�cdocutils.nodes
document
q�)Åq�}q�(U nametypesq�}q�(X����configuring replicationq�NX����update metacat propertiesq�NX#���using the replication control panelq�NX=���generate certificates for metacat running under apache/tomcatq NX����replicationq
NX����update your metacat databaseq�NX ���to update the database using sqlq�NXI���to import a certificate into java keystore (for self-signed certificates)q
NX����to import a certificateq�NX/���generating and exchanging security certificatesq�NuU�substitution_defsq�}q�U�parse_messagesq�]q�U�current_sourceq�NU
decorationq�NU�autofootnote_startq�K�U�nameidsq�}q�(h�U�configuring-replicationq�h�U�update-metacat-propertiesq�h�U#using-the-replication-control-panelq�h U=generate-certificates-for-metacat-running-under-apache-tomcatq�h
U�replicationq�h�U�update-your-metacat-databaseq�h�U to-update-the-database-using-sqlq�h
UGto-import-a-certificate-into-java-keystore-for-self-signed-certificatesq h�U�to-import-a-certificateq!h�U/generating-and-exchanging-security-certificatesq"uU�childrenq#]q$cdocutils.nodes
section
q%)Åq&}q'(U rawsourceq(U�U�parentq)h�U�sourceq*XY���/var/lib/jenkins/jobs/metacat-unstable/workspace/docs/user/metacat/source/replication.rstq+U�tagnameq,U�sectionq-U
attributesq.}q/(U�dupnamesq0]U�classesq1]U�backrefsq2]U�idsq3]q4h�aU�namesq5]q6h
auU�lineq7K�U�documentq8h�h#]q9(cdocutils.nodes
title
q:)Åq;}q<(h(X����Replicationq=h)h&h*h+h,U�titleq>h.}q?(h0]h1]h2]h3]h5]uh7K�h8h�h#]q@cdocutils.nodes
Text
qAX����ReplicationqBÖÅqC}qD(h(h=h)h;ubaubcdocutils.nodes
note
qE)ÅqF}qG(h(X“���Note that much of the functionality provided by the replication subsystem in Metacat
has now been generalized and standardized by DataONE, so consider utilizing the
DataONE services for replication as it is a more general and standardized approach
than this Metacat-specific replication system. The Metacat replication system
will be supported for a while longer, but will likely be deprecated in a future
release in favor of using the DataONE replication approach.h)h&h*h+h,U�noteqHh.}qI(h0]h1]h2]h3]h5]uh7Nh8h�h#]qJcdocutils.nodes
paragraph
qK)ÅqL}qM(h(X“���Note that much of the functionality provided by the replication subsystem in Metacat
has now been generalized and standardized by DataONE, so consider utilizing the
DataONE services for replication as it is a more general and standardized approach
than this Metacat-specific replication system. The Metacat replication system
will be supported for a while longer, but will likely be deprecated in a future
release in favor of using the DataONE replication approach.qNh)hFh*h+h,U paragraphqOh.}qP(h0]h1]h2]h3]h5]uh7K�h#]qQhAX“���Note that much of the functionality provided by the replication subsystem in Metacat
has now been generalized and standardized by DataONE, so consider utilizing the
DataONE services for replication as it is a more general and standardized approach
than this Metacat-specific replication system. The Metacat replication system
will be supported for a while longer, but will likely be deprecated in a future
release in favor of using the DataONE replication approach.qRÖÅqS}qT(h(hNh)hLubaubaubhK)ÅqU}qV(h(X±���Metacat has a built-in replication feature that allows different Metacat servers
to share data (both XML documents and data files) between each other. Metacat
can replicate not only its home server's original documents, but also those
that were replicated from partner Metacat servers. When changes are made to
one server in a replication network, the changes are automatically propogated
to the network, even if the network is down.qWh)h&h*h+h,hOh.}qX(h0]h1]h2]h3]h5]uh7K
h8h�h#]qYhAX±���Metacat has a built-in replication feature that allows different Metacat servers
to share data (both XML documents and data files) between each other. Metacat
can replicate not only its home server's original documents, but also those
that were replicated from partner Metacat servers. When changes are made to
one server in a replication network, the changes are automatically propogated
to the network, even if the network is down.qZÖÅq[}q\(h(hWh)hUubaubhK)Åq]}q^(h(XP���Replication allows users to manage their data locally and (by replicating them
to a shared Metacat repository) to make those data available to the greater
scientific community via a centralized search. In other words, your Metacat can
be part of a broader network, but you retain control over the local repository
and how it is managed.q_h)h&h*h+h,hOh.}q`(h0]h1]h2]h3]h5]uh7K�h8h�h#]qahAXP���Replication allows users to manage their data locally and (by replicating them
to a shared Metacat repository) to make those data available to the greater
scientific community via a centralized search. In other words, your Metacat can
be part of a broader network, but you retain control over the local repository
and how it is managed.qbÖÅqc}qd(h(h_h)h]ubaubhK)Åqe}qf(h(XP���For example, the KNB Network (Figure 6.1), which currently consists of ten
different Metacat servers from around the world, uses replication to "join"
the disperate servers to form a single robust and searchable data
repository--facilitating data discovery, while leaving the data ownership and
management with the local administrators.qgh)h&h*h+h,hOh.}qh(h0]h1]h2]h3]h5]uh7K�h8h�h#]qihAXP���For example, the KNB Network (Figure 6.1), which currently consists of ten
different Metacat servers from around the world, uses replication to "join"
the disperate servers to form a single robust and searchable data
repository--facilitating data discovery, while leaving the data ownership and
management with the local administrators.qjÖÅqk}ql(h(hgh)heubaubcdocutils.nodes
figure
qm)Åqn}qo(h(U�h)h&h*h+h,U�figureqph.}qq(U�alignqrX����centerh3]qsU�id1qtah2]h0]h1]h5]uh7Nh8h�h#]qu(cdocutils.nodes
image
qv)Åqw}qx(h(Xd���.. figure:: images/screenshots/image059.jpg
:align: center
A map of the KNB Metacat network.
h.}qy(U�uriX����images/screenshots/image059.jpgqzh3]h2]h0]h1]U
candidatesq{}q|U�*hzsh5]uh)hnh#]h,U�imageq}ubcdocutils.nodes
caption
q~)Åq}qÄ(h(X!���A map of the KNB Metacat network.qÅh)hnh*h+h,U�captionqÇh.}qÉ(h0]h1]h2]h3]h5]uh7K#h#]qÑhAX!���A map of the KNB Metacat network.qÖÖÅqÜ}qá(h(hÅh)hubaubeubhK)Åqà}qâ(h(X����When properly configured, Metacat's replication mechanism can be triggered by
several types of events that occur on either the home or partner server: a
document insertion, an update, or an automatic replication (i.e., Delta-T
monitoring), which is set at a user-specified time interval.qäh)h&h*h+h,hOh.}qã(h0]h1]h2]h3]h5]uh7K%h8h�h#]qåhAX����When properly configured, Metacat's replication mechanism can be triggered by
several types of events that occur on either the home or partner server: a
document insertion, an update, or an automatic replication (i.e., Delta-T
monitoring), which is set at a user-specified time interval.qçÖÅqé}qè(h(häh)hàubaubcdocutils.nodes
table
qê)Åqë}qí(h(U�h)h&h*h+h,U�tableqìh.}qî(h0]h1]h2]h3]h5]uh7Nh8h�h#]qïcdocutils.nodes
tgroup
qñ)Åqó}qò(h(U�h.}qô(h3]h2]h0]h1]h5]U�colsK�uh)hëh#]qö(cdocutils.nodes
colspec
qõ)Åqú}qù(h(U�h.}qû(h3]h2]h0]h1]h5]U�colwidthK�uh)hóh#]h,U�colspecqüubhõ)Åq†}q°(h(U�h.}q¢(h3]h2]h0]h1]h5]U�colwidthK:uh)hóh#]h,hüubcdocutils.nodes
