€cdocutils.nodes document q)q}q(U nametypesq}q(Xconfiguring replicationqNXupdate metacat propertiesqNX#using the replication control panelqNX=generate certificates for metacat running under apache/tomcatq NX replicationq NXupdate your metacat databaseq NX to update the database using sqlq NXIto import a certificate into java keystore (for self-signed certificates)q NXto import a certificateqNX/generating and exchanging security certificatesqNuUsubstitution_defsq}qUparse_messagesq]qUcurrent_sourceqNU decorationqNUautofootnote_startqKUnameidsq}q(hUconfiguring-replicationqhUupdate-metacat-propertiesqhU#using-the-replication-control-panelqh U=generate-certificates-for-metacat-running-under-apache-tomcatqh U replicationqh Uupdate-your-metacat-databaseqh U to-update-the-database-using-sqlqh UGto-import-a-certificate-into-java-keystore-for-self-signed-certificatesq hUto-import-a-certificateq!hU/generating-and-exchanging-security-certificatesq"uUchildrenq#]q$cdocutils.nodes section q%)q&}q'(U rawsourceq(UUparentq)hUsourceq*Xe/var/lib/jenkins/jobs/Metacat_stable/workspace/METACAT_2_8_1/docs/user/metacat/source/replication.rstq+Utagnameq,Usectionq-U attributesq.}q/(Udupnamesq0]Uclassesq1]Ubackrefsq2]Uidsq3]q4haUnamesq5]q6h auUlineq7KUdocumentq8hh#]q9(cdocutils.nodes title q:)q;}q<(h(X Replicationq=h)h&h*h+h,Utitleq>h.}q?(h0]h1]h2]h3]h5]uh7Kh8hh#]q@cdocutils.nodes Text qAX ReplicationqB…qC}qD(h(h=h)h;ubaubcdocutils.nodes note qE)qF}qG(h(XÒNote that much of the functionality provided by the replication subsystem in Metacat has now been generalized and standardized by DataONE, so consider utilizing the DataONE services for replication as it is a more general and standardized approach than this Metacat-specific replication system. The Metacat replication system will be supported for a while longer, but will likely be deprecated in a future release in favor of using the DataONE replication approach.h)h&h*h+h,UnoteqHh.}qI(h0]h1]h2]h3]h5]uh7Nh8hh#]qJcdocutils.nodes paragraph qK)qL}qM(h(XÒNote that much of the functionality provided by the replication subsystem in Metacat has now been generalized and standardized by DataONE, so consider utilizing the DataONE services for replication as it is a more general and standardized approach than this Metacat-specific replication system. The Metacat replication system will be supported for a while longer, but will likely be deprecated in a future release in favor of using the DataONE replication approach.qNh)hFh*h+h,U paragraphqOh.}qP(h0]h1]h2]h3]h5]uh7Kh#]qQhAXÒNote that much of the functionality provided by the replication subsystem in Metacat has now been generalized and standardized by DataONE, so consider utilizing the DataONE services for replication as it is a more general and standardized approach than this Metacat-specific replication system. The Metacat replication system will be supported for a while longer, but will likely be deprecated in a future release in favor of using the DataONE replication approach.qR…qS}qT(h(hNh)hLubaubaubhK)qU}qV(h(X±Metacat has a built-in replication feature that allows different Metacat servers to share data (both XML documents and data files) between each other. Metacat can replicate not only its home server's original documents, but also those that were replicated from partner Metacat servers. When changes are made to one server in a replication network, the changes are automatically propogated to the network, even if the network is down.qWh)h&h*h+h,hOh.}qX(h0]h1]h2]h3]h5]uh7K h8hh#]qYhAX±Metacat has a built-in replication feature that allows different Metacat servers to share data (both XML documents and data files) between each other. Metacat can replicate not only its home server's original documents, but also those that were replicated from partner Metacat servers. When changes are made to one server in a replication network, the changes are automatically propogated to the network, even if the network is down.qZ…q[}q\(h(hWh)hUubaubhK)q]}q^(h(XPReplication allows users to manage their data locally and (by replicating them to a shared Metacat repository) to make those data available to the greater scientific community via a centralized search. In other words, your Metacat can be part of a broader network, but you retain control over the local repository and how it is managed.q_h)h&h*h+h,hOh.}q`(h0]h1]h2]h3]h5]uh7Kh8hh#]qahAXPReplication allows users to manage their data locally and (by replicating them to a shared Metacat repository) to make those data available to the greater scientific community via a centralized search. In other words, your Metacat can be part of a broader network, but you retain control over the local repository and how it is managed.qb…qc}qd(h(h_h)h]ubaubhK)qe}qf(h(XPFor example, the KNB Network (Figure 6.1), which currently consists of ten different Metacat servers from around the world, uses replication to "join" the disperate servers to form a single robust and searchable data repository--facilitating data discovery, while leaving the data ownership and management with the local administrators.qgh)h&h*h+h,hOh.}qh(h0]h1]h2]h3]h5]uh7Kh8hh#]qihAXPFor example, the KNB Network (Figure 6.1), which currently consists of ten different Metacat servers from around the world, uses replication to "join" the disperate servers to form a single robust and searchable data repository--facilitating data discovery, while leaving the data ownership and management with the local administrators.qj…qk}ql(h(hgh)heubaubcdocutils.nodes figure qm)qn}qo(h(Uh)h&h*h+h,Ufigureqph.}qq(UalignqrXcenterh3]qsUid1qtah2]h0]h1]h5]uh7Nh8hh#]qu(cdocutils.nodes image qv)qw}qx(h(Xd.. figure:: images/screenshots/image059.jpg :align: center A map of the KNB Metacat network. h.}qy(UuriXimages/screenshots/image059.jpgqzh3]h2]h0]h1]U candidatesq{}q|U*hzsh5]uh)hnh#]h,Uimageq}ubcdocutils.nodes caption q~)q}q€(h(X!A map of the KNB Metacat network.qh)hnh*h+h,Ucaptionq‚h.