Project

General

Profile

Task #2722

Story #2720: KNB, LTER, PISCO, ESA, SANPARKS roll out

LTER - set up MN for staging

Added by Ben Leinfelder almost 12 years ago. Updated over 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
-
Start date:
2012-05-08
Due date:
% Done:

100%

Milestone:
CCI-1.0.0
Product Version:
*
Story Points:
Sprint:

Description

I've talked with Mark and Duane a bit about setting up lava.lternet.edu as a staging MN. Here are the general configuration instructions I've sent them.

Hi Mark and Duane.
I wanted to follow up with notes I took this morning about configuring lava.ltlernet.edu as a staging/sandbox DataONE member node.

A) The pertinent DataONE configuration values for lava.lternet.edu are below. Some of them are just recommendations, but others must match what we configure the KNB staging node as. All these can be set in the Metacat Admin interface, except for the Coordinating Node setting which you'll have to edit manually before doing the rest of the Member node configuration otherwise you won't be communicating with the correct Coordinating Node.

  • the DataONE Coordinating node we wil be using:
    D1Client.CN_URL=https://cn-stage.dataone.org/cn

  • the location of the certificate we generate for you (attached)
    D1Client.certificate.file=/var/metacat/certs/urn_node_mnStageLTER.pem

-client certificate subject in that certificate:
dataone.subject=CN=urn:node:mnStageLTER,DC=dataone,DC=org

  • the contact subject (must be registered via the portal before use in the node registration -- you can use mine for now)
    dataone.contactSubject=CN=Benjamin Leinfelder A515,O=University of Chicago,C=US,DC=cilogon,DC=org

  • your nodeId:
    dataone.nodeId=urn:node:mnStageLTER

  • your preferred replication policy (points to the KNB nodeId):
    dataone.replicationpolicy.default.preferredNodeList=urn:node:mnStageUCSB1

B) For DOI generation/mapping you must configure these options before running through the 1.9.5->2.0.0 upgrade
-enable it
guid.assignGUIDs=true

-your LTER server's shoulder for your documents:
guid.ezid.doishoulder.1=doi:10.5072/FK2/LTER/

C) For general instructions on setting up a Metacat MN deployment, the documentation has been updated to reflect most of this (though I can see there are some crucial changes regarding the nodeId that still need to be edited in these docs). You can see those here: http://dev-testing.dataone.org:8080/hudson/job/Metacat/javadoc/dataone.html


Subtasks

Task #2723: Generate test certificate for urn:node:mnStageLTERClosedMatthew Jones

Task #2858: DOI conversion procedureClosedMark Servilla


Related issues

Related to Infrastructure - Task #2724: PISCO - set up stage server Closed 2012-05-09

History

#1 Updated by Mark Servilla almost 12 years ago

I have gone through an initial setup using a clean Metacat 2.0.0 installation from https://code.ecoinformatics.org/code/metacat/trunk/ on 9 May 2012. Building and installation succeed, but the web-based configuration fails with the following error:

@The following errors occurred. Please correct errors if possible or contact your system adminstrator or contact support at null

-- D1Admin.configureDataONE error: Need a valid certificate before request can be processed@

I have confirmed that the certificate is in the appropriate location and is still valid:

@Certificate:
Data:
Version: 3 (0x2)
Serial Number:
(Negative)09:33:a7:0b:0c:64:80:3f
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=New Mexico, L=Albuquerque, O=DataONE, CN=DataONE CA/emailAddress=administrator@dataone.org
Validity
Not Before: Feb 29 21:41:29 2012 GMT
Not After : Mar 1 21:41:29 2112 GMT
Subject: DC=org, DC=dataone, CN=urn:node:mnStageLTER
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:a1:4b:55:c8:1e:df:99:9b:c7:4c:8a:78:25:23:
d9:b8:a6:e8:76:e7:45:8e:c0:b4:af:a2:2f:a8:18:
a8:f9:da:99:7d:c9:bd:2d:2f:f8:4d:e7:c6:ec:54:
da:47:12:7b:fe:9a:6b:75:94:6f:55:f0:f7:db:9e:
e5:c5:c4:d2:74:27:e3:b4:8d:ca:4c:ef:2d:7c:d9:
d8:56:44:22:30:98:41:99:22:8d:22:d1:64:9a:f9:
64:6a:00:d4:95:10:61:ec:f5:fb:b2:d7:cb:4d:59:
d3:93:e4:5e:00:af:ca:5c:ba:27:08:36:ed:8f:45:
67:da:98:ae:4a:c0:6e:60:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Data Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Authority Key Identifier:
keyid:14:B0:B4:ED:A1:90:8B:A2:8B:04:DC:7A:A1:2E:08:95:AA:93:BB:E0
DirName:/C=US/ST=New Mexico/L=Albuquerque/O=DataONE/CN=DataONE CA/emailAddress=administrator@dataone.org
serial:FD:E1:8F:68:21:4A:23:AE@

#2 Updated by Matthew Jones almost 12 years ago

Mark --

It looks like your certificate was not signed by the correct CA. The issuer for your certificate is:

C=US, ST=New Mexico, L=Albuquerque, O=DataONE, CN=DataONE CA/emailAddress=administrator@dataone.org

We've moved to a new Test CA that is identified with the subject:

DC=org, DC=dataone, CN=DataONE Test CA

So, you'll need a new certificate for testing (and another one for production, which I will be generating once we have the nodeids approved).

#3 Updated by Ben Leinfelder almost 12 years ago

updated the main instructions to use:
D1Client.CN_URL=https://cn-stage.dataone.org/cn

#4 Updated by Ben Leinfelder almost 12 years ago

removed configuration note for other servers' DOI shoulder - only the LTER shoulder should be used for LTER

#5 Updated by Mark Servilla over 11 years ago

  • Status changed from New to In Progress

Deployed a test server, tepui.lternet.edu, and successfully deployed Metacat 2.0.1, including all ancillary applications and configurations. This test server was a mirror image of the LTER production Metacat server and contained its full database of data package content. The server successfully upgraded from Metacat 1.9.5, registered as a DataONE MN in the CN-Stage environment and generated the appropriate system metadata. This server will be left status quo for the time being until full testing of additional DataONE components/configuration are performed (e.g., assignment/update of GUIDs with KNB/PISCO DOIs).

#6 Updated by Mark Servilla over 11 years ago

  • Status changed from In Progress to Closed

Testing for the server tepui.lternet.edu is now complete; this server will remain available for testing for a short period of time beyond this date.

A full production deployment of Metacat 2.x is also complete on tropical.lternet.edu (aka metacat.lternet.edu).

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)