thead
q£)Åq§}q•(h(U�h.}q¶(h0]h1]h2]h3]h5]uh)hóh#]qßcdocutils.nodes
row
q®)Åq©}q™(h(U�h.}q´(h0]h1]h2]h3]h5]uh)h§h#]q¨(cdocutils.nodes
entry
q≠)ÅqÆ}qØ(h(U�h.}q∞(h0]h1]h2]h3]h5]uh)h©h#]q±hK)Åq≤}q≥(h(X����Replication Triggersq¥h)hÆh*h+h,hOh.}qµ(h0]h1]h2]h3]h5]uh7K+h#]q∂hAX����Replication Triggersq∑ÖÅq∏}qπ(h(h¥h)h≤ubaubah,U�entryq∫ubh≠)Åqª}qº(h(U�h.}qΩ(h0]h1]h2]h3]h5]uh)h©h#]qæhK)Åqø}q¿(h(X����Descriptionq¡h)hªh*h+h,hOh.}q¬(h0]h1]h2]h3]h5]uh7K+h#]q√hAX����DescriptionqƒÖÅq≈}q∆(h(h¡h)høubaubah,h∫ubeh,U�rowq«ubah,U�theadq»ubcdocutils.nodes
tbody
q…)Åq }qÀ(h(U�h.}qÃ(h0]h1]h2]h3]h5]uh)hóh#]qÕ(h®)ÅqŒ}qœ(h(U�h.}q–(h0]h1]h2]h3]h5]uh)h h#]q—(h≠)Åq“}q”(h(U�h.}q‘(h0]h1]h2]h3]h5]uh)hŒh#]q’hK)Åq÷}q◊(h(X����Insertqÿh)h“h*h+h,hOh.}qŸ(h0]h1]h2]h3]h5]uh7K-h#]q⁄hAX����Insertq€ÖÅq‹}q›(h(hÿh)h÷ubaubah,h∫ubh≠)Åqfi}qfl(h(U�h.}q‡(h0]h1]h2]h3]h5]uh)hŒh#]q·hK)Åq‚}q„(h(Xá���Whenever a document is inserted into Metacat, the server
notifies each server in its replication list
that it has a new file available.q‰h)hfih*h+h,hOh.}qÂ(h0]h1]h2]h3]h5]uh7K-h#]qÊhAXá���Whenever a document is inserted into Metacat, the server
notifies each server in its replication list
that it has a new file available.qÁÖÅqË}qÈ(h(h‰h)h‚ubaubah,h∫ubeh,h«ubh®)ÅqÍ}qÎ(h(U�h.}qÏ(h0]h1]h2]h3]h5]uh)h h#]qÌ(h≠)ÅqÓ}qÔ(h(U�h.}q(h0]h1]h2]h3]h5]uh)hÍh#]qÒhK)ÅqÚ}qÛ(h(X����UpdateqÙh)hÓh*h+h,hOh.}qı(h0]h1]h2]h3]h5]uh7K1h#]qˆhAX����Updateq˜ÖÅq¯}q˘(h(hÙh)hÚubaubah,h∫ubh≠)Åq˙}q˚(h(U�h.}q¸(h0]h1]h2]h3]h5]uh)hÍh#]q˝hK)Åq˛}qˇ(h(Xf���Whenever a document is updated, the server notifies
each server in its replication list of the update.r����h)h˙h*h+h,hOh.}r����(h0]h1]h2]h3]h5]uh7K1h#]r����hAXf���Whenever a document is updated, the server notifies
each server in its replication list of the update.r����ÖÅr����}r����(h(j����h)h˛ubaubah,h∫ubeh,h«ubh®)År����}r����(h(U�h.}r����(h0]h1]h2]h3]h5]uh)h h#]r ���(h≠)År
���}r����(h(U�h.}r����(h0]h1]h2]h3]h5]uh)j����h#]r
���hK)År����}r����(h(X����Delta-T monitoringr����h)j
���h*h+h,hOh.}r����(h0]h1]h2]h3]h5]uh7K4h#]r����hAX����Delta-T monitoringr����ÖÅr����}r����(h(j����h)j����ubaubah,h∫ubh≠)År����}r����(h(U�h.}r����(h0]h1]h2]h3]h5]uh)j����h#]r����hK)År����}r����(h(Xt���At a user-specified time interval, Metacat checks each
of the servers in its replication list
for updated documents.r����h)j����h*h+h,hOh.}r����(h0]h1]h2]h3]h5]uh7K4h#]r����hAXt���At a user-specified time interval, Metacat checks each
of the servers in its replication list
for updated documents.r����ÖÅr ���}r!���(h(j����h)j����ubaubah,h∫ubeh,h«ubeh,U�tbodyr"���ubeh,U�tgroupr#���ubaubh%)År$���}r%���(h(U�h)h&h*h+h,h-h.}r&���(h0]h1]h2]h3]r'���h�ah5]r(���h�auh7K:h8h�h#]r)���(h:)År*���}r+���(h(X����Configuring Replicationr,���h)j$���h*h+h,h>h.}r-���(h0]h1]h2]h3]h5]uh7K:h8h�h#]r.���hAX����Configuring Replicationr/���ÖÅr0���}r1���(h(j,���h)j*���ubaubhK)År2���}r3���(h(XO���To configure replication, you must configure both the home and partner servers:r4���h)j$���h*h+h,hOh.}r5���(h0]h1]h2]h3]h5]uh7K;h8h�h#]r6���hAXO���To configure replication, you must configure both the home and partner servers:r7���ÖÅr8���}r9���(h(j4���h)j2���ubaubcdocutils.nodes
enumerated_list
r:���)År;���}r<���(h(U�h)j$���h*h+h,U�enumerated_listr=���h.}r>���(U�suffixr?���U�.h3]h2]h0]U�prefixr@���U�h1]h5]U�enumtyperA���U�arabicrB���uh7K=h8h�h#]rC���(cdocutils.nodes
list_item
rD���)ÅrE���}rF���(h(XX���Create a list of partner servers on your home server using the Replication Control PanelrG���h)j;���h*h+h,U list_itemrH���h.}rI���(h0]h1]h2]h3]h5]uh7Nh8h�h#]rJ���hK)ÅrK���}rL���(h(jG���h)jE���h*h+h,hOh.}rM���(h0]h1]h2]h3]h5]uh7K=h#]rN���hAXX���Create a list of partner servers on your home server using the Replication Control PanelrO���ÖÅrP���}rQ���(h(jG���h)jK���ubaubaubjD���)ÅrR���}rS���(h(X,���Create certificate files for the home serverrT���h)j;���h*h+h,jH���h.}rU���(h0]h1]h2]h3]h5]uh7Nh8h�h#]rV���hK)ÅrW���}rX���(h(jT���h)jR���h*h+h,hOh.}rY���(h0]h1]h2]h3]h5]uh7K>h#]rZ���hAX,���Create certificate files for the home serverr[���ÖÅr\���}r]���(h(jT���h)jW���ubaubaubjD���)År^���}r_���(h(X/���Create certificate files for the partner serverr`���h)j;���h*h+h,jH���h.}ra���(h0]h1]h2]h3]h5]uh7Nh8h�h#]rb���hK)Årc���}rd���(h(j`���h)j^���h*h+h,hOh.}re���(h0]h1]h2]h3]h5]uh7K?h#]rf���hAX/���Create certificate files for the partner serverrg���ÖÅrh���}ri���(h(j`���h)jc���ubaubaubjD���)Årj���}rk���(h(X3���Import partner certificate files to the home serverrl���h)j;���h*h+h,jH���h.}rm���(h0]h1]h2]h3]h5]uh7Nh8h�h#]rn���hK)Åro���}rp���(h(jl���h)jj���h*h+h,hOh.}rq���(h0]h1]h2]h3]h5]uh7K@h#]rr���hAX3���Import partner certificate files to the home serverrs���ÖÅrt���}ru���(h(jl���h)jo���ubaubaubjD���)Årv���}rw���(h(X-���Import home certificate to the partner serverrx���h)j;���h*h+h,jH���h.}ry���(h0]h1]h2]h3]h5]uh7Nh8h�h#]rz���hK)År{���}r|���(h(jx���h)jv���h*h+h,hOh.}r}���(h0]h1]h2]h3]h5]uh7KAh#]r~���hAX-���Import home certificate to the partner serverr���ÖÅrÄ���}rÅ���(h(jx���h)j{���ubaubaubjD���)ÅrÇ���}rÉ���(h(X����Update your Metacat database
h)j;���h*h+h,jH���h.}rÑ���(h0]h1]h2]h3]h5]uh7Nh8h�h#]rÖ���hK)ÅrÜ���}rá���(h(X����Update your Metacat databaserà���h)jÇ���h*h+h,hOh.}râ���(h0]h1]h2]h3]h5]uh7KBh#]rä���hAX����Update your Metacat databaserã���ÖÅrå���}rç���(h(jà���h)jÜ���ubaubaubeubhK)Åré���}rè���(h(X@���Each step is discussed in more detail in the following sections.rê���h)j$���h*h+h,hOh.}rë���(h0]h1]h2]h3]h5]uh7KDh8h�h#]rí���hAX@���Each step is discussed in more detail in the following sections.rì���ÖÅrî���}rï���(h(jê���h)jé���ubaubh%)Årñ���}ró���(h(U�h)j$���h*h+h,h-h.}rò���(h0]h1]h2]h3]rô���h�ah5]rö���h�auh7KGh8h�h#]rõ���(h:)Årú���}rù���(h(X#���Using the Replication Control Panelrû���h)jñ���h*h+h,h>h.}rü���(h0]h1]h2]h3]h5]uh7KGh8h�h#]r†���hAX#���Using the Replication Control Panelr°���ÖÅr¢���}r£���(h(jû���h)jú���ubaubhK)År§���}r•���(h(XÔ���To add, remove, or alter servers on your home server's Replication list, or to
activate and customize the Delta-T handler, use the Replication control panel,
which is accessed via the Metacat Administration interface at the following URL::h)jñ���h*h+h,hOh.}r¶���(h0]h1]h2]h3]h5]uh7KHh8h�h#]rß���hAXÓ���To add, remove, or alter servers on your home server's Replication list, or to
activate and customize the Delta-T handler, use the Replication control panel,
which is accessed via the Metacat Administration interface at the following URL:r®���ÖÅr©���}r™���(h(XÓ���To add, remove, or alter servers on your home server's Replication list, or to
activate and customize the Delta-T handler, use the Replication control panel,
which is accessed via the Metacat Administration interface at the following URL:h)j§���ubaubcdocutils.nodes
literal_block
r´���)År¨���}r≠���(h(X.���http://somehost.somelocation.edu/context/adminh)jñ���h*h+h,U
literal_blockrÆ���h.}rØ���(U xml:spacer∞���U�preserver±���h3]h2]h0]h1]h5]uh7KLh8h�h#]r≤���hAX.���http://somehost.somelocation.edu/context/adminr≥���ÖÅr¥���}rµ���(h(U�h)j¨���ubaubhK)År∂���}r∑���(h(X–���"http://somehost.somelocation.edu/context" should be replaced with the name
of your Metacat server and context (e.g., http://knb.ecoinformatics.org/knb/).
