 +query_cache_type = 0 + + +join_buffer_size = 16M +table_open_cache = 400 diff --git a/builds/cbiodb/mysql/docker-entrypoint-initdb.d/.gitignore b/builds/cbiodb/mysql/docker-entrypoint-initdb.d/.gitignore new file mode 100644 index 0000000..5e7d273 --- /dev/null +++ b/builds/cbiodb/mysql/docker-entrypoint-initdb.d/.gitignore @@ -0,0 +1,4 @@ +# Ignore everything in this directory +* +# Except this file +!.gitignore diff --git a/builds/job/Dockerfile b/builds/job/Dockerfile new file mode 100644 index 0000000..4f73623 --- /dev/null +++ b/builds/job/Dockerfile @@ -0,0 +1,4 @@ +From appropriate/curl +MAINTAINER Luboslav Pivarc <456130@muni.cz> + +CMD curl -X DELETE 'cbio-api/v1/cbioondemand?id=${INSTANCE}&user.userId=${USER}' diff --git a/yaml/cbio-api/api-deployment.yml b/yaml/cbio-api/api-deployment.yml new file mode 100644 index 0000000..b783118 --- /dev/null +++ b/yaml/cbio-api/api-deployment.yml @@ -0,0 +1,47 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: cbio-on-demand + name: cbio-api + annotations: + maintainer: Luboslav Pivarc <456130@muni.cz> +spec: + selector: + matchLabels: + app: cbio-api + type: ondemand + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + labels: + app: cbio-api + type: ondemand + spec: + containers: + - name: cbio-api + image: lpivo/api:tr1 + ports: + - name: http + containerPort: 8080 + livenessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 2 + readinessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 1 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 2 diff --git a/yaml/cbio-api/api-service.yml b/yaml/cbio-api/api-service.yml new file mode 100644 index 0000000..00a9d40 --- /dev/null +++ b/yaml/cbio-api/api-service.yml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: cbio-api + namespace: cbio-on-demand + labels: + app: cbio-api + type: ondemand + annotations: + maintainer: Luboslav Pivarc <456130@muni.cz> +spec: + selector: + app: cbio-api + type: ondemand + ports: + - port: 80 + targetPort: http diff --git a/yaml/cbio-api/identifier.yml b/yaml/cbio-api/identifier.yml new file mode 100644 index 0000000..9eda808 --- /dev/null +++ b/yaml/cbio-api/identifier.yml @@ -0,0 +1,7 @@ +apiVersion: example.com/v1beta1 +kind: identifier +metadata: + generateName: cod + namespace: cbio-on-demand + # annotations: + # maintainer: Luboslav Pivarc <456130@muni.cz> diff --git a/yaml/cbio-api/registerIdentifier.yml b/yaml/cbio-api/registerIdentifier.yml new file mode 100644 index 0000000..9a95b94 --- /dev/null +++ b/yaml/cbio-api/registerIdentifier.yml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: identifiers.example.com + annotations: + maintainer: Luboslav Pivarc <456130@muni.cz> +spec: + scope: Namespaced + group: example.com + version: v1beta1 + names: + kind: identifier + singular: identifier + plural: identifiers diff --git a/yaml/cbio-app/cbio-replicaset.yml b/yaml/cbio-app/cbio-replicaset.yml new file mode 100644 index 0000000..3e4e1c9 --- /dev/null +++ b/yaml/cbio-app/cbio-replicaset.yml @@ -0,0 +1,52 @@ +apiVersion: apps/v1 +kind: ReplicaSet +metadata: + generateName: cbio-on-demand + namespace: cbio-on-demand + labels: + app: cbio + type: ondemand + annotations: + maintainer: Luboslav Pivarc <456130@muni.cz> +spec: + replicas: 1 + selector: + matchLabels: + app: cbio + type: ondemand + # generated by API by user id from request + #user: Luboslav + # generated by API unique for user + #instance: "1" + template: + metadata: + labels: + app: cbio + type: ondemand + # generated by API by