Bug #5742
production oa4mp_client.xml in metacat contains wrong key
100%
Description
Create a new configuration template entry in dataone-cn-os-core that allows for the privateKeyFile in oa4mp_client.xml to configure different keys based on environment.
Take Servlets out for Metacat.
Edit the Web.xml to take out the additional servlets.
History
#1 Updated by Robert Waltz over 9 years ago
- Product Version changed from * to 1.4.0
- Assignee changed from Robert Waltz to Jing Tao
- Description updated (diff)
#2 Updated by Robert Waltz over 9 years ago
- Target version changed from 2014.28-Block.4.2 to 2014.30-Block.4.3
- Due date changed from 2014-07-19 to 2014-08-02
#3 Updated by Jing Tao over 9 years ago
I talked with ben and we believe the easiest way to take out the MyProxy portal servlet out from web.xml in the posinst script in metacat cn buildout.
#4 Updated by Jing Tao over 9 years ago
In the Metacat svn trunk, the MyProxy servlet was commented out in the web.xml file. I installed the cn stacks successfully even though the two files - /etc/ssl/private/.test.dataone.org.key.pk8 and /etc/ssl/certs/.test.dataone.org.crt.publickey.
#5 Updated by Jing Tao over 9 years ago
In the cn-sandbox-orc-1, I tried to reproduce the bug:
1. Moved the two files to /etc/ssl
2. Rehashed /etc/ssl/certs.
3. Rebuilt dataone-cn-metacat beta on jenkins without any change.
4. apt-get update
5. apt-get upgrade.
However, dataone-cn-metacat was upgraded successfully. And I configured metacat successfully.
So I can't reproduce the bug. Robert, did i miss anything?
#6 Updated by Robert Waltz over 9 years ago
In Production, the oa4mp_client.xml in Metacat contains the wrong key.
In Production, the file, oa4mp_client.xml contained the lines:
/etc/ssl/private/.test.dataone.org.key.pk8
/etc/ssl/certs/.test.dataone.org.crt.publickey
Metacat would fail to start properly until the lines were changed to
/etc/ssl/private/dataone_org.key.pk8
/etc/ssl/certs/_.dataone.org.crt.publickey
I also noticed this configuration setting in Production in the xml file:
https://mn-demo-4.test.dataone.org/metacat/ready
Ben mentioned to me that the MyProxy portal was not even needed for CN Production, so it may be useful to comment out/remove the Serlvets in the web.xml for the MyProxy portal delegation functionality in metacat during debian installation.
#7 Updated by Jing Tao over 9 years ago
- Status changed from New to Closed
In the metacat trunk, the mypoxy servlet was removed. It should no't have any problem.
#8 Updated by Skye Roseboom over 9 years ago
- Due date changed from 2014-08-02 to 2014-09-02
- Target version changed from 2014.30-Block.4.3 to Release Backlog
#9 Updated by Robert Waltz over 9 years ago
- Product Version changed from 1.4.0 to *
#10 Updated by Dave Vieglais over 9 years ago
- Due date changed from 2014-09-02 to 2014-09-24
- Target version changed from Release Backlog to CCI-1.4.1
#11 Updated by Robert Waltz over 9 years ago
- Status changed from Closed to In Progress
#12 Updated by Robert Waltz over 9 years ago
- Target version changed from CCI-1.4.1 to CCI-1.5.0
#13 Updated by Jing Tao over 9 years ago
- Status changed from In Progress to Testing
#14 Updated by Jing Tao over 9 years ago
- Status changed from Testing to Closed
- Due date changed from 2014-09-24 to 2014-12-16