You must be logged in to Metacat as an administrator.h)jñ���h*h+h,hOh.}r∏���(h0]h1]h2]h3]h5]uh7KNh8h�h#]rπ���(hAX����"ÖÅr∫���}rª���(h(X����"h)j∂���ubcdocutils.nodes
reference
rº���)ÅrΩ���}ræ���(h(X(���http://somehost.somelocation.edu/contextrø���h.}r¿���(U�refurijø���h3]h2]h0]h1]h5]uh)j∂���h#]r¡���hAX(���http://somehost.somelocation.edu/contextr¬���ÖÅr√���}rƒ���(h(U�h)jΩ���ubah,U referencer≈���ubhAXM���" should be replaced with the name
of your Metacat server and context (e.g., r∆���ÖÅr«���}r»���(h(XM���" should be replaced with the name
of your Metacat server and context (e.g., h)j∂���ubjº���)År…���}r ���(h(X"���http://knb.ecoinformatics.org/knb/rÀ���h.}rÃ���(U�refurijÀ���h3]h2]h0]h1]h5]uh)j∂���h#]rÕ���hAX"���http://knb.ecoinformatics.org/knb/rŒ���ÖÅrœ���}r–���(h(U�h)j…���ubah,j≈���ubhAX8���).
You must be logged in to Metacat as an administrator.r—���ÖÅr“���}r”���(h(X8���).
You must be logged in to Metacat as an administrator.h)j∂���ubeubhm)År‘���}r’���(h(U�h)jñ���h*h+h,hph.}r÷���(hrX����centerh3]r◊���U�id2rÿ���ah2]h0]h1]h5]uh7Nh8h�h#]rŸ���(hv)År⁄���}r€���(h(X]���.. figure:: images/screenshots/image061.jpg
:align: center
Replication control panel.
h.}r‹���(U�uriX����images/screenshots/image061.jpgr›���h3]h2]h0]h1]h{}rfi���U�*j›���sh5]uh)j‘���h#]h,h}ubh~)Årfl���}r‡���(h(X����Replication control panel.r·���h)j‘���h*h+h,hÇh.}r‚���(h0]h1]h2]h3]h5]uh7KUh#]r„���hAX����Replication control panel.r‰���ÖÅrÂ���}rÊ���(h(j·���h)jfl���ubaubeubhK)ÅrÁ���}rË���(h(XÍ���Note that currently, you cannot use the Replication Control Panel to remove a
server after a replication has occurred. To stop replication between two servers,
update the flags that control whether metadata and/or data are replicated.r���h)j�h*h+h,hOh.}r���(h0]h1]h2]h3]h5]uh7KWh8h�h#]r���hAX���Note that currently, you cannot use the Replication Control Panel to remove a
server after a replication has occurred. To stop replication between two servers,
update the flags that control whether metadata and/or data are replicated.rÏ���ÖÅrÌ���}rÓ���(h(jÈ���h)jÁ���ubaubeubh%)ÅrÔ���}r���(h(U�h)j$���h*h+h,h-h.}rÒ���(h0]h1]h2]h3]rÚ���h"ah5]rÛ���h�auh7K\h8h�h#]rÙ���(h:)Årı���}rˆ���(h(X/���Generating and Exchanging Security Certificatesr˜���h)jÔ���h*h+h,h>h.}r¯���(h0]h1]h2]h3]h5]uh7K\h8h�h#]r˘���hAX/���Generating and Exchanging Security Certificatesr˙���ÖÅr˚���}r¸���(h(j˜���h)jı���ubaubhK)År˝���}r˛���(h(Xˆ���Before you can take advantage of Metacat's replication feature, you must
generate security certificates on both the replication partner and home servers.
Depending on how the certificates are generated, the certificates may need to be
exchanged so that each machine "trusts" that the other has replication access.
Certificates that are purchased from a commercial and well-recognized
Certificate Authority do not need to be exchanged with the other replication
partner before replication takes place. Metacat replication relies on SSL with
client certificate authentication enabled. When a replication partner server
communicates with another replication partner, it presents a certificate that
serves to verify and authenticate that the server is trusted.rˇ���h)jÔ���h*h+h,hOh.}r����(h0]h1]h2]h3]h5]uh7K]h8h�h#]r����hAXˆ���Before you can take advantage of Metacat's replication feature, you must
generate security certificates on both the replication partner and home servers.
Depending on how the certificates are generated, the certificates may need to be
exchanged so that each machine "trusts" that the other has replication access.
Certificates that are purchased from a commercial and well-recognized
Certificate Authority do not need to be exchanged with the other replication
partner before replication takes place. Metacat replication relies on SSL with
client certificate authentication enabled. When a replication partner server
communicates with another replication partner, it presents a certificate that
serves to verify and authenticate that the server is trusted.r����ÖÅr����}r����(h(jˇ���h)j˝���ubaubhK)År����}r����(h(X∆���If you must generate a self-signed certificate, the partner replication server
will need that public certificate (or the certificate of the signing CA) added
to its existing Certificate Authorities.r����h)jÔ���h*h+h,hOh.}r����(h0]h1]h2]h3]h5]uh7Khh8h�h#]r ���hAX∆���If you must generate a self-signed certificate, the partner replication server
will need that public certificate (or the certificate of the signing CA) added
to its existing Certificate Authorities.r
���ÖÅr����}r����(h(j����h)j����ubaubh%)År
���}r����(h(U�h)jÔ���h*h+h,h-h.}r����(h0]h1]h2]h3]r����h�ah5]r����h auh7Kmh8h�h#]r����(h:)År����}r����(h(X=���Generate Certificates for Metacat running under Apache/Tomcatr����h)j
���h*h+h,h>h.}r����(h0]h1]h2]h3]h5]uh7Kmh8h�h#]r����hAX=���Generate Certificates for Metacat running under Apache/Tomcatr����ÖÅr����}r����(h(j����h)j����ubaubhK)År����}r����(h(X1���Note: Instructions are for Ubuntu/Debian systems.r����h)j
���h*h+h,hOh.}r����(h0]h1]h2]h3]h5]uh7Knh8h�h#]r����hAX1���Note: Instructions are for Ubuntu/Debian systems.r ���ÖÅr!���}r"���(h(j����h)j����ubaubj:���)År#���}r$���(h(U�h)j
���h*h+h,j=���h.}r%���(j?���U�.h3]h2]h0]j@���U�h1]h5]jA���jB���uh7Kph8h�h#]r&���(jD���)År'���}r(���(h(Xï ��Generate a private key using openssl. The key will be named
``<hostname>-apache.key``, where ``<hostname>`` is the name of your Metacat
server. Example values for the individual key fields are included in the
table below.
::
openssl req -new -out REQ.pem -keyout <hostname>-apache.key
+--------------------------+-------------------------------------------------------------------------+
| Key Field | Description and Example Value |
+==========================+=========================================================================+
| Country Name | Two letter country code (e.g., US) |
+--------------------------+-------------------------------------------------------------------------+
| State or Province Name | The name of your state or province spelled in full (e.g., California) |
+--------------------------+-------------------------------------------------------------------------+
| Locality Name | The name of your city (e.g., Santa Barbara) |
+--------------------------+-------------------------------------------------------------------------+
| Organization Name | The company or organization name (e.g., UCSB) |
+--------------------------+-------------------------------------------------------------------------+
| Organizational Unit Name | The department or section name (e.g., NCEAS) |
+--------------------------+-------------------------------------------------------------------------+
| Common Name | The host server name without port numbers (e.g., myserver.mydomain.edu) |
+--------------------------+-------------------------------------------------------------------------+
| Email Address | Administrator's contact email (e.g., administrator@mydomain.edu) |
+--------------------------+-------------------------------------------------------------------------+
| A challenge password | --leave this field blank-- |
+--------------------------+-------------------------------------------------------------------------+
| An optional company name | --leave this field blank-- |