}qƒ(h0]h1]h2]h3]h5]uh7K#h#]q„hAX!A map of the KNB Metacat network.q……q†}q‡(h(hh)hubaubeubhK)qˆ}q‰(h(XWhen properly configured, Metacat's replication mechanism can be triggered by several types of events that occur on either the home or partner server: a document insertion, an update, or an automatic replication (i.e., Delta-T monitoring), which is set at a user-specified time interval.qŠh)h&h*h+h,hOh.}q‹(h0]h1]h2]h3]h5]uh7K%h8hh#]qŒhAXWhen properly configured, Metacat's replication mechanism can be triggered by several types of events that occur on either the home or partner server: a document insertion, an update, or an automatic replication (i.e., Delta-T monitoring), which is set at a user-specified time interval.q…qŽ}q(h(hŠh)hˆubaubcdocutils.nodes table q)q‘}q’(h(Uh)h&h*h+h,Utableq“h.}q”(h0]h1]h2]h3]h5]uh7Nh8hh#]q•cdocutils.nodes tgroup q–)q—}q˜(h(Uh.}q™(h3]h2]h0]h1]h5]UcolsKuh)h‘h#]qš(cdocutils.nodes colspec q›)qœ}q(h(Uh.}qž(h3]h2]h0]h1]h5]UcolwidthKuh)h—h#]h,UcolspecqŸubh›)q }q¡(h(Uh.}q¢(h3]h2]h0]h1]h5]UcolwidthK:uh)h—h#]h,hŸubcdocutils.nodes thead q£)q¤}q¥(h(Uh.}q¦(h0]h1]h2]h3]h5]uh)h—h#]q§cdocutils.nodes row q¨)q©}qª(h(Uh.}q«(h0]h1]h2]h3]h5]uh)h¤h#]q¬(cdocutils.nodes entry q­)q®}q¯(h(Uh.}q°(h0]h1]h2]h3]h5]uh)h©h#]q±hK)q²}q³(h(XReplication Triggersq´h)h®h*h+h,hOh.}qµ(h0]h1]h2]h3]h5]uh7K+h#]q¶hAXReplication Triggersq·…q¸}q¹(h(h´h)h²ubaubah,Uentryqºubh­)q»}q¼(h(Uh.}q½(h0]h1]h2]h3]h5]uh)h©h#]q¾hK)q¿}qÀ(h(X DescriptionqÁh)h»h*h+h,hOh.}qÂ(h0]h1]h2]h3]h5]uh7K+h#]qÃhAX DescriptionqÄ…qÅ}qÆ(h(hÁh)h¿ubaubah,hºubeh,UrowqÇubah,UtheadqÈubcdocutils.nodes tbody qÉ)qÊ}qË(h(Uh.}qÌ(h0]h1]h2]h3]h5]uh)h—h#]qÍ(h¨)qÎ}qÏ(h(Uh.}qÐ(h0]h1]h2]h3]h5]uh)hÊh#]qÑ(h­)qÒ}qÓ(h(Uh.}qÔ(h0]h1]h2]h3]h5]uh)hÎh#]qÕhK)qÖ}q×(h(XInsertqØh)hÒh*h+h,hOh.}qÙ(h0]h1]h2]h3]h5]uh7K-h#]qÚhAXInsertqÛ…qÜ}qÝ(h(hØh)hÖubaubah,hºubh­)qÞ}qß(h(Uh.}qà(h0]h1]h2]h3]h5]uh)hÎh#]qáhK)qâ}qã(h(X‡Whenever a document is inserted into Metacat, the server notifies each server in its replication list that it has a new file available.qäh)hÞh*h+h,hOh.}qå(h0]h1]h2]h3]h5]uh7K-h#]qæhAX‡Whenever a document is inserted into Metacat, the server notifies each server in its replication list that it has a new file available.qç…qè}qé(h(häh)hâubaubah,hºubeh,hÇubh¨)qê}që(h(Uh.}qì(h0]h1]h2]h3]h5]uh)hÊh#]qí(h­)qî}qï(h(Uh.}qð(h0]h1]h2]h3]h5]uh)hêh#]qñhK)qò}qó(h(XUpdateqôh)hîh*h+h,hOh.}qõ(h0]h1]h2]h3]h5]uh7K1h#]qöhAXUpdateq÷…qø}qù(h(hôh)hòubaubah,hºubh­)qú}qû(h(Uh.}qü(h0]h1]h2]h3]h5]uh)hêh#]qýhK)qþ}qÿ(h(XfWhenever a document is updated, the server notifies each server in its replication list of the update.rh)húh*h+h,hOh.}r(h0]h1]h2]h3]h5]uh7K1h#]rhAXfWhenever a document is updated, the server notifies each server in its replication list of the update.r…r}r(h(jh)hþubaubah,hºubeh,hÇubh¨)r}r(h(Uh.}r(h0]h1]h2]h3]h5]uh)hÊh#]r (h­)r }r (h(Uh.}r (h0]h1]h2]h3]h5]uh)jh#]r hK)r}r(h(XDelta-T monitoringrh)j h*h+h,hOh.}r(h0]h1]h2]h3]h5]uh7K4h#]rhAXDelta-T monitoringr…r}r(h(jh)jubaubah,hºubh­)r}r(h(Uh.}r(h0]h1]h2]h3]h5]uh)jh#]rhK)r}r(h(XtAt a user-specified time interval, Metacat checks each of the servers in its replication list for updated documents.rh)jh*h+h,hOh.}r(h0]h1]h2]h3]h5]uh7K4h#]rhAXtAt a user-specified time interval, Metacat checks each of the servers in its replication list for updated documents.r…r }r!(h(jh)jubaubah,hºubeh,hÇubeh,Utbodyr"ubeh,Utgroupr#ubaubh%)r$}r%(h(Uh)h&h*h+h,h-h.}r&(h0]h1]h2]h3]r'hah5]r(hauh7K:h8hh#]r)(h:)r*}r+(h(XConfiguring Replicationr,h)j$h*h+h,h>h.}r-(h0]h1]h2]h3]h5]uh7K:h8hh#]r.hAXConfiguring Replicationr/…r0}r1(h(j,h)j*ubaubhK)r2}r3(h(XOTo configure replication, you must configure both the home and partner servers:r4h)j$h*h+h,hOh.}r5(h0]h1]h2]h3]h5]uh7K;h8hh#]r6hAXOTo configure replication, you must configure both the home and partner servers:r7…r8}r9(h(j4h)j2ubaubcdocutils.nodes enumerated_list r:)r;}r<(h(Uh)j$h*h+h,Uenumerated_listr=h.}r>(Usuffixr?U.h3]h2]h0]Uprefixr@Uh1]h5]UenumtyperAUarabicrBuh7K=h8hh#]rC(cdocutils.nodes list_item rD)rE}rF(h(XXCreate a list of partner servers on your home server using the Replication Control PanelrGh)j;h*h+h,U list_itemrHh.}rI(h0]h1]h2]h3]h5]uh7Nh8hh#]rJhK)rK}rL(h(jGh)jEh*h+h,hOh.}rM(h0]h1]h2]h3]h5]uh7K=h#]rNhAXXCreate a list of partner servers on your home server using the Replication Control PanelrO…rP}rQ(h(jGh)jKubaubaubjD)rR}rS(h(X,Create certificate files for the home serverrTh)j;h*h+h,jHh.}rU(h0]h1]h2]h3]h5]uh7Nh8hh#]rVhK)rW}rX(h(jTh)jRh*h+h,hOh.}rY(h0]h1]h2]h3]h5]uh7K>h#]rZhAX,Create certificate files for the home serverr[…r\}r](h(jTh)jWubaubaubjD)r^}r_(h(X/Create certificate files for the partner serverr`h)j;h*h+h,jHh.}ra(h0]h1]h2]h3]h5]uh7Nh8hh#]rbhK)rc}rd(h(j`h)j^h*h+h,hOh.}re(h0]h1]h2]h3]h5]uh7K?h#]rfhAX/Create certificate files for the partner serverrg…rh}ri(h(j`h)jcubaubaubjD)rj}rk(h(X3Import partner certificate files to the home serverrlh)j;h*h+h,jHh.}rm(h0]h1]h2]h3]h5]uh7Nh8hh#]rnhK)ro}rp(h(jlh)jjh*h+h,hOh.}rq(h0]h1]h2]h3]h5]uh7K@h#]rrhAX3Import partner certificate files to the home serverrs…rt}ru(h(jlh)joubaubaubjD)rv}rw(h(X-Import home certificate to the partner serverrxh)j;h*h+h,jHh.}ry(h0]h1]h2]h3]h5]uh7Nh8hh#]rzhK)r{}r|(h(jxh)jvh*h+h,hOh.}r}(h0]h1]h2]h3]h5]uh7KAh#]r~hAX-Import home certificate to the partner serverr…r€}r(h(jxh)j{ubaubaubjD)r‚}rƒ(h(XUpdate your Metacat database h)j;h*h+h,jHh.}r„(h0]h1]h2]h3]h5]uh7Nh8hh#]r…hK)r†}r‡(h(XUpdate your Metacat databaserˆh)j‚h*h+h,hOh.}r‰(h0]h1]h2]h3]h5]uh7KBh#]rŠhAXUpdate your Metacat databaser‹…rŒ}r(h(jˆh)j†ubaubaubeubhK)rŽ}r(h(X@Each step is discussed in more detail in the following sections.rh)j$h*h+h,hOh.}r‘(h0]h1]h2]h3]h5]uh7KDh8hh#]r’hAX@Each step is discussed in more detail in the following sections.r“…r”}r•(h(jh)jŽubaubh%)r–}r—(h(Uh)j$h*h+h,h-h.}r˜(h0]h1]h2]h3]r™hah5]ršhauh7KGh8hh#]r›(h:)rœ}r(h(X#Using the Replication Control Panelržh)j–h*h+h,h>h.}rŸ(h0]h1]h2]h3]h5]uh7KGh8hh#]r hAX#Using the Replication Control Panelr¡…r¢}r£(h(jžh)jœubaubhK)r¤}r¥(h(XïTo add, remove, or alter servers on your home server's Replication list, or to activate and customize the Delta-T handler, use the Replication control panel, which is accessed via the Metacat Administration interface at the following URL::h)j–h*h+h,hOh.}r¦(h0]h1]h2]h3]h5]uh7KHh8hh#]r§hAXîTo add, remove, or alter servers on your home server's Replication list, or to activate and customize the Delta-T handler, use the Replication control panel, which is accessed via the Metacat Administration interface at the following URL:r¨…r©}rª(h(XîTo add, remove, or alter servers on your home server's Replication list, or to activate and customize the Delta-T handler, use the Replication control panel, which is accessed via the Metacat Administration interface at the following URL:h)j¤ubaubcdocutils.nodes literal_block r«)r¬}r­(h(X.http://somehost.somelocation.edu/context/adminh)j–h*h+h,U literal_blockr®h.}r¯(U xml:spacer°Upreserver±h3]h2]h0]h1]h5]uh7KLh8hh#]r²hAX.http://somehost.somelocation.edu/context/adminr³…r´}rµ(h(Uh)j¬ubaubhK)r¶}r·(h(XÐ"http://somehost.somelocation.edu/context" should be replaced with the name of your Metacat server and context (e.g., http://knb.ecoinformatics.org/knb/). You must be logged in to Metacat as an administrator.h)j–h*h+h,hOh.}r¸(h0]h1]h2]h3]h5]uh7KNh8hh#]r¹(hAX"…rº}r»(h(X"h)j¶ubcdocutils.nodes reference r¼)r½}r¾(h(X(http://somehost.somelocation.edu/contextr¿h.}rÀ(Urefurij¿h3]h2]h0]h1]h5]uh)j¶h#]rÁhAX(http://somehost.somelocation.edu/contextrÂ…rÃ}rÄ(h(Uh)j½ubah,U referencerÅubhAXM" should be replaced with the name of your Metacat server and context (e.g., rÆ…rÇ}rÈ(h(XM" should be replaced with the name of your Metacat server and context (e.g., h)j¶ubj¼)rÉ}rÊ(h(X"http://knb.ecoinformatics.org/knb/rËh.}rÌ(UrefurijËh3]h2]h0]h1]h5]uh)j¶h#]rÍhAX"http://knb.ecoinformatics.org/knb/rÎ…rÏ}rÐ(h(Uh)jÉubah,jÅubhAX8). You must be logged in to Metacat as an administrator.rÑ…rÒ}rÓ(h(X8). You must be logged in to Metacat as an administrator.h)j¶ubeubhm)rÔ}rÕ(h(Uh)j–h*h+h,hph.}rÖ(hrXcenterh3]r×Uid2rØah2]h0]h1]h5]uh7Nh8hh#]rÙ(hv)rÚ}rÛ(h(X].. figure:: images/screenshots/image061.jpg :align: center Replication control panel. h.}rÜ(UuriXimages/screenshots/image061.jpgrÝh3]h2]h0]h1]h{}rÞU*jÝsh5]uh)jÔh#]h,h}ubh~)rß}rà(h(XReplication control panel.ráh)jÔh*h+h,h‚h.}râ(h0]h1]h2]h3]h5]uh7KUh#]rãhAXReplication control panel.rä…rå}ræ(h(jáh)jßubaubeubhK)rç}rè(h(XêNote that currently, you cannot use the Replication Control Panel to remove a server after a replication has occurred. To stop replication between two servers, update the flags that control whether metadata and/or data are replicated.réh)j–h*h+h,hOh.}rê(h0]h1]h2]h3]h5]uh7KWh8hh#]rëhAXêNote that currently, you cannot use the Replication Control Panel to remove a server after a replication has occurred. To stop replication between two servers, update the flags that control whether metadata and/or data are replicated.rì…rí}rî(h(jéh)jçubaubeubh%)rï}rð(h(Uh)j$h*h+h,h-h.}rñ(h0]h1]h2]h3]ròh"ah5]róhauh7K\h8hh#]rô(h:)rõ}rö(h(X/Generating and Exchanging Security Certificatesr÷h)jïh*h+h,h>h.}rø(h0]h1]h2]h3]h5]uh7K\h8hh#]rùhAX/Generating and Exchanging Security Certificatesrú…rû}rü(h(j÷h)jõubaubhK)rý}rþ(h(XöBefore you can take advantage of Metacat's replication feature, you must generate security certificates on both the replication partner and home servers. Depending on how the certificates are generated, the certificates may need to be exchanged so that each machine "trusts" that the other has replication access. Certificates that are purchased from a commercial and well-recognized Certificate Authority do not need to be exchanged with the other replication partner before replication takes place. Metacat replication relies on SSL with client certificate authentication enabled. When a replication partner server communicates with another replication partner, it presents a certificate that serves to verify and authenticate that the server is trusted.rÿh)jïh*h+h,hOh.}r(h0]h1]h2]h3]h5]uh7K]h8hh#]rhAXöBefore you can take advantage of Metacat's replication feature, you must generate security certificates on both the replication partner and home servers. Depending on how the certificates are generated, the certificates may need to be exchanged so that each machine "trusts" that the other has replication access. Certificates that are purchased from a commercial and well-recognized Certificate Authority do not need to be exchanged with the other replication partner before replication takes place. Metacat replication relies on SSL with client certificate authentication enabled. When a replication partner server communicates with another replication partner, it presents a certificate that serves to verify and authenticate that the server is trusted.r…r}r(h(jÿh)jýubaubhK)r}r(h(XÆIf you must generate a self-signed certificate, the partner replication server will need that public certificate (or the certificate of the signing CA) added to its existing Certificate Authorities.rh)jïh*h+h,hOh.}r(h0]h1]h2]h3]h5]uh7Khh8hh#]r hAXÆIf you must generate a self-signed certificate, the partner replication server will need that public certificate (or the certificate of the signing CA) added to its existing Certificate Authorities.r …r }r (h(jh)jubaubh%)r }r(h(Uh)jïh*h+h,h-h.}r(h0]h1]h2]h3]rhah5]rh auh7Kmh8hh#]r(h:)r}r(h(X=Generate Certificates for Metacat running under Apache/Tomcatrh)j h*h+h,h>h.}r(h0]h1]h2]h3]h5]uh7Kmh8hh#]rhAX=Generate Certificates for Metacat running under Apache/Tomcatr…r}r(h(jh)jubaubhK)r}r(h(X1Note: Instructions are for Ubuntu/Debian systems.rh)j h*h+h,hOh.}r(h0]h1]h2]h3]h5]uh7Knh8hh#]rhAX1Note: Instructions are for Ubuntu/Debian systems.r …r!}r"(h(jh)jubaubj:)r#}r$(h(Uh)j h*h+h,j=h.