It seems that the installer is creating out of date config files on freshly installed nodes. The cause of this appears to be that the esg-security script extracts them from the .jar file, and that these copies are out of date.
The build process for the jar file needs to be fixed, so as to download the latest versions from the config repo when the jar is built.
Alternatively (and possibly better), the installer needs to fetch the latest copies from github at install time. For this reason I am creating this ticket under "installer" rather than "security" component, although if this approach is adopted it would also seem better to remove the copies from the .jar file entirely.
It seems that the installer is creating out of date config files on freshly installed nodes. The cause of this appears to be that the
esg-security
script extracts them from the.jar
file, and that these copies are out of date.Attached is an example of the
esgf_idp_static.xml
file extracted fromesgf-security-2.7.18.jar
(here renamed with trailing.txt
to work around restrictions on attachment types). Compare with the current version at https://github.com/ESGF/config/blob/1c4f6903dc6a7e09a9949f9569d0a6400cadf753/esgf-prod/esgf_idp_static.xmlesgf_idp_static.xml.txt
The build process for the jar file needs to be fixed, so as to download the latest versions from the
config
repo when the jar is built.Alternatively (and possibly better), the installer needs to fetch the latest copies from github at install time. For this reason I am creating this ticket under "installer" rather than "security" component, although if this approach is adopted it would also seem better to remove the copies from the
.jar
file entirely.