diff --git a/README.md b/README.md index 23b7e2a9..cf426551 100644 --- a/README.md +++ b/README.md @@ -34,11 +34,13 @@ that make up the Bento platform. * [`bentoctl`: the Bento deployment command line management tool](./docs/bentoctl.md) * [Installation](./docs/installation.md) * [Development](./docs/development.md) + * [Adding services to Bento](./docs/adding-services.md) * [Troubleshooting guide](./docs/troubleshooting.md) * [Deployment](./docs/deployment.md) * [Monitoring](./docs/monitoring.md) * [Public discovery configuration](./docs/public_discovery.md) * [Using a reverse proxy in front of Bento](./docs/reverse-proxy.md) +* [MinIO object storage](./docs/minio.md) ### Data ingestion and usage @@ -48,6 +50,7 @@ that make up the Bento platform. ### Migration documents +* [v17.1 to v18](./docs/migrating_to_18.md) * [v17 to v17.1](./docs/migrating_to_17_1.md) * [v16 to v17](./docs/migrating_to_17.md) * [v15.2 to v16](./docs/migrating_to_16.md) diff --git a/docker-compose.dev.yaml b/docker-compose.dev.yaml index 243e6bb1..057844d0 100644 --- a/docker-compose.dev.yaml +++ b/docker-compose.dev.yaml @@ -40,11 +40,13 @@ services: - ${BENTOV2_DOMAIN} - ${BENTOV2_PORTAL_DOMAIN} - ${BENTOV2_AUTH_DOMAIN} + - ${BENTO_MINIO_DOMAIN} drs-net: aliases: - ${BENTOV2_DOMAIN} - ${BENTOV2_PORTAL_DOMAIN} - ${BENTOV2_AUTH_DOMAIN} + - ${BENTO_MINIO_DOMAIN} event-relay-net: aliases: - ${BENTOV2_DOMAIN} diff --git a/docker-compose.local.yaml b/docker-compose.local.yaml index 5dbd201f..0147a093 100644 --- a/docker-compose.local.yaml +++ b/docker-compose.local.yaml @@ -19,6 +19,7 @@ services: - ${PWD}/lib/public/en_about.html:/bento-public/src/public/en_about.html - ${PWD}/lib/public/fr_about.html:/bento-public/src/public/fr_about.html - ${PWD}/lib/public/branding.png:/bento-public/src/public/assets/branding.png + - ${PWD}/lib/public/branding.lightbg.png:/bento-public/src/public/assets/branding.lightbg.png - ${PWD}/lib/public/translations/en.json:/bento-public/src/public/locales/en/translation_en.json - ${PWD}/lib/public/translations/fr.json:/bento-public/src/public/locales/fr/translation_fr.json environment: diff --git a/docker-compose.yaml b/docker-compose.yaml index f91aaa52..8cfa236d 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -14,6 +14,7 @@ include: - lib/gohan/docker-compose.gohan.yaml # Optional feature; controlled by a compose profile - lib/katsu/docker-compose.katsu.yaml - lib/logs/docker-compose.logs.yaml + - lib/minio/docker-compose.minio.yaml - lib/notification/docker-compose.notification.yaml - lib/public/docker-compose.public.yaml # Optional feature; controlled by a compose profile - lib/redis/docker-compose.redis.yaml diff --git a/docs/adding-services.md b/docs/adding-services.md new file mode 100644 index 00000000..3948c8b0 --- /dev/null +++ b/docs/adding-services.md @@ -0,0 +1,155 @@ +# Adding services to Bento + +There are two types of services in Bento: + +* Bento services, which have been developed by the Bento team specifically for the platform, and +* other services, which support the Bento services or provide additional platform features. + + +## Aspects to consider when adding any service to Bento + +### Environment variables + +* Service environment variables, used for configuring the image and some aspects of the service itself, should be added + to `etc/bento.env`. These variables typically include: + * Image + * Image version (tag) + * Container name template + * Service Docker network (**Note:** we typically give each service its own network, and add services to multiple + networks only as needed) + * Debugger ports +* Configuration environment variables, for setting up feature flags and passwords, should be added to + `etc/default_config.env` and the example files `etc/bento_deploy.env` and `etc/bento_dev.env`. + * `etc/default_config.env` contains feature flags and "empty definitions" for passwords/secrets. + * `etc/bento_deploy.env` is an example / template setup (to be copied to `local.env`) for a production deployment. + * `etc/bento_dev.env` is an example / template setup (to be copied to `local.env`) for a development setup. + +### Container setup + +The service's Docker container must be set up via a Compose file in `lib//docker-compose..yaml`. +This must then be included in the main `docker-compose.yaml` file, in the `include` block. + +The service's network (and potentially feature flag, if applicable), as well as container name and port environment +variables must be added to the gateway compose file (`lib/gateway/docker-compose.gateway.yaml`) if the service is to be +externally accessible. + +### Gateway configuration + +*As needed,* a gateway NGINX config must be placed into `lib/gateway/`. + +### Required `bentoctl` changes + +Inside the `py_bentoctl` Python module: + +* If the service is locked behind a feature flag, add the feature (as an `BentoOptionalFeature` instance) to + `config.py`, modeling it after other definitions. +* Add the service image environment variables to the `service_image_vars` variable in `services.py`. +* If the service is not a Bento service (or does not have the `bento` user in the Docker image), add the service to the + `BENTO_USER_EXCLUDED_SERVICES` variable. +* In `other_helpers.py`: + * If the service has a data directory that needs to be initialized, add an entry to the `data_dir_vars` variable + in the `init_dirs(...)` function containing the name of the environment variable which points to the data volume + directory. + * Add any entry with the name of the environment variable storing the name of the Docker network to the `networks` + variable in the `init_docker(...)` function. + * If new certificates are needed, add new entries to the `init_self_signed_certs` function (for development purposes). + +### Documentation changes + +* Make sure to add a note about how to set up the service for the first time to the + [Installation guide](./installation.md), as well as the migration guide for the version the service is introduced in. +* If additional deployment steps are needed (i.e., new certificates), add a note to the + [Deployment guide](./deployment.md). + +### Additional notes + +Non-Bento services **MUST NOT** be put into `etc/bento_services.json`; this file is for Bento services only (see below). + + +## Additional considerations when adding new Bento services + +### User and base image + +It is expected that Bento services will use one of the +[Bento base images](https://github.com/bento-platform/bento_base_images). + +These images provide a `bento` user, whose UID is set to the host user's UID. + +### `/service-info` and service record in `bento_services.json` + +Bento services **MUST** implement the GA4GH [Service Info](https://www.ga4gh.org/product/service-info/) API. +They must also be registered in the `etc/bento_services.json` file, which allows them to be loaded into the +[Bento Service Registry](https://github.com/bento-platform/bento_service_registry). + +Each entry of this file follows the format: + +```js +{ + // ... + "": { + "service_kind": "", + "url_template": "{BENTO_PUBLIC_URL}/api/{service_kind}", + "repository": "git@github.com:bento-platform/<...>" + }, + // ... +} +``` + +In this format: +* `` is the key of the service in its `docker-compose.<...>.yaml` file +* `` is a special Bento-unique identifier for the service, allowing front ends to look up services. +* The `url_template` key is a template for the base URL used to access the service's API. +* The `repository` key is an SSH Git repository URL for the service code, so it can be cloned into the `repos` folder + for development. + + +### Making service-to-service requests go through the gateway (dev) + +Bento relies on three mechanisms to resolve hostnames to IP addresses: +- DNS records (production only) + - `/etc/hosts` entries when in local dev + - For requests originating outside of the Docker networks (e.g. web browsers) +- Container names (production & dev) + - When two containers are on the same Docker network and need to talk to each other directly + - Docker resolves a container's name to its IP on a Docker network + - e.g. Katsu can talk directly to DRS with `http://${BENTOV2_DRS_CONTAINER_NAME}:${BENTOV2_DRS_INTERNAL_PORT}` +- Docker network aliases (dev only) + - When two services need to communicate with each other via the gateway only. + - In production, this is taken care of by DNS records + +When developing locally, some services may need to be interacted with strictly through the gateway. +This is the case for Keycloak (auth) and Minio, as both services require a subdomain and HTTPS. + +As such, drop-box cannot use the Docker resolver in order to connect to Minio. + +Since we are in local, there is no DNS record to resolve Minio's domain, +and the host's `/etc/hosts` entries will not be of help from the container's perspective. + +For these situations, we rely on [Docker network aliases.](https://docs.docker.com/reference/compose-file/services/#aliases) + +Taking the Minio example, we need: + - Drop-Box to interact with Minio via the gateway + - DRS to interact with Minio via the gateway + +Enabling this is done by adding `${BENTO_MINIO_DOMAIN}` to the respective service networks aliases. + +This snippet comes from [docker-compose.dev.yaml](../docker-compose.dev.yaml): +```yaml +services: + gateway: + networks: + drop-box-net: + aliases: + - ${BENTOV2_DOMAIN} + - ${BENTOV2_PORTAL_DOMAIN} + - ${BENTOV2_AUTH_DOMAIN} + - ${BENTO_MINIO_DOMAIN} + drs-net: + aliases: + - ${BENTOV2_DOMAIN} + - ${BENTOV2_PORTAL_DOMAIN} + - ${BENTOV2_AUTH_DOMAIN} + - ${BENTO_MINIO_DOMAIN} +``` + +Doing so, we make sure that `${BENTO_MINIO_DOMAIN}` is resolved to the gateway for drop-box and DRS. diff --git a/docs/deployment.md b/docs/deployment.md index 53f682f9..0f303fd3 100644 --- a/docs/deployment.md +++ b/docs/deployment.md @@ -9,6 +9,7 @@ BENTOV2_DOMAIN=bento.example.com BENTOV2_PORTAL_DOMAIN=portal.${BENTOV2_DOMAIN} BENTOV2_AUTH_DOMAIN=auth.${BENTOV2_DOMAIN} BENTOV2_CBIOPORTAL_DOMAIN=cbioportal.${BENTOV2_DOMAIN} +BENTO_MINIO_DOMAIN=minio.${BENTOV2_DOMAIN} ``` For a real deployment, make sure that your `local.env` file uses valid domain names for which SSL certificates diff --git a/docs/development.md b/docs/development.md index c357bb1c..ddc476d0 100644 --- a/docs/development.md +++ b/docs/development.md @@ -185,6 +185,11 @@ If subsequent modifications are made to the package's code, you will need to cre and install it again in the app with `npm install`. +## Adding services + +See [`adding-services.md`](./adding-services.md) for some considerations when adding new services to Bento. + + ## Using Adminer An [Adminer](https://www.adminer.org/) container is deployed in dev and local mode, it can be used to inspect the diff --git a/docs/img/minio_object_store.png b/docs/img/minio_object_store.png new file mode 100644 index 00000000..3287766b Binary files /dev/null and b/docs/img/minio_object_store.png differ diff --git a/docs/installation.md b/docs/installation.md index 6f9bc9e4..5742d604 100644 --- a/docs/installation.md +++ b/docs/installation.md @@ -325,10 +325,18 @@ value in the `BENTOV2_AUTH_CLIENT_ID` environment variable. On local instances, this is set to `local_bentov2` by default. -## 7. *Production only:* set up translations for Bento-Public +## 7. *Production only:* set up translations and branding -Now that Bento Public has been initialized by either `./bentoctl.bash init-all` or `./bentoctl.bash init-web public`, -adjust the default translation set as necessary: +Now that Bento Public and Web have been initialized by either `./bentoctl.bash init-all` or +`./bentoctl.bash init-web `, translation files and branding (logos) can be configured as necessary. + +**For branding (logos)**, copy files to the following paths: + +* A logo which works on dark backgrounds should be placed at `lib/public/branding.png` and `lib/web/branding.png`. +* A logo which works on light backgrounds should be placed at `lib/public/branding.lightbg.png`. This is primarily + useful for Beacon Network. + +**For translations** (which apply only to Bento Public), adjust the default translation set as necessary: ```js // lib/public/translations/.json diff --git a/docs/migrating_to_18.md b/docs/migrating_to_18.md new file mode 100644 index 00000000..a186c28b --- /dev/null +++ b/docs/migrating_to_18.md @@ -0,0 +1,58 @@ +# Migrating to Bento v18 + +* Bento v18 implements some new features for branding, which may require changes as described below. +* It also adds MinIO as a backend for future S3-compatible object storage. + * This can be enabled now, but will not be used until a future version. + * For instances hosted on the Secure Data for Health (SD4H) infrastructure, the SD4H object store should be used for + production instances when S3-compatible services become ready in a future version. + + +## 1. Stop and update services, and initialize new networks + +```bash +./bentoctl.bash stop +./bentoctl.bash pull +# set up new Docker networks for MinIO (needed even if MinIO is not set up) +./bentoctl.bash init-docker +``` + + +## 2. Set up light and dark-background branding for Bento Public + +* Make sure `lib/public/branding.png` and `lib/web/branding.png` are images which work on dark backgrounds. +* **If you have a light-background logo to add:** put this file at `lib/public/branding.lightbg.png`. +* **If you do not have a light-background logo:** run `./bentoctl.bash init-web public` to copy the Bento logo to the + above location, or copy `branding.png` to `branding.lightbg.png` + + +## 3. If desired, disable Bento Public sign in / portal links + +Version 18 includes two new Bento Public environment variables for customizing an instance: + +* `BENTO_PUBLIC_SHOW_PORTAL_LINK`: Whether to show a link to the private data portal in the header +* `BENTO_PUBLIC_SHOW_SIGN_IN`: Whether to show a "Sign In" button in the header +* `BENTO_PUBLIC_FORCE_CATALOGUE`: Whether to force the data catalogue to display, even with only a single project. + +The first two are set to `true` by default, and the last is set to `false`. If desired, they can be toggled to +non-default settings by modifying `local.env`, for example: + +```bash +# ... +BENTO_PUBLIC_SHOW_PORTAL_LINK='false' +BENTO_PUBLIC_SHOW_SIGN_IN='false' +BENTO_PUBLIC_FORCE_CATALOGUE='true' +# ... +``` + + +## 4. Enabling MinIO + +To enable the deployment of a MinIO server for S3 storage, refer to the documentation on +[configuring MinIO for Bento](/docs/minio.md). + + +## 5. Restart services + +```bash +./bentoctl.bash start +``` diff --git a/docs/minio.md b/docs/minio.md new file mode 100644 index 00000000..0c3939d3 --- /dev/null +++ b/docs/minio.md @@ -0,0 +1,128 @@ +# Bento MinIO + +Bento can be deployed with a [MinIO](https://github.com/minio/minio) service. +The MinIO service provides an [S3 compatible API](https://min.io/docs/minio/linux/reference/s3-api-compatibility.html) +for object storage. + +It is mostly intended for development and testing purposes with the S3 API, +as we are working on enabling S3 storage for Bento. + +For deployments, Bento instances requiring large storage capacity should rely on an external managed +S3 storage provider (AWS, Ceph, production MinIO cluster, etc). +This will allow Bento deployments to be decoupled from disk storage concerns. + +## Routing +![MinIO local deployment](./img/minio_object_store.png) + +**Note:** As shown above, the MinIO service relies on disk storage, which is why +production environments should consider external S3 storage instead. + +## Configuration + +To enable the MinIO service in a Bento deployment, please follow the instructions bellow. + +### Environment variables + +Enable MinIO by setting the feature flag and other required variables in `local.env`. + +```bash +BENTO_MINIO_ENABLED='true' +BENTO_MINIO_ROOT_USER=root # default value, can be changed +BENTO_MINIO_ROOT_PASSWORD=secure-password # change to a secure pw +BENTO_MINIO_DOMAIN=minio.