Bug 206661

Summary:	Conga needs a method of re-authenticating nodes
Product:	Red Hat Enterprise Linux 5	Reporter:	Ryan McCabe <rmccabe>
Component:	conga	Assignee:	Ryan McCabe <rmccabe>
Status:	CLOSED CURRENTRELEASE	QA Contact:	Corey Marthaler <cmarthal>
Severity:	medium	Docs Contact:
Priority:	high
Version:	5.0	CC:	cluster-maint, jparsons, kanderso, kupcevic, rkenna, rmccabe
Target Milestone:	---	Keywords:	FutureFeature
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:	0.8-20	Doc Type:	Enhancement
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2006-10-25 02:00:00 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Ryan McCabe 2006-09-15 15:53:31 UTC

If a cluster is added to the management interface while at least one node cannot
be authenticated, or if conga is no longer authenticated to the ricci agent on a
node (f.e., because the node was reimaged and has new ssl keys, or a new node
was added to the cluster via a method other than using luci), conga needs a way
to allow users to reauthenticate to those nodes.

Comment 1 Kiersten (Kerri) Anderson 2006-10-03 16:53:33 UTC

Devel ACK for RHEL 5.0.0 Beta2

Comment 2 RHEL Program Management 2006-10-03 17:06:48 UTC

This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux release.  Product Management has requested further review
of this request by Red Hat Engineering.  This request is not yet committed for
inclusion in release.

Comment 3 Jay Turner 2006-10-10 19:51:28 UTC

QE ack for RHEL5B2 according to section 21a of the release criteria.

Comment 5 Kiersten (Kerri) Anderson 2006-10-13 14:23:55 UTC

Unless someone objects vehemently, am moving this to be a RC blocker rather than
a Beta 2 blocker.  There is a documentable workaround for now.  Jim or Ryan,
please update the bugzilla with the workaround.

Comment 6 Jim Parsons 2006-10-13 14:44:37 UTC

If you were to uninstall and then re-install ricci on a system, ricci would lose
its luci cert, and there is no simple pushbutton in luci that says,
re-authenticate with this ricci agent.

It is possible, however, to delete the system from the luci database and then
add it back in. The process of re-adding it will re-authenticate luci with that
system. Because there is a work around for this issue, I think we should remove
its blocker status and include this description in the user manual.

Comment 7 Suzanne Logcher 2006-10-13 20:33:12 UTC

Note that this bugzilla is marked FutureFeature and features must be complete by
RHEL 5 Beta 2 Feature Freeze on Oct 16.  
However, it seems that this bugzilla will be resolved via documentation and thus
would not be a FutureFeature.
If you agree, please clear the Keyword and change the component to rh-cs-en and
assign to component owner.

Comment 9 Kiersten (Kerri) Anderson 2006-10-16 19:49:28 UTC

Moving this to RHEL5.1 release request.  Workaround is adequate for first
release.   Not sure this will be a major problem in the field, more of an issue
in our development environments.  Also, work around should be sufficient for the
first release.

Comment 10 Ryan McCabe 2006-10-17 16:39:11 UTC

There is (better) support for this in the 0.20 build that will be in the beta.
In that version, Luci should automatically identify which nodes need
reauthentication (or initial auth in the case of adding a cluster with one or
more nodes down/hosed at the time of addition to the management interface), and
there's a form in the "Manage Systems" portal item under the "Homebase" tab
where you can authenticate these hosts and add more, if you wish.

Comment 11 Ryan McCabe 2006-10-25 02:00:00 UTC

closing this out. the functionality exists in the 0.8-20 release.