Äïœ������ådocutils.nodesîådocumentîìî)Åî}î(å	rawsourceîå�îåchildrenî]îh�åsectionîìî)Åî}î(hhh]î(h�åtitleîìî)Åî}î(håReplicationîh]îh�åTextîìîåReplicationîÖîÅî}î(hhåparentîhh
håsourceîNålineîNubaå
attributesî}î(åidsî]îåclassesî]îånamesî]îådupnamesî]îåbackrefsî]îuåtagnameîhhhh
hhå]/var/lib/jenkins/jobs/metacat_beta/workspace/metacat/docs/user/metacat/source/replication.rstîhKubh�ånoteîìî)Åî}î(hX“
��Note that much of the functionality provided by the replication subsystem in Metacat
has now been generalized and standardized by DataONE, so consider utilizing the
DataONE services for replication as it is a more general and standardized approach
than this Metacat-specific replication system.  The Metacat replication system
will be supported for a while longer, but will likely be deprecated in a future
release in favor of using the DataONE replication approach.îh]îh�å	paragraphîìî)Åî}î(hX“
��Note that much of the functionality provided by the replication subsystem in Metacat
has now been generalized and standardized by DataONE, so consider utilizing the
DataONE services for replication as it is a more general and standardized approach
than this Metacat-specific replication system.  The Metacat replication system
will be supported for a while longer, but will likely be deprecated in a future
release in favor of using the DataONE replication approach.îh]îhX“
��Note that much of the functionality provided by the replication subsystem in Metacat
has now been generalized and standardized by DataONE, so consider utilizing the
DataONE services for replication as it is a more general and standardized approach
than this Metacat-specific replication system.  The Metacat replication system
will be supported for a while longer, but will likely be deprecated in a future
release in favor of using the DataONE replication approach.îÖîÅî}î(hh5hh3ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hKhh-ubah}î(h]îh!]îh#]îh%]îh']îuh)h+hhh
hhh*hNubh2)Åî}î(hX±
��Metacat has a built-in replication feature that allows different Metacat servers
to share data (both XML documents and data files) between each other. Metacat
can replicate not only its home server's original documents, but also those
that were replicated from partner Metacat servers. When changes are made to
one server in a replication network, the changes are automatically propogated
to the network, even if the network is down.îh]îhX≥
��Metacat has a built-in replication feature that allows different Metacat servers
to share data (both XML documents and data files) between each other. Metacat
can replicate not only its home server’s original documents, but also those
that were replicated from partner Metacat servers. When changes are made to
one server in a replication network, the changes are automatically propogated
to the network, even if the network is down.îÖîÅî}î(hhIhhGh
hhNhNubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hK
hhh
hubh2)Åî}î(hXP
��Replication allows users to manage their data locally and (by replicating them
to a shared Metacat repository) to make those data available to the greater
scientific community via a centralized search. In other words, your Metacat can
be part of a broader network, but you retain control over the local repository
and how it is managed.îh]îhXP
��Replication allows users to manage their data locally and (by replicating them
to a shared Metacat repository) to make those data available to the greater
scientific community via a centralized search. In other words, your Metacat can
be part of a broader network, but you retain control over the local repository
and how it is managed.îÖîÅî}î(hhWhhUh
hhNhNubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hKhhh
hubh2)Åî}î(hXP
��For example, the KNB Network (Figure 6.1), which currently consists of ten
different Metacat servers from around the world, uses replication to "join"
the disperate servers to form a single robust and searchable data
repository--facilitating data discovery, while leaving the data ownership and
management with the local administrators.îh]îhXU
��For example, the KNB Network (Figure 6.1), which currently consists of ten
different Metacat servers from around the world, uses replication to “join”
the disperate servers to form a single robust and searchable data
repository–facilitating data discovery, while leaving the data ownership and
management with the local administrators.îÖîÅî}î(hhehhch
hhNhNubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hKhhh
hubh�åfigureîìî)Åî}î(hhh]î(h�åimageîìî)Åî}î(håd.. figure:: images/screenshots/image059.jpg
   :align: center