${BENTOV2_DOMAIN} # MUST be a subdomain of BENTOV2_DOMAIN +``` + +### Domain resolution + +In a VM using a trusted certificate authority, there should be a DNS record for `BENTO_MINIO_DOMAIN`. + +In a local development environment, you must specify how `BENTO_MINIO_DOMAIN` should be resolved, +simulating a DNS record for self-signed certificates. + +Assuming `BENTO_MINIO_DOMAIN=minio.bentov2.local`, add the following line to your `/etc/hosts` file: + +```bash +# /etc/hosts +127.0.0.1 minio.bentov2.local +``` + +### Initialize MinIO certificates, networking and directories + +After enabling the MinIO feature flag for the first time and setting domain resolution, +you must initialize the Docker networks, mounted directories and certs. +```bash +./bentoctl.bash init-certs -f # creates the self-signed certificate for MinIO +./bentoctl.bash init-docker # creates the Docker network for MinIO +./bentoctl.bash init-dirs # creates MinIO's data directory to be mounted +``` + +### Start MinIO + +If all previous steps were performed correctly, you are ready to restart the +gateway and start the MinIO service! + +```bash +# Will recreate the gateway container automatically and start MinIO. +./bentoctl.bash run +``` + +## Using the console + +The console can be accessed using a web browser, simply navigate to [minio.bentov2.local/minio/ui/](https://minio.bentov2.local/minio/ui/). + +Authenticate using `BENTO_MINIO_ROOT_USER` and `BENTO_MINIO_ROOT_PASSWORD`. + +Once logged in, you can issue access keys. These keys can be used to make +S3 API calls. + +## Using MinIO's S3 API + +Assuming you created an access key in the console and saved the values, +you are ready to make object storage operations through the S3 API. + +Interactions between clients and the S3 API all take place over HTTP. +Many CLI tools and libraries are available to simplify these operations. + +### S3cmd + +[S3cmd](https://s3tools.org/s3cmd) is a popular CLI tool to interact with object stores that +support the S3 protocol, including MinIO. + +Once S3cmd is installed on a machine, you can create a s3cmd configuration file for the S3 API +endpoint of your choice. + +```bash +# ~/.s3cfg-minio-local +host_base = minio.bentov2.local # S3 API endpoint (local here) +host_bucket = minio.bentov2.local +use_https = True # Use HTTPS + +# For dev self-signed certs only +check_ssl_certificate = False # Enable if using trusted CA + +# Setup access keys +access_key = +secret_key = +``` + +With the S3cmd config file in place, you can start creating buckets, uploading files, and much more. + +```bash +# list buckets (empty at first) +s3cmd -c ~/.s3cfg-minio-local ls + +# Create a bucket named 'test' +s3cmd -c ~/.s3cfg-minio-local mb s3://test + +# Upload a file to your new bucket! +s3cmd -c ~/.s3cfg-minio-local put some-file.txt s3://test/some-file.txt +``` + +### Boto3 + +[Boto3](https://boto3.amazonaws.com/v1/documentation/api/latest/guide/quickstart.html#installation) +is an official AWS Python package to interact with an S3 compatible object store. + +Like S3cmd, it must be configured to use access keys. + +Future work on DRS and Drop-Box will involve Boto3 to enable S3 storage in Bento. diff --git a/etc/bento.env b/etc/bento.env index 27596ee2..603c8878 100644 --- a/etc/bento.env +++ b/etc/bento.env @@ -34,7 +34,7 @@ BENTOV2_GATEWAY_INTERNAL_CERTS_DIR=/usr/local/openresty/nginx/certs # Gateway BENTOV2_GATEWAY_IMAGE=ghcr.io/bento-platform/bento_gateway -BENTOV2_GATEWAY_VERSION=0.13.2 +BENTOV2_GATEWAY_VERSION=0.14.0 BENTOV2_GATEWAY_VERSION_DEV=${BENTOV2_GATEWAY_VERSION}-dev BENTOV2_GATEWAY_CONTAINER_NAME=${BENTOV2_PREFIX}-gateway @@ -80,7 +80,7 @@ BENTO_AUTH_DB_NETWORK="${BENTOV2_PREFIX}-auth-db-net" # - Authz service BENTO_AUTHZ_IMAGE=ghcr.io/bento-platform/bento_authorization_service -BENTO_AUTHZ_VERSION=0.10.2 +BENTO_AUTHZ_VERSION=0.10.3 BENTO_AUTHZ_VERSION_DEV=${BENTO_AUTHZ_VERSION}-dev BENTO_AUTHZ_CONTAINER_NAME=${BENTOV2_PREFIX}-authz BENTO_AUTHZ_NETWORK=${BENTOV2_PREFIX}-authz-net @@ -100,7 +100,7 @@ BENTO_AUTHZ_DB_MEM_LIM=1G # Web BENTO_WEB_CUSTOM_HEADER= BENTOV2_WEB_IMAGE=ghcr.io/bento-platform/bento_web -BENTOV2_WEB_VERSION=6.1.1 +BENTOV2_WEB_VERSION=7.0.0 BENTOV2_WEB_VERSION_DEV=${BENTOV2_WEB_VERSION}-dev BENTOV2_WEB_CONTAINER_NAME=${BENTOV2_PREFIX}-web BENTO_WEB_NETWORK=${BENTOV2_PREFIX}-web-net @@ -112,7 +112,7 @@ BENTOV2_WEB_CPUS=2 # Drop-Box BENTOV2_DROP_BOX_IMAGE=ghcr.io/bento-platform/bento_drop_box_service -BENTOV2_DROP_BOX_VERSION=1.1.11 +BENTOV2_DROP_BOX_VERSION=1.1.12 BENTOV2_DROP_BOX_VERSION_DEV=${BENTOV2_DROP_BOX_VERSION}-dev BENTOV2_DROP_BOX_CONTAINER_NAME=${BENTOV2_PREFIX}-drop-box BENTO_DROP_BOX_NETWORK=${BENTOV2_PREFIX}-drop-box-net @@ -126,7 +126,7 @@ BENTOV2_DROP_BOX_CPUS=3 # Service Registry BENTOV2_SERVICE_REGISTRY_IMAGE=ghcr.io/bento-platform/bento_service_registry -BENTOV2_SERVICE_REGISTRY_VERSION=1.4.3 +BENTOV2_SERVICE_REGISTRY_VERSION=1.4.4 BENTOV2_SERVICE_REGISTRY_VERSION_DEV=${BENTOV2_SERVICE_REGISTRY_VERSION}-dev BENTOV2_SERVICE_REGISTRY_CONTAINER_NAME=${BENTOV2_PREFIX}-service-registry BENTO_SERVICE_REGISTRY_NETWORK=${BENTOV2_PREFIX}-service-registry-net @@ -140,7 +140,7 @@ BENTO_SERVICE_REGISTRY_URL=${BENTOV2_PUBLIC_URL}/api/service-registry # Notification BENTOV2_NOTIFICATION_IMAGE=ghcr.io/bento-platform/bento_notification_service -BENTOV2_NOTIFICATION_VERSION=3.1.7 +BENTOV2_NOTIFICATION_VERSION=3.1.8 BENTOV2_NOTIFICATION_VERSION_DEV=${BENTOV2_NOTIFICATION_VERSION}-dev BENTOV2_NOTIFICATION_CONTAINER_NAME=${BENTOV2_PREFIX}-notification BENTO_NOTIFICATION_NETWORK=${BENTOV2_PREFIX}-notification-net @@ -155,7 +155,7 @@ BENTOV2_NOTIFICATION_CPUS=2 # Aggregation BENTOV2_AGGREGATION_IMAGE=ghcr.io/bento-platform/bento_aggregation_service -BENTOV2_AGGREGATION_VERSION=0.19.9 +BENTOV2_AGGREGATION_VERSION=0.19.10 BENTOV2_AGGREGATION_VERSION_DEV=${BENTOV2_AGGREGATION_VERSION}-dev BENTOV2_AGGREGATION_CONTAINER_NAME=${BENTOV2_PREFIX}-aggregation BENTO_AGGREGATION_NETWORK=${BENTOV2_PREFIX}-aggregation-net @@ -170,7 +170,7 @@ BENTOV2_AGGREGATION_CPUS=2 # Event-Relay BENTOV2_EVENT_RELAY_IMAGE=ghcr.io/bento-platform/bento_event_relay -BENTOV2_EVENT_RELAY_VERSION=3.1.6 +BENTOV2_EVENT_RELAY_VERSION=3.1.8 BENTOV2_EVENT_RELAY_VERSION_DEV=${BENTOV2_EVENT_RELAY_VERSION}-dev BENTOV2_EVENT_RELAY_CONTAINER_NAME=${BENTOV2_PREFIX}-event-relay BENTO_EVENT_RELAY_NETWORK=${BENTOV2_PREFIX}-event-relay-net @@ -184,7 +184,7 @@ BENTOV2_EVENT_RELAY_CPUS=1 # Reference # - Service BENTO_REFERENCE_IMAGE=ghcr.io/bento-platform/bento_reference_service -BENTO_REFERENCE_VERSION=0.3.2 +BENTO_REFERENCE_VERSION=0.4.0 BENTO_REFERENCE_VERSION_DEV=${BENTO_REFERENCE_VERSION}-dev BENTO_REFERENCE_CONTAINER_NAME=${BENTOV2_PREFIX}-reference BENTO_REFERENCE_NETWORK=${BENTOV2_PREFIX}-reference-net @@ -206,7 +206,7 @@ BENTO_REFERENCE_DB_USER="reference_user" # WES BENTOV2_WES_IMAGE=ghcr.io/bento-platform/bento_wes -BENTOV2_WES_VERSION=0.14.6 +BENTOV2_WES_VERSION=0.14.7 BENTOV2_WES_VERSION_DEV=${BENTOV2_WES_VERSION}-dev BENTOV2_WES_CONTAINER_NAME=${BENTOV2_PREFIX}-wes BENTO_WES_NETWORK=${BENTOV2_PREFIX}-wes-net @@ -233,7 +233,7 @@ BENTOV2_WES_WORKFLOW_TIMEOUT=172800 # DRS BENTOV2_DRS_IMAGE=ghcr.io/bento-platform/bento_drs -BENTOV2_DRS_VERSION=0.19.0 +BENTOV2_DRS_VERSION=0.19.1 BENTOV2_DRS_VERSION_DEV=${BENTOV2_DRS_VERSION}-dev BENTOV2_DRS_CONTAINER_NAME=${BENTOV2_PREFIX}-drs BENTO_DRS_NETWORK=${BENTOV2_PREFIX}-drs-net @@ -278,7 +278,7 @@ BENTOV2_KATSU_DB_CPUS=4 # Katsu BENTOV2_KATSU_IMAGE=ghcr.io/bento-platform/katsu -BENTOV2_KATSU_VERSION=9.1.0 +BENTOV2_KATSU_VERSION=10.0.0 BENTOV2_KATSU_VERSION_DEV=${BENTOV2_KATSU_VERSION}-dev BENTOV2_KATSU_CONTAINER_NAME=${BENTOV2_PREFIX}-katsu BENTO_KATSU_NETWORK=${BENTOV2_PREFIX}-katsu-net @@ -301,7 +301,7 @@ CHORD_METADATA_SUB_PATH=/api/metadata # Canonical/world-resolvable URL for Katsu # TODO: services should use the service registry instead -BENTO_KATSU_URL=${BENTOV2_PORTAL_PUBLIC_URL}${CHORD_METADATA_SUB_PATH} +BENTO_KATSU_URL=${BENTOV2_PUBLIC_URL}${CHORD_METADATA_SUB_PATH} # Redis BENTOV2_REDIS_BASE_IMAGE=redis @@ -387,7 +387,7 @@ BENTOV2_GOHAN_PRIVATE_AUTHZ_URL=http://${BENTOV2_GOHAN_AUTHZ_OPA_CONTAINER_NAME} # Bento-Public BENTO_PUBLIC_IMAGE=ghcr.io/bento-platform/bento_public -BENTO_PUBLIC_VERSION=0.22.0 +BENTO_PUBLIC_VERSION=0.23.1 BENTO_PUBLIC_VERSION_DEV=${BENTO_PUBLIC_VERSION}-dev BENTO_PUBLIC_CONTAINER_NAME=${BENTOV2_PREFIX}-public BENTO_PUBLIC_NETWORK=${BENTOV2_PREFIX}-public-net @@ -407,7 +407,7 @@ BENTO_PUBLIC_PORTAL_URL=${BENTOV2_PORTAL_PUBLIC_URL} BENTO_BEACON_CONTAINER_NAME=${BENTOV2_PREFIX}-beacon BENTO_BEACON_NETWORK=${BENTOV2_PREFIX}-beacon-net BENTO_BEACON_IMAGE=ghcr.io/bento-platform/bento_beacon -BENTO_BEACON_VERSION=0.18.1 +BENTO_BEACON_VERSION=0.19.0 BENTO_BEACON_VERSION_DEV=${BENTO_BEACON_VERSION}-dev BENTO_BEACON_INTERNAL_PORT=${BENTO_STD_SERVICE_INTERNAL_PORT} BENTO_BEACON_EXTERNAL_PORT=5000 @@ -472,3 +472,13 @@ BENTO_GRAFANA_SIGNOUT_REDIRECT_URL=https://${BENTOV2_AUTH_DOMAIN}/realms/${BENTO BENTO_PROMTAIL_IMAGE=grafana/promtail BENTO_PROMTAIL_IMAGE_VERSION=3.1.2 BENTO_PROMTAIL_CONTAINER_NAME=${BENTOV2_PREFIX}-promtail + +# MinIO +BENTO_MINIO_IMAGE=quay.io/minio/minio +BENTO_MINIO_IMAGE_VERSION=RELEASE.2024-12-13T22-19-12Z +BENTO_MINIO_CONTAINER_NAME=${BENTOV2_PREFIX}-minio +BENTO_MINIO_DATA_DIR=${BENTO_SLOW_DATA_DIR}/minio/data +BENTO_MINIO_NETWORK=${BENTOV2_PREFIX}-minio-net +BENTO_MINIO_ROOT_USER=root +BENTO_MINIO_INTERNAL_PORT=9000 +BENTO_MINIO_CONSOLE_PORT=9001 diff --git a/etc/bento_deploy.env b/etc/bento_deploy.env index 24f63cc1..d28f27fd 