+--------------------------+-------------------------------------------------------------------------+
h)j#���h*h+h,jH���h.}r)���(h0]h1]h2]h3]h5]uh7Nh8h�h#]r*���(hK)År+���}r,���(h(X›���Generate a private key using openssl. The key will be named
``<hostname>-apache.key``, where ``<hostname>`` is the name of your Metacat
server. Example values for the individual key fields are included in the
table below.h)j'���h*h+h,hOh.}r-���(h0]h1]h2]h3]h5]uh7Kph#]r.���(hAX<���Generate a private key using openssl. The key will be named
r/���ÖÅr0���}r1���(h(X<���Generate a private key using openssl. The key will be named
h)j+���ubcdocutils.nodes
literal
r2���)År3���}r4���(h(X����``<hostname>-apache.key``h.}r5���(h0]h1]h2]h3]h5]uh)j+���h#]r6���hAX����<hostname>-apache.keyr7���ÖÅr8���}r9���(h(U�h)j3���ubah,U�literalr:���ubhAX����, where r;���ÖÅr<���}r=���(h(X����, where h)j+���ubj2���)År>���}r?���(h(X����``<hostname>``h.}r@���(h0]h1]h2]h3]h5]uh)j+���h#]rA���hAX
���<hostname>rB���ÖÅrC���}rD���(h(U�h)j>���ubah,j:���ubhAXr��� is the name of your Metacat
server. Example values for the individual key fields are included in the
table below.rE���ÖÅrF���}rG���(h(Xr��� is the name of your Metacat
server. Example values for the individual key fields are included in the
table below.h)j+���ubeubj´���)ÅrH���}rI���(h(X;���openssl req -new -out REQ.pem -keyout <hostname>-apache.keyh)j'���h,jÆ���h.}rJ���(j∞���j±���h3]h2]h0]h1]h5]uh7Kwh#]rK���hAX;���openssl req -new -out REQ.pem -keyout <hostname>-apache.keyrL���ÖÅrM���}rN���(h(U�h)jH���ubaubhê)ÅrO���}rP���(h(U�h.}rQ���(h0]h1]h2]h3]h5]uh)j'���h#]rR���hñ)ÅrS���}rT���(h(U�h.}rU���(h3]h2]h0]h1]h5]U�colsK�uh)jO���h#]rV���(hõ)ÅrW���}rX���(h(U�h.}rY���(h3]h2]h0]h1]h5]U�colwidthK�uh)jS���h#]h,hüubhõ)ÅrZ���}r[���(h(U�h.}r\���(h3]h2]h0]h1]h5]U�colwidthKIuh)jS���h#]h,hüubh£)År]���}r^���(h(U�h.}r_���(h0]h1]h2]h3]h5]uh)jS���h#]r`���h®)Åra���}rb���(h(U�h.}rc���(h0]h1]h2]h3]h5]uh)j]���h#]rd���(h≠)Åre���}rf���(h(U�h.}rg���(h0]h1]h2]h3]h5]uh)ja���h#]rh���hK)Åri���}rj���(h(X ���Key Fieldrk���h)je���h*h+h,hOh.}rl���(h0]h1]h2]h3]h5]uh7Kzh#]rm���hAX ���Key Fieldrn���ÖÅro���}rp���(h(jk���h)ji���ubaubah,h∫ubh≠)Årq���}rr���(h(U�h.}rs���(h0]h1]h2]h3]h5]uh)ja���h#]rt���hK)Åru���}rv���(h(X����Description and Example Valuerw���h)jq���h*h+h,hOh.}rx���(h0]h1]h2]h3]h5]uh7Kzh#]ry���hAX����Description and Example Valuerz���ÖÅr{���}r|���(h(jw���h)ju���ubaubah,h∫ubeh,h«ubah,h»ubh…)År}���}r~���(h(U�h.}r���(h0]h1]h2]h3]h5]uh)jS���h#]rÄ���(h®)ÅrÅ���}rÇ���(h(U�h.}rÉ���(h0]h1]h2]h3]h5]uh)j}���h#]rÑ���(h≠)ÅrÖ���}rÜ���(h(U�h.}rá���(h0]h1]h2]h3]h5]uh)jÅ���h#]rà���hK)Årâ���}rä���(h(X����Country Namerã���h)jÖ���h*h+h,hOh.}rå���(h0]h1]h2]h3]h5]uh7K|h#]rç���hAX����Country Nameré���ÖÅrè���}rê���(h(jã���h)jâ���ubaubah,h∫ubh≠)Årë���}rí���(h(U�h.}rì���(h0]h1]h2]h3]h5]uh)jÅ���h#]rî���hK)Årï���}rñ���(h(X#���Two letter country code (e.g., US)ró���h)jë���h*h+h,hOh.}rò���(h0]h1]h2]h3]h5]uh7K|h#]rô���hAX#���Two letter country code (e.g., US)rö���ÖÅrõ���}rú���(h(jó���h)jï���ubaubah,h∫ubeh,h«ubh®)Årù���}rû���(h(U�h.}rü���(h0]h1]h2]h3]h5]uh)j}���h#]r†���(h≠)År°���}r¢���(h(U�h.}r£���(h0]h1]h2]h3]h5]uh)jù���h#]r§���hK)År•���}r¶���(h(X����State or Province Namerß���h)j°���h*h+h,hOh.}r®���(h0]h1]h2]h3]h5]uh7K~h#]r©���hAX����State or Province Namer™���ÖÅr´���}r¨���(h(jß���h)j•���ubaubah,h∫ubh≠)År≠���}rÆ���(h(U�h.}rØ���(h0]h1]h2]h3]h5]uh)jù���h#]r∞���hK)År±���}r≤���(h(XE���The name of your state or province spelled in full (e.g., California)r≥���h)j≠���h*h+h,hOh.}r¥���(h0]h1]h2]h3]h5]uh7K~h#]rµ���hAXE���The name of your state or province spelled in full (e.g., California)r∂���ÖÅr∑���}r∏���(h(j≥���h)j±���ubaubah,h∫ubeh,h«ubh®)Årπ���}r∫���(h(U�h.}rª���(h0]h1]h2]h3]h5]uh)j}���h#]rº���(h≠)ÅrΩ���}ræ���(h(U�h.}rø���(h0]h1]h2]h3]h5]uh)jπ���h#]r¿���hK)År¡���}r¬���(h(X
���Locality Namer√���h)jΩ���h*h+h,hOh.}rƒ���(h0]h1]h2]h3]h5]uh7KÄh#]r≈���hAX
���Locality Namer∆���ÖÅr«���}r»���(h(j√���h)j¡���ubaubah,h∫ubh≠)År…���}r ���(h(U�h.}rÀ���(h0]h1]h2]h3]h5]uh)jπ���h#]rÃ���hK)ÅrÕ���}rŒ���(h(X+���The name of your city (e.g., Santa Barbara)rœ���h)j…���h*h+h,hOh.}r–���(h0]h1]h2]h3]h5]uh7KÄh#]r—���hAX+���The name of your city (e.g., Santa Barbara)r“���ÖÅr”���}r‘���(h(jœ���h)jÕ���ubaubah,h∫ubeh,h«ubh®)År’���}r÷���(h(U�h.}r◊���(h0]h1]h2]h3]h5]uh)j}���h#]rÿ���(h≠)ÅrŸ���}r⁄���(h(U�h.}r€���(h0]h1]h2]h3]h5]uh)j’���h#]r‹���hK)År›���}rfi���(h(X����Organization Namerfl���h)jŸ���h*h+h,hOh.}r‡���(h0]h1]h2]h3]h5]uh7KÇh#]r·���hAX����Organization Namer‚���ÖÅr„���}r‰���(h(jfl���h)j›���ubaubah,h∫ubh≠)ÅrÂ���}rÊ���(h(U�h.}rÁ���(h0]h1]h2]h3]h5]uh)j’���h#]rË���hK)ÅrÈ���}rÍ���(h(X-���The company or organization name (e.g., UCSB)rÎ���h)jÂ���h*h+h,hOh.}rÏ���(h0]h1]h2]h3]h5]uh7KÇh#]rÌ���hAX-���The company or organization name (e.g., UCSB)rÓ���ÖÅrÔ���}r���(h(jÎ���h)jÈ���ubaubah,h∫ubeh,h«ubh®)ÅrÒ���}rÚ���(h(U�h.}rÛ���(h0]h1]h2]h3]h5]uh)j}���h#]rÙ���(h≠)Årı���}rˆ���(h(U�h.}r˜���(h0]h1]h2]h3]h5]uh)jÒ���h#]r¯���hK)År˘���}r˙���(h(X����Organizational Unit Namer˚���h)jı���h*h+h,hOh.}r¸���(h0]h1]h2]h3]h5]uh7KÑh#]r˝���hAX����Organizational Unit Namer˛���ÖÅrˇ���}r����(h(j˚���h)j˘���ubaubah,h∫ubh≠)År����}r����(h(U�h.}r����(h0]h1]h2]h3]h5]uh)jÒ���h#]r����hK)År����}r����(h(X,���The department or section name (e.g., NCEAS)r����h)j����h*h+h,hOh.}r����(h0]h1]h2]h3]h5]uh7KÑh#]r ���hAX,���The department or section name (e.g., NCEAS)r
���ÖÅr����}r����(h(j����h)j����ubaubah,h∫ubeh,h«ubh®)År
���}r����(h(U�h.}r����(h0]h1]h2]h3]h5]uh)j}���h#]r����(h≠)År����}r����(h(U�h.}r����(h0]h1]h2]h3]h5]uh)j
���h#]r����hK)År����}r����(h(X����Common Namer����h)j����h*h+h,hOh.}r����(h0]h1]h2]h3]h5]uh7KÜh#]r����hAX����Common Namer����ÖÅr����}r����(h(j����h)j����ubaubah,h∫ubh≠)År����}r����(h(U�h.}r����(h0]h1]h2]h3]h5]uh)j
���h#]r ���hK)År!���}r"���(h(XG���The host server name without port numbers (e.g., myserver.mydomain.edu)r#���h)j����h*h+h,hOh.}r$���(h0]h1]h2]h3]h5]uh7KÜh#]r%���hAXG���The host server name without port numbers (e.g., myserver.mydomain.edu)r&���ÖÅr'���}r(���(h(j#���h)j!���ubaubah,h∫ubeh,h«ubh®)År)���}r*���(h(U�h.}r+���(h0]h1]h2]h3]h5]uh)j}���h#]r,���(h≠)År-���}r.���(h(U�h.}r/���(h0]h1]h2]h3]h5]uh)j)���h#]r0���hK)År1���}r2���(h(X
���Email Addressr3���h)j-���h*h+h,hOh.}r4���(h0]h1]h2]h3]h5]uh7Kàh#]r5���hAX
���Email Addressr6���ÖÅr7���}r8���(h(j3���h)j1���ubaubah,h∫ubh≠)År9���}r:���(h(U�h.}r;���(h0]h1]h2]h3]h5]uh)j)���h#]r<���hK)År=���}r>���(h(X@���Administrator's contact email (e.g., administrator@mydomain.edu)h)j9���h*h+h,hOh.}r?���(h0]h1]h2]h3]h5]uh7Kàh#]r@���(hAX%���Administrator's contact email (e.g., rA���ÖÅrB���}rC���(h(X%���Administrator's contact email (e.g., h)j=���ubjº���)ÅrD���}rE���(h(X����administrator@mydomain.eduh.}rF���(U�refuriX!���mailto:administrator@mydomain.eduh3]h2]h0]h1]h5]uh)j=���h#]rG���hAX����administrator@mydomain.edurH���ÖÅrI���}rJ���(h(U�h)jD���ubah,j≈���ubhAX����)ÖÅrK���}rL���(h(X����)h)j=���ubeubah,h∫ubeh,h«ubh®)ÅrM���}rN���(h(U�h.}rO���(h0]h1]h2]h3]h5]uh)j}���h#]rP���(h≠)ÅrQ���}rR���(h(U�h.}rS���(h0]h1]h2]h3]h5]uh)jM���h#]rT���hK)ÅrU���}rV���(h(X����A challenge passwordrW���h)jQ���h*h+h,hOh.}rX���(h0]h1]h2]h3]h5]uh7Käh#]rY���hAX����A challenge passwordrZ���ÖÅr[���}r\���(h(jW���h)jU���ubaubah,h∫ubh≠)År]���}r^���(h(U�h.}r_���(h0]h1]h2]h3]h5]uh)jM���h#]r`���hK)Åra���}rb���(h(X����--leave this field blank--rc���h)j]���h*h+h,hOh.}rd���(h0]h1]h2]h3]h5]uh7Käh#]re���hAX����--leave this field blank--rf���ÖÅrg���}rh���(h(jc���h)ja���ubaubah,h∫ubeh,h«ubh®)Åri���}rj���(h(U�h.}rk���(h0]h1]h2]h3]h5]uh)j}���h#]rl���(h≠)Årm���}rn���(h(U�h.}ro���(h0]h1]h2]h3]h5]uh)ji���h#]rp���hK)Årq���}rr���(h(X����An optional company namers���h)jm���h*h+h,hOh.}rt���(h0]h1]h2]h3]h5]uh7Kåh#]ru���hAX����An optional company namerv���ÖÅrw���}rx���(h(js���h)jq���ubaubah,h∫ubh≠)Åry���}rz���(h(U�h.}r{���(h0]h1]h2]h3]h5]uh)ji���h#]r|���hK)År}���}r~���(h(X����--leave this field blank--r���h)jy���h*h+h,hOh.}rÄ���(h0]h1]h2]h3]h5]uh7Kåh#]rÅ���hAX����--leave this field blank--rÇ���ÖÅrÉ���}rÑ���(h(j���h)j}���ubaubah,h∫ubeh,h«ubeh,j"���ubeh,j#���ubah,hìubeubjD���)ÅrÖ���}rÜ���(h(Xä���Create the local certificate file by running the command:
