Upgrade Hapi

dev/config/hapi/application.yaml

@@ -1,82 +1,121 @@
+#Adds the option to go to eg. http://localhost:8080/actuator/health for seeing the running configuration
+#see https://docs.spring.io/spring-boot/docs/current/reference/html/actuator.html#actuator.endpoints
+management:
+  endpoints:
+    web:
+      exposure:
+        include: "health,prometheus"
 spring:
+  main:
+    allow-circular-references: true
+    #allow-bean-definition-overriding: true
+  flyway:
+    enabled: false
+    check-location: false
+    baselineOnMigrate: true
+  datasource:
+    url: 'jdbc:h2:file:./target/database/h2'
+    #url: jdbc:h2:mem:test_mem
+    username: sa
+    password: null
+    driverClassName: org.h2.Driver
+    max-active: 15
+
+    # database connection pool size
+    hikari:
+      maximum-pool-size: 10
   jpa:
     properties:
       hibernate.format_sql: false
       hibernate.show_sql: false
-#      hibernate.hbm2ddl.auto: update
-#      hibernate.jdbc.batch_size: 20
-#      hibernate.cache.use_query_cache: false
-#      hibernate.cache.use_second_level_cache: false
-#      hibernate.cache.use_structured_entries: false
-#      hibernate.cache.use_minimal_puts: false
-###    These settings will enable fulltext search with lucene
-      hibernate.search.enabled: true
-      hibernate.search.backend.type: lucene
-#      hibernate.search.backend.analysis.configurer: ca.uhn.fhir.jpa.search.HapiLuceneAnalysisConfigurer
-#      hibernate.search.backend.directory.type: local-filesystem
-#      hibernate.search.backend.directory.root: target/lucenefiles
-#      hibernate.search.backend.lucene_version: lucene_current
+      #Hibernate dialect is automatically detected except Postgres and H2.
+      #If using H2, then supply the value of ca.uhn.fhir.jpa.model.dialect.HapiFhirH2Dialect
+      #If using postgres, then supply the value of ca.uhn.fhir.jpa.model.dialect.HapiFhirPostgres94Dialect
+
+      hibernate.dialect: ca.uhn.fhir.jpa.model.dialect.HapiFhirH2Dialect
+  #      hibernate.hbm2ddl.auto: update
+  #      hibernate.jdbc.batch_size: 20
+  #      hibernate.cache.use_query_cache: false
+  #      hibernate.cache.use_second_level_cache: false
+  #      hibernate.cache.use_structured_entries: false
+  #      hibernate.cache.use_minimal_puts: false
+  ###    These settings will enable fulltext search with lucene
+      hibernate.search.enabled: false
+  #      hibernate.search.backend.type: lucene
+  #      hibernate.search.backend.analysis.configurer: ca.uhn.fhir.jpa.search.HapiHSearchAnalysisConfigurers$HapiLuceneAnalysisConfigurer
+  #      hibernate.search.backend.directory.type: local-filesystem
+  #      hibernate.search.backend.directory.root: target/lucenefiles
+  #      hibernate.search.backend.lucene_version: lucene_current
   batch:
     job:
       enabled: false
-  main:
-#    TODO 5.6.0 -> Prevent duplicate bean definitions in the Spring batch config in HAPI: see:
-    allow-bean-definition-overriding: true
 hapi:
   fhir:
+    ### This enables the swagger-ui at /fhir/swagger-ui/index.html as well as the /fhir/api-docs (see https://hapifhir.io/hapi-fhir/docs/server_plain/openapi.html)
+    openapi_enabled: true
     ### This is the FHIR version. Choose between, DSTU2, DSTU3, R4 or R5
     fhir_version: R4
-### enable to use the ApacheProxyAddressStrategy which uses X-Forwarded-* headers
-### to determine the FHIR server address
-#   use_apache_address_strategy: false
-### forces the use of the https:// protocol for the returned server address.
-### alternatively, it may be set using the X-Forwarded-Proto header.
-#   use_apache_address_strategy_https: false
-### enable to set the Server URL
-#    server_address: http://hapi.fhir.org/baseR4
-#    defer_indexing_for_codesystems_of_size: 101
-#    install_transitive_ig_dependencies: true
-#    implementationguides:
-###    example from registry (packages.fhir.org)
-#      swiss:
-#        name: swiss.mednet.fhir
-#        version: 0.8.0
-#      example not from registry
-#      ips_1_0_0:
-#        url: https://build.fhir.org/ig/HL7/fhir-ips/package.tgz
-#        name: hl7.fhir.uv.ips
-#        version: 1.0.0
-#    supported_resource_types:
-#      - Patient
-#      - Observation
-#    allow_cascading_deletes: true
-#    allow_contains_searches: true
-#    allow_external_references: true
-#    allow_multiple_delete: true
-#    allow_override_default_search_params: true
-#    auto_create_placeholder_reference_targets: false
-#    cql_enabled: true
-#    default_encoding: JSON
-#    default_pretty_print: true
-#    default_page_size: 20
-#    delete_expunge_enabled: true
-#    enable_repository_validating_interceptor: false
-#    enable_index_missing_fields: false
-#    enable_index_contained_resource: false
+    ### enable to use the ApacheProxyAddressStrategy which uses X-Forwarded-* headers
+    ### to determine the FHIR server address
+    #   use_apache_address_strategy: false
+    ### forces the use of the https:// protocol for the returned server address.
+    ### alternatively, it may be set using the X-Forwarded-Proto header.
+    #   use_apache_address_strategy_https: false
+    ### enable to set the Server URL
+    #    server_address: http://hapi.fhir.org/baseR4
+    #    defer_indexing_for_codesystems_of_size: 101
+    #    install_transitive_ig_dependencies: true
+    #    implementationguides:
+    ###    example from registry (packages.fhir.org)
+    #      swiss:
+    #        name: swiss.mednet.fhir
+    #        version: 0.8.0
+    #      example not from registry
+    #      ips_1_0_0:
+    #        url: https://build.fhir.org/ig/HL7/fhir-ips/package.tgz
+    #        name: hl7.fhir.uv.ips
+    #        version: 1.0.0
+    #    supported_resource_types:
+    #      - Patient
+    #      - Observation
+    #    allow_cascading_deletes: true
+    #    allow_contains_searches: true
+    #    allow_external_references: true
+    #    allow_multiple_delete: true
+    #    allow_override_default_search_params: true
+    #    auto_create_placeholder_reference_targets: false
+    #    cql_enabled: true
+    #    default_encoding: JSON
+    #    default_pretty_print: true
+    #    default_page_size: 20
+    #    delete_expunge_enabled: true
+    #    enable_repository_validating_interceptor: false
+    #    enable_index_missing_fields: false
+    #    enable_index_of_type: true
+    #    enable_index_contained_resource: false
+    ###  !!Extended Lucene/Elasticsearch Indexing is still a experimental feature, expect some features (e.g. _total=accurate) to not work as expected!!
+    ###  more information here: https://hapifhir.io/hapi-fhir/docs/server_jpa/elastic.html
+    advanced_lucene_indexing: false
+    bulk_export_enabled: false
+    bulk_import_enabled: false
+    #    enforce_referential_integrity_on_delete: false
+    # This is an experimental feature, and does not fully support _total and other FHIR features.
 #    enforce_referential_integrity_on_delete: false
-#    enforce_referential_integrity_on_write: false
-#    etag_support_enabled: true
-#    expunge_enabled: true
-#    daoconfig_client_id_strategy: null
-#    client_id_strategy: ALPHANUMERIC
-#    fhirpath_interceptor_enabled: false
-#    filter_search_enabled: true
-#    graphql_enabled: true
-#    narrative_enabled: true
-#    mdm_enabled: true
-#    partitioning:
-#      allow_references_across_partitions: false
-#      partitioning_include_in_search_hashes: false
+    #    enforce_referential_integrity_on_write: false
+    #    etag_support_enabled: true
+    #    expunge_enabled: true
+    #    client_id_strategy: ALPHANUMERIC
+    #    fhirpath_interceptor_enabled: false
+    #    filter_search_enabled: true
+    #    graphql_enabled: true
+    #    narrative_enabled: true
+    #    mdm_enabled: true
+#    local_base_urls:
+#      - https://hapi.fhir.org/baseR4
+    mdm_enabled: false
+    #    partitioning:
+    #      allow_references_across_partitions: false
+    #      partitioning_include_in_search_hashes: false
     cors:
       allow_Credentials: true
       # These are allowed_origin patterns, see: https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/web/cors/CorsConfiguration.html#setAllowedOriginPatterns-java.util.List-
@@ -88,30 +127,34 @@ hapi:
     search-coord-max-pool-size: 100
     search-coord-queue-capacity: 200
 
+    # Threadpool size for BATCH'ed GETs in a bundle.
+#    bundle_batch_pool_size: 10
+#    bundle_batch_pool_max_size: 50
+
 #    logger:
-#      error_format: 'ERROR - ${requestVerb} ${requestUrl}'
-#      format: >-
-#        Path[${servletPath}] Source[${requestHeader.x-forwarded-for}]
-#        Operation[${operationType} ${operationName} ${idOrResourceName}]
-#        UA[${requestHeader.user-agent}] Params[${requestParameters}]
-#        ResponseEncoding[${responseEncodingNoDefault}]
-#      log_exceptions: true
-#      name: fhirtest.access
-#    max_binary_size: 104857600
-#    max_page_size: 200
-#    retain_cached_searches_mins: 60
-#    reuse_cached_search_results_millis: 60000
+    #      error_format: 'ERROR - ${requestVerb} ${requestUrl}'
+    #      format: >-
+    #        Path[${servletPath}] Source[${requestHeader.x-forwarded-for}]
+    #        Operation[${operationType} ${operationName} ${idOrResourceName}]
+    #        UA[${requestHeader.user-agent}] Params[${requestParameters}]
+    #        ResponseEncoding[${responseEncodingNoDefault}]
+    #      log_exceptions: true
+    #      name: fhirtest.access
+    #    max_binary_size: 104857600
+    #    max_page_size: 200
+    #    retain_cached_searches_mins: 60
+    #    reuse_cached_search_results_millis: 60000
     tester:
-        home:
-          name: Local Tester
-          server_address: 'http://localhost:8080/fhir'
-          refuse_to_fetch_third_party_urls: false
-          fhir_version: R4
-        global:
-          name: Global Tester
-          server_address: "http://hapi.fhir.org/baseR4"
-          refuse_to_fetch_third_party_urls: false
-          fhir_version: R4
+      home:
+        name: Local Tester
+        server_address: 'http://localhost:8080/fhir'
+        refuse_to_fetch_third_party_urls: false
+        fhir_version: R4
+      global:
+        name: Global Tester
+        server_address: "http://hapi.fhir.org/baseR4"
+        refuse_to_fetch_third_party_urls: false
+        fhir_version: R4
 #    validation:
 #      requests_enabled: true
 #      responses_enabled: true
@@ -131,6 +174,7 @@ hapi:
 #        startTlsRequired:
 #        quitWait:
 #    lastn_enabled: true
+#    store_resource_in_lucene_index_enabled: true
 ###  This is configuration for normalized quantity serach level default is 0
 ###   0: NORMALIZED_QUANTITY_SEARCH_NOT_SUPPORTED - default
 ###   1: NORMALIZED_QUANTITY_STORAGE_SUPPORTED

dev/default.env

@@ -22,9 +22,6 @@ COMPOSE_PROJECT_NAME=
 # MESSAGING_IMAGE_TAG=override-tag-name
 # MESSAGINGSERVICE_IMAGE_TAG=override-tag-name
 
-# Uncomment for deploys with traefik-managed ingress
-# COMPOSE_FILE=docker-compose.yaml:docker-compose.ingress.yaml
-
 # docker-compose development overrides; uncomment to enable
 # COMPOSE_FILE=docker-compose.yaml:docker-compose.ingress.yaml:docker-compose.dev.femr.yaml:docker-compose.dev.fhirwall.yaml:docker-compose.dev.messagingservice.yaml
 

dev/docker-compose.dev.fhir.yaml

@@ -9,5 +9,8 @@ services:
       - "traefik.http.routers.fhir-${COMPOSE_PROJECT_NAME}.entrypoints=websecure"
       - "traefik.http.routers.fhir-${COMPOSE_PROJECT_NAME}.tls=true"
       - "traefik.http.routers.fhir-${COMPOSE_PROJECT_NAME}.tls.certresolver=letsencrypt"
+
+      # Hapi does not EXPOSE the ports it listens on, requiring explicit traefik configuration
+      - traefik.http.services.fhir-${COMPOSE_PROJECT_NAME}.loadbalancer.server.port=8080
     networks:
       - ingress

dev/docker-compose.prod.yaml

@@ -0,0 +1,32 @@
+---
+version: "3.7"
+services:
+  db:
+    restart: unless-stopped
+
+  femr:
+    restart: unless-stopped
+
+  fhir:
+    restart: unless-stopped
+
+  fhirwall:
+    restart: unless-stopped
+
+  keycloak:
+    restart: unless-stopped
+
+  logs:
+    restart: unless-stopped
+
+  redis:
+    restart: unless-stopped
+
+  enrollment:
+    restart: unless-stopped
+
+  messaging:
+    restart: unless-stopped
+
+  messagingservice:
+    restart: unless-stopped

dev/docker-compose.yaml

@@ -2,7 +2,7 @@
 version: "3.7"
 services:
   db:
-    image: postgres:${POSTGRES_IMAGE_TAG:-12}
+    image: postgres:${POSTGRES_IMAGE_TAG:-15}
     environment:
       POSTGRES_USER: postgres
       POSTGRES_PASSWORD: postgres
@@ -55,36 +55,27 @@ services:
 
 
   fhir:
-    image: hapiproject/hapi:${FHIR_IMAGE_TAG:-v5.5.1}
+    image: hapiproject/hapi:${FHIR_IMAGE_TAG:-v6.1.0}
     environment:
       SPRING_CONFIG_LOCATION: file:///opt/application.yaml
       spring.datasource.url: jdbc:postgresql://db:5432/hapifhir
       spring.datasource.username: postgres
       spring.datasource.password: postgres
       spring.datasource.driverClassName: org.postgresql.Driver
-      spring.jpa.hibernate.dialect: org.hibernate.dialect.PostgreSQL94Dialect
+      spring.jpa.properties.hibernate.dialect: ca.uhn.fhir.jpa.model.dialect.HapiFhirPostgres94Dialect
 
       # make URLs relative to fEMR for pagination
       # TODO remove when fEMR can rewrite URLs
       hapi.fhir.server_address: 'https://femr.${BASE_DOMAIN:-localtest.me}/fhir/'
-    # expose HAPI to internet - remove entire `labels` section if unwanted
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.fhir-${COMPOSE_PROJECT_NAME}.rule=Host(`fhir.${BASE_DOMAIN:-localtest.me}`)"
-      - "traefik.http.routers.fhir-${COMPOSE_PROJECT_NAME}.entrypoints=websecure"
-      - "traefik.http.routers.fhir-${COMPOSE_PROJECT_NAME}.tls=true"
-      - "traefik.http.routers.fhir-${COMPOSE_PROJECT_NAME}.tls.certresolver=letsencrypt"
     volumes:
       - "./config/hapi/application.yaml:/opt/application.yaml:ro"
     depends_on:
       - db
     networks:
-      ingress:
       internal:
         aliases:
           - fhir-internal
 
-
   fhirwall:
     image: ghcr.io/uwcirg/jwt-proxy:${PROXY_IMAGE_TAG:-latest}
     env_file: