DataONE Tasks: Issueshttps://redmine.dataone.org/https://redmine.dataone.org/favicon.ico2018-03-02T00:37:55ZDataONE Tasks
Redmine CN REST - Task #8469 (In Progress): evaluate if ORCID API will continue to work after 1.2 is depr...https://redmine.dataone.org/issues/84692018-03-02T00:37:55ZMatthew Jonesjones@nceas.ucsb.edu
<p>We use ORCID to authenticate users via OAuth. ORCID has announced that it will completely sunset their version 1.2 API on March 1, 2018 (today). See <a href="https://github.com/ORCID/ORCID-Source/blob/master/orcid-model/src/main/resources/README.md">https://github.com/ORCID/ORCID-Source/blob/master/orcid-model/src/main/resources/README.md</a> The API has been deprecated since early 2017. </p>
<p>We use OAuth portions of the API which do not seem to be affected by the XSD version changes in the ORCID API, but we should evaluate whether this will affect us. In particular, I note that they state that the proper endpoints for OAuth are:</p>
<ul>
<li><a href="http://orcid.org/oauth/authorize">http://orcid.org/oauth/authorize</a></li>
<li><a href="https://orcid.org/oauth/token">https://orcid.org/oauth/token</a></li>
</ul>
<p>However, for the second of these, our configuration file (<a href="https://repository.dataone.org/software/cicore/trunk/d1_portal_servlet/src/main/webapp/WEB-INF/portal.properties">https://repository.dataone.org/software/cicore/trunk/d1_portal_servlet/src/main/webapp/WEB-INF/portal.properties</a>) indicates that we use:</p>
<ul>
<li><a href="https://pub.orcid.org/oauth/token">https://pub.orcid.org/oauth/token</a></li>
</ul>
<p>I think the <code>pub</code> endpoints have been deprecated, and we may need to change our configuration to use the established endpoint. Evaluate and possibly change this if needed.</p>
CN REST - Story #8364 (In Progress): Ensure portal uses correct X509 certificateshttps://redmine.dataone.org/issues/83642018-02-13T20:17:25ZChris Jonescjones@nceas.ucsb.edu
<p>We've run into issues where after an upgrade of the <code>dataone-cn-portal</code> package on the CNs, the properties pointing to the public certificate and private key are incorrectly pointing to the old GeoTrust wildcard files rather than the new Lets Encrypt files:<br>
<br>
cn.server.publiccert.filename=/etc/ssl/certs/<em>.test.dataone.org.crt<br>
cn.server.privatekey.filename=/etc/ssl/private/</em>.test.dataone.org.key</p>
<p>These should be (in STAGE):</p>
<p>/etc/letsencrypt/live/cn-stage.test.dataone.org/cert.pem<br>
/etc/letsencrypt/live/cn-stage.test.dataone.org/privkey.pem</p>
<p>The issue might be that these are not being set correctly during the <code>postinst</code> script run. Jing pointed out that these values are taken from the debconf database settings that get set when <code>dataon-cn-os-core</code> is installed. So although the <code>postinst</code> script might be setting the correct values, the old cached values might still be in memory in the debconf database. If so, we'll need to clear those values during installations and upgrades.</p>
<p>Also, knowing where to look for these configuration settings can be challenging. These are referenced from <code>/var/lib/tomcat7/webapps/portal/WEB-INF/portal.properties</code>. These settings should be consolidated into <code>/etc/dataone/portal/portal.properties</code> so they also don't get blown away on war file upgrades in Tomcat.</p>
CN REST - Bug #7746 (In Progress): Node registration update fails when <contactSubject> spans mul...https://redmine.dataone.org/issues/77462016-04-19T23:55:09ZMark Servillamark.servilla@gmail.com
