Project

General

Profile

Task #2724

Story #2720: KNB, LTER, PISCO, ESA, SANPARKS roll out

PISCO - set up stage server

Added by Ben Leinfelder over 12 years ago. Updated over 12 years ago.

Status:
Closed
Priority:
Normal
Category:
-
Start date:
2012-05-09
Due date:
% Done:

100%

Milestone:
CCI-1.0.0
Product Version:
*
Story Points:
Sprint:

Description

We'll need a testing server for staging existing PISCO data. If Mike Frenock can set this up that would be great, but we can also help with this (say if there are hardware concerns etc). It should house at least a subset of the current PISCO holdings. THe instructions for setting this up are just like the LTER staging node (see related redmine task).


Subtasks

Task #2741: Generate urn:node:mnStagePISCO certificateClosedMatthew Jones

Task #2773: Generate test.piscoweb.org certificate/keyClosedMatthew Jones

Task #2774: Generate ?.piscoweb.org certificate/keyClosedMatthew Jones


Related issues

Related to Infrastructure - Task #2722: LTER - set up MN for staging Closed 2012-05-08

History

#1 Updated by Matthew Jones over 12 years ago

PISCO is getting a DOI prefix too, so expect them to switch as well.

#2 Updated by Ben Leinfelder over 12 years ago

Do we know what the DOI prefix will be?

#3 Updated by Ben Leinfelder over 12 years ago

  • Assignee changed from Matthew Jones to Michael Frenock

#4 Updated by Ben Leinfelder over 12 years ago

A) The pertinent DataONE configuration values for test.piscoweb.org are below. Some of them are just recommendations, but others must match what we configure the KNB staging node as. All these can be set in the Metacat Admin interface, except for the Coordinating Node setting which you'll have to edit manually before doing the rest of the Member node configuration otherwise you won't be communicating with the correct Coordinating Node.

  • the DataONE Coordinating node we wil be using:
    D1Client.CN_URL=https://cn-sandbox.dataone.org/cn

  • the location of the certificate we generated for you - can be anywhere convenient
    D1Client.certificate.file=/var/metacat/certs/urn_node_mnStagePISCO.pem

-client certificate subject in that certificate:
dataone.subject=CN=urn:node:mnStagePISCO,DC=dataone,DC=org

  • the contact subject (must be registered via the portal before use in the node registration -- you can use mine if you cannot get your own, but please try your own)
    dataone.contactSubject=CN=Benjamin Leinfelder A515,O=University of Chicago,C=US,DC=cilogon,DC=org

  • your nodeId:
    dataone.nodeId=urn:node:mnStagePISCO

  • your preferred replication policy (points to the stage KNB nodeId):
    dataone.replicationpolicy.default.preferredNodeList=urn:node:mnStageUCSB1

B) For DOI generation/mapping you must configure these options BEFORE running through the 1.9.5->2.0.0 upgrade with the Metacat admin interface
-enable it
guid.assignGUIDs=true

-your PISCO server's shoulder for your documents:
guid.ezid.doishoulder.1=doi:10.5072/FK2/PISCO/

-our KNB shoulder (the number must match the entry you have for us in your xml_replication table)
guid.ezid.doishoulder.?=doi:10.5072/FK2/KNB/

C) For general instructions on setting up a Metacat MN deployment, the documentation has been updated to reflect most of this (though I can see there are some crucial changes regarding the nodeId that still need to be edited in these docs). You can see those here: http://dev-testing.dataone.org:8080/hudson/job/Metacat/javadoc/dataone.html

#5 Updated by Ben Leinfelder over 12 years ago

  • Status changed from New to In Progress

Hi Mike,
I was just organizing my thoughts on how to proceed. Since you have Metacat 2.0.0 deployed, let's go ahead and try configuring/registering your MN as it is.
You'll need to set a few metacat.properties values before using the Metacat admin interface (and then restart tomcat so they are reloaded).
Some of these may already be set, but I've included them just to double check:

points to our cn-stage server

D1Client.CN_URL=https://cn-stage.dataone.org/cn

make sure you haven't already configured it in the admin screen

configutil.dataoneConfigured=false

make sure you haven't hit the "Register" button in the admin screen

dataone.mn.registration.submitted=false

we want to skip this content generation during registration - otherwise it will take a very long time - so set to true

dataone.ore.generated=true
dataone.systemmetadata.generated=true

The other properties we need will be set in the DataONE admin screen after you log in as the Metacat administrator.
These are the values I'd recommend.

Node Name
PISCO Test MN
Node Description
Test instance of the PISCO Member Node
Node Identifier
urn:node:mnStagePISCO
Node Subject
CN=urn:node:mnStagePISCO,DC=dataone,DC=org
Contact Subject
CN=Michael Frenock T5780,O=Google,C=US,DC=cilogon,DC=org
Node Certificate Path
/var/metacat/certs/urn:node:mnStagePISCO.pem

Default Number of Replicas
2
Default Preferred Nodes

Default Blocked Nodes

The "Node Certificate Path" is very important - this is that first client certificate I sent you in an email (ooops, not the most secure!). Note that it must be readable by the user running the tomcat process (e.g. "tomcat6"). The certificate identifies your MN to the Coordinating Node which then checks that your Node Subject matches what is in the certificate and also that your Contact Subject is registered and verified as as DataONE user (it is).

Let's give it a whirl!
-ben

#6 Updated by Ben Leinfelder over 12 years ago

  • Status changed from In Progress to Closed

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)