Chapter 13. MCollective Security

As you’ve seen in Chapter 5, MCollective is a powerful tool capable of making significant change in a very short time period. As with any powerful tool, the risk of something going wrong and the damage it can cause are both increased. This chapter describes how to limit that risk and how to control which users can take a given action on a given server. 

At this point, your MCollective setup uses a simple security model. You either have rights to issue requests, or you do not. You may want a security model with more granularity than that. Here are some reasons to evaluate alternative security plugins:

Security (authentication) plugin

The current setup uses a Pre-Shared Key to create an MD5 hash of the contents, which the servers use to ensure that the plain-text request was not changed in flight. You may want cryptographic validation stronger than that.

Authorization plugin

You either have rights to issue requests, or you do not. You may want a security model with granularity to limit some clients to specific hosts or to specific requests.

Auditing plugin

The basic log files aren’t very informative about who issued a given request. You may want a detailed log of accepted and denied requests and who submitted them.

As MCollective has a plugin architecture for security, you’ll find considerable flexibility in how to improve that situation. There is no singular right way to do security for MCollective; instead, you are provided with tools to ...