::
openssl req -x509 -days 800 -in REQ.pem -key <hostname>-apache.key -out <hostname>-apache.crt
Use the same ``<hostname>`` you used when you generated the key. A file named
``<hostname>-apache.crt`` will be created in the directory from which you
ran the openssl command. Note: You can name the certificate file anything
you'd like, but keep in mind that the file will be sent to the partner
machine used for replication. The certificate name should have enough
meaning that someone who sees it on that machine can figure out where it
came from and for what purpose it should be used.
h)j#���h*h+h,jH���h.}rá���(h0]h1]h2]h3]h5]uh7Nh8h�h#]rà���(hK)Årâ���}rä���(h(X9���Create the local certificate file by running the command:rã���h)jÖ���h*h+h,hOh.}rå���(h0]h1]h2]h3]h5]uh7Kèh#]rç���hAX9���Create the local certificate file by running the command:ré���ÖÅrè���}rê���(h(jã���h)jâ���ubaubj´���)Årë���}rí���(h(X]���openssl req -x509 -days 800 -in REQ.pem -key <hostname>-apache.key -out <hostname>-apache.crth)jÖ���h,jÆ���h.}rì���(j∞���j±���h3]h2]h0]h1]h5]uh7Kìh#]rî���hAX]���openssl req -x509 -days 800 -in REQ.pem -key <hostname>-apache.key -out <hostname>-apache.crtrï���ÖÅrñ���}ró���(h(U�h)jë���ubaubhK)Årò���}rô���(h(XÈ���Use the same ``<hostname>`` you used when you generated the key. A file named
``<hostname>-apache.crt`` will be created in the directory from which you
ran the openssl command. Note: You can name the certificate file anything
you'd like, but keep in mind that the file will be sent to the partner
machine used for replication. The certificate name should have enough
meaning that someone who sees it on that machine can figure out where it
came from and for what purpose it should be used.h)jÖ���h*h+h,hOh.}rö���(h0]h1]h2]h3]h5]uh7Kïh#]rõ���(hAX
���Use the same rú���ÖÅrù���}rû���(h(X
���Use the same h)jò���ubj2���)Årü���}r†���(h(X����``<hostname>``h.}r°���(h0]h1]h2]h3]h5]uh)jò���h#]r¢���hAX
���<hostname>r£���ÖÅr§���}r•���(h(U�h)jü���ubah,j:���ubhAX3��� you used when you generated the key. A file named
r¶���ÖÅrß���}r®���(h(X3��� you used when you generated the key. A file named
h)jò���ubj2���)År©���}r™���(h(X����``<hostname>-apache.crt``h.}r´���(h0]h1]h2]h3]h5]uh)jò���h#]r¨���hAX����<hostname>-apache.crtr≠���ÖÅrÆ���}rØ���(h(U�h)j©���ubah,j:���ubhAXÇ��� will be created in the directory from which you
ran the openssl command. Note: You can name the certificate file anything
you'd like, but keep in mind that the file will be sent to the partner
machine used for replication. The certificate name should have enough
meaning that someone who sees it on that machine can figure out where it
came from and for what purpose it should be used.r∞���ÖÅr±���}r≤���(h(XÇ��� will be created in the directory from which you
ran the openssl command. Note: You can name the certificate file anything
you'd like, but keep in mind that the file will be sent to the partner
machine used for replication. The certificate name should have enough
meaning that someone who sees it on that machine can figure out where it
came from and for what purpose it should be used.h)jò���ubeubeubjD���)År≥���}r¥���(h(XÔ���Enter the certificate into Apache's security configuration. This will
be used to identify your server to a replication partner. You must
register the certificate in the local Apache instance. Note that the
security files may be in a different directory from the one used in the
instructions depending on how you installed Apache. Copy the certificate and
key file using the following commands:
::
sudo cp <hostname>-apache.crt /etc/ssl/certs
sudo cp <hostname>-apache.key /etc/ssl/private
h)j#���h*h+h,jH���h.}rµ���(h0]h1]h2]h3]h5]uh7Nh8h�h#]r∂���(hK)År∑���}r∏���(h(Xâ���Enter the certificate into Apache's security configuration. This will
be used to identify your server to a replication partner. You must
register the certificate in the local Apache instance. Note that the
security files may be in a different directory from the one used in the
instructions depending on how you installed Apache. Copy the certificate and
key file using the following commands:rπ���h)j≥���h*h+h,hOh.}r∫���(h0]h1]h2]h3]h5]uh7Kùh#]rª���hAXâ���Enter the certificate into Apache's security configuration. This will
be used to identify your server to a replication partner. You must
register the certificate in the local Apache instance. Note that the
security files may be in a different directory from the one used in the
instructions depending on how you installed Apache. Copy the certificate and
key file using the following commands:rº���ÖÅrΩ���}ræ���(h(jπ���h)j∑���ubaubj´���)Årø���}r¿���(h(X[���sudo cp <hostname>-apache.crt /etc/ssl/certs
sudo cp <hostname>-apache.key /etc/ssl/privateh)j≥���h,jÆ���h.}r¡���(j∞���j±���h3]h2]h0]h1]h5]uh7K¶h#]r¬���hAX[���sudo cp <hostname>-apache.crt /etc/ssl/certs
sudo cp <hostname>-apache.key /etc/ssl/privater√���ÖÅrƒ���}r≈���(h(U�h)jø���ubaubeubjD���)År∆���}r«���(h(Xµ���Apache needs to be configured to request a client certificate when the
replication API is utilized. The helper file named "metacat-site-ssl.conf" has default
rules that configure Apache for SSL and client certificate authentication.
Set up these SSL settings by copying the metacat-site-ssl.conf file into the ``sites-available``
directory, editing pertinent values to match your system and running
``a2ensite`` to enable the site. (Note: some settings in metacat-site-ssl.conf need to be
changed to match the specifics of your system and Metacat deployment.)
::
sudo cp <metacat_helper_dir>/metacat-site-ssl.conf <apache_install_dir>/sites-available
sudo a2ensite metacat-site-ssl.conf
h)j#���h*h+h,jH���h.}r»���(h0]h1]h2]h3]h5]uh7Nh8h�h#]r…���(hK)År ���}rÀ���(h(X/���Apache needs to be configured to request a client certificate when the
replication API is utilized. The helper file named "metacat-site-ssl.conf" has default
rules that configure Apache for SSL and client certificate authentication.
Set up these SSL settings by copying the metacat-site-ssl.conf file into the ``sites-available``
directory, editing pertinent values to match your system and running
``a2ensite`` to enable the site. (Note: some settings in metacat-site-ssl.conf need to be
changed to match the specifics of your system and Metacat deployment.)h)j∆���h*h+h,hOh.}rÃ���(h0]h1]h2]h3]h5]uh7K©h#]rÕ���(hAX6���Apache needs to be configured to request a client certificate when the
replication API is utilized. The helper file named "metacat-site-ssl.conf" has default
rules that configure Apache for SSL and client certificate authentication.
Set up these SSL settings by copying the metacat-site-ssl.conf file into the rŒ���ÖÅrœ���}r–���(h(X6���Apache needs to be configured to request a client certificate when the
replication API is utilized. The helper file named "metacat-site-ssl.conf" has default
rules that configure Apache for SSL and client certificate authentication.
Set up these SSL settings by copying the metacat-site-ssl.conf file into the h)j ���ubj2���)År—���}r“���(h(X����``sites-available``h.}r”���(h0]h1]h2]h3]h5]uh)j ���h#]r‘���hAX����sites-availabler’���ÖÅr÷���}r◊���(h(U�h)j—���ubah,j:���ubhAXF���
directory, editing pertinent values to match your system and running
rÿ���ÖÅrŸ���}r⁄���(h(XF���
directory, editing pertinent values to match your system and running
h)j ���ubj2���)År€���}r‹���(h(X����``a2ensite``h.}r›���(h0]h1]h2]h3]h5]uh)j ���h#]rfi���hAX����a2ensiterfl���ÖÅr‡���}r·���(h(U�h)j€���ubah,j:���ubhAXî��� to enable the site. (Note: some settings in metacat-site-ssl.conf need to be
changed to match the specifics of your system and Metacat deployment.)r‚���ÖÅr„���}r‰���(h(Xî��� to enable the site. (Note: some settings in metacat-site-ssl.conf need to be
changed to match the specifics of your system and Metacat deployment.)h)j ���ubeubj´���)ÅrÂ���}rÊ���(h(X{���sudo cp <metacat_helper_dir>/metacat-site-ssl.conf <apache_install_dir>/sites-available
sudo a2ensite metacat-site-ssl.confh)j∆���h,jÆ���h.}rÁ���(j∞���j±���h3]h2]h0]h1]h5]uh7K≥h#]rË���hAX{���sudo cp <metacat_helper_dir>/metacat-site-ssl.conf <apache_install_dir>/sites-available
sudo a2ensite metacat-site-ssl.confrÈ���ÖÅrÍ���}rÎ���(h(U�h)jÂ���ubaubeubjD���)ÅrÏ���}rÌ���(h(X/���Enable the ssl module:
::
sudo a2enmod ssl
h)j#���h*h+h,jH���h.}rÓ���(h0]h1]h2]h3]h5]uh7Nh8h�h#]rÔ���(hK)År���}rÒ���(h(X����Enable the ssl module:rÚ���h)jÏ���h*h+h,hOh.}rÛ���(h0]h1]h2]h3]h5]uh7K∂h#]rÙ���hAX����Enable the ssl module:rı���ÖÅrˆ���}r˜���(h(jÚ���h)j���ubaubj´���)År¯���}r˘���(h(X����sudo a2enmod sslh)jÏ���h,jÆ���h.}r˙���(j∞���j±���h3]h2]h0]h1]h5]uh7K∫h#]r˚���hAX����sudo a2enmod sslr¸���ÖÅr˝���}r˛���(h(U�h)j¯���ubaubeubjD���)Årˇ���}r����(h(XV���Restart Apache to bring in changes by typing:
::
sudo /etc/init.d/apache2 restart
h)j#���h*h+h,jH���h.}r����(h0]h1]h2]h3]h5]uh7Nh8h�h#]r����(hK)År����}r����(h(X-���Restart Apache to bring in changes by typing:r����h)jˇ���h*h+h,hOh.}r����(h0]h1]h2]h3]h5]uh7Kºh#]r����hAX-���Restart Apache to bring in changes by typing:r����ÖÅr ���}r
���(h(j����h)j����ubaubj´���)År����}r����(h(X ���sudo /etc/init.d/apache2 restarth)jˇ���h,jÆ���h.}r
���(j∞���j±���h3]h2]h0]h1]h5]uh7K¿h#]r����hAX ���sudo /etc/init.d/apache2 restartr����ÖÅr����}r����(h(U�h)j����ubaubeubjD���)År����}r����(h(X§���If using a self-signed certificate, SCP ``<hostname>-apache.crt`` to the
replication partner machine where it will be added as an additional
Certificate Authority.
h)j#���h*h+h,jH���h.}r����(h0]h1]h2]h3]h5]uh7Nh8h�h#]r����hK)År����}r����(h(X£���If using a self-signed certificate, SCP ``<hostname>-apache.crt`` to the
replication partner machine where it will be added as an additional
Certificate Authority.h)j����h*h+h,hOh.}r����(h0]h1]h2]h3]h5]uh7K¬h#]r����(hAX(���If using a self-signed certificate, SCP r����ÖÅr����}r����(h(X(���If using a self-signed certificate, SCP h)j����ubj2���)År����}r����(h(X����``<hostname>-apache.crt``h.}r����(h0]h1]h2]h3]h5]uh)j����h#]r ���hAX����<hostname>-apache.crtr!���ÖÅr"���}r#���(h(U�h)j����ubah,j:���ubhAXb��� to the
replication partner machine where it will be added as an additional
Certificate Authority.r$���ÖÅr%���}r&���(h(Xb��� to the
replication partner machine where it will be added as an additional
Certificate Authority.h)j����ubeubaubeubhK)År'���}r(���(h(X����If using self-signed certificates, after you have created and SCP'd a
certificate file to each replication partner, and received a certificate file
from each partner in return, both home and partner servers must add the
respective partner certificates as Certificate Authorities.r)���h)j
���h*h+h,hOh.}r*���(h0]h1]h2]h3]h5]uh7K∆h8h�h#]r+���hAX����If using self-signed certificates, after you have created and SCP'd a
certificate file to each replication partner, and received a certificate file
from each partner in return, both home and partner servers must add the
respective partner certificates as Certificate Authorities.r,���ÖÅr-���}r.���(h(j)���h)j'���ubaubeubh%)År/���}r0���(h(U�h)jÔ���h*h+h,h-h.}r1���(h0]h1]h2]h3]r2���h!ah5]r3���h�auh7KÕh8h�h#]r4���(h:)År5���}r6���(h(X����To import a certificater7���h)j/���h*h+h,h>h.}r8���(h0]h1]h2]h3]h5]uh7KÕh8h�h#]r9���hAX����To import a certificater:���ÖÅr;���}r<���(h(j7���h)j5���ubaubj:���)År=���}r>���(h(U�h)j/���h*h+h,j=���h.}r?���(j?���U�.h3]h2]h0]j@���U�h1]h5]jA���jB���uh7KŒh8h�h#]r@���(jD���)ÅrA���}rB���(h(XV���Copy it into the Apache directory
::
sudo cp <remotehostfilename> /etc/ssl/certs/
h)j=���h*h+h,jH���h.}rC���(h0]h1]h2]h3]h5]uh7Nh8h�h#]rD���(hK)ÅrE���}rF���(h(X!���Copy it into the Apache directoryrG���h)jA���h*h+h,hOh.}rH���(h0]h1]h2]h3]h5]uh7KŒh#]rI���hAX!���Copy it into the Apache directoryrJ���ÖÅrK���}rL���(h(jG���h)jE���ubaubj´���)ÅrM���}rN���(h(X,���sudo cp <remotehostfilename> /etc/ssl/certs/h)jA���h,jÆ���h.}rO���(j∞���j±���h3]h2]h0]h1]h5]uh7K“h#]rP���hAX,���sudo cp <remotehostfilename> /etc/ssl/certs/rQ���ÖÅrR���}rS���(h(U�h)jM���ubaubeubjD���)ÅrT���}rU���(h(XÊ���Rehash the certificates for Apache by running:
::
cd /etc/ssl/certs
sudo c_rehash
where the ``<remotehostfilename>`` is the name of the certificate file
created on the remote partner machine and SCP'd to the home machine.