user id from request + #user: Luboslav + # generated by API unique for user + #instance: "1" + spec: + containers: + - name: cbio + image: lpivo/cbioportal:test7 + ports: + - name: http + containerPort: 8080 + env: + - name: DBHOST + # generated by API from service name + value: cbio-on-demand-dbpjvrw + - name: IMPORT + value: /etc/data-loading/cbio-client.py + - name: ID + # generated by API from user request + value: "4" + - name: MOVE + #generated by API from generated url + value: cbioportal + # lifecycle: + # postStart: + # exec: + # command: ["python3", "$IMPORT"] diff --git a/yaml/cbio-app/cbio-service.yml b/yaml/cbio-app/cbio-service.yml new file mode 100644 index 0000000..bbcfabd --- /dev/null +++ b/yaml/cbio-app/cbio-service.yml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + generateName: cbio-on-demand + namespace: cbio-on-demand + labels: + app: cbio + type: ondemand + # generated by API by user id from request + #user: Luboslav + # generated by API unique for user + #instance: "1" + annotations: + maintainer: Luboslav Pivarc <456130@muni.cz> +spec: + selector: + app: cbio + type: ondemand + # generated by API by user id from request + #user: Luboslav + # generated by API unique for user + #instance: "1" + ports: + - port: 80 + targetPort: http diff --git a/yaml/cbio-db/cbiodb-replicaset.yml b/yaml/cbio-db/cbiodb-replicaset.yml new file mode 100644 index 0000000..741744a --- /dev/null +++ b/yaml/cbio-db/cbiodb-replicaset.yml @@ -0,0 +1,71 @@ +apiVersion: apps/v1 +kind: ReplicaSet +metadata: + generateName: cbiodb + namespace: cbio-on-demand + annotations: + maintainer: Luboslav Pivarc <456130@muni.cz> + labels: + app: cbioDB + type: ondemand +spec: + replicas: 1 + selector: + matchLabels: + app: cbioDB + type: ondemand + # generated by API by user id from request + #user: Luboslav + # generated by API unique for user + #instance: "1" + template: + metadata: + labels: + app: cbioDB + type: ondemand + # generated by API by user id from request + #user: Luboslav + # generated by API unique for user + #instance: "1" + spec: + containers: + - name: cbio + image: lpivo/cbiodb:v1 + ports: + - name: mysql + containerPort: 3306 + livenessProbe: + exec: + command: + - sh + - -c + - "mysqladmin ping -u cbio -pP@ssword1" + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + exec: + command: + - sh + - -c + - "mysqladmin ping -u cbio -pP@ssword1" + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + volumeMounts: + - name: config + mountPath: /etc/mysql/mysql.conf.d + subPath: mysql.conf.d + readOnly: true + envFrom: + - secretRef: + name: mysql-env + # we use 1 config for all on-demand databeses + volumes: + - name: config + configMap: + name: mysql-cbio-db diff --git a/yaml/cbio-db/cbiodb-service.yml b/yaml/cbio-db/cbiodb-service.yml new file mode 100644 index 0000000..1c20897 --- /dev/null +++ b/yaml/cbio-db/cbiodb-service.yml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + generateName: cbio-on-demand-db + namespace: cbio-on-demand + labels: + app: cbioDB + type: ondemand + # generated by API by user id from request + #user: Luboslav + # generated by API unique for user + #instance: "1" + annotations: + maintainer: Luboslav Pivarc <456130@muni.cz> +spec: + selector: + app: cbioDB + type: ondemand + # generated by API by user id from request + #user: Luboslav + # generated by API unique for user + #instance: "1" + ports: + - port: 3306 + targetPort: mysql diff --git a/yaml/cbio-db/config.yml b/yaml/cbio-db/config.yml new file mode 100644 index 0000000..15efb9c --- /dev/null +++ b/yaml/cbio-db/config.yml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: mysql-cbio-db + namespace: cbio-on-demand +data: + mysql.conf: "# Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights + reserved.