As part of rolling out MCollective you need to think about security. The various examples in the quick start guide and on this blog has allowed all agents to talk to all nodes all agents. The problem with this approach is that should you have untrusted users on a node they can install the client applications and read the username/password from the server config file and thus control your entire architecture.
The default format for message topics is compatible with ActiveMQ wildcard patterns and so we can now do fine grained controls over who can speak to what.
General information about ActiveMQ Security can be found on their wiki.
Configuring Security in activemq.xml
The ActiveMQ config reference contains all relevant info for configuring security is activemq.xml. The most relevant sections are:
- Topic and Queue Names — Info about the destinations that MCollective uses.
- Transport Connectors — URL structure for insecure and TLS transports.
- TLS Credentials — For use with TLS transports.
- Authentication — Establishing user accounts and groups.
- Authorization — Limiting access to destinations based on group membership.
- Destination Filtering — Preventing certain messages from crossing between datacenters.
Configuring Security in MCollective
MCollective clients and servers need security credentials that line up with ActiveMQ’s expectations. Specifically: