NCEI - Implement GMN for replicating Arctic Data Center Data
New Additional Technical Contact:
Xiaoyan - Working at NOAA NCEI facility with Sheekela, Ken.
* Upgrade NCEI from Tier 1 to Tier 4, in order to fulfill replication partnshership with Arctic Data Center.
* Moving GMN hosted by DataONE to hosting by NCEI.
* Interested in further exploring implementation of DataONE API in current NCEI system.
#2 Updated by Monica Ihli over 5 years ago
+From Jan 17, 2017:+
Xiaoyan Li is installing GMN v2.
Once testing server is complete, and functions as a Tier 4 node in the test environment, and NCEI is ready to upgrade the production version, the
Node document in DataONE would be changed to point to the new Tier 4 GMN rather than the older Tier 1 slender node URL.
Node operator will need to re-register the node in the test environment and then in production, pointing to the new baseUrl and advertising the new capabilities. For this document: https://cn.dataone.org/cn/v2/node/urn:node:NCEI, the
baseURl would change from the current https://ncei-node.dataone.org/mn to the new one.
Some Notes about Existing Implementation:
* DataONE is not minting identifiers for NCEI.
* The slender-node implementation is just using what is available in the metadata provided.
* The MN implementation is simple in that it simply exposes the ISO metadata presented from NCEI.
Some Notes about New Implementation:
* Xiaoyan is submitting a request for GMN Security review internally to seek running GMN software on a standalone CentOS6 server at CNEI-MD.
* Anticipates pip install not being permitted due to NOAA5010 (NCEI-MD) security rules. Seeking to build/install GMN from source.
Summary of recommendations for source-based install:
_"Installing with pip is pretty much the same as installing from source code. Since it's all script, the packages downloaded by pip contain the source and can be examined. Since the machine must be visible from the web, pip can probably reach PyPI, but if there is a requirement to more tightly control available packages, you can copy the packages to a local pip repo and install from there with pip.
If pip is still restricted after that, it could be because the old type of packages allowed the code in the package to run on the local machine at install time. But that is not the case with the new(er) Wheel format, which is what GMN uses.
The main issue with installing GMN manually is that you'll have to handle installing all the dependencies manually as well."_
+From Feb 1, 2017:+
List of GMN Dependencies Provided:
#5 Updated by Monica Ihli over 4 years ago
Contacted by Xioyan for help resolving what appears to be certificate errors preventing apache from starting in CentOS after attempting to generate self-signed certificate for testing.
Some clues in var/log/httpd/error.log
[Wed Apr 04 16:04:31.355966 2018] [ssl:info] [pid 129351] AH02200: Loading certificate & private key of SSL-aware server 'ncei-2.nceas.ucsb.edu:443'
[Wed Apr 04 16:04:31.356143 2018] [ssl:info] [pid 129351] AH01914: Configuring server ncei-2.nceas.ucsb.edu:443 for SSL protocol
[Wed Apr 04 16:04:31.356494 2018] [ssl:warn] [pid 129351] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
The bit about RSA server certificate is a CA certificate may indicate that there's been some mix-up in which cert was referenced/placed where.