   A map of the KNB Metacat network.
îh]îh}î(h]îh!]îh#]îh%]îh']îåuriîåimages/screenshots/image059.jpgîå
candidatesî}îå
*îhÉsuh)hvhhshh*hK#ubh�åcaptionîìî)Åî}î(hå!A map of the KNB Metacat network.îh]îhå!A map of the KNB Metacat network.îÖîÅî}î(hhãhhâubah}î(h]îh!]îh#]îh%]îh']îuh)háhh*hK#hhsubeh}î(h]îåid1îah!]îh#]îh%]îh']îåalignîåcenterîuh)hqhK#hhh
hhh*ubh2)Åî}î(hX
��When properly configured, Metacat's replication mechanism can be triggered by
several types of events that occur on either the home or partner server: a
document insertion, an update, or an automatic replication (i.e., Delta-T
monitoring), which is set at a user-specified time interval.îh]îhX!
��When properly configured, Metacat‚Äôs replication mechanism can be triggered by
several types of events that occur on either the home or partner server: a
document insertion, an update, or an automatic replication (i.e., Delta-T
monitoring), which is set at a user-specified time interval.îÖîÅî}î(hh¢hh†h
hhNhNubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hK%hhh
hubh�åtableîìî)Åî}î(hhh]îh�åtgroupîìî)Åî}î(hhh]î(h�åcolspecîìî)Åî}î(hhh]îh}î(h]îh!]îh#]îh%]îh']îåcolwidthîKuh)h∏hhµubhπ)Åî}î(hhh]îh}î(h]îh!]îh#]îh%]îh']îåcolwidthîK:uh)h∏hhµubh�åtheadîìî)Åî}î(hhh]îh�årowîìî)Åî}î(hhh]î(h�åentryîìî)Åî}î(hhh]îh2)Åî}î(håReplication Triggersîh]îhåReplication TriggersîÖîÅî}î(hhflhh›ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hK+hh⁄ubah}î(h]îh!]îh#]îh%]îh']îuh)hÿhh’ubhŸ)Åî}î(hhh]îh2)Åî}î(håDescriptionîh]îhåDescriptionîÖîÅî}î(hhˆhhÙubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hK+hhÒubah}î(h]îh!]îh#]îh%]îh']îuh)hÿhh’ubeh}î(h]îh!]îh#]îh%]îh']îuh)h”hh–ubah}î(h]îh!]îh#]îh%]îh']îuh)hŒhhµubh�åtbodyîìî)Åî}î(hhh]î(h‘)Åî}î(hhh]î(hŸ)Åî}î(hhh]îh2)Åî}î(håInsertîh]îhåInsertîÖîÅî}î(hj!
��hj
��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hK-hj
��ubah}î(h]îh!]îh#]îh%]îh']îuh)hÿhj
��ubhŸ)Åî}î(hhh]îh2)Åî}î(håáWhenever a document is inserted into Metacat, the server
notifies each server in its replication list
that it has a new file available.îh]îhåáWhenever a document is inserted into Metacat, the server
notifies each server in its replication list
that it has a new file available.îÖîÅî}î(hj8
��hj6
��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hK-hj3
��ubah}î(h]îh!]îh#]îh%]îh']îuh)hÿhj
��ubeh}î(h]îh!]îh#]îh%]îh']îuh)h”hj
��ubh‘)Åî}î(hhh]î(hŸ)Åî}î(hhh]îh2)Åî}î(håUpdateîh]îhåUpdateîÖîÅî}î(hjX
��hjV
��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hK1hjS
��ubah}î(h]îh!]îh#]îh%]îh']îuh)hÿhjP
��ubhŸ)Åî}î(hhh]îh2)Åî}î(håfWhenever a document is updated, the server notifies
each server in its replication list of the update.îh]îhåfWhenever a document is updated, the server notifies
each server in its replication list of the update.îÖîÅî}î(hjo
��hjm
��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hK1hjj
��ubah}î(h]îh!]îh#]îh%]îh']îuh)hÿhjP
��ubeh}î(h]îh!]îh#]îh%]îh']îuh)h”hj
��ubh‘)Åî}î(hhh]î(hŸ)Åî}î(hhh]îh2)Åî}î(håDelta-T monitoringîh]îhåDelta-T monitoringîÖîÅî}î(hjè
��hjç
��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hK4hjä
��ubah}î(h]îh!]îh#]îh%]îh']îuh)hÿhjá
��ubhŸ)Åî}î(hhh]îh2)Åî}î(håtAt a user-specified time interval, Metacat checks each
of the servers in its replication list
for updated documents.îh]îhåtAt a user-specified time interval, Metacat checks each
of the servers in its replication list
for updated documents.îÖîÅî}î(hj¶
��hj§
��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hK4hj°
��ubah}î(h]îh!]îh#]îh%]îh']îuh)hÿhjá
��ubeh}î(h]îh!]îh#]îh%]îh']îuh)h”hj
��ubeh}î(h]îh!]îh#]îh%]îh']îuh)j
��hhµubeh}î(h]îh!]îh#]îh%]îh']îåcolsîKuh)h≥hh∞ubah}î(h]îh!]îh#]îh%]îh']îuh)hÆhhh
hhh*hNubh
)Åî}î(hhh]î(h)Åî}î(håConfiguring Replicationîh]îhåConfiguring ReplicationîÖîÅî}î(hj÷
��hj‘
��h
hhNhNubah}î(h]îh!]îh#]îh%]îh']îuh)hhj—
��h
hhh*hK:ubh2)Åî}î(håOTo configure replication, you must configure both the home and partner servers:îh]îhåOTo configure replication, you must configure both the home and partner servers:îÖîÅî}î(hj‰
��hj‚
��h
hhNhNubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hK;hj—
��h
hubh�åenumerated_listîìî)Åî}î(hhh]î(h�å	list_itemîìî)Åî}î(håXCreate a list of partner servers on your home server using the Replication Control Panelîh]îh2)Åî}î(hj˘
��h]îhåXCreate a list of partner servers on your home server using the Replication Control PanelîÖîÅî}î(hj˘
��hj˚
��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hK=hj˜
��ubah}î(h]îh!]îh#]îh%]îh']îuh)jı
��hjÚ
��h
hhh*hNubjˆ
��)Åî}î(hå,Create certificate files for the home serverîh]îh2)Åî}î(hj��h]îhå,Create certificate files for the home serverîÖîÅî}î(hj��hj��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hK>hj��ubah}î(h]îh!]îh#]îh%]îh']îuh)jı
��hjÚ
��h
hhh*hNubjˆ
��)Åî}î(hå/Create certificate files for the partner serverîh]îh2)Åî}î(hj'��h]îhå/Create certificate files for the partner serverîÖîÅî}î(hj'��hj)��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hK?hj%��ubah}î(h]îh!]îh#]îh%]îh']îuh)jı
��hjÚ
��h
hhh*hNubjˆ
��)Åî}î(hå3Import partner certificate files to the home serverîh]îh2)Åî}î(hj>��h]îhå3Import partner certificate files to the home serverîÖîÅî}î(hj>��hj@��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hK@hj<��ubah}î(h]îh!]îh#]îh%]îh']îuh)jı
��hjÚ
��h
hhh*hNubjˆ
��)Åî}î(hå-Import home certificate to the partner serverîh]îh2)Åî}î(hjU��h]îhå-Import home certificate to the partner serverîÖîÅî}î(hjU��hjW��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hKAhjS��ubah}î(h]îh!]îh#]îh%]îh']îuh)jı
��hjÚ
��h
hhh*hNubjˆ
��)Åî}î(håUpdate your Metacat database
îh]îh2)Åî}î(håUpdate your Metacat databaseîh]îhåUpdate your Metacat databaseîÖîÅî}î(hjp��hjn��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hKBhjj��ubah}î(h]îh!]îh#]îh%]îh']îuh)jı
��hjÚ
��h
hhh*hNubeh}î(h]îh!]îh#]îh%]îh']îåenumtypeîåarabicîåprefixîhåsuffixîå
.îuh)j
��hj—
��h
hhh*hK=ubh2)Åî}î(hå@Each step is discussed in more detail in the following sections.îh]îhå@Each step is discussed in more detail in the following sections.îÖîÅî}î(hjè��hjç��h
hhNhNubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hKDhj—
��h
hubh
)Åî}î(hhh]î(h)Åî}î(hå#Using the Replication Control Panelîh]îhå#Using the Replication Control PanelîÖîÅî}î(hj†��hjû��h
hhNhNubah}î(h]îh!]îh#]îh%]îh']îuh)hhjõ��h
hhh*hKGubh2)Åî}î(håÔTo add, remove, or alter servers on your home server's Replication list, or to
activate and customize the Delta-T handler, use the Replication control panel,
which is accessed via the Metacat Administration interface at the following URL::îh]îhåTo add, remove, or alter servers on your home server‚Äôs Replication list, or to
activate and customize the Delta-T handler, use the Replication control panel,
which is accessed via the Metacat Administration interface at the following URL:îÖîÅî}î(håÓTo add, remove, or alter servers on your home server's Replication list, or to
activate and customize the Delta-T handler, use the Replication control panel,
which is accessed via the Metacat Administration interface at the following URL:îhj¨��h
hhNhNubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hKHhjõ��h
hubh�å
literal_blockîìî)Åî}î(hå.http://somehost.somelocation.edu/context/adminîh]îhå.http://somehost.somelocation.edu/context/adminîÖîÅî}î(hhhjΩ��ubah}î(h]îh!]îh#]îh%]îh']îå	xml:spaceîåpreserveîuh)jª��hKLhjõ��h
hhh*ubh2)Åî}î(hå–"http://somehost.somelocation.edu/context" should be replaced with the name
of your Metacat server and context (e.g., http://knb.ecoinformatics.org/knb/).
You must be logged in to Metacat as an administrator.îh]î(hå‚ÄúîÖîÅî}î(hå
"îhjÕ��h
hhNhNubh�å	referenceîìî)Åî}î(hå(http://somehost.somelocation.edu/contextîh]îhå(http://somehost.somelocation.edu/contextîÖîÅî}î(hhhjÿ��ubah}î(h]îh!]îh#]îh%]îh']îårefuriîj⁄��uh)j÷��hjÕ��ubhåO‚Äù should be replaced with the name
of your Metacat server and context (e.g., îÖîÅî}î(håM" should be replaced with the name
of your Metacat server and context (e.g., îhjÕ��h
hhNhNubj◊��)Åî}î(hå"http://knb.ecoinformatics.org/knb/îh]îhå"http://knb.ecoinformatics.org/knb/îÖîÅî}î(hhhjÏ��ubah}î(h]îh!]îh#]îh%]îh']îårefuriîjÓ��uh)j÷��hjÕ��ubhå8).
You must be logged in to Metacat as an administrator.îÖîÅî}î(hå8).
You must be logged in to Metacat as an administrator.îhjÕ��h
hhNhNubeh}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hKNhjõ��h
hubhr)Åî}î(hhh]î(hw)Åî}î(hå].. figure:: images/screenshots/image061.jpg
   :align: center

