Red Hat Bugzilla – Bug 206661
Conga needs a method of re-authenticating nodes
Last modified: 2009-04-16 18:24:12 EDT
If a cluster is added to the management interface while at least one node cannot be authenticated, or if conga is no longer authenticated to the ricci agent on a node (f.e., because the node was reimaged and has new ssl keys, or a new node was added to the cluster via a method other than using luci), conga needs a way to allow users to reauthenticate to those nodes.
Devel ACK for RHEL 5.0.0 Beta2
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Product Management has requested further review of this request by Red Hat Engineering. This request is not yet committed for inclusion in release.
QE ack for RHEL5B2 according to section 21a of the release criteria.
Unless someone objects vehemently, am moving this to be a RC blocker rather than a Beta 2 blocker. There is a documentable workaround for now. Jim or Ryan, please update the bugzilla with the workaround.
If you were to uninstall and then re-install ricci on a system, ricci would lose its luci cert, and there is no simple pushbutton in luci that says, re-authenticate with this ricci agent. It is possible, however, to delete the system from the luci database and then add it back in. The process of re-adding it will re-authenticate luci with that system. Because there is a work around for this issue, I think we should remove its blocker status and include this description in the user manual.
Note that this bugzilla is marked FutureFeature and features must be complete by RHEL 5 Beta 2 Feature Freeze on Oct 16. However, it seems that this bugzilla will be resolved via documentation and thus would not be a FutureFeature. If you agree, please clear the Keyword and change the component to rh-cs-en and assign to component owner.
Moving this to RHEL5.1 release request. Workaround is adequate for first release. Not sure this will be a major problem in the field, more of an issue in our development environments. Also, work around should be sufficient for the first release.
There is (better) support for this in the 0.20 build that will be in the beta. In that version, Luci should automatically identify which nodes need reauthentication (or initial auth in the case of adding a cluster with one or more nodes down/hosed at the time of addition to the management interface), and there's a form in the "Manage Systems" portal item under the "Homebase" tab where you can authenticate these hosts and add more, if you wish.
closing this out. the functionality exists in the 0.8-20 release.