<p>Node registration update fails when the string in the node registration document (attached) is on a separate line from the XML element tags. Apparently, parsing this field results in a subject string that does not match the LDAP record correctly, and the result is 401 not authorized exception:</p>
<p>CN=Lisa Stillwell A15851,O=University of North Carolina at Chapel Hill,C=US,DC=cilogon,DC=org<br>
</p>
<p>results in:<br>
<br>
<?xml version="1.0" encoding="UTF-8"?><br>
<br>
<br>
CN=Lisa Stillwell A15851,O=University of North Carolina at Chapel Hill,C=US,DC=cilogon,DC=org<br>
is not a Registered Subject<br>
</p>
<p>Correcting to:<br>
<br>
CN=Lisa Stillwell A15851,O=University of North Carolina at Chapel Hill,C=US,DC=cilogon,DC=org</p>
<p>succeeds.</p>
CN REST - Task #7571 (New): Description for error code 401, detail code 4957 is misleading in som...https://redmine.dataone.org/issues/75712016-01-05T16:25:01ZPeter Slaughterslaughter@nceas.ucsb.edu
<p>When using CNDiagnostic.echoCredentials() with an expired authentication token, the returned message is:</p>
<p><?xml version="1.0" encoding="UTF-8"?><br>
<br>
No credentials were received in the request. (Session was null)</p>
<p>The description text in this case is misleading, because from the caller's point of view, credentials<br>
were provided, albeit invalid. Is it possible to determine the validity of the credentials, i.e. expiration<br>
status, and indicate that in the description?</p>
<p>BTW, this same token did work correctly before it expired.</p>
<p>A bash script is attached that recreates the error.</p>
CN REST - Bug #7489 (New): processing daemon common-logging misconfiguredhttps://redmine.dataone.org/issues/74892015-11-16T16:32:08ZRobert Waltz
<p>the commons-logging.properties file appears misconfigured. It is missing the line:</p>
<p>org.apache.commons.logging.Log=org.apache.commons.logging.impl.Log4JLogger</p>
<p>Hopefully, adding this line will allow all the apache commons logging calls to go to the log4j loggers.</p>
CN REST - Bug #7301 (New): CN-stage allows connections to a MN that is operating a self-signed SS...https://redmine.dataone.org/issues/73012015-08-18T18:12:14ZMark Servillamark.servilla@gmail.com
<p>CN-stage supports connections to a MN that is operating a self-signed SSL server certificate - this should not be allowed since the connection could occur with a rogue non-verified server.</p>
<p>This instance occurred with dataone-dev.ecoinformatics.org.au:443 on 18 August 2015:</p>
<p>Certificate chain<br>
0 s:/CN=dataone-dev.ecoinformatics.org.au<br>
i:/CN=dataone-dev.ecoinformatics.org.au</p>
<p>Issuer: CN=dataone-dev.ecoinformatics.org.au<br>
Validity<br>
Not Before: Aug 11 04:56:19 2015 GMT<br>
Not After : Aug 8 04:56:19 2025 GMT<br>
Subject: CN=dataone-dev.ecoinformatics.org.au</p>
CN REST - Bug #7161 (New): TERN object fails to be indexed by Solr, but successfully synchronizedhttps://redmine.dataone.org/issues/71612015-06-05T18:02:10ZMark Servillamark.servilla@gmail.com
<p>TERN object aekos.org.au/collection/nsw.gov.au/nsw_atlas/vis_flora_module/V_ILLAWDB3.20150515 fails to by indexed by Solr on cn.dataone.edu (cn-ucsb-1) even though it was successfully synchronized. Investigation indicates it was not added to the HazelCast ObjectPathMap structure according to Skye Roseboom:</p>
<p>Im not sure why this pid is not appearing in the hazelcast ObjectPathMap structure.</p>
<p>I looked into the metacat database schema a bit and noticed the pid does not seem to appear in the ‘identifier_mapping’ table:</p>
<p>select * from identifier_mapping where guid='aekos.org.au/collection/nsw.gov.au/nsw_atlas/vis_flora_module/V_ILLAWDB3.20150515';</p>
<table><thead>
<tr>
<th>guid</th>
<th>docid</th>
<th>rev</th>
</tr>
</thead><tbody>
</tbody></table>
<p>(0 rows)</p>
<p>Without the ‘docid’ or ‘localid’ as metacat calls them, Im don’t thing the pid could be added to the objectPathMap in hazelcast.</p>
CN REST - Task #7096 (New): Unexpectedly closed streams / disconnects on UNM networkhttps://redmine.dataone.org/issues/70962015-05-12T17:49:44ZAndrei Buiumandreib@epscor.unm.edu
<p>When testing, making any CN or MN API call would occasionally yield an exception (randomly but very often) :</p>
<p>Could not resolve multipart files: Processing of multipart/form-data request failed. Stream ended unexpectedly</p>
<p>I was making CN.create() calls from UNM to the UCSB Dev CN. <br>
(It also happened for MN.create() calls from UNM to mnDemo6 when it was up. Not sure where mnDemo6 is physically located though.)<br>
This seems to happen when the connection is terminated while metacat is reading the object from the multipart files.</p>
CN REST - Bug #5739 (New): LDAP upgrades fail with purge of dataone-cn-os-corehttps://redmine.dataone.org/issues/57392014-07-16T20:47:31ZRobert Waltz
<p>open ldap should continue to function normally on a host after dataone-cn-os-core has been purged (apt-get remove --purge dataone-cn-os-core)</p>
<p>We should wipe out /etc/ldap/slapd.d, restore it to a simpler configuration, backup and then remove the dataone entries from the openldap database.</p>
<p>We will need to complete this before migrating to 14.04 of ubuntu</p>
CN REST - Task #2487 (New): How does a CN handle the failure of MN replica to receive MNStorage.s...https://redmine.dataone.org/issues/24872012-03-14T19:04:58ZRobert Waltz
<p>There are multiple places that may trigger the CN to call MNStorage.sytemMetadataChanged() across all the membernode replicas of an object. </p>
<p>How does the system Handle the case when a replica (or even the authoritativeMemberNode) is offline for an extended period and should receive the update when it comes back online.</p>
CN REST - Task #2415 (New): Implement exceptions for log endpointhttps://redmine.dataone.org/issues/24152012-02-27T21:56:12ZSkye Roseboomsroseboo@dataone.unm.edu
<p><a href="http://mule1.dataone.org/ArchitectureDocs-current/apis/CN_APIs.html#CNCore.getLogRecords">http://mule1.dataone.org/ArchitectureDocs-current/apis/CN_APIs.html#CNCore.getLogRecords</a></p>
<p>not currently provided by mod_rewrite</p>
CN REST - Task #2414 (New): Implement exceptions for search/solr endointhttps://redmine.dataone.org/issues/24142012-02-27T21:55:19ZSkye Roseboomsroseboo@dataone.unm.edu
<p><a href="http://mule1.dataone.org/ArchitectureDocs-current/apis/CN_APIs.html#CNRead.search">http://mule1.dataone.org/ArchitectureDocs-current/apis/CN_APIs.html#CNRead.search</a></p>
<p>Not currently provided with mod_rewrite</p>
CN REST - Task #2168 (New): Design UI for identity validationhttps://redmine.dataone.org/issues/21682012-01-06T03:18:46ZDave Vieglaisdave.vieglais@gmail.comCN REST - Task #1479 (In Progress): Design web UI for validating newly created identitieshttps://redmine.dataone.org/issues/14792011-04-06T18:01:34ZMatthew Jonesjones@nceas.ucsb.eduCN REST - Task #1412 (New): MN health check performed by CNhttps://redmine.dataone.org/issues/14122011-03-08T17:04:39ZRoger Dahldahl@unm.edu
<ul>
<li>How will CN represent, in the NodeList, the results of what it finds by doing health checks on MN endpoints?</li>
<li>How will MN represent what it believes to be the state of its endpoints?</li>
</ul>