Closed amoeba closed 1 year ago
Awesome. Thanks!
mvn -v
produces a "Maven home" directory, so we should be able to find it out programmatically. MODE
environment variable in metacat.env is for Let's Encrypt, and not for us. That will clearly require better documentation. Right now I am not configuring the DataONE properties at all, so they are left at defaults. So, my guess is that it wants production certs because metacat.properties is pointing to cn.dataone.org by default. The R client probably looks in the CN's node service to see if a node is registered in production, and because we are not, it wants a test cert. I think all of this stuff will need to be tweaked to support easy switching from test to production status. I've never liked the R code using different env vars for test and production environments.Thanks. Look like I missed that MetacatUI gets set up by default: That's nice. Re: my build failures, yes this is a fresh checkout. I have everything I can think of installed via homebrew if that helps diagnose the build failures.
The R client calls CN listNodes
to determine if a member node is in the production environment and if it is not known to the CN then the node is designated as belonging to a dev env. The DataONE MN API doesn't provide a call for discovery of the D1 env it is in, AFAIK. If there are any ideas on changing or improving this then now seems like a good time, to help streamline the docker metacat setup.
The motivation to use the R options dataone_token
and dataone_test_token
was so that users could easily switch between test and prod environments, as discussed here. If this has caused and problems for users then we should revisit this.
The R client calls CN listNodes to determine if a member node is in the production environment and if it is not known to the CN then the node is designated as belonging to a dev env.
Ah, that makes sense, and is reasonable. Thanks!
I understand the reasoning for setting D1Client.CN_URL
to the production CN, but I do wonder if we set it to https://cn-stage-2.test.dataone.org/cn, because that's the "stable" DataONE test environment, and to be registered in the production DataONE, you still have to go through a testing phase of some sort. Switching that property is inevitable at some point for all Metacat operators, and you still get a valid token from STAGE2.
@csjx I think this discussion of how the R client works with CNs and auth tokens is a little off topic for this ticket on the metacat docker deploy. Do we want to move that to a R client ticket, or see if one already exists, or just stick with what we have which works for most people using production machines (only devs tend to use non-registered machines a lot)?
On-topic or off, I think it'd be great if this Docker deployment allowed me to specify which environment my Metacat stack would point at, rather than just default to the production CN which is almost never what someone wants. An option for an additional Issue might be to change this behavior at the Metacat level but, since there are multiple DataONE testing environments available, allowing this to be configured for the Docker deployment would be handy.
@amoeba I totally agree on being able to choose an environment for the docker deploy. At this point I hadn't started on DataONE configuration in docker at all. There are several other pieces of info we will need to get dataone connectivity set up, not the least of which is a cert. so I bypassed that config for now.
One thing you might not have noticed is that you can set any metacat.properties key and value in the docker folder app.properties file and it will override the defaults. So you could set the cn property there.
Closing this, since it is now superseded by the work done for the Epic #1623
Hey @mbjones I needed to set up a fresh Metacat instance so I ran through the Docker setup you've pushed to https://github.com/NCEAS/metacat/compare/feature-docker. It looks great and I appreciated the readme. I got to a running Metacat stack in pretty short order. I had some issues and some questions though:
General stuff
metacat.env
This is really clean which is nice. Though I noticed that the Postgres password and Metacat admin password are pre-filled which makes me worried users won't edit this file and there will be Metacat stacks running default passwords. What do you think about not providing these and having the build/startup fail when they aren't set? Also, maybe change the
EMAIL
andADMIN
defaults to not includejones
and use something generic likeadmin
ormetacat
.Building
I've always had trouble building Metacat and I'm not sure quite why. AFAICT it looks like it might be a Java version thing but the errors are unclear. The things I run into when I run
ant distbin
are:build.properties
hardcodes themaven.home
property so I always have to change this to something likemaven.home=/usr/local/Cellar/maven/3.5.2/libexec
. Could this require less configuration?I get an eventual build failure:
any insights?
Using it
I got the stack up and running with
docker-compose
without issue so I went to submit a Data Package to it using R. It wasn't clear to me which token signing environment my Metacat was set up with so I assumed test. After some debugging, I figured out I was in the PROD signing environment, but that R thinks it's in thetest
environment:which means, in R, that I have to set a production token as my test token to start hitting authenticated endpoints. I'm not sure what R is using to determine this nor was I sure what I might change to change it. Which token signing environment does it make the most sense to start Metacat off in, production or some test environment? I see your
MODE
env var so it seems like that would be a logical place to control this all from.