Bug 731813

Summary: Guide should be explicit that authentication as cumin user is necessary for job ops
Product: Red Hat Enterprise MRG Reporter: Trevor McKay <tmckay>
Component: Management_Console_Installation_GuideAssignee: Alison Young <alyoung>
Status: CLOSED CURRENTRELEASE QA Contact: Leonid Zhaldybin <lzhaldyb>
Severity: low Docs Contact:
Priority: unspecified    
Version: 2.0CC: bkozdemb, esammons, jneedle, lbrindle, lzhaldyb, matt
Target Milestone: 2.1   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-01-26 19:25:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 733205, 738875    
Bug Blocks:    
Attachments:
Description Flags
Changes in new section 3.1.2 none

Description Trevor McKay 2011-08-18 18:50:44 UTC 
Description of problem:

The guide contains the correct steps for setting up a "cumin" user in the cumin/broker configs, but it does not explicitly state why.  Failure to do so will leave cumin operational assuming it has a valid broker connection but operations on jobs (submit, hold, remove, release, edit attributes) will not be possible.

Find an appropriate place/way to make this explicit so that users are better informed.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Trevor McKay 2011-08-18 19:04:36 UTC 
Note to self re content,

Because of BZ #693845, setting user/password information for cumin when connecting to a broker that allows anonymous authentication will actually cause cumin to receive no objects if the anonymous method is chosen

Therefore, in the current state of the art these are rules:

1) user/password must be used for cumin to have job ops work.  user must be cumin, no other.

2) sasl-mech-list in cumin.conf should always be restricted to PLAIN to make sure that anon is never used.

3) if PLAIN is not enabled by the broker, user/password must NOT be specified.  In this configuration, cumin will not be able to use job ops but will see objects.

So, users really ought to create the cumin user, set up the broker for PLAIN, and configure broker/sasl-mech-list in cumin.conf accordingly. Anything less than all three will not work satisfactorily and is strongly discouraged.

Make this clear and concise.
Comment 4 Trevor McKay 2011-10-18 17:55:11 UTC 
Created attachment 528856 [details]
Changes in new section 3.1.2
Comment 6 Leonid Zhaldybin 2011-11-14 15:06:58 UTC 
The issue was fixed in the upcoming version 2.1.

-> VERIFIED
Comment 7 Lana Brindley 2012-01-26 19:25:56 UTC 
This book is now available on redhat.com/docs. Please raise a new bug if you spot any issues.

Thanks,
LKB