[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Handle-info] RE: Handle-Info digest, Vol 1 #290 - 4 msgs
Please add gwilkie@loc.gov to this mailing list. He has significant persistent handle responsibilities in the Law Library of Congress.
Thanks
Henry Rossman
-----Original Message-----
From: handle-info-admin@cnri.reston.va.us [mailto:handle-info-admin@cnri.reston.va.us] On Behalf Of handle-info-request@cnri.reston.va.us
Sent: Thursday, December 13, 2012 12:00 PM
To: handle-info@cnri.reston.va.us
Subject: Handle-Info digest, Vol 1 #290 - 4 msgs
Send Handle-Info mailing list submissions to
handle-info@cnri.reston.va.us
To subscribe or unsubscribe via the World Wide Web, visit
http://www.handle.net/mailman/listinfo/handle-info
or, via email, send a message with subject or body 'help' to
handle-info-request@cnri.reston.va.us
You can reach the person managing the list at
handle-info-admin@cnri.reston.va.us
When replying, please edit your Subject line so it is more specific than "Re: Contents of Handle-Info digest..."
Today's Topics:
1. Handle server mirror replication howto - questions (Eric Auer)
2. Re: Handle server mirror replication howto - questions (Robert Tupelo-Schneck)
3. Re: Handle server mirror replication howto - questions (Eric Auer)
4. Re: Handle server mirror replication howto - questions (Robert Tupelo-Schneck)
--__--__--
Message: 1
Date: Thu, 13 Dec 2012 15:25:19 +0100
From: Eric Auer <eric.auer@mpi.nl>
To: handle-info@cnri.reston.va.us
Subject: [Handle-info] Handle server mirror replication howto - questions
Dear handle-info readers, forwarding a common question to the list, maybe there is a nice howto about it somewhere? Thanks in advance!
We'd ... like to start replication of Handles between your and our HS.
How do we do this? I'm guessing you are using the Handle System's mechanisms for replication - so if I send our siteinfo.bin to you, can you add us to the replication as well..? Does this enable replication automatically or do we have to do something beyond that?
And how does this work with the different prefixes? Our Handle Server is currently homed for OURPREFIX - can it carry other prefixes as well or do we need separate installations (I guess not...)
(end of quote)
As far as I remember, there was something about the config files on both sides, public keys and the root "nameserver" of HS for those prefixes that are to get mirrored? Looking at some etc. notes here, I see for the config.dct of the mirror:
... in the server_config section of the main { } section ...:
"server_admins" = (
"301:0.NA/OURPREFIX"
)
"this_server_id" = "1"
"replication_authentication" = "privatekey:301:0.NA/OURPREFIX"
...
The private key must be available to the mirror and the public key must be available as part of the 0.NA/OURPREFIX entry of the root 'name' server of the handle system.
Also there are replpriv.bin and replpub.bin files and the sitebndl.zip contains replpub.bin, replid.txt, siteinfo.bin and contactdata.dct, all probably gathered by the Handle System install tool? The text file is apparently not really used, says: "300:0.NA/YOUR_NAMING_AUTHORITY".
The mirror also has the to-be-mirrored prefix homed, but that can be done with the usual tools and methods provided for homing, I assume?
On the server side, I see the following in config.dct:
...
"server_admins" = (
"300:0.NA/OURPREFIX"
)
"replication_admins" = (
"300:0.NA/OURPREFIX"
)
"this_server_id" = "1"
"max_session_time" = "86400000"
"max_auth_time" = "60000"
"backup_admins" = (
"300:0.NA/OURPREFIX"
)
...
So apparently owning the private key for the 300:0.NA/OURPREFIX public key stored in the root 'name' server (naming authority) grants rights to 1. admin the server 2. receive data for mirroring and 3. dump all data for backup purposes, but this could also be split into different accounts? In particular, you will often have a separation between admin and mirror credentials, so mirrors can only 'login' to mirror data...
Is that correct? Did I forget something important? Thanks in advance!
Regards, Eric
--__--__--
Message: 2
Subject: Re: [Handle-info] Handle server mirror replication howto - questions
From: Robert Tupelo-Schneck <schneck@cnri.reston.va.us>
Date: Thu, 13 Dec 2012 09:52:38 -0500
Cc: handle-info@cnri.reston.va.us
To: Eric Auer <eric.auer@mpi.nl>
Responses below.
On 2012-12-13, at 09:25 , Eric Auer wrote:
> We'd ... like to start replication of Handles between your and our HS.
> How do we do this? I'm guessing you are using the Handle System's
> mechanisms for replication - so if I send our siteinfo.bin to you, can
> you add us to the replication as well..? Does this enable replication
> automatically or do we have to do something beyond that?
> And how does this work with the different prefixes? Our Handle Server
> is currently homed for OURPREFIX - can it carry other prefixes as well
> or do we need separate installations (I guess not...)
A single server can carry many prefixes.
However, as currently implemented, handle server replication assumes = that the servers in a replication group will be identical. There is no = provision for a server replicating from several sources of distinct = handles. Is there demand for such a feature?
