[Pdl] Realtime PDL Hub changes

Fee, Jeremy jmfee at usgs.gov
Wed Jan 11 23:17:21 UTC 2017 

Hello,

As previously announced, we are replacing the existing Realtime PDL hubs.
We are taking steps to avoid interruption in data distribution, but *users
should take the precautionary steps as described below to minimize the
impact of this change*.


On *February 13, 2017*, we will update the DNS names associated with the
Existing Realtime PDL hubs so they point to the New Realtime PDL hubs.  For
many users, restarting their PDL client after this DNS change will be all
that is needed.  *ALL USERS WITH EGRESS FIREWALLS* need to update their
firewall rules and ensure they can connect to the New Realtime PDL hubs.

On March 1, 2017, we will shut down the Existing Realtime PDL hubs, which
will no longer be available at their existing IP addresses.


Existing Realtime PDL hubs:
ehppdl1.cr.usgs.gov ( 137.227.224.95 )
ehppdl2.wr.usgs.gov ( 137.227.233.12 )

New Realtime PDL hubs:
prod01-pdl01.cr.usgs.gov ( 137.227.224.211 )
prod02-pdl01.cr.usgs.gov ( 137.227.252.137 )


At this time, consumer/receive users may start using the New Realtime PDL
hubs, however producer/send users should continue sending to the Existing
Realtime PDL hubs until DNS is updated.

More details are included below:
A) Check java version (1.8 is recommended)
B) Consumer/receive configuration changes
C) Users with egress firewalls


Please email this list or Lynda Lastowka <llastowka at usgs.gov> if you have
any questions or concerns,

Thanks,

Jeremy



A) CHECK JAVA VERSION

The HTTPS certificates on the New Realtime PDL hubs use TLSv1.2.

Java 1.8 appears to handle TLSv1, TLSv1.1, and TLSv1.2 correctly.  If you
are running an older versions of java (1.6 or 1.7), you must explicitly
enable support for TLSv1.2.


1) Stop your PDL client using the init script.  NOTE: this step is
important because the init script uses the full command to identify any
running process, and the following step will modify the command
(potentially resulting in multiple PDL processes by accident).

For example:
ProductClient/init.sh stop


2) In the "init.sh" script, update your java command to include the
argument "-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2".

For example:
JAVA="java -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2"


3) Start your PDL client using the init script.

For example:
ProductClient/init.sh start



B) CONSUMER/RECEIVE CONFIGURATION CHANGES

Consumers (receive) may update their configuration before this DNS change
to avoid any interruption.  Producers (send) SHOULD NOT UPDATE their
configuration before February 13, 2017, as any consumers that have not
updated their configuration would not receive products.


1) Update server references in your INI file (config.ini)

You can check which receiver sections are active by looking at the
"receivers" property (before any sections) in your configuration.  Most
consumers have a "receiver_pdl" section in their configuration, for example
    receivers = receiver_pdl

In any receiver sections (type =
gov.usgs.earthquake.distribution.EIDSNotificationReceiver), update
"serverHost" and "alternateServers" properties to reference the new
Realtime PDL hubs:

    Replace "ehppdl1.cr.usgs.gov" with "prod01-pdl01.cr.usgs.gov"
    Replace "ehppdl2.wr.usgs.gov" with "prod02-pdl01.cr.usgs.gov"

For Example:

[receiver_pdl]
type = gov.usgs.earthquake.distribution.EIDSNotificationReceiver
storageDirectory = data/receiver_storage
indexFile = data/receiver_index.db
serverHost = prod01-pdl01.cr.usgs.gov
serverPort = 39977
alternateServers = prod02-pdl01.cr.usgs.gov:39977
trackingfile = data/receiver_pdl_tracking.dat
cleanupInterval = 900000
storageage = 900000


2) Restart your PDL client using the init script.

For example:
ProductClient/init.sh restart



C) USERS WITH EGRESS FIREWALLS (which restrict outgoing traffic):

Firewalls need to be updated to allow the following traffic prior to
February 13, 2017.

Source Ports:
TCP any

Destination Hosts:
prod01-pdl01.cr.usgs.gov ( 137.227.224.211 )
prod02-pdl01.cr.usgs.gov ( 137.227.252.137 )

Consumer/Receive Destination Ports:
TCP 443
TCP 39977
TCP 39988

Producer/Send Destination Ports:
TCP 11235
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://geohazards.usgs.gov/pipermail/pdl/attachments/20170111/bee5d183/attachment.html>

More information about the PDL mailing list