Bug 731813 - Guide should be explicit that authentication as cumin user is necessary for job ops
Summary: Guide should be explicit that authentication as cumin user is necessary for j...
Alias: None
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: Management_Console_Installation_Guide
Version: 2.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: 2.1
: ---
Assignee: Alison Young
QA Contact: Leonid Zhaldybin
Depends On: 733205 738875
TreeView+ depends on / blocked
Reported: 2011-08-18 18:50 UTC by Trevor McKay
Modified: 2014-11-09 22:38 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2012-01-26 19:25:56 UTC

Attachments (Terms of Use)
Changes in new section 3.1.2 (12.60 KB, application/vnd.oasis.opendocument.text)
2011-10-18 17:55 UTC, Trevor McKay
no flags Details

Description Trevor McKay 2011-08-18 18:50:44 UTC
Description of problem:

The guide contains the correct steps for setting up a "cumin" user in the cumin/broker configs, but it does not explicitly state why.  Failure to do so will leave cumin operational assuming it has a valid broker connection but operations on jobs (submit, hold, remove, release, edit attributes) will not be possible.

Find an appropriate place/way to make this explicit so that users are better informed.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:

Comment 1 Trevor McKay 2011-08-18 19:04:36 UTC
Note to self re content,

Because of BZ #693845, setting user/password information for cumin when connecting to a broker that allows anonymous authentication will actually cause cumin to receive no objects if the anonymous method is chosen

Therefore, in the current state of the art these are rules:

1) user/password must be used for cumin to have job ops work.  user must be cumin, no other.

2) sasl-mech-list in cumin.conf should always be restricted to PLAIN to make sure that anon is never used.

3) if PLAIN is not enabled by the broker, user/password must NOT be specified.  In this configuration, cumin will not be able to use job ops but will see objects.

So, users really ought to create the cumin user, set up the broker for PLAIN, and configure broker/sasl-mech-list in cumin.conf accordingly. Anything less than all three will not work satisfactorily and is strongly discouraged.

Make this clear and concise.

Comment 4 Trevor McKay 2011-10-18 17:55:11 UTC
Created attachment 528856 [details]
Changes in new section 3.1.2

Comment 6 Leonid Zhaldybin 2011-11-14 15:06:58 UTC
The issue was fixed in the upcoming version 2.1.


Comment 7 Lana Brindley 2012-01-26 19:25:56 UTC
This book is now available on redhat.com/docs. Please raise a new bug if you spot any issues.


Note You need to log in before you can comment on or make changes to this bug.