h)j=���h*h+h,jH���h.}rV���(h0]h1]h2]h3]h5]uh7Nh8h�h#]rW���(hK)ÅrX���}rY���(h(X.���Rehash the certificates for Apache by running:rZ���h)jT���h*h+h,hOh.}r[���(h0]h1]h2]h3]h5]uh7K‘h#]r\���hAX.���Rehash the certificates for Apache by running:r]���ÖÅr^���}r_���(h(jZ���h)jX���ubaubj´���)År`���}ra���(h(X����cd /etc/ssl/certs
sudo c_rehashh)jT���h,jÆ���h.}rb���(j∞���j±���h3]h2]h0]h1]h5]uh7Kÿh#]rc���hAX����cd /etc/ssl/certs
sudo c_rehashrd���ÖÅre���}rf���(h(U�h)j`���ubaubhK)Årg���}rh���(h(Xã���where the ``<remotehostfilename>`` is the name of the certificate file
created on the remote partner machine and SCP'd to the home machine.h)jT���h*h+h,hOh.}ri���(h0]h1]h2]h3]h5]uh7K‹h#]rj���(hAX
���where the rk���ÖÅrl���}rm���(h(X
���where the h)jg���ubj2���)Årn���}ro���(h(X����``<remotehostfilename>``h.}rp���(h0]h1]h2]h3]h5]uh)jg���h#]rq���hAX����<remotehostfilename>rr���ÖÅrs���}rt���(h(U�h)jn���ubah,j:���ubhAXi��� is the name of the certificate file
created on the remote partner machine and SCP'd to the home machine.ru���ÖÅrv���}rw���(h(Xi��� is the name of the certificate file
created on the remote partner machine and SCP'd to the home machine.h)jg���ubeubeubeubeubh%)Årx���}ry���(h(U�h)jÔ���h*h+h,h-h.}rz���(h0]h1]h2]h3]r{���h ah5]r|���h
auh7K‡h8h�h#]r}���(h:)År~���}r���(h(XI���To import a certificate into Java keystore (for self-signed certificates)rÄ���h)jx���h*h+h,h>h.}rÅ���(h0]h1]h2]h3]h5]uh7K‡h8h�h#]rÇ���hAXI���To import a certificate into Java keystore (for self-signed certificates)rÉ���ÖÅrÑ���}rÖ���(h(jÄ���h)j~���ubaubj:���)ÅrÜ���}rá���(h(U�h)jx���h*h+h,j=���h.}rà���(j?���U�.h3]h2]h0]j@���U�h1]h5]jA���jB���uh7K·h8h�h#]râ���(jD���)Årä���}rã���(h(Xπ���Use Java's keytool to import to the default Java keystore
::
sudo keytool -import -alias <remotehostname_alias> -file <remotehostfilename> -keystore $JAVA_HOME/lib/security/cacerts
h)jÜ���h*h+h,jH���h.}rå���(h0]h1]h2]h3]h5]uh7Nh8h�h#]rç���(hK)Åré���}rè���(h(X9���Use Java's keytool to import to the default Java keystorerê���h)jä���h*h+h,hOh.}rë���(h0]h1]h2]h3]h5]uh7K·h#]rí���hAX9���Use Java's keytool to import to the default Java keystorerì���ÖÅrî���}rï���(h(jê���h)jé���ubaubj´���)Årñ���}ró���(h(Xw���sudo keytool -import -alias <remotehostname_alias> -file <remotehostfilename> -keystore $JAVA_HOME/lib/security/cacertsh)jä���h,jÆ���h.}rò���(j∞���j±���h3]h2]h0]h1]h5]uh7KÂh#]rô���hAXw���sudo keytool -import -alias <remotehostname_alias> -file <remotehostfilename> -keystore $JAVA_HOME/lib/security/cacertsrö���ÖÅrõ���}rú���(h(U�h)jñ���ubaubeubjD���)Årù���}rû���(h(X†���Restart Tomcat
::
sudo /etc/init.d/tomcat7 restart
where the ``<remotehostfilename>`` is the name of the certificate file
created on the remote partner machine and SCP'd to the home machine and
<remotehostname_alias> is a short memorable alias for this certificate and
$JAVA_HOME is the same as configured for running Tomcat. NOTE: the cacerts path may be different
depending on your exact Java installation.
h)jÜ���h*h+h,jH���h.}rü���(h0]h1]h2]h3]h5]uh7Nh8h�h#]r†���(hK)År°���}r¢���(h(X����Restart Tomcatr£���h)jù���h*h+h,hOh.}r§���(h0]h1]h2]h3]h5]uh7KÁh#]r•���hAX����Restart Tomcatr¶���ÖÅrß���}r®���(h(j£���h)j°���ubaubj´���)År©���}r™���(h(X ���sudo /etc/init.d/tomcat7 restarth)jù���h,jÆ���h.}r´���(j∞���j±���h3]h2]h0]h1]h5]uh7KÎh#]r¨���hAX ���sudo /etc/init.d/tomcat7 restartr≠���ÖÅrÆ���}rØ���(h(U�h)j©���ubaubhK)År∞���}r±���(h(Xe���where the ``<remotehostfilename>`` is the name of the certificate file
created on the remote partner machine and SCP'd to the home machine and
<remotehostname_alias> is a short memorable alias for this certificate and
$JAVA_HOME is the same as configured for running Tomcat. NOTE: the cacerts path may be different
depending on your exact Java installation.h)jù���h*h+h,hOh.}r≤���(h0]h1]h2]h3]h5]uh7KÓh#]r≥���(hAX
���where the r¥���ÖÅrµ���}r∂���(h(X
���where the h)j∞���ubj2���)År∑���}r∏���(h(X����``<remotehostfilename>``h.}rπ���(h0]h1]h2]h3]h5]uh)j∞���h#]r∫���hAX����<remotehostfilename>rª���ÖÅrº���}rΩ���(h(U�h)j∑���ubah,j:���ubhAXC��� is the name of the certificate file
created on the remote partner machine and SCP'd to the home machine and
<remotehostname_alias> is a short memorable alias for this certificate and
$JAVA_HOME is the same as configured for running Tomcat. NOTE: the cacerts path may be different
depending on your exact Java installation.ræ���ÖÅrø���}r¿���(h(XC��� is the name of the certificate file
created on the remote partner machine and SCP'd to the home machine and
<remotehostname_alias> is a short memorable alias for this certificate and
$JAVA_HOME is the same as configured for running Tomcat. NOTE: the cacerts path may be different
depending on your exact Java installation.h)j∞���ubeubeubeubeubh%)År¡���}r¬���(h(U�h)jÔ���h*h+h,h-h.}r√���(h0]h1]h2]h3]rƒ���h�ah5]r≈���h�auh7Kˆh8h�h#]r∆���(h:)År«���}r»���(h(X����Update Metacat propertiesr…���h)j¡���h*h+h,h>h.}r ���(h0]h1]h2]h3]h5]uh7Kˆh8h�h#]rÀ���hAX����Update Metacat propertiesrÃ���ÖÅrÕ���}rŒ���(h(j…���h)j«���ubaubhK)Årœ���}r–���(h(X∫���Metacat needs to be configured with the path to both the server certificate and the private key.
1. Edit metacat.properties, modifying these properties to match your specific deployment.r—���h)j¡���h*h+h,hOh.}r“���(h0]h1]h2]h3]h5]uh7K˜h8h�h#]r”���hAX∫���Metacat needs to be configured with the path to both the server certificate and the private key.
1. Edit metacat.properties, modifying these properties to match your specific deployment.r‘���ÖÅr’���}r÷���(h(j—���h)jœ���ubaubcdocutils.nodes
block_quote
r◊���)Årÿ���}rŸ���(h(U�h)j¡���h*h+h,U�block_quoter⁄���h.}r€���(h0]h1]h2]h3]h5]uh7Nh8h�h#]r‹���j´���)År›���}rfi���(h(X ���replication.certificate.file=/etc/ssl/certs/<hostname>-apache.crt
replication.privatekey.file=/etc/ssl/private/<hostname>-apache.key
replication.privatekey.password=<password, or blank if not protected>h)jÿ���h,jÆ���h.}rfl���(j∞���j±���h3]h2]h0]h1]h5]uh7K¸h#]r‡���hAX ���replication.certificate.file=/etc/ssl/certs/<hostname>-apache.crt
replication.privatekey.file=/etc/ssl/private/<hostname>-apache.key
replication.privatekey.password=<password, or blank if not protected>r·���ÖÅr‚���}r„���(h(U�h)j›���ubaubaubeubeubh%)År‰���}rÂ���(h(U�h)j$���h*h+h,h-h.}rÊ���(h0]h1]h2]h3]rÁ���h�ah5]rË���h�auh7M��h8h�h#]rÈ���(h:)ÅrÍ���}rÎ���(h(X����Update your Metacat databaserÏ���h)j‰���h*h+h,h>h.}rÌ���(h0]h1]h2]h3]h5]uh7M��h8h�h#]rÓ���hAX����Update your Metacat databaserÔ���ÖÅr���}rÒ���(h(jÏ���h)jÍ���ubaubhK)ÅrÚ���}rÛ���(h(X”���The simplest way to update the Metacat database to use replication is to use
the Replication Control Panel. You can also update the database using SQL.
Instructions for both options are included in this section.rÙ���h)j‰���h*h+h,hOh.}rı���(h0]h1]h2]h3]h5]uh7M��h8h�h#]rˆ���hAX”���The simplest way to update the Metacat database to use replication is to use
the Replication Control Panel. You can also update the database using SQL.
Instructions for both options are included in this section.r˜���ÖÅr¯���}r˘���(h(jÙ���h)jÚ���ubaubhm)År˙���}r˚���(h(U�h)j‰���h*h+h,hph.}r¸���(hrX����centerh3]r˝���U�id3r˛���ah2]h0]h1]h5]uh7Nh8h�h#]rˇ���(hv)År����}r����(h(XÜ���.. figure:: images/screenshots/image063.jpg
:align: center
Using the Replication Control Panel to update the Metacat database.
