Description of problem: Due to QPID-4631 / bz851355 (see e.g. "Doc Text" there), federation links are disallowed by default with auth=yes. That brings a problem for newHA that relies on federation. Therefore it is required to document that when newHA is used with authentication, ACLs have to specifically allow link creation like: acl allow <ha-username> create link Version-Release number of selected component (if applicable): doc for MRG-M 3.0 How reproducible: n.a. (doc issue) Steps to Reproduce: to reproduce the _problem_ with auth=yes and no ACL: 1) configure 2 brokers in newHA cluster with /etc/qpid/qpidd.conf: log-to-file=/tmp/qpidd.log ha-replicate=all ha-cluster=yes ha-brokers-url=node1,node2 auth=yes ha-username=guest ha-password=guest ha-mechanism=PLAIN trace=yes 2) start first broker and "qpid-ha promote" it 3) try to start 2nd broker Actual results: 2nd broker startup fails with: warning Client closed connection with 320: User guest@QPID federation connection denied. Systems with authentication enabled must specify ACL create link rules. (/root/rpmbuild/BUILD/qpid-0.22/cpp/src/qpid/broker/ConnectionHandler.cpp:214) Expected results: User reads in MICG that ACLs need to be set up:) Additional info:
http://deathstar1.usersys.redhat.com:3000/builds/18173-Messaging_Installation_and_Configuration_Guide/#ACL_Requirements_for_Clustering
The ACL configuration necessary for the new HA is documented properly.