   Replication control panel.
îh]îh}î(h]îh!]îh#]îh%]îh']îåuriîåimages/screenshots/image061.jpgîhÑ}îhÜj��suh)hvhj��hh*hKUubhà)Åî}î(håReplication control panel.îh]îhåReplication control panel.îÖîÅî}î(hj��hj��ubah}î(h]îh!]îh#]îh%]îh']îuh)háhh*hKUhj��ubeh}î(h]îåid2îah!]îh#]îh%]îh']îhûåcenterîuh)hqhKUhjõ��h
hhh*ubh2)Åî}î(håÍNote that currently, you cannot use the Replication Control Panel to remove a
server after a replication has occurred. To stop replication between two servers,
update the flags that control whether metadata and/or data are replicated.îh]îhåÍNote that currently, you cannot use the Replication Control Panel to remove a
server after a replication has occurred. To stop replication between two servers,
update the flags that control whether metadata and/or data are replicated.îÖîÅî}î(hj.��hj,��h
hhNhNubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hKWhjõ��h
hubeh}î(h]îå#using-the-replication-control-panelîah!]îh#]îå#using the replication control panelîah%]îh']îuh)h	hj—
��h
hhh*hKGubh
)Åî}î(hhh]î(h)Åî}î(hå/Generating and Exchanging Security Certificatesîh]îhå/Generating and Exchanging Security CertificatesîÖîÅî}î(hjG��hjE��h
hhNhNubah}î(h]îh!]îh#]îh%]îh']îuh)hhjB��h
hhh*hK\ubh2)Åî}î(hXˆ��Before you can take advantage of Metacat's replication feature, you must
generate security certificates on both the replication partner and home servers.
Depending on how the certificates are generated, the certificates may need to be
exchanged so that each machine "trusts" that the other has replication access.
Certificates that are purchased from a commercial and well-recognized
Certificate Authority do not need to be exchanged with the other replication
partner before replication takes place.  Metacat replication relies on SSL with
client certificate authentication enabled.  When a replication partner server
communicates with another replication partner, it presents a certificate that
serves to verify and authenticate that the server is trusted.îh]îhX¸��Before you can take advantage of Metacat‚Äôs replication feature, you must
generate security certificates on both the replication partner and home servers.
Depending on how the certificates are generated, the certificates may need to be
exchanged so that each machine “trusts” that the other has replication access.
Certificates that are purchased from a commercial and well-recognized
Certificate Authority do not need to be exchanged with the other replication
partner before replication takes place.  Metacat replication relies on SSL with
client certificate authentication enabled.  When a replication partner server
communicates with another replication partner, it presents a certificate that
serves to verify and authenticate that the server is trusted.îÖîÅî}î(hjU��hjS��h
hhNhNubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hK]hjB��h
hubh2)Åî}î(hå∆If you must generate a self-signed certificate, the partner replication server
will need that public certificate (or the certificate of the signing CA) added
to its existing Certificate Authorities.îh]îhå∆If you must generate a self-signed certificate, the partner replication server
will need that public certificate (or the certificate of the signing CA) added
to its existing Certificate Authorities.îÖîÅî}î(hjc��hja��h
hhNhNubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hKhhjB��h
hubh
)Åî}î(hhh]î(h)Åî}î(hå=Generate Certificates for Metacat running under Apache/Tomcatîh]îhå=Generate Certificates for Metacat running under Apache/TomcatîÖîÅî}î(hjt��hjr��h
hhNhNubah}î(h]îh!]îh#]îh%]îh']îuh)hhjo��h
hhh*hKmubh2)Åî}î(hå1Note: Instructions are for Ubuntu/Debian systems.îh]îhå1Note: Instructions are for Ubuntu/Debian systems.îÖîÅî}î(hjÇ��hjÄ��h
hhNhNubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hKnhjo��h
hubjÒ
��)Åî}î(hhh]î(jˆ
��)Åî}î(hXï	��Generate a private key using openssl. The key will be named
``<hostname>-apache.key``, where ``<hostname>`` is the name of your Metacat
server. Example values for the individual key fields are included in the
table below.

::

