Author: tmckay
Date: 2011-10-06 18:51:13 +0000 (Thu, 06 Oct 2011)
New Revision: 5052
Modified:
branches/lucidity/sage/python/sage/aviary/AVIARY-README
Log:
Tweak AVIARY-README
svn merge -c 5051
svn+ssh://svn.fedorahosted.org/svn/cumin/trunk
Modified: branches/lucidity/sage/python/sage/aviary/AVIARY-README
===================================================================
--- branches/lucidity/sage/python/sage/aviary/AVIARY-README 2011-10-06 18:27:37 UTC (rev
5051)
+++ branches/lucidity/sage/python/sage/aviary/AVIARY-README 2011-10-06 18:51:13 UTC (rev
5052)
@@ -2,37 +2,104 @@
Description:
-This feature allows Cumin to use the Aviary web services provided in the condor-aviary
package for certain functions in the user interface. If the CuminAviary feature is
enabled, Cumin will use Aviary services rather than QMF method calls where possible.
+This feature allows Cumin to use the Aviary web services provided in the
+condor-aviary package for certain functions in the user interface. If the
+CuminAviary feature is enabled, Cumin will use Aviary services rather than QMF
+method calls where possible.
-The CuminAviary feature is enabled and configured through the /etc/cumin/cumin.conf file.
Relevant configuration parameters with descriptive comments can be found in the default
/etc/cumin/cumin.conf file by searching for a line containing "Aviary interface to
condor".
+The CuminAviary feature is controlled through the cumin configuration
+file. Relevant configuration parameters with descriptive comments can be found
+in the default /etc/cumin/cumin.conf file by searching for a line containing
+"Aviary interface to condor".
-Aviary provides a job service and a query service; Cumin may use either, both or neither.
By default, Cumin will use no Aviary services and will use QMF methods instead.
+Aviary provides a job service and a query service; Cumin may use either, both or
+neither. By default, Cumin will use QMF methods rather than Aviary services.
-To enable use of the Aviary job service, the 'aviary-job-servers' parameter must
be uncommented and set (see the comments in the configuration file for details). Setting
this parameter will cause Cumin to use the Aviary job service for job submission, for the
hold, release, and remove job control functions, and for editing of job ads.
+To enable use of the Aviary job service, the 'aviary-job-servers' parameter must
+be uncommented and set (see the comments in the configuration file). Setting this
+parameter will cause Cumin to use the Aviary job service for job submission,
+for the hold, release, and remove job control functions, and for editing of
+job ad attributes.
-To enable use of the Aviary query service, the 'aviary-query-servers' parameter
must be uncommented and set (see the comments in the configuration file for details).
Setting this parameter will cause Cumin to use the Aviary query service for retrieving job
output files, retrieving job ad details, and retreiving the list of jobs in a submission.
+To enable use of the Aviary query service, the 'aviary-query-servers' parameter
+must be uncommented and set (see the comments in the configuration file). Setting
+this parameter will cause Cumin to use the Aviary query service for retrieving
+job output files, retrieving job ad details, and retreiving the list of jobs in a
+submission.
-Cumin will make INFO level entries in the log file for cumin-web that indicate whether
use of the job and/or query services has been enabled and what type of certificate
validation will be used for servers configured for SSL (see below). These log entries
will begin with "AviaryOperations:". If an Aviary operation fails, the yellow
task banner associated with the operation will contain error information.
+Cumin will make INFO level entries in the log file for cumin-web that indicate
+whether use of the job and/or query services has been enabled and what type of
+certificate validation will be used for servers configured for SSL (see below).
+These log entries will begin with "AviaryOperations:" or contain the string
+"Aviary" somewhere in the message. If an Aviary operation fails, the yellow
+task banner associated with the operation will contain error information.
-By default, the Aviary services in condor will not use SSL (Secure Socket Layer) for
communication and no other Cumin configuration parameters need to be set for the
CuminAviary feature. However, if the Aviary services in condor have been configured to
use SSL then additional Cumin configuration parameters must be set.
+By default, the Aviary services in condor will not use SSL (Secure Socket Layer)
+for communication and no other configuration parameters need to be set for
+this feature. However, if the Aviary services in condor have been configured to
+use SSL then additional configuration parameters must be set.
-First, note that the scheme for Aviary servers will change from "http" to
"https" for any server using SSL. Failure to specify schemes correctly in the
'aviary-job-servers' or 'aviary-query-servers' parameters will prevent
CuminAviary from functioning.
+First, note that the scheme for Aviary servers will change from "http" to
"https"
+for any server using SSL. Failure to specify schemes correctly in the
+'aviary-job-servers' or 'aviary-query-servers' parameters will prevent
the
+CuminAviary feature from functioning.
-Second, the 'aviary-key' and 'aviary-cert' parameters must be set. These
parameters give the full paths to a PEM formated private key file and PEM formatted
certificate file that Cumin will use as a client to access the Aviary services. The
Aviary servers will validate Cumin's client certificate and allow access if validation
succeeds.
+Second, the 'aviary-key' and 'aviary-cert' parameters must be set. These
+parameters give the full paths to a PEM formated private key file and PEM
+formatted certificate file that Cumin will use as a client to access the Aviary
+services. The Aviary servers will validate Cumin's client certificate and allow
+access if validation succeeds.
-Optionally, the 'aviary-root-cert' parameter may be set. This is the full path
to a PEM formatted file containing CA (certificate authority) certificates that Cumin will
use to validate the server certificate. If this parameter is unset Cumin will NOT
validate server certificates.
+Optionally, the 'aviary-root-cert' parameter may be set. This is the full path
+to a PEM formatted file containing CA (certificate authority) certificates that
+Cumin will use to validate the server certificate. If this parameter is unset
+Cumin will NOT validate server certificates.
-Lastly, the 'aviary-domain-verify' parameter controls whether or not Cumin checks
the hostname of the server against the server certificate during validation. This
parameter has no effect unless 'aviary-root-cert' is set. The default value is
True; it may be useful to set this parameter to False if the server is using a self-signed
certificate with a non-matching hostname.
+Lastly, the 'aviary-domain-verify' parameter controls whether or not Cumin
checks
+the hostname of the server against the server certificate during validation.
+This parameter has no effect unless 'aviary-root-cert' is set. The default value
+is True; it may be useful to set this parameter to False if the server is using a
+self-signed certificate with a non-matching hostname.
-Feedback: bug reports or requests for enhancement can be made through
http://bugzilla.redhat.com. General questions about this feature can be handled through
cumin-users(a)lists.fedorahosted.org
+Cumin will provide server certificate validation using the Python ssl standard
+language module if available or M2Crypto otherwise. If neither of these
+components are available, server certificate validation will be disabled.
-Full support: This feature is intended to be fully supported in an upcoming minor
release.
+Dependencies:
-Where to find this information: The content given here may be found in the Release Notes
accompanying the software or in the file /usr/share/doc/cumin-*/AVIARY-README after the
software is installed.
+The CuminAviary feature has a dependency on python-suds-0.4.1 or newer. To date,
+this dependency is not enforced by the Cumin rpm. On a system without python-suds
+installed, Cumin will install and run but the Aviary interface will be disabled.
+If the CuminAviary feature is turned on in cumin.conf, an entry will be made in
+the log for cumin-web noting that Aviary has been disabled because of failed
+imports and Cumin will continue.
+Feedback:
+
+Bug reports or requests for enhancement can be made through
+http://bugzilla.redhat.com. General questions about this feature can be handled
+through the email list cumin-users(a)lists.fedorahosted.org
+
+Full support:
+
+This feature is intended to be fully supported in an upcoming minor release.
+
+Where to find this information:
+
+The content given here may be found in the Release Notes
+or in the file /usr/share/doc/cumin-*/AVIARY-README after installation.
+
Technology Preview Policy:
-Technology Preview features are not currently supported under Red Hat Enterprise Linux
subscription services, may not be functionally complete, and are generally not suitable
for production use. However, these features are included as a customer convenience and to
provide the technologies with wider exposure.
-Customers may find these features useful in non-production environments, and can provide
feedback and functionality suggestions prior to their transition to fully supported
status. Erratas will be provided for high-priority security issues.
+Technology Preview features are not currently supported under Red Hat Enterprise
+Linux subscription services, may not be functionally complete, and are generally
+not suitable for production use. However, these features are included as a
+customer convenience and to provide the technologies with wider exposure.
-During its development additional components of a Technology Preview feature may become
available to the public for testing. It is the intention of Red Hat to fully support
Technology Preview features in a future release.
+Customers may find these features useful in non-production environments, and can
+provide feedback and functionality suggestions prior to their transition to fully
+supported status. Erratas will be provided for high-priority security issues.
+
+During its development additional components of a Technology Preview feature may
+become available to the public for testing. It is the intention of Red Hat to
+fully support Technology Preview features in a future release.