As part of rolling out MCollective you need to think about security. The various examples in the quick start guide and on this blog has allowed all agents to talk to all nodes all agents. The problem with this approach is that should you have untrusted users on a node they can install the client applications and read the username/password from the server config file and thus control your entire architecture.

The default format for message topics is compatible with ActiveMQ wildcard patterns and so we can now do fine grained controls over who can speak to what.

General information about ActiveMQ Security can be found on their wiki.

Configuring Security in activemq.xml

The ActiveMQ config reference contains all relevant info for configuring security is activemq.xml. The most relevant sections are:

Configuring Security in MCollective

MCollective clients and servers need security credentials that line up with ActiveMQ’s expectations. Specifically:

Back to top
The page rank or the 1 our of 5 rating a user has given the page.
The email address of the user submitting feedback.
The URL of the page being ranked/rated.