  openssl req -new -out REQ.pem -keyout <hostname>-apache.key

+--------------------------+-------------------------------------------------------------------------+
| Key Field                | Description and Example Value                                           |
+==========================+=========================================================================+
| Country Name             | Two letter country code  (e.g., US)                                     |
+--------------------------+-------------------------------------------------------------------------+
| State or Province Name   | The name of your state or province spelled in full (e.g., California)   |
+--------------------------+-------------------------------------------------------------------------+
| Locality Name            | The name of your city (e.g., Santa Barbara)                             |
+--------------------------+-------------------------------------------------------------------------+
| Organization Name        | The company or organization name (e.g., UCSB)                           |
+--------------------------+-------------------------------------------------------------------------+
| Organizational Unit Name | The department or section name (e.g., NCEAS)                            |
+--------------------------+-------------------------------------------------------------------------+
| Common Name              | The host server name without port numbers (e.g., myserver.mydomain.edu) |
+--------------------------+-------------------------------------------------------------------------+
| Email Address            | Administrator's contact email (e.g., administrator@mydomain.edu)        |
+--------------------------+-------------------------------------------------------------------------+
| A challenge password     | --leave this field blank--                                              |
+--------------------------+-------------------------------------------------------------------------+
| An optional company name | --leave this field blank--                                              |
+--------------------------+-------------------------------------------------------------------------+
îh]î(h2)Åî}î(hå›Generate a private key using openssl. The key will be named
``<hostname>-apache.key``, where ``<hostname>`` is the name of your Metacat
server. Example values for the individual key fields are included in the
table below.îh]î(hå<Generate a private key using openssl. The key will be named
îÖîÅî}î(hå<Generate a private key using openssl. The key will be named
îhjï��ubh�åliteralîìî)Åî}î(hå``<hostname>-apache.key``îh]îhå<hostname>-apache.keyîÖîÅî}î(hhhj†��ubah}î(h]îh!]îh#]îh%]îh']îuh)jû��hjï��ubhå, where îÖîÅî}î(hå, where îhjï��ubjü��)Åî}î(hå``<hostname>``îh]îhå
<hostname>îÖîÅî}î(hhhj≥��ubah}î(h]îh!]îh#]îh%]îh']îuh)jû��hjï��ubhår is the name of your Metacat
server. Example values for the individual key fields are included in the
table below.îÖîÅî}î(hår is the name of your Metacat
server. Example values for the individual key fields are included in the
table below.îhjï��ubeh}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hKphjë��ubjº��)Åî}î(hå;openssl req -new -out REQ.pem -keyout <hostname>-apache.keyîh]îhå;openssl req -new -out REQ.pem -keyout <hostname>-apache.keyîÖîÅî}î(hhhjÃ��ubah}î(h]îh!]îh#]îh%]îh']îjÀ��jÃ��uh)jª��hKwhjë��ubhØ)Åî}î(hhh]îh¥)Åî}î(hhh]î(hπ)Åî}î(hhh]îh}î(h]îh!]îh#]îh%]îh']îåcolwidthîKuh)h∏hj›��ubhπ)Åî}î(hhh]îh}î(h]îh!]îh#]îh%]îh']îåcolwidthîKIuh)h∏hj›��ubhœ)Åî}î(hhh]îh‘)Åî}î(hhh]î(hŸ)Åî}î(hhh]îh2)Åî}î(hå	Key Fieldîh]îhå	Key FieldîÖîÅî}î(hjˇ��hj˝��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hKzhj˙��ubah}î(h]îh!]îh#]îh%]îh']îuh)hÿhj˜��ubhŸ)Åî}î(hhh]îh2)Åî}î(håDescription and Example Valueîh]îhåDescription and Example ValueîÖîÅî}î(hj��hj��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hKzhj��ubah}î(h]îh!]îh#]îh%]îh']îuh)hÿhj˜��ubeh}î(h]îh!]îh#]îh%]îh']îuh)h”hjÙ��ubah}î(h]îh!]îh#]îh%]îh']îuh)hŒhj›��ubj
��)Åî}î(hhh]î(h‘)Åî}î(hhh]î(hŸ)Åî}î(hhh]îh2)Åî}î(håCountry Nameîh]îhåCountry NameîÖîÅî}î(hj?��hj=��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hK|hj:��ubah}î(h]îh!]îh#]îh%]îh']îuh)hÿhj7��ubhŸ)Åî}î(hhh]îh2)Åî}î(hå#Two letter country code  (e.g., US)îh]îhå#Two letter country code  (e.g., US)îÖîÅî}î(hjV��hjT��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hK|hjQ��ubah}î(h]îh!]îh#]îh%]îh']îuh)hÿhj7��ubeh}î(h]îh!]îh#]îh%]îh']îuh)h”hj4��ubh‘)Åî}î(hhh]î(hŸ)Åî}î(hhh]îh2)Åî}î(håState or Province Nameîh]îhåState or Province NameîÖîÅî}î(hjv��hjt��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hK~hjq��ubah}î(h]îh!]îh#]îh%]îh']îuh)hÿhjn��ubhŸ)Åî}î(hhh]îh2)Åî}î(håEThe name of your state or province spelled in full (e.g., California)îh]îhåEThe name of your state or province spelled in full (e.g., California)îÖîÅî}î(hjç��hjã��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hK~hjà��ubah}î(h]îh!]îh#]îh%]îh']îuh)hÿhjn��ubeh}î(h]îh!]îh#]îh%]îh']îuh)h”hj4��ubh‘)Åî}î(hhh]î(hŸ)Åî}î(hhh]îh2)Åî}î(hå
Locality Nameîh]îhå
Locality NameîÖîÅî}î(hj≠��hj´��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hKÄhj®��ubah}î(h]îh!]îh#]îh%]îh']îuh)hÿhj•��ubhŸ)Åî}î(hhh]îh2)Åî}î(hå+The name of your city (e.g., Santa Barbara)îh]îhå+The name of your city (e.g., Santa Barbara)îÖîÅî}î(hjƒ��hj¬��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hKÄhjø��ubah}î(h]îh!]îh#]îh%]îh']îuh)hÿhj•��ubeh}î(h]îh!]îh#]îh%]îh']îuh)h”hj4��ubh‘)Åî}î(hhh]î(hŸ)Åî}î(hhh]îh2)Åî}î(håOrganization Nameîh]îhåOrganization NameîÖîÅî}î(hj‰��hj‚��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hKÇhjfl��ubah}î(h]îh!]îh#]îh%]îh']îuh)hÿhj‹��ubhŸ)Åî}î(hhh]îh2)Åî}î(hå-The company or organization name (e.g., UCSB)îh]îhå-The company or organization name (e.g., UCSB)îÖîÅî}î(hj˚��hj˘��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hKÇhjˆ��ubah}î(h]îh!]îh#]îh%]îh']îuh)hÿhj‹��ubeh}î(h]îh!]îh#]îh%]îh']îuh)h”hj4��ubh‘)Åî}î(hhh]î(hŸ)Åî}î(hhh]îh2)Åî}î(håOrganizational Unit Nameîh]îhåOrganizational Unit NameîÖîÅî}î(hj��hj��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hKÑhj��ubah}î(h]îh!]îh#]îh%]îh']îuh)hÿhj��ubhŸ)Åî}î(hhh]îh2)Åî}î(hå,The department or section name (e.g., NCEAS)îh]îhå,The department or section name (e.g., NCEAS)îÖîÅî}î(hj2��hj0��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hKÑhj-��ubah}î(h]îh!]îh#]îh%]îh']îuh)hÿhj��ubeh}î(h]îh!]îh#]îh%]îh']îuh)h”hj4��ubh‘)Åî}î(hhh]î(hŸ)Åî}î(hhh]îh2)Åî}î(håCommon Nameîh]îhåCommon NameîÖîÅî}î(hjR��hjP��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hKÜhjM��ubah}î(h]îh!]îh#]îh%]îh']îuh)hÿhjJ��ubhŸ)Åî}î(hhh]îh2)Åî}î(håGThe host server name without port numbers (e.g., myserver.mydomain.edu)îh]îhåGThe host server name without port numbers (e.g., myserver.mydomain.edu)îÖîÅî}î(hji��hjg��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hKÜhjd��ubah}î(h]îh!]îh#]îh%]îh']îuh)hÿhjJ��ubeh}î(h]îh!]îh#]îh%]îh']îuh)h”hj4��ubh‘)Åî}î(hhh]î(hŸ)Åî}î(hhh]îh2)Åî}î(hå
Email Addressîh]îhå
Email AddressîÖîÅî}î(hjâ��hjá��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hKàhjÑ��ubah}î(h]îh!]îh#]îh%]îh']îuh)hÿhjÅ��ubhŸ)Åî}î(hhh]îh2)Åî}î(hå@Administrator's contact email (e.g., administrator@mydomain.edu)îh]î(hå'Administrator‚Äôs contact email (e.g., îÖîÅî}î(hå%Administrator's contact email (e.g., îhjû��ubj◊��)Åî}î(håadministrator@mydomain.eduîh]îhåadministrator@mydomain.eduîÖîÅî}î(hhhjß��ubah}î(h]îh!]îh#]îh%]îh']îårefuriîå!mailto:administrator@mydomain.eduîuh)j÷��hjû��ubhå
)îÖîÅî}î(hå
)îhjû��ubeh}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hKàhjõ��ubah}î(h]îh!]îh#]îh%]îh']îuh)hÿhjÅ��ubeh}î(h]îh!]îh#]îh%]îh']îuh)h”hj4��ubh‘)Åî}î(hhh]î(hŸ)Åî}î(hhh]îh2)Åî}î(håA challenge passwordîh]îhåA challenge passwordîÖîÅî}î(hj÷��hj‘��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hKähj—��ubah}î(h]îh!]îh#]îh%]îh']îuh)hÿhjŒ��ubhŸ)Åî}î(hhh]îh2)Åî}î(hå--leave this field blank--îh]îhå‚Äìleave this field blank‚ÄìîÖîÅî}î(hjÌ��hjÎ��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hKähjË��ubah}î(h]îh!]îh#]îh%]îh']îuh)hÿhjŒ��ubeh}î(h]îh!]îh#]îh%]îh']îuh)h”hj4��ubh‘)Åî}î(hhh]î(hŸ)Åî}î(hhh]îh2)Åî}î(håAn optional company nameîh]îhåAn optional company nameîÖîÅî}î(hj
��hj��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hKåhj��ubah}î(h]îh!]îh#]îh%]îh']îuh)hÿhj��ubhŸ)Åî}î(hhh]îh2)Åî}î(hå--leave this field blank--îh]îhå‚Äìleave this field blank‚ÄìîÖîÅî}î(hj$��hj"��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hKåhj��ubah}î(h]îh!]îh#]îh%]îh']îuh)hÿhj��ubeh}î(h]îh!]îh#]îh%]îh']îuh)h”hj4��ubeh}î(h]îh!]îh#]îh%]îh']îuh)j
��hj›��ubeh}î(h]îh!]îh#]îh%]îh']îåcolsîKuh)h≥hj⁄��ubah}î(h]îh!]îh#]îh%]îh']îuh)hÆhjë��ubeh}î(h]îh!]îh#]îh%]îh']îuh)jı
��hj�h
hhh*hNubjˆ
��)Åî}î(hXä��Create the local certificate file by running the command:

::

  openssl req -x509 -days 800 -in REQ.pem -key <hostname>-apache.key -out <hostname>-apache.crt

