DataONE Tasks: Issueshttps://redmine.dataone.org/https://redmine.dataone.org/favicon.ico2019-05-21T13:00:12ZDataONE Tasks
Redmine CN REST - Task #8810 (New): Verify configuration of portal certificateshttps://redmine.dataone.org/issues/88102019-05-21T13:00:12ZDave Vieglaisdave.vieglais@gmail.com
<p>Verify that the postinst scripts for dataone-cn-os-core and dataone-cn-portal are correctly setting the locations of the certificates for token signing.</p>
CN REST - Task #8809 (New): Adjust portal.properties for certificate configurationhttps://redmine.dataone.org/issues/88092019-05-21T12:57:41ZDave Vieglaisdave.vieglais@gmail.com
<p>Portal certificates are apparently currently configured in <code>/var/lib/tomcat7/webapps/portal/WEB-INF/portal.properties</code></p>
<p>This should be changed to <code>/etc/dataone/portal/portal.properties</code> to ensure persistence between .war deployments.</p>
CN REST - Story #8749 (New): Fix log aggregation events from the CN without associated CN IPshttps://redmine.dataone.org/issues/87492018-11-16T20:39:55ZChris Jonescjones@nceas.ucsb.edu
<p>The robots list used to filter out usage events includes the IP addresses of the CNs, so events logged during synchronization don't show up as true hits. Because of the SSL infrastructure at lbl.gov, the ESS-DIVE group doesn't see the public IP of an incoming request, but rather an internal private IP assigned by lbl.gov infrastructure. You can see the impact of this on the <a href="https://data.ess-dive.lbl.gov/#profile" class="external">ESS-DIVE profile page</a>. The spike of 11,000+ downloads in August 2018 was the CN synchronizing content.</p>
<p>Rushiraj summarized these events in a <a href="https://gist.github.com/rushirajnenuji/847d8239acf68a108bda30e04af0406b" class="external">gist</a></p>
<p>There are multiple <code>10.42.x.x</code> IP associated with the CN requests. These events all need to be updated in the <code>logsolr</code> core and changed to an actual CN IP. For future synchronizations, perhaps we need to add <code>10.42.0.0/16</code> to the robots list? </p>
CN REST - Bug #8010 (New): CN.archive fails with 401 Unauthorized when using either MN or CN clie...https://redmine.dataone.org/issues/80102017-02-01T20:04:46ZMark Servillamark.servilla@gmail.com
<p>CN.archive fails with 401 Unauthorized when using either MN or CN client certificate for PID with authoritative MN as urn:node:LTER - </p>
<p>MN attempt:<br>
<br>
curl -i -E ./urn_node_LTER-1.pem -X PUT <a href="https://cn.dataone.org/cn/v2/archive/doi:10.6073/AA/knb-lter-bes.437.35">https://cn.dataone.org/cn/v2/archive/doi:10.6073/AA/knb-lter-bes.437.35</a><br>
HTTP/1.1 401 Unauthorized<br>
Date: Wed, 01 Feb 2017 19:23:20 GMT<br>
Server: Apache/2.4.7 (Ubuntu)<br>
Content-Type: text/xml<br>
Content-Length: 291<br>
Access-Control-Allow-Origin: <br>
Access-Control-Allow-Credentials: true<br>
Access-Control-Allow-Headers: Authorization, Content-Type, Location, Content-Length, x-annotator-auth-token<br>
Access-Control-Expose-Headers: Content-Length, Content-Type, Location<br>
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE<br>
<?xml version="1.0" encoding="UTF-8"?><br>
The Coordinating Node is not authorized to make systemMetadata changes on this object. Please make changes directly on the authoritative Member Node.<br>
</p>
<p>CN attempt:<br>
<br>
curl -i -E ./urn_node_CNUCSB1.pem -X PUT <a href="https://cn.dataone.org/cn/v2/archive/doi:10.6073/AA/knb-lter-bes.437.35">https://cn.dataone.org/cn/v2/archive/doi:10.6073/AA/knb-lter-bes.437.35</a><br>
HTTP/1.1 401 Unauthorized<br>
Date: Wed, 01 Feb 2017 19:29:29 GMT<br>
Server: Apache/2.4.7 (Ubuntu)<br>
Content-Type: text/xml<br>
Content-Length: 291<br>
Access-Control-Allow-Origin: <br>
Access-Control-Allow-Credentials: true<br>