\n#\n# This program is free software; you can redistribute it and/or + modify\n# it under the terms of the GNU General Public License as published + by\n# the Free Software Foundation; version 2 of the License.\n#\n# This program + is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; + without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR + PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You + should have received a copy of the GNU General Public License\n# along with + this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin + St, Fifth Floor, Boston, MA 02110-1301 USA\n\n#\n# The MySQL Server configuration + file.\n#\n# For explanations see\n# http://dev.mysql.com/doc/mysql/en/server-system-variables.html\n\n[mysqld]\npid-file\t= + /var/run/mysqld/mysqld.pid\nsocket\t\t= /var/run/mysqld/mysqld.sock\ndatadir\t\t= + /var/lib/mysql\n#log-error\t= /var/log/mysql/error.log\n# By default we only + accept connections from localhost\n#bind-address\t= 127.0.0.1\n# Disabling symbolic-links + is recommended to prevent assorted security risks\nsymbolic-links=0\n\n#\n# + * Fine Tuning\n#\n\nkey_buffer_size = 4G\nmax_heap_table_size = + 512M\ntmp_table_size = 512M\nmax_allowed_packet = 256M\nthread_stack + \ = 256K\nthread_cache_size = 20\n# This replaces the startup + script and checks MyISAM tables if needed\n# the first time they are touched\nmyisam-recover-options + \ = BACKUP\nmax_connections = 214\n#table_cache = 64\n#thread_concurrency + \ = 10\n#\n# * Query Cache Configuration\n#\nquery_cache_limit = 1M\nquery_cache_size + \ = 0\nquery_cache_type = 0\n\n\njoin_buffer_size = 16M\ntable_open_cache + = 400\n" diff --git a/yaml/cbio-db/secret.yml b/yaml/cbio-db/secret.yml new file mode 100644 index 0000000..faf738b --- /dev/null +++ b/yaml/cbio-db/secret.yml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: mysql-env + namespace: cbio-on-demand +data: + .env: TVlTUUxfUk9PVF9QQVNTV09SRD1QQHNzd29yZDEKTVlTUUxfVVNFUj1jYmlvCk1ZU1FMX1BBU1NXT1JEPVBAc3N3b3JkMQpNWVNRTF9EQVRBQkFTRT1jYmlvcG9ydGFsCgo= +type: Opaque diff --git a/yaml/cbio-delete/deletecronjob.yml b/yaml/cbio-delete/deletecronjob.yml new file mode 100644 index 0000000..5fbaab3 --- /dev/null +++ b/yaml/cbio-delete/deletecronjob.yml @@ -0,0 +1,34 @@ +apiVersion: batch/v1beta1 +kind: CronJob +metadata: + generateName: cbio-delete + namespace: cbio-on-demand + labels: + app: cbio + type: ondemand + # generated by API by user id from request + #user: Luboslav + # generated by API unique for user + #instance: "1" + annotations: + maintainer: Luboslav Pivarc <456130@muni.cz> +spec: + # generated by API + #schedule: "*/1 * * * *" + startingDeadlineSeconds: 21600 + jobTemplate: + spec: + completions: 1 + template: + spec: + containers: + - name: deletetion + image: lpivo/job:tr1 + env: + # generated by API by usr id from request + #- name: USER + # value: string + # generated by API unique for user + #- name: INSTANCE + # value: codpgfjr + restartPolicy: OnFailure diff --git a/yaml/cbio-on-demand-namespace.yml b/yaml/cbio-on-demand-namespace.yml new file mode 100644 index 0000000..0741955 --- /dev/null +++ b/yaml/cbio-on-demand-namespace.yml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cbio-on-demand diff --git a/yaml/cbio-security/security.yml b/yaml/cbio-security/security.yml new file mode 100644 index 0000000..361005e --- /dev/null +++ b/yaml/cbio-security/security.yml @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: cbio-on-demand + name: cbio-proxy + annotations: + maintainer: Luboslav Pivarc <456130@muni.cz> +spec: + selector: + matchLabels: + app: cbio-proxy + type: ondemand + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + labels: + app: cbio-proxy + type: ondemand + spec: + containers: + - name: cbio-proxy + image: lpivo/k8s-saml:t4 + ports: + - name: http + containerPort: 80 + - name: api + containerPort: 5000 + livenessProbe: + httpGet: + path: / + port: http + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: / + port: http + initialDelaySeconds: 1 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 2 + env: + - name: SERVERNAME + value: cbiood.edirex.ics.muni.cz + - name: EMAILADMIN + value: 456130@mail.muni.cz diff --git a/yaml/cbio-security/service-api.yml b/yaml/cbio-security/service-api.yml new file mode 100644 index 0000000..59643c8 --- /dev/null +++ b/yaml/cbio-security/service-api.yml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: cbio-proxy-api + namespace: cbio-on-demand + labels: + app: cbio-proxy + type: ondemand + annotations: + maintainer: Luboslav Pivarc <456130@muni.cz> +spec: + selector: + app: cbio-proxy + type: ondemand + ports: + - port: 80 + targetPort: api diff --git a/yaml/cbio-security/service-proxy.yml b/yaml/cbio-security/service-proxy.yml new file mode 100644 index 0000000..b3bbf99 --- /dev/null +++ b/yaml/cbio-security/service-proxy.yml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: cbio-proxy + namespace: cbio-on-demand + labels: + app: cbio-proxy + type: ondemand + annotations: + maintainer: Luboslav Pivarc <456130@muni.cz> +spec: + selector: + app: cbio-proxy + type: ondemand + ports: + - port: 80 + targetPort: http diff --git a/yaml/complete/bind.yml b/yaml/complete/bind.yml new file mode 100644 index 0000000..5c85d9a --- /dev/null +++ b/yaml/complete/bind.yml @@ -0,0 +1,30 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: cbio-api +subjects: +- kind: ServiceAccount + name: cbio-api + namespace: cbio-on-demand +roleRef: + kind: ClusterRole + name: cbio-api + apiGroup: rbac.authorization.k8s.io + + +--- + +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: fabric8-rbac +subjects: + - kind: ServiceAccount + # Reference to upper's `metadata.name` + name: cbio-api + # Reference to upper's `metadata.namespace` + namespace: cbio-on-demand +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io diff --git a/yaml/complete/cbio-setup.yml b/yaml/complete/cbio-setup.yml new file mode 100644 index 0000000..66b42ad --- /dev/null +++ b/yaml/complete/cbio-setup.yml @@ -0,0 +1,233 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cbio-on-demand + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: cbio-on-demand + name: cbio-api + annotations: + maintainer: Luboslav Pivarc <456130@muni.cz> +spec: + selector: + matchLabels: + app: cbio-api + type: ondemand + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + labels: + app: cbio-api + type: ondemand + spec: + serviceAccountName: cbio-api + containers: + - name: cbio-api + image: lpivo/api:tr3 + ports: + - name: http + containerPort: 8080 + livenessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 2 + readinessProbe: + httpGet: + path: /actuator/health + port: http + initialDelaySeconds: 1 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 2 + +--- + +apiVersion: v1 +kind: Service +metadata: + name: cbio-api + namespace: cbio-on-demand + labels: + app: cbio-api + type: ondemand + annotations: + maintainer: Luboslav Pivarc <456130@muni.cz> +spec: + selector: + app: cbio-api + type: ondemand + ports: + - port: 80 + targetPort: http + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: identifiers.example.com + annotations: + maintainer: Luboslav Pivarc <456130@muni.cz> +spec: + scope: Namespaced + group: example.com + version: v1beta1 + names: + kind: identifier + singular: identifier + plural: identifiers + +--- + +apiVersion: v1 +kind: ConfigMap +metadata: + name: mysql-cbio-db + namespace: cbio-on-demand +data: + mysql.conf: "# Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights + reserved.\n#\n# This program is free software; you can redistribute it and/or + modify\n# it under the terms of the GNU General Public License as published + by\n# the Free Software Foundation; version 2 of the License.\n#\n# This program + is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; + without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR + PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You + should have received a copy of the GNU General Public License\n# along with + this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin + St, Fifth Floor, Boston, MA 02110-1301 USA\n\n#\n# The MySQL Server configuration + file.\n#\n# For explanations see\n# http://dev.mysql.com/doc/mysql/en/server-system-variables.html\n\n[mysqld]\npid-file\t= + /var/run/mysqld/mysqld.pid\nsocket\t\t= /var/run/mysqld/mysqld.sock\ndatadir\t\t= + /var/lib/mysql\n#log-error\t= /var/log/mysql/error.log\n# By default we only + accept connections from localhost\n#bind-address\t= 127.0.0.1\n# Disabling symbolic-links + is recommended to prevent assorted security risks\nsymbolic-links=0\n\n#\n# + * Fine Tuning\n#\n\nkey_buffer_size = 4G\nmax_heap_table_size = + 512M\ntmp_table_size = 512M\nmax_allowed_packet = 256M\nthread_stack + \ = 256K\nthread_cache_size = 20\n# This replaces the startup + script and checks MyISAM tables if needed\n# the first time they are touched\nmyisam-recover-options + \ = BACKUP\nmax_connections = 214\n#table_cache = 64\n#thread_concurrency + \ = 10\n#\n# * Query Cache Configuration\n#\nquery_cache_limit = 1M\nquery_cache_size + \ = 0\nquery_cache_type = 0\n\n\njoin_buffer_size = 16M\ntable_open_cache + = 400\n" + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: mysql-env + namespace: cbio-on-demand +data: + .env: TVlTUUxfUk9PVF9QQVNTV09SRD1QQHNzd29yZDEKTVlTUUxfVVNFUj1jYmlvCk1ZU1FMX1BBU1NXT1JEPVBAc3N3b3JkMQpNWVNRTF9EQVRBQkFTRT1jYmlvcG9ydGFsCgo= +type: Opaque + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: cbio-on-demand + name: cbio-proxy + annotations: + maintainer: Luboslav Pivarc <456130@muni.cz> +spec: + selector: + matchLabels: + app: cbio-proxy + type: ondemand + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + labels: + app: cbio-proxy + type: ondemand + spec: + containers: + - name: cbio-proxy + image: lpivo/k8s-saml:t6 + ports: + - name: http + containerPort: 80 + - name: api + containerPort: 5000 + livenessProbe: + httpGet: + path: / + port: http + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: / + port: http + initialDelaySeconds: 1 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 2 + env: + - name: SERVERNAME + value: cbiood.edirex.ics.muni.cz + - name: EMAILADMIN + value: 456130@mail.muni.cz + +--- + +apiVersion: v1 +kind: Service +metadata: + name: cbio-proxy-api + namespace: cbio-on-demand + labels: + app: cbio-proxy + type: ondemand + annotations: + maintainer: Luboslav Pivarc <456130@muni.cz> +spec: + selector: + app: cbio-proxy + type: ondemand + ports: + - port: 80 + targetPort: api + +--- + + +apiVersion: v1 +kind: Service +metadata: + name: cbio-proxy + namespace: cbio-on-demand + labels: + app: cbio-proxy + type: ondemand + annotations: + maintainer: Luboslav Pivarc <456130@muni.cz> +spec: + selector: + app: cbio-proxy + type: ondemand + ports: + - port: 80 + targetPort: http diff --git a/yaml/complete/cbiood.crt b/yaml/complete/cbiood.crt new file mode 100644 index 0000000..21de259 --- /dev/null +++ b/yaml/complete/cbiood.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDszCCApugAwIBAgIUJMKNctTo0DplMqRD/9X5y3tbid8wDQYJKoZIhvcNAQEL +BQAwaTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM +GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEiMCAGA1UEAwwZY2Jpb29kLmVkaXJl +eC5pY3MubXVuaS5jejAeFw0xOTA2MDcxNjQ5NTFaFw0yMDA2MDYxNjQ5NTFaMGkx +CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl +cm5ldCBXaWRnaXRzIFB0eSBMdGQxIjAgBgNVBAMMGWNiaW9vZC5lZGlyZXguaWNz +Lm11bmkuY3owggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJfesKYdSq +kb603X/O2tt1vfzNv2SEJQhJ7423vZQuKVxPD8zjouHuDP1X9qAVFm5kXABu3ysB +4t/mmDYjD5TtMTO5qIvHc+i4I+vaLgGDN1BmdSrtSHkWP6PWAAES3PrH93TCD48b +DiIwB8xLVX5xN8s/+gGvCR+a4ZfGiH2x36PI/LqnF2Fp7Za2QtFvnL1ED93FSSxg +HKyBEyGn3tgZg0zbMPlACfLPPsSSBs23WfsU+pvwCbFJh1soSv7G0eIK3TYf4dzK +10FCd/DQSRjhwADC39I++IO4WHaHtAXz7KyqYbXwIs1NSZ3IVUZRUq8bc5oHzIdP +hYn95QPhi6yLAgMBAAGjUzBRMB0GA1UdDgQWBBQVa4WaF2IDcU/6W6n2B4zTz9WG ++jAfBgNVHSMEGDAWgBQVa4WaF2IDcU/6W6n2B4zTz9WG+jAPBgNVHRMBAf8EBTAD +AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBwdYhTxtf3z6ooF06MWkU2FnN/TphwP4+l +/MB7aWtP/O05Wz2I/hel5ZimhgLJe0dmk/GFZxDLqMd7YlMuvqOjm2KNqh9sHAd4 +XyEBpie5ibv8prRxvZVukC2skiXwu7GX9HAlcnM/gzQZ3+CVRZtQfbsk+BLjsIb/ +aZHSokWWvEUI5EPixeOWLYyDvSH6Une9XezZzsRaQyiGuGqSXyH/O24uJ+FQVG+X +yPTlCwuTbdmcEwBPEM8TjNzCTTyodDcTtTt1AKVbZDYid1BQpb0JVvgpVpWfuprA +glzRYbtQY7Adrx45+UA3eNlEydjWTB2G/qpw7PR65pdwJn91OE9+ +-----END CERTIFICATE----- diff --git a/yaml/complete/ingress-api.yml b/yaml/complete/ingress-api.yml new file mode 100644 index 0000000..ae3de6b --- /dev/null +++ b/yaml/complete/ingress-api.yml @@ -0,0 +1,13 @@ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: cbio + namespace: cbio-on-demand +spec: + rules: + - http: + paths: + - path: /api + backend: + serviceName: cbio-api + servicePort: 80 diff --git a/yaml/complete/ingress-proxy.yml b/yaml/complete/ingress-proxy.yml new file mode 100644 index 0000000..29041b0 --- /dev/null +++ b/yaml/complete/ingress-proxy.yml @@ -0,0 +1,14 @@ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: cbio-proxy + namespace: cbio-on-demand +spec: + rules: + - host: cbiood.edirex.ics.muni.cz + http: + paths: + - path: / + backend: + serviceName: cbio-proxy + servicePort: 80 diff --git a/yaml/complete/role.yml b/yaml/complete/role.yml new file mode 100644 index 0000000..471b465 --- /dev/null +++ b/yaml/complete/role.yml @@ -0,0 +1,8 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: cbio-api +rules: +- apiGroups: [""] + resources: ["identifiers"] + verbs: ["VerbAll"] diff --git a/yaml/complete/serviceAccount.yml b/yaml/complete/serviceAccount.yml new file mode 100644 index 0000000..1b7679c --- /dev/null +++ b/yaml/complete/serviceAccount.yml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cbio-api + namespace: cbio-on-demand -- GitLab