O'Reilly logo

Learning MCollective by Jo Rhett

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 11. MCollective Security

At this point your MCollective setup is a simple security model. You either have rights to issue requests, or you do not. You may want a security model with more granularity than that. Following are some reasons to evaluate alternative security plugins:

Security (Authentication) Plugin
The current setup uses a single Pre-Shared key to create an MD5 hash of the contents, which the servers use to ensure that the plain text request was not changed in flight. You may want cryptographic validation stronger than that.
Authorization Plugin
You either have rights to issue requests, or you do not. You may want a security model with granularity to limit some clients to specific hosts or to specific requests.
Auditing Plugin
The basic log files aren’t very informative about who issued a given request. You may want a detailed log of accepted and denied requests, and who submitted them.

As MCollective has a plugin architecture for security, you’ll find considerable flexibility in how to improve that situation. There is no singular right way to do security for MCollective, instead you are provided with tools to make security work exactly as you need. In this chapter we’re going on a tour of options for improving security to meet your needs.

This section describes authentication and authorization between clients (sending requests) and servers (validating the requests). This does not affect security of the Middleware transport, which was described in Chapter 9 ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required