Project

General

Profile

MNDeployment #6957

NRDC - Nevada Research Data Center

Added by Laura Moyers almost 9 years ago. Updated over 4 years ago.

Status:
Operational
Priority:
Normal
Assignee:
Target version:
Start date:
2015-03-25
Due date:
% Done:

93%

Latitude:
39.53
Longitude:
-119.82
MN Description:
The Nevada Research Data Center is dedicated to providing services and curation for project-level datasets and needs.
Base URL:
http://www.sensor.nevada.edu/NRDC/
NodeIdentifier:
urn:node:NRDC
MN Tier:
Tier 1
Software stack:
GMN
MN_Date_Online:
2015-12-21
Name:
Logo URL:
Date Upcoming:
Date Deprecated:
Information URL:
Version:

Description

The NCCP, based at the University of Nevada, Reno, is a part of the Nevada EPSCoR project. They currently have about a dozen sensor sites collecting climate data, with the intent to add 1-2 sites each year for the next 2-3 years.

At present, the goal is to stand up a Tier 1 GMN exposing monthly aggregated data (immutable).

See http://sensor.nevada.edu

Technical POCs are Richard Kelley and Moinul Hossain.

Initial meeting notes: https://epad.dataone.org/pad/p/NCCP_and_DataONE


Subtasks

Task #6958: NCCP: Join DataONEClosedLaura Moyers

Task #6959: NCCP: Scope the implementationClosedLaura Moyers

Task #6960: NCCP: Plan the implementationClosedMark Servilla

Task #6961: NCCP: Design, code and component test a new MN implementationClosedLaura Moyers

Task #6964: NCCP: Local TestingClosed

Task #6965: NCCP: Establish DataONE user identity in Testing EnvironmentClosed

Task #6966: NCCP: Configure SSL Certificates for Testing EnvironmentClosedMark Servilla

Task #6967: NCCP: Verify MN Content and Services in Testing EnvironmentClosedMark Servilla

Task #6968: NCCP: Register MN in Testing EnvironmentClosedMark Servilla

Task #6969: NCCP: Verify CN Content and Services in Testing EnvironmentClosedMark Servilla

Task #6970: NCCP: Check Authentication and Authorization in Testing EnvironmentClosedMark Servilla

Task #6971: NCCP: Show MN as "upcoming" on the dashboardClosed

Task #6972: NCCP: Establish DataONE user identity in ProductionClosed

Task #6973: NCCP: Configure SSL Certificates for ProductionClosedMark Servilla

Task #6974: NCCP: Verify MN Content and Services in ProductionClosedLaura Moyers

Task #6975: NCCP: Register MN in ProductionClosedMark Servilla

Task #6976: NCCP: Verify CN Content and Services in ProductionClosedLaura Moyers

Task #6977: NCCP: Check Authentication and Authorization in ProductionClosedLaura Moyers

Task #6978: NCCP: Mutual acceptanceClosedLaura Moyers

Task #6979: NCCP: Ensure MN appears on Current MNs webpage (dashboard)ClosedAmber Budden

Task #6980: NCCP: Document and AnnounceClosedAmber Budden

Task #7347: Resolve firewall deployment issue for NRDCClosedMark Servilla

Support #8375: The urn:node:NRDC member node operator requested assistance in diagnosing an issue between their local data repository and GMNClosedMark Servilla

Bug #8624: MN Certificate has expiredClosedMark Servilla

Task #8676: NRDC -GMN upgrade 2.4.2 to 3.0.4NewRoger Dahl

Support #8677: The production MN client certificate for urn:node:NRDC has expired as of 19 August 2018ClosedRoger Dahl

Bug #8844: Server certificate is expiredNew


Related issues

Related to Infrastructure - Bug #7318: Indexing failure with ObjectPath not found / Was: mnTestAEKOS PIDs fail to be indexed by Solr in cn-stage due to lack of "Object Path" for the PIDs Closed 2015-08-26
Related to Infrastructure - Bug #7504: Investigate support for TLS Server Name Indication during CN-to-MN communications Closed 2015-11-30

History

#1 Updated by Laura Moyers almost 9 years ago

  • NodeIdentifier changed from urn:node:NCCP to urn:node:NRDC
  • MN Description changed from The Nevada Climate Change Portal (NCCP) provides access to real-time and archived environmental data to enhance the ability of scientists, land managers, educators and students to analyze and graphically present environmental data observations. to The Nevada Research Data Center is dedicated to providing services and curation for project-level datasets and needs.
  • Subject changed from NCCP - Nevada Climate Change Portal to NRDC - Nevada Research Data Center (was referred to as NCCP)

#3 Updated by Laura Moyers over 8 years ago

  • Target version changed from Deploy by end of Y1Q3 to Deploy by end of Y1Q4
  • Base URL set to http://www.sensor.nevada.edu/NRDC/
  • % Done changed from 1 to 50
  • Status changed from Ready to Testing

#4 Updated by Laura Moyers over 8 years ago

Eric Fritzinger (ericf@cse.unr.edu) has developed some documentation for what he needed to do on his end related to having a Windows server acting as a reverse proxy to the Linux server where they have their GMN:

Just as an addendum, and for your documentation in the future should you have any users with a similar setup (or who want a similar setup), we managed to get the reverse proxy working with https.

As you may recall, our server setup is a Windows Server 2012 IIS 8 server acting as a reverse proxy to the back-end GMN linux server. In order to get IIS 8 to work with using https on the back-end, there are a couple things that had to be done.

First, I had to update the IIS Application Request Routing module to 3.0 (I was previously using 2.0).

Secondly, I had to make sure the reverse proxy server trusted the certificate used by the target server. There are two ways to do this (the “target server” in these cases is the back-end GMN server that the reverse proxy is pointing to):

1.) Create a Certificate Root Authority server that the cluster recognizes and trusts (Windows Server OS has a Role that can be added for this purpose). Make sure the reverse proxy server recognizes the CRA as a Trusted source (explained below). Then, have the CRA issue the certificate requested by the target server and configure the target server to use that issued certificate.

2.) Create a self-signed certificate on the target server and export it. Have the IIS 8 server import the certificate as a Trusted Certificate Root Authority certificate (explained below), and it will be trusted.

To check the status of a Trusted CRA on a Windows Server OS, or to import a certificate into the TCRA:
1. Go to Start -> Run, type “mmc.exe” and click OK
2. When the console window comes up click File->Add/Remove Snap-In…
3. Add the “Certificates” module and click Next
4. Select the “Computer Account” option, click Next
5. Select the “Local Computer” option, click OK

If you expand the tree, you’ll see the “Trusted Certificate Root Authorities” folder to see all the trusted root authorities. This is where either the local Certificate Root Authority server certificate should be, or where you import the target server’s self-signed certificate (by right-clicking the folder and selecting Import from the context menu).

Option 1 is typically good for larger server clusters that will have a lot of servers behind a reverse proxy using https (which we eventually will be using). Option 2 is quick and easy. I went with Option 2 for now since I wanted to be sure it worked quickly without much hassle.

This write-up is mainly to let you all know how we got it to work (I’m not a fan of “magic”, myself =) ). Also, I wanted to make sure it was written down somewhere in case of emergency.

Take care!
~Eric

#5 Updated by Laura Moyers over 8 years ago

  • Target version changed from Deploy by end of Y1Q4 to Deploy by end of Y2Q1

#6 Updated by Laura Moyers over 8 years ago

  • Related to Bug #7318: Indexing failure with ObjectPath not found / Was: mnTestAEKOS PIDs fail to be indexed by Solr in cn-stage due to lack of "Object Path" for the PIDs added

#8 Updated by Mark Servilla over 8 years ago

  • Related to Bug #7504: Investigate support for TLS Server Name Indication during CN-to-MN communications added

#9 Updated by Laura Moyers about 8 years ago

  • MN_Date_Online set to 2015-12-21
  • Target version changed from Deploy by end of Y2Q1 to Operational
  • Status changed from Testing to Operational

NRDC MN operational as of 12/21/15 but will not be formally announced until week of 4 January 2016.

#10 Updated by Laura Moyers about 8 years ago

  • Longitude changed from 119.82 to -119.82

#11 Updated by Laura Moyers almost 8 years ago

  • Subject changed from NRDC - Nevada Research Data Center (was referred to as NCCP) to NRDC - Nevada Research Data Center

NRDC needs to transition to Tier 4 functionality. Laura to get documentation and other information to Moinul ASAP; this needs to be accomplished before Moinul graduates.

#12 Updated by Laura Moyers almost 8 years ago

Change tech POC - Moinul has graduated.

#13 Updated by Laura Moyers over 6 years ago

Current (temporary) technical POC is Hannah Munoz, hannah.munoz92@gmail.com.

NRDC's LE cert had expired, and while sorting that out we discovered some more concerning issues. Email from Laura to Eric 8/16/17:

When looking to see how the NRDC MN is behaving, we uncovered some issues. Prepare yourself…

We see 6663 objects on the CNs. https://cn.dataone.org/cn/v2/object?nodeId=urn:node:NRDC These objects comprise the 2221 datasets that we see in DataONE search.

We see 0 objects on the MN. https://dataone.sensor.nevada.edu/mn/v2/object (This is where I freaked out a bit.)
Because DataONE doesn’t see any objects on the MN, when we try to download any object from NRDC from the search results, we get 404s. The science metadata, however, IS retrievable from the CNs from where it was sync’d previously. (Yay)

The last time we really talked about NRDC was 12/12/16, which is also the Last Harvested Date (see in the node registration document https://cn.dataone.org/cn/v2/node/urn:node:NRDC). At that time, you were still running GMN v1.x. We’re thinking that something in the transition to GMN v2.0.5 has confused things a bit – perhaps a configuration change, maybe something related to settings_site.py and settings.py being combined in GMN v2. We’ll do some more investigating, but Mark has identified some things we need your help with to figure out what is going on.

  1. Ensure that PostgreSQL database is accessible to the GMN application
  2. Ensure that the OBJECT_STORE_PATH attribute is correctly set to the NRDC location for GMN data (OBJECT_STORE_PATH = '/var/local/dataone/gmn_object_store')
  3. Ensure the server you deployed GMN v2.0.5 to is indeed the correct server

Maybe look at your GMN and see if both the settings_site.py and settings.py files are present? If they are, maybe GMN is confused?

Eric responded the same day:

Thank you for the heads up!

I have CC’d Hannah on this since she is in charge of the DataONE server’s GMN.

We will get to the bottom of this and get everything back up and running. =)

#15 Updated by Dave Vieglais about 6 years ago

  • Sprint set to Ongoing Operational

#17 Updated by Mark Servilla over 5 years ago

  • Assignee changed from Mark Servilla to Roger Dahl

#18 Updated by Dave Vieglais over 4 years ago

  • Assignee changed from Roger Dahl to Amy Forrester

#19 Updated by Amy Forrester over 4 years ago

connor transitioning out of role as the admin for the NRDC and passing it onto another grad student: Andrew Munoz

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)