Re: [Puppet-dev] MCollective and non-root execution

Also by ensuring the client private key has similar permissions. plugin.ssl_client_private in client.cfg if 'securityprovider = ssl' is set. Possibly also plugin.activemq.pool.1.ssl.key. The other certificates should not be writable by non-authorized users as well. On Tue, Jun 21, 2016 at 2:42

Re: [Puppet-dev] MCollective and non-root execution

Thanks Michael! I understand the inter-node security. I'm trying to answer our internal security folks about how execution of mco commands is restricted on a (authorized) node to root or authorized users. It appeared to me that this was accomplished by having the config files be 600. On Tue, Jun

Re: [Puppet-dev] MCollective and non-root execution

There is a section of PE docs that talks about MCollective security as setup by PE ( https://docs.puppet.com/pe/latest/orchestration_overview.html#security), as well as points to security notes in the OSS MCollective docs. In short, having the contents of the config files is sufficient to connect

Re: [Puppet-dev] MCollective and non-root execution

And for everyone who is wondering what bugs; I'm unintentionally cross posting so that's really just for Geoffery > On Jun 21, 2016, at 16:20, Shawn Ferry wrote: > > Did you see the recent spate of mcollective bugs that were just filed? > > On of them does talk a

Re: [Puppet-dev] MCollective and non-root execution

Did you see the recent spate of mcollective bugs that were just filed? On of them does talk a about file perms iirc Shawn > On Jun 21, 2016, at 16:06, Geoffrey Gardella wrote: > > Hi All, > working on our port of MCollective into Solaris. I wanted to confirm that we >