Task #2722
Story #2720: KNB, LTER, PISCO, ESA, SANPARKS roll out
LTER - set up MN for staging
100%
Description
I've talked with Mark and Duane a bit about setting up lava.lternet.edu as a staging MN. Here are the general configuration instructions I've sent them.¶
Hi Mark and Duane.
I wanted to follow up with notes I took this morning about configuring lava.ltlernet.edu as a staging/sandbox DataONE member node.
A) The pertinent DataONE configuration values for lava.lternet.edu are below. Some of them are just recommendations, but others must match what we configure the KNB staging node as. All these can be set in the Metacat Admin interface, except for the Coordinating Node setting which you'll have to edit manually before doing the rest of the Member node configuration otherwise you won't be communicating with the correct Coordinating Node.
the DataONE Coordinating node we wil be using:
D1Client.CN_URL=https://cn-stage.dataone.org/cnthe location of the certificate we generate for you (attached)
D1Client.certificate.file=/var/metacat/certs/urn_node_mnStageLTER.pem
-client certificate subject in that certificate:
dataone.subject=CN=urn:node:mnStageLTER,DC=dataone,DC=org
the contact subject (must be registered via the portal before use in the node registration -- you can use mine for now)
dataone.contactSubject=CN=Benjamin Leinfelder A515,O=University of Chicago,C=US,DC=cilogon,DC=orgyour nodeId:
dataone.nodeId=urn:node:mnStageLTERyour preferred replication policy (points to the KNB nodeId):
dataone.replicationpolicy.default.preferredNodeList=urn:node:mnStageUCSB1
B) For DOI generation/mapping you must configure these options before running through the 1.9.5->2.0.0 upgrade
-enable it
guid.assignGUIDs=true
-your LTER server's shoulder for your documents:
guid.ezid.doishoulder.1=doi:10.5072/FK2/LTER/
C) For general instructions on setting up a Metacat MN deployment, the documentation has been updated to reflect most of this (though I can see there are some crucial changes regarding the nodeId that still need to be edited in these docs). You can see those here: http://dev-testing.dataone.org:8080/hudson/job/Metacat/javadoc/dataone.html
Subtasks
Related issues
History
#1 Updated by Mark Servilla over 12 years ago
I have gone through an initial setup using a clean Metacat 2.0.0 installation from https://code.ecoinformatics.org/code/metacat/trunk/ on 9 May 2012. Building and installation succeed, but the web-based configuration fails with the following error:
@The following errors occurred. Please correct errors if possible or contact your system adminstrator or contact support at null
-- D1Admin.configureDataONE error: Need a valid certificate before request can be processed@
I have confirmed that the certificate is in the appropriate location and is still valid:
@Certificate:
Data:
Version: 3 (0x2)
Serial Number:
(Negative)09:33:a7:0b:0c:64:80:3f
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=New Mexico, L=Albuquerque, O=DataONE, CN=DataONE CA/emailAddress=administrator@dataone.org
Validity
Not Before: Feb 29 21:41:29 2012 GMT
Not After : Mar 1 21:41:29 2112 GMT
Subject: DC=org, DC=dataone, CN=urn:node:mnStageLTER
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:a1:4b:55:c8:1e:df:99:9b:c7:4c:8a:78:25:23:
d9:b8:a6:e8:76:e7:45:8e:c0:b4:af:a2:2f:a8:18:
a8:f9:da:99:7d:c9:bd:2d:2f:f8:4d:e7:c6:ec:54:
da:47:12:7b:fe:9a:6b:75:94:6f:55:f0:f7:db:9e:
e5:c5:c4:d2:74:27:e3:b4:8d:ca:4c:ef:2d:7c:d9:
d8:56:44:22:30:98:41:99:22:8d:22:d1:64:9a:f9:
64:6a:00:d4:95:10:61:ec:f5:fb:b2:d7:cb:4d:59:
d3:93:e4:5e:00:af:ca:5c:ba:27:08:36:ed:8f:45:
67:da:98:ae:4a:c0:6e:60:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Data Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Authority Key Identifier:
keyid:14:B0:B4:ED:A1:90:8B:A2:8B:04:DC:7A:A1:2E:08:95:AA:93:BB:E0
DirName:/C=US/ST=New Mexico/L=Albuquerque/O=DataONE/CN=DataONE CA/emailAddress=administrator@dataone.org
serial:FD:E1:8F:68:21:4A:23:AE@
#2 Updated by Matthew Jones over 12 years ago
Mark --
It looks like your certificate was not signed by the correct CA. The issuer for your certificate is:
C=US, ST=New Mexico, L=Albuquerque, O=DataONE, CN=DataONE CA/emailAddress=administrator@dataone.org
We've moved to a new Test CA that is identified with the subject:
DC=org, DC=dataone, CN=DataONE Test CA
So, you'll need a new certificate for testing (and another one for production, which I will be generating once we have the nodeids approved).
#3 Updated by Ben Leinfelder over 12 years ago
updated the main instructions to use:
D1Client.CN_URL=https://cn-stage.dataone.org/cn
#4 Updated by Ben Leinfelder over 12 years ago
removed configuration note for other servers' DOI shoulder - only the LTER shoulder should be used for LTER
#5 Updated by Mark Servilla over 12 years ago
- Status changed from New to In Progress
Deployed a test server, tepui.lternet.edu, and successfully deployed Metacat 2.0.1, including all ancillary applications and configurations. This test server was a mirror image of the LTER production Metacat server and contained its full database of data package content. The server successfully upgraded from Metacat 1.9.5, registered as a DataONE MN in the CN-Stage environment and generated the appropriate system metadata. This server will be left status quo for the time being until full testing of additional DataONE components/configuration are performed (e.g., assignment/update of GUIDs with KNB/PISCO DOIs).
#6 Updated by Mark Servilla over 12 years ago
- Status changed from In Progress to Closed
Testing for the server tepui.lternet.edu is now complete; this server will remain available for testing for a short period of time beyond this date.
A full production deployment of Metacat 2.x is also complete on tropical.lternet.edu (aka metacat.lternet.edu).
