| Summary: | Need instructions for anonymous@QPID plugin authentication | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise MRG | Reporter: | Pete MacKinnon <pmackinn> | ||||||
| Component: | Management_Console_Installation_Guide | Assignee: | Alison Young <alyoung> | ||||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | ecs-bugs | ||||||
| Severity: | high | Docs Contact: | |||||||
| Priority: | high | ||||||||
| Version: | Development | CC: | jneedle, jsarenik, jskeoch, matt, rrati, tmckay | ||||||
| Target Milestone: | 2.0 | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2011-06-24 01:37:14 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 660531 | ||||||||
| Attachments: |
|
||||||||
|
Description
Pete MacKinnon
2011-03-15 16:00:54 UTC
*** Bug 684458 has been marked as a duplicate of this bug. *** Created attachment 489236 [details]
Changes for section 2.1
Created attachment 489239 [details]
Changes for section 4.1
Created open office attachments with change tracking on showing edits to Chapter 2, section 2.1 and Chapter 4, section 2.1. Change made in revision 0.1-1, build: Red_Hat_Enterprise_MRG-Management_Console_Installation_Guide-2.0-web-en-US-0.1-1.el5 Code snippets: <section id="sect-Management_Console_Installation_Guide-Installing_the_CONSOLE-Configuring_the_RHM_Broker_for_use_with_the_CONSOLE_and_GRID"> <title>Configuring the &RHM; Broker for use with the &CONSOLE; and &GRID;</title> In order to use the &RHM; broker with &CONSOLE; and &GRID;, the &RHM; broker must first be installed and configured. <orderedlist id="orde-Management_Console_Installation_Guide-Configuring_the_RHM_Broker_for_use_with_the_CONSOLE-Configuring_the_RHM_Broker_for_Authentication_to_the_CONSOLE_and_GRID"> <title>Configuring the &RHM; Broker for Authentication of the &CONSOLE; and &GRID;</title> <para> This command will create a <parameter>cumin</parameter> user in the SASL database. These credentials will be used by the Management Console to authenticate to the broker. The username and password will be needed later during installation and configuration of the &CONSOLE;. </para> <listitem> <para> &GRID; will authenticate to the &RHM; broker using the <parameter>anonymous</parameter> mechanism by default. If <parameter>anonymous</parameter> authentication is permitted by the broker, this step can be skipped. If the broker has been configured to disallow <parameter>anonymous</parameter> authentication, credentials for &GRID; nodes must be created also. </para> <para> A user named <parameter>grid</parameter> is created below. This username is used by every &GRID; node. On the host, run the <command>saslpasswd2</command> command as the root user: </para> <screen> # /usr/sbin/saslpasswd2 -f /var/lib/qpidd/qpidd.sasldb -u QPID grid </screen> <para> When prompted, create a password. </para> <para> This command creates a <parameter>grid</parameter> user in the SASL database. These credentials will be used by &GRID; nodes to authenticate to the broker. Any valid username may be used, multiple users may be created to be used by different &GRID; nodes. The username and password will be needed later during configuration of the &GRID; for use with the &CONSOLE;. </para> </listitem> <formalpara> <title>Adding &CONSOLE; and &GRID; credentials to optional broker ACLs</title> <para> The &RHM; broker can be configured to use an access control list (ACL). If an ACL is present for the &RHM; broker, ensure the <parameter>cumin</parameter> and any &GRID; users are added. Note that if &GRID; is using <parameter>anonymous</parameter> authentication, the <parameter>anonymous@qpid</parameter> user must be added to the ACL. Information on setting up ACLs can be found in the <citetitle>&RHM; User Guide</citetitle>. </para> </formalpara> <listitem> <para> To set the broker address on all nodes which are <emphasis>not</emphasis> running the &RHM; broker locally, add the following line, to the <filename>40QMF.config</filename> file and specify the hostname of the machine running the broker: </para> <programlisting> QMF_BROKER_HOST = '<<replaceable>hostname</replaceable>>' </programlisting> </listitem> <listitem> <para> All &GRID; nodes will attempt to use the <parameter>anonymous</parameter> authentication mechanism unless specific parameters are set. Authentication credentials were optionally created for use by &GRID; nodes in chapter 2. To use password authentication (the <parameter>plain</parameter> mechanism), set the parameters in the <filename>40QMF.config</filename> file on all nodes according to the <parameter>grid</parameter> credentials created in Chapter 2. </para> <programlisting> QMF_BROKER_AUTH_MECH = PLAIN QMF_BROKER_USERNAME = grid QMF_BROKER_PASSWORD_FILE = '<<replaceable>path</replaceable>>' </programlisting> <para> The last parameter contains the path of a file containing the password for the <parameter>grid</parameter> user in plain text. This is the password supplied for the <parameter>grid</parameter> user when credentials were created. The security of the password file is the responsibility of system administrators. </para> </listitem> |