Infrastructure

The GoDaddy test SSL certificates expired on July 17th, and so servers in each environment need to transition to use the newly purchased certificates. Dave has added these new certs to the 3 development CNs:

I have placed the certificate, key, and intermediate CA cert on cn-dev, cn-dev-2, and cn-dev-3.

The *.test.dataone.org certificate is /etc/ssl/.test.dataone.org.crt
The geotrust intermediate CA cert is /etc/ssl/geotrust_intermediate.crt
The key for *.test.dataone.org is /etc/ssl/private/.test.dataone.org.key

The new certs are for the test.dataone.org domain, and so the server names will need to change in DNS. During this transition, the CNs in the development environment will also be renamed to be aligned with our new name conventions (outlined by Andy):

I am proposing that we take advantage of the change to bring the three development coordinating nodes
in line with the current naming convention (cn---).

As a result, if this proposal is accepted, the machine names would change from --> to:

            cn-dev.dataone.org --> cn-dev-ucsb-1.test.dataone.org
            cn-dev-2.dataone.org --> cn-dev-unm-1.test.dataone.org
            cn-dev-3.dataone.org --> cn-dev-orc-1.test.dataone.org

            cn-sandbox-ucsb-1.dataone.org --> cn-sandbox-ucsb-1.test.dataone.org
            cn-sandbox-unm-1.dataone.org --> cn-sandbox-unm-1.test.dataone.org
            cn-sandbox-orc-1.dataone.org --> cn-sandbox-orc-1.test.dataone.org

            cn-stage-ucsb-1.dataone.org --> cn-stage-ucsb-1.test.dataone.org
            cn-stage-unm-1.dataone.org --> cn-stage-unm-1.test.dataone.org
            cn-stage-orc-1.dataone.org --> cn-stage-orc-1.test.dataone.org

Configuration scripts in the dataone-cn-os-core debian package will need to be updated to reflect the DNS changes