Notes for development Block 1.4 ------------------------------- Previous epad notes at: http://epad.dataone.org/2014-6-Block-1-3 G+ URL: https://plus.google.com/hangouts/_/event/cqpnckqbr0s8o40kpk3r20ko8s0 Skye ------- * 20140003 * PTO March 5-11 * Dashboard UI updates. * 20140221 * Tidy change result testing/verification/noise inspection. * Cross browser testing on changes for ubuntu FF 27 font rendering issue * Chrome/IE/FF on Windows * FF on Ubuntu * Chrome/FF/Safari on OS X * 20140219 * Cleaned up some tidy errors, cleaning up change record noise. * Worked on FireFox 27 rendering on Ubuntu * Font sizes in FF 27 ubuntu are huge, pushing input sizes to be very large * Table/Fieldset layout issues due to huge fonts in FF ubuntu. Robert ------ * 20140307 * cn-dev-orc-1 is rebuilt, except for the replication/ldap cert. Ldap will not run until. * reviewed stats endpoints for query mechanism * 20140305 * cn-dev-orc-1 is almost rebuilt, need certs to complete. * Pro * talked with Peter re: log and stats dashboard. * 20140228 * cn-dev-orc-1 buildout was somewhat problematic. may need to review ldap-pam setup instructions. * read about hazelcast and outbound ports, may need to open up outbound ports for hazelcast * 20140226 * rebuilding cn-dev-orc-1, writing up instructions on SSH cert only login * writing code to review errors of Dryad sync * 20140224 * No luck on the tidy log analysis * Looked more at OpenLdap problems * Need to login to cn-dev-orc-1 * 20140221 * out sick * 20140219 * Looked at Openldap a bit, holding off on rebuild * Looked at Metacat, requires higher version of ant thatn 10.04 installs by default. Dave V installed the most recent version of ant. * Metacat is not the most recent version on dev. * Devised test for possible ssl connection problems, we didn't have any problems that persisted past Monday morning. * Looking at cn_log_report code again. David D -------- * 20140307 * Adding splunk inputs for syslog and apache to cn-dev-orc * Planning application update to prod forwarders/indexer next weekend * 20140305 * Rolled out Splunk test input configs to existing dev CNs * Found a possible ufw config issue at cn-stage-ucsb-1 * ufw was not configured to accept connections on 389 from its own IP address - other stage CNs were * opened 389 to said port - no change in behavior * Meanwhile, ldap sync replication had begun failing across stage altogether * Stopped/started slapd on all stage CNs, which restored replication to/from orc and ucsb * ADC ldap browser isn't connecting to cn-sandbox-orc-1 for some reason * Tried a couple of other ldap browsers and was able to connect to the dev orc's ldap directory - application issue w/ADC? * 20140303 * Rolled out Splunk test environment output configs to sandbox CNs * Dev next, depending on where cn-dev-orc-1 is at * Still need sudo access to some sandbox MNs * Running stage CN tcpdumps through a different packet analyzer to see if it shows anything that Wireshark doesn't, or if I catch anything after another look at them * 20140228 * Cleaned up spammy jsvc logs, forced logrotate to confirm good rotation activity, will keep an eye on it * In addition to other tasks, going to look into why Apache Directory Studio won't connect to cn-sandbox-orc-1 * 20140226 * Still digging through slapd-related logs * created some more .ldifs from slapcat on the stage CNs * several dns showing different entries for entryCSN and modifyTimeStamp but are otherwise equal * some dns appear to be either missing altogether from one database or another, or they're in different order across the databases * Going to circle back to Splunk test setup and doing some cleanup of bad log files * Found port 5432 blocked on cn-stage-unm-1 - port used by postgres unblocked on other stage boxes, and orc stage was sending tons of connect requests to unm at that port, so unblocked * 20140224 * Looked into stage ldap connections w/Robert, determined that encryption is in fact configured correctly and working as expected on orc and ucsb * Robert still suspects database corruption * Looking into more tests for database corruption * 20140221 * traced stage syncrepl back to encryption config issue * port 389 on cn-stage-orc-1 is blocked until a fix can be determined * 20140219 * Talked w/Bruce re: stage syncrepl issue - he's not convinced that database corruption is the (only) problem * wants Chris B. and I to figure out which cipher suites the stage boxes are using to talk to one another and run some more tests on slapd activity * 20140217 * stage CN syncrepl: * Ran tcpdumps on cn-stage-orc-1 and cn-stage-ucsb-1, then induced a failed ldap sync replication, looked at results w/Wireshark * Wireshark packet analysis shows multiple connections made, tls handshakes completed, minimal amount of application traffic, then connections shutting down with tls error code 21 - "TLS1_ALERT_DECRYPTION_FAILED" * running slapcat on stage CNs gives three .ldif files that are highly different from one another * Also, some values in the .ldifs created by slapcat appear to be corrupted, e.g. "cn=benjam\2BaO0-n leinfelder" instead of "cn=benjamin leinfelder" per Chris J, this particular entry is expected * Seeing this on orc too, not just ucsb irrelevant, since this is expected behavior Rob --- * 20140307 * minor refactoring of libclient objects to improve testability: * abstract out object creation into factory methods for MNode and CNode classes. * 20140305 * EDAC testing * reviewed status of EDAC node in DEV * checked ONEMercury issues in DEV * Reviewing libclient architectural issues: * depencency on apache HttpClient v 4.1.3 * reliance on concrete class D1Client to get access to nodes, instead of interface - very difficult to use other implementations, or mock objects. * 21040226 * debugged the accessPolicy presentation in ChangeRecord. * fixed the duplicate record problem * built the option in TypeCompareUtils to flatten lists of simple types, but needs unit tests. * for example: BlockedMN and PreferredMN lists of NodeReferences would be flattened and lead to fewer logging lines. * need to reharvest EDAC in DEV then review with Soren / Skye. * 20140224 * registered EDAC to DEV, got it to synchronize. * will review and ask Soren to review * will run tidy with the ChangeRecord changes * 20140221 * EDAC - registering to new test environment * trouble connecting to STAGE2's portal so registered to DEV * DigitalAntiquities: * Adam Brin interested in using libclient, but having version conflicts with apache HttpClient * interested in a more generalized technical document - about a step up from the API specs, to help with implementation. * 20140219 * libclient_java: * looking into apache.HTTPClient version issue on Hudson (seems to regularly complaining about not finding approprite version) * not clear why Hudson is failing, so am investigating removal of download.java.net/maven/2/ repository * investigating cost (impact) of using newer versions Jing ---- * 20140307 * Discussed the plan to assign alias dns for nceas ldap server * Working on the process to modify the ldap server - create alias or create accounts on ou=Account. * 20140305 * Created a new maven project and checked in the code. * Automated the process to create tables, import the ldap account. * Working on the process to assign target DNs. * 20140303 * Dicuss the plan for how to merge NCEAS subtree * Try to set up new code repository * 20140228 * Fixed some bugs on metacat 2.4.1 release * Trouble shooting for UW's Metacat * Work on a plan to fill the action and guid for NCEAS subtree in NCEAS' production ldap. * 201402024 * Developed some code to import the ldap accounts into a sql database * Developping the code (Java or Perl) to merge the ldap account trees† * Installed cn-dev-unm-1 and cn-dev-ucsb-1 to confirm the change in the prostinstall script * Looking at the access log of the NCEAS' LDAP server to compile a list who are using the LDAP. Chris ----- * 20140219 * IDCC presentation work * MN support: certs and registering * Metacat upgrade: dealing with DwC versions Roger ----- * 20140310 * Back to the MN Deployment Ticket Generator. The program itself is very simple and mostly completed. Remaining is refining the ticket template. * 20140305 * Have cycled back to do more work on replication processing in GMN and replication testing after finding some issues. Will write a document about this. * 20140226 * Continuing work on the D1 ticket generator. Peter ----- * 20140228 * Created a document that describes the proposed changes to the log aggregation/query (via Solr) index to support a user oriented dashboard and other similiar clients * 20140303 * began metacat upgrade to Solr 4 * talking w/Robert regarding setting up a D1 CN test environment for development/test of changes to log aggregation to support a user dashboard on MNs * 20140305 * continue work on metacat Solr4 upgrade * continue work on stats service for user dashboard