}r%(j?U.h3]h2]h0]j@Uh1]h5]jAjBuh7Kph8hh#]r&(jD)r'}r((h(X• Generate a private key using openssl. The key will be named ``-apache.key``, where ```` is the name of your Metacat server. Example values for the individual key fields are included in the table below. :: openssl req -new -out REQ.pem -keyout -apache.key +--------------------------+-------------------------------------------------------------------------+ | Key Field | Description and Example Value | +==========================+=========================================================================+ | Country Name | Two letter country code (e.g., US) | +--------------------------+-------------------------------------------------------------------------+ | State or Province Name | The name of your state or province spelled in full (e.g., California) | +--------------------------+-------------------------------------------------------------------------+ | Locality Name | The name of your city (e.g., Santa Barbara) | +--------------------------+-------------------------------------------------------------------------+ | Organization Name | The company or organization name (e.g., UCSB) | +--------------------------+-------------------------------------------------------------------------+ | Organizational Unit Name | The department or section name (e.g., NCEAS) | +--------------------------+-------------------------------------------------------------------------+ | Common Name | The host server name without port numbers (e.g., myserver.mydomain.edu) | +--------------------------+-------------------------------------------------------------------------+ | Email Address | Administrator's contact email (e.g., administrator@mydomain.edu) | +--------------------------+-------------------------------------------------------------------------+ | A challenge password | --leave this field blank-- | +--------------------------+-------------------------------------------------------------------------+ | An optional company name | --leave this field blank-- | +--------------------------+-------------------------------------------------------------------------+ h)j#h*h+h,jHh.}r)(h0]h1]h2]h3]h5]uh7Nh8hh#]r*(hK)r+}r,(h(XÝGenerate a private key using openssl. The key will be named ``-apache.key``, where ```` is the name of your Metacat server. Example values for the individual key fields are included in the table below.h)j'h*h+h,hOh.}r-(h0]h1]h2]h3]h5]uh7Kph#]r.(hAX<Generate a private key using openssl. The key will be named r/…r0}r1(h(X<Generate a private key using openssl. The key will be named h)j+ubcdocutils.nodes literal r2)r3}r4(h(X``-apache.key``h.}r5(h0]h1]h2]h3]h5]uh)j+h#]r6hAX-apache.keyr7…r8}r9(h(Uh)j3ubah,Uliteralr:ubhAX, where r;…r<}r=(h(X, where h)j+ubj2)r>}r?(h(X````h.}r@(h0]h1]h2]h3]h5]uh)j+h#]rAhAX rB…rC}rD(h(Uh)j>ubah,j:ubhAXr is the name of your Metacat server. Example values for the individual key fields are included in the table below.rE…rF}rG(h(Xr is the name of your Metacat server. Example values for the individual key fields are included in the table below.h)j+ubeubj«)rH}rI(h(X;openssl req -new -out REQ.pem -keyout -apache.keyh)j'h,j®h.}rJ(j°j±h3]h2]h0]h1]h5]uh7Kwh#]rKhAX;openssl req -new -out REQ.pem -keyout -apache.keyrL…rM}rN(h(Uh)jHubaubh)rO}rP(h(Uh.}rQ(h0]h1]h2]h3]h5]uh)j'h#]rRh–)rS}rT(h(Uh.}rU(h3]h2]h0]h1]h5]UcolsKuh)jOh#]rV(h›)rW}rX(h(Uh.}rY(h3]h2]h0]h1]h5]UcolwidthKuh)jSh#]h,hŸubh›)rZ}r[(h(Uh.}r\(h3]h2]h0]h1]h5]UcolwidthKIuh)jSh#]h,hŸubh£)r]}r^(h(Uh.}r_(h0]h1]h2]h3]h5]uh)jSh#]r`h¨)ra}rb(h(Uh.}rc(h0]h1]h2]h3]h5]uh)j]h#]rd(h­)re}rf(h(Uh.}rg(h0]h1]h2]h3]h5]uh)jah#]rhhK)ri}rj(h(X Key Fieldrkh)jeh*h+h,hOh.}rl(h0]h1]h2]h3]h5]uh7Kzh#]rmhAX Key Fieldrn…ro}rp(h(jkh)jiubaubah,hºubh­)rq}rr(h(Uh.}rs(h0]h1]h2]h3]h5]uh)jah#]rthK)ru}rv(h(XDescription and Example Valuerwh)jqh*h+h,hOh.}rx(h0]h1]h2]h3]h5]uh7Kzh#]ryhAXDescription and Example Valuerz…r{}r|(h(jwh)juubaubah,hºubeh,hÇubah,hÈubhÉ)r}}r~(h(Uh.}r(h0]h1]h2]h3]h5]uh)jSh#]r€(h¨)r}r‚(h(Uh.}rƒ(h0]h1]h2]h3]h5]uh)j}h#]r„(h­)r…}r†(h(Uh.}r‡(h0]h1]h2]h3]h5]uh)jh#]rˆhK)r‰}rŠ(h(X Country Namer‹h)j…h*h+h,hOh.}rŒ(h0]h1]h2]h3]h5]uh7K|h#]rhAX Country NamerŽ…r}r(h(j‹h)j‰ubaubah,hºubh­)r‘}r’(h(Uh.}r“(h0]h1]h2]h3]h5]uh)jh#]r”hK)r•}r–(h(X#Two letter country code (e.g., US)r—h)j‘h*h+h,hOh.}r˜(h0]h1]h2]h3]h5]uh7K|h#]r™hAX#Two letter country code (e.g., US)rš…r›}rœ(h(j—h)j•ubaubah,hºubeh,hÇubh¨)r}rž(h(Uh.}rŸ(h0]h1]h2]h3]h5]uh)j}h#]r (h­)r¡}r¢(h(Uh.}r£(h0]h1]h2]h3]h5]uh)jh#]r¤hK)r¥}r¦(h(XState or Province Namer§h)j¡h*h+h,hOh.}r¨(h0]h1]h2]h3]h5]uh7K~h#]r©hAXState or Province Namerª…r«}r¬(h(j§h)j¥ubaubah,hºubh­)r­}r®(h(Uh.}r¯(h0]h1]h2]h3]h5]uh)jh#]r°hK)r±}r²(h(XEThe name of your state or province spelled in full (e.g., California)r³h)j­h*h+h,hOh.}r´(h0]h1]h2]h3]h5]uh7K~h#]rµhAXEThe name of your state or province spelled in full (e.g., California)r¶…r·}r¸(h(j³h)j±ubaubah,hºubeh,hÇubh¨)r¹}rº(h(Uh.}r»(h0]h1]h2]h3]h5]uh)j}h#]r¼(h­)r½}r¾(h(Uh.}r¿(h0]h1]h2]h3]h5]uh)j¹h#]rÀhK)rÁ}rÂ(h(X Locality NamerÃh)j½h*h+h,hOh.}rÄ(h0]h1]h2]h3]h5]uh7K€h#]rÅhAX Locality NamerÆ…rÇ}rÈ(h(jÃh)jÁubaubah,hºubh­)rÉ}rÊ(h(Uh.}rË(h0]h1]h2]h3]h5]uh)j¹h#]rÌhK)rÍ}rÎ(h(X+The name of your city (e.g., Santa Barbara)rÏh)jÉh*h+h,hOh.}rÐ(h0]h1]h2]h3]h5]uh7K€h#]rÑhAX+The name of your city (e.g., Santa Barbara)rÒ…rÓ}rÔ(h(jÏh)jÍubaubah,hºubeh,hÇubh¨)rÕ}rÖ(h(Uh.}r×(h0]h1]h2]h3]h5]uh)j}h#]rØ(h­)rÙ}rÚ(h(Uh.}rÛ(h0]h1]h2]h3]h5]uh)jÕh#]rÜhK)rÝ}rÞ(h(XOrganization Namerßh)jÙh*h+h,hOh.}rà(h0]h1]h2]h3]h5]uh7K‚h#]ráhAXOrganization Namerâ…rã}rä(h(jßh)jÝubaubah,hºubh­)rå}ræ(h(Uh.}rç(h0]h1]h2]h3]h5]uh)jÕh#]rèhK)ré}rê(h(X-The company or organization name (e.g., UCSB)rëh)jåh*h+h,hOh.}rì(h0]h1]h2]h3]h5]uh7K‚h#]ríhAX-The company or organization name (e.g., UCSB)rî…rï}rð(h(jëh)jéubaubah,hºubeh,hÇubh¨)rñ}rò(h(Uh.}ró(h0]h1]h2]h3]h5]uh)j}h#]rô(h­)rõ}rö(h(Uh.}r÷(h0]h1]h2]h3]h5]uh)jñh#]røhK)rù}rú(h(XOrganizational Unit Namerûh)jõh*h+h,hOh.}rü(h0]h1]h2]h3]h5]uh7K„h#]rýhAXOrganizational Unit Namerþ…rÿ}r(h(jûh)jùubaubah,hºubh­)r}r(h(Uh.}r(h0]h1]h2]h3]h5]uh)jñh#]rhK)r}r(h(X,The department or section name (e.g., NCEAS)rh)jh*h+h,hOh.}r(h0]h1]h2]h3]h5]uh7K„h#]r hAX,The department or section name (e.g., NCEAS)r …r }r (h(jh)jubaubah,hºubeh,hÇubh¨)r }r(h(Uh.}r(h0]h1]h2]h3]h5]uh)j}h#]r(h­)r}r(h(Uh.}r(h0]h1]h2]h3]h5]uh)j h#]rhK)r}r(h(X Common Namerh)jh*h+h,hOh.}r(h0]h1]h2]h3]h5]uh7K†h#]rhAX Common Namer…r}r(h(jh)jubaubah,hºubh­)r}r(h(Uh.}r(h0]h1]h2]h3]h5]uh)j h#]r hK)r!}r"(h(XGThe host server name without port numbers (e.g., myserver.mydomain.edu)r#h)jh*h+h,hOh.}r$(h0]h1]h2]h3]h5]uh7K†h#]r%hAXGThe host server name without port numbers (e.g., myserver.mydomain.edu)r&…r'}r((h(j#h)j!ubaubah,hºubeh,hÇubh¨)r)}r*(h(Uh.}r+(h0]h1]h2]h3]h5]uh)j}h#]r,(h­)r-}r.(h(Uh.}r/(h0]h1]h2]h3]h5]uh)j)h#]r0hK)r1}r2(h(X Email Addressr3h)j-h*h+h,hOh.}r4(h0]h1]h2]h3]h5]uh7Kˆh#]r5hAX Email Addressr6…r7}r8(h(j3h)j1ubaubah,hºubh­)r9}r:(h(Uh.}r;(h0]h1]h2]h3]h5]uh)j)h#]r<hK)r=}r>(h(X@Administrator's contact email (e.g., administrator@mydomain.edu)h)j9h*h+h,hOh.}r?(h0]h1]h2]h3]h5]uh7Kˆh#]r@(hAX%Administrator's contact email (e.g., rA…rB}rC(h(X%Administrator's contact email (e.g., h)j=ubj¼)rD}rE(h(Xadministrator@mydomain.eduh.}rF(UrefuriX!mailto:administrator@mydomain.eduh3]h2]h0]h1]h5]uh)j=h#]rGhAXadministrator@mydomain.edurH…rI}rJ(h(Uh)jDubah,jÅubhAX)…rK}rL(h(X)h)j=ubeubah,hºubeh,hÇubh¨)rM}rN(h(Uh.}rO(h0]h1]h2]h3]h5]uh)j}h#]rP(h­)rQ}rR(h(Uh.}rS(h0]h1]h2]h3]h5]uh)jMh#]rThK)rU}rV(h(XA challenge passwordrWh)jQh*h+h,hOh.}rX(h0]h1]h2]h3]h5]uh7KŠh#]rYhAXA challenge passwordrZ…r[}r\(h(jWh)jUubaubah,hºubh­)r]}r^(h(Uh.}r_(h0]h1]h2]h3]h5]uh)jMh#]r`hK)ra}rb(h(X--leave this field blank--rch)j]h*h+h,hOh.}rd(h0]h1]h2]h3]h5]uh7KŠh#]rehAX--leave this field blank--rf…rg}rh(h(jch)jaubaubah,hºubeh,hÇubh¨)ri}rj(h(Uh.}rk(h0]h1]h2]h3]h5]uh)j}h#]rl(h­)rm}rn(h(Uh.}ro(h0]h1]h2]h3]h5]uh)jih#]rphK)rq}rr(h(XAn optional company namersh)jmh*h+h,hOh.}rt(h0]h1]h2]h3]h5]uh7KŒh#]ruhAXAn optional company namerv…rw}rx(h(jsh)jqubaubah,hºubh­)ry}rz(h(Uh.}r{(h0]h1]h2]h3]h5]uh)jih#]r|hK)r}}r~(h(X--leave this field blank--rh)jyh*h+h,hOh.}r€(h0]h1]h2]h3]h5]uh7KŒh#]rhAX--leave this field blank--r‚…rƒ}r„(h(jh)j}ubaubah,hºubeh,hÇubeh,j"ubeh,j#ubah,h“ubeubjD)r…}r†(h(XŠCreate the local certificate file by running the command: :: openssl req -x509 -days 800 -in REQ.pem -key -apache.key -out -apache.crt Use the same ```` you used when you generated the key. A file named ``-apache.crt`` will be created in the directory from which you ran the openssl command. Note: You can name the certificate file anything you'd like, but keep in mind that the file will be sent to the partner machine used for replication. The certificate name should have enough meaning that someone who sees it on that machine can figure out where it came from and for what purpose it should be used. h)j#h*h+h,jHh.}r‡(h0]h1]h2]h3]h5]uh7Nh8hh#]rˆ(hK)r‰}rŠ(h(X9Create the local certificate file by running the command:r‹h)j…h*h+h,hOh.}rŒ(h0]h1]h2]h3]h5]uh7Kh#]rhAX9Create the local certificate file by running the command:rŽ…r}r(h(j‹h)j‰ubaubj«)r‘}r’(h(X]openssl req -x509 -days 800 -in REQ.pem -key -apache.key -out -apache.crth)j…h,j®h.}r“(j°j±h3]h2]h0]h1]h5]uh7K“h#]r”hAX]openssl req -x509 -days 800 -in REQ.pem -key -apache.key -out -apache.crtr•…r–}r—(h(Uh)j‘ubaubhK)r˜}r™(h(XéUse the same ```` you used when you generated the key. A file named ``-apache.crt`` will be created in the directory from which you ran the openssl command. Note: You can name the certificate file anything you'd like, but keep in mind that the file will be sent to the partner machine used for replication. The certificate name should have enough meaning that someone who sees it on that machine can figure out where it came from and for what purpose it should be used.h)j…h*h+h,hOh.}rš(h0]h1]h2]h3]h5]uh7K•h#]r›(hAX Use the same rœ…r}rž(h(X Use the same h)j˜ubj2)rŸ}r (h(X````h.}r¡(h0]h1]h2]h3]h5]uh)j˜h#]r¢hAX r£…r¤}r¥(h(Uh)jŸubah,j:ubhAX3 you used when you generated the key. A file named r¦…r§}r¨(h(X3 you used when you generated the key. A file named h)j˜ubj2)r©}rª(h(X``-apache.crt``h.}r«(h0]h1]h2]h3]h5]uh)j˜h#]r¬hAX-apache.crtr­…r®}r¯(h(Uh)j©ubah,j:ubhAX‚ will be created in the directory from which you ran the openssl command. Note: You can name the certificate file anything you'd like, but keep in mind that the file will be sent to the partner machine used for replication. The certificate name should have enough meaning that someone who sees it on that machine can figure out where it came from and for what purpose it should be used.r°…r±}r²(h(X‚ will be created in the directory from which you ran the openssl command. Note: You can name the certificate file anything you'd like, but keep in mind that the file will be sent to the partner machine used for replication. The certificate name should have enough meaning that someone who sees it on that machine can figure out where it came from and for what purpose it should be used.h)j˜ubeubeubjD)r³}r´(h(XïEnter the certificate into Apache's security configuration. This will be used to identify your server to a replication partner. You must register the certificate in the local Apache instance. Note that the security files may be in a different directory from the one used in the instructions depending on how you installed Apache. Copy the certificate and key file using the following commands: :: sudo cp -apache.crt /etc/ssl/certs sudo cp -apache.key /etc/ssl/private h)j#h*h+h,jHh.}rµ(h0]h1]h2]h3]h5]uh7Nh8hh#]r¶(hK)r·}r¸(h(X‰Enter the certificate into Apache's security configuration. This will be used to identify your server to a replication partner. You must register the certificate in the local Apache instance. Note that the security files may be in a different directory from the one used in the instructions depending on how you installed Apache. Copy the certificate and key file using the following commands:r¹h)j³h*h+h,hOh.}rº(h0]h1]h2]h3]h5]uh7Kh#]r»hAX‰Enter the certificate into Apache's security configuration. This will be used to identify your server to a replication partner. You must register the certificate in the local Apache instance. Note that the security files may be in a different directory from the one used in the instructions depending on how you installed Apache. Copy the certificate and key file using the following commands:r¼…r½}r¾(h(j¹h)j·ubaubj«)r¿}rÀ(h(X[sudo cp -apache.crt /etc/ssl/certs sudo cp -apache.key /etc/ssl/privateh)j³h,j®h.}rÁ(j°j±h3]h2]h0]h1]h5]uh7K¦h#]rÂhAX[sudo cp -apache.crt /etc/ssl/certs sudo cp -apache.key /etc/ssl/privaterÃ…rÄ}rÅ(h(Uh)j¿ubaubeubjD)rÆ}rÇ(h(XµApache needs to be configured to request a client certificate when the replication API is utilized. The helper file named "metacat-site-ssl.conf" has default rules that configure Apache for SSL and client certificate authentication. Set up these SSL settings by copying the metacat-site-ssl.conf file into the ``sites-available`` directory, editing pertinent values to match your system and running ``a2ensite`` to enable the site. (Note: some settings in metacat-site-ssl.conf need to be changed to match the specifics of your system and Metacat deployment.) :: sudo cp /metacat-site-ssl.conf /sites-available sudo a2ensite metacat-site-ssl.conf h)j#h*h+h,jHh.}rÈ(h0]h1]h2]h3]h5]uh7Nh8hh#]rÉ(hK)rÊ}rË(h(X/Apache needs to be configured to request a client certificate when the replication API is utilized. The helper file named "metacat-site-ssl.conf" has default rules that configure Apache for SSL and client certificate authentication. Set up these SSL settings by copying the metacat-site-ssl.conf file into the ``sites-available`` directory, editing pertinent values to match your system and running ``a2ensite`` to enable the site. (Note: some settings in metacat-site-ssl.conf need to be changed to match the specifics of your system and Metacat deployment.)h)jÆh*h+h,hOh.}rÌ(h0]h1]h2]h3]h5]uh7K©h#]rÍ(hAX6Apache needs to be configured to request a client certificate when the replication API is utilized. The helper file named "metacat-site-ssl.conf" has default rules that configure Apache for SSL and client certificate authentication. Set up these SSL settings by copying the metacat-site-ssl.conf file into the rÎ…rÏ}rÐ(h(X6Apache needs to be configured to request a client certificate when the replication API is utilized. The helper file named "metacat-site-ssl.conf" has default rules that configure Apache for SSL and client certificate authentication. Set up these SSL settings by copying the metacat-site-ssl.conf file into the h)jÊubj2)rÑ}rÒ(h(X``sites-available``h.}rÓ(h0]h1]h2]h3]h5]uh)jÊh#]rÔhAXsites-availablerÕ…rÖ}r×(h(Uh)jÑubah,j:ubhAXF directory, editing pertinent values to match your system and running rØ…rÙ}rÚ(h(XF directory, editing pertinent values to match your system and running h)jÊubj2)rÛ}rÜ(h(X ``a2ensite``h.}rÝ(h0]h1]h2]h3]h5]uh)jÊh#]rÞhAXa2ensiterß…rà}rá(h(Uh)jÛubah,j:ubhAX” to enable the site. (Note: some settings in metacat-site-ssl.conf need to be changed to match the specifics of your system and Metacat deployment.)râ…rã}rä(h(X” to enable the site. (Note: some settings in metacat-site-ssl.conf need to be changed to match the specifics of your system and Metacat deployment.)h)jÊubeubj«)rå}ræ(h(X{sudo cp /metacat-site-ssl.conf /sites-available sudo a2ensite metacat-site-ssl.confh)jÆh,j®h.}rç(j°j±h3]h2]h0]h1]h5]uh7K³h#]rèhAX{sudo cp /metacat-site-ssl.conf /sites-available sudo a2ensite metacat-site-ssl.confré…rê}rë(h(Uh)jåubaubeubjD)rì}rí(h(X/Enable the ssl module: :: sudo a2enmod ssl h)j#h*h+h,jHh.}rî(h0]h1]h2]h3]h5]uh7Nh8hh#]rï(hK)rð}rñ(h(XEnable the ssl module:ròh)jìh*h+h,hOh.}ró(h0]h1]h2]h3]h5]uh7K¶h#]rôhAXEnable the ssl module:rõ…rö}r÷(h(jòh)jðubaubj«)rø}rù(h(Xsudo a2enmod sslh)jìh,j®h.}rú(j°j±h3]h2]h0]h1]h5]uh7Kºh#]rûhAXsudo a2enmod sslrü…rý}rþ(h(Uh)jøubaubeubjD)rÿ}r(h(XVRestart Apache to bring in changes by typing: :: sudo /etc/init.d/apache2 restart h)j#h*h+h,jHh.}r(h0]h1]h2]h3]h5]uh7Nh8hh#]r(hK)r}r(h(X-Restart Apache to bring in changes by typing:rh)jÿh*h+h,hOh.}r(h0]h1]h2]h3]h5]uh7K¼h#]rhAX-Restart Apache to bring in changes by typing:r…r }r (h(jh)jubaubj«)r }r (h(X sudo /etc/init.d/apache2 restarth)jÿh,j®h.}r (j°j±h3]h2]h0]h1]h5]uh7KÀh#]rhAX sudo /etc/init.d/apache2 restartr…r}r(h(Uh)j ubaubeubjD)r}r(h(X¤If using a self-signed certificate, SCP ``-apache.crt`` to the replication partner machine where it will be added as an additional Certificate Authority. h)j#h*h+h,jHh.}r(h0]h1]h2]h3]h5]uh7Nh8hh#]rhK)r}r(h(X£If using a self-signed certificate, SCP ``-apache.crt`` to the replication partner machine where it will be added as an additional Certificate Authority.h)jh*h+h,hOh.}r(h0]h1]h2]h3]h5]uh7KÂh#]r(hAX(If using a self-signed certificate, SCP r…r}r(h(X(If using a self-signed certificate, SCP h)jubj2)r}r(h(X``-apache.crt``h.}r(h0]h1]h2]h3]h5]uh)jh#]r hAX-apache.crtr!…r"}r#(h(Uh)jubah,j:ubhAXb to the replication partner machine where it will be added as an additional Certificate Authority.r$…r%}r&(h(Xb to the replication partner machine where it will be added as an additional Certificate Authority.h)jubeubaubeubhK)r'}r((h(XIf using self-signed certificates, after you have created and SCP'd a certificate file to each replication partner, and received a certificate file from each partner in return, both home and partner servers must add the respective partner certificates as Certificate Authorities.r)h)j h*h+h,hOh.}r*(h0]h1]h2]h3]h5]uh7KÆh8hh#]r+hAXIf using self-signed certificates, after you have created and SCP'd a certificate file to each replication partner, and received a certificate file from each partner in return, both home and partner servers must add the respective partner certificates as Certificate Authorities.r,…r-}r.(h(j)h)j'ubaubeubh%)r/}r0(h(Uh)jïh*h+h,h-h.}r1(h0]h1]h2]h3]r2h!ah5]r3hauh7KÍh8hh#]r4(h:)r5}r6(h(XTo import a certificater7h)j/h*h+h,h>h.}r8(h0]h1]h2]h3]h5]uh7KÍh8hh#]r9hAXTo import a certificater:…r;}r<(h(j7h)j5ubaubj:)r=}r>(h(Uh)j/h*h+h,j=h.}r?(j?U.h3]h2]h0]j@Uh1]h5]jAjBuh7KÎh8hh#]r@(jD)rA}rB(h(XVCopy it into the Apache directory :: sudo cp /etc/ssl/certs/ h)j=h*h+h,jHh.}rC(h0]h1]h2]h3]h5]uh7Nh8hh#]rD(hK)rE}rF(h(X!Copy it into the Apache directoryrGh)jAh*h+h,hOh.}rH(h0]h1]h2]h3]h5]uh7KÎh#]rIhAX!Copy it into the Apache directoryrJ…rK}rL(h(jGh)jEubaubj«)rM}rN(h(X,sudo cp /etc/ssl/certs/h)jAh,j®h.}rO(j°j±h3]h2]h0]h1]h5]uh7KÒh#]rPhAX,sudo cp /etc/ssl/certs/rQ…rR}rS(h(Uh)jMubaubeubjD)rT}rU(h(XæRehash the certificates for Apache by running: :: cd /etc/ssl/certs sudo c_rehash where the ```` is the name of the certificate file created on the remote partner machine and SCP'd to the home machine. h)j=h*h+h,jHh.}rV(h0]h1]h2]h3]h5]uh7Nh8hh#]rW(hK)rX}rY(h(X.Rehash the certificates for Apache by running:rZh)jTh*h+h,hOh.}r[(h0]h1]h2]h3]h5]uh7KÔh#]r\hAX.Rehash the certificates for Apache by running:r]…r^}r_(h(jZh)jXubaubj«)r`}ra(h(Xcd /etc/ssl/certs sudo c_rehashh)jTh,j®h.}rb(j°j±h3]h2]h0]h1]h5]uh7KØh#]rchAXcd /etc/ssl/certs sudo c_rehashrd…re}rf(h(Uh)j`ubaubhK)rg}rh(h(X‹where the ```` is the name of the certificate file created on the remote partner machine and SCP'd to the home machine.h)jTh*h+h,hOh.}ri(h0]h1]h2]h3]h5]uh7KÜh#]rj(hAX where the rk…rl}rm(h(X where the h)jgubj2)rn}ro(h(X````h.}rp(h0]h1]h2]h3]h5]uh)jgh#]rqhAXrr…rs}rt(h(Uh)jnubah,j:ubhAXi is the name of the certificate file created on the remote partner machine and SCP'd to the home machine.ru…rv}rw(h(Xi is the name of the certificate file created on the remote partner machine and SCP'd to the home machine.h)jgubeubeubeubeubh%)rx}ry(h(Uh)jïh*h+h,h-h.}rz(h0]h1]h2]h3]r{h ah5]r|h auh7Kàh8hh#]r}(h:)r~}r(h(XITo import a certificate into Java keystore (for self-signed certificates)r€h)jxh*h+h,h>h.}r(h0]h1]h2]h3]h5]uh7Kàh8hh#]r‚hAXITo import a certificate into Java keystore (for self-signed certificates)rƒ…r„}r…(h(j€h)j~ubaubj:)r†}r‡(h(Uh)jxh*h+h,j=h.}rˆ(j?U.h3]h2]h0]j@Uh1]h5]jAjBuh7Káh8hh#]r‰(jD)rŠ}r‹(h(X¹Use Java's keytool to import to the default Java keystore :: sudo keytool -import -alias -file -keystore $JAVA_HOME/lib/security/cacerts h)j†h*h+h,jHh.}rŒ(h0]h1]h2]h3]h5]uh7Nh8hh#]r(hK)rŽ}r(h(X9Use Java's keytool to import to the default Java keystorerh)jŠh*h+h,hOh.}r‘(h0]h1]h2]h3]h5]uh7Káh#]r’hAX9Use Java's keytool to import to the default Java keystorer“…r”}r•(h(jh)jŽubaubj«)r–}r—(h(Xwsudo keytool -import -alias -file -keystore $JAVA_HOME/lib/security/cacertsh)jŠh,j®h.}r˜(j°j±h3]h2]h0]h1]h5]uh7Kåh#]r™hAXwsudo keytool -import -alias -file -keystore $JAVA_HOME/lib/security/cacertsrš…r›}rœ(h(Uh)j–ubaubeubjD)r}rž(h(X Restart Tomcat :: sudo /etc/init.d/tomcat7 restart where the ```` is the name of the certificate file created on the remote partner machine and SCP'd to the home machine and is a short memorable alias for this certificate and $JAVA_HOME is the same as configured for running Tomcat. NOTE: the cacerts path may be different depending on your exact Java installation. h)j†h*h+h,jHh.}rŸ(h0]h1]h2]h3]h5]uh7Nh8hh#]r (hK)r¡}r¢(h(XRestart Tomcatr£h)jh*h+h,hOh.}r¤(h0]h1]h2]h3]h5]uh7Kçh#]r¥hAXRestart Tomcatr¦…r§}r¨(h(j£h)j¡ubaubj«)r©}rª(h(X sudo /etc/init.d/tomcat7 restarth)jh,j®h.}r«(j°j±h3]h2]h0]h1]h5]uh7Këh#]r¬hAX sudo /etc/init.d/tomcat7 restartr­…r®}r¯(h(Uh)j©ubaubhK)r°}r±(h(Xewhere the ```` is the name of the certificate file created on the remote partner machine and SCP'd to the home machine and is a short memorable alias for this certificate and $JAVA_HOME is the same as configured for running Tomcat. NOTE: the cacerts path may be different depending on your exact Java installation.h)jh*h+h,hOh.}r²(h0]h1]h2]h3]h5]uh7Kîh#]r³(hAX where the r´…rµ}r¶(h(X where the h)j°ubj2)r·}r¸(h(X````h.}r¹(h0]h1]h2]h3]h5]uh)j°h#]rºhAXr»…r¼}r½(h(Uh)j·ubah,j:ubhAXC is the name of the certificate file created on the remote partner machine and SCP'd to the home machine and is a short memorable alias for this certificate and $JAVA_HOME is the same as configured for running Tomcat. NOTE: the cacerts path may be different depending on your exact Java installation.r¾…r¿}rÀ(h(XC is the name of the certificate file created on the remote partner machine and SCP'd to the home machine and is a short memorable alias for this certificate and $JAVA_HOME is the same as configured for running Tomcat. NOTE: the cacerts path may be different depending on your exact Java installation.h)j°ubeubeubeubeubh%)rÁ}rÂ(h(Uh)jïh*h+h,h-h.}rÃ(h0]h1]h2]h3]rÄhah5]rÅhauh7Köh8hh#]rÆ(h:)rÇ}rÈ(h(XUpdate Metacat propertiesrÉh)jÁh*h+h,h>h.}rÊ(h0]h1]h2]h3]h5]uh7Köh8hh#]rËhAXUpdate Metacat propertiesrÌ…rÍ}rÎ(h(jÉh)jÇubaubhK)rÏ}rÐ(h(XºMetacat needs to be configured with the path to both the server certificate and the private key. 1. Edit metacat.properties, modifying these properties to match your specific deployment.rÑh)jÁh*h+h,hOh.}rÒ(h0]h1]h2]h3]h5]uh7K÷h8hh#]rÓhAXºMetacat needs to be configured with the path to both the server certificate and the private key. 1. Edit metacat.properties, modifying these properties to match your specific deployment.rÔ…rÕ}rÖ(h(jÑh)jÏubaubcdocutils.nodes block_quote r×)rØ}rÙ(h(Uh)jÁh*h+h,U block_quoterÚh.}rÛ(h0]h1]h2]h3]h5]uh7Nh8hh#]rÜj«)rÝ}rÞ(h(XÊreplication.certificate.file=/etc/ssl/certs/-apache.crt replication.privatekey.file=/etc/ssl/private/-apache.key replication.privatekey.password=h)jØh,j®h.}rß(j°j±h3]h2]h0]h1]h5]uh7Küh#]ràhAXÊreplication.certificate.file=/etc/ssl/certs/-apache.crt replication.privatekey.file=/etc/ssl/private/-apache.key replication.privatekey.password=rá…râ}rã(h(Uh)jÝubaubaubeubeubh%)rä}rå(h(Uh)j$h*h+h,h-h.}ræ(h0]h1]h2]h3]rçhah5]rèh auh7Mh8hh#]ré(h:)rê}rë(h(XUpdate your Metacat databaserìh)jäh*h+h,h>h.}rí(h0]h1]h2]h3]h5]uh7Mh8hh#]rîhAXUpdate your Metacat databaserï…rð}rñ(h(jìh)jêubaubhK)rò}ró(h(XÓThe simplest way to update the Metacat database to use replication is to use the Replication Control Panel. You can also update the database using SQL. Instructions for both options are included in this section.rôh)jäh*h+h,hOh.}rõ(h0]h1]h2]h3]h5]uh7Mh8hh#]röhAXÓThe simplest way to update the Metacat database to use replication is to use the Replication Control Panel. You can also update the database using SQL. Instructions for both options are included in this section.r÷…rø}rù(h(jôh)jòubaubhm)rú}rû(h(Uh)jäh*h+h,hph.}rü(hrXcenterh3]rýUid3rþah2]h0]h1]h5]uh7Nh8hh#]rÿ(hv)r}r(h(X†.. figure:: images/screenshots/image063.jpg :align: center Using the Replication Control Panel to update the Metacat database. h.}r(UuriXimages/screenshots/image063.jpgrh3]h2]h0]h1]h{}rU*jsh5]uh)júh#]h,h}ubh~)r}r(h(XCUsing the Replication Control Panel to update the Metacat database.rh)júh*h+h,h‚h.}r(h0]h1]h2]h3]h5]uh7M h#]r hAXCUsing the Replication Control Panel to update the Metacat database.r …r }r (h(jh)jubaubeubhK)r }r(h(XTo update your Metacat database to use replication, select the "Add this server" radio button from the Replication Control Panel, enter the partner server name, and specify how the replication should occur (whether to replicate xml, data, or use the local machine as a hub).rh)jäh*h+h,hOh.}r(h0]h1]h2]h3]h5]uh7M h8hh#]rhAXTo update your Metacat database to use replication, select the "Add this server" radio button from the Replication Control Panel, enter the partner server name, and specify how the replication should occur (whether to replicate xml, data, or use the local machine as a hub).r…r}r(h(jh)j ubaubh%)r}r(h(Uh)jäh*h+h,h-h.}r(h0]h1]h2]h3]rhah5]rh auh7Mh8hh#]r(h:)r}r(h(X To update the database using SQLrh)jh*h+h,h>h.}r(h0]h1]h2]h3]h5]uh7Mh8hh#]rhAX To update the database using SQLr …r!}r"(h(jh)jubaubj:)r#}r$(h(Uh)jh*h+h,j=h.}r%(j?U.h3]h2]h0]j@Uh1]h5]jAjBuh7Mh8hh#]r&(jD)r'}r((h(XFLog in to the database :: psql -U metacat -W -h localhost metacat h)j#h*h+h,jHh.}r)(h0]h1]h2]h3]h5]uh7Nh8hh#]r*(hK)r+}r,(h(XLog in to the databaser-h)j'h*h+h,hOh.}r.(h0]h1]h2]h3]h5]uh7Mh#]r/hAXLog in to the databaser0…r1}r2(h(j-h)j+ubaubj«)r3}r4(h(X'psql -U metacat -W -h localhost metacath)j'h,j®h.}r5(j°j±h3]h2]h0]h1]h5]uh7Mh#]r6hAX'psql -U metacat -W -h localhost metacatr7…r8}r9(h(Uh)j3ubaubeubjD)r:}r;(h(XQSelect all rows from the replication table :: select * from xml_replication; h)j#h*h+h,jHh.}r<(h0]h1]h2]h3]h5]uh7Nh8hh#]r=(hK)r>}r?(h(X*Select all rows from the replication tabler@h)j:h*h+h,hOh.}rA(h0]h1]h2]h3]h5]uh7Mh#]rBhAX*Select all rows from the replication tablerC…rD}rE(h(j@h)j>ubaubj«)rF}rG(h(Xselect * from xml_replication;h)j:h,j®h.}rH(j°j±h3]h2]h0]h1]h5]uh7Mh#]rIhAXselect * from xml_replication;rJ…rK}rL(h(Uh)jFubaubeubjD)rM}rN(h(X…Insert the partner server. :: INSERT INTO xml_replication (server,last_checked,replicate,datareplicate,hub) VALUES ('/servlet/replication',NULL,1,1,0); Where ```` is the name of the partner server and context. The values 'NULL, 1,1,0' indicate (respectively) the last time replication occurred, that XML docs should be replicated to the partner server, that data files should be replicated to the partner server, and that the local server should not act as a hub. Set a value of 'NULL,0,0,0' if your Metacat is only receiving documents from the partner site and not replicating to that site. h)j#h*h+h,jHh.}rO(h0]h1]h2]h3]h5]uh7Nh8hh#]rP(hK)rQ}rR(h(XInsert the partner server.rSh)jMh*h+h,hOh.}rT(h0]h1]h2]h3]h5]uh7M h#]rUhAXInsert the partner server.rV…rW}rX(h(jSh)jQubaubj«)rY}rZ(h(X‘INSERT INTO xml_replication (server,last_checked,replicate,datareplicate,hub) VALUES ('/servlet/replication',NULL,1,1,0);h)jMh,j®h.}r[(j°j±h3]h2]h0]h1]h5]uh7M$h#]r\hAX‘INSERT INTO xml_replication (server,last_checked,replicate,datareplicate,hub) VALUES ('/servlet/replication',NULL,1,1,0);r]…r^}r_(h(Uh)jYubaubhK)r`}ra(h(XÏWhere ```` is the name of the partner server and context. The values 'NULL, 1,1,0' indicate (respectively) the last time replication occurred, that XML docs should be replicated to the partner server, that data files should be replicated to the partner server, and that the local server should not act as a hub. Set a value of 'NULL,0,0,0' if your Metacat is only receiving documents from the partner site and not replicating to that site.h)jMh*h+h,hOh.}rb(h0]h1]h2]h3]h5]uh7M&h#]rc(hAXWhere rd…re}rf(h(XWhere h)j`ubj2)rg}rh(h(X````h.}ri(h0]h1]h2]h3]h5]uh)j`h#]rjhAXrk…rl}rm(h(Uh)jgubah,j:ubhAX­ is the name of the partner server and context. The values 'NULL, 1,1,0' indicate (respectively) the last time replication occurred, that XML docs should be replicated to the partner server, that data files should be replicated to the partner server, and that the local server should not act as a hub. Set a value of 'NULL,0,0,0' if your Metacat is only receiving documents from the partner site and not replicating to that site.rn…ro}rp(h(X­ is the name of the partner server and context. The values 'NULL, 1,1,0' indicate (respectively) the last time replication occurred, that XML docs should be replicated to the partner server, that data files should be replicated to the partner server, and that the local server should not act as a hub. Set a value of 'NULL,0,0,0' if your Metacat is only receiving documents from the partner site and not replicating to that site.h)j`ubeubeubjD)rq}rr(h(XExit the databasersh)j#h*h+h,jHh.}rt(h0]h1]h2]h3]h5]uh7Nh8hh#]ruhK)rv}rw(h(jsh)jqh*h+h,hOh.}rx(h0]h1]h2]h3]h5]uh7M.h#]ryhAXExit the databaserz…r{}r|(h(jsh)jvubaubaubjD)r}}r~(h(XGRestart Apache and Tomcat on both home and partner replication machinesrh)j#h*h+h,jHh.}r€(h0]h1]h2]h3]h5]uh7Nh8hh#]rhK)r‚}rƒ(h(jh)j}h*h+h,hOh.}r„(h0]h1]h2]h3]h5]uh7M/h#]r…hAXGRestart Apache and Tomcat on both home and partner replication machinesr†…r‡}rˆ(h(jh)j‚ubaubaubeubeubeubeubeubah(UU transformerr‰NU footnote_refsrŠ}r‹UrefnamesrŒ}rUsymbol_footnotesrŽ]rUautofootnote_refsr]r‘Usymbol_footnote_refsr’]r“U citationsr”]r•h8hU current_liner–NUtransform_messagesr—]r˜Ureporterr™NUid_startršKU autofootnotesr›]rœU citation_refsr}ržUindirect_targetsrŸ]r Usettingsr¡(cdocutils.frontend Values r¢or£}r¤(Ufootnote_backlinksr¥KUrecord_dependenciesr¦NU rfc_base_urlr§Uhttps://tools.ietf.org/html/r¨U tracebackr©ˆUpep_referencesrªNUstrip_commentsr«NU toc_backlinksr¬hºU language_coder­Uenr®U datestampr¯NU report_levelr°KU _destinationr±NU halt_levelr²KU strip_classesr³Nh>NUerror_encoding_error_handlerr´UbackslashreplacerµUdebugr¶NUembed_stylesheetr·‰Uoutput_encoding_error_handlerr¸Ustrictr¹U sectnum_xformrºKUdump_transformsr»NU docinfo_xformr¼KUwarning_streamr½NUpep_file_url_templater¾Upep-%04dr¿Uexit_status_levelrÀKUconfigrÁNUstrict_visitorrÂNUcloak_email_addressesrÈUtrim_footnote_reference_spacerĉUenvrÅNUdump_pseudo_xmlrÆNUexpose_internalsrÇNUsectsubtitle_xformrȉU source_linkrÉNUrfc_referencesrÊNUoutput_encodingrËUutf-8rÌU source_urlrÍNUinput_encodingrÎU utf-8-sigrÏU_disable_configrÐNU id_prefixrÑUU tab_widthrÒKUerror_encodingrÓUUTF-8rÔU_sourcerÕh+Ugettext_compactrÖˆU generatorr×NUdump_internalsrØNU smart_quotesrÙ‰U pep_base_urlrÚU https://www.python.org/dev/peps/rÛUsyntax_highlightrÜUlongrÝUinput_encoding_error_handlerrÞj¹Uauto_id_prefixrßUidràUdoctitle_xformrá‰Ustrip_elements_with_classesrâNU _config_filesrã]Ufile_insertion_enabledräˆU raw_enabledråKU dump_settingsræNubUsymbol_footnote_startrçKUidsrè}ré(hjÁhj hj–jØjÔh!j/jþjúhj$hh&hjäh jxh"jïhthnhjuUsubstitution_namesrê}rëh,h8h.}rì(h0]h3]h2]Usourceh+h1]h5]uU footnotesrí]rîUrefidsrï}rðub.