Member Nodes

+From Jan 17, 2017:+

Xiaoyan Li is installing GMN v2.

Once testing server is complete, and functions as a Tier 4 node in the test environment, and NCEI is ready to upgrade the production version, the Node document in DataONE would be changed to point to the new Tier 4 GMN rather than the older Tier 1 slender node URL.

Node operator will need to re-register the node in the test environment and then in production, pointing to the new baseUrl and advertising the new capabilities. For this document: https://cn.dataone.org/cn/v2/node/urn:node:NCEI, the baseURl would change from the current https://ncei-node.dataone.org/mn to the new one.

Some Notes about Existing Implementation:
* DataONE is not minting identifiers for NCEI.
* The slender-node implementation is just using what is available in the metadata provided.
* The MN implementation is simple in that it simply exposes the ISO metadata presented from NCEI.

Some Notes about New Implementation:
* Xiaoyan is submitting a request for GMN Security review internally to seek running GMN software on a standalone CentOS6 server at CNEI-MD.
* Anticipates pip install not being permitted due to NOAA5010 (NCEI-MD) security rules. Seeking to build/install GMN from source.

Summary of recommendations for source-based install:

_"Installing with pip is pretty much the same as installing from source code. Since it's all script, the packages downloaded by pip contain the source and can be examined. Since the machine must be visible from the web, pip can probably reach PyPI, but if there is a requirement to more tightly control available packages, you can copy the packages to a local pip repo and install from there with pip.

If pip is still restricted after that, it could be because the old type of packages allowed the code in the package to run on the local machine at install time. But that is not the case with the new(er) Wheel format, which is what GMN uses.

The main issue with installing GMN manually is that you'll have to handle installing all the dependencies manually as well."_

+From Feb 1, 2017:+

List of GMN Dependencies Provided:
* appdirs==1.4.0
* CacheControl==0.11.6
* cffi==1.9.1
* cryptography==1.5.2
* dataone.cli==1.2.5
* dataone.common==2.0.0
* dataone.gmn==2.0.1
* dataone.libclient==2.0.0
* Django==1.10.1
* enum34==1.1.6
* google.foresite-toolkit==1.3
* html5lib==0.999999999
* idna==2.2
* ipaddress==1.0.18
* iso8601==0.1.11
* isodate==0.5.4
* lxml==3.7.2
* packaging==16.8
* psycopg2==2.5.2
* pyasn1==0.1.9
* pycparser==2.17
* PyJWT==1.4.2
* pyOpenSSL==16.2.0
* pyparsing==1.5.7
* python-dateutil==2.1
* PyXB==1.2.5
* rdflib==4.0.1
* requests==2.12.4
* six==1.10.0
* SPARQLWrapper==1.8.0
* webencodings==0.5

More implementation notes:

NCEI is going to take GMN & Slender node code and adjust to enable replication support so that Arctic Data Center will replicate to NCEI. Therefore NCEI content is separate, but NCEI is in the role of node operator.

Contacted by Xioyan for help resolving what appears to be certificate errors preventing apache from starting in CentOS after attempting to generate self-signed certificate for testing.

Some clues in var/log/httpd/error.log

[Wed Apr 04 16:04:31.355966 2018] [ssl:info] [pid 129351] AH02200: Loading certificate & private key of SSL-aware server 'ncei-2.nceas.ucsb.edu:443'
[Wed Apr 04 16:04:31.356143 2018] [ssl:info] [pid 129351] AH01914: Configuring server ncei-2.nceas.ucsb.edu:443 for SSL protocol
[Wed Apr 04 16:04:31.356494 2018] [ssl:warn] [pid 129351] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

The bit about RSA server certificate is a CA certificate may indicate that there's been some mix-up in which cert was referenced/placed where.