100644 --- a/etc/bento_deploy.env +++ b/etc/bento_deploy.env @@ -14,9 +14,16 @@ BENTO_BEACON_NETWORK_ENABLED='false' BENTO_CBIOPORTAL_ENABLED='false' BENTO_GOHAN_ENABLED='true' BENTO_MONITORING_ENABLED='false' +BENTO_MINIO_ENABLED='false' -# - Switch to enable French translation in Bento Public +# - Display flags for Bento portals +# - Switch to enable French translation in Bento Public BENTO_PUBLIC_TRANSLATED='true' +# - Switches to enable various links in the Bento Public header (these default to being on) +BENTO_PUBLIC_SHOW_PORTAL_LINK='true' +BENTO_PUBLIC_SHOW_SIGN_IN='true' +# - Switch to force-show the data catalogue in Bento Public even with a single project +BENTO_PUBLIC_FORCE_CATALOGUE='false' # Feature switches end ------------------------------------------------ @@ -36,6 +43,8 @@ BENTOV2_PORTAL_DOMAIN=portal.${BENTOV2_DOMAIN} BENTOV2_AUTH_DOMAIN=bentov2auth.local # Unused if cBioPortal is disabled: BENTOV2_CBIOPORTAL_DOMAIN=cbioportal.${BENTOV2_DOMAIN} +# Unused if MinIO is disabled +BENTO_MINIO_DOMAIN=minio.${BENTOV2_DOMAIN} # --------------------------------------------------------------------- # Authn/z ------------------------------------------------------------- @@ -78,6 +87,9 @@ BENTOV2_KATSU_APP_SECRET= # TODO: SET ME WHEN DEPLOYING! # Reference BENTO_REFERENCE_DB_PASSWORD= # TODO: SET ME WHEN DEPLOYING! +# MinIO +BENTO_MINIO_ROOT_PASSWORD= # TODO: SET ME WHEN DEPLOYING! + # HTTPS Certificates -------------------------------------------------- BENTOV2_CERTS_DIR=${PWD}/certs BENTOV2_AUTH_CERTS_DIR=${BENTOV2_CERTS_DIR}/auth diff --git a/etc/bento_dev.env b/etc/bento_dev.env index 00ec3541..7f3d81df 100644 --- a/etc/bento_dev.env +++ b/etc/bento_dev.env @@ -14,9 +14,16 @@ BENTO_BEACON_NETWORK_ENABLED='false' BENTO_CBIOPORTAL_ENABLED='false' BENTO_GOHAN_ENABLED='true' BENTO_MONITORING_ENABLED='false' +BENTO_MINIO_ENABLED='false' -# - Switch to enable French translation in Bento Public +# - Display flags for Bento portals +# - Switch to enable French translation in Bento Public BENTO_PUBLIC_TRANSLATED='true' +# - Switches to enable various links in the Bento Public header (these default to being on) +BENTO_PUBLIC_SHOW_PORTAL_LINK='true' +BENTO_PUBLIC_SHOW_SIGN_IN='true' +# - Switch to force-show the data catalogue in Bento Public even with a single project +BENTO_PUBLIC_FORCE_CATALOGUE='false' # Feature switches end ------------------------------------------------ @@ -32,6 +39,8 @@ BENTOV2_PORTAL_DOMAIN=portal.${BENTOV2_DOMAIN} BENTOV2_AUTH_DOMAIN=bentov2auth.local # Unused if cBioPortal is disabled: BENTOV2_CBIOPORTAL_DOMAIN=cbioportal.${BENTOV2_DOMAIN} +# Unused if MinIO is disabled +BENTO_MINIO_DOMAIN=minio.${BENTOV2_DOMAIN} # --------------------------------------------------------------------- # Authn/z ------------------------------------------------------------- @@ -79,6 +88,9 @@ BENTO_REFERENCE_DB_PASSWORD=devpassword456 # BENTO_CBIOPORTAL_DATABASE_PASSWORD=somepassword Required for CBIOPORTAL # BENTO_CBIOPORTAL_DATABASE_ROOT_PASSWORD=somepassword Required for CBIOPORTAL +# MinIO +BENTO_MINIO_ROOT_PASSWORD=devpassword789 + # Development settings ------------------------------------------------ # - Git configuration diff --git a/etc/bento_services.json b/etc/bento_services.json index 6980180e..8faebdea 100644 --- a/etc/bento_services.json +++ b/etc/bento_services.json @@ -36,7 +36,7 @@ }, "katsu": { "service_kind": "metadata", - "url_template": "{BENTO_PORTAL_PUBLIC_URL}/api/{service_kind}", + "url_template": "{BENTO_PUBLIC_URL}/api/{service_kind}", "repository": "git@github.com:bento-platform/katsu.git" }, "drs": { diff --git a/etc/default.public.branding.png b/etc/default.branding.lightbg.png similarity index 100% rename from etc/default.public.branding.png rename to etc/default.branding.lightbg.png diff --git a/etc/default_config.env b/etc/default_config.env index d150afdc..a30ca450 100644 --- a/etc/default_config.env +++ b/etc/default_config.env @@ -19,9 +19,16 @@ BENTO_BEACON_NETWORK_ENABLED='false' BENTO_CBIOPORTAL_ENABLED='false' BENTO_GOHAN_ENABLED='true' BENTO_MONITORING_ENABLED='false' +BENTO_MINIO_ENABLED='false' -# - Switch to enable French translation in Bento Public +# - Display flags for Bento portals +# - Switch to enable French translation in Bento Public BENTO_PUBLIC_TRANSLATED='true' +# - Switches to enable various links in the Bento Public header (these default to being on) +BENTO_PUBLIC_SHOW_PORTAL_LINK='true' +BENTO_PUBLIC_SHOW_SIGN_IN='true' +# - Switch to force-show the data catalogue in Bento Public even with a single project +BENTO_PUBLIC_FORCE_CATALOGUE='false' # Feature switches end ------------------------------------------------ @@ -45,6 +52,8 @@ BENTOV2_PORTAL_DOMAIN=portal.${BENTOV2_DOMAIN} BENTOV2_AUTH_DOMAIN=bentov2auth.local # Unused if cBioPortal is disabled: BENTOV2_CBIOPORTAL_DOMAIN=cbioportal.${BENTOV2_DOMAIN} +# Unused if MinIO is disabled +BENTO_MINIO_DOMAIN=minio.