Use the same ``<hostname>`` you used when you generated the key. A file named
``<hostname>-apache.crt`` will be created in the directory from which you
ran the openssl command. Note: You can name the certificate file anything
you'd like, but keep in mind that the file will be sent to the partner
machine used for replication. The certificate name should have enough
meaning that someone who sees it on that machine can figure out where it
came from and for what purpose it should be used.
îh]î(h2)Åî}î(hå9Create the local certificate file by running the command:îh]îhå9Create the local certificate file by running the command:îÖîÅî}î(hj[��hjY��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hKèhjU��ubjº��)Åî}î(hå]openssl req -x509 -days 800 -in REQ.pem -key <hostname>-apache.key -out <hostname>-apache.crtîh]îhå]openssl req -x509 -days 800 -in REQ.pem -key <hostname>-apache.key -out <hostname>-apache.crtîÖîÅî}î(hhhjg��ubah}î(h]îh!]îh#]îh%]îh']îjÀ��jÃ��uh)jª��hKìhjU��ubh2)Åî}î(hXÈ
��Use the same ``<hostname>`` you used when you generated the key. A file named
``<hostname>-apache.crt`` will be created in the directory from which you
ran the openssl command. Note: You can name the certificate file anything
you'd like, but keep in mind that the file will be sent to the partner
machine used for replication. The certificate name should have enough
meaning that someone who sees it on that machine can figure out where it
came from and for what purpose it should be used.îh]î(hå
Use the same îÖîÅî}î(hå
Use the same îhju��ubjü��)Åî}î(hå``<hostname>``îh]îhå
<hostname>îÖîÅî}î(hhhj~��ubah}î(h]îh!]îh#]îh%]îh']îuh)jû��hju��ubhå3 you used when you generated the key. A file named
îÖîÅî}î(hå3 you used when you generated the key. A file named
îhju��ubjü��)Åî}î(hå``<hostname>-apache.crt``îh]îhå<hostname>-apache.crtîÖîÅî}î(hhhjë��ubah}î(h]îh!]îh#]îh%]îh']îuh)jû��hju��ubhXÑ
�� will be created in the directory from which you
ran the openssl command. Note: You can name the certificate file anything
you’d like, but keep in mind that the file will be sent to the partner
machine used for replication. The certificate name should have enough
meaning that someone who sees it on that machine can figure out where it
came from and for what purpose it should be used.îÖîÅî}î(hXÇ
�� will be created in the directory from which you
ran the openssl command. Note: You can name the certificate file anything
you'd like, but keep in mind that the file will be sent to the partner
machine used for replication. The certificate name should have enough
meaning that someone who sees it on that machine can figure out where it
came from and for what purpose it should be used.îhju��ubeh}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hKïhjU��ubeh}î(h]îh!]îh#]îh%]îh']îuh)jı
��hj�h
hhh*hNubjˆ
��)Åî}î(hXÔ
��Enter the certificate into Apache's security configuration. This will
be used to identify your server to a replication partner. You must
register the certificate in the local Apache instance. Note that the
security files may be in a different directory from the one used in the
instructions depending on how you installed Apache. Copy the certificate and
key file using the following commands:

::

  sudo cp <hostname>-apache.crt /etc/ssl/certs
  sudo cp <hostname>-apache.key /etc/ssl/private
îh]î(h2)Åî}î(hXâ
��Enter the certificate into Apache's security configuration. This will
be used to identify your server to a replication partner. You must
register the certificate in the local Apache instance. Note that the
security files may be in a different directory from the one used in the
instructions depending on how you installed Apache. Copy the certificate and
key file using the following commands:îh]îhXã
��Enter the certificate into Apache‚Äôs security configuration. This will
be used to identify your server to a replication partner. You must
register the certificate in the local Apache instance. Note that the
security files may be in a different directory from the one used in the
instructions depending on how you installed Apache. Copy the certificate and
key file using the following commands:îÖîÅî}î(hj∂��hj¥��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hKùhj∞��ubjº��)Åî}î(hå[sudo cp <hostname>-apache.crt /etc/ssl/certs
sudo cp <hostname>-apache.key /etc/ssl/privateîh]îhå[sudo cp <hostname>-apache.crt /etc/ssl/certs
sudo cp <hostname>-apache.key /etc/ssl/privateîÖîÅî}î(hhhj¬��ubah}î(h]îh!]îh#]îh%]îh']îjÀ��jÃ��uh)jª��hK¶hj∞��ubeh}î(h]îh!]îh#]îh%]îh']îuh)jı
��hj�h
hhh*hNubjˆ
��)Åî}î(hXµ��Apache needs to be configured to request a client certificate when the
replication API is utilized. The helper file named "metacat-site-ssl.conf" has default
rules that configure Apache for SSL and client certificate authentication.
Set up these SSL settings by copying the metacat-site-ssl.conf file into the ``sites-available``
directory, editing pertinent values to match your system and running
``a2ensite`` to enable the site. (Note: some settings in metacat-site-ssl.conf need to be
changed to match the specifics of your system and Metacat deployment.)

::

  sudo cp <metacat_helper_dir>/metacat-site-ssl.conf <apache_install_dir>/sites-available
  sudo a2ensite metacat-site-ssl.conf
îh]î(h2)Åî}î(hX/��Apache needs to be configured to request a client certificate when the
replication API is utilized. The helper file named "metacat-site-ssl.conf" has default
rules that configure Apache for SSL and client certificate authentication.
Set up these SSL settings by copying the metacat-site-ssl.conf file into the ``sites-available``
directory, editing pertinent values to match your system and running
``a2ensite`` to enable the site. (Note: some settings in metacat-site-ssl.conf need to be
changed to match the specifics of your system and Metacat deployment.)îh]î(hX:
��Apache needs to be configured to request a client certificate when the
replication API is utilized. The helper file named “metacat-site-ssl.conf” has default
rules that configure Apache for SSL and client certificate authentication.
Set up these SSL settings by copying the metacat-site-ssl.conf file into the îÖîÅî}î(hX6
��Apache needs to be configured to request a client certificate when the
replication API is utilized. The helper file named "metacat-site-ssl.conf" has default
rules that configure Apache for SSL and client certificate authentication.
Set up these SSL settings by copying the metacat-site-ssl.conf file into the îhj⁄��ubjü��)Åî}î(hå``sites-available``îh]îhåsites-availableîÖîÅî}î(hhhj„��ubah}î(h]îh!]îh#]îh%]îh']îuh)jû��hj⁄��ubhåF
directory, editing pertinent values to match your system and running
îÖîÅî}î(håF
directory, editing pertinent values to match your system and running
îhj⁄��ubjü��)Åî}î(hå``a2ensite``îh]îhåa2ensiteîÖîÅî}î(hhhjˆ��ubah}î(h]îh!]îh#]îh%]îh']îuh)jû��hj⁄��ubhåî to enable the site. (Note: some settings in metacat-site-ssl.conf need to be
changed to match the specifics of your system and Metacat deployment.)îÖîÅî}î(håî to enable the site. (Note: some settings in metacat-site-ssl.conf need to be
changed to match the specifics of your system and Metacat deployment.)îhj⁄��ubeh}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hK©hj÷��ubjº��)Åî}î(hå{sudo cp <metacat_helper_dir>/metacat-site-ssl.conf <apache_install_dir>/sites-available
sudo a2ensite metacat-site-ssl.confîh]îhå{sudo cp <metacat_helper_dir>/metacat-site-ssl.conf <apache_install_dir>/sites-available
sudo a2ensite metacat-site-ssl.confîÖîÅî}î(hhhj��ubah}î(h]îh!]îh#]îh%]îh']îjÀ��jÃ��uh)jª��hK≥hj÷��ubeh}î(h]îh!]îh#]îh%]îh']îuh)jı
��hj�h
hhh*hNubjˆ
��)Åî}î(hå/Enable the ssl module:

::

  sudo a2enmod ssl
îh]î(h2)Åî}î(håEnable the ssl module:îh]îhåEnable the ssl module:îÖîÅî}î(hj)��hj'��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hK∂hj#��ubjº��)Åî}î(håsudo a2enmod sslîh]îhåsudo a2enmod sslîÖîÅî}î(hhhj5��ubah}î(h]îh!]îh#]îh%]îh']îjÀ��jÃ��uh)jª��hK∫hj#��ubeh}î(h]îh!]îh#]îh%]îh']îuh)jı
��hj�h
hhh*hNubjˆ
��)Åî}î(håVRestart Apache to bring in changes by typing:

::

  sudo /etc/init.d/apache2 restart
îh]î(h2)Åî}î(hå-Restart Apache to bring in changes by typing:îh]îhå-Restart Apache to bring in changes by typing:îÖîÅî}î(hjO��hjM��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hKºhjI��ubjº��)Åî}î(hå sudo /etc/init.d/apache2 restartîh]îhå sudo /etc/init.d/apache2 restartîÖîÅî}î(hhhj[��ubah}î(h]îh!]îh#]îh%]îh']îjÀ��jÃ��uh)jª��hK¿hjI��ubeh}î(h]îh!]îh#]îh%]îh']îuh)jı
��hj�h
hhh*hNubjˆ
��)Åî}î(hå§If using a self-signed certificate, SCP ``<hostname>-apache.crt`` to the
replication partner machine where it will be added as an additional
Certificate Authority.
îh]îh2)Åî}î(hå£If using a self-signed certificate, SCP ``<hostname>-apache.crt`` to the
replication partner machine where it will be added as an additional
Certificate Authority.îh]î(hå(If using a self-signed certificate, SCP îÖîÅî}î(hå(If using a self-signed certificate, SCP îhjs��ubjü��)Åî}î(hå``<hostname>-apache.crt``îh]îhå<hostname>-apache.crtîÖîÅî}î(hhhj|��ubah}î(h]îh!]îh#]îh%]îh']îuh)jû��hjs��ubhåb to the
replication partner machine where it will be added as an additional
Certificate Authority.îÖîÅî}î(håb to the
replication partner machine where it will be added as an additional
Certificate Authority.îhjs��ubeh}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hK¬hjo��ubah}î(h]îh!]îh#]îh%]îh']îuh)jı
��hj�h
hhh*hNubeh}î(h]îh!]îh#]îh%]îh']îjà��jâ��jä��hjã��jå��uh)j
��hjo��h
hhh*hKpubh2)Åî}î(hX
��If using self-signed certificates, after you have created and SCP'd a
certificate file to each replication partner, and received a certificate file
from each partner in return, both home and partner servers must add the
respective partner certificates as Certificate Authorities.îh]îhX
��If using self-signed certificates, after you have created and SCP‚Äôd a
certificate file to each replication partner, and received a certificate file
from each partner in return, both home and partner servers must add the
respective partner certificates as Certificate Authorities.îÖîÅî}î(hj£��hj°��h
hhNhNubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hK∆hjo��h
hubeh}î(h]îå=generate-certificates-for-metacat-running-under-apache-tomcatîah!]îh#]îå=generate certificates for metacat running under apache/tomcatîah%]îh']îuh)h	hjB��h
hhh*hKmubh
)Åî}î(hhh]î(h)Åî}î(håTo import a certificateîh]îhåTo import a certificateîÖîÅî}î(hjº��hj∫��h
hhNhNubah}î(h]îh!]îh#]îh%]îh']îuh)hhj∑��h
hhh*hKÕubjÒ
��)Åî}î(hhh]î(jˆ
��)Åî}î(håVCopy it into the Apache directory

::

  sudo cp <remotehostfilename> /etc/ssl/certs/
îh]î(h2)Åî}î(hå!Copy it into the Apache directoryîh]îhå!Copy it into the Apache directoryîÖîÅî}î(hj—��hjœ��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hKŒhjÀ��ubjº��)Åî}î(hå,sudo cp <remotehostfilename> /etc/ssl/certs/îh]îhå,sudo cp <remotehostfilename> /etc/ssl/certs/îÖîÅî}î(hhhj›��ubah}î(h]îh!]îh#]îh%]îh']îjÀ��jÃ��uh)jª��hK“hjÀ��ubeh}î(h]îh!]îh#]îh%]îh']îuh)jı
��hj»��h
hhh*hNubjˆ
��)Åî}î(håÊRehash the certificates for Apache by running:

::

  cd /etc/ssl/certs
  sudo c_rehash


where the ``<remotehostfilename>`` is the name of the certificate file
created on the remote partner machine and SCP'd to the home machine.
îh]î(h2)Åî}î(hå.Rehash the certificates for Apache by running:îh]îhå.Rehash the certificates for Apache by running:îÖîÅî}î(hj˜��hjı��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hK‘hjÒ��ubjº��)Åî}î(håcd /etc/ssl/certs
sudo c_rehashîh]îhåcd /etc/ssl/certs
sudo c_rehashîÖîÅî}î(hhhj��ubah}î(h]îh!]îh#]îh%]îh']îjÀ��jÃ��uh)jª��hKÿhjÒ��ubh2)Åî}î(håãwhere the ``<remotehostfilename>`` is the name of the certificate file
created on the remote partner machine and SCP'd to the home machine.îh]î(hå
where the îÖîÅî}î(hå
where the îhj��ubjü��)Åî}î(hå``<remotehostfilename>``îh]îhå<remotehostfilename>îÖîÅî}î(hhhj��ubah}î(h]îh!]îh#]îh%]îh']îuh)jû��hj��ubhåk is the name of the certificate file
created on the remote partner machine and SCP‚Äôd to the home machine.îÖîÅî}î(håi is the name of the certificate file
created on the remote partner machine and SCP'd to the home machine.îhj��ubeh}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hK‹hjÒ��ubeh}î(h]îh!]îh#]îh%]îh']îuh)jı
��hj»��h
hhh*hNubeh}î(h]îh!]îh#]îh%]îh']îjà��jâ��jä��hjã��jå��uh)j
��hj∑��h
hhh*hKŒubeh}î(h]îåto-import-a-certificateîah!]îh#]îåto import a certificateîah%]îh']îuh)h	hjB��h
hhh*hKÕubh
)Åî}î(hhh]î(h)Åî}î(håITo import a certificate into Java keystore (for self-signed certificates)îh]îhåITo import a certificate into Java keystore (for self-signed certificates)îÖîÅî}î(hjL��hjJ��h
hhNhNubah}î(h]îh!]îh#]îh%]îh']îuh)hhjG��h
hhh*hK‡ubjÒ
��)Åî}î(hhh]î(jˆ
��)Åî}î(håπUse Java's keytool to import to the default Java keystore

::

  sudo keytool -import -alias <remotehostname_alias> -file <remotehostfilename> -keystore $JAVA_HOME/lib/security/cacerts
îh]î(h2)Åî}î(hå9Use Java's keytool to import to the default Java keystoreîh]îhå;Use Java‚Äôs keytool to import to the default Java keystoreîÖîÅî}î(hja��hj_��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hK·hj[��ubjº��)Åî}î(håwsudo keytool -import -alias <remotehostname_alias> -file <remotehostfilename> -keystore $JAVA_HOME/lib/security/cacertsîh]îhåwsudo keytool -import -alias <remotehostname_alias> -file <remotehostfilename> -keystore $JAVA_HOME/lib/security/cacertsîÖîÅî}î(hhhjm��ubah}î(h]îh!]îh#]îh%]îh']îjÀ��jÃ��uh)jª��hKÂhj[��ubeh}î(h]îh!]îh#]îh%]îh']îuh)jı
��hjX��h
hhh*hNubjˆ
��)Åî}î(hX†
��Restart Tomcat

::

  sudo /etc/init.d/tomcat7 restart


where the ``<remotehostfilename>`` is the name of the certificate file
created on the remote partner machine and SCP'd to the home machine and
<remotehostname_alias> is a short memorable alias for this certificate and
$JAVA_HOME is the same as configured for running Tomcat. NOTE: the cacerts path may be different
depending on your exact Java installation.

