| 13 |
13 |
-->
|
| 14 |
14 |
<HTML>
|
| 15 |
15 |
<HEAD>
|
| 16 |
|
<TITLE>Metacat</TITLE>
|
|
16 |
<TITLE>Metacat Replication</TITLE>
|
| 17 |
17 |
<link rel="stylesheet" type="text/css" href="./default.css">
|
| 18 |
18 |
</HEAD>
|
| 19 |
19 |
<BODY>
|
| ... | ... | |
| 29 |
29 |
|
| 30 |
30 |
<div class="header1">Table of Contents</div>
|
| 31 |
31 |
<div class="toc1"><a href="#Intro">Metacat Replication</a></div>
|
|
32 |
<div class="toc2"><a href="#Overview">Overview</a></div>
|
| 32 |
33 |
<div class="toc2"><a href="#DatabasedInfo">Databased Information</a></div>
|
| 33 |
34 |
<div class="toc2"><a href="#Example">Example</a></div>
|
| 34 |
35 |
<div class="toc3"><a href="#gamma">What happens with gamma?</a></div>
|
| 35 |
36 |
<div class="toc3"><a href="#alpha">What happens with alpha?</a></div>
|
| 36 |
37 |
<div class="toc3"><a href="#lamda">What happens with lamda?</a></div>
|
|
38 |
<div class="toc1"><a href="#ControlPanel">The Replication Control Panel</a></div>
|
| 37 |
39 |
<div class="toc1"><a href="#Certificates">Certificates</a></div>
|
| 38 |
40 |
<div class="toc2"><a href="#GenerateCertificates">Generate Certificates on both the replication client and server.</a></div>
|
| 39 |
41 |
<div class="toc3"><a href="#GenerateCertTomcat">Generate Certificate for Tomcat standalone (no Apache)</a></div>
|
| ... | ... | |
| 41 |
43 |
<div class="toc2"><a href="#RegisterPartner">Register the partner machines certificate</a></div>
|
| 42 |
44 |
|
| 43 |
45 |
<a name="Intro"></a><div class="header1">Metacat Replication</div>
|
|
46 |
<a name="Overview"></a><div class="header2">Overview</div>
|
| 44 |
47 |
<p>Metacat has built-in replication to allow different Metacat servers to
|
| 45 |
48 |
share data between themselves. Metacat not only replicates XML documents but
|
| 46 |
49 |
also data files. </p>
|
| ... | ... | |
| 306 |
309 |
wind up on lambda.</li>
|
| 307 |
310 |
</ul>
|
| 308 |
311 |
</ul>
|
| 309 |
|
|
|
312 |
|
|
313 |
<a name="ControlPanel"></a><div class="header1">The Replication Control Panel:</div>
|
| 310 |
314 |
There is an html control panel for controling replication. After
|
| 311 |
315 |
<a href="./Metacatinstall.html">installing</a> Metacat, you can access
|
| 312 |
316 |
it by going through the Metacat servlet context you have setup and calling up
|
| ... | ... | |
| 337 |
341 |
into the binary certificates file located at $JAVA_HOME/lib/security/cacerts</li>
|
| 338 |
342 |
<ul class="list2">
|
| 339 |
343 |
<li>Run the command:
|
| 340 |
|
<div class="code">keytool -genkey -alias <aliasname> -keyalg RSA -validity 800 -keystore cacerts</div>
|
|
344 |
<div class="code">keytool -genkey -alias <aliasname> -keyalg RSA -validity 800 -keystore $JAVA_HOME/lib/security/cacerts</div>
|
| 341 |
345 |
where <aliasname> is a unique name that you choose for this cert. Something like "<hostname-tomcat>"
|
| 342 |
|
might be appropriate.</li>
|
|
346 |
might be appropriate, where <hostname-tomcat> is the name of this host.</li>
|
| 343 |
347 |
</ul>
|
| 344 |
348 |
</li>
|
|
349 |
<li>
|
|
350 |
Password - keytool will ask for a password. If this is a pre-existing keystore, you will need
|
|
351 |
to know its password to modify it. If you are creating a new keystore, the password you enter
|
|
352 |
will become the keystore password.
|
|
353 |
</li>
|
| 345 |
354 |
<li>Sample values when creating certificate</li>
|
| 346 |
355 |
<ul class="list2">
|
| 347 |
356 |
<li>What is your first and last name? <b>myserver.nceas.ucsb.edu </b>
|
| ... | ... | |
| 357 |
366 |
and put it into a local file</li>
|
| 358 |
367 |
<ul class="list2">
|
| 359 |
368 |
<li>Run the command:
|
| 360 |
|
<div class="code">keytool -export -alias <aliasname> -file <outputfile>.cert -keystore cacerts</div>
|
|
369 |
<div class="code">keytool -export -alias <aliasname> -file <outputfile>.cert -keystore $JAVA_HOME/lib/security/cacerts</div>
|
| 361 |
370 |
where <aliasname> is the same name you used when you created the certificate. </li>
|
| 362 |
371 |
<li>A file named <outputfile>.cert will be created in the same directory where you run the keytool
|
| 363 |
372 |
command. You can name the output file anything you like, but keep in mind that it will get sent to the
|
| ... | ... | |
| 369 |
378 |
<li>Enable SSL in Tomcat
|
| 370 |
379 |
<ul class="list2">
|
| 371 |
380 |
<li>Edit the Tomcat server file at $TOMCAT_HOME/conf/server.xml</li>
|
| 372 |
|
<li>uncomment the section that starts with "<Connector port="8443" ...</li>
|
| 373 |
|
<li>add another attribute to that section that reads:
|
|
381 |
<li>
|
|
382 |
uncomment the section that starts with "<Connector port="8443" ... (Note: Databased Informationcomments start with
|
|
383 |
<!-- and end with -->).
|
|
384 |
</li>
|
|
385 |
<li>add two attribute to that section that read:
|
| 374 |
386 |
<div class="code">keystoreFile="<JAVA_HOME>/lib/security/cacerts"</div>
|
| 375 |
|
where $JAVA_HOME should be the actual java path.
|
|
387 |
<div class="code">keystorePass="<keystore_password>"</div>
|
|
388 |
where <JAVA_HOME> should be the actual java path and <keystore_password> should be the
|
|
389 |
password you used when you created the keystore.
|
| 376 |
390 |
</li>
|
| 377 |
391 |
</ul>
|
| 378 |
392 |
</li>
|
| ... | ... | |
| 452 |
466 |
replication server.
|
| 453 |
467 |
<ul class="list1">
|
| 454 |
468 |
<li>Import the remote certificate by running:
|
| 455 |
|
<div class="code">keytool -import -alias <remotehostalias> -file <remotehostfilename>.cert -keystore cacerts</div>
|
|
469 |
<div class="code">keytool -import -alias <remotehostalias> -file <remotehostfilename>.cert -keystore $JAVA_HOME/lib/security/cacerts</div>
|
| 456 |
470 |
where the <remotehostfilename> is the certificate file you created on the remote machine and
|
| 457 |
471 |
copied to this machine. The <remotehostalias> is the name the certificate will use in
|
| 458 |
472 |
the keystore. It should be something that identifies the remote host.
|
Update replication documentation