h.}r����(U�uriX����images/screenshots/image063.jpgr����h3]h2]h0]h1]h{}r����U�*j����sh5]uh)j˙���h#]h,h}ubh~)År����}r����(h(XC���Using the Replication Control Panel to update the Metacat database.r����h)j˙���h*h+h,hÇh.}r����(h0]h1]h2]h3]h5]uh7M
�h#]r ���hAXC���Using the Replication Control Panel to update the Metacat database.r
���ÖÅr����}r����(h(j����h)j����ubaubeubhK)År
���}r����(h(X����To update your Metacat database to use replication, select the "Add this server"
radio button from the Replication Control Panel, enter the partner server name,
and specify how the replication should occur (whether to replicate xml, data,
or use the local machine as a hub).r����h)j‰���h*h+h,hOh.}r����(h0]h1]h2]h3]h5]uh7M��h8h�h#]r����hAX����To update your Metacat database to use replication, select the "Add this server"
radio button from the Replication Control Panel, enter the partner server name,
and specify how the replication should occur (whether to replicate xml, data,
or use the local machine as a hub).r����ÖÅr����}r����(h(j����h)j
���ubaubh%)År����}r����(h(U�h)j‰���h*h+h,h-h.}r����(h0]h1]h2]h3]r����h�ah5]r����h�auh7M��h8h�h#]r����(h:)År����}r����(h(X ���To update the database using SQLr����h)j����h*h+h,h>h.}r����(h0]h1]h2]h3]h5]uh7M��h8h�h#]r����hAX ���To update the database using SQLr ���ÖÅr!���}r"���(h(j����h)j����ubaubj:���)År#���}r$���(h(U�h)j����h*h+h,j=���h.}r%���(j?���U�.h3]h2]h0]j@���U�h1]h5]jA���jB���uh7M��h8h�h#]r&���(jD���)År'���}r(���(h(XF���Log in to the database
::
psql -U metacat -W -h localhost metacat
h)j#���h*h+h,jH���h.}r)���(h0]h1]h2]h3]h5]uh7Nh8h�h#]r*���(hK)År+���}r,���(h(X����Log in to the databaser-���h)j'���h*h+h,hOh.}r.���(h0]h1]h2]h3]h5]uh7M��h#]r/���hAX����Log in to the databaser0���ÖÅr1���}r2���(h(j-���h)j+���ubaubj´���)År3���}r4���(h(X'���psql -U metacat -W -h localhost metacath)j'���h,jÆ���h.}r5���(j∞���j±���h3]h2]h0]h1]h5]uh7M��h#]r6���hAX'���psql -U metacat -W -h localhost metacatr7���ÖÅr8���}r9���(h(U�h)j3���ubaubeubjD���)År:���}r;���(h(XQ���Select all rows from the replication table
::
select * from xml_replication;
h)j#���h*h+h,jH���h.}r<���(h0]h1]h2]h3]h5]uh7Nh8h�h#]r=���(hK)År>���}r?���(h(X*���Select all rows from the replication tabler@���h)j:���h*h+h,hOh.}rA���(h0]h1]h2]h3]h5]uh7M��h#]rB���hAX*���Select all rows from the replication tablerC���ÖÅrD���}rE���(h(j@���h)j>���ubaubj´���)ÅrF���}rG���(h(X����select * from xml_replication;h)j:���h,jÆ���h.}rH���(j∞���j±���h3]h2]h0]h1]h5]uh7M��h#]rI���hAX����select * from xml_replication;rJ���ÖÅrK���}rL���(h(U�h)jF���ubaubeubjD���)ÅrM���}rN���(h(XÖ���Insert the partner server.
::
INSERT INTO xml_replication (server,last_checked,replicate,datareplicate,hub) VALUES ('<partner.server/context>/servlet/replication',NULL,1,1,0);
Where ``<partner.server/context>`` is the name of the partner server and
context. The values 'NULL, 1,1,0' indicate (respectively) the last time
replication occurred, that XML docs should be replicated to the partner
server, that data files should be replicated to the partner server, and
that the local server should not act as a hub. Set a value of 'NULL,0,0,0'
if your Metacat is only receiving documents from the partner site and not
replicating to that site.
h)j#���h*h+h,jH���h.}rO���(h0]h1]h2]h3]h5]uh7Nh8h�h#]rP���(hK)ÅrQ���}rR���(h(X����Insert the partner server.rS���h)jM���h*h+h,hOh.}rT���(h0]h1]h2]h3]h5]uh7M �h#]rU���hAX����Insert the partner server.rV���ÖÅrW���}rX���(h(jS���h)jQ���ubaubj´���)ÅrY���}rZ���(h(Xë���INSERT INTO xml_replication (server,last_checked,replicate,datareplicate,hub) VALUES ('<partner.server/context>/servlet/replication',NULL,1,1,0);h)jM���h,jÆ���h.}r[���(j∞���j±���h3]h2]h0]h1]h5]uh7M$�h#]r\���hAXë���INSERT INTO xml_replication (server,last_checked,replicate,datareplicate,hub) VALUES ('<partner.server/context>/servlet/replication',NULL,1,1,0);r]���ÖÅr^���}r_���(h(U�h)jY���ubaubhK)År`���}ra���(h(Xœ���Where ``<partner.server/context>`` is the name of the partner server and
context. The values 'NULL, 1,1,0' indicate (respectively) the last time
replication occurred, that XML docs should be replicated to the partner
server, that data files should be replicated to the partner server, and
that the local server should not act as a hub. Set a value of 'NULL,0,0,0'
if your Metacat is only receiving documents from the partner site and not
replicating to that site.h)jM���h*h+h,hOh.}rb���(h0]h1]h2]h3]h5]uh7M&�h#]rc���(hAX����Where rd���ÖÅre���}rf���(h(X����Where h)j`���ubj2���)Årg���}rh���(h(X����``<partner.server/context>``h.}ri���(h0]h1]h2]h3]h5]uh)j`���h#]rj���hAX����<partner.server/context>rk���ÖÅrl���}rm���(h(U�h)jg���ubah,j:���ubhAX≠��� is the name of the partner server and
context. The values 'NULL, 1,1,0' indicate (respectively) the last time
replication occurred, that XML docs should be replicated to the partner
server, that data files should be replicated to the partner server, and
that the local server should not act as a hub. Set a value of 'NULL,0,0,0'
if your Metacat is only receiving documents from the partner site and not
replicating to that site.rn���ÖÅro���}rp���(h(X≠��� is the name of the partner server and
context. The values 'NULL, 1,1,0' indicate (respectively) the last time
replication occurred, that XML docs should be replicated to the partner
server, that data files should be replicated to the partner server, and
that the local server should not act as a hub. Set a value of 'NULL,0,0,0'
if your Metacat is only receiving documents from the partner site and not
replicating to that site.h)j`���ubeubeubjD���)Årq���}rr���(h(X����Exit the databasers���h)j#���h*h+h,jH���h.}rt���(h0]h1]h2]h3]h5]uh7Nh8h�h#]ru���hK)Årv���}rw���(h(js���h)jq���h*h+h,hOh.}rx���(h0]h1]h2]h3]h5]uh7M.�h#]ry���hAX����Exit the databaserz���ÖÅr{���}r|���(h(js���h)jv���ubaubaubjD���)År}���}r~���(h(XG���Restart Apache and Tomcat on both home and partner replication machinesr���h)j#���h*h+h,jH���h.}rÄ���(h0]h1]h2]h3]h5]uh7Nh8h�h#]rÅ���hK)ÅrÇ���}rÉ���(h(j���h)j}���h*h+h,hOh.}rÑ���(h0]h1]h2]h3]h5]uh7M/�h#]rÖ���hAXG���Restart Apache and Tomcat on both home and partner replication machinesrÜ���ÖÅrá���}rà���(h(j���h)jÇ���ubaubaubeubeubeubeubeubah(U�U�transformerrâ���NU
footnote_refsrä���}rã���U�refnamesrå���}rç���U�symbol_footnotesré���]rè���U�autofootnote_refsrê���]rë���U�symbol_footnote_refsrí���]rì���U citationsrî���]rï���h8h�U�current_linerñ���NU�transform_messagesró���]rò���U�reporterrô���NU�id_startrö���K�U
autofootnotesrõ���]rú���U
citation_refsrù���}rû���U�indirect_targetsrü���]r†���U�settingsr°���(cdocutils.frontend
Values
r¢���or£���}r§���(U�footnote_backlinksr•���K�U�record_dependenciesr¶���NU�rfc_base_urlrß���U�https://tools.ietf.org/html/r®���U tracebackr©���àU�pep_referencesr™���NU�strip_commentsr´���NU
toc_backlinksr¨���h∫U
language_coder≠���U�enrÆ���U datestamprØ���NU�report_levelr∞���K�U�_destinationr±���NU
halt_levelr≤���K�U
strip_classesr≥���Nh>NU�error_encoding_error_handlerr¥���U�backslashreplacerµ���U�debugr∂���NU�embed_stylesheetr∑���âU�output_encoding_error_handlerr∏���U�strictrπ���U
sectnum_xformr∫���K�U�dump_transformsrª���NU
docinfo_xformrº���K�U�warning_streamrΩ���NU�pep_file_url_templateræ���U�pep-%04drø���U�exit_status_levelr¿���K�U�configr¡���NU�strict_visitorr¬���NU�cloak_email_addressesr√���àU�trim_footnote_reference_spacerƒ���âU�envr≈���NU�dump_pseudo_xmlr∆���NU�expose_internalsr«���NU�sectsubtitle_xformr»���âU�source_linkr…���NU�rfc_referencesr ���NU�output_encodingrÀ���U�utf-8rÃ���U
source_urlrÕ���NU�input_encodingrŒ���U utf-8-sigrœ���U�_disable_configr–���NU id_prefixr—���U�U tab_widthr“���K�U�error_encodingr”���U�UTF-8r‘���U�_sourcer’���h+U�gettext_compactr÷���àU generatorr◊���NU�dump_internalsrÿ���NU�smart_quotesrŸ���âU�pep_base_urlr⁄���U https://www.python.org/dev/peps/r€���U�syntax_highlightr‹���U�longr›���U�input_encoding_error_handlerrfi���jπ���U�auto_id_prefixrfl���U�idr‡���U�doctitle_xformr·���âU�strip_elements_with_classesr‚���NU
_config_filesr„���]r‰���U�file_insertion_enabledrÂ���àU�raw_enabledrÊ���K�U
dump_settingsrÁ���NubU�symbol_footnote_startrË���K�h3}rÈ���(h�j¡���h�j
���h�jñ���jÿ���j‘���h!j/���j˛���j˙���h�j$���h�h&h�j‰���h jx���h"jÔ���hthnh�j����uU�substitution_namesrÍ���}rÎ���h,h8h.}rÏ���(h0]h3]h2]U�sourceh+h1]h5]uU footnotesrÌ���]rÓ���U�refidsrÔ���}r���ub.