As part of rolling out MCollective you need to think about security. The various examples in the quick start guide and on this blog has allowed all agents to talk to all nodes all agents. The problem with this approach is that should you have untrusted users on a node they can install the client applications and read the username/password from the server config file and thus control your entire architecture.
The default format for message topics is compatible with ActiveMQ wildcard patterns and so we can now do fine grained controls over who can speak to what.
General information about ActiveMQ Security can be found on their wiki.
The ActiveMQ config reference contains all relevant info for configuring security is activemq.xml. The most relevant sections are:
MCollective clients and servers need security credentials that line up with ActiveMQ’s expectations. Specifically: