Technology Preview feature CuminAviary

Description:

This feature allows Cumin to use the Aviary web services provided in the 
condor-aviary package for certain functions in the user interface.  If the 
CuminAviary feature is enabled, Cumin will use Aviary services rather than QMF 
method calls where possible.  

The CuminAviary feature is controlled through the cumin configuration 
file.  Relevant configuration parameters with descriptive comments can be found 
in the default /etc/cumin/cumin.conf file by searching for a line containing 
"Aviary interface to condor".

Aviary provides a job service and a query service; Cumin may use either, both or
neither.  By default, Cumin will use QMF methods rather than Aviary services.

To enable use of the Aviary job service, the 'aviary-job-servers' parameter must
be uncommented and set (see the comments in the configuration file). Setting this
parameter will cause Cumin to use the Aviary job service for job submission, 
for the hold, release, and remove job control functions, and for editing of 
job ad attributes.

To enable use of the Aviary query service, the 'aviary-query-servers' parameter 
must be uncommented and set (see the comments in the configuration file). Setting 
this parameter will cause Cumin to use the Aviary query service for retrieving 
job output files, retrieving job ad details, and retreiving the list of jobs in a 
submission.

Cumin will make INFO level entries in the log file for cumin-web that indicate 
whether use of the job and/or query services has been enabled and what type of 
certificate validation will be used for servers configured for SSL (see below).  
These log entries will begin with "AviaryOperations:" or contain the string 
"Aviary" somewhere in the message. If an Aviary operation fails, the yellow 
task banner associated with the operation will contain error information.

By default, the Aviary services in condor will not use SSL (Secure Socket Layer) 
for communication and no other configuration parameters need to be set for 
this feature.  However, if the Aviary services in condor have been configured to 
use SSL then additional configuration parameters must be set.

First, note that the scheme for Aviary servers will change from "http" to "https" 
for any server using SSL.  Failure to specify schemes correctly in the 
'aviary-job-servers' or 'aviary-query-servers' parameters will prevent the 
CuminAviary feature from functioning.

Second, the 'aviary-key' and 'aviary-cert' parameters must be set.  These 
parameters give the full paths to a PEM formated private key file and PEM 
formatted certificate file that Cumin will use as a client to access the Aviary 
services.  The Aviary servers will validate Cumin's client certificate and allow
access if validation succeeds.

Optionally, the 'aviary-root-cert' parameter may be set.  This is the full path 
to a PEM formatted file containing CA (certificate authority) certificates that 
Cumin will use to validate the server certificate.  If this parameter is unset 
Cumin will NOT validate server certificates.

Lastly, the 'aviary-domain-verify' parameter controls whether or not Cumin checks
the hostname of the server against the server certificate during validation.  
This parameter has no effect unless 'aviary-root-cert' is set.  The default value 
is True; it may be useful to set this parameter to False if the server is using a 
self-signed certificate with a non-matching hostname.

Cumin will provide server certificate validation using the Python ssl standard
language module if available or M2Crypto otherwise.  If neither of these 
components are available, server certificate validation will be disabled.

Dependencies:

The CuminAviary feature has a dependency on python-suds-0.4.1 or newer.  To date, 
this dependency is not enforced by the Cumin rpm.  On a system without python-suds
installed, Cumin will install and run but the Aviary interface will be disabled.  
If the CuminAviary feature is turned on in cumin.conf, an entry will be made in 
the log for cumin-web noting that Aviary has been disabled because of failed
imports and Cumin will continue.

Feedback:

Bug reports or requests for enhancement can be made through 
http://bugzilla.redhat.com.  General questions about this feature can be handled 
through the email list cumin-users@lists.fedorahosted.org

Full support:  

This feature is intended to be fully supported in an upcoming minor release.

Where to find this information:  

The content given here may be found in the Release Notes 
or in the file /usr/share/doc/cumin-*/AVIARY-README after installation.

Technology Preview Policy:

Technology Preview features are not currently supported under Red Hat Enterprise
Linux subscription services, may not be functionally complete, and are generally 
not suitable for production use. However, these features are included as a 
customer convenience and to provide the technologies with wider exposure.

Customers may find these features useful in non-production environments, and can
provide feedback and functionality suggestions prior to their transition to fully
supported status. Erratas will be provided for high-priority security issues.

During its development additional components of a Technology Preview feature may
become available to the public for testing. It is the intention of Red Hat to 
fully support Technology Preview features in a future release.