îh]î(h2)Åî}î(håRestart Tomcatîh]îhåRestart TomcatîÖîÅî}î(hjá��hjÖ��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hKÁhjÅ��ubjº��)Åî}î(hå sudo /etc/init.d/tomcat7 restartîh]îhå sudo /etc/init.d/tomcat7 restartîÖîÅî}î(hhhjì��ubah}î(h]îh!]îh#]îh%]îh']îjÀ��jÃ��uh)jª��hKÎhjÅ��ubh2)Åî}î(hXe
��where the ``<remotehostfilename>`` is the name of the certificate file
created on the remote partner machine and SCP'd to the home machine and
<remotehostname_alias> is a short memorable alias for this certificate and
$JAVA_HOME is the same as configured for running Tomcat. NOTE: the cacerts path may be different
depending on your exact Java installation.îh]î(hå
where the îÖîÅî}î(hå
where the îhj°��ubjü��)Åî}î(hå``<remotehostfilename>``îh]îhå<remotehostfilename>îÖîÅî}î(hhhj™��ubah}î(h]îh!]îh#]îh%]îh']îuh)jû��hj°��ubhXE
�� is the name of the certificate file
created on the remote partner machine and SCP’d to the home machine and
<remotehostname_alias> is a short memorable alias for this certificate and
$JAVA_HOME is the same as configured for running Tomcat. NOTE: the cacerts path may be different
depending on your exact Java installation.îÖîÅî}î(hXC
�� is the name of the certificate file
created on the remote partner machine and SCP'd to the home machine and
<remotehostname_alias> is a short memorable alias for this certificate and
$JAVA_HOME is the same as configured for running Tomcat. NOTE: the cacerts path may be different
depending on your exact Java installation.îhj°��ubeh}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hKÓhjÅ��ubeh}î(h]îh!]îh#]îh%]îh']îuh)jı
��hjX��h
hhh*hNubeh}î(h]îh!]îh#]îh%]îh']îjà��jâ��jä��hjã��jå��uh)j
��hjG��h
hhh*hK·ubeh}î(h]îåGto-import-a-certificate-into-java-keystore-for-self-signed-certificatesîah!]îh#]îåIto import a certificate into java keystore (for self-signed certificates)îah%]îh']îuh)h	hjB��h
hhh*hK‡ubh
)Åî}î(hhh]î(h)Åî}î(håUpdate Metacat propertiesîh]îhåUpdate Metacat propertiesîÖîÅî}î(hj‹��hj⁄��h
hhNhNubah}î(h]îh!]îh#]îh%]îh']îuh)hhj◊��h
hhh*hKˆubh2)Åî}î(hå∫Metacat needs to be configured with the path to both the server certificate and the private key.
1. Edit metacat.properties, modifying these properties to match your specific deployment.îh]îhå∫Metacat needs to be configured with the path to both the server certificate and the private key.
1. Edit metacat.properties, modifying these properties to match your specific deployment.îÖîÅî}î(hjÍ��hjË��h
hhNhNubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hK˜hj◊��h
hubh�åblock_quoteîìî)Åî}î(hhh]îjº��)Åî}î(hå replication.certificate.file=/etc/ssl/certs/<hostname>-apache.crt
replication.privatekey.file=/etc/ssl/private/<hostname>-apache.key
replication.privatekey.password=<password, or blank if not protected>îh]îhå replication.certificate.file=/etc/ssl/certs/<hostname>-apache.crt
replication.privatekey.file=/etc/ssl/private/<hostname>-apache.key
replication.privatekey.password=<password, or blank if not protected>îÖîÅî}î(hhhj˚��ubah}î(h]îh!]îh#]îh%]îh']îjÀ��jÃ��uh)jª��hK¸hj¯��ubah}î(h]îh!]îh#]îh%]îh']îuh)jˆ��hj◊��h
hhh*hNubeh}î(h]îåupdate-metacat-propertiesîah!]îh#]îåupdate metacat propertiesîah%]îh']îuh)h	hjB��h
hhh*hKˆubeh}î(h]îå/generating-and-exchanging-security-certificatesîah!]îh#]îå/generating and exchanging security certificatesîah%]îh']îuh)h	hj—
��h
hhh*hK\ubh
)Åî}î(hhh]î(h)Åî}î(håUpdate your Metacat databaseîh]îhåUpdate your Metacat databaseîÖîÅî}î(hj$	��hj"	��h
hhNhNubah}î(h]îh!]îh#]îh%]îh']îuh)hhj	��h
hhh*hM
ubh2)Åî}î(hå”The simplest way to update the Metacat database to use replication is to use
the Replication Control Panel. You can also update the database using SQL.
Instructions for both options are included in this section.îh]îhå”The simplest way to update the Metacat database to use replication is to use
the Replication Control Panel. You can also update the database using SQL.
Instructions for both options are included in this section.îÖîÅî}î(hj2	��hj0	��h
hhNhNubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hM
hj	��h
hubhr)Åî}î(hhh]î(hw)Åî}î(håÜ.. figure:: images/screenshots/image063.jpg
   :align: center

   Using the Replication Control Panel to update the Metacat database.
îh]îh}î(h]îh!]îh#]îh%]îh']îåuriîåimages/screenshots/image063.jpgîhÑ}îhÜjL	��suh)hvhj>	��hh*hM

ubhà)Åî}î(håCUsing the Replication Control Panel to update the Metacat database.îh]îhåCUsing the Replication Control Panel to update the Metacat database.îÖîÅî}î(hjP	��hjN	��ubah}î(h]îh!]îh#]îh%]îh']îuh)háhh*hM

hj>	��ubeh}î(h]îåid3îah!]îh#]îh%]îh']îhûåcenterîuh)hqhM

hj	��h
hhh*ubh2)Åî}î(hX
��To update your Metacat database to use replication, select the "Add this server"
radio button from the Replication Control Panel, enter the partner server name,
and specify how the replication should occur (whether to replicate xml, data,
or use the local machine as a hub).îh]îhX
��To update your Metacat database to use replication, select the ‚ÄúAdd this server‚Äù
radio button from the Replication Control Panel, enter the partner server name,
and specify how the replication should occur (whether to replicate xml, data,
or use the local machine as a hub).îÖîÅî}î(hjf	��hjd	��h
hhNhNubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hM
hj	��h
hubh
)Åî}î(hhh]î(h)Åî}î(hå To update the database using SQLîh]îhå To update the database using SQLîÖîÅî}î(hjw	��hju	��h
hhNhNubah}î(h]îh!]îh#]îh%]îh']îuh)hhjr	��h
hhh*hM
ubjÒ
��)Åî}î(hhh]î(jˆ
��)Åî}î(håFLog in to the database

::

  psql -U metacat -W -h localhost metacat
îh]î(h2)Åî}î(håLog in to the databaseîh]îhåLog in to the databaseîÖîÅî}î(hjå	��hjä	��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hM
hjÜ	��ubjº��)Åî}î(hå'psql -U metacat -W -h localhost metacatîh]îhå'psql -U metacat -W -h localhost metacatîÖîÅî}î(hhhjò	��ubah}î(h]îh!]îh#]îh%]îh']îjÀ��jÃ��uh)jª��hM
hjÜ	��ubeh}î(h]îh!]îh#]îh%]îh']îuh)jı
��hjÉ	��h
hhh*hNubjˆ
��)Åî}î(håQSelect all rows from the replication table

::

  select * from xml_replication;
îh]î(h2)Åî}î(hå*Select all rows from the replication tableîh]îhå*Select all rows from the replication tableîÖîÅî}î(hj≤	��hj∞	��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hM
hj¨	��ubjº��)Åî}î(håselect * from xml_replication;îh]îhåselect * from xml_replication;îÖîÅî}î(hhhjæ	��ubah}î(h]îh!]îh#]îh%]îh']îjÀ��jÃ��uh)jª��hM
hj¨	��ubeh}î(h]îh!]îh#]îh%]îh']îuh)jı
��hjÉ	��h
hhh*hNubjˆ
��)Åî}î(hXÖ��Insert the partner server.

::

  INSERT INTO xml_replication (server,last_checked,replicate,datareplicate,hub) VALUES ('<partner.server/context>/servlet/replication',NULL,1,1,0);

Where ``<partner.server/context>`` is the name of the partner server and
context. The values 'NULL, 1,1,0' indicate (respectively) the last time
replication occurred, that XML docs should be replicated to the partner
server, that data files should be replicated to the partner server, and
that the local server should not act as a hub. Set a value of 'NULL,0,0,0'
if your Metacat is only receiving documents from the partner site and not
replicating to that site.
îh]î(h2)Åî}î(håInsert the partner server.îh]îhåInsert the partner server.îÖîÅî}î(hjÿ	��hj÷	��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hM 
hj“	��ubjº��)Åî}î(håëINSERT INTO xml_replication (server,last_checked,replicate,datareplicate,hub) VALUES ('<partner.server/context>/servlet/replication',NULL,1,1,0);îh]îhåëINSERT INTO xml_replication (server,last_checked,replicate,datareplicate,hub) VALUES ('<partner.server/context>/servlet/replication',NULL,1,1,0);îÖîÅî}î(hhhj‰	��ubah}î(h]îh!]îh#]îh%]îh']îjÀ��jÃ��uh)jª��hM$
hj“	��ubh2)Åî}î(hXœ
��Where ``<partner.server/context>`` is the name of the partner server and
context. The values 'NULL, 1,1,0' indicate (respectively) the last time
replication occurred, that XML docs should be replicated to the partner
server, that data files should be replicated to the partner server, and
that the local server should not act as a hub. Set a value of 'NULL,0,0,0'
if your Metacat is only receiving documents from the partner site and not
replicating to that site.îh]î(håWhere îÖîÅî}î(håWhere îhjÚ	��ubjü��)Åî}î(hå``<partner.server/context>``îh]îhå<partner.server/context>îÖîÅî}î(hhhj˚	��ubah}î(h]îh!]îh#]îh%]îh']îuh)jû��hjÚ	��ubhXµ
�� is the name of the partner server and
context. The values ‘NULL, 1,1,0’ indicate (respectively) the last time
replication occurred, that XML docs should be replicated to the partner
server, that data files should be replicated to the partner server, and
that the local server should not act as a hub. Set a value of ‘NULL,0,0,0’
if your Metacat is only receiving documents from the partner site and not
replicating to that site.îÖîÅî}î(hX≠
�� is the name of the partner server and
context. The values 'NULL, 1,1,0' indicate (respectively) the last time
replication occurred, that XML docs should be replicated to the partner
server, that data files should be replicated to the partner server, and
that the local server should not act as a hub. Set a value of 'NULL,0,0,0'
if your Metacat is only receiving documents from the partner site and not
replicating to that site.îhjÚ	��ubeh}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hM&
hj“	��ubeh}î(h]îh!]îh#]îh%]îh']îuh)jı
��hjÉ	��h
hhh*hNubjˆ
��)Åî}î(håExit the databaseîh]îh2)Åî}î(hj
��h]îhåExit the databaseîÖîÅî}î(hj
��hj
��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hM.
hj
��ubah}î(h]îh!]îh#]îh%]îh']îuh)jı
��hjÉ	��h
hhh*hNubjˆ
��)Åî}î(håGRestart Apache and Tomcat on both home and partner replication machinesîh]îh2)Åî}î(hj3
��h]îhåGRestart Apache and Tomcat on both home and partner replication machinesîÖîÅî}î(hj3
��hj5
��ubah}î(h]îh!]îh#]îh%]îh']îuh)h1hh*hM/
hj1
��ubah}î(h]îh!]îh#]îh%]îh']îuh)jı
��hjÉ	��h
hhh*hNubeh}î(h]îh!]îh#]îh%]îh']îjà��jâ��jä��hjã��jå��uh)j
��hjr	��h
hhh*hM
ubeh}î(h]îå to-update-the-database-using-sqlîah!]îh#]îå to update the database using sqlîah%]îh']îuh)h	hj	��h
hhh*hM
ubeh}î(h]îåupdate-your-metacat-databaseîah!]îh#]îåupdate your metacat databaseîah%]îh']îuh)h	hj—
��h
hhh*hM
ubeh}î(h]îåconfiguring-replicationîah!]îh#]îåconfiguring replicationîah%]îh']îuh)h	hhh
hhh*hK:ubeh}î(h]îåreplicationîah!]îh#]îåreplicationîah%]îh']îuh)h	hhh
hhh*hKubah}î(h]îh!]îh#]îh%]îh']îåsourceîh*uh)h
åcurrent_sourceîNåcurrent_lineîNåsettingsîådocutils.frontendîåValuesîìî)Åî}î(hNå	generatorîNå	datestampîNåsource_linkîNå
source_urlîNå
toc_backlinksîhÿåfootnote_backlinksîK
å
sectnum_xformîK
åstrip_commentsîNåstrip_elements_with_classesîNå
strip_classesîNåreport_levelîKå
halt_levelîKåexit_status_levelîKådebugîNåwarning_streamîNå	tracebackîàåinput_encodingîå	utf-8-sigîåinput_encoding_error_handlerîåstrictîåoutput_encodingîåutf-8îåoutput_encoding_error_handlerîjê
��åerror_encodingîåUTF-8îåerror_encoding_error_handlerîåbackslashreplaceîå
language_codeîåenîårecord_dependenciesîNåconfigîNå	id_prefixîhåauto_id_prefixîåidîå
dump_settingsîNådump_internalsîNådump_transformsîNådump_pseudo_xmlîNåexpose_internalsîNåstrict_visitorîNå_disable_configîNå_sourceîh*å_destinationîNå
_config_filesî]îåpep_referencesîNåpep_base_urlîå https://www.python.org/dev/peps/îåpep_file_url_templateîåpep-%04dîårfc_referencesîNårfc_base_urlîåhttps://tools.ietf.org/html/îå	tab_widthîKåtrim_footnote_reference_spaceîâåfile_insertion_enabledîàåraw_enabledîK
åsyntax_highlightîålongîåsmart_quotesîàåsmartquotes_localesîNåcharacter_level_inline_markupîâådoctitle_xformîâå
docinfo_xformîK
åsectsubtitle_xformîâåembed_stylesheetîâåcloak_email_addressesîàåenvîNågettext_compactîàubåreporterîNåindirect_targetsî]îåsubstitution_defsî}îåsubstitution_namesî}îårefnamesî}îårefidsî}îånameidsî}î(jk
��jh
��jc
��j`
��j?��j<��j	��j	��j¥��j±��jD��jA��j‘��j—��j	��j	��j[
��jX
��jS
��jP
��uå	nametypesî}î(jk
��Njc
��Nj?��Nj	��Nj¥��NjD��Nj‘��Nj	��Nj[
��NjS
��Nuh}î(jh
��hj`
��j—
��j<��jõ��j	��jB��j±��jo��jA��j∑��j—��jG��j	��j◊��jX
��j	��jP
��jr	��hôhsj&��j��j^	��j>	��uå
footnote_refsî}îå
citation_refsî}îå
autofootnotesî]îåautofootnote_refsî]îåsymbol_footnotesî]îåsymbol_footnote_refsî]îå	footnotesî]îå	citationsî]îåautofootnote_startîK
åsymbol_footnote_startîK�åid_startîKåparse_messagesî]îåtransform_messagesî]îåtransformerîNå
decorationîNh
hub.