Access-Control-Allow-Headers: Authorization, Content-Type, Location, Content-Length, x-annotator-auth-token<br>
Access-Control-Expose-Headers: Content-Length, Content-Type, Location<br>
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE<br>
<?xml version="1.0" encoding="UTF-8"?><br>
The Coordinating Node is not authorized to make systemMetadata changes on this object. Please make changes directly on the authoritative Member Node.<br>
</p>
<p>Object System Metadata:<br>
<br>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><br>
<br>
3<br>
doi:10.6073/AA/knb-lter-bes.437.35<br>
eml://ecoinformatics.org/eml-2.0.1<br>
10881<br>
ecfee77e0d5297ddb74a796fb4c36f02<br>
uid=BES,o=LTER,dc=ecoinformatics,dc=org<br>
uid=BES,o=LTER,dc=ecoinformatics,dc=org<br>
<br>
<br>
uid="BES",o=lter,dc=ecoinformatics,dc=org<br>
read<br>
write<br>
changePermission<br>
<br>
<br>
public<br>
read<br>
<br>
<br>
<br>
doi:10.6073/AA/knb-lter-bes.437.34<br>
doi:10.6073/AA/knb-lter-bes.437.36<br>
false<br>
2010-01-08T00:00:00.000+00:00<br>
2015-08-14T21:03:34.343+00:00<br>
urn:node:LTER<br>
urn:node:LTER<br>
<br>
urn:node:CN<br>
completed<br>
2015-08-14T21:03:31.858+00:00<br>
<br>
<br>
urn:node:LTER<br>
completed<br>
2015-12-25T09:37:20.314+00:00<br>
<br>
<a href="/ns3:systemMetadata">/ns3:systemMetadata</a></p>
CN REST - Task #7849 (New): Improve exception messages when cascading SSL derived exceptionshttps://redmine.dataone.org/issues/78492016-07-19T17:23:26ZMark Servillamark.servilla@gmail.com
<p>Debugging SSL issues during CN-to-MN communications can be difficult due to lack of pertinent information in the exception message body. Specifically, the Java SNI constraints in Java 7 result in a somewhat cryptic message: "handshake alert: unrecognized_name" (see below):<br>
<br>
[ERROR] 2016-07-19 17:21:00,186 (ObjectListHarvestTask:retrieve:303) urn:node:mn<br>
TestGRIIDC- <?xml version="1.0" encoding="UTF-8"?><br>
<br>
class org.dataone.client.exception.ClientSideException: /handsh<br>
ake alert: unrecognized_name<br>
</p>
<p>Adding more specific information related to the upstream exception would be very helpful in debugging such issues.</p>
CN REST - Task #7750 (New): apply business rules on the CN that Subject strings will be stripped ...https://redmine.dataone.org/issues/77502016-04-26T17:30:35ZRob Nahfrnahf@epscor.unm.edu
<p>make sure that the business rule is documented</p>
<p>apply to cn_identity_manager and other places in the CN service layer.</p>
CN REST - Task #7571 (New): Description for error code 401, detail code 4957 is misleading in som...https://redmine.dataone.org/issues/75712016-01-05T16:25:01ZPeter Slaughterslaughter@nceas.ucsb.edu
<p>When using CNDiagnostic.echoCredentials() with an expired authentication token, the returned message is:</p>
<p><?xml version="1.0" encoding="UTF-8"?><br>
<br>
No credentials were received in the request. (Session was null)</p>
<p>The description text in this case is misleading, because from the caller's point of view, credentials<br>
were provided, albeit invalid. Is it possible to determine the validity of the credentials, i.e. expiration<br>
status, and indicate that in the description?</p>
<p>BTW, this same token did work correctly before it expired.</p>
<p>A bash script is attached that recreates the error.</p>
CN REST - Bug #7440 (New): Non-discernable error during synchronization affecting (mostly) urn:no...https://redmine.dataone.org/issues/74402015-10-16T17:40:44ZMark Servillamark.servilla@gmail.com
<p>Multiple (366) non-discernable errors (see attachment) with message only stating "Cline is shutdown" occurred on 14 Oct 2015 on cn-stage.test.dataone.org (cn-stage-ucsb-1); sampling of objects/system metadata indicate all is retrievable from the MN <a href="https://dataone-dev.ecoinformatics.org.au/mn">https://dataone-dev.ecoinformatics.org.au/mn</a>. This error had also occurred (24 events) for urn:node:mnTestLTER.</p>
<p>For example:</p>
<p>cn-synchronization.log.1-[ERROR] 2015-10-14 11:33:02,749 (TransferObjectTask:write:606) Task-urn:node:mnTestAEKOS-aekos.org.au/collection/nsw.gov.au/nsw_atlas/vis_flora_module/ABERBALDIE.20150515<br>
cn-synchronization.log.1:Client is shutdown.</p>
CN REST - Bug #7301 (New): CN-stage allows connections to a MN that is operating a self-signed SS...https://redmine.dataone.org/issues/73012015-08-18T18:12:14ZMark Servillamark.servilla@gmail.com
<p>CN-stage supports connections to a MN that is operating a self-signed SSL server certificate - this should not be allowed since the connection could occur with a rogue non-verified server.</p>
<p>This instance occurred with dataone-dev.ecoinformatics.org.au:443 on 18 August 2015:</p>
<p>Certificate chain<br>
0 s:/CN=dataone-dev.ecoinformatics.org.au<br>
i:/CN=dataone-dev.ecoinformatics.org.au</p>
<p>Issuer: CN=dataone-dev.ecoinformatics.org.au<br>
Validity<br>
Not Before: Aug 11 04:56:19 2015 GMT<br>
Not After : Aug 8 04:56:19 2025 GMT<br>
Subject: CN=dataone-dev.ecoinformatics.org.au</p>
CN REST - Task #7096 (New): Unexpectedly closed streams / disconnects on UNM networkhttps://redmine.dataone.org/issues/70962015-05-12T17:49:44ZAndrei Buiumandreib@epscor.unm.edu
<p>When testing, making any CN or MN API call would occasionally yield an exception (randomly but very often) :</p>
<p>Could not resolve multipart files: Processing of multipart/form-data request failed. Stream ended unexpectedly</p>
<p>I was making CN.create() calls from UNM to the UCSB Dev CN. <br>
(It also happened for MN.create() calls from UNM to mnDemo6 when it was up. Not sure where mnDemo6 is physically located though.)<br>
This seems to happen when the connection is terminated while metacat is reading the object from the multipart files.</p>
CN REST - Bug #5739 (New): LDAP upgrades fail with purge of dataone-cn-os-corehttps://redmine.dataone.org/issues/57392014-07-16T20:47:31ZRobert Waltz
<p>open ldap should continue to function normally on a host after dataone-cn-os-core has been purged (apt-get remove --purge dataone-cn-os-core)</p>
<p>We should wipe out /etc/ldap/slapd.d, restore it to a simpler configuration, backup and then remove the dataone entries from the openldap database.</p>
<p>We will need to complete this before migrating to 14.04 of ubuntu</p>
CN REST - Task #2487 (New): How does a CN handle the failure of MN replica to receive MNStorage.s...https://redmine.dataone.org/issues/24872012-03-14T19:04:58ZRobert Waltz
<p>There are multiple places that may trigger the CN to call MNStorage.sytemMetadataChanged() across all the membernode replicas of an object. </p>
<p>How does the system Handle the case when a replica (or even the authoritativeMemberNode) is offline for an extended period and should receive the update when it comes back online.</p>
CN REST - Task #2415 (New): Implement exceptions for log endpointhttps://redmine.dataone.org/issues/24152012-02-27T21:56:12ZSkye Roseboomsroseboo@dataone.unm.edu
<p><a href="http://mule1.dataone.org/ArchitectureDocs-current/apis/CN_APIs.html#CNCore.getLogRecords">http://mule1.dataone.org/ArchitectureDocs-current/apis/CN_APIs.html#CNCore.getLogRecords</a></p>
<p>not currently provided by mod_rewrite</p>
CN REST - Task #2414 (New): Implement exceptions for search/solr endointhttps://redmine.dataone.org/issues/24142012-02-27T21:55:19ZSkye Roseboomsroseboo@dataone.unm.edu
<p><a href="http://mule1.dataone.org/ArchitectureDocs-current/apis/CN_APIs.html#CNRead.search">http://mule1.dataone.org/ArchitectureDocs-current/apis/CN_APIs.html#CNRead.search</a></p>
<p>Not currently provided with mod_rewrite</p>
CN REST - Task #2168 (New): Design UI for identity validationhttps://redmine.dataone.org/issues/21682012-01-06T03:18:46ZDave Vieglaisdave.vieglais@gmail.com