• Overview
  • Deploying MCollective
  • Configuration / Deployment Topics
  • Use and Administer MCollective
  • Write Agent Plugins
  • Write Clients and Applications
  • Write Other Plugins
  • Plugin Directory
  • Internals
  • Older and Non-Recommended Information

ActiveMQ Security


As part of rolling out MCollective you need to think about security. The various examples in the quick start guide and on this blog has allowed all agents to talk to all nodes all agents. The problem with this approach is that should you have untrusted users on a node they can install the client applications and read the username/password from the server config file and thus control your entire architecture.

The default format for message topics is compatible with ActiveMQ wildcard patterns and so we can now do fine grained controls over who can speak to what.

General information about ActiveMQ Security can be found on their wiki.

Configuring Security in activemq.xml

The ActiveMQ config reference contains all relevant info for configuring security is activemq.xml. The most relevant sections are:

Configuring Security in MCollective

MCollective clients and servers need security credentials that line up with ActiveMQ’s expectations. Specifically:

See an issue? Please file a JIRA ticket in our [DOCUMENTATION] project
Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.