${BENTOV2_DOMAIN} # --------------------------------------------------------------------- # Certificates -------------------------------------------------------- @@ -62,6 +71,8 @@ BENTOV2_GATEWAY_INTERNAL_CBIOPORTAL_FULLCHAIN_RELATIVE_PATH=/cbioportal_fullchai BENTOV2_GATEWAY_INTERNAL_CBIOPORTAL_PRIVKEY_RELATIVE_PATH=/cbioportal_privkey1.key BENTO_GATEWAY_INTERNAL_REDIRECT_FULLCHAIN_RELATIVE_PATH=/redirect_fullchain1.crt BENTO_GATEWAY_INTERNAL_REDIRECT_PRIVKEY_RELATIVE_PATH=/redirect_privkey1.key +BENTO_GATEWAY_INTERNAL_MINIO_FULLCHAIN_RELATIVE_PATH=/minio_fullchain1.crt +BENTO_GATEWAY_INTERNAL_MINIO_PRIVKEY_RELATIVE_PATH=/minio_privkey1.key # --------------------------------------------------------------------- # Authn/z ------------------------------------------------------------- @@ -105,6 +116,9 @@ BENTOV2_KATSU_DB_PASSWORD= BENTO_CBIOPORTAL_DATABASE_PASSWORD= BENTO_CBIOPORTAL_DATABASE_ROOT_PASSWORD= +# MinIO +BENTO_MINIO_ROOT_PASSWORD= + # Development settings ------------------------------------------------ # - Git configuration diff --git a/lib/gateway/docker-compose.gateway.yaml b/lib/gateway/docker-compose.gateway.yaml index c0a9ef65..df736d0d 100644 --- a/lib/gateway/docker-compose.gateway.yaml +++ b/lib/gateway/docker-compose.gateway.yaml @@ -22,6 +22,7 @@ services: - BENTO_BEACON_ENABLED - BENTO_CBIOPORTAL_ENABLED - BENTO_GOHAN_ENABLED + - BENTO_MINIO_ENABLED - BENTO_MONITORING_ENABLED - BENTOV2_GATEWAY_CONTAINER_NAME @@ -35,6 +36,8 @@ services: - BENTOV2_GATEWAY_INTERNAL_CBIOPORTAL_PRIVKEY_RELATIVE_PATH - BENTO_GATEWAY_INTERNAL_REDIRECT_FULLCHAIN_RELATIVE_PATH - BENTO_GATEWAY_INTERNAL_REDIRECT_PRIVKEY_RELATIVE_PATH + - BENTO_GATEWAY_INTERNAL_MINIO_FULLCHAIN_RELATIVE_PATH + - BENTO_GATEWAY_INTERNAL_MINIO_PRIVKEY_RELATIVE_PATH - BENTOV2_GATEWAY_PUBLIC_ALLOW_FRAME_DOMAINS @@ -78,6 +81,10 @@ services: - BENTO_CBIOPORTAL_CONTAINER_NAME - BENTO_CBIOPORTAL_INTERNAL_PORT - BENTO_GRAFANA_CONTAINER_NAME + - BENTO_MINIO_CONTAINER_NAME + - BENTO_MINIO_INTERNAL_PORT + - BENTO_MINIO_CONSOLE_PORT + - BENTO_MINIO_DOMAIN networks: - aggregation-net - auth-net @@ -89,6 +96,7 @@ services: - event-relay-net - gohan-api-net - katsu-net + - minio-net - monitoring-net - notification-net - public-net @@ -171,6 +179,9 @@ networks: katsu-net: external: true name: ${BENTO_KATSU_NETWORK} + minio-net: + external: true + name: ${BENTO_MINIO_NETWORK} monitoring-net: external: true name: ${BENTO_MONITORING_NETWORK} diff --git a/lib/gateway/services/katsu.conf.tpl b/lib/gateway/public_services/katsu.conf.tpl similarity index 75% rename from lib/gateway/services/katsu.conf.tpl rename to lib/gateway/public_services/katsu.conf.tpl index 6e265483..27d3459f 100644 --- a/lib/gateway/services/katsu.conf.tpl +++ b/lib/gateway/public_services/katsu.conf.tpl @@ -1,9 +1,8 @@ -location /api/metadata { return 302 https://${BENTOV2_PORTAL_DOMAIN}/api/metadata/; } +location /api/metadata { return 302 https://${BENTOV2_DOMAIN}/api/metadata/; } location /api/metadata/ { # Reverse proxy settings include /gateway/conf/proxy.conf; include /gateway/conf/proxy_extra.conf; - include /gateway/conf/proxy_private.conf; # Forward request to Katsu rewrite ^ $request_uri; diff --git a/lib/katsu/docker-compose.katsu.yaml b/lib/katsu/docker-compose.katsu.yaml index f2c0b176..470b3114 100644 --- a/lib/katsu/docker-compose.katsu.yaml +++ b/lib/katsu/docker-compose.katsu.yaml @@ -15,7 +15,6 @@ services: environment: - BENTO_UID - CHORD_URL=${BENTOV2_PORTAL_PUBLIC_URL} - - CHORD_PERMISSIONS=False # Keep off since we have the proxy handling everything for now - CHORD_DEBUG=False - CHORD_METADATA_SUB_PATH - INTERNAL_PORT=${BENTOV2_KATSU_INTERNAL_PORT} diff --git a/lib/minio/docker-compose.minio.yaml b/lib/minio/docker-compose.minio.yaml new file mode 100644 index 00000000..5978ea25 --- /dev/null +++ b/lib/minio/docker-compose.minio.yaml @@ -0,0 +1,30 @@ +services: + minio: + image: ${BENTO_MINIO_IMAGE}:${BENTO_MINIO_IMAGE_VERSION} + container_name: ${BENTO_MINIO_CONTAINER_NAME} + expose: + - ${BENTO_MINIO_INTERNAL_PORT} + - ${BENTO_MINIO_CONSOLE_PORT} + networks: + - minio-net + volumes: + - ${BENTO_MINIO_DATA_DIR}:/data + environment: + - MINIO_ROOT_USER=${BENTO_MINIO_ROOT_USER} + - MINIO_ROOT_PASSWORD=${BENTO_MINIO_ROOT_PASSWORD} + - MINIO_DOMAIN=https://${BENTO_MINIO_DOMAIN} + - MINIO_BROWSER_REDIRECT_URL=https://${BENTO_MINIO_DOMAIN}/minio/ui + healthcheck: + test: ["CMD", "mc", "ready", "local"] + timeout: ${BENTO_HEALTHCHECK_TIMEOUT} + interval: ${BENTO_HEALTHCHECK_START_INTERVAL} + start_period: ${BENTO_HEALTHCHECK_START_PERIOD} + start_interval: ${BENTO_HEALTHCHECK_START_INTERVAL} + profiles: + - minio + command: server /data --console-address ":${BENTO_MINIO_CONSOLE_PORT}" + +networks: + minio-net: + external: true + name: ${BENTO_MINIO_NETWORK} diff --git a/lib/public/docker-compose.public.yaml b/lib/public/docker-compose.public.yaml index 489b86d5..1a899d40 100644 --- a/lib/public/docker-compose.public.yaml +++ b/lib/public/docker-compose.public.yaml @@ -13,6 +13,9 @@ services: - BENTO_PUBLIC_CLIENT_NAME - BENTO_PUBLIC_PORTAL_URL - BENTO_PUBLIC_TRANSLATED + - BENTO_PUBLIC_SHOW_PORTAL_LINK + - BENTO_PUBLIC_SHOW_SIGN_IN + - BENTO_PUBLIC_FORCE_CATALOGUE - BENTO_BEACON_UI_ENABLED - BENTO_BEACON_NETWORK_ENABLED - BEACON_URL=${BENTOV2_PUBLIC_URL}/api/beacon @@ -30,6 +33,7 @@ services: - ${PWD}/lib/public/fr_about.html:/bento-public/dist/public/fr_about.html:ro - ${PWD}/lib/public/branding.png:/bento-public/dist/public/assets/branding.png:ro + - ${PWD}/lib/public/branding.lightbg.png:/bento-public/dist/public/assets/branding.lightbg.png:ro healthcheck: test: [ "CMD", "curl", "http://localhost:${BENTO_PUBLIC_INTERNAL_PORT}/service-info" ] timeout: ${BENTO_HEALTHCHECK_TIMEOUT} diff --git a/py_bentoctl/config.py b/py_bentoctl/config.py index dbf33762..aa69f2e5 100644 --- a/py_bentoctl/config.py +++ b/py_bentoctl/config.py @@ -103,6 +103,8 @@ def __init__(self, enabled: bool, profile: str): enabled=_env_get_bool("BENTO_CBIOPORTAL_ENABLED", default=False), profile="cbioportal") BENTO_FEATURE_GOHAN = BentoOptionalFeature( enabled=_env_get_bool("BENTO_GOHAN_ENABLED", default=False), profile="gohan") +BENTO_FEATURE_MINIO = BentoOptionalFeature( + enabled=_env_get_bool("BENTO_MINIO_ENABLED", default=False), profile="minio") BENTO_FEATURE_MONITORING = BentoOptionalFeature( enabled=_env_get_bool("BENTO_MONITORING_ENABLED", default=False), profile="monitoring") diff --git a/py_bentoctl/other_helpers.py b/py_bentoctl/other_helpers.py index 0d4d87cf..dfcba00e 100644 --- a/py_bentoctl/other_helpers.py +++ b/py_bentoctl/other_helpers.py @@ -38,6 +38,7 @@ def init_web(service: str, force: bool): def _init_web_public(force: bool): root_path = pathlib.Path.cwd() + etc_path = root_path / "etc" # Init lib dir public_path = (root_path / "lib" / "public") @@ -46,33 +47,41 @@ def _init_web_public(force: bool): # About html page (English) _file_copy( - (root_path / "etc" / "default.en_about.html"), + (etc_path / "default.en_about.html"), (public_path / "en_about.html"), force=force, ) # About html page (French) _file_copy( - (root_path / "etc" / "default.fr_about.html"), + (etc_path / "default.fr_about.html"), (public_path / "fr_about.html"), force=force, ) # Branding image + # - dark background / default _file_copy( - (root_path / "etc" / "default.public.branding.png"), + (etc_path / "default.branding.png"), (public_path / "branding.png"), force=force, ) + # - light background + _file_copy( + (etc_path / "default.branding.lightbg.png"), + (public_path / "branding.lightbg.png"), + force=force, + ) + # English translations _file_copy( - (root_path / "etc" / "templates" / "translations" / "en.example.json"), + (etc_path / "templates" / "translations" / "en.example.json"), (translation_path / "en.json"), force=force, ) # French translations _file_copy( - (root_path / "etc" / "templates" / "translations" / "fr.example.json"), + (etc_path / "templates" / "translations" / "fr.example.json"), (translation_path / "fr.json"), force=force, ) @@ -99,7 +108,7 @@ def _init_web_private(force: bool): web_path = (root_path / "lib" / "web") web_path.mkdir(parents=True, exist_ok=True) - src_branding = (root_path / "etc" / "default.branding.png") + src_branding = (root_path / "etc" / "default.branding.darkbg.png") dst_branding = (web_path / "branding.png") if dst_branding.is_file(): @@ -138,6 +147,14 @@ def init_self_signed_certs(force: bool): "dir": auth_certs_dir, }, + # MinIO + **({"minio": { + "var": "BENTO_MINIO_DOMAIN", + "priv_key_name": "minio_privkey1.key", + "crt": "minio_fullchain1.crt", + "dir": gateway_certs_dir, + }} if c.BENTO_FEATURE_MINIO.enabled else {}), + # If cBioPortal is enabled, generate a cBioPortal self-signed certificate as well **({"cbioportal": { "var": "BENTOV2_CBIOPORTAL_DOMAIN", @@ -146,6 +163,7 @@ def init_self_signed_certs(force: bool): "dir": gateway_certs_dir, }} if c.BENTO_FEATURE_CBIOPORTAL.enabled else {}), + # If a domain is configured for redirect (e.g. preserve a published reference) **({"redirect": { "var": "BENTO_DOMAIN_REDIRECT", "priv_key_name": "redirect_privkey1.key", @@ -222,6 +240,8 @@ def init_dirs(): **({"auth": "BENTOV2_AUTH_VOL_DIR"} if not c.BENTOV2_USE_EXTERNAL_IDP else {}), # - cBioPortal **({"cbioportal": "BENTO_CBIOPORTAL_STUDY_DIR"} if c.BENTO_FEATURE_CBIOPORTAL.enabled else {}), + # - MinIO + **({"minio": "BENTO_MINIO_DATA_DIR"} if c.BENTO_FEATURE_MINIO.enabled else {}), # - Monitoring: Grafana/Loki **({"grafana": "BENTO_GRAFANA_LIB_DIR"} if c.BENTO_FEATURE_MONITORING else {}), **({"loki": "BENTO_LOKI_TEMP_DIR"} if c.BENTO_FEATURE_MONITORING else {}), @@ -290,6 +310,7 @@ def init_docker(client: docker.DockerClient): ("BENTO_GOHAN_ES_NETWORK", dict(driver="bridge", internal=True)), # Does not need to access the web ("BENTO_KATSU_NETWORK", dict(driver="bridge")), ("BENTO_KATSU_DB_NETWORK", dict(driver="bridge", internal=True)), # Does not need to access the web + ("BENTO_MINIO_NETWORK", dict(driver="bridge")), ("BENTO_MONITORING_NETWORK", dict(driver="bridge")), ("BENTO_NOTIFICATION_NETWORK", dict(driver="bridge")), ("BENTO_PUBLIC_NETWORK", dict(driver="bridge")), diff --git a/py_bentoctl/services.py b/py_bentoctl/services.py index b721d499..14af30e9 100644 --- a/py_bentoctl/services.py +++ b/py_bentoctl/services.py @@ -33,6 +33,7 @@ "authz-db", "gateway", "katsu-db", + "minio", "redis", "reference-db", )