> As far as I remember, there was something about the config files on
> both sides, public keys and the root "nameserver" of HS for those
> prefixes that are to get mirrored? Looking at some etc. notes here, I
> see for the config.dct of the mirror:
> ... in the server_config section of the main { } section ...:
The mirror just needs to have this one key in its server_config:
> "replication_authentication" =3D "privatekey:301:0.NA/OURPREFIX"
This means that the mirror will authenticate to the primary as = 301:0.NA/OURPREFIX. That handle value should have a public key (which = is also stored, unused, at replpub.bin). The file replpriv.bin holds = the private key used for the authentication.
> Also there are replpriv.bin and replpub.bin files and the sitebndl.zip
> contains replpub.bin, replid.txt, siteinfo.bin and contactdata.dct,
> all probably gathered by the Handle System install tool? The text file
> is apparently not really used, says: "300:0.NA/YOUR_NAMING_AUTHORITY".
Only replpriv.bin and siteinfo.bin are actually needed by the mirror = handle server.
The mirror will also need a txnsrvsv.bin file. This file is the = siteinfo.bin of the primary server, and is used by the mirror to locate = and authenticate the primary.
> The mirror also has the to-be-mirrored prefix homed, but that can be
> done with the usual tools and methods provided for homing, I assume?
In fact, which prefixes are homed will be determined by the primary = server and replicated to the mirror. No action is required.
> On the server side, I see the following in config.dct:
What is needed on the primary side is the "replication_admins" key. It = must contain the handle value reference used as the = "replication_authentication" of the mirror. So:
"replication_admins" =3D (
"301:0.NA/OURPREFIX"
)
The originally posted config snippet had 300:0.NA/OURPREFIX instead, so = the mirror would be forbidden to replicate.
> So apparently owning the private key for the 300:0.NA/OURPREFIX public
> key stored in the root 'name' server (naming authority) grants rights
> to 1. admin the server 2. receive data for mirroring and 3. dump all
> data for backup purposes, but this could also be split into different
> accounts? In particular, you will often have a separation between =
admin
> and mirror credentials, so mirrors can only 'login' to mirror data...
Yes, server_admins and replication_admins (and backup_admins) can all be = separate identities.
Best,
Robert=
--__--__--
Message: 3
Date: Thu, 13 Dec 2012 16:02:15 +0100
From: Eric Auer <eric.auer@mpi.nl>
To: Robert Tupelo-Schneck <schneck@cnri.reston.va.us>,
handle-info@cnri.reston.va.us
Subject: Re: [Handle-info] Handle server mirror replication howto - questions
Hi Robert,
thanks for the quick and helpful response!
> A single server can carry many prefixes.
Nice.
> However, as currently implemented, handle server replication assumes that the servers in a replication group will be identical. There is no provision for a server replicating from several sources of distinct handles. Is there demand for such a feature?
I did not understand that one...
> The mirror will also need a txnsrvsv.bin file. This file is the siteinfo.bin of the primary server, and is used by the mirror to locate and authenticate the primary.
Interestingly, the mirror where I looked did not have this file and it seems to be stuck in a loop of 'full redump needed' warnings...?
> In fact, which prefixes are homed will be determined by the primary server and replicated to the mirror. No action is required.
So you do not have to home anything to the mirror, nor have to tell the mirror which prefixes to mirror, as all that is in txnsrvsv.bin?
I think the server and mirror keys in my example were different only because I gathered my examples from servers which are not server and mirror of each other, but of some other servers.
Regards, Eric
--__--__--
Message: 4
Subject: Re: [Handle-info] Handle server mirror replication howto - questions
From: Robert Tupelo-Schneck <schneck@cnri.reston.va.us>
Date: Thu, 13 Dec 2012 10:41:35 -0500
Cc: handle-info@cnri.reston.va.us
To: Eric Auer <eric.auer@mpi.nl>
On 2012-12-13, at 10:02 , Eric Auer wrote:
>> However, as currently implemented, handle server replication assumes
>> =
that the servers in a replication group will be identical. There is no = provision for a server replicating from several sources of distinct = handles. Is there demand for such a feature?
>=20
> I did not understand that one...
I mean, if server A serves prefix 123 (and not 456), and server B serves = prefix 456 (and not 123), you couldn't create a mirror that replicates = both A and B and serves both 123 and 456.
>> The mirror will also need a txnsrvsv.bin file. This file is the =
siteinfo.bin of the primary server, and is used by the mirror to locate = and authenticate the primary.
>=20
> Interestingly, the mirror where I looked did not have this file and
>it seems to be stuck in a loop of 'full redump needed' warnings...?
I should have said "txnsrcsv.bin". There is another way to configure = replication using a "replication_sites_handle" value in the = server_config. That handle is resolved to find the site information for = servers to replicate from.
The full redump needed indicates that the primary thinks your server is = too far out of date. Stop the mirror and run the "hdl-dumpfromprimary" = script, it will pull all the information from the primary. Then you can = restart and replication should continue normally.
>> In fact, which prefixes are homed will be determined by the primary =
server and replicated to the mirror. No action is required.
>=20
> So you do not have to home anything to the mirror, nor have to tell
>the mirror which prefixes to mirror, as all that is in txnsrvsv.bin?
It's not in the txnsrcsv.bin, but the primary server will send all that = information to the secondary.
Best,
Robert
--__--__--
_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info
